From 506505e3d215fb18d51d509a9f6265f2e8aa01b9 Mon Sep 17 00:00:00 2001
From: Lucas Cordeiro <lucasccordeiro@gmail.com>
Date: Wed, 22 Feb 2017 14:09:35 +0000
Subject: [PATCH 001/699] =?UTF-8?q?=C2=A0added=20test=20cases=20related=20?=
 =?UTF-8?q?to=20classes=20pattern=20and=20matcher?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Lucas Cordeiro <lucasccordeiro@gmail.com>
---
 .../RegexMatches01/RegexMatches01.class       | Bin 0 -> 1272 bytes
 .../RegexMatches01/RegexMatches01.java        |  25 ++++++++++++++++++
 regression/strings/RegexMatches01/test.desc   |   8 ++++++
 .../RegexMatches02/RegexMatches02.class       | Bin 0 -> 1273 bytes
 .../RegexMatches02/RegexMatches02.java        |  25 ++++++++++++++++++
 regression/strings/RegexMatches02/test.desc   |   8 ++++++
 6 files changed, 66 insertions(+)
 create mode 100644 regression/strings/RegexMatches01/RegexMatches01.class
 create mode 100644 regression/strings/RegexMatches01/RegexMatches01.java
 create mode 100644 regression/strings/RegexMatches01/test.desc
 create mode 100644 regression/strings/RegexMatches02/RegexMatches02.class
 create mode 100644 regression/strings/RegexMatches02/RegexMatches02.java
 create mode 100644 regression/strings/RegexMatches02/test.desc

diff --git a/regression/strings/RegexMatches01/RegexMatches01.class b/regression/strings/RegexMatches01/RegexMatches01.class
new file mode 100644
index 0000000000000000000000000000000000000000..4006de70b283584550ab36dbe0f60853d85c75b5
GIT binary patch
literal 1272
zcmaJ=*-{fh6g{17l3^er5Ec;)iV&8`0)zlTc5nlv#1dJ27?L&&CK;TWSn?mf$Pe%=
zRs~C|^xZdq2)#352}{`z-M9NL=iH@#pM3ubU<ivM>e1oFJrVcO>BR%<>=Mz9hz~vJ
zwWK}~{g8d|BkDy=L>vhL10rhCAz)CXC`kds3=N%%VQ}44wW2Yn8p?K_XBpTAgJ)bV
zs^$cPGt%>l!8NO8IfH*uE%N13VVmnOEn`v?6t&3E6xm$dRX!-Oyi&}?R!v<k=F*m9
z?W(C{-YqG6w!MIqfDr+s4Bqif{uDx7)k=DXFQ`_)h8H}?KQ1X|W``T`MAV8Zp%Ed5
z=Cx?=R(3Nk4<_Z&H}Y0?D{F5QRl*q34BBg2-9~su)y<u(vL9BBa6Bm|2IN#yT&HzK
zmq^I*A$fR2+@N(uM~Z<FIW;J*(Ym6efQgixBG_>}q;w=qU{b)8glWu3n8locc?k=6
zBq4|fhPM9%p^8X&j3*2&7bToN>&v{ZYdS;S<+2EPD&ZL>83GqR&$oAZ#-uvgPbE{$
z$8@Whu@%KMxlV1WGOqOK2IETU2~x;tg+03`a^!~QR-Ue-P#c7T-9CyjSnWBxqv)&r
zeTf${Jl%86{}h<~U2oMQ%^{5*O=30YeZ%AhQfMVgGgOJ7YOxg>H<J?LN`buHIbAF5
zF*HU_F{)>h2F$L`WiO(<XT``<jY8Fwt0vh)%$2-x#h_C2v_;f^(TUkS{VVzvS#GF0
z&z?7vK7&~@&_N%wo<1`Rv{>Uok`u%iA=;bh)=np*)7^Uv_Qf(pGwmMx(FGq`&`Ppp
z`UwuW>6{5VzQMT|bS?Gum*HNP%kX?g^auh;-ZFgFG3Gjgcz{r=D_B#8bby*4s9irs
z-LJ#He=Hn_jnfN}WG~%(gjqv-fCvW(uMuG)*+tR>Sxys=TVxr4^8|hYZ31o!XpcI`
p_s)4TLpE!mKIktaZ~(z|2$%CK#0$W)#H?U$IHV~n{kt}w@IN{HCpG{8

literal 0
HcmV?d00001

diff --git a/regression/strings/RegexMatches01/RegexMatches01.java b/regression/strings/RegexMatches01/RegexMatches01.java
new file mode 100644
index 00000000000..79e05c1432d
--- /dev/null
+++ b/regression/strings/RegexMatches01/RegexMatches01.java
@@ -0,0 +1,25 @@
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+public class RegexMatches01
+{
+   public static void main(String[] args)
+   {
+      Pattern expression =
+         Pattern.compile("W.*\\d[0-35-9]-\\d\\d-\\d\\d");
+
+      String string1 = "XXXX's Birthday is 05-12-75\n" +
+         "YYYY's Birthday is 11-04-68\n" +
+         "ZZZZ's Birthday is 04-28-73\n" +
+         "WWWW's Birthday is 12-17-77";
+
+      Matcher matcher = expression.matcher(string1);
+
+      while (matcher.find())
+      {
+         System.out.println(matcher.group());
+         String tmp=matcher.group();
+         assert tmp.equals("WWWW's Birthday is 12-17-77");
+      }
+   }
+}
diff --git a/regression/strings/RegexMatches01/test.desc b/regression/strings/RegexMatches01/test.desc
new file mode 100644
index 00000000000..45cc542b352
--- /dev/null
+++ b/regression/strings/RegexMatches01/test.desc
@@ -0,0 +1,8 @@
+FUTURE
+RegexMatches01.class
+--string-refine --unwind 100
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION SUCCESSFUL$
+--
+^warning: ignoring
diff --git a/regression/strings/RegexMatches02/RegexMatches02.class b/regression/strings/RegexMatches02/RegexMatches02.class
new file mode 100644
index 0000000000000000000000000000000000000000..d696c5eb047587506e9d98de3ecc4d09b9b53ef4
GIT binary patch
literal 1273
zcmZ`&SyK~15dJ0yn=A_nfp92jP=s)74z6&?4PJnhSR#iHOESV@lEvMPCI7=0`2#$Q
zRl(9KefP~jg!XJW!r?s3^h|eu{q-@wPrm;I(2oTfHE8wWo{alw^WlLw+hueh>PIKK
zgw!pg2dW<d#C(X$NFXVpS4I_DCG^RJG9Y1)p|(x4EN<Gmk+)`bOWVrw3<Fzds2J1p
zx;@U|j&{Cc@XQz)&JbA8^L(k0+v4U+VN8mgrso;zqZ<pm+6OJ3)$-f%72DMF+oQs<
zYQ@&l?-sQ^$6i88!jObv2H#jZdm2JsF$!jy&+7uP_66VO9~U({y~C|UZ%m*ns6&{c
zVKvsZnb}CFeFN(78+9|YnQ=BkRWO242IDoY4l6RPoAypd+mGm0Br%{Sd)3r{yhiJa
zE}2vl{p#S5yiV(ijugE^YN}6OrFBI|fXS4aqOfClNa-jT$ApAQ1yh(-FoRhMa|-71
zNI?j-49x=Me<)NE1&{HBq4A=IQ)i8tGfl%}sJ>hm2~QO~!vsU{!sq$cE>GK3DCenQ
z>)E&|su^F_Y@3_Zr!wPGlWs6B)t*91X(PAiG)0Zx(B0D0^(fQ_Dd+T$F#5_pXLdAm
zg}*QGe43ATUh_W<O#Ys?dY%T6W{*a(ob$eA^BgIR0;L%)A?QYYndZ%=gt(R?Z|}Bg
z6!sYEqNg#+hmt1Dsm^6DqP!<CvQ(pRIpwlZt{~=G*1BR)s`;oO8o21hOqM<teTxjY
zbdzV!n@PXHE?8)#pIJk{nFSlge30Y@@kN;Sdb+jH$>{WU9fN%lhG?L@!g=(-k47|+
zEKEPa1uvb`A=fv!7eb!J?w%sNOKK4npAkEPM3S!vzc@xbN01K?Zt{dGi%<?w`2$sJ
z$Ef~w`1g;9<8tD3K_=NpH$TO!q&-N4LlmzL5hB@6(l}X85szDB8HD=;0SUJyG)riS
rxybj<c{2SDYoI0+C?a?O$#V#g`zz#&fM<ybFfUxnq)7j+!zc0&!8Rw5

literal 0
HcmV?d00001

diff --git a/regression/strings/RegexMatches02/RegexMatches02.java b/regression/strings/RegexMatches02/RegexMatches02.java
new file mode 100644
index 00000000000..634774832c1
--- /dev/null
+++ b/regression/strings/RegexMatches02/RegexMatches02.java
@@ -0,0 +1,25 @@
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+public class RegexMatches02
+{
+   public static void main(String[] args)
+   {
+      Pattern expression =
+         Pattern.compile("W.*\\d[0-35-9]-\\d\\d-\\d\\d");
+
+      String string1 = "XXXX's Birthday is 05-12-75\n" +
+         "YYYY's Birthday is 11-04-68\n" +
+         "ZZZZ's Birthday is 04-28-73\n" +
+         "WWWW's Birthday is 12-17-77";
+
+      Matcher matcher = expression.matcher(string1);
+
+      while (matcher.find())
+      {
+         System.out.println(matcher.group());
+         String tmp=matcher.group();
+         assert tmp.equals("WWWWW's Birthday is 12-17-77");
+      }
+   }
+}
diff --git a/regression/strings/RegexMatches02/test.desc b/regression/strings/RegexMatches02/test.desc
new file mode 100644
index 00000000000..92d72ae941e
--- /dev/null
+++ b/regression/strings/RegexMatches02/test.desc
@@ -0,0 +1,8 @@
+FUTURE
+RegexMatches02.class
+--string-refine --unwind 100
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION FAILED$
+--
+^warning: ignoring

From b6c54a6371b3940319e30450274e815f22b5f0ea Mon Sep 17 00:00:00 2001
From: Lucas Cordeiro <lucasccordeiro@gmail.com>
Date: Wed, 22 Feb 2017 14:13:08 +0000
Subject: [PATCH 002/699] =?UTF-8?q?=C2=A0added=20test=20cases=20related=20?=
 =?UTF-8?q?to=20string=20methods=20replaceFirst,=20replaceAll=20and=20spli?=
 =?UTF-8?q?t?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Lucas Cordeiro <lucasccordeiro@gmail.com>
---
 .../RegexSubstitution01.class                 | Bin 0 -> 2003 bytes
 .../RegexSubstitution01.java                  |  39 ++++++++++++++++++
 .../strings/RegexSubstitution01/test.desc     |   8 ++++
 .../RegexSubstitution02.class                 | Bin 0 -> 1739 bytes
 .../RegexSubstitution02.java                  |  32 ++++++++++++++
 .../strings/RegexSubstitution02/test.desc     |   8 ++++
 .../RegexSubstitution03.class                 | Bin 0 -> 1684 bytes
 .../RegexSubstitution03.java                  |  33 +++++++++++++++
 .../strings/RegexSubstitution03/test.desc     |   8 ++++
 9 files changed, 128 insertions(+)
 create mode 100644 regression/strings/RegexSubstitution01/RegexSubstitution01.class
 create mode 100644 regression/strings/RegexSubstitution01/RegexSubstitution01.java
 create mode 100644 regression/strings/RegexSubstitution01/test.desc
 create mode 100644 regression/strings/RegexSubstitution02/RegexSubstitution02.class
 create mode 100644 regression/strings/RegexSubstitution02/RegexSubstitution02.java
 create mode 100644 regression/strings/RegexSubstitution02/test.desc
 create mode 100644 regression/strings/RegexSubstitution03/RegexSubstitution03.class
 create mode 100644 regression/strings/RegexSubstitution03/RegexSubstitution03.java
 create mode 100644 regression/strings/RegexSubstitution03/test.desc

diff --git a/regression/strings/RegexSubstitution01/RegexSubstitution01.class b/regression/strings/RegexSubstitution01/RegexSubstitution01.class
new file mode 100644
index 0000000000000000000000000000000000000000..fe4106df4e88e5371dab6ade809873b87cf42302
GIT binary patch
literal 2003
zcmZ`(NmCm~6#g1XOe2pC9u_OMu?Ml3MOa25i4BAxvt?m%5HVp1&PZy=;E_h289}(@
zl&YNa2ROP?<x4KHt7KPFPVV^u`5V5coaME4j9jHs_q_M@``-TNzrX$tU>rw5wBbFD
z_c=b`xXp1VhzU%#pdV8lAIgtu1s??wl&Bewcnj`gmSaxAd=Lv*<oKB56OK<gKI2&8
zSms!f?^ZePaeOX8Ya9tFS`Xq2+?SFKjxRYjIkq^q73>7@6?Pfg`wZ6=j%V6gcg}Q;
zq$Sb}Y>T0J%FLSHG=pz&=stsg)=mqC)+IA5R`QvoaMmT56dA+JGIR}YFC7?%M$|I0
z`_Y8wnA!bF`S5(gGg1$ija(70;DLg#8TeGnD%%ex?7Wi_3#POdS`+)?+eAL;dZw3`
zZrvKYDebBl!Z3q6XYTFYwemtA9;VN0@w{he49`sI>%#T)S;H0jqR0w|WH!0gv_mMi
zOSCEsBvstNV7-;y-CY$aP|Ts4_wh<f<{ig&7+R_<wYx|w5GwYt&kzY$0b$*(_%71=
zp6%!rok)i#^nN$U&{ktwO&*Apr{EhECJt)x(A&oG^v)j&=U6|oowV+VoMog4nmpFS
zQc@xy2H(!n2vtVPs4}aLxo>6-OD|PLkCpvs+KE#<Mk#|Lt>Ph)40o!6vzKz1Z}l!z
zW^i+s>FI{2r|e9|a3^#X7Bb|KzT*z7$ih~TQ}GCn3Rf!n&T>^HRZ@B{lR}3qGefYx
z(CrNxM}emzkHb?bFS$sa-=JT~W;v;G%VM}ac($d_N`}sgXnMq>ykWTvo%J?K<(?d(
z@v3Wr#IfrMN`lYMQ*fOnbEX}=M>FJ+yTZs!lE1~SIV~ohoCNJLOx5$0Vw|jxutNP7
z>uNdf1=Eok4iwG4;eFYv9O^)^!VEVWunyJJmfuw3rHQtpamO)^DK*@)OKNGS{?Tb)
z>lX@xQuNHC(Qd7c(X2&Vj5<9nT+<Qh>ip8`@$#gg6}E*QTCr`kgIQZhZUMUaz~ok;
z{}KA?rjyYb7=8}+iv%J<|IJ0A4=otQO}Z15y#R-w&al?Br1_RdG`|)opn2&jloND}
zXuN=y6P)`E!OiD5_eVriwezH3eu@iPtN$h1Hhqyq0T(wSnnutKDQ_>yN3;&Dldwg#
zly^12`=+~_A47|1m$Xm;?<{}sV^98jRbr25mrt`xBUcKz8qvB7xVA!{qc3p10KJIs
z8ui7ro;P1m7+s_Om=<oR2*kABhKlBx)^}PV^Vn3(V-g{{E0lCjISrx}Dh6-?Q7Xy|
zG%TV68|cI~oeyvcIl>>|GQPtV{6OcARG^=59X~_IGb-jwgz*=8@d|y6qo4JVwJ0%M
z1^)*F3U1NwHP+bQXzzNBF$H6xP>8r=)q;-~D+^rI`U@C1f#QDxzwa58n$wlyOTz&)
NsWY-g-Yv#7{y%!!^?LvS

literal 0
HcmV?d00001

diff --git a/regression/strings/RegexSubstitution01/RegexSubstitution01.java b/regression/strings/RegexSubstitution01/RegexSubstitution01.java
new file mode 100644
index 00000000000..06b9e7aaa10
--- /dev/null
+++ b/regression/strings/RegexSubstitution01/RegexSubstitution01.java
@@ -0,0 +1,39 @@
+import java.util.Arrays;
+
+public class RegexSubstitution01
+{
+   public static void main(String[] args)
+   {
+      String firstString = "DiffBlue ***";
+      String secondString = "Automatic Test Case Generation";
+
+      firstString = firstString.replaceAll("\\*", "^");
+
+      assert firstString.equals("DiffBlue ^^^");
+
+      secondString = secondString.replaceAll("Automatic", "Automated");
+
+      System.out.printf(
+         "\"Automatic\" substituted for \"Automated\": %s\n", secondString);
+      secondString.equals("Automated Test Case Generation");
+
+      System.out.printf("Every word replaced by \"word\": %s\n\n",
+         firstString.replaceAll("\\w+", "word"));
+
+      System.out.printf("Original String 2: %s\n", secondString);
+      secondString.equals("Automated Test Case Generation");
+
+      for (int i = 0; i < 3; i++)
+         secondString = secondString.replaceFirst("\\A", "automated");
+
+      assert secondString.equals("automatedautomatedautomatedAutomated Test Case Generation");
+
+      System.out.print("String split at commas: ");
+      String[] results = secondString.split(" \\s*");
+      System.out.println(Arrays.toString(results));
+      assert results[0].equals("automatedautomatedautomatedAutomated");
+      assert results[1].equals("Test");
+      assert results[2].equals("Case");
+      assert results[3].equals("Generation");
+   }
+}
diff --git a/regression/strings/RegexSubstitution01/test.desc b/regression/strings/RegexSubstitution01/test.desc
new file mode 100644
index 00000000000..bc7ed3648f3
--- /dev/null
+++ b/regression/strings/RegexSubstitution01/test.desc
@@ -0,0 +1,8 @@
+FUTURE
+RegexSubstitution01.class
+--string-refine
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION SUCCESSFUL$
+--
+^warning: ignoring
diff --git a/regression/strings/RegexSubstitution02/RegexSubstitution02.class b/regression/strings/RegexSubstitution02/RegexSubstitution02.class
new file mode 100644
index 0000000000000000000000000000000000000000..834c403b3b2d7d0856df177aaeb7f199af9ec69e
GIT binary patch
literal 1739
zcmZux&sQ5&6#gEQFpptc=pdL{pwkpAgwRk#t$;|%k5=VJZBT?_?Id}LLnoOyGoi9^
zrEB*ryQwa%=cJzYsC)kz_a0C6zDYtra?YH2Z|?o>z2E)jzW3*=7rz6TK}kb5rZ{eJ
zOmn=&F{9yayu<M>$IULhhgps}74sV2#{$O((!0o!=D5YN#Iek=!m%pNw>j=e*oPb+
z$?uOftYKYRHo9P9ljE+6Pc#f;O2s`58Ei51jaa@fyufzL{<7^`Sx4j<*e*loyj`|~
z1qNko{4<8glA9L{J!^JZY*b5G;cZDUIZBpYW*8W|zqW53SSiOU7gL$Qv&+Rf8F(%e
zSh+{*Rwcx%_*4a1`Fzf4<kvE8)ys)hTV{*h6Gib&rkeEwJE%%pQ`6UFUL7MCWzd)H
zLgAKE6=oulU>HtU1Gi)acFx=qeqb(HzA$f#vhc{}60MFsLa_%_R>w9zXXrYPXzfK_
z#g2|$+-FF}j{$MhZ}Jd%v*3DW(<k!rS##9a7<yYhZ)W#JE>N+j;|n}!aiiFF+;n`2
zhYVL&4up4TK6bsl>4}PC<p`fWG~?1zuR>*%y~h(IwX~7co1R^?%a&u-Wj3c9WIFcJ
z)Ra}1MC5f?vg23-<yRa#Fs;DMxuufj&zd^2$Wc~v&rj&cL#Qa|DB>#}HgY=RxXLhk
zoUYBLA(b4NSWAd>bD~x}&-G}=+Wb=$`#K)MIi+BoC<U|`B?he_PuiiVn`39E?W|?|
ztm$;YLq8BDlGm*U4E=Sq?WXS1^ajL6Sfx3l6Sj8ROy{E_K?R2SHdIbFP@jvr2A9)m
zD0`>)x@tK-l|PxM8AJzBZ}h!tdp@y@hIRi3uPYaxw`lmE8Lpj7*Yuy{)vz@Mp~L2+
z(w=7>5*Hr0b+^oOGN{R`ov>=i%%M})(;9{)hb|bJ*}U*=PvnnhgKmYON)EbRc5#L7
zr*66rS#L~E9qkk_dEn{&CVdUj%4m%yo`d}?fw)HR&d{i!3u73kJwe$BI3ncx$>>-!
zl=TTCVnl1`TuU0N!D+Mp3|)p6`3>DWN-|S}zMVAA)o^}W+I#Bu38UAzK-kbN?M55C
zvM|*71V+;6GhVBqfBid!J^lADi5{ro^`sH2;o=5;PX3BFYPj?agGU&cRHls~s&<6#
zml)o8j>~_@b~?g#Hqb|Vm3rsYnuZ?eh~Yf7){7|^SS0^4t#{Cm9Sq<hd5gG+3atmY
zgl{p3?@6m4=!*Xlmyw`s{ZL*Zt73v4_BZ<e!3`BjDlmC0?o6m6aKSKZxN-zF@)Qx}
X7Yw$THHDTLqv+5V<?py25>NdH8QH6h

literal 0
HcmV?d00001

diff --git a/regression/strings/RegexSubstitution02/RegexSubstitution02.java b/regression/strings/RegexSubstitution02/RegexSubstitution02.java
new file mode 100644
index 00000000000..476c0921553
--- /dev/null
+++ b/regression/strings/RegexSubstitution02/RegexSubstitution02.java
@@ -0,0 +1,32 @@
+import java.util.Arrays;
+
+public class RegexSubstitution02
+{
+   public static void main(String[] args)
+   {
+      String firstString = "DiffBlue ***";
+      String secondString = "Automatic Test Case Generation";
+
+      firstString = firstString.replaceAll("\\*", "^");
+
+      secondString = secondString.replaceAll("Automatic", "Automated");
+
+      System.out.printf(
+         "\"Automatic\" substituted for \"Automated\": %s\n", secondString);
+      secondString.equals("Automated Test Case Generation");
+
+      System.out.printf("Every word replaced by \"word\": %s\n\n",
+         firstString.replaceAll("\\w+", "word"));
+
+      System.out.printf("Original String 2: %s\n", secondString);
+      secondString.equals("Automated Test Case Generation");
+
+      for (int i = 0; i < 3; i++)
+         secondString = secondString.replaceFirst("\\A", "automated");
+
+      System.out.print("String split at commas: ");
+      String[] results = secondString.split(" \\s*");
+      System.out.println(Arrays.toString(results));
+      assert results[0].equals("automatedautomatedautomatedaAutomated");
+   }
+}
diff --git a/regression/strings/RegexSubstitution02/test.desc b/regression/strings/RegexSubstitution02/test.desc
new file mode 100644
index 00000000000..eb2c03599a1
--- /dev/null
+++ b/regression/strings/RegexSubstitution02/test.desc
@@ -0,0 +1,8 @@
+FUTURE
+RegexSubstitution02.class
+--string-refine
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION FAILED$
+--
+^warning: ignoring
diff --git a/regression/strings/RegexSubstitution03/RegexSubstitution03.class b/regression/strings/RegexSubstitution03/RegexSubstitution03.class
new file mode 100644
index 0000000000000000000000000000000000000000..fa382774918546a8738294bd1b81a64513954537
GIT binary patch
literal 1684
zcmZ`(Npl-T6#m*Hds>r8tc>kMB-oxfn<XnzNCE`Q7%SdbBs*9p#tRN3sb$6)Y0S(h
z#urXhapK6ul@kYiCR8a@Qox-*!<}M#t;LeDshXPZe(&q|-uIUN?e7=A0Jw|C8X`z?
z+~RnR<2J_~jij%KVd4#rH|61;inlaq5;e||3S$Cqb4;puN5d4-9QQe<Ic7L!Ip#R#
zIo_4`-s5;*B0k{A$a7Z10v4s@fr<|`EFs6xcg6C3;RUu^@n>w`$~&USz}6UgChUqG
zOfo2=v4;$yX}2gCdNX!KEL6*R;VnxrDaw{zVK_Isp4qmZSV_mKY$bDnXIHjT^5W@S
zU=<!`t(`hv#WDk*C^${yTF$L{1u<t!Q_&@{CBDd2^L}6lRT<N*J2$0K9anIbL7%Zp
zrTb1*nDKa=VJKY<+_Dwe1#?;WfjMpY!kiZs;gQUxn7TFy#Wu;Oj*swA#|SQWTG`y(
z)Ukq($#XmObSodTp67ZD;X^O&y(p?!)v<<khQ!DrV8rxWv5TTvay_%96UC8n^Qx~g
zMB1Jf^V^~jsMyf)2{zk&=<dmUF3&y@-k!PZdPUO{JC0Q#XnxNek&=c3@}O+&j!{{p
zjLNd;*;{tSa?D0a%-hX4x;E0p$7*Cy6m>iT6)W0A`8$psm{wpG+;Z9S$4wod!Xm5Y
zh9B3FM?nSM5h&@{l8U|)N~hv89X7U)kZw3&(3%9&j>B+o^my+am&A^Xs7=M^Rm<@i
z20CptQk#lVA9o}?x910<Oc`>k0bOXAv)$waYSw@P6IMAzRO%HvDkeWW5>#TC==9TI
zlj>~!mh1nqt~Ytl*`7~9bl1)PC;FyUIX&I=N-$hM!E3D3ZSzixFHMh=OnaWSN2%d~
z+fYk8otKWr+BvxlYCSTC#;CX5veOPd7t~cn;oF`l9?lBQcu*w;y%lS?M2}a5UN;tr
z%88?$0wyPz{@3U<NGqeYJN_K(2MNS=`uEg@3c?sgjP?X&!{7*!?!f5E7)o}`2pQcq
z^kkkv-ADhJ!D|Tb<J3!NtIu)j*My-Pr%9iEhBHQQ=x0P$l|-(FvnvV1An1ye_ci2W
zM!zvY*t%NE&z*o*CI@@IgOM=K8_^nG$$q7<gMWUP=nFMmOc<}$Ft|X+8$V&FhG9vj
zt4?MCeY97JIVWNodZ81cGe}ZqreI(m{q*t-V4c=SIFB7fv5O1%5*P6`t=~|VzQqup
zVi@03KI3G~fbtivsTia0Pb{%N$OlK_Ft2y(2?Wj>W(}A2p@t3+QhtQm4y%=8X|5Yx
N`jo81je68K{{_$BnAQLQ

literal 0
HcmV?d00001

diff --git a/regression/strings/RegexSubstitution03/RegexSubstitution03.java b/regression/strings/RegexSubstitution03/RegexSubstitution03.java
new file mode 100644
index 00000000000..9ea91639e2c
--- /dev/null
+++ b/regression/strings/RegexSubstitution03/RegexSubstitution03.java
@@ -0,0 +1,33 @@
+import java.util.Arrays;
+
+public class RegexSubstitution03
+{
+   public static void main(String[] args)
+   {
+      String firstString = "DiffBlue ***";
+      String secondString = "Automatic Test Case Generation";
+
+      firstString = firstString.replaceAll("\\*", "^");
+
+      assert firstString.equals("DiffBlue ^^^");
+
+      secondString = secondString.replaceAll("Automatic", "Automated");
+
+      System.out.printf(
+         "\"Automatic\" substituted for \"Automated\": %s\n", secondString);
+      secondString.equals("Automated Test Case Generation");
+
+      System.out.printf("Every word replaced by \"word\": %s\n\n",
+         firstString.replaceAll("\\w+", "word"));
+
+      System.out.printf("Original String 2: %s\n", secondString);
+      secondString.equals("Automated Test Case Generation");
+
+      for (int i = 0; i < 3; i++)
+         secondString = secondString.replaceFirst("\\A", "automated");
+
+      System.out.print("String split at commas: ");
+      String[] results = secondString.split(" \\s*");
+      System.out.println(Arrays.toString(results));
+   }
+}
diff --git a/regression/strings/RegexSubstitution03/test.desc b/regression/strings/RegexSubstitution03/test.desc
new file mode 100644
index 00000000000..20da1478b1a
--- /dev/null
+++ b/regression/strings/RegexSubstitution03/test.desc
@@ -0,0 +1,8 @@
+FUTURE
+RegexSubstitution03.class
+--string-refine
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION SUCCESSFUL$
+--
+^warning: ignoring

From 9e6ea68c07e6d02c1d2d77d446e16a2fc106d950 Mon Sep 17 00:00:00 2001
From: Lucas Cordeiro <lucasccordeiro@gmail.com>
Date: Wed, 22 Feb 2017 14:14:59 +0000
Subject: [PATCH 003/699] =?UTF-8?q?=C2=A0added=20character=20static=20meth?=
 =?UTF-8?q?ods=20for=20testing=20characters=20and=20converting=20case?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Lucas Cordeiro <lucasccordeiro@gmail.com>
---
 .../StaticCharMethods01.class                 | Bin 0 -> 1067 bytes
 .../StaticCharMethods01.java                  |  16 +++++++++
 .../strings/StaticCharMethods01/test.desc     |   8 +++++
 .../StaticCharMethods02.class                 | Bin 0 -> 644 bytes
 .../StaticCharMethods02.java                  |   8 +++++
 .../strings/StaticCharMethods02/test.desc     |   8 +++++
 .../StaticCharMethods03.class                 | Bin 0 -> 614 bytes
 .../StaticCharMethods03.java                  |   8 +++++
 .../strings/StaticCharMethods03/test.desc     |   8 +++++
 .../StaticCharMethods04.class                 | Bin 0 -> 614 bytes
 .../StaticCharMethods04.java                  |   8 +++++
 .../strings/StaticCharMethods04/test.desc     |   8 +++++
 .../StaticCharMethods05.class                 | Bin 0 -> 1522 bytes
 .../StaticCharMethods05.java                  |  33 ++++++++++++++++++
 .../strings/StaticCharMethods05/test.desc     |   8 +++++
 .../StaticCharMethods06.class                 | Bin 0 -> 917 bytes
 .../StaticCharMethods06.java                  |  19 ++++++++++
 .../strings/StaticCharMethods06/test.desc     |   8 +++++
 18 files changed, 140 insertions(+)
 create mode 100644 regression/strings/StaticCharMethods01/StaticCharMethods01.class
 create mode 100644 regression/strings/StaticCharMethods01/StaticCharMethods01.java
 create mode 100644 regression/strings/StaticCharMethods01/test.desc
 create mode 100644 regression/strings/StaticCharMethods02/StaticCharMethods02.class
 create mode 100644 regression/strings/StaticCharMethods02/StaticCharMethods02.java
 create mode 100644 regression/strings/StaticCharMethods02/test.desc
 create mode 100644 regression/strings/StaticCharMethods03/StaticCharMethods03.class
 create mode 100644 regression/strings/StaticCharMethods03/StaticCharMethods03.java
 create mode 100644 regression/strings/StaticCharMethods03/test.desc
 create mode 100644 regression/strings/StaticCharMethods04/StaticCharMethods04.class
 create mode 100644 regression/strings/StaticCharMethods04/StaticCharMethods04.java
 create mode 100644 regression/strings/StaticCharMethods04/test.desc
 create mode 100644 regression/strings/StaticCharMethods05/StaticCharMethods05.class
 create mode 100644 regression/strings/StaticCharMethods05/StaticCharMethods05.java
 create mode 100644 regression/strings/StaticCharMethods05/test.desc
 create mode 100644 regression/strings/StaticCharMethods06/StaticCharMethods06.class
 create mode 100644 regression/strings/StaticCharMethods06/StaticCharMethods06.java
 create mode 100644 regression/strings/StaticCharMethods06/test.desc

diff --git a/regression/strings/StaticCharMethods01/StaticCharMethods01.class b/regression/strings/StaticCharMethods01/StaticCharMethods01.class
new file mode 100644
index 0000000000000000000000000000000000000000..9236c2521e11657d1630d0ed02aee55588a90dac
GIT binary patch
literal 1067
zcmZuwO-~b16g{sUI_-3zP}*8SP!zSG@+E$@B3d-jfS6Q`;%eGH;9;2|ZwB4_CyZ=d
zx^bf>Vl>f}F8oc#c<+SLrs+)P%)95^&+}&f{QLF;z&sW$3}7^Y6pmXsfiV*&Ef^SO
z;}pX<!)b;y3}+b%3=<5K4ChRow{QVdCZ+`j#~t67I#8bLFDc)tHe_8utO>+Q%2mOF
zK(sLNM8GI}bt#ZqR<3-oyIqy~5j)eywxe8uT;cihmh;k?ZaD77bS2Qr-6(QkZzXVQ
zFIJqL1OIrb);P#)RlHqYlXn&8$&+88YUNEwugGB2tNSyvQ=HL823Z?v44Rm+F^f5J
zZk4*#?Ej9|p0;rjb2dpuaEakE!xe_B4A&U0qiCaqB8}grsEHdk7I0Ibzg1<mx+QA?
z1+*yc)Tsqh3nY}kB-cq9(#|N9CrCb%D7B#|B&+=UG{(KUbOW`nq^6ph_)I7NFr?$k
zUzS0bHq~6N>VsTKV!T&UmmQxZBkS?b&Y=}}Z5FptCYQi#3rMwf-=Kr1W2;MFX<0v1
zkp<bM4LbETjM0}iKwqBd&$Irtih>$PmM}-w2)zZpdnWfGKC&Z@5XM51WI-NBX-%$T
z2obu0-_g=1MD{Q^{1s8-9g^Q+JljXl&yY<M8++S@G&@O-k9Unvbh>g<s~ef@M%tZZ
zj>3EC>1%72XN`ojP9aI_9<pLItw}#t9Jgumr?9Y1d#_>R4SMkbefULk4v}{s5`U2w
wnM^iASDqq<4<(%swF3sysW0f?gK4~n5&euvt7KDNPDO?7MLvXMVMinX0ZQ)T{r~^~

literal 0
HcmV?d00001

diff --git a/regression/strings/StaticCharMethods01/StaticCharMethods01.java b/regression/strings/StaticCharMethods01/StaticCharMethods01.java
new file mode 100644
index 00000000000..d8e2f9d261b
--- /dev/null
+++ b/regression/strings/StaticCharMethods01/StaticCharMethods01.java
@@ -0,0 +1,16 @@
+public class StaticCharMethods01
+{
+   public static void main(String[] args)
+   {
+      char c = 0;
+      assert Character.isDefined(c)==true;
+      assert Character.isDigit(c)==false;
+      assert Character.isJavaIdentifierStart(c)==false;
+      assert Character.isJavaIdentifierPart(c)==true;
+      assert Character.isLetter(c)==false;
+      assert Character.isLetterOrDigit(c)==false;
+      assert Character.isLowerCase(c)==false;
+      assert Character.isUpperCase(c)==false;
+      assert Character.toUpperCase(c)==Character.toLowerCase(c);
+   }
+}
diff --git a/regression/strings/StaticCharMethods01/test.desc b/regression/strings/StaticCharMethods01/test.desc
new file mode 100644
index 00000000000..4b633e92bcf
--- /dev/null
+++ b/regression/strings/StaticCharMethods01/test.desc
@@ -0,0 +1,8 @@
+FUTURE
+StaticCharMethods01.class
+--string-refine
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION SUCCESSFUL$
+--
+^warning: ignoring
diff --git a/regression/strings/StaticCharMethods02/StaticCharMethods02.class b/regression/strings/StaticCharMethods02/StaticCharMethods02.class
new file mode 100644
index 0000000000000000000000000000000000000000..78ad3dbdc778f1bd3920af2b50b3ca56d49e9763
GIT binary patch
literal 644
zcmZvZ&rcIU6vw~QZ98SV(DK7tDWG80;z11IW@9jmghPQt!NhW!?oP^J*==U0_`h)S
z=2=OAXrg!jCSrWEq0|G}?99A3?|t6)z4`O^$1eaIc;R9Kl?iY>bWz14yUcUcT;x#U
zSa7k3C631ovvrXqQX3UV$(Bk)w=Y8m)?vsuRiw;Y2B)$5fg$V1p=2nvR3!I?r(LNJ
zY%pD%3KcO_8b_@YaVFOKBI>QRjaE_bjZK_v8xefk6@%OOLNn;!lHGPZ)PdYqmQ$rT
zqXPd}=v`@!<1l%>{>l<Pc$oCyqR8>Y!!lMpJjDuSjO)D{HSu2SSW{c~z&Pq2p5Zw|
zd7QZ4J&}Q-gt5yi5P^||DVq3jFp%08iS4xEullL86@MN%OaCSIX_hpJP$o*t@J^G}
zGNcO{WQXK)dK-Y1tF|RNIbgO!TBpcbq@B^8dwB)+%?6@GYd&={N-blW&Ng%h8Tx<)
zr}-V3b5v^AaOlr|LGdSYAFq)AZ3&r_Fhzw3OI98=5-~#-QEyOVC}8$Zz(!gLn4aO6
cD4c_5zar~gATvgd#8?CYy-h25F0J(7A5^q|OaK4?

literal 0
HcmV?d00001

diff --git a/regression/strings/StaticCharMethods02/StaticCharMethods02.java b/regression/strings/StaticCharMethods02/StaticCharMethods02.java
new file mode 100644
index 00000000000..658186e9603
--- /dev/null
+++ b/regression/strings/StaticCharMethods02/StaticCharMethods02.java
@@ -0,0 +1,8 @@
+public class StaticCharMethods02
+{
+   public static void main(String[] args)
+   {
+      char c = 0;
+      assert Character.toUpperCase(c)!=Character.toLowerCase(c);
+   }
+}
diff --git a/regression/strings/StaticCharMethods02/test.desc b/regression/strings/StaticCharMethods02/test.desc
new file mode 100644
index 00000000000..496814588a7
--- /dev/null
+++ b/regression/strings/StaticCharMethods02/test.desc
@@ -0,0 +1,8 @@
+FUTURE
+StaticCharMethods02.class
+--string-refine
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION FAILED$
+--
+^warning: ignoring
diff --git a/regression/strings/StaticCharMethods03/StaticCharMethods03.class b/regression/strings/StaticCharMethods03/StaticCharMethods03.class
new file mode 100644
index 0000000000000000000000000000000000000000..264331b2fbec8488bb351cb190da21a20bc14000
GIT binary patch
literal 614
zcmZuuT`vPc6g|^jyX{(9t&jTtd?*hp;Y}l?<;llGMS`d4?$D{)mD#QT!XNOA1R>$w
zZxV5*K|RPMGxyG%d(OFc-ansT0jyxoK@tNgSQvCLguIPm2POt=j5rv@n2m9U+#HW0
zp<)>ZQAI|)))YPiJ7Ta(GLZ2agHf12U@*&}FBsC>G7!71^O{im8cYx8Tm}q-h2!l8
zzvRUx4^E5KSjpgYRTuVDWA2^p@QZJJvg9?tnVo9bQl8k7nkP@VSbF6;S34rEhkmrQ
zyr>ynbi;L#f@5RC#U!Q(+>zS&@xQ55sHmfVcx+6&n87SVrc=0AYX~o<g3gr|=Uyy`
zCMBbaIH6`~9A=?BPZLT10XAuD)U+=msf7RQL2I|@fo67uX&QZ!zJg`)+C4=Em~Mvl
z9?Hh)WOQ~dJc8Y7AbM%H+Lz=2X=EtY&<YZ?fV@$<L*g3Q(I*&J=zf8D_=v7IU7cuG
z_mT)vQfASo+vuZ=7(Xz?$V~QEe5I`d^kuCF*w?Vl8<@sD5*?}^BbtH;-F0m@*H-HP
E0ye^UPyhe`

literal 0
HcmV?d00001

diff --git a/regression/strings/StaticCharMethods03/StaticCharMethods03.java b/regression/strings/StaticCharMethods03/StaticCharMethods03.java
new file mode 100644
index 00000000000..abc29073402
--- /dev/null
+++ b/regression/strings/StaticCharMethods03/StaticCharMethods03.java
@@ -0,0 +1,8 @@
+public class StaticCharMethods03
+{
+   public static void main(String[] args)
+   {
+      char c = 0;
+      assert Character.isDefined(c)==false;
+   }
+}
diff --git a/regression/strings/StaticCharMethods03/test.desc b/regression/strings/StaticCharMethods03/test.desc
new file mode 100644
index 00000000000..d48bf57dbba
--- /dev/null
+++ b/regression/strings/StaticCharMethods03/test.desc
@@ -0,0 +1,8 @@
+FUTURE
+StaticCharMethods03.class
+--string-refine
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION FAILED$
+--
+^warning: ignoring
diff --git a/regression/strings/StaticCharMethods04/StaticCharMethods04.class b/regression/strings/StaticCharMethods04/StaticCharMethods04.class
new file mode 100644
index 0000000000000000000000000000000000000000..6966a3cc5579f1941c68e259e0bde46d890893cd
GIT binary patch
literal 614
zcmZuu%}?7f6#uzNlM+%|=zw&kd~6)b4r7Pjs1T^IQwxV8B;e#G7MPV}a@_qfTz1@f
zAi=ar<IdlN5YG{9cbF{M@7ceP_nsf0fByy0#JYz9=BMCb!NVc~7gY~7=3Tt?P{Wdo
zIzwfhr>Rg{CULqaQ{Eqlh=H9lI4v1Vz0F`XHjWwWb`lAOQb)$(V0hIR>d1iU;fl+c
zVWDx>x#ZvY=77iNn?0>$e7<Ff#h&KjmoESMiZ8Un!K<>@ONJ^GpQX_W2&ZM(zTm1W
z^hFY-pPC<yqK|3#KBnNgSoX1kRRT|}c1QK^E0rkf=s!9x)_lCfdxr9ac-X%bp(euQ
z%9!&|3z8|wv?FvD+Ku)G4W#rBZa`C`o+FV;C8BW&#(GE(G_q5y(c}yC6RaGV;wiGg
zOfR$-DXY`T=*)k(2m5J&n4#UtE*ViuC{t{p`^eD(s#fa;xocEvzhK$lG5rVj$vyH9
zhMvplGvq>=lsO3CVwN(Jd_q7yVQ%c+%xr+!Ip+@UHC+1#Z0i=eiPWePBSC`xj;Xhj
HIlXxS5x96E

literal 0
HcmV?d00001

diff --git a/regression/strings/StaticCharMethods04/StaticCharMethods04.java b/regression/strings/StaticCharMethods04/StaticCharMethods04.java
new file mode 100644
index 00000000000..70fa2be2f36
--- /dev/null
+++ b/regression/strings/StaticCharMethods04/StaticCharMethods04.java
@@ -0,0 +1,8 @@
+public class StaticCharMethods04
+{
+   public static void main(String[] args)
+   {
+      char c = 0;
+      assert Character.isLetter(c)==true;
+   }
+}
diff --git a/regression/strings/StaticCharMethods04/test.desc b/regression/strings/StaticCharMethods04/test.desc
new file mode 100644
index 00000000000..93eebbae1da
--- /dev/null
+++ b/regression/strings/StaticCharMethods04/test.desc
@@ -0,0 +1,8 @@
+FUTURE
+StaticCharMethods04.class
+--string-refine
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION FAILED$
+--
+^warning: ignoring
diff --git a/regression/strings/StaticCharMethods05/StaticCharMethods05.class b/regression/strings/StaticCharMethods05/StaticCharMethods05.class
new file mode 100644
index 0000000000000000000000000000000000000000..c58f3d328afb757005812bcbc2145c7350cb5c38
GIT binary patch
literal 1522
zcmZuxOLH4V5dKD5?a1r3Ez6c45D^9PketK{kO=ULIBSO}v111XCw5+}rHQkNyz5%6
z4EzHQ965z5C{7&U5~oUbB^9{ym#9k7y^<|C<-_*OPIrIZ{dLd$`}Wn}04~Bd(1X(w
zXS$F@&OiiXEY5ae80RF;8<057y74&j1}@;^I6jg1)F9tWEDC)1Ssb6U+ZP5VFd4@b
zYo-m%;7f_i24-<ZVBn-(t0_NlJhwLI)a>=DstAZR0e#AGonS^Fn$4{UXqHz|0(}dP
zt8Uge*Oh;pjY+X-JFdV`_TIu%d)v-eZFeJI3Vg@im}JMEQec;#E!tb5JryMopDI^d
z;6}--`(<_2VW<%@4V<#|#P%0e@WiXsE?gRCP!sRtm_UCRpdL8Ye5q`^uJR=;6LXkn
zgR3UK!Zj14c#ojkxy<etIPd$OZ=#6n0=@HYp!|%TsW=->Fd=cn!~zxtj$59)O@uTR
znZV1GDIL2^))SdiHA5iLhF)5Ks>*@HO%qF4HgOAIn<(M7Kyn|y?QP;4tVrB3aTlu{
zfetJ<STh|CWMU2XB<?fn18UR}+(<k$@d)1@%Bl22El`^R5$;N=*%Qah7u~ITKy6X>
z<|NURJyOB_lCJtbD7rz|_##QKPWv{{GIh2MG!T+O_#MZDvBgGJPM{U&-Kl8$g{R!^
zkY5^%$DTjO4H1ZCi^ZHpP}_F3u9hBi&Q`8t#17o396gLjHd9B0>zvDG!zNoehtnn;
zjcXSe%ytH9&GKQA!}+Gb+`L(G(XwH-v9N!fy;aN+dCiFp%OpzGhVuEQ6g%Nt=M=rK
zJy=$it|ggPRL${K<zR$)2<oJuJGq7v^c?iigCP<lJoL1SLhwx?nWn!qt%BCr*e=8i
zHpB-c_3$u?E*wXO_GBu?=tYsF+k1`3>JFm2&=$@%5SwP9Z_VsLe~!WQFNml0-_iXV
za&;H+f6{-F&yVy)=;KhMt^I=?bR~@jy4k;=@t>)^LC<P5r5)Qt?;iR}4J7U~{|d1X
ze>xRQ1izuMkIr8GO^jr;fq{a~Cxa~<op4fn7z%N?x=2{vbtGvo(M|OwNDjlqIC^mn
z{a7a53I<TYAfD0cA%*WSgrA7KpNY6%iMqdtkC(LW5;rFZDS_Bqev3a8LXQ3iYYcIG
pbU^XNuxg+`Io!a=b4cwEXwjF@+X?N{&0sM^%*))AlVQH6{s-gDS{VQU

literal 0
HcmV?d00001

diff --git a/regression/strings/StaticCharMethods05/StaticCharMethods05.java b/regression/strings/StaticCharMethods05/StaticCharMethods05.java
new file mode 100644
index 00000000000..cffbed129b4
--- /dev/null
+++ b/regression/strings/StaticCharMethods05/StaticCharMethods05.java
@@ -0,0 +1,33 @@
+import java.util.Scanner;
+
+public class StaticCharMethods05
+{
+   public static void main(String[] args)
+   {
+      Scanner scanner = new Scanner(System.in);
+
+      int radix = scanner.nextInt();
+
+      int choice = scanner.nextInt() % 3;
+      assert choice>=0 && choice<3;
+
+      switch (choice)
+      {
+         case 1: // convert digit to character
+            System.out.println("Enter a digit:");
+            int digit = scanner.nextInt();
+            System.out.printf("Convert digit to character: %s\n",
+               Character.forDigit(digit, radix));
+	    char tmp=Character.forDigit(digit, radix);
+            assert tmp=='t';
+            break;
+
+         case 2: // convert character to digit
+            System.out.println("Enter a character:");
+            char character = scanner.next().charAt(0);
+            System.out.printf("Convert character to digit: %s\n",
+               Character.digit(character, radix));
+            break;
+      }
+   }
+}
diff --git a/regression/strings/StaticCharMethods05/test.desc b/regression/strings/StaticCharMethods05/test.desc
new file mode 100644
index 00000000000..e009650a853
--- /dev/null
+++ b/regression/strings/StaticCharMethods05/test.desc
@@ -0,0 +1,8 @@
+FUTURE
+StaticCharMethods05.class
+--string-refine
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION FAILED$
+--
+^warning: ignoring
diff --git a/regression/strings/StaticCharMethods06/StaticCharMethods06.class b/regression/strings/StaticCharMethods06/StaticCharMethods06.class
new file mode 100644
index 0000000000000000000000000000000000000000..10f416854e6eeca224d6bab498a22308a30ec85c
GIT binary patch
literal 917
zcmZuwT~8B16g|_g-EOz^1ByiiilVfD6cDPW#7L?>wPI3ZB0f#GBP?!rad%7fr^p}R
zSxk!2MBn{S8t-g@wh75*_U_zs&pmVQ?4N%>egW9TV+~16Yq*6Oxy;5fhk}ZE4YzSe
z#X=kj+*NQ-Lmblz7Bv)6Qn17@zQ8?CxW4Jw-ZRtVElac+*d9Y{+q6yp2}8J8dczQ@
zIc>p^s++cW+3mE1`&xo2(cz}eFj;(8Kjg=}Y;k+P-1J@3-ml8SWYg!yhXy|i@Cue0
z)NRAMAlI5s*EPfoQ&Qy#>YGOGfV&OhA2@Aqt+Fafb)=D@QXMO}uVWQu1#3FivB5B5
ztQWZ5E*KjH?uvr=*yWa{;DJuQY!T;Z+IIX4h>kI&C_fOrbLqr$*L7U-<{CK)DmotG
z5kq=VxZ64uhED~9EqMlR_=0GZV{UcD?tAK0td)jLy24b+?LfE3kSh)$`oz@|jbo@?
z^RwrR4h_cXQqx=?Z#v~y<hf7I3*I5dzL?Q%5_2R$77c8q(a^k7Lx-^Fa?oho!ZTgb
zzVb)<(xn95j6KZL-Ad9eWa+$gl%g<5E;6)c>1&4GjNZ|ubFi-xh;dqD!6u^%Ie{F-
z68Z@tDh4X)o$m<MgSD}|(nI(Q#?BDQMtg{zVoHVzg=bJtkobxC+jD5YC3h&`o`phj
zlzPOVL!}NH{SYZElB_N2G)Y+<p}&|@aD$#4Ve(gkHv?rrCY$I%KY<cCMI`(U>Y%};
Rcu5pRNPjAiI2H82`5(=T#Owe7

literal 0
HcmV?d00001

diff --git a/regression/strings/StaticCharMethods06/StaticCharMethods06.java b/regression/strings/StaticCharMethods06/StaticCharMethods06.java
new file mode 100644
index 00000000000..ca8ff1604ac
--- /dev/null
+++ b/regression/strings/StaticCharMethods06/StaticCharMethods06.java
@@ -0,0 +1,19 @@
+public class StaticCharMethods06
+{
+   public static void main(String[] args)
+   {
+      Character c1 = 'A';
+      Character c2 = 'A';
+
+      if (c1.equals(c2))
+      {
+         System.out.println("c1 and c2 are equal\n");
+         assert true;
+      }
+      else
+      {
+         System.out.println("c1 and c2 are not equal\n");
+         assert false;
+      }
+   }
+}
diff --git a/regression/strings/StaticCharMethods06/test.desc b/regression/strings/StaticCharMethods06/test.desc
new file mode 100644
index 00000000000..6f351b2c7cf
--- /dev/null
+++ b/regression/strings/StaticCharMethods06/test.desc
@@ -0,0 +1,8 @@
+FUTURE
+StaticCharMethods06.class
+--string-refine
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION SUCCESSFUL$
+--
+^warning: ignoring

From 0b056151819f54d99447251e4f4f3d2392b3ec30 Mon Sep 17 00:00:00 2001
From: Lucas Cordeiro <lucasccordeiro@gmail.com>
Date: Wed, 22 Feb 2017 14:16:01 +0000
Subject: [PATCH 004/699] =?UTF-8?q?=C2=A0added=20test=20cases=20related=20?=
 =?UTF-8?q?to=20sringBuilder=20append=20methods?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Lucas Cordeiro <lucasccordeiro@gmail.com>
---
 .../StringBuilderAppend01.class               | Bin 0 -> 1860 bytes
 .../StringBuilderAppend01.java                |  43 ++++++++++++++++++
 .../strings/StringBuilderAppend01/test.desc   |   8 ++++
 .../StringBuilderAppend02.class               | Bin 0 -> 1861 bytes
 .../StringBuilderAppend02.java                |  43 ++++++++++++++++++
 .../strings/StringBuilderAppend02/test.desc   |   8 ++++
 6 files changed, 102 insertions(+)
 create mode 100644 regression/strings/StringBuilderAppend01/StringBuilderAppend01.class
 create mode 100644 regression/strings/StringBuilderAppend01/StringBuilderAppend01.java
 create mode 100644 regression/strings/StringBuilderAppend01/test.desc
 create mode 100644 regression/strings/StringBuilderAppend02/StringBuilderAppend02.class
 create mode 100644 regression/strings/StringBuilderAppend02/StringBuilderAppend02.java
 create mode 100644 regression/strings/StringBuilderAppend02/test.desc

diff --git a/regression/strings/StringBuilderAppend01/StringBuilderAppend01.class b/regression/strings/StringBuilderAppend01/StringBuilderAppend01.class
new file mode 100644
index 0000000000000000000000000000000000000000..b6202d6fc9ac4595ee3ca4131f90ffa63a33fd5a
GIT binary patch
literal 1860
zcmah}&vV;E7=3HYT3MD8;lxgyCQX1EoVNK@r%9WHlGJG+B}ogh+uEUkY|BN(l~dWy
zfg=Yl%)o_HF1>Vyfdey8MqwzF87?pk!weTLTsZW`{{Va|$4N*t#<Jc%>HGHE)qA`9
z^WWb*0x*fPil>oMFsa~dfZq5rp~sNshX8qg{<C|Jwto7GV@koaiXhGjNC`NvU`DjF
z0_Fs~AmD<47X{1<SP*bgKw7|}fJ;FPVoAYEDqhAi$7K}*NO8QPVg;)lYYbf{j9Sff
z>Q>dREm}3BP%%pkEYBd%S+-Tbz~D~~Ut^Hc)so53xnkMoTH{W^bTT5D0(T6{W{4#>
zR&E<x##qI$Z;h?j9m~EoD>{bP>qhaNRb$i3=eR=Sa$Mzjl|Gh1nJZRy2U6Fo4X0=>
zS)y!Tv&6-QRVkUy!se!Fm&PYX#Sj`!AVED#R=HfLG{hY0X06W9b9e%~y%|CkqgEd(
zG|FYu5#3+Yu#OCaFJTLo6>v?!bpba7<OJjeYzTN=z)b;fXm}HEX?O<DGGtnlNZ4Wy
z346<Qtg=-!greRP1)PSNu=5FfI$=+Y@BI??nbETeJCzzurBVs|zzj(q4F(Dfz58FZ
z(DLb$<5V4n=#c_(6g8AUn&|souM}>ZMbfA12#fxc*epr1Y@}&`<k5!8hGz!D$ial>
z7_-Aq^x5@b_E3Ing|x{ZNN%Lt)f=Sv@^ZV3{$##=xNZIZ<o^`E+`jly`|x7BaO$A8
z>9-AM-Mrf{?V{OMVWnPeS=gO?vOIYpQyHUDJLGQ5Jlgi1`^zRxOOi5UC9`HZW@&E$
z(uS@#C_o28o=&tux&fy5iXB1B4<<G!;dAsfKrN#-aB>Ii3z3ND31#mkqeCi*Vd9j^
zeuaciYNd#8CE{PzwQmDCzrK~tNxGTM1#~BylXWYb<9a!pQv}mxy-3J)gHX}yghB7U
zs#l4JbUV8yO-XuwDxmWzxf{|nkI3hO-QefdhY02(>JCCPnxH$-X2S9CDHq{Lhl|eB
zbbDmPh2A87*~L>HjY=*eO%`y`)npXy_E?O&h<dCi=pyE^Ue!g9$Kslc-s|zOi}*~(
zm+0F@G~N+8=AwTap@$ftnH>LKDCP5%`p^?KK(fkoajZhYRnjd36*myVO^CB1j529=
z7dqZW1n;2>@1q+ZAc~I=!^h~sHhOUnaok5AKE*M7j($8Kd%nhTd`Bk!fFb-yR{laZ
z{zhZ|PA2|AHvUQ8JSLa^!Z7pWBwe5g`-dLF9H%%=bBu6|GR7pIpJUAXk5HC^@x5g*
m>G=(kZ_vfiHn{W&B>w~S?SE)%Nr(Xg@M-g6;Y@fsocR|#Be9hL

literal 0
HcmV?d00001

diff --git a/regression/strings/StringBuilderAppend01/StringBuilderAppend01.java b/regression/strings/StringBuilderAppend01/StringBuilderAppend01.java
new file mode 100644
index 00000000000..26e164c02c9
--- /dev/null
+++ b/regression/strings/StringBuilderAppend01/StringBuilderAppend01.java
@@ -0,0 +1,43 @@
+public class StringBuilderAppend01
+{
+   public static void main(String[] args)
+   {
+      Object objectRef = "diffblue";
+      String string = "test";
+      char[] charArray = {'v', 'e', 'r', 'i', 'f', 'i', 'c', 'a', 't', 'i', 'o', 'n'};
+      boolean booleanValue = true;
+      char characterValue = 'Z';
+      int integerValue = 7;
+      long longValue = 10000000000L;
+      float floatValue = 2.5f;
+      double doubleValue = 33.333;
+
+      StringBuilder lastBuffer = new StringBuilder("last buffer");
+      StringBuilder buffer = new StringBuilder();
+
+      buffer.append(objectRef)
+            .append("%n")
+            .append(string)
+            .append("%n")
+            .append(charArray)
+            .append("%n")
+            .append(charArray, 0, 3)
+            .append("%n")
+            .append(booleanValue)
+            .append("%n")
+            .append(characterValue)
+            .append("%n")
+            .append(integerValue)
+            .append("%n")
+            .append(longValue)
+            .append("%n")
+            .append(floatValue)
+            .append("%n")
+            .append(doubleValue)
+            .append("%n")
+            .append(lastBuffer);
+
+      String tmp=buffer.toString();
+      assert tmp.equals("diffblue%ntest%nverification%nver%ntrue%nZ%n7%n10000000000%n2.5%n33.333%nlast buffer");
+   }
+}
diff --git a/regression/strings/StringBuilderAppend01/test.desc b/regression/strings/StringBuilderAppend01/test.desc
new file mode 100644
index 00000000000..f1f89b629be
--- /dev/null
+++ b/regression/strings/StringBuilderAppend01/test.desc
@@ -0,0 +1,8 @@
+FUTURE
+StringBuilderAppend01.class
+--string-refine
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION SUCCESSFUL$
+--
+^warning: ignoring
diff --git a/regression/strings/StringBuilderAppend02/StringBuilderAppend02.class b/regression/strings/StringBuilderAppend02/StringBuilderAppend02.class
new file mode 100644
index 0000000000000000000000000000000000000000..bf07da6a61302cc8589caf7a84d69ba8c0046853
GIT binary patch
literal 1861
zcmah}&vV;E7=3HYT3MD8;W$5>CQX0}oVNMVI8E9ll%!4rDM?yL+|~{SWLqvOuAItt
z4jegfVFoUoa_OZr3>=t&G73YX%y5BW7-qO|;liOe{s-V&IZi^FF_!iAN#D2MuHM_-
zpa1^m5r7GlR6LE8f(Zp@L-Z!F9(fFDZV-^?=03akXzQo1I3^WLsR-kofRupq3Z_Ln
zBVbm*3j!_(cu~NdfO!EI1*8Qm2)Go+02URzq~c{Paa>l>j}*r%DweUrvC7bK!mL&;
zw`NzI>VjQ0^JS~Zz;X=otnJvf3k<>J&@~1rT`5`&?aQ`ft=8}4Eq7fcQ{awiI}BaP
zjpf_smN{BBom-=8HP?1-&4`ZCwVGLYXT{v~^Es~2xExnGUZsy^P-Y9|-GS7#O5H73
zi?%4++bD6dZkLOeJHNSUImNN@5ix{@6ELV}(Jqzp<+_+d&8pTIx(`oaw>LwiY*uT7
z`Fg2jxuW}P8rHDR5HK9UG6Jp%xGvy^fUJO=fDHk!3%DuZ4GnMNEe+4$S%yq=5{4t@
zU^rWrYnSYTDHQdeDB#vD!!dG(Gi5ku#`b=OGd^<Ga8jv}R4QdS2c}5+XfTmy=-L0I
z`KD2qT({yfbRMY?M?pgoB#OS@^-BJ>RUm;nj_~L|iH(w^%SM_8NFME|Z2E363?EEr
zj4?CxM4w#~W)9^ymq?5J{^UlwRlNa<FD<po=u75Whg;U~Oa4#s%dLwqwhk|}3a1Wg
zn||AL*Q~pB%PCkb6;^7MriJn3ljX?+naY^u>LGWV=Fz@y-(NOqT9TC6RkW(MYZdnv
zAnoW{odR?+<mgBnpc`O%kJu8#f?#5Y5<W*y{nRpQLnn8@z7UCco>2B*GCHM_7$Q!o
z>{m!=r&fvumSe#cUHdka4eDE&tfX6+Y)E%ASy{I;S+18dSw%2i)(eDOHwhKJMi}<r
zt9pfaM0YZ)(xjy4CPO-(l;e=5cuYPQj)R|9A0nKMsXK^FYl7}Tn~o-;r#wVsZ64ZB
z)9sUC4|;<HWe-pJv{UjBYp{@qjs~M>+-F_fL#NNW!ydYP)}wmp_E|#n&~rTz^^llu
z`x3p|=uEW5j(O<YM&u#-X(q?N7fJ<ur9SjU4Uw!eT^uV=aFujhhl(4B;3mXb5k-l#
zy9*ufB8K<Sf%g%|2k68{=)%Y7#x{Cz4+-2yFFwUFe2zXmAbY;XaePN6{(wRJNLKzr
zHvUFq{!S+TK{ozL-aICk{=yIo;v`+52>XW~q8z6<PIC-%j4;NeK#*h9{|{4^g0a12
nFyZ?Rl5fDn;5NAQ38dfy^zMIXb4iE+LI`McV&R<ebr}B_f%&n$

literal 0
HcmV?d00001

diff --git a/regression/strings/StringBuilderAppend02/StringBuilderAppend02.java b/regression/strings/StringBuilderAppend02/StringBuilderAppend02.java
new file mode 100644
index 00000000000..98e0e189c6f
--- /dev/null
+++ b/regression/strings/StringBuilderAppend02/StringBuilderAppend02.java
@@ -0,0 +1,43 @@
+public class StringBuilderAppend02
+{
+   public static void main(String[] args)
+   {
+      Object objectRef = "diffblue";
+      String string = "test";
+      char[] charArray = {'v', 'e', 'r', 'i', 'f', 'i', 'c', 'a', 't', 'i', 'o', 'n'};
+      boolean booleanValue = true;
+      char characterValue = 'Z';
+      int integerValue = 7;
+      long longValue = 10000000000L;
+      float floatValue = 2.5f;
+      double doubleValue = 33.333;
+
+      StringBuilder lastBuffer = new StringBuilder("last buffer");
+      StringBuilder buffer = new StringBuilder();
+
+      buffer.append(objectRef)
+            .append("%n")
+            .append(string)
+            .append("%n")
+            .append(charArray)
+            .append("%n")
+            .append(charArray, 0, 3)
+            .append("%n")
+            .append(booleanValue)
+            .append("%n")
+            .append(characterValue)
+            .append("%n")
+            .append(integerValue)
+            .append("%n")
+            .append(longValue)
+            .append("%n")
+            .append(floatValue)
+            .append("%n")
+            .append(doubleValue)
+            .append("%n")
+            .append(lastBuffer);
+
+      String tmp=buffer.toString();
+      assert tmp.equals("diffblue%ntest%nverification%nver%ntrue%n%Z%n7%n10000000000%n2.5%n33.333%nlast buffer");
+   }
+}
diff --git a/regression/strings/StringBuilderAppend02/test.desc b/regression/strings/StringBuilderAppend02/test.desc
new file mode 100644
index 00000000000..4ff9da595b5
--- /dev/null
+++ b/regression/strings/StringBuilderAppend02/test.desc
@@ -0,0 +1,8 @@
+FUTURE
+StringBuilderAppend02.class
+--string-refine
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION FAILED$
+--
+^warning: ignoring

From 5018776ecdd061f505367b4be76b44c26f3cde91 Mon Sep 17 00:00:00 2001
From: Lucas Cordeiro <lucasccordeiro@gmail.com>
Date: Wed, 22 Feb 2017 14:17:03 +0000
Subject: [PATCH 005/699] =?UTF-8?q?=C2=A0added=20stringBuilder=20methods?=
 =?UTF-8?q?=20length,=20setLength,=20capacity=20and=20ensureCapacity?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Lucas Cordeiro <lucasccordeiro@gmail.com>
---
 .../StringBuilderCapLen01.class               | Bin 0 -> 1092 bytes
 .../StringBuilderCapLen01.java                |  18 ++++++++++++++++++
 .../strings/StringBuilderCapLen01/test.desc   |   8 ++++++++
 .../StringBuilderCapLen02.class               | Bin 0 -> 871 bytes
 .../StringBuilderCapLen02.java                |   8 ++++++++
 .../strings/StringBuilderCapLen02/test.desc   |   8 ++++++++
 .../StringBuilderCapLen03.class               | Bin 0 -> 725 bytes
 .../StringBuilderCapLen03.java                |   8 ++++++++
 .../strings/StringBuilderCapLen03/test.desc   |   8 ++++++++
 .../StringBuilderCapLen04.class               | Bin 0 -> 727 bytes
 .../StringBuilderCapLen04.java                |   8 ++++++++
 .../strings/StringBuilderCapLen04/test.desc   |   8 ++++++++
 12 files changed, 74 insertions(+)
 create mode 100644 regression/strings/StringBuilderCapLen01/StringBuilderCapLen01.class
 create mode 100644 regression/strings/StringBuilderCapLen01/StringBuilderCapLen01.java
 create mode 100644 regression/strings/StringBuilderCapLen01/test.desc
 create mode 100644 regression/strings/StringBuilderCapLen02/StringBuilderCapLen02.class
 create mode 100644 regression/strings/StringBuilderCapLen02/StringBuilderCapLen02.java
 create mode 100644 regression/strings/StringBuilderCapLen02/test.desc
 create mode 100644 regression/strings/StringBuilderCapLen03/StringBuilderCapLen03.class
 create mode 100644 regression/strings/StringBuilderCapLen03/StringBuilderCapLen03.java
 create mode 100644 regression/strings/StringBuilderCapLen03/test.desc
 create mode 100644 regression/strings/StringBuilderCapLen04/StringBuilderCapLen04.class
 create mode 100644 regression/strings/StringBuilderCapLen04/StringBuilderCapLen04.java
 create mode 100644 regression/strings/StringBuilderCapLen04/test.desc

diff --git a/regression/strings/StringBuilderCapLen01/StringBuilderCapLen01.class b/regression/strings/StringBuilderCapLen01/StringBuilderCapLen01.class
new file mode 100644
index 0000000000000000000000000000000000000000..caf6da81f4b50a3500f4fec45cf9f42fdcba13d6
GIT binary patch
literal 1092
zcmZuwTTc^F5dKbYyKEPFftHIPi&kwxxoEu>5d}?%RTD8r@aeQY)Wv06_d?=dF!2xY
z;v>GQNl7HpcmI$t#yDr8v>-2YX6N$F%r~>Y{(k=fpom2cDU2&HR7_|H;am?AI4`xF
zh6}i;;F1Ov<I<9sq9Dbj6jLfLE4ZRz8Z!!J8TxbFb%o=Z4clEdU0$(7je)H*#O6)g
z^cEPx`NB(v$Wo&w7!qaE7Ek@Hif~@YU~+76(`Lx#Uza!eHlMM$U7uO?9Mi6sWMc2C
z$E$Cj@MaKCT{EcjRqGI3TW$DGRXj2!)W|{F1K+f2!dc?Yvao08rX{S70c02kPnI~0
zWhgG28ygkN7l!E?mf!?nn6|-vud&5Fvub$4^^7Wag;5u_aLCrMCF-1xH2QU1#We**
z9oKP#VW?B*ew&|%j?-{-+{7&%x23p)l8$+lXrOj+hRmrmD7dR*0rwb^9pq<~O;PnI
zC4V||s@FIGV;IO6{*O5Z){cyccRsh=6Q~EJN(H%BOW1YqO|aJ$YQ4&vylQ&y8Ty3n
z`i>yp4-Jw0iriq2D?Hjnkd)}Ozhu$r(Bf;tH62kq;)(X{`Q)IxS;qvOW{R$sC5I%<
zq=iA_AVV@sUt{z#dZUwjU|(b)21&*OBbCMwhDn#9zbQ3D@8^Al*3#iUM9N<g-NE2g
z3$b*#1!V{EeW+`D==m9V2FRl&i=R$0$CJxl=Bec47W5z|LpkvjJ{<F^E%bIFs$I^m
z7W$62Ag2ih(@a7mJxWqRj{eLN&Gj5{yn>D<`mjwTeMAzwMAZmI_9FHNIR$63*|E`K
qN*F!js~8Xiq|%8Nk~>f$yNHCpA=;_d=1w9-5z-eW!(%}+Xa50<G4MG6

literal 0
HcmV?d00001

diff --git a/regression/strings/StringBuilderCapLen01/StringBuilderCapLen01.java b/regression/strings/StringBuilderCapLen01/StringBuilderCapLen01.java
new file mode 100644
index 00000000000..fb9d6e0b0f5
--- /dev/null
+++ b/regression/strings/StringBuilderCapLen01/StringBuilderCapLen01.java
@@ -0,0 +1,18 @@
+public class StringBuilderCapLen01
+{
+   public static void main(String[] args)
+   {
+      StringBuilder buffer = new StringBuilder("Diffblue is leader in automatic test case generation");
+
+      assert buffer.toString().equals("Diffblue is leader in automatic test case generation");
+      assert buffer.length()==52;
+      assert buffer.capacity()==68;
+
+      buffer.ensureCapacity(75);
+      assert buffer.capacity()==138;
+
+      buffer.setLength(8);
+      assert buffer.length()==8;
+      assert buffer.toString().equals("Diffblue");
+   }
+}
diff --git a/regression/strings/StringBuilderCapLen01/test.desc b/regression/strings/StringBuilderCapLen01/test.desc
new file mode 100644
index 00000000000..05516f08da2
--- /dev/null
+++ b/regression/strings/StringBuilderCapLen01/test.desc
@@ -0,0 +1,8 @@
+FUTURE
+StringBuilderCapLen01.class
+--string-refine
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION SUCCESSFUL$
+--
+^warning: ignoring
diff --git a/regression/strings/StringBuilderCapLen02/StringBuilderCapLen02.class b/regression/strings/StringBuilderCapLen02/StringBuilderCapLen02.class
new file mode 100644
index 0000000000000000000000000000000000000000..ec6949a763f3785a680b38d36478551c0a0e5cb8
GIT binary patch
literal 871
zcmb7?OK%e~5Xb+{Yd4!s^XMa?P}r6fk`|g$g;Og8q;Lvw2tsOmayD+{ve_;B;KSq#
za0aAAq7vNsOb9VfnnaXdxOm3)e||F_&(GiAz5{4r&p;M8HQds%W*~;!X=HFmd6tfK
z0~@%jp<*DdM4JZg;l73{!(xR8f$&4=xxt|fc*hZ426oJlI*_gmpD@I$wRa4Orq>k=
zxt4Ur>!{xm{#zxci$0ew!%Fp}b;dvPy2IUGy&d|}?d_|;Y&+!k`&ayYtfvYY^aI<u
zgd1%y@@?@_D%9#E?0F=euJD`uyd~V-y&Z)$kw<}{bT!4LmZ5PdPft5eBrF+Nj^G5a
zq-*gg^!hxMwiSvXv}_&-t0!FH)0yWgYR$v~awfL0&G2|e`5%mi2PPh3hoL;L@7c7k
zFMQwg8J4eooQArIT|8pQ&qLpI&V(IONcH-b>Y+D*F)USU|7!k%O_eF}A>vMOg*r*K
zU!xDt%?oHcG!^uxT@grMbZ1YYuM8u)ppiJnI!#!XhL7dTs)OXkL77pYwMe@)vW#qU
zYXtUL39(3PYJA9O5|^+{zLK^nG)8vw0<oiFe1t^n3z7qrwueX+wITEYG8af6jbQvx
zsMr{_Kw-p(LC^{`tk6ye`-O^z5_#oWEsb$fpis;VVGf`rJ|PkRisT$NtxG|Yh?!4S
K^*6@3R{sF6^~O>F

literal 0
HcmV?d00001

diff --git a/regression/strings/StringBuilderCapLen02/StringBuilderCapLen02.java b/regression/strings/StringBuilderCapLen02/StringBuilderCapLen02.java
new file mode 100644
index 00000000000..5397130cde4
--- /dev/null
+++ b/regression/strings/StringBuilderCapLen02/StringBuilderCapLen02.java
@@ -0,0 +1,8 @@
+public class StringBuilderCapLen02
+{
+   public static void main(String[] args)
+   {
+      StringBuilder buffer = new StringBuilder("Diffblue is leader in automatic test case generation");
+      assert buffer.toString().equals("Diffblue  is leader in automatic test case generation");
+   }
+}
diff --git a/regression/strings/StringBuilderCapLen02/test.desc b/regression/strings/StringBuilderCapLen02/test.desc
new file mode 100644
index 00000000000..cf2a98acf6d
--- /dev/null
+++ b/regression/strings/StringBuilderCapLen02/test.desc
@@ -0,0 +1,8 @@
+FUTURE
+StringBuilderCapLen02.class
+--string-refine
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION FAILED$
+--
+^warning: ignoring
diff --git a/regression/strings/StringBuilderCapLen03/StringBuilderCapLen03.class b/regression/strings/StringBuilderCapLen03/StringBuilderCapLen03.class
new file mode 100644
index 0000000000000000000000000000000000000000..a14ea26291a431c2b0a62f01437efa88299aaa90
GIT binary patch
literal 725
zcmZuvT~8B16g{_J+b#=~@>NlEi>L(?F`;h~qZUm}>PJ#z0zOT5hdQ{OCA+i!7+!qz
zSxsmniN5=rjPcG2G%>u)y)*Zob5G8lUw^*;0MNmviz!@juu{cU7X@6ap@vnPU3YN9
zg=34pix$=#+$7Aei!_yqQL#>URVoIN3<<PPsO%`M%tJ!4z44Y%>c*iY%=VO)FSF4=
zCU0yr7e+#9!czNP?@)XcTanPit-eW=9zL+Z>An%chZo`~?`LI%>P`@yk-PmkO9J^!
zS*n$PuqT;{LYZ{MQBUgo+xIN3hZ)Qgmj54d)=TK@s)K_;lu2Kuek27G_)7aCGx10m
z75GM`#t%d){h`z{;kQ^@)^!garaj!kZ9;Rx|M=XOr%4hggvCq6Ik@AYjSWJ50(~_&
zl!0ML`*KSvk<>%;KDYKcdpbdOBVGra8Ol^8GQ7~h9-52`yo-I_U5%FvP`zoTb5;ad
zfB3BPZIvT&EN_lMUu+}h_^jlQ#NY<zIk&B^8Cu}Dc8bDYqc}#X_Z8)1EZjXorM~?M
zQ>SqD#;E?ZJcXQRhA~VIml<39p%(a71^q_L!6Ii%7eYGuL}0E_JAr!)r}P=6;y08h
TWapwRNf`z2k(Iuj&uab!BFvcu

literal 0
HcmV?d00001

diff --git a/regression/strings/StringBuilderCapLen03/StringBuilderCapLen03.java b/regression/strings/StringBuilderCapLen03/StringBuilderCapLen03.java
new file mode 100644
index 00000000000..86ac16fcdf6
--- /dev/null
+++ b/regression/strings/StringBuilderCapLen03/StringBuilderCapLen03.java
@@ -0,0 +1,8 @@
+public class StringBuilderCapLen03
+{
+   public static void main(String[] args)
+   {
+      StringBuilder buffer = new StringBuilder("Diffblue is leader in automatic test case generation");
+      assert buffer.length()==51;
+   }
+}
diff --git a/regression/strings/StringBuilderCapLen03/test.desc b/regression/strings/StringBuilderCapLen03/test.desc
new file mode 100644
index 00000000000..7095d79fe5f
--- /dev/null
+++ b/regression/strings/StringBuilderCapLen03/test.desc
@@ -0,0 +1,8 @@
+FUTURE
+StringBuilderCapLen03.class
+--string-refine
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION FAILED$
+--
+^warning: ignoring
diff --git a/regression/strings/StringBuilderCapLen04/StringBuilderCapLen04.class b/regression/strings/StringBuilderCapLen04/StringBuilderCapLen04.class
new file mode 100644
index 0000000000000000000000000000000000000000..7350cb80672ee89e07c8972ee8afefd266904144
GIT binary patch
literal 727
zcmZuvU279T6g`u#-E6mQntsJ<b<+<`D_9@$W)U^5AVe)hgx06Y?ler@%!b)n!N1ZM
zAAMG#0So%>ZxZp&+BP74nR{pMJ?9?IonL>x{{Ya&wudR)aIoUyriTJ<RZ+#N&2Brm
z<H51Tz(W&j4%QjwH+Y%~ZDgX-J(==;EFuPW#8BClN}9(E#n#qahEgYq1jB4sD)A~C
z_Jw|9o2fA5QZX#G-gQs-2fh<?HQ4DHE!E(W1y1)258uD!qr9J#F}S;7d_nH@l1zu<
zxwKR(|6tED8An2Q_^2z?!}bG9>thD949owIxaehQ@5$riew>Lwra>$?5d=~NJTu9V
z8yN;hq$UV?DuRJfLepEKEbE33AJaZIahIVn;eUGR%f8l$W>~ydoP&ElTG(Q!O`xy)
zCn7WiX<cuL8}bnkrTLhf`+{7ZU^_7_gzSt&Dz%8NRFI1%qXKQ?h_+XyH3O{Hu;M8z
zf?0>?tkG?iBBNN|9)o?cjhLgel0Py6*D+7IZ9O1pf#TXZ3WxRL7^Uu4luxm6{|uGd
z{wGYG!#Nzo{b_j$InNAXh#Vd<Ht9<((9H$=ji!S|%9gH#wDXC;T)lb*?-WkyGfKs8
VC{M^PMOl(E3jPx-eL0`i_zMJ)ndbli

literal 0
HcmV?d00001

diff --git a/regression/strings/StringBuilderCapLen04/StringBuilderCapLen04.java b/regression/strings/StringBuilderCapLen04/StringBuilderCapLen04.java
new file mode 100644
index 00000000000..0ee0492b7bb
--- /dev/null
+++ b/regression/strings/StringBuilderCapLen04/StringBuilderCapLen04.java
@@ -0,0 +1,8 @@
+public class StringBuilderCapLen04
+{
+   public static void main(String[] args)
+   {
+      StringBuilder buffer = new StringBuilder("Diffblue is leader in automatic test case generation");
+      assert buffer.capacity()==69;
+   }
+}
diff --git a/regression/strings/StringBuilderCapLen04/test.desc b/regression/strings/StringBuilderCapLen04/test.desc
new file mode 100644
index 00000000000..ce51066e789
--- /dev/null
+++ b/regression/strings/StringBuilderCapLen04/test.desc
@@ -0,0 +1,8 @@
+FUTURE
+StringBuilderCapLen04.class
+--string-refine
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION FAILED$
+--
+^warning: ignoring

From c869809d16df2e4b6fa48ece8586ae8eab84f843 Mon Sep 17 00:00:00 2001
From: Lucas Cordeiro <lucasccordeiro@gmail.com>
Date: Wed, 22 Feb 2017 14:17:56 +0000
Subject: [PATCH 006/699] =?UTF-8?q?=C2=A0added=20stringBuilder=20methods?=
 =?UTF-8?q?=20charAt,=20setCharAt,=20getChars=20and=20reverse?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Lucas Cordeiro <lucasccordeiro@gmail.com>
---
 .../StringBuilderChars01.class                | Bin 0 -> 1413 bytes
 .../StringBuilderChars01.java                 |  28 ++++++++++++++++++
 .../strings/StringBuilderChars01/test.desc    |   8 +++++
 .../StringBuilderChars02.class                | Bin 0 -> 797 bytes
 .../StringBuilderChars02.java                 |   8 +++++
 .../strings/StringBuilderChars02/test.desc    |   8 +++++
 .../StringBuilderChars03.class                | Bin 0 -> 692 bytes
 .../StringBuilderChars03.java                 |   8 +++++
 .../strings/StringBuilderChars03/test.desc    |   8 +++++
 .../StringBuilderChars04.class                | Bin 0 -> 1018 bytes
 .../StringBuilderChars04.java                 |  18 +++++++++++
 .../strings/StringBuilderChars04/test.desc    |   8 +++++
 .../StringBuilderChars05.class                | Bin 0 -> 850 bytes
 .../StringBuilderChars05.java                 |  10 +++++++
 .../strings/StringBuilderChars05/test.desc    |   8 +++++
 .../StringBuilderChars06.class                | Bin 0 -> 856 bytes
 .../StringBuilderChars06.java                 |   9 ++++++
 .../strings/StringBuilderChars06/test.desc    |   8 +++++
 18 files changed, 129 insertions(+)
 create mode 100644 regression/strings/StringBuilderChars01/StringBuilderChars01.class
 create mode 100644 regression/strings/StringBuilderChars01/StringBuilderChars01.java
 create mode 100644 regression/strings/StringBuilderChars01/test.desc
 create mode 100644 regression/strings/StringBuilderChars02/StringBuilderChars02.class
 create mode 100644 regression/strings/StringBuilderChars02/StringBuilderChars02.java
 create mode 100644 regression/strings/StringBuilderChars02/test.desc
 create mode 100644 regression/strings/StringBuilderChars03/StringBuilderChars03.class
 create mode 100644 regression/strings/StringBuilderChars03/StringBuilderChars03.java
 create mode 100644 regression/strings/StringBuilderChars03/test.desc
 create mode 100644 regression/strings/StringBuilderChars04/StringBuilderChars04.class
 create mode 100644 regression/strings/StringBuilderChars04/StringBuilderChars04.java
 create mode 100644 regression/strings/StringBuilderChars04/test.desc
 create mode 100644 regression/strings/StringBuilderChars05/StringBuilderChars05.class
 create mode 100644 regression/strings/StringBuilderChars05/StringBuilderChars05.java
 create mode 100644 regression/strings/StringBuilderChars05/test.desc
 create mode 100644 regression/strings/StringBuilderChars06/StringBuilderChars06.class
 create mode 100644 regression/strings/StringBuilderChars06/StringBuilderChars06.java
 create mode 100644 regression/strings/StringBuilderChars06/test.desc

diff --git a/regression/strings/StringBuilderChars01/StringBuilderChars01.class b/regression/strings/StringBuilderChars01/StringBuilderChars01.class
new file mode 100644
index 0000000000000000000000000000000000000000..f2645ec7774fe7282656930ac6aaece797a417a8
GIT binary patch
literal 1413
zcmZuw-%}G;6#j1Z#|_IOA-F=YDk`=cgP?-Z3Mvpp(gw9AYL%xYx!}@Gg1Z}MeD|?4
zed-I-nRYsz@mZXK8FBETZ=L=N^)GS6b2nhX^00T$J@>okJLfy+{`2w87JyOwXu!f5
zj<4hR#y|{q8@iE})>#7?404<^5XTwm8IsGeT+X-Q0xlXD!KmC`iX$ukm*cp?@vVWY
z7~>dc=pJx_K=`3suLaX?;4FBe!oVIg=;Ln94X-mOcKQK>nyXg?LubLQiQA3pg78Zc
zOb1oRtuY+2=L^fuGiTUyYD>e#(06M~WAb80F?7m5%{eO(p6cMZ#zAr8<7ID$!YI}o
zep$@8GGMBCd8*-h72)TeIDT;c!jOz@q8BNKo-cWJpbUv=cX4sbYl!}WTXjQGkvDFb
zID#G%6PV<fGLgeHLvJg_<gNfWeZTITxQQ7Pw=ioWkMB6XH&MVG$88gLaM#2SxJN{@
z5m9LmQ4uBbS42q6g?>@;rWP07S%$+0mBVr0!~;B}8?8j{EG&z1NIf|~Nru>bj={1I
z7C9c)n>55{r~i-H$Fqyn#nXo41z$vMW-*qQBTy#sCn+P<&Zmi8_e5<ed=iaBo*K9$
z!l*rD+WGu^E-(ANr=a5VAQV-C*BcbXYNqAZhwsvGgp`GFs$*1cq`-bRgSH|;k~$}&
zwgpWtnT=-WBOmw0GvNm`GDi=nd1okyptB`$&ZBXsVXcV3^+n}#>uE;A1|86>KgLOV
zU>3bSmgtp}LzV)X7^G<Jqunw3Gx}?1H^5#=Adb?iM@~u=UqujtG9MbfP2l||Vvmx_
z2GqhDv{m$E)}berb?{ZRZzBF^18wi3limz@jSQ#dkJb^v+uv$)8ATd{gfNxsgICp*
zx|P+GtZwO+_9sSCs-=%+`5HPbx_>B&XIVURjDr2%3id)_FLd^D``?U`m|aI_CZQ)v
z^xu<NVt;1D+VybHadQ8$)F2jVFoQ0#H5lL+pvrHMHG_6~G#x175IiIh66R+l@eA#L
zC82*Kk^dr@w@Bc>N#Oq|(s7EC1^<8njuU;`wC5cCWOJNk@+18};2hf~4z+ax*vH9p
p>T|0`qn-d=$?kO=UIkZQLRDTvYo)x~Hc6==W=_cFo{lOS_yi#cGPD2y

literal 0
HcmV?d00001

diff --git a/regression/strings/StringBuilderChars01/StringBuilderChars01.java b/regression/strings/StringBuilderChars01/StringBuilderChars01.java
new file mode 100644
index 00000000000..10265254980
--- /dev/null
+++ b/regression/strings/StringBuilderChars01/StringBuilderChars01.java
@@ -0,0 +1,28 @@
+public class StringBuilderChars01
+{
+   public static void main(String[] args)
+   {
+      StringBuilder buffer = new StringBuilder("DiffBlue Limited");
+	  
+      assert buffer.toString().equals("DiffBlue Limited");
+      assert buffer.charAt(0)!=buffer.charAt(4);
+
+      char[] charArray = new char[buffer.length()];
+      buffer.getChars(0, buffer.length(), charArray, 0);
+
+      int i=0;
+      for (char character : charArray)
+      {
+         System.out.print(character);
+         assert character==buffer.charAt(i);
+         ++i;
+      }
+
+      buffer.setCharAt(0, 'H');
+      buffer.setCharAt(6, 'T');
+      assert buffer.toString().equals("HiffBlTe Limited");
+
+      buffer.reverse();
+      assert buffer.toString().equals("detimiL eTlBffiH");
+   }
+}
diff --git a/regression/strings/StringBuilderChars01/test.desc b/regression/strings/StringBuilderChars01/test.desc
new file mode 100644
index 00000000000..41dfe54abeb
--- /dev/null
+++ b/regression/strings/StringBuilderChars01/test.desc
@@ -0,0 +1,8 @@
+FUTURE
+StringBuilderChars01.class
+--string-refine --unwind 100
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION SUCCESSFUL$
+--
+^warning: ignoring
diff --git a/regression/strings/StringBuilderChars02/StringBuilderChars02.class b/regression/strings/StringBuilderChars02/StringBuilderChars02.class
new file mode 100644
index 0000000000000000000000000000000000000000..bcfdcce9aa6e031c442128bd7dc67b6a8ef3e37b
GIT binary patch
literal 797
zcmZvaOH&g;5Xb+sdF*DhArBr2Dhe2M14@wM24yKhPf-uCtO8Dx?0|!tUEPNtCSSm_
zT9s5umEQeKmSxX|kOH|(_w4-p*S+2S`|ppR0Cuo#qJY~v?ig4yq2X>0dE8UpvVj#7
ztGKVDZX%~dYbGAxp$?m2w$8&)1d;T;@IZ#V>k5Z~9WiA0q$i`N3@N+ujv?Lh9l=m+
zOHaIx`&|*dRbqPRbLlZG*vIWN{+Tyj?wvL}Q6Rn3T@_g9M7;Om75|v%sX_*0ujgLC
z&5j=jJ@Ha1)Z#d7KbEc|g4TN;gj?I2ifW;RGDG!xh6^b}=|G;G?7Oj8Zp*%mgrg!F
z7G_Yiu#OFe@>K;%bUd=~7@G{WDfjuL9WR2w4;bcds!2!F!WN!T-f85U?wROC4D<HQ
zjW8mA%p$1W_+N7cHc@89r<l9pHR?FkZiB{DoEFe>X_hnzM}#sE&gGxb0HT;4Xpl!(
zp}i>3%CJ&RHHW+uC^O1*R_L}wmXXb@kHEevA!g~!CLbB?&m88-SJDoJYGl{Wp&eFI
zBc$8kkQt!5F+{ea4`B?DKS%Cx1oM|dX$fkE!iW!(pmpe2pql~q2X!4)@@kj0>?BEn
hawR{6HGrP}f^_OTGE>;3E(OUzv!1Ey7n5AK{sFA-s>%QW

literal 0
HcmV?d00001

diff --git a/regression/strings/StringBuilderChars02/StringBuilderChars02.java b/regression/strings/StringBuilderChars02/StringBuilderChars02.java
new file mode 100644
index 00000000000..c5a2bb276f3
--- /dev/null
+++ b/regression/strings/StringBuilderChars02/StringBuilderChars02.java
@@ -0,0 +1,8 @@
+public class StringBuilderChars02
+{
+   public static void main(String[] args)
+   {
+      StringBuilder buffer = new StringBuilder("DiffBlue Limited");
+      assert buffer.toString().equals("DiffBlue Limitted");
+   }
+}
diff --git a/regression/strings/StringBuilderChars02/test.desc b/regression/strings/StringBuilderChars02/test.desc
new file mode 100644
index 00000000000..3a6bde6ef78
--- /dev/null
+++ b/regression/strings/StringBuilderChars02/test.desc
@@ -0,0 +1,8 @@
+FUTURE
+StringBuilderChars02.class
+--string-refine --unwind 100
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION FAILED$
+--
+^warning: ignoring
diff --git a/regression/strings/StringBuilderChars03/StringBuilderChars03.class b/regression/strings/StringBuilderChars03/StringBuilderChars03.class
new file mode 100644
index 0000000000000000000000000000000000000000..d124e87d09212ea4e7e130ef347a2a79978fc31b
GIT binary patch
literal 692
zcmZuv-%ry}6#h=z?QW&O7{7*!A~5VA5fgcn7-48)GUZ{!1bph+3tsFxbKCmI@ZzJ-
zYQhpp^xeP77|*T162r?q=k|QxcfNCOfBpIX1Hcy6U5sHt;8q2<U0AqNMHP!CyDM<d
zg)qe>7x%F&utJz#4boKVObwEBPo+UGmJxxD2<2^+sO%}h_FHcVPJ0kZ!emD!@^#+t
zNqu0zT<8ZXA<X%2JEy_NU^5Pqlg)0XRdVvg5XZY&5WasEd?@hjj8NGQ<4bY3JIHk?
zUnnEB@Q=2et2mOn{VveyqsI@8s)q?o66XK!a0w;U_SEt5Zk)@dj_RvSMuxHK!Na(R
zCe{dz5qIZm<mXxsG-2kZz5)+C_-L{Ah`HZ8m0?Dh^=}@w9J1*h1~~r9R-4x~qPAn+
zH18>rsnRmK_Q31OaxU<ikN8=t{C)t{8pb+jHptA*XN_-*9EoFTeF*wufSBU5Tzn)Z
z*D=kxfgUi`;<$DJ>#%MQ;dH*DbcV);eU9>m;Nug<E+7tvsQffqR-rY)JZ=D&Rh#_3
x%<!!O`i-W*EN64qX10p1z*N0@4)+Yg`3%SYhSEsv%9s%;!SbFN`}0Mw#$T$(i>m+t

literal 0
HcmV?d00001

diff --git a/regression/strings/StringBuilderChars03/StringBuilderChars03.java b/regression/strings/StringBuilderChars03/StringBuilderChars03.java
new file mode 100644
index 00000000000..f226901e113
--- /dev/null
+++ b/regression/strings/StringBuilderChars03/StringBuilderChars03.java
@@ -0,0 +1,8 @@
+public class StringBuilderChars03
+{
+   public static void main(String[] args)
+   {
+      StringBuilder buffer = new StringBuilder("DiffBlue Limited");
+      assert buffer.charAt(0)==buffer.charAt(4);
+   }
+}
diff --git a/regression/strings/StringBuilderChars03/test.desc b/regression/strings/StringBuilderChars03/test.desc
new file mode 100644
index 00000000000..12f20189434
--- /dev/null
+++ b/regression/strings/StringBuilderChars03/test.desc
@@ -0,0 +1,8 @@
+FUTURE
+StringBuilderChars03.class
+--string-refine --unwind 100
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION FAILED$
+--
+^warning: ignoring
diff --git a/regression/strings/StringBuilderChars04/StringBuilderChars04.class b/regression/strings/StringBuilderChars04/StringBuilderChars04.class
new file mode 100644
index 0000000000000000000000000000000000000000..41be0e006830ee6c5258b9a9dd7c23d0ab8554da
GIT binary patch
literal 1018
zcmZuwTTc@~6#k}rnRZzyw*{&eK~Y-@6r~mg<W@9kQq-hI1H8DjLs{&FY_}%9^DB5V
zzVIw2B@u(~#s`0p5zj1O)$p)q&dhx0obP;d_S>(|Cje4dHW0>jj-eoi4FqsQnw!#$
zgm4SD4ctL2gm%Q`*(gWCK${F0Gcb+`jwD0Rh+VG>*K=ys`ifJxH_M{Pz}6Y`Ij8D)
z^9)KX{*pn>)QW;3oO7z;X``|!+!qo|7Zuy7GW5kZay#~0J6X1?rDWc7ooZ=T2Daxt
zyYOb!-u3YulSG)~E<<pxP(CkV<ZBJLAf7lfVdN}$x#5(H!p&^kZhbN}A#<DPMh`>(
z|8>rx44o^^*4A>lA%=2J#qmT@M%*(og_Mc=NOMe^cz}l-GbUy+XQC5bCLV#>9B5@-
zx{&0t>(*R`-pd$qESOlt5>;(QKHJ<81&?ICL=1+&Mux$PU9OW}7S)os?dzQ-bxOkX
zdnY%R&2D6}Qp~?f<=@pkQ6YG(K?SX|q)sjQoRs&7u&^t$M8xOz?=ge6D?#*jv5d^B
z7f9qKf1iyL#c->kOqu3`UbiUfjw_0Pl%YrU8gxO!v5sMyu`rD!>l~1RlBa;lw<6n1
zyC|)UR&DeM?4tz2BCGp{3?cNPpL_}Z0S!S~?PCPix|JiSxkMA%7i~46NM}rGLRaR;
zX4Hs!lGc>8Zt0fx0aFpx(o<=E2yXEvf`<t0!?JiH+Jx~QZO3R^JA(OjPhopHJ2?F=
zX#{*4qcF(V$a3Ny#5M8;=|`ESt`^XNSJc}&?O)UF03pYroFWd+5#hMPah1uB`umA-
xc1j7<)(ydB!V4i%e#bypcY6~Z`{3#UROJ&wEjAaT$VwUl=Ax7?N}B)%e*<Pa&87eV

literal 0
HcmV?d00001

diff --git a/regression/strings/StringBuilderChars04/StringBuilderChars04.java b/regression/strings/StringBuilderChars04/StringBuilderChars04.java
new file mode 100644
index 00000000000..039c0079c42
--- /dev/null
+++ b/regression/strings/StringBuilderChars04/StringBuilderChars04.java
@@ -0,0 +1,18 @@
+public class StringBuilderChars04
+{
+   public static void main(String[] args)
+   {
+      StringBuilder buffer = new StringBuilder("DiffBlue Limited");
+
+      char[] charArray = new char[buffer.length()];
+      buffer.getChars(0, buffer.length(), charArray, 0);
+
+      int i=0;
+      for (char character : charArray)
+      {
+         System.out.print(character);
+         assert character!=buffer.charAt(i);
+         ++i;
+      }
+   }
+}
diff --git a/regression/strings/StringBuilderChars04/test.desc b/regression/strings/StringBuilderChars04/test.desc
new file mode 100644
index 00000000000..a2658cf2fe4
--- /dev/null
+++ b/regression/strings/StringBuilderChars04/test.desc
@@ -0,0 +1,8 @@
+FUTURE
+StringBuilderChars04.class
+--string-refine --unwind 100
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION FAILED$
+--
+^warning: ignoring
diff --git a/regression/strings/StringBuilderChars05/StringBuilderChars05.class b/regression/strings/StringBuilderChars05/StringBuilderChars05.class
new file mode 100644
index 0000000000000000000000000000000000000000..25d758c6d625982371e3f95ad8edf8b3d96e388f
GIT binary patch
literal 850
zcmZuvU2hUW6g>m%2itA=Xv>FMZMEuBv{a$Kv@y1{rY5Kl5R=xYg`L*H1$00BG5i6a
z)dUio=)1qk81F!VSo<>f&dj;zoVj;?{rUa_Km|_>EZ~NQ6&*JXL~u(kt8tiEli6(@
zcMPoKu7-OC42isNz(PU82E*dI?fcvdM6c@~2;XkH++koR4C=1vir^_j)GEATh*f(I
zXGqjUm%j=-P3|=$m@YcD=rUxix3#wY$u7Be_pDS8JkdSdk%ja1z;3;NX@3~u$tHuo
z+j1|+je0NiTKu_?RQYk)ekfdrd)0Tg=WlIqN>&poq#3f86)vC*$pdkEy6=X3wI(_u
z;Et>)ns|VRCK5=R*hGmTbu@yxjVVsUmWfAr%#fRr?@fAg=y^SlVd*Mk8p<ZMf1AW-
zm9Lv^-U=9&t*g5c_jw>6wnrGndQp`f(u3ZZpM<Q!|8@TeOpq%77}~CXNog#<Q=s`J
zW~Qnx4Vgyda9?=bnZAxD6NGd@6F$KjeV7IMP%N2~4WldyY8cYAF4As=BBQ8m48gug
zAeLxVM~4h?EF(j?gtn<PLa}m=$Z<M4M66bfCXWVCib*xup!gMPAKBsnT3R0<-pAZI
zjN>8ZeoE%Zh&cm=a)rLEN;Wj)p`%PXSvu9hexs}*M_GPqu`==kq|)X9^L=Qs&xl38
VL7kCK>`D>^5%ZaR)U}c3^}k&QvyK1&

literal 0
HcmV?d00001

diff --git a/regression/strings/StringBuilderChars05/StringBuilderChars05.java b/regression/strings/StringBuilderChars05/StringBuilderChars05.java
new file mode 100644
index 00000000000..120871f8a9d
--- /dev/null
+++ b/regression/strings/StringBuilderChars05/StringBuilderChars05.java
@@ -0,0 +1,10 @@
+public class StringBuilderChars05
+{
+   public static void main(String[] args)
+   {
+      StringBuilder buffer = new StringBuilder("DiffBlue Limited");
+      buffer.setCharAt(0, 'H');
+      buffer.setCharAt(6, 'T');
+      assert buffer.toString().equals("HiffBllTe Limited");
+   }
+}
diff --git a/regression/strings/StringBuilderChars05/test.desc b/regression/strings/StringBuilderChars05/test.desc
new file mode 100644
index 00000000000..2bcbdbab934
--- /dev/null
+++ b/regression/strings/StringBuilderChars05/test.desc
@@ -0,0 +1,8 @@
+FUTURE
+StringBuilderChars05.class
+--string-refine --unwind 100
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION FAILED$
+--
+^warning: ignoring
diff --git a/regression/strings/StringBuilderChars06/StringBuilderChars06.class b/regression/strings/StringBuilderChars06/StringBuilderChars06.class
new file mode 100644
index 0000000000000000000000000000000000000000..e3597f40f878e29533d15df6a564a8735982154e
GIT binary patch
literal 856
zcmZuvU2hUW6g|Vo?y}t$*nU8*RjO5iYN=ZLLSqzK;{)mgji%L?g&peD1$1_|KZZZx
zvzkC+6MgqL8RH$G#Z+Eq?(Up>&bc4I{(S!dU>iFo=5STVs)1`JBDk)OTmlx>RCL3@
zO%v<5rQ@~<Qz7q|$fKa6$S}X|_&%3`=yv=);X4hFyA14zLE9A_5j<vy<_oVGV%4t8
z8Im>8;V;8>gUbU2riZp8It)wsx3v@J)G2vR=eSf4r05)%RpM+taGD=pI3I_2vdLiV
zHoY;qS?`9j$)5>DwLD6zgu-*VtiE@ozqPZeSS_SsGh{9+jG+vvJ<)1aypZQ=qAddM
zs*DW_cX7``5-AItC^4j69?*L&#}B+pt0ly99a|Re;{ii<LjLr;C;L)%CBworV>%vM
z)c!{#KFNI5IN{BJVKG0w8@lADT>4b(O1|(PWL!>}S`>6gnj}62NQi$#&ygDc6gr-N
zNquCgT%egICq}Ct4W7p4a$iX9UQ|re3PO6IsUKmDmS~QajHR-wi4;XaO@vM7JbkUw
z&FGF72Vh?m5DRo_!=DTZEMkdb1${@U5xR?Kh#cC{0b;d{KH_h_LhB(zp>7*}Bzl-R
zgLyc>%umG^8S>ePQ5>h`)yRg90t{s6j{){u?Qxc(<qK2WLv<i+TYb#-pvOKV7X1co
ULU?Xak;D<Po~Sae4E0w20;o*6>Hq)$

literal 0
HcmV?d00001

diff --git a/regression/strings/StringBuilderChars06/StringBuilderChars06.java b/regression/strings/StringBuilderChars06/StringBuilderChars06.java
new file mode 100644
index 00000000000..f3b3b6bc8d8
--- /dev/null
+++ b/regression/strings/StringBuilderChars06/StringBuilderChars06.java
@@ -0,0 +1,9 @@
+public class StringBuilderChars06
+{
+   public static void main(String[] args)
+   {
+      StringBuilder buffer = new StringBuilder("DiffBlue Limited");
+      buffer.reverse();
+      assert buffer.toString().equals("detimiL eTlBffiiH");
+   }
+}
diff --git a/regression/strings/StringBuilderChars06/test.desc b/regression/strings/StringBuilderChars06/test.desc
new file mode 100644
index 00000000000..4a711edf496
--- /dev/null
+++ b/regression/strings/StringBuilderChars06/test.desc
@@ -0,0 +1,8 @@
+FUTURE
+StringBuilderChars06.class
+--string-refine --unwind 100
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION FAILED$
+--
+^warning: ignoring

From c7bcdf4635b25dc8b77415781fd8463200469c0a Mon Sep 17 00:00:00 2001
From: Lucas Cordeiro <lucasccordeiro@gmail.com>
Date: Wed, 22 Feb 2017 14:18:42 +0000
Subject: [PATCH 007/699] =?UTF-8?q?=C2=A0added=20test=20cases=20related=20?=
 =?UTF-8?q?to=20stringBuilder=20constructors?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Lucas Cordeiro <lucasccordeiro@gmail.com>
---
 .../StringBuilderConstructors01.class             | Bin 0 -> 797 bytes
 .../StringBuilderConstructors01.java              |  13 +++++++++++++
 .../strings/StringBuilderConstructors01/test.desc |   8 ++++++++
 .../StringBuilderConstructors02.class             | Bin 0 -> 711 bytes
 .../StringBuilderConstructors02.java              |   8 ++++++++
 .../strings/StringBuilderConstructors02/test.desc |   8 ++++++++
 6 files changed, 37 insertions(+)
 create mode 100644 regression/strings/StringBuilderConstructors01/StringBuilderConstructors01.class
 create mode 100644 regression/strings/StringBuilderConstructors01/StringBuilderConstructors01.java
 create mode 100644 regression/strings/StringBuilderConstructors01/test.desc
 create mode 100644 regression/strings/StringBuilderConstructors02/StringBuilderConstructors02.class
 create mode 100644 regression/strings/StringBuilderConstructors02/StringBuilderConstructors02.java
 create mode 100644 regression/strings/StringBuilderConstructors02/test.desc

diff --git a/regression/strings/StringBuilderConstructors01/StringBuilderConstructors01.class b/regression/strings/StringBuilderConstructors01/StringBuilderConstructors01.class
new file mode 100644
index 0000000000000000000000000000000000000000..c7052b38c1f2d4b0cf579a5014877469af80212a
GIT binary patch
literal 797
zcmaJ;-%ry}6#nkoty|a0Rt8K52#7j<yM#B1QKuv%10QBg0AITHGB1|a+_wHNlKA3_
z&uYRFN%Y-6ig<1ZG%>`ax##qp@0|O6-~Ds(^A~_ktedEyX<*t!4o!8;6fvvf-4e=}
zQ`x+M1rsF&yJun%_YFK?7+-Xvh|5@nLG(gIPT%Jq13O?SY>7a`PZ+e;(i;Z76MCFs
ztSbV(mz?yue67ILIB`V4Fxfin9y=eM4c`d{8@*VHVDMNCR(i4HzTb5|q<G@UP~39;
z%jIS-Or*=Vg<3T?8hf4y-{Z1Flwz5<aVVol?RB->LKQWJsedoJoKWqDwB8d(M}0rx
z>c3^-7RD?rVVR+k4L-Y){Zh(MGBp2lw}BN4t5{>GW(!{RkGUI@{??9?InlaVe!=I#
zAbywHxI_MB3pzeoPsVvX5|Vq@gvhTrp$7SWfO&ep3cWF_Hk1y^G!PBc=(Oo?h9aYw
zUmk*eQ$UQ<SxAeFp1Y0-$`$krjp`KNo+GzEgw|EDY7U|As?5$0QP}$q;}rJF8H%4!
zK1Ydw=I>E)^`_z)6+dT4#UPh5n1w-k9!26}Q$9^x+Ay(Af(~I}lDbuB7ib%p8h!OT
pp&QrIHd75i%`Tt8I)$Nsg|7X8kzH~nQ!UFQXFXMB+)g>%`3wBgq3Qqt

literal 0
HcmV?d00001

diff --git a/regression/strings/StringBuilderConstructors01/StringBuilderConstructors01.java b/regression/strings/StringBuilderConstructors01/StringBuilderConstructors01.java
new file mode 100644
index 00000000000..efb5524c2b8
--- /dev/null
+++ b/regression/strings/StringBuilderConstructors01/StringBuilderConstructors01.java
@@ -0,0 +1,13 @@
+public class StringBuilderConstructors01
+{
+   public static void main(String[] args)
+   {
+      StringBuilder buffer1 = new StringBuilder();
+      StringBuilder buffer2 = new StringBuilder(10);
+      StringBuilder buffer3 = new StringBuilder("diffblue");
+
+      assert buffer1.length()==0;
+      assert buffer2.length()==0;
+      assert buffer3.length()>0;
+   }
+}
diff --git a/regression/strings/StringBuilderConstructors01/test.desc b/regression/strings/StringBuilderConstructors01/test.desc
new file mode 100644
index 00000000000..2c60f9bbbda
--- /dev/null
+++ b/regression/strings/StringBuilderConstructors01/test.desc
@@ -0,0 +1,8 @@
+KNOWNBUG
+StringBuilderConstructors01.class
+--string-refine
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION SUCCESSFUL$
+--
+^warning: ignoring
diff --git a/regression/strings/StringBuilderConstructors02/StringBuilderConstructors02.class b/regression/strings/StringBuilderConstructors02/StringBuilderConstructors02.class
new file mode 100644
index 0000000000000000000000000000000000000000..2bfe2e70d3b3e6c08aaebe6686cc1326c7249f56
GIT binary patch
literal 711
zcmaJ<TTc@~6#mX`+ijPHmU62gO1ar$BF69rF-p~^dP!<bfT!v1Kn9mxnBDcq^bh!~
zCNz;m-~CO-cxJgYA;y<EXXbq0cW(3R&-Whywy@!140jyNm$Bf&!rclgSTv9K9Nc%|
znBbC&CYBwn5T;f|l1QDZI7(iqMD#-$5NMxJ+EI~8pAzg=`valSi33Tfc2y+bWG8*8
z-y1LoPK1gGv#o>fvG^o5LlGTq_EN2)qisVR@1?^3_*$Iic&?04-togLakm#|+Ly1C
zky^T>?Pe+rr0#G@sm}Z~*2&{1kBqp72~-Jlw-a44SUFIKhy5^<2D$3N!?=evtP>g|
z&hzVzUuqp|!oq*jI(Xorg*Kr!5_sD`mVQc@Y5lw9l03^qnA`$fvbNhi+v-TG6Y>Ih
ze1S}qmcdPJJhe3A08f9Pw^iW{0#s|5me{jFW)^(b__oNF*cLa2pf3i9Nj^*YBQd#-
zDfSKY9aAl~%NMZr>h=(Y?pG8Cn0{Ed&rup+>;lf-5apjn$I5jkn8V_5S+U7qXqs<j
u&~G#y%&<3mQ^;1H5tyu3&fyN=6h5P1e?xI3c3qSaDZ=uenbPO-T#dh(sFeZ$

literal 0
HcmV?d00001

diff --git a/regression/strings/StringBuilderConstructors02/StringBuilderConstructors02.java b/regression/strings/StringBuilderConstructors02/StringBuilderConstructors02.java
new file mode 100644
index 00000000000..34df0144e82
--- /dev/null
+++ b/regression/strings/StringBuilderConstructors02/StringBuilderConstructors02.java
@@ -0,0 +1,8 @@
+public class StringBuilderConstructors02
+{
+   public static void main(String[] args)
+   {
+      StringBuilder buffer3 = new StringBuilder("diffblue");
+      assert buffer3.equals("diffblue");
+   }
+}
diff --git a/regression/strings/StringBuilderConstructors02/test.desc b/regression/strings/StringBuilderConstructors02/test.desc
new file mode 100644
index 00000000000..8cbad8cfe16
--- /dev/null
+++ b/regression/strings/StringBuilderConstructors02/test.desc
@@ -0,0 +1,8 @@
+KNOWNBUG
+StringBuilderConstructors02.class
+--string-refine
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION FAILED$
+--
+^warning: ignoring

From 2026b146cf168ca6d05a00460a84ad94ee81a611 Mon Sep 17 00:00:00 2001
From: Lucas Cordeiro <lucasccordeiro@gmail.com>
Date: Wed, 22 Feb 2017 14:19:25 +0000
Subject: [PATCH 008/699] =?UTF-8?q?=C2=A0added=20stringBuilder=20methods?=
 =?UTF-8?q?=20insert,=20delete=20and=20deleteCharAt?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Lucas Cordeiro <lucasccordeiro@gmail.com>
---
 .../StringBuilderInsertDelete01.class         | Bin 0 -> 1924 bytes
 .../StringBuilderInsertDelete01.java          |  46 ++++++++++++++++++
 .../StringBuilderInsertDelete01/test.desc     |   8 +++
 .../StringBuilderInsertDelete02.class         | Bin 0 -> 1725 bytes
 .../StringBuilderInsertDelete02.java          |  40 +++++++++++++++
 .../StringBuilderInsertDelete02/test.desc     |   8 +++
 .../StringBuilderInsertDelete03.class         | Bin 0 -> 1819 bytes
 .../StringBuilderInsertDelete03.java          |  43 ++++++++++++++++
 .../StringBuilderInsertDelete03/test.desc     |   8 +++
 9 files changed, 153 insertions(+)
 create mode 100644 regression/strings/StringBuilderInsertDelete01/StringBuilderInsertDelete01.class
 create mode 100644 regression/strings/StringBuilderInsertDelete01/StringBuilderInsertDelete01.java
 create mode 100644 regression/strings/StringBuilderInsertDelete01/test.desc
 create mode 100644 regression/strings/StringBuilderInsertDelete02/StringBuilderInsertDelete02.class
 create mode 100644 regression/strings/StringBuilderInsertDelete02/StringBuilderInsertDelete02.java
 create mode 100644 regression/strings/StringBuilderInsertDelete02/test.desc
 create mode 100644 regression/strings/StringBuilderInsertDelete03/StringBuilderInsertDelete03.class
 create mode 100644 regression/strings/StringBuilderInsertDelete03/StringBuilderInsertDelete03.java
 create mode 100644 regression/strings/StringBuilderInsertDelete03/test.desc

diff --git a/regression/strings/StringBuilderInsertDelete01/StringBuilderInsertDelete01.class b/regression/strings/StringBuilderInsertDelete01/StringBuilderInsertDelete01.class
new file mode 100644
index 0000000000000000000000000000000000000000..7858a392c3fa16230e3ae30f6ebaf25aecdb7726
GIT binary patch
literal 1924
zcmb7FOK%%h6#lLsbM48vnK*GAH!o94ahi<taGJD9C{CRQ+&o%H+|~)Nu{{n`TpPyY
zNNf-bHms0XR8@q8#0JzwC7_y0Eh?-KLabP^V!@6-Q8?F+CTWo)Z27zA-t*ma&pnUp
zUmrhs1YjCFGM+=ihiM<qcxeT=ed}XSG73n^<ee`c?f!C)V@8G_2?4V{oE76a0doT8
z1uO`7Nx*plFAGQtSQK!<k71;ISdwuO%N(!BINmV#s!*qWxWus{V-;&0>kQo|^=j3y
zY_n3XE}2z5S279=Y>Po!Fw3TWp1~a(xys;4RSE_}=c-vY)@wI&hP5fkq`0Y@Wrp6^
z_Ua9NS069w<(=^j+cL{L^I~IQ!`Acft?BRA`5c$&T#hRouhC^0d<*$f^B{SnQnT{L
zvMJ0)8zwH)%u>Oy(q-Y~l2I~jV`4Hc4pMLuFVOyiSuEyCHQ|YERBeXv({40vD0m$k
zbT>^1n*uTdt_rv&;JSdUfGq*r0^U&YCf-tT0?#wdClc{QBB4#i&uEhqjgK~~t!TDY
zGc>bkYP*I-LtYp0)Py@)%RRcXg17MwL*KrCi>=sSw5*DyKu1nN9$AK&#xei*6o&pb
zapNc`Fi>Pr_kFmWyJ6%hY~BBnzeB`^VFuTBimJn`XM`ahOCQL4!`S@Dfu%$K%s;)M
zp>4ZiD3;z%wX+x%gmk(cWiXcBIzr#}2-<&?{YyvKUp_*=)K2fSE3NSN#GWNmSS90w
znqI0hgklGR-^vH|vr?#cPwHLWTBLLj#M)j+YOtx{_bVk;qPK!Ny<k*L%P2f4UTSc=
zMhbc;w&;Z$rXRr6KG8HJxxqxM5}u;jAdQSh@9Fzs-wGmLB$VoljGm|%Mo1<qdkim*
z(Kr=!tp?p|s`7(3>sEI&S&wRDvR>87WF^(iWVu?*WPL(XB{fgTRh`hM+Jyf4x~x`6
z?oi8_b<d1PU77K!d`9YlXO;)0v;H3NbMiy@v-cs-DG|jz>Y&3NR2&4{V*(nY=HOUM
zlq3h8%}L1PKyArh2VE_hIKige%N=w#<*?sDPgCxb9fYn$=&0Vgz;_7mAruJ&`y52}
z(D4w*$))}uBZ^A20it<TvN`w+f9Nn@#MM=g>*o}D3N|G{qA$l9e7HhU-h_<n=%B|<
zygC6C(TNJW@F9Zu2;KMuJ@^zMe1=}!LKt754__gIZ|LvjF8Xl~19(8m{0T$&nNt26
zqWGN>{|6=gPfGh=l<>cCiZR5PA0sS?Q5L}%n}mkb<k1PZ{voBpG0HK<p>f0+V;+~A
xW1ObIIC(npq->_^^#ODRhaE)sz&&5X<NhAu{j0W0NSOD+r6fh6P1YkZ^)Ckqxmy4L

literal 0
HcmV?d00001

diff --git a/regression/strings/StringBuilderInsertDelete01/StringBuilderInsertDelete01.java b/regression/strings/StringBuilderInsertDelete01/StringBuilderInsertDelete01.java
new file mode 100644
index 00000000000..e864b796249
--- /dev/null
+++ b/regression/strings/StringBuilderInsertDelete01/StringBuilderInsertDelete01.java
@@ -0,0 +1,46 @@
+public class StringBuilderInsertDelete01
+{
+   public static void main(String[] args)
+   {
+      Object objectRef = "diffblue";
+      String string = "test";
+      char[] charArray = {'v', 'e', 'r', 'i', 'f', 'i', 'c', 'a', 't', 'i', 'o', 'n'};
+      boolean booleanValue = true;
+      char characterValue = 'K';
+      int integerValue = 7;
+      long longValue = 10000000;
+      float floatValue = 2.5f;
+      double doubleValue = 33.333;
+
+      StringBuilder buffer = new StringBuilder();
+
+      buffer.insert(0, objectRef)
+            .insert(0, "-")
+            .insert(0, string)
+            .insert(0, "-")
+            .insert(0, charArray)
+            .insert(0, "-")
+            .insert(0, charArray, 3, 3)
+            .insert(0, "-")
+            .insert(0, booleanValue)
+            .insert(0, "-")
+            .insert(0, characterValue)
+            .insert(0, "-")
+            .insert(0, integerValue)
+            .insert(0, "-")
+            .insert(0, longValue)
+            .insert(0, "-")
+            .insert(0, floatValue)
+            .insert(0, "-")
+            .insert(0, doubleValue);
+
+      String tmp=buffer.toString();
+      assert tmp.equals("33.333-2.5-10000000-7-K-true-ifi-verification-test-diffblue");
+
+      buffer.deleteCharAt(10);
+      buffer.delete(2, 6);
+
+      tmp=buffer.toString();
+      assert tmp.equals("33-2.510000000-7-K-true-ifi-verification-test-diffblue");
+   }
+}
diff --git a/regression/strings/StringBuilderInsertDelete01/test.desc b/regression/strings/StringBuilderInsertDelete01/test.desc
new file mode 100644
index 00000000000..4c3000d6a97
--- /dev/null
+++ b/regression/strings/StringBuilderInsertDelete01/test.desc
@@ -0,0 +1,8 @@
+FUTURE
+StringBuilderInsertDelete01.class
+--string-refine
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION SUCCESSFUL$
+--
+^warning: ignoring
diff --git a/regression/strings/StringBuilderInsertDelete02/StringBuilderInsertDelete02.class b/regression/strings/StringBuilderInsertDelete02/StringBuilderInsertDelete02.class
new file mode 100644
index 0000000000000000000000000000000000000000..e5a8ff2cd05afe4161b1531da8243ff6118452cd
GIT binary patch
literal 1725
zcmah}&u<$=6#m9u@2ofLX5-kg-6SPIDNfsU+&E3zBowz!18#n_khrZAinOuU)fU%=
z^*Rz4gb)`_+$t0yRpQc$0}@ber4|Y&R8^cfapJ&@e*$>pA5B`2V@uzBGw;ot_ue<N
zPyT-J2*4EHRdEPu1t%0t251HN;?~Dfb_|fS*{^Ru+J1bGBcmdSw16oEC&f4|U`D_x
z0jCAb3YZfxFW@x+X9T<+#0atq&Z;<v9LIu+gGh6nSFwmUINoF!JZv@^mgCy>T4TX(
zm|In=%)mAn<axVhyJr~u$??k!Qm$UM82Xp(nzh=zxn())!kG*=O}oZ0l-yjtVQ!lf
zRkL<|V$F5z+VwfHF|_8IrT13M_gnrPc{-Ql0>={7$DquYs-1(>wR+PjS&Oy^JJt?y
zu4z}xmXoiEBp0lz<yz^<lsHJki+G9lm+eYrtJ)NqxK_huh&`W1Cx(V)tWa%+Agcl{
z3b-WTEdg%}SQD@=pdjF~hAX(L;RTE_%x5yGOeSMYrcN3s((RuyV=Ni2)3gk`VjJ6*
zLqo|F{WL^6hSANBYSvH$bvC}6;Ms2T&pS@tVHoaFHOHogcW{kC-wkka>xNaLq6hz{
z`_DMG12gzGbEK`^>L)`gnct&YJJ{U#o~38<nR|Xi+uC!(p=5qD*DK<faLDI-xr`?B
z8~fOM9zpx}i+^FC_>2447kb$hx87}kB>7)QYO8F0&@`(JhG=q6^SgS`o$23|JXfVB
zOAoGWHEhQ!KfOZq&fF#$=)G>x+Zdtm3&8ZaxVyysVB*CPzD%=G8X1j&qxZqSCBkr+
zP;M<U`gXj6BgDy-{fGb#(C7>Mmc#xPUHc(W^y}M&qNH1eVnBBaMOn8CMXpy0MMW@O
z)=Pw3HwhKpB@DLKRlQEUPp=hLrD;iDnhxlET8==P;bHkyFamyBeTZQ3KGaz)q4|$_
z=<|m)4<Y|?0c~n{IMAiC?4iFiiAo;yE)RGZ=yLK2clZ$ZFxcU-pod6@$5ju}D+xMk
zXg2g6VmpW?LgBcF#18r%;vl6o{FCUDuhpkdS}hGwQ)T*dtU$pf>e@O~Tty$QL4%19
zD(FWY1NabOe1t)KiU>YK6rW=Vw-CdZh~q0HaF;&J-(VQ`NVW$g&d(&?FC^Trbk1)i
z+wUaYAEd^gq|0A8!WdqqKgh!Vp^3(k<QV5T%5jV_Ci(mv$7xC~3XG?!PqpL)2ErpA
fMt8uaJCOX}Beq*v_XddQ0r<46xF@Mr;S>J?FrkK*

literal 0
HcmV?d00001

diff --git a/regression/strings/StringBuilderInsertDelete02/StringBuilderInsertDelete02.java b/regression/strings/StringBuilderInsertDelete02/StringBuilderInsertDelete02.java
new file mode 100644
index 00000000000..d0e4923ad3c
--- /dev/null
+++ b/regression/strings/StringBuilderInsertDelete02/StringBuilderInsertDelete02.java
@@ -0,0 +1,40 @@
+public class StringBuilderInsertDelete02
+{
+   public static void main(String[] args)
+   {
+      Object objectRef = "diffblue";
+      String string = "test";
+      char[] charArray = {'v', 'e', 'r', 'i', 'f', 'i', 'c', 'a', 't', 'i', 'o', 'n'};
+      boolean booleanValue = true;
+      char characterValue = 'K';
+      int integerValue = 7;
+      long longValue = 10000000;
+      float floatValue = 2.5f;
+      double doubleValue = 33.333;
+
+      StringBuilder buffer = new StringBuilder();
+
+      buffer.insert(0, objectRef)
+            .insert(0, "-")
+            .insert(0, string)
+            .insert(0, "-")
+            .insert(0, charArray)
+            .insert(0, "-")
+            .insert(0, charArray, 3, 3)
+            .insert(0, "-")
+            .insert(0, booleanValue)
+            .insert(0, "-")
+            .insert(0, characterValue)
+            .insert(0, "-")
+            .insert(0, integerValue)
+            .insert(0, "-")
+            .insert(0, longValue)
+            .insert(0, "-")
+            .insert(0, floatValue)
+            .insert(0, "-")
+            .insert(0, doubleValue);
+
+      String tmp=buffer.toString();
+      assert tmp.equals("33.333-2.5-10000000-7-K-true-ifi-verification-test--diffblue");
+   }
+}
diff --git a/regression/strings/StringBuilderInsertDelete02/test.desc b/regression/strings/StringBuilderInsertDelete02/test.desc
new file mode 100644
index 00000000000..f78bf3f983a
--- /dev/null
+++ b/regression/strings/StringBuilderInsertDelete02/test.desc
@@ -0,0 +1,8 @@
+FUTURE
+StringBuilderInsertDelete02.class
+--string-refine
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION FAILED$
+--
+^warning: ignoring
diff --git a/regression/strings/StringBuilderInsertDelete03/StringBuilderInsertDelete03.class b/regression/strings/StringBuilderInsertDelete03/StringBuilderInsertDelete03.class
new file mode 100644
index 0000000000000000000000000000000000000000..6e238d7caea3b3ed8af71e3eb7a942336512b1ad
GIT binary patch
literal 1819
zcmah}O>7%Q6#mBE-LW^DX5*j4Zho3V0VnMyX_7i^5{gr&0XIJd61R22-`ZZ6Ev^mg
zbtEo`0~fe(tEvbIi3_NQN<g)hT2we8gg9|PoH%gg%8di?#y?G3kYh{Ve6#P(n>X)!
zGe7=)?*V`rSSm&^6~J@=GctVvZr*rbN{s+YDs}7A2RlF9;W(uth$#Wd0A|H_TEH0r
za{}fCEC_g3z*zy$2}lW86mU*JI*4H`1#n))GM?vnLB$}ZI5H|OV1;9qA$-iN)hx%g
ztCiZ4T{H7#tH{8%7?cIOV!LM<{E5*^3{tvUv>19;?TWQtzn-_8P2o(2>!w{{=u2#`
zUNd*hiLzO_I<et8cIE24SlGScnuWL4%(ol<9BZ^M$2!MFIw?b7p-^sZq;6E}PQhBX
zMc9#Mh;wzjT(q1_MI^aol`YqroE{e&X?POHXnoNxmGb4f$i%g3E<^w0X|!T!co8qr
z*$hEm7O){;Q$SY0B>|TOToI5Hu%%%euV{Ex7+%Bc8jj)#hUE0LF*Sbb<Ye<_%o;0(
z>(nj7Hf>|aa_o{_Fhx-fk(1HRk<P8*4VVnEy(Aag0-Sf8s>3kQ;p7~74F!-y`d)yG
z`D<2z4j%p=1s-v124?VWr%7MCQB#KTL}s6I&0zDR`#wFA&-~*Hn%0gBh7+0Xbf<_T
z!XcCC<T8}VY#m_lxCO00DE@^5;x8XyU+QGnijC$?ziB#)q}5=eV>U|Do7&s0wpEKH
z{u`gvP^@?AX1T@?P3+UGEhAmzp1n><m+7|CT`gKQ+p&rdJCClYTPFiu^(|`fVS1zh
zrpH9H6Z3<K%SQMV&4y@XG|FRl!M+rZc$!dYd}Q?OJc9&ra%I0j#vvNRA>V4qzou*7
z$T`2hlg&xGmCebzlg%l*oy~E*l+6VM(-ply$aRx2pu2>@#&=b(67SM0*>x!?=_^TD
z=Sd|3X_kkS)4>S%8TCGbxw}y3w7BL!?xD*c(mZtgPY7sI!^5FARTK|Btw~h!ptrf~
zp|{P+C)DD7+(Wp<`-2`LEgn-nL@&oRoyI;IWt|rF6Y&t6>;4MyT}0#Ep~D^qcF}bo
zgOuaYx1w;qM&Ukc)L5n}EA*!a5&?R6g4l$LE9j!9M}vuOl+c4Jdhsqocn@KGfCxTB
z6d$7xH_(qy5W{DP;|m<dZ4BTJJ@)rVt?x+B?{Ne_k*YtFqQBC9zmcB5lSF?|27i)V
ze_@n`Fosde>L}PhG|@Q5IF56i;4m0tlF!dEPE&FTVB%pr%rtZddPBn=j_iU<pF{G0
XjriUP+pQs@%kXI_(Lj@p0-XF8rv{&X

literal 0
HcmV?d00001

diff --git a/regression/strings/StringBuilderInsertDelete03/StringBuilderInsertDelete03.java b/regression/strings/StringBuilderInsertDelete03/StringBuilderInsertDelete03.java
new file mode 100644
index 00000000000..bad25b201a3
--- /dev/null
+++ b/regression/strings/StringBuilderInsertDelete03/StringBuilderInsertDelete03.java
@@ -0,0 +1,43 @@
+public class StringBuilderInsertDelete03
+{
+   public static void main(String[] args)
+   {
+      Object objectRef = "diffblue";
+      String string = "test";
+      char[] charArray = {'v', 'e', 'r', 'i', 'f', 'i', 'c', 'a', 't', 'i', 'o', 'n'};
+      boolean booleanValue = true;
+      char characterValue = 'K';
+      int integerValue = 7;
+      long longValue = 10000000;
+      float floatValue = 2.5f;
+      double doubleValue = 33.333;
+
+      StringBuilder buffer = new StringBuilder();
+
+      buffer.insert(0, objectRef)
+            .insert(0, "-")
+            .insert(0, string)
+            .insert(0, "-")
+            .insert(0, charArray)
+            .insert(0, "-")
+            .insert(0, charArray, 3, 3)
+            .insert(0, "-")
+            .insert(0, booleanValue)
+            .insert(0, "-")
+            .insert(0, characterValue)
+            .insert(0, "-")
+            .insert(0, integerValue)
+            .insert(0, "-")
+            .insert(0, longValue)
+            .insert(0, "-")
+            .insert(0, floatValue)
+            .insert(0, "-")
+            .insert(0, doubleValue);
+
+      buffer.deleteCharAt(10);
+      buffer.delete(2, 6);
+
+      String tmp=buffer.toString();
+      assert tmp.equals("33-2.510000000-7-K-true-iai-verification-test-diffblue");
+   }
+}
diff --git a/regression/strings/StringBuilderInsertDelete03/test.desc b/regression/strings/StringBuilderInsertDelete03/test.desc
new file mode 100644
index 00000000000..b3882f41f7e
--- /dev/null
+++ b/regression/strings/StringBuilderInsertDelete03/test.desc
@@ -0,0 +1,8 @@
+FUTURE
+StringBuilderInsertDelete03.class
+--string-refine
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION FAILED$
+--
+^warning: ignoring

From 77ca2d12723ab83d54f8b3f2af58789b08c11c2e Mon Sep 17 00:00:00 2001
From: Lucas Cordeiro <lucasccordeiro@gmail.com>
Date: Wed, 22 Feb 2017 14:20:06 +0000
Subject: [PATCH 009/699] =?UTF-8?q?=C2=A0added=20string=20methods=20equals?=
 =?UTF-8?q?,=20equalsIgnoreCase,=20compareTo=20and=20regionMatches?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Lucas Cordeiro <lucasccordeiro@gmail.com>
---
 .../StringCompare01/StringCompare01.class     | Bin 0 -> 1325 bytes
 .../StringCompare01/StringCompare01.java      |  47 ++++++++++++++++++
 regression/strings/StringCompare01/test.desc  |   8 +++
 .../StringCompare02/StringCompare02.class     | Bin 0 -> 721 bytes
 .../StringCompare02/StringCompare02.java      |  14 ++++++
 regression/strings/StringCompare02/test.desc  |   8 +++
 .../StringCompare03/StringCompare03.class     | Bin 0 -> 723 bytes
 .../StringCompare03/StringCompare03.java      |  14 ++++++
 regression/strings/StringCompare03/test.desc  |   8 +++
 .../StringCompare04/StringCompare04.class     | Bin 0 -> 703 bytes
 .../StringCompare04/StringCompare04.java      |   9 ++++
 regression/strings/StringCompare04/test.desc  |   8 +++
 .../StringCompare05/StringCompare05.class     | Bin 0 -> 642 bytes
 .../StringCompare05/StringCompare05.java      |  11 ++++
 regression/strings/StringCompare05/test.desc  |   8 +++
 15 files changed, 135 insertions(+)
 create mode 100644 regression/strings/StringCompare01/StringCompare01.class
 create mode 100644 regression/strings/StringCompare01/StringCompare01.java
 create mode 100644 regression/strings/StringCompare01/test.desc
 create mode 100644 regression/strings/StringCompare02/StringCompare02.class
 create mode 100644 regression/strings/StringCompare02/StringCompare02.java
 create mode 100644 regression/strings/StringCompare02/test.desc
 create mode 100644 regression/strings/StringCompare03/StringCompare03.class
 create mode 100644 regression/strings/StringCompare03/StringCompare03.java
 create mode 100644 regression/strings/StringCompare03/test.desc
 create mode 100644 regression/strings/StringCompare04/StringCompare04.class
 create mode 100644 regression/strings/StringCompare04/StringCompare04.java
 create mode 100644 regression/strings/StringCompare04/test.desc
 create mode 100644 regression/strings/StringCompare05/StringCompare05.class
 create mode 100644 regression/strings/StringCompare05/StringCompare05.java
 create mode 100644 regression/strings/StringCompare05/test.desc

diff --git a/regression/strings/StringCompare01/StringCompare01.class b/regression/strings/StringCompare01/StringCompare01.class
new file mode 100644
index 0000000000000000000000000000000000000000..38f0d216e1cf640abd23b0356795e344fe3faa94
GIT binary patch
literal 1325
zcmZ`(T~8BH5IwiucDH4hmMtx<h!o|cP|Anm7ob8ankIlT5EJmhY};#HY`eJKYWx*G
z!;4RZXEiB_B>3(h@YTe`KcLU*+!l(~l5A%8&YU?j_snEJ|N3|YU<QkR=opZ3QNblY
zTo_a^q+nRVh&UyD2x3&mm>+%&2v1U&abZ%zOvsq@V+zwUE;ED%jY@^vj%k%Ecg>2C
zE%H1A+hp+0n`P6v&EQUqK4Os4R-Q8imd!F>t(LOfUKd~rlnk@X5J@~<-ZEYqlSQLk
zm|Sygvs{=HiQ1ZD<esk>+jYE*E7UoIGM_6R^ZVDVs-5HaOu^RO$V^+MZNuhM(-VSI
zMHmr=U@JcrcX-7S;TZ<GU|IR>Ya)p)RvoKkIA$)sPVxACUgkC(E$TC7G-Dz+UTDTt
zT*WmNA#^iDPfIPH=(A+omaXDCZm774Srv1b7v>hJ($ckz+bZs0;h&x#WVd+EA<5ea
z#Sl)km(R;zRE=V#1<>G{8>Kk~8-PrqY}q_*ROtR~xd`gZHDq14&cI}7TsAL|P%DO$
zd&a43G?Dqgu}nr(jwLqFj0H{wOc!azXhHJ4V%j|4)RXqYsZxOUYZC*swK}ag3r58R
z=*tai5)raJbn2rwqqk@50PLLrB1+a<chb!e!#VmUC_5mphu)z>xHfe60i<Q!v!Z)f
zb$M1w>h2np9eDTA^&Y-mbR5FJae$6b6xnOzPQ|1e)OHE=^l);#1}&()Jtb=R$CJYU
zqtzcu3ja<EI#REq1;4h!BQYr@c;bHrQtp`KR%+<nZP%`J91XN<SqSH<3-^=+BQ@zC
z;e`g7)K^G#Kk3|oIC&-zpkGapwq3^(MOJAR4@ur9l=lj~ctglN^y7#o_XUIah9P{%
z2!3LWF(jFU6w`^Nm#PdS@S8|IGS18BYd(OcXdPNlPdFOw)B+lHaG^QxnfhRXE<IR7
e*DhpfACmh6e5Y49nY}3CflFNw8`59DVf+se)E~6~

literal 0
HcmV?d00001

diff --git a/regression/strings/StringCompare01/StringCompare01.java b/regression/strings/StringCompare01/StringCompare01.java
new file mode 100644
index 00000000000..5a669d5c409
--- /dev/null
+++ b/regression/strings/StringCompare01/StringCompare01.java
@@ -0,0 +1,47 @@
+public class StringCompare01
+{
+   public static void main(String[] args)
+   {
+      String s1 = new String("test");
+      String s2 = "goodbye";
+      String s3 = "Automatic Test Generation";
+      String s4 = "automatic test generation";
+
+      if (s1.equals("test"))  // true
+         assert true;
+      else
+         assert false;
+
+      if (s1 != "test")  // true; they are not the same object
+         assert true;
+      else
+         assert false;
+
+      if (s3.equalsIgnoreCase(s4))  // true
+         assert true;
+      else
+         assert false;
+
+      assert s1.compareTo(s2)==13; //true
+
+      assert s2.compareTo(s1)==-13; //true
+
+      assert s1.compareTo(s1)==0; //true
+
+      assert s3.compareTo(s4)==-32; //true
+
+      assert s4.compareTo(s3)==32; //true
+
+      // test regionMatches (case sensitive)
+      if (!s3.regionMatches(0, s4, 0, 5)) //true
+         assert true;
+      else
+         assert false;
+
+      // test regionMatches (ignore case)
+      if (s3.regionMatches(true, 0, s4, 0, 5)) //true
+         assert true;
+      else
+         assert false;
+   }
+}
diff --git a/regression/strings/StringCompare01/test.desc b/regression/strings/StringCompare01/test.desc
new file mode 100644
index 00000000000..52b1d6d084c
--- /dev/null
+++ b/regression/strings/StringCompare01/test.desc
@@ -0,0 +1,8 @@
+FUTURE
+StringCompare01.class
+--string-refine
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION SUCCESSFUL$
+--
+^warning: ignoring
diff --git a/regression/strings/StringCompare02/StringCompare02.class b/regression/strings/StringCompare02/StringCompare02.class
new file mode 100644
index 0000000000000000000000000000000000000000..4e8b7d2ad9f2f1022bf67590b6e703be6787283e
GIT binary patch
literal 721
zcmZWmTTc@~7(LVNUb<}Qg^DeTmYcL{#2DTrMp7?n(&9r23Gg)CPU=9rOJ=A37x@D`
ztBE9<=)3<(<2Q@6Q8Sado$ov6eBb=|_2nCYZ8UxOsCuY*Sn_cTw{!5Y?Bb3O2UQn$
zeblkyVwGWGohOM<TE<cGLMFUF5(5Ty#Nh16Na|+{R-<{qkZr{S!BFVPNbF6<eWCVE
zFacvOBZkGsap#1;<69#h4Yzt)$!Pf0B<6dXho@bBmd3kSWAJvu(I0ZZ7f)0uUP(h$
zxk_ur<1?<r<0p>{VSqg58EU%|9gn$|VSQgDy8c>3LeVuQ?HZqA+F-*eMsfkxu@PVn
z0Yi1>aQC|GmrBKo3j0Uf#k~NVXfPCKNpJcmBGi99U8PZ(N({+Nm+SDYNJy&D{=XmX
zc9S|=m=U%{)P8E-KqOL$!PFG>Oiu`)-XCFwe$S_mWyPu~gH9Gm5c9Ma=(bEdqusuL
z3HHGRqDZTgJ~HG`LYdAcl*6WEV6B|#l&$Uq>!Ia+M)p0N3zR;>KF8cwIER;TzZ;@V
zO0+~&#7>D04MXRnLOxc>!vY}zGCxsq)0ro)H>S?EQwu<;Oe(o^xY-M2txvFL<kv0@
Pk&R67+|;s|YTx_~%FmQo

literal 0
HcmV?d00001

diff --git a/regression/strings/StringCompare02/StringCompare02.java b/regression/strings/StringCompare02/StringCompare02.java
new file mode 100644
index 00000000000..29978a7bd30
--- /dev/null
+++ b/regression/strings/StringCompare02/StringCompare02.java
@@ -0,0 +1,14 @@
+public class StringCompare02
+{
+   public static void main(String[] args)
+   {
+      String s3 = "Automatic Test Generation";
+      String s4 = "automatic test generation";
+
+      // test regionMatches (case sensitive)
+      if (s3.regionMatches(0, s4, 0, 5)) //false
+         assert true;
+      else
+         assert false;
+   }
+}
diff --git a/regression/strings/StringCompare02/test.desc b/regression/strings/StringCompare02/test.desc
new file mode 100644
index 00000000000..abc986be65d
--- /dev/null
+++ b/regression/strings/StringCompare02/test.desc
@@ -0,0 +1,8 @@
+FUTURE
+StringCompare02.class
+--string-refine
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION FAILED$
+--
+^warning: ignoring
diff --git a/regression/strings/StringCompare03/StringCompare03.class b/regression/strings/StringCompare03/StringCompare03.class
new file mode 100644
index 0000000000000000000000000000000000000000..1fcdba9a8624b066335fcccc6a9dda9dd60d041b
GIT binary patch
literal 723
zcmZWmU2hUW6g|T(yUTVdA1xKCRoYSoHP*zw*%%xA2npx|jfwa)EEAjxyUpz2kKqsW
zSxs!BiN5=vG~U@-h??EZotbm*Ip^N_@$1Vs00(IK@KN<p^RVgTDz4?=VavsJ9}cQ6
zZuqEU+r<vUT7xHvP+G=O@<b+lI1wWTHehfLWhC_@2CLb6#bCGNkzgovWh7qArbD5Q
zO)>#fE+dAG=9}&bf6w<PJR0x!wUW{Jp()JwH4oqQ_-UH&Vwb@?3@3lc{eC=Cp?D?@
z)%rzQJD#3$CGJ1CX9xr2vC2?8n(27TwG8XWBGL8dA`*&@F=^NM0@DT?FEEk|(7;}R
z6$A{`rNg7kwx22$D{AZ?Z5KBK+(MI~xGZ`(JQ1P(>*}J6+EijpW_nzQZ$(0$nuE^&
z1L<^HG}^+Fu|1*r)AU9nkxGmfu4rg_MgR?efNgp{pI(*~tELaySs+EM(psR?7DYxe
zd;1*hgGoe@Rwun=$f1NX?M>>CZY_$9a;96hdUtH=uH}7(J%@9K(nn<HSosR)^*P+{
zhAERWZBiA{Q>8;+j@W!u$jC04SR*7r<|isH*6Gia*~-G&LFxf0l}RNxhijj~wmu=d
TB)_z2h_c88k4-ZhsrHrMId_!7

literal 0
HcmV?d00001

diff --git a/regression/strings/StringCompare03/StringCompare03.java b/regression/strings/StringCompare03/StringCompare03.java
new file mode 100644
index 00000000000..fbd881efd48
--- /dev/null
+++ b/regression/strings/StringCompare03/StringCompare03.java
@@ -0,0 +1,14 @@
+public class StringCompare03
+{
+   public static void main(String[] args)
+   {
+      String s3 = "Automatic Test Generation";
+      String s4 = "automatic test generation";
+
+      // test regionMatches (ignore case)
+      if (!s3.regionMatches(true, 0, s4, 0, 5)) //false
+         assert true;
+      else
+         assert false;
+   }
+}
diff --git a/regression/strings/StringCompare03/test.desc b/regression/strings/StringCompare03/test.desc
new file mode 100644
index 00000000000..fa518907143
--- /dev/null
+++ b/regression/strings/StringCompare03/test.desc
@@ -0,0 +1,8 @@
+FUTURE
+StringCompare03.class
+--string-refine
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION FAILED$
+--
+^warning: ignoring
diff --git a/regression/strings/StringCompare04/StringCompare04.class b/regression/strings/StringCompare04/StringCompare04.class
new file mode 100644
index 0000000000000000000000000000000000000000..cb288719581cd9f599cc0f3c56b08cebad443698
GIT binary patch
literal 703
zcmZ`%O>fgc5PcInw&OU|b(<1C3T<gi`k|IXZd3>qKtf94kP4~oX=AUVEs0&(4ibN*
z7ml1MQX^3b?))bZvo38!1=4DFc0S&FGrK>2ef<WYg-sV8Zrixy;I4}j<{jLtz{P!i
zS+KF_!qM?17Z0#(V}&rYEV4|dxk}>fxynRuAR_`D5Ud>)tNaPUXs*2_nC&EzgsF~-
z<?GR~C(}Kh%z>d$F=4KG*f|pK#r8nN{q1g^s<{7H7uLGD2;c3B<07BM5uBZH@CV%O
zCZjZzFO`Oxy(nuZ!()-kN3AUl=wS*z!M_g9%(={R9bP5a{UnKcAEbvGZg_ZzCZRDY
zd3M?4i!@DAZsQu0jWrMJ*!YX*P47sCIicSCcW0IGLg-%dpPW}rG||u=@ThrEk<3&o
zqbo@~pM1mtp7Q|~`MErPO!6DL6SfR63VhzD`8Lld@mXFUgFfp-1iV{?lTg77X4%%M
zhg@p#xq6P$eqfAYc7pQmDXbIJH#g2;`?Zg#p2OK6qw-y2l?to?Cfj8eVzC7NCH!gX
y?5To&V#UTBFLvF$($p%*f$6|KL-ho<`3a`+1=a-fQlG{tqvSo+T{H^HTfYIp^o!pB

literal 0
HcmV?d00001

diff --git a/regression/strings/StringCompare04/StringCompare04.java b/regression/strings/StringCompare04/StringCompare04.java
new file mode 100644
index 00000000000..c602594930f
--- /dev/null
+++ b/regression/strings/StringCompare04/StringCompare04.java
@@ -0,0 +1,9 @@
+public class StringCompare04
+{
+   public static void main(String[] args)
+   {
+      String s1 = new String("test");
+      String s2 = "goodbye";
+      assert s2.compareTo(s1)==13; //false
+   }
+}
diff --git a/regression/strings/StringCompare04/test.desc b/regression/strings/StringCompare04/test.desc
new file mode 100644
index 00000000000..f1b2a9790cc
--- /dev/null
+++ b/regression/strings/StringCompare04/test.desc
@@ -0,0 +1,8 @@
+FUTURE
+StringCompare04.class
+--string-refine
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION FAILED$
+--
+^warning: ignoring
diff --git a/regression/strings/StringCompare05/StringCompare05.class b/regression/strings/StringCompare05/StringCompare05.class
new file mode 100644
index 0000000000000000000000000000000000000000..70bbad48ef69bb1c1417507aa918529a4e104d94
GIT binary patch
literal 642
zcmZvZ-%k@k5XZlJ*Sl-4*Waa7u}Be3!32DOCkWA0eJc7;V^Vn9wwq>adq?)J{xSUn
z;2BJ8A_>0xHxa_@X=x<9?99&0e&#!~e{O$W1K7nY7cQy}o+R<qg@Kh6l6dBz=EBzT
zRTs~(=Ah0{+TdX*R3rmGd@n=Z9f>{zJ7%yCq%WgG2D7pGl_Aj#`hp?XlD_yf8Fz*H
zqKhdp=F(@VG)`JW{+;iPxIfrwM@ssGef==gj(G3e5kHOVNfbl!pf~ylciX{4^~6W1
zQRTnSn!)&#EAeJ;TLV30kY&g}gj458gpp3Kdq~4$s4i;W&8PaHRG>)r1GIw|9yaju
zKk(=7Q1l{(rN-l<<QDwqi1tQP_eCg`=-;=aVWSBpXlci&)7oA75tgrNf#jK>g&<33
zj&3!wjI6aa1G~_L$kS=ZL536xD3Y&BJM`2byM6_uQ#5Btv|bm@GuY=ST*8_neFeKS
zgY#Q+jF?k_MZQH6Y`Qxr5wT9U5=B!mZcuVi&XC5Xdqul(YoJg}{zPgDCvlF1`2*I1
SI#;JD77XvLo}m&qUA_a4#C#3_

literal 0
HcmV?d00001

diff --git a/regression/strings/StringCompare05/StringCompare05.java b/regression/strings/StringCompare05/StringCompare05.java
new file mode 100644
index 00000000000..8764cb5c99a
--- /dev/null
+++ b/regression/strings/StringCompare05/StringCompare05.java
@@ -0,0 +1,11 @@
+public class StringCompare05
+{
+   public static void main(String[] args)
+   {
+      String s1 = new String("test");
+      if (s1 == "test")  // false; they are not the same object
+         assert true;
+      else
+         assert false;
+   }
+}
diff --git a/regression/strings/StringCompare05/test.desc b/regression/strings/StringCompare05/test.desc
new file mode 100644
index 00000000000..159809fac0f
--- /dev/null
+++ b/regression/strings/StringCompare05/test.desc
@@ -0,0 +1,8 @@
+FUTURE
+StringCompare05.class
+--string-refine
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION FAILED$
+--
+^warning: ignoring

From 48a1df89abbf0de1d3cdda59fe82c3f06be5e139 Mon Sep 17 00:00:00 2001
From: Lucas Cordeiro <lucasccordeiro@gmail.com>
Date: Wed, 22 Feb 2017 14:21:49 +0000
Subject: [PATCH 010/699] =?UTF-8?q?=C2=A0added=20test=20cases=20related=20?=
 =?UTF-8?q?to=20string=20method=20concat?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Lucas Cordeiro <lucasccordeiro@gmail.com>
---
 .../StringConcatenation01.class                | Bin 0 -> 864 bytes
 .../StringConcatenation01.java                 |  17 +++++++++++++++++
 .../strings/StringConcatenation01/test.desc    |   8 ++++++++
 .../StringConcatenation02.class                | Bin 0 -> 719 bytes
 .../StringConcatenation02.java                 |  10 ++++++++++
 .../strings/StringConcatenation02/test.desc    |   8 ++++++++
 .../StringConcatenation03.class                | Bin 0 -> 1099 bytes
 .../StringConcatenation03.java                 |  17 +++++++++++++++++
 .../strings/StringConcatenation03/test.desc    |   8 ++++++++
 .../StringConcatenation04.class                | Bin 0 -> 899 bytes
 .../StringConcatenation04.java                 |  10 ++++++++++
 .../strings/StringConcatenation04/test.desc    |   8 ++++++++
 12 files changed, 86 insertions(+)
 create mode 100644 regression/strings/StringConcatenation01/StringConcatenation01.class
 create mode 100644 regression/strings/StringConcatenation01/StringConcatenation01.java
 create mode 100644 regression/strings/StringConcatenation01/test.desc
 create mode 100644 regression/strings/StringConcatenation02/StringConcatenation02.class
 create mode 100644 regression/strings/StringConcatenation02/StringConcatenation02.java
 create mode 100644 regression/strings/StringConcatenation02/test.desc
 create mode 100644 regression/strings/StringConcatenation03/StringConcatenation03.class
 create mode 100644 regression/strings/StringConcatenation03/StringConcatenation03.java
 create mode 100644 regression/strings/StringConcatenation03/test.desc
 create mode 100644 regression/strings/StringConcatenation04/StringConcatenation04.class
 create mode 100644 regression/strings/StringConcatenation04/StringConcatenation04.java
 create mode 100644 regression/strings/StringConcatenation04/test.desc

diff --git a/regression/strings/StringConcatenation01/StringConcatenation01.class b/regression/strings/StringConcatenation01/StringConcatenation01.class
new file mode 100644
index 0000000000000000000000000000000000000000..8a2ee685b444d098b7dac80fa33ad12df6776cf4
GIT binary patch
literal 864
zcmZuvTW=CU7(D|EyDVD^ON)rb(pnJ;Et>SnHb$iyA83uin6y3(%d}a#U2u0X@vra)
zd{z^hsL^+SlN!HS%EiX)W-j05%sFS~=bta%0qmfz!$4lcO${pv=qTv8g;f<r9dYF4
zW=+GoirYFia7RUnA+y1KUwDDtbNzkW=WR!H7}zmGe9w06;2}e_TzSo)G<qGuu-LR+
zaX2_{3-6UIro=h7U50G=O|#42@w&s^(|RlLZ1;3mHZHURZk-+Qeps*KE`zpbIhWvi
zt2gj0@ywP``EgsL=UO}vE|;wC-QSk51{RT`&gZ<}e_!MQL!!8EpPW2#2ExDst`V?-
zGAazY8I8viZBIR~=NZ^Ul_5RBm;x{?|Mz4SH3M7NW=PF2U$nczqVwlM<7To<yd7}I
zC%E#Q7vqNAiuBY9r7@J|3npgG^<0L?@7ci(hpvi@?g-!ZL}#jv{0#<_pnE#T8eO|V
zkAbCf(iK`oK`2Pkn5JEUW=3;t^8)OnEQCp8JPeYl$Y6=qvh*7wP-s3gBTX}U@CnKg
zOI0&6LTrfSSHzDlp#B(#Yi9J{aJ4pqb~sLMnTadOY2pf)Boqk=m52(lB=&LoG~%70
z2cE<OQumT{wMbK!R4r3g2Fh;~RAlMT{=y1PIcm8+6}=Ox1Jb5GLUIUI`2Z#Q8OrRu
Si2)KXhKTV<+LR0F-1rMPF10}b

literal 0
HcmV?d00001

diff --git a/regression/strings/StringConcatenation01/StringConcatenation01.java b/regression/strings/StringConcatenation01/StringConcatenation01.java
new file mode 100644
index 00000000000..be516610e94
--- /dev/null
+++ b/regression/strings/StringConcatenation01/StringConcatenation01.java
@@ -0,0 +1,17 @@
+public class StringConcatenation01
+{
+   public static void main(String[] args)
+   {
+      String s1 = "Happy at";
+      String s2 = " DiffBlue";
+
+      assert s1.equals("Happy at");
+      assert s2.equals(" DiffBlue");
+
+      String tmp=s1.concat(s2);
+      assert tmp.equals("Happy at DiffBlue");
+
+      tmp=s1;
+      assert tmp.equals("Happy at");
+   }
+}
diff --git a/regression/strings/StringConcatenation01/test.desc b/regression/strings/StringConcatenation01/test.desc
new file mode 100644
index 00000000000..a229b504571
--- /dev/null
+++ b/regression/strings/StringConcatenation01/test.desc
@@ -0,0 +1,8 @@
+KNOWNBUG
+StringConcatenation01.class
+--string-refine
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION SUCCESSFUL$
+--
+^warning: ignoring
diff --git a/regression/strings/StringConcatenation02/StringConcatenation02.class b/regression/strings/StringConcatenation02/StringConcatenation02.class
new file mode 100644
index 0000000000000000000000000000000000000000..b8272c61412b0c48520243b8fb53403374ea2c02
GIT binary patch
literal 719
zcmZuvO>fgc5PcilS=(_*>b4;*1X3uFw1^^9POT7-f;gmb2tuNqHqN%%;@ZI<Nc@%j
z0nUKbN+7|V{{&*zAx)8xt=;kLyf<&&`seSj-vMl4!$k$lHdbt0a^T>yji!q$xXRIT
z!LiJ->f#!%bF48etcf(0Nv7f`-Bqa=gmTEh_8H1MDpJ`42BY11#b9>hp=7A`R3xA0
z#{-$X)WvjgEL6l$Z@=jsiT7eN6w%>kKTA|}xUGS6{Y(UJ_r$2E=eWUO?*!pra<?Dn
zNg$spO|>$Cb>k=ynT&*1b@$#KP3z$Ts)T$dMxzfckuf-}U3GBqILxI74|9~5p0%in
zhnu*?(3nYjG@bKFlEewa(tn$Av^{jN&QO~{Ukr|9KrPRuCSY<&zRN|J5?%Y;_!Gc(
zhit6QXu2VJO->DEsuDRo6GR4OIUSJE`&gwbtI$QVT0@UTkpZTMr?p03P1+gl*7_;f
zCtZknTFXU}On{FCigjs>5`lsHeyQghd!J#BvAE$|Cn%3m`3C;_6!wov`nGTUo7U8&
zg1QciVvDHC^l(yO({JWrk+L32ztH4ZqPI@@`kBtHLJ%<TJ120*;O0k|#uu0~;;Cj$
PWTE6e)RSE-`ZoRms@;%{

literal 0
HcmV?d00001

diff --git a/regression/strings/StringConcatenation02/StringConcatenation02.java b/regression/strings/StringConcatenation02/StringConcatenation02.java
new file mode 100644
index 00000000000..84f1c72e60c
--- /dev/null
+++ b/regression/strings/StringConcatenation02/StringConcatenation02.java
@@ -0,0 +1,10 @@
+public class StringConcatenation02
+{
+   public static void main(String[] args)
+   {
+      String s1 = "Happy at";
+      String s2 = " DiffBlue";
+      assert s1.equals("Happy at ");
+      assert s2.equals(" DiffBlue");
+   }
+}
diff --git a/regression/strings/StringConcatenation02/test.desc b/regression/strings/StringConcatenation02/test.desc
new file mode 100644
index 00000000000..937caa3295e
--- /dev/null
+++ b/regression/strings/StringConcatenation02/test.desc
@@ -0,0 +1,8 @@
+KNOWNBUG
+StringConcatenation02.class
+--string-refine
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION FAILED$
+--
+^warning: ignoring
diff --git a/regression/strings/StringConcatenation03/StringConcatenation03.class b/regression/strings/StringConcatenation03/StringConcatenation03.class
new file mode 100644
index 0000000000000000000000000000000000000000..49d03b9c937de00ce9bcd506db2168240098e2ea
GIT binary patch
literal 1099
zcmZ`%Yg5xe6g}Hl(lpo-9wLH91#Ee=yi}Cp3v`?j(6NpV_-Wg2nP8jLBz1<r!XNOn
zI8z)Q^}9cc@ow5!7;%!xZg$T-_uPBW?~`vo0W9Nzh6JvtxT?ZT;u@~2xS?P|!z89O
z+(b5sG;%7Y<;jeKSq-|x&nd`jC}5spV1j#|aDB_My$#Fb<+`Xcuw8~k(XuW7K0`E{
zd&3Z0cdCLRy=mEEyVWQQ_q7DmMT1*5!*KT9=05+(3w3Vq6-vHq*?X%pu&?Cv%KI(e
z4DbpT7}R2=-X+&cPRp%`r<SA|?S!p6c7^-G=2F%CQeM*P7{DM!KI6^ifysS_q`6_$
zYLDwJp<q$R5|$apUkR^O_f4l}dJFkVz?1bBbLN^k>1hm^p28R9eNpjAj*eTnt>BK1
z72MU)4}-x7({yuC5*_!j$}rMncoa77iR(Hp!<e^V@|rJPvy-@6K$v^z+~O1zb*zEf
zd`epfdG_eQ^F@P(;k2msp-!tUr|^>c>=Rz_2B}MQGBZqN&l$$QM>PMSp0h;6)0DI|
zhT=Iqr{~=1;%e@Hdc=nouX`l;G*1{rCQJ9)xn3tHl8>swvs_XA+g-Ac-=Yh$;VyYR
zO_m2(W<*Ykc2Q6f7^LqI{f*PgXpK)FgMF4j4AVCe9Fk{n5hJvh(63MsqqSm0HjU`k
z5n@I>_5+EX=*(;zN~sO?ZLr%uLh=xUbB5MN>JX{#(07i}_iKhOV#bATOn?uOk+VoC
zBoYY8BSrf-sZP+Nl5#0Y#bszzTZ$~$M?SlN=Tv7I8C)WC8j%yMC>ZU$xd0v(yc|>p
i^c(3mGKWxNpAd_FL9&-KEM9WO5z!yY7L5gx#{U2gd-sO`

literal 0
HcmV?d00001

diff --git a/regression/strings/StringConcatenation03/StringConcatenation03.java b/regression/strings/StringConcatenation03/StringConcatenation03.java
new file mode 100644
index 00000000000..56d397b96dc
--- /dev/null
+++ b/regression/strings/StringConcatenation03/StringConcatenation03.java
@@ -0,0 +1,17 @@
+public class StringConcatenation03
+{
+   public static void main(String[] args)
+   {
+      String s1 = "Happy at";
+      String s2 = " DiffBlue";
+
+      System.out.printf(
+         "Result of s1.concat(s2) = %s\n", s1.concat(s2));
+      String tmp=s1.concat(s2);
+      assert tmp.equals("Happy at DiffBllue");
+
+      tmp=s1;
+      System.out.printf("s1 after concatenation = %s\n", s1);
+      assert tmp.equals("Happy at");
+   }
+}
diff --git a/regression/strings/StringConcatenation03/test.desc b/regression/strings/StringConcatenation03/test.desc
new file mode 100644
index 00000000000..26ccc899a87
--- /dev/null
+++ b/regression/strings/StringConcatenation03/test.desc
@@ -0,0 +1,8 @@
+FUTURE
+StringConcatenation03.class
+--string-refine
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION FAILED$
+--
+^warning: ignoring
diff --git a/regression/strings/StringConcatenation04/StringConcatenation04.class b/regression/strings/StringConcatenation04/StringConcatenation04.class
new file mode 100644
index 0000000000000000000000000000000000000000..047d2b908ab423d6ea731ab22809263555c418d8
GIT binary patch
literal 899
zcmZ`%U2hUm5IvU#c3HOa(H5~Ex@xOXT4)vZ0W=z_@qwxdM$`Iqfm^Z_c5!zx>0jXw
z_-svRqEX-dPa5YgQfSm<bLZ~dIcH|h%#UB6zX2%Yo{k8XHLS$2ipv_Vs4#V0#kCj=
zT-UIsV;whC+|;3CSw&7q9vckvYuxjM>syZP?OGmhc14?k9WX?zmTmbD7?fQ86+^h@
zv;{+=ZrS45pw|@cOBqZLJ#N_yncSQD5r5B1U2b<u4d1owPDKLe8a{8m-Q)crUPXaH
ztG2p-$n}OZa9iSuC8?Iiu$p7HxG!ujtJ*FXC9Q!ZQiOcU`~72+`zkgKY@x`o;_aCH
z&=;=Rn#Gy-&2>*_NKT7--aHa5LY53{W5>V+Bp702#(=V5;1+H(WT%)%6LlWDuH!N+
z{<B0CWdnC`_guPh<ayVz=ZhXm>I{718VhDQr5B`@Pw|5HDm0TI{dqUdqc4LF8LGLz
zg`U-Z+-4>JANHttH{e~5($DftKs5NowEJ3@wu5Hd7M|sb_L&$oQhz`Xv>FGrWCraX
zz>--hDcuxM*GSQsroUCPjBI4%6zro6#5|qRz)1tZ0v72mLp$VE$QIL~dSUMbN;(|=
zipaiFXp9hjeFAleh0U}!LTrfm7wG$^h<}%yp@1_J6cQnhDBV<KpwW`V$O3V&pV(4y
rkv?)~&+01&g#f9vF~ZysYWM@f$|tB(-bt;JCxVdiP<C`FNW1hKww%V<

literal 0
HcmV?d00001

diff --git a/regression/strings/StringConcatenation04/StringConcatenation04.java b/regression/strings/StringConcatenation04/StringConcatenation04.java
new file mode 100644
index 00000000000..5ffc9086517
--- /dev/null
+++ b/regression/strings/StringConcatenation04/StringConcatenation04.java
@@ -0,0 +1,10 @@
+public class StringConcatenation04
+{
+   public static void main(String[] args)
+   {
+      String s1 = "Happy at";
+      String tmp=s1;
+      System.out.printf("s1 after concatenation = %s\n", s1);
+      assert tmp.equals("Happy  at");
+   }
+}
diff --git a/regression/strings/StringConcatenation04/test.desc b/regression/strings/StringConcatenation04/test.desc
new file mode 100644
index 00000000000..ea980c45d54
--- /dev/null
+++ b/regression/strings/StringConcatenation04/test.desc
@@ -0,0 +1,8 @@
+FUTURE
+StringConcatenation04.class
+--string-refine
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION FAILED$
+--
+^warning: ignoring

From cd1d392ab88d4f6a317c22a086ed078b6f1fddeb Mon Sep 17 00:00:00 2001
From: Lucas Cordeiro <lucasccordeiro@gmail.com>
Date: Wed, 22 Feb 2017 14:22:27 +0000
Subject: [PATCH 011/699] =?UTF-8?q?=C2=A0added=20test=20cases=20related=20?=
 =?UTF-8?q?to=20string=20class=20constructors?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Lucas Cordeiro <lucasccordeiro@gmail.com>
---
 .../StringConstructors01.class                | Bin 0 -> 1008 bytes
 .../StringConstructors01.java                 |  19 ++++++++++++++++++
 .../strings/StringConstructors01/test.desc    |   8 ++++++++
 .../StringConstructors02.class                | Bin 0 -> 652 bytes
 .../StringConstructors02.java                 |   9 +++++++++
 .../strings/StringConstructors02/test.desc    |   8 ++++++++
 .../StringConstructors03.class                | Bin 0 -> 713 bytes
 .../StringConstructors03.java                 |  10 +++++++++
 .../strings/StringConstructors03/test.desc    |   8 ++++++++
 .../StringConstructors04.class                | Bin 0 -> 736 bytes
 .../StringConstructors04.java                 |  10 +++++++++
 .../strings/StringConstructors04/test.desc    |   8 ++++++++
 .../StringConstructors05.class                | Bin 0 -> 736 bytes
 .../StringConstructors05.java                 |  10 +++++++++
 .../strings/StringConstructors05/test.desc    |   8 ++++++++
 15 files changed, 98 insertions(+)
 create mode 100644 regression/strings/StringConstructors01/StringConstructors01.class
 create mode 100644 regression/strings/StringConstructors01/StringConstructors01.java
 create mode 100644 regression/strings/StringConstructors01/test.desc
 create mode 100644 regression/strings/StringConstructors02/StringConstructors02.class
 create mode 100644 regression/strings/StringConstructors02/StringConstructors02.java
 create mode 100644 regression/strings/StringConstructors02/test.desc
 create mode 100644 regression/strings/StringConstructors03/StringConstructors03.class
 create mode 100644 regression/strings/StringConstructors03/StringConstructors03.java
 create mode 100644 regression/strings/StringConstructors03/test.desc
 create mode 100644 regression/strings/StringConstructors04/StringConstructors04.class
 create mode 100644 regression/strings/StringConstructors04/StringConstructors04.java
 create mode 100644 regression/strings/StringConstructors04/test.desc
 create mode 100644 regression/strings/StringConstructors05/StringConstructors05.class
 create mode 100644 regression/strings/StringConstructors05/StringConstructors05.java
 create mode 100644 regression/strings/StringConstructors05/test.desc

diff --git a/regression/strings/StringConstructors01/StringConstructors01.class b/regression/strings/StringConstructors01/StringConstructors01.class
new file mode 100644
index 0000000000000000000000000000000000000000..c4e2ce34c8353a953b7168f15c4f774be9ab10b7
GIT binary patch
literal 1008
zcmZuwTTc@~7(LVO?kw9vhviaGQLCusT2Q=Dh>=uHhy@>TO%|TE?LropR`+8389w(9
z=&PF0M2weLf0X*oaud>IbLN}xHs3ij`}@z=?*JCCWS}1fj%zxu8%SYXLP5d}2{(I?
z!z~>}xtZXYG>}0-$CQp~ju`{9C~?d&42(Nr=mwG3YKD)!(5d-ugMn=_Xv<#Hiykth
zixV#yluE1NGUTdW(_N4EYHsjCCR1R~@tO?7#jWbD^VTW(PIITU5d~gzXGs?JZbVM~
z)td7<$>*5oxJ`32=*xBg=m=w@6$f?qsV5tb9u`+<q9};#Q7Z`N=4WN^ECw;eAkLpd
zLqu*E$?zQs3li>TVPb#*S=_^YhLO{%m1D|Jf}j=9Bn@wSyXMD|&EYcGZ3d19SuCP_
zW`gInUAG>QkX`6Aq_!#yL&fgOsKu>{REX2Mx+*QreG@x=c&_B|h@}a-l-wzaicdF3
zx;Na=3*5#DCz3mgDL~h@i2^-?etIxWj7T-eN`pxi35RJnMk`4Kb+QBYNhTsss3lH@
z9*kg=Y)WNCsNfX)CG>BqofZwtR)lBSs@S${O#&A+%hrW&*+LUBAs4PyJwVDf(;X;l
z(&|86m+Le+%8In6I?&2$VsYL9FKeHnw=p<l_UyxGBXfWZm1Tb<?x9h|On3FGW^Y%&
zX7-)+OPZ;K<}Cdb#2qCfya*jDMEDsDSmbxmi+AY5ds6Tt1b&i^7bv>`<u3&|$3>1y
y9Ap1~Kt7+RMwd?nUPzP#`pw)vL>pZB044ne`sozMV$1F-QrSoHO0FbBUi}BKugVGl

literal 0
HcmV?d00001

diff --git a/regression/strings/StringConstructors01/StringConstructors01.java b/regression/strings/StringConstructors01/StringConstructors01.java
new file mode 100644
index 00000000000..406653de694
--- /dev/null
+++ b/regression/strings/StringConstructors01/StringConstructors01.java
@@ -0,0 +1,19 @@
+public class StringConstructors01
+{
+   public static void main(String[] args)
+   {
+      char[] charArray = {'d', 'i', 'f', 'f', 'b', 'l', 'u', 'e'};
+      String s = new String("test");
+
+      String s1 = new String();
+      String s2 = new String(s);
+      String s3 = new String(charArray);
+      String s4 = new String(charArray, 4, 4);
+	  
+      assert s1.equals("");
+      assert s2.equals("test");
+      assert s3.equals("diffblue");
+      assert s4.equals("blue");
+   } 
+}
+
diff --git a/regression/strings/StringConstructors01/test.desc b/regression/strings/StringConstructors01/test.desc
new file mode 100644
index 00000000000..ed57bdfdde5
--- /dev/null
+++ b/regression/strings/StringConstructors01/test.desc
@@ -0,0 +1,8 @@
+FUTURE
+StringConstructors01.class
+--string-refine
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION SUCCESSFUL$
+--
+^warning: ignoring
diff --git a/regression/strings/StringConstructors02/StringConstructors02.class b/regression/strings/StringConstructors02/StringConstructors02.class
new file mode 100644
index 0000000000000000000000000000000000000000..0cca7f99377fa26a1d5759ce91374e67278d1aea
GIT binary patch
literal 652
zcmZuv-%k@k5dP+R?Om@2Eu~<qV#`m9CPEBv5TdF2RPmw2M0na>H)P?s)4e<YnEnGk
zD+wf$=(~TDG0Yx9)%dcrvorI3-^}cfUthlg*h1Gs1uX}6Jy>X!QN}$N_l>jQ;DHCn
z1lt}uSah&Nm|YP`B6X_bD0!h0F%0F1KnH}<j*3*eODJ^L-xBOzJd%WJUqx~+I~_{B
zZ<0B1DpW+6?;iG##YeFbis)!#kZKhjZJWZWK`Mfi*W!Ji&&mkyP7wYE_XcsM1NllB
zsMd8^kF}&a3({C8n@^t@R3Fo*5^Dc4`0z2sdOJRru|jB05}x1m^-}9t6B_>mcd+VX
z4G;f<elt9lLCO=5A2Japgt_h?tzAdA*Lg(M30p7ZIr0=nGErKNZppd%G~)md@c@gw
zjtZ}dYE7e?Zv~L)jL#Z-3v7vP@zDk7vq{7ZpQZefxVVm4zMIrN-l)a4a|!F+1q%Hy
zu*YaTt{2Zy8l!Rvho9Z=2F1!zrkRYP;WA#E|3QO27xWWt2XlOzzm>6-^8qvU@;SUQ
a9QzaO!Wrxd*o`CuQiSC{Gs5rWT+J(Rc7c@u

literal 0
HcmV?d00001

diff --git a/regression/strings/StringConstructors02/StringConstructors02.java b/regression/strings/StringConstructors02/StringConstructors02.java
new file mode 100644
index 00000000000..b20877b8106
--- /dev/null
+++ b/regression/strings/StringConstructors02/StringConstructors02.java
@@ -0,0 +1,9 @@
+public class StringConstructors02 
+{
+   public static void main(String[] args)
+   {
+      String s1 = new String();
+      assert s1.equals(" ");
+   } 
+}
+
diff --git a/regression/strings/StringConstructors02/test.desc b/regression/strings/StringConstructors02/test.desc
new file mode 100644
index 00000000000..c2a30b3534c
--- /dev/null
+++ b/regression/strings/StringConstructors02/test.desc
@@ -0,0 +1,8 @@
+FUTURE
+StringConstructors02.class
+--string-refine
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION FAILED$
+--
+^warning: ignoring
diff --git a/regression/strings/StringConstructors03/StringConstructors03.class b/regression/strings/StringConstructors03/StringConstructors03.class
new file mode 100644
index 0000000000000000000000000000000000000000..fba6b043267ffe1fb0c5a30968bb053eee927c71
GIT binary patch
literal 713
zcmZuuT~8B16g{{5+3jM>Qn09~C~7~5n8+K%XsSLHeJC*jU)*jdWO3Qm*;#)~|A5bG
zLK8{!-T$QV&LT7tlF8gV_v74i&;0uH{Re<etb6cr&B1jSH#}6ZQiX?`E^g_^Z3n9!
zT%Et;;V#x3+#@Wkg?TQdinBC-9_QgG5n}@F6YT9cjnxx^(eAt<nEh-l2=zgnidV(a
zNXT7X%!#8gP6<oxw}Zp*Q@D|Y>A}WO$v8dO(v5RN6-MuO!VhIVlOwp>QSuMm8)k)!
z#LHMiEuXganTwJ|q%xU5di+qM`lzEpXk47Y<CVyjPT%)2hbsh&13K~mZ9;3-@a$~Q
z7gA=D(7bGzgN~0bdjE}jJvtPTA}qEq-_RBxi!jMA6r6T#by&*!j72|Ty;-fX$YUwS
z=cHI9Rd9mE-p49`o6kQ=jh5btJp+t_2H*4iT476Ut?m@`MHeFA+b)BIDi+XWUzfh)
zR)cNt1eLwOn8F-rugA{LS6CA?*8}?)&IGj+xO-Dne`>%=2^hd+-(og4Lpm&si$#vq
vK)=y-u*8Q$SI>!UmJERTz&l250>}Ie)A$B!hIvL(<5;NpPxUITa^&(~b%c;<

literal 0
HcmV?d00001

diff --git a/regression/strings/StringConstructors03/StringConstructors03.java b/regression/strings/StringConstructors03/StringConstructors03.java
new file mode 100644
index 00000000000..a2f6ced182a
--- /dev/null
+++ b/regression/strings/StringConstructors03/StringConstructors03.java
@@ -0,0 +1,10 @@
+public class StringConstructors03
+{
+   public static void main(String[] args)
+   {
+      String s = new String("test");
+      String s2 = new String(s);
+      assert s2.equals("tesst");
+   } 
+}
+
diff --git a/regression/strings/StringConstructors03/test.desc b/regression/strings/StringConstructors03/test.desc
new file mode 100644
index 00000000000..5419e5ae48e
--- /dev/null
+++ b/regression/strings/StringConstructors03/test.desc
@@ -0,0 +1,8 @@
+FUTURE
+StringConstructors03.class
+--string-refine
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION FAILED$
+--
+^warning: ignoring
diff --git a/regression/strings/StringConstructors04/StringConstructors04.class b/regression/strings/StringConstructors04/StringConstructors04.class
new file mode 100644
index 0000000000000000000000000000000000000000..d7705f364f37fe5fe5d3d350a6b66c3325a6e54e
GIT binary patch
literal 736
zcmZuvT~8BH5IxiG?%i&Sy_AAQMMY6tAl8RI2{D?g2}#jlU6Z9x+xAKpm#yxHf5HF2
zAMjaCXd*`6{ZAU_7NKf<nLBsp%$zxM@AsddzXE7s-9Zr-1TH$r;ZgwwEZMlMFINPv
zIuJU!?BE)%3#<_4R{SJUaT<)G<YAEb{ZI`Fv`erygD6Pv5%TrM3xd%e4Hco>2_p3*
zJLs$UxdwCMzz-tALcQ17_uu->(2w?--82rOy$xMB(@p)st8M@F1TS!dha=dVgYb8M
zr#s5xfqES1Zi^?CZ5}6$vq3tFlRK^3x^W5TP$tNKNp$>X2_?)B%zhYVs)Spp6KYfB
zgHw%<;&>Djs{dmVXq2#uwZAx?_V?8wCFFW-f~fb}TU%O`rQT$Im=Nacf2ckIZ!~y&
z<tceP<Q4ORhAIhSH9VVz_mXCu;Qj7mnO~~NFG#YcrLdO=X~k?M-<J3!KF!rJ=z|7g
zmaR1j5*Jr6$G(QXgUQ9fGiiS@y}TT{o*@I*Gv!Oyv$PSi?|QZjT~AsvV=JU`JIBa*
zYeI~X-~I^W5Y_dHc?9ba#bXF>4Evkr%}sbKFxWTI<O%Nbr`myyDo2W-AJ`F?7g*rX
o`Lp?3lR<&mO5q63A%yWBM*b6wY0pzFx{rxm>AqH6n@}$P0?V$F@Bjb+

literal 0
HcmV?d00001

diff --git a/regression/strings/StringConstructors04/StringConstructors04.java b/regression/strings/StringConstructors04/StringConstructors04.java
new file mode 100644
index 00000000000..bd9828e6a5f
--- /dev/null
+++ b/regression/strings/StringConstructors04/StringConstructors04.java
@@ -0,0 +1,10 @@
+public class StringConstructors04
+{
+   public static void main(String[] args)
+   {
+      char[] charArray = {'d', 'i', 'f', 'f', 'b', 'l', 'u', 'e'};
+      String s4 = new String(charArray, 4, 4);
+      assert s4.equals("bllue");
+   } 
+}
+
diff --git a/regression/strings/StringConstructors04/test.desc b/regression/strings/StringConstructors04/test.desc
new file mode 100644
index 00000000000..21394f70327
--- /dev/null
+++ b/regression/strings/StringConstructors04/test.desc
@@ -0,0 +1,8 @@
+FUTURE
+StringConstructors04.class
+--string-refine
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION FAILED$
+--
+^warning: ignoring
diff --git a/regression/strings/StringConstructors05/StringConstructors05.class b/regression/strings/StringConstructors05/StringConstructors05.class
new file mode 100644
index 0000000000000000000000000000000000000000..8339e1ddab342a080fd8c8be285bde13134446f3
GIT binary patch
literal 736
zcmZuvO>fgc5Ph52UdM6CHcd+k6etu(+KO-}5>hJ!3UEpZQZSO6lVfixx2^;J;2-cO
z@&`BrQX^3Wcm5NI*_1YbxXkX(zM1#l?0*0G`73}eY+5Me631l=1zahigcTE4)!`b)
zbqicwu3ET(n;dHl3u|7Q$|MU%arz`oy+I@c2DZmw?1XWcJ!B|0ny(nN_9&1Hl};GT
z=lRh<CNCA3E{?n~W>{+UI|trduN8Umeyf)yVZ6Vs3g>#6=O6BRucvs9TO^Lb-0`E|
z{jJ_8Pki|-RNa<OE88R|OL9LOCF#BUcU5B>7f@jk|B|TuZ5uY`7)n7n93Bp$T-vyU
z219*@ethQhX_AZ*hT8v_IGQ%rvGEsAcW@y6jG@qPGw6+eTiG(?o7{_1hQ-DozE7ds
zO`2b2M%|8R$TXrrrePw3b0svHET;>a@E%s_t;+O<Ow^Sb+7-c+XNrPOE3`6N_4NtZ
z2L;4DMPr&I>!@OZ_6qtA8WjUCg!x5xiz0AbO@xlCi=pEhDsVAyTvJ4jD-4lS<U%@~
z6BOKy35vTPp^Z`7tm?-w#weeFyAzn-6l-D1S|tXOf)?>Vpik9>i5g|fU_a31Smaou
o)Wvi4TT_|9e6@58YYeWvhgSRqZPxS5iRz=HU_VlR>r=|*UmKy5;Q#;t

literal 0
HcmV?d00001

diff --git a/regression/strings/StringConstructors05/StringConstructors05.java b/regression/strings/StringConstructors05/StringConstructors05.java
new file mode 100644
index 00000000000..49cc43f4269
--- /dev/null
+++ b/regression/strings/StringConstructors05/StringConstructors05.java
@@ -0,0 +1,10 @@
+public class StringConstructors05
+{
+   public static void main(String[] args)
+   {
+      char[] charArray = {'d', 'i', 'f', 'f', 'b', 'l', 'u', 'e'};
+      String s3 = new String(charArray);
+      assert s3.equals("diffkblue");
+   } 
+}
+
diff --git a/regression/strings/StringConstructors05/test.desc b/regression/strings/StringConstructors05/test.desc
new file mode 100644
index 00000000000..9804850d77e
--- /dev/null
+++ b/regression/strings/StringConstructors05/test.desc
@@ -0,0 +1,8 @@
+FUTURE
+StringConstructors05.class
+--string-refine
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION FAILED$
+--
+^warning: ignoring

From f0cffa69e29879074adb565d01b6346d395bde9e Mon Sep 17 00:00:00 2001
From: Lucas Cordeiro <lucasccordeiro@gmail.com>
Date: Wed, 22 Feb 2017 14:23:22 +0000
Subject: [PATCH 012/699] =?UTF-8?q?=C2=A0added=20string=20searching=20meth?=
 =?UTF-8?q?ods=20indexOf=20and=20lastIndexOf?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Lucas Cordeiro <lucasccordeiro@gmail.com>
---
 .../StringIndexMethods01.class                | Bin 0 -> 1181 bytes
 .../StringIndexMethods01.java                 |  20 ++++++++++++++++++
 .../strings/StringIndexMethods01/test.desc    |   8 +++++++
 .../StringIndexMethods02.class                | Bin 0 -> 666 bytes
 .../StringIndexMethods02.java                 |   8 +++++++
 .../strings/StringIndexMethods02/test.desc    |   8 +++++++
 .../StringIndexMethods03.class                | Bin 0 -> 667 bytes
 .../StringIndexMethods03.java                 |   8 +++++++
 .../strings/StringIndexMethods03/test.desc    |   8 +++++++
 .../StringIndexMethods04.class                | Bin 0 -> 695 bytes
 .../StringIndexMethods04.java                 |   8 +++++++
 .../strings/StringIndexMethods04/test.desc    |   8 +++++++
 .../StringIndexMethods05.class                | Bin 0 -> 701 bytes
 .../StringIndexMethods05.java                 |   8 +++++++
 .../strings/StringIndexMethods05/test.desc    |   8 +++++++
 15 files changed, 92 insertions(+)
 create mode 100644 regression/strings/StringIndexMethods01/StringIndexMethods01.class
 create mode 100644 regression/strings/StringIndexMethods01/StringIndexMethods01.java
 create mode 100644 regression/strings/StringIndexMethods01/test.desc
 create mode 100644 regression/strings/StringIndexMethods02/StringIndexMethods02.class
 create mode 100644 regression/strings/StringIndexMethods02/StringIndexMethods02.java
 create mode 100644 regression/strings/StringIndexMethods02/test.desc
 create mode 100644 regression/strings/StringIndexMethods03/StringIndexMethods03.class
 create mode 100644 regression/strings/StringIndexMethods03/StringIndexMethods03.java
 create mode 100644 regression/strings/StringIndexMethods03/test.desc
 create mode 100644 regression/strings/StringIndexMethods04/StringIndexMethods04.class
 create mode 100644 regression/strings/StringIndexMethods04/StringIndexMethods04.java
 create mode 100644 regression/strings/StringIndexMethods04/test.desc
 create mode 100644 regression/strings/StringIndexMethods05/StringIndexMethods05.class
 create mode 100644 regression/strings/StringIndexMethods05/StringIndexMethods05.java
 create mode 100644 regression/strings/StringIndexMethods05/test.desc

diff --git a/regression/strings/StringIndexMethods01/StringIndexMethods01.class b/regression/strings/StringIndexMethods01/StringIndexMethods01.class
new file mode 100644
index 0000000000000000000000000000000000000000..f8086f133e6a279bb2247de2ef88906628d9fe73
GIT binary patch
literal 1181
zcmZuv%Wl(95Ir}K+I1Y_IBnvT7AUlkHqZz3-SScaDN;)pMM#v@jeS#GQU}=%V#`k;
zwHubKDN-td1bZZYgRelqT$eT?iDb>#bLN~oK6AhS{`?id9PVn!VN}KCeq?b)!x+XD
zT-A`osQkDlLrI1S6_YZTWw@^5hRjnkOskktFstDvZYh{!$c^zJ5Ps-3yx@Tw@M>K+
z3~Yy?Z_V}G@D4+~H1U)nvEFb5LuSME#N+0ERrpV2GXeYD^%(M{=No(cHJ`3?Z+Ch-
z^j&XvRT9(NA-7*{@>fy6f_VmY&946w*R~r?-xiNtDOEh7RXj($*%aZ6h7-)pPDxcA
zc@!ANc{6P6^U$?J5rj4m#IEp!PlblZL&vSvs`aMOF@QljNXG&e8LakL_fP-zq3<_*
zi7)9`#-a>MG*??;0V@(-WzgD3$Tli3%X0tOC=3I==2oz#<2J}ZqdmY@bx+vgf29*H
zgW}5H-l~zKrOHHwAz7+KIaTLD7<nSW!BP*KsXO1J9?>)H)7MEUpjJl&t}mQ3H)um)
zlK|TE4o2y6<><aK!;(JITO7nefucoUBa|8C<m55fN7;xX#lEOWzF-LF>782HJEF!Y
z&ziA~Bg7ApFB^6X2}6C4)E6Y59i#8tDZmpgC|$r{*%%{6tOtRVR3qI9SY?A7#TNRF
zd?$3GrS{M=wH8vwNGHK6o0_4tpm#(0vYD2gY$t~R5<Az;C`d6HEYo%VK-n~ia?tif
z+8T>&UBNl&H5sX37%Jw;;7w?#A%(Zlaey?AsOJYV_z44lkYz=fY=(9?Ow1hgUl>*}
zVil|*dMvA$Cz%Up>zs@B24u}_3+5q|#0MnepAc`)aJpKlmqbjzCojOoXv9l@0fmtI
AQUCw|

literal 0
HcmV?d00001

diff --git a/regression/strings/StringIndexMethods01/StringIndexMethods01.java b/regression/strings/StringIndexMethods01/StringIndexMethods01.java
new file mode 100644
index 00000000000..da000057993
--- /dev/null
+++ b/regression/strings/StringIndexMethods01/StringIndexMethods01.java
@@ -0,0 +1,20 @@
+public class StringIndexMethods01
+{
+   public static void main(String[] args)
+   {
+      String letters = "automatictestcasegenerationatdiffblue";
+
+      assert letters.indexOf('c')==8;
+      assert letters.indexOf('a', 1)==5;
+      assert letters.indexOf('$')==-1;
+      assert letters.lastIndexOf('c')==13;
+      assert letters.lastIndexOf('a', 25)==22;
+      assert letters.lastIndexOf('$')==-1;
+      assert letters.indexOf("diffblue")==29;
+      assert letters.indexOf("diffblue", 7)==29;
+      assert letters.indexOf("generation")==17;
+      assert letters.lastIndexOf("diffblue")==29;
+      assert letters.lastIndexOf("diffblue", 25)==-1;
+      assert letters.lastIndexOf("automatic")==0;
+   }
+}
diff --git a/regression/strings/StringIndexMethods01/test.desc b/regression/strings/StringIndexMethods01/test.desc
new file mode 100644
index 00000000000..005d4459f12
--- /dev/null
+++ b/regression/strings/StringIndexMethods01/test.desc
@@ -0,0 +1,8 @@
+FUTURE
+StringIndexMethods01.class
+--string-refine
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION SUCCESSFUL$
+--
+^warning: ignoring
diff --git a/regression/strings/StringIndexMethods02/StringIndexMethods02.class b/regression/strings/StringIndexMethods02/StringIndexMethods02.class
new file mode 100644
index 0000000000000000000000000000000000000000..fe322fde894d06c831a4097040b85f7f2dbd88f0
GIT binary patch
literal 666
zcmZuu&rcIU6#ibfyVEWUl!COVMN!bAi5SC8Vl=2plOl&26Y(_Noz}tauGyV6{w-WQ
zdR7xiG|{_%lQF(ogvP|ndvD&n@5j9P`TOg40Nc3fqmEV$?K%Wjd|bpOfy+Kzv;;an
zR&hn(Dq(S5=DEs@PLuqx&gC#x5rGZ}-i}VRc|dTwn=c5}-852!`Myrnvtlw-*>gM0
z7Za%y!gBXj|4_b@Td_>WTLY8nWPINOX9q@xZ}#Nda$aDKP}>RPzvTWPEwWHO)s|}I
z6xK^3^?py8*J+gBy?4j51_&@q*pP)uC(`K9sN94yS7Vi^j2mepO{7PoVO*#HK4w@b
zz%^Vaw5PTnoxSx*mZceC>3@O(>j5@!gV2~F_lJinH2<_tu>_&5-~AE6?e=<`Jzmlj
zw;S_*c{`EHb*7?o1H2Sd@C7gT0Bih5b^bPLw5@fn9FTo6$2mTAI1^|0)(Pm79mG6G
zuWS-S8(84lj`kT^;k??c^gqKnLhE)zR*z9_cpotH4erYmct0#hrR137c_!xQv5Y{I
wPc_glbOaW;S~@qeU8(^KO>vCc5k&PPs?HZUQ?fHdmc&IRcxY{3D7BXV0QGx_?EnA(

literal 0
HcmV?d00001

diff --git a/regression/strings/StringIndexMethods02/StringIndexMethods02.java b/regression/strings/StringIndexMethods02/StringIndexMethods02.java
new file mode 100644
index 00000000000..5c2ea999dd0
--- /dev/null
+++ b/regression/strings/StringIndexMethods02/StringIndexMethods02.java
@@ -0,0 +1,8 @@
+public class StringIndexMethods02
+{
+   public static void main(String[] args)
+   {
+      String letters = "automatictestcasegenerationatdiffblue";
+      assert letters.indexOf('a', 1)==6;
+   }
+}
diff --git a/regression/strings/StringIndexMethods02/test.desc b/regression/strings/StringIndexMethods02/test.desc
new file mode 100644
index 00000000000..cad6c487fae
--- /dev/null
+++ b/regression/strings/StringIndexMethods02/test.desc
@@ -0,0 +1,8 @@
+FUTURE
+StringIndexMethods02.class
+--string-refine
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION FAILED$
+--
+^warning: ignoring
diff --git a/regression/strings/StringIndexMethods03/StringIndexMethods03.class b/regression/strings/StringIndexMethods03/StringIndexMethods03.class
new file mode 100644
index 0000000000000000000000000000000000000000..e8733f571683a9351d676f8865818ef6c30d224d
GIT binary patch
literal 667
zcmZuv-)j>=5dJ22$t9O-o2I`~+ghusrV3WDZx&IiLL{{h5yASjx!c68mpi%L6aSXJ
z_~^3=Ehy-_f0Kx_SKA=S!tCtKeBXRKyFY(_{SIIUH+<BvR7I->56eC-Va3C$k201#
ztogW%bq`kvb8Vru%#2DC{YYssh-E~eLqcU&CCc0<IGwE*1a~iuBw?nf68S724`lY-
z7IR`OR6<znyy_i^cVash$!NQ8GL?+(S>ROPi15w6cw5wa*dSDQ!}u?`-%s-_luwkU
zT0VnylSsbbm*#aE={t9CTh;&prU;uNH|bay6&k5cD6|~OL}naF6Ja7X91h}K2Jlhm
zMggwk8lg3j_3-?zkFzYz2=o7I=%F286W0li3G!fYBt!F0=nPA!$3mMz^TCkE(dlk=
zc}^4P9_KX=D3V%bGP=;fb1^w5c)o|&;Ag7w%Tc3c)wAb-?4{XG^J$HD;=O$H6!gg!
zVuo#{2oggZm}TFVK1GQau-Yv3KEpZ2!mUR81g`r5^=~M@JVoV)WhfO4)7*$@*;cT^
yBAR@vf_~ZmGRNNhg@m1=7ckrOPEb9D=YE9ie1S6|JC|cg$|wa7tmuWJ*Ww>}&57Rt

literal 0
HcmV?d00001

diff --git a/regression/strings/StringIndexMethods03/StringIndexMethods03.java b/regression/strings/StringIndexMethods03/StringIndexMethods03.java
new file mode 100644
index 00000000000..83b710073b5
--- /dev/null
+++ b/regression/strings/StringIndexMethods03/StringIndexMethods03.java
@@ -0,0 +1,8 @@
+public class StringIndexMethods03
+{
+   public static void main(String[] args)
+   {
+      String letters = "automatictestcasegenerationatdiffblue";
+      assert letters.lastIndexOf('$')==1;
+   }
+}
diff --git a/regression/strings/StringIndexMethods03/test.desc b/regression/strings/StringIndexMethods03/test.desc
new file mode 100644
index 00000000000..3dff0b27714
--- /dev/null
+++ b/regression/strings/StringIndexMethods03/test.desc
@@ -0,0 +1,8 @@
+FUTURE
+StringIndexMethods03.class
+--string-refine
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION FAILED$
+--
+^warning: ignoring
diff --git a/regression/strings/StringIndexMethods04/StringIndexMethods04.class b/regression/strings/StringIndexMethods04/StringIndexMethods04.class
new file mode 100644
index 0000000000000000000000000000000000000000..69a8fe4d628343caa7e78dbb94db2c2836b7591c
GIT binary patch
literal 695
zcmZuv!EVz)5PcITw&S{KnzkW@6liH71&MOVjS7JZNEInPq(Y)SZR}0h;@HSuBfg~<
zj+_Chl|X_!--HmeE@^~RS(=^Moq6x=TmSm=?FWD^Ha&P~xmd2k#Z?#AJhZXm;JODJ
zEeAI|+{CJbHNwKW$TFE~mBiUom5D(lLjoNV>}?e*{fJ<7HeV6SJ4q-Bb3GNym-%=g
z(*x7Y2V<dPLbG$!I~MQ7RwUxlR$r$o9z8UJvwbasw|nAU(eL0E!QBp`f8bs}$<shS
zR|abNd~7!k<%d0~-y~u7pnKn-`j|zHupx4tjD=Q#mYEJjCPy-sDQ_gP(4iU*2T?A4
z%)n=sNzI%-*0DioO%*<wT>Dv?CMjX@GHwUAecVBZP@hij4~}J^|JypBB{<4R-yaf|
zI+wVy%l=Jqb|SW(jSFR_QW;(dV!w3G2kiSHR`~@zepITr%&j=Hz@DPUagM7MUWwPr
z-80Z<(}+4pyVxXDF^>l4ru79%{P9Sm)cXSK1kHPm@+m6y_D9TohyD5t&QAkTDj;gi
z#JC)7{(BrOaOHx2qwQdkv!x3S-GU65Z@8zZp1>)8LfQHXYYH~eV?Zh>`Hzk2X2Esk
EFZ08aZ~y=R

literal 0
HcmV?d00001

diff --git a/regression/strings/StringIndexMethods04/StringIndexMethods04.java b/regression/strings/StringIndexMethods04/StringIndexMethods04.java
new file mode 100644
index 00000000000..1271bcaf36b
--- /dev/null
+++ b/regression/strings/StringIndexMethods04/StringIndexMethods04.java
@@ -0,0 +1,8 @@
+public class StringIndexMethods04
+{
+   public static void main(String[] args)
+   {
+      String letters = "automatictestcasegenerationatdiffblue";
+      assert letters.indexOf("diffblue")==28;
+   }
+}
diff --git a/regression/strings/StringIndexMethods04/test.desc b/regression/strings/StringIndexMethods04/test.desc
new file mode 100644
index 00000000000..758f22d2bf4
--- /dev/null
+++ b/regression/strings/StringIndexMethods04/test.desc
@@ -0,0 +1,8 @@
+FUTURE
+StringIndexMethods04.class
+--string-refine
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION FAILED$
+--
+^warning: ignoring
diff --git a/regression/strings/StringIndexMethods05/StringIndexMethods05.class b/regression/strings/StringIndexMethods05/StringIndexMethods05.class
new file mode 100644
index 0000000000000000000000000000000000000000..a4f4f7674958e1569272f8ec1afd17e2acd9bfb2
GIT binary patch
literal 701
zcmZuv&rcIU6#k~W-Q8}NQVK$=f}kL+CgK545~D#)niM&dn1HA0?z9eWcgfDI@o(Yc
z(X*OBqKV%9n~d?zVrh(C-miJ@`@VTIKYo4r24EW<A3mBMS`~P>>fxG?>sWTN;=@7H
z#SI^;SaWfcVSb$}B{D73L_L*?4`LB9up<U%M<!A~VzAnsmkjo98VQEko=n7xd^`}@
zfoZ0LF_#I$V*6F^n7`#)F;7NYeVxf<^w12>^feFP?D3PL-^DEkZzqiZfcyP4&qDEB
z8mQLAST~8pyFH;_r;)n<;GRJZFoPPy2G4am=30hYC>?SoMj{az71D(3NDhaCI2Qq`
z2#95p6K8;RY%nyZ3ZG1_{VdDUjA7w_+%9eh*hHJ5KAqej9E(u@Rl1mEsK#9BLjL~H
ztmNN~bUR&I;uLI`CKR<sLdi@-m#S!KI;R6#{t?#b8GU+LR&ScCQDlJ@iyGNk%9hD9
z^5r|{U>{8*>SUdw$WXx?8Wfw>9*vgBuQW=%Pq0q0bhlyGTW2WS?@|2<=kOfvcY{$X
zFly9Kz+@ewaWPMs2lmr^rv-|xT#DE(*nqi)cZSL-T>ArT>ocq=*hG*4DWeoTHnJBB
GuBG4EL6lnn

literal 0
HcmV?d00001

diff --git a/regression/strings/StringIndexMethods05/StringIndexMethods05.java b/regression/strings/StringIndexMethods05/StringIndexMethods05.java
new file mode 100644
index 00000000000..f6de4ce541b
--- /dev/null
+++ b/regression/strings/StringIndexMethods05/StringIndexMethods05.java
@@ -0,0 +1,8 @@
+public class StringIndexMethods05
+{
+   public static void main(String[] args)
+   {
+      String letters = "automatictestcasegenerationatdiffblue";
+      assert letters.lastIndexOf("diffblue", 25)==1;
+   }
+}
diff --git a/regression/strings/StringIndexMethods05/test.desc b/regression/strings/StringIndexMethods05/test.desc
new file mode 100644
index 00000000000..d415ef1381e
--- /dev/null
+++ b/regression/strings/StringIndexMethods05/test.desc
@@ -0,0 +1,8 @@
+FUTURE
+StringIndexMethods05.class
+--string-refine
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION FAILED$
+--
+^warning: ignoring

From b5d6a133e3957e1b0d9b2ed230f6327b18e5e5f8 Mon Sep 17 00:00:00 2001
From: Lucas Cordeiro <lucasccordeiro@gmail.com>
Date: Wed, 22 Feb 2017 14:24:07 +0000
Subject: [PATCH 013/699] =?UTF-8?q?=C2=A0added=20string=20methods=20length?=
 =?UTF-8?q?,=20position,=20replace,=20toUpperCase,=20toLowerCase,=20and=20?=
 =?UTF-8?q?trim?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Lucas Cordeiro <lucasccordeiro@gmail.com>
---
 .../StringMiscellaneous01.class               | Bin 0 -> 1382 bytes
 .../StringMiscellaneous01.java                |  32 ++++++++++++++
 .../strings/StringMiscellaneous01/test.desc   |   8 ++++
 .../StringMiscellaneous02.class               | Bin 0 -> 650 bytes
 .../StringMiscellaneous02.java                |   8 ++++
 .../strings/StringMiscellaneous02/test.desc   |   8 ++++
 .../StringMiscellaneous03.class               | Bin 0 -> 821 bytes
 .../StringMiscellaneous03.java                |  15 +++++++
 .../strings/StringMiscellaneous03/test.desc   |   8 ++++
 .../StringMiscellaneous04.class               | Bin 0 -> 1733 bytes
 .../StringMiscellaneous04.java                |  40 ++++++++++++++++++
 .../strings/StringMiscellaneous04/test.desc   |   8 ++++
 12 files changed, 127 insertions(+)
 create mode 100644 regression/strings/StringMiscellaneous01/StringMiscellaneous01.class
 create mode 100644 regression/strings/StringMiscellaneous01/StringMiscellaneous01.java
 create mode 100644 regression/strings/StringMiscellaneous01/test.desc
 create mode 100644 regression/strings/StringMiscellaneous02/StringMiscellaneous02.class
 create mode 100644 regression/strings/StringMiscellaneous02/StringMiscellaneous02.java
 create mode 100644 regression/strings/StringMiscellaneous02/test.desc
 create mode 100644 regression/strings/StringMiscellaneous03/StringMiscellaneous03.class
 create mode 100644 regression/strings/StringMiscellaneous03/StringMiscellaneous03.java
 create mode 100644 regression/strings/StringMiscellaneous03/test.desc
 create mode 100644 regression/strings/StringMiscellaneous04/StringMiscellaneous04.class
 create mode 100644 regression/strings/StringMiscellaneous04/StringMiscellaneous04.java
 create mode 100644 regression/strings/StringMiscellaneous04/test.desc

diff --git a/regression/strings/StringMiscellaneous01/StringMiscellaneous01.class b/regression/strings/StringMiscellaneous01/StringMiscellaneous01.class
new file mode 100644
index 0000000000000000000000000000000000000000..4f63b35324bc7a9d90f2659386560f3732184be5
GIT binary patch
literal 1382
zcmZux-*XdH6#j1Z$K7lfnx<^qRG~qrrW9Jx5VfgFNufsj18GMG`n26#%R;it?A|cL
zgEKzxSJVe*c<Hk^6CA<v;uHKwjuOw^&^Be5WOnbl=bZ1{^L^*;%h!MI0Vw09jRBmo
zaMr@4g%7jH<0Bg-OmUpE!Eq*wX`Hukfn!GP&)T?%OEx~nC(10V)n)alaC~axGknf4
zeAY`65z8P7lf@wMwwj{Bz-}{`^FbKMFB!Db)b|W}Eoumc!Q~(ntL@g7h&NO)Ia*#2
zGK`cqm+yKHyxFD~ZqKgEI0(0^D)HF5^!$4(-u*P5V~(TBG0$Ml`^`5c?DeP}`{H__
z0LOdDD?#FmCZUO_om{*$qre@EV3eV-(3VlllYw8{5Q!`<iBQC3Ms$us7zNUcX=kY@
z6R}bB$!tZky})3kc@9p%r9(LQ0@U8v;i(t)skj!$QOxm`gDapsZPG6?<PHPZw(bgF
zI=G4&$D)I4xX!WU;A_+!e1mTtEMvvNsyeLu&UQG~9NfTnq`*6PJ5sEd&yd-ykt$6Q
zZp%BVD)pmb4-+X`<cQjms`kVPqS+gygd_~%wW^fw-|^xF3eZdSDZ(2*Y^p{c&zB-*
z;19fJTde&^?38L#eYzgR5L7SqXay>8U)7_``BGnAuZL=Xt33{@Z_tmz5W2N3q^g$C
zvQ)2c*6M1Qj1*m+zNSo`noW{@u&<9MjWi8pLnJ{g8V91%9LhF1Xr6E5G+mwnx>YPU
zrpAF*8Yl;&^c*AWB)u8EjdM@Iep7)c(9=ve8L}A1d$gud_K>cgO}<z8%yM2^$?L1u
zb7M|_0%Hd!raLfmg<mo74E)wpSTD4Sq4xAf#dOVIaP<kYd0YPr1Gltk*X+RggKkU*
z$A3uk$9sF{U4uM*D31*G$n5TRUrcLOLDxDMB;0~NXBN!83fC%@Yq|U}$_3N4%9Sh?
zakCxdQp}MHDVm#o3(sP^-B%RZ!H{Y=lQw*l*dZ2(9g}{X8n<wq+MR?$pOj;`j6oXn
z9PVKVA=#3+{E2w{nV8%mgvUhGGoosb?7wjeFEN4l32_m;OCScvNsd$d{|Vqf*o@8n
z1M4+LIVKqU7c;C&Rn50Tl{yxR2a1(bX@H@8zJuW%aD5lL_B)KjX7<%n2QZLvt|*O9
Jlaav({{uycD-8eu

literal 0
HcmV?d00001

diff --git a/regression/strings/StringMiscellaneous01/StringMiscellaneous01.java b/regression/strings/StringMiscellaneous01/StringMiscellaneous01.java
new file mode 100644
index 00000000000..26fc7442f7f
--- /dev/null
+++ b/regression/strings/StringMiscellaneous01/StringMiscellaneous01.java
@@ -0,0 +1,32 @@
+public class StringMiscellaneous01
+{
+   public static void main(String[] args)
+   {
+      String s1 = "Automatic Test Generation";
+      String s2 = "noitareneG tseT citamotuA";
+      String s3 = "Autom";
+      char[] charArray = new char[5];
+
+      assert s1.length()==25;
+
+      int i=0;
+      for (int count = s1.length() - 1; count >= 0; count--)
+      {
+         System.out.printf("%c ", s1.charAt(count));
+         assert s1.charAt(count) == s2.charAt(i);
+         ++i;
+      }
+
+      // copy characters from string into charArray
+      s1.getChars(0, 5, charArray, 0);
+      i=0;
+      for (char character : charArray)
+      {
+         System.out.print(character);
+         assert s3.charAt(i) == character;
+         ++i;
+      }
+
+      System.out.println();
+   }
+}
diff --git a/regression/strings/StringMiscellaneous01/test.desc b/regression/strings/StringMiscellaneous01/test.desc
new file mode 100644
index 00000000000..050c3e99e90
--- /dev/null
+++ b/regression/strings/StringMiscellaneous01/test.desc
@@ -0,0 +1,8 @@
+FUTURE
+StringMiscellaneous01.class
+--string-refine --unwind 30
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION SUCCESSFUL$
+--
+^warning: ignoring
diff --git a/regression/strings/StringMiscellaneous02/StringMiscellaneous02.class b/regression/strings/StringMiscellaneous02/StringMiscellaneous02.class
new file mode 100644
index 0000000000000000000000000000000000000000..f1d880c012a9bca0bd88834aef0e69b29beb6655
GIT binary patch
literal 650
zcmZuvT~8B16g{`wcG_iuQoc$NErN=gh%vlLj08VIQuLw3M0}cVCuMLuYi4KtF}(Qb
zvzkDniN5=rjPcGQG$v+~JNM4qbMBcl`}6nL?*O)ND?}ZOHMHswSPId`vcQ!P6)Xy@
zgt&@p0v*Eay38_VolZ^mL}#*}r~!cv3Ds?Fw0lGdHg3Nnly}pCB20I+Q7`gQU)clS
z%m*W>4Pjy9P4`&7mz#++!_A(v+6*6h;AGFq`0c)YSM&?45^CFV@|Qg9rMZpOGwrF`
z=dgX9#VTPQmFC&~2lqT}gb0&_rJdZRBk6S9IZ&DFJXc0pE>jaB#00ZPxQ;bKYpiAG
z;(|}DO)X*mzf%O(Biz7ELSqbl**{jX`)BJM%=RS84Bb&-&mQ|S2JI$nDH}3SnYL<h
zIi7uRIUlf}hgjujsq;%wqveHj7J&R6IZko4!YlDwxpM~k<Qp-~v07{rLmQak+_&zb
z#2>KSEOkF4IKkZAQ<NL6519Cd%Ih;!e|UmYK`_O0n3ZFd{|SL6S2fTtv;}54o4Zu7
kRg3~=n&K3-6NvIhl!Gq_#$*?2JV^zm=&{#4U(8zg1KRR}&Hw-a

literal 0
HcmV?d00001

diff --git a/regression/strings/StringMiscellaneous02/StringMiscellaneous02.java b/regression/strings/StringMiscellaneous02/StringMiscellaneous02.java
new file mode 100644
index 00000000000..d2351fb79d6
--- /dev/null
+++ b/regression/strings/StringMiscellaneous02/StringMiscellaneous02.java
@@ -0,0 +1,8 @@
+public class StringMiscellaneous02
+{
+   public static void main(String[] args)
+   {
+      String s1 = "Automatic Test Generation";
+      assert s1.length()==24;
+   }
+}
diff --git a/regression/strings/StringMiscellaneous02/test.desc b/regression/strings/StringMiscellaneous02/test.desc
new file mode 100644
index 00000000000..53c46cf1a7f
--- /dev/null
+++ b/regression/strings/StringMiscellaneous02/test.desc
@@ -0,0 +1,8 @@
+FUTURE
+StringMiscellaneous02.class
+--string-refine --unwind 30
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION FAILED$
+--
+^warning: ignoring
diff --git a/regression/strings/StringMiscellaneous03/StringMiscellaneous03.class b/regression/strings/StringMiscellaneous03/StringMiscellaneous03.class
new file mode 100644
index 0000000000000000000000000000000000000000..210c05ddf3290c989a1e6dd96b91537fe9d3dbba
GIT binary patch
literal 821
zcmZuv(QXn!6g>mG?6PcyQmF;3g4PP9mKvLyXk$vyHcg;DKum0(mSsY>F1u!T)-UK+
z;EQj4Ruh`2(RaVVZ}CCAyR{`IO(rw<&fI&>nKSeA&zJ82Ht<kG3Plw+RV-?_h1*Fa
zQ3|87f;$=%6cyanu!MUGmKo-j4BzLTuw2J~Zuv&f=6wcsz>wIo97{Z7h*zqw7^J4#
z=M3qV<?#Jr*yCO|ET)5@VL1%*mBZGt@y@8*hBK&lgl9Q}r(xqvM;PXtw(&NqS8!iJ
zMM0H8-7@We6k5j(Jd^KOAz<OWxo!C-w+W5AfxrG}Ed<wb4QYmaBM|P;5SCf$a$l5o
zxx+n5UDA<vTuT@p?d+C>&$}g)(xEGY2Jz}xK~0B_86B&5z_2it+_>=Jh3B~*L+(l$
z3f6SgvCfd0w!Z8gb5oF+S6J|0;W;Ej?664&+uRw5qsZVrO3fp~YY>W5*{jlVdWzq)
z>5<6dKKCt;_b-)_vm&4adZ7c9>7i5f2UunyydXt!u+T4>Gn6gT%4n5W&cHr~g_xx|
z5p6PR&SH+@uyjPN30fQ3SSuTEtKa1P_@-1FLz4QNa!!7a>L<t}6lytnjKpeAqWJ?-
zU!lA{gZkq{Vkh$Cbn+{tiA6NaL_pjTaDslJ29-1>Q6SBaN$(Siw@K}FswyHrK@JH8
zIR*34xWPzz`8PGGSh&2>Mx-5>%_hgtMo^?vNb%2*r@R-}3vp${^zG1ud?c&z7nhHw
AM*si-

literal 0
HcmV?d00001

diff --git a/regression/strings/StringMiscellaneous03/StringMiscellaneous03.java b/regression/strings/StringMiscellaneous03/StringMiscellaneous03.java
new file mode 100644
index 00000000000..2adfe30f5d0
--- /dev/null
+++ b/regression/strings/StringMiscellaneous03/StringMiscellaneous03.java
@@ -0,0 +1,15 @@
+public class StringMiscellaneous03
+{
+   public static void main(String[] args)
+   {
+      String s1 = "Automatic Test Generation";
+      String s2 = "noitareneG tseT citamotuA";
+      char[] charArray = new char[5];
+      int i=0;
+      for (int count = s1.length() - 1; count >= 0; count--)
+      {
+         assert s1.charAt(count) != s2.charAt(i);
+         ++i;
+      }
+   }
+}
diff --git a/regression/strings/StringMiscellaneous03/test.desc b/regression/strings/StringMiscellaneous03/test.desc
new file mode 100644
index 00000000000..f255272ed5b
--- /dev/null
+++ b/regression/strings/StringMiscellaneous03/test.desc
@@ -0,0 +1,8 @@
+FUTURE
+StringMiscellaneous03.class
+--string-refine --unwind 30
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION FAILED$
+--
+^warning: ignoring
diff --git a/regression/strings/StringMiscellaneous04/StringMiscellaneous04.class b/regression/strings/StringMiscellaneous04/StringMiscellaneous04.class
new file mode 100644
index 0000000000000000000000000000000000000000..c7f02bedbb23ef52f70e38b64db6957dcab1859a
GIT binary patch
literal 1733
zcmZ`(O;cM{7=BK^&ducl>4i{&qSt;U;iG_Jus~~RNGcjaB|ruIx+Ev`Vo2h>H+H)3
z!j(UOjWaIVjT`GsI-_IVxa!iM;L4>lZac;I-0+cfaFWS+&v`%2bDsBk^Zey6&j3uL
zq@oL>3dR(SE4UiQ5GGViVv6H!6&#~syn|^4?{cK%`HYJ9a81Fi+{`JMm+N%}H{|-h
zf}3((P;g7erR8Q(S{aV4ire^rq3@FEIKp<VTGd&!9CN24N(^j^AvAAQE%ye4Kat#E
z2&8Kz!O)wtsv_Um-x2nj3?|3EX;m2p65F{w^BZ%bVpex23a)KccjshccfmD_UoD$;
zFP>wG<3o;*7?k;9<>(5vP;1ylk+o#Op;q#;<rGDQs)<^|nVh~Vi)(lTZ&GH-DwlUE
z4GQjA%M{jbXY!fVg|(%XJOMNe!)&;<ebW^svNgPpVY*dA4$BOKrx+KGAD*%8n$3~d
zu!1`b#;T}S%%U*j<+yR*a_<@OY}~M_hBGy5Ty|8IA#z$}WoJ(mT@4>&m7}0x4eK7j
zY*qr)uz|a@UtG#&Z{^lA8a|Qx9#=T-uBZyzl+0_`l&9en+#0s9O-wjbhUpllQM_l`
zX3-V4VcNF&z_?D&`V^mO_#9to_)>BbJ(D#K;%o=S4#=%Y>iroVWAJUKsrlmThFNi_
zY@)5Jt+&o4NgZtr6dpLP*e9LT8ZITY;;q`m9g=`ccL{TUj)B`PR;5zX>112g790xc
z^H}Z7Bq()Rr_3<l4&^AR{RPM9{s%ypTU)Q!g`GAX(oKKjOb8T|tKB~i3XqEFVRV?L
z1}sSGN$-iIWGLvtdWE1PR8saK*|P;AB#>B2QatzKD>Ny+r{YOhX!?kel5i|rlui^$
zBjYy6L8G^Yx9DG>i~b&1WKe3EEI*hW1o|~-H%u#|H8}DV>?bl9r2rxCkW_^WxJb4E
z_<EtpQfx-|<#hkD9>_mI@Bsazy03}Q0lIz#-+T(?_tx>4?mz2zTo1f@9M;vqZ|K_e
zk4DOoY!h0ciSE0{o7sR@FB%KzJ)N1OP4u>TBc0x{CeF2a^-k}26Mb#o{!TAdj?M<3
zAgm8Gao(Q_#e%au#-F7We<~aeN0lEi9^=vQbV~KWosX)zFB)oM@cUC59){S%FnfIX
zC)H^pCdu`A<nB>Vh;iyfh(4T14imvDW{BQAx@j(ZXzaRCMlb4!;9KbU4t;opD1O8M
z{=gufBZj}IqkmHe|DkUF3xjpz0*m7!8zFlVS6B*hT%wycpuU8`ak=#!7<hqeWDXAx
zA5sOC<I0K8GvbUR&PWw6XgQ>=^D{!Iu7bpgj;1}q0O$0fCSE%L4?IS||1*N8&py_a
RgcO8NyD62Iq>T?F{{f+OeIx(?

literal 0
HcmV?d00001

diff --git a/regression/strings/StringMiscellaneous04/StringMiscellaneous04.java b/regression/strings/StringMiscellaneous04/StringMiscellaneous04.java
new file mode 100644
index 00000000000..e9fe0292317
--- /dev/null
+++ b/regression/strings/StringMiscellaneous04/StringMiscellaneous04.java
@@ -0,0 +1,40 @@
+public class StringMiscellaneous04
+{
+   public static void main(String[] args)
+   {
+      String s1 = "diffblue";
+      String s2 = "TESTGENERATION";
+      String s3 = "   automated   ";
+
+      assert s1.equals("diffblue");
+      assert s2.equals("TESTGENERATION");
+      assert s3.equals("   automated   ");
+
+      System.out.printf(
+         "Replace 'f' with 'F' in s1: %s\n\n", s1.replace('f', 'F'));
+      String tmp=s1.replace('f', 'F');
+      assert tmp.equals("diFFblue");
+
+      tmp=s1.toUpperCase();
+      assert tmp.equals("DIFFBLUE");
+
+      tmp=s2.toLowerCase();
+      assert tmp.equals("testgeneration");
+
+      tmp=s3.trim();
+      assert tmp.equals("automated");
+
+      // test toCharArray method
+      char[] charArray = s1.toCharArray();
+      System.out.print("s1 as a character array = ");
+
+      int i=0;
+      for (char character : charArray)
+      {
+         assert character=="diffblue".charAt(i);
+         ++i;
+      }
+
+      System.out.println();
+   }
+}
diff --git a/regression/strings/StringMiscellaneous04/test.desc b/regression/strings/StringMiscellaneous04/test.desc
new file mode 100644
index 00000000000..737ab3b0f8c
--- /dev/null
+++ b/regression/strings/StringMiscellaneous04/test.desc
@@ -0,0 +1,8 @@
+FUTURE
+StringMiscellaneous04.class
+--string-refine --unwind 30
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION SUCCESSFUL$
+--
+^warning: ignoring

From ccf841023104395719722775ab7fa3ddc047a81d Mon Sep 17 00:00:00 2001
From: Lucas Cordeiro <lucasccordeiro@gmail.com>
Date: Wed, 22 Feb 2017 14:24:57 +0000
Subject: [PATCH 014/699] =?UTF-8?q?=C2=A0added=20test=20cases=20related=20?=
 =?UTF-8?q?to=20string=20startsWith=20and=20endsWith?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Lucas Cordeiro <lucasccordeiro@gmail.com>
---
 .../StringStartEnd01/StringStartEnd01.class   | Bin 0 -> 1082 bytes
 .../StringStartEnd01/StringStartEnd01.java    |  31 ++++++++++++++++++
 regression/strings/StringStartEnd01/test.desc |   8 +++++
 .../StringStartEnd02/StringStartEnd02.class   | Bin 0 -> 810 bytes
 .../StringStartEnd02/StringStartEnd02.java    |  15 +++++++++
 regression/strings/StringStartEnd02/test.desc |   8 +++++
 .../StringStartEnd03/StringStartEnd03.class   | Bin 0 -> 808 bytes
 .../StringStartEnd03/StringStartEnd03.java    |  15 +++++++++
 regression/strings/StringStartEnd03/test.desc |   8 +++++
 9 files changed, 85 insertions(+)
 create mode 100644 regression/strings/StringStartEnd01/StringStartEnd01.class
 create mode 100644 regression/strings/StringStartEnd01/StringStartEnd01.java
 create mode 100644 regression/strings/StringStartEnd01/test.desc
 create mode 100644 regression/strings/StringStartEnd02/StringStartEnd02.class
 create mode 100644 regression/strings/StringStartEnd02/StringStartEnd02.java
 create mode 100644 regression/strings/StringStartEnd02/test.desc
 create mode 100644 regression/strings/StringStartEnd03/StringStartEnd03.class
 create mode 100644 regression/strings/StringStartEnd03/StringStartEnd03.java
 create mode 100644 regression/strings/StringStartEnd03/test.desc

diff --git a/regression/strings/StringStartEnd01/StringStartEnd01.class b/regression/strings/StringStartEnd01/StringStartEnd01.class
new file mode 100644
index 0000000000000000000000000000000000000000..37d2596a6c101908d347169dcc750faae76deffd
GIT binary patch
literal 1082
zcmaJ=O-~bH5PshM?y}gj*a`>;idsNEt*C%R1DKc~Ca#ebPuuPW7t5CHE*?xg$!{>q
z#l#CY6E!JDBF3v{{R8?ZJc0ABKr1#T?Y{HQ%ri63GrM1RKkfj?VO)oaE*0GxPHQ-$
zp-0164d-+SIG;cYSrxrHbaZLx<Ia8!7x+1#Vo=8rhE<F(H22tH=mwEj_QM%3v<oHI
zVPK04%B1Ie(G-K2?Y+++O_v>)Avx#y?)=(H!42;5WD2a<p3jiUKA2m!AKODE+g}>8
zqQLW)COELsitOT}+xBXluVR!zn=F?0i|bZ-EhxG-JzgsP2S$J(n)RLGkwIS3KpGi_
z)Y0lRV&sMqpI7AuH6+(6=fhpxh+RVD8n}p@fo2?MXsOn@aX@`G2+9F5rD{C&5`*A6
z2F8%1zDI{raoNBXT>WdLJB4Mp7?GZJRAA6UPAOdQqKCvXTSq7oJX6PitCs?r>pT0{
zWOexI5)mYn<Az?~I)_|Hy=aXBw6;Zb(~Drz`@&K!oIP10XaZ#Dd4g^obTT^SzAdn~
zJP|GQRAMJX0<CBxn^IW_2`a_DtDhj`MN_o$k||kv*_5rkVk*|0c&&eaU}sDc$K<q}
zmR_TMAT5uME3JyDR-nCvvM#W7nQiX<e22saQtk39G;Bl9Z=vDyKj@A_v>{i}SOfpD
z510N2uQoqcL9zy2uQ{hK#MJM`D#=7##Yt!wp-*T64VWT(28~!i5_wX!Ou9ZHO`nqe
zj1+xNBE6srZ%D8Ygxn_k3+ej}opj@0tg(k4C@R|N$M~OwZ~X<?+=U)r+iEXygnD)y
n?kX2A1!yu;6*O%?l{O)X?~$kuf3P>+P=;V!=iBX!xt;nAiwWAn

literal 0
HcmV?d00001

diff --git a/regression/strings/StringStartEnd01/StringStartEnd01.java b/regression/strings/StringStartEnd01/StringStartEnd01.java
new file mode 100644
index 00000000000..c1bc4bac328
--- /dev/null
+++ b/regression/strings/StringStartEnd01/StringStartEnd01.java
@@ -0,0 +1,31 @@
+public class StringStartEnd01
+{
+   public static void main(String[] args)
+   {
+      String[] strings = {"tested", "testing", "passed", "passing"};
+
+      int i=0;
+      for (String string : strings)
+      {
+         if (string.startsWith("te"))
+            ++i;
+      }
+      assert i==2;
+
+      i=0;	
+      for (String string : strings)
+      {
+         if (string.startsWith("ste", 2))
+           ++i;
+      }
+      assert i==1;
+
+      i=0;
+      for (String string : strings)
+      {
+         if (string.endsWith("ed"))
+            ++i;
+      }
+      assert i==2;
+   }
+}
diff --git a/regression/strings/StringStartEnd01/test.desc b/regression/strings/StringStartEnd01/test.desc
new file mode 100644
index 00000000000..a5463d5b5ea
--- /dev/null
+++ b/regression/strings/StringStartEnd01/test.desc
@@ -0,0 +1,8 @@
+KNOWNBUG
+StringStartEnd01.class
+--string-refine --unwind 30
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION SUCCESSFUL$
+--
+^warning: ignoring
diff --git a/regression/strings/StringStartEnd02/StringStartEnd02.class b/regression/strings/StringStartEnd02/StringStartEnd02.class
new file mode 100644
index 0000000000000000000000000000000000000000..f7b535e4848e94bf5bb0cddd7f7684014d04f7a7
GIT binary patch
literal 810
zcmZuvO-~b16g_Xg-gG*pWw6*nQNgMOEJZ?C2oeq8s^Ve{P+U#h2@aMinR)dW@F!$r
z;)abIHGxDU?)@A730LBMqtHl5X5PDV-?{hPbKd;;{pA$EJZ3Enpu{m|;)aQvCT^J+
zH!)#B!R-`mlsWELuq5WLg?p%QOfn3Wy*TzG5p=_NHHf`t$8R&RZ3bg02m`UqpjIX~
z7_^mc+h@qugV0~^?KS=Ag#^>Vo)?4+!<CoyUGI%o>v-W#%@t7)?kvi}j4Qm>>u276
zg6EiGFqc}Lf6Xno+lyNM(?GV$|1G0}NUVkJ*|{0n(Z(PghTP@uG@|fhA?M{XAVNy*
zOFc3rgCwO0-^MiV+sGovQ0Vu0axQ%>in<X|T;}Jf+L%G@KlbO%UB4yBx+?@TSh1Ww
z-VDSm5>&au6Y@6OpJAm#bCP{+KMo?leK8W5AbNB_?r&q9?r(sundJ&n1Vt*Cw1w6o
z`WmC1(XLOOfPIueT%*-Uk_;*2F-)<9et-r}`xgHOrJ*{i+t3`%ZRn2fHVnsb>*}NF
z_3G(@rY`7tJ+Hk-shZd49vVf%;m0uF!Z=XafzFQ3ettsg5V?}}4(YG38Yf79m+VTy
zJ^_<r9Yx|BrT78;e2Yk9nc`Jsut}1x6Ji9~8Oks?3iL4fl9u8x=nf%^7b52qHNc=_
eA0u-Jt{p*BKO@zrJQpn6>QL;*(w32AqR~IM<e|C%

literal 0
HcmV?d00001

diff --git a/regression/strings/StringStartEnd02/StringStartEnd02.java b/regression/strings/StringStartEnd02/StringStartEnd02.java
new file mode 100644
index 00000000000..8920026e8fb
--- /dev/null
+++ b/regression/strings/StringStartEnd02/StringStartEnd02.java
@@ -0,0 +1,15 @@
+public class StringStartEnd02
+{
+   public static void main(String[] args)
+   {
+      String[] strings = {"tested", "testing", "passed", "passing"};
+
+      int i=0;
+      for (String string : strings)
+      {
+         if (string.startsWith("te"))
+            ++i;
+      }
+      assert i==1;
+   }
+}
diff --git a/regression/strings/StringStartEnd02/test.desc b/regression/strings/StringStartEnd02/test.desc
new file mode 100644
index 00000000000..16f696efa01
--- /dev/null
+++ b/regression/strings/StringStartEnd02/test.desc
@@ -0,0 +1,8 @@
+KNOWNBUG
+StringStartEnd02.class
+--string-refine --unwind 30
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION FAILED$
+--
+^warning: ignoring
diff --git a/regression/strings/StringStartEnd03/StringStartEnd03.class b/regression/strings/StringStartEnd03/StringStartEnd03.class
new file mode 100644
index 0000000000000000000000000000000000000000..a353c5e3a3047c23615ad474fb02ebe83bb607f8
GIT binary patch
literal 808
zcmZuvO;giQ6g@9rFHKWgf<+2N1*;aY6qR8i$mjsBDlX!P#Z}t8!C*<5B=r~YCuHM{
z8#Zp#8JN)#_x=t4ge&pBD0F0)N#47;@7#OtIWIqce>ny)k2wniD07UPxMJd}iEAb%
zOiWr(a6JPX6^<JgEQz^k;TEbKQw&2DFOEf&1l=%R4Pvj=5k3RkWH6S3Fi4ge)aul8
z25qJ53x<3n2*rADrzN6i5=;j>UJx=2S6?=^y*FOH<AqywH;IC9Yf%>F+{A0Ye&X$>
zc#dfXbE)0=*W7Zuy{Ii72eMW1Zy6Ot$y(^o-J6viZ4AO;D4g$3BPJqF<h)!4L`bP!
zsYj+{kfs#j+nB*^8+jBMM*4jool0MeqHaVK=lMBmHfB-(kNs(DTeK6h?gGK2O@w~D
z5hSljPW1vu$k}{<f|U+UN#^+?4kF>74MY|sJvt!oH!(rCH$a!n3L{biMJkvyh1MbZ
z8mFDnu1_C<eUw04qSZ)~3>g$LOtFN1fCf(c3;qpCQ*~6gsX3b4)E(Vz8jj&M)CV)`
zwc`a%UC@hqQG1Vat*GC<Z<Gv&AHsYKV^3jwIy*S|`3aeQ6w1asWWT~{9wGZ(vMVY3
zBut8Rl!$MP;yd)~Eh39$idT`t21&Y1h*4-KsKDSDp@+$rw3L29cL-TJ6FHx%0R|oW
e5V?JD?Esqk8JRxisbJYwhhjgJwv46|jr{>cZ=kgR

literal 0
HcmV?d00001

diff --git a/regression/strings/StringStartEnd03/StringStartEnd03.java b/regression/strings/StringStartEnd03/StringStartEnd03.java
new file mode 100644
index 00000000000..79479f9535b
--- /dev/null
+++ b/regression/strings/StringStartEnd03/StringStartEnd03.java
@@ -0,0 +1,15 @@
+public class StringStartEnd03
+{
+   public static void main(String[] args)
+   {
+      String[] strings = {"tested", "testing", "passed", "passing"};
+
+      int i=0;
+      for (String string : strings)
+      {
+         if (string.endsWith("ed"))
+            ++i;
+      }
+      assert i==3;
+   }
+}
diff --git a/regression/strings/StringStartEnd03/test.desc b/regression/strings/StringStartEnd03/test.desc
new file mode 100644
index 00000000000..e6d8c460709
--- /dev/null
+++ b/regression/strings/StringStartEnd03/test.desc
@@ -0,0 +1,8 @@
+KNOWNBUG
+StringStartEnd03.class
+--string-refine --unwind 15
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION FAILED$
+--
+^warning: ignoring

From 846f168afca388414ab315eae1c5d1db83c39566 Mon Sep 17 00:00:00 2001
From: Lucas Cordeiro <lucasccordeiro@gmail.com>
Date: Wed, 22 Feb 2017 14:25:48 +0000
Subject: [PATCH 015/699] =?UTF-8?q?=C2=A0added=20test=20cases=20related=20?=
 =?UTF-8?q?to=20string=20valueOf=20methods?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Lucas Cordeiro <lucasccordeiro@gmail.com>
---
 .../StringValueOf01/StringValueOf01.class     | Bin 0 -> 1565 bytes
 .../StringValueOf01/StringValueOf01.java      |  41 ++++++++++++++++++
 regression/strings/StringValueOf01/test.desc  |   8 ++++
 .../StringValueOf02/StringValueOf02.class     | Bin 0 -> 749 bytes
 .../StringValueOf02/StringValueOf02.java      |   9 ++++
 regression/strings/StringValueOf02/test.desc  |   8 ++++
 .../StringValueOf03/StringValueOf03.class     | Bin 0 -> 748 bytes
 .../StringValueOf03/StringValueOf03.java      |   9 ++++
 regression/strings/StringValueOf03/test.desc  |   8 ++++
 .../StringValueOf04/StringValueOf04.class     | Bin 0 -> 688 bytes
 .../StringValueOf04/StringValueOf04.java      |   9 ++++
 regression/strings/StringValueOf04/test.desc  |   8 ++++
 .../StringValueOf05/StringValueOf05.class     | Bin 0 -> 686 bytes
 .../StringValueOf05/StringValueOf05.java      |   9 ++++
 regression/strings/StringValueOf05/test.desc  |   8 ++++
 .../StringValueOf06/StringValueOf06.class     | Bin 0 -> 687 bytes
 .../StringValueOf06/StringValueOf06.java      |   9 ++++
 regression/strings/StringValueOf06/test.desc  |   8 ++++
 .../StringValueOf07/StringValueOf07.class     | Bin 0 -> 916 bytes
 .../StringValueOf07/StringValueOf07.java      |  10 +++++
 regression/strings/StringValueOf07/test.desc  |   8 ++++
 .../StringValueOf08/StringValueOf08.class     | Bin 0 -> 694 bytes
 .../StringValueOf08/StringValueOf08.java      |   9 ++++
 regression/strings/StringValueOf08/test.desc  |   8 ++++
 .../StringValueOf09/StringValueOf09.class     | Bin 0 -> 702 bytes
 .../StringValueOf09/StringValueOf09.java      |   9 ++++
 regression/strings/StringValueOf09/test.desc  |   8 ++++
 .../StringValueOf10/StringValueOf10.class     | Bin 0 -> 722 bytes
 .../StringValueOf10/StringValueOf10.java      |   9 ++++
 regression/strings/StringValueOf10/test.desc  |   8 ++++
 30 files changed, 203 insertions(+)
 create mode 100644 regression/strings/StringValueOf01/StringValueOf01.class
 create mode 100644 regression/strings/StringValueOf01/StringValueOf01.java
 create mode 100644 regression/strings/StringValueOf01/test.desc
 create mode 100644 regression/strings/StringValueOf02/StringValueOf02.class
 create mode 100644 regression/strings/StringValueOf02/StringValueOf02.java
 create mode 100644 regression/strings/StringValueOf02/test.desc
 create mode 100644 regression/strings/StringValueOf03/StringValueOf03.class
 create mode 100644 regression/strings/StringValueOf03/StringValueOf03.java
 create mode 100644 regression/strings/StringValueOf03/test.desc
 create mode 100644 regression/strings/StringValueOf04/StringValueOf04.class
 create mode 100644 regression/strings/StringValueOf04/StringValueOf04.java
 create mode 100644 regression/strings/StringValueOf04/test.desc
 create mode 100644 regression/strings/StringValueOf05/StringValueOf05.class
 create mode 100644 regression/strings/StringValueOf05/StringValueOf05.java
 create mode 100644 regression/strings/StringValueOf05/test.desc
 create mode 100644 regression/strings/StringValueOf06/StringValueOf06.class
 create mode 100644 regression/strings/StringValueOf06/StringValueOf06.java
 create mode 100644 regression/strings/StringValueOf06/test.desc
 create mode 100644 regression/strings/StringValueOf07/StringValueOf07.class
 create mode 100644 regression/strings/StringValueOf07/StringValueOf07.java
 create mode 100644 regression/strings/StringValueOf07/test.desc
 create mode 100644 regression/strings/StringValueOf08/StringValueOf08.class
 create mode 100644 regression/strings/StringValueOf08/StringValueOf08.java
 create mode 100644 regression/strings/StringValueOf08/test.desc
 create mode 100644 regression/strings/StringValueOf09/StringValueOf09.class
 create mode 100644 regression/strings/StringValueOf09/StringValueOf09.java
 create mode 100644 regression/strings/StringValueOf09/test.desc
 create mode 100644 regression/strings/StringValueOf10/StringValueOf10.class
 create mode 100644 regression/strings/StringValueOf10/StringValueOf10.java
 create mode 100644 regression/strings/StringValueOf10/test.desc

diff --git a/regression/strings/StringValueOf01/StringValueOf01.class b/regression/strings/StringValueOf01/StringValueOf01.class
new file mode 100644
index 0000000000000000000000000000000000000000..8103d7fb901728c98fd932908491f85aef3bfe16
GIT binary patch
literal 1565
zcmZ`(TXzdl6#h;!lQWrwP9tekq!+4Er57o!-lS5cRV|tzEsIGrVThDm`Wrm?0e$ht
zT9y}=RkN^o@nG>Yc=98#PkNgnomuPbea^S<d!O^|_xn!(`f*c53wmYZT}j_hNby#{
z6OX@m`f26sTLpb8jw9wp1pNw5h|Nik0Tq7qip`*cQ-TgD7#4Iy!Kk2P3Qh|eS1>N<
z83hSJCls6&bduwoiu0J_m}c11u9r$iv1~3EN)u*D&*Y6P16yG5jF<(pJjURTc3x$W
z63bbGp>D=37_*fJ8KamK!UR0f%>qM1baCdMzM}W!^}?N=`Et=L+!+>%yXMRK(*2A2
z!>T;T1&$eV&2f=I8ClA2cv0t<E5#*a(iAp>>-tyqe8rf{_4aiO%YGcdLGo8NN@dda
zV-|CMw4#mdWX)VIL&APs!exf=b|mAQ>76YWmy1H_3Z+ECf}LlOb9%l+db3DU-bulv
zh#3$JMepnD-TK7QHBvs_eL}F;sYbC_cPthYyEN72pQt$&{8+>d25mc@xy(IdsZ52h
zQ7#78V!|Q4Zjphnte2u%=S1iKm8MvXM-@tiAr!U2>+Xg-siEQMVq$8lrfw*@u)}$6
zU!mwucBXf*Gr7b0M9uS#S}EAF+88e?`F3Fwd75OZPu3`zMI*b_cN)KPg#a4k1+>v^
zYM~3qw6K^Q;@n_ju4rwiU4$qjDj#_V_DTri5Url-A%hnkI7~c=y1bC+DuUhCl#g=S
ztz}bbNi$PvS<9u;9<gvOlS(UEK9$xyT7_1w8L1ifsFobl_(>@U*MJ<526+(jDJ8&%
z)GiCkknc6Ts|Ypu0_qxktMGk*Km887K6iOM7Ixe4Iw!v0f@VYOooK{Dz=rN|q9Msb
z&<2N`aD!~2!3H-v;YMyDY=fJea9FXh*9Px%!cD4${Wh38VbKLwwF?F86RklH^`j4*
zUQh*t)RR%D7>5s&)Q@TGrYE2dcTtar2;eb-c!Cg~p%E_;#ux0xce3+?TKx;n%!O9w
zr6;6~o|Y)uSsWeg91gQvh|&)l4DTN@rgC(09AS(}E;mOP$5Egq5@{A6g>h_ag8HkY
k0@Md0YiM2tm!3m%zkzo<kIiWk_GP&IaWQk<)iitl0&mVpwg3PC

literal 0
HcmV?d00001

diff --git a/regression/strings/StringValueOf01/StringValueOf01.java b/regression/strings/StringValueOf01/StringValueOf01.java
new file mode 100644
index 00000000000..4a1bdc14273
--- /dev/null
+++ b/regression/strings/StringValueOf01/StringValueOf01.java
@@ -0,0 +1,41 @@
+public class StringValueOf01
+{
+   public static void main(String[] args)
+   {
+      char[] charArray = {'d', 'i', 'f', 'f', 'b', 'l', 'u', 'e'};
+      boolean booleanValue = false;
+      char characterValue = 'T';
+      int integerValue = 7;
+      long longValue = 10000000000L; // L suffix indicates long
+      float floatValue = 2.5f; // f indicates that 2.5 is a float
+      double doubleValue = 33.333; // no suffix, double is default
+      Object objectRef = "test"; // assign string to an Object reference
+
+      String tmp=String.valueOf(charArray);
+      assert tmp.equals("diffblue");
+
+      tmp=String.valueOf(charArray, 3, 3);
+      assert tmp.equals("fbl");
+
+      tmp=String.valueOf(booleanValue);
+      assert tmp.equals("false");
+
+      tmp=String.valueOf(characterValue);
+      assert tmp.equals("T");
+
+      tmp=String.valueOf(integerValue);
+      assert tmp.equals("7");
+
+      tmp=String.valueOf(longValue);
+      assert tmp.equals("10000000000");
+
+      tmp=String.valueOf(floatValue);
+      assert tmp.equals("2.5");
+
+      tmp=String.valueOf(doubleValue);
+      assert tmp.equals("33.333");
+
+      tmp=String.valueOf(objectRef);
+      assert tmp.equals("test");
+   }
+}
diff --git a/regression/strings/StringValueOf01/test.desc b/regression/strings/StringValueOf01/test.desc
new file mode 100644
index 00000000000..341f5e98975
--- /dev/null
+++ b/regression/strings/StringValueOf01/test.desc
@@ -0,0 +1,8 @@
+FUTURE
+StringValueOf01.class
+--string-refine
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION SUCCESSFUL$
+--
+^warning: ignoring
diff --git a/regression/strings/StringValueOf02/StringValueOf02.class b/regression/strings/StringValueOf02/StringValueOf02.class
new file mode 100644
index 0000000000000000000000000000000000000000..daf17d3330066df7a8b04c364bf29ec68ff130d0
GIT binary patch
literal 749
zcmZWmO>fgc5PcgvUdM5pZJL%8D4zwAwh)AJYlT1oE=}nnxRTqG6K^UP*8zX@&fmx%
z;0#DD0t9#d6Np)dHhf%WcW36kdGq%B&re?gv~kyhg(V9Yaj66omrX3I#}$sN77Q$L
zT(fW;H#lxG%&&M!BI7g|Mah#O@%o|k8Q30!u^B```jA0uG<O;F&d8Sxm2MEp=h;zT
z#xGPe6^^_hVpweKcMrW|uN8XHL93U>L3FU8fHS?+8@$~1UgiB9D;&2N%*{dgo8Rh<
zvUnh$1&XaULGF5CCU=JSAKX)%HfAtOFdMgV$3_`8L&*<@!(pG=Y&6hhs86RqK3nN&
z9FJlW{SPU}s*N?QGl(f@r++91DMMku^H+X?W#GpXP5G*w=Ksr*W%70Ag$ct#<B#%$
zc%w<4R;J@RAsJ6xzD$Bx`sb3#tu&(oxxPogWYS*(Ow`rZbkjhNVwPfsUdwbcI*Y5P
zVDD5T1VtlHl1G?BmF}wb4RitnU15GHx|;AER~Lcf7RAtU4HdZPJFY20#}$UiC~_g4
z?%GEbw%<b=qqbhvPf#4A{27LO3jR$^EaVfb#7;8MqS<Y5Y?1JJ%9O!=V2h*1u|TQC
mbLH(^A~07qPf!|z>u;fJAD~S+&$duJMHK8uYS#<-$oemIOqV+V

literal 0
HcmV?d00001

diff --git a/regression/strings/StringValueOf02/StringValueOf02.java b/regression/strings/StringValueOf02/StringValueOf02.java
new file mode 100644
index 00000000000..a730af26c02
--- /dev/null
+++ b/regression/strings/StringValueOf02/StringValueOf02.java
@@ -0,0 +1,9 @@
+public class StringValueOf02
+{
+   public static void main(String[] args)
+   {
+      char[] charArray = {'d', 'i', 'f', 'f', 'b', 'l', 'u', 'e'};
+      String tmp=String.valueOf(charArray);
+      assert tmp.equals("difffblue");
+   }
+}
diff --git a/regression/strings/StringValueOf02/test.desc b/regression/strings/StringValueOf02/test.desc
new file mode 100644
index 00000000000..00835385bc8
--- /dev/null
+++ b/regression/strings/StringValueOf02/test.desc
@@ -0,0 +1,8 @@
+FUTURE
+StringValueOf02.class
+--string-refine
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION FAILED$
+--
+^warning: ignoring
diff --git a/regression/strings/StringValueOf03/StringValueOf03.class b/regression/strings/StringValueOf03/StringValueOf03.class
new file mode 100644
index 0000000000000000000000000000000000000000..886aedc6b1d40d822d3bebede947ebfa4dabde7d
GIT binary patch
literal 748
zcmZWm%Wl&^6g?9=9>;N;X_}T4D9-{(TL=;rn^p)EK&q6qi{MIbR(3L}TwDkI=nwE0
z`2p5|)FMEz=bu2_Nod1kb7$s0&N=tY_n)7>0@%P^3l^3vT*RdUOk6gxtR7c5u39j#
z#Bt5Sb==^%$uPg-C5epFU>GG&gT(Vg*=Jz;48~Rv1?eLOtybS-(3``)WGJ<QNbY1u
zzKma}W-1(cLBz0F>$VQPW3Lf<(Ltk=#zAzjsRm~{sn>hi_Fj$qIaWAsF_>Gu@Hf8I
z8D?=$J`WUHWiq+vg_+zP+<$OSVcM9%ERET?jXO4qu!(ly`=N~*>I~H>@sqP{p2hJn
zCcXdQaje={!#abQ4(<AfvX?UCy3N1xlUW9SJds08wQh5JyZ-;C<d=M%d11n^Q2V1i
zf!?f>p`|HdGbGo^v%XA%SoY6FlT~R(1+sjfzR0AH1emC*mFcE|?8Gd^61|q`WOU|N
zPr=@)MhJ?=ILT1J9LjW8t#6>yFt8)cFL_rJeaF>B;JA4)a9l$LE_}x|Md-M~5E(@-
zq|;h6jE~5*-$NUrvR>9tkRPG=8HRfb{!MY_#++rsCn0DM`$KTFN%}lxieNv`=BRKi
pP-^j9`^H!#FjqEDP#A&hZ=q`+piME)_E0!^<m|_4+Y4jL>M!zEmC*nI

literal 0
HcmV?d00001

diff --git a/regression/strings/StringValueOf03/StringValueOf03.java b/regression/strings/StringValueOf03/StringValueOf03.java
new file mode 100644
index 00000000000..0c51518b300
--- /dev/null
+++ b/regression/strings/StringValueOf03/StringValueOf03.java
@@ -0,0 +1,9 @@
+public class StringValueOf03
+{
+   public static void main(String[] args)
+   {
+      char[] charArray = {'d', 'i', 'f', 'f', 'b', 'l', 'u', 'e'};
+      String tmp=String.valueOf(charArray, 3, 3);
+      assert tmp.equals("fbbl");
+   }
+}
diff --git a/regression/strings/StringValueOf03/test.desc b/regression/strings/StringValueOf03/test.desc
new file mode 100644
index 00000000000..19921a8e98f
--- /dev/null
+++ b/regression/strings/StringValueOf03/test.desc
@@ -0,0 +1,8 @@
+FUTURE
+StringValueOf03.class
+--string-refine
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION FAILED$
+--
+^warning: ignoring
diff --git a/regression/strings/StringValueOf04/StringValueOf04.class b/regression/strings/StringValueOf04/StringValueOf04.class
new file mode 100644
index 0000000000000000000000000000000000000000..5a0d670146c1cc44317c411ef7e8ef77c246899c
GIT binary patch
literal 688
zcmZWmT~8B16g{`Q-D#JFmQt{a6j6j0jrh<v8lypd0!b_(u|7@Pkqj<dnBC>a^bh!~
zCSWwtcmI>dJ6oZCWRjWtdG5JqzW@CE6+jF3eE6vOxQ-h|6tGypP3tTP)O~oU2`u}#
zg%yF@gt=82$I2vn7{yO@EPJ6E5U5M=+B(w7BZAXt9uVB^;Xn~eJ33M?(&L^o`?i=9
z$5Kaxg~schBY7q_Lm3@zb`qnb!!6r5-AQEs?XEn@>ILo)3hjRQ8{F><Q`1+^wS}sV
z+YV%ys=YT4TMsN?fN9KdTYy#E4KRg(XC@|90oJfis7<Cmxm@L$F+;;-|G^Vz1ZZM|
zP@XjH^^R0O`71PTBZ#vx6T*C>+x&k$7D=6^GK_7(AL%jVR+CjMO$Kd;EHw)?P_Z^@
za7C8&Nm5R*&RwkVkNNzKRIb@o*>b=dVutS$drSNhzxj;|(0f~mGT&YnBor}=3fs2y
zC34&hEIaMRPsr_lfHOk%e#JdUeuSwn@LpX&e6t|A45R{=?L2!P1fM!{nd3+i^aFJg
psB&Qbib^Y+3Cvas=O~UK+;?!Dk8mc4m$WPj;|7l{`GsuYwO{$qh<X43

literal 0
HcmV?d00001

diff --git a/regression/strings/StringValueOf04/StringValueOf04.java b/regression/strings/StringValueOf04/StringValueOf04.java
new file mode 100644
index 00000000000..91ea3e67c30
--- /dev/null
+++ b/regression/strings/StringValueOf04/StringValueOf04.java
@@ -0,0 +1,9 @@
+public class StringValueOf04
+{
+   public static void main(String[] args)
+   {
+      boolean booleanValue = false;
+      String tmp=String.valueOf(booleanValue);
+      assert tmp.equals("true");
+   }
+}
diff --git a/regression/strings/StringValueOf04/test.desc b/regression/strings/StringValueOf04/test.desc
new file mode 100644
index 00000000000..1312d27676d
--- /dev/null
+++ b/regression/strings/StringValueOf04/test.desc
@@ -0,0 +1,8 @@
+KNOWNBUG
+StringValueOf04.class
+--string-refine
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION FAILED$
+--
+^warning: ignoring
diff --git a/regression/strings/StringValueOf05/StringValueOf05.class b/regression/strings/StringValueOf05/StringValueOf05.class
new file mode 100644
index 0000000000000000000000000000000000000000..08abc79c499705e0a490a0549b44c6bf20188ff4
GIT binary patch
literal 686
zcmZWnO;Zy=5PhB9>?F%VLI@Z{1QawuOFY1dlm!*^1ab&P6?mE?BQ>yWU_baV`2(KS
zDzLN)?))bxdp1H)FZ0pe@Ad09bA9{s62LNExo}Z&F^R`{<S>=P6LXmsc<RDIMPSCo
zEan8B5ys|a6sa)Q-5}b~k!<;@L!f<vQ`dox-w~{8ZI@s-x*bI*Z0bOLOpaSB+%d(R
zIF>pfOjJK@9?CPh<jde-sTqelI9N5n;btt`M_ckFtrvJs$kp5aA9A<ZO~SVNpbb^I
z58IV~qP9Q3U3p^&Jq%-nVIJnO;9&?J>s$Bm0xt=bLCf{KIo^k1H)N&%kO@>h)UZe>
z4nW(jL)DJ|3iV+Gan_eX7_T;J|Ifw_snbOIktukP?o+PT*uuh~QNw4S*`<z(bf`M_
zV%eNH;RKt!k2!uWm*0?z6*DKFEU<wX;kCfGY2JzV?BWIJt0_d0S0@b;@)$*l&!)7A
z41<B$;!b_)2QpjVVD(UbU9!)S?P2H_oV^Q(E5njWSxT_^oMn{5GWe75I>wPa=ms++
qQ0Bn+y_V&)DKJ{fog?3au)n~zzQY<Y-sv(dS!BF5qkbZ7_~<uG7>7y#

literal 0
HcmV?d00001

diff --git a/regression/strings/StringValueOf05/StringValueOf05.java b/regression/strings/StringValueOf05/StringValueOf05.java
new file mode 100644
index 00000000000..03854f575b0
--- /dev/null
+++ b/regression/strings/StringValueOf05/StringValueOf05.java
@@ -0,0 +1,9 @@
+public class StringValueOf05
+{
+   public static void main(String[] args)
+   {
+      char characterValue = 'T';
+      String tmp=String.valueOf(characterValue);
+      assert tmp.equals("A");
+   }
+}
diff --git a/regression/strings/StringValueOf05/test.desc b/regression/strings/StringValueOf05/test.desc
new file mode 100644
index 00000000000..ccb5b3dc440
--- /dev/null
+++ b/regression/strings/StringValueOf05/test.desc
@@ -0,0 +1,8 @@
+KNOWNBUG
+StringValueOf05.class
+--string-refine
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION FAILED$
+--
+^warning: ignoring
diff --git a/regression/strings/StringValueOf06/StringValueOf06.class b/regression/strings/StringValueOf06/StringValueOf06.class
new file mode 100644
index 0000000000000000000000000000000000000000..e9a8065210a235df735a15b77a18eaf94156a2fd
GIT binary patch
literal 687
zcmZWnT~8B16g_u$yVEWUEu~-;5m3+;3HU(dfre;M5)+Vz8WP}X+74uJ+3J4qWBLbp
zMiVfa=)3<(!=0^Am6!Rr_nvdlJu^RlfBg<%1y4PAsCu}Idj;e%na6!|nG$&5!9`VI
z+QSTH1s)Q{=42eJDAC<8ex+mC3RH(c`vkY4L!GP>>{@-7;B0g|ics9rp?aI1v{dxY
z6m#N4>X0x|JJ>pwr*b)v;n8w4iFA0hW`M)ZM7G~=%MV$-z#~Gw(GLEQd(CbdwbiCJ
zRFyt#R|cutIehkf$q@P&#t6fF%wgWg5PX8Qy6WRGo)D^oo-eNlc^yUFh^79=CQ$QH
z#{!`=0PVDnRXh17)Q1toX<r9ny!NJkdpNd8eN1H#n}Wa6eaf{udsrMa+6dTawyC3H
z9jVTZSav5#Il(UPW0v2`<42@Y)eOof8|)xPcrEg6ig)5Yw{QtMH-#wi>SjSg0i!7M
z*_1Y6F&LOBiN@p?Slgdq_fT0ZI~U0HF!T-X-X+8j!(wGDWjK7!G0J5b{7ZNp<46JY
t3)3V};lTKfmX)k2Fj~%EpwNSG&fwUeVGkIubs3f%EdPa3Kan-Oa|N)_hcf^G

literal 0
HcmV?d00001

diff --git a/regression/strings/StringValueOf06/StringValueOf06.java b/regression/strings/StringValueOf06/StringValueOf06.java
new file mode 100644
index 00000000000..b13a3899f0f
--- /dev/null
+++ b/regression/strings/StringValueOf06/StringValueOf06.java
@@ -0,0 +1,9 @@
+public class StringValueOf06
+{
+   public static void main(String[] args)
+   {
+      int integerValue = 7;
+      String tmp=String.valueOf(integerValue);
+      assert tmp.equals("77");
+   }
+}
diff --git a/regression/strings/StringValueOf06/test.desc b/regression/strings/StringValueOf06/test.desc
new file mode 100644
index 00000000000..c78afa98f2f
--- /dev/null
+++ b/regression/strings/StringValueOf06/test.desc
@@ -0,0 +1,8 @@
+KNOWNBUG
+StringValueOf06.class
+--string-refine
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION FAILED$
+--
+^warning: ignoring
diff --git a/regression/strings/StringValueOf07/StringValueOf07.class b/regression/strings/StringValueOf07/StringValueOf07.class
new file mode 100644
index 0000000000000000000000000000000000000000..36e9401884cee02e9c9682975e101417a17d58e4
GIT binary patch
literal 916
zcmZWoZBr6a6n-u&yRfW+h(s?WmKInF7G?!CI#wSV(`ImNv`-6MnYCrt_Qje03V)!_
z*$g%{)%Si!f1{>z7ZJ(*aPQf3pYxn^pL6c7zh8d<sGzDsMlM2jXgmHJF<i%V6nO<R
zDsJGWidoFXFpgVM+!mgKf}#oyIR*17?%*!N<gD(x-0=+Ca-SKl-Y|KKf$cHKHN!Hz
zrwrjjafd-#w_BVcv0+$z)9*C6vn{}M(9sQxAyas}aiAaRB~!QBrMl-BR=X+!$LgNm
zeD_K}4DbpT7^1bNc}lL<ZQp6~7lxop_rrE{)8||J<&{N2s3C<(1&bO=C^M+0ZME}H
z@^h}rkQ`>*Y8>#UNAwz&a8JQ~jRacOki-Oowp1Q|8XjPUAv=s+8%XfnacqY!`ClCh
z9%^`m$0G^*m{HdU*W(>h%=SHoslFbDU3yJoc!cMAr^=ul_3uZB!pq`C(WogwX`_ME
zkV8SU&rmB|3_34<UyAA}^(YPHm-%~NH(inb9M2$#I-eLSvu@IOP;*<{H5}eL6N-B3
z`E)?Dv4<HNF`0&tC9^_qvch1ZYqX~6FGoA0Ju-g+_DKLSMXMY*8I5fQm&g`S6AC2S
zm(vKX9z#k+r0<Y-!_!}&)O(1&5ys{*VqK&cQfd$JF5=&y?Ve!lr=Si6)ES6J5g{rW
zS)$A#O4AS{8?>@Ns7MMflk>`1k(HntU?Mf%L!t{s`Uolf8L=VjpkTogK}cH_*SZ=c
Gz4i~F)WtRc

literal 0
HcmV?d00001

diff --git a/regression/strings/StringValueOf07/StringValueOf07.java b/regression/strings/StringValueOf07/StringValueOf07.java
new file mode 100644
index 00000000000..c4c44435d22
--- /dev/null
+++ b/regression/strings/StringValueOf07/StringValueOf07.java
@@ -0,0 +1,10 @@
+public class StringValueOf07
+{
+   public static void main(String[] args)
+   {
+      long longValue = 10000000000L;
+      System.out.printf("long = %s\n", String.valueOf(longValue));
+      String tmp=String.valueOf(longValue);
+      assert tmp.equals("100000000000");
+   }
+}
diff --git a/regression/strings/StringValueOf07/test.desc b/regression/strings/StringValueOf07/test.desc
new file mode 100644
index 00000000000..7b19c4ff67b
--- /dev/null
+++ b/regression/strings/StringValueOf07/test.desc
@@ -0,0 +1,8 @@
+KNOWNBUG
+StringValueOf07.class
+--string-refine
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION FAILED$
+--
+^warning: ignoring
diff --git a/regression/strings/StringValueOf08/StringValueOf08.class b/regression/strings/StringValueOf08/StringValueOf08.class
new file mode 100644
index 0000000000000000000000000000000000000000..356ddbbb9d4b840183665cc3543a33134f8f4808
GIT binary patch
literal 694
zcmZWnT~8BH5IwWq_I8)WmZe}pu@z8TBtQ%%CJ=)Gc>;N;ArYQ#+bg-aY;`~QG5rHP
zqX`&I^xglYaqbqVA1`y~&dfP8bMF1|>&rI)t5|d~f+>5W4!D@c9S08X7BOQk_XKJ#
z1f~S)F79JiV2&_8FXLE6iSC8*mX2jRP+bBY5DM!$)X8%~uF>2l*qgnsB9wM?s9vQf
zZ56#X#hf^iIwVXs4tI{_say_Zc(mL~A{`#B8Q^Fuk)3zD@_kk>Fi$A1cY-T&x7ACd
zj@s6SsxpA>%OF*IZ&#iz8A1=YP-2*e2YBeg!zlNBvh;Mt!y_~Z)nV5c*Q>mYqF%(q
z{=+BG^ss=(gz^xy*FILA<gd^GMi8fiNeB~-?dJdMu}JDeDudV*{E;3|t~FW3(y-BH
zz*4hNT@~v{b#I1ceUg+Dtn&fCi^ER{P`PSWWiJOZ3a~BnZH7<cGrw>NIyZ$FV_V3A
z#9$xe?3>aSECvI0-`bk{jNI-=*nLzM{rm+AeT;mCcyo#3cf(?3EIw@Z^NcE>$X}(#
yw!#qy^b<8pV1fgaH?yo}O@T4rxq#b;u+L!UKEWO`Ue9G%^02%OGyUzXVf8mK-iSK@

literal 0
HcmV?d00001

diff --git a/regression/strings/StringValueOf08/StringValueOf08.java b/regression/strings/StringValueOf08/StringValueOf08.java
new file mode 100644
index 00000000000..539c60e5a9f
--- /dev/null
+++ b/regression/strings/StringValueOf08/StringValueOf08.java
@@ -0,0 +1,9 @@
+public class StringValueOf08
+{
+   public static void main(String[] args)
+   {
+      float floatValue = 2.5f;
+      String tmp=String.valueOf(floatValue);
+      assert tmp.equals("2.50");
+   }
+}
diff --git a/regression/strings/StringValueOf08/test.desc b/regression/strings/StringValueOf08/test.desc
new file mode 100644
index 00000000000..a7d90b1b9ef
--- /dev/null
+++ b/regression/strings/StringValueOf08/test.desc
@@ -0,0 +1,8 @@
+FUTURE
+StringValueOf08.class
+--string-refine
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION FAILED$
+--
+^warning: ignoring
diff --git a/regression/strings/StringValueOf09/StringValueOf09.class b/regression/strings/StringValueOf09/StringValueOf09.class
new file mode 100644
index 0000000000000000000000000000000000000000..e852bce13a4efeac1af59da4f7f6ac6010aa2498
GIT binary patch
literal 702
zcmZWnT~8B16g{`y-D#J_mQt{yC{>ge1x(6|ftVW5_<-<GLLxp*+mQ?|TiuWTn7;UE
z;+r1<qY1tm|C7c$TcLi;!=0IX?>YC}JM;bL=TiWySaRWE#%VU+zCP`L`{?2_uH@lj
zHixU`a!p{)MGi9pRTtNBLtvgTIWMC~g|Y4h(WZ`M+gDuz?Gv1J9q9NzAzQ2O5v+|~
zR}l(ZI#AomQCo$(CYb|AQU`?T+Ow@g*_SK63=URWaj1iXH3J-P#j^9_iF}#n3*02+
z);s=ha<|n>!j5{R4OMvv+mn8xcAnq8w`>SK6i{TChg(?iFpdiZ(P%6;czLLyPN<9u
zKRD~=VHoy8*82~oz@mrSxI-w8Ks)V2)rtRd4PjiVKNLfls%_T)?~v!DUM13xOu`@G
zA>~?~2U!>u+VFYWJgcsXbf~)LVtGVy!T}!jKC1j^9zQ7+E2djMWx*^cvYp`DEbqj-
zy?6q8XA)6j>!eOX9+N2Z*`)3w1B>@+8JWimpI~jjhdn@fspK3(3^4Wuxu++{e>F6j
zl%|vdY_<+l@t@%@GsV$7=m+Mq0@LiccrIo&tqM$(++&OlAgnjAvL9fN7|(<m78@C_
LY2;VZf|q^)!i|kY

literal 0
HcmV?d00001

diff --git a/regression/strings/StringValueOf09/StringValueOf09.java b/regression/strings/StringValueOf09/StringValueOf09.java
new file mode 100644
index 00000000000..cc35ddb0733
--- /dev/null
+++ b/regression/strings/StringValueOf09/StringValueOf09.java
@@ -0,0 +1,9 @@
+public class StringValueOf09
+{
+   public static void main(String[] args)
+   {
+      double doubleValue = 33.333; // no suffix, double is default
+      String tmp=String.valueOf(doubleValue);
+      assert tmp.equals("33.3333");
+   }
+}
diff --git a/regression/strings/StringValueOf09/test.desc b/regression/strings/StringValueOf09/test.desc
new file mode 100644
index 00000000000..10f6b102a67
--- /dev/null
+++ b/regression/strings/StringValueOf09/test.desc
@@ -0,0 +1,8 @@
+FUTURE
+StringValueOf09.class
+--string-refine
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION FAILED$
+--
+^warning: ignoring
diff --git a/regression/strings/StringValueOf10/StringValueOf10.class b/regression/strings/StringValueOf10/StringValueOf10.class
new file mode 100644
index 0000000000000000000000000000000000000000..da330143f4d2b161d0f9da434a5f3738b4cf15e3
GIT binary patch
literal 722
zcmZuvQBM;=5dNmU>t3&iEl0tMVnGpGK+uFYh|!=t6?mwU08iU?C5OjV@AmjH{R2L$
z2^dZE-T$O<_6ih@FSE0=^L_Kp%>MlS^*ewythgv)+QDrXcQ8{#5qBNb&1F_#&V|6V
zz&#iDF)#3dFflKaM8!JjN6CvIk)2TW2y{RwYy?rDpAzzo<{rV??DrI*+zKMKlb&=`
z{K_Qr!-)(c!c^n1bu3TiYAB<l)wYg<=xE&l$J$zU-)_rySw0sPSRgnX-SC3nZTHi-
ztF{8eRvjYuWSFYmH%}g~7)}p2Q07WnC7RJ59-`sF!x+KlSfV{Nu}G+m1U$d&>SY}F
zW7ho-ufURrWjrEOMxfo!vFhr-LPHoqoDLNc78=+393s}6*FqPq^8nTRRE7y*@_z`P
zaCuaDGvqb!5PK>KV%57+&$H7hKkyC?Fvr_0@s_DlGtIM?2bs~Zt?+GzPvX;FJO_O=
zi5O>F$b!UR9~11G)Yr%{7?|~Qt)(x>Z-0U{Ky}%-&rlek^bKPF9L^8JlFL|pSnS)3
zD!}1yRA*b|ND1@{b%9BNDGuGdQnQwo1;+j28QcMc^#NA?GprHkr82`~Bj-Ic`fFLq
GTYmttSCRDq

literal 0
HcmV?d00001

diff --git a/regression/strings/StringValueOf10/StringValueOf10.java b/regression/strings/StringValueOf10/StringValueOf10.java
new file mode 100644
index 00000000000..044586124a7
--- /dev/null
+++ b/regression/strings/StringValueOf10/StringValueOf10.java
@@ -0,0 +1,9 @@
+public class StringValueOf10
+{
+   public static void main(String[] args)
+   {
+      Object objectRef = "test"; // assign string to an Object reference
+      String tmp=String.valueOf(objectRef);
+      assert tmp.equals("tesst");
+   }
+}
diff --git a/regression/strings/StringValueOf10/test.desc b/regression/strings/StringValueOf10/test.desc
new file mode 100644
index 00000000000..5de3d5aade7
--- /dev/null
+++ b/regression/strings/StringValueOf10/test.desc
@@ -0,0 +1,8 @@
+FUTURE
+StringValueOf10.class
+--string-refine
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION FAILED$
+--
+^warning: ignoring

From 47dbc2ed91d6391b7c2dd20994e3eb9d0f7d33c9 Mon Sep 17 00:00:00 2001
From: Lucas Cordeiro <lucasccordeiro@gmail.com>
Date: Wed, 22 Feb 2017 14:26:42 +0000
Subject: [PATCH 016/699] =?UTF-8?q?=C2=A0added=20test=20cases=20related=20?=
 =?UTF-8?q?to=20string=20class=20substring=20methods?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Lucas Cordeiro <lucasccordeiro@gmail.com>
---
 regression/strings/SubString01/SubString01.class | Bin 0 -> 829 bytes
 regression/strings/SubString01/SubString01.java  |  13 +++++++++++++
 regression/strings/SubString01/test.desc         |   8 ++++++++
 regression/strings/SubString02/SubString02.class | Bin 0 -> 744 bytes
 regression/strings/SubString02/SubString02.java  |   9 +++++++++
 regression/strings/SubString02/test.desc         |   8 ++++++++
 regression/strings/SubString03/SubString03.class | Bin 0 -> 734 bytes
 regression/strings/SubString03/SubString03.java  |   9 +++++++++
 regression/strings/SubString03/test.desc         |   8 ++++++++
 9 files changed, 55 insertions(+)
 create mode 100644 regression/strings/SubString01/SubString01.class
 create mode 100644 regression/strings/SubString01/SubString01.java
 create mode 100644 regression/strings/SubString01/test.desc
 create mode 100644 regression/strings/SubString02/SubString02.class
 create mode 100644 regression/strings/SubString02/SubString02.java
 create mode 100644 regression/strings/SubString02/test.desc
 create mode 100644 regression/strings/SubString03/SubString03.class
 create mode 100644 regression/strings/SubString03/SubString03.java
 create mode 100644 regression/strings/SubString03/test.desc

diff --git a/regression/strings/SubString01/SubString01.class b/regression/strings/SubString01/SubString01.class
new file mode 100644
index 0000000000000000000000000000000000000000..861bf6905d377ed4734838615a71b208ff4870df
GIT binary patch
literal 829
zcmZuvT~8B16g|_g-EOybTS~1UA`044q+oc17!frgDf&=D0zS=dhh}iQtNY=zzoUP^
zXEiB_Ci?Dw(s*YpZ4D-yosV<wx#!+HKYxGy4qyil4HU7c<EDWn+{&YXWgWNGVMW6o
z0~!|9;jWHV4QmGO;l73j!`vzlLlH#M_rj+#<hCn%4D6I4w<kRrJz_{Vn#T;81HUI2
zN*(Em7xBOr!7D{3V8ErvP;0#Iob&g*?Q*Z*?nZ(1`nxKy*p0aJ=7_&d_!^oF`kv$d
z6*szm95~{+R8m$qw#SiM+nY+vgoQH08jmA?z$58IB8(g!ioWnfKo`Epqn<oFv)x#b
zw25`JOk6{Wp?rm4VgnBt>QkHhm$g3&0zXjEn^cfW!cdqoqoHkL3)^II8vN2e7Y-3;
zuEypW@?mU;NedX}8;8xSouU4UcQJQEMVNudqPtBRK&^53|H#tR!+}fVBWh2CG7!B<
zJ=F6kCV*yliWPbdMS3O7s;kz}E)BAcGW{!bTB4QFnq9vD`=p4Nqkk^Bq+(FTJna?r
z1BIq(eNstvT2^(0^wDQzhNx~-vLob%D13u<asmBE%gS5D5%Lq<_!n1sQc0c#%0$UY
zSAzka>>4zP0`_5|Mu>^jFZGJA)3;1`ePVnkaR`(vg%Qjlw9H3j(qE97ieDC?gtADP
Mk5#ERlH3b_0AX3L1ONa4

literal 0
HcmV?d00001

diff --git a/regression/strings/SubString01/SubString01.java b/regression/strings/SubString01/SubString01.java
new file mode 100644
index 00000000000..c99db9b7308
--- /dev/null
+++ b/regression/strings/SubString01/SubString01.java
@@ -0,0 +1,13 @@
+public class SubString01
+{
+   public static void main(String[] args)
+   {
+      String letters = "automatictestcasegenerationatdiffblue";
+
+      String tmp=letters.substring(20);
+      assert tmp.equals("erationatdiffblue");
+
+      tmp=letters.substring(9, 13);
+      assert tmp.equals("test");
+   }
+}
diff --git a/regression/strings/SubString01/test.desc b/regression/strings/SubString01/test.desc
new file mode 100644
index 00000000000..8eea70cf458
--- /dev/null
+++ b/regression/strings/SubString01/test.desc
@@ -0,0 +1,8 @@
+KNOWNBUG
+SubString01.class
+--string-refine
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION SUCCESSFUL$
+--
+^warning: ignoring
diff --git a/regression/strings/SubString02/SubString02.class b/regression/strings/SubString02/SubString02.class
new file mode 100644
index 0000000000000000000000000000000000000000..d758b7baf0b6929136ac7bc16c5f232333cb203d
GIT binary patch
literal 744
zcmZWn!EVz)5Ph3Cv17X=b<>gp1yWi_+CmZPtrY?lkdV@H2m-Y|t?g~J#j(L&^D+4W
z&VZCkAi<q~0x|2*rWKO4J3I5{&6^qj`t$7vfGym&;b76iH5=D)qlOxmEZo$OTPAMX
zFtKQ&ZDSdCOsp`>t?(=psgg;YJ(C&tBM~yNLx$>(jHP<aQ0{c!Fc`Z@C>ZKJ8H@dV
z=!^8V22)_jWz4Y9IqIG8k9;%Y@nEyBQW+1nb>d84@!;Jae_!BDtTI?TLG+K@?k9N~
zh!;{*HTt<f$$a?efhKct1$Bm1o~vZYl?;@~RKPPa5V1(fk;Ghu^7z<~azWHC?&6*c
z7c&grB|w32(LtA?HP!j_toi3@nxqWQ1qCM7T&!b*bWIap`6nV!ms}IY47Duxv!ZW?
z`OeGk|Kp&ciVr!DG7Y#8o{(;LY3lW9sojWHLxT-PCQ}ifOQm_LoC36$L$qnb4sD(_
zTDonr%3ykGbT;U<L^q?mvUUpgSpzXkXSHyWW_Xw*TSMQXM9ILiSL&@dnq!przQ7ov
zx#3mDsE*)#hk0-c>!;=^6+9jcvMZEVh5otPu+Sur1NIwj6Z7<uYvEkaR#6z3^=f0-
cBbde~80D`prkrQmG*1O3_lfS{YEiQF7c~H!ng9R*

literal 0
HcmV?d00001

diff --git a/regression/strings/SubString02/SubString02.java b/regression/strings/SubString02/SubString02.java
new file mode 100644
index 00000000000..36961dcca75
--- /dev/null
+++ b/regression/strings/SubString02/SubString02.java
@@ -0,0 +1,9 @@
+public class SubString02
+{
+   public static void main(String[] args)
+   {
+      String letters = "automatictestcasegenerationatdiffblue";
+      String tmp=letters.substring(20);
+      assert tmp.equals("erationatdifffblue");
+   }
+}
diff --git a/regression/strings/SubString02/test.desc b/regression/strings/SubString02/test.desc
new file mode 100644
index 00000000000..e7b21cdd678
--- /dev/null
+++ b/regression/strings/SubString02/test.desc
@@ -0,0 +1,8 @@
+KNOWNBUG
+SubString02.class
+--string-refine
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION FAILED$
+--
+^warning: ignoring
diff --git a/regression/strings/SubString03/SubString03.class b/regression/strings/SubString03/SubString03.class
new file mode 100644
index 0000000000000000000000000000000000000000..27241061d321ceaf5d5e4d0f1932dd57330b2d99
GIT binary patch
literal 734
zcmZWn+iuf95Iq|^vEw+zO)sQCfwpN$+Cq`&TPp-AAXQ4sLl9ES)7sufTO1qgH6N27
z;2Dro2_$&upFqqyv?)Tec4y~u=FA!Y{QdPifF0a-P{X2)8xC&bRuxq&*|@DAcP!j>
zU}4e1vV#?@T4*!Owt1F`RLLaHp2>{+kq8;s2}5O1#!@|IFgo4W4Ca0k3Wi2c#^NX+
z`XYU$lPNIdGG<ulyy>0s4}3e~@nE~JQW+0+bz!})c<}a+zbo=BtTEVoLG%~g=_h#_
zh!;{rdHvj<R6cz4K!drsh6ckL&s8$yN(M?~D&UzIh*+fLNMf!+d3x$cxgcm4>$vB_
zMV+Cn1SPxZpv%yjQhRza@AEWGQij@<rWQ6_Y+{S3ObcH6XChGlxF#eSs#)%5#i&|<
zgM;q>5|EJMea@qdVZL)EJVD*<lG2T7ul<PDL0F;4WGcc-uB4&LDL}h8!7^>NM%!jy
zOOHyH0j8Cr)1%iC-Hh(?#yQw0oroDaD}|FtqlsCvb?Pyd8g#dtrQW7j_3C37ho51N
zFt^n#k5L(+_6^qYIqV-AsZ<~}VUk^@$_f#%unHS<<f(!E(*M;wedJoWWVBPX24<So
eF`N-B^CL{-3(P6z1v`yXM#+7mXSiOpZ2bWZ)|agS

literal 0
HcmV?d00001

diff --git a/regression/strings/SubString03/SubString03.java b/regression/strings/SubString03/SubString03.java
new file mode 100644
index 00000000000..33fe0f25d11
--- /dev/null
+++ b/regression/strings/SubString03/SubString03.java
@@ -0,0 +1,9 @@
+public class SubString03
+{
+   public static void main(String[] args)
+   {
+      String letters = "automatictestcasegenerationatdiffblue";
+      String tmp=letters.substring(9, 13);
+      assert tmp.equals("teest");
+   }
+}
diff --git a/regression/strings/SubString03/test.desc b/regression/strings/SubString03/test.desc
new file mode 100644
index 00000000000..2b8db21a829
--- /dev/null
+++ b/regression/strings/SubString03/test.desc
@@ -0,0 +1,8 @@
+KNOWNBUG
+SubString03.class
+--string-refine
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION FAILED$
+--
+^warning: ignoring

From b8f2f5a65dd6e8cd42debe0f5c700240a6e440d4 Mon Sep 17 00:00:00 2001
From: Lucas Cordeiro <lucasccordeiro@gmail.com>
Date: Wed, 22 Feb 2017 14:27:30 +0000
Subject: [PATCH 017/699] =?UTF-8?q?=C2=A0added=20test=20cases=20related=20?=
 =?UTF-8?q?to=20StringTokenizer=20object=20used=20to=20tokenize=20strings?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Lucas Cordeiro <lucasccordeiro@gmail.com>
---
 .../strings/TokenTest01/TokenTest01.class     | Bin 0 -> 1409 bytes
 .../strings/TokenTest01/TokenTest01.java      |  24 ++++++++++++++++++
 regression/strings/TokenTest01/test.desc      |   8 ++++++
 .../strings/TokenTest02/TokenTest02.class     | Bin 0 -> 870 bytes
 .../strings/TokenTest02/TokenTest02.java      |  17 +++++++++++++
 regression/strings/TokenTest02/test.desc      |   8 ++++++
 6 files changed, 57 insertions(+)
 create mode 100644 regression/strings/TokenTest01/TokenTest01.class
 create mode 100644 regression/strings/TokenTest01/TokenTest01.java
 create mode 100644 regression/strings/TokenTest01/test.desc
 create mode 100644 regression/strings/TokenTest02/TokenTest02.class
 create mode 100644 regression/strings/TokenTest02/TokenTest02.java
 create mode 100644 regression/strings/TokenTest02/test.desc

diff --git a/regression/strings/TokenTest01/TokenTest01.class b/regression/strings/TokenTest01/TokenTest01.class
new file mode 100644
index 0000000000000000000000000000000000000000..70e112fbafba43a04d1e0f208ed307c70c3dedac
GIT binary patch
literal 1409
zcmZuxOLNm!6#i}`>&l8kVh2M^5)cI%2Ld4v0@!H^gaDy=bjBGvz)G<%K_E*(l9^%8
z8ur=1uwm0p>5O4uNY^l|;P23;=gRRTj5qi7o%5Z?ccjn%z262fja362$8;Rmal*jQ
z7)c_BQ5`2aP8k@(X#;04o<u*+a!eTL#xeOasbfl-PwP0RV@Ah$jtd4ZBG1r&+zvw#
zM2_!;SDnyacSV_j-C@vX9nXp87?j-TEe3VoFAIj=CC3vh)yldE)}%2372EL`4&?4G
zJ+L3!<F4&(j2EN8@iq$5v8Nc>rH9M*W^B(<;Fx95XG`ubzftt7K}lS5BwOE_|4?{q
zB8<*XoRNGc4q|}euw9M(iXAy6D<aS;*`csDgeL-e^C>>Fh}y(2nB(}>#3fv27^x>}
z`S&d0ii+@}FmIhG8*BH470EcEWd|Z}P}o-LtLqO$DdM<dVjfpH7ED~jbrTsJU>IoG
zU2gPkAqf1y#0@MmB%5iPxQXAWJ2G3^WWEeWd&b>urE)BpSjNhpOzKS}jXHFeArWr6
z4pEQfI`qAxM_ZA_Ct)Niq^(~iicFos@yCBB*&>Q7>`H+l)v9*Ui^PTq82Dq`t%}uq
zQt`#nw$Qs4<kla%?Pa5R+LYYnH`^iM_I&FC6n44y(hxh3d0dh_(}74%oF*PsZ8!YE
zpg~Kc-P@{b-lh4cTFN4H0#R;?N<$k}383M>gQN6Cary#T-+&wgIw@dsE@{ouZJ2gO
zd*b9<u)m}s4$-Q`j|!3)#1Ngyl-;LSov?4|uBB6Hr3Q8R4H9Wh{Rn<r8QXpby;wu?
zk2f&3kQ&?OFVOt~-M8Pu{70D^%d1&+dnTdGXc;Y&c!g(KHKR@DIdNop4L!qK7>r%r
zEKl#Np?3@G4fkR7<u15NU|$R_G{HmzoFp(6gSjTCHNXsk=@@Kg^;BU`HTHVvku1C`
zF8m7m=*+20It(iRAgzP6AE7_e6nbzD`>;Ybw~#`BG@es`|HOWLqV9en>??T;6GH*~
zUrccv<~Xtg6P)(?jnRow%fDlS9)^a7b|{qEg2`Ej)f8wtRsu++`)k<01+Kn^s{9S3
Vm2*QZ88?A0^OBVGC|$bn)Bmw>Ko|f3

literal 0
HcmV?d00001

diff --git a/regression/strings/TokenTest01/TokenTest01.java b/regression/strings/TokenTest01/TokenTest01.java
new file mode 100644
index 00000000000..2180bc94c1d
--- /dev/null
+++ b/regression/strings/TokenTest01/TokenTest01.java
@@ -0,0 +1,24 @@
+import java.util.StringTokenizer;
+
+public class TokenTest01
+{
+   public static void main(String[] args)
+   {
+      String sentence = "automatic test case generation";
+      String[] tokens = sentence.split(" ");
+      System.out.printf("Number of elements: %d\nThe tokens are:\n",
+         tokens.length);
+      assert tokens.length==4;
+
+      int i=0;
+      for (String token : tokens)
+      {
+         System.out.println(token);
+         if (i==0) assert token.equals("automatic");
+         else if (i==1) assert token.equals("test");
+         else if (i==2) assert token.equals("case");
+         else if (i==3) assert token.equals("generation");
+         ++i;
+      }
+   }
+}
diff --git a/regression/strings/TokenTest01/test.desc b/regression/strings/TokenTest01/test.desc
new file mode 100644
index 00000000000..02a11e8e392
--- /dev/null
+++ b/regression/strings/TokenTest01/test.desc
@@ -0,0 +1,8 @@
+FUTURE
+TokenTest01.class
+--string-refine --unwind 30
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION SUCCESSFUL$
+--
+^warning: ignoring
diff --git a/regression/strings/TokenTest02/TokenTest02.class b/regression/strings/TokenTest02/TokenTest02.class
new file mode 100644
index 0000000000000000000000000000000000000000..09f38782aa153f91c4836a3c3b5a75cd604e2f76
GIT binary patch
literal 870
zcmZuvO-~b16g{u=@ut&3O0m#d!Gb8IAgzS3076uRjYSu2OvKf6`qB)vGdMH#7w{{(
zGHzI_5fV*s@5Vo5toId5G3jF7y!Y<8=bm%#`}ybFC4hB2Hen%W;I4rg6SKG%hl#v_
zIeD1pxNpKhj$^^Z13ctdWSCsA!%zf~>wDpIH?-?5(O_VQ4Ena~xzP@TQdoM;pzit&
z!7yHNJ@K;Bu8W{1!4zoQuE#J{cw0HL-`k~@?KMl)C~&>zmP{P0Mz(W&V4w8y90iUg
z24mZ4{o^;QekX9mzAM?1HUC(6H4#STwN=SyVH`<@S-TVYZ98(Ed_=*#V}~N&6rKp^
z&Zqh;PrMe2Shg^RTMP+`4#E~z@Q5KZ6!>)DdM^n4fY3MUa;#b?p-gIq39sr$!ilJ1
zBW(T$yt2-qg(oeS5*7<1`ZAJ47w<ZDD`ZIDOt~t&wL~KsAIjNn(cGx(4H3G5Xk6Q&
zW=9<g(9jMsN8`8XWw2yM_Jno{hy_VnC+IXoe@1_;cmeiF0+FIs?_Vm2V-mM%FQH!%
zqqhT8QnAW%N;!vmpzN${s#*1NLsK^Nw4T;JqMTLJ`r0O+(LW&f8Cn<VEKlj@;9VrX
z!+3Ln_>WVCo$BnY_e)lc^()TzxjD%*NU{{2pcguZXC!)$_Af|sn$RUEJxqghOmR%p
z%H&5DexpbiJxW)HF-kCyxpuqWw*^e3%yT5V;OZGv<qNc-j)8MoOGC_hBKwo=%e?a!
DY~HWh

literal 0
HcmV?d00001

diff --git a/regression/strings/TokenTest02/TokenTest02.java b/regression/strings/TokenTest02/TokenTest02.java
new file mode 100644
index 00000000000..944d0a169a0
--- /dev/null
+++ b/regression/strings/TokenTest02/TokenTest02.java
@@ -0,0 +1,17 @@
+import java.util.StringTokenizer;
+
+public class TokenTest02
+{
+   public static void main(String[] args)
+   {
+      String sentence = "automatic test case generation";
+      String[] tokens = sentence.split(" ");
+ 
+      int i=0;
+      for (String token : tokens)
+      {
+         if (i==3) assert token.equals("genneration");
+         ++i;
+      }
+   }
+}
diff --git a/regression/strings/TokenTest02/test.desc b/regression/strings/TokenTest02/test.desc
new file mode 100644
index 00000000000..3bcf7505e25
--- /dev/null
+++ b/regression/strings/TokenTest02/test.desc
@@ -0,0 +1,8 @@
+FUTURE
+TokenTest02.class
+--string-refine --unwind 15
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION FAILED$
+--
+^warning: ignoring

From 02df7f1c8d956b52a44a50ddc290a95538a47674 Mon Sep 17 00:00:00 2001
From: Lucas Cordeiro <lucasccordeiro@gmail.com>
Date: Wed, 22 Feb 2017 14:28:21 +0000
Subject: [PATCH 018/699] =?UTF-8?q?=C2=A0added=20test=20cases=20related=20?=
 =?UTF-8?q?to=20validate=20data=20from=20user=20using=20the=20ValidateInpu?=
 =?UTF-8?q?t=20class?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Lucas Cordeiro <lucasccordeiro@gmail.com>
---
 .../strings/Validate01/Validate01.class       | Bin 0 -> 1415 bytes
 regression/strings/Validate01/Validate01.java |  30 ++++++++++++++
 .../strings/Validate01/ValidateInput01.class  | Bin 0 -> 880 bytes
 .../strings/Validate01/ValidateInput01.java   |  38 ++++++++++++++++++
 regression/strings/Validate01/test.desc       |   8 ++++
 .../strings/Validate02/Validate02.class       | Bin 0 -> 1187 bytes
 regression/strings/Validate02/Validate02.java |  22 ++++++++++
 .../strings/Validate02/ValidateInput02.class  | Bin 0 -> 880 bytes
 .../strings/Validate02/ValidateInput02.java   |  38 ++++++++++++++++++
 regression/strings/Validate02/test.desc       |   8 ++++
 10 files changed, 144 insertions(+)
 create mode 100644 regression/strings/Validate01/Validate01.class
 create mode 100644 regression/strings/Validate01/Validate01.java
 create mode 100644 regression/strings/Validate01/ValidateInput01.class
 create mode 100644 regression/strings/Validate01/ValidateInput01.java
 create mode 100644 regression/strings/Validate01/test.desc
 create mode 100644 regression/strings/Validate02/Validate02.class
 create mode 100644 regression/strings/Validate02/Validate02.java
 create mode 100644 regression/strings/Validate02/ValidateInput02.class
 create mode 100644 regression/strings/Validate02/ValidateInput02.java
 create mode 100644 regression/strings/Validate02/test.desc

diff --git a/regression/strings/Validate01/Validate01.class b/regression/strings/Validate01/Validate01.class
new file mode 100644
index 0000000000000000000000000000000000000000..a5a99f5efc122f3706a204ede0e0d0bfb70352c9
GIT binary patch
literal 1415
zcmZuxQBxaL6#gzGxtGmCl7&#x+IH2dDYOA>C?#NROiN1*2?}D8T4$DIEnAY^%<iU&
zZ$3KXqfd<QJl58kHls88?vGN>U06~^Hkq^ce)rsSzw@1Q_wRpx{}VtSUn#hNX@MDm
zYXa8=assmga{}`UKE#a?WRT}rP!PwoL~cs6ID%VP5-2EG#)?EflIFHF9}C=(@1npb
z0ws>S3hrT*<37Xq6~psP*S8$oyK8yIPTOoTum(eH#j-8`Hp6iC>NZ29<g`qNMA@><
zO0TnHx?9qj7CMGyGfZY5m7f~VjM=tfKbhV1UCVy5EH{pB`bKka-RK7X91l3w7{p4m
zeH>rebb4;nT(xAh#J174T83}V&F5q|6_;?CIMix2vh{kML2EP``WiiYksf{F=B*`S
zTm9}E$0h3Vqk*?;xfCu|t=(8GuF`ok`TU}MI3B9_6lE1};UdG-fO9bv;-2d|u8MW(
zR6&`es$v755xF({nWU#1t(I$g9>?b@HnFAR3+cNp&6g-MBtysVt*+iA;Z)QlJ`v*G
zUB@<cJJ69x1WD_b-R=1~UEkU@>^*(o>E#%dfgT)n6%9P1@B`A-ou_8gr#haY{wc?!
zio7B4nmlc8o*@<FM3S#suIE>b4(XQ8o>5F{ie%_pHbU1#2o;Y+IeqHB=bIg>oYNzc
z>7$^QGrK|U;S(j(=qwZYAfMAP1Mf<wHuct-Y^b%=@aU4|?^CCRQ|dUMl8A@%hShyz
zbwg@TLJUMKwdoR23%5*<x~6r~2r^EO7U%{v@HXAM3v@$Sa!R%ijfTNwcaqg<c9GtU
z-qGpTU@vIEXbTVvK!y>#gLi4H(?SJ95VZEIHdNMz*R@DRixwhUtPs_BA*P7}pXp=d
z0I8Qy4)D_-h}U03{p(sEqapZh2wv}F>;Pjgk<gN_kUGTUOr#Gj^s9z`nP?y5A-Z&e
z#`>5z-kuJ&U&`=4CXb<W0Th?Pr)Vg%8Va)d8s}&nB?)5m<CLAiDA^Pgr0K(yp_z^`
z<dDDuk|@#2LuhnQ#_<>v*ds3wllXz+{D>+1OgnzTc^s0o&q>NF6g>;^F9i@B?{U2U
z|35I1N~blA)7c-Klp!DJ4WzWpE1W+7j~pU0{2P=3`LHDNkSK=KJF;-uAh)ak0T3ZI
AF#rGn

literal 0
HcmV?d00001

diff --git a/regression/strings/Validate01/Validate01.java b/regression/strings/Validate01/Validate01.java
new file mode 100644
index 00000000000..3443cd30588
--- /dev/null
+++ b/regression/strings/Validate01/Validate01.java
@@ -0,0 +1,30 @@
+public class Validate01
+{
+   public static void main(String[] args)
+   {
+      String firstName = "XXX";
+      String lastName = "YYY";
+      String address = "ZZZ IIII AAAA 5689";
+      String city = "Oxford";
+      String state = "Oxfordshire";
+      String zip = "OX37AF";
+      String phone = "+4477777";
+
+      if (!ValidateInput01.validateFirstName(firstName))
+         assert false;
+      else if (!ValidateInput01.validateLastName(lastName))
+         assert false;
+      else if (!ValidateInput01.validateAddress(address))
+         System.out.println("Invalid address");
+      else if (!ValidateInput01.validateCity(city))
+         assert false;
+      else if (!ValidateInput01.validateState(state))
+         assert false;
+      else if (!ValidateInput01.validateZip(zip))
+         System.out.println("Invalid zip code");
+      else if (!ValidateInput01.validatePhone(phone))
+         System.out.println("Invalid phone number");
+      else
+         System.out.println("Valid input.  Thank you.");
+   }
+}
diff --git a/regression/strings/Validate01/ValidateInput01.class b/regression/strings/Validate01/ValidateInput01.class
new file mode 100644
index 0000000000000000000000000000000000000000..5efab9300fcd9f0ac4b50c6e91c370bb287cb27e
GIT binary patch
literal 880
zcma)(O;6iE5Qg6gBsRw2@DV6b2(%RPAs49Vp(?6`kSZZXfRu_uJ`S7M0;9x1_9hZ3
z{G(oa0f_@Ypg*eW7;vCyrPha?nRlMuoqhf5_w5~kZLAqEFsEbQzye<DSk$qkBdcRs
z$BKqG8r~98JD%^!FNC37{+KYl*Ku5eRq}lIpxbV^!8g%pu`<yUEzc3s{ptmwJP>Wx
zGP%;3=!uP%@J}|%GVuJ9&-n@=9kV47qgE{KI!@q*A;FB5Jx^W`#^SOp`4YltTvxpF
zXWgUIj?Z1A-022Qo+TP>`uK6QegC{GH@DtLLzx(bNf@v0+Ld}$*!?ILG_0C<hcsdC
zLF?Cxx$3$-Ad2|{VXfvAYaurtw-ql3SuGr-dBXC)kz~#J{_%>iP~EaW)w%d^Wj{+<
z*ygVF;tA~Gle347Gq)-Kk{-+^Xl)^zr*4Q9jPTEnJ{@cxOkT&hTI5I^lZ6}5Pfpkp
zUQ_oX@g@st&LcF7#J#E&CKJ~f`tbrzGCZMzhZV5F@T3Y(DqxG@DHWVjz!`?8{}-NT
aIHQ6!#mQNQXH>ARfLGb7S#~IaSAPH|Ae`<1

literal 0
HcmV?d00001

diff --git a/regression/strings/Validate01/ValidateInput01.java b/regression/strings/Validate01/ValidateInput01.java
new file mode 100644
index 00000000000..961b02f2d30
--- /dev/null
+++ b/regression/strings/Validate01/ValidateInput01.java
@@ -0,0 +1,38 @@
+public class ValidateInput01
+{
+   public static boolean validateFirstName(String firstName)
+   {
+      return firstName.matches("[A-Z][a-zA-Z]*");
+   }
+
+   public static boolean validateLastName(String lastName)
+   {
+      return lastName.matches("[a-zA-z]+(['-][a-zA-Z]+)*");
+   }
+
+   public static boolean validateAddress(String address)
+   {
+      return address.matches(
+         "\\d+\\s+([a-zA-Z]+|[a-zA-Z]+\\s[a-zA-Z]+)");
+   }
+
+   public static boolean validateCity(String city)
+   {
+      return city.matches("([a-zA-Z]+|[a-zA-Z]+\\s[a-zA-Z]+)");
+   }
+
+   public static boolean validateState(String state)
+   {
+      return state.matches("([a-zA-Z]+|[a-zA-Z]+\\s[a-zA-Z]+)") ;
+   }
+
+   public static boolean validateZip(String zip)
+   {
+      return zip.matches("\\d{5}");
+   }
+
+   public static boolean validatePhone(String phone)
+   {
+      return phone.matches("[1-9]\\d{2}-[1-9]\\d{2}-\\d{4}");
+   }
+}
diff --git a/regression/strings/Validate01/test.desc b/regression/strings/Validate01/test.desc
new file mode 100644
index 00000000000..e797b2735aa
--- /dev/null
+++ b/regression/strings/Validate01/test.desc
@@ -0,0 +1,8 @@
+FUTURE
+Validate01.class
+--string-refine
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION SUCCESSFUL$
+--
+^warning: ignoring
diff --git a/regression/strings/Validate02/Validate02.class b/regression/strings/Validate02/Validate02.class
new file mode 100644
index 0000000000000000000000000000000000000000..1d9ddd04737b9414e691eb9c5a1576b5d60823e6
GIT binary patch
literal 1187
zcmZuw*;3O`82(PTgf!4LEEW|B3djyZ*%2rOv<TD@hS54+gf>8+O*%=+h>yYxa4pV2
zM`!fjSMXib{{%{5hLg-$zVk2NzntHHzyAb~Kt@6fx<qt~crKzxM6ZZG3H=zTLlXuC
z3`wX%7e|KcFoG8%MkS0P!I5zh6MUT%F(qPJz>I`h%n5kO(AcRtj&8e#Wjf1-qwN;-
zJOj%zgysy>aOWBPJ-s^&fs~ck86xY3sc)8xySly2h3TTG874zZ&&Tyc?N}QwXy*R#
zmTMd4{w!Cl-*UCw(S}y?<OR$NSYQz6a)oRA(w0@WbNZ^mtwnaUf|1u;ePncqo0HLs
zhYU(Kn^n^^)Fcgcd}3;v7-l~2SvJuPUu~QN!zL4<%=@v)<SO~-Pb4P!5U?mCi6t2i
z5NC+jcqXgCuh_O_%Sd5Kz_N@LkiMKYk2xDPXSgQ<Udeckw2U<@QB>7C$0f2d-f%El
z1-}?2HRt6k?!}`TW~uBBsp|HDW*(_0R(Xg)s)Z_GUB(7B$wZA?X7^Cfxm2Qi5_?DR
zD%rPkm*(C^MhWrw6TxIYZ|jc3(A;xRm8jZsRWe1f-nD+>xO$P=z$z1&<|}o>8h%R^
zcFDD_6=#X0$NMhKAe6XJf!gC<zq~uDeyK}bDqgsH&Kf1+U&}_SK#fXmme(Dsa{i`p
zT(3+Q)TLQ;&|_$!2g9OqUTWI;!FUJJ{D@9%v@%+QeV1TgxgZ|X9P&U$FQ^SqXwOCe
zz(+W+r})+t|ArFSRDv@BB{UQ4uRu6O>>T1L)_$Pw!zH9&0~Lf%(Qpn~slPzO8Ab*x
zh+HF44|&oWs33L?DIOH&@{P3RTznpvc|>R*B;q0Z1mYy3p5_?B6p)N=It`)$QzW;5
zD0O2D@1Wolg|4F+?WEm~;6D-!2~Y)e-2Q=BOcBWB)0><myx{3VX}Uo3DTKfo0{(9h
VYn-b2;kJYD$%{OT&pgVV{{iGG{m1|S

literal 0
HcmV?d00001

diff --git a/regression/strings/Validate02/Validate02.java b/regression/strings/Validate02/Validate02.java
new file mode 100644
index 00000000000..7f59d706e8c
--- /dev/null
+++ b/regression/strings/Validate02/Validate02.java
@@ -0,0 +1,22 @@
+public class Validate02
+{
+   public static void main(String[] args)
+   {
+      String address = "ZZZ IIII AAAA 5689";
+      String city = "Oxford";
+      String state = "Oxfordshire";
+      String zip = "OX37AF";
+      String phone = "+4477777";
+
+      if (!ValidateInput02.validateAddress(address))
+  		 assert false;
+      else if (!ValidateInput02.validateCity(city))
+         System.out.println("Invalid city");
+      else if (!ValidateInput02.validateState(state))
+         System.out.println("Invalid state");
+      else if (!ValidateInput02.validateZip(zip))
+         System.out.println("Invalid zip code");
+      else
+         System.out.println("Valid input.  Thank you.");
+   }
+}
diff --git a/regression/strings/Validate02/ValidateInput02.class b/regression/strings/Validate02/ValidateInput02.class
new file mode 100644
index 0000000000000000000000000000000000000000..8aabb3aea58bd2839638084ee1f4d27bd8d83808
GIT binary patch
literal 880
zcma)(+fLg+5QhIrNbDL@heIfb(r_jRxfDb%sv;zWRH;%#k%G9$;bIe8!6<Q%y+JC4
zH|kAqiqs1pfQLdI0}cnR)cRs)=AUnOXMf+^{<#LQg;fIvrgh91n8jNib2{GX$my8Z
zv7lj5!xACA?fIVEAtdvKBf`*L&v6M>+4J4~ez)lchoaeGW%NvRJV!|Pix-4)Uvyc^
z=F2DIOssc=-(IiC!1LRm3spiUX3HW*tytQ1oWKo3f*C7&p8QT2iOY)QO9;bpUG+|%
zbPtYuK6i~uuOGB{mT0tzqleMH`lo&QVe@@7l!;-Ogx9rQyV|G;`#g$84a+80kReRp
zYv+wpzP4r$h*F_QSgkvyddQ83ZKaDrRu2bhfiVAXBvp5Qe7q#g);8=<4K6k>?I$S<
zTimr?Jb^uYboN{G#BIrE(!JRPtt({f*bT9OSNyZ1PY0U^lh+Zh<~S0^RPhS*ixakl
z*Yur8yvag_^9ao$ai?m<vBYmAf4+cI43DbdAq8wOJf?zE3fN+JTm`2UaF*eT|Al85
Z&Z=NdadM8~NfoRs;AOVz4Lg*;)L$w+obUhu

literal 0
HcmV?d00001

diff --git a/regression/strings/Validate02/ValidateInput02.java b/regression/strings/Validate02/ValidateInput02.java
new file mode 100644
index 00000000000..ac21ba620ba
--- /dev/null
+++ b/regression/strings/Validate02/ValidateInput02.java
@@ -0,0 +1,38 @@
+public class ValidateInput02
+{
+   public static boolean validateFirstName(String firstName)
+   {
+      return firstName.matches("[A-Z][a-zA-Z]*");
+   }
+
+   public static boolean validateLastName(String lastName)
+   {
+      return lastName.matches("[a-zA-z]+(['-][a-zA-Z]+)*");
+   }
+
+   public static boolean validateAddress(String address)
+   {
+      return address.matches(
+         "\\d+\\s+([a-zA-Z]+|[a-zA-Z]+\\s[a-zA-Z]+)");
+   }
+
+   public static boolean validateCity(String city)
+   {
+      return city.matches("([a-zA-Z]+|[a-zA-Z]+\\s[a-zA-Z]+)");
+   }
+
+   public static boolean validateState(String state)
+   {
+      return state.matches("([a-zA-Z]+|[a-zA-Z]+\\s[a-zA-Z]+)") ;
+   }
+
+   public static boolean validateZip(String zip)
+   {
+      return zip.matches("\\d{5}");
+   }
+
+   public static boolean validatePhone(String phone)
+   {
+      return phone.matches("[1-9]\\d{2}-[1-9]\\d{2}-\\d{4}");
+   }
+}
diff --git a/regression/strings/Validate02/test.desc b/regression/strings/Validate02/test.desc
new file mode 100644
index 00000000000..b30016bf880
--- /dev/null
+++ b/regression/strings/Validate02/test.desc
@@ -0,0 +1,8 @@
+FUTURE
+Validate02.class
+--string-refine
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION FAILED$
+--
+^warning: ignoring

From 4fc57801cda3e706dfc199badb8f0f07885b7ba3 Mon Sep 17 00:00:00 2001
From: Daniel Kroening <kroening@cs.ox.ac.uk>
Date: Mon, 27 Feb 2017 00:18:27 +0000
Subject: [PATCH 019/699] cleanup aa-path-symex and aa-symex

---
 src/aa-path-symex/Makefile             |   15 -
 src/aa-path-symex/build_goto_trace.cpp |    1 -
 src/aa-path-symex/build_goto_trace.h   |    1 -
 src/aa-path-symex/path_symex.cpp       | 1257 ------------------------
 src/aa-path-symex/path_symex.h         |    1 -
 src/aa-path-symex/path_symex_state.cpp |  799 ---------------
 src/aa-path-symex/path_symex_state.h   |  350 -------
 src/aa-symex/Makefile                  |   68 --
 src/aa-symex/path_search.cpp           |  517 ----------
 src/aa-symex/path_search.h             |  119 ---
 10 files changed, 3128 deletions(-)
 delete mode 100644 src/aa-path-symex/Makefile
 delete mode 120000 src/aa-path-symex/build_goto_trace.cpp
 delete mode 120000 src/aa-path-symex/build_goto_trace.h
 delete mode 100644 src/aa-path-symex/path_symex.cpp
 delete mode 120000 src/aa-path-symex/path_symex.h
 delete mode 100644 src/aa-path-symex/path_symex_state.cpp
 delete mode 100644 src/aa-path-symex/path_symex_state.h
 delete mode 100644 src/aa-symex/Makefile
 delete mode 100644 src/aa-symex/path_search.cpp
 delete mode 100644 src/aa-symex/path_search.h

diff --git a/src/aa-path-symex/Makefile b/src/aa-path-symex/Makefile
deleted file mode 100644
index 9d3c4d96074..00000000000
--- a/src/aa-path-symex/Makefile
+++ /dev/null
@@ -1,15 +0,0 @@
-SRC = path_symex_state.cpp path_symex.cpp build_goto_trace.cpp
-
-INCLUDES= -I ..
-
-include ../config.inc
-include ../common
-
-CLEANFILES = aa-path-symex$(LIBEXT)
-
-all: aa-path-symex$(LIBEXT)
-
-###############################################################################
-
-aa-path-symex$(LIBEXT): $(OBJ)
-	$(LINKLIB)
diff --git a/src/aa-path-symex/build_goto_trace.cpp b/src/aa-path-symex/build_goto_trace.cpp
deleted file mode 120000
index a8d26f1b4bd..00000000000
--- a/src/aa-path-symex/build_goto_trace.cpp
+++ /dev/null
@@ -1 +0,0 @@
-../path-symex/build_goto_trace.cpp
\ No newline at end of file
diff --git a/src/aa-path-symex/build_goto_trace.h b/src/aa-path-symex/build_goto_trace.h
deleted file mode 120000
index 3183a6b0910..00000000000
--- a/src/aa-path-symex/build_goto_trace.h
+++ /dev/null
@@ -1 +0,0 @@
-../path-symex/build_goto_trace.h
\ No newline at end of file
diff --git a/src/aa-path-symex/path_symex.cpp b/src/aa-path-symex/path_symex.cpp
deleted file mode 100644
index f503f25c6e1..00000000000
--- a/src/aa-path-symex/path_symex.cpp
+++ /dev/null
@@ -1,1257 +0,0 @@
-/*******************************************************************\
-
-Module: Concrete Symbolic Transformer
-
-Author: Daniel Kroening, kroening@kroening.com
-        Alex Horn, alex.horn@cs.ox.ac.uk
-
-\*******************************************************************/
-
-#include <util/arith_tools.h>
-#include <util/simplify_expr.h>
-#include <util/byte_operators.h>
-#include <util/pointer_offset_size.h>
-#include <util/base_type.h>
-
-#include <ansi-c/c_types.h>
-
-#include <pointer-analysis/dereference.h>
-
-#include "path_symex.h"
-
-// #define DEBUG
-
-#ifdef DEBUG
-#include <iostream>
-#endif
-
-class path_symext
-{
-public:
-  inline path_symext()
-  {
-  }
-
-  void operator()(
-    path_symex_statet &state,
-    std::list<path_symex_statet> &furter_states);
-
-  void operator()(path_symex_statet &state);
-
-  void do_goto(
-    path_symex_statet &state,
-    bool taken);
-
-  void do_assert_fail(path_symex_statet &state)
-  {
-    const goto_programt::instructiont &instruction=
-      *state.get_instruction();
-
-    state.record_step();
-    state.next_pc();
-    exprt guard=state.read(not_exprt(instruction.guard));
-    state.history->guard=guard;
-  }
-
-protected:
-  void do_goto(
-    path_symex_statet &state,
-    std::list<path_symex_statet> &further_states);
-
-  void function_call(
-    path_symex_statet &state,
-    const code_function_callt &call,
-    std::list<path_symex_statet> &further_states)
-  {
-    exprt f=state.read(call.function());
-    function_call_rec(state, call, f, further_states);
-  }
-
-  void function_call_rec(
-    path_symex_statet &state,
-    const code_function_callt &function_call,
-    const exprt &function,
-    std::list<path_symex_statet> &further_states);
-
-  void return_from_function(
-    path_symex_statet &state,
-    const exprt &return_value);
-
-  void symex_malloc(
-    path_symex_statet &state,
-    const exprt &lhs,
-    const side_effect_exprt &code);
-
-  void assign(
-    path_symex_statet &state,
-    const exprt &lhs,
-    const exprt &rhs);
-
-  inline void assign(
-    path_symex_statet &state,
-    const code_assignt &assignment)
-  {
-    assign(state, assignment.lhs(), assignment.rhs());
-  }
-
-  void assign_rec(
-    path_symex_statet &state,
-    exprt::operandst &guard, // instantiated
-    const exprt &ssa_lhs, // instantiated, recursion here
-    const exprt &ssa_rhs); // instantiated
-
-  static bool propagate(const exprt &src);
-};
-
-/*******************************************************************\
-
-Function: path_symext::propagate
-
-  Inputs:
-
- Outputs:
-
- Purpose:
-
-\*******************************************************************/
-
-bool path_symext::propagate(const exprt &src)
-{
-  // propagate things that are 'simple enough'
-  if(src.is_constant())
-    return true;
-  else if(src.id()==ID_member)
-    return propagate(to_member_expr(src).struct_op());
-  else if(src.id()==ID_index)
-    return false;
-  else if(src.id()==ID_typecast)
-    return propagate(to_typecast_expr(src).op());
-  else if(src.id()==ID_symbol)
-    return true;
-  else if(src.id()==ID_address_of)
-    return true;
-  else if(src.id()==ID_plus)
-  {
-    forall_operands(it, src)
-      if(!propagate(*it))
-        return false;
-    return true;
-  }
-  else if(src.id()==ID_array)
-  {
-    forall_operands(it, src)
-      if(!propagate(*it))
-        return false;
-    return true;
-  }
-  else if(src.id()==ID_vector)
-  {
-    forall_operands(it, src)
-      if(!propagate(*it))
-        return false;
-    return true;
-  }
-  else if(src.id()==ID_if)
-  {
-    const if_exprt &if_expr=to_if_expr(src);
-    if(!propagate(if_expr.true_case()) ||
-       !propagate(if_expr.false_case()))
-      return false;
-
-    return true;
-  }
-  else if(src.id()==ID_array_of)
-  {
-    return propagate(to_array_of_expr(src).what());
-  }
-  else if(src.id()==ID_union)
-  {
-    return propagate(to_union_expr(src).op());
-  }
-  else
-  {
-    return false;
-  }
-}
-
-/*******************************************************************\
-
-Function: path_symext::assign
-
-  Inputs:
-
- Outputs:
-
- Purpose:
-
-\*******************************************************************/
-
-void path_symext::assign(
-  path_symex_statet &state,
-  const exprt &lhs,
-  const exprt &rhs)
-{
-  if(rhs.id()==ID_side_effect) // catch side effects on rhs
-  {
-    const side_effect_exprt &side_effect_expr=to_side_effect_expr(rhs);
-    const irep_idt &statement=side_effect_expr.get_statement();
-
-    if(statement==ID_malloc)
-    {
-      symex_malloc(state, lhs, side_effect_expr);
-      return;
-    }
-    else if(statement==ID_nondet)
-    {
-      // done in statet:instantiate_rec
-    }
-    else
-      throw "unexpected side-effect on rhs: "+id2string(statement);
-  }
-
-  // read the address of the lhs, with propagation
-  exprt lhs_address=state.read(address_of_exprt(lhs));
-
-  // now SSA the lhs, no propagation
-  exprt ssa_lhs=
-    state.read_no_propagate(dereference_exprt(lhs_address));
-
-  // read the rhs
-  exprt ssa_rhs=state.read(rhs);
-
-  // start recursion on lhs
-  exprt::operandst _guard; // start with empty guard
-  assign_rec(state, _guard, ssa_lhs, ssa_rhs);
-}
-
-/*******************************************************************\
-
-Function: path_symext::symex_malloc
-
-  Inputs:
-
- Outputs:
-
- Purpose:
-
-\*******************************************************************/
-
-inline static typet c_sizeof_type_rec(const exprt &expr)
-{
-  const irept &sizeof_type=expr.find(ID_C_c_sizeof_type);
-
-  if(!sizeof_type.is_nil())
-  {
-    return static_cast<const typet &>(sizeof_type);
-  }
-  else if(expr.id()==ID_mult)
-  {
-    forall_operands(it, expr)
-    {
-      typet t=c_sizeof_type_rec(*it);
-      if(t.is_not_nil())
-        return t;
-    }
-  }
-
-  return nil_typet();
-}
-
-void path_symext::symex_malloc(
-  path_symex_statet &state,
-  const exprt &lhs,
-  const side_effect_exprt &code)
-{
-  if(code.operands().size()!=1)
-    throw "malloc expected to have one operand";
-
-  // increment dynamic object counter
-  unsigned dynamic_count=++state.var_map.dynamic_count;
-
-  exprt size=code.op0();
-  typet object_type=nil_typet();
-
-  {
-    exprt tmp_size=state.read(size); // to allow constant propagation
-
-    // special treatment for sizeof(T)*x
-    if(tmp_size.id()==ID_mult &&
-       tmp_size.operands().size()==2 &&
-       tmp_size.op0().find(ID_C_c_sizeof_type).is_not_nil())
-    {
-      object_type=array_typet(
-        c_sizeof_type_rec(tmp_size.op0()),
-        tmp_size.op1());
-    }
-    else
-    {
-      typet tmp_type=c_sizeof_type_rec(tmp_size);
-
-      if(tmp_type.is_not_nil())
-      {
-        // Did the size get multiplied?
-        mp_integer elem_size=pointer_offset_size(tmp_type, state.var_map.ns);
-        mp_integer alloc_size;
-        if(elem_size<0 || to_integer(tmp_size, alloc_size))
-        {
-        }
-        else
-        {
-          if(alloc_size==elem_size)
-            object_type=tmp_type;
-          else
-          {
-            mp_integer elements=alloc_size/elem_size;
-
-            if(elements*elem_size==alloc_size)
-              object_type=
-                array_typet(tmp_type, from_integer(elements, tmp_size.type()));
-          }
-        }
-      }
-    }
-
-    if(object_type.is_nil())
-      object_type=array_typet(unsigned_char_type(), tmp_size);
-
-    // we introduce a fresh symbol for the size
-    // to prevent any issues of the size getting ever changed
-
-    if(object_type.id()==ID_array &&
-       !to_array_type(object_type).size().is_constant())
-    {
-      exprt &size=to_array_type(object_type).size();
-
-      symbolt size_symbol;
-
-      size_symbol.base_name="dynamic_object_size"+std::to_string(dynamic_count);
-      size_symbol.name="symex::"+id2string(size_symbol.base_name);
-      size_symbol.is_lvalue=true;
-      size_symbol.type=tmp_size.type();
-      size_symbol.mode=ID_C;
-
-      assign(state,
-             size_symbol.symbol_expr(),
-             size);
-
-      size=size_symbol.symbol_expr();
-    }
-  }
-
-  // value
-  symbolt value_symbol;
-
-  value_symbol.base_name=
-    "dynamic_object"+std::to_string(state.var_map.dynamic_count);
-  value_symbol.name="symex_dynamic::"+id2string(value_symbol.base_name);
-  value_symbol.is_lvalue=true;
-  value_symbol.type=object_type;
-  value_symbol.type.set("#dynamic", true);
-  value_symbol.mode=ID_C;
-
-  address_of_exprt rhs;
-
-  if(object_type.id()==ID_array)
-  {
-    rhs.type()=pointer_typet(value_symbol.type.subtype());
-    index_exprt index_expr(value_symbol.type.subtype());
-    index_expr.array()=value_symbol.symbol_expr();
-    index_expr.index()=from_integer(0, index_type());
-    rhs.op0()=index_expr;
-  }
-  else
-  {
-    rhs.op0()=value_symbol.symbol_expr();
-    rhs.type()=pointer_typet(value_symbol.type);
-  }
-
-  if(rhs.type()!=lhs.type())
-    rhs.make_typecast(lhs.type());
-
-  assign(state, lhs, rhs);
-}
-
-/*******************************************************************\
-
-Function: path_symext::assign_rec
-
-  Inputs:
-
- Outputs:
-
- Purpose:
-
-\*******************************************************************/
-
-void path_symext::assign_rec(
-  path_symex_statet &state,
-  exprt::operandst &guard,
-  const exprt &ssa_lhs,
-  const exprt &ssa_rhs)
-{
-  // const typet &ssa_lhs_type=state.var_map.ns.follow(ssa_lhs.type());
-
-  #ifdef DEBUG
-  std::cout << "assign_rec: " << ssa_lhs.pretty() << std::endl;
-  // std::cout << "ssa_lhs_type: " << ssa_lhs_type.id() << std::endl;
-  #endif
-
-  if(ssa_lhs.id()==ID_symbol)
-  {
-    // These are expected to be SSA symbols
-    assert(ssa_lhs.get_bool(ID_C_SSA_symbol));
-
-    const symbol_exprt &symbol_expr=to_symbol_expr(ssa_lhs);
-    const irep_idt &full_identifier=symbol_expr.get(ID_C_full_identifier);
-
-    #ifdef DEBUG
-    const irep_idt &ssa_identifier=symbol_expr.get_identifier();
-    std::cout << "SSA symbol identifier: " << ssa_identifier << std::endl;
-    std::cout << "full identifier: " << full_identifier << std::endl;
-    #endif
-
-    var_mapt::var_infot &var_info=state.var_map[full_identifier];
-    assert(var_info.full_identifier==full_identifier);
-
-    // increase the SSA counter and produce new SSA symbol expression
-    var_info.increment_ssa_counter();
-    symbol_exprt new_lhs=var_info.ssa_symbol();
-
-    #ifdef DEBUG
-    std::cout << "new_lhs: " << new_lhs.get_identifier() << std::endl;
-    #endif
-
-    // record new state of lhs
-    {
-      // reference is not stable
-      path_symex_statet::var_statet &var_state=state.get_var_state(var_info);
-      var_state.ssa_symbol=new_lhs;
-    }
-
-    // rhs nil means non-det assignment
-    if(ssa_rhs.is_nil())
-    {
-      path_symex_statet::var_statet &var_state=state.get_var_state(var_info);
-      var_state.value=nil_exprt();
-    }
-    else
-    {
-      // consistency check
-      if(!base_type_eq(ssa_rhs.type(), new_lhs.type(), state.var_map.ns))
-      {
-        #ifdef DEBUG
-        std::cout << "ssa_rhs: " << ssa_rhs.pretty() << std::endl;
-        std::cout << "new_lhs: " << new_lhs.pretty() << std::endl;
-        #endif
-        throw "assign_rec got different types";
-      }
-
-      // record the step
-      state.record_step();
-      path_symex_stept &step=*state.history;
-
-      if(!guard.empty())
-        step.guard=conjunction(guard);
-      step.full_lhs=ssa_lhs;
-      step.ssa_lhs=new_lhs;
-      step.ssa_rhs=ssa_rhs;
-
-      // propagate the rhs?
-      path_symex_statet::var_statet &var_state=state.get_var_state(var_info);
-      var_state.value=propagate(ssa_rhs)?ssa_rhs:nil_exprt();
-    }
-  }
-  else if(ssa_lhs.id()==ID_member)
-  {
-    #ifdef DEBUG
-    std::cout << "assign_rec ID_member" << std::endl;
-    #endif
-
-    const member_exprt &ssa_lhs_member_expr=to_member_expr(ssa_lhs);
-    const exprt &struct_op=ssa_lhs_member_expr.struct_op();
-
-    const typet &compound_type=
-      state.var_map.ns.follow(struct_op.type());
-
-    if(compound_type.id()==ID_struct)
-    {
-      // We flatten the top-level structs, so this one is inside an
-      // array or a union.
-
-      exprt member_name(ID_member_name);
-      member_name.set(
-        ID_component_name,
-        ssa_lhs_member_expr.get_component_name());
-
-      with_exprt new_rhs(struct_op, member_name, ssa_rhs);
-
-      assign_rec(state, guard, struct_op, new_rhs);
-    }
-    else if(compound_type.id()==ID_union)
-    {
-      // rewrite into byte_extract, and do again
-      exprt offset=from_integer(0, index_type());
-
-      byte_extract_exprt
-        new_lhs(byte_update_id(), struct_op, offset, ssa_rhs.type());
-
-      assign_rec(state, guard, new_lhs, ssa_rhs);
-    }
-    else
-      throw "assign_rec: member expects struct or union type";
-  }
-  else if(ssa_lhs.id()==ID_index)
-  {
-    #ifdef DEBUG
-    std::cout << "assign_rec ID_index" << std::endl;
-    #endif
-
-    throw "unexpected array index on lhs";
-  }
-  else if(ssa_lhs.id()==ID_dereference)
-  {
-    #ifdef DEBUG
-    std::cout << "assign_rec ID_dereference" << std::endl;
-    #endif
-
-    throw "unexpected dereference on lhs";
-  }
-  else if(ssa_lhs.id()==ID_if)
-  {
-    #ifdef DEBUG
-    std::cout << "assign_rec ID_if" << std::endl;
-    #endif
-
-    const if_exprt &lhs_if_expr=to_if_expr(ssa_lhs);
-    exprt cond=lhs_if_expr.cond();
-
-    // true
-    guard.push_back(cond);
-    assign_rec(state, guard, lhs_if_expr.true_case(), ssa_rhs);
-    guard.pop_back();
-
-    // false
-    guard.push_back(not_exprt(cond));
-    assign_rec(state, guard, lhs_if_expr.false_case(), ssa_rhs);
-    guard.pop_back();
-  }
-  else if(ssa_lhs.id()==ID_byte_extract_little_endian ||
-          ssa_lhs.id()==ID_byte_extract_big_endian)
-  {
-    #ifdef DEBUG
-    std::cout << "assign_rec ID_byte_extract" << std::endl;
-    #endif
-
-    const byte_extract_exprt &byte_extract_expr=
-      to_byte_extract_expr(ssa_lhs);
-
-    // assignment to byte_extract operators:
-    // turn into byte_update operator
-
-    irep_idt new_id;
-
-    if(ssa_lhs.id()==ID_byte_extract_little_endian)
-      new_id=ID_byte_update_little_endian;
-    else if(ssa_lhs.id()==ID_byte_extract_big_endian)
-      new_id=ID_byte_update_big_endian;
-    else
-      assert(false);
-
-    byte_update_exprt new_rhs(new_id);
-
-    new_rhs.type()=byte_extract_expr.op().type();
-    new_rhs.op()=byte_extract_expr.op();
-    new_rhs.offset()=byte_extract_expr.offset();
-    new_rhs.value()=ssa_rhs;
-
-    const exprt new_lhs=byte_extract_expr.op();
-
-    assign_rec(state, guard, new_lhs, new_rhs);
-  }
-  else if(ssa_lhs.id()==ID_struct)
-  {
-    const struct_typet &struct_type=
-      to_struct_type(state.var_map.ns.follow(ssa_lhs.type()));
-    const struct_typet::componentst &components=
-      struct_type.components();
-
-    // split up into components
-    const exprt::operandst &operands=ssa_lhs.operands();
-
-    assert(operands.size()==components.size());
-
-    for(std::size_t i=0; i<components.size(); i++)
-    {
-      exprt new_rhs=
-        ssa_rhs.is_nil()?ssa_rhs:
-        simplify_expr(
-          member_exprt(ssa_rhs, components[i].get_name(), components[i].type()),
-          state.var_map.ns);
-      assign_rec(state, guard, operands[i], new_rhs);
-    }
-  }
-  else if(ssa_lhs.id()==ID_array)
-  {
-    const typet &ssa_lhs_type=state.var_map.ns.follow(ssa_lhs.type());
-
-    if(ssa_lhs_type.id()!=ID_array)
-      throw "array constructor must have array type";
-
-    const array_typet &array_type=
-      to_array_type(ssa_lhs_type);
-
-    const exprt::operandst &operands=ssa_lhs.operands();
-
-    // split up into elements
-    for(std::size_t i=0; i<operands.size(); i++)
-    {
-      exprt new_rhs=
-        ssa_rhs.is_nil()?ssa_rhs:
-        simplify_expr(
-          index_exprt(
-            ssa_rhs,
-            from_integer(i, index_type()),
-            array_type.subtype()),
-          state.var_map.ns);
-      assign_rec(state, guard, operands[i], new_rhs);
-    }
-  }
-  else if(ssa_lhs.id()==ID_vector)
-  {
-    const vector_typet &vector_type=
-      to_vector_type(state.var_map.ns.follow(ssa_lhs.type()));
-
-    const exprt::operandst &operands=ssa_lhs.operands();
-
-    // split up into elements
-    for(std::size_t i=0; i<operands.size(); i++)
-    {
-      exprt new_rhs=
-        ssa_rhs.is_nil()?ssa_rhs:
-        simplify_expr(
-          index_exprt(
-            ssa_rhs,
-            from_integer(i, index_type()),
-            vector_type.subtype()),
-          state.var_map.ns);
-      assign_rec(state, guard, operands[i], new_rhs);
-    }
-  }
-  else if(ssa_lhs.id()==ID_string_constant ||
-          ssa_lhs.id()=="NULL-object" ||
-          ssa_lhs.id()=="zero_string" ||
-          ssa_lhs.id()=="is_zero_string" ||
-          ssa_lhs.id()=="zero_string_length")
-  {
-    // ignore
-  }
-  else
-  {
-    // ignore
-    throw "path_symext::assign_rec(): unexpected lhs: "+ssa_lhs.id_string();
-  }
-}
-
-/*******************************************************************\
-
-Function: path_symext::function_call_rec
-
-  Inputs:
-
- Outputs:
-
- Purpose:
-
-\*******************************************************************/
-
-void path_symext::function_call_rec(
-  path_symex_statet &state,
-  const code_function_callt &call,
-  const exprt &function,
-  std::list<path_symex_statet> &further_states)
-{
-  #ifdef DEBUG
-  std::cout << "function_call_rec: " << function.pretty() << std::endl;
-  #endif
-
-  if(function.id()==ID_symbol)
-  {
-    const irep_idt &function_identifier=
-      to_symbol_expr(function).get_identifier();
-
-    // find the function
-    locst::function_mapt::const_iterator f_it=
-      state.locs.function_map.find(function_identifier);
-
-    if(f_it==state.locs.function_map.end())
-      throw
-        "failed to find `"+id2string(function_identifier)+
-        "' in function_map";
-
-    const locst::function_entryt &function_entry=f_it->second;
-
-    loc_reft function_entry_point=function_entry.first_loc;
-
-    // do we have a body?
-    if(function_entry_point==loc_reft())
-    {
-      // no body
-
-      // this is a skip
-      if(call.lhs().is_not_nil())
-        assign(state, call.lhs(), nil_exprt());
-
-      state.next_pc();
-      return;
-    }
-
-    // push a frame on the call stack
-    path_symex_statet::threadt &thread=
-      state.threads[state.get_current_thread()];
-    thread.call_stack.push_back(path_symex_statet::framet());
-    thread.call_stack.back().current_function=function_identifier;
-    thread.call_stack.back().return_location=thread.pc.next_loc();
-    thread.call_stack.back().return_lhs=call.lhs();
-    thread.call_stack.back().saved_local_vars=thread.local_vars;
-
-
-    const code_typet &code_type=function_entry.type;
-
-    const code_typet::parameterst &function_parameters=code_type.parameters();
-
-    const exprt::operandst &call_arguments=call.arguments();
-
-    // now assign the argument values to parameters
-    for(std::size_t i=0; i<call_arguments.size(); i++)
-    {
-      if(i<function_parameters.size())
-      {
-        const code_typet::parametert &function_parameter=function_parameters[i];
-        irep_idt identifier=function_parameter.get_identifier();
-
-        if(identifier==irep_idt())
-          throw "function_call " + id2string(function_identifier)
-              + " no identifier for function parameter";
-
-        symbol_exprt lhs(identifier, function_parameter.type());
-        exprt rhs=call_arguments[i];
-
-        // TODO: need to save+restore
-
-        assign(state, lhs, rhs);
-      }
-    }
-
-    // update statistics
-    state.recursion_map[function_identifier]++;
-
-    // set the new PC
-    thread.pc=function_entry_point;
-  }
-  else if(function.id()==ID_dereference)
-  {
-    // should not happen, we read() before
-    throw "function_call_rec got dereference";
-  }
-  else if(function.id()==ID_if)
-  {
-    const if_exprt &if_expr=to_if_expr(function);
-    exprt guard=if_expr.cond();
-
-    if(state.is_lazy())
-    {
-      const exprt &case_expr=state.restore_branch()?
-        if_expr.true_case():if_expr.false_case();
-      function_call_rec(state, call, case_expr, further_states);
-    }
-    else
-    {
-      {
-        // add a 'further state' for the false-case
-        further_states.push_back(state);
-        path_symex_statet &false_state=further_states.back();
-        false_state.record_branch_step(false);
-        false_state.history->guard=not_exprt(guard);
-        function_call_rec(
-          further_states.back(), call, if_expr.false_case(), further_states);
-      }
-
-      // do the true-case in 'state'
-      {
-        state.record_branch_step(true);
-        state.history->guard=guard;
-        function_call_rec(state, call, if_expr.true_case(), further_states);
-      }
-    }
-  }
-  else
-    // NOLINTNEXTLINE(readability/throw) as message is correctly uppercase
-    throw "TODO: function_call "+function.id_string();
-}
-
-/*******************************************************************\
-
-Function: path_symext::return_from_function
-
-  Inputs:
-
- Outputs:
-
- Purpose:
-
-\*******************************************************************/
-
-void path_symext::return_from_function(
-  path_symex_statet &state,
-  const exprt &return_value)
-{
-  path_symex_statet::threadt &thread=state.threads[state.get_current_thread()];
-
-  // returning from very last function?
-  if(thread.call_stack.empty())
-  {
-    state.disable_current_thread();
-  }
-  else
-  {
-    // update statistics
-    state.recursion_map[thread.call_stack.back().current_function]--;
-
-    // set PC to return location
-    thread.pc=thread.call_stack.back().return_location;
-
-    // assign the return value
-    if(return_value.is_not_nil() &&
-       thread.call_stack.back().return_lhs.is_not_nil())
-      assign(state, thread.call_stack.back().return_lhs, return_value);
-
-    thread.call_stack.pop_back();
-  }
-}
-
-/*******************************************************************\
-
-Function: path_symext::do_goto
-
-  Inputs:
-
- Outputs:
-
- Purpose:
-
-\*******************************************************************/
-
-void path_symext::do_goto(
-  path_symex_statet &state,
-  std::list<path_symex_statet> &further_states)
-{
-  const goto_programt::instructiont &instruction=
-    *state.get_instruction();
-
-  if(instruction.is_backwards_goto())
-  {
-    // we keep a statistic on how many times we execute backwards gotos
-    state.unwinding_map[state.pc()]++;
-  }
-
-  const loct &loc=state.locs[state.pc()];
-  assert(!loc.branch_target.is_nil());
-
-  exprt guard=state.read(instruction.guard);
-
-  if(guard.is_true()) // branch taken always
-  {
-    state.record_branch_step(true);
-    state.set_pc(loc.branch_target);
-    return; // we are done
-  }
-
-#ifdef PATH_SYMEX_FORK
-  pid_t pid=-1;
-#endif
-
-  if(!guard.is_false())
-  {
-    // branch taken case
-
-#ifdef PATH_SYMEX_FORK
-    pid=fork();
-    if(pid==0)
-    {
-      // "state" is stored in "further_states"
-      assert(!further_states.empty());
-
-      // child process explores paths starting from the
-      // new state thereby partitioning the search space
-      std::list<path_symex_statet>::iterator
-      s_it=further_states.begin(), s_end=further_states.end();
-      while(s_it!=s_end)
-      {
-        if(&(*s_it)!=&state)
-          // iterators in std::list are stable
-          s_it=further_states.erase(s_it);
-        else
-          ++s_it;
-      }
-
-      assert(further_states.size()==1);
-
-      // branch not taken case
-      state.record_branch_step(false);
-      state.set_pc(loc.branch_target);
-      state.history->guard=guard;
-    }
-#endif
-
-#ifdef PATH_SYMEX_FORK
-    // forking failed so continue as if PATH_SYMEX_FORK were undefined
-    if(pid==-1) // NOLINT(readability/braces)
-#endif
-    {
-#ifdef PATH_SYMEX_LAZY_STATE
-      // lazily copy the state into 'further_states'
-      further_states.push_back(path_symex_statet::lazy_copy(state));
-      further_states.back().record_true_branch();
-#else
-      // eagerly copy the state into 'further_states'
-      further_states.push_back(state);
-      further_states.back().record_branch_step(true);
-      further_states.back().set_pc(loc.branch_target);
-      further_states.back().history->guard=guard;
-#endif
-    }
-  }
-
-#ifdef PATH_SYMEX_FORK
-  // parent process (regardless of any possible fork errors)
-  // should finish to explore all current 'further_states'
-  if(pid!=0) // NOLINT(readability/braces)
-#endif
-  {
-    // branch not taken case
-    exprt negated_guard=not_exprt(guard);
-    state.record_branch_step(false);
-    state.next_pc();
-    state.history->guard=negated_guard;
-  }
-}
-
-/*******************************************************************\
-
-Function: path_symext::do_goto
-
-  Inputs:
-
- Outputs:
-
- Purpose:
-
-\*******************************************************************/
-
-void path_symext::do_goto(
-  path_symex_statet &state,
-  bool taken)
-{
-  state.record_step();
-
-  const goto_programt::instructiont &instruction=
-    *state.get_instruction();
-
-  if(instruction.is_backwards_goto())
-  {
-    // we keep a statistic on how many times we execute backwards gotos
-    state.unwinding_map[state.pc()]++;
-  }
-
-  exprt guard=state.read(instruction.guard);
-
-  if(taken)
-  {
-    // branch taken case
-    const loct &loc=state.locs[state.pc()];
-    assert(!loc.branch_target.is_nil());
-    state.set_pc(loc.branch_target);
-    state.history->guard=guard;
-  }
-  else
-  {
-    // branch not taken case
-    exprt negated_guard=not_exprt(guard);
-    state.next_pc();
-    state.history->guard=negated_guard;
-  }
-}
-
-/*******************************************************************\
-
-Function: path_symext::operator()
-
-  Inputs:
-
- Outputs:
-
- Purpose:
-
-\*******************************************************************/
-
-void path_symext::operator()(
-  path_symex_statet &state,
-  std::list<path_symex_statet> &further_states)
-{
-  const goto_programt::instructiont &instruction=
-    *state.get_instruction();
-
-  #ifdef DEBUG
-  std::cout << "path_symext::operator(): " << instruction.type
-            << std::endl;
-  #endif
-
-  switch(instruction.type)
-  {
-  case END_FUNCTION:
-    // pop the call stack
-    state.record_step();
-    return_from_function(state, nil_exprt());
-    break;
-
-  case RETURN:
-    // pop the call stack
-    {
-      state.record_step();
-      exprt return_val=instruction.code.operands().size()==1?
-                       instruction.code.op0():nil_exprt();
-      return_from_function(state, return_val);
-    }
-    break;
-
-  case START_THREAD:
-    {
-      const loct &loc=state.locs[state.pc()];
-      assert(!loc.branch_target.is_nil());
-
-      state.record_step();
-      state.next_pc();
-
-      // ordering of the following matters due to vector instability
-      path_symex_statet::threadt &new_thread=state.add_thread();
-      path_symex_statet::threadt &old_thread=
-        state.threads[state.get_current_thread()];
-      new_thread.pc=loc.branch_target;
-      new_thread.local_vars=old_thread.local_vars;
-    }
-    break;
-
-  case END_THREAD:
-    state.record_step();
-    state.disable_current_thread();
-    break;
-
-  case GOTO:
-    if(state.is_lazy())
-      do_goto(state, state.restore_branch());
-    else
-      do_goto(state, further_states);
-    break;
-
-  case CATCH:
-    // ignore for now
-    state.record_step();
-    state.next_pc();
-    break;
-
-  case THROW:
-    state.record_step();
-    throw "THROW not yet implemented"; // NOLINT(readability/throw)
-
-  case ASSUME:
-    state.record_step();
-    state.next_pc();
-    if(instruction.guard.is_false())
-      state.disable_current_thread();
-    else
-    {
-      exprt guard=state.read(instruction.guard);
-      state.history->guard=guard;
-    }
-    break;
-
-  case ASSERT:
-  case SKIP:
-  case LOCATION:
-  case DEAD:
-    state.record_step();
-    state.next_pc();
-    break;
-
-  case DECL:
-    // assigning an RHS of NIL means 'nondet'
-    assign(state, to_code_decl(instruction.code).symbol(), nil_exprt());
-    state.next_pc();
-    break;
-
-  case ATOMIC_BEGIN:
-    if(state.inside_atomic_section)
-      throw "nested ATOMIC_BEGIN";
-
-    state.record_step();
-    state.next_pc();
-    state.inside_atomic_section=true;
-    break;
-
-  case ATOMIC_END:
-    if(!state.inside_atomic_section)
-      throw "ATOMIC_END unmatched"; // NOLINT(readability/throw)
-
-    state.record_step();
-    state.next_pc();
-    state.inside_atomic_section=false;
-    break;
-
-  case ASSIGN:
-    assign(state, to_code_assign(instruction.code));
-    state.next_pc();
-    break;
-
-  case FUNCTION_CALL:
-    state.record_step();
-    function_call(
-      state, to_code_function_call(instruction.code), further_states);
-    break;
-
-  case OTHER:
-    state.record_step();
-
-    {
-      const codet &code=instruction.code;
-      const irep_idt &statement=code.get_statement();
-
-      if(statement==ID_expression)
-      {
-        // like SKIP
-      }
-      else if(statement==ID_printf)
-      {
-        // ignore for now (should record stuff printed)
-      }
-      else if(statement==ID_asm)
-      {
-        // ignore for now
-      }
-      else if(statement==ID_fence)
-      {
-        // ignore for SC
-      }
-      else if(statement==ID_input)
-      {
-        // just needs to be recorded
-      }
-      else
-        throw "unexpected OTHER statement: "+id2string(statement);
-    }
-
-    state.next_pc();
-    break;
-
-  default:
-    throw "path_symext: unexpected instruction";
-  }
-}
-
-/*******************************************************************\
-
-Function: path_symext::operator()
-
-  Inputs:
-
- Outputs:
-
- Purpose:
-
-\*******************************************************************/
-
-void path_symext::operator()(path_symex_statet &state)
-{
-  std::list<path_symex_statet> further_states;
-  operator()(state, further_states);
-  if(!further_states.empty())
-    throw "path_symext got unexpected further states";
-}
-
-/*******************************************************************\
-
-Function: path_symex
-
-  Inputs:
-
- Outputs:
-
- Purpose:
-
-\*******************************************************************/
-
-void path_symex(
-  path_symex_statet &state,
-  std::list<path_symex_statet> &further_states)
-{
-  // "state" is stored in "further_states"
-  assert(!further_states.empty());
-
-  path_symext path_symex;
-  path_symex(state, further_states);
-}
-
-/*******************************************************************\
-
-Function: path_symex
-
-  Inputs:
-
- Outputs:
-
- Purpose:
-
-\*******************************************************************/
-
-void path_symex(path_symex_statet &state)
-{
-  path_symext path_symex;
-  path_symex(state);
-}
-
-/*******************************************************************\
-
-Function: path_symex_goto
-
-  Inputs:
-
- Outputs:
-
- Purpose:
-
-\*******************************************************************/
-
-void path_symex_goto(
-  path_symex_statet &state,
-  bool taken)
-{
-  path_symext path_symex;
-  path_symex.do_goto(state, taken);
-}
-
-/*******************************************************************\
-
-Function: path_symex_assert_fail
-
-  Inputs:
-
- Outputs:
-
- Purpose:
-
-\*******************************************************************/
-
-void path_symex_assert_fail(path_symex_statet &state)
-{
-  path_symext path_symex;
-  path_symex.do_assert_fail(state);
-}
diff --git a/src/aa-path-symex/path_symex.h b/src/aa-path-symex/path_symex.h
deleted file mode 120000
index 538d30846d4..00000000000
--- a/src/aa-path-symex/path_symex.h
+++ /dev/null
@@ -1 +0,0 @@
-../path-symex/path_symex.h
\ No newline at end of file
diff --git a/src/aa-path-symex/path_symex_state.cpp b/src/aa-path-symex/path_symex_state.cpp
deleted file mode 100644
index b0c502f639d..00000000000
--- a/src/aa-path-symex/path_symex_state.cpp
+++ /dev/null
@@ -1,799 +0,0 @@
-/*******************************************************************\
-
-Module: State of path-based symbolic simulator
-
-Author: Daniel Kroening, kroening@kroening.com
-        Alex Horn, alex.horn@cs.ox.ac.uk
-
-\*******************************************************************/
-
-#include <util/simplify_expr.h>
-#include <util/arith_tools.h>
-#include <util/decision_procedure.h>
-
-#include <ansi-c/c_types.h>
-
-#include <pointer-analysis/dereference.h>
-
-#include <goto-symex/adjust_float_expressions.h>
-#include <goto-symex/rewrite_union.h>
-
-#include "path_symex_state.h"
-
-// #define DEBUG
-
-#ifdef DEBUG
-#include <iostream>
-#include <langapi/language_util.h>
-#endif
-
-/*******************************************************************\
-
-Function: initial_state
-
-  Inputs:
-
- Outputs:
-
- Purpose:
-
-\*******************************************************************/
-
-path_symex_statet initial_state(
-  var_mapt &var_map,
-  const locst &locs,
-  path_symex_historyt &path_symex_history)
-{
-  return path_symex_statet(
-    var_map,
-    locs,
-    path_symex_step_reft(path_symex_history),
-    path_symex_statet::branchest());
-}
-
-/*******************************************************************\
-
-Function: path_symex_statet::output
-
-  Inputs:
-
- Outputs:
-
- Purpose:
-
-\*******************************************************************/
-
-goto_programt::const_targett path_symex_statet::get_instruction() const
-{
-  assert(current_thread<threads.size());
-  return locs[threads[current_thread].pc].target;
-}
-
-/*******************************************************************\
-
-Function: path_symex_statet::output
-
-  Inputs:
-
- Outputs:
-
- Purpose:
-
-\*******************************************************************/
-
-void path_symex_statet::output(const threadt &thread, std::ostream &out) const
-{
-  out << "  PC: " << thread.pc << std::endl;
-  out << "  Call stack:";
-  for(const auto &call : thread.call_stack)
-    out << " " << call.return_location << std::endl;
-  out << std::endl;
-}
-
-/*******************************************************************\
-
-Function: path_symex_statet::output
-
-  Inputs:
-
- Outputs:
-
- Purpose:
-
-\*******************************************************************/
-
-void path_symex_statet::output(std::ostream &out) const
-{
-  for(unsigned t=0; t<threads.size(); t++)
-  {
-    out << "*** Thread " << t << std::endl;
-    output(threads[t], out);
-    out << std::endl;
-  }
-}
-
-/*******************************************************************\
-
-Function: path_symex_statet::get_var_state
-
-  Inputs:
-
- Outputs:
-
- Purpose:
-
-\*******************************************************************/
-
-path_symex_statet::var_statet &path_symex_statet::get_var_state(
-  const var_mapt::var_infot &var_info)
-{
-  assert(current_thread<threads.size());
-
-  var_valt &var_val=
-    var_info.is_shared()?shared_vars:threads[current_thread].local_vars;
-  if(var_val.size()<=var_info.number)
-    var_val.resize(var_info.number+1);
-  return var_val[var_info.number];
-}
-
-/*******************************************************************\
-
-Function: path_symex_statet::read
-
-  Inputs:
-
- Outputs:
-
- Purpose:
-
-\*******************************************************************/
-
-exprt path_symex_statet::read(const exprt &src, bool propagate)
-{
-  #ifdef DEBUG
-  // std::cout << "path_symex_statet::read " << src.pretty() << std::endl;
-  #endif
-
-  // This has five phases!
-  // 1. Floating-point expression adjustment (rounding mode)
-  // 2. Rewrite unions into byte operators
-  // 3. Dereferencing, including propagation of pointers.
-  // 4. Rewriting to SSA symbols
-  // 5. Simplifier
-
-  exprt tmp1=src;
-  adjust_float_expressions(tmp1, var_map.ns);
-
-  exprt tmp2=tmp1;
-  rewrite_union(tmp2, var_map.ns);
-
-  // we force propagation for dereferencing
-  exprt tmp3=dereference_rec(tmp2, true);
-
-  exprt tmp4=instantiate_rec(tmp3, propagate);
-
-  exprt tmp5=simplify_expr(tmp4, var_map.ns);
-
-  #ifdef DEBUG
-  // std::cout << " ==> " << tmp.pretty() << std::endl;
-  #endif
-
-  return tmp5;
-}
-
-/*******************************************************************\
-
-Function: path_symex_statet::instantiate_rec
-
-  Inputs:
-
- Outputs:
-
- Purpose:
-
-\*******************************************************************/
-
-exprt path_symex_statet::instantiate_rec(
-  const exprt &src,
-  bool propagate)
-{
-  #ifdef DEBUG
-  std::cout << "instantiate_rec: "
-            << from_expr(var_map.ns, "", src) << std::endl;
-  #endif
-
-  const typet &src_type=var_map.ns.follow(src.type());
-
-  if(src_type.id()==ID_struct) // src is a struct
-  {
-    const struct_typet &struct_type=to_struct_type(src_type);
-    const struct_typet::componentst &components=struct_type.components();
-
-    struct_exprt result(src.type());
-    result.operands().resize(components.size());
-
-    // split it up into components
-    for(unsigned i=0; i<components.size(); i++)
-    {
-      const typet &subtype=components[i].type();
-      const irep_idt &component_name=components[i].get_name();
-
-      exprt new_src;
-      if(src.id()==ID_struct) // struct constructor?
-      {
-        assert(src.operands().size()==components.size());
-        new_src=src.operands()[i];
-      }
-      else
-        new_src=member_exprt(src, component_name, subtype);
-
-      // recursive call
-      result.operands()[i]=instantiate_rec(new_src, propagate);
-    }
-
-    return result; // done
-  }
-  else if(src_type.id()==ID_array) // src is an array
-  {
-    const array_typet &array_type=to_array_type(src_type);
-    const typet &subtype=array_type.subtype();
-
-    if(array_type.size().is_constant())
-    {
-      mp_integer size;
-      if(to_integer(array_type.size(), size))
-        throw "failed to convert array size";
-
-      std::size_t size_int=integer2size_t(size);
-
-      array_exprt result(array_type);
-      result.operands().resize(size_int);
-
-      // split it up into elements
-      for(std::size_t i=0; i<size_int; ++i)
-      {
-        exprt index=from_integer(i, array_type.size().type());
-        exprt new_src=index_exprt(src, index, subtype);
-
-        // array constructor?
-        if(src.id()==ID_array)
-          new_src=simplify_expr(new_src, var_map.ns);
-
-        // recursive call
-        result.operands()[i]=instantiate_rec(new_src, propagate);
-      }
-
-      return result; // done
-    }
-    else
-    {
-      // TODO
-    }
-  }
-  else if(src_type.id()==ID_vector) // src is a vector
-  {
-    const vector_typet &vector_type=to_vector_type(src_type);
-    const typet &subtype=vector_type.subtype();
-
-    if(!vector_type.size().is_constant())
-      throw "vector with non-constant size";
-
-    mp_integer size;
-    if(to_integer(vector_type.size(), size))
-      throw "failed to convert vector size";
-
-    std::size_t size_int=integer2size_t(size);
-
-    vector_exprt result(vector_type);
-    exprt::operandst &operands=result.operands();
-    operands.resize(size_int);
-
-    // split it up into elements
-    for(std::size_t i=0; i<size_int; ++i)
-    {
-      exprt index=from_integer(i, vector_type.size().type());
-      exprt new_src=index_exprt(src, index, subtype);
-
-      // vector constructor?
-      if(src.id()==ID_vector)
-        new_src=simplify_expr(new_src, var_map.ns);
-
-      // recursive call
-      operands[i]=instantiate_rec(new_src, propagate);
-    }
-
-    return result; // done
-  }
-
-  // check whether this is a symbol(.member|[index])*
-
-  {
-    exprt tmp_symbol_member_index=
-      read_symbol_member_index(src, propagate);
-
-    if(tmp_symbol_member_index.is_not_nil())
-      return tmp_symbol_member_index; // yes!
-  }
-
-  if(src.id()==ID_address_of)
-  {
-    assert(src.operands().size()==1);
-    exprt tmp=src;
-    tmp.op0()=instantiate_rec_address(tmp.op0(), propagate);
-    return tmp;
-  }
-  else if(src.id()==ID_side_effect)
-  {
-    // could be done separately
-    const irep_idt &statement=to_side_effect_expr(src).get_statement();
-
-    if(statement==ID_nondet)
-    {
-      irep_idt id="symex::nondet"+std::to_string(var_map.nondet_count);
-      var_map.nondet_count++;
-      return symbol_exprt(id, src.type());
-    }
-    else
-      throw "instantiate_rec: unexpected side effect "+id2string(statement);
-  }
-  else if(src.id()==ID_dereference)
-  {
-    // dereferencet has run already, so we should only be left with
-    // integer addresses. Will transform into __CPROVER_memory[]
-    // eventually.
-  }
-  else if(src.id()==ID_index)
-  {
-    // avoids indefinite recursion above
-    return src;
-  }
-  else if(src.id()==ID_member)
-  {
-    const typet &compound_type=
-      var_map.ns.follow(to_member_expr(src).struct_op().type());
-
-    if(compound_type.id()==ID_struct)
-    {
-      // avoids indefinite recursion above
-      return src;
-    }
-    else if(compound_type.id()==ID_union)
-    {
-      // should already have been rewritten to byte_extract
-      throw "unexpected union member";
-    }
-    else
-    {
-      throw "member expects struct or union type"+src.pretty();
-    }
-  }
-  else if(src.id()==ID_byte_extract_little_endian ||
-          src.id()==ID_byte_extract_big_endian)
-  {
-  }
-  else if(src.id()==ID_symbol)
-  {
-    // must be SSA already, or code
-    assert(src.type().id()==ID_code ||
-           src.get_bool(ID_C_SSA_symbol));
-  }
-
-  if(!src.has_operands())
-    return src;
-
-  exprt src2=src;
-
-  // recursive calls on structure of 'src'
-  Forall_operands(it, src2)
-  {
-    exprt tmp_op=instantiate_rec(*it, propagate);
-    *it=tmp_op;
-  }
-
-  return src2;
-}
-
-/*******************************************************************\
-
-Function: path_symex_statet::read_symbol_member_index
-
-  Inputs:
-
- Outputs:
-
- Purpose:
-
-\*******************************************************************/
-
-exprt path_symex_statet::read_symbol_member_index(
-  const exprt &src,
-  bool propagate)
-{
-  std::string suffix="";
-  exprt current=src;
-  const typet final_type=src.type();
-  exprt::operandst indices;
-
-  // don't touch function symbols
-  if(var_map.ns.follow(final_type).id()==ID_code)
-    return nil_exprt();
-
-  // the loop avoids recursion
-  while(true)
-  {
-    exprt next=nil_exprt();
-
-    if(current.id()==ID_symbol)
-    {
-      if(current.get_bool(ID_C_SSA_symbol))
-        return nil_exprt(); // SSA already
-
-      irep_idt identifier=
-        to_symbol_expr(current).get_identifier();
-
-      var_mapt::var_infot &var_info=
-        var_map(identifier, suffix, final_type);
-
-      #ifdef DEBUG
-      std::cout << "read_symbol_member_index_rec " << identifier
-                << " var_info " << var_info.full_identifier << std::endl;
-      #endif
-
-      // warning: reference is not stable
-      var_statet &var_state=get_var_state(var_info);
-
-      if(propagate && var_state.value.is_not_nil())
-      {
-        return var_state.value; // propagate a value
-      }
-      else
-      {
-        // we do some SSA symbol
-        if(var_state.ssa_symbol.get_identifier()==irep_idt())
-        {
-          // produce one
-          var_state.ssa_symbol=var_info.ssa_symbol();
-        }
-
-        return var_state.ssa_symbol;
-      }
-    }
-    else if(current.id()==ID_member)
-    {
-      const member_exprt &member_expr=to_member_expr(current);
-
-      const typet &compound_type=
-        var_map.ns.follow(member_expr.struct_op().type());
-
-      if(compound_type.id()==ID_struct)
-      {
-        // go into next iteration
-        next=member_expr.struct_op();
-        suffix="."+id2string(member_expr.get_component_name())+suffix;
-      }
-      else
-        return nil_exprt(); // includes unions, deliberatley
-    }
-    else if(current.id()==ID_index)
-    {
-      const index_exprt &index_expr=to_index_expr(current);
-
-      exprt index_tmp=read(index_expr.index(), propagate);
-      indices.push_back(index_tmp);
-
-      std::string index_string=array_index_as_string(index_tmp);
-
-      // go into next iteration
-      next=index_expr.array();
-      suffix=index_string+suffix;
-    }
-    else
-      return nil_exprt();
-
-    // next round
-    assert(next.is_not_nil());
-    current=next;
-  }
-}
-
-/*******************************************************************\
-
-Function: path_symex_statet::array_index_as_string
-
-  Inputs:
-
- Outputs:
-
- Purpose:
-
-\*******************************************************************/
-
-std::string path_symex_statet::array_index_as_string(const exprt &src) const
-{
-  exprt tmp=simplify_expr(src, var_map.ns);
-  mp_integer i;
-
-  if(!to_integer(tmp, i))
-    return "["+integer2string(i)+"]";
-  else
-    return "[*]";
-}
-
-/*******************************************************************\
-
-Function: path_symex_statet::dereference_rec
-
-  Inputs:
-
- Outputs:
-
- Purpose:
-
-\*******************************************************************/
-
-exprt path_symex_statet::dereference_rec(
-  const exprt &src,
-  bool propagate)
-{
-  if(src.id()==ID_dereference)
-  {
-    const dereference_exprt &dereference_expr=to_dereference_expr(src);
-
-    // read the address to propagate the pointers
-    exprt address=read(dereference_expr.pointer(), propagate);
-
-    // now hand over to dereference
-    exprt address_dereferenced=::dereference(address, var_map.ns);
-
-    // the dereferenced address is a mixture of non-SSA and SSA symbols
-    // (e.g., if-guards and array indices)
-    return address_dereferenced;
-  }
-
-  if(!src.has_operands())
-    return src;
-
-  exprt src2=src;
-
-  {
-    // recursive calls on structure of 'src'
-    Forall_operands(it, src2)
-    {
-      exprt tmp_op=dereference_rec(*it, propagate);
-      *it=tmp_op;
-    }
-  }
-
-  return src2;
-}
-
-/*******************************************************************\
-
-Function: path_symex_statet::instantiate_rec_address
-
-  Inputs:
-
- Outputs:
-
- Purpose:
-
-\*******************************************************************/
-
-exprt path_symex_statet::instantiate_rec_address(
-  const exprt &src,
-  bool propagate)
-{
-  #ifdef DEBUG
-  std::cout << "instantiate_rec_address: " << src.id() << std::endl;
-  #endif
-
-  if(src.id()==ID_symbol)
-  {
-    return src;
-  }
-  else if(src.id()==ID_index)
-  {
-    assert(src.operands().size()==2);
-    exprt tmp=src;
-    tmp.op0()=instantiate_rec_address(src.op0(), propagate);
-    tmp.op1()=instantiate_rec(src.op1(), propagate);
-    return tmp;
-  }
-  else if(src.id()==ID_dereference)
-  {
-    // dereferenct ran before, and this can only be *(type *)integer-address,
-    // which we simply instantiate as non-address
-    dereference_exprt tmp=to_dereference_expr(src);
-    tmp.pointer()=instantiate_rec(tmp.pointer(), propagate);
-    return tmp;
-  }
-  else if(src.id()==ID_member)
-  {
-    member_exprt tmp=to_member_expr(src);
-    tmp.struct_op()=instantiate_rec_address(tmp.struct_op(), propagate);
-    return tmp;
-  }
-  else if(src.id()==ID_string_constant)
-  {
-    return src;
-  }
-  else if(src.id()==ID_label)
-  {
-    return src;
-  }
-  else if(src.id()==ID_byte_extract_big_endian ||
-          src.id()==ID_byte_extract_little_endian)
-  {
-    assert(src.operands().size()==2);
-    exprt tmp=src;
-    tmp.op0()=instantiate_rec_address(src.op0(), propagate);
-    tmp.op1()=instantiate_rec(src.op1(), propagate);
-    return tmp;
-  }
-  else if(src.id()==ID_if)
-  {
-    if_exprt if_expr=to_if_expr(src);
-    if_expr.true_case()=instantiate_rec_address(if_expr.true_case(), propagate);
-    if_expr.false_case()=
-      instantiate_rec_address(if_expr.false_case(), propagate);
-    if_expr.cond()=instantiate_rec(if_expr.cond(), propagate);
-    return if_expr;
-  }
-  else
-  {
-    // this shouldn't really happen
-    #ifdef DEBUG
-    std::cout << "SRC: " << src.pretty() << std::endl;
-    #endif
-    throw "address of unexpected `"+src.id_string()+"'";
-  }
-}
-
-/*******************************************************************\
-
-Function: path_symex_statet::record_step
-
-  Inputs:
-
- Outputs:
-
- Purpose:
-
-\*******************************************************************/
-
-void path_symex_statet::record_step()
-{
-  // is there a context switch happening?
-  if(!history.is_nil() &&
-     history->thread_nr!=current_thread)
-    no_thread_interleavings++;
-
-  // update our statistics
-  depth++;
-
-  // add the step
-  history.generate_successor();
-  path_symex_stept &step=*history;
-
-  // copy PC
-  assert(current_thread<threads.size());
-  step.pc=threads[current_thread].pc;
-  step.thread_nr=current_thread;
-}
-
-/*******************************************************************\
-
-Function: path_symex_statet::record_branch_step
-
-  Inputs: whether branch was taken, or not
-
- Outputs:
-
- Purpose: like record_step() and record branch decision
-
-\*******************************************************************/
-
-void path_symex_statet::record_branch_step(bool taken)
-{
-  assert(get_instruction()->is_goto());
-
-#ifdef PATH_SYMEX_LAZY_BRANCH
-  if(!branches.empty() || history.is_nil())
-#endif
-  {
-    // get_branches() relies on branch decisions
-    branches.push_back(taken);
-
-    if(get_instruction()->is_goto())
-    {
-      branches_restore++;
-    }
-    else
-    {
-      assert(pc()==locs.entry_loc);
-      assert(history.is_nil());
-    }
-  }
-
-  record_step();
-}
-
-/*******************************************************************\
-
-Function: path_symex_statet::is_feasible
-
-  Inputs:
-
- Outputs:
-
- Purpose:
-
-\*******************************************************************/
-
-bool path_symex_statet::is_feasible(
-  decision_proceduret &decision_procedure) const
-{
-  // feed path constraint to decision procedure
-  decision_procedure << history;
-
-  // check whether SAT
-  switch(decision_procedure())
-  {
-  case decision_proceduret::D_SATISFIABLE: return true;
-
-  case decision_proceduret::D_UNSATISFIABLE: return false;
-
-  case decision_proceduret::D_ERROR: throw "error from decision procedure";
-  }
-
-  return true; // not really reachable
-}
-
-/*******************************************************************\
-
-Function: path_symex_statet::check_assertion
-
-  Inputs:
-
- Outputs:
-
- Purpose:
-
-\*******************************************************************/
-
-bool path_symex_statet::check_assertion(
-  decision_proceduret &decision_procedure)
-{
-  const goto_programt::instructiont &instruction=*get_instruction();
-
-  // assert that this is an assertion
-  assert(instruction.is_assert());
-
-  // the assertion in SSA
-  exprt assertion=read(instruction.guard);
-
-  // trivial?
-  if(assertion.is_true())
-    return true; // no error
-
-  // the path constraint
-  decision_procedure << history;
-
-  // negate the assertion
-  decision_procedure.set_to(assertion, false);
-
-  // check whether SAT
-  switch(decision_procedure.dec_solve())
-  {
-  case decision_proceduret::D_SATISFIABLE:
-    return false; // error
-
-  case decision_proceduret::D_UNSATISFIABLE:
-    return true; // no error
-
-  default:
-    throw "error from decision procedure";
-  }
-
-  return true; // not really reachable
-}
diff --git a/src/aa-path-symex/path_symex_state.h b/src/aa-path-symex/path_symex_state.h
deleted file mode 100644
index dd10e43d8da..00000000000
--- a/src/aa-path-symex/path_symex_state.h
+++ /dev/null
@@ -1,350 +0,0 @@
-/*******************************************************************\
-
-Module: State of path-based symbolic simulator
-
-Author: Daniel Kroening, kroening@kroening.com
-        Alex Horn, alex.horn@cs.ox.ac.uk
-
-\*******************************************************************/
-
-#ifndef CPROVER_AA_PATH_SYMEX_PATH_SYMEX_STATE_H
-#define CPROVER_AA_PATH_SYMEX_PATH_SYMEX_STATE_H
-
-#include <algorithm>
-
-#include <path-symex/locs.h>
-#include <path-symex/var_map.h>
-#include <path-symex/path_symex_history.h>
-
-// These variables may be defined in this header file only because
-// it is (transitively) included by many essential path-symex files.
-// In addition, since these variables determine how states are
-// handled, it makes sense to define them in this header file.
-#define PATH_SYMEX_LAZY_STATE
-#define PATH_SYMEX_FORK
-
-// This flag is particularly useful for regression testing purposes.
-//
-// If PATH_SYMEX_LAZY_BRANCH is undefined, then branches are always
-// recorded and the control logic in get_branches() is bypassed. But
-// the output of path_search() should be identical in this setting;
-// otherwise, the assumptions about GOTO programs or the history
-// data structure should be revisited.
-#define PATH_SYMEX_LAZY_BRANCH
-
-// check POSIX-compliance
-#ifdef PATH_SYMEX_FORK
-#if defined(__linux__) || \
-    defined(__FreeBSD_kernel__) || \
-    defined(__GNU__) || \
-    defined(__unix__) || \
-    defined(__CYGWIN__) || \
-    defined(__MACH__)
-#include <unistd.h>
-#include <sys/types.h>
-#else
-#error Cannot define PATH_SYMEX_FORK on non-POSIX systems
-#endif
-#endif
-
-class path_symex_statet
-{
-public:
-  // use symbolic execution to repopulate composite fields
-
-  // TODO: consider std::bitset or chaining to shrink state size
-  typedef std::vector<bool> branchest;
-
-  // if _branches.empty(), then initial state; otherwise, lazy state
-
-  // \post: pc() is the entry point to the program under scrutiny
-  path_symex_statet(
-    var_mapt &_var_map,
-    const locst &_locs,
-    path_symex_step_reft _history,
-    const branchest &_branches):
-    var_map(_var_map),
-    locs(_locs),
-    shared_vars(),
-    threads(),
-    inside_atomic_section(),
-    history(_history),
-    unwinding_map(),
-    recursion_map(),
-    branches(_branches),
-    branches_restore(0),
-    current_thread(0),
-    no_thread_interleavings(0),
-    depth(0)
-  {
-    path_symex_statet::threadt &thread=add_thread();
-    thread.pc=locs.entry_loc; // reset its PC
-  }
-
-  // like initial state except that branches are copied from "other"
-  // and history will be 'nil'
-  static path_symex_statet lazy_copy(path_symex_statet &other)
-  {
-    // allow compiler to use RVO
-    return path_symex_statet(
-      other.var_map,
-      other.locs,
-      path_symex_step_reft(),
-      other.get_branches());
-  }
-
-  // These are tied to a particular var_map
-  // and a particular program.
-  var_mapt &var_map;
-  const locst &locs;
-
-  // the value of a variable
-  struct var_statet
-  {
-    // it's a given explicit value or a symbol with given identifier
-    exprt value;
-    symbol_exprt ssa_symbol;
-
-    // for uninterpreted functions or arrays we maintain an index set
-    typedef std::set<exprt> index_sett;
-    index_sett index_set;
-
-    var_statet():
-      value(nil_exprt()),
-      ssa_symbol(irep_idt())
-    {
-    }
-  };
-
-  // the values of the shared variables
-  typedef std::vector<var_statet> var_valt;
-  var_valt shared_vars;
-
-  // procedure frame
-  struct framet
-  {
-    irep_idt current_function;
-    loc_reft return_location;
-    exprt return_lhs;
-    var_valt saved_local_vars;
-  };
-
-  // call stack
-  typedef std::vector<framet> call_stackt;
-
-  // the state of a thread
-  struct threadt
-  {
-  public:
-    loc_reft pc;
-    call_stackt call_stack; // the call stack
-    var_valt local_vars; // thread-local variables
-    bool active;
-
-    threadt():active(true)
-    {
-    }
-  };
-
-  typedef std::vector<threadt> threadst;
-  threadst threads;
-
-  // warning: reference is not stable
-  var_statet &get_var_state(const var_mapt::var_infot &var_info);
-
-  bool inside_atomic_section;
-
-  unsigned get_current_thread() const
-  {
-    return current_thread;
-  }
-
-  void set_current_thread(unsigned _thread)
-  {
-    current_thread=_thread;
-  }
-
-  goto_programt::const_targett get_instruction() const;
-
-  // branch taken case
-  void record_true_branch()
-  {
-    branches.push_back(true);
-  }
-
-  // branch not taken case
-  void record_false_branch()
-  {
-    branches.push_back(false);
-  }
-
-  bool is_lazy() const
-  {
-    return branches_restore < branches.size();
-  }
-
-  // returns branch direction that should be taken
-  bool restore_branch()
-  {
-    assert(is_lazy());
-    return branches[branches_restore++];
-  }
-
-  bool is_executable() const
-  {
-    return !threads.empty() &&
-           threads[current_thread].active;
-  }
-
-  // execution history
-  path_symex_step_reft history;
-
-  // adds an entry to the history
-  void record_step();
-
-  // like record_step() except that branch decision is also recorded
-  void record_branch_step(bool taken);
-
-  // various state transformers
-
-  threadt &add_thread()
-  {
-    threads.resize(threads.size()+1);
-    return threads.back();
-  }
-
-  void disable_current_thread()
-  {
-    threads[current_thread].active=false;
-  }
-
-  loc_reft pc() const
-  {
-    return threads[current_thread].pc;
-  }
-
-  void next_pc()
-  {
-    threads[current_thread].pc.increase();
-  }
-
-  void set_pc(loc_reft new_pc)
-  {
-    threads[current_thread].pc=new_pc;
-  }
-
-  // output
-  void output(std::ostream &out) const;
-  void output(const threadt &thread, std::ostream &out) const;
-
-  // instantiate expressions with propagation
-  exprt read(const exprt &src)
-  {
-    return read(src, true);
-  }
-
-  // instantiate without constant propagation
-  exprt read_no_propagate(const exprt &src)
-  {
-    return read(src, false);
-  }
-
-  exprt dereference_rec(const exprt &src, bool propagate);
-
-  std::string array_index_as_string(const exprt &) const;
-
-  unsigned get_no_thread_interleavings() const
-  {
-    return no_thread_interleavings;
-  }
-
-  unsigned get_depth() const
-  {
-    return depth;
-  }
-
-  bool is_feasible(class decision_proceduret &) const;
-
-  bool check_assertion(class decision_proceduret &);
-
-  // counts how many times we have executed backwards edges
-  typedef std::map<loc_reft, unsigned> unwinding_mapt;
-  unwinding_mapt unwinding_map;
-
-  // similar for recursive function calls
-  typedef std::map<irep_idt, unsigned> recursion_mapt;
-  recursion_mapt recursion_map;
-
-protected:
-  branchest branches;
-  branchest::size_type branches_restore;
-
-  // On first call, O(N) where N is the length of the execution path
-  // leading to this state. Subsequent calls run in constant time.
-  const branchest &get_branches()
-  {
-    if(!branches.empty() || history.is_nil())
-      return branches;
-
-    // Contrarily, suppose this state is lazy. Since we did not
-    // return above, branches.empty(). By definition of is_lazy(),
-    // branches_restore must have been a negative number. Since
-    // its type is unsigned, however, this is impossible.
-    assert(!is_lazy());
-
-    path_symex_step_reft step_ref=history;
-    assert(!step_ref.is_nil());
-    loc_reft next_loc_ref=pc();
-    for(;;)
-    {
-      if(step_ref.is_nil())
-        break;
-
-      const loct &loc=locs[step_ref->pc];
-      if(loc.target->is_goto())
-      {
-        branches.push_back(loc.branch_target==next_loc_ref);
-        assert(branches.back() || step_ref->pc.next_loc()==next_loc_ref);
-      }
-
-      next_loc_ref=step_ref->pc;
-      step_ref=step_ref->predecessor;
-    }
-
-    // preserve non-laziness of this state (see first assertion)
-    branches_restore=branches.size();
-
-    // TODO: add "path_symex_step::branch_depth" field so we can
-    // reserve() the right capacity of vector and avoid reverse().
-    std::reverse(branches.begin(), branches.end());
-
-    return branches;
-  }
-
-  unsigned current_thread;
-  unsigned no_thread_interleavings;
-  unsigned depth;
-
-  exprt read(
-    const exprt &src,
-    bool propagate);
-
-  exprt instantiate_rec(
-    const exprt &src,
-    bool propagate);
-
-  exprt instantiate_rec_address(
-    const exprt &src,
-    bool propagate);
-
-  exprt read_symbol_member_index(
-    const exprt &src,
-    bool propagate);
-};
-
-path_symex_statet initial_state(
-  var_mapt &var_map,
-  const locst &locs,
-  path_symex_historyt &);
-
-#endif // CPROVER_AA_PATH_SYMEX_PATH_SYMEX_STATE_H
diff --git a/src/aa-symex/Makefile b/src/aa-symex/Makefile
deleted file mode 100644
index a5e2b0ad5d8..00000000000
--- a/src/aa-symex/Makefile
+++ /dev/null
@@ -1,68 +0,0 @@
-SRC = path_search.cpp
-
-OBJ += ../ansi-c/ansi-c$(LIBEXT) \
-       ../linking/linking$(LIBEXT) \
-       ../big-int/big-int$(LIBEXT) \
-       ../goto-programs/goto-programs$(LIBEXT) \
-       ../analyses/analyses$(LIBEXT) \
-       ../langapi/langapi$(LIBEXT) \
-       ../xmllang/xmllang$(LIBEXT) \
-       ../assembler/assembler$(LIBEXT) \
-       ../solvers/solvers$(LIBEXT) \
-       ../util/util$(LIBEXT) \
-       ../goto-symex/adjust_float_expressions$(OBJEXT) \
-       ../goto-symex/rewrite_union$(OBJEXT) \
-       ../pointer-analysis/dereference$(OBJEXT) \
-       ../goto-instrument/cover$(OBJEXT) \
-       ../aa-path-symex/aa-path-symex$(LIBEXT) \
-       ../symex/symex_main$(OBJEXT) \
-       ../symex/symex_parse_options$(OBJEXT) \
-       ../symex/symex_cover$(OBJEXT) \
-       ../path-symex/locs$(OBJEXT) ../path-symex/var_map$(OBJEXT) \
-       ../path-symex/path_symex_history$(OBJEXT)
-
-INCLUDES= -I ..
-
-LIBS =
-
-include ../config.inc
-include ../common
-
-CLEANFILES = symex$(EXEEXT)
-
-all: symex$(EXEEXT)
-
-ifneq ($(wildcard ../bv_refinement/Makefile),)
-  OBJ += ../bv_refinement/bv_refinement$(LIBEXT)
-  CP_CXXFLAGS += -DHAVE_BV_REFINEMENT
-endif
-
-ifneq ($(wildcard ../cpp/Makefile),)
-  OBJ += ../cpp/cpp$(LIBEXT)
-  CP_CXXFLAGS += -DHAVE_CPP
-endif
-
-ifneq ($(wildcard ../java_bytecode/Makefile),)
-  OBJ += ../java_bytecode/java_bytecode$(LIBEXT)
-  CP_CXXFLAGS += -DHAVE_JAVA_BYTECODE
-endif
-
-ifneq ($(wildcard ../specc/Makefile),)
-  OBJ += ../specc/specc$(LIBEXT)
-  CP_CXXFLAGS += -DHAVE_SPECC
-endif
-
-ifneq ($(wildcard ../php/Makefile),)
-  OBJ += ../php/php$(LIBEXT)
-  CP_CXXFLAGS += -DHAVE_PHP
-endif
-
-###############################################################################
-
-symex$(EXEEXT): $(OBJ)
-	$(LINKBIN)
-
-.PHONY: symex-mac-signed
-
-symex-mac-signed: cbmc$(EXEEXT)
-	strip symex$(EXEEXT) ; codesign -v -s $(OSX_IDENTITY) symex$(EXEEXT)
diff --git a/src/aa-symex/path_search.cpp b/src/aa-symex/path_search.cpp
deleted file mode 100644
index 5bfa680177f..00000000000
--- a/src/aa-symex/path_search.cpp
+++ /dev/null
@@ -1,517 +0,0 @@
-/*******************************************************************\
-
-Module: Path-based Symbolic Execution
-
-Author: Daniel Kroening, kroening@kroening.com
-        Alex Horn, alex.horn@cs.ox.ac.uk
-
-\*******************************************************************/
-
-#include <cerrno>
-#include <util/time_stopping.h>
-
-#include <solvers/flattening/bv_pointers.h>
-#include <solvers/sat/satcheck.h>
-
-#include <aa-path-symex/path_symex.h>
-#include <aa-path-symex/build_goto_trace.h>
-
-#include "path_search.h"
-
-#ifdef PATH_SYMEX_FORK
-// we've already check that the platform is (mostly) POSIX-compliant
-#include <sys/wait.h>
-#endif
-
-/*******************************************************************\
-
-Function: path_searcht::operator()
-
-  Inputs:
-
- Outputs:
-
- Purpose:
-
-\*******************************************************************/
-
-path_searcht::resultt path_searcht::operator()(
-  const goto_functionst &goto_functions)
-{
-#ifdef PATH_SYMEX_FORK
-  // Disable output because there is no meaningful way
-  // to write text when multiple path_search processes
-  // run concurrently. This could be remedied by piping
-  // to individual files or inter-process communication,
-  // a performance bottleneck, however.
-  null_message_handlert null_message;
-  set_message_handler(null_message);
-#endif
-
-  locst locs(ns);
-  var_mapt var_map(ns);
-
-  locs.build(goto_functions);
-
-  // this is the container for the history-forest
-  path_symex_historyt history;
-
-  queue.push_back(initial_state(var_map, locs, history));
-
-  // set up the statistics
-  number_of_instructions=0;
-  number_of_dropped_states=0;
-  number_of_paths=0;
-  number_of_VCCs=0;
-  number_of_VCCs_after_simplification=0;
-  number_of_failed_properties=0;
-  number_of_fast_forward_steps=0;
-
-  // stop the time
-  start_time=current_time();
-
-  initialize_property_map(goto_functions);
-
-  while(!queue.empty())
-  {
-    // Pick a state from the queue,
-    // according to some heuristic.
-    queuet::iterator state=pick_state();
-
-    // fast forwarding required?
-    if(state->is_lazy())
-    {
-      assert(state->is_executable());
-      assert(state->history.is_nil());
-
-      // keep allocated memory, this is faster than
-      // instantiating a new empty vector and map
-      history.clear();
-      var_map.clear();
-      state->history=path_symex_step_reft(history);
-
-      // restore all fields of a lazy state by symbolic
-      // execution along previously recorded branches
-      const queuet::size_type queue_size=queue.size();
-      do
-      {
-        number_of_fast_forward_steps++;
-
-        path_symex(*state, queue);
-#ifdef PATH_SYMEX_OUTPUT
-        status() << "Fast forward thread " << state->get_current_thread()
-                 << "/" << state->threads.size()
-                 << " PC " << state->pc() << messaget::eom;
-#endif
-      }
-      while(state->is_lazy() && state->is_executable());
-      assert(queue.size() == queue_size);
-    }
-
-    // TODO: check lazy states before fast forwarding, or perhaps it
-    // is better to even check before inserting into queue
-    if(drop_state(*state))
-    {
-      number_of_dropped_states++;
-      queue.erase(state);
-      continue;
-    }
-
-    if(!state->is_executable())
-    {
-      queue.erase(state);
-      continue;
-    }
-
-    // count only executable instructions
-    number_of_instructions++;
-
-#ifdef PATH_SYMEX_OUTPUT
-    status() << "Queue " << queue.size()
-             << " thread " << state->get_current_thread()
-             << "/" << state->threads.size()
-             << " PC " << state->pc() << messaget::eom;
-#endif
-
-    // an error, possibly?
-    if(state->get_instruction()->is_assert())
-    {
-      if(show_vcc)
-        do_show_vcc(*state);
-      else
-      {
-        check_assertion(*state);
-
-        // all assertions failed?
-        if(number_of_failed_properties==property_map.size())
-          break;
-      }
-    }
-
-#ifdef PATH_SYMEX_FORK
-    if(try_await())
-    {
-      debug() << "Child process has terminated "
-                 "so exit parent" << messaget::eom;
-      break;
-    }
-#endif
-
-    // execute and record whether a "branch" occurred
-    const queuet::size_type queue_size = queue.size();
-    path_symex(*state, queue);
-
-    assert(queue_size <= queue.size());
-    number_of_paths += (queue.size() - queue_size);
-  }
-
-#ifdef PATH_SYMEX_FORK
-  int exit_status=await();
-  if(exit_status==0 && number_of_failed_properties!=0)
-  {
-    // the eldest child process (if any) reports found bugs
-    report_statistics();
-    return UNSAFE;
-  }
-  else
-  {
-    // either a child found and reported a bug or
-    // the parent's search partition is safe
-    switch(exit_status)
-    {
-    case 0: return SAFE;
-    case 10: return UNSAFE;
-    default: return ERROR;
-    }
-  }
-#else
-  report_statistics();
-
-  return number_of_failed_properties==0?SAFE:UNSAFE;
-#endif
-}
-
-#ifdef PATH_SYMEX_FORK
-/*******************************************************************\
-
-Function: path_searcht::await()
-
-  Inputs:
-
- Outputs: returns zero if and only if every child process succeeds;
-          otherwise, the error of exactly one child is returned
-
- Purpose: POSIX-compliant (possibly blocking) wait on child
-          processes, writes to error() if anything goes wrong;
-          any earlier calls to try_await() do not affect await()
-
-\*******************************************************************/
-
-int path_searcht::await()
-{
-  int status;
-  for(;;)
-  {
-    // a process' entries for its child processes are deleted after
-    // the first call to waitpid(). When waitpid() is called again
-    // it returns -1 and errno is set to ECHILD.
-    pid_t pid=wait(&status);
-    if(pid==-1)
-    {
-      if(errno==ECHILD)
-        break; // no more child processes
-    }
-    else
-    {
-      if(!WIFEXITED(status) || WEXITSTATUS(status)!=0)
-      {
-        debug() << "PID " << pid << " failed, return code "
-                << WEXITSTATUS(status) << messaget::eom;
-
-        return WEXITSTATUS(status);
-      }
-    }
-  }
-
-  return 0;
-}
-
-/*******************************************************************\
-
-Function: path_searcht::try_await()
-
-  Inputs:
-
- Outputs: returns true if and only if at least one child process
-          has terminated
-
- Purpose: POSIX-compliant nonblocking wait on child processes,
-          child's status is preserved for await() function
-
-\*******************************************************************/
-
-bool path_searcht::try_await()
-{
-  int status;
-  pid_t pid=waitpid(-1, &status, WNOHANG | WNOWAIT);
-  return pid!=-1;
-}
-#endif
-
-/*******************************************************************\
-
-Function: path_searcht::report_statistics
-
-  Inputs:
-
- Outputs:
-
- Purpose:
-
-\*******************************************************************/
-
-void path_searcht::report_statistics()
-{
-  // report a bit
-
-  status() << "Number of instructions: "
-           << number_of_instructions << messaget::eom;
-
-  status() << "Number of dropped states: "
-           << number_of_dropped_states << messaget::eom;
-
-  status() << "Number of paths: "
-           << number_of_paths << messaget::eom;
-
-  status() << "Number of fast forward steps: "
-           << number_of_fast_forward_steps << messaget::eom;
-
-  status() << "Generated " << number_of_VCCs << " VCC(s), "
-           << number_of_VCCs_after_simplification
-           << " remaining after simplification"
-           << messaget::eom;
-
-  time_periodt total_time=current_time()-start_time;
-  status() << "Runtime: " << total_time << "s total, "
-           << sat_time << "s SAT" << messaget::eom;
-}
-
-/*******************************************************************\
-
-Function: path_searcht::pick_state
-
-  Inputs:
-
- Outputs:
-
- Purpose:
-
-\*******************************************************************/
-
-path_searcht::queuet::iterator path_searcht::pick_state()
-{
-  // Picking the first one is a DFS.
-  return queue.begin();
-}
-
-/*******************************************************************\
-
-Function: path_searcht::do_show_vcc
-
-  Inputs:
-
- Outputs:
-
- Purpose:
-
-\*******************************************************************/
-
-void path_searcht::do_show_vcc(statet &state)
-{
-  // keep statistics
-  number_of_VCCs++;
-
-  const goto_programt::instructiont &instruction=
-    *state.get_instruction();
-
-  mstreamt &out=result();
-
-  if(instruction.source_location.is_not_nil())
-    out << instruction.source_location << '\n';
-
-  if(instruction.source_location.get_comment()!="")
-    out << instruction.source_location.get_comment() << '\n';
-
-  unsigned count=1;
-
-  std::vector<path_symex_step_reft> steps;
-  state.history.build_history(steps);
-
-  for(const auto &step_ref : steps)
-  {
-    if(step_ref->guard.is_not_nil())
-    {
-      std::string string_value=from_expr(ns, "", step_ref->guard);
-      out << "{-" << count << "} " << string_value << '\n';
-      count++;
-    }
-
-    if(step_ref->ssa_rhs.is_not_nil())
-    {
-      equal_exprt equality(step_ref->ssa_lhs, step_ref->ssa_rhs);
-      std::string string_value=from_expr(ns, "", equality);
-      out << "{-" << count << "} " << string_value << '\n';
-      count++;
-    }
-  }
-
-  out << "|--------------------------" << '\n';
-
-  exprt assertion=state.read(instruction.guard);
-
-  out << "{" << 1 << "} "
-      << from_expr(ns, "", assertion) << '\n';
-
-  if(!assertion.is_true())
-    number_of_VCCs_after_simplification++;
-
-  out << eom;
-}
-
-/*******************************************************************\
-
-Function: path_searcht::drop_state
-
-  Inputs:
-
- Outputs:
-
- Purpose: decide whether to drop a state
-
-\*******************************************************************/
-
-bool path_searcht::drop_state(const statet &state) const
-{
-  // depth limit
-  if(depth_limit_set && state.get_depth()>depth_limit)
-    return true;
-
-  // context bound
-  if(context_bound_set && state.get_no_thread_interleavings()>context_bound)
-    return true;
-
-
-  // unwinding limit -- loops
-  if(unwind_limit_set && state.get_instruction()->is_backwards_goto())
-  {
-    for(const auto &loop_info : state.unwinding_map)
-      if(loop_info.second>unwind_limit)
-        return true;
-  }
-
-  // unwinding limit -- recursion
-  if(unwind_limit_set && state.get_instruction()->is_function_call())
-  {
-    for(const auto &rec_info : state.recursion_map)
-      if(rec_info.second>unwind_limit)
-        return true;
-  }
-
-  return false;
-}
-
-/*******************************************************************\
-
-Function: path_searcht::check_assertion
-
-  Inputs:
-
- Outputs:
-
- Purpose:
-
-\*******************************************************************/
-
-void path_searcht::check_assertion(statet &state)
-{
-  // keep statistics
-  number_of_VCCs++;
-
-  const goto_programt::instructiont &instruction=
-    *state.get_instruction();
-
-  irep_idt property_name=instruction.source_location.get_property_id();
-  property_entryt &property_entry=property_map[property_name];
-
-  if(property_entry.status==FAILURE)
-    return; // already failed
-  else if(property_entry.status==NOT_REACHED)
-    property_entry.status=SUCCESS; // well, for now!
-
-  // the assertion in SSA
-  exprt assertion=
-    state.read(instruction.guard);
-
-  if(assertion.is_true())
-    return; // no error, trivially
-
-  // keep statistics
-  number_of_VCCs_after_simplification++;
-
-  status() << "Checking property " << property_name << eom;
-
-  // take the time
-  absolute_timet sat_start_time=current_time();
-
-  satcheckt satcheck;
-  bv_pointerst bv_pointers(ns, satcheck);
-
-  satcheck.set_message_handler(get_message_handler());
-  bv_pointers.set_message_handler(get_message_handler());
-
-  if(!state.check_assertion(bv_pointers))
-  {
-    build_goto_trace(state, bv_pointers, property_entry.error_trace);
-    property_entry.status=FAILURE;
-    number_of_failed_properties++;
-  }
-
-  sat_time+=current_time()-sat_start_time;
-}
-
-/*******************************************************************\
-
-Function: path_searcht::initialize_property_map
-
-  Inputs:
-
- Outputs:
-
- Purpose:
-
-\*******************************************************************/
-
-void path_searcht::initialize_property_map(
-  const goto_functionst &goto_functions)
-{
-  forall_goto_functions(it, goto_functions)
-    if(!it->second.is_inlined())
-    {
-      const goto_programt &goto_program=it->second.body;
-
-      forall_goto_program_instructions(i_it, goto_program)
-      {
-        if(!i_it->is_assert())
-          continue;
-
-        const source_locationt &source_location=i_it->source_location;
-
-        irep_idt property_name=source_location.get_property_id();
-
-        property_entryt &property_entry=property_map[property_name];
-        property_entry.status=NOT_REACHED;
-        property_entry.description=source_location.get_comment();
-        property_entry.source_location=source_location;
-      }
-    }
-}
diff --git a/src/aa-symex/path_search.h b/src/aa-symex/path_search.h
deleted file mode 100644
index 51c67ac93f0..00000000000
--- a/src/aa-symex/path_search.h
+++ /dev/null
@@ -1,119 +0,0 @@
-/*******************************************************************\
-
-Module: Path-based Symbolic Execution
-
-Author: Daniel Kroening, kroening@kroening.com
-        Alex Horn, alex.horn@cs.ox.ac.uk
-
-\*******************************************************************/
-
-#ifndef CPROVER_AA_SYMEX_PATH_SEARCH_H
-#define CPROVER_AA_SYMEX_PATH_SEARCH_H
-
-#include <util/time_stopping.h>
-
-#include <goto-programs/safety_checker.h>
-
-#include <aa-path-symex/path_symex_state.h>
-
-class path_searcht:public safety_checkert
-{
-public:
-  explicit path_searcht(const namespacet &_ns):
-    safety_checkert(_ns),
-    show_vcc(false),
-    depth_limit_set(false), // no limit
-    context_bound_set(false),
-    unwind_limit_set(false)
-  {
-  }
-
-  virtual resultt operator()(
-    const goto_functionst &goto_functions);
-
-  void set_depth_limit(unsigned limit)
-  {
-    depth_limit_set=true;
-    depth_limit=limit;
-  }
-
-  void set_context_bound(unsigned limit)
-  {
-    context_bound_set=true;
-    context_bound=limit;
-  }
-
-  void set_unwind_limit(unsigned limit)
-  {
-    unwind_limit_set=true;
-    unwind_limit=limit;
-  }
-
-  bool show_vcc;
-
-  // statistics
-  unsigned number_of_instructions;
-  unsigned number_of_dropped_states;
-  unsigned number_of_paths;
-  unsigned number_of_VCCs;
-  unsigned number_of_VCCs_after_simplification;
-  unsigned number_of_failed_properties;
-  unsigned number_of_fast_forward_steps;
-  absolute_timet start_time;
-  time_periodt sat_time;
-
-  enum statust { NOT_REACHED, SUCCESS, FAILURE };
-
-  struct property_entryt
-  {
-    statust status;
-    irep_idt description;
-    goto_tracet error_trace;
-    source_locationt source_location;
-
-    bool is_success() const { return status==SUCCESS; }
-    bool is_failure() const { return status==FAILURE; }
-    bool is_not_reached() const { return status==NOT_REACHED; }
-  };
-
-  typedef std::map<irep_idt, property_entryt> property_mapt;
-  property_mapt property_map;
-
-protected:
-#ifdef PATH_SYMEX_FORK
-  // blocks until child processes have terminated
-  int await();
-
-  // returns whether at least one child process has terminated
-  bool try_await();
-#endif
-
-  typedef path_symex_statet statet;
-
-  // State queue. Iterators are stable.
-  // The states most recently executed are at the head.
-  typedef std::list<statet> queuet;
-  queuet queue;
-
-  // search heuristic
-  queuet::iterator pick_state();
-
-  bool execute(queuet::iterator state, const namespacet &);
-
-  void check_assertion(statet &state);
-  void do_show_vcc(statet &state);
-
-  bool drop_state(const statet &state) const;
-
-  void report_statistics();
-
-  void initialize_property_map(
-    const goto_functionst &goto_functions);
-
-  unsigned depth_limit;
-  unsigned context_bound;
-  unsigned unwind_limit;
-  bool depth_limit_set, context_bound_set, unwind_limit_set;
-};
-
-#endif // CPROVER_AA_SYMEX_PATH_SEARCH_H

From fdd81210c9b1e98fa6c1085fc0ef7a13cbc2b9af Mon Sep 17 00:00:00 2001
From: Vlastimil Zeman <vlastimil.zeman@diffblue.com>
Date: Mon, 27 Feb 2017 13:48:31 +0000
Subject: [PATCH 020/699] Fix failing travis tests after removal of aa-symex.

---
 .travis.yml  | 2 +-
 src/Makefile | 2 --
 2 files changed, 1 insertion(+), 3 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index 6af73e31878..e8e19bc01ea 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -47,4 +47,4 @@ script:
     make -C src minisat2-download &&
     make -C src CXX=$COMPILER CXXFLAGS="-Wall -O2 -g -Werror -Wno-deprecated-register -pedantic -Wno-sign-compare" -j2 &&
     env UBSAN_OPTIONS=print_stacktrace=1 make -C regression test &&
-    make -C src CXX=$COMPILER CXXFLAGS=$FLAGS -j2 aa-symex.dir cegis.dir clobber.dir memory-models.dir musketeer.dir
+    make -C src CXX=$COMPILER CXXFLAGS=$FLAGS -j2 cegis.dir clobber.dir memory-models.dir musketeer.dir
diff --git a/src/Makefile b/src/Makefile
index 7b9e3a1d446..3a452b7fe09 100644
--- a/src/Makefile
+++ b/src/Makefile
@@ -44,8 +44,6 @@ symex.dir: languages goto-programs.dir pointer-analysis.dir \
            goto-symex.dir linking.dir analyses.dir solvers.dir \
            path-symex.dir goto-instrument.dir
 
-aa-symex.dir: symex.dir aa-path-symex.dir
-
 # building for a particular directory
 
 $(patsubst %, %.dir, $(DIRS)):

From 895f8a69514a29da293225f51fb60590571ee0cd Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Mon, 24 Oct 2016 12:27:56 +0100
Subject: [PATCH 021/699] Skip already-loaded Java classes

---
 src/java_bytecode/java_bytecode_convert_class.cpp | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/java_bytecode/java_bytecode_convert_class.cpp b/src/java_bytecode/java_bytecode_convert_class.cpp
index 8d42611bfe0..b62c5746765 100644
--- a/src/java_bytecode/java_bytecode_convert_class.cpp
+++ b/src/java_bytecode/java_bytecode_convert_class.cpp
@@ -75,6 +75,13 @@ Function: java_bytecode_convert_classt::convert
 
 void java_bytecode_convert_classt::convert(const classt &c)
 {
+  std::string qualified_classname="java::"+id2string(c.name);
+  if(symbol_table.has_symbol(qualified_classname))
+  {
+    debug() << "Skip class " << c.name << " (already loaded)" << eom;
+    return;
+  }
+  
   class_typet class_type;
 
   class_type.set_tag(c.name);
@@ -107,7 +114,7 @@ void java_bytecode_convert_classt::convert(const classt &c)
   symbolt new_symbol;
   new_symbol.base_name=c.name;
   new_symbol.pretty_name=c.name;
-  new_symbol.name="java::"+id2string(c.name);
+  new_symbol.name=qualified_classname;
   class_type.set(ID_name, new_symbol.name);
   new_symbol.type=class_type;
   new_symbol.mode=ID_java;

From 777d52e35548d2add1b46fb468b3534e19b4b2f6 Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Tue, 1 Nov 2016 13:48:01 +0000
Subject: [PATCH 022/699] Convert Java methods only when they have a caller

This means that library methods, for example, will often not be converted.
For the time being virtual methods calls are handled simply, assuming that
any class we know of that provides an override might be called.
---
 .../java_bytecode_convert_class.cpp           | 35 ++++++---
 .../java_bytecode_convert_class.h             |  6 +-
 .../java_bytecode_convert_method.cpp          | 57 +++++++++++++--
 .../java_bytecode_convert_method.h            | 12 ++-
 .../java_bytecode_convert_method_class.h      | 12 ++-
 src/java_bytecode/java_bytecode_language.cpp  | 73 ++++++++++++++++++-
 src/java_bytecode/java_entry_point.cpp        |  8 +-
 src/java_bytecode/java_entry_point.h          |  3 +-
 8 files changed, 179 insertions(+), 27 deletions(-)

diff --git a/src/java_bytecode/java_bytecode_convert_class.cpp b/src/java_bytecode/java_bytecode_convert_class.cpp
index b62c5746765..2036bcd9bce 100644
--- a/src/java_bytecode/java_bytecode_convert_class.cpp
+++ b/src/java_bytecode/java_bytecode_convert_class.cpp
@@ -27,11 +27,13 @@ class java_bytecode_convert_classt:public messaget
     symbol_tablet &_symbol_table,
     message_handlert &_message_handler,
     bool _disable_runtime_checks,
-    size_t _max_array_length):
+    size_t _max_array_length,
+    lazy_methodst& _lm):
     messaget(_message_handler),
     symbol_table(_symbol_table),
     disable_runtime_checks(_disable_runtime_checks),
-    max_array_length(_max_array_length)
+    max_array_length(_max_array_length),
+    lazy_methods(_lm)
   {
   }
 
@@ -52,6 +54,7 @@ class java_bytecode_convert_classt:public messaget
   symbol_tablet &symbol_table;
   const bool disable_runtime_checks;
   const size_t max_array_length;
+  lazy_methodst &lazy_methods;
 
   // conversion
   void convert(const classt &c);
@@ -81,7 +84,7 @@ void java_bytecode_convert_classt::convert(const classt &c)
     debug() << "Skip class " << c.name << " (already loaded)" << eom;
     return;
   }
-  
+
   class_typet class_type;
 
   class_type.set_tag(c.name);
@@ -135,13 +138,19 @@ void java_bytecode_convert_classt::convert(const classt &c)
 
   // now do methods
   for(const auto &method : c.methods)
-    java_bytecode_convert_method(
-      *class_symbol,
-      method,
-      symbol_table,
-      get_message_handler(),
-      disable_runtime_checks,
-      max_array_length);
+  {
+    const irep_idt method_identifier=
+      id2string(qualified_classname)+
+      "."+id2string(method.name)+
+      ":"+method.signature;
+    java_bytecode_convert_method_lazy(
+      *class_symbol,method_identifier,method,symbol_table);
+    lazy_methods[method_identifier]=
+      std::make_pair(class_symbol,&method);
+  }
+  //java_bytecode_convert_method(
+  //  *class_symbol, method, symbol_table, get_message_handler(),
+  //  disable_runtime_checks, max_array_length);
 
   // is this a root class?
   if(c.extends.empty())
@@ -329,13 +338,15 @@ bool java_bytecode_convert_class(
   symbol_tablet &symbol_table,
   message_handlert &message_handler,
   bool disable_runtime_checks,
-  size_t max_array_length)
+  size_t max_array_length,
+  lazy_methodst &lazy_methods)
 {
   java_bytecode_convert_classt java_bytecode_convert_class(
     symbol_table,
     message_handler,
     disable_runtime_checks,
-    max_array_length);
+    max_array_length,
+    lazy_methods);
 
   try
   {
diff --git a/src/java_bytecode/java_bytecode_convert_class.h b/src/java_bytecode/java_bytecode_convert_class.h
index ffaaf6e34da..8c1dccc02f5 100644
--- a/src/java_bytecode/java_bytecode_convert_class.h
+++ b/src/java_bytecode/java_bytecode_convert_class.h
@@ -14,11 +14,15 @@ Author: Daniel Kroening, kroening@kroening.com
 
 #include "java_bytecode_parse_tree.h"
 
+typedef std::map<irep_idt, std::pair<const symbolt*, const java_bytecode_parse_treet::methodt*> >
+  lazy_methodst;
+
 bool java_bytecode_convert_class(
   const java_bytecode_parse_treet &parse_tree,
   symbol_tablet &symbol_table,
   message_handlert &message_handler,
   bool disable_runtime_checks,
-  size_t max_array_length);
+  size_t max_array_length,
+  lazy_methodst &);
 
 #endif // CPROVER_JAVA_BYTECODE_JAVA_BYTECODE_CONVERT_CLASS_H
diff --git a/src/java_bytecode/java_bytecode_convert_method.cpp b/src/java_bytecode/java_bytecode_convert_method.cpp
index 54412747708..652547b9def 100644
--- a/src/java_bytecode/java_bytecode_convert_method.cpp
+++ b/src/java_bytecode/java_bytecode_convert_method.cpp
@@ -20,6 +20,7 @@ Author: Daniel Kroening, kroening@kroening.com
 #include <linking/zero_initializer.h>
 
 #include <goto-programs/cfg.h>
+#include <goto-programs/class_hierarchy.h>
 #include <analyses/cfg_dominators.h>
 
 #include "java_bytecode_convert_method.h"
@@ -181,6 +182,35 @@ const exprt java_bytecode_convert_methodt::variable(
   }
 }
 
+void java_bytecode_convert_method_lazy(
+  const symbolt& class_symbol,
+  const irep_idt method_identifier,
+  const java_bytecode_parse_treet::methodt &m,
+  symbol_tablet& symbol_table)
+{
+  symbolt method_symbol;
+  typet member_type=java_type_from_string(m.signature);
+
+  method_symbol.name=method_identifier;
+  method_symbol.base_name=m.base_name;
+  method_symbol.mode=ID_java;
+  method_symbol.location=m.source_location;
+  method_symbol.location.set_function(method_identifier);
+
+  if(method_symbol.base_name=="<init>")
+  {
+    method_symbol.pretty_name=id2string(class_symbol.pretty_name)+"."+
+                              id2string(class_symbol.base_name)+"()";
+    member_type.set(ID_constructor,true);
+  }
+  else
+    method_symbol.pretty_name=id2string(class_symbol.pretty_name)+"."+
+      id2string(m.base_name)+"()";
+
+  method_symbol.type=member_type;
+  symbol_table.add(method_symbol);
+}
+
 /*******************************************************************\
 
 Function: java_bytecode_convert_methodt::convert
@@ -347,10 +377,10 @@ void java_bytecode_convert_methodt::convert(
   if((!m.is_abstract) && (!m.is_native))
     method_symbol.value=convert_instructions(m, code_type);
 
-  // do we have the method symbol already?
+  // Replace the existing stub symbol with the real deal:
   const auto s_it=symbol_table.symbols.find(method.get_name());
-  if(s_it!=symbol_table.symbols.end())
-    symbol_table.symbols.erase(s_it); // erase, we stubbed it
+  assert(s_it!=symbol_table.symbols.end());
+  symbol_table.symbols.erase(s_it);
 
   symbol_table.add(method_symbol);
 }
@@ -1113,12 +1143,25 @@ codet java_bytecode_convert_methodt::convert_instructions(
         symbol_table.add(symbol);
       }
 
+      needed_methods.push_back(arg0.get(ID_identifier));
+
       if(is_virtual)
       {
         // dynamic binding
         assert(use_this);
         assert(!call.arguments().empty());
         call.function()=arg0;
+        const auto& call_class=arg0.get(ID_C_class);
+        assert(call_class!=irep_idt());
+        const auto& call_basename=arg0.get(ID_component_name);
+        assert(call_basename!=irep_idt());
+        auto child_classes=class_hierarchy.get_children_trans(call_class);
+        for(const auto& child_class : child_classes)
+        {
+          auto methodid=id2string(child_class)+"."+id2string(call_basename);
+          if(symbol_table.has_symbol(methodid))
+            needed_methods.push_back(methodid);
+        }
       }
       else
       {
@@ -2144,13 +2187,17 @@ void java_bytecode_convert_method(
   symbol_tablet &symbol_table,
   message_handlert &message_handler,
   bool disable_runtime_checks,
-  size_t max_array_length)
+  size_t max_array_length,
+  std::vector<irep_idt>& needed_methods,
+  const class_hierarchyt& ch)
 {
   java_bytecode_convert_methodt java_bytecode_convert_method(
     symbol_table,
     message_handler,
     disable_runtime_checks,
-    max_array_length);
+    max_array_length,
+    needed_methods,
+    ch);
 
   java_bytecode_convert_method(class_symbol, method);
 }
diff --git a/src/java_bytecode/java_bytecode_convert_method.h b/src/java_bytecode/java_bytecode_convert_method.h
index 8945af95bd1..327bfd09932 100644
--- a/src/java_bytecode/java_bytecode_convert_method.h
+++ b/src/java_bytecode/java_bytecode_convert_method.h
@@ -14,12 +14,22 @@ Author: Daniel Kroening, kroening@kroening.com
 
 #include "java_bytecode_parse_tree.h"
 
+class class_hierarchyt;
+
 void java_bytecode_convert_method(
   const symbolt &class_symbol,
   const java_bytecode_parse_treet::methodt &,
   symbol_tablet &symbol_table,
   message_handlert &message_handler,
   bool disable_runtime_checks,
-  size_t max_array_length);
+  size_t max_array_length,
+  std::vector<irep_idt>& needed_methods,
+  const class_hierarchyt&);
+
+void java_bytecode_convert_method_lazy(
+  const symbolt &class_symbol,
+  const irep_idt method_identifier,
+  const java_bytecode_parse_treet::methodt &,
+  symbol_tablet &symbol_table);
 
 #endif // CPROVER_JAVA_BYTECODE_JAVA_BYTECODE_CONVERT_METHOD_H
diff --git a/src/java_bytecode/java_bytecode_convert_method_class.h b/src/java_bytecode/java_bytecode_convert_method_class.h
index 8c0e708a530..30d0d974646 100644
--- a/src/java_bytecode/java_bytecode_convert_method_class.h
+++ b/src/java_bytecode/java_bytecode_convert_method_class.h
@@ -15,12 +15,14 @@ Author: Daniel Kroening, kroening@kroening.com
 #include <util/std_expr.h>
 #include <analyses/cfg_dominators.h>
 #include "java_bytecode_parse_tree.h"
+#include "java_bytecode_convert_class.h"
 
 #include <vector>
 #include <list>
 
 class symbol_tablet;
 class symbolt;
+class class_hierarchyt;
 
 class java_bytecode_convert_methodt:public messaget
 {
@@ -29,11 +31,15 @@ class java_bytecode_convert_methodt:public messaget
     symbol_tablet &_symbol_table,
     message_handlert &_message_handler,
     bool _disable_runtime_checks,
-    size_t _max_array_length):
+    size_t _max_array_length,
+    std::vector<irep_idt>& _needed_methods,
+    const class_hierarchyt& _ch):
     messaget(_message_handler),
     symbol_table(_symbol_table),
     disable_runtime_checks(_disable_runtime_checks),
-    max_array_length(_max_array_length)
+    max_array_length(_max_array_length),
+    needed_methods(_needed_methods),
+    class_hierarchy(_ch)
   {
   }
 
@@ -52,6 +58,8 @@ class java_bytecode_convert_methodt:public messaget
   symbol_tablet &symbol_table;
   const bool disable_runtime_checks;
   const size_t max_array_length;
+  std::vector<irep_idt>& needed_methods;
+  const class_hierarchyt& class_hierarchy;
 
   irep_idt method_id;
   irep_idt current_method;
diff --git a/src/java_bytecode/java_bytecode_language.cpp b/src/java_bytecode/java_bytecode_language.cpp
index 1d9d9f57b41..fb0e19ef487 100644
--- a/src/java_bytecode/java_bytecode_language.cpp
+++ b/src/java_bytecode/java_bytecode_language.cpp
@@ -14,8 +14,11 @@ Author: Daniel Kroening, kroening@kroening.com
 #include <util/cmdline.h>
 #include <util/string2int.h>
 
+#include <goto-programs/class_hierarchy.h>
+
 #include "java_bytecode_language.h"
 #include "java_bytecode_convert_class.h"
+#include "java_bytecode_convert_method.h"
 #include "java_bytecode_internal_additions.h"
 #include "java_bytecode_typecheck.h"
 #include "java_entry_point.h"
@@ -180,10 +183,15 @@ Function: java_bytecode_languaget::typecheck
 
 \*******************************************************************/
 
+
+
 bool java_bytecode_languaget::typecheck(
   symbol_tablet &symbol_table,
   const std::string &module)
 {
+  std::map<irep_idt, std::pair<const symbolt*, const java_bytecode_parse_treet::methodt*> >
+    lazy_methods;
+
   // first convert all
   for(java_class_loadert::class_mapt::const_iterator
       c_it=java_class_loader.class_map.begin();
@@ -200,10 +208,73 @@ bool java_bytecode_languaget::typecheck(
          symbol_table,
          get_message_handler(),
          disable_runtime_checks,
-         max_user_array_length))
+         max_user_array_length,
+         lazy_methods))
       return true;
   }
 
+  // Now incrementally elaborate methods that are reachable from this entry point:
+
+  // Convert-method will need this to find virtual function targets.
+  class_hierarchyt ch;
+  ch(symbol_table);
+
+  std::vector<irep_idt> worklist1;
+  std::vector<irep_idt> worklist2;
+
+  auto main_function=get_main_symbol(symbol_table,main_class,get_message_handler(),true);
+  if(main_function.stop_convert)
+  {
+    // Failed, mark all functions in the given main class reachable.
+    const auto& methods=java_class_loader.class_map.at(main_class).parsed_class.methods;
+    for(const auto& method : methods)
+    {
+      const irep_idt methodid="java::"+id2string(main_class)+"."+
+        id2string(method.name)+":"+
+        id2string(method.signature);
+      worklist2.push_back(methodid);
+    }
+  }
+  else
+    worklist2.push_back(main_function.main_function.name);
+
+  std::set<irep_idt> already_populated;
+  while(worklist2.size()!=0)
+  {
+    std::swap(worklist1,worklist2);
+    for(const auto& mname : worklist1)
+    {
+      if(!already_populated.insert(mname).second)
+        continue;
+      auto findit=lazy_methods.find(mname);
+      if(findit==lazy_methods.end())
+      {
+        debug() << "Skip " << mname << eom;
+        continue;
+      }
+      debug() << "Lazy methods: elaborate " << mname << eom;
+      const auto& parsed_method=findit->second;
+      java_bytecode_convert_method(*parsed_method.first,*parsed_method.second,
+				   symbol_table,get_message_handler(),
+				   disable_runtime_checks,max_user_array_length,worklist2,ch);
+    }
+    worklist1.clear();
+  }
+
+  // Remove symbols for methods that were declared but never used:
+  symbol_tablet keep_symbols;
+
+  for(const auto& sym : symbol_table.symbols)
+  {
+    if(lazy_methods.count(sym.first) && !already_populated.count(sym.first))
+      continue;
+    keep_symbols.add(sym.second);
+  }
+
+  debug() << "Lazy methods: removed " << symbol_table.symbols.size() - keep_symbols.symbols.size() << " unreachable methods" << eom;
+
+  symbol_table.swap(keep_symbols);
+
   // now typecheck all
   if(java_bytecode_typecheck(
        symbol_table, get_message_handler()))
diff --git a/src/java_bytecode/java_entry_point.cpp b/src/java_bytecode/java_entry_point.cpp
index dcc3dead0a8..44a59091ba2 100644
--- a/src/java_bytecode/java_entry_point.cpp
+++ b/src/java_bytecode/java_entry_point.cpp
@@ -327,11 +327,11 @@ void java_record_outputs(
   }
 }
 
-
 main_function_resultt get_main_symbol(
   symbol_tablet &symbol_table,
   const irep_idt &main_class,
-  message_handlert &message_handler)
+  message_handlert &message_handler,
+  bool allow_no_body)
 {
   symbolt symbol;
   main_function_resultt res;
@@ -415,7 +415,7 @@ main_function_resultt get_main_symbol(
     }
 
     // check if it has a body
-    if(symbol.value.is_nil())
+    if(symbol.value.is_nil() && !allow_no_body)
     {
       message.error() << "main method `" << main_class
                       << "' has no body" << messaget::eom;
@@ -480,7 +480,7 @@ main_function_resultt get_main_symbol(
     symbol=symbol_table.symbols.find(*matches.begin())->second;
 
     // check if it has a body
-    if(symbol.value.is_nil())
+    if(symbol.value.is_nil() && !allow_no_body)
     {
       message.error() << "main method `" << main_class
                       << "' has no body" << messaget::eom;
diff --git a/src/java_bytecode/java_entry_point.h b/src/java_bytecode/java_entry_point.h
index 7fa562de89a..82071aa26b1 100644
--- a/src/java_bytecode/java_entry_point.h
+++ b/src/java_bytecode/java_entry_point.h
@@ -28,6 +28,7 @@ typedef struct
 main_function_resultt get_main_symbol(
   symbol_tablet &symbol_table,
   const irep_idt &main_class,
-  message_handlert &);
+  message_handlert &,
+  bool allow_no_body = false);
 
 #endif // CPROVER_JAVA_BYTECODE_JAVA_ENTRY_POINT_H

From b7a7bfb17a7234d8a35cf2d8e43cba447e0272c7 Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Tue, 1 Nov 2016 14:19:53 +0000
Subject: [PATCH 023/699] Remove dead global variables

When lazy method conversion is in use, they might end up unused.
---
 src/java_bytecode/java_bytecode_language.cpp | 21 +++++++++++++++++---
 1 file changed, 18 insertions(+), 3 deletions(-)

diff --git a/src/java_bytecode/java_bytecode_language.cpp b/src/java_bytecode/java_bytecode_language.cpp
index fb0e19ef487..fc5ee421343 100644
--- a/src/java_bytecode/java_bytecode_language.cpp
+++ b/src/java_bytecode/java_bytecode_language.cpp
@@ -171,6 +171,19 @@ bool java_bytecode_languaget::parse(
   return false;
 }
 
+static void gather_needed_globals(const exprt& e, const symbol_tablet& symbol_table, symbol_tablet& needed)
+{
+  if(e.id()==ID_symbol)
+  {
+    const auto& sym=symbol_table.lookup(to_symbol_expr(e).get_identifier());
+    if(sym.is_static_lifetime)
+      needed.add(sym);
+  }
+  else
+    forall_operands(opit,e)
+      gather_needed_globals(*opit,symbol_table,needed);
+}
+
 /*******************************************************************\
 
 Function: java_bytecode_languaget::typecheck
@@ -183,8 +196,6 @@ Function: java_bytecode_languaget::typecheck
 
 \*******************************************************************/
 
-
-
 bool java_bytecode_languaget::typecheck(
   symbol_tablet &symbol_table,
   const std::string &module)
@@ -266,12 +277,16 @@ bool java_bytecode_languaget::typecheck(
 
   for(const auto& sym : symbol_table.symbols)
   {
+    if(sym.second.is_static_lifetime)
+      continue;
     if(lazy_methods.count(sym.first) && !already_populated.count(sym.first))
       continue;
+    if(sym.second.type.id()==ID_code)
+      gather_needed_globals(sym.second.value,symbol_table,keep_symbols);
     keep_symbols.add(sym.second);
   }
 
-  debug() << "Lazy methods: removed " << symbol_table.symbols.size() - keep_symbols.symbols.size() << " unreachable methods" << eom;
+  debug() << "Lazy methods: removed " << symbol_table.symbols.size() - keep_symbols.symbols.size() << " unreachable methods and globals" << eom;
 
   symbol_table.swap(keep_symbols);
 

From caf804e4721759dca5953ccea6bb118baf88a440 Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Wed, 2 Nov 2016 17:02:41 +0000
Subject: [PATCH 024/699] Restrict virtual method targets to known-created
 types

Previously even with lazy method conversion enabled, if we had a caller
to A.f and C.f overrides A.f, we would generate a possible call to C.f
even if a C is never instantiated in any reachable method. This commit
changes that, such that we need *both* a callsite and evidence of a C
being constructed to generate the callgraph edge.
---
 .../java_bytecode_convert_method.cpp          |  24 ++-
 .../java_bytecode_convert_method.h            |   1 +
 .../java_bytecode_convert_method_class.h      |   3 +
 src/java_bytecode/java_bytecode_language.cpp  | 156 +++++++++++++++---
 4 files changed, 148 insertions(+), 36 deletions(-)

diff --git a/src/java_bytecode/java_bytecode_convert_method.cpp b/src/java_bytecode/java_bytecode_convert_method.cpp
index 652547b9def..39d347cdb1c 100644
--- a/src/java_bytecode/java_bytecode_convert_method.cpp
+++ b/src/java_bytecode/java_bytecode_convert_method.cpp
@@ -1067,7 +1067,10 @@ codet java_bytecode_convert_methodt::convert_instructions(
           {
             if(as_string(arg0.get(ID_identifier))
                .find("<init>")!=std::string::npos)
+            {
+              needed_classes.insert(classname);
               code_type.set(ID_constructor, true);
+            }
             else
               code_type.set(ID_java_super_method_call, true);
           }
@@ -1143,30 +1146,19 @@ codet java_bytecode_convert_methodt::convert_instructions(
         symbol_table.add(symbol);
       }
 
-      needed_methods.push_back(arg0.get(ID_identifier));
-
       if(is_virtual)
       {
         // dynamic binding
         assert(use_this);
         assert(!call.arguments().empty());
         call.function()=arg0;
-        const auto& call_class=arg0.get(ID_C_class);
-        assert(call_class!=irep_idt());
-        const auto& call_basename=arg0.get(ID_component_name);
-        assert(call_basename!=irep_idt());
-        auto child_classes=class_hierarchy.get_children_trans(call_class);
-        for(const auto& child_class : child_classes)
-        {
-          auto methodid=id2string(child_class)+"."+id2string(call_basename);
-          if(symbol_table.has_symbol(methodid))
-            needed_methods.push_back(methodid);
-        }
+        // Populate needed methods later, once we know what object types can exist.
       }
       else
       {
         // static binding
         call.function()=symbol_exprt(arg0.get(ID_identifier), arg0.type());
+        needed_methods.push_back(arg0.get(ID_identifier));
       }
 
       call.function().add_source_location()=loc;
@@ -1708,6 +1700,8 @@ codet java_bytecode_convert_methodt::convert_instructions(
       symbol_exprt symbol_expr(arg0.type());
       const auto &field_name=arg0.get_string(ID_component_name);
       symbol_expr.set_identifier(arg0.get_string(ID_class)+"."+field_name);
+      if(arg0.type().id()==ID_symbol)
+        needed_classes.insert(to_symbol_type(arg0.type()).get_identifier());
       results[0]=java_bytecode_promotion(symbol_expr);
 
       // set $assertionDisabled to false
@@ -1725,6 +1719,8 @@ codet java_bytecode_convert_methodt::convert_instructions(
       symbol_exprt symbol_expr(arg0.type());
       const auto &field_name=arg0.get_string(ID_component_name);
       symbol_expr.set_identifier(arg0.get_string(ID_class)+"."+field_name);
+      if(arg0.type().id()==ID_symbol)
+        needed_classes.insert(to_symbol_type(arg0.type()).get_identifier());
       c=code_assignt(symbol_expr, op[0]);
     }
     else if(statement==patternt("?2?")) // i2c etc.
@@ -2189,6 +2185,7 @@ void java_bytecode_convert_method(
   bool disable_runtime_checks,
   size_t max_array_length,
   std::vector<irep_idt>& needed_methods,
+  std::set<irep_idt>& needed_classes,
   const class_hierarchyt& ch)
 {
   java_bytecode_convert_methodt java_bytecode_convert_method(
@@ -2197,6 +2194,7 @@ void java_bytecode_convert_method(
     disable_runtime_checks,
     max_array_length,
     needed_methods,
+    needed_classes,
     ch);
 
   java_bytecode_convert_method(class_symbol, method);
diff --git a/src/java_bytecode/java_bytecode_convert_method.h b/src/java_bytecode/java_bytecode_convert_method.h
index 327bfd09932..b6302161a43 100644
--- a/src/java_bytecode/java_bytecode_convert_method.h
+++ b/src/java_bytecode/java_bytecode_convert_method.h
@@ -24,6 +24,7 @@ void java_bytecode_convert_method(
   bool disable_runtime_checks,
   size_t max_array_length,
   std::vector<irep_idt>& needed_methods,
+  std::set<irep_idt>& needed_classes,  
   const class_hierarchyt&);
 
 void java_bytecode_convert_method_lazy(
diff --git a/src/java_bytecode/java_bytecode_convert_method_class.h b/src/java_bytecode/java_bytecode_convert_method_class.h
index 30d0d974646..8eaf7ac8af5 100644
--- a/src/java_bytecode/java_bytecode_convert_method_class.h
+++ b/src/java_bytecode/java_bytecode_convert_method_class.h
@@ -33,12 +33,14 @@ class java_bytecode_convert_methodt:public messaget
     bool _disable_runtime_checks,
     size_t _max_array_length,
     std::vector<irep_idt>& _needed_methods,
+    std::set<irep_idt>& _needed_classes,
     const class_hierarchyt& _ch):
     messaget(_message_handler),
     symbol_table(_symbol_table),
     disable_runtime_checks(_disable_runtime_checks),
     max_array_length(_max_array_length),
     needed_methods(_needed_methods),
+    needed_classes(_needed_classes),
     class_hierarchy(_ch)
   {
   }
@@ -59,6 +61,7 @@ class java_bytecode_convert_methodt:public messaget
   const bool disable_runtime_checks;
   const size_t max_array_length;
   std::vector<irep_idt>& needed_methods;
+  std::set<irep_idt>& needed_classes;
   const class_hierarchyt& class_hierarchy;
 
   irep_idt method_id;
diff --git a/src/java_bytecode/java_bytecode_language.cpp b/src/java_bytecode/java_bytecode_language.cpp
index fc5ee421343..057859cef04 100644
--- a/src/java_bytecode/java_bytecode_language.cpp
+++ b/src/java_bytecode/java_bytecode_language.cpp
@@ -171,6 +171,48 @@ bool java_bytecode_languaget::parse(
   return false;
 }
 
+static void get_virtual_method_targets(
+  const code_function_callt& c,
+  const std::set<irep_idt>& needed_classes,
+  std::vector<irep_idt>& needed_methods,
+  const symbol_tablet& symbol_table,
+  const class_hierarchyt& class_hierarchy)
+{
+
+  const auto& called_function=c.function();
+  assert(called_function.id()==ID_virtual_function);
+
+  const auto& call_class=called_function.get(ID_C_class);
+  assert(call_class!=irep_idt());
+  const auto& call_basename=called_function.get(ID_component_name);
+  assert(call_basename!=irep_idt());
+
+  auto child_classes=class_hierarchy.get_children_trans(call_class);
+  child_classes.push_back(call_class);
+  for(const auto& child_class : child_classes)
+  {
+    // Program-wide, is this class ever instantiated?
+    if(!needed_classes.count(child_class))
+      continue;
+    auto methodid=id2string(child_class)+"."+id2string(call_basename);
+    if(symbol_table.has_symbol(methodid))
+      needed_methods.push_back(methodid);
+  }
+}
+
+static void gather_virtual_callsites(const exprt& e, std::vector<const code_function_callt*>& result)
+{
+  if(e.id()!=ID_code)
+    return;
+  const codet& c=to_code(e);
+  if(c.get_statement()==ID_function_call &&
+     to_code_function_call(c).function().id()==ID_virtual_function)
+    result.push_back(&to_code_function_call(c));
+  else
+    forall_operands(it,e)
+      gather_virtual_callsites(*it,result);
+}
+
 static void gather_needed_globals(const exprt& e, const symbol_tablet& symbol_table, symbol_tablet& needed)
 {
   if(e.id()==ID_symbol)
@@ -184,6 +226,48 @@ static void gather_needed_globals(const exprt& e, const symbol_tablet& symbol_ta
       gather_needed_globals(*opit,symbol_table,needed);
 }
 
+static void gather_field_types(
+  const typet& class_type,
+  const namespacet& ns,
+  std::set<irep_idt>& needed_classes)
+{
+  const auto& underlying_type=to_struct_type(ns.follow(class_type));
+  for(const auto& field : underlying_type.components())
+  {
+    if(field.type().id()==ID_struct || field.type().id()==ID_symbol)
+      gather_field_types(field.type(),ns,needed_classes);
+    else if(field.type().id()==ID_pointer)
+    {
+      // Skip array primitive pointers, for example:
+      if(field.type().subtype().id()!=ID_symbol)
+	continue;
+      const auto& field_classid=to_symbol_type(field.type().subtype()).get_identifier();
+      if(needed_classes.insert(field_classid).second)
+	gather_field_types(field.type().subtype(),ns,needed_classes);
+    }
+  }
+}
+
+static void initialise_needed_classes(
+  const std::vector<irep_idt>& entry_points,
+  const namespacet& ns,
+  std::set<irep_idt>& needed_classes)
+{
+  for(const auto& mname : entry_points)
+  {
+    const auto& symbol=ns.lookup(mname);
+    const auto& mtype=to_code_type(symbol.type);
+    for(const auto& param : mtype.parameters())
+    {
+      if(param.type().id()==ID_pointer)
+      {
+	needed_classes.insert(to_symbol_type(param.type().subtype()).get_identifier());
+	gather_field_types(param.type().subtype(),ns,needed_classes);
+      }
+    }
+  }
+}
+
 /*******************************************************************\
 
 Function: java_bytecode_languaget::typecheck
@@ -230,8 +314,8 @@ bool java_bytecode_languaget::typecheck(
   class_hierarchyt ch;
   ch(symbol_table);
 
-  std::vector<irep_idt> worklist1;
-  std::vector<irep_idt> worklist2;
+  std::vector<irep_idt> method_worklist1;
+  std::vector<irep_idt> method_worklist2;
 
   auto main_function=get_main_symbol(symbol_table,main_class,get_message_handler(),true);
   if(main_function.stop_convert)
@@ -243,34 +327,60 @@ bool java_bytecode_languaget::typecheck(
       const irep_idt methodid="java::"+id2string(main_class)+"."+
         id2string(method.name)+":"+
         id2string(method.signature);
-      worklist2.push_back(methodid);
+      method_worklist2.push_back(methodid);
     }
   }
   else
-    worklist2.push_back(main_function.main_function.name);
+    method_worklist2.push_back(main_function.main_function.name);
 
-  std::set<irep_idt> already_populated;
-  while(worklist2.size()!=0)
-  {
-    std::swap(worklist1,worklist2);
-    for(const auto& mname : worklist1)
+  std::set<irep_idt> needed_classes;
+  initialise_needed_classes(method_worklist2,namespacet(symbol_table),needed_classes);
+
+  std::set<irep_idt> methods_already_populated;
+  std::vector<const code_function_callt*> virtual_callsites;
+
+  bool any_new_methods;
+  do {
+
+    any_new_methods=false;
+    while(method_worklist2.size()!=0)
     {
-      if(!already_populated.insert(mname).second)
-        continue;
-      auto findit=lazy_methods.find(mname);
-      if(findit==lazy_methods.end())
+      std::swap(method_worklist1,method_worklist2);
+      for(const auto& mname : method_worklist1)
       {
-        debug() << "Skip " << mname << eom;
-        continue;
+        if(!methods_already_populated.insert(mname).second)
+          continue;
+        auto findit=lazy_methods.find(mname);
+        if(findit==lazy_methods.end())
+        {
+          debug() << "Skip " << mname << eom;
+          continue;
+        }
+        debug() << "Lazy methods: elaborate " << mname << eom;
+        const auto& parsed_method=findit->second;
+        java_bytecode_convert_method(*parsed_method.first,*parsed_method.second,
+                                     symbol_table,get_message_handler(),
+                                     disable_runtime_checks,max_user_array_length,
+                                     method_worklist2,needed_classes,ch);
+        gather_virtual_callsites(symbol_table.lookup(mname).value,virtual_callsites);
+        any_new_methods=true;
       }
-      debug() << "Lazy methods: elaborate " << mname << eom;
-      const auto& parsed_method=findit->second;
-      java_bytecode_convert_method(*parsed_method.first,*parsed_method.second,
-				   symbol_table,get_message_handler(),
-				   disable_runtime_checks,max_user_array_length,worklist2,ch);
+      method_worklist1.clear();
     }
-    worklist1.clear();
-  }
+
+    // Given the object types we now know may be created, populate more
+    // possible virtual function call targets:
+
+    debug() << "Lazy methods: add virtual method targets (" << virtual_callsites.size() <<
+      " callsites)" << eom;
+
+    for(const auto& callsite : virtual_callsites)
+    {
+      get_virtual_method_targets(*callsite,needed_classes,method_worklist2,
+				 symbol_table,ch);
+    }
+
+  } while(any_new_methods);
 
   // Remove symbols for methods that were declared but never used:
   symbol_tablet keep_symbols;
@@ -279,7 +389,7 @@ bool java_bytecode_languaget::typecheck(
   {
     if(sym.second.is_static_lifetime)
       continue;
-    if(lazy_methods.count(sym.first) && !already_populated.count(sym.first))
+    if(lazy_methods.count(sym.first) && !methods_already_populated.count(sym.first))
       continue;
     if(sym.second.type.id()==ID_code)
       gather_needed_globals(sym.second.value,symbol_table,keep_symbols);

From 6e1133da85836360375d846c6ee03f05aff64d42 Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Mon, 21 Nov 2016 15:01:38 +0000
Subject: [PATCH 025/699] Mark all classes in root jar reachable if it doesn't
 declare a main function

---
 src/java_bytecode/java_bytecode_language.cpp | 24 ++++++++++++++------
 src/java_bytecode/java_bytecode_language.h   |  1 +
 src/java_bytecode/java_class_loader.h        |  1 -
 3 files changed, 18 insertions(+), 8 deletions(-)

diff --git a/src/java_bytecode/java_bytecode_language.cpp b/src/java_bytecode/java_bytecode_language.cpp
index 057859cef04..dc6c350ba7f 100644
--- a/src/java_bytecode/java_bytecode_language.cpp
+++ b/src/java_bytecode/java_bytecode_language.cpp
@@ -150,6 +150,8 @@ bool java_bytecode_languaget::parse(
     {
       status() << "JAR file without entry point: loading it all" << eom;
       java_class_loader.load_entire_jar(path);
+      for(const auto& kv : java_class_loader.jar_map.at(path).entries)
+        main_jar_classes.push_back(kv.first);
     }
     else
       java_class_loader.add_jar_file(path);
@@ -320,14 +322,22 @@ bool java_bytecode_languaget::typecheck(
   auto main_function=get_main_symbol(symbol_table,main_class,get_message_handler(),true);
   if(main_function.stop_convert)
   {
-    // Failed, mark all functions in the given main class reachable.
-    const auto& methods=java_class_loader.class_map.at(main_class).parsed_class.methods;
-    for(const auto& method : methods)
+    // Failed, mark all functions in the given main class(es) reachable.
+    std::vector<irep_idt> reachable_classes;
+    if(!main_class.empty())
+      reachable_classes.push_back(main_class);
+    else
+      reachable_classes=main_jar_classes;
+    for(const auto& classname : reachable_classes)
     {
-      const irep_idt methodid="java::"+id2string(main_class)+"."+
-        id2string(method.name)+":"+
-        id2string(method.signature);
-      method_worklist2.push_back(methodid);
+      const auto& methods=java_class_loader.class_map.at(classname).parsed_class.methods;
+      for(const auto& method : methods)
+      {
+        const irep_idt methodid="java::"+id2string(classname)+"."+
+          id2string(method.name)+":"+
+          id2string(method.signature);
+        method_worklist2.push_back(methodid);
+      }
     }
   }
   else
diff --git a/src/java_bytecode/java_bytecode_language.h b/src/java_bytecode/java_bytecode_language.h
index 5937f6f4fd4..36b28682dca 100644
--- a/src/java_bytecode/java_bytecode_language.h
+++ b/src/java_bytecode/java_bytecode_language.h
@@ -72,6 +72,7 @@ class java_bytecode_languaget:public languaget
 
 protected:
   irep_idt main_class;
+  std::vector<irep_idt> main_jar_classes;
   java_class_loadert java_class_loader;
   bool assume_inputs_non_null;      // assume inputs variables to be non-null
 
diff --git a/src/java_bytecode/java_class_loader.h b/src/java_bytecode/java_class_loader.h
index 4d67b3e7164..b2a4953445a 100644
--- a/src/java_bytecode/java_class_loader.h
+++ b/src/java_bytecode/java_class_loader.h
@@ -37,7 +37,6 @@ class java_class_loadert:public messaget
 
   jar_poolt jar_pool;
 
-protected:
   class jar_map_entryt
   {
   public:

From 49bfea4d8b0fb6b8b10e1a1abf09e565a7daa210 Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Wed, 23 Nov 2016 11:02:34 +0000
Subject: [PATCH 026/699] Add this-parameter before determining needed classes

If the given entry point has a this-parameter of type A,
that constitutes evidence that virtual callsites might target
a class of type A.
---
 .../java_bytecode_convert_method.cpp          | 30 +++++++++----------
 1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/src/java_bytecode/java_bytecode_convert_method.cpp b/src/java_bytecode/java_bytecode_convert_method.cpp
index 39d347cdb1c..d10cfdec60b 100644
--- a/src/java_bytecode/java_bytecode_convert_method.cpp
+++ b/src/java_bytecode/java_bytecode_convert_method.cpp
@@ -207,6 +207,18 @@ void java_bytecode_convert_method_lazy(
     method_symbol.pretty_name=id2string(class_symbol.pretty_name)+"."+
       id2string(m.base_name)+"()";
 
+  // do we need to add 'this' as a parameter?
+  if(!m.is_static)
+  {
+    code_typet &code_type=to_code_type(member_type);
+    code_typet::parameterst &parameters=code_type.parameters();
+    code_typet::parametert this_p;
+    const reference_typet object_ref_type(symbol_typet(class_symbol.name));
+    this_p.type()=object_ref_type;
+    this_p.set_this();
+    parameters.insert(parameters.begin(), this_p);
+  }
+
   method_symbol.type=member_type;
   symbol_table.add(method_symbol);
 }
@@ -227,29 +239,17 @@ void java_bytecode_convert_methodt::convert(
   const symbolt &class_symbol,
   const methodt &m)
 {
-  typet member_type=java_type_from_string(m.signature);
-
-  assert(member_type.id()==ID_code);
-
   const irep_idt method_identifier=
     id2string(class_symbol.name)+"."+id2string(m.name)+":"+m.signature;
   method_id=method_identifier;
 
+  const auto& old_sym=symbol_table.lookup(method_identifier);
+
+  typet member_type=old_sym.type;
   code_typet &code_type=to_code_type(member_type);
   method_return_type=code_type.return_type();
   code_typet::parameterst &parameters=code_type.parameters();
 
-  // do we need to add 'this' as a parameter?
-  if(!m.is_static)
-  {
-    code_typet::parametert this_p;
-    const reference_typet object_ref_type(
-      symbol_typet(class_symbol.name));
-    this_p.type()=object_ref_type;
-    this_p.set_this();
-    parameters.insert(parameters.begin(), this_p);
-  }
-
   variables.clear();
 
   // find parameter names in the local variable table:

From e12448b0dfde0b0b37f5f329d451fcabd5f8d431 Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Wed, 30 Nov 2016 15:38:08 +0000
Subject: [PATCH 027/699] Lazy method conversion: load callee parent classes

Previously lazy virtual callsite resolution would assume that in order
to call B.f, it is necessary to instantiate a B and call A.f, where A
is some parent of B. This commit amends that to allow creation of a C,
where C is a subtype of B and does not override f itself, is enough for
B.f to be callable.
---
 src/java_bytecode/java_bytecode_language.cpp | 84 +++++++++++++++++---
 1 file changed, 72 insertions(+), 12 deletions(-)

diff --git a/src/java_bytecode/java_bytecode_language.cpp b/src/java_bytecode/java_bytecode_language.cpp
index dc6c350ba7f..8e5ce448b57 100644
--- a/src/java_bytecode/java_bytecode_language.cpp
+++ b/src/java_bytecode/java_bytecode_language.cpp
@@ -173,14 +173,29 @@ bool java_bytecode_languaget::parse(
   return false;
 }
 
+static irep_idt get_virtual_method_target(
+  const std::set<irep_idt>& needed_classes,
+  const irep_idt& call_basename,
+  const irep_idt& classname,
+  const symbol_tablet& symbol_table)
+{
+  // Program-wide, is this class ever instantiated?
+  if(!needed_classes.count(classname))
+    return irep_idt();
+  auto methodid=id2string(classname)+"."+id2string(call_basename);
+  if(symbol_table.has_symbol(methodid))
+    return methodid;
+  else
+    return irep_idt();
+}
+
 static void get_virtual_method_targets(
   const code_function_callt& c,
   const std::set<irep_idt>& needed_classes,
   std::vector<irep_idt>& needed_methods,
-  const symbol_tablet& symbol_table,
+  symbol_tablet& symbol_table,
   const class_hierarchyt& class_hierarchy)
 {
-
   const auto& called_function=c.function();
   assert(called_function.id()==ID_virtual_function);
 
@@ -189,17 +204,56 @@ static void get_virtual_method_targets(
   const auto& call_basename=called_function.get(ID_component_name);
   assert(call_basename!=irep_idt());
 
+  auto old_size=needed_methods.size();
+
   auto child_classes=class_hierarchy.get_children_trans(call_class);
-  child_classes.push_back(call_class);
   for(const auto& child_class : child_classes)
   {
-    // Program-wide, is this class ever instantiated?
-    if(!needed_classes.count(child_class))
-      continue;
-    auto methodid=id2string(child_class)+"."+id2string(call_basename);
-    if(symbol_table.has_symbol(methodid))
-      needed_methods.push_back(methodid);
+    auto child_method=get_virtual_method_target(needed_classes,call_basename,
+                                                child_class,symbol_table);
+    if(child_method!=irep_idt())
+      needed_methods.push_back(child_method);
+  }
+
+  irep_idt parent_class_id=call_class;
+  while(1)
+  {
+    auto parent_method=get_virtual_method_target(needed_classes,call_basename,
+                                                 parent_class_id,symbol_table);
+    if(parent_method!=irep_idt())
+    {
+      needed_methods.push_back(parent_method);
+      break;
+    }
+    else
+    {
+      auto findit=class_hierarchy.class_map.find(parent_class_id);
+      if(findit==class_hierarchy.class_map.end())
+        break;
+      else
+      {
+        const auto& entry=findit->second;
+        if(entry.parents.size()==0)
+          break;
+        else
+          parent_class_id=entry.parents[0];
+      }
+    }
   }
+
+  if(needed_methods.size()==old_size)
+  {
+    // Didn't find any candidate callee. Generate a stub.
+    std::string stubname=id2string(call_class)+"."+id2string(call_basename);
+    symbolt symbol;
+    symbol.name=stubname;
+    symbol.base_name=call_basename;
+    symbol.type=c.function().type();
+    symbol.value.make_nil();
+    symbol.mode=ID_java;
+    symbol_table.add(symbol);
+  }
+
 }
 
 static void gather_virtual_callsites(const exprt& e, std::vector<const code_function_callt*>& result)
@@ -253,6 +307,7 @@ static void gather_field_types(
 static void initialise_needed_classes(
   const std::vector<irep_idt>& entry_points,
   const namespacet& ns,
+  const class_hierarchyt& ch,
   std::set<irep_idt>& needed_classes)
 {
   for(const auto& mname : entry_points)
@@ -263,8 +318,12 @@ static void initialise_needed_classes(
     {
       if(param.type().id()==ID_pointer)
       {
-	needed_classes.insert(to_symbol_type(param.type().subtype()).get_identifier());
-	gather_field_types(param.type().subtype(),ns,needed_classes);
+        const auto& param_classid=to_symbol_type(param.type().subtype()).get_identifier();
+        std::vector<irep_idt> class_and_parents=ch.get_parents_trans(param_classid);
+        class_and_parents.push_back(param_classid);
+        for(const auto& classid : class_and_parents)
+          needed_classes.insert(classid);
+        gather_field_types(param.type().subtype(),ns,needed_classes);
       }
     }
   }
@@ -344,7 +403,7 @@ bool java_bytecode_languaget::typecheck(
     method_worklist2.push_back(main_function.main_function.name);
 
   std::set<irep_idt> needed_classes;
-  initialise_needed_classes(method_worklist2,namespacet(symbol_table),needed_classes);
+  initialise_needed_classes(method_worklist2,namespacet(symbol_table),ch,needed_classes);
 
   std::set<irep_idt> methods_already_populated;
   std::vector<const code_function_callt*> virtual_callsites;
@@ -386,6 +445,7 @@ bool java_bytecode_languaget::typecheck(
 
     for(const auto& callsite : virtual_callsites)
     {
+      // This will also create a stub if a virtual callsite has no targets.
       get_virtual_method_targets(*callsite,needed_classes,method_worklist2,
 				 symbol_table,ch);
     }

From d20bdc644adc98c740d0c264cac43347f6af429e Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Tue, 17 Jan 2017 11:55:35 +0000
Subject: [PATCH 028/699] Always assume String, Class and Object are callable

---
 src/java_bytecode/java_bytecode_language.cpp | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/java_bytecode/java_bytecode_language.cpp b/src/java_bytecode/java_bytecode_language.cpp
index 8e5ce448b57..1655347f627 100644
--- a/src/java_bytecode/java_bytecode_language.cpp
+++ b/src/java_bytecode/java_bytecode_language.cpp
@@ -327,6 +327,13 @@ static void initialise_needed_classes(
       }
     }
   }
+
+  // Also add classes whose instances are magically
+  // created by the JVM and so won't be spotted by
+  // looking for constructors and calls as usual:
+  needed_classes.insert("java::java.lang.String");
+  needed_classes.insert("java::java.lang.Class");
+  needed_classes.insert("java::java.lang.Object");
 }
 
 /*******************************************************************\

From 93af0389f44de0ccca8c74e55b4a814073b36794 Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Tue, 17 Jan 2017 12:01:49 +0000
Subject: [PATCH 029/699] Don't try to call an abstract function

---
 src/goto-programs/remove_virtual_functions.cpp | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/goto-programs/remove_virtual_functions.cpp b/src/goto-programs/remove_virtual_functions.cpp
index 4b950593aed..c93b50a2500 100644
--- a/src/goto-programs/remove_virtual_functions.cpp
+++ b/src/goto-programs/remove_virtual_functions.cpp
@@ -339,7 +339,8 @@ void remove_virtual_functionst::get_functions(
     component_name,
     functions);
 
-  functions.push_back(root_function);
+  if(root_function.symbol_expr!=symbol_exprt())
+    functions.push_back(root_function);
 }
 
 /*******************************************************************\

From 21decbb64ea03022d3986d60e638c6165f40890e Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Wed, 25 Jan 2017 15:53:40 +0000
Subject: [PATCH 030/699] Make lazy method loading optional

---
 .../java_bytecode_convert_class.cpp           | 42 +++++++---
 .../java_bytecode_convert_class.h             |  7 +-
 .../java_bytecode_convert_method.cpp          | 23 +++---
 .../java_bytecode_convert_method.h            | 25 +++++-
 .../java_bytecode_convert_method_class.h      | 14 ++--
 src/java_bytecode/java_bytecode_language.cpp  | 76 ++++++++++++++-----
 src/java_bytecode/java_bytecode_language.h    | 17 +++++
 src/util/language.h                           |  9 +++
 src/util/language_file.cpp                    | 16 ++++
 src/util/language_file.h                      | 23 ++++++
 10 files changed, 196 insertions(+), 56 deletions(-)

diff --git a/src/java_bytecode/java_bytecode_convert_class.cpp b/src/java_bytecode/java_bytecode_convert_class.cpp
index 2036bcd9bce..eb642baa846 100644
--- a/src/java_bytecode/java_bytecode_convert_class.cpp
+++ b/src/java_bytecode/java_bytecode_convert_class.cpp
@@ -14,6 +14,7 @@ Author: Daniel Kroening, kroening@kroening.com
 #include "java_root_class.h"
 #include "java_types.h"
 #include "java_bytecode_convert_method.h"
+#include "java_bytecode_language.h"
 
 #include <util/namespace.h>
 #include <util/std_expr.h>
@@ -28,12 +29,14 @@ class java_bytecode_convert_classt:public messaget
     message_handlert &_message_handler,
     bool _disable_runtime_checks,
     size_t _max_array_length,
-    lazy_methodst& _lm):
+    lazy_methodst& _lm,
+    lazy_methods_modet _lazy_methods_mode):
     messaget(_message_handler),
     symbol_table(_symbol_table),
     disable_runtime_checks(_disable_runtime_checks),
     max_array_length(_max_array_length),
-    lazy_methods(_lm)
+    lazy_methods(_lm),
+    lazy_methods_mode(_lazy_methods_mode)
   {
   }
 
@@ -55,6 +58,7 @@ class java_bytecode_convert_classt:public messaget
   const bool disable_runtime_checks;
   const size_t max_array_length;
   lazy_methodst &lazy_methods;
+  lazy_methods_modet lazy_methods_mode;
 
   // conversion
   void convert(const classt &c);
@@ -143,14 +147,30 @@ void java_bytecode_convert_classt::convert(const classt &c)
       id2string(qualified_classname)+
       "."+id2string(method.name)+
       ":"+method.signature;
+    // Always run the lazy pre-stage, as it symbol-table
+    // registers the function.
     java_bytecode_convert_method_lazy(
-      *class_symbol,method_identifier,method,symbol_table);
-    lazy_methods[method_identifier]=
-      std::make_pair(class_symbol,&method);
+      *class_symbol,
+      method_identifier,
+      method,
+      symbol_table);
+    if(lazy_methods_mode==LAZY_METHODS_MODE_EAGER)
+    {
+      // Upgrade to a fully-realized symbol now:
+      java_bytecode_convert_method(
+        *class_symbol,
+        method,
+        symbol_table,
+        get_message_handler(),
+        disable_runtime_checks,
+        max_array_length);
+    }
+    else
+    {
+      // Wait for our caller to decide what needs elaborating.
+      lazy_methods[method_identifier]=std::make_pair(class_symbol, &method);
+    }
   }
-  //java_bytecode_convert_method(
-  //  *class_symbol, method, symbol_table, get_message_handler(),
-  //  disable_runtime_checks, max_array_length);
 
   // is this a root class?
   if(c.extends.empty())
@@ -339,14 +359,16 @@ bool java_bytecode_convert_class(
   message_handlert &message_handler,
   bool disable_runtime_checks,
   size_t max_array_length,
-  lazy_methodst &lazy_methods)
+  lazy_methodst &lazy_methods,
+  lazy_methods_modet lazy_methods_mode)
 {
   java_bytecode_convert_classt java_bytecode_convert_class(
     symbol_table,
     message_handler,
     disable_runtime_checks,
     max_array_length,
-    lazy_methods);
+    lazy_methods,
+    lazy_methods_mode);
 
   try
   {
diff --git a/src/java_bytecode/java_bytecode_convert_class.h b/src/java_bytecode/java_bytecode_convert_class.h
index 8c1dccc02f5..5cc1526a125 100644
--- a/src/java_bytecode/java_bytecode_convert_class.h
+++ b/src/java_bytecode/java_bytecode_convert_class.h
@@ -13,9 +13,7 @@ Author: Daniel Kroening, kroening@kroening.com
 #include <util/message.h>
 
 #include "java_bytecode_parse_tree.h"
-
-typedef std::map<irep_idt, std::pair<const symbolt*, const java_bytecode_parse_treet::methodt*> >
-  lazy_methodst;
+#include "java_bytecode_language.h"
 
 bool java_bytecode_convert_class(
   const java_bytecode_parse_treet &parse_tree,
@@ -23,6 +21,7 @@ bool java_bytecode_convert_class(
   message_handlert &message_handler,
   bool disable_runtime_checks,
   size_t max_array_length,
-  lazy_methodst &);
+  lazy_methodst &,
+  lazy_methods_modet);
 
 #endif // CPROVER_JAVA_BYTECODE_JAVA_BYTECODE_CONVERT_CLASS_H
diff --git a/src/java_bytecode/java_bytecode_convert_method.cpp b/src/java_bytecode/java_bytecode_convert_method.cpp
index d10cfdec60b..6565e91f72e 100644
--- a/src/java_bytecode/java_bytecode_convert_method.cpp
+++ b/src/java_bytecode/java_bytecode_convert_method.cpp
@@ -20,7 +20,6 @@ Author: Daniel Kroening, kroening@kroening.com
 #include <linking/zero_initializer.h>
 
 #include <goto-programs/cfg.h>
-#include <goto-programs/class_hierarchy.h>
 #include <analyses/cfg_dominators.h>
 
 #include "java_bytecode_convert_method.h"
@@ -1068,7 +1067,8 @@ codet java_bytecode_convert_methodt::convert_instructions(
             if(as_string(arg0.get(ID_identifier))
                .find("<init>")!=std::string::npos)
             {
-              needed_classes.insert(classname);
+              if(needed_classes)
+                needed_classes->insert(classname);
               code_type.set(ID_constructor, true);
             }
             else
@@ -1158,7 +1158,8 @@ codet java_bytecode_convert_methodt::convert_instructions(
       {
         // static binding
         call.function()=symbol_exprt(arg0.get(ID_identifier), arg0.type());
-        needed_methods.push_back(arg0.get(ID_identifier));
+        if(needed_methods)
+          needed_methods->push_back(arg0.get(ID_identifier));
       }
 
       call.function().add_source_location()=loc;
@@ -1700,8 +1701,8 @@ codet java_bytecode_convert_methodt::convert_instructions(
       symbol_exprt symbol_expr(arg0.type());
       const auto &field_name=arg0.get_string(ID_component_name);
       symbol_expr.set_identifier(arg0.get_string(ID_class)+"."+field_name);
-      if(arg0.type().id()==ID_symbol)
-        needed_classes.insert(to_symbol_type(arg0.type()).get_identifier());
+      if(needed_classes && arg0.type().id()==ID_symbol)
+        needed_classes->insert(to_symbol_type(arg0.type()).get_identifier());
       results[0]=java_bytecode_promotion(symbol_expr);
 
       // set $assertionDisabled to false
@@ -1719,8 +1720,8 @@ codet java_bytecode_convert_methodt::convert_instructions(
       symbol_exprt symbol_expr(arg0.type());
       const auto &field_name=arg0.get_string(ID_component_name);
       symbol_expr.set_identifier(arg0.get_string(ID_class)+"."+field_name);
-      if(arg0.type().id()==ID_symbol)
-        needed_classes.insert(to_symbol_type(arg0.type()).get_identifier());
+      if(needed_classes && arg0.type().id()==ID_symbol)
+        needed_classes->insert(to_symbol_type(arg0.type()).get_identifier());
       c=code_assignt(symbol_expr, op[0]);
     }
     else if(statement==patternt("?2?")) // i2c etc.
@@ -2184,9 +2185,8 @@ void java_bytecode_convert_method(
   message_handlert &message_handler,
   bool disable_runtime_checks,
   size_t max_array_length,
-  std::vector<irep_idt>& needed_methods,
-  std::set<irep_idt>& needed_classes,
-  const class_hierarchyt& ch)
+  std::vector<irep_idt> *needed_methods,
+  std::set<irep_idt> *needed_classes)
 {
   java_bytecode_convert_methodt java_bytecode_convert_method(
     symbol_table,
@@ -2194,8 +2194,7 @@ void java_bytecode_convert_method(
     disable_runtime_checks,
     max_array_length,
     needed_methods,
-    needed_classes,
-    ch);
+    needed_classes);
 
   java_bytecode_convert_method(class_symbol, method);
 }
diff --git a/src/java_bytecode/java_bytecode_convert_method.h b/src/java_bytecode/java_bytecode_convert_method.h
index b6302161a43..145c7a5cc91 100644
--- a/src/java_bytecode/java_bytecode_convert_method.h
+++ b/src/java_bytecode/java_bytecode_convert_method.h
@@ -23,9 +23,28 @@ void java_bytecode_convert_method(
   message_handlert &message_handler,
   bool disable_runtime_checks,
   size_t max_array_length,
-  std::vector<irep_idt>& needed_methods,
-  std::set<irep_idt>& needed_classes,  
-  const class_hierarchyt&);
+  std::vector<irep_idt> *needed_methods,
+  std::set<irep_idt> *needed_classes);
+
+// Must provide both the optional parameters or neither.
+inline void java_bytecode_convert_method(
+  const symbolt &class_symbol,
+  const java_bytecode_parse_treet::methodt &method,
+  symbol_tablet &symbol_table,
+  message_handlert &message_handler,
+  bool disable_runtime_checks,
+  size_t max_array_length)
+{
+  java_bytecode_convert_method(
+    class_symbol,
+    method,
+    symbol_table,
+    message_handler,
+    disable_runtime_checks,
+    max_array_length,
+    nullptr,
+    nullptr);
+}
 
 void java_bytecode_convert_method_lazy(
   const symbolt &class_symbol,
diff --git a/src/java_bytecode/java_bytecode_convert_method_class.h b/src/java_bytecode/java_bytecode_convert_method_class.h
index 8eaf7ac8af5..96e640ecdf3 100644
--- a/src/java_bytecode/java_bytecode_convert_method_class.h
+++ b/src/java_bytecode/java_bytecode_convert_method_class.h
@@ -22,7 +22,6 @@ Author: Daniel Kroening, kroening@kroening.com
 
 class symbol_tablet;
 class symbolt;
-class class_hierarchyt;
 
 class java_bytecode_convert_methodt:public messaget
 {
@@ -32,16 +31,14 @@ class java_bytecode_convert_methodt:public messaget
     message_handlert &_message_handler,
     bool _disable_runtime_checks,
     size_t _max_array_length,
-    std::vector<irep_idt>& _needed_methods,
-    std::set<irep_idt>& _needed_classes,
-    const class_hierarchyt& _ch):
+    std::vector<irep_idt> *_needed_methods,
+    std::set<irep_idt> *_needed_classes):
     messaget(_message_handler),
     symbol_table(_symbol_table),
     disable_runtime_checks(_disable_runtime_checks),
     max_array_length(_max_array_length),
     needed_methods(_needed_methods),
-    needed_classes(_needed_classes),
-    class_hierarchy(_ch)
+    needed_classes(_needed_classes)
   {
   }
 
@@ -60,9 +57,8 @@ class java_bytecode_convert_methodt:public messaget
   symbol_tablet &symbol_table;
   const bool disable_runtime_checks;
   const size_t max_array_length;
-  std::vector<irep_idt>& needed_methods;
-  std::set<irep_idt>& needed_classes;
-  const class_hierarchyt& class_hierarchy;
+  std::vector<irep_idt> *needed_methods;
+  std::set<irep_idt> *needed_classes;
 
   irep_idt method_id;
   irep_idt current_method;
diff --git a/src/java_bytecode/java_bytecode_language.cpp b/src/java_bytecode/java_bytecode_language.cpp
index 1655347f627..42c6d0bb9ef 100644
--- a/src/java_bytecode/java_bytecode_language.cpp
+++ b/src/java_bytecode/java_bytecode_language.cpp
@@ -48,6 +48,12 @@ void java_bytecode_languaget::get_language_options(const cmdlinet &cmd)
       std::stoi(cmd.get_value("java-max-input-array-length"));
   if(cmd.isset("java-max-vla-length"))
     max_user_array_length=std::stoi(cmd.get_value("java-max-vla-length"));
+  if(cmd.isset("lazy-methods-context-sensitive"))
+    lazy_methods_mode=LAZY_METHODS_MODE_CONTEXT_SENSITIVE;
+  else if(cmd.isset("lazy-methods"))
+    lazy_methods_mode=LAZY_METHODS_MODE_CONTEXT_INSENSITIVE;
+  else
+    lazy_methods_mode=LAZY_METHODS_MODE_EAGER;
 }
 
 /*******************************************************************\
@@ -352,9 +358,6 @@ bool java_bytecode_languaget::typecheck(
   symbol_tablet &symbol_table,
   const std::string &module)
 {
-  std::map<irep_idt, std::pair<const symbolt*, const java_bytecode_parse_treet::methodt*> >
-    lazy_methods;
-
   // first convert all
   for(java_class_loadert::class_mapt::const_iterator
       c_it=java_class_loader.class_map.begin();
@@ -372,13 +375,30 @@ bool java_bytecode_languaget::typecheck(
          get_message_handler(),
          disable_runtime_checks,
          max_user_array_length,
-         lazy_methods))
+         lazy_methods,
+         lazy_methods_mode))
       return true;
   }
 
-  // Now incrementally elaborate methods that are reachable from this entry point:
+  // Now incrementally elaborate methods that are reachable from this entry point.
+  if(lazy_methods_mode==LAZY_METHODS_MODE_CONTEXT_INSENSITIVE)
+  {
+    if(do_ci_lazy_method_conversion(symbol_table, lazy_methods))
+      return true;
+  }
+
+  // now typecheck all
+  if(java_bytecode_typecheck(
+       symbol_table, get_message_handler()))
+    return true;
+
+  return false;
+}
 
-  // Convert-method will need this to find virtual function targets.
+bool java_bytecode_languaget::do_ci_lazy_method_conversion(
+  symbol_tablet &symbol_table,
+  lazy_methodst &lazy_methods)
+{
   class_hierarchyt ch;
   ch(symbol_table);
 
@@ -432,12 +452,17 @@ bool java_bytecode_languaget::typecheck(
           debug() << "Skip " << mname << eom;
           continue;
         }
-        debug() << "Lazy methods: elaborate " << mname << eom;
+        debug() << "CI lazy methods: elaborate " << mname << eom;
         const auto& parsed_method=findit->second;
-        java_bytecode_convert_method(*parsed_method.first,*parsed_method.second,
-                                     symbol_table,get_message_handler(),
-                                     disable_runtime_checks,max_user_array_length,
-                                     method_worklist2,needed_classes,ch);
+        java_bytecode_convert_method(
+          *parsed_method.first,
+          *parsed_method.second,
+          symbol_table,
+          get_message_handler(),
+          disable_runtime_checks,
+          max_user_array_length,
+          &method_worklist2,
+          &needed_classes);
         gather_virtual_callsites(symbol_table.lookup(mname).value,virtual_callsites);
         any_new_methods=true;
       }
@@ -447,7 +472,7 @@ bool java_bytecode_languaget::typecheck(
     // Given the object types we now know may be created, populate more
     // possible virtual function call targets:
 
-    debug() << "Lazy methods: add virtual method targets (" << virtual_callsites.size() <<
+    debug() << "CI lazy methods: add virtual method targets (" << virtual_callsites.size() <<
       " callsites)" << eom;
 
     for(const auto& callsite : virtual_callsites)
@@ -473,18 +498,33 @@ bool java_bytecode_languaget::typecheck(
     keep_symbols.add(sym.second);
   }
 
-  debug() << "Lazy methods: removed " << symbol_table.symbols.size() - keep_symbols.symbols.size() << " unreachable methods and globals" << eom;
+  debug() << "CI lazy methods: removed " << symbol_table.symbols.size() - keep_symbols.symbols.size() << " unreachable methods and globals" << eom;
 
   symbol_table.swap(keep_symbols);
 
-  // now typecheck all
-  if(java_bytecode_typecheck(
-       symbol_table, get_message_handler()))
-    return true;
-
   return false;
 }
 
+void java_bytecode_languaget::lazy_methods_provided(std::set<irep_idt> &methods) const
+{
+  for(const auto &kv : lazy_methods)
+    methods.insert(kv.first);
+}
+
+void java_bytecode_languaget::convert_lazy_method(
+  const irep_idt &id,
+  symbol_tablet &symtab)
+{
+  const auto &lazy_method_entry=lazy_methods.at(id);
+  java_bytecode_convert_method(
+    *lazy_method_entry.first,
+    *lazy_method_entry.second,
+    symtab,
+    get_message_handler(),
+    disable_runtime_checks,
+    max_user_array_length);
+}
+
 /*******************************************************************\
 
 Function: java_bytecode_languaget::final
diff --git a/src/java_bytecode/java_bytecode_language.h b/src/java_bytecode/java_bytecode_language.h
index 36b28682dca..750b92aa367 100644
--- a/src/java_bytecode/java_bytecode_language.h
+++ b/src/java_bytecode/java_bytecode_language.h
@@ -16,6 +16,16 @@ Author: Daniel Kroening, kroening@kroening.com
 
 #define MAX_NONDET_ARRAY_LENGTH_DEFAULT 5
 
+enum lazy_methods_modet
+{
+  LAZY_METHODS_MODE_EAGER,
+  LAZY_METHODS_MODE_CONTEXT_INSENSITIVE,
+  LAZY_METHODS_MODE_CONTEXT_SENSITIVE
+};
+
+typedef std::map<irep_idt, std::pair<const symbolt*, const java_bytecode_parse_treet::methodt*> >
+  lazy_methodst;
+
 class java_bytecode_languaget:public languaget
 {
 public:
@@ -69,8 +79,13 @@ class java_bytecode_languaget:public languaget
   std::set<std::string> extensions() const override;
 
   void modules_provided(std::set<std::string> &modules) override;
+  virtual void lazy_methods_provided(std::set<irep_idt> &) const override;
+  virtual void convert_lazy_method(
+    const irep_idt &id, symbol_tablet &) override;
 
 protected:
+  bool do_ci_lazy_method_conversion(symbol_tablet &, lazy_methodst &);
+
   irep_idt main_class;
   std::vector<irep_idt> main_jar_classes;
   java_class_loadert java_class_loader;
@@ -83,6 +98,8 @@ class java_bytecode_languaget:public languaget
                                     //  - array size for newarray
   size_t max_nondet_array_length;   // maximal length for non-det array creation
   size_t max_user_array_length;     // max size for user code created arrays
+  lazy_methodst lazy_methods;
+  lazy_methods_modet lazy_methods_mode;
 };
 
 languaget *new_java_bytecode_language();
diff --git a/src/util/language.h b/src/util/language.h
index edd83471cd5..b19615496ec 100644
--- a/src/util/language.h
+++ b/src/util/language.h
@@ -49,6 +49,15 @@ class languaget:public messaget
   virtual void modules_provided(std::set<std::string> &modules)
   { }
 
+  // add lazy functions provided to set
+
+  virtual void lazy_methods_provided(std::set<irep_idt> &methods) const
+  { }
+
+  // populate a lazy method
+  virtual void convert_lazy_method(const irep_idt &id, symbol_tablet &)
+  { }
+
   // final adjustments, e.g., initialization and call to main()
 
   virtual bool final(
diff --git a/src/util/language_file.cpp b/src/util/language_file.cpp
index dffad975c45..5ecbf9b7438 100644
--- a/src/util/language_file.cpp
+++ b/src/util/language_file.cpp
@@ -65,6 +65,13 @@ void language_filet::get_modules()
   language->modules_provided(modules);
 }
 
+void language_filet::convert_lazy_method(
+  const irep_idt &id,
+  symbol_tablet &symtab)
+{
+  language->convert_lazy_method(id, symtab);
+}
+
 /*******************************************************************\
 
 Function: language_filest::show_parse
@@ -190,8 +197,17 @@ bool language_filest::typecheck(symbol_tablet &symbol_table)
       it!=filemap.end(); it++)
   {
     if(it->second.modules.empty())
+    {
       if(it->second.language->typecheck(symbol_table, ""))
         return true;
+      // register lazy methods.
+      // TODO: learn about modules and generalise this
+      // to module-providing languages if required.
+      std::set<irep_idt> lazy_method_ids;
+      it->second.language->lazy_methods_provided(lazy_method_ids);
+      for(const auto &id : lazy_method_ids)
+        lazymethodmap[id]=&it->second;
+    }
   }
 
   // typecheck modules
diff --git a/src/util/language_file.h b/src/util/language_file.h
index 533e8d5240e..b538c24e84f 100644
--- a/src/util/language_file.h
+++ b/src/util/language_file.h
@@ -42,6 +42,10 @@ class language_filet
 
   void get_modules();
 
+  void convert_lazy_method(
+    const irep_idt &id,
+    symbol_tablet &symtab);
+
   language_filet(const language_filet &rhs);
 
   language_filet():language(NULL)
@@ -57,9 +61,15 @@ class language_filest:public messaget
   typedef std::map<std::string, language_filet> filemapt;
   filemapt filemap;
 
+  // Contains pointers into filemapt!
   typedef std::map<std::string, language_modulet> modulemapt;
   modulemapt modulemap;
 
+  // Contains pointers into filemapt!
+  // This is safe-ish as long as this is std::map.
+  typedef std::map<irep_idt, language_filet*> lazymethodmapt;
+  lazymethodmapt lazymethodmap;
+
   void clear_files()
   {
     filemap.clear();
@@ -75,10 +85,23 @@ class language_filest:public messaget
 
   bool interfaces(symbol_tablet &symbol_table);
 
+  bool has_lazy_method(const irep_idt &id)
+  {
+    return lazymethodmap.count(id);
+  }
+
+  void convert_lazy_method(
+    const irep_idt &id,
+    symbol_tablet &symtab)
+  {
+    return lazymethodmap.at(id)->convert_lazy_method(id, symtab);
+  }
+
   void clear()
   {
     filemap.clear();
     modulemap.clear();
+    lazymethodmap.clear();
   }
 
 protected:

From 2f47cba7332a8cc9e7a4eec50ff71b3134b93ea2 Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Mon, 6 Feb 2017 11:18:04 +0000
Subject: [PATCH 031/699] Add CBMC lazy-methods parameter

TODO: move all Java frontend parameters into something defined on
java_bytecode_languaget and have all driver programs gather the
frontends' defined parameters.
---
 src/cbmc/cbmc_parse_options.h | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/cbmc/cbmc_parse_options.h b/src/cbmc/cbmc_parse_options.h
index 87e9beb45d2..adc6e2ee517 100644
--- a/src/cbmc/cbmc_parse_options.h
+++ b/src/cbmc/cbmc_parse_options.h
@@ -56,6 +56,7 @@ class optionst;
   "(graphml-witness):" \
   "(java-max-vla-length):(java-unwind-enum-static)" \
   "(localize-faults)(localize-faults-method):" \
+  "(lazy-methods)" \
   "(fixedbv)(floatbv)(all-claims)(all-properties)" // legacy, and will eventually disappear // NOLINT(whitespace/line_length)
 
 class cbmc_parse_optionst:

From 311806ecbf6b27ece359e76f8e312410dd2205d5 Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Thu, 9 Feb 2017 16:44:27 +0000
Subject: [PATCH 032/699] Document lazy methods

---
 .../java_bytecode_convert_method.cpp          |  19 ++++
 src/java_bytecode/java_bytecode_language.cpp  | 103 ++++++++++++++++++
 2 files changed, 122 insertions(+)

diff --git a/src/java_bytecode/java_bytecode_convert_method.cpp b/src/java_bytecode/java_bytecode_convert_method.cpp
index 6565e91f72e..1cd371c1901 100644
--- a/src/java_bytecode/java_bytecode_convert_method.cpp
+++ b/src/java_bytecode/java_bytecode_convert_method.cpp
@@ -181,6 +181,25 @@ const exprt java_bytecode_convert_methodt::variable(
   }
 }
 
+/*******************************************************************\
+
+Function: java_bytecode_convert_method_lazy
+
+  Inputs: `class_symbol`: class this method belongs to
+          `method_identifier`: fully qualified method name, including
+            type signature (e.g. "x.y.z.f:(I)")
+          `m`: parsed method object to convert
+          `symbol_table`: global symbol table (will be modified)
+
+ Outputs:
+
+ Purpose: This creates a method symbol in the symtab, but doesn't
+          actually perform method conversion just yet. The caller
+          should call java_bytecode_convert_method later to give the
+          symbol/method a body.
+
+\*******************************************************************/
+
 void java_bytecode_convert_method_lazy(
   const symbolt& class_symbol,
   const irep_idt method_identifier,
diff --git a/src/java_bytecode/java_bytecode_language.cpp b/src/java_bytecode/java_bytecode_language.cpp
index 42c6d0bb9ef..310a5ef69dd 100644
--- a/src/java_bytecode/java_bytecode_language.cpp
+++ b/src/java_bytecode/java_bytecode_language.cpp
@@ -179,6 +179,27 @@ bool java_bytecode_languaget::parse(
   return false;
 }
 
+/*******************************************************************\
+
+Function: get_virtual_method_target
+
+  Inputs: `needed_classes`: set of classes that can be instantiated.
+            Any potential callee not in this set will be ignored.
+          `call_basename`: unqualified function name with type
+            signature (e.g. "f:(I)")
+          `classname`: class name that may define or override a
+            function named `call_basename`.
+          `symbol_table`: global symtab
+
+ Outputs: Returns the fully qualified name of `classname`'s definition
+          of `call_basename` if found and `classname` is present in
+          `needed_classes`, or irep_idt() otherwise.
+
+ Purpose: Find a virtual callee, if one is defined and the callee type
+          is known to exist.
+
+\*******************************************************************/
+
 static irep_idt get_virtual_method_target(
   const std::set<irep_idt>& needed_classes,
   const irep_idt& call_basename,
@@ -195,6 +216,27 @@ static irep_idt get_virtual_method_target(
     return irep_idt();
 }
 
+/*******************************************************************\
+
+Function: get_virtual_method_target
+
+  Inputs: `c`: function call whose potential target functions should
+            be determined.
+          `needed_classes`: set of classes that can be instantiated.
+            Any potential callee not in this set will be ignored.
+          `symbol_table`: global symtab
+          `class_hierarchy`: global class hierarchy
+
+ Outputs: Populates `needed_methods` with all possible `c` callees,
+          taking `needed_classes` into account (virtual function
+          overrides defined on classes that are not 'needed' are
+          ignored)
+
+ Purpose: Find possible callees, excluding types that are not known
+          to be instantiated.
+
+\*******************************************************************/
+
 static void get_virtual_method_targets(
   const code_function_callt& c,
   const std::set<irep_idt>& needed_classes,
@@ -262,6 +304,19 @@ static void get_virtual_method_targets(
 
 }
 
+/*******************************************************************\
+
+Function: gather_virtual_callsites
+
+  Inputs: `e`: expression tree to search
+
+ Outputs: Populates `result` with pointers to each function call
+            within e that calls a virtual function.
+
+ Purpose: See output
+
+\*******************************************************************/
+
 static void gather_virtual_callsites(const exprt& e, std::vector<const code_function_callt*>& result)
 {
   if(e.id()!=ID_code)
@@ -275,6 +330,20 @@ static void gather_virtual_callsites(const exprt& e, std::vector<const code_func
       gather_virtual_callsites(*it,result);
 }
 
+/*******************************************************************\
+
+Function: gather_needed_globals
+
+  Inputs: `e`: expression tree to search
+          `symbol_table`: global symtab
+
+ Outputs: Populates `needed` with global variable symbols referenced
+          from `e` or its children.
+
+ Purpose: See output
+
+\*******************************************************************/
+
 static void gather_needed_globals(const exprt& e, const symbol_tablet& symbol_table, symbol_tablet& needed)
 {
   if(e.id()==ID_symbol)
@@ -288,6 +357,23 @@ static void gather_needed_globals(const exprt& e, const symbol_tablet& symbol_ta
       gather_needed_globals(*opit,symbol_table,needed);
 }
 
+/*******************************************************************\
+
+Function: gather_field_types
+
+  Inputs: `class_type`: root of class tree to search
+          `ns`: global namespace
+
+ Outputs: Populates `needed_classes` with all Java reference types
+            reachable starting at `class_type`. For example if
+            `class_type` is `symbol_typet("java::A")` and A has a B
+            field, then `B` (but not `A`) will be added to
+            `needed_classes`.
+
+ Purpose: See output
+
+\*******************************************************************/
+
 static void gather_field_types(
   const typet& class_type,
   const namespacet& ns,
@@ -310,6 +396,23 @@ static void gather_field_types(
   }
 }
 
+/*******************************************************************\
+
+Function: initialise_needed_classes
+
+  Inputs: `entry_points`: list of fully-qualified function names that
+            we should assume are reachable
+          `ns`: global namespace
+          `ch`: global class hierarchy
+
+ Outputs: Populates `needed_classes` with all Java reference types
+            whose references may be passed, directly or indirectly,
+            to any of the functions in `entry_points`.
+
+ Purpose: See output
+
+\*******************************************************************/
+
 static void initialise_needed_classes(
   const std::vector<irep_idt>& entry_points,
   const namespacet& ns,

From 49105209d4d7284b7c0094f0ca6aa34e05f17a02 Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Thu, 9 Feb 2017 16:55:15 +0000
Subject: [PATCH 033/699] Style fixes

---
 .../java_bytecode_convert_method.cpp          |  5 +-
 src/java_bytecode/java_bytecode_language.cpp  | 98 ++++++++++++-------
 src/java_bytecode/java_bytecode_language.h    |  6 +-
 3 files changed, 73 insertions(+), 36 deletions(-)

diff --git a/src/java_bytecode/java_bytecode_convert_method.cpp b/src/java_bytecode/java_bytecode_convert_method.cpp
index 1cd371c1901..79db9de0f03 100644
--- a/src/java_bytecode/java_bytecode_convert_method.cpp
+++ b/src/java_bytecode/java_bytecode_convert_method.cpp
@@ -219,7 +219,7 @@ void java_bytecode_convert_method_lazy(
   {
     method_symbol.pretty_name=id2string(class_symbol.pretty_name)+"."+
                               id2string(class_symbol.base_name)+"()";
-    member_type.set(ID_constructor,true);
+    member_type.set(ID_constructor, true);
   }
   else
     method_symbol.pretty_name=id2string(class_symbol.pretty_name)+"."+
@@ -1171,7 +1171,8 @@ codet java_bytecode_convert_methodt::convert_instructions(
         assert(use_this);
         assert(!call.arguments().empty());
         call.function()=arg0;
-        // Populate needed methods later, once we know what object types can exist.
+        // Populate needed methods later,
+        // once we know what object types can exist.
       }
       else
       {
diff --git a/src/java_bytecode/java_bytecode_language.cpp b/src/java_bytecode/java_bytecode_language.cpp
index 310a5ef69dd..c9f1b1771d2 100644
--- a/src/java_bytecode/java_bytecode_language.cpp
+++ b/src/java_bytecode/java_bytecode_language.cpp
@@ -257,8 +257,12 @@ static void get_virtual_method_targets(
   auto child_classes=class_hierarchy.get_children_trans(call_class);
   for(const auto& child_class : child_classes)
   {
-    auto child_method=get_virtual_method_target(needed_classes,call_basename,
-                                                child_class,symbol_table);
+    auto child_method=
+      get_virtual_method_target(
+        needed_classes,
+        call_basename,
+        child_class,
+        symbol_table);
     if(child_method!=irep_idt())
       needed_methods.push_back(child_method);
   }
@@ -266,8 +270,12 @@ static void get_virtual_method_targets(
   irep_idt parent_class_id=call_class;
   while(1)
   {
-    auto parent_method=get_virtual_method_target(needed_classes,call_basename,
-                                                 parent_class_id,symbol_table);
+    auto parent_method=
+      get_virtual_method_target(
+        needed_classes,
+        call_basename,
+        parent_class_id,
+        symbol_table);
     if(parent_method!=irep_idt())
     {
       needed_methods.push_back(parent_method);
@@ -301,7 +309,6 @@ static void get_virtual_method_targets(
     symbol.mode=ID_java;
     symbol_table.add(symbol);
   }
-
 }
 
 /*******************************************************************\
@@ -317,7 +324,9 @@ Function: gather_virtual_callsites
 
 \*******************************************************************/
 
-static void gather_virtual_callsites(const exprt& e, std::vector<const code_function_callt*>& result)
+static void gather_virtual_callsites(
+  const exprt& e,
+  std::vector<const code_function_callt*>& result)
 {
   if(e.id()!=ID_code)
     return;
@@ -326,8 +335,8 @@ static void gather_virtual_callsites(const exprt& e, std::vector<const code_func
      to_code_function_call(c).function().id()==ID_virtual_function)
     result.push_back(&to_code_function_call(c));
   else
-    forall_operands(it,e)
-      gather_virtual_callsites(*it,result);
+    forall_operands(it, e)
+      gather_virtual_callsites(*it, result);
 }
 
 /*******************************************************************\
@@ -344,7 +353,10 @@ Function: gather_needed_globals
 
 \*******************************************************************/
 
-static void gather_needed_globals(const exprt& e, const symbol_tablet& symbol_table, symbol_tablet& needed)
+static void gather_needed_globals(
+  const exprt& e,
+  const symbol_tablet& symbol_table,
+  symbol_tablet& needed)
 {
   if(e.id()==ID_symbol)
   {
@@ -353,8 +365,8 @@ static void gather_needed_globals(const exprt& e, const symbol_tablet& symbol_ta
       needed.add(sym);
   }
   else
-    forall_operands(opit,e)
-      gather_needed_globals(*opit,symbol_table,needed);
+    forall_operands(opit, e)
+      gather_needed_globals(*opit, symbol_table, needed);
 }
 
 /*******************************************************************\
@@ -383,15 +395,16 @@ static void gather_field_types(
   for(const auto& field : underlying_type.components())
   {
     if(field.type().id()==ID_struct || field.type().id()==ID_symbol)
-      gather_field_types(field.type(),ns,needed_classes);
+      gather_field_types(field.type(), ns, needed_classes);
     else if(field.type().id()==ID_pointer)
     {
       // Skip array primitive pointers, for example:
       if(field.type().subtype().id()!=ID_symbol)
-	continue;
-      const auto& field_classid=to_symbol_type(field.type().subtype()).get_identifier();
+        continue;
+      const auto& field_classid=
+        to_symbol_type(field.type().subtype()).get_identifier();
       if(needed_classes.insert(field_classid).second)
-	gather_field_types(field.type().subtype(),ns,needed_classes);
+        gather_field_types(field.type().subtype(), ns, needed_classes);
     }
   }
 }
@@ -427,12 +440,14 @@ static void initialise_needed_classes(
     {
       if(param.type().id()==ID_pointer)
       {
-        const auto& param_classid=to_symbol_type(param.type().subtype()).get_identifier();
-        std::vector<irep_idt> class_and_parents=ch.get_parents_trans(param_classid);
+        const auto& param_classid=
+          to_symbol_type(param.type().subtype()).get_identifier();
+        std::vector<irep_idt> class_and_parents=
+          ch.get_parents_trans(param_classid);
         class_and_parents.push_back(param_classid);
         for(const auto& classid : class_and_parents)
           needed_classes.insert(classid);
-        gather_field_types(param.type().subtype(),ns,needed_classes);
+        gather_field_types(param.type().subtype(), ns, needed_classes);
       }
     }
   }
@@ -483,7 +498,8 @@ bool java_bytecode_languaget::typecheck(
       return true;
   }
 
-  // Now incrementally elaborate methods that are reachable from this entry point.
+  // Now incrementally elaborate methods
+  // that are reachable from this entry point.
   if(lazy_methods_mode==LAZY_METHODS_MODE_CONTEXT_INSENSITIVE)
   {
     if(do_ci_lazy_method_conversion(symbol_table, lazy_methods))
@@ -508,7 +524,8 @@ bool java_bytecode_languaget::do_ci_lazy_method_conversion(
   std::vector<irep_idt> method_worklist1;
   std::vector<irep_idt> method_worklist2;
 
-  auto main_function=get_main_symbol(symbol_table,main_class,get_message_handler(),true);
+  auto main_function=
+    get_main_symbol(symbol_table, main_class, get_message_handler(), true);
   if(main_function.stop_convert)
   {
     // Failed, mark all functions in the given main class(es) reachable.
@@ -519,7 +536,8 @@ bool java_bytecode_languaget::do_ci_lazy_method_conversion(
       reachable_classes=main_jar_classes;
     for(const auto& classname : reachable_classes)
     {
-      const auto& methods=java_class_loader.class_map.at(classname).parsed_class.methods;
+      const auto& methods=
+        java_class_loader.class_map.at(classname).parsed_class.methods;
       for(const auto& method : methods)
       {
         const irep_idt methodid="java::"+id2string(classname)+"."+
@@ -533,18 +551,22 @@ bool java_bytecode_languaget::do_ci_lazy_method_conversion(
     method_worklist2.push_back(main_function.main_function.name);
 
   std::set<irep_idt> needed_classes;
-  initialise_needed_classes(method_worklist2,namespacet(symbol_table),ch,needed_classes);
+  initialise_needed_classes(
+    method_worklist2,
+    namespacet(symbol_table),
+    ch,
+    needed_classes);
 
   std::set<irep_idt> methods_already_populated;
   std::vector<const code_function_callt*> virtual_callsites;
 
   bool any_new_methods;
-  do {
-
+  do
+  {
     any_new_methods=false;
     while(method_worklist2.size()!=0)
     {
-      std::swap(method_worklist1,method_worklist2);
+      std::swap(method_worklist1, method_worklist2);
       for(const auto& mname : method_worklist1)
       {
         if(!methods_already_populated.insert(mname).second)
@@ -566,7 +588,9 @@ bool java_bytecode_languaget::do_ci_lazy_method_conversion(
           max_user_array_length,
           &method_worklist2,
           &needed_classes);
-        gather_virtual_callsites(symbol_table.lookup(mname).value,virtual_callsites);
+        gather_virtual_callsites(
+          symbol_table.lookup(mname).value,
+          virtual_callsites);
         any_new_methods=true;
       }
       method_worklist1.clear();
@@ -575,14 +599,16 @@ bool java_bytecode_languaget::do_ci_lazy_method_conversion(
     // Given the object types we now know may be created, populate more
     // possible virtual function call targets:
 
-    debug() << "CI lazy methods: add virtual method targets (" << virtual_callsites.size() <<
-      " callsites)" << eom;
+    debug() << "CI lazy methods: add virtual method targets ("
+            << virtual_callsites.size()
+            << " callsites)"
+            << eom;
 
     for(const auto& callsite : virtual_callsites)
     {
       // This will also create a stub if a virtual callsite has no targets.
-      get_virtual_method_targets(*callsite,needed_classes,method_worklist2,
-				 symbol_table,ch);
+      get_virtual_method_targets(*callsite, needed_classes, method_worklist2,
+				 symbol_table, ch);
     }
 
   } while(any_new_methods);
@@ -594,14 +620,20 @@ bool java_bytecode_languaget::do_ci_lazy_method_conversion(
   {
     if(sym.second.is_static_lifetime)
       continue;
-    if(lazy_methods.count(sym.first) && !methods_already_populated.count(sym.first))
+    if(lazy_methods.count(sym.first) &&
+       !methods_already_populated.count(sym.first))
+    {
       continue;
+    }
     if(sym.second.type.id()==ID_code)
-      gather_needed_globals(sym.second.value,symbol_table,keep_symbols);
+      gather_needed_globals(sym.second.value, symbol_table, keep_symbols);
     keep_symbols.add(sym.second);
   }
 
-  debug() << "CI lazy methods: removed " << symbol_table.symbols.size() - keep_symbols.symbols.size() << " unreachable methods and globals" << eom;
+  debug() << "CI lazy methods: removed "
+          << symbol_table.symbols.size() - keep_symbols.symbols.size()
+          << " unreachable methods and globals"
+          << eom;
 
   symbol_table.swap(keep_symbols);
 
diff --git a/src/java_bytecode/java_bytecode_language.h b/src/java_bytecode/java_bytecode_language.h
index 750b92aa367..afdd275ddf6 100644
--- a/src/java_bytecode/java_bytecode_language.h
+++ b/src/java_bytecode/java_bytecode_language.h
@@ -23,7 +23,11 @@ enum lazy_methods_modet
   LAZY_METHODS_MODE_CONTEXT_SENSITIVE
 };
 
-typedef std::map<irep_idt, std::pair<const symbolt*, const java_bytecode_parse_treet::methodt*> >
+typedef std::pair<
+          const symbolt*,
+          const java_bytecode_parse_treet::methodt*>
+  lazy_method_valuet;
+typedef std::map<irep_idt, lazy_method_valuet>
   lazy_methodst;
 
 class java_bytecode_languaget:public languaget

From 9474d563dc07b8fe2763ef72431e4696fa81921b Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Thu, 9 Feb 2017 17:08:15 +0000
Subject: [PATCH 034/699] Add lazy loading tests

---
 regression/cbmc-java/lazyloading1/A.class    | Bin 0 -> 222 bytes
 regression/cbmc-java/lazyloading1/B.class    | Bin 0 -> 222 bytes
 regression/cbmc-java/lazyloading1/test.class | Bin 0 -> 292 bytes
 regression/cbmc-java/lazyloading1/test.desc  |   8 +++++
 regression/cbmc-java/lazyloading1/test.java  |  21 +++++++++++++
 regression/cbmc-java/lazyloading2/A.class    | Bin 0 -> 222 bytes
 regression/cbmc-java/lazyloading2/B.class    | Bin 0 -> 222 bytes
 regression/cbmc-java/lazyloading2/test.class | Bin 0 -> 310 bytes
 regression/cbmc-java/lazyloading2/test.desc  |   8 +++++
 regression/cbmc-java/lazyloading2/test.java  |  23 ++++++++++++++
 regression/cbmc-java/lazyloading3/A.class    | Bin 0 -> 222 bytes
 regression/cbmc-java/lazyloading3/B.class    | Bin 0 -> 222 bytes
 regression/cbmc-java/lazyloading3/C.class    | Bin 0 -> 197 bytes
 regression/cbmc-java/lazyloading3/D.class    | Bin 0 -> 197 bytes
 regression/cbmc-java/lazyloading3/test.class | Bin 0 -> 296 bytes
 regression/cbmc-java/lazyloading3/test.desc  |   8 +++++
 regression/cbmc-java/lazyloading3/test.java  |  30 +++++++++++++++++++
 17 files changed, 98 insertions(+)
 create mode 100644 regression/cbmc-java/lazyloading1/A.class
 create mode 100644 regression/cbmc-java/lazyloading1/B.class
 create mode 100644 regression/cbmc-java/lazyloading1/test.class
 create mode 100644 regression/cbmc-java/lazyloading1/test.desc
 create mode 100644 regression/cbmc-java/lazyloading1/test.java
 create mode 100644 regression/cbmc-java/lazyloading2/A.class
 create mode 100644 regression/cbmc-java/lazyloading2/B.class
 create mode 100644 regression/cbmc-java/lazyloading2/test.class
 create mode 100644 regression/cbmc-java/lazyloading2/test.desc
 create mode 100644 regression/cbmc-java/lazyloading2/test.java
 create mode 100644 regression/cbmc-java/lazyloading3/A.class
 create mode 100644 regression/cbmc-java/lazyloading3/B.class
 create mode 100644 regression/cbmc-java/lazyloading3/C.class
 create mode 100644 regression/cbmc-java/lazyloading3/D.class
 create mode 100644 regression/cbmc-java/lazyloading3/test.class
 create mode 100644 regression/cbmc-java/lazyloading3/test.desc
 create mode 100644 regression/cbmc-java/lazyloading3/test.java

diff --git a/regression/cbmc-java/lazyloading1/A.class b/regression/cbmc-java/lazyloading1/A.class
new file mode 100644
index 0000000000000000000000000000000000000000..d6a62ca1ce465a6ae3fc35f9fa702cfa834ca298
GIT binary patch
literal 222
zcmZXNy9&ZU5Jm6gVa!WyEd)!oFpZ@MB3OwQihUAS*$@+m8~@8nu<!%?C~?-p#tZYh
zbKt(-k0*c$S{_XJ4gv=up)r+(R5OA(814zyqC5yfdnF68uFr|6c5#xkLq~$QE$b>3
zOQ{W4iHjO%@ih)$!DeDk=;%Aj<Kh%;l1!uueHa|4WpFVF&g8AflX%*rJLtv>!QtNc
Vnm$}Ke`uF|tv@Ve*yV=-?*m^<AB_M2

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/lazyloading1/B.class b/regression/cbmc-java/lazyloading1/B.class
new file mode 100644
index 0000000000000000000000000000000000000000..2d693bf738367477fe16da51db4dec08a581e59c
GIT binary patch
literal 222
zcmZXNKM%oB6vfZ&AJr-vn?Yj4po>uqBqm`X_Sbr8+Ekm=tM6r!7<>R9O5A6#ILZBY
z?k_p7_u~m*hK>glEeF1XHlZ<3i&QNL=4gB*SgZ0R3EfRv$ZdU&WOWcx&JHC6Z(r6`
zEZ3<vTqQ4Rnu)9MVZml%NeJ{E=AuZ#U6jdKVF-icv<xl=!I``bcoI*0atGabAvoL{
WUo(J<<`3<&ul0xZ7<Tz#!21AUmmiq`

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/lazyloading1/test.class b/regression/cbmc-java/lazyloading1/test.class
new file mode 100644
index 0000000000000000000000000000000000000000..25d52a223f41c30a681dc502adc2d06a8a374b63
GIT binary patch
literal 292
zcmYLDyKVw85S%@ZGnh+w<xxd~E=ds@IuH^dQ6VUT());sjNp*S!GEP9N|6uXqfo{a
z!P3so&Wyc2o_>A-v~jNyqM}hnO`)!EBM>9Vjr$$4#Ipfe)OD%LdK@30-UQ)r^KJ#@
zu}ke_w@&PKW|9?^aBW;F(65`_c5X+`YsJidW-m*#H!+IP3b!%tpc(dtpyI98%A_By
zX|l9)O44U7&_s^E0|Hha5fM-*5CiaCXkv-e1G}*2pAV2P5<yIi&Y}-q{YM+r{RzJj
ST$1{{LUCPzcdqFNDE|Sp3MUQ#

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/lazyloading1/test.desc b/regression/cbmc-java/lazyloading1/test.desc
new file mode 100644
index 00000000000..c0011248128
--- /dev/null
+++ b/regression/cbmc-java/lazyloading1/test.desc
@@ -0,0 +1,8 @@
+CORE
+test.class
+--lazy-methods --verbosity 10 --function test.main
+^EXIT=0$
+^SIGNAL=0$
+elaborate java::A\.f:\(\)V
+--
+elaborate java::B\.g:\(\)V
diff --git a/regression/cbmc-java/lazyloading1/test.java b/regression/cbmc-java/lazyloading1/test.java
new file mode 100644
index 00000000000..e0686d8c4d0
--- /dev/null
+++ b/regression/cbmc-java/lazyloading1/test.java
@@ -0,0 +1,21 @@
+// The most basic lazy loading test: A::f is directly called, B::g should be unreachable
+
+public class test
+{
+  A a;
+  B b;
+  public static void main()
+  {
+    A.f();
+  }
+}
+
+class A
+{
+  public static void f() {}
+}
+
+class B
+{
+  public static void g() {}
+}
diff --git a/regression/cbmc-java/lazyloading2/A.class b/regression/cbmc-java/lazyloading2/A.class
new file mode 100644
index 0000000000000000000000000000000000000000..6d789cdb6ecd7eebc69f4b7549dc0db81d59251c
GIT binary patch
literal 222
zcmX^0Z`VEs1_l!bJ}w4k25xo+9(D#^Mg}&U%)HDJJ4Oa(4b3n{1{UZ1lvG9rexJ;|
zRKL>Pq|~C2#H1Xc2xA%}16Oc<X;E^jTP8?=vm~{+L@z6`ERlzSg@F~Q!jX|d0L0hN
zNz6;v_fN`7O)g<jU|<4T2Len$3{=Pfv=hjZ1=5T_npJB%1LH;@gOPz9NV0(id4MDb
WT&W~j7N`PU86Qv?Cs2}!feQd$DIbUc

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/lazyloading2/B.class b/regression/cbmc-java/lazyloading2/B.class
new file mode 100644
index 0000000000000000000000000000000000000000..d9cf49c418f8a91469560a73d59cba79a82c0b6a
GIT binary patch
literal 222
zcmX^0Z`VEs1_l!bJ}w4k25xo+9(D#^Mg}&U%)HDJJ4Oa(4b3n{1{UZ1lvG9rexJ;|
zRKL>Pq|~C2#H1Xc2xB@U16Oc<X;E^jTP8?=vm~{+L@z6`ERlzSg@F~Q!ikYV0L0hN
zNz6;v_fN`7O)g<jU|<4T2Len$3{=Pfv=hjZ1=5T_npJB%1LH;@gOPz9NV0(i1%V_7
WT&W~j7N`PUnJ`cpCs2}!feQd&bRU!e

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/lazyloading2/test.class b/regression/cbmc-java/lazyloading2/test.class
new file mode 100644
index 0000000000000000000000000000000000000000..054809ef0f6773883b6e9227c98579f1d1928050
GIT binary patch
literal 310
zcmYL@y-veG5QM+A9XmG858=0=po2&x4IKz6Akh#(0YaiYhXY-dI8tzUFB&3&!~^h9
zh`kih%+Aj4%<lKk#}{zSZbnQeVIw1;<6$#lD`8s@BZR}jiL%18b7k?VD_wP_?ZM%_
z5M9h3t<V~}(q1p7g`MA-VxmekHLeu0+u341vX{<lX=Puk-q^gFoHcTd9pvnI68VYH
z_Ot%Pl+XQ}Vr)k$$rJn3^hNYDNT@49N~RbfK1i{l-JVv_TI(*6Hzh(-F<yy!oz~y#
h(aH*qPlAUf;Z^sY=-<*LRHMIDS4*k^ZS4cre*yT|Darr<

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/lazyloading2/test.desc b/regression/cbmc-java/lazyloading2/test.desc
new file mode 100644
index 00000000000..c0011248128
--- /dev/null
+++ b/regression/cbmc-java/lazyloading2/test.desc
@@ -0,0 +1,8 @@
+CORE
+test.class
+--lazy-methods --verbosity 10 --function test.main
+^EXIT=0$
+^SIGNAL=0$
+elaborate java::A\.f:\(\)V
+--
+elaborate java::B\.g:\(\)V
diff --git a/regression/cbmc-java/lazyloading2/test.java b/regression/cbmc-java/lazyloading2/test.java
new file mode 100644
index 00000000000..b53bae71fa4
--- /dev/null
+++ b/regression/cbmc-java/lazyloading2/test.java
@@ -0,0 +1,23 @@
+// This test checks that because A is instantiated in main and B is not,
+// A::f is reachable and B::g is not
+
+public class test
+{
+  A a;
+  B b;
+  public static void main()
+  {
+    A a = new A();
+    a.f();
+  }
+}
+
+class A
+{
+  public void f() {}
+}
+
+class B
+{
+  public void g() {}
+}
diff --git a/regression/cbmc-java/lazyloading3/A.class b/regression/cbmc-java/lazyloading3/A.class
new file mode 100644
index 0000000000000000000000000000000000000000..affb565d6253a844a8381a1df84e84414972ecbb
GIT binary patch
literal 222
zcmX^0Z`VEs1_l!bJ}w4k25xo+9(D#^Mg}&U%)HDJJ4Oa(4b3n{1{UZ1lvG9rexJ;|
zRKL>Pq|~C2#H1Xc2xA%}16Oc<X;E^jTP8?=vm~{+L@z6`ERlzSg@F~Q!jX|d0L0hN
zNz6;v_fN`7O)g<jU|<4T2Len$3{=Pfv=hjZ1=5T_npJB%1LH;@gOPz9NV0(iIe{bx
WT&W~j7N`PU88=WFCs2}!feQd#avy>K

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/lazyloading3/B.class b/regression/cbmc-java/lazyloading3/B.class
new file mode 100644
index 0000000000000000000000000000000000000000..9a4ab54d369d7175755e23dfabef5f15440bf383
GIT binary patch
literal 222
zcmX^0Z`VEs1_l!bJ}w4k25xo+9(D#^Mg}&U%)HDJJ4Oa(4b3n{1{UZ1lvG9rexJ;|
zRKL>Pq|~C2#H1Xc2xB@U16Oc<X;E^jTP8?=vm~{+L@z6`ERlzSg@F~Q!ikYV0L0hN
zNz6;v_fN`7O)g<jU|<4T2Len$3{=Pfv=hjZ1=5T_npJB%1LH;@gOPz9NV0(i`G6z`
WT&W~j7N`PUnE+53Cs2}!feQd%y&sMM

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/lazyloading3/C.class b/regression/cbmc-java/lazyloading3/C.class
new file mode 100644
index 0000000000000000000000000000000000000000..c249e24ace4a12e0b1c5dfbc380fe40854978520
GIT binary patch
literal 197
zcmXYqy$Zrm424hnYiqTFv*4%>c5zb#DL54!6!+VDk(Sy*z4g7E1P33$hZ57`kdu7p
zkmU1yy#XxXyU^j;=-KEKND%aBvm{unv`E#OaWXv-jIcaQf*+-Y+|}1uR!0%%?6`-r
zt`fOT8*r4osd*;u!h;2y?}dax!$B^JOR$eKnJA2*@l$}f44D6k7ue}Ajkq_NIeUU0
PZS1gGtvO_MnKX2N4w)Zy

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/lazyloading3/D.class b/regression/cbmc-java/lazyloading3/D.class
new file mode 100644
index 0000000000000000000000000000000000000000..7e16bd6527d6835776fcc14eb5132a4d94fcf1b2
GIT binary patch
literal 197
zcmX^0Z`VEs1_l!bel7-P1|D_>UUmjPMh3<tMh0ddCu>FqHk-`6%n~~wS3@(5k%7fI
zKP8osf!`-HFV(L!Hz~C!Brz!mD8dz-Us{x$>Xr%OaF(PNm*{0BmL>8quraU$&2wR7
z5CHM@a}x8?_5G8wQj<#<6d0I*mNGCf0x=5%E0hJ)02JW>@??QDNRCx&I|JiJurw!-
QWCIII07)(&kBNaB01$#7eE<Le

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/lazyloading3/test.class b/regression/cbmc-java/lazyloading3/test.class
new file mode 100644
index 0000000000000000000000000000000000000000..8e470f64650c394fae68686cee7e05468b91d3aa
GIT binary patch
literal 296
zcmYL@F;4<P5QX0!$1SX<ARwrTg^2}FNMnaFA(v2Hpn%Zt;cAw^k>KI~GBKD~_yhb=
z#y2)@GV|WfelxS*Kc8O!?r>>P#z_@5)D2G2&}eG36ry{d`{F^N)a@-4!esmC6l$r@
z-DJPX+-`2OH7nu9`kZ(-O@;!R*>=BMy0MqXYT;gr+m(H_F(PP<vlwl3G|ppOK(ku_
zg}NYvwauRg(`@CIEUAQHxjr2Y=|+qvTqERf<pkhPXyyuUS5!qU_dlTCXt<g=`YVbz
dIHDKyhAL>K|Bm2*(m!oDlp{D)`eOP3$G;8oD9r!>

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/lazyloading3/test.desc b/regression/cbmc-java/lazyloading3/test.desc
new file mode 100644
index 00000000000..c0011248128
--- /dev/null
+++ b/regression/cbmc-java/lazyloading3/test.desc
@@ -0,0 +1,8 @@
+CORE
+test.class
+--lazy-methods --verbosity 10 --function test.main
+^EXIT=0$
+^SIGNAL=0$
+elaborate java::A\.f:\(\)V
+--
+elaborate java::B\.g:\(\)V
diff --git a/regression/cbmc-java/lazyloading3/test.java b/regression/cbmc-java/lazyloading3/test.java
new file mode 100644
index 00000000000..6d3129d1261
--- /dev/null
+++ b/regression/cbmc-java/lazyloading3/test.java
@@ -0,0 +1,30 @@
+// This test checks that because `main` has a parameter of type C, which has a field of type A,
+// A::f is considered reachable, but B::g is not.
+
+public class test
+{
+  public static void main(C c)
+  {
+    c.a.f();
+  }
+}
+
+class A
+{
+  public void f() {}
+}
+
+class B
+{
+  public void g() {}
+}
+
+class C
+{
+  A a;
+}
+
+class D
+{
+  B b;
+}

From 5c5bd7a43a0033999fc95efe62fed3fa9e561469 Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Mon, 13 Feb 2017 11:08:22 +0000
Subject: [PATCH 035/699] Improve code style

No functional changes intended
---
 src/goto-cc/compile.cpp                       |  6 +-
 src/goto-programs/get_goto_model.cpp          |  4 +-
 .../java_bytecode_convert_class.cpp           |  4 +-
 .../java_bytecode_convert_method.cpp          | 16 +--
 .../java_bytecode_convert_method.h            |  2 +-
 src/java_bytecode/java_bytecode_language.cpp  | 98 +++++++++----------
 src/java_bytecode/java_entry_point.h          |  2 +-
 src/langapi/language_ui.cpp                   |  4 +-
 src/util/language_file.cpp                    | 46 ++++-----
 src/util/language_file.h                      | 33 ++++---
 10 files changed, 110 insertions(+), 105 deletions(-)

diff --git a/src/goto-cc/compile.cpp b/src/goto-cc/compile.cpp
index f900b9824a7..04d50e76f82 100644
--- a/src/goto-cc/compile.cpp
+++ b/src/goto-cc/compile.cpp
@@ -544,8 +544,8 @@ bool compilet::parse(const std::string &file_name)
 
   language_filet language_file;
 
-  std::pair<language_filest::filemapt::iterator, bool>
-  res=language_files.filemap.insert(
+  std::pair<language_filest::file_mapt::iterator, bool>
+  res=language_files.file_map.insert(
     std::pair<std::string, language_filet>(file_name, language_file));
 
   language_filet &lf=res.first->second;
@@ -736,7 +736,7 @@ bool compilet::parse_source(const std::string &file_name)
     return true;
 
   // so we remove it from the list afterwards
-  language_files.filemap.erase(file_name);
+  language_files.file_map.erase(file_name);
   return false;
 }
 
diff --git a/src/goto-programs/get_goto_model.cpp b/src/goto-programs/get_goto_model.cpp
index 5afef435596..02aae876030 100644
--- a/src/goto-programs/get_goto_model.cpp
+++ b/src/goto-programs/get_goto_model.cpp
@@ -75,8 +75,8 @@ bool get_goto_modelt::operator()(const std::vector<std::string> &files)
           return true;
         }
 
-        std::pair<language_filest::filemapt::iterator, bool>
-          result=language_files.filemap.insert(
+        std::pair<language_filest::file_mapt::iterator, bool>
+          result=language_files.file_map.insert(
             std::pair<std::string, language_filet>(filename, language_filet()));
 
         language_filet &lf=result.first->second;
diff --git a/src/java_bytecode/java_bytecode_convert_class.cpp b/src/java_bytecode/java_bytecode_convert_class.cpp
index eb642baa846..440b0ce32cf 100644
--- a/src/java_bytecode/java_bytecode_convert_class.cpp
+++ b/src/java_bytecode/java_bytecode_convert_class.cpp
@@ -29,13 +29,13 @@ class java_bytecode_convert_classt:public messaget
     message_handlert &_message_handler,
     bool _disable_runtime_checks,
     size_t _max_array_length,
-    lazy_methodst& _lm,
+    lazy_methodst& _lazy_methods,
     lazy_methods_modet _lazy_methods_mode):
     messaget(_message_handler),
     symbol_table(_symbol_table),
     disable_runtime_checks(_disable_runtime_checks),
     max_array_length(_max_array_length),
-    lazy_methods(_lm),
+    lazy_methods(_lazy_methods),
     lazy_methods_mode(_lazy_methods_mode)
   {
   }
diff --git a/src/java_bytecode/java_bytecode_convert_method.cpp b/src/java_bytecode/java_bytecode_convert_method.cpp
index 79db9de0f03..bc12fc77617 100644
--- a/src/java_bytecode/java_bytecode_convert_method.cpp
+++ b/src/java_bytecode/java_bytecode_convert_method.cpp
@@ -201,10 +201,10 @@ Function: java_bytecode_convert_method_lazy
 \*******************************************************************/
 
 void java_bytecode_convert_method_lazy(
-  const symbolt& class_symbol,
-  const irep_idt method_identifier,
+  const symbolt &class_symbol,
+  const irep_idt &method_identifier,
   const java_bytecode_parse_treet::methodt &m,
-  symbol_tablet& symbol_table)
+  symbol_tablet &symbol_table)
 {
   symbolt method_symbol;
   typet member_type=java_type_from_string(m.signature);
@@ -217,12 +217,14 @@ void java_bytecode_convert_method_lazy(
 
   if(method_symbol.base_name=="<init>")
   {
-    method_symbol.pretty_name=id2string(class_symbol.pretty_name)+"."+
-                              id2string(class_symbol.base_name)+"()";
+    method_symbol.pretty_name=
+      id2string(class_symbol.pretty_name)+"."+
+      id2string(class_symbol.base_name)+"()";
     member_type.set(ID_constructor, true);
   }
   else
-    method_symbol.pretty_name=id2string(class_symbol.pretty_name)+"."+
+    method_symbol.pretty_name=
+      id2string(class_symbol.pretty_name)+"."+
       id2string(m.base_name)+"()";
 
   // do we need to add 'this' as a parameter?
@@ -261,7 +263,7 @@ void java_bytecode_convert_methodt::convert(
     id2string(class_symbol.name)+"."+id2string(m.name)+":"+m.signature;
   method_id=method_identifier;
 
-  const auto& old_sym=symbol_table.lookup(method_identifier);
+  const auto &old_sym=symbol_table.lookup(method_identifier);
 
   typet member_type=old_sym.type;
   code_typet &code_type=to_code_type(member_type);
diff --git a/src/java_bytecode/java_bytecode_convert_method.h b/src/java_bytecode/java_bytecode_convert_method.h
index 145c7a5cc91..68b0dd4e0a8 100644
--- a/src/java_bytecode/java_bytecode_convert_method.h
+++ b/src/java_bytecode/java_bytecode_convert_method.h
@@ -48,7 +48,7 @@ inline void java_bytecode_convert_method(
 
 void java_bytecode_convert_method_lazy(
   const symbolt &class_symbol,
-  const irep_idt method_identifier,
+  const irep_idt &method_identifier,
   const java_bytecode_parse_treet::methodt &,
   symbol_tablet &symbol_table);
 
diff --git a/src/java_bytecode/java_bytecode_language.cpp b/src/java_bytecode/java_bytecode_language.cpp
index c9f1b1771d2..4512ec97709 100644
--- a/src/java_bytecode/java_bytecode_language.cpp
+++ b/src/java_bytecode/java_bytecode_language.cpp
@@ -156,7 +156,7 @@ bool java_bytecode_languaget::parse(
     {
       status() << "JAR file without entry point: loading it all" << eom;
       java_class_loader.load_entire_jar(path);
-      for(const auto& kv : java_class_loader.jar_map.at(path).entries)
+      for(const auto &kv : java_class_loader.jar_map.at(path).entries)
         main_jar_classes.push_back(kv.first);
     }
     else
@@ -201,10 +201,10 @@ Function: get_virtual_method_target
 \*******************************************************************/
 
 static irep_idt get_virtual_method_target(
-  const std::set<irep_idt>& needed_classes,
-  const irep_idt& call_basename,
-  const irep_idt& classname,
-  const symbol_tablet& symbol_table)
+  const std::set<irep_idt> &needed_classes,
+  const irep_idt &call_basename,
+  const irep_idt &classname,
+  const symbol_tablet &symbol_table)
 {
   // Program-wide, is this class ever instantiated?
   if(!needed_classes.count(classname))
@@ -238,24 +238,24 @@ Function: get_virtual_method_target
 \*******************************************************************/
 
 static void get_virtual_method_targets(
-  const code_function_callt& c,
-  const std::set<irep_idt>& needed_classes,
-  std::vector<irep_idt>& needed_methods,
-  symbol_tablet& symbol_table,
-  const class_hierarchyt& class_hierarchy)
+  const code_function_callt &c,
+  const std::set<irep_idt> &needed_classes,
+  std::vector<irep_idt> &needed_methods,
+  symbol_tablet &symbol_table,
+  const class_hierarchyt &class_hierarchy)
 {
-  const auto& called_function=c.function();
+  const auto &called_function=c.function();
   assert(called_function.id()==ID_virtual_function);
 
-  const auto& call_class=called_function.get(ID_C_class);
+  const auto &call_class=called_function.get(ID_C_class);
   assert(call_class!=irep_idt());
-  const auto& call_basename=called_function.get(ID_component_name);
+  const auto &call_basename=called_function.get(ID_component_name);
   assert(call_basename!=irep_idt());
 
   auto old_size=needed_methods.size();
 
   auto child_classes=class_hierarchy.get_children_trans(call_class);
-  for(const auto& child_class : child_classes)
+  for(const auto &child_class : child_classes)
   {
     auto child_method=
       get_virtual_method_target(
@@ -288,8 +288,8 @@ static void get_virtual_method_targets(
         break;
       else
       {
-        const auto& entry=findit->second;
-        if(entry.parents.size()==0)
+        const auto &entry=findit->second;
+        if(entry.parents.empty())
           break;
         else
           parent_class_id=entry.parents[0];
@@ -325,12 +325,12 @@ Function: gather_virtual_callsites
 \*******************************************************************/
 
 static void gather_virtual_callsites(
-  const exprt& e,
-  std::vector<const code_function_callt*>& result)
+  const exprt &e,
+  std::vector<const code_function_callt *> &result)
 {
   if(e.id()!=ID_code)
     return;
-  const codet& c=to_code(e);
+  const codet &c=to_code(e);
   if(c.get_statement()==ID_function_call &&
      to_code_function_call(c).function().id()==ID_virtual_function)
     result.push_back(&to_code_function_call(c));
@@ -354,13 +354,13 @@ Function: gather_needed_globals
 \*******************************************************************/
 
 static void gather_needed_globals(
-  const exprt& e,
-  const symbol_tablet& symbol_table,
-  symbol_tablet& needed)
+  const exprt &e,
+  const symbol_tablet &symbol_table,
+  symbol_tablet &needed)
 {
   if(e.id()==ID_symbol)
   {
-    const auto& sym=symbol_table.lookup(to_symbol_expr(e).get_identifier());
+    const auto &sym=symbol_table.lookup(to_symbol_expr(e).get_identifier());
     if(sym.is_static_lifetime)
       needed.add(sym);
   }
@@ -387,12 +387,12 @@ Function: gather_field_types
 \*******************************************************************/
 
 static void gather_field_types(
-  const typet& class_type,
-  const namespacet& ns,
-  std::set<irep_idt>& needed_classes)
+  const typet &class_type,
+  const namespacet &ns,
+  std::set<irep_idt> &needed_classes)
 {
-  const auto& underlying_type=to_struct_type(ns.follow(class_type));
-  for(const auto& field : underlying_type.components())
+  const auto &underlying_type=to_struct_type(ns.follow(class_type));
+  for(const auto &field : underlying_type.components())
   {
     if(field.type().id()==ID_struct || field.type().id()==ID_symbol)
       gather_field_types(field.type(), ns, needed_classes);
@@ -401,7 +401,7 @@ static void gather_field_types(
       // Skip array primitive pointers, for example:
       if(field.type().subtype().id()!=ID_symbol)
         continue;
-      const auto& field_classid=
+      const auto &field_classid=
         to_symbol_type(field.type().subtype()).get_identifier();
       if(needed_classes.insert(field_classid).second)
         gather_field_types(field.type().subtype(), ns, needed_classes);
@@ -411,7 +411,7 @@ static void gather_field_types(
 
 /*******************************************************************\
 
-Function: initialise_needed_classes
+Function: initialize_needed_classes
 
   Inputs: `entry_points`: list of fully-qualified function names that
             we should assume are reachable
@@ -426,26 +426,26 @@ Function: initialise_needed_classes
 
 \*******************************************************************/
 
-static void initialise_needed_classes(
-  const std::vector<irep_idt>& entry_points,
-  const namespacet& ns,
-  const class_hierarchyt& ch,
-  std::set<irep_idt>& needed_classes)
+static void initialize_needed_classes(
+  const std::vector<irep_idt> &entry_points,
+  const namespacet &ns,
+  const class_hierarchyt &ch,
+  std::set<irep_idt> &needed_classes)
 {
-  for(const auto& mname : entry_points)
+  for(const auto &mname : entry_points)
   {
-    const auto& symbol=ns.lookup(mname);
-    const auto& mtype=to_code_type(symbol.type);
-    for(const auto& param : mtype.parameters())
+    const auto &symbol=ns.lookup(mname);
+    const auto &mtype=to_code_type(symbol.type);
+    for(const auto &param : mtype.parameters())
     {
       if(param.type().id()==ID_pointer)
       {
-        const auto& param_classid=
+        const auto &param_classid=
           to_symbol_type(param.type().subtype()).get_identifier();
         std::vector<irep_idt> class_and_parents=
           ch.get_parents_trans(param_classid);
         class_and_parents.push_back(param_classid);
-        for(const auto& classid : class_and_parents)
+        for(const auto &classid : class_and_parents)
           needed_classes.insert(classid);
         gather_field_types(param.type().subtype(), ns, needed_classes);
       }
@@ -534,11 +534,11 @@ bool java_bytecode_languaget::do_ci_lazy_method_conversion(
       reachable_classes.push_back(main_class);
     else
       reachable_classes=main_jar_classes;
-    for(const auto& classname : reachable_classes)
+    for(const auto &classname : reachable_classes)
     {
-      const auto& methods=
+      const auto &methods=
         java_class_loader.class_map.at(classname).parsed_class.methods;
-      for(const auto& method : methods)
+      for(const auto &method : methods)
       {
         const irep_idt methodid="java::"+id2string(classname)+"."+
           id2string(method.name)+":"+
@@ -551,7 +551,7 @@ bool java_bytecode_languaget::do_ci_lazy_method_conversion(
     method_worklist2.push_back(main_function.main_function.name);
 
   std::set<irep_idt> needed_classes;
-  initialise_needed_classes(
+  initialize_needed_classes(
     method_worklist2,
     namespacet(symbol_table),
     ch,
@@ -567,7 +567,7 @@ bool java_bytecode_languaget::do_ci_lazy_method_conversion(
     while(method_worklist2.size()!=0)
     {
       std::swap(method_worklist1, method_worklist2);
-      for(const auto& mname : method_worklist1)
+      for(const auto &mname : method_worklist1)
       {
         if(!methods_already_populated.insert(mname).second)
           continue;
@@ -578,7 +578,7 @@ bool java_bytecode_languaget::do_ci_lazy_method_conversion(
           continue;
         }
         debug() << "CI lazy methods: elaborate " << mname << eom;
-        const auto& parsed_method=findit->second;
+        const auto &parsed_method=findit->second;
         java_bytecode_convert_method(
           *parsed_method.first,
           *parsed_method.second,
@@ -604,7 +604,7 @@ bool java_bytecode_languaget::do_ci_lazy_method_conversion(
             << " callsites)"
             << eom;
 
-    for(const auto& callsite : virtual_callsites)
+    for(const auto &callsite : virtual_callsites)
     {
       // This will also create a stub if a virtual callsite has no targets.
       get_virtual_method_targets(*callsite, needed_classes, method_worklist2,
@@ -616,7 +616,7 @@ bool java_bytecode_languaget::do_ci_lazy_method_conversion(
   // Remove symbols for methods that were declared but never used:
   symbol_tablet keep_symbols;
 
-  for(const auto& sym : symbol_table.symbols)
+  for(const auto &sym : symbol_table.symbols)
   {
     if(sym.second.is_static_lifetime)
       continue;
diff --git a/src/java_bytecode/java_entry_point.h b/src/java_bytecode/java_entry_point.h
index 82071aa26b1..e6575734d80 100644
--- a/src/java_bytecode/java_entry_point.h
+++ b/src/java_bytecode/java_entry_point.h
@@ -29,6 +29,6 @@ main_function_resultt get_main_symbol(
   symbol_tablet &symbol_table,
   const irep_idt &main_class,
   message_handlert &,
-  bool allow_no_body = false);
+  bool allow_no_body=false);
 
 #endif // CPROVER_JAVA_BYTECODE_JAVA_ENTRY_POINT_H
diff --git a/src/langapi/language_ui.cpp b/src/langapi/language_ui.cpp
index 8640d735631..95b5d104a4f 100644
--- a/src/langapi/language_ui.cpp
+++ b/src/langapi/language_ui.cpp
@@ -104,8 +104,8 @@ bool language_uit::parse(const std::string &filename)
     return true;
   }
 
-  std::pair<language_filest::filemapt::iterator, bool>
-    result=language_files.filemap.insert(
+  std::pair<language_filest::file_mapt::iterator, bool>
+    result=language_files.file_map.insert(
       std::pair<std::string, language_filet>(filename, language_filet()));
 
   language_filet &lf=result.first->second;
diff --git a/src/util/language_file.cpp b/src/util/language_file.cpp
index 5ecbf9b7438..46f51564b54 100644
--- a/src/util/language_file.cpp
+++ b/src/util/language_file.cpp
@@ -67,9 +67,9 @@ void language_filet::get_modules()
 
 void language_filet::convert_lazy_method(
   const irep_idt &id,
-  symbol_tablet &symtab)
+  symbol_tablet &symbol_table)
 {
-  language->convert_lazy_method(id, symtab);
+  language->convert_lazy_method(id, symbol_table);
 }
 
 /*******************************************************************\
@@ -86,8 +86,8 @@ Function: language_filest::show_parse
 
 void language_filest::show_parse(std::ostream &out)
 {
-  for(filemapt::iterator it=filemap.begin();
-      it!=filemap.end(); it++)
+  for(file_mapt::iterator it=file_map.begin();
+      it!=file_map.end(); it++)
     it->second.language->show_parse(out);
 }
 
@@ -105,8 +105,8 @@ Function: language_filest::parse
 
 bool language_filest::parse()
 {
-  for(filemapt::iterator it=filemap.begin();
-      it!=filemap.end(); it++)
+  for(file_mapt::iterator it=file_map.begin();
+      it!=file_map.end(); it++)
   {
     // open file
 
@@ -152,8 +152,8 @@ bool language_filest::typecheck(symbol_tablet &symbol_table)
 {
   // typecheck interfaces
 
-  for(filemapt::iterator it=filemap.begin();
-      it!=filemap.end(); it++)
+  for(file_mapt::iterator it=file_map.begin();
+      it!=file_map.end(); it++)
   {
     if(it->second.language->interfaces(symbol_table))
       return true;
@@ -163,8 +163,8 @@ bool language_filest::typecheck(symbol_tablet &symbol_table)
 
   unsigned collision_counter=0;
 
-  for(filemapt::iterator fm_it=filemap.begin();
-      fm_it!=filemap.end(); fm_it++)
+  for(file_mapt::iterator fm_it=file_map.begin();
+      fm_it!=file_map.end(); fm_it++)
   {
     const language_filet::modulest &modules=
       fm_it->second.modules;
@@ -177,7 +177,7 @@ bool language_filest::typecheck(symbol_tablet &symbol_table)
       // these may collide, and then get renamed
       std::string module_name=*mo_it;
 
-      while(modulemap.find(module_name)!=modulemap.end())
+      while(module_map.find(module_name)!=module_map.end())
       {
         module_name=*mo_it+"#"+std::to_string(collision_counter);
         collision_counter++;
@@ -186,15 +186,15 @@ bool language_filest::typecheck(symbol_tablet &symbol_table)
       language_modulet module;
       module.file=&fm_it->second;
       module.name=module_name;
-      modulemap.insert(
+      module_map.insert(
         std::pair<std::string, language_modulet>(module.name, module));
     }
   }
 
   // typecheck files
 
-  for(filemapt::iterator it=filemap.begin();
-      it!=filemap.end(); it++)
+  for(file_mapt::iterator it=file_map.begin();
+      it!=file_map.end(); it++)
   {
     if(it->second.modules.empty())
     {
@@ -206,14 +206,14 @@ bool language_filest::typecheck(symbol_tablet &symbol_table)
       std::set<irep_idt> lazy_method_ids;
       it->second.language->lazy_methods_provided(lazy_method_ids);
       for(const auto &id : lazy_method_ids)
-        lazymethodmap[id]=&it->second;
+        lazy_method_map[id]=&it->second;
     }
   }
 
   // typecheck modules
 
-  for(modulemapt::iterator it=modulemap.begin();
-      it!=modulemap.end(); it++)
+  for(module_mapt::iterator it=module_map.begin();
+      it!=module_map.end(); it++)
   {
     if(typecheck_module(symbol_table, it->second))
       return true;
@@ -239,8 +239,8 @@ bool language_filest::final(
 {
   std::set<std::string> languages;
 
-  for(filemapt::iterator it=filemap.begin();
-      it!=filemap.end(); it++)
+  for(file_mapt::iterator it=file_map.begin();
+      it!=file_map.end(); it++)
   {
     if(languages.insert(it->second.language->id()).second)
       if(it->second.language->final(symbol_table))
@@ -265,8 +265,8 @@ Function: language_filest::interfaces
 bool language_filest::interfaces(
   symbol_tablet &symbol_table)
 {
-  for(filemapt::iterator it=filemap.begin();
-      it!=filemap.end(); it++)
+  for(file_mapt::iterator it=file_map.begin();
+      it!=file_map.end(); it++)
   {
     if(it->second.language->interfaces(symbol_table))
       return true;
@@ -293,9 +293,9 @@ bool language_filest::typecheck_module(
 {
   // check module map
 
-  modulemapt::iterator it=modulemap.find(module);
+  module_mapt::iterator it=module_map.find(module);
 
-  if(it==modulemap.end())
+  if(it==module_map.end())
   {
     error() << "found no file that provides module " << module << eom;
     return true;
diff --git a/src/util/language_file.h b/src/util/language_file.h
index b538c24e84f..d3184d48697 100644
--- a/src/util/language_file.h
+++ b/src/util/language_file.h
@@ -44,7 +44,7 @@ class language_filet
 
   void convert_lazy_method(
     const irep_idt &id,
-    symbol_tablet &symtab);
+    symbol_tablet &symbol_table);
 
   language_filet(const language_filet &rhs);
 
@@ -58,21 +58,21 @@ class language_filet
 class language_filest:public messaget
 {
 public:
-  typedef std::map<std::string, language_filet> filemapt;
-  filemapt filemap;
+  typedef std::map<std::string, language_filet> file_mapt;
+  file_mapt file_map;
 
-  // Contains pointers into filemapt!
-  typedef std::map<std::string, language_modulet> modulemapt;
-  modulemapt modulemap;
+  // Contains pointers into file_mapt!
+  typedef std::map<std::string, language_modulet> module_mapt;
+  module_mapt module_map;
 
   // Contains pointers into filemapt!
   // This is safe-ish as long as this is std::map.
-  typedef std::map<irep_idt, language_filet*> lazymethodmapt;
-  lazymethodmapt lazymethodmap;
+  typedef std::map<irep_idt, language_filet *> lazy_method_mapt;
+  lazy_method_mapt lazy_method_map;
 
   void clear_files()
   {
-    filemap.clear();
+    file_map.clear();
   }
 
   bool parse();
@@ -87,21 +87,24 @@ class language_filest:public messaget
 
   bool has_lazy_method(const irep_idt &id)
   {
-    return lazymethodmap.count(id);
+    return lazy_method_map.count(id);
   }
 
+  // The method must have been added to the symbol table and registered
+  // in lazy_method_map (currently always in language_filest::typecheck)
+  // for this to be legal.
   void convert_lazy_method(
     const irep_idt &id,
-    symbol_tablet &symtab)
+    symbol_tablet &symbol_table)
   {
-    return lazymethodmap.at(id)->convert_lazy_method(id, symtab);
+    return lazy_method_map.at(id)->convert_lazy_method(id, symbol_table);
   }
 
   void clear()
   {
-    filemap.clear();
-    modulemap.clear();
-    lazymethodmap.clear();
+    file_map.clear();
+    module_map.clear();
+    lazy_method_map.clear();
   }
 
 protected:

From 86bef2317d14b10cec6f86dcafc1355f5f30d421 Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Wed, 15 Feb 2017 11:34:20 +0000
Subject: [PATCH 036/699] Use safe pointers for optional arguments

This basic safe-pointer class doesn't do any lifetime management;
rather it just enforces explicit null-checks and throws if they
don't go as expected.
---
 .../java_bytecode_convert_method.cpp          | 12 ++--
 .../java_bytecode_convert_method.h            |  9 +--
 .../java_bytecode_convert_method_class.h      |  9 +--
 src/java_bytecode/java_bytecode_language.cpp  |  4 +-
 src/util/safe_pointer.h                       | 64 +++++++++++++++++++
 5 files changed, 84 insertions(+), 14 deletions(-)
 create mode 100644 src/util/safe_pointer.h

diff --git a/src/java_bytecode/java_bytecode_convert_method.cpp b/src/java_bytecode/java_bytecode_convert_method.cpp
index bc12fc77617..ed87954ed0b 100644
--- a/src/java_bytecode/java_bytecode_convert_method.cpp
+++ b/src/java_bytecode/java_bytecode_convert_method.cpp
@@ -1724,7 +1724,10 @@ codet java_bytecode_convert_methodt::convert_instructions(
       const auto &field_name=arg0.get_string(ID_component_name);
       symbol_expr.set_identifier(arg0.get_string(ID_class)+"."+field_name);
       if(needed_classes && arg0.type().id()==ID_symbol)
-        needed_classes->insert(to_symbol_type(arg0.type()).get_identifier());
+      {
+        needed_classes->insert(
+          to_symbol_type(arg0.type()).get_identifier());
+      }
       results[0]=java_bytecode_promotion(symbol_expr);
 
       // set $assertionDisabled to false
@@ -1743,7 +1746,8 @@ codet java_bytecode_convert_methodt::convert_instructions(
       const auto &field_name=arg0.get_string(ID_component_name);
       symbol_expr.set_identifier(arg0.get_string(ID_class)+"."+field_name);
       if(needed_classes && arg0.type().id()==ID_symbol)
-        needed_classes->insert(to_symbol_type(arg0.type()).get_identifier());
+        needed_classes->insert(
+          to_symbol_type(arg0.type()).get_identifier());
       c=code_assignt(symbol_expr, op[0]);
     }
     else if(statement==patternt("?2?")) // i2c etc.
@@ -2207,8 +2211,8 @@ void java_bytecode_convert_method(
   message_handlert &message_handler,
   bool disable_runtime_checks,
   size_t max_array_length,
-  std::vector<irep_idt> *needed_methods,
-  std::set<irep_idt> *needed_classes)
+  safe_pointer<std::vector<irep_idt> > needed_methods,
+  safe_pointer<std::set<irep_idt> > needed_classes)
 {
   java_bytecode_convert_methodt java_bytecode_convert_method(
     symbol_table,
diff --git a/src/java_bytecode/java_bytecode_convert_method.h b/src/java_bytecode/java_bytecode_convert_method.h
index 68b0dd4e0a8..e81881f44e1 100644
--- a/src/java_bytecode/java_bytecode_convert_method.h
+++ b/src/java_bytecode/java_bytecode_convert_method.h
@@ -11,6 +11,7 @@ Author: Daniel Kroening, kroening@kroening.com
 
 #include <util/symbol_table.h>
 #include <util/message.h>
+#include <util/safe_pointer.h>
 
 #include "java_bytecode_parse_tree.h"
 
@@ -23,8 +24,8 @@ void java_bytecode_convert_method(
   message_handlert &message_handler,
   bool disable_runtime_checks,
   size_t max_array_length,
-  std::vector<irep_idt> *needed_methods,
-  std::set<irep_idt> *needed_classes);
+  safe_pointer<std::vector<irep_idt> > needed_methods,
+  safe_pointer<std::set<irep_idt> > needed_classes);
 
 // Must provide both the optional parameters or neither.
 inline void java_bytecode_convert_method(
@@ -42,8 +43,8 @@ inline void java_bytecode_convert_method(
     message_handler,
     disable_runtime_checks,
     max_array_length,
-    nullptr,
-    nullptr);
+    safe_pointer<std::vector<irep_idt> >::create_null(),
+    safe_pointer<std::set<irep_idt> >::create_null());
 }
 
 void java_bytecode_convert_method_lazy(
diff --git a/src/java_bytecode/java_bytecode_convert_method_class.h b/src/java_bytecode/java_bytecode_convert_method_class.h
index 96e640ecdf3..ae4ba711640 100644
--- a/src/java_bytecode/java_bytecode_convert_method_class.h
+++ b/src/java_bytecode/java_bytecode_convert_method_class.h
@@ -13,6 +13,7 @@ Author: Daniel Kroening, kroening@kroening.com
 #include <util/message.h>
 #include <util/std_types.h>
 #include <util/std_expr.h>
+#include <util/safe_pointer.h>
 #include <analyses/cfg_dominators.h>
 #include "java_bytecode_parse_tree.h"
 #include "java_bytecode_convert_class.h"
@@ -31,8 +32,8 @@ class java_bytecode_convert_methodt:public messaget
     message_handlert &_message_handler,
     bool _disable_runtime_checks,
     size_t _max_array_length,
-    std::vector<irep_idt> *_needed_methods,
-    std::set<irep_idt> *_needed_classes):
+    safe_pointer<std::vector<irep_idt> > _needed_methods,
+    safe_pointer<std::set<irep_idt> > _needed_classes):
     messaget(_message_handler),
     symbol_table(_symbol_table),
     disable_runtime_checks(_disable_runtime_checks),
@@ -57,8 +58,8 @@ class java_bytecode_convert_methodt:public messaget
   symbol_tablet &symbol_table;
   const bool disable_runtime_checks;
   const size_t max_array_length;
-  std::vector<irep_idt> *needed_methods;
-  std::set<irep_idt> *needed_classes;
+  safe_pointer<std::vector<irep_idt> > needed_methods;
+  safe_pointer<std::set<irep_idt> > needed_classes;
 
   irep_idt method_id;
   irep_idt current_method;
diff --git a/src/java_bytecode/java_bytecode_language.cpp b/src/java_bytecode/java_bytecode_language.cpp
index 4512ec97709..03b5a51a4a2 100644
--- a/src/java_bytecode/java_bytecode_language.cpp
+++ b/src/java_bytecode/java_bytecode_language.cpp
@@ -586,8 +586,8 @@ bool java_bytecode_languaget::do_ci_lazy_method_conversion(
           get_message_handler(),
           disable_runtime_checks,
           max_user_array_length,
-          &method_worklist2,
-          &needed_classes);
+          safe_pointer<std::vector<irep_idt> >::create_non_null(&method_worklist2),
+          safe_pointer<std::set<irep_idt> >::create_non_null(&needed_classes));
         gather_virtual_callsites(
           symbol_table.lookup(mname).value,
           virtual_callsites);
diff --git a/src/util/safe_pointer.h b/src/util/safe_pointer.h
new file mode 100644
index 00000000000..47e52ac13fe
--- /dev/null
+++ b/src/util/safe_pointer.h
@@ -0,0 +1,64 @@
+/*******************************************************************\
+
+Module: Simple checked pointers
+
+Author: Chris Smowton, chris@smowton.net
+
+\*******************************************************************/
+
+#ifndef CPROVER_UTIL_SAFE_POINTER_H
+#define CPROVER_UTIL_SAFE_POINTER_H
+
+template<class T> class safe_pointer
+{
+ public:
+  operator bool() const
+  {
+    return !!ptr;
+  }
+
+  T *get() const
+  {
+    assert(ptr && "dereferenced a null safe pointer");
+    return ptr;
+  }
+
+  T &operator*() const
+  {
+    return *get();
+  }
+
+  T *operator->() const
+  {
+    return get();
+  }
+
+  static safe_pointer<T> create_null()
+  {
+    return safe_pointer();
+  }
+
+  static safe_pointer<T> create_non_null(
+    T *target)
+  {
+    assert(target && "initialized safe pointer with null");
+    return safe_pointer(target);
+  }
+
+  static safe_pointer<T> create_maybe_null(
+    T *target)
+  {
+    return safe_pointer(target);
+  }
+
+ protected:
+  T *ptr;
+
+  explicit safe_pointer(T *target) : ptr(target)
+  {}
+
+  safe_pointer() : ptr(nullptr)
+  {}
+};
+
+#endif

From ffef5d715dbde87696151ed6cc501e1f391aeb12 Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Wed, 15 Feb 2017 12:58:30 +0000
Subject: [PATCH 037/699] Add lazy conversion documentation

Also fix some trivial linting errors. No functional changes.
---
 .../java_bytecode_convert_method.cpp          |  2 +
 src/java_bytecode/java_bytecode_language.cpp  | 86 +++++++++++++++++--
 src/java_bytecode/java_bytecode_language.h    |  4 +-
 3 files changed, 82 insertions(+), 10 deletions(-)

diff --git a/src/java_bytecode/java_bytecode_convert_method.cpp b/src/java_bytecode/java_bytecode_convert_method.cpp
index ed87954ed0b..f101d19c824 100644
--- a/src/java_bytecode/java_bytecode_convert_method.cpp
+++ b/src/java_bytecode/java_bytecode_convert_method.cpp
@@ -1746,8 +1746,10 @@ codet java_bytecode_convert_methodt::convert_instructions(
       const auto &field_name=arg0.get_string(ID_component_name);
       symbol_expr.set_identifier(arg0.get_string(ID_class)+"."+field_name);
       if(needed_classes && arg0.type().id()==ID_symbol)
+      {
         needed_classes->insert(
           to_symbol_type(arg0.type()).get_identifier());
+      }
       c=code_assignt(symbol_expr, op[0]);
     }
     else if(statement==patternt("?2?")) // i2c etc.
diff --git a/src/java_bytecode/java_bytecode_language.cpp b/src/java_bytecode/java_bytecode_language.cpp
index 03b5a51a4a2..e9d5a87186b 100644
--- a/src/java_bytecode/java_bytecode_language.cpp
+++ b/src/java_bytecode/java_bytecode_language.cpp
@@ -502,6 +502,7 @@ bool java_bytecode_languaget::typecheck(
   // that are reachable from this entry point.
   if(lazy_methods_mode==LAZY_METHODS_MODE_CONTEXT_INSENSITIVE)
   {
+    // ci: context-insensitive.
     if(do_ci_lazy_method_conversion(symbol_table, lazy_methods))
       return true;
   }
@@ -514,6 +515,32 @@ bool java_bytecode_languaget::typecheck(
   return false;
 }
 
+/*******************************************************************\
+
+Function: java_bytecode_languaget::do_ci_lazy_method_conversion
+
+  Inputs: `symbol_table`: global symbol table
+          `lazy_methods`: map from method names to relevant symbol
+                          and parsed-method objects.
+
+ Outputs: Elaborates lazily-converted methods that may be reachable
+          starting from the main entry point (usually provided with
+          the --function command-line option) (side-effect on the
+          symbol_table). Returns false on success.
+
+ Purpose: Uses a simple context-insensitive ('ci') analysis to
+          determine which methods may be reachable from the main
+          entry point. In brief, static methods are reachable if we
+          find a callsite in another reachable site, while virtual
+          methods are reachable if we find a virtual callsite
+          targeting a compatible type *and* a constructor callsite
+          indicating an object of that type may be instantiated (or
+          evidence that an object of that type exists before the
+          main function is entered, such as being passed as a
+          parameter).
+
+\*******************************************************************/
+
 bool java_bytecode_languaget::do_ci_lazy_method_conversion(
   symbol_tablet &symbol_table,
   lazy_methodst &lazy_methods)
@@ -558,7 +585,7 @@ bool java_bytecode_languaget::do_ci_lazy_method_conversion(
     needed_classes);
 
   std::set<irep_idt> methods_already_populated;
-  std::vector<const code_function_callt*> virtual_callsites;
+  std::vector<const code_function_callt *> virtual_callsites;
 
   bool any_new_methods;
   do
@@ -586,8 +613,10 @@ bool java_bytecode_languaget::do_ci_lazy_method_conversion(
           get_message_handler(),
           disable_runtime_checks,
           max_user_array_length,
-          safe_pointer<std::vector<irep_idt> >::create_non_null(&method_worklist2),
-          safe_pointer<std::set<irep_idt> >::create_non_null(&needed_classes));
+          safe_pointer<std::vector<irep_idt> >::create_non_null(
+            &method_worklist2),
+          safe_pointer<std::set<irep_idt> >::create_non_null(
+            &needed_classes));
         gather_virtual_callsites(
           symbol_table.lookup(mname).value,
           virtual_callsites);
@@ -607,11 +636,15 @@ bool java_bytecode_languaget::do_ci_lazy_method_conversion(
     for(const auto &callsite : virtual_callsites)
     {
       // This will also create a stub if a virtual callsite has no targets.
-      get_virtual_method_targets(*callsite, needed_classes, method_worklist2,
-				 symbol_table, ch);
+      get_virtual_method_targets(
+        *callsite,
+        needed_classes,
+        method_worklist2,
+        symbol_table,
+        ch);
     }
-
-  } while(any_new_methods);
+  }
+  while(any_new_methods);
 
   // Remove symbols for methods that were declared but never used:
   symbol_tablet keep_symbols;
@@ -640,12 +673,49 @@ bool java_bytecode_languaget::do_ci_lazy_method_conversion(
   return false;
 }
 
-void java_bytecode_languaget::lazy_methods_provided(std::set<irep_idt> &methods) const
+/*******************************************************************\
+
+Function: java_bytecode_languaget::lazy_methods_provided
+
+  Inputs: None
+
+ Outputs: Populates `methods` with the complete list of lazy methods
+          that are available to convert (those which are valid
+          parameters for `convert_lazy_method`)
+
+ Purpose: Provide feedback to `language_filest` so that when asked
+          for a lazy method, it can delegate to this instance of
+          java_bytecode_languaget.
+
+\*******************************************************************/
+
+void java_bytecode_languaget::lazy_methods_provided(
+  std::set<irep_idt> &methods) const
 {
   for(const auto &kv : lazy_methods)
     methods.insert(kv.first);
 }
 
+/*******************************************************************\
+
+Function: java_bytecode_languaget::convert_lazy_method
+
+  Inputs: `id`: method ID to convert
+          `symtab`: global symbol table
+
+ Outputs: Amends the symbol table entry for function `id`, which
+          should be a lazy method provided by this instance of
+          `java_bytecode_languaget`. It should initially have a nil
+          value. After this method completes, it will have a value
+          representing the method body, identical to that produced
+          using eager method conversion.
+
+ Purpose: Promote a lazy-converted method (one whose type is known
+          but whose body hasn't been converted) into a fully-
+          elaborated one.
+
+\*******************************************************************/
+
 void java_bytecode_languaget::convert_lazy_method(
   const irep_idt &id,
   symbol_tablet &symtab)
diff --git a/src/java_bytecode/java_bytecode_language.h b/src/java_bytecode/java_bytecode_language.h
index afdd275ddf6..ea177e0226a 100644
--- a/src/java_bytecode/java_bytecode_language.h
+++ b/src/java_bytecode/java_bytecode_language.h
@@ -24,8 +24,8 @@ enum lazy_methods_modet
 };
 
 typedef std::pair<
-          const symbolt*,
-          const java_bytecode_parse_treet::methodt*>
+          const symbolt *,
+          const java_bytecode_parse_treet::methodt *>
   lazy_method_valuet;
 typedef std::map<irep_idt, lazy_method_valuet>
   lazy_methodst;

From a30720b39e3597875ee476840523d2d31c0a9a5f Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Wed, 15 Feb 2017 17:28:55 +0000
Subject: [PATCH 038/699] Improve failed test printer

---
 regression/failed-tests-printer.pl | 22 ++++++++++++----------
 1 file changed, 12 insertions(+), 10 deletions(-)

diff --git a/regression/failed-tests-printer.pl b/regression/failed-tests-printer.pl
index 832ba2d2c64..40767185d5c 100755
--- a/regression/failed-tests-printer.pl
+++ b/regression/failed-tests-printer.pl
@@ -4,23 +4,25 @@
 
 open LOG,"<tests.log" or die "Failed to open tests.log\n";
 
-my $ignore = 1;
+my $printed_this_test = 1;
 my $current_test = "";
 
 while (<LOG>) {
   chomp;
   if (/^Test '(.+)'/) {
     $current_test = $1;
-    $ignore = 0;
-  } elsif (1 == $ignore) {
-    next;
+    $printed_this_test = 0;
   } elsif (/\[FAILED\]\s*$/) {
-    $ignore = 1;
-    print "Failed test: $current_test\n";
-    my $outf = `sed -n '2p' $current_test/test.desc`;
-    $outf =~ s/\..*$/.out/;
-    system("cat $current_test/$outf");
-    print "\n\n";
+    if(0 == $printed_this_test) {
+      $printed_this_test = 1;
+      print "\n\n";
+      print "Failed test: $current_test\n";
+      my $outf = `sed -n '2p' $current_test/test.desc`;
+      $outf =~ s/\..*$/.out/;
+      system("cat $current_test/$outf");
+      print "\n\nFailed test.desc lines:\n";
+    }
+    print "$_\n";
   }
 }
 

From 8809a4c56820dd74bc52834655e0c2639919d40a Mon Sep 17 00:00:00 2001
From: Norbert Manthey <nmanthey@amazon.com>
Date: Tue, 28 Feb 2017 23:17:12 +0100
Subject: [PATCH 039/699] Remove aa-symex from DIRS variable in Makefile

Without this patch, calling "make clean" fails, because make
tries to call "make clean" in the aa-symex directory as well.
By removing aa-symex from the DIRS variable, this problem is fixed.

Fixes: cleanup aa-path-symex and aa-symex
---
 src/Makefile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/Makefile b/src/Makefile
index 3a452b7fe09..269ddeda140 100644
--- a/src/Makefile
+++ b/src/Makefile
@@ -1,7 +1,7 @@
 DIRS = ansi-c big-int cbmc cpp goto-cc goto-instrument goto-programs \
        goto-symex langapi pointer-analysis solvers util linking xmllang \
-       assembler analyses java_bytecode aa-path-symex path-symex musketeer \
-       json cegis goto-analyzer jsil symex goto-diff aa-symex clobber \
+       assembler analyses java_bytecode path-symex musketeer \
+       json cegis goto-analyzer jsil symex goto-diff clobber \
        memory-models
 
 all: cbmc.dir goto-cc.dir goto-instrument.dir symex.dir goto-analyzer.dir goto-diff.dir

From 6c0ff32172d56335deebc5044ea3eacac3faf824 Mon Sep 17 00:00:00 2001
From: thk123 <thomas@diffblue.com>
Date: Tue, 29 Nov 2016 14:50:47 +0000
Subject: [PATCH 040/699] Don't allowing functions called from _Start to be
 inlined

When the partial inlining comes to the _Start function, it skips over
it. We don't want inlining on the start function because if we are
trying to find the entry point for the users code, it is important it
hasn't been inlined into GOTO generated code.
---
 src/goto-programs/goto_inline.cpp | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/goto-programs/goto_inline.cpp b/src/goto-programs/goto_inline.cpp
index 830798c289e..c8c97f8d4a5 100644
--- a/src/goto-programs/goto_inline.cpp
+++ b/src/goto-programs/goto_inline.cpp
@@ -213,7 +213,12 @@ void goto_partial_inline(
       // called function
       const goto_functiont &goto_function=f_it->second;
 
-      if(!goto_function.body_available())
+      // We can't take functions without bodies to find functions
+      // inside them to be inlined.
+      // We also don't allow for the _start function to have any of its
+      // function calls to be inlined
+      if(!goto_function.body_available() ||
+         f_it->first==ID__start)
         continue;
 
       const goto_programt &goto_program=goto_function.body;

From d47d503b660386e840ed41e3fe5ba9dd7ef0dfd5 Mon Sep 17 00:00:00 2001
From: Dario Cattaruzza <dario.cattaruzza@hotmail.com>
Date: Tue, 25 Oct 2016 16:14:56 +0100
Subject: [PATCH 041/699] Get symbol of member expression

---
 src/util/std_expr.h | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/src/util/std_expr.h b/src/util/std_expr.h
index a2f78ab25e8..30296525585 100644
--- a/src/util/std_expr.h
+++ b/src/util/std_expr.h
@@ -2979,6 +2979,17 @@ class member_exprt:public exprt
   {
     return op0();
   }
+
+  // Retrieves the object(symbol) this member corresponds to
+  inline const symbol_exprt &symbol() const
+  {
+    const exprt &op=op0();
+    if(op.id()==ID_member)
+    {
+      return static_cast<const member_exprt &>(op).symbol();
+    }
+    return to_symbol_expr(op);
+  }
 };
 
 /*! \brief Cast a generic exprt to a \ref member_exprt

From 27153d142eb07dc0e78eb47d72e52b877af5d776 Mon Sep 17 00:00:00 2001
From: Dario Cattaruzza <dario.cattaruzza@hotmail.com>
Date: Tue, 25 Oct 2016 16:16:43 +0100
Subject: [PATCH 042/699] Auxiliary function to check if the ssa has enough
 data to build an identifier

---
 src/util/ssa_expr.cpp | 13 +++++++++++++
 src/util/ssa_expr.h   |  6 +++++-
 2 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/src/util/ssa_expr.cpp b/src/util/ssa_expr.cpp
index c75d7d2ed92..affd2907eb5 100644
--- a/src/util/ssa_expr.cpp
+++ b/src/util/ssa_expr.cpp
@@ -78,6 +78,19 @@ static void build_ssa_identifier_rec(
     assert(false);
 }
 
+/* Used to determine whether or not an identifier can be built
+   * before trying and getting an exception */
+bool ssa_exprt::can_build_identifier(const exprt &expr)
+{
+  if(expr.id()==ID_symbol)
+    return true;
+  else if(expr.id()==ID_member ||
+          expr.id()==ID_index)
+    return can_build_identifier(expr.op0());
+  else
+    return false;
+}
+
 /*******************************************************************\
 
 Function: ssa_exprt::build_identifier
diff --git a/src/util/ssa_expr.h b/src/util/ssa_expr.h
index 446e82169d6..e18862fa9f9 100644
--- a/src/util/ssa_expr.h
+++ b/src/util/ssa_expr.h
@@ -64,7 +64,7 @@ class ssa_exprt:public symbol_exprt
 
   const irep_idt get_l1_object_identifier() const
   {
-    #if 0
+    #if 1
     return get_l1_object().get_identifier();
     #else
     // the above is the clean version, this is the fast one, using
@@ -134,6 +134,10 @@ class ssa_exprt:public symbol_exprt
     const irep_idt &l0,
     const irep_idt &l1,
     const irep_idt &l2);
+
+  /* Used to determine whether or not an identifier can be built
+   * before trying and getting an exception */
+  static bool can_build_identifier(const exprt &src);
 };
 
 /*! \brief Cast a generic exprt to an \ref ssa_exprt

From 2987406470da274a1f75024251bc07650352465c Mon Sep 17 00:00:00 2001
From: Dario Cattaruzza <dario.cattaruzza@hotmail.com>
Date: Tue, 25 Oct 2016 16:17:06 +0100
Subject: [PATCH 043/699] Bitwise operators for mpinteger

---
 src/util/mp_arith.cpp | 264 ++++++++++++++++++++++++++++++++++++++++++
 src/util/mp_arith.h   |  23 ++++
 2 files changed, 287 insertions(+)

diff --git a/src/util/mp_arith.cpp b/src/util/mp_arith.cpp
index 338a6103e40..e70c654bd14 100644
--- a/src/util/mp_arith.cpp
+++ b/src/util/mp_arith.cpp
@@ -17,6 +17,9 @@ Author: Daniel Kroening, kroening@kroening.com
 #include "mp_arith.h"
 #include "arith_tools.h"
 
+
+typedef BigInt::ullong_t ullong_t;
+
 /*******************************************************************\
 
 Function: >>
@@ -320,3 +323,264 @@ unsigned integer2unsigned(const mp_integer &n)
   assert(ull <= std::numeric_limits<unsigned>::max());
   return (unsigned)ull;
 }
+
+/*******************************************************************\
+
+Function: bitwise_or
+
+  Inputs:
+
+ Outputs:
+
+ Purpose: bitwise or
+          bitwise operations only make sense on native objects, hence the
+          largest object size should be the largest available c++ integer
+          size (currently long long)
+
+\*******************************************************************/
+
+mp_integer bitwise_or(const mp_integer &a, const mp_integer &b)
+{
+  ullong_t result=a.to_ulong()|b.to_ulong();
+  return result;
+}
+
+/*******************************************************************\
+
+Function: bitwise_and
+
+  Inputs:
+
+ Outputs:
+
+ Purpose: bitwise and
+          bitwise operations only make sense on native objects, hence the
+          largest object size should be the largest available c++ integer
+          size (currently long long)
+
+\*******************************************************************/
+
+mp_integer bitwise_and(const mp_integer &a, const mp_integer &b)
+{
+  ullong_t result=a.to_ulong()&b.to_ulong();
+  return result;
+}
+
+/*******************************************************************\
+
+Function: bitwise_xor
+
+  Inputs:
+
+ Outputs:
+
+ Purpose: bitwise xor
+          bitwise operations only make sense on native objects, hence the
+          largest object size should be the largest available c++ integer
+          size (currently long long)
+
+\*******************************************************************/
+
+mp_integer bitwise_xor(const mp_integer &a, const mp_integer &b)
+{
+  ullong_t result=a.to_ulong()^b.to_ulong();
+  return result;
+}
+
+/*******************************************************************\
+
+Function: bitwise_neg
+
+  Inputs:
+
+ Outputs:
+
+ Purpose: bitwise negation
+          bitwise operations only make sense on native objects, hence the
+          largest object size should be the largest available c++ integer
+          size (currently long long)
+
+\*******************************************************************/
+
+mp_integer bitwise_neg(const mp_integer &a)
+{
+  ullong_t result=~a.to_ulong();
+  return result;
+}
+
+/*******************************************************************\
+
+Function: arith_left_shift
+
+  Inputs:
+
+ Outputs:
+
+ Purpose: arithmetic left shift
+          bitwise operations only make sense on native objects, hence the
+          largest object size should be the largest available c++ integer
+          size (currently long long)
+
+\*******************************************************************/
+
+mp_integer arith_left_shift(
+  const mp_integer &a,
+  const mp_integer &b,
+  std::size_t true_size)
+{
+  ullong_t shift=b.to_ulong();
+  if(shift>true_size && a!=mp_integer(0))
+    throw "shift value out of range";
+
+  ullong_t result=a.to_ulong()<<shift;
+  return result;
+}
+
+/*******************************************************************\
+
+Function: arith_right_shift
+
+  Inputs:
+
+ Outputs:
+
+ Purpose: arithmetic right shift (loads sign on MSB)
+          bitwise operations only make sense on native objects, hence the
+          largest object size should be the largest available c++ integer
+          size (currently long long)
+
+\*******************************************************************/
+
+mp_integer arith_right_shift(
+  const mp_integer &a,
+  const mp_integer &b,
+  std::size_t true_size)
+{
+  ullong_t number=a.to_ulong();
+  ullong_t shift=b.to_ulong();
+  if(shift>true_size)
+    throw "shift value out of range";
+
+  ullong_t sign=(1<<(true_size-1))&number;
+  ullong_t pad=(sign==0) ? 0 : ~((1<<(true_size-shift))-1);
+  ullong_t result=(number>>shift)|pad;
+  return result;
+}
+
+/*******************************************************************\
+
+Function: logic_left_shift
+
+  Inputs:
+
+ Outputs:
+
+ Purpose: logic left shift
+          bitwise operations only make sense on native objects, hence the
+          largest object size should be the largest available c++ integer
+          size (currently long long)
+
+\*******************************************************************/
+
+mp_integer logic_left_shift(
+  const mp_integer &a,
+  const mp_integer &b,
+  std::size_t true_size)
+{
+  ullong_t shift=b.to_ulong();
+  if(shift>true_size && a!=mp_integer(0))
+    throw "shift value out of range";
+
+  ullong_t result=a.to_ulong()<<shift;
+  return result;
+}
+
+/*******************************************************************\
+
+Function: logic_right_shift
+
+  Inputs:
+
+ Outputs:
+
+ Purpose: logic right shift (loads 0 on MSB)
+          bitwise operations only make sense on native objects, hence the
+          largest object size should be the largest available c++ integer
+          size (currently long long)
+
+\*******************************************************************/
+
+mp_integer logic_right_shift(
+  const mp_integer &a,
+  const mp_integer &b,
+  std::size_t true_size)
+{
+  ullong_t shift=b.to_ulong();
+  if(shift>true_size)
+    throw "shift value out of range";
+
+  ullong_t result=a.to_ulong()>>shift;
+  return result;
+}
+
+/*******************************************************************\
+
+Function: rotate_right
+
+  Inputs:
+
+ Outputs:
+
+ Purpose: rotates right (MSB=LSB)
+          bitwise operations only make sense on native objects, hence the
+          largest object size should be the largest available c++ integer
+          size (currently long long)
+
+\*******************************************************************/
+
+mp_integer rotate_right(
+  const mp_integer &a,
+  const mp_integer &b,
+  std::size_t true_size)
+{
+  ullong_t number=a.to_ulong();
+  ullong_t shift=b.to_ulong();
+  if(shift>true_size)
+    throw "shift value out of range";
+
+  ullong_t revShift=true_size-shift;
+  ullong_t filter=1<<(true_size-1);
+  ullong_t result=(number>>shift)|((number<<revShift)&filter);
+  return result;
+}
+
+/*******************************************************************\
+
+Function: rotate_left
+
+  Inputs:
+
+ Outputs:
+
+ Purpose: rotate left (LSB=MSB)
+          bitwise operations only make sense on native objects, hence the
+          largest object size should be the largest available c++ integer
+          size (currently long long)
+
+\*******************************************************************/
+
+mp_integer rotate_left(
+  const mp_integer &a,
+  const mp_integer &b,
+  std::size_t true_size)
+{
+  ullong_t number=a.to_ulong();
+  ullong_t shift=b.to_ulong();
+  if(shift>true_size)
+    throw "shift value out of range";
+
+  ullong_t revShift=true_size-shift;
+  ullong_t filter=1<<(true_size-1);
+  ullong_t result=((number<<shift)&filter)|((number&filter)>>revShift);
+  return result;
+}
diff --git a/src/util/mp_arith.h b/src/util/mp_arith.h
index 030a292bb74..046b1bff788 100644
--- a/src/util/mp_arith.h
+++ b/src/util/mp_arith.h
@@ -20,6 +20,28 @@ typedef BigInt mp_integer;
 std::ostream &operator<<(std::ostream &, const mp_integer &);
 mp_integer operator>>(const mp_integer &, const mp_integer &);
 mp_integer operator<<(const mp_integer &, const mp_integer &);
+mp_integer bitwise_or(const mp_integer &, const mp_integer &);
+mp_integer bitwise_and(const mp_integer &, const mp_integer &);
+mp_integer bitwise_xor(const mp_integer &, const mp_integer &);
+mp_integer bitwise_neg(const mp_integer &);
+
+mp_integer arith_left_shift(
+  const mp_integer &, const mp_integer &, std::size_t true_size);
+
+mp_integer arith_right_shift(
+  const mp_integer &, const mp_integer &, std::size_t true_size);
+
+mp_integer logic_left_shift(
+  const mp_integer &, const mp_integer &, std::size_t true_size);
+
+mp_integer logic_right_shift(
+  const mp_integer &, const mp_integer &, std::size_t true_size);
+
+mp_integer rotate_right(
+  const mp_integer &, const mp_integer &, std::size_t true_size);
+
+mp_integer rotate_left(
+  const mp_integer &, const mp_integer &, std::size_t true_size);
 
 const std::string integer2string(const mp_integer &, unsigned base=10);
 const mp_integer string2integer(const std::string &, unsigned base=10);
@@ -28,5 +50,6 @@ const mp_integer binary2integer(const std::string &, bool is_signed);
 mp_integer::ullong_t integer2ulong(const mp_integer &);
 std::size_t integer2size_t(const mp_integer &);
 unsigned integer2unsigned(const mp_integer &);
+const mp_integer mp_zero=string2integer("0");
 
 #endif // CPROVER_UTIL_MP_ARITH_H

From d81dd759c9373a526e35d900a6651fda0799c650 Mon Sep 17 00:00:00 2001
From: Dario Cattaruzza <dario.cattaruzza@hotmail.com>
Date: Tue, 25 Oct 2016 16:18:08 +0100
Subject: [PATCH 044/699] Auxiliary function to retrieve tail of trace and
 added dead command to trace

---
 src/goto-programs/goto_trace.cpp | 5 ++++-
 src/goto-programs/goto_trace.h   | 7 +++++++
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/src/goto-programs/goto_trace.cpp b/src/goto-programs/goto_trace.cpp
index ad8bdcdfdd9..4179afb5395 100644
--- a/src/goto-programs/goto_trace.cpp
+++ b/src/goto-programs/goto_trace.cpp
@@ -65,6 +65,7 @@ void goto_trace_stept::output(
   case goto_trace_stept::ASSIGNMENT: out << "ASSIGNMENT"; break;
   case goto_trace_stept::GOTO: out << "GOTO"; break;
   case goto_trace_stept::DECL: out << "DECL"; break;
+  case goto_trace_stept::DEAD: out << "DEAD"; break;
   case goto_trace_stept::OUTPUT: out << "OUTPUT"; break;
   case goto_trace_stept::INPUT: out << "INPUT"; break;
   case goto_trace_stept::ATOMIC_BEGIN: out << "ATOMC_BEGIN"; break;
@@ -73,7 +74,9 @@ void goto_trace_stept::output(
   case goto_trace_stept::SHARED_WRITE: out << "SHARED WRITE"; break;
   case goto_trace_stept::FUNCTION_CALL: out << "FUNCTION CALL"; break;
   case goto_trace_stept::FUNCTION_RETURN: out << "FUNCTION RETURN"; break;
-  default: assert(false);
+  default:
+    out << "unknown type: " << type << std::endl;
+    assert(false);
   }
 
   if(type==ASSERT || type==ASSUME || type==GOTO)
diff --git a/src/goto-programs/goto_trace.h b/src/goto-programs/goto_trace.h
index 507d538ada0..a669fac5e6b 100644
--- a/src/goto-programs/goto_trace.h
+++ b/src/goto-programs/goto_trace.h
@@ -154,6 +154,13 @@ class goto_tracet
     steps.push_back(step);
   }
 
+  // retrieves the final step in the trace for manipulation
+  // (used to fill a trace from code, hence non-const)
+  inline goto_trace_stept &get_last_step()
+  {
+    return steps.back();
+  }
+
   // delete all steps after (not including) s
   void trim_after(stepst::iterator s)
   {

From 7fb8174485d59e458097725cc79947f42b08ad7b Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Fri, 13 Jan 2017 14:36:01 +0000
Subject: [PATCH 045/699] Fix arithmetic shift operators

to_ulong() will negate a negative number, rather than returning its
two's complement representation as an unsigned type as we might
reasonably suppose. Instead use to_long() everywhere to preserve the
bitwise representation and then use sign-bit filling to make sure the
value is correctly re-encoded as mp_integer.
---
 src/util/mp_arith.cpp | 38 ++++++++++++++++++++++++++------------
 1 file changed, 26 insertions(+), 12 deletions(-)

diff --git a/src/util/mp_arith.cpp b/src/util/mp_arith.cpp
index e70c654bd14..6a9082b6823 100644
--- a/src/util/mp_arith.cpp
+++ b/src/util/mp_arith.cpp
@@ -18,7 +18,8 @@ Author: Daniel Kroening, kroening@kroening.com
 #include "arith_tools.h"
 
 
-typedef BigInt::ullong_t ullong_t;
+typedef BigInt::ullong_t ullong_t; // NOLINT(readability/identifiers)
+typedef BigInt::llong_t llong_t; // NOLINT(readability/identifiers)
 
 /*******************************************************************\
 
@@ -432,8 +433,12 @@ mp_integer arith_left_shift(
   if(shift>true_size && a!=mp_integer(0))
     throw "shift value out of range";
 
-  ullong_t result=a.to_ulong()<<shift;
-  return result;
+  llong_t result=a.to_long()<<shift;
+  llong_t mask=
+    true_size<(sizeof(llong_t)*8) ?
+    (1L<<true_size)-1 :
+    -1;
+  return result&mask;
 }
 
 /*******************************************************************\
@@ -456,14 +461,14 @@ mp_integer arith_right_shift(
   const mp_integer &b,
   std::size_t true_size)
 {
-  ullong_t number=a.to_ulong();
+  llong_t number=a.to_long();
   ullong_t shift=b.to_ulong();
   if(shift>true_size)
     throw "shift value out of range";
 
-  ullong_t sign=(1<<(true_size-1))&number;
-  ullong_t pad=(sign==0) ? 0 : ~((1<<(true_size-shift))-1);
-  ullong_t result=(number>>shift)|pad;
+  llong_t sign=(1<<(true_size-1))&number;
+  llong_t pad=(sign==0) ? 0 : ~((1<<(true_size-shift))-1);
+  llong_t result=(number >> shift)|pad;
   return result;
 }
 
@@ -490,8 +495,17 @@ mp_integer logic_left_shift(
   ullong_t shift=b.to_ulong();
   if(shift>true_size && a!=mp_integer(0))
     throw "shift value out of range";
-
-  ullong_t result=a.to_ulong()<<shift;
+  llong_t result=a.to_long()<<shift;
+  if(true_size<(sizeof(llong_t)*8))
+  {
+    llong_t sign=(1L<<(true_size-1))&result;
+    llong_t mask=(1L<<true_size)-1;
+    // Sign-fill out-of-range bits:
+    if(sign==0)
+      result&=mask;
+    else
+      result|=~mask;
+  }
   return result;
 }
 
@@ -519,7 +533,7 @@ mp_integer logic_right_shift(
   if(shift>true_size)
     throw "shift value out of range";
 
-  ullong_t result=a.to_ulong()>>shift;
+  ullong_t result=((ullong_t)a.to_long()) >> shift;
   return result;
 }
 
@@ -550,7 +564,7 @@ mp_integer rotate_right(
 
   ullong_t revShift=true_size-shift;
   ullong_t filter=1<<(true_size-1);
-  ullong_t result=(number>>shift)|((number<<revShift)&filter);
+  ullong_t result=(number >> shift)|((number<<revShift)&filter);
   return result;
 }
 
@@ -581,6 +595,6 @@ mp_integer rotate_left(
 
   ullong_t revShift=true_size-shift;
   ullong_t filter=1<<(true_size-1);
-  ullong_t result=((number<<shift)&filter)|((number&filter)>>revShift);
+  ullong_t result=((number<<shift)&filter)|((number&filter) >> revShift);
   return result;
 }

From fb616c542cec51cf99c61350e9d2df404eed700a Mon Sep 17 00:00:00 2001
From: thk123 <thomas@diffblue.com>
Date: Mon, 16 Jan 2017 14:58:46 +0000
Subject: [PATCH 046/699] Added a new class for handling the internals

This code was originally in the `dump_ct` class but it is useful in
other places (specifically when generating stubs we don't want to
include any of these).
---
 src/goto-programs/Makefile                   |   5 +-
 src/goto-programs/system_library_symbols.cpp | 298 +++++++++++++++++++
 src/goto-programs/system_library_symbols.h   |  37 +++
 3 files changed, 339 insertions(+), 1 deletion(-)
 create mode 100644 src/goto-programs/system_library_symbols.cpp
 create mode 100644 src/goto-programs/system_library_symbols.h

diff --git a/src/goto-programs/Makefile b/src/goto-programs/Makefile
index d8cb835e4a8..485bc211e24 100644
--- a/src/goto-programs/Makefile
+++ b/src/goto-programs/Makefile
@@ -20,7 +20,10 @@ SRC = goto_convert.cpp goto_convert_function_call.cpp \
       slice_global_inits.cpp goto_inline_class.cpp class_identifier.cpp \
       show_goto_functions_json.cpp \
       show_goto_functions_xml.cpp \
-      remove_static_init_loops.cpp remove_instanceof.cpp
+      remove_static_init_loops.cpp \
+      remove_instanceof.cpp \
+      system_library_symbols.cpp \
+
 
 INCLUDES= -I ..
 
diff --git a/src/goto-programs/system_library_symbols.cpp b/src/goto-programs/system_library_symbols.cpp
new file mode 100644
index 00000000000..44bb1b1b2cd
--- /dev/null
+++ b/src/goto-programs/system_library_symbols.cpp
@@ -0,0 +1,298 @@
+/*******************************************************************\
+
+Module: Goto Programs
+
+Author: Thomas Kiley
+
+\*******************************************************************/
+
+#include "system_library_symbols.h"
+#include <util/cprover_prefix.h>
+#include <util/prefix.h>
+#include <util/symbol.h>
+
+system_library_symbolst::system_library_symbolst()
+{
+  init_system_library_map();
+}
+
+/*******************************************************************\
+
+Function: system_library_symbolst::init_system_library_map
+
+Inputs:
+
+Outputs:
+
+Purpose: To generate a map of header file names -> list of symbols
+         The symbol names are reserved as the header and source files
+         will be compiled in to the goto program.
+
+\*******************************************************************/
+
+void system_library_symbolst::init_system_library_map()
+{
+  // ctype.h
+  std::list<irep_idt> ctype_syms=
+  {
+    "isalnum", "isalpha", "isblank", "iscntrl", "isdigit", "isgraph",
+    "islower", "isprint", "ispunct", "isspace", "isupper", "isxdigit",
+    "tolower", "toupper"
+  };
+  add_to_system_library("ctype.h", ctype_syms);
+
+  // fcntl.h
+  std::list<irep_idt> fcntl_syms=
+  {
+    "creat", "fcntl", "open"
+  };
+  add_to_system_library("fcntl.h", fcntl_syms);
+
+  // locale.h
+  std::list<irep_idt> locale_syms=
+  {
+    "setlocale"
+  };
+  add_to_system_library("locale.h", locale_syms);
+
+  // math.h
+  std::list<irep_idt> math_syms=
+  {
+    "acos", "acosh", "asin", "asinh", "atan", "atan2", "atanh",
+    "cbrt", "ceil", "copysign", "cos", "cosh", "erf", "erfc", "exp",
+    "exp2", "expm1", "fabs", "fdim", "floor", "fma", "fmax", "fmin",
+    "fmod", "fpclassify", "frexp", "hypot", "ilogb", "isfinite",
+    "isinf", "isnan", "isnormal", "j0", "j1", "jn", "ldexp", "lgamma",
+    "llrint", "llround", "log", "log10", "log1p", "log2", "logb",
+    "lrint", "lround", "modf", "nan", "nearbyint", "nextafter", "pow",
+    "remainder", "remquo", "rint", "round", "scalbln", "scalbn",
+    "signbit", "sin", "sinh", "sqrt", "tan", "tanh", "tgamma",
+    "trunc", "y0", "y1", "yn"
+  };
+  add_to_system_library("math.h", math_syms);
+
+  // pthread.h
+  std::list<irep_idt> pthread_syms=
+  {
+    "pthread_cleanup_pop", "pthread_cleanup_push",
+    "pthread_cond_broadcast", "pthread_cond_destroy",
+    "pthread_cond_init", "pthread_cond_signal",
+    "pthread_cond_timedwait", "pthread_cond_wait", "pthread_create",
+    "pthread_detach", "pthread_equal", "pthread_exit",
+    "pthread_getspecific", "pthread_join", "pthread_key_delete",
+    "pthread_mutex_destroy", "pthread_mutex_init",
+    "pthread_mutex_lock", "pthread_mutex_trylock",
+    "pthread_mutex_unlock", "pthread_once", "pthread_rwlock_destroy",
+    "pthread_rwlock_init", "pthread_rwlock_rdlock",
+    "pthread_rwlock_unlock", "pthread_rwlock_wrlock",
+    "pthread_rwlockattr_destroy", "pthread_rwlockattr_getpshared",
+    "pthread_rwlockattr_init", "pthread_rwlockattr_setpshared",
+    "pthread_self", "pthread_setspecific"
+  };
+  add_to_system_library("pthread.h", pthread_syms);
+
+  // setjmp.h
+  std::list<irep_idt> setjmp_syms=
+  {
+    "_longjmp", "_setjmp", "longjmp", "longjmperror", "setjmp",
+    "siglongjmp", "sigsetjmp"
+  };
+  add_to_system_library("setjmp.h", setjmp_syms);
+
+  // stdio.h
+  std::list<irep_idt> stdio_syms=
+  {
+    "asprintf", "clearerr", "fclose", "fdopen", "feof", "ferror",
+    "fflush", "fgetc", "fgetln", "fgetpos", "fgets", "fgetwc",
+    "fgetws", "fileno", "fopen", "fprintf", "fpurge", "fputc",
+    "fputs", "fputwc", "fputws", "fread", "freopen", "fropen",
+    "fscanf", "fseek", "fsetpos", "ftell", "funopen", "fwide",
+    "fwopen", "fwprintf", "fwrite", "getc", "getchar", "getdelim",
+    "getline", "gets", "getw", "getwc", "getwchar", "mkdtemp",
+    "mkstemp", "mktemp", "perror", "printf", "putc", "putchar",
+    "puts", "putw", "putwc", "putwchar", "remove", "rewind", "scanf",
+    "setbuf", "setbuffer", "setlinebuf", "setvbuf", "snprintf",
+    "sprintf", "sscanf", "strerror", "swprintf", "sys_errlist",
+    "sys_nerr", "tempnam", "tmpfile", "tmpnam", "ungetc", "ungetwc",
+    "vasprintf", "vfprintf", "vfscanf", "vfwprintf", "vprintf",
+    "vscanf", "vsnprintf", "vsprintf", "vsscanf", "vswprintf",
+    "vwprintf", "wprintf",
+    /* non-public struct types */
+    "tag-__sFILE", "tag-__sbuf", // OS X
+    "tag-_IO_FILE", "tag-_IO_marker", // Linux
+  };
+  add_to_system_library("stdio.h", stdio_syms);
+
+  // stdlib.h
+  std::list<irep_idt> stdlib_syms=
+  {
+    "abort", "abs", "atexit", "atof", "atoi", "atol", "atoll",
+    "bsearch", "calloc", "div", "exit", "free", "getenv", "labs",
+    "ldiv", "llabs", "lldiv", "malloc", "mblen", "mbstowcs", "mbtowc",
+    "qsort", "rand", "realloc", "srand", "strtod", "strtof", "strtol",
+    "strtold", "strtoll", "strtoul", "strtoull", "system", "wcstombs",
+    "wctomb"
+  };
+  add_to_system_library("stdlib.h", stdlib_syms);
+
+  // string.h
+  std::list<irep_idt> string_syms=
+  {
+    "strcat", "strncat", "strchr", "strrchr", "strcmp", "strncmp",
+    "strcpy", "strncpy", "strerror", "strlen", "strpbrk", "strspn",
+    "strcspn", "strstr", "strtok"
+  };
+  add_to_system_library("string.h", string_syms);
+
+  // time.h
+  std::list<irep_idt> time_syms=
+  {
+    "asctime", "asctime_r", "ctime", "ctime_r", "difftime", "gmtime",
+    "gmtime_r", "localtime", "localtime_r", "mktime",
+    /* non-public struct types */
+    "tag-timespec", "tag-timeval"
+  };
+  add_to_system_library("time.h", time_syms);
+
+  // unistd.h
+  std::list<irep_idt> unistd_syms=
+  {
+    "_exit", "access", "alarm", "chdir", "chown", "close", "dup",
+    "dup2", "execl", "execle", "execlp", "execv", "execve", "execvp",
+    "fork", "fpathconf", "getcwd", "getegid", "geteuid", "getgid",
+    "getgroups", "getlogin", "getpgrp", "getpid", "getppid", "getuid",
+    "isatty", "link", "lseek", "pathconf", "pause", "pipe", "read",
+    "rmdir", "setgid", "setpgid", "setsid", "setuid", "sleep",
+    "sysconf", "tcgetpgrp", "tcsetpgrp", "ttyname", "ttyname_r",
+    "unlink", "write"
+  };
+  add_to_system_library("unistd.h", unistd_syms);
+
+  // sys/select.h
+  std::list<irep_idt> sys_select_syms=
+  {
+    "select"
+  };
+  add_to_system_library("sys/select.h", sys_select_syms);
+
+  // sys/socket.h
+  std::list<irep_idt> sys_socket_syms=
+  {
+    "accept", "bind", "connect"
+  };
+  add_to_system_library("sys/socket.h", sys_socket_syms);
+
+  // sys/stat.h
+  std::list<irep_idt> sys_stat_syms=
+  {
+    "fstat", "lstat", "stat"
+  };
+  add_to_system_library("sys/stat.h", sys_stat_syms);
+
+#if 0
+  // sys/types.h
+  std::list<irep_idt> sys_types_syms=
+  {
+  };
+  add_to_system_library("sys/types.h", sys_types_syms);
+#endif
+
+  // sys/wait.h
+  std::list<irep_idt> sys_wait_syms=
+  {
+    "wait", "waitpid"
+  };
+  add_to_system_library("sys/wait.h", sys_wait_syms);
+}
+
+/*******************************************************************\
+
+Function: system_library_symbolst::add_to_system_library
+
+Inputs:
+ header_file - the name of the header file the symbol came from
+ symbols - a list of the names of the symbols in the header file
+
+Outputs:
+
+Purpose: To add the symbols from a specific header file to the
+         system library map. The symbol is used as the key so that
+         we can easily look up symbols.
+
+\*******************************************************************/
+
+void system_library_symbolst::add_to_system_library(
+  irep_idt header_file,
+  std::list<irep_idt> symbols)
+{
+  for(const irep_idt &symbol : symbols)
+  {
+    system_library_map[symbol]=header_file;
+  }
+}
+
+
+/*******************************************************************\
+
+Function: system_library_symbolst::is_symbol_internal_symbol
+
+Inputs:
+ symbol - the symbol to check
+
+Outputs: True if the symbol is an internal symbol. If specific system
+         headers need to be included, the out_system_headers will contain
+         the headers.
+
+Purpose: To find out if a symbol is an internal symbol.
+
+\*******************************************************************/
+
+bool system_library_symbolst::is_symbol_internal_symbol(
+  const symbolt &symbol,
+  std::set<irep_idt> &out_system_headers) const
+{
+  const std::string &name_str=id2string(symbol.name);
+
+  if(has_prefix(name_str, CPROVER_PREFIX) ||
+     name_str=="__func__" ||
+     name_str=="__FUNCTION__" ||
+     name_str=="__PRETTY_FUNCTION__" ||
+     name_str=="argc'" ||
+     name_str=="argv'" ||
+     name_str=="envp'" ||
+     name_str=="envp_size'")
+    return true;
+
+  const std::string &file_str=id2string(symbol.location.get_file());
+
+  // don't dump internal GCC builtins
+  if((file_str=="gcc_builtin_headers_alpha.h" ||
+      file_str=="gcc_builtin_headers_arm.h" ||
+      file_str=="gcc_builtin_headers_ia32.h" ||
+      file_str=="gcc_builtin_headers_mips.h" ||
+      file_str=="gcc_builtin_headers_power.h" ||
+      file_str=="gcc_builtin_headers_generic.h") &&
+     has_prefix(name_str, "__builtin_"))
+    return true;
+
+  if(name_str=="__builtin_va_start" ||
+     name_str=="__builtin_va_end" ||
+     symbol.name==ID_gcc_builtin_va_arg)
+  {
+    out_system_headers.insert("stdarg.h");
+    return true;
+  }
+
+  if(name_str.find("$link")!=std::string::npos)
+    return false;
+
+  const auto &it=system_library_map.find(symbol.name);
+
+  if(it!=system_library_map.end())
+  {
+    out_system_headers.insert(it->second);
+    return true;
+  }
+
+  return false;
+}
diff --git a/src/goto-programs/system_library_symbols.h b/src/goto-programs/system_library_symbols.h
new file mode 100644
index 00000000000..a253b903bd8
--- /dev/null
+++ b/src/goto-programs/system_library_symbols.h
@@ -0,0 +1,37 @@
+/*******************************************************************\
+
+Module: Goto Programs
+
+Author: Thomas Kiley
+
+\*******************************************************************/
+
+#ifndef CPROVER_GOTO_PROGRAMS_SYSTEM_LIBRARY_SYMBOLS_H
+#define CPROVER_GOTO_PROGRAMS_SYSTEM_LIBRARY_SYMBOLS_H
+
+#include <list>
+#include <set>
+#include <util/irep.h>
+
+class symbolt;
+
+class system_library_symbolst
+{
+public:
+  system_library_symbolst();
+
+  bool is_symbol_internal_symbol(
+    const symbolt &symbol,
+    std::set<irep_idt> &out_system_headers) const;
+
+private:
+  void init_system_library_map();
+
+  void add_to_system_library(
+    irep_idt header_file,
+    std::list<irep_idt> symbols);
+
+  std::map<irep_idt, irep_idt> system_library_map;
+};
+
+#endif // CPROVER_GOTO_PROGRAMS_SYSTEM_LIBRARY_SYMBOLS_H

From fc756f336c04a788487c2f7e59bd1c8568c4c5f5 Mon Sep 17 00:00:00 2001
From: thk123 <thomas@diffblue.com>
Date: Mon, 16 Jan 2017 17:07:04 +0000
Subject: [PATCH 047/699] Adding more symbols that should be excluded

The existing symbols were missing a few symbols from the files they were
supposed to be symbols for. Further, for some reason the math functions
were sometimes used with a double underscore prefix. Some included files
were missed (fenv.h, errno.c, noop.c). There were some other prefixes
that clearly have internal meaning (__VERIFIER, nondet_). Also asserts
weren't being included.

These problems were discovered by running the make and seeing which
tests failed and what functions were being stubbed. It is therefore not
necessarily exhaustive. Perhaps there is a better approach to this
problem.
---
 src/goto-programs/system_library_symbols.cpp | 71 +++++++++++++++++---
 1 file changed, 63 insertions(+), 8 deletions(-)

diff --git a/src/goto-programs/system_library_symbols.cpp b/src/goto-programs/system_library_symbols.cpp
index 44bb1b1b2cd..76023d0c455 100644
--- a/src/goto-programs/system_library_symbols.cpp
+++ b/src/goto-programs/system_library_symbols.cpp
@@ -10,6 +10,7 @@ Author: Thomas Kiley
 #include <util/cprover_prefix.h>
 #include <util/prefix.h>
 #include <util/symbol.h>
+#include <sstream>
 
 system_library_symbolst::system_library_symbolst()
 {
@@ -61,16 +62,28 @@ void system_library_symbolst::init_system_library_map()
     "acos", "acosh", "asin", "asinh", "atan", "atan2", "atanh",
     "cbrt", "ceil", "copysign", "cos", "cosh", "erf", "erfc", "exp",
     "exp2", "expm1", "fabs", "fdim", "floor", "fma", "fmax", "fmin",
-    "fmod", "fpclassify", "frexp", "hypot", "ilogb", "isfinite",
-    "isinf", "isnan", "isnormal", "j0", "j1", "jn", "ldexp", "lgamma",
-    "llrint", "llround", "log", "log10", "log1p", "log2", "logb",
-    "lrint", "lround", "modf", "nan", "nearbyint", "nextafter", "pow",
-    "remainder", "remquo", "rint", "round", "scalbln", "scalbn",
-    "signbit", "sin", "sinh", "sqrt", "tan", "tanh", "tgamma",
-    "trunc", "y0", "y1", "yn"
+    "fmod", "fpclassify", "fpclassifyl", "fpclassifyf", "frexp",
+    "hypot", "ilogb", "isfinite", "isinf", "isnan", "isnormal",
+    "j0", "j1", "jn", "ldexp", "lgamma", "llrint", "llround", "log",
+    "log10", "log1p", "log2", "logb", "lrint", "lround", "modf", "nan",
+    "nearbyint", "nextafter", "pow", "remainder", "remquo", "rint",
+    "round", "scalbln", "scalbn", "signbit", "sin", "sinh", "sqrt",
+    "tan", "tanh", "tgamma", "trunc", "y0", "y1", "yn", "isinff",
+    "isinfl", "isnanf", "isnanl"
   };
   add_to_system_library("math.h", math_syms);
 
+  // for some reason the math functions can sometimes be prefixed with
+  // a double underscore
+  std::list<irep_idt> underscore_math_syms;
+  for(const irep_idt &math_sym : math_syms)
+  {
+    std::ostringstream underscore_id;
+    underscore_id << "__" << math_sym;
+    underscore_math_syms.push_back(irep_idt(underscore_id.str()));
+  }
+  add_to_system_library("math.h", underscore_math_syms);
+
   // pthread.h
   std::list<irep_idt> pthread_syms=
   {
@@ -140,7 +153,8 @@ void system_library_symbolst::init_system_library_map()
   {
     "strcat", "strncat", "strchr", "strrchr", "strcmp", "strncmp",
     "strcpy", "strncpy", "strerror", "strlen", "strpbrk", "strspn",
-    "strcspn", "strstr", "strtok"
+    "strcspn", "strstr", "strtok", "strcasecmp", "strncasecmp", "strdup",
+    "memset"
   };
   add_to_system_library("string.h", string_syms);
 
@@ -189,6 +203,27 @@ void system_library_symbolst::init_system_library_map()
   };
   add_to_system_library("sys/stat.h", sys_stat_syms);
 
+  std::list<irep_idt> fenv_syms=
+  {
+    "fenv_t", "fexcept_t", "feclearexcept", "fegetexceptflag",
+    "feraiseexcept", "fesetexceptflag", "fetestexcept",
+    "fegetround", "fesetround", "fegetenv", "feholdexcept",
+    "fesetenv", "feupdateenv"
+  };
+  add_to_system_library("fenv.h", fenv_syms);
+
+  std::list<irep_idt> errno_syms=
+  {
+    "__error", "__errno_location", "__errno"
+  };
+  add_to_system_library("errno.c", errno_syms);
+
+  std::list<irep_idt> noop_syms=
+  {
+    "__noop"
+  };
+  add_to_system_library("noop.c", noop_syms);
+
 #if 0
   // sys/types.h
   std::list<irep_idt> sys_types_syms=
@@ -263,6 +298,17 @@ bool system_library_symbolst::is_symbol_internal_symbol(
      name_str=="envp_size'")
     return true;
 
+  // exclude nondet instructions
+  if(has_prefix(name_str, "nondet_"))
+  {
+    return true;
+  }
+
+  if(has_prefix(name_str, "__VERIFIER"))
+  {
+    return true;
+  }
+
   const std::string &file_str=id2string(symbol.location.get_file());
 
   // don't dump internal GCC builtins
@@ -283,6 +329,15 @@ bool system_library_symbolst::is_symbol_internal_symbol(
     return true;
   }
 
+  // don't dump asserts
+  else if(name_str=="__assert_fail" ||
+          name_str=="_assert" ||
+          name_str=="__assert_c99" ||
+          name_str=="_wassert")
+  {
+    return true;
+  }
+
   if(name_str.find("$link")!=std::string::npos)
     return false;
 

From 2f5b86689fb7aabd189ce038633c51a5f410dcd8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Vojt=C4=9Bch=20Forejt?= <forejtv@gmail.com>
Date: Fri, 20 Jan 2017 21:51:10 +0000
Subject: [PATCH 048/699] Autocomplete script for bash

See documentation in scripts/bash-autocomplete/Readme.md
---
 scripts/bash-autocomplete/.gitignore          |  1 +
 scripts/bash-autocomplete/Readme.md           | 31 ++++++++++++
 scripts/bash-autocomplete/cbmc.sh.template    | 43 +++++++++++++++++
 scripts/bash-autocomplete/extract_switches.sh | 48 +++++++++++++++++++
 .../switch_extractor_helper.c                 |  3 ++
 5 files changed, 126 insertions(+)
 create mode 100644 scripts/bash-autocomplete/.gitignore
 create mode 100644 scripts/bash-autocomplete/Readme.md
 create mode 100644 scripts/bash-autocomplete/cbmc.sh.template
 create mode 100755 scripts/bash-autocomplete/extract_switches.sh
 create mode 100644 scripts/bash-autocomplete/switch_extractor_helper.c

diff --git a/scripts/bash-autocomplete/.gitignore b/scripts/bash-autocomplete/.gitignore
new file mode 100644
index 00000000000..1e0acedc4f2
--- /dev/null
+++ b/scripts/bash-autocomplete/.gitignore
@@ -0,0 +1 @@
+cbmc.sh
diff --git a/scripts/bash-autocomplete/Readme.md b/scripts/bash-autocomplete/Readme.md
new file mode 100644
index 00000000000..00101d99159
--- /dev/null
+++ b/scripts/bash-autocomplete/Readme.md
@@ -0,0 +1,31 @@
+# CBMC Autocomplete Scripts for Bash
+This directory contains an autocomplete script for bash.
+## Installation
+1. Compile cbmc and
+
+2. `cd scripts/bash-autocomplete`
+
+3.  `./extract-switches.sh`
+
+4. Put the following at the end of you in your `~/.bashrc`, with the directories adapted to your directory structure:
+    ```bash
+    cbmcautocomplete=~/diffblue/cbmc/scripts/bash-autocomplete/cbmc.sh
+    if [ -f $cbmcautocomplete ]; then
+      . $cbmcautocomplete
+    fi
+    ```
+## Usage
+As with the usual autocomplete in bash, start typing a switch to complete it, for example:
+```
+cbmc --clas<TAB>
+```
+will complete to
+```
+cbmc --classpath
+```
+
+## Features implemented
+
+* Completing all switches
+* Completing values for `--cover`, `--mm` and `--arch`
+* When completing a name of a file to analyze, only files with supported extensions are shown.
diff --git a/scripts/bash-autocomplete/cbmc.sh.template b/scripts/bash-autocomplete/cbmc.sh.template
new file mode 100644
index 00000000000..cbd64762b2d
--- /dev/null
+++ b/scripts/bash-autocomplete/cbmc.sh.template
@@ -0,0 +1,43 @@
+#!/bin/bash
+_cbmc_autocomplete()
+{
+  #list of all switches cbmc has. IMPORTANT: in the template file, this variable must be defined on line 5.
+  local switches=""
+  #word on which the cursor is
+  local cur=${COMP_WORDS[COMP_CWORD]}
+  #previous word (in case it is a switch with a parameter)
+  local prev=${COMP_WORDS[COMP_CWORD-1]}
+ 
+  #check if the command before cursor is a switch that takes parameters, if yes,
+  #offer a choice of parameters
+  case "$prev" in
+   --cover) #for coverage we list the options explicitly
+     COMPREPLY=( $( compgen -W "assertion path branch location decision condition mcdc cover" -- $cur ) )
+     return 0
+     ;;
+   --mm) #for memory models we list the options explicitly
+     COMPREPLY=( $( compgen -W "sc tso pso" -- $cur ) )
+     return 0
+     ;;
+   --arch) #for architecture we list the options explicitly
+     COMPREPLY=( $( compgen -W "i386 x86_64" -- $cur ) )
+     return 0
+     ;;
+   -I|--classpath|-cp|--outfile|--existing-coverage|--graphml-cex)
+     #a switch that takes a file parameter of which we don't know an extension
+     #TODO probably we can do more for -I, --classpath, -cp
+     _filedir
+     return 0
+     ;;
+  esac
+ 
+  #complete a switch from a standard list, if the parameter under cursor starts with a hyphen
+  if [[ "$cur" == -* ]]; then
+     COMPREPLY=( $( compgen -W "$switches" -- $cur ) )
+     return 0
+  fi
+
+  #if none of the above applies, offer directories and files that we can analyze
+  _filedir "@(class|jar|cpp|cc|c\+\+|ii|cxx|c|i|gb)"
+}
+complete -F _cbmc_autocomplete cbmc
diff --git a/scripts/bash-autocomplete/extract_switches.sh b/scripts/bash-autocomplete/extract_switches.sh
new file mode 100755
index 00000000000..e000b469bea
--- /dev/null
+++ b/scripts/bash-autocomplete/extract_switches.sh
@@ -0,0 +1,48 @@
+#!/bin/bash
+echo "Compiling the helper file to extract the raw list of parameters from cbmc"
+g++ -c -MMD -MP -std=c++11 -Wall -I ../../src/ -ftrack-macro-expansion=0 -fno-diagnostics-show-caret switch_extractor_helper.c  -o tmp.o 2> pragma.txt
+
+retval=$?
+
+#clean up compiled files, we don't need them.
+rm tmp.o 2> /dev/null
+rm tmp.d 2> /dev/null
+
+#check if compilation went fine
+if [ $retval -ne 0 ]; then
+  echo "Problem compiling the helper file, parameter list not extracted."
+  exit 1;
+fi
+
+echo "Converting the raw parameter list to the format required by autocomplete scripts"
+rawstring=`sed "s/^.*pragma message: \(.*\)/\1/" pragma.txt`
+#delete pragma file, we won't need it
+rm pragma.txt 2> /dev/null
+
+#now the main bit, convert from raw format to a proper list of switches
+cleanstring=`(
+  #extract 2-hyphen switches, such as --foo
+  #grep for '(foo)' expressions, and then use sed to remove parantheses and put '--' at the start
+  (echo $rawstring | grep -o "([^)]*)" | sed "s/^.\(.*\).$/--\1/") ;
+  #extract 1-hyphen switches, such as -F
+  #use sed to remove all (foo) expressions, then you're left with switches and ':', so grep the colons out and then use sed to include the '-'
+  (echo $rawstring | sed "s/([^)]*)//g" | grep -o "[a-zA-Z0-9]" | sed "s/\(.*\)/-\1/")
+ ) | tr '\n' ' '`
+
+#sanity check that there is only one line of output
+if [ `echo $cleanstring | wc -l | awk '{print $1}'` -ne 1 ]; then
+ echo "Problem converting the parameter list to the correct format, I was expecting one line but either got 0 or >2. This is likely to be an error in this conversion script."
+ exit 1;
+fi
+
+#sanity check that there are no dangerous characters
+echo $cleanstring | grep -q "[^a-zA-Z0-9 -]"
+if [ $? -eq 0 ]; then
+ echo "Problem converting the parameter list to the correct format, illegal characters detected. This is likely to be an error in this conversion script."
+ exit 1;
+fi
+
+echo "Injecting the parameter list to the autocomplete file."
+sed "5 s/.*/  local switches=\"$cleanstring\"/" cbmc.sh.template > cbmc.sh
+
+rm pragma.txt 2> /dev/null
diff --git a/scripts/bash-autocomplete/switch_extractor_helper.c b/scripts/bash-autocomplete/switch_extractor_helper.c
new file mode 100644
index 00000000000..4d9cc2e56fe
--- /dev/null
+++ b/scripts/bash-autocomplete/switch_extractor_helper.c
@@ -0,0 +1,3 @@
+#include "cbmc/cbmc_parse_options.h"
+
+#pragma message CBMC_OPTIONS

From d485c88a2cc9bc72dcafcee97da98cadb73f4961 Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Wed, 25 Jan 2017 15:11:44 +0000
Subject: [PATCH 049/699] Factor class identifier extraction out of remove
 virtuals

This will be useful for other passes that inspect an object's
dynamic clsid, such as the forthcoming lower-instanceof pass.
---
 src/goto-programs/Makefile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/goto-programs/Makefile b/src/goto-programs/Makefile
index 485bc211e24..8b69282c381 100644
--- a/src/goto-programs/Makefile
+++ b/src/goto-programs/Makefile
@@ -22,6 +22,7 @@ SRC = goto_convert.cpp goto_convert_function_call.cpp \
       show_goto_functions_xml.cpp \
       remove_static_init_loops.cpp \
       remove_instanceof.cpp \
+      class_identifier.cpp \
       system_library_symbols.cpp \
 
 

From 99eb1a0b3df91439d8fb635ceadacfe68b1e9c76 Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Tue, 24 Jan 2017 13:32:11 +0000
Subject: [PATCH 050/699] Discover lexical scopes for anonymous variables

This enables tight variable scoping even when Java debug information
is not available, which helps with analyses that benefit from DEAD
instructions keeping their domains as small as possible.
---
 .../java_bytecode_convert_method.cpp          | 37 +++++++++++++++++++
 .../java_bytecode_convert_method_class.h      |  4 ++
 2 files changed, 41 insertions(+)

diff --git a/src/java_bytecode/java_bytecode_convert_method.cpp b/src/java_bytecode/java_bytecode_convert_method.cpp
index f101d19c824..dda893544bc 100644
--- a/src/java_bytecode/java_bytecode_convert_method.cpp
+++ b/src/java_bytecode/java_bytecode_convert_method.cpp
@@ -804,6 +804,43 @@ static void gather_symbol_live_ranges(
 
 /*******************************************************************\
 
+Function: java_bytecode_convert_methodt::check_static_field_stub
+
+  Inputs: `se`: Symbol expression referring to a static field
+          `basename`: The static field's basename
+
+ Outputs: Creates a symbol table entry for the static field if one
+          doesn't exist already.
+
+ Purpose: See above
+
+\*******************************************************************/
+
+void java_bytecode_convert_methodt::check_static_field_stub(
+  const symbol_exprt &symbol_expr,
+  const irep_idt &basename)
+{
+  const auto &id=symbol_expr.get_identifier();
+  if(symbol_table.symbols.find(id)==symbol_table.symbols.end())
+  {
+    // Create a stub, to be overwritten if/when the real class is loaded.
+    symbolt new_symbol;
+    new_symbol.is_static_lifetime=true;
+    new_symbol.is_lvalue=true;
+    new_symbol.is_state_var=true;
+    new_symbol.name=id;
+    new_symbol.base_name=basename;
+    new_symbol.type=symbol_expr.type();
+    new_symbol.pretty_name=new_symbol.name;
+    new_symbol.mode=ID_java;
+    new_symbol.is_type=false;
+    new_symbol.value.make_nil();
+    symbol_table.add(new_symbol);
+  }
+}
+
+/*******************************************************************\
+
 Function: java_bytecode_convert_methodt::convert_instructions
 
   Inputs:
diff --git a/src/java_bytecode/java_bytecode_convert_method_class.h b/src/java_bytecode/java_bytecode_convert_method_class.h
index ae4ba711640..6844e337f22 100644
--- a/src/java_bytecode/java_bytecode_convert_method_class.h
+++ b/src/java_bytecode/java_bytecode_convert_method_class.h
@@ -219,6 +219,10 @@ class java_bytecode_convert_methodt:public messaget
     const code_typet &);
 
   const bytecode_infot &get_bytecode_info(const irep_idt &statement);
+
+  void check_static_field_stub(
+    const symbol_exprt &se,
+    const irep_idt &basename);
 };
 
 #endif

From 7ac505d22314729638c7ef40c121cb7872e2150b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Matthias=20G=C3=BCdemann?= <matthias.gudemann@gmail.com>
Date: Sat, 21 Jan 2017 00:42:53 +0100
Subject: [PATCH 051/699] loop unwinding in static init of Java enum

Static initialization of Java enums sometimes contains extra code that loops
over the array of enum elements. This often prevents initialization of the
enumeration and leads to zero coverage. This patch counts the number of enum
elements, and explicitely unwinds all loops in <clinit> to this number + 1. This
acts as a heuristic to make static inits of enums finish.
---
 src/util/irep_ids.txt | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/util/irep_ids.txt b/src/util/irep_ids.txt
index 9bcb7807671..5ada8981c19 100644
--- a/src/util/irep_ids.txt
+++ b/src/util/irep_ids.txt
@@ -737,6 +737,7 @@ bswap
 java_bytecode_index
 java_instanceof
 java_super_method_call
+skip_initialize
 java_enum_static_unwind
 string_constraint
 string_not_contains_constraint

From 0cf34af4dcb60170b2c753d3aae5ac33e120dfe1 Mon Sep 17 00:00:00 2001
From: Cristina <cristina.david@gmail.com>
Date: Thu, 9 Feb 2017 15:36:36 +0000
Subject: [PATCH 052/699] Support for Java assume

---
 src/Makefile                                  | 10 +++++++++-
 .../java_bytecode_convert_method.cpp          | 20 ++++++++++++++++++-
 .../library/src/org/cprover/CProver.java      | 11 ++++++++++
 3 files changed, 39 insertions(+), 2 deletions(-)
 create mode 100644 src/java_bytecode/library/src/org/cprover/CProver.java

diff --git a/src/Makefile b/src/Makefile
index 269ddeda140..e4c62f33eed 100644
--- a/src/Makefile
+++ b/src/Makefile
@@ -108,4 +108,12 @@ libzip-build:
 	@echo "Building libzip"
 	@(cd ../libzip; BASE=`pwd`; ./configure --with-zlib=$(BASE)/zlib ; make)
 
-.PHONY: minisat2-download glucose-download zlib-download libzip-download libzip-build
+cprover-jar-build:
+	@echo "Building org.cprover.jar"
+	@(cd java_bytecode/library/; \
+	mkdir -p target; \
+	javac -d target/ `find src/ -name "*.java"`; \
+	cd target; jar cf org.cprover.jar `find . -name "*.class"`; \
+	mv org.cprover.jar ../../../)
+
+.PHONY: minisat2-download glucose-download zlib-download libzip-download libzip-build cprover-jar-build
diff --git a/src/java_bytecode/java_bytecode_convert_method.cpp b/src/java_bytecode/java_bytecode_convert_method.cpp
index dda893544bc..447b5dacb80 100644
--- a/src/java_bytecode/java_bytecode_convert_method.cpp
+++ b/src/java_bytecode/java_bytecode_convert_method.cpp
@@ -5,7 +5,6 @@ Module: JAVA Bytecode Language Conversion
 Author: Daniel Kroening, kroening@kroening.com
 
 \*******************************************************************/
-
 #ifdef DEBUG
 #include <iostream>
 #endif
@@ -1093,6 +1092,25 @@ codet java_bytecode_convert_methodt::convert_instructions(
             get_message_handler());
       }
     }
+    // replace calls to CProver.assume
+    else if(statement=="invokestatic" &&
+            id2string(arg0.get(ID_identifier))==
+            "java::org.cprover.CProver.assume:(Z)V")
+    {
+      const code_typet &code_type=to_code_type(arg0.type());
+      // sanity check: function has the right number of args
+      assert(code_type.parameters().size()==1);
+
+      exprt operand = pop(1)[0];
+      // we may need to adjust the type of the argument
+      if(operand.type()!=bool_typet())
+        operand.make_typecast(bool_typet());
+
+      c=code_assumet(operand);
+      source_locationt loc=i_it->source_location;
+      loc.set_function(method_id);
+      c.add_source_location()=loc;
+    }
     else if(statement=="invokeinterface" ||
             statement=="invokespecial" ||
             statement=="invokevirtual" ||
diff --git a/src/java_bytecode/library/src/org/cprover/CProver.java b/src/java_bytecode/library/src/org/cprover/CProver.java
new file mode 100644
index 00000000000..72c3eeb1d70
--- /dev/null
+++ b/src/java_bytecode/library/src/org/cprover/CProver.java
@@ -0,0 +1,11 @@
+package org.cprover;
+
+public final class CProver
+{
+  public static boolean enableAssume=true;
+  public static void assume(boolean condition) 
+  {
+    if(enableAssume)
+      throw new RuntimeException("Cannot execute program with CProver.assume()");
+  }  
+}

From 1436e39606ad256052d19eb874a26db101663552 Mon Sep 17 00:00:00 2001
From: Cristina <cristina.david@gmail.com>
Date: Thu, 9 Feb 2017 19:16:01 +0000
Subject: [PATCH 053/699] Regression tests for Java assume

---
 regression/cbmc-java/assume1/Assume1.class | Bin 0 -> 660 bytes
 regression/cbmc-java/assume1/Assume1.java  |  10 ++++++++++
 regression/cbmc-java/assume1/test.desc     |   8 ++++++++
 regression/cbmc-java/assume2/Assume2.class | Bin 0 -> 661 bytes
 regression/cbmc-java/assume2/Assume2.java  |  10 ++++++++++
 regression/cbmc-java/assume2/test.desc     |   8 ++++++++
 regression/cbmc-java/assume3/Assume3.class | Bin 0 -> 684 bytes
 regression/cbmc-java/assume3/Assume3.java  |  10 ++++++++++
 regression/cbmc-java/assume3/test.desc     |   8 ++++++++
 9 files changed, 54 insertions(+)
 create mode 100644 regression/cbmc-java/assume1/Assume1.class
 create mode 100644 regression/cbmc-java/assume1/Assume1.java
 create mode 100644 regression/cbmc-java/assume1/test.desc
 create mode 100644 regression/cbmc-java/assume2/Assume2.class
 create mode 100644 regression/cbmc-java/assume2/Assume2.java
 create mode 100644 regression/cbmc-java/assume2/test.desc
 create mode 100644 regression/cbmc-java/assume3/Assume3.class
 create mode 100644 regression/cbmc-java/assume3/Assume3.java
 create mode 100644 regression/cbmc-java/assume3/test.desc

diff --git a/regression/cbmc-java/assume1/Assume1.class b/regression/cbmc-java/assume1/Assume1.class
new file mode 100644
index 0000000000000000000000000000000000000000..b9a49bc9971d81889935e4cefba60fffd292840c
GIT binary patch
literal 660
zcmZWmO>fgc5PcIn-o!OcnwAp6M*}U8a==3BjS3Y7kSc`_sZ}L%K-xIlvc=6-Yp3G3
zRN{uj8IULf3GVzT#H_KJ1Bda<&b)c^X8ill_n!bZupXj@PKYbGT1S9u0@p+M=m@NY
z=;DUJO~T@u%ra$jZ6?`coyk$E#snG?f=xZq`9p%&Ti+x2eKS^s#z0Th^Xbt@*<A-F
zv<4=T>7KOOz00JZztI_?K6sR6(<62N0n_Xo!!*5Z$42kiwh0$@a+$n+CXdU$+GdiL
zW5XRYwTXJF-H@o{xpyc}WP~|H0;>_$a4SL`A))OGaVjSVF+=|?^u$_Y38L&3xE<jR
zdW7Z-{9<&dlAP~g>_MCyTXUjp+<#ekzJV;{JJ~}gyD@9*r(7c}k5#6v8lMm4h4LvE
z_-aGGa=`xppk~|2<j7-V_2AVxirEwU>fJNYCk`r@=WkFXJv2CWPzIoh1@<+xu*ezL
z{F>3O*6jozApDQ;y>F;|hIfia=RM|rz<+gy>MzIZ6}<Dsc){H@tgxUNe-}%*$hc*;
q0A78ImKbyCT<AtI30P<aUm;G*abMv5FWOO5QHi$PYHfa0aQQFcVs;e(

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/assume1/Assume1.java b/regression/cbmc-java/assume1/Assume1.java
new file mode 100644
index 00000000000..4de0afd025b
--- /dev/null
+++ b/regression/cbmc-java/assume1/Assume1.java
@@ -0,0 +1,10 @@
+import org.cprover.CProver;
+
+class Assume1
+{
+  static void foo(int x)
+  {
+    CProver.assume(x>3);
+    assert x>0;
+  }
+}
diff --git a/regression/cbmc-java/assume1/test.desc b/regression/cbmc-java/assume1/test.desc
new file mode 100644
index 00000000000..1f80a1c1e86
--- /dev/null
+++ b/regression/cbmc-java/assume1/test.desc
@@ -0,0 +1,8 @@
+CORE
+Assume1.class
+--function Assume1.foo
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION SUCCESSFUL$
+--
+^warning: ignoring
diff --git a/regression/cbmc-java/assume2/Assume2.class b/regression/cbmc-java/assume2/Assume2.class
new file mode 100644
index 0000000000000000000000000000000000000000..36e09875d7d72406f27d2512b116cd7a586871d6
GIT binary patch
literal 661
zcmZWmO>fgc5PcIn-q<xwn$i-&XP`jJ0ZXViDpV9esuVt?R+Y#FZJecSakJIhsrW6u
zg2Wk+C;|!Y{3yh%v05Y!>zUno^WK~BuixK(09eCnga*11F5qH_0G9+VNAS@VxDw$i
zdIHx7iz_nEl`XWH<_~o)$C;WCXhaCs^;8%430{A7hu{y)L=l=pJylO<`(tId9hlG_
znp9>x(rS0F9{u9A&I#f0L7va{)!lnc^U4^e>2EqVddp{%aAvEJ>6<6=pz3R^r&%Q%
zZJC)()nn~M;)>_ao;;K><`4^9kFkOqF+xOyjw>XYobDzJ{X5VjYmFs{s#oA<j9cgv
zTBqP=<2{uYya!`<lk~uvLuHe}^D^=dWNF{o9y#01)5bx@HNx^l<=U#ri6{?L%(%c?
z8}XI{{s#cHI?g6%9v^lO9-Xs<BXO+XJ_dc{q=tF^2IZrNCg%>y0JN~cv4J)g`NcKA
zWVEaGy1{!0{{wvQD{7zM9ii0~?=bfr{)=POe>!5XB%Uwz1-CcYTlkMa4`;E&xMe;8
pyl{h-7<2B#=~^iTEVP3!5J#2XXL$d+b`*8g;te-jhc7jp{{vk5b}Ik?

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/assume2/Assume2.java b/regression/cbmc-java/assume2/Assume2.java
new file mode 100644
index 00000000000..6991167bfb8
--- /dev/null
+++ b/regression/cbmc-java/assume2/Assume2.java
@@ -0,0 +1,10 @@
+import org.cprover.CProver;
+
+class Assume2
+{
+  static void foo(int x)
+  {
+    CProver.assume(x>3);    
+    assert x>4;
+  }
+}
diff --git a/regression/cbmc-java/assume2/test.desc b/regression/cbmc-java/assume2/test.desc
new file mode 100644
index 00000000000..35a954116f8
--- /dev/null
+++ b/regression/cbmc-java/assume2/test.desc
@@ -0,0 +1,8 @@
+CORE
+Assume2.class
+--function Assume2.foo
+^EXIT=10$
+^SIGNAL=0$
+^VERIFICATION FAILED$
+--
+^warning: ignoring
diff --git a/regression/cbmc-java/assume3/Assume3.class b/regression/cbmc-java/assume3/Assume3.class
new file mode 100644
index 0000000000000000000000000000000000000000..916ad4065fb77e04ba492a6f7499799ea22c85f7
GIT binary patch
literal 684
zcmZuvO>fgc5PcIn-q<xw8bb-?8w#Wx@PXc1Ay9x*C`dt-8crK$6}C8bwRZYr`Uf}z
z5=9`vogammHCBTJ2YY6B-kW)EcYpr+`W?VFwgR-U5#Tbe`0#L5;939|8v@q@+`vtN
zTZCv+7KJjU&a>jFF61OtQv!_%-mcDc`H0~3xAqC{AfGBid#E$Dx0p|qd2PXj?l4be
zx-X5k>w42I-|B+k51$mpVy+(UaD%zj8DYKuW_T!%Wt_@v7LQ7!v)N8HK$;m-qW_c$
z=SHPW-o21Vb^q3GlGgHqQNA#VdakXQu%7q8jtH@WP~dimP236LBOvsavl;rw_%ma2
zLl8Ar;BJU}=o30i@XN`eN=lZOn^~M3nfzFpc<`!<d{(lu$tL?_>!rOU4pOeM?WroX
zQPZ=bY^YptflqhLx8d<!0o3VPnVdQNv3js|&SH+lv3dU#^nsHGR{8H$n-1EXTPOq2
z!5T*&T|~TN$$N~pwaEE`#z#0OSosF`;1tatwv|)0TCFAuejhES`hT^Ia2^*Jw_ahX
o%Ych#!nUi<z*^V)3~>VCzK834g7dFP%Wt9)KDJhRylCLkZyo7^Z2$lO

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/assume3/Assume3.java b/regression/cbmc-java/assume3/Assume3.java
new file mode 100644
index 00000000000..895deee9ca0
--- /dev/null
+++ b/regression/cbmc-java/assume3/Assume3.java
@@ -0,0 +1,10 @@
+import org.cprover.CProver;
+
+class Assume3
+{
+  public static void main(String[] args)
+  {
+    CProver.assume(false);
+    assert false;
+  }
+}
diff --git a/regression/cbmc-java/assume3/test.desc b/regression/cbmc-java/assume3/test.desc
new file mode 100644
index 00000000000..0ad8c00399f
--- /dev/null
+++ b/regression/cbmc-java/assume3/test.desc
@@ -0,0 +1,8 @@
+CORE
+Assume3.class
+
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION SUCCESSFUL$
+--
+^warning: ignoring

From 5c309076a390ff8993ece33466f8b65005c14c4d Mon Sep 17 00:00:00 2001
From: Cristina <cristina.david@gmail.com>
Date: Tue, 20 Sep 2016 14:47:20 +0100
Subject: [PATCH 054/699] Remove assume as coverage target

---
 src/goto-instrument/cover.cpp | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/goto-instrument/cover.cpp b/src/goto-instrument/cover.cpp
index fa92bc27cc7..991f91b75b7 100644
--- a/src/goto-instrument/cover.cpp
+++ b/src/goto-instrument/cover.cpp
@@ -35,7 +35,12 @@ class basic_blockst
         source_location_map[block_count]=it->source_location;
 
       next_is_target=
+#if 0
+        // Disabled for being too messy
         it->is_goto() || it->is_function_call() || it->is_assume();
+#else
+        it->is_goto() || it->is_function_call();
+#endif
     }
   }
 

From e55f20b6f30656881f80090f098937206704d262 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Matthias=20G=C3=BCdemann?= <matthias.guedemann@diffblue.com>
Date: Wed, 1 Feb 2017 16:05:54 +0100
Subject: [PATCH 055/699] output covered lines as CSV in show_properties

---
 src/goto-instrument/cover.cpp         | 56 ++++++++++++++++++++++-----
 src/goto-programs/show_properties.cpp |  3 ++
 src/util/irep_ids.txt                 |  3 +-
 src/util/source_location.h            | 10 +++++
 4 files changed, 62 insertions(+), 10 deletions(-)

diff --git a/src/goto-instrument/cover.cpp b/src/goto-instrument/cover.cpp
index 991f91b75b7..489ee44eb5e 100644
--- a/src/goto-instrument/cover.cpp
+++ b/src/goto-instrument/cover.cpp
@@ -10,8 +10,10 @@ Date: May 2016
 
 #include <algorithm>
 #include <iterator>
+#include <unordered_set>
 
 #include <util/prefix.h>
+#include <util/string2int.h>
 
 #include "cover.h"
 
@@ -28,6 +30,11 @@ class basic_blockst
       if(next_is_target || it->is_target())
         block_count++;
 
+      const irep_idt &line=it->source_location.get_line();
+      if(!line.empty())
+        block_line_cover_map[block_count]
+          .insert(unsafe_string2unsigned(id2string(line)));
+
       block_map[it]=block_count;
 
       if(!it->source_location.is_nil() &&
@@ -42,6 +49,24 @@ class basic_blockst
         it->is_goto() || it->is_function_call();
 #endif
     }
+
+    // create list of covered lines as CSV string and set as property of source
+    // location of basic block
+    for(const auto &cover_set : block_line_cover_map)
+    {
+      std::string covered_lines;
+      bool first=true;
+      for(const auto &line_number : cover_set.second)
+      {
+        if(first)
+          first=false;
+        else
+          covered_lines+=",";
+        covered_lines+=std::to_string(line_number);
+      }
+      source_location_map[cover_set.first]
+        .set_basic_block_covered_lines(covered_lines);
+    }
   }
 
   // map program locations to block numbers
@@ -52,6 +77,11 @@ class basic_blockst
   typedef std::map<unsigned, source_locationt> source_location_mapt;
   source_location_mapt source_location_map;
 
+  // map block numbers to set of line numbers
+  typedef std::map<unsigned, std::unordered_set<unsigned> >
+    block_line_cover_mapt;
+  block_line_cover_mapt block_line_cover_map;
+
   inline unsigned operator[](goto_programt::const_targett t)
   {
     return block_map[t];
@@ -419,7 +449,7 @@ std::set<exprt> collect_mcdc_controlling_nested(
   const std::set<exprt> &decisions)
 {
   // To obtain the 1st-level controlling conditions
-  std::set<exprt> controlling = collect_mcdc_controlling(decisions);
+  std::set<exprt> controlling=collect_mcdc_controlling(decisions);
 
   std::set<exprt> result;
   // For each controlling condition, to check if it contains
@@ -632,7 +662,7 @@ void remove_repetition(std::set<exprt> &exprs)
      **/
     for(auto &y : new_exprs)
     {
-      bool iden = true;
+      bool iden=true;
       for(auto &c : conditions)
       {
         std::set<signed> signs1=sign_of_expr(c, x);
@@ -674,7 +704,7 @@ void remove_repetition(std::set<exprt> &exprs)
   }
 
   // update the original ''exprs''
-  exprs = new_exprs;
+  exprs=new_exprs;
 }
 
 /*******************************************************************\
@@ -843,7 +873,8 @@ bool is_mcdc_pair(
 
   if(diff_count==1)
     return true;
-  else return false;
+  else
+    return false;
 }
 
 /*******************************************************************\
@@ -968,7 +999,8 @@ void minimize_mcdc_controlling(
     {
       controlling=new_controlling;
     }
-    else break;
+    else
+      break;
   }
 }
 
@@ -1302,9 +1334,12 @@ void instrument_cover_goals(
         const std::set<exprt> decisions=collect_decisions(i_it);
 
         std::set<exprt> both;
-        std::set_union(conditions.begin(), conditions.end(),
-                       decisions.begin(), decisions.end(),
-                       inserter(both, both.end()));
+        std::set_union(
+          conditions.begin(),
+          conditions.end(),
+          decisions.begin(),
+          decisions.end(),
+          inserter(both, both.end()));
 
         const source_locationt source_location=i_it->source_location;
 
@@ -1402,6 +1437,9 @@ void instrument_cover_goals(
        f_it->first=="__CPROVER_initialize")
       continue;
 
-    instrument_cover_goals(symbol_table, f_it->second.body, criterion);
+    instrument_cover_goals(
+      symbol_table,
+      f_it->second.body,
+      criterion);
   }
 }
diff --git a/src/goto-programs/show_properties.cpp b/src/goto-programs/show_properties.cpp
index c7a6bdedf3f..edde459b933 100644
--- a/src/goto-programs/show_properties.cpp
+++ b/src/goto-programs/show_properties.cpp
@@ -130,6 +130,9 @@ void show_properties_json(
       json_properties.push_back(jsont()).make_object();
     json_property["name"]=json_stringt(id2string(property_id));
     json_property["class"]=json_stringt(id2string(property_class));
+    if(!source_location.get_basic_block_covered_lines().empty())
+      json_property["covered_lines"]=
+        json_stringt(id2string(source_location.get_basic_block_covered_lines()));
     json_property["sourceLocation"]=json(source_location);
     json_property["description"]=json_stringt(id2string(description));
     json_property["expression"]=
diff --git a/src/util/irep_ids.txt b/src/util/irep_ids.txt
index 5ada8981c19..29907f11040 100644
--- a/src/util/irep_ids.txt
+++ b/src/util/irep_ids.txt
@@ -801,4 +801,5 @@ cprover_string_to_char_array_func
 cprover_string_to_lower_case_func
 cprover_string_to_upper_case_func
 cprover_string_trim_func
-cprover_string_value_of_func
\ No newline at end of file
+cprover_string_value_of_func
+basic_block_covered_lines
\ No newline at end of file
diff --git a/src/util/source_location.h b/src/util/source_location.h
index b24befcb8c4..9d905c775cb 100644
--- a/src/util/source_location.h
+++ b/src/util/source_location.h
@@ -73,6 +73,11 @@ class source_locationt:public irept
     return get(ID_java_bytecode_index);
   }
 
+  const irep_idt &get_basic_block_covered_lines() const
+  {
+    return get(ID_basic_block_covered_lines);
+  }
+
   void set_file(const irep_idt &file)
   {
     set(ID_file, file);
@@ -128,6 +133,11 @@ class source_locationt:public irept
     set(ID_java_bytecode_index, index);
   }
 
+  void set_basic_block_covered_lines(const irep_idt &covered_lines)
+  {
+    return set(ID_basic_block_covered_lines, covered_lines);
+  }
+
   void set_hide()
   {
     set(ID_hide, true);

From 2ae1f47f3a3a5e0af15b022205df3f4942792a88 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Matthias=20G=C3=BCdemann?= <matthias.guedemann@diffblue.com>
Date: Mon, 13 Feb 2017 15:59:29 +0100
Subject: [PATCH 056/699] compress list of lines into line ranges

---
 src/goto-instrument/cover.cpp         |  19 ++---
 src/goto-programs/show_properties.cpp |   5 +-
 src/util/Makefile                     |   2 +-
 src/util/format_number_range.cpp      | 114 ++++++++++++++++++++++++++
 src/util/format_number_range.h        |  21 +++++
 5 files changed, 147 insertions(+), 14 deletions(-)
 create mode 100644 src/util/format_number_range.cpp
 create mode 100644 src/util/format_number_range.h

diff --git a/src/goto-instrument/cover.cpp b/src/goto-instrument/cover.cpp
index 489ee44eb5e..9f1aa347679 100644
--- a/src/goto-instrument/cover.cpp
+++ b/src/goto-instrument/cover.cpp
@@ -12,6 +12,7 @@ Date: May 2016
 #include <iterator>
 #include <unordered_set>
 
+#include <util/format_number_range.h>
 #include <util/prefix.h>
 #include <util/string2int.h>
 
@@ -51,19 +52,15 @@ class basic_blockst
     }
 
     // create list of covered lines as CSV string and set as property of source
-    // location of basic block
+    // location of basic block, compress to ranges if applicable
+    format_number_ranget format_lines;
     for(const auto &cover_set : block_line_cover_map)
     {
-      std::string covered_lines;
-      bool first=true;
-      for(const auto &line_number : cover_set.second)
-      {
-        if(first)
-          first=false;
-        else
-          covered_lines+=",";
-        covered_lines+=std::to_string(line_number);
-      }
+      assert(!cover_set.second.empty());
+      std::vector<unsigned>
+        line_list{cover_set.second.begin(), cover_set.second.end()};
+
+      std::string covered_lines=format_lines(line_list);
       source_location_map[cover_set.first]
         .set_basic_block_covered_lines(covered_lines);
     }
diff --git a/src/goto-programs/show_properties.cpp b/src/goto-programs/show_properties.cpp
index edde459b933..cbbb00225c7 100644
--- a/src/goto-programs/show_properties.cpp
+++ b/src/goto-programs/show_properties.cpp
@@ -131,8 +131,9 @@ void show_properties_json(
     json_property["name"]=json_stringt(id2string(property_id));
     json_property["class"]=json_stringt(id2string(property_class));
     if(!source_location.get_basic_block_covered_lines().empty())
-      json_property["covered_lines"]=
-        json_stringt(id2string(source_location.get_basic_block_covered_lines()));
+      json_property["coveredLines"]=
+        json_stringt(
+          id2string(source_location.get_basic_block_covered_lines()));
     json_property["sourceLocation"]=json(source_location);
     json_property["description"]=json_stringt(id2string(description));
     json_property["expression"]=
diff --git a/src/util/Makefile b/src/util/Makefile
index 6cc42a18fb8..c605d26c747 100644
--- a/src/util/Makefile
+++ b/src/util/Makefile
@@ -22,7 +22,7 @@ SRC = arith_tools.cpp base_type.cpp cmdline.cpp config.cpp symbol_table.cpp \
       irep_ids.cpp byte_operators.cpp string2int.cpp file_util.cpp \
       memory_info.cpp pipe_stream.cpp irep_hash.cpp endianness_map.cpp \
       ssa_expr.cpp json_irep.cpp json_expr.cpp \
-      string_utils.cpp
+      format_number_range.cpp string_utils.cpp
 
 INCLUDES= -I ..
 
diff --git a/src/util/format_number_range.cpp b/src/util/format_number_range.cpp
new file mode 100644
index 00000000000..146808118ce
--- /dev/null
+++ b/src/util/format_number_range.cpp
@@ -0,0 +1,114 @@
+/*******************************************************************\
+
+Module: Format vector of numbers into a compressed range
+
+Author: Daniel Kroening, kroening@kroening.com
+
+\*******************************************************************/
+
+#include <algorithm>
+#include <cassert>
+
+#include "format_number_range.h"
+
+/*******************************************************************\
+
+Function: format_number_range::operator()
+
+  Inputs: vector of numbers
+
+ Outputs: string of compressed number range representation
+
+ Purpose: create shorter representation for output
+
+\*******************************************************************/
+
+std::string format_number_ranget::operator()(std::vector<unsigned> &numbers)
+{
+  std::string number_range;
+  std::sort(numbers.begin(), numbers.end());
+  unsigned end_number=numbers.back();
+  if(numbers.front()==end_number)
+    number_range=std::to_string(end_number); // only single number
+  else
+  {
+    bool next=true;
+    bool first=true;
+    bool range=false;
+    unsigned start_number=numbers.front();
+    unsigned last_number=start_number;
+
+    for(const auto &number : numbers)
+    {
+      if(next)
+      {
+        next=false;
+        start_number=number;
+        last_number=number;
+      }
+      // advance one forward
+      else
+      {
+        if(number==last_number+1 && !(number==end_number))
+        {
+          last_number++;
+          if(last_number>start_number+1)
+            range=true;
+        }
+        // end this block range
+        else
+        {
+          if(first)
+            first=false;
+          else
+            number_range+=",";
+          if(last_number>start_number)
+          {
+            if(range)
+            {
+              if(number==end_number && number==last_number+1)
+                number_range+=
+                  std::to_string(start_number)+"-"+std::to_string(end_number);
+              else if(number==end_number)
+                number_range+=
+                  std::to_string(start_number)+"-"+std::to_string(last_number)+
+                  ","+std::to_string(end_number);
+              else
+                number_range+=
+                  std::to_string(start_number)+"-"+std::to_string(last_number);
+            }
+            else
+            {
+              if(number!=end_number)
+                number_range+=
+                  std::to_string(start_number)+","+std::to_string(last_number);
+              else
+                number_range+=
+                  std::to_string(start_number)+","+std::to_string(last_number)+
+                  std::to_string(end_number);
+            }
+            start_number=number;
+            last_number=number;
+            range=false;
+            continue;
+          }
+          else
+          {
+            if(number!=end_number)
+              number_range+=std::to_string(start_number);
+            else
+              number_range+=std::to_string(start_number)+","+
+                std::to_string(end_number);
+            start_number=number;
+            last_number=number;
+            range=false;
+            continue; // already set next start number
+          }
+          next=true;
+        }
+      }
+    }
+  }
+  assert(!number_range.empty());
+  return number_range;
+}
diff --git a/src/util/format_number_range.h b/src/util/format_number_range.h
new file mode 100644
index 00000000000..7ff016e9c4d
--- /dev/null
+++ b/src/util/format_number_range.h
@@ -0,0 +1,21 @@
+/*******************************************************************\
+
+Module: Format vector of numbers into a compressed range
+
+Author: Daniel Kroening, kroening@kroening.com
+
+\*******************************************************************/
+
+#ifndef CPROVER_UTIL_FORMAT_NUMBER_RANGE_H
+#define CPROVER_UTIL_FORMAT_NUMBER_RANGE_H
+
+#include <string>
+#include <vector>
+
+class format_number_ranget
+{
+public:
+  std::string operator()(std::vector<unsigned> &);
+};
+
+#endif // CPROVER_UTIL_FORMAT_NUMBER_RANGE_H

From f5f47a7043bf3389d41ca2a0628f58ec9b3670e6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Matthias=20G=C3=BCdemann?= <matthias.guedemann@diffblue.com>
Date: Wed, 15 Feb 2017 23:53:28 +0100
Subject: [PATCH 057/699] add regression test for coverage lines

---
 regression/cbmc-java/covered1/covered1.class | Bin 0 -> 750 bytes
 regression/cbmc-java/covered1/covered1.java  |  37 +++++++++++++++++++
 regression/cbmc-java/covered1/test.desc      |  19 ++++++++++
 3 files changed, 56 insertions(+)
 create mode 100644 regression/cbmc-java/covered1/covered1.class
 create mode 100644 regression/cbmc-java/covered1/covered1.java
 create mode 100644 regression/cbmc-java/covered1/test.desc

diff --git a/regression/cbmc-java/covered1/covered1.class b/regression/cbmc-java/covered1/covered1.class
new file mode 100644
index 0000000000000000000000000000000000000000..7cb91496b7df5bc0b1e7f8b6db0aa9a4992bd947
GIT binary patch
literal 750
zcmYk4TWb?h6ouEBOJ*jSCQa%+wf9SU)TC(>1*uXHiUBVVl?py}G8x*`n3Rwf?N9N^
zw?5lA2nzlHf0VlRp`r}?+xwiuIcx3B{QULp2Y?11WKlpRKptxXEx04NE4U}93TlFN
zL0zyR*c3E8G(Fr`Q12Nn#s|ikf_1jeB4V@^>_Ml)>WysI1sj4*K||0~$ZU1{-O*zO
zx6*2@?I}1<2AxEq@T}WUUYxvZC&O1!yT_f0-BA?3eI6Z~HT4zzt+;o2-LA;x?C#)X
z7$-Yjb0Hp_Cc~stuO3CGQHU8VhnPe$L`g6uxGA_LC<|^2t_rRRt_ZH<Mu=$?Dfjn5
zg-Lm`){FWFwU_OqBpzX&Qz>w`A%h|$M8{-GG5hkKSyRDeikN*$m^Iy)OhYEqlR2ll
zS<@b~#hAe?6y{ichs_Uot-nHPCxxZm6t>Q!aHMjj%4jczr~MSZE>9n(2$=R$Wc3#W
z<xj|8Am{9lkvm860^vt^&N&==jPNs`w%8o-kPU)!argzuaOH7^v$Q_Pxy@q%OIYQ!
zs@!REu#Y&`rySfKPZxNz1m`z5Y!8b{0l~JiIFcnSUpBI18UxCd%^5%L@qb4AF(&?*
Z$(x=7S}D=eq7iUmmA3i2Va0e}{R0x#Tn_*M

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/covered1/covered1.java b/regression/cbmc-java/covered1/covered1.java
new file mode 100644
index 00000000000..018e65336a6
--- /dev/null
+++ b/regression/cbmc-java/covered1/covered1.java
@@ -0,0 +1,37 @@
+public class covered1
+{
+  // this is a variable
+  int x=1;
+  //these are two, one line off the first
+  int y=2;
+  int z=3;
+  //this is part of static init
+  static int z0=0;
+
+  //another non-static
+  int a;
+  int b;
+  static boolean odd;
+
+  static
+  {
+    odd=(z0+1)%2==0;
+  }
+
+  covered1(int a, int b)
+  {
+    this.a=a*b;
+    this.b=a+b;
+    if(this.a==a)
+      z0++;
+    else
+      odd=!odd;
+  }
+  // at the back
+  int z1=2;
+  int z2=3;
+  int z3=4;
+  //
+  static int z4=5;
+  int z5=5;
+}
diff --git a/regression/cbmc-java/covered1/test.desc b/regression/cbmc-java/covered1/test.desc
new file mode 100644
index 00000000000..32af766bdb7
--- /dev/null
+++ b/regression/cbmc-java/covered1/test.desc
@@ -0,0 +1,19 @@
+CORE
+covered1.class
+--cover location --json-ui --show-properties
+^EXIT=0$
+^SIGNAL=0$
+.*\"coveredLines\": \"22\",$
+.*\"coveredLines\": \"4,6,7,23-25,31-33,36\",$
+.*\"coveredLines\": \"26\",$
+.*\"coveredLines\": \"28\",$
+.*\"coveredLines\": \"28\",$
+.*\"coveredLines\": \"28\",$
+.*\"coveredLines\": \"28\",$
+.*\"coveredLines\": \"29\",$
+.*\"coveredLines\": \"9,18\",$
+.*\"coveredLines\": \"18\",$
+.*\"coveredLines\": \"18\",$
+.*\"coveredLines\": \"18,35\",$
+--
+^warning: ignoring

From 02d2b9d0c50d18500c3cf37baa4eb1c6a7978488 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Matthias=20G=C3=BCdemann?= <matthias.guedemann@diffblue.com>
Date: Fri, 17 Feb 2017 11:12:48 +0100
Subject: [PATCH 058/699] fix problem with missing comma / range fix for
 reaching end

---
 src/util/format_number_range.cpp | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/src/util/format_number_range.cpp b/src/util/format_number_range.cpp
index 146808118ce..cca3bbf154c 100644
--- a/src/util/format_number_range.cpp
+++ b/src/util/format_number_range.cpp
@@ -8,6 +8,7 @@ Author: Daniel Kroening, kroening@kroening.com
 
 #include <algorithm>
 #include <cassert>
+#include <string>
 
 #include "format_number_range.h"
 
@@ -83,9 +84,16 @@ std::string format_number_ranget::operator()(std::vector<unsigned> &numbers)
                 number_range+=
                   std::to_string(start_number)+","+std::to_string(last_number);
               else
-                number_range+=
-                  std::to_string(start_number)+","+std::to_string(last_number)+
-                  std::to_string(end_number);
+              {
+                if(start_number+1==last_number && last_number+1==number)
+                  number_range+=
+                    std::to_string(start_number)+"-"+std::to_string(end_number);
+                else
+                  number_range+=
+                    std::to_string(start_number)+
+                    ","+std::to_string(last_number)+
+                    ","+std::to_string(end_number);
+              }
             }
             start_number=number;
             last_number=number;

From b7d828bc18cf807c8b4c649f676e6945d2d9633f Mon Sep 17 00:00:00 2001
From: thk123 <thomas@diffblue.com>
Date: Mon, 16 Jan 2017 15:11:43 +0000
Subject: [PATCH 059/699] Updated dump-C to use the new class

---
 src/goto-instrument/dump_c.cpp               | 260 +------------------
 src/goto-instrument/dump_c_class.h           |  11 +-
 src/goto-programs/system_library_symbols.cpp |   4 +-
 src/goto-programs/system_library_symbols.h   |   3 +-
 4 files changed, 11 insertions(+), 267 deletions(-)

diff --git a/src/goto-instrument/dump_c.cpp b/src/goto-instrument/dump_c.cpp
index d06a79e01d8..24005138109 100644
--- a/src/goto-instrument/dump_c.cpp
+++ b/src/goto-instrument/dump_c.cpp
@@ -163,7 +163,8 @@ void dump_ct::operator()(std::ostream &os)
     }
 
     // we don't want to dump in full all definitions
-    if(!tag_added && ignore(symbol))
+    if(!tag_added &&
+      system_symbols.is_symbol_internal_symbol(symbol, system_headers))
       continue;
 
     if(!symbols_sorted.insert(name_str).second)
@@ -344,7 +345,7 @@ void dump_ct::convert_compound(
       ns.lookup(to_symbol_type(type).get_identifier());
     assert(symbol.is_type);
 
-    if(!ignore(symbol))
+    if(!system_symbols.is_symbol_internal_symbol(symbol, system_headers))
       convert_compound(symbol.type, unresolved, recursive, os);
   }
   else if(type.id()==ID_c_enum_tag)
@@ -353,7 +354,7 @@ void dump_ct::convert_compound(
       ns.lookup(to_c_enum_tag_type(type).get_identifier());
     assert(symbol.is_type);
 
-    if(!ignore(symbol))
+    if(!system_symbols.is_symbol_internal_symbol(symbol, system_headers))
       convert_compound(symbol.type, unresolved, recursive, os);
   }
   else if(type.id()==ID_array || type.id()==ID_pointer)
@@ -610,259 +611,6 @@ void dump_ct::convert_compound_enum(
 
 /*******************************************************************\
 
-Function: dump_ct::init_system_library_map
-
-Inputs:
-
-Outputs:
-
-Purpose:
-
-\*******************************************************************/
-
-#define ADD_TO_SYSTEM_LIBRARY(v, header) \
-  for(size_t i=0; i<sizeof(v)/sizeof(char*); ++i) \
-    system_library_map.insert( \
-      std::make_pair(v[i], header))
-
-void dump_ct::init_system_library_map()
-{
-  // ctype.h
-  const char* ctype_syms[]=
-  {
-    "isalnum", "isalpha", "isblank", "iscntrl", "isdigit", "isgraph",
-    "islower", "isprint", "ispunct", "isspace", "isupper", "isxdigit",
-    "tolower", "toupper"
-  };
-  ADD_TO_SYSTEM_LIBRARY(ctype_syms, "ctype.h");
-
-  // fcntl.h
-  const char* fcntl_syms[]=
-  {
-    "creat", "fcntl", "open"
-  };
-  ADD_TO_SYSTEM_LIBRARY(fcntl_syms, "fcntl.h");
-
-  // locale.h
-  const char* locale_syms[]=
-  {
-    "setlocale"
-  };
-  ADD_TO_SYSTEM_LIBRARY(locale_syms, "locale.h");
-
-  // math.h
-  const char* math_syms[]=
-  {
-    "acos", "acosh", "asin", "asinh", "atan", "atan2", "atanh",
-    "cbrt", "ceil", "copysign", "cos", "cosh", "erf", "erfc", "exp",
-    "exp2", "expm1", "fabs", "fdim", "floor", "fma", "fmax", "fmin",
-    "fmod", "fpclassify", "frexp", "hypot", "ilogb", "isfinite",
-    "isinf", "isnan", "isnormal", "j0", "j1", "jn", "ldexp", "lgamma",
-    "llrint", "llround", "log", "log10", "log1p", "log2", "logb",
-    "lrint", "lround", "modf", "nan", "nearbyint", "nextafter", "pow",
-    "remainder", "remquo", "rint", "round", "scalbln", "scalbn",
-    "signbit", "sin", "sinh", "sqrt", "tan", "tanh", "tgamma",
-    "trunc", "y0", "y1", "yn"
-  };
-  ADD_TO_SYSTEM_LIBRARY(math_syms, "math.h");
-
-  // pthread.h
-  const char* pthread_syms[]=
-  {
-    "pthread_cleanup_pop", "pthread_cleanup_push",
-    "pthread_cond_broadcast", "pthread_cond_destroy",
-    "pthread_cond_init", "pthread_cond_signal",
-    "pthread_cond_timedwait", "pthread_cond_wait", "pthread_create",
-    "pthread_detach", "pthread_equal", "pthread_exit",
-    "pthread_getspecific", "pthread_join", "pthread_key_delete",
-    "pthread_mutex_destroy", "pthread_mutex_init",
-    "pthread_mutex_lock", "pthread_mutex_trylock",
-    "pthread_mutex_unlock", "pthread_once", "pthread_rwlock_destroy",
-    "pthread_rwlock_init", "pthread_rwlock_rdlock",
-    "pthread_rwlock_unlock", "pthread_rwlock_wrlock",
-    "pthread_rwlockattr_destroy", "pthread_rwlockattr_getpshared",
-    "pthread_rwlockattr_init", "pthread_rwlockattr_setpshared",
-    "pthread_self", "pthread_setspecific"
-  };
-  ADD_TO_SYSTEM_LIBRARY(pthread_syms, "pthread.h");
-
-  // setjmp.h
-  const char* setjmp_syms[]=
-  {
-    "_longjmp", "_setjmp", "longjmp", "longjmperror", "setjmp",
-    "siglongjmp", "sigsetjmp"
-  };
-  ADD_TO_SYSTEM_LIBRARY(setjmp_syms, "setjmp.h");
-
-  // stdio.h
-  const char* stdio_syms[]=
-  {
-    "asprintf", "clearerr", "fclose", "fdopen", "feof", "ferror",
-    "fflush", "fgetc", "fgetln", "fgetpos", "fgets", "fgetwc",
-    "fgetws", "fileno", "fopen", "fprintf", "fpurge", "fputc",
-    "fputs", "fputwc", "fputws", "fread", "freopen", "fropen",
-    "fscanf", "fseek", "fsetpos", "ftell", "funopen", "fwide",
-    "fwopen", "fwprintf", "fwrite", "getc", "getchar", "getdelim",
-    "getline", "gets", "getw", "getwc", "getwchar", "mkdtemp",
-    "mkstemp", "mktemp", "perror", "printf", "putc", "putchar",
-    "puts", "putw", "putwc", "putwchar", "remove", "rewind", "scanf",
-    "setbuf", "setbuffer", "setlinebuf", "setvbuf", "snprintf",
-    "sprintf", "sscanf", "strerror", "swprintf", "sys_errlist",
-    "sys_nerr", "tempnam", "tmpfile", "tmpnam", "ungetc", "ungetwc",
-    "vasprintf", "vfprintf", "vfscanf", "vfwprintf", "vprintf",
-    "vscanf", "vsnprintf", "vsprintf", "vsscanf", "vswprintf",
-    "vwprintf", "wprintf",
-    /* non-public struct types */
-    "tag-__sFILE", "tag-__sbuf", // OS X
-    "tag-_IO_FILE", "tag-_IO_marker", // Linux
-  };
-  ADD_TO_SYSTEM_LIBRARY(stdio_syms, "stdio.h");
-
-  // stdlib.h
-  const char* stdlib_syms[]=
-  {
-    "abort", "abs", "atexit", "atof", "atoi", "atol", "atoll",
-    "bsearch", "calloc", "div", "exit", "free", "getenv", "labs",
-    "ldiv", "llabs", "lldiv", "malloc", "mblen", "mbstowcs", "mbtowc",
-    "qsort", "rand", "realloc", "srand", "strtod", "strtof", "strtol",
-    "strtold", "strtoll", "strtoul", "strtoull", "system", "wcstombs",
-    "wctomb"
-  };
-  ADD_TO_SYSTEM_LIBRARY(stdlib_syms, "stdlib.h");
-
-  // string.h
-  const char* string_syms[]=
-  {
-    "strcat", "strncat", "strchr", "strrchr", "strcmp", "strncmp",
-    "strcpy", "strncpy", "strerror", "strlen", "strpbrk", "strspn",
-    "strcspn", "strstr", "strtok"
-  };
-  ADD_TO_SYSTEM_LIBRARY(string_syms, "string.h");
-
-  // time.h
-  const char* time_syms[]=
-  {
-    "asctime", "asctime_r", "ctime", "ctime_r", "difftime", "gmtime",
-    "gmtime_r", "localtime", "localtime_r", "mktime",
-    /* non-public struct types */
-    "tag-timespec", "tag-timeval"
-  };
-  ADD_TO_SYSTEM_LIBRARY(time_syms, "time.h");
-
-  // unistd.h
-  const char* unistd_syms[]=
-  {
-    "_exit", "access", "alarm", "chdir", "chown", "close", "dup",
-    "dup2", "execl", "execle", "execlp", "execv", "execve", "execvp",
-    "fork", "fpathconf", "getcwd", "getegid", "geteuid", "getgid",
-    "getgroups", "getlogin", "getpgrp", "getpid", "getppid", "getuid",
-    "isatty", "link", "lseek", "pathconf", "pause", "pipe", "read",
-    "rmdir", "setgid", "setpgid", "setsid", "setuid", "sleep",
-    "sysconf", "tcgetpgrp", "tcsetpgrp", "ttyname", "ttyname_r",
-    "unlink", "write"
-  };
-  ADD_TO_SYSTEM_LIBRARY(unistd_syms, "unistd.h");
-
-  // sys/select.h
-  const char* sys_select_syms[]=
-  {
-    "select"
-  };
-  ADD_TO_SYSTEM_LIBRARY(sys_select_syms, "sys/select.h");
-
-  // sys/socket.h
-  const char* sys_socket_syms[]=
-  {
-    "accept", "bind", "connect"
-  };
-  ADD_TO_SYSTEM_LIBRARY(sys_socket_syms, "sys/socket.h");
-
-  // sys/stat.h
-  const char* sys_stat_syms[]=
-  {
-    "fstat", "lstat", "stat"
-  };
-  ADD_TO_SYSTEM_LIBRARY(sys_stat_syms, "sys/stat.h");
-
-  /*
-  // sys/types.h
-  const char* sys_types_syms[]=
-  {
-  };
-  ADD_TO_SYSTEM_LIBRARY(sys_types_syms, "sys/types.h");
-  */
-
-  // sys/wait.h
-  const char* sys_wait_syms[]=
-  {
-    "wait", "waitpid"
-  };
-  ADD_TO_SYSTEM_LIBRARY(sys_wait_syms, "sys/wait.h");
-}
-
-/*******************************************************************\
-
-Function: dump_ct::ignore
-
-Inputs:
-
-Outputs:
-
-Purpose:
-
-\*******************************************************************/
-
-bool dump_ct::ignore(const symbolt &symbol)
-{
-  const std::string &name_str=id2string(symbol.name);
-
-  if(has_prefix(name_str, CPROVER_PREFIX) ||
-     name_str=="__func__" ||
-     name_str=="__FUNCTION__" ||
-     name_str=="__PRETTY_FUNCTION__" ||
-     name_str=="argc'" ||
-     name_str=="argv'" ||
-     name_str=="envp'" ||
-     name_str=="envp_size'")
-    return true;
-
-  const std::string &file_str=id2string(symbol.location.get_file());
-
-  // don't dump internal GCC builtins
-  if((file_str=="gcc_builtin_headers_alpha.h" ||
-      file_str=="gcc_builtin_headers_arm.h" ||
-      file_str=="gcc_builtin_headers_ia32.h" ||
-      file_str=="gcc_builtin_headers_mips.h" ||
-      file_str=="gcc_builtin_headers_power.h" ||
-      file_str=="gcc_builtin_headers_generic.h") &&
-     has_prefix(name_str, "__builtin_"))
-    return true;
-
-  if(name_str=="__builtin_va_start" ||
-     name_str=="__builtin_va_end" ||
-     symbol.name==ID_gcc_builtin_va_arg)
-  {
-    system_headers.insert("stdarg.h");
-    return true;
-  }
-
-  if(name_str.find("$link")!=std::string::npos)
-    return false;
-
-  system_library_mapt::const_iterator it=
-    system_library_map.find(symbol.name);
-
-  if(it!=system_library_map.end())
-  {
-    system_headers.insert(it->second);
-    return true;
-  }
-
-  return false;
-}
-
-/*******************************************************************\
-
 Function: dump_ct::cleanup_decl
 
 Inputs:
diff --git a/src/goto-instrument/dump_c_class.h b/src/goto-instrument/dump_c_class.h
index 6bb7b79638e..c8c77da5102 100644
--- a/src/goto-instrument/dump_c_class.h
+++ b/src/goto-instrument/dump_c_class.h
@@ -15,6 +15,7 @@ Author: Daniel Kroening, kroening@kroening.com
 #include <util/language.h>
 
 #include <langapi/mode.h>
+#include <goto-programs/system_library_symbols.h>
 
 class dump_ct
 {
@@ -30,7 +31,7 @@ class dump_ct
     language(factory())
   {
     if(use_system_headers)
-      init_system_library_map();
+      system_symbols=system_library_symbolst();
   }
 
   virtual ~dump_ct()
@@ -51,21 +52,15 @@ class dump_ct
 
   std::set<std::string> system_headers;
 
-  typedef std::unordered_map<irep_idt, std::string, irep_id_hash>
-    system_library_mapt;
-  system_library_mapt system_library_map;
+  system_library_symbolst system_symbols;
 
   typedef std::unordered_map<irep_idt, irep_idt, irep_id_hash>
     declared_enum_constants_mapt;
   declared_enum_constants_mapt declared_enum_constants;
 
-  void init_system_library_map();
-
   std::string type_to_string(const typet &type);
   std::string expr_to_string(const exprt &expr);
 
-  bool ignore(const symbolt &symbol);
-
   static std::string indent(const unsigned n)
   {
     return std::string(2*n, ' ');
diff --git a/src/goto-programs/system_library_symbols.cpp b/src/goto-programs/system_library_symbols.cpp
index 76023d0c455..250eb3b1cdb 100644
--- a/src/goto-programs/system_library_symbols.cpp
+++ b/src/goto-programs/system_library_symbols.cpp
@@ -284,7 +284,7 @@ Purpose: To find out if a symbol is an internal symbol.
 
 bool system_library_symbolst::is_symbol_internal_symbol(
   const symbolt &symbol,
-  std::set<irep_idt> &out_system_headers) const
+  std::set<std::string> &out_system_headers) const
 {
   const std::string &name_str=id2string(symbol.name);
 
@@ -345,7 +345,7 @@ bool system_library_symbolst::is_symbol_internal_symbol(
 
   if(it!=system_library_map.end())
   {
-    out_system_headers.insert(it->second);
+    out_system_headers.insert(id2string(it->second));
     return true;
   }
 
diff --git a/src/goto-programs/system_library_symbols.h b/src/goto-programs/system_library_symbols.h
index a253b903bd8..9438e052a76 100644
--- a/src/goto-programs/system_library_symbols.h
+++ b/src/goto-programs/system_library_symbols.h
@@ -11,6 +11,7 @@ Author: Thomas Kiley
 
 #include <list>
 #include <set>
+#include <string>
 #include <util/irep.h>
 
 class symbolt;
@@ -22,7 +23,7 @@ class system_library_symbolst
 
   bool is_symbol_internal_symbol(
     const symbolt &symbol,
-    std::set<irep_idt> &out_system_headers) const;
+    std::set<std::string> &out_system_headers) const;
 
 private:
   void init_system_library_map();

From fef1fed6b8c7894243d652396f185179cfb985a5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Matthias=20G=C3=BCdemann?= <matthias.guedemann@diffblue.com>
Date: Thu, 2 Mar 2017 15:10:22 +0100
Subject: [PATCH 060/699] update interpreter

---
 .../goto_instrument_parse_options.cpp         |   2 +-
 src/goto-programs/interpreter.cpp             | 864 ++++++++++++++++--
 src/goto-programs/interpreter.h               |   5 +-
 src/goto-programs/interpreter_class.h         | 157 +++-
 src/goto-programs/interpreter_evaluate.cpp    | 798 ++++++++++++++--
 5 files changed, 1649 insertions(+), 177 deletions(-)

diff --git a/src/goto-instrument/goto_instrument_parse_options.cpp b/src/goto-instrument/goto_instrument_parse_options.cpp
index 3cbbac3a55b..cce5aaad42b 100644
--- a/src/goto-instrument/goto_instrument_parse_options.cpp
+++ b/src/goto-instrument/goto_instrument_parse_options.cpp
@@ -561,7 +561,7 @@ int goto_instrument_parse_optionst::doit()
     if(cmdline.isset("interpreter"))
     {
       status() << "Starting interpreter" << eom;
-      interpreter(symbol_table, goto_functions);
+      interpreter(symbol_table, goto_functions, get_message_handler());
       return 0;
     }
 
diff --git a/src/goto-programs/interpreter.cpp b/src/goto-programs/interpreter.cpp
index 2b4841a7c22..8d1565db914 100644
--- a/src/goto-programs/interpreter.cpp
+++ b/src/goto-programs/interpreter.cpp
@@ -9,13 +9,23 @@ Author: Daniel Kroening, kroening@kroening.com
 #include <cctype>
 #include <cstdio>
 #include <iostream>
+#include <fstream>
 #include <algorithm>
+#include <string.h>
 
 #include <util/std_types.h>
 #include <util/symbol_table.h>
+#include <util/ieee_float.h>
+#include <util/fixedbv.h>
+#include <util/std_expr.h>
+#include <util/message.h>
+#include <json/json_parser.h>
 
 #include "interpreter.h"
 #include "interpreter_class.h"
+#include "remove_returns.h"
+
+const size_t interpretert::npos=std::numeric_limits<size_t>::max();
 
 /*******************************************************************\
 
@@ -30,9 +40,46 @@ Function: interpretert::operator()
 \*******************************************************************/
 
 void interpretert::operator()()
+{
+  status() << "0- Initialize:" << eom;
+  initialize(true);
+  try
+  {
+    status() << "Type h for help\n" << eom;
+
+    while(!done)
+      command();
+
+    status() << total_steps << "- Program End.\n" << eom;
+  }
+  catch (const char *e)
+  {
+    error() << e << "\n" << eom;
+  }
+
+  while(!done)
+    command();
+}
+
+/*******************************************************************\
+
+Function: interpretert::initialize
+
+ Inputs:
+
+ Outputs:
+
+ Purpose: Initializes the memory map of the interpreter and
+          [optionally] runs up to the entry point (thus doing
+          the cprover initialization)
+
+\*******************************************************************/
+
+void interpretert::initialize(bool init)
 {
   build_memory_map();
 
+  total_steps=0;
   const goto_functionst::function_mapt::const_iterator
     main_it=goto_functions.function_map.find(goto_functionst::entry_point());
 
@@ -44,17 +91,27 @@ void interpretert::operator()()
   if(!goto_function.body_available())
     throw "main has no body";
 
-  PC=goto_function.body.instructions.begin();
+  pc=goto_function.body.instructions.begin();
   function=main_it;
 
   done=false;
-
-  while(!done)
+  if(init)
   {
+    stack_depth=call_stack.size()+1;
     show_state();
-    command();
-    if(!done)
+    step();
+    while(!done && (stack_depth<=call_stack.size()) && (stack_depth!=npos))
+    {
+      show_state();
+      step();
+    }
+    while(!done && (call_stack.size()==0))
+    {
+      show_state();
       step();
+    }
+    clear_input_flags();
+    input_vars.clear();
   }
 }
 
@@ -66,26 +123,31 @@ Function: interpretert::show_state
 
  Outputs:
 
- Purpose:
+ Purpose: displays the current position of the pc and corresponding
+          code
 
 \*******************************************************************/
 
 void interpretert::show_state()
 {
-  std::cout << std::endl;
-  std::cout << "----------------------------------------------------"
-            << std::endl;
+  if(!show)
+    return;
+  status() << "\n"
+           << total_steps+1
+           << " ----------------------------------------------------\n";
 
-  if(PC==function->second.body.instructions.end())
+  if(pc==function->second.body.instructions.end())
   {
-    std::cout << "End of function `"
-              << function->first << "'" << std::endl;
+    status() << "End of function `" << function->first << "'\n";
   }
   else
     function->second.body.output_instruction(
-      ns, function->first, std::cout, PC);
+      ns,
+      function->first,
+      status(),
+      pc);
 
-  std::cout << std::endl;
+  status() << eom;
 }
 
 /*******************************************************************\
@@ -96,7 +158,7 @@ Function: interpretert::command
 
  Outputs:
 
- Purpose:
+ Purpose: reads a user command and executes it.
 
 \*******************************************************************/
 
@@ -111,9 +173,97 @@ void interpretert::command()
   }
 
   char ch=tolower(command[0]);
-
   if(ch=='q')
     done=true;
+  else if(ch=='h')
+  {
+    status()
+      << "Interpreter help\n"
+      << "h: display this menu\n"
+      << "j: output json trace\n"
+      << "m: output memory dump\n"
+      << "o: output goto trace\n"
+      << "q: quit\n"
+      << "r: run until completion\n"
+      << "s#: step a number of instructions\n"
+      << "sa: step across a function\n"
+      << "so: step out of a function\n"
+      << eom;
+  }
+  else if(ch=='j')
+  {
+    jsont json_steps;
+    convert(ns, steps, json_steps);
+    ch=tolower(command[1]);
+    if(ch==' ')
+    {
+      std::ofstream file;
+      file.open(command+2);
+      if(file.is_open())
+      {
+        json_steps.output(file);
+        file.close();
+        return;
+      }
+    }
+    json_steps.output(result());
+  }
+  else if(ch=='m')
+  {
+    ch=tolower(command[1]);
+    print_memory(ch=='i');
+  }
+  else if(ch=='o')
+  {
+    ch=tolower(command[1]);
+    if(ch==' ')
+    {
+      std::ofstream file;
+      file.open(command+2);
+      if(file.is_open())
+      {
+        steps.output(ns, file);
+        file.close();
+        return;
+      }
+    }
+    steps.output(ns, result());
+  }
+  else if(ch=='r')
+  {
+    ch=tolower(command[1]);
+    initialize(ch!='0');
+  }
+  else if((ch=='s') || (ch==0))
+  {
+    num_steps=1;
+    stack_depth=npos;
+    ch=tolower(command[1]);
+    if(ch=='e')
+      num_steps=npos;
+    else if(ch=='o')
+      stack_depth=call_stack.size();
+    else if(ch=='a')
+      stack_depth=call_stack.size()+1;
+    else
+    {
+      num_steps=atoi(command+1);
+      if(num_steps==0)
+        num_steps=1;
+    }
+    while(!done && ((num_steps==npos) || ((num_steps--)>0)))
+    {
+      step();
+      show_state();
+    }
+    while(!done && (stack_depth<=call_stack.size()) && (stack_depth!=npos))
+    {
+      step();
+      show_state();
+    }
+    return;
+  }
+  show_state();
 }
 
 /*******************************************************************\
@@ -124,41 +274,50 @@ Function: interpretert::step
 
  Outputs:
 
- Purpose:
+ Purpose: executes a single step and updates the program counter
 
 \*******************************************************************/
 
 void interpretert::step()
 {
-  if(PC==function->second.body.instructions.end())
+  total_steps++;
+  if(pc==function->second.body.instructions.end())
   {
     if(call_stack.empty())
       done=true;
     else
     {
-      PC=call_stack.top().return_PC;
+      pc=call_stack.top().return_pc;
       function=call_stack.top().return_function;
-      stack_pointer=call_stack.top().old_stack_pointer;
+      // TODO: this increases memory size quite quickly.
+      // Should check alternatives
       call_stack.pop();
     }
 
     return;
   }
 
-  next_PC=PC;
-  next_PC++;
+  next_pc=pc;
+  next_pc++;
 
-  switch(PC->type)
+  steps.add_step(goto_trace_stept());
+  goto_trace_stept &trace_step=steps.get_last_step();
+  trace_step.thread_nr=thread_id;
+  trace_step.pc=pc;
+  switch(pc->type)
   {
   case GOTO:
+    trace_step.type=goto_trace_stept::GOTO;
     execute_goto();
     break;
 
   case ASSUME:
+    trace_step.type=goto_trace_stept::ASSUME;
     execute_assume();
     break;
 
   case ASSERT:
+    trace_step.type=goto_trace_stept::ASSERT;
     execute_assert();
     break;
 
@@ -167,38 +326,46 @@ void interpretert::step()
     break;
 
   case DECL:
+    trace_step.type=goto_trace_stept::DECL;
     execute_decl();
     break;
 
   case SKIP:
   case LOCATION:
+    trace_step.type=goto_trace_stept::LOCATION;
+    break;
   case END_FUNCTION:
+    trace_step.type=goto_trace_stept::FUNCTION_RETURN;
     break;
 
   case RETURN:
+    trace_step.type=goto_trace_stept::FUNCTION_RETURN;
     if(call_stack.empty())
       throw "RETURN without call"; // NOLINT(readability/throw)
 
-    if(PC->code.operands().size()==1 &&
+    if(pc->code.operands().size()==1 &&
        call_stack.top().return_value_address!=0)
     {
-      std::vector<mp_integer> rhs;
-      evaluate(PC->code.op0(), rhs);
+      mp_vectort rhs;
+      evaluate(pc->code.op0(), rhs);
       assign(call_stack.top().return_value_address, rhs);
     }
 
-    next_PC=function->second.body.instructions.end();
+    next_pc=function->second.body.instructions.end();
     break;
 
   case ASSIGN:
+    trace_step.type=goto_trace_stept::ASSIGNMENT;
     execute_assign();
     break;
 
   case FUNCTION_CALL:
+    trace_step.type=goto_trace_stept::FUNCTION_CALL;
     execute_function_call();
     break;
 
   case START_THREAD:
+    trace_step.type=goto_trace_stept::SPAWN;
     throw "START_THREAD not yet implemented"; // NOLINT(readability/throw)
 
   case END_THREAD:
@@ -206,19 +373,44 @@ void interpretert::step()
     break;
 
   case ATOMIC_BEGIN:
+    trace_step.type=goto_trace_stept::ATOMIC_BEGIN;
     throw "ATOMIC_BEGIN not yet implemented"; // NOLINT(readability/throw)
 
   case ATOMIC_END:
+    trace_step.type=goto_trace_stept::ATOMIC_END;
     throw "ATOMIC_END not yet implemented"; // NOLINT(readability/throw)
 
   case DEAD:
-    throw "DEAD not yet implemented"; // NOLINT(readability/throw)
-
+    trace_step.type=goto_trace_stept::DEAD;
+    break;
+  case THROW:
+    trace_step.type=goto_trace_stept::GOTO;
+    while(!done && (pc->type!=CATCH))
+    {
+      if(pc==function->second.body.instructions.end())
+      {
+        if(call_stack.empty())
+          done=true;
+        else
+        {
+          pc=call_stack.top().return_pc;
+          function=call_stack.top().return_function;
+          call_stack.pop();
+        }
+      }
+      else
+      {
+        next_pc=pc;
+        next_pc++;
+      }
+    }
+    break;
+  case CATCH:
+    break;
   default:
     throw "encountered instruction with undefined instruction type";
   }
-
-  PC=next_PC;
+  pc=next_pc;
 }
 
 /*******************************************************************\
@@ -229,21 +421,21 @@ Function: interpretert::execute_goto
 
  Outputs:
 
- Purpose:
+ Purpose: executes a goto instruction
 
 \*******************************************************************/
 
 void interpretert::execute_goto()
 {
-  if(evaluate_boolean(PC->guard))
+  if(evaluate_boolean(pc->guard))
   {
-    if(PC->targets.empty())
+    if(pc->targets.empty())
       throw "taken goto without target";
 
-    if(PC->targets.size()>=2)
+    if(pc->targets.size()>=2)
       throw "non-deterministic goto encountered";
 
-    next_PC=PC->targets.front();
+    next_pc=pc->targets.front();
   }
 }
 
@@ -255,19 +447,37 @@ Function: interpretert::execute_other
 
  Outputs:
 
- Purpose:
+ Purpose: executes side effects of 'other' instructions
 
 \*******************************************************************/
 
 void interpretert::execute_other()
 {
-  const irep_idt &statement=PC->code.get_statement();
-
+  const irep_idt &statement=pc->code.get_statement();
   if(statement==ID_expression)
   {
-    assert(PC->code.operands().size()==1);
-    std::vector<mp_integer> rhs;
-    evaluate(PC->code.op0(), rhs);
+    assert(pc->code.operands().size()==1);
+    mp_vectort rhs;
+    evaluate(pc->code.op0(), rhs);
+  }
+  else if(statement==ID_array_set)
+  {
+    mp_vectort tmp, rhs;
+    evaluate(pc->code.op1(), tmp);
+    mp_integer address=evaluate_address(pc->code.op0());
+    size_t size=get_size(pc->code.op0().type());
+    while(rhs.size()<size) rhs.insert(rhs.end(), tmp.begin(), tmp.end());
+    if(size!=rhs.size())
+      error() << "!! failed to obtain rhs (" << rhs.size() << " vs. "
+              << size << ")\n" << eom;
+    else
+    {
+      assign(address, rhs);
+    }
+  }
+  else if(statement==ID_output)
+  {
+    return;
   }
   else
     throw "unexpected OTHER statement: "+id2string(statement);
@@ -287,7 +497,253 @@ Function: interpretert::execute_decl
 
 void interpretert::execute_decl()
 {
-  assert(PC->code.get_statement()==ID_decl);
+  assert(pc->code.get_statement()==ID_decl);
+}
+
+/*******************************************************************\
+
+Function: interpretert::get_component_id
+
+  Inputs: an object and a memory offset
+
+ Outputs:
+
+ Purpose: retrieves the member at offset
+
+\*******************************************************************/
+
+irep_idt interpretert::get_component_id(
+  const irep_idt &object,
+  unsigned offset)
+{
+  const symbolt &symbol=ns.lookup(object);
+  const typet real_type=ns.follow(symbol.type);
+  if(real_type.id()!=ID_struct)
+    throw "request for member of non-struct";
+
+  const struct_typet &struct_type=to_struct_type(real_type);
+  const struct_typet::componentst &components=struct_type.components();
+  for(struct_typet::componentst::const_iterator it=components.begin();
+      it!=components.end(); it++)
+  {
+    if(offset<=0)
+      return it->id();
+    size_t size=get_size(it->type());
+    offset-=size;
+  }
+  return object;
+}
+
+/*******************************************************************\
+
+Function: interpretert::get_type
+
+ Inputs:
+
+ Outputs:
+
+ Purpose: returns the type object corresponding to id
+
+\*******************************************************************/
+
+typet interpretert::get_type(const irep_idt &id) const
+{
+  dynamic_typest::const_iterator it=dynamic_types.find(id);
+  if(it==dynamic_types.end())
+    return symbol_table.lookup(id).type;
+  return it->second;
+}
+
+/*******************************************************************\
+
+Function: interpretert::get_value
+
+ Inputs:
+
+ Outputs:
+
+ Purpose: retrives the constant value at memory location offset
+          as an object of type type
+
+\*******************************************************************/
+
+exprt interpretert::get_value(
+  const typet &type,
+  std::size_t offset,
+  bool use_non_det)
+{
+  const typet real_type=ns.follow(type);
+  if(real_type.id()==ID_struct)
+  {
+    exprt result=struct_exprt(real_type);
+    const struct_typet &struct_type=to_struct_type(real_type);
+    const struct_typet::componentst &components=struct_type.components();
+
+    // Retrieve the values for the individual members
+    result.reserve_operands(components.size());
+    for(struct_typet::componentst::const_iterator it=components.begin();
+        it!=components.end(); it++)
+    {
+      size_t size=get_size(it->type());
+      const exprt operand=get_value(it->type(), offset);
+      offset+=size;
+      result.copy_to_operands(operand);
+    }
+    return result;
+  }
+  else if(real_type.id()==ID_array)
+  {
+    // Get size of array
+    exprt result=array_exprt(to_array_type(real_type));
+    const exprt &size_expr=static_cast<const exprt &>(type.find(ID_size));
+    size_t subtype_size=get_size(type.subtype());
+    mp_integer mp_count;
+    to_integer(size_expr, mp_count);
+    unsigned count=integer2unsigned(mp_count);
+
+    // Retrieve the value for each member in the array
+    result.reserve_operands(count);
+    for(unsigned i=0; i<count; i++)
+    {
+      const exprt operand=get_value(type.subtype(),
+          offset+i*subtype_size);
+      result.copy_to_operands(operand);
+    }
+    return result;
+  }
+  if(use_non_det && (memory[offset].initialized>=0))
+    return side_effect_expr_nondett(type);
+  mp_vectort rhs;
+  rhs.push_back(memory[offset].value);
+  return get_value(type, rhs);
+}
+
+/*******************************************************************\
+
+ Function: interpretert::get_value
+
+  Inputs:
+
+ Outputs:
+
+ Purpose: returns the value at offset in the form of type given a
+          memory buffer rhs which is typically a structured type
+
+\*******************************************************************/
+
+exprt interpretert::get_value(
+  const typet &type,
+  mp_vectort &rhs,
+  std::size_t offset)
+{
+  const typet real_type=ns.follow(type);
+  assert(!rhs.empty());
+
+  if(real_type.id()==ID_struct)
+  {
+    exprt result=struct_exprt(real_type);
+    const struct_typet &struct_type=to_struct_type(real_type);
+    const struct_typet::componentst &components=struct_type.components();
+
+    // Retrieve the values for the individual members
+    result.reserve_operands(components.size());
+    for(const struct_union_typet::componentt &expr : components)
+    {
+      size_t size=get_size(expr.type());
+      const exprt operand=get_value(expr.type(), rhs, offset);
+      offset+=size;
+      result.copy_to_operands(operand);
+    }
+    return result;
+  }
+  else if(real_type.id()==ID_array)
+  {
+    exprt result(ID_constant, type);
+    const exprt &size_expr=static_cast<const exprt &>(type.find(ID_size));
+
+    // Get size of array
+    size_t subtype_size=get_size(type.subtype());
+    mp_integer mp_count;
+    to_integer(size_expr, mp_count);
+    unsigned count=integer2unsigned(mp_count);
+
+    // Retrieve the value for each member in the array
+    result.reserve_operands(count);
+    for(unsigned i=0; i<count; i++)
+    {
+      const exprt operand=get_value(type.subtype(), rhs,
+          offset+i*subtype_size);
+      result.copy_to_operands(operand);
+    }
+    return result;
+  }
+  else if(real_type.id()==ID_floatbv)
+  {
+    ieee_floatt f(to_floatbv_type(type));
+    f.unpack(rhs[offset]);
+    return f.to_expr();
+  }
+  else if(real_type.id()==ID_fixedbv)
+  {
+    fixedbvt f;
+    f.from_integer(rhs[offset]);
+    return f.to_expr();
+  }
+  else if(real_type.id()==ID_bool)
+  {
+    if(rhs[offset]!=0)
+      return true_exprt();
+    else
+      false_exprt();
+  }
+  else if(real_type.id()==ID_c_bool)
+  {
+    return from_integer(rhs[offset]!=0?1:0, type);
+  }
+  else if((real_type.id()==ID_pointer) || (real_type.id()==ID_address_of))
+  {
+    if(rhs[offset]==0)
+    {
+      // NULL pointer
+      constant_exprt result(type);
+      result.set_value(ID_NULL);
+      return result;
+    }
+    if(rhs[offset]<memory.size())
+    {
+      // We want the symbol pointed to
+      memory_cellt &cell=memory[integer2unsigned(rhs[offset])];
+      const typet type=get_type(cell.identifier);
+      exprt symbol_expr(ID_symbol, type);
+      symbol_expr.set(ID_identifier, cell.identifier);
+
+      if(cell.offset==0)
+        return address_of_exprt(symbol_expr);
+      if(ns.follow(type).id()==ID_struct)
+      {
+        irep_idt member_id=get_component_id(cell.identifier, cell.offset);
+        member_exprt member_expr(symbol_expr, member_id);
+        return address_of_exprt(member_expr);
+      }
+      index_exprt index_expr(
+        symbol_expr,
+        from_integer(cell.offset, integer_typet()));
+      return index_expr;
+    }
+
+    error() << "interpreter: invalid pointer " << rhs[offset]
+            << " > object count " << memory.size() << eom;
+    throw "interpreter: reading from invalid pointer";
+  }
+  else if(real_type.id()==ID_string)
+  {
+    // Strings are currently encoded by their irep_idt ID.
+    return constant_exprt(
+      irep_idt(rhs[offset].to_long(), 0),
+      type);
+  }
+  // Retrieve value of basic data type
+  return from_integer(rhs[offset], type);
 }
 
 /*******************************************************************\
@@ -298,29 +754,56 @@ Function: interpretert::execute_assign
 
  Outputs:
 
- Purpose:
+ Purpose: executes the assign statement at the current pc value
 
 \*******************************************************************/
 
 void interpretert::execute_assign()
 {
   const code_assignt &code_assign=
-    to_code_assign(PC->code);
+    to_code_assign(pc->code);
 
-  std::vector<mp_integer> rhs;
+  mp_vectort rhs;
   evaluate(code_assign.rhs(), rhs);
 
   if(!rhs.empty())
   {
     mp_integer address=evaluate_address(code_assign.lhs());
-    unsigned size=get_size(code_assign.lhs().type());
+    size_t size=get_size(code_assign.lhs().type());
 
     if(size!=rhs.size())
-      std::cout << "!! failed to obtain rhs ("
-                << rhs.size() << " vs. "
-                << size << ")" << std::endl;
+      error() << "!! failed to obtain rhs ("
+              << rhs.size() << " vs. "
+              << size << ")\n"
+              << eom;
     else
+    {
+      goto_trace_stept &trace_step=steps.get_last_step();
       assign(address, rhs);
+      trace_step.full_lhs=code_assign.lhs();
+
+      // TODO: need to look at other cases on ssa_exprt
+      // (dereference should be handled on ssa)
+      if(ssa_exprt::can_build_identifier(trace_step.full_lhs))
+      {
+        trace_step.lhs_object=ssa_exprt(trace_step.full_lhs);
+      }
+      trace_step.full_lhs_value=get_value(trace_step.full_lhs.type(), rhs);
+      trace_step.lhs_object_value=trace_step.full_lhs_value;
+    }
+  }
+  else if(code_assign.rhs().id()==ID_side_effect)
+  {
+    side_effect_exprt side_effect=to_side_effect_expr(code_assign.rhs());
+    if(side_effect.get_statement()==ID_nondet)
+    {
+      unsigned address=integer2unsigned(evaluate_address(code_assign.lhs()));
+      size_t size=get_size(code_assign.lhs().type());
+      for(size_t i=0; i<size; i++)
+      {
+        memory[address+i].initialized=-1;
+      }
+    }
   }
 }
 
@@ -332,22 +815,30 @@ Function: interpretert::assign
 
  Outputs:
 
- Purpose:
+ Purpose: sets the memory at address with the given rhs value
+          (up to sizeof(rhs))
 
 \*******************************************************************/
 
 void interpretert::assign(
   mp_integer address,
-  const std::vector<mp_integer> &rhs)
+  const mp_vectort &rhs)
 {
-  for(unsigned i=0; i<rhs.size(); i++, ++address)
+  for(size_t i=0; i<rhs.size(); i++)
   {
-    if(address<memory.size())
+    if((address+i)<memory.size())
     {
-      memory_cellt &cell=memory[integer2unsigned(address)];
-      std::cout << "** assigning " << cell.identifier
-                << "[" << cell.offset << "]:=" << rhs[i] << std::endl;
+      memory_cellt &cell=memory[integer2unsigned(address+i)];
+      if(show)
+      {
+        status() << total_steps << " ** assigning "
+                 << cell.identifier << "["
+                 << cell.offset << "]:=" << rhs[i]
+                 << "\n" << eom;
+      }
       cell.value=rhs[i];
+      if(cell.initialized==0)
+        cell.initialized=1;
     }
   }
 }
@@ -366,7 +857,7 @@ Function: interpretert::execute_assume
 
 void interpretert::execute_assume()
 {
-  if(!evaluate_boolean(PC->guard))
+  if(!evaluate_boolean(pc->guard))
     throw "assumption failed";
 }
 
@@ -384,8 +875,14 @@ Function: interpretert::execute_assert
 
 void interpretert::execute_assert()
 {
-  if(!evaluate_boolean(PC->guard))
-    throw "assertion failed";
+  if(!evaluate_boolean(pc->guard))
+  {
+    if((target_assert==pc) || stop_on_assertion)
+      throw "program assertion reached";
+    else if(show)
+      error() << "assertion failed at " << pc->location_number
+              << "\n" << eom;
+  }
 }
 
 /*******************************************************************\
@@ -403,7 +900,7 @@ Function: interpretert::execute_function_call
 void interpretert::execute_function_call()
 {
   const code_function_callt &function_call=
-    to_code_function_call(PC->code);
+    to_code_function_call(pc->code);
 
   // function to be called
   mp_integer a=evaluate_address(function_call.function());
@@ -413,8 +910,12 @@ void interpretert::execute_function_call()
   else if(a>=memory.size())
     throw "out-of-range function call";
 
+  // Retrieve the empty last trace step struct we pushed for this step
+  // of the interpreter run to fill it with the corresponding data
+  goto_trace_stept &trace_step=steps.get_last_step();
   const memory_cellt &cell=memory[integer2size_t(a)];
   const irep_idt &identifier=cell.identifier;
+  trace_step.identifier=identifier;
 
   const goto_functionst::function_mapt::const_iterator f_it=
     goto_functions.function_map.find(identifier);
@@ -432,7 +933,7 @@ void interpretert::execute_function_call()
     return_value_address=0;
 
   // values of the arguments
-  std::vector<std::vector<mp_integer> > argument_values;
+  std::vector<mp_vectort> argument_values;
 
   argument_values.resize(function_call.arguments().size());
 
@@ -446,7 +947,7 @@ void interpretert::execute_function_call()
     call_stack.push(stack_framet());
     stack_framet &frame=call_stack.top();
 
-    frame.return_PC=next_PC;
+    frame.return_pc=next_pc;
     frame.return_function=function;
     frame.old_stack_pointer=stack_pointer;
     frame.return_value_address=return_value_address;
@@ -458,24 +959,7 @@ void interpretert::execute_function_call()
     for(const auto &id : locals)
     {
       const symbolt &symbol=ns.lookup(id);
-      unsigned size=get_size(symbol.type);
-
-      if(size!=0)
-      {
-        frame.local_map[id]=stack_pointer;
-
-        for(unsigned i=0; i<stack_pointer; i++)
-        {
-          unsigned address=stack_pointer+i;
-          if(address>=memory.size())
-            memory.resize(address+1);
-          memory[address].value=0;
-          memory[address].identifier=id;
-          memory[address].offset=i;
-        }
-
-        stack_pointer+=size;
-      }
+      frame.local_map[id]=integer2unsigned(build_memory_map(id, symbol.type));
     }
 
     // assign the arguments
@@ -485,7 +969,7 @@ void interpretert::execute_function_call()
     if(argument_values.size()<parameters.size())
       throw "not enough arguments";
 
-    for(unsigned i=0; i<parameters.size(); i++)
+    for(size_t i=0; i<parameters.size(); i++)
     {
       const code_typet::parametert &a=parameters[i];
       exprt symbol_expr(ID_symbol, a.type());
@@ -494,12 +978,30 @@ void interpretert::execute_function_call()
       assign(evaluate_address(symbol_expr), argument_values[i]);
     }
 
-    // set up new PC
+    // set up new pc
     function=f_it;
-    next_PC=f_it->second.body.instructions.begin();
+    next_pc=f_it->second.body.instructions.begin();
   }
   else
-    throw "no body for "+id2string(identifier);
+  {
+    list_input_varst::iterator it=
+        function_input_vars.find(function_call.function().get(ID_identifier));
+    if(it!=function_input_vars.end())
+    {
+      mp_vectort value;
+      assert(!it->second.empty());
+      assert(!it->second.front().return_assignments.empty());
+      evaluate(it->second.front().return_assignments.back().value, value);
+      if(return_value_address>0)
+      {
+        assign(return_value_address, value);
+      }
+      it->second.pop_front();
+      return;
+    }
+    if(show)
+      error() << "no body for "+id2string(identifier) << eom;
+  }
 }
 
 /*******************************************************************\
@@ -510,7 +1012,7 @@ Function: interpretert::build_memory_map
 
  Outputs:
 
- Purpose:
+ Purpose: Creates a memory map of all static symbols in the program
 
 \*******************************************************************/
 
@@ -520,6 +1022,10 @@ void interpretert::build_memory_map()
   memory.resize(1);
   memory[0].offset=0;
   memory[0].identifier="NULL-OBJECT";
+  memory[0].initialized=0;
+
+  num_dynamic_objects=0;
+  dynamic_types.clear();
 
   // now do regular static symbols
   for(const auto &s : symbol_table.symbols)
@@ -543,7 +1049,7 @@ Function: interpretert::build_memory_map
 
 void interpretert::build_memory_map(const symbolt &symbol)
 {
-  unsigned size=0;
+  size_t size=0;
 
   if(symbol.type.id()==ID_code)
   {
@@ -560,29 +1066,120 @@ void interpretert::build_memory_map(const symbolt &symbol)
     memory.resize(address+size);
     memory_map[symbol.name]=address;
 
-    for(unsigned i=0; i<size; i++)
+    for(size_t i=0; i<size; i++)
     {
       memory_cellt &cell=memory[address+i];
       cell.identifier=symbol.name;
       cell.offset=i;
       cell.value=0;
+      cell.initialized=0;
     }
   }
 }
 
 /*******************************************************************\
 
+Function: interpretert::concretize_type
+
+  Inputs:
+
+ Outputs:
+
+ Purpose: turns a variable length array type into a fixed array type
+
+\*******************************************************************/
+
+typet interpretert::concretize_type(const typet &type)
+{
+  if(type.id()==ID_array)
+  {
+    const exprt &size_expr=static_cast<const exprt &>(type.find(ID_size));
+    mp_vectort computed_size;
+    evaluate(size_expr, computed_size);
+    if(computed_size.size()==1 &&
+       computed_size[0]>=0)
+    {
+      result() << "Concretized array with size " << computed_size[0]
+               << eom;
+      return array_typet(type.subtype(),
+             constant_exprt::integer_constant(computed_size[0].to_ulong()));
+    }
+    else
+    {
+      error() << "Failed to concretize variable array"
+              << eom;
+    }
+  }
+  return type;
+}
+
+/*******************************************************************\
+
+Function: interpretert::build_memory_map
+
+  Inputs:
+
+ Outputs: Updtaes the memory map to include variable id if it does
+          not exist
+
+ Purpose: Populates dynamic entries of the memory map
+
+\*******************************************************************/
+
+mp_integer interpretert::build_memory_map(
+  const irep_idt &id,
+  const typet &type)
+{
+  typet alloc_type=concretize_type(type);
+  size_t size=get_size(alloc_type);
+  auto it=dynamic_types.find(id);
+
+  if(it!=dynamic_types.end())
+  {
+    unsigned offset=1;
+    unsigned address=memory_map[id];
+    while(memory[address+offset].offset>0) offset++;
+
+    // current size <= size already recorded
+    if(size<=offset)
+      return memory_map[id];
+  }
+
+  // The current size is bigger then the one previously recorded
+  // in the memory map
+
+  if(size==0)
+    size=1; // This is a hack to create existence
+
+  unsigned address=memory.size();
+  memory.resize(address+size);
+  memory_map[id]=address;
+  dynamic_types.insert(std::pair<const irep_idt, typet>(id, alloc_type));
+
+  for(size_t i=0; i<size; i++)
+  {
+    memory_cellt &cell=memory[address+i];
+    cell.identifier=id;
+    cell.offset=i;
+    cell.value=0;
+    cell.initialized=0;
+  }
+  return address;
+}
+
+/*******************************************************************\
+
 Function: interpretert::get_size
 
   Inputs:
 
  Outputs:
 
- Purpose:
+ Purpose: Retrieves the actual size of the provided structured type
 
 \*******************************************************************/
 
-unsigned interpretert::get_size(const typet &type) const
+size_t interpretert::get_size(const typet &type)
 {
   if(type.id()==ID_struct)
   {
@@ -606,7 +1203,7 @@ unsigned interpretert::get_size(const typet &type) const
     const union_typet::componentst &components=
       to_union_type(type).components();
 
-    unsigned max_size=0;
+    size_t max_size=0;
 
     for(const auto &comp : components)
     {
@@ -622,20 +1219,56 @@ unsigned interpretert::get_size(const typet &type) const
   {
     const exprt &size_expr=static_cast<const exprt &>(type.find(ID_size));
 
-    unsigned subtype_size=get_size(type.subtype());
+    size_t subtype_size=get_size(type.subtype());
 
-    mp_integer i;
-    if(!to_integer(size_expr, i))
-      return subtype_size*integer2unsigned(i);
-    else
-      return subtype_size;
+    mp_vectort i;
+    evaluate(size_expr, i);
+    if(i.size()==1)
+    {
+      // Go via the binary representation to reproduce any
+      // overflow behaviour.
+      exprt size_const=from_integer(i[0], size_expr.type());
+      mp_integer size_mp;
+      assert(!to_integer(size_const, size_mp));
+      return subtype_size*integer2unsigned(size_mp);
+    }
+    return subtype_size;
   }
   else if(type.id()==ID_symbol)
   {
     return get_size(ns.follow(type));
   }
+  return 1;
+}
+
+/*******************************************************************  \
+
+Function: interpretert::get_value
+
+  Inputs:
+
+ Outputs:
+
+ Purpose:
+
+\*******************************************************************/
+
+exprt interpretert::get_value(const irep_idt &id)
+{
+  // The dynamic type and the static symbol type may differ for VLAs,
+  // where the symbol carries a size expression and the dynamic type
+  // registry contains its actual length.
+  auto findit=dynamic_types.find(id);
+  typet get_type;
+  if(findit!=dynamic_types.end())
+    get_type=findit->second;
   else
-    return 1;
+    get_type=symbol_table.lookup(id).type;
+
+  symbol_exprt symbol_expr(id, get_type);
+  mp_integer whole_lhs_object_address=evaluate_address(symbol_expr);
+
+  return get_value(get_type, integer2unsigned(whole_lhs_object_address));
 }
 
 /*******************************************************************\
@@ -652,8 +1285,39 @@ Function: interpreter
 
 void interpreter(
   const symbol_tablet &symbol_table,
-  const goto_functionst &goto_functions)
+  const goto_functionst &goto_functions,
+  message_handlert &message_handler)
 {
-  interpretert interpreter(symbol_table, goto_functions);
+  interpretert interpreter(
+    symbol_table,
+    goto_functions,
+    message_handler);
   interpreter();
 }
+
+/*******************************************************************\
+
+Function: interpretert::print_memory
+
+  Inputs:
+
+ Outputs:
+
+ Purpose: Prints the current state of the memory map
+          Since messaget mdofifies class members, print functions are nonconst
+
+\*******************************************************************/
+
+void interpretert::print_memory(bool input_flags)
+{
+  for(size_t i=0; i<memory.size(); i++)
+  {
+    memory_cellt &cell=memory[i];
+    debug() << cell.identifier << "[" << cell.offset << "]"
+            << "=" << cell.value << eom;
+    if(input_flags)
+      debug() << "(" << static_cast<int>(cell.initialized) << ")"
+              << eom;
+    debug() << eom;
+  }
+}
diff --git a/src/goto-programs/interpreter.h b/src/goto-programs/interpreter.h
index bf909502793..1888a009969 100644
--- a/src/goto-programs/interpreter.h
+++ b/src/goto-programs/interpreter.h
@@ -9,10 +9,13 @@ Author: Daniel Kroening, kroening@kroening.com
 #ifndef CPROVER_GOTO_PROGRAMS_INTERPRETER_H
 #define CPROVER_GOTO_PROGRAMS_INTERPRETER_H
 
+#include <util/message.h>
+
 #include "goto_functions.h"
 
 void interpreter(
   const symbol_tablet &symbol_table,
-  const goto_functionst &goto_functions);
+  const goto_functionst &goto_functions,
+  message_handlert &message_handler);
 
 #endif // CPROVER_GOTO_PROGRAMS_INTERPRETER_H
diff --git a/src/goto-programs/interpreter_class.h b/src/goto-programs/interpreter_class.h
index 14c429a1a86..83836eea072 100644
--- a/src/goto-programs/interpreter_class.h
+++ b/src/goto-programs/interpreter_class.h
@@ -14,24 +14,93 @@ Author: Daniel Kroening, kroening@kroening.com
 #include <util/arith_tools.h>
 
 #include "goto_functions.h"
+#include "goto_trace.h"
+#include "json_goto_trace.h"
+#include "util/message.h"
 
-class interpretert
+class interpretert:public messaget
 {
 public:
   interpretert(
     const symbol_tablet &_symbol_table,
-    const goto_functionst &_goto_functions):
+    const goto_functionst &_goto_functions,
+    message_handlert &_message_handler):
+    messaget(_message_handler),
     symbol_table(_symbol_table),
     ns(_symbol_table),
-    goto_functions(_goto_functions)
+    goto_functions(_goto_functions),
+    stop_on_assertion(false)
   {
+    show=true;
   }
 
   void operator()();
+  void print_memory(bool input_flags);
+
+  // An assertion that identifier 'id' carries value in some particular context.
+  // Used to record parameter (id) assignment (value) lists for function calls.
+  struct function_assignmentt
+  {
+    irep_idt id;
+    exprt value;
+  };
+
+  // A list of such assignments.
+  typedef std::vector<function_assignmentt> function_assignmentst;
+
+  typedef std::vector<mp_integer> mp_vectort;
+
+  // Maps an assignment id to the name of the parameter being assigned
+  typedef std::pair<irep_idt, irep_idt> assignment_idt;
+
+  // Identifies an expression before and after some change;
+  typedef std::pair<exprt, exprt> diff_pairt;
+
+  // Records a diff between an assignment pre and post conditions
+  typedef std::map<assignment_idt, diff_pairt> side_effects_differencet;
+
+  // A entry in the input_valuest map
+  typedef std::pair<irep_idt, exprt> input_entryt;
+
+  // List of the input variables with their corresponding initial values
+  typedef std::map<irep_idt, exprt> input_valuest;
+
+  // List of dynamically allocated symbols that are not in the symbol table
+  typedef std::map<irep_idt, typet> dynamic_typest;
+
+  // An assignment list annotated with the calling context.
+  struct function_assignments_contextt
+  {
+    irep_idt calling_function;
+    function_assignmentst return_assignments;
+    function_assignmentst param_assignments;
+  };
+
+  // list_input_varst maps function identifiers onto a vector of [name = value]
+  // assignments per call to that function.
+  typedef std::list<function_assignments_contextt>
+          function_assignments_contextst;
+  typedef std::map<irep_idt, std::list<function_assignments_contextt> >
+          list_input_varst;
+
+  const dynamic_typest &get_dynamic_types() { return dynamic_types; }
 
 protected:
+  struct trace_stack_entryt
+  {
+    irep_idt func_name;
+    mp_integer this_address;
+    irep_idt capture_symbol;
+    bool is_super_call;
+    std::vector<interpretert::function_assignmentt> param_values;
+  };
+  typedef std::vector<trace_stack_entryt> trace_stackt;
+
   const symbol_tablet &symbol_table;
+
+  // This is a cache so that we don't have to create it when a call needs it
   const namespacet ns;
+
   const goto_functionst &goto_functions;
 
   typedef std::unordered_map<irep_idt, unsigned, irep_id_hash> memory_mapt;
@@ -43,16 +112,40 @@ class interpretert
     irep_idt identifier;
     unsigned offset;
     mp_integer value;
+    // Initialized is annotated even during reads
+    // Set to 1 when written-before-read, -1 when read-before-written
+    mutable char initialized;
   };
 
   typedef std::vector<memory_cellt> memoryt;
-  memoryt memory;
+  typedef std::map<std::string, const irep_idt &> parameter_sett;
+  // mapping <structure, field> -> value
+  typedef std::pair<const irep_idt, const irep_idt> struct_member_idt;
+  typedef std::map<struct_member_idt, const exprt> struct_valuest;
+
+
+  //  The memory is being annotated/reshaped even during reads
+  //  (ie to find a read-before-write location) thus memory
+  //  properties need to be mutable to avoid making all calls nonconst
+  mutable memoryt memory;
 
   std::size_t stack_pointer;
 
   void build_memory_map();
   void build_memory_map(const symbolt &symbol);
-  unsigned get_size(const typet &type) const;
+  mp_integer build_memory_map(const irep_idt &id, const typet &type);
+  typet concretize_type(const typet &type);
+  size_t get_size(const typet &type);
+
+  irep_idt get_component_id(const irep_idt &object, unsigned offset);
+  typet get_type(const irep_idt &id) const;
+  exprt get_value(
+    const typet &type,
+    std::size_t offset=0,
+    bool use_non_det=false);
+  exprt get_value(const typet &type, mp_vectort &rhs, std::size_t offset=0);
+  exprt get_value(const irep_idt &id);
+
   void step();
 
   void execute_assert();
@@ -62,21 +155,26 @@ class interpretert
   void execute_function_call();
   void execute_other();
   void execute_decl();
+  void clear_input_flags();
+
+  void allocate(
+    mp_integer address,
+    size_t size);
 
   void assign(
     mp_integer address,
-    const std::vector<mp_integer> &rhs);
+    const mp_vectort &rhs);
 
   void read(
     mp_integer address,
-    std::vector<mp_integer> &dest) const;
+    mp_vectort &dest) const;
 
-  void command();
+  virtual void command();
 
   class stack_framet
   {
   public:
-    goto_programt::const_targett return_PC;
+    goto_programt::const_targett return_pc;
     goto_functionst::function_mapt::const_iterator return_function;
     mp_integer return_value_address;
     memory_mapt local_map;
@@ -84,27 +182,56 @@ class interpretert
   };
 
   typedef std::stack<stack_framet> call_stackt;
+
   call_stackt call_stack;
+  input_valuest input_vars;
+  list_input_varst function_input_vars;
 
   goto_functionst::function_mapt::const_iterator function;
-  goto_programt::const_targett PC, next_PC;
+  goto_programt::const_targett pc, next_pc, target_assert;
+  goto_tracet steps;
   bool done;
-
-  bool evaluate_boolean(const exprt &expr) const
+  bool show;
+  bool stop_on_assertion;
+  static const size_t npos;
+  size_t num_steps;
+  size_t total_steps;
+
+  dynamic_typest dynamic_types;
+  int num_dynamic_objects;
+  size_t stack_depth;
+  int thread_id;
+
+  bool evaluate_boolean(const exprt &expr)
   {
-    std::vector<mp_integer> v;
+    mp_vectort v;
     evaluate(expr, v);
     if(v.size()!=1)
       throw "invalid boolean value";
     return v.front()!=0;
   }
 
+  bool count_type_leaves(
+    const typet &source_type,
+    mp_integer &result);
+
+  bool byte_offset_to_memory_offset(
+    const typet &source_type,
+    mp_integer byte_offset,
+    mp_integer &result);
+
+  bool memory_offset_to_byte_offset(
+    const typet &source_type,
+    mp_integer cell_offset,
+    mp_integer &result);
+
   void evaluate(
     const exprt &expr,
-    std::vector<mp_integer> &dest) const;
+    mp_vectort &dest);
 
-  mp_integer evaluate_address(const exprt &expr) const;
+  mp_integer evaluate_address(const exprt &expr, bool fail_quietly=false);
 
+  void initialize(bool init);
   void show_state();
 };
 
diff --git a/src/goto-programs/interpreter_evaluate.cpp b/src/goto-programs/interpreter_evaluate.cpp
index a9d62740cc3..712d4b9d807 100644
--- a/src/goto-programs/interpreter_evaluate.cpp
+++ b/src/goto-programs/interpreter_evaluate.cpp
@@ -8,42 +8,323 @@ Author: Daniel Kroening, kroening@kroening.com
 
 #include <cassert>
 #include <iostream>
+#include <sstream>
 
 #include <util/ieee_float.h>
 #include <util/fixedbv.h>
 #include <util/std_expr.h>
+#include <util/pointer_offset_size.h>
+#include <string.h>
 
 #include "interpreter_class.h"
 
 /*******************************************************************\
 
-Function: interpretert::evaluate
+Function: interpretert::read
 
   Inputs:
 
  Outputs:
 
- Purpose:
+ Purpose: reads a memory address and loads it into the dest variable
+          marks cell as read before written if cell has never been written
 
 \*******************************************************************/
 
 void interpretert::read(
   mp_integer address,
-  std::vector<mp_integer> &dest) const
+  mp_vectort &dest) const
 {
   // copy memory region
-  for(auto &d : dest)
+  for(size_t i=0; i<dest.size(); i++)
   {
     mp_integer value;
 
-    if(address<memory.size())
-      value=memory[integer2size_t(address)].value;
+    if((address+i)<memory.size())
+    {
+      const memory_cellt &cell=memory[integer2size_t(address+i)];
+      value=cell.value;
+      if(cell.initialized==0)
+        cell.initialized=-1;
+    }
     else
       value=0;
 
-    d=value;
+    dest[i]=value;
+  }
+}
+
+/*******************************************************************\
+
+Function: interpretert::allocate
+
+  Inputs:
+
+ Outputs:
+
+ Purpose: reserves memory block of size at address
+
+\*******************************************************************/
+
+void interpretert::allocate(
+  mp_integer address,
+  size_t size)
+{
+  // clear memory region
+  for(size_t i=0; i<size; i++)
+  {
+    if((address+i)<memory.size())
+    {
+      memory_cellt &cell=memory[integer2size_t(address+i)];
+      cell.value=0;
+      cell.initialized=0;
+    }
+  }
+}
+
+/*******************************************************************\
+
+Function: interpretert::clear_input_flags
+
+  Inputs:
+
+ Outputs:
+
+ Purpose: Clears memoy r/w flag initialization
+
+\*******************************************************************/
+
+void interpretert::clear_input_flags()
+{
+  for(const memory_cellt &cell : memory)
+  {
+    if(cell.initialized>0)
+      cell.initialized=0;
+  }
+}
+
+/*******************************************************************\
+
+Function: interpretert::count_type_leaves
+
+  Inputs: Type
+
+ Outputs: Number of leaf primitive types; returns true on error
+
+ Purpose:
+
+\*******************************************************************/
+
+bool interpretert::count_type_leaves(const typet &ty, mp_integer &result)
+{
+  if(ty.id()==ID_struct)
+  {
+    result=0;
+    mp_integer subtype_count;
+    for(const auto &component : to_struct_type(ty).components())
+    {
+      if(count_type_leaves(component.type(), subtype_count))
+        return true;
+      result+=subtype_count;
+    }
+    return false;
+  }
+  else if(ty.id()==ID_array)
+  {
+    const auto &at=to_array_type(ty);
+    mp_vectort array_size_vec;
+    evaluate(at.size(), array_size_vec);
+    if(array_size_vec.size()!=1)
+      return true;
+    mp_integer subtype_count;
+    if(count_type_leaves(at.subtype(), subtype_count))
+      return true;
+    result=array_size_vec[0]*subtype_count;
+    return false;
+  }
+  else
+  {
+    result=1;
+    return false;
+  }
+}
+
+/*******************************************************************\
+
+Function: interpretert::byte_offset_to_memory_offset
+
+  Inputs: 'source_type', 'offset' (unit: bytes),
+
+ Outputs: Offset into a vector of interpreter values; returns true on error
+
+ Purpose: Supposing the caller has an mp_vector representing
+          a value with type 'source_type', this yields the offset into that
+          vector at which to find a value at *byte* address 'offset'.
+          We need this because the interpreter's memory map uses unlabelled
+          variable-width values -- for example, a C value { { 1, 2 }, 3, 4 }
+          of type struct { int x[2]; char y; unsigned long z; }
+          would be represented [1,2,3,4], with the source type needed alongside
+          to figure out which member is targeted by a byte-extract operation.
+
+\*******************************************************************/
+
+bool interpretert::byte_offset_to_memory_offset(
+  const typet &source_type,
+  mp_integer offset,
+  mp_integer &result)
+{
+  if(source_type.id()==ID_struct)
+  {
+    const auto &st=to_struct_type(source_type);
+    const struct_typet::componentst &components=st.components();
+    member_offset_iterator component_offsets(st, ns);
+    mp_integer previous_member_offsets=0;
+    for(; component_offsets->first<components.size() &&
+          component_offsets->second!=-1 &&
+          component_offsets->second<=offset;
+          ++component_offsets)
+    {
+      const auto &component_type=components[component_offsets->first].type();
+      mp_integer component_byte_size=pointer_offset_size(component_type, ns);
+      if(component_byte_size<0)
+        return true;
+      if((component_offsets->second+component_byte_size)>offset)
+      {
+        mp_integer subtype_result;
+        bool ret=byte_offset_to_memory_offset(
+          component_type,
+          offset-(component_offsets->second),
+          subtype_result);
+        result=previous_member_offsets+subtype_result;
+        return ret;
+      }
+      else
+      {
+        mp_integer component_count;
+        if(count_type_leaves(component_type, component_count))
+          return true;
+        previous_member_offsets+=component_count;
+      }
+    }
+    // Ran out of struct members, or struct contained a variable-length field.
+    return true;
+  }
+  else if(source_type.id()==ID_array)
+  {
+    const auto &at=to_array_type(source_type);
+    mp_vectort array_size_vec;
+    evaluate(at.size(), array_size_vec);
+    if(array_size_vec.size()!=1)
+      return true;
+    mp_integer array_size=array_size_vec[0];
+    mp_integer elem_size_bytes=pointer_offset_size(at.subtype(), ns);
+    if(elem_size_bytes<=0)
+      return true;
+    mp_integer elem_size_leaves;
+    if(count_type_leaves(at.subtype(), elem_size_leaves))
+      return true;
+    mp_integer this_idx=offset/elem_size_bytes;
+    if(this_idx>=array_size_vec[0])
+      return true;
+    mp_integer subtype_result;
+    bool ret=byte_offset_to_memory_offset(
+      at.subtype(),
+      offset%elem_size_bytes,
+      subtype_result);
+    result=subtype_result+(elem_size_leaves*this_idx);
+    return ret;
+  }
+  else
+  {
+    result=0;
+    // Can't currently subdivide a primitive.
+    return offset!=0;
+  }
+}
+
+/*******************************************************************\
+
+Function: interpretert::memory_offset_to_byte_offset
 
-    ++address;
+  Inputs: An interpreter memory offset and the type to interpret that memory
+
+ Outputs: The corresponding byte offset. Returns true on error
+
+ Purpose: Similarly to the above, the interpreter's memory objects contain
+          mp_integers that represent variable-sized struct members. This
+          counts the size of type leaves to determine the byte offset
+          corresponding to a memory offset.
+
+\*******************************************************************/
+
+bool interpretert::memory_offset_to_byte_offset(
+  const typet &source_type,
+  mp_integer cell_offset,
+  mp_integer &result)
+{
+  if(source_type.id()==ID_struct)
+  {
+    const auto &st=to_struct_type(source_type);
+    const struct_typet::componentst &components=st.components();
+    member_offset_iterator offsets(st, ns);
+    mp_integer previous_member_sizes;
+    for(; offsets->first<components.size() && offsets->second!=-1; ++offsets)
+    {
+      const auto &component_type=components[offsets->first].type();
+      mp_integer component_count;
+      if(count_type_leaves(component_type, component_count))
+        return true;
+      if(component_count>cell_offset)
+      {
+        mp_integer subtype_result;
+        bool ret=memory_offset_to_byte_offset(
+          component_type,
+          cell_offset,
+          subtype_result);
+        result=previous_member_sizes+subtype_result;
+        return ret;
+      }
+      else
+      {
+        cell_offset-=component_count;
+        mp_integer component_size=pointer_offset_size(component_type, ns);
+        if(component_size<0)
+          return true;
+        previous_member_sizes+=component_size;
+      }
+    }
+    // Ran out of members, or member of indefinite size
+    return true;
+  }
+  else if(source_type.id()==ID_array)
+  {
+    const auto &at=to_array_type(source_type);
+    mp_vectort array_size_vec;
+    evaluate(at.size(), array_size_vec);
+    if(array_size_vec.size()!=1)
+      return true;
+    mp_integer elem_size=pointer_offset_size(at.subtype(), ns);
+    if(elem_size==-1)
+      return true;
+    mp_integer elem_count;
+    if(count_type_leaves(at.subtype(), elem_count))
+      return true;
+    mp_integer this_idx=cell_offset/elem_count;
+    if(this_idx>=array_size_vec[0])
+      return true;
+    mp_integer subtype_result;
+    bool ret=
+      memory_offset_to_byte_offset(at.subtype(),
+        cell_offset%elem_count,
+        subtype_result);
+    result=subtype_result+(elem_size*this_idx);
+    return ret;
+  }
+  else
+  {
+    // Primitive type.
+    result=0;
+    return cell_offset!=0;
   }
 }
 
@@ -61,12 +342,55 @@ Function: interpretert::evaluate
 
 void interpretert::evaluate(
   const exprt &expr,
-  std::vector<mp_integer> &dest) const
+  mp_vectort &dest)
 {
   if(expr.id()==ID_constant)
   {
     if(expr.type().id()==ID_struct)
     {
+      dest.reserve(get_size(expr.type()));
+      bool error=false;
+
+      forall_operands(it, expr)
+      {
+        if(it->type().id()==ID_code)
+          continue;
+
+        size_t sub_size=get_size(it->type());
+        if(sub_size==0)
+          continue;
+
+        mp_vectort tmp;
+        evaluate(*it, tmp);
+
+        if(tmp.size()==sub_size)
+        {
+          for(size_t i=0; i<sub_size; i++)
+            dest.push_back(tmp[i]);
+        }
+        else
+          error=true;
+      }
+
+      if(!error)
+        return;
+
+      dest.clear();
+    }
+    else if((expr.type().id()==ID_pointer)
+         || (expr.type().id()==ID_address_of))
+    {
+      mp_integer i=0;
+      if(expr.has_operands() && expr.op0().id()==ID_address_of)
+      {
+        evaluate(expr.op0(), dest);
+        return;
+      }
+      if(expr.has_operands() && !to_integer(expr.op0(), i))
+      {
+        dest.push_back(i);
+        return;
+      }
     }
     else if(expr.type().id()==ID_floatbv)
     {
@@ -82,11 +406,29 @@ void interpretert::evaluate(
       dest.push_back(f.get_value());
       return;
     }
+    else if(expr.type().id()==ID_c_bool)
+    {
+      const irep_idt &value=to_constant_expr(expr).get_value();
+      dest.push_back(binary2integer(id2string(value), false));
+      return;
+    }
     else if(expr.type().id()==ID_bool)
     {
       dest.push_back(expr.is_true());
       return;
     }
+    else if(expr.type().id()==ID_string)
+    {
+      irep_idt value=to_constant_expr(expr).get_value();
+      const char *str=value.c_str();
+      size_t length=strlen(str)+1;
+      if(show)
+        warning() << "string decoding not fully implemented "
+                  << length << eom;
+      mp_integer tmp=value.get_no();
+      dest.push_back(tmp);
+      return;
+    }
     else
     {
       mp_integer i;
@@ -107,16 +449,16 @@ void interpretert::evaluate(
       if(it->type().id()==ID_code)
         continue;
 
-      unsigned sub_size=get_size(it->type());
+      size_t sub_size=get_size(it->type());
       if(sub_size==0)
         continue;
 
-      std::vector<mp_integer> tmp;
+      mp_vectort tmp;
       evaluate(*it, tmp);
 
       if(tmp.size()==sub_size)
       {
-        for(unsigned i=0; i<sub_size; i++)
+        for(size_t i=0; i<sub_size; i++)
           dest.push_back(tmp[i]);
       }
       else
@@ -128,6 +470,183 @@ void interpretert::evaluate(
 
     dest.clear();
   }
+  else if(expr.id()==ID_side_effect)
+  {
+    side_effect_exprt side_effect=to_side_effect_expr(expr);
+    if(side_effect.get_statement()==ID_nondet)
+    {
+      if(show)
+        error() << "nondet not implemented" << eom;
+      return;
+    }
+    else if(side_effect.get_statement()==ID_malloc)
+    {
+      if(show)
+        error() << "malloc not fully implemented "
+                << expr.type().subtype().pretty()
+                << eom;
+      std::stringstream buffer;
+      num_dynamic_objects++;
+      buffer << "interpreter::malloc_object" << num_dynamic_objects;
+      irep_idt id(buffer.str().c_str());
+      mp_integer address=build_memory_map(id, expr.type().subtype());
+      // TODO: check array of type
+      dest.push_back(address);
+      return;
+    }
+    if(show)
+      error() << "side effect not implemented "
+              << side_effect.get_statement()
+              << eom;
+  }
+  else if(expr.id()==ID_bitor)
+  {
+    if(expr.operands().size()<2)
+      throw id2string(expr.id())+" expects at least two operands";
+
+    mp_integer final=0;
+    forall_operands(it, expr)
+    {
+      mp_vectort tmp;
+      evaluate(*it, tmp);
+      if(tmp.size()==1)
+        final=bitwise_or(final, tmp.front());
+    }
+    dest.push_back(final);
+    return;
+  }
+  else if(expr.id()==ID_bitand)
+  {
+    if(expr.operands().size()<2)
+      throw id2string(expr.id())+" expects at least two operands";
+
+    mp_integer final=-1;
+    forall_operands(it, expr)
+    {
+      mp_vectort tmp;
+      evaluate(*it, tmp);
+      if(tmp.size()==1)
+        final=bitwise_and(final, tmp.front());
+    }
+    dest.push_back(final);
+    return;
+  }
+  else if(expr.id()==ID_bitxor)
+  {
+    if(expr.operands().size()<2)
+      throw id2string(expr.id())+" expects at least two operands";
+
+    mp_integer final=0;
+    forall_operands(it, expr)
+    {
+      mp_vectort tmp;
+      evaluate(*it, tmp);
+      if(tmp.size()==1)
+        final=bitwise_xor(final, tmp.front());
+    }
+    dest.push_back(final);
+    return;
+  }
+  else if(expr.id()==ID_bitnot)
+  {
+    if(expr.operands().size()!=1)
+      throw id2string(expr.id())+" expects one operand";
+    mp_vectort tmp;
+    evaluate(expr.op0(), tmp);
+    if(tmp.size()==1)
+    {
+      dest.push_back(bitwise_neg(tmp.front()));
+      return;
+    }
+  }
+  else if(expr.id()==ID_shl)
+  {
+    if(expr.operands().size()!=2)
+      throw id2string(expr.id())+" expects two operands";
+
+    mp_vectort tmp0, tmp1;
+    evaluate(expr.op0(), tmp0);
+    evaluate(expr.op1(), tmp1);
+    if(tmp0.size()==1 && tmp1.size()==1)
+    {
+      mp_integer final=arith_left_shift(
+        tmp0.front(),
+        tmp1.front(),
+        to_bitvector_type(expr.op0().type()).get_width());
+      dest.push_back(final);
+      return;
+    }
+  }
+  else if((expr.id()==ID_shr) || (expr.id()==ID_lshr))
+  {
+    if(expr.operands().size()!=2)
+      throw id2string(expr.id())+" expects two operands";
+
+    mp_vectort tmp0, tmp1;
+    evaluate(expr.op0(), tmp0);
+    evaluate(expr.op1(), tmp1);
+    if(tmp0.size()==1 && tmp1.size()==1)
+    {
+      mp_integer final=logic_right_shift(
+        tmp0.front(),
+        tmp1.front(),
+        to_bitvector_type(expr.op0().type()).get_width());
+      dest.push_back(final);
+      return;
+    }
+  }
+  else if(expr.id()==ID_ashr)
+  {
+    if(expr.operands().size()!=2)
+      throw id2string(expr.id())+" expects two operands";
+
+    mp_vectort tmp0, tmp1;
+    evaluate(expr.op0(), tmp0);
+    evaluate(expr.op1(), tmp1);
+    if(tmp0.size()==1 && tmp1.size()==1)
+    {
+      mp_integer final=arith_right_shift(
+        tmp0.front(),
+        tmp1.front(),
+        to_bitvector_type(expr.op0().type()).get_width());
+      dest.push_back(final);
+      return;
+    }
+  }
+  else if(expr.id()==ID_ror)
+  {
+    if(expr.operands().size()!=2)
+      throw id2string(expr.id())+" expects two operands";
+
+    mp_vectort tmp0, tmp1;
+    evaluate(expr.op0(), tmp0);
+    evaluate(expr.op1(), tmp1);
+    if(tmp0.size()==1 && tmp1.size()==1)
+    {
+      mp_integer final=rotate_right(tmp0.front(),
+        tmp1.front(),
+        to_bitvector_type(expr.op0().type()).get_width());
+      dest.push_back(final);
+      return;
+    }
+  }
+  else if(expr.id()==ID_rol)
+  {
+    if(expr.operands().size()!=2)
+      throw id2string(expr.id())+" expects two operands";
+
+    mp_vectort tmp0, tmp1;
+    evaluate(expr.op0(), tmp0);
+    evaluate(expr.op1(), tmp1);
+    if(tmp0.size()==1 && tmp1.size()==1)
+    {
+      mp_integer final=rotate_left(tmp0.front(),
+        tmp1.front(),
+        to_bitvector_type(expr.op0().type()).get_width());
+      dest.push_back(final);
+      return;
+    }
+  }
   else if(expr.id()==ID_equal ||
           expr.id()==ID_notequal ||
           expr.id()==ID_le ||
@@ -138,7 +657,7 @@ void interpretert::evaluate(
     if(expr.operands().size()!=2)
       throw id2string(expr.id())+" expects two operands";
 
-    std::vector<mp_integer> tmp0, tmp1;
+    mp_vectort tmp0, tmp1;
     evaluate(expr.op0(), tmp0);
     evaluate(expr.op1(), tmp1);
 
@@ -172,7 +691,7 @@ void interpretert::evaluate(
 
     forall_operands(it, expr)
     {
-      std::vector<mp_integer> tmp;
+      mp_vectort tmp;
       evaluate(*it, tmp);
 
       if(tmp.size()==1 && tmp.front()!=0)
@@ -191,20 +710,20 @@ void interpretert::evaluate(
     if(expr.operands().size()!=3)
       throw "if expects three operands";
 
-    std::vector<mp_integer> tmp0, tmp1, tmp2;
+    mp_vectort tmp0, tmp1;
     evaluate(expr.op0(), tmp0);
-    evaluate(expr.op1(), tmp1);
-    evaluate(expr.op2(), tmp2);
 
-    if(tmp0.size()==1 && tmp1.size()==1 && tmp2.size()==1)
+    if(tmp0.size()==1)
     {
-      const mp_integer &op0=tmp0.front();
-      const mp_integer &op1=tmp1.front();
-      const mp_integer &op2=tmp2.front();
-
-      dest.push_back(op0!=0?op1:op2);
+      if(tmp0.front()!=0)
+        evaluate(expr.op1(), tmp1);
+      else
+        evaluate(expr.op2(), tmp1);
     }
 
+    if(tmp1.size()==1)
+      dest.push_back(tmp1.front());
+
     return;
   }
   else if(expr.id()==ID_and)
@@ -216,7 +735,7 @@ void interpretert::evaluate(
 
     forall_operands(it, expr)
     {
-      std::vector<mp_integer> tmp;
+      mp_vectort tmp;
       evaluate(*it, tmp);
 
       if(tmp.size()==1 && tmp.front()==0)
@@ -235,7 +754,7 @@ void interpretert::evaluate(
     if(expr.operands().size()!=1)
       throw id2string(expr.id())+" expects one operand";
 
-    std::vector<mp_integer> tmp;
+    mp_vectort tmp;
     evaluate(expr.op0(), tmp);
 
     if(tmp.size()==1)
@@ -249,7 +768,7 @@ void interpretert::evaluate(
 
     forall_operands(it, expr)
     {
-      std::vector<mp_integer> tmp;
+      mp_vectort tmp;
       evaluate(*it, tmp);
       if(tmp.size()==1)
         result+=tmp.front();
@@ -281,7 +800,7 @@ void interpretert::evaluate(
 
     forall_operands(it, expr)
     {
-      std::vector<mp_integer> tmp;
+      mp_vectort tmp;
       evaluate(*it, tmp);
       if(tmp.size()==1)
       {
@@ -317,7 +836,7 @@ void interpretert::evaluate(
     if(expr.operands().size()!=2)
       throw "- expects two operands";
 
-    std::vector<mp_integer> tmp0, tmp1;
+    mp_vectort tmp0, tmp1;
     evaluate(expr.op0(), tmp0);
     evaluate(expr.op1(), tmp1);
 
@@ -330,7 +849,7 @@ void interpretert::evaluate(
     if(expr.operands().size()!=2)
       throw "/ expects two operands";
 
-    std::vector<mp_integer> tmp0, tmp1;
+    mp_vectort tmp0, tmp1;
     evaluate(expr.op0(), tmp0);
     evaluate(expr.op1(), tmp1);
 
@@ -343,7 +862,7 @@ void interpretert::evaluate(
     if(expr.operands().size()!=1)
       throw "unary- expects one operand";
 
-    std::vector<mp_integer> tmp0;
+    mp_vectort tmp0;
     evaluate(expr.op0(), tmp0);
 
     if(tmp0.size()==1)
@@ -358,22 +877,130 @@ void interpretert::evaluate(
     dest.push_back(evaluate_address(expr.op0()));
     return;
   }
+  else if(expr.id()==ID_pointer_offset)
+  {
+    if(expr.operands().size()!=1)
+      throw "pointer_offset expects one operand";
+    if(expr.op0().type().id()!=ID_pointer)
+      throw "pointer_offset expects a pointer operand";
+    mp_vectort result;
+    evaluate(expr.op0(), result);
+    if(result.size()==1)
+    {
+      // Return the distance, in bytes, between the address returned
+      // and the beginning of the underlying object.
+      mp_integer address=result[0];
+      if(address>0 && address<memory.size())
+      {
+        const auto &memory_record=memory[integer2unsigned(address)];
+        auto obj_type=get_type(memory_record.identifier);
+
+        mp_integer offset=memory_record.offset;
+        mp_integer byte_offset;
+        if(!memory_offset_to_byte_offset(obj_type, offset, byte_offset))
+          dest.push_back(byte_offset);
+      }
+    }
+    return;
+  }
+  else if(expr.id()==ID_byte_extract_little_endian ||
+          expr.id()==ID_byte_extract_big_endian)
+  {
+    if(expr.operands().size()!=2)
+      throw "byte_extract should have two operands";
+    mp_vectort extract_offset;
+    evaluate(expr.op1(), extract_offset);
+    mp_vectort extract_from;
+    evaluate(expr.op0(), extract_from);
+    if(extract_offset.size()==1 && extract_from.size()!=0)
+    {
+      const typet &target_type=expr.type();
+      mp_integer memory_offset;
+      // If memory offset is found (which should normally be the case)
+      // extract the corresponding data from the appropriate memory location
+      if(!byte_offset_to_memory_offset(
+           expr.op0().type(),
+           extract_offset[0],
+           memory_offset))
+      {
+        mp_integer target_type_leaves;
+        if(!count_type_leaves(target_type, target_type_leaves) &&
+           target_type_leaves>0)
+        {
+          dest.insert(dest.end(),
+            extract_from.begin()+memory_offset.to_long(),
+            extract_from.begin()+(memory_offset+target_type_leaves).to_long());
+          return;
+        }
+      }
+    }
+  }
   else if(expr.id()==ID_dereference ||
           expr.id()==ID_index ||
           expr.id()==ID_symbol ||
           expr.id()==ID_member)
   {
-    mp_integer a=evaluate_address(expr);
-    dest.resize(get_size(expr.type()));
-    read(a, dest);
-    return;
+    mp_integer address=evaluate_address(
+      expr,
+      true); // fail quietly
+    if(address.is_zero() && expr.id()==ID_index)
+    {
+      // Try reading from a constant array:
+      mp_vectort idx;
+      evaluate(expr.op1(), idx);
+      if(idx.size()==1)
+      {
+        mp_integer read_from_index=idx[0];
+        if(expr.op0().id()==ID_array)
+        {
+          const auto &ops=expr.op0().operands();
+          assert(read_from_index.is_long());
+          if(read_from_index>=0 && read_from_index<ops.size())
+          {
+            evaluate(ops[read_from_index.to_long()], dest);
+            if(dest.size()!=0)
+              return;
+          }
+        }
+        else if(expr.op0().id()=="array-list")
+        {
+          // This sort of construct comes from boolbv_get, but doesn't seem
+          // to have an exprt yet. Its operands are a list of key-value pairs.
+          const auto &ops=expr.op0().operands();
+          assert(ops.size()%2==0);
+          for(size_t listidx=0; listidx!=ops.size(); listidx+=2)
+          {
+            mp_vectort elem_idx;
+            evaluate(ops[listidx], elem_idx);
+            assert(elem_idx.size()==1);
+            if(elem_idx[0]==read_from_index)
+            {
+              evaluate(ops[listidx+1], dest);
+              if(dest.size()!=0)
+                return;
+              else
+                break;
+            }
+          }
+          // If we fall out the end of this loop then the constant array-list
+          // didn't define an element matching the index we're looking for.
+        }
+      }
+      evaluate_address(expr); // Evaluate again to print error message.
+    }
+    else if(!address.is_zero())
+    {
+      dest.resize(get_size(expr.type()));
+      read(address, dest);
+      return;
+    }
   }
   else if(expr.id()==ID_typecast)
   {
     if(expr.operands().size()!=1)
       throw "typecast expects one operand";
 
-    std::vector<mp_integer> tmp;
+    mp_vectort tmp;
     evaluate(expr.op0(), tmp);
 
     if(tmp.size()==1)
@@ -399,31 +1026,38 @@ void interpretert::evaluate(
         dest.push_back(binary2integer(s, false));
         return;
       }
-      else if(expr.type().id()==ID_bool)
+      else if((expr.type().id()==ID_bool) || (expr.type().id()==ID_c_bool))
       {
         dest.push_back(value!=0);
         return;
       }
     }
   }
-  else if(expr.id()==ID_ashr)
+  else if((expr.id()==ID_array) || (expr.id()==ID_array_of))
   {
-    if(expr.operands().size()!=2)
-      throw "ashr expects two operands";
-
-    std::vector<mp_integer> tmp0, tmp1;
-    evaluate(expr.op0(), tmp0);
-    evaluate(expr.op1(), tmp1);
-
-    if(tmp0.size()==1 && tmp1.size()==1)
-      dest.push_back(tmp0.front()/power(2, tmp1.front()));
-
+    forall_operands(it, expr)
+    {
+      evaluate(*it, dest);
+    }
     return;
   }
-
-  std::cout << "!! failed to evaluate expression: "
-            << from_expr(ns, function->first, expr)
-            << std::endl;
+  else if(expr.id()==ID_nil)
+  {
+    dest.push_back(0);
+    return;
+  }
+  else if(expr.id()==ID_infinity)
+  {
+    if(expr.type().id()==ID_signedbv)
+    {
+      error() << "Infinite size arrays not supported" << eom;
+      return;
+    }
+  }
+  error() << "!! failed to evaluate expression: "
+          << from_expr(ns, function->first, expr) << "\n"
+          << expr.id() << "[" << expr.type().id() << "]"
+          << eom;
 }
 
 /*******************************************************************\
@@ -438,11 +1072,16 @@ Function: interpretert::evaluate_address
 
 \*******************************************************************/
 
-mp_integer interpretert::evaluate_address(const exprt &expr) const
+mp_integer interpretert::evaluate_address(
+  const exprt &expr,
+  bool fail_quietly)
 {
   if(expr.id()==ID_symbol)
   {
-    const irep_idt &identifier=expr.get(ID_identifier);
+    const irep_idt &identifier=
+      is_ssa_expr(expr) ?
+      to_ssa_expr(expr).get_original_name() :
+      expr.get(ID_identifier);
 
     interpretert::memory_mapt::const_iterator m_it1=
       memory_map.find(identifier);
@@ -458,13 +1097,16 @@ mp_integer interpretert::evaluate_address(const exprt &expr) const
       if(m_it2!=call_stack.top().local_map.end())
         return m_it2->second;
     }
+    mp_integer address=memory.size();
+    build_memory_map(to_symbol_expr(expr).get_identifier(), expr.type());
+    return address;
   }
   else if(expr.id()==ID_dereference)
   {
     if(expr.operands().size()!=1)
       throw "dereference expects one operand";
 
-    std::vector<mp_integer> tmp0;
+    mp_vectort tmp0;
     evaluate(expr.op0(), tmp0);
 
     if(tmp0.size()==1)
@@ -475,11 +1117,15 @@ mp_integer interpretert::evaluate_address(const exprt &expr) const
     if(expr.operands().size()!=2)
       throw "index expects two operands";
 
-    std::vector<mp_integer> tmp1;
+    mp_vectort tmp1;
     evaluate(expr.op1(), tmp1);
 
     if(tmp1.size()==1)
-      return evaluate_address(expr.op0())+tmp1.front();
+    {
+      auto base=evaluate_address(expr.op0(), fail_quietly);
+      if(!base.is_zero())
+        return base+tmp1.front();
+    }
   }
   else if(expr.id()==ID_member)
   {
@@ -502,12 +1148,44 @@ mp_integer interpretert::evaluate_address(const exprt &expr) const
       offset+=get_size(comp.type());
     }
 
-    return evaluate_address(expr.op0())+offset;
+    auto base=evaluate_address(expr.op0(), fail_quietly);
+    if(!base.is_zero())
+      return base+offset;
   }
-
-  std::cout << "!! failed to evaluate address: "
+  else if(expr.id()==ID_byte_extract_little_endian ||
+          expr.id()==ID_byte_extract_big_endian)
+  {
+    if(expr.operands().size()!=2)
+      throw "byte_extract should have two operands";
+    mp_vectort extract_offset;
+    evaluate(expr.op1(), extract_offset);
+    mp_vectort extract_from;
+    evaluate(expr.op0(), extract_from);
+    if(extract_offset.size()==1 && !extract_from.empty())
+    {
+      mp_integer memory_offset;
+      if(!byte_offset_to_memory_offset(expr.op0().type(),
+        extract_offset[0], memory_offset))
+        return evaluate_address(expr.op0(), fail_quietly)+memory_offset;
+    }
+  }
+  else if(expr.id()==ID_if)
+  {
+    mp_vectort result;
+    if_exprt address_cond(
+      expr.op0(),
+      address_of_exprt(expr.op1()),
+      address_of_exprt(expr.op2()));
+    evaluate(address_cond, result);
+    if(result.size()==1)
+      return result[0];
+  }
+  if(!fail_quietly)
+  {
+    error() << "!! failed to evaluate address: "
             << from_expr(ns, function->first, expr)
-            << std::endl;
+            << eom;
+  }
 
   return 0;
 }

From c09db527d36955acb071bfa7d9ebfe63942752d7 Mon Sep 17 00:00:00 2001
From: thk123 <thomas@diffblue.com>
Date: Thu, 1 Dec 2016 16:06:24 +0000
Subject: [PATCH 061/699] Generate stub method for opaque functions

Initial commit making a stub function in the GOTO program for any opaque
functions (i.e. functions for which we don't have a body). This is done
to ensure we can match up the assignments after the opaque function to
the return from the opaque function.
---
 src/util/language.cpp | 85 +++++++++++++++++++++++++++++++++++++++++++
 src/util/language.h   | 10 +++++
 2 files changed, 95 insertions(+)

diff --git a/src/util/language.cpp b/src/util/language.cpp
index 4b4a1ba4ae4..ff2eb4858b4 100644
--- a/src/util/language.cpp
+++ b/src/util/language.cpp
@@ -8,6 +8,8 @@ Author: Daniel Kroening, kroening@kroening.com
 
 #include "language.h"
 #include "expr.h"
+#include <util/symbol.h>
+#include <util/symbol_table.h>
 
 /*******************************************************************\
 
@@ -125,3 +127,86 @@ bool languaget::type_to_name(
   name=type.pretty();
   return false;
 }
+
+/*******************************************************************\
+
+Function: languaget::generate_opaque_method_stubs
+
+  Inputs:
+          symbol_table - the symbol table for the program
+
+ Outputs:
+
+ Purpose: When there are opaque methods (e.g. ones where we don't
+          have a body), we create a stub function in the goto
+          program and mark it as opaque so the interpreter fills in
+          appropriate values for it.
+
+\*******************************************************************/
+
+void languaget::generate_opaque_method_stubs(symbol_tablet &symbol_table)
+{
+  for(auto &symbol_entry : symbol_table.symbols)
+  {
+    if(is_symbol_opaque_function(symbol_entry.second))
+    {
+      symbolt &symbol=symbol_entry.second;
+
+      irep_idt return_symbol_id = generate_opaque_stub_body(
+        symbol,
+        symbol_table);
+
+      if(return_symbol_id!=ID_nil)
+      {
+        symbol.type.set("opaque_method_capture_symbol", return_symbol_id);
+      }
+    }
+  }
+}
+
+/*******************************************************************\
+
+Function: languaget::generate_opaque_stub_body
+
+  Inputs:
+          symbol - the function symbol which is opaque
+          symbol_table - the symbol table
+
+ Outputs: The identifier of the return variable. ID_nil if the function
+          doesn't return anything.
+
+ Purpose: To generate the stub function for the opaque function in
+          question. The identifier is used in the flag to the interpreter
+          that the function is opaque. This function should be implemented
+          in the languages.
+
+\*******************************************************************/
+
+irep_idt languaget::generate_opaque_stub_body(
+  symbolt &symbol,
+  symbol_tablet &symbol_table)
+{
+  return ID_nil;
+}
+
+
+/*******************************************************************\
+
+Function: languaget::is_symbol_opaque_function
+
+  Inputs:
+          symbol - the symbol to be checked
+
+ Outputs: True if the symbol is an opaque (e.g. non-bodied) function
+
+ Purpose: To identify if a given symbol is an opaque function and
+          hence needs to be stubbed
+
+\*******************************************************************/
+
+bool languaget::is_symbol_opaque_function(const symbolt &symbol)
+{
+  return !symbol.is_type &&
+    symbol.value.id()==ID_nil &&
+    symbol.type.id()==ID_code;
+}
diff --git a/src/util/language.h b/src/util/language.h
index b19615496ec..5f284131a0e 100644
--- a/src/util/language.h
+++ b/src/util/language.h
@@ -16,6 +16,7 @@ Author: Daniel Kroening, kroening@kroening.com
 #include "message.h"
 
 class symbol_tablet;
+class symbolt;
 class exprt;
 class namespacet;
 class typet;
@@ -114,5 +115,14 @@ class languaget:public messaget
 
   languaget() { }
   virtual ~languaget() { }
+
+protected:
+  void generate_opaque_method_stubs(symbol_tablet &symbol_table);
+  virtual irep_idt generate_opaque_stub_body(
+    symbolt &symbol,
+    symbol_tablet &symbol_table);
+
+private:
+  bool is_symbol_opaque_function(const symbolt &symbol);
 };
 #endif // CPROVER_UTIL_LANGUAGE_H

From 35d847be9c8248a5f3731220d69daa2051926b8a Mon Sep 17 00:00:00 2001
From: thk123 <thomas@diffblue.com>
Date: Fri, 2 Dec 2016 11:01:14 +0000
Subject: [PATCH 062/699] Don't create stub for CPROVER_ functions

These were having stubs created but they are not opaque functions. This
was because their body gets created after this step.
---
 src/util/language.cpp | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/src/util/language.cpp b/src/util/language.cpp
index ff2eb4858b4..cecc7944f88 100644
--- a/src/util/language.cpp
+++ b/src/util/language.cpp
@@ -10,6 +10,8 @@ Author: Daniel Kroening, kroening@kroening.com
 #include "expr.h"
 #include <util/symbol.h>
 #include <util/symbol_table.h>
+#include <util/prefix.h>
+#include <util/cprover_prefix.h>
 
 /*******************************************************************\
 
@@ -200,13 +202,20 @@ Function: languaget::is_symbol_opaque_function
  Outputs: True if the symbol is an opaque (e.g. non-bodied) function
 
  Purpose: To identify if a given symbol is an opaque function and
-          hence needs to be stubbed
+          hence needs to be stubbed. We explicitly exclude CPROVER
+          functions, if they have no body it is because we haven't
+          generated it yet.
 
 \*******************************************************************/
 
 bool languaget::is_symbol_opaque_function(const symbolt &symbol)
 {
+  // Explictly exclude CPROVER functions since these aren't opaque
+  std::string variable_id_str(symbol.name.c_str());
+  bool is_cprover_function = has_prefix(variable_id_str, CPROVER_PREFIX);
+
   return !symbol.is_type &&
     symbol.value.id()==ID_nil &&
-    symbol.type.id()==ID_code;
+    symbol.type.id()==ID_code &&
+    !is_cprover_function;
 }

From 53f4a9905b82aa8b5abbc0775b4117f4bbd1fe8c Mon Sep 17 00:00:00 2001
From: thk123 <thomas@diffblue.com>
Date: Fri, 2 Dec 2016 12:11:25 +0000
Subject: [PATCH 063/699] Create stub argument identifiers for functions with
 parameters

If opaque functions do not name there parameters, it causes issues later
when we try to call the stub functions. This creates dummy symbols and
names the parameters in the function type.
---
 src/util/language.cpp | 69 +++++++++++++++++++++++++++++++++++++++++++
 src/util/language.h   |  9 +++++-
 2 files changed, 77 insertions(+), 1 deletion(-)

diff --git a/src/util/language.cpp b/src/util/language.cpp
index cecc7944f88..7349b09ed1f 100644
--- a/src/util/language.cpp
+++ b/src/util/language.cpp
@@ -12,6 +12,7 @@ Author: Daniel Kroening, kroening@kroening.com
 #include <util/symbol_table.h>
 #include <util/prefix.h>
 #include <util/cprover_prefix.h>
+#include <util/std_types.h>
 
 /*******************************************************************\
 
@@ -154,6 +155,8 @@ void languaget::generate_opaque_method_stubs(symbol_tablet &symbol_table)
     {
       symbolt &symbol=symbol_entry.second;
 
+      generate_opaque_parameter_symbols(symbol, symbol_table);
+
       irep_idt return_symbol_id = generate_opaque_stub_body(
         symbol,
         symbol_table);
@@ -191,6 +194,36 @@ irep_idt languaget::generate_opaque_stub_body(
   return ID_nil;
 }
 
+/*******************************************************************\
+
+Function: languaget::build_stub_parameter_symbol
+
+  Inputs:
+          function_symbol - the symbol of an opaque function
+          parameter_index - the index of the parameter within the
+                            the parameter list
+          parameter_type - the type of the parameter
+
+ Outputs: A named symbol to be added to the symbol table representing
+          one of the parameters in this opaque function.
+
+ Purpose: To build the parameter symbol and choose its name. This should
+          be implemented in each language.
+
+\*******************************************************************/
+
+parameter_symbolt languaget::build_stub_parameter_symbol(
+  const symbolt &function_symbol,
+  size_t parameter_index,
+  const typet &parameter_type)
+{
+  error() << "language " << id()
+          << " doesn't implement build_stub_parameter_symbol. "
+          << "This means cannot use opaque functions." << eom;
+
+  return parameter_symbolt();
+}
+
 
 /*******************************************************************\
 
@@ -219,3 +252,39 @@ bool languaget::is_symbol_opaque_function(const symbolt &symbol)
     symbol.type.id()==ID_code &&
     !is_cprover_function;
 }
+
+/*******************************************************************\
+
+Function: languaget::generate_opaque_parameter_symbols
+
+  Inputs:
+          function_symbol - the symbol of an opaque function
+          symbol_table - the symbol table to add the new parameter
+                         symbols into
+
+ Outputs:
+
+ Purpose: To create stub parameter symbols for each parameter the
+          function has and assign their IDs into the parameters
+          identifier.
+
+\*******************************************************************/
+
+void languaget::generate_opaque_parameter_symbols(
+  symbolt &function_symbol,
+  symbol_tablet &symbol_table)
+{
+  code_typet &function_type = to_code_type(function_symbol.type);
+  code_typet::parameterst &parameters=function_type.parameters();
+  for(std::size_t i=0; i<parameters.size(); ++i)
+  {
+    code_typet::parametert &param=parameters[i];
+    const parameter_symbolt &param_symbol=
+      build_stub_parameter_symbol(function_symbol, i, param.type());
+
+    param.set_base_name(param_symbol.base_name);
+    param.set_identifier(param_symbol.name);
+
+    symbol_table.add(param_symbol);
+  }
+}
diff --git a/src/util/language.h b/src/util/language.h
index 5f284131a0e..9ec92ebc406 100644
--- a/src/util/language.h
+++ b/src/util/language.h
@@ -12,11 +12,11 @@ Author: Daniel Kroening, kroening@kroening.com
 #include <set>
 #include <iosfwd>
 #include <string>
+#include <util/symbol.h>
 
 #include "message.h"
 
 class symbol_tablet;
-class symbolt;
 class exprt;
 class namespacet;
 class typet;
@@ -122,7 +122,14 @@ class languaget:public messaget
     symbolt &symbol,
     symbol_tablet &symbol_table);
 
+  virtual parameter_symbolt build_stub_parameter_symbol(
+    const symbolt &function_symbol,
+    size_t parameter_index,
+    const typet &parameter_type);
 private:
   bool is_symbol_opaque_function(const symbolt &symbol);
+  void generate_opaque_parameter_symbols(
+    symbolt &function_symbol,
+    symbol_tablet &symbol_table);
 };
 #endif // CPROVER_UTIL_LANGUAGE_H

From 18b1445a911531202d32e39e80994a88daecdef8 Mon Sep 17 00:00:00 2001
From: thk123 <thomas@diffblue.com>
Date: Fri, 2 Dec 2016 12:52:04 +0000
Subject: [PATCH 064/699] Pass the whole parameter in when generating the
 symbol

This allows for the symbol builder to inspect other properties of the
type (e.g. is is a this parameter).
---
 src/util/language.cpp | 4 ++--
 src/util/language.h   | 3 ++-
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/util/language.cpp b/src/util/language.cpp
index 7349b09ed1f..b88a7c2f3c7 100644
--- a/src/util/language.cpp
+++ b/src/util/language.cpp
@@ -215,7 +215,7 @@ Function: languaget::build_stub_parameter_symbol
 parameter_symbolt languaget::build_stub_parameter_symbol(
   const symbolt &function_symbol,
   size_t parameter_index,
-  const typet &parameter_type)
+  const code_typet::parametert &parameter)
 {
   error() << "language " << id()
           << " doesn't implement build_stub_parameter_symbol. "
@@ -280,7 +280,7 @@ void languaget::generate_opaque_parameter_symbols(
   {
     code_typet::parametert &param=parameters[i];
     const parameter_symbolt &param_symbol=
-      build_stub_parameter_symbol(function_symbol, i, param.type());
+      build_stub_parameter_symbol(function_symbol, i, param);
 
     param.set_base_name(param_symbol.base_name);
     param.set_identifier(param_symbol.name);
diff --git a/src/util/language.h b/src/util/language.h
index 9ec92ebc406..214b9ed2813 100644
--- a/src/util/language.h
+++ b/src/util/language.h
@@ -13,6 +13,7 @@ Author: Daniel Kroening, kroening@kroening.com
 #include <iosfwd>
 #include <string>
 #include <util/symbol.h>
+#include <util/std_types.h>
 
 #include "message.h"
 
@@ -125,7 +126,7 @@ class languaget:public messaget
   virtual parameter_symbolt build_stub_parameter_symbol(
     const symbolt &function_symbol,
     size_t parameter_index,
-    const typet &parameter_type);
+    const code_typet::parametert &parameter);
 private:
   bool is_symbol_opaque_function(const symbolt &symbol);
   void generate_opaque_parameter_symbols(

From dddb5522f22955c49fb0ac2488cd74fc1e023bdb Mon Sep 17 00:00:00 2001
From: thk123 <thomas@diffblue.com>
Date: Mon, 5 Dec 2016 14:30:57 +0000
Subject: [PATCH 065/699] Refactored method for generating return symbol name
 to languaget

The name for the return symbol is now generated by languaget. This is so
the name is consistent across different language implementations.
---
 src/util/language.cpp | 22 ++++++++++++++++++++++
 src/util/language.h   |  3 +++
 2 files changed, 25 insertions(+)

diff --git a/src/util/language.cpp b/src/util/language.cpp
index b88a7c2f3c7..d395d063903 100644
--- a/src/util/language.cpp
+++ b/src/util/language.cpp
@@ -224,6 +224,28 @@ parameter_symbolt languaget::build_stub_parameter_symbol(
   return parameter_symbolt();
 }
 
+/*******************************************************************\
+
+Function: languaget::get_stub_return_symbol_name
+
+  Inputs:
+          function_id - the function that has a return value
+
+ Outputs: the identifier to use for the symbol that will store the
+          return value of this function.
+
+ Purpose: To get the name of the symbol to be used for the return value
+          of the function. Generates a name like to_return_function_name
+
+\*******************************************************************/
+
+irep_idt languaget::get_stub_return_symbol_name(const irep_idt &function_id)
+{
+  std::ostringstream return_symbol_name_builder;
+  return_symbol_name_builder << "to_return_" << function_id;
+  return return_symbol_name_builder.str();
+}
+
 
 /*******************************************************************\
 
diff --git a/src/util/language.h b/src/util/language.h
index 214b9ed2813..d78477e8ab4 100644
--- a/src/util/language.h
+++ b/src/util/language.h
@@ -127,6 +127,9 @@ class languaget:public messaget
     const symbolt &function_symbol,
     size_t parameter_index,
     const code_typet::parametert &parameter);
+
+  static irep_idt get_stub_return_symbol_name(const irep_idt &function_id);
+
 private:
   bool is_symbol_opaque_function(const symbolt &symbol);
   void generate_opaque_parameter_symbols(

From e11fd638454fddeefe3ee0cabdef3dcfc1050551 Mon Sep 17 00:00:00 2001
From: thk123 <thomas@diffblue.com>
Date: Tue, 17 Jan 2017 12:43:22 +0000
Subject: [PATCH 066/699] Added a flag for enabling opaque method stubs

As some tests were verifying the functions didn't exist, we need a flag
to turn it on or off. Stubs default to off and are turned on by the flag
--generate-opaque-stubs.

This is an option in CBMC but perhaps it could be applied to other
programs (e.g. applied when compiling C to GOTO).
---
 src/langapi/language_ui.cpp |  4 ++++
 src/util/language.cpp       | 44 +++++++++++++++++++++++++++----------
 src/util/language.h         |  4 ++++
 src/util/language_file.cpp  | 22 +++++++++++++++++++
 src/util/language_file.h    |  2 ++
 5 files changed, 65 insertions(+), 11 deletions(-)

diff --git a/src/langapi/language_ui.cpp b/src/langapi/language_ui.cpp
index 95b5d104a4f..4b0f3fa0d75 100644
--- a/src/langapi/language_ui.cpp
+++ b/src/langapi/language_ui.cpp
@@ -183,6 +183,10 @@ bool language_uit::final()
 {
   language_files.set_message_handler(*message_handler);
 
+  // Enable/disable stub generation for opaque methods
+  bool stubs_enabled=_cmdline.isset("generate-opaque-stubs");
+  language_files.set_should_generate_opaque_method_stubs(stubs_enabled);
+
   if(language_files.final(symbol_table))
   {
     if(get_ui()==ui_message_handlert::PLAIN)
diff --git a/src/util/language.cpp b/src/util/language.cpp
index d395d063903..2b546f365a5 100644
--- a/src/util/language.cpp
+++ b/src/util/language.cpp
@@ -133,6 +133,24 @@ bool languaget::type_to_name(
 
 /*******************************************************************\
 
+Function: languaget::set_should_generate_opaque_method_stubs
+
+  Inputs:
+          should_generate_stubs - Should stub generation be enabled
+
+ Outputs:
+
+ Purpose: Turn on or off stub generation.
+
+\*******************************************************************/
+void languaget::set_should_generate_opaque_method_stubs(
+  bool should_generate_stubs)
+{
+  generate_opaque_stubs=should_generate_stubs;
+}
+
+/*******************************************************************\
+
 Function: languaget::generate_opaque_method_stubs
 
   Inputs:
@@ -143,27 +161,31 @@ Function: languaget::generate_opaque_method_stubs
  Purpose: When there are opaque methods (e.g. ones where we don't
           have a body), we create a stub function in the goto
           program and mark it as opaque so the interpreter fills in
-          appropriate values for it.
+          appropriate values for it. This will only happen if
+          generate_opaque_stubs is enabled.
 
 \*******************************************************************/
 
 void languaget::generate_opaque_method_stubs(symbol_tablet &symbol_table)
 {
-  for(auto &symbol_entry : symbol_table.symbols)
+  if(generate_opaque_stubs)
   {
-    if(is_symbol_opaque_function(symbol_entry.second))
+    for(auto &symbol_entry : symbol_table.symbols)
     {
-      symbolt &symbol=symbol_entry.second;
+      if(is_symbol_opaque_function(symbol_entry.second))
+      {
+        symbolt &symbol=symbol_entry.second;
 
-      generate_opaque_parameter_symbols(symbol, symbol_table);
+        generate_opaque_parameter_symbols(symbol, symbol_table);
 
-      irep_idt return_symbol_id = generate_opaque_stub_body(
-        symbol,
-        symbol_table);
+        irep_idt return_symbol_id=generate_opaque_stub_body(
+          symbol,
+          symbol_table);
 
-      if(return_symbol_id!=ID_nil)
-      {
-        symbol.type.set("opaque_method_capture_symbol", return_symbol_id);
+        if(return_symbol_id!=ID_nil)
+        {
+          symbol.type.set("opaque_method_capture_symbol", return_symbol_id);
+        }
       }
     }
   }
diff --git a/src/util/language.h b/src/util/language.h
index d78477e8ab4..b83bba97c0b 100644
--- a/src/util/language.h
+++ b/src/util/language.h
@@ -112,6 +112,8 @@ class languaget:public messaget
 
   virtual languaget *new_language()=0;
 
+  void set_should_generate_opaque_method_stubs(bool should_generate_stubs);
+
   // constructor / destructor
 
   languaget() { }
@@ -130,6 +132,8 @@ class languaget:public messaget
 
   static irep_idt get_stub_return_symbol_name(const irep_idt &function_id);
 
+  bool generate_opaque_stubs;
+
 private:
   bool is_symbol_opaque_function(const symbolt &symbol);
   void generate_opaque_parameter_symbols(
diff --git a/src/util/language_file.cpp b/src/util/language_file.cpp
index 46f51564b54..b0fbb47c2f9 100644
--- a/src/util/language_file.cpp
+++ b/src/util/language_file.cpp
@@ -93,6 +93,28 @@ void language_filest::show_parse(std::ostream &out)
 
 /*******************************************************************\
 
+Function: language_filest::set_should_generate_opqaue_method_stubs
+
+  Inputs:
+          should_generate_stubs - Should stub generation be enabled
+
+ Outputs:
+
+ Purpose: Turn on or off stub generation for all the languages
+
+\*******************************************************************/
+
+void language_filest::set_should_generate_opaque_method_stubs(
+  bool stubs_enabled)
+{
+  for(file_mapt::value_type &language_file_entry : file_map)
+  {
+    languaget *language=language_file_entry.second.language;
+    language->set_should_generate_opaque_method_stubs(stubs_enabled);
+  }
+}
+
+/*******************************************************************\
 Function: language_filest::parse
 
   Inputs:
diff --git a/src/util/language_file.h b/src/util/language_file.h
index d3184d48697..9fffc7f14f1 100644
--- a/src/util/language_file.h
+++ b/src/util/language_file.h
@@ -75,6 +75,8 @@ class language_filest:public messaget
     file_map.clear();
   }
 
+  void set_should_generate_opaque_method_stubs(bool stubs_enabled);
+
   bool parse();
 
   void show_parse(std::ostream &out);

From a1014a13f642dbbd4d25338af5cd044810eb2e9e Mon Sep 17 00:00:00 2001
From: thk123 <thomas@diffblue.com>
Date: Mon, 16 Jan 2017 17:03:48 +0000
Subject: [PATCH 067/699] Use the system_library_symbols when generating stubs

We don't want to generate stubs for any of these symbols as they have
proper internal implementaions that CBMC knows about.
---
 src/util/language.cpp | 9 +++++----
 src/util/language.h   | 3 +++
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/src/util/language.cpp b/src/util/language.cpp
index 2b546f365a5..5a5eb2417ea 100644
--- a/src/util/language.cpp
+++ b/src/util/language.cpp
@@ -170,6 +170,8 @@ void languaget::generate_opaque_method_stubs(symbol_tablet &symbol_table)
 {
   if(generate_opaque_stubs)
   {
+    system_symbols=system_library_symbolst();
+
     for(auto &symbol_entry : symbol_table.symbols)
     {
       if(is_symbol_opaque_function(symbol_entry.second))
@@ -287,14 +289,13 @@ Function: languaget::is_symbol_opaque_function
 
 bool languaget::is_symbol_opaque_function(const symbolt &symbol)
 {
-  // Explictly exclude CPROVER functions since these aren't opaque
-  std::string variable_id_str(symbol.name.c_str());
-  bool is_cprover_function = has_prefix(variable_id_str, CPROVER_PREFIX);
+  std::set<std::string> headers;
+  bool is_internal=system_symbols.is_symbol_internal_symbol(symbol, headers);
 
   return !symbol.is_type &&
     symbol.value.id()==ID_nil &&
     symbol.type.id()==ID_code &&
-    !is_cprover_function;
+    !is_internal;
 }
 
 /*******************************************************************\
diff --git a/src/util/language.h b/src/util/language.h
index b83bba97c0b..73ead1cd8e4 100644
--- a/src/util/language.h
+++ b/src/util/language.h
@@ -14,6 +14,7 @@ Author: Daniel Kroening, kroening@kroening.com
 #include <string>
 #include <util/symbol.h>
 #include <util/std_types.h>
+#include <goto-programs/system_library_symbols.h>
 
 #include "message.h"
 
@@ -139,5 +140,7 @@ class languaget:public messaget
   void generate_opaque_parameter_symbols(
     symbolt &function_symbol,
     symbol_tablet &symbol_table);
+
+  system_library_symbolst system_symbols;
 };
 #endif // CPROVER_UTIL_LANGUAGE_H

From 4e6b2a290593f74beb146885143a6907b097705e Mon Sep 17 00:00:00 2001
From: thk123 <thomas@diffblue.com>
Date: Thu, 19 Jan 2017 10:54:04 +0000
Subject: [PATCH 068/699] Added comment explaining the type of symbols we
 aren't stubbing

---
 src/util/language.cpp | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/util/language.cpp b/src/util/language.cpp
index 5a5eb2417ea..ddb41979040 100644
--- a/src/util/language.cpp
+++ b/src/util/language.cpp
@@ -290,6 +290,9 @@ Function: languaget::is_symbol_opaque_function
 bool languaget::is_symbol_opaque_function(const symbolt &symbol)
 {
   std::set<std::string> headers;
+  // Don't create stubs for symbols like:
+  // __CPROVER_blah (which aren't real external functions)
+  // and strstr (which we will model for ourselves later)
   bool is_internal=system_symbols.is_symbol_internal_symbol(symbol, headers);
 
   return !symbol.is_type &&

From e2614efa439d3a9084083681440968a351c79ca9 Mon Sep 17 00:00:00 2001
From: thk123 <thomas@diffblue.com>
Date: Tue, 8 Nov 2016 17:03:58 +0000
Subject: [PATCH 069/699] Adding simple regression for struct function

Also made test logs be ignored but git. This test currently fails (correctly) as the integer member of the struct is not being set to the correct value
---
 regression/.gitignore | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 regression/.gitignore

diff --git a/regression/.gitignore b/regression/.gitignore
new file mode 100644
index 00000000000..750ecf9f446
--- /dev/null
+++ b/regression/.gitignore
@@ -0,0 +1 @@
+tests.log

From fa73b8bcb56dfadc496f2ec3d1f1bd4c8429736c Mon Sep 17 00:00:00 2001
From: thk123 <thomas@diffblue.com>
Date: Fri, 9 Dec 2016 16:42:13 +0000
Subject: [PATCH 070/699] Use the symbol in expr2c

---
 src/ansi-c/expr2c.cpp | 46 +++++++++++++++++++++++++++----------------
 1 file changed, 29 insertions(+), 17 deletions(-)

diff --git a/src/ansi-c/expr2c.cpp b/src/ansi-c/expr2c.cpp
index a6975bdab19..5de8c7688b0 100644
--- a/src/ansi-c/expr2c.cpp
+++ b/src/ansi-c/expr2c.cpp
@@ -518,28 +518,40 @@ std::string expr2ct::convert_rec(
   }
   else if(src.id()==ID_symbol)
   {
-    const typet &followed=ns.follow(src);
+    symbol_typet symbolic_type=to_symbol_type(src);
+    const irep_idt &typedef_identifer=symbolic_type.get(ID_typedef);
 
-    if(followed.id()==ID_struct)
+    // Providing we have a valid identifer, we can just use that rather than
+    // trying to find the concrete type
+    if(typedef_identifer!="")
     {
-      std::string dest=q+"struct";
-      const irep_idt &tag=to_struct_type(followed).get_tag();
-      if(tag!="")
-        dest+=" "+id2string(tag);
-      dest+=d;
-      return dest;
+      return q+id2string(typedef_identifer)+d;
     }
-    else if(followed.id()==ID_union)
+    else
     {
-      std::string dest=q+"union";
-      const irep_idt &tag=to_union_type(followed).get_tag();
-      if(tag!="")
-        dest+=" "+id2string(tag);
-      dest+=d;
-      return dest;
+      const typet &followed=ns.follow(src);
+
+      if(followed.id()==ID_struct)
+      {
+        std::string dest=q+"struct";
+        const irep_idt &tag=to_struct_type(followed).get_tag();
+        if(tag!="")
+          dest+=" "+id2string(tag);
+        dest+=d;
+        return dest;
+      }
+      else if(followed.id()==ID_union)
+      {
+        std::string dest=q+"union";
+        const irep_idt &tag=to_union_type(followed).get_tag();
+        if(tag!="")
+          dest+=" "+id2string(tag);
+        dest+=d;
+        return dest;
+      }
+      else
+        return convert_rec(followed, new_qualifiers, declarator);
     }
-    else
-      return convert_rec(followed, new_qualifiers, declarator);
   }
   else if(src.id()==ID_struct_tag)
   {

From 8dd297e5a715697abc8ea9014675507b63201a35 Mon Sep 17 00:00:00 2001
From: thk123 <thomas@diffblue.com>
Date: Fri, 10 Mar 2017 11:28:43 +0000
Subject: [PATCH 071/699] Call the generate_opqaue_stubs from final

This doesn't do anything if it is not enabled
---
 src/ansi-c/ansi_c_language.cpp | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/ansi-c/ansi_c_language.cpp b/src/ansi-c/ansi_c_language.cpp
index dc69515ede2..159b0d6df40 100644
--- a/src/ansi-c/ansi_c_language.cpp
+++ b/src/ansi-c/ansi_c_language.cpp
@@ -196,6 +196,8 @@ Function: ansi_c_languaget::final
 
 bool ansi_c_languaget::final(symbol_tablet &symbol_table)
 {
+  generate_opaque_method_stubs(symbol_table);
+
   if(ansi_c_entry_point(symbol_table, "main", get_message_handler()))
     return true;
 

From 8236166af0d60f4cb74e7be93d567f4d3e4552df Mon Sep 17 00:00:00 2001
From: thk123 <thomas@diffblue.com>
Date: Tue, 7 Mar 2017 18:01:34 +0000
Subject: [PATCH 072/699] Changes to get java compiling

---
 src/java_bytecode/java_entry_point.h      |  2 ++
 src/java_bytecode/java_object_factory.cpp |  3 ++-
 src/java_bytecode/java_object_factory.h   | 10 +++++++++-
 src/java_bytecode/java_types.cpp          | 18 ++++++++++++++++++
 src/java_bytecode/java_types.h            |  2 ++
 5 files changed, 33 insertions(+), 2 deletions(-)

diff --git a/src/java_bytecode/java_entry_point.h b/src/java_bytecode/java_entry_point.h
index e6575734d80..6a1576c6a4c 100644
--- a/src/java_bytecode/java_entry_point.h
+++ b/src/java_bytecode/java_entry_point.h
@@ -11,6 +11,8 @@ Author: Daniel Kroening, kroening@kroening.com
 
 #include <util/irep.h>
 
+#define JAVA_ENTRY_POINT_RETURN_SYMBOL "return'"
+
 bool java_entry_point(
   class symbol_tablet &symbol_table,
   const irep_idt &main_class,
diff --git a/src/java_bytecode/java_object_factory.cpp b/src/java_bytecode/java_object_factory.cpp
index b23e419d216..4cb8b19a496 100644
--- a/src/java_bytecode/java_object_factory.cpp
+++ b/src/java_bytecode/java_object_factory.cpp
@@ -483,7 +483,8 @@ void gen_nondet_init(
   bool create_dyn_objs,
   bool assume_non_null,
   message_handlert &message_handler,
-  size_t max_nondet_array_length)
+  size_t max_nondet_array_length,
+  update_in_placet update_in_place)
 {
   java_object_factoryt state(
     init_code,
diff --git a/src/java_bytecode/java_object_factory.h b/src/java_bytecode/java_object_factory.h
index d111948e365..f0b77b343fb 100644
--- a/src/java_bytecode/java_object_factory.h
+++ b/src/java_bytecode/java_object_factory.h
@@ -22,6 +22,13 @@ exprt object_factory(
   const source_locationt &,
   message_handlert &message_handler);
 
+enum update_in_placet
+{
+  NO_UPDATE_IN_PLACE,
+  MAY_UPDATE_IN_PLACE,
+  MUST_UPDATE_IN_PLACE
+};
+
 void gen_nondet_init(
   const exprt &expr,
   code_blockt &init_code,
@@ -31,7 +38,8 @@ void gen_nondet_init(
   bool create_dynamic_objects,
   bool assume_non_null,
   message_handlert &message_handler,
-  size_t max_nondet_array_length=5);
+  size_t max_nondet_array_length,
+  update_in_placet update_in_place=NO_UPDATE_IN_PLACE);
 
 
 exprt get_nondet_bool(const typet &);
diff --git a/src/java_bytecode/java_types.cpp b/src/java_bytecode/java_types.cpp
index 735a2a0dbfb..9d78c7a36a7 100644
--- a/src/java_bytecode/java_types.cpp
+++ b/src/java_bytecode/java_types.cpp
@@ -9,6 +9,7 @@ Author: Daniel Kroening, kroening@kroening.com
 #include <cassert>
 #include <cctype>
 
+#include <util/prefix.h>
 #include <util/std_types.h>
 #include <util/std_expr.h>
 #include <util/ieee_float.h>
@@ -231,6 +232,23 @@ pointer_typet java_array_type(const char subtype)
 
 /*******************************************************************\
 
+Function: is_java_array_tag
+
+  Inputs: Struct tag 'tag'
+
+ Outputs: True if the given struct is a Java array
+
+ Purpose: See above
+
+\*******************************************************************/
+
+bool is_java_array_tag(const irep_idt& tag)
+{
+  return has_prefix(id2string(tag), "java::array[");
+}
+
+/*******************************************************************\
+
 Function: is_reference_type
 
   Inputs:
diff --git a/src/java_bytecode/java_types.h b/src/java_bytecode/java_types.h
index e283a5acf23..2b32d5fec43 100644
--- a/src/java_bytecode/java_types.h
+++ b/src/java_bytecode/java_types.h
@@ -44,4 +44,6 @@ char java_char_from_type(const typet &type);
 typet java_bytecode_promotion(const typet &);
 exprt java_bytecode_promotion(const exprt &);
 
+bool is_java_array_tag(const irep_idt& tag);
+
 #endif // CPROVER_JAVA_BYTECODE_JAVA_TYPES_H

From 055f515bd47004a6f12a898d1c3d2f1486078932 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Matthias=20G=C3=BCdemann?= <matthias.guedemann@diffblue.com>
Date: Fri, 10 Mar 2017 15:43:40 +0100
Subject: [PATCH 073/699] extend java_bytecode for test-gen-support

---
 .../java_bytecode_convert_method.cpp          |  59 ++
 src/java_bytecode/java_bytecode_language.cpp  |   1 -
 src/java_bytecode/java_bytecode_language.h    |   2 +-
 src/java_bytecode/java_entry_point.cpp        |   5 +-
 src/java_bytecode/java_entry_point.h          |   2 +-
 src/java_bytecode/java_object_factory.cpp     | 516 ++++++++++++------
 src/util/Makefile                             |   2 +-
 src/util/nondet_bool.h                        |  34 ++
 src/util/nondet_ifthenelse.cpp                | 134 +++++
 src/util/nondet_ifthenelse.h                  |  44 ++
 10 files changed, 627 insertions(+), 172 deletions(-)
 create mode 100644 src/util/nondet_bool.h
 create mode 100644 src/util/nondet_ifthenelse.cpp
 create mode 100644 src/util/nondet_ifthenelse.h

diff --git a/src/java_bytecode/java_bytecode_convert_method.cpp b/src/java_bytecode/java_bytecode_convert_method.cpp
index 447b5dacb80..e0ffe460f77 100644
--- a/src/java_bytecode/java_bytecode_convert_method.cpp
+++ b/src/java_bytecode/java_bytecode_convert_method.cpp
@@ -54,6 +54,56 @@ class patternt
   const char *p;
 };
 
+/*******************************************************************\
+
+Function: assign_parameter_names
+
+  Inputs: `ftype`: Function type whose parameters should be named
+          `name_prefix`: Prefix for parameter names, typically the
+            parent function's name.
+          `symbol_table`: Global symbol table
+
+ Outputs: Assigns parameter names (side-effects on `ftype`) to
+          function stub parameters, which are initially nameless
+          as method conversion hasn't happened.
+          Also creates symbols in `symbol_table`.
+
+ Purpose: See above
+
+\*******************************************************************/
+
+void assign_parameter_names(
+  code_typet &ftype,
+  const irep_idt &name_prefix,
+  symbol_tablet &symbol_table)
+{
+  code_typet::parameterst &parameters=ftype.parameters();
+
+  // Mostly borrowed from java_bytecode_convert.cpp; maybe factor this out.
+  // assign names to parameters
+  for(std::size_t i=0; i<parameters.size(); ++i)
+  {
+    irep_idt base_name, identifier;
+
+    if(i==0 && parameters[i].get_this())
+      base_name="this";
+    else
+      base_name="stub_ignored_arg"+std::to_string(i);
+
+    identifier=id2string(name_prefix)+"::"+id2string(base_name);
+    parameters[i].set_base_name(base_name);
+    parameters[i].set_identifier(identifier);
+
+    // add to symbol table
+    parameter_symbolt parameter_symbol;
+    parameter_symbol.base_name=base_name;
+    parameter_symbol.mode=ID_java;
+    parameter_symbol.name=identifier;
+    parameter_symbol.type=parameters[i].type();
+    symbol_table.add(parameter_symbol);
+  }
+}
+
 static bool operator==(const irep_idt &what, const patternt &pattern)
 {
   return pattern==what;
@@ -1216,9 +1266,18 @@ codet java_bytecode_convert_methodt::convert_instructions(
         symbolt symbol;
         symbol.name=id;
         symbol.base_name=arg0.get(ID_C_base_name);
+        symbol.pretty_name=
+          id2string(arg0.get(ID_C_class)).substr(6)+"."+
+          id2string(symbol.base_name)+"()";
         symbol.type=arg0.type();
         symbol.value.make_nil();
         symbol.mode=ID_java;
+
+        assign_parameter_names(
+          to_code_type(symbol.type),
+          symbol.name,
+          symbol_table);
+
         symbol_table.add(symbol);
       }
 
diff --git a/src/java_bytecode/java_bytecode_language.cpp b/src/java_bytecode/java_bytecode_language.cpp
index 668960dbe17..eaae4b50a77 100644
--- a/src/java_bytecode/java_bytecode_language.cpp
+++ b/src/java_bytecode/java_bytecode_language.cpp
@@ -751,7 +751,6 @@ bool java_bytecode_languaget::final(symbol_tablet &symbol_table)
   */
   java_internal_additions(symbol_table);
 
-
   main_function_resultt res=
     get_main_symbol(symbol_table, main_class, get_message_handler());
   if(res.stop_convert)
diff --git a/src/java_bytecode/java_bytecode_language.h b/src/java_bytecode/java_bytecode_language.h
index 643eacd5b7f..48f45e2d39e 100644
--- a/src/java_bytecode/java_bytecode_language.h
+++ b/src/java_bytecode/java_bytecode_language.h
@@ -48,7 +48,7 @@ class java_bytecode_languaget:public languaget
     symbol_tablet &context,
     const std::string &module) override;
 
-  bool final(
+  virtual bool final(
     symbol_tablet &context) override;
 
   void show_parse(std::ostream &out) override;
diff --git a/src/java_bytecode/java_entry_point.cpp b/src/java_bytecode/java_entry_point.cpp
index 44a59091ba2..569a5895bdc 100644
--- a/src/java_bytecode/java_entry_point.cpp
+++ b/src/java_bytecode/java_entry_point.cpp
@@ -289,7 +289,8 @@ void java_record_outputs(
     codet output(ID_output);
     output.operands().resize(2);
 
-    const symbolt &return_symbol=symbol_table.lookup("return'");
+    const symbolt &return_symbol=
+      symbol_table.lookup(JAVA_ENTRY_POINT_RETURN_SYMBOL);
 
     output.op0()=
       address_of_exprt(
@@ -583,7 +584,7 @@ bool java_entry_point(
     auxiliary_symbolt return_symbol;
     return_symbol.mode=ID_C;
     return_symbol.is_static_lifetime=false;
-    return_symbol.name="return'";
+    return_symbol.name=JAVA_ENTRY_POINT_RETURN_SYMBOL;
     return_symbol.base_name="return";
     return_symbol.type=to_code_type(symbol.type).return_type();
 
diff --git a/src/java_bytecode/java_entry_point.h b/src/java_bytecode/java_entry_point.h
index 6a1576c6a4c..69f5023609f 100644
--- a/src/java_bytecode/java_entry_point.h
+++ b/src/java_bytecode/java_entry_point.h
@@ -33,4 +33,4 @@ main_function_resultt get_main_symbol(
   message_handlert &,
   bool allow_no_body=false);
 
-#endif // CPROVER_JAVA_BYTECODE_JAVA_ENTRY_POINT_H
+#endif
diff --git a/src/java_bytecode/java_object_factory.cpp b/src/java_bytecode/java_object_factory.cpp
index 4cb8b19a496..0647b0dd37e 100644
--- a/src/java_bytecode/java_object_factory.cpp
+++ b/src/java_bytecode/java_object_factory.cpp
@@ -15,6 +15,8 @@ Author: Daniel Kroening, kroening@kroening.com
 #include <util/std_expr.h>
 #include <util/message.h>
 #include <util/namespace.h>
+#include <util/nondet_bool.h>
+#include <util/nondet_ifthenelse.h>
 #include <util/pointer_offset_size.h>
 #include <util/prefix.h>
 
@@ -24,18 +26,6 @@ Author: Daniel Kroening, kroening@kroening.com
 #include "java_types.h"
 #include "java_utils.h"
 
-/*******************************************************************\
-
-Function: gen_nondet_init
-
-  Inputs:
-
- Outputs:
-
- Purpose:
-
-\*******************************************************************/
-
 class java_object_factoryt:public messaget
 {
   code_blockt &init_code;
@@ -43,8 +33,18 @@ class java_object_factoryt:public messaget
   bool assume_non_null;
   size_t max_nondet_array_length;
   symbol_tablet &symbol_table;
-  message_handlert &message_handler;
   namespacet ns;
+  const source_locationt &loc;
+
+  void set_null(
+    const exprt &expr,
+    const pointer_typet &ptr_type);
+
+  void gen_pointer_target_init(
+    const exprt &expr,
+    const typet &target_type,
+    bool create_dynamic_objects,
+    update_in_placet update_in_place);
 
 public:
   java_object_factoryt(
@@ -52,38 +52,40 @@ class java_object_factoryt:public messaget
     bool _assume_non_null,
     size_t _max_nondet_array_length,
     symbol_tablet &_symbol_table,
-    message_handlert &_message_handler):
+    message_handlert &_message_handler,
+    const source_locationt &_loc):
+    messaget(_message_handler),
     init_code(_init_code),
     assume_non_null(_assume_non_null),
     max_nondet_array_length(_max_nondet_array_length),
     symbol_table(_symbol_table),
-    message_handler(_message_handler),
-    ns(_symbol_table)
+    ns(_symbol_table),
+    loc(_loc)
     {}
 
   exprt allocate_object(
     const exprt &,
     const typet &,
-    const source_locationt &,
     bool create_dynamic_objects);
 
-  void gen_nondet_array_init(const exprt &expr, const source_locationt &);
+  void gen_nondet_array_init(
+    const exprt &expr,
+    update_in_placet);
 
   void gen_nondet_init(
     const exprt &expr,
     bool is_sub,
     irep_idt class_identifier,
-    const source_locationt &loc,
     bool skip_classid,
     bool create_dynamic_objects,
-    bool override=false,
-    const typet &override_type=empty_typet());
+    bool override,
+    const typet &override_type,
+    update_in_placet);
 };
 
-
 /*******************************************************************\
 
-Function: gen_nondet_array_init
+Function: java_object_factoryt::allocate_object
 
   Inputs: the target expression, desired object type, source location
           and Boolean whether to create a dynamic object
@@ -99,7 +101,6 @@ Function: gen_nondet_array_init
 exprt java_object_factoryt::allocate_object(
   const exprt &target_expr,
   const typet &allocate_type,
-  const source_locationt &loc,
   bool create_dynamic_objects)
 {
   const typet &allocate_type_resolved=ns.follow(allocate_type);
@@ -162,19 +163,142 @@ exprt java_object_factoryt::allocate_object(
   }
 }
 
-// Override type says to ignore the LHS' real type, and init it with the given
-// type regardless. Used at the moment for reference arrays, which are
-// implemented as void* arrays but should be init'd as their true type with
-// appropriate casts.
+/*******************************************************************\
+
+Function: java_object_factoryt::set_null
+
+  Inputs: `expr`: pointer-typed lvalue expression to initialise
+          `ptr_type`: pointer type to write
+
+ Outputs:
+
+ Purpose: Adds an instruction to `init_code` null-initialising
+          `expr`.
+
+\*******************************************************************/
+
+void java_object_factoryt::set_null(
+  const exprt &expr,
+  const pointer_typet &ptr_type)
+{
+  null_pointer_exprt null_pointer_expr(ptr_type);
+  code_assignt code(expr, null_pointer_expr);
+  code.add_source_location()=loc;
+  init_code.move_to_operands(code);
+}
+
+/*******************************************************************\
+
+Function: java_object_factoryt::gen_pointer_target_init
+
+  Inputs: `expr`: pointer-typed lvalue expression to initialise
+          `target_type`: structure type to initialise, which may
+            not match *expr (for example, expr might be void*)
+          `create_dynamic_objects`: if true, use malloc to allocate
+            objects; otherwise generate fresh static symbols.
+          `update_in_place`:
+            NO_UPDATE_IN_PLACE: initialise `expr` from scratch
+            MUST_UPDATE_IN_PLACE: reinitialise an existing object
+            MAY_UPDATE_IN_PLACE: invalid input
+
+ Outputs:
+
+ Purpose: Initialises an object tree rooted at `expr`, allocating
+          child objects as necessary and nondet-initialising their
+          members, or if MUST_UPDATE_IN_PLACE is set, re-initialising
+          already-allocated objects.
+
+\*******************************************************************/
+
+void java_object_factoryt::gen_pointer_target_init(
+  const exprt &expr,
+  const typet &target_type,
+  bool create_dynamic_objects,
+  update_in_placet update_in_place)
+{
+  assert(update_in_place!=MAY_UPDATE_IN_PLACE);
+
+  if(target_type.id()==ID_struct &&
+     has_prefix(
+       id2string(to_struct_type(target_type).get_tag()),
+       "java::array["))
+  {
+    gen_nondet_array_init(
+      expr,
+      update_in_place);
+  }
+  else
+  {
+    exprt target;
+    if(update_in_place==NO_UPDATE_IN_PLACE)
+    {
+      target=allocate_object(
+        expr,
+        target_type,
+        create_dynamic_objects);
+    }
+    else
+    {
+      target=expr;
+    }
+    exprt init_expr;
+    if(target.id()==ID_address_of)
+      init_expr=target.op0();
+    else
+      init_expr=
+        dereference_exprt(target, target.type().subtype());
+    gen_nondet_init(
+      init_expr,
+      false,
+      "",
+      false,
+      create_dynamic_objects,
+      false,
+      typet(),
+      update_in_place);
+  }
+}
+
+/*******************************************************************\
+
+Function: java_object_factoryt::gen_nondet_init
+
+  Inputs: `expr`: lvalue expression to initialise
+          `is_sub`: If true, `expr` is a substructure of a larger
+            object, which in Java necessarily means a base class.
+            not match *expr (for example, expr might be void*)
+          `class_identifier`: clsid to initialise @java.lang.Object.
+            @class_identifier
+          `skip_classid`: if true, skip initialising @class_identifier
+          `create_dynamic_objects`: if true, use malloc to allocate
+            objects; otherwise generate fresh static symbols.
+          `override`: If true, initialise with `override_type` instead
+            of `expr.type()`
+          `override_type`: Override type per above
+          `update_in_place`:
+            NO_UPDATE_IN_PLACE: initialise `expr` from scratch
+            MUST_UPDATE_IN_PLACE: reinitialise an existing object
+            MAY_UPDATE_IN_PLACE: generate a runtime nondet branch
+              between the NO_ and MUST_ cases.
+
+ Outputs:
+
+ Purpose: Initialises a primitive or object tree rooted at `expr`,
+          allocating child objects as necessary and nondet-initialising
+          their members, or if MUST_UPDATE_IN_PLACE is set,
+          re-initialising already-allocated objects.
+
+\*******************************************************************/
+
 void java_object_factoryt::gen_nondet_init(
   const exprt &expr,
   bool is_sub,
   irep_idt class_identifier,
-  const source_locationt &loc,
   bool skip_classid,
   bool create_dynamic_objects,
   bool override,
-  const typet &override_type)
+  const typet &override_type,
+  update_in_placet update_in_place)
 {
   const typet &type=
     override ? ns.follow(override_type) : ns.follow(expr.type());
@@ -193,79 +317,76 @@ void java_object_factoryt::gen_nondet_init(
       if(recursion_set.find(struct_tag)!=recursion_set.end() &&
          struct_tag==class_identifier)
       {
-        // make null
-        null_pointer_exprt null_pointer_expr(pointer_type);
-        code_assignt code(expr, null_pointer_expr);
-        code.add_source_location()=loc;
-        init_code.copy_to_operands(code);
-
+        if(update_in_place==NO_UPDATE_IN_PLACE)
+          set_null(expr, pointer_type);
+        // Otherwise leave it as it is.
         return;
       }
     }
 
-    code_labelt set_null_label;
-    code_labelt init_done_label;
-
-    static size_t synthetic_constructor_count=0;
+    nondet_ifthenelset update_in_place_diamond(
+      init_code,
+      symbol_table,
+      loc,
+      ID_java,
+      "nondet_update_in_place");
 
-    if(!assume_non_null)
+    if(update_in_place==MAY_UPDATE_IN_PLACE ||
+       update_in_place==MUST_UPDATE_IN_PLACE)
     {
-      auto returns_null_sym=
-        new_tmp_symbol(symbol_table, "opaque_returns_null");
-      returns_null_sym.type=c_bool_typet(1);
-      auto returns_null=returns_null_sym.symbol_expr();
-      auto assign_returns_null=
-          code_assignt(returns_null, get_nondet_bool(returns_null_sym.type));
-      assign_returns_null.add_source_location()=loc;
-      init_code.move_to_operands(assign_returns_null);
+      if(update_in_place==MAY_UPDATE_IN_PLACE)
+        update_in_place_diamond.begin_if();
+
+      // If we're trying to update an object in place
+      // but it is null, just leave it alone.
+      static unsigned long null_check_count=0;
+      std::ostringstream oss;
+      oss << "null_check_failed_" << (++null_check_count);
+      code_labelt post_null_check(oss.str(), code_skipt());
+      code_ifthenelset null_check;
+      null_check.cond()=equal_exprt(expr, null_pointer_exprt(pointer_type));
+      null_check.then_case()=code_gotot(post_null_check.get_label());
+      init_code.move_to_operands(null_check);
 
-      auto set_null_inst=
-        code_assignt(expr, null_pointer_exprt(pointer_type));
-      set_null_inst.add_source_location()=loc;
+      gen_pointer_target_init(
+        expr,
+        subtype,
+        create_dynamic_objects,
+        MUST_UPDATE_IN_PLACE);
 
-      std::string fresh_label=
-        "post_synthetic_malloc_"+std::to_string(++synthetic_constructor_count);
-      set_null_label=code_labelt(fresh_label, set_null_inst);
+      init_code.move_to_operands(post_null_check);
 
-      init_done_label=code_labelt(fresh_label+"_init_done", code_skipt());
+      if(update_in_place==MUST_UPDATE_IN_PLACE)
+        return;
 
-      code_ifthenelset null_check;
-      exprt null_return=
-        zero_initializer(returns_null_sym.type, loc, ns, message_handler);
-      null_check.cond()=
-        notequal_exprt(returns_null, null_return);
-      null_check.then_case()=code_gotot(fresh_label);
-      init_code.move_to_operands(null_check);
+      update_in_place_diamond.begin_else();
     }
 
-    if(java_is_array_type(subtype))
-      gen_nondet_array_init(expr, loc);
-    else
-    {
-      exprt allocated=
-        allocate_object(expr, subtype, loc, create_dynamic_objects);
-      {
-        exprt init_expr;
-        if(allocated.id()==ID_address_of)
-          init_expr=allocated.op0();
-        else
-          init_expr=dereference_exprt(allocated, allocated.type().subtype());
-        gen_nondet_init(
-          init_expr,
-          false,
-          "",
-          loc,
-          false,
-          create_dynamic_objects);
-      }
-    }
+    nondet_ifthenelset init_null_diamond(
+      init_code,
+      symbol_table,
+      loc,
+      ID_java,
+      "nondet_ptr_is_null");
 
     if(!assume_non_null)
     {
-      init_code.copy_to_operands(code_gotot(init_done_label.get_label()));
-      init_code.move_to_operands(set_null_label);
-      init_code.move_to_operands(init_done_label);
+      init_null_diamond.begin_if();
+      set_null(expr, pointer_type);
+      init_null_diamond.begin_else();
     }
+
+    gen_pointer_target_init(
+      expr,
+      subtype,
+      create_dynamic_objects,
+      NO_UPDATE_IN_PLACE);
+
+    if(!assume_non_null)
+      init_null_diamond.finish();
+
+    if(update_in_place==MAY_UPDATE_IN_PLACE)
+      update_in_place_diamond.finish();
   }
   else if(type.id()==ID_struct)
   {
@@ -291,7 +412,7 @@ void java_object_factoryt::gen_nondet_init(
 
       if(name=="@class_identifier")
       {
-        if(skip_classid)
+        if(skip_classid || update_in_place==MUST_UPDATE_IN_PLACE)
           continue;
 
         irep_idt qualified_clsid="java::"+as_string(class_identifier);
@@ -302,6 +423,8 @@ void java_object_factoryt::gen_nondet_init(
       }
       else if(name=="@lock")
       {
+        if(update_in_place==MUST_UPDATE_IN_PLACE)
+          continue;
         code_assignt code(me, from_integer(0, me.type()));
         code.add_source_location()=loc;
         init_code.copy_to_operands(code);
@@ -316,13 +439,22 @@ void java_object_factoryt::gen_nondet_init(
           _is_sub?(class_identifier.empty()?struct_tag:class_identifier):"";
 #endif
 
+        // MUST_UPDATE_IN_PLACE only applies to this object.
+        // If this is a pointer to another object, offer the chance
+        // to leave it alone by setting MAY_UPDATE_IN_PLACE instead.
+        update_in_placet substruct_in_place=
+          update_in_place==MUST_UPDATE_IN_PLACE && !_is_sub ?
+          MAY_UPDATE_IN_PLACE :
+          update_in_place;
         gen_nondet_init(
           me,
           _is_sub,
           class_identifier,
-          loc,
           false,
-          create_dynamic_objects);
+          create_dynamic_objects,
+          false,
+          typet(),
+          substruct_in_place);
       }
     }
     recursion_set.erase(struct_tag);
@@ -339,23 +471,28 @@ void java_object_factoryt::gen_nondet_init(
 
 /*******************************************************************\
 
-Function: gen_nondet_array_init
-
-  Inputs:
+Function: java_object_factoryt::gen_nondet_array_init
 
+  Inputs: `expr`: Array-typed expression to initialise
+          `update_in_place`:
+            NO_UPDATE_IN_PLACE: initialise `expr` from scratch
+            MUST_UPDATE_IN_PLACE: reinitialise an existing array
+            MAY_UPDATE_IN_PLACE: invalid input
  Outputs:
 
  Purpose: create code to initialize a Java array with size
           `max_nondet_array_length`, loop over elements and initialize
-          them
+          or reinitialize them
 
 \*******************************************************************/
 
 void java_object_factoryt::gen_nondet_array_init(
   const exprt &expr,
-  const source_locationt &loc)
+  update_in_placet update_in_place)
 {
+  assert(update_in_place!=MAY_UPDATE_IN_PLACE);
   assert(expr.type().id()==ID_pointer);
+
   const typet &type=ns.follow(expr.type().subtype());
   const struct_typet &struct_type=to_struct_type(type);
   assert(expr.type().subtype().id()==ID_symbol);
@@ -365,35 +502,58 @@ void java_object_factoryt::gen_nondet_array_init(
   auto max_length_expr=from_integer(max_nondet_array_length, java_int_type());
 
   typet allocate_type;
-  symbolt &length_sym=new_tmp_symbol(symbol_table, "nondet_array_length");
-  length_sym.type=java_int_type();
-  const auto &length_sym_expr=length_sym.symbol_expr();
-
-  // Initialize array with some undetermined length:
-  gen_nondet_init(length_sym_expr, false, irep_idt(), loc, false, false);
-
-  // Insert assumptions to bound its length:
-  binary_relation_exprt
-    assume1(length_sym_expr, ID_ge, from_integer(0, java_int_type()));
-  binary_relation_exprt
-    assume2(length_sym_expr, ID_le, max_length_expr);
-  code_assumet assume_inst1(assume1);
-  code_assumet assume_inst2(assume2);
-  init_code.move_to_operands(assume_inst1);
-  init_code.move_to_operands(assume_inst2);
-
-  side_effect_exprt java_new_array(ID_java_new_array, expr.type());
-  java_new_array.copy_to_operands(length_sym_expr);
-  java_new_array.type().subtype().set(ID_C_element_type, element_type);
-  codet assign=code_assignt(expr, java_new_array);
-  assign.add_source_location()=loc;
-  init_code.copy_to_operands(assign);
-
-  exprt init_array_expr=
-    member_exprt(
-      dereference_exprt(expr, expr.type().subtype()),
-      "data",
-      struct_type.components()[2].type());
+  exprt length_sym_expr;
+
+  if(update_in_place==NO_UPDATE_IN_PLACE)
+  {
+    symbolt &length_sym=new_tmp_symbol(symbol_table, "nondet_array_length");
+    length_sym.type=java_int_type();
+    length_sym_expr=length_sym.symbol_expr();
+
+    // Initialise array with some undetermined length:
+    gen_nondet_init(
+      length_sym_expr,
+      false,
+      irep_idt(),
+      false,
+      false,
+      false,
+      typet(),
+      NO_UPDATE_IN_PLACE);
+
+    // Insert assumptions to bound its length:
+    binary_relation_exprt assume1(length_sym_expr, ID_ge,
+                                  from_integer(0, java_int_type()));
+    binary_relation_exprt assume2(length_sym_expr, ID_le,
+                                  max_length_expr);
+
+    code_assumet assume_inst1(assume1);
+    code_assumet assume_inst2(assume2);
+    init_code.move_to_operands(assume_inst1);
+    init_code.move_to_operands(assume_inst2);
+
+    side_effect_exprt java_new_array(ID_java_new_array, expr.type());
+    java_new_array.copy_to_operands(length_sym_expr);
+    java_new_array.set(ID_skip_initialize, true);
+    java_new_array.type().subtype().set(ID_C_element_type, element_type);
+    codet assign=code_assignt(expr, java_new_array);
+    assign.add_source_location()=loc;
+    init_code.copy_to_operands(assign);
+  }
+  else
+  {
+    // Update in place. Get existing array length:
+    length_sym_expr=
+      member_exprt(
+        dereference_exprt(expr, expr.type().subtype()),
+        "length",
+        struct_type.component_type("length"));
+  }
+
+  exprt init_array_expr=member_exprt(
+    dereference_exprt(expr, expr.type().subtype()),
+    "data",
+    struct_type.component_type("data"));
   if(init_array_expr.type()!=pointer_typet(element_type))
     init_array_expr=
       typecast_exprt(init_array_expr, pointer_typet(element_type));
@@ -432,27 +592,36 @@ void java_object_factoryt::gen_nondet_array_init(
 
   init_code.move_to_operands(done_test);
 
-  // Add a redundant if(counter == max_length) break that is easier for the
-  // unwinder to understand.
-  code_ifthenelset max_test;
-  max_test.cond()=equal_exprt(counter_expr, max_length_expr);
-  max_test.then_case()=goto_done;
-
-  init_code.move_to_operands(max_test);
+  if(update_in_place!=MUST_UPDATE_IN_PLACE)
+  {
+    // Add a redundant if(counter == max_length) break
+    // that is easier for the unwinder to understand.
+    code_ifthenelset max_test;
+    max_test.cond()=equal_exprt(counter_expr, max_length_expr);
+    max_test.then_case()=goto_done;
+    init_code.move_to_operands(max_test);
+  }
 
   exprt arraycellref=dereference_exprt(
     plus_exprt(array_init_symexpr, counter_expr, array_init_symexpr.type()),
     array_init_symexpr.type().subtype());
 
+  // MUST_UPDATE_IN_PLACE only applies to this object.
+  // If this is a pointer to another object, offer the chance
+  // to leave it alone by setting MAY_UPDATE_IN_PLACE instead.
+  update_in_placet child_update_in_place=
+    update_in_place==MUST_UPDATE_IN_PLACE ?
+    MAY_UPDATE_IN_PLACE :
+    update_in_place;
   gen_nondet_init(
     arraycellref,
     false,
     irep_idt(),
-    loc,
     false,
     true,
     true,
-    element_type);
+    element_type,
+    child_update_in_place);
 
   exprt java_one=from_integer(1, java_int_type());
   code_assignt incr(counter_expr, plus_exprt(counter_expr, java_one));
@@ -466,11 +635,32 @@ void java_object_factoryt::gen_nondet_array_init(
 
 Function: gen_nondet_init
 
-  Inputs:
-
- Outputs:
-
- Purpose:
+  Inputs: `expr`: lvalue expression to initialise
+          `loc`: source location for all generated code
+          `skip_classid`: if true, skip initialising @class_identifier
+          `create_dyn_objs`: if true, use malloc to allocate
+            objects; otherwise generate fresh static symbols.
+          `assume_non_null`: never initialise pointer members with
+            null, unless forced to by recursive datatypes
+          `message_handler`: logging
+          `max_nondet_array_length`: upper bound on size of initialised
+            arrays.
+          `update_in_place`:
+            NO_UPDATE_IN_PLACE: initialise `expr` from scratch
+            MUST_UPDATE_IN_PLACE: reinitialise an existing object
+            MAY_UPDATE_IN_PLACE: generate a runtime nondet branch
+              between the NO_ and MUST_ cases.
+
+ Outputs: `init_code` gets an instruction sequence to initialise or
+          reinitialise `expr` and child objects it refers to.
+          `symbol_table` is modified with any new symbols created. This
+          includes any necessary temporaries, and if `create_dyn_objs`
+          is false, any allocated objects.
+
+ Purpose: Initialises a primitive or object tree rooted at `expr`,
+          allocating child objects as necessary and nondet-initialising
+          their members, or if MAY_ or MUST_UPDATE_IN_PLACE is set,
+          re-initialising already-allocated objects.
 
 \*******************************************************************/
 
@@ -491,23 +681,27 @@ void gen_nondet_init(
     assume_non_null,
     max_nondet_array_length,
     symbol_table,
-    message_handler);
+    message_handler,
+    loc);
   state.gen_nondet_init(
     expr,
     false,
     "",
-    loc,
     skip_classid,
-    create_dyn_objs);
+    create_dyn_objs,
+    false,
+    typet(),
+    update_in_place);
 }
 
 /*******************************************************************\
 
 Function: new_tmp_symbol
 
-  Inputs:
+  Inputs: `prefix`: new symbol name prefix
 
- Outputs:
+ Outputs: A fresh-named symbol is added to `symbol_table` and also
+          returned.
 
  Purpose:
 
@@ -533,32 +727,23 @@ symbolt &new_tmp_symbol(symbol_tablet &symbol_table, const std::string &prefix)
 
 /*******************************************************************\
 
-Function: get_nondet_bool
-
-  Inputs: Desired type (C_bool or plain bool)
-
- Outputs: nondet expr of that type
-
- Purpose:
-
-\*******************************************************************/
-
-exprt get_nondet_bool(const typet &type)
-{
-  // We force this to 0 and 1 and won't consider
-  // other values.
-  return typecast_exprt(side_effect_expr_nondett(bool_typet()), type);
-}
-
-/*******************************************************************\
-
 Function: object_factory
 
-  Inputs:
+  Inputs: `type`: type of new object to create
+          `allow_null`: if true, may return null; otherwise always
+            allocates an object
+          `max_nondet_array_length`: upper bound on size of initialised
+            arrays.
+          `loc`: source location for all generated code
+          `message_handler`: logging
 
- Outputs:
+ Outputs: `symbol_table` gains any new symbols created, as per
+            gen_nondet_init above.
+          `init_code` gains any instructions requried to initialise
+            either the returned value or its child objects
 
- Purpose:
+ Purpose: Similar to `gen_nondet_init` above, but always creates a
+          fresh static global object or primitive nondet expression.
 
 \*******************************************************************/
 
@@ -579,7 +764,6 @@ exprt object_factory(
 
     exprt object=aux_symbol.symbol_expr();
 
-    const namespacet ns(symbol_table);
     gen_nondet_init(
       object,
       init_code,
diff --git a/src/util/Makefile b/src/util/Makefile
index c605d26c747..4cacd3dbc0f 100644
--- a/src/util/Makefile
+++ b/src/util/Makefile
@@ -22,7 +22,7 @@ SRC = arith_tools.cpp base_type.cpp cmdline.cpp config.cpp symbol_table.cpp \
       irep_ids.cpp byte_operators.cpp string2int.cpp file_util.cpp \
       memory_info.cpp pipe_stream.cpp irep_hash.cpp endianness_map.cpp \
       ssa_expr.cpp json_irep.cpp json_expr.cpp \
-      format_number_range.cpp string_utils.cpp
+      format_number_range.cpp string_utils.cpp nondet_ifthenelse.cpp
 
 INCLUDES= -I ..
 
diff --git a/src/util/nondet_bool.h b/src/util/nondet_bool.h
new file mode 100644
index 00000000000..6aee700b889
--- /dev/null
+++ b/src/util/nondet_bool.h
@@ -0,0 +1,34 @@
+/*******************************************************************\
+
+Module: Nondeterministic boolean helper
+
+Author: Chris Smowton, chris@smowton.net
+
+\*******************************************************************/
+
+#ifndef CPROVER_UTIL_NONDET_BOOL_H
+#define CPROVER_UTIL_NONDET_BOOL_H
+
+#include <util/std_types.h>
+#include <util/std_expr.h>
+
+/*******************************************************************\
+
+Function: get_nondet_bool
+
+  Inputs: Desired type (C_bool or plain bool)
+
+ Outputs: nondet expr of that type
+
+ Purpose:
+
+\*******************************************************************/
+
+inline exprt get_nondet_bool(const typet &type)
+{
+  // We force this to 0 and 1 and won't consider
+  // other values.
+  return typecast_exprt(side_effect_expr_nondett(bool_typet()), type);
+}
+
+#endif // CPROVER_UTIL_NONDET_BOOL_H
diff --git a/src/util/nondet_ifthenelse.cpp b/src/util/nondet_ifthenelse.cpp
new file mode 100644
index 00000000000..ae2f9040977
--- /dev/null
+++ b/src/util/nondet_ifthenelse.cpp
@@ -0,0 +1,134 @@
+/*******************************************************************\
+
+Module: Nondeterministic if-then-else
+
+Author: Chris Smowton, chris@smowton.net
+
+\*******************************************************************/
+
+#include "nondet_ifthenelse.h"
+
+#include <sstream>
+
+#include <util/nondet_bool.h>
+#include <util/std_code.h>
+#include <util/std_types.h>
+#include <util/std_expr.h>
+#include <util/symbol_table.h>
+#include <util/source_location.h>
+
+// This will be unified with other similar fresh-symbol routines shortly
+static symbolt &new_tmp_symbol(
+  symbol_tablet &symbol_table,
+  const std::string &prefix,
+  const irep_idt &mode)
+{
+  static size_t temporary_counter=0;
+
+  auxiliary_symbolt new_symbol;
+  symbolt *symbol_ptr;
+
+  do
+  {
+    new_symbol.name="tmp_object_factory$"+std::to_string(++temporary_counter);
+    new_symbol.base_name=new_symbol.name;
+    new_symbol.mode=mode;
+  }
+  while(symbol_table.move(new_symbol, symbol_ptr));
+
+  return *symbol_ptr;
+}
+
+/*******************************************************************\
+
+Function: nondet_ifthenelset::begin_if
+
+  Inputs:
+
+ Outputs:
+
+ Purpose: Emits instructions and defines labels for the beginning of
+          a nondeterministic if-else diamond. Code is emitted to the
+          `result_code` member of this object's associated
+          `java_object_factoryt` instance `state`.
+          The caller should use the following pattern (where *this
+          is an instance of java_object_factoryt):
+          ```
+          nondet_ifthenelset diamond(*this, "name");
+          diamond.begin_if();
+          result_code.copy_to_operands(Some if-branch code)
+          diamond.begin_else();
+          result_code.copy_to_operands(Some else-branch code)
+          diamond.finish();
+          ```
+
+\*******************************************************************/
+
+void nondet_ifthenelset::begin_if()
+{
+  static size_t nondet_ifthenelse_count=0;
+
+  auto choice_sym=
+    new_tmp_symbol(symbol_table, choice_symname, fresh_symbol_mode);
+  choice_sym.type=c_bool_typet(1);
+  auto choice=choice_sym.symbol_expr();
+  auto assign_choice=
+    code_assignt(choice, get_nondet_bool(choice_sym.type));
+  assign_choice.add_source_location()=loc;
+  result_code.move_to_operands(assign_choice);
+
+  std::ostringstream fresh_label_oss;
+  fresh_label_oss << choice_symname << "_else_"
+                  << (++nondet_ifthenelse_count);
+  std::string fresh_label=fresh_label_oss.str();
+  else_label=code_labelt(fresh_label, code_skipt());
+
+  std::ostringstream done_label_oss;
+  done_label_oss << choice_symname << "_done_"
+                 << nondet_ifthenelse_count;
+  join_label=code_labelt(done_label_oss.str(), code_skipt());
+
+  code_ifthenelset test;
+  test.cond()=equal_exprt(
+    choice,
+    constant_exprt("0", choice_sym.type));
+  test.then_case()=code_gotot(fresh_label);
+  result_code.move_to_operands(test);
+}
+
+/*******************************************************************\
+
+Function: nondet_ifthenelset::begin_else
+
+  Inputs:
+
+ Outputs:
+
+ Purpose: Terminates the if-block and begins the else-block of a
+          nondet if-then-else diamond. See ::begin_if for detail.
+
+\*******************************************************************/
+
+void nondet_ifthenelset::begin_else()
+{
+  result_code.copy_to_operands(code_gotot(join_label.get_label()));
+  result_code.copy_to_operands(else_label);
+}
+
+/*******************************************************************\
+
+Function: nondet_ifthenelset::finish
+
+  Inputs:
+
+ Outputs:
+
+ Purpose: Concludes a nondet if-then-else diamond.
+          See ::begin_if for detail.
+
+\*******************************************************************/
+
+void nondet_ifthenelset::finish()
+{
+  result_code.move_to_operands(join_label);
+}
diff --git a/src/util/nondet_ifthenelse.h b/src/util/nondet_ifthenelse.h
new file mode 100644
index 00000000000..c6ee25afcab
--- /dev/null
+++ b/src/util/nondet_ifthenelse.h
@@ -0,0 +1,44 @@
+/*******************************************************************\
+
+Module: Nondeterministic if-then-else
+
+Author: Chris Smowton, chris@smowton.net
+
+\*******************************************************************/
+
+#ifndef CPROVER_UTIL_NONDET_IFTHENELSE_H
+#define CPROVER_UTIL_NONDET_IFTHENELSE_H
+
+#include <util/std_code.h>
+
+class symbol_tablet;
+class source_locationt;
+
+class nondet_ifthenelset
+{
+  code_blockt &result_code;
+  symbol_tablet &symbol_table;
+  const source_locationt &loc;
+  irep_idt fresh_symbol_mode;
+  code_labelt else_label;
+  code_labelt join_label;
+  const std::string choice_symname;
+ public:
+  nondet_ifthenelset(
+    code_blockt &_result_code,
+    symbol_tablet &_symbol_table,
+    const source_locationt &_loc,
+    const irep_idt &_fresh_symbol_mode,
+    const std::string &name) :
+    result_code(_result_code),
+    symbol_table(_symbol_table),
+    loc(_loc),
+    fresh_symbol_mode(_fresh_symbol_mode),
+    choice_symname(name)
+    {}
+  void begin_if();
+  void begin_else();
+  void finish();
+};
+
+#endif // CPROVER_UTIL_NONDET_IFTHENELSE_H

From ae5282bdfc40e1fa2286148d9fea797f3ce5319f Mon Sep 17 00:00:00 2001
From: Lucas Cordeiro <lucasccordeiro@gmail.com>
Date: Fri, 2 Sep 2016 16:28:21 +0100
Subject: [PATCH 074/699] generate goals only if they do not exist in the json
 file

---
 src/goto-instrument/cover.cpp     | 54 ++++++++++++++++++++++++++++---
 src/goto-instrument/cover.h       | 16 +++++++--
 src/symex/symex_parse_options.cpp |  3 +-
 3 files changed, 66 insertions(+), 7 deletions(-)

diff --git a/src/goto-instrument/cover.cpp b/src/goto-instrument/cover.cpp
index 9f1aa347679..b66e4f6f718 100644
--- a/src/goto-instrument/cover.cpp
+++ b/src/goto-instrument/cover.cpp
@@ -96,6 +96,47 @@ class basic_blockst
   }
 };
 
+/*******************************************************************\
+
+Function: coverage_goals::set_goals
+
+  Inputs:
+
+ Outputs:
+
+ Purpose:
+
+\*******************************************************************/
+
+void coverage_goals::set_goals(std::string goal)
+{
+  existing_goals.push_back(goal);
+}
+
+/*******************************************************************\
+
+Function: coverage_goals::get_goals
+
+  Inputs:
+
+ Outputs:
+
+ Purpose:
+
+\*******************************************************************/
+
+const bool coverage_goals::get_goals(const char* goal)
+{
+  std::vector<std::string>::iterator it;
+  it = find (existing_goals.begin(), existing_goals.end(), goal);
+
+  if(it == existing_goals.end())
+    return true;
+  else
+	return false;
+}
+
+
 /*******************************************************************\
 
 Function: as_string
@@ -1108,7 +1149,8 @@ Function: instrument_cover_goals
 void instrument_cover_goals(
   const symbol_tablet &symbol_table,
   goto_programt &goto_program,
-  coverage_criteriont criterion)
+  coverage_criteriont criterion,
+  coverage_goals &goals)
 {
   const namespacet ns(symbol_table);
   basic_blockst basic_blocks(goto_program);
@@ -1176,7 +1218,9 @@ void instrument_cover_goals(
           source_locationt source_location=
             basic_blocks.source_location_map[block_nr];
 
-          if(!source_location.get_file().empty() &&
+          //check whether the current goal already exists
+          if(goals.get_goals(source_location.get_line().c_str()) &&
+		 !source_location.get_file().empty() &&
              source_location.get_file()[0]!='<')
           {
             std::string comment="block "+b;
@@ -1426,7 +1470,8 @@ Function: instrument_cover_goals
 void instrument_cover_goals(
   const symbol_tablet &symbol_table,
   goto_functionst &goto_functions,
-  coverage_criteriont criterion)
+  coverage_criteriont criterion,
+  coverage_goals &goals)
 {
   Forall_goto_functions(f_it, goto_functions)
   {
@@ -1437,6 +1482,7 @@ void instrument_cover_goals(
     instrument_cover_goals(
       symbol_table,
       f_it->second.body,
-      criterion);
+      criterion,
+      goals);
   }
 }
diff --git a/src/goto-instrument/cover.h b/src/goto-instrument/cover.h
index e897c88b753..d301e48880f 100644
--- a/src/goto-instrument/cover.h
+++ b/src/goto-instrument/cover.h
@@ -13,6 +13,16 @@ Date: May 2016
 
 #include <goto-programs/goto_model.h>
 
+class coverage_goals
+{
+public:
+	void set_goals(std::string goal);
+	const bool get_goals(const char* goal);
+
+private:
+	std::vector<std::string> existing_goals;
+};
+
 enum class coverage_criteriont
 {
   LOCATION, BRANCH, DECISION, CONDITION,
@@ -21,11 +31,13 @@ enum class coverage_criteriont
 void instrument_cover_goals(
   const symbol_tablet &symbol_table,
   goto_programt &goto_program,
-  coverage_criteriont);
+  coverage_criteriont,
+  coverage_goals &goals);
 
 void instrument_cover_goals(
   const symbol_tablet &symbol_table,
   goto_functionst &goto_functions,
-  coverage_criteriont);
+  coverage_criteriont,
+  coverage_goals &goals);
 
 #endif // CPROVER_GOTO_INSTRUMENT_COVER_H
diff --git a/src/symex/symex_parse_options.cpp b/src/symex/symex_parse_options.cpp
index 518e64a2ecd..bbae2056513 100644
--- a/src/symex/symex_parse_options.cpp
+++ b/src/symex/symex_parse_options.cpp
@@ -409,7 +409,8 @@ bool symex_parse_optionst::process_goto_program(const optionst &options)
       }
 
       status() << "Instrumenting coverge goals" << eom;
-      instrument_cover_goals(symbol_table, goto_model.goto_functions, c);
+      coverage_goals goals;
+      instrument_cover_goals(symbol_table, goto_model.goto_functions, c, goals);
       goto_model.goto_functions.update();
     }
 

From ead4b237a00c7e76d9c6c3707f5d008fe0f0fe58 Mon Sep 17 00:00:00 2001
From: Lucas Cordeiro <lucasccordeiro@gmail.com>
Date: Mon, 5 Sep 2016 13:14:51 +0100
Subject: [PATCH 075/699] add more test cases to check existing coverage

---
 src/goto-instrument/cover.cpp     | 16 ++++++++--------
 src/goto-instrument/cover.h       | 12 ++++++------
 src/symex/symex_parse_options.cpp |  2 +-
 3 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/src/goto-instrument/cover.cpp b/src/goto-instrument/cover.cpp
index b66e4f6f718..e5d0042bcb5 100644
--- a/src/goto-instrument/cover.cpp
+++ b/src/goto-instrument/cover.cpp
@@ -98,7 +98,7 @@ class basic_blockst
 
 /*******************************************************************\
 
-Function: coverage_goals::set_goals
+Function: coverage_goalst::set_goals
 
   Inputs:
 
@@ -108,14 +108,14 @@ Function: coverage_goals::set_goals
 
 \*******************************************************************/
 
-void coverage_goals::set_goals(std::string goal)
+void coverage_goalst::set_goals(std::string goal)
 {
   existing_goals.push_back(goal);
 }
 
 /*******************************************************************\
 
-Function: coverage_goals::get_goals
+Function: coverage_goalst::is_existing_goal
 
   Inputs:
 
@@ -125,7 +125,7 @@ Function: coverage_goals::get_goals
 
 \*******************************************************************/
 
-const bool coverage_goals::get_goals(const char* goal)
+bool coverage_goalst::is_existing_goal(const char* goal)
 {
   std::vector<std::string>::iterator it;
   it = find (existing_goals.begin(), existing_goals.end(), goal);
@@ -133,7 +133,7 @@ const bool coverage_goals::get_goals(const char* goal)
   if(it == existing_goals.end())
     return true;
   else
-	return false;
+    return false;
 }
 
 
@@ -1150,7 +1150,7 @@ void instrument_cover_goals(
   const symbol_tablet &symbol_table,
   goto_programt &goto_program,
   coverage_criteriont criterion,
-  coverage_goals &goals)
+  coverage_goalst &goals)
 {
   const namespacet ns(symbol_table);
   basic_blockst basic_blocks(goto_program);
@@ -1219,7 +1219,7 @@ void instrument_cover_goals(
             basic_blocks.source_location_map[block_nr];
 
           //check whether the current goal already exists
-          if(goals.get_goals(source_location.get_line().c_str()) &&
+          if(goals.is_existing_goal(source_location.get_line().c_str()) &&
 		 !source_location.get_file().empty() &&
              source_location.get_file()[0]!='<')
           {
@@ -1471,7 +1471,7 @@ void instrument_cover_goals(
   const symbol_tablet &symbol_table,
   goto_functionst &goto_functions,
   coverage_criteriont criterion,
-  coverage_goals &goals)
+  coverage_goalst &goals)
 {
   Forall_goto_functions(f_it, goto_functions)
   {
diff --git a/src/goto-instrument/cover.h b/src/goto-instrument/cover.h
index d301e48880f..623dd4387f9 100644
--- a/src/goto-instrument/cover.h
+++ b/src/goto-instrument/cover.h
@@ -13,14 +13,14 @@ Date: May 2016
 
 #include <goto-programs/goto_model.h>
 
-class coverage_goals
+class coverage_goalst
 {
 public:
-	void set_goals(std::string goal);
-	const bool get_goals(const char* goal);
+  void set_goals(std::string goal);
+  bool is_existing_goal(const char* goal);
 
 private:
-	std::vector<std::string> existing_goals;
+  std::vector<std::string> existing_goals;
 };
 
 enum class coverage_criteriont
@@ -32,12 +32,12 @@ void instrument_cover_goals(
   const symbol_tablet &symbol_table,
   goto_programt &goto_program,
   coverage_criteriont,
-  coverage_goals &goals);
+  coverage_goalst &goals);
 
 void instrument_cover_goals(
   const symbol_tablet &symbol_table,
   goto_functionst &goto_functions,
   coverage_criteriont,
-  coverage_goals &goals);
+  coverage_goalst &goals);
 
 #endif // CPROVER_GOTO_INSTRUMENT_COVER_H
diff --git a/src/symex/symex_parse_options.cpp b/src/symex/symex_parse_options.cpp
index bbae2056513..d1343da3eb3 100644
--- a/src/symex/symex_parse_options.cpp
+++ b/src/symex/symex_parse_options.cpp
@@ -409,7 +409,7 @@ bool symex_parse_optionst::process_goto_program(const optionst &options)
       }
 
       status() << "Instrumenting coverge goals" << eom;
-      coverage_goals goals;
+      coverage_goalst goals;
       instrument_cover_goals(symbol_table, goto_model.goto_functions, c, goals);
       goto_model.goto_functions.update();
     }

From b128a597e5f9bb8a795688586bff60068cae3f3b Mon Sep 17 00:00:00 2001
From: Lucas Cordeiro <lucasccordeiro@gmail.com>
Date: Tue, 6 Sep 2016 10:11:28 +0100
Subject: [PATCH 076/699] default variant of instrument_cover_goals that uses
 an empty set of existing goals

Signed-off-by: Lucas Cordeiro <lucasccordeiro@gmail.com>
---
 src/goto-instrument/cover.cpp     | 30 ++++++++++++++++++++++++++++++
 src/goto-instrument/cover.h       |  5 +++++
 src/symex/symex_parse_options.cpp |  3 +--
 3 files changed, 36 insertions(+), 2 deletions(-)

diff --git a/src/goto-instrument/cover.cpp b/src/goto-instrument/cover.cpp
index e5d0042bcb5..a33c7f462eb 100644
--- a/src/goto-instrument/cover.cpp
+++ b/src/goto-instrument/cover.cpp
@@ -1486,3 +1486,33 @@ void instrument_cover_goals(
       goals);
   }
 }
+
+/*******************************************************************\
+
+Function: instrument_cover_goals
+
+  Inputs:
+
+ Outputs:
+
+ Purpose:
+
+\*******************************************************************/
+
+void instrument_cover_goals(
+  const symbol_tablet &symbol_table,
+  goto_functionst &goto_functions,
+  coverage_criteriont criterion)
+{
+  Forall_goto_functions(f_it, goto_functions)
+  {
+    if(f_it->first==ID__start ||
+       f_it->first=="__CPROVER_initialize")
+      continue;
+
+    //empty set of existing goals
+    coverage_goalst goals;
+    instrument_cover_goals(symbol_table, f_it->second.body,
+					   criterion, goals);
+  }
+}
diff --git a/src/goto-instrument/cover.h b/src/goto-instrument/cover.h
index 623dd4387f9..547cef5b19c 100644
--- a/src/goto-instrument/cover.h
+++ b/src/goto-instrument/cover.h
@@ -40,4 +40,9 @@ void instrument_cover_goals(
   coverage_criteriont,
   coverage_goalst &goals);
 
+void instrument_cover_goals(
+  const symbol_tablet &symbol_table,
+  goto_functionst &goto_functions,
+  coverage_criteriont);
+
 #endif // CPROVER_GOTO_INSTRUMENT_COVER_H
diff --git a/src/symex/symex_parse_options.cpp b/src/symex/symex_parse_options.cpp
index d1343da3eb3..518e64a2ecd 100644
--- a/src/symex/symex_parse_options.cpp
+++ b/src/symex/symex_parse_options.cpp
@@ -409,8 +409,7 @@ bool symex_parse_optionst::process_goto_program(const optionst &options)
       }
 
       status() << "Instrumenting coverge goals" << eom;
-      coverage_goalst goals;
-      instrument_cover_goals(symbol_table, goto_model.goto_functions, c, goals);
+      instrument_cover_goals(symbol_table, goto_model.goto_functions, c);
       goto_model.goto_functions.update();
     }
 

From 143b53e77fca7afde6f05f7e49e8fb7d8dd3b025 Mon Sep 17 00:00:00 2001
From: Lucas Cordeiro <lucasccordeiro@gmail.com>
Date: Tue, 6 Sep 2016 10:19:04 +0100
Subject: [PATCH 077/699] a goal should be identified by a source_locationt

Signed-off-by: Lucas Cordeiro <lucasccordeiro@gmail.com>
---
 src/goto-instrument/cover.cpp | 7 ++++---
 src/goto-instrument/cover.h   | 2 +-
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/goto-instrument/cover.cpp b/src/goto-instrument/cover.cpp
index a33c7f462eb..51a35b1854b 100644
--- a/src/goto-instrument/cover.cpp
+++ b/src/goto-instrument/cover.cpp
@@ -125,10 +125,11 @@ Function: coverage_goalst::is_existing_goal
 
 \*******************************************************************/
 
-bool coverage_goalst::is_existing_goal(const char* goal)
+bool coverage_goalst::is_existing_goal(source_locationt source_location)
 {
   std::vector<std::string>::iterator it;
-  it = find (existing_goals.begin(), existing_goals.end(), goal);
+  it = find (existing_goals.begin(), existing_goals.end(),
+		  source_location.get_line().c_str());
 
   if(it == existing_goals.end())
     return true;
@@ -1219,7 +1220,7 @@ void instrument_cover_goals(
             basic_blocks.source_location_map[block_nr];
 
           //check whether the current goal already exists
-          if(goals.is_existing_goal(source_location.get_line().c_str()) &&
+          if(goals.is_existing_goal(source_location) &&
 		 !source_location.get_file().empty() &&
              source_location.get_file()[0]!='<')
           {
diff --git a/src/goto-instrument/cover.h b/src/goto-instrument/cover.h
index 547cef5b19c..cb88eee166c 100644
--- a/src/goto-instrument/cover.h
+++ b/src/goto-instrument/cover.h
@@ -17,7 +17,7 @@ class coverage_goalst
 {
 public:
   void set_goals(std::string goal);
-  bool is_existing_goal(const char* goal);
+  bool is_existing_goal(source_locationt source_location);
 
 private:
   std::vector<std::string> existing_goals;

From f70eadf6ce88c77a7432c433a31b1527d6bb8eec Mon Sep 17 00:00:00 2001
From: Lucas Cordeiro <lucasccordeiro@gmail.com>
Date: Tue, 6 Sep 2016 14:28:24 +0100
Subject: [PATCH 078/699] implement get_coverage method

Signed-off-by: Lucas Cordeiro <lucasccordeiro@gmail.com>
---
 src/goto-instrument/Makefile  |  1 +
 src/goto-instrument/cover.cpp | 58 +++++++++++++++++++++++++++++++++++
 src/goto-instrument/cover.h   |  2 ++
 src/symex/Makefile            |  1 +
 4 files changed, 62 insertions(+)

diff --git a/src/goto-instrument/Makefile b/src/goto-instrument/Makefile
index 65cb278a7fc..df45e7612fe 100644
--- a/src/goto-instrument/Makefile
+++ b/src/goto-instrument/Makefile
@@ -37,6 +37,7 @@ OBJ += ../ansi-c/ansi-c$(LIBEXT) \
       ../langapi/langapi$(LIBEXT) \
       ../xmllang/xmllang$(LIBEXT) \
       ../util/util$(LIBEXT) \
+      ../json/json$(LIBEXT) \
       ../solvers/solvers$(LIBEXT)
 
 INCLUDES= -I ..
diff --git a/src/goto-instrument/cover.cpp b/src/goto-instrument/cover.cpp
index 51a35b1854b..701e7704bfc 100644
--- a/src/goto-instrument/cover.cpp
+++ b/src/goto-instrument/cover.cpp
@@ -16,6 +16,8 @@ Date: May 2016
 #include <util/prefix.h>
 #include <util/string2int.h>
 
+#include <json/json_parser.h>
+
 #include "cover.h"
 
 class basic_blockst
@@ -98,6 +100,62 @@ class basic_blockst
 
 /*******************************************************************\
 
+Function: coverage_goalst::get_coverage
+
+  Inputs:
+
+ Outputs:
+
+ Purpose:
+
+\*******************************************************************/
+
+void coverage_goalst::get_coverage(const std::string &coverage,
+                                   message_handlert &message_handler)
+{
+  jsont json;
+
+  //check coverage file
+  if(parse_json(coverage, message_handler, json))
+  {
+    messaget message(message_handler);
+    message.error() << coverage << " file is not a valid json file"
+                    << messaget::eom;
+    exit(0);
+  }
+
+  //make sure that we have an array of elements
+  if(!json.is_array())
+  {
+    messaget message(message_handler);
+    message.error() << "expecting an array in the " <<  coverage << " file, but got "
+                    << json << messaget::eom;
+    exit(0);
+  }
+
+  for(jsont::arrayt::const_iterator
+      it=json.array.begin();
+      it!=json.array.end();
+      it++)
+  {
+    //get the goals array
+    if ((*it)["goals"].is_array())
+	{
+	  for(jsont::arrayt::const_iterator
+	      itg=(*it)["goals"].array.begin();
+	      itg!=(*it)["goals"].array.end();
+	      itg++)
+	  {
+        //get the line of each existing goal
+	    const std::string line=(*itg)["sourceLocation"]["line"].value;
+	    set_goals(line);
+	  }
+	}
+  }
+}
+
+/*******************************************************************\
+
 Function: coverage_goalst::set_goals
 
   Inputs:
diff --git a/src/goto-instrument/cover.h b/src/goto-instrument/cover.h
index cb88eee166c..0029eeef5d4 100644
--- a/src/goto-instrument/cover.h
+++ b/src/goto-instrument/cover.h
@@ -16,6 +16,8 @@ Date: May 2016
 class coverage_goalst
 {
 public:
+  void get_coverage(const std::string &coverage,
+                    message_handlert &message_handler);
   void set_goals(std::string goal);
   bool is_existing_goal(source_locationt source_location);
 
diff --git a/src/symex/Makefile b/src/symex/Makefile
index 5a66801eec4..e3a9c677b78 100644
--- a/src/symex/Makefile
+++ b/src/symex/Makefile
@@ -16,6 +16,7 @@ OBJ += ../ansi-c/ansi-c$(LIBEXT) \
        ../goto-symex/rewrite_union$(OBJEXT) \
        ../pointer-analysis/dereference$(OBJEXT) \
        ../goto-instrument/cover$(OBJEXT) \
+       ../json/json$(LIBEXT) \
        ../path-symex/path-symex$(LIBEXT)
 
 INCLUDES= -I ..

From eff4b71494c8bb32b9034786c0e51f228e880442 Mon Sep 17 00:00:00 2001
From: Lucas Cordeiro <lucasccordeiro@gmail.com>
Date: Tue, 6 Sep 2016 15:15:52 +0100
Subject: [PATCH 079/699] a goal should be identified by a source_locationt

Signed-off-by: Lucas Cordeiro <lucasccordeiro@gmail.com>
---
 src/goto-instrument/cover.cpp | 22 +++++++++++++++-------
 src/goto-instrument/cover.h   |  4 ++--
 2 files changed, 17 insertions(+), 9 deletions(-)

diff --git a/src/goto-instrument/cover.cpp b/src/goto-instrument/cover.cpp
index 701e7704bfc..4b191dbd4fa 100644
--- a/src/goto-instrument/cover.cpp
+++ b/src/goto-instrument/cover.cpp
@@ -8,6 +8,8 @@ Date: May 2016
 
 \*******************************************************************/
 
+#include <iostream>
+
 #include <algorithm>
 #include <iterator>
 #include <unordered_set>
@@ -114,6 +116,7 @@ void coverage_goalst::get_coverage(const std::string &coverage,
                                    message_handlert &message_handler)
 {
   jsont json;
+  source_locationt source_location;
 
   //check coverage file
   if(parse_json(coverage, message_handler, json))
@@ -133,6 +136,7 @@ void coverage_goalst::get_coverage(const std::string &coverage,
     exit(0);
   }
 
+  irep_idt line_number;
   for(jsont::arrayt::const_iterator
       it=json.array.begin();
       it!=json.array.end();
@@ -147,8 +151,9 @@ void coverage_goalst::get_coverage(const std::string &coverage,
 	      itg++)
 	  {
         //get the line of each existing goal
-	    const std::string line=(*itg)["sourceLocation"]["line"].value;
-	    set_goals(line);
+		line_number=(*itg)["sourceLocation"]["line"].value;
+	    source_location.set_line(line_number);
+	    set_goals(source_location);
 	  }
 	}
   }
@@ -166,7 +171,7 @@ Function: coverage_goalst::set_goals
 
 \*******************************************************************/
 
-void coverage_goalst::set_goals(std::string goal)
+void coverage_goalst::set_goals(source_locationt goal)
 {
   existing_goals.push_back(goal);
 }
@@ -185,10 +190,13 @@ Function: coverage_goalst::is_existing_goal
 
 bool coverage_goalst::is_existing_goal(source_locationt source_location)
 {
-  std::vector<std::string>::iterator it;
-  it = find (existing_goals.begin(), existing_goals.end(),
-		  source_location.get_line().c_str());
-
+  std::vector<source_locationt>::iterator it = existing_goals.begin();
+  while (it!=existing_goals.end())
+  {
+    if (!source_location.get_line().compare(it->get_line()))
+      break;
+    ++it;
+  }
   if(it == existing_goals.end())
     return true;
   else
diff --git a/src/goto-instrument/cover.h b/src/goto-instrument/cover.h
index 0029eeef5d4..de03aa07d65 100644
--- a/src/goto-instrument/cover.h
+++ b/src/goto-instrument/cover.h
@@ -18,11 +18,11 @@ class coverage_goalst
 public:
   void get_coverage(const std::string &coverage,
                     message_handlert &message_handler);
-  void set_goals(std::string goal);
+  void set_goals(source_locationt goal);
   bool is_existing_goal(source_locationt source_location);
 
 private:
-  std::vector<std::string> existing_goals;
+  std::vector<source_locationt> existing_goals;
 };
 
 enum class coverage_criteriont

From a91860a6e6a46d1bf9ae7881489ba6e9908921e0 Mon Sep 17 00:00:00 2001
From: Lucas Cordeiro <lucasccordeiro@gmail.com>
Date: Tue, 6 Sep 2016 15:44:05 +0100
Subject: [PATCH 080/699] method to construct a coverage_goalst object

---
 src/goto-instrument/cover.cpp | 8 ++++----
 src/goto-instrument/cover.h   | 4 ++--
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/src/goto-instrument/cover.cpp b/src/goto-instrument/cover.cpp
index 4b191dbd4fa..974e3aab9ff 100644
--- a/src/goto-instrument/cover.cpp
+++ b/src/goto-instrument/cover.cpp
@@ -8,8 +8,6 @@ Date: May 2016
 
 \*******************************************************************/
 
-#include <iostream>
-
 #include <algorithm>
 #include <iterator>
 #include <unordered_set>
@@ -112,10 +110,11 @@ Function: coverage_goalst::get_coverage
 
 \*******************************************************************/
 
-void coverage_goalst::get_coverage(const std::string &coverage,
+coverage_goalst coverage_goalst::get_coverage_goals(const std::string &coverage,
                                    message_handlert &message_handler)
 {
   jsont json;
+  coverage_goalst goals;
   source_locationt source_location;
 
   //check coverage file
@@ -153,10 +152,11 @@ void coverage_goalst::get_coverage(const std::string &coverage,
         //get the line of each existing goal
 		line_number=(*itg)["sourceLocation"]["line"].value;
 	    source_location.set_line(line_number);
-	    set_goals(source_location);
+	    goals.set_goals(source_location);
 	  }
 	}
   }
+  return goals;
 }
 
 /*******************************************************************\
diff --git a/src/goto-instrument/cover.h b/src/goto-instrument/cover.h
index de03aa07d65..6dca58da366 100644
--- a/src/goto-instrument/cover.h
+++ b/src/goto-instrument/cover.h
@@ -16,8 +16,8 @@ Date: May 2016
 class coverage_goalst
 {
 public:
-  void get_coverage(const std::string &coverage,
-                    message_handlert &message_handler);
+  static coverage_goalst get_coverage_goals(const std::string &coverage,
+                                      message_handlert &message_handler);
   void set_goals(source_locationt goal);
   bool is_existing_goal(source_locationt source_location);
 

From 6bf5c14f0f02a5626305a5fcb192df61fbc8d7f5 Mon Sep 17 00:00:00 2001
From: Lucas Cordeiro <lucasccordeiro@gmail.com>
Date: Thu, 8 Sep 2016 15:19:19 +0100
Subject: [PATCH 081/699] use json file suggested at github issue #187

---
 src/goto-instrument/cover.cpp | 31 ++++++++++++++++++++++---------
 1 file changed, 22 insertions(+), 9 deletions(-)

diff --git a/src/goto-instrument/cover.cpp b/src/goto-instrument/cover.cpp
index 974e3aab9ff..d88482de82d 100644
--- a/src/goto-instrument/cover.cpp
+++ b/src/goto-instrument/cover.cpp
@@ -8,6 +8,8 @@ Date: May 2016
 
 \*******************************************************************/
 
+#include <iostream>
+
 #include <algorithm>
 #include <iterator>
 #include <unordered_set>
@@ -135,24 +137,33 @@ coverage_goalst coverage_goalst::get_coverage_goals(const std::string &coverage,
     exit(0);
   }
 
-  irep_idt line_number;
+  irep_idt file, function, line;
   for(jsont::arrayt::const_iterator
       it=json.array.begin();
       it!=json.array.end();
       it++)
   {
-    //get the goals array
-    if ((*it)["goals"].is_array())
+
+    //get the file of each existing goal
+    file=(*it)["file"].value;
+    source_location.set_file(file);
+
+    //get the function of each existing goal
+    function=(*it)["function"].value;
+    source_location.set_function(function);
+
+    //get the lines array
+    if ((*it)["lines"].is_array())
 	{
 	  for(jsont::arrayt::const_iterator
-	      itg=(*it)["goals"].array.begin();
-	      itg!=(*it)["goals"].array.end();
+	      itg=(*it)["lines"].array.begin();
+	      itg!=(*it)["lines"].array.end();
 	      itg++)
 	  {
         //get the line of each existing goal
-		line_number=(*itg)["sourceLocation"]["line"].value;
-	    source_location.set_line(line_number);
-	    goals.set_goals(source_location);
+        line=(*itg)["number"].value;
+        source_location.set_line(line);
+        goals.set_goals(source_location);
 	  }
 	}
   }
@@ -193,7 +204,9 @@ bool coverage_goalst::is_existing_goal(source_locationt source_location)
   std::vector<source_locationt>::iterator it = existing_goals.begin();
   while (it!=existing_goals.end())
   {
-    if (!source_location.get_line().compare(it->get_line()))
+    if (!source_location.get_file().compare(it->get_file()) &&
+	!source_location.get_function().compare(it->get_function()) &&
+	!source_location.get_line().compare(it->get_line()))
       break;
     ++it;
   }

From 51ecf5166e6d5d7855705e19135dc4a989f862c8 Mon Sep 17 00:00:00 2001
From: Lucas Cordeiro <lucasccordeiro@gmail.com>
Date: Wed, 14 Sep 2016 15:16:27 +0100
Subject: [PATCH 082/699] add consider_goals method

---
 src/goto-instrument/cover.cpp | 46 ++++++++++++++++++++++++++++++++---
 src/goto-instrument/cover.h   |  3 +++
 2 files changed, 45 insertions(+), 4 deletions(-)

diff --git a/src/goto-instrument/cover.cpp b/src/goto-instrument/cover.cpp
index d88482de82d..601ba787b6a 100644
--- a/src/goto-instrument/cover.cpp
+++ b/src/goto-instrument/cover.cpp
@@ -1590,9 +1590,47 @@ void instrument_cover_goals(
        f_it->first=="__CPROVER_initialize")
       continue;
 
-    //empty set of existing goals
-    coverage_goalst goals;
-    instrument_cover_goals(symbol_table, f_it->second.body,
-					   criterion, goals);
+    //exclude trivial coverage goals of a goto program
+    if (consider_goals(f_it->second.body))
+    {
+      //empty set of existing goals
+      coverage_goalst goals;
+      instrument_cover_goals(symbol_table, f_it->second.body,
+					     criterion, goals);
+    }
   }
 }
+/*******************************************************************\
+
+Function: consider_goals
+
+  Inputs:
+
+ Outputs:
+
+ Purpose:
+
+\*******************************************************************/
+
+bool consider_goals(
+  const goto_programt &goto_program)
+{
+  bool result;
+  unsigned long count_assignments=0, count_goto=0, count_decl=0;
+
+  forall_goto_program_instructions(i_it, goto_program)
+  {
+    if(i_it->is_goto())
+	  ++count_goto;
+    else if (i_it->is_assign())
+      ++count_assignments;
+    else if (i_it->is_decl())
+      ++count_decl;
+  }
+
+  //this might be a get or set method (pattern)
+  result = !((count_decl==0) && (count_goto<=1) &&
+		   (count_assignments>0 && count_assignments<5));
+
+  return result;
+}
diff --git a/src/goto-instrument/cover.h b/src/goto-instrument/cover.h
index 6dca58da366..37e77d66494 100644
--- a/src/goto-instrument/cover.h
+++ b/src/goto-instrument/cover.h
@@ -30,6 +30,9 @@ enum class coverage_criteriont
   LOCATION, BRANCH, DECISION, CONDITION,
   PATH, MCDC, ASSERTION, COVER };
 
+bool consider_goals(
+  const goto_programt &goto_program);
+
 void instrument_cover_goals(
   const symbol_tablet &symbol_table,
   goto_programt &goto_program,

From 2440baf68150ec8e420985f079626d7c6e18db13 Mon Sep 17 00:00:00 2001
From: Lucas Cordeiro <lucasccordeiro@gmail.com>
Date: Wed, 14 Sep 2016 16:38:49 +0100
Subject: [PATCH 083/699] add the --no-trivial-tests option to CBMC

Signed-off-by: Lucas Cordeiro <lucasccordeiro@gmail.com>
---
 src/goto-instrument/cover.cpp | 74 +++++++++++++++++++++++++++++------
 src/goto-instrument/cover.h   |  7 +++-
 2 files changed, 69 insertions(+), 12 deletions(-)

diff --git a/src/goto-instrument/cover.cpp b/src/goto-instrument/cover.cpp
index 601ba787b6a..b6de039b826 100644
--- a/src/goto-instrument/cover.cpp
+++ b/src/goto-instrument/cover.cpp
@@ -8,8 +8,6 @@ Date: May 2016
 
 \*******************************************************************/
 
-#include <iostream>
-
 #include <algorithm>
 #include <iterator>
 #include <unordered_set>
@@ -102,6 +100,23 @@ class basic_blockst
 
 /*******************************************************************\
 
+Function: coverage_goalst::coverage_goalst
+
+  Inputs:
+
+ Outputs:
+
+ Purpose:
+
+\*******************************************************************/
+
+coverage_goalst::coverage_goalst()
+{
+  no_trivial_tests=false;
+}
+
+/*******************************************************************\
+
 Function: coverage_goalst::get_coverage
 
   Inputs:
@@ -118,6 +133,7 @@ coverage_goalst coverage_goalst::get_coverage_goals(const std::string &coverage,
   jsont json;
   coverage_goalst goals;
   source_locationt source_location;
+  goals.set_no_trivial_tests(false);
 
   //check coverage file
   if(parse_json(coverage, message_handler, json))
@@ -216,6 +232,39 @@ bool coverage_goalst::is_existing_goal(source_locationt source_location)
     return false;
 }
 
+/*******************************************************************\
+
+Function: coverage_goalst::set_no_trivial_tests
+
+  Inputs:
+
+ Outputs:
+
+ Purpose:
+
+\*******************************************************************/
+
+void coverage_goalst::set_no_trivial_tests(const bool trivial)
+{
+  no_trivial_tests=trivial;
+}
+
+/*******************************************************************\
+
+Function: coverage_goalst::get_no_trivial_tests
+
+  Inputs:
+
+ Outputs:
+
+ Purpose:
+
+\*******************************************************************/
+
+const bool coverage_goalst::get_no_trivial_tests()
+{
+  return no_trivial_tests;
+}
 
 /*******************************************************************\
 
@@ -1590,16 +1639,13 @@ void instrument_cover_goals(
        f_it->first=="__CPROVER_initialize")
       continue;
 
-    //exclude trivial coverage goals of a goto program
-    if (consider_goals(f_it->second.body))
-    {
-      //empty set of existing goals
-      coverage_goalst goals;
-      instrument_cover_goals(symbol_table, f_it->second.body,
-					     criterion, goals);
-    }
+    //empty set of existing goals
+    coverage_goalst goals;
+    instrument_cover_goals(symbol_table, f_it->second.body,
+					       criterion, goals);
   }
 }
+
 /*******************************************************************\
 
 Function: consider_goals
@@ -1613,8 +1659,13 @@ Function: consider_goals
 \*******************************************************************/
 
 bool consider_goals(
-  const goto_programt &goto_program)
+  const goto_programt &goto_program,
+  coverage_goalst &goals)
 {
+  //check whether we should eliminate trivial goals
+  if (!goals.get_no_trivial_tests())
+    return true;
+
   bool result;
   unsigned long count_assignments=0, count_goto=0, count_decl=0;
 
@@ -1634,3 +1685,4 @@ bool consider_goals(
 
   return result;
 }
+
diff --git a/src/goto-instrument/cover.h b/src/goto-instrument/cover.h
index 37e77d66494..07ced79178c 100644
--- a/src/goto-instrument/cover.h
+++ b/src/goto-instrument/cover.h
@@ -16,13 +16,17 @@ Date: May 2016
 class coverage_goalst
 {
 public:
+  coverage_goalst();
   static coverage_goalst get_coverage_goals(const std::string &coverage,
                                       message_handlert &message_handler);
   void set_goals(source_locationt goal);
   bool is_existing_goal(source_locationt source_location);
+  void set_no_trivial_tests(const bool trivial);
+  const bool get_no_trivial_tests();
 
 private:
   std::vector<source_locationt> existing_goals;
+  bool no_trivial_tests;
 };
 
 enum class coverage_criteriont
@@ -31,7 +35,8 @@ enum class coverage_criteriont
   PATH, MCDC, ASSERTION, COVER };
 
 bool consider_goals(
-  const goto_programt &goto_program);
+  const goto_programt &goto_program,
+  coverage_goalst &goals);
 
 void instrument_cover_goals(
   const symbol_tablet &symbol_table,

From 7e71a71c87c5514f6a3759691b62584093f2fc80 Mon Sep 17 00:00:00 2001
From: Lucas Cordeiro <lucasccordeiro@gmail.com>
Date: Thu, 15 Sep 2016 16:49:13 +0100
Subject: [PATCH 084/699] do not produce test goals for constructor and
 destructor methods

---
 src/cbmc/Makefile             |  3 +-
 src/goto-instrument/cover.cpp | 75 ++++++++++++++++++-----------------
 2 files changed, 41 insertions(+), 37 deletions(-)

diff --git a/src/cbmc/Makefile b/src/cbmc/Makefile
index 804030ea69a..8bf055fe3b2 100644
--- a/src/cbmc/Makefile
+++ b/src/cbmc/Makefile
@@ -27,7 +27,8 @@ OBJ += ../ansi-c/ansi-c$(LIBEXT) \
       ../xmllang/xmllang$(LIBEXT) \
       ../assembler/assembler$(LIBEXT) \
       ../solvers/solvers$(LIBEXT) \
-      ../util/util$(LIBEXT)
+      ../util/util$(LIBEXT) \
+      ../json/json$(LIBEXT)
 
 INCLUDES= -I ..
 
diff --git a/src/goto-instrument/cover.cpp b/src/goto-instrument/cover.cpp
index b6de039b826..4623eb782bf 100644
--- a/src/goto-instrument/cover.cpp
+++ b/src/goto-instrument/cover.cpp
@@ -135,22 +135,23 @@ coverage_goalst coverage_goalst::get_coverage_goals(const std::string &coverage,
   source_locationt source_location;
   goals.set_no_trivial_tests(false);
 
-  //check coverage file
+  // check coverage file
   if(parse_json(coverage, message_handler, json))
   {
     messaget message(message_handler);
     message.error() << coverage << " file is not a valid json file"
                     << messaget::eom;
-    exit(0);
+    exit(6);
   }
 
-  //make sure that we have an array of elements
+  // make sure that we have an array of elements
   if(!json.is_array())
   {
     messaget message(message_handler);
-    message.error() << "expecting an array in the " <<  coverage << " file, but got "
+    message.error() << "expecting an array in the " <<  coverage
+                    << " file, but got "
                     << json << messaget::eom;
-    exit(0);
+    exit(6);
   }
 
   irep_idt file, function, line;
@@ -159,29 +160,28 @@ coverage_goalst coverage_goalst::get_coverage_goals(const std::string &coverage,
       it!=json.array.end();
       it++)
   {
-
-    //get the file of each existing goal
+    // get the file of each existing goal
     file=(*it)["file"].value;
     source_location.set_file(file);
 
-    //get the function of each existing goal
+    // get the function of each existing goal
     function=(*it)["function"].value;
     source_location.set_function(function);
 
-    //get the lines array
-    if ((*it)["lines"].is_array())
-	{
-	  for(jsont::arrayt::const_iterator
-	      itg=(*it)["lines"].array.begin();
-	      itg!=(*it)["lines"].array.end();
-	      itg++)
-	  {
-        //get the line of each existing goal
+    // get the lines array
+    if((*it)["lines"].is_array())
+    {
+      for(jsont::arrayt::const_iterator
+          itg=(*it)["lines"].array.begin();
+          itg!=(*it)["lines"].array.end();
+          itg++)
+      {
+        // get the line of each existing goal
         line=(*itg)["number"].value;
         source_location.set_line(line);
         goals.set_goals(source_location);
-	  }
-	}
+      }
+    }
   }
   return goals;
 }
@@ -218,12 +218,12 @@ Function: coverage_goalst::is_existing_goal
 bool coverage_goalst::is_existing_goal(source_locationt source_location)
 {
   std::vector<source_locationt>::iterator it = existing_goals.begin();
-  while (it!=existing_goals.end())
+  while(it!=existing_goals.end())
   {
-    if (!source_location.get_file().compare(it->get_file()) &&
-	!source_location.get_function().compare(it->get_function()) &&
-	!source_location.get_line().compare(it->get_line()))
-      break;
+    if(!source_location.get_file().compare(it->get_file()) &&
+       !source_location.get_function().compare(it->get_function()) &&
+       !source_location.get_line().compare(it->get_line()))
+         break;
     ++it;
   }
   if(it == existing_goals.end())
@@ -1347,9 +1347,9 @@ void instrument_cover_goals(
           source_locationt source_location=
             basic_blocks.source_location_map[block_nr];
 
-          //check whether the current goal already exists
+          // check whether the current goal already exists
           if(goals.is_existing_goal(source_location) &&
-		 !source_location.get_file().empty() &&
+             !source_location.get_file().empty() &&
              source_location.get_file()[0]!='<')
           {
             std::string comment="block "+b;
@@ -1639,10 +1639,10 @@ void instrument_cover_goals(
        f_it->first=="__CPROVER_initialize")
       continue;
 
-    //empty set of existing goals
+    // empty set of existing goals
     coverage_goalst goals;
     instrument_cover_goals(symbol_table, f_it->second.body,
-					       criterion, goals);
+                           criterion, goals);
   }
 }
 
@@ -1662,8 +1662,8 @@ bool consider_goals(
   const goto_programt &goto_program,
   coverage_goalst &goals)
 {
-  //check whether we should eliminate trivial goals
-  if (!goals.get_no_trivial_tests())
+  // check whether we should eliminate trivial goals
+  if(!goals.get_no_trivial_tests())
     return true;
 
   bool result;
@@ -1672,16 +1672,19 @@ bool consider_goals(
   forall_goto_program_instructions(i_it, goto_program)
   {
     if(i_it->is_goto())
-	  ++count_goto;
-    else if (i_it->is_assign())
+      ++count_goto;
+    else if(i_it->is_assign())
       ++count_assignments;
-    else if (i_it->is_decl())
+    else if(i_it->is_decl())
       ++count_decl;
   }
 
-  //this might be a get or set method (pattern)
-  result = !((count_decl==0) && (count_goto<=1) &&
-		   (count_assignments>0 && count_assignments<5));
+  // check whether this is a constructor/destructor or a get/set (pattern)
+  if(!count_goto && !count_assignments && !count_decl)
+    result=false;
+  else
+    result = !((count_decl==0) && (count_goto<=1) &&
+             (count_assignments>0 && count_assignments<5));
 
   return result;
 }

From 6cc36c15604ae1f3b82542fa8e3ce10a07f9ca9e Mon Sep 17 00:00:00 2001
From: Lucas Cordeiro <lucasccordeiro@gmail.com>
Date: Tue, 14 Mar 2017 16:30:43 +0000
Subject: [PATCH 085/699] added CPROVER_initialize

Signed-off-by: Lucas Cordeiro <lucasccordeiro@gmail.com>
---
 src/goto-instrument/cover.cpp | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/src/goto-instrument/cover.cpp b/src/goto-instrument/cover.cpp
index 4623eb782bf..2385c4204f3 100644
--- a/src/goto-instrument/cover.cpp
+++ b/src/goto-instrument/cover.cpp
@@ -15,6 +15,7 @@ Date: May 2016
 #include <util/format_number_range.h>
 #include <util/prefix.h>
 #include <util/string2int.h>
+#include <util/cprover_prefix.h>
 
 #include <json/json_parser.h>
 
@@ -171,13 +172,10 @@ coverage_goalst coverage_goalst::get_coverage_goals(const std::string &coverage,
     // get the lines array
     if((*it)["lines"].is_array())
     {
-      for(jsont::arrayt::const_iterator
-          itg=(*it)["lines"].array.begin();
-          itg!=(*it)["lines"].array.end();
-          itg++)
+      for(const jsont & entry : (*it)["lines"].array)
       {
         // get the line of each existing goal
-        line=(*itg)["number"].value;
+        line=entry["number"].value;
         source_location.set_line(line);
         goals.set_goals(source_location);
       }
@@ -1605,7 +1603,7 @@ void instrument_cover_goals(
   Forall_goto_functions(f_it, goto_functions)
   {
     if(f_it->first==ID__start ||
-       f_it->first=="__CPROVER_initialize")
+       f_it->first==CPROVER_PREFIX "initialize")
       continue;
 
     instrument_cover_goals(

From 2cc423e5f4e8ef515b5aae354185760e125473af Mon Sep 17 00:00:00 2001
From: Lucas Cordeiro <lucasccordeiro@gmail.com>
Date: Wed, 15 Mar 2017 10:51:36 +0000
Subject: [PATCH 086/699] added json to cegis makefile

Signed-off-by: Lucas Cordeiro <lucasccordeiro@gmail.com>
---
 src/cegis/Makefile | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/cegis/Makefile b/src/cegis/Makefile
index 27a6880a651..a126776bd03 100644
--- a/src/cegis/Makefile
+++ b/src/cegis/Makefile
@@ -115,7 +115,8 @@ OBJ += ../ansi-c/ansi-c$(LIBEXT) \
       ../cbmc/show_vcc$(OBJEXT) \
       ../cbmc/cbmc_dimacs$(OBJEXT) ../cbmc/all_properties$(OBJEXT) \
       ../cbmc/fault_localization$(OBJEXT) \
-      ../cbmc/symex_coverage$(OBJEXT)
+      ../cbmc/symex_coverage$(OBJEXT) \
+      ../json/json$(LIBEXT)
 
 INCLUDES= -I ..
 

From 2f06442f9e1c481d87ad064153603333f7930fbb Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Thu, 23 Feb 2017 16:50:10 +0000
Subject: [PATCH 087/699] Add json->irep deserialization routine

---
 src/util/json_irep.cpp | 40 +++++++++++++++++++++++++++++++++++++++-
 src/util/json_irep.h   |  1 +
 2 files changed, 40 insertions(+), 1 deletion(-)

diff --git a/src/util/json_irep.cpp b/src/util/json_irep.cpp
index 7a3d1a8f2bc..403247c1d04 100644
--- a/src/util/json_irep.cpp
+++ b/src/util/json_irep.cpp
@@ -10,12 +10,14 @@ Author: Thomas Kiley, thomas.kiley@diffblue.com
 #include "json.h"
 #include "json_irep.h"
 
+#include <algorithm>
+
 /*******************************************************************\
 
 Function: json_irept::json_irept
 
   Inputs:
-   include_comments - when generating the JSON, should the comments
+   include_comments - when writing JSON, should the comments
                       sub tree be included.
 
  Outputs:
@@ -131,3 +133,39 @@ void json_irept::convert_named_sub_tree(
   }
 }
 
+/*******************************************************************\
+
+Function: json_irept::convert_from_json
+
+  Inputs: input - json object to convert
+
+ Outputs: result - irep equivalent of input
+
+ Purpose: Deserialize a JSON irep representation.
+
+\*******************************************************************/
+
+void json_irept::convert_from_json(const jsont &in, irept &out) const
+{
+  std::vector<std::string> have_keys;
+  for(const auto &keyval : in.object)
+    have_keys.push_back(keyval.first);
+  std::sort(have_keys.begin(), have_keys.end());
+  if(have_keys!=std::vector<std::string>{"comment", "id", "namedSub", "sub"})
+    throw "irep JSON representation is missing one of needed keys: "
+      "'id', 'sub', 'namedSub', 'comment'";
+
+  out.id(in["id"].value);
+
+  for(const auto &sub : in["sub"].array)
+  {
+    out.get_sub().push_back(irept());
+    convert_from_json(sub, out.get_sub().back());
+  }
+
+  for(const auto &named_sub : in["namedSub"].object)
+    convert_from_json(named_sub.second, out.get_named_sub()[named_sub.first]);
+
+  for(const auto &comment : in["comment"].object)
+    convert_from_json(comment.second, out.get_comments()[comment.first]);
+}
diff --git a/src/util/json_irep.h b/src/util/json_irep.h
index 749917cb34b..20a364d31e9 100644
--- a/src/util/json_irep.h
+++ b/src/util/json_irep.h
@@ -18,6 +18,7 @@ class json_irept
 public:
   explicit json_irept(bool include_comments);
   void convert_from_irep(const irept &irep, jsont &json) const;
+  void convert_from_json(const jsont &, irept &) const;
 
 private:
   void convert_sub_tree(

From 4cb8705b2b23513c067c7ff075e511b335fff3ca Mon Sep 17 00:00:00 2001
From: Lucas Cordeiro <lucasccordeiro@gmail.com>
Date: Fri, 3 Mar 2017 10:46:24 +0000
Subject: [PATCH 088/699] set EXIT to 10 to all failing string-solver test
 cases

set EXIT to 10 in the test description of each string-solver test
case that is supposed to fail
---
 regression/strings/RegexMatches02/test.desc              | 2 +-
 regression/strings/RegexSubstitution02/test.desc         | 2 +-
 regression/strings/StaticCharMethods02/test.desc         | 2 +-
 regression/strings/StaticCharMethods03/test.desc         | 2 +-
 regression/strings/StaticCharMethods04/test.desc         | 2 +-
 regression/strings/StaticCharMethods05/test.desc         | 2 +-
 regression/strings/StringBuilderAppend02/test.desc       | 2 +-
 regression/strings/StringBuilderCapLen02/test.desc       | 2 +-
 regression/strings/StringBuilderCapLen03/test.desc       | 2 +-
 regression/strings/StringBuilderCapLen04/test.desc       | 2 +-
 regression/strings/StringBuilderChars02/test.desc        | 2 +-
 regression/strings/StringBuilderChars03/test.desc        | 2 +-
 regression/strings/StringBuilderChars04/test.desc        | 2 +-
 regression/strings/StringBuilderChars05/test.desc        | 2 +-
 regression/strings/StringBuilderChars06/test.desc        | 2 +-
 regression/strings/StringBuilderConstructors02/test.desc | 2 +-
 regression/strings/StringBuilderInsertDelete02/test.desc | 2 +-
 regression/strings/StringBuilderInsertDelete03/test.desc | 2 +-
 regression/strings/StringCompare02/test.desc             | 2 +-
 regression/strings/StringCompare03/test.desc             | 2 +-
 regression/strings/StringCompare04/test.desc             | 2 +-
 regression/strings/StringCompare05/test.desc             | 2 +-
 regression/strings/StringConcatenation02/test.desc       | 2 +-
 regression/strings/StringConcatenation03/test.desc       | 2 +-
 regression/strings/StringConcatenation04/test.desc       | 2 +-
 regression/strings/StringConstructors02/test.desc        | 2 +-
 regression/strings/StringConstructors03/test.desc        | 2 +-
 regression/strings/StringConstructors04/test.desc        | 2 +-
 regression/strings/StringConstructors05/test.desc        | 2 +-
 regression/strings/StringIndexMethods02/test.desc        | 2 +-
 regression/strings/StringIndexMethods03/test.desc        | 2 +-
 regression/strings/StringIndexMethods04/test.desc        | 2 +-
 regression/strings/StringIndexMethods05/test.desc        | 2 +-
 regression/strings/StringMiscellaneous02/test.desc       | 2 +-
 regression/strings/StringMiscellaneous03/test.desc       | 2 +-
 regression/strings/StringStartEnd02/test.desc            | 2 +-
 regression/strings/StringStartEnd03/test.desc            | 2 +-
 regression/strings/StringValueOf02/test.desc             | 2 +-
 regression/strings/StringValueOf03/test.desc             | 2 +-
 regression/strings/StringValueOf04/test.desc             | 2 +-
 regression/strings/StringValueOf05/test.desc             | 2 +-
 regression/strings/StringValueOf06/test.desc             | 2 +-
 regression/strings/StringValueOf07/test.desc             | 2 +-
 regression/strings/StringValueOf08/test.desc             | 2 +-
 regression/strings/StringValueOf09/test.desc             | 2 +-
 regression/strings/StringValueOf10/test.desc             | 2 +-
 regression/strings/SubString02/test.desc                 | 2 +-
 regression/strings/SubString03/test.desc                 | 2 +-
 regression/strings/TokenTest02/test.desc                 | 2 +-
 regression/strings/Validate02/test.desc                  | 2 +-
 50 files changed, 50 insertions(+), 50 deletions(-)

diff --git a/regression/strings/RegexMatches02/test.desc b/regression/strings/RegexMatches02/test.desc
index 92d72ae941e..86353d9a54c 100644
--- a/regression/strings/RegexMatches02/test.desc
+++ b/regression/strings/RegexMatches02/test.desc
@@ -1,7 +1,7 @@
 FUTURE
 RegexMatches02.class
 --string-refine --unwind 100
-^EXIT=0$
+^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
 --
diff --git a/regression/strings/RegexSubstitution02/test.desc b/regression/strings/RegexSubstitution02/test.desc
index eb2c03599a1..0645c3ac9b8 100644
--- a/regression/strings/RegexSubstitution02/test.desc
+++ b/regression/strings/RegexSubstitution02/test.desc
@@ -1,7 +1,7 @@
 FUTURE
 RegexSubstitution02.class
 --string-refine
-^EXIT=0$
+^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
 --
diff --git a/regression/strings/StaticCharMethods02/test.desc b/regression/strings/StaticCharMethods02/test.desc
index 496814588a7..00aaaba8964 100644
--- a/regression/strings/StaticCharMethods02/test.desc
+++ b/regression/strings/StaticCharMethods02/test.desc
@@ -1,7 +1,7 @@
 FUTURE
 StaticCharMethods02.class
 --string-refine
-^EXIT=0$
+^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
 --
diff --git a/regression/strings/StaticCharMethods03/test.desc b/regression/strings/StaticCharMethods03/test.desc
index d48bf57dbba..6f3d3bc5607 100644
--- a/regression/strings/StaticCharMethods03/test.desc
+++ b/regression/strings/StaticCharMethods03/test.desc
@@ -1,7 +1,7 @@
 FUTURE
 StaticCharMethods03.class
 --string-refine
-^EXIT=0$
+^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
 --
diff --git a/regression/strings/StaticCharMethods04/test.desc b/regression/strings/StaticCharMethods04/test.desc
index 93eebbae1da..0c9484ef337 100644
--- a/regression/strings/StaticCharMethods04/test.desc
+++ b/regression/strings/StaticCharMethods04/test.desc
@@ -1,7 +1,7 @@
 FUTURE
 StaticCharMethods04.class
 --string-refine
-^EXIT=0$
+^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
 --
diff --git a/regression/strings/StaticCharMethods05/test.desc b/regression/strings/StaticCharMethods05/test.desc
index e009650a853..5b4a6b4b622 100644
--- a/regression/strings/StaticCharMethods05/test.desc
+++ b/regression/strings/StaticCharMethods05/test.desc
@@ -1,7 +1,7 @@
 FUTURE
 StaticCharMethods05.class
 --string-refine
-^EXIT=0$
+^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
 --
diff --git a/regression/strings/StringBuilderAppend02/test.desc b/regression/strings/StringBuilderAppend02/test.desc
index 4ff9da595b5..1336c45c3d2 100644
--- a/regression/strings/StringBuilderAppend02/test.desc
+++ b/regression/strings/StringBuilderAppend02/test.desc
@@ -1,7 +1,7 @@
 FUTURE
 StringBuilderAppend02.class
 --string-refine
-^EXIT=0$
+^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
 --
diff --git a/regression/strings/StringBuilderCapLen02/test.desc b/regression/strings/StringBuilderCapLen02/test.desc
index cf2a98acf6d..72a0bbd72c2 100644
--- a/regression/strings/StringBuilderCapLen02/test.desc
+++ b/regression/strings/StringBuilderCapLen02/test.desc
@@ -1,7 +1,7 @@
 FUTURE
 StringBuilderCapLen02.class
 --string-refine
-^EXIT=0$
+^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
 --
diff --git a/regression/strings/StringBuilderCapLen03/test.desc b/regression/strings/StringBuilderCapLen03/test.desc
index 7095d79fe5f..474bdc661ab 100644
--- a/regression/strings/StringBuilderCapLen03/test.desc
+++ b/regression/strings/StringBuilderCapLen03/test.desc
@@ -1,7 +1,7 @@
 FUTURE
 StringBuilderCapLen03.class
 --string-refine
-^EXIT=0$
+^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
 --
diff --git a/regression/strings/StringBuilderCapLen04/test.desc b/regression/strings/StringBuilderCapLen04/test.desc
index ce51066e789..fa342b79518 100644
--- a/regression/strings/StringBuilderCapLen04/test.desc
+++ b/regression/strings/StringBuilderCapLen04/test.desc
@@ -1,7 +1,7 @@
 FUTURE
 StringBuilderCapLen04.class
 --string-refine
-^EXIT=0$
+^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
 --
diff --git a/regression/strings/StringBuilderChars02/test.desc b/regression/strings/StringBuilderChars02/test.desc
index 3a6bde6ef78..50e49d474bc 100644
--- a/regression/strings/StringBuilderChars02/test.desc
+++ b/regression/strings/StringBuilderChars02/test.desc
@@ -1,7 +1,7 @@
 FUTURE
 StringBuilderChars02.class
 --string-refine --unwind 100
-^EXIT=0$
+^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
 --
diff --git a/regression/strings/StringBuilderChars03/test.desc b/regression/strings/StringBuilderChars03/test.desc
index 12f20189434..23dda39df4e 100644
--- a/regression/strings/StringBuilderChars03/test.desc
+++ b/regression/strings/StringBuilderChars03/test.desc
@@ -1,7 +1,7 @@
 FUTURE
 StringBuilderChars03.class
 --string-refine --unwind 100
-^EXIT=0$
+^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
 --
diff --git a/regression/strings/StringBuilderChars04/test.desc b/regression/strings/StringBuilderChars04/test.desc
index a2658cf2fe4..a68edd89395 100644
--- a/regression/strings/StringBuilderChars04/test.desc
+++ b/regression/strings/StringBuilderChars04/test.desc
@@ -1,7 +1,7 @@
 FUTURE
 StringBuilderChars04.class
 --string-refine --unwind 100
-^EXIT=0$
+^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
 --
diff --git a/regression/strings/StringBuilderChars05/test.desc b/regression/strings/StringBuilderChars05/test.desc
index 2bcbdbab934..eeac328e02b 100644
--- a/regression/strings/StringBuilderChars05/test.desc
+++ b/regression/strings/StringBuilderChars05/test.desc
@@ -1,7 +1,7 @@
 FUTURE
 StringBuilderChars05.class
 --string-refine --unwind 100
-^EXIT=0$
+^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
 --
diff --git a/regression/strings/StringBuilderChars06/test.desc b/regression/strings/StringBuilderChars06/test.desc
index 4a711edf496..a3dc3712a5a 100644
--- a/regression/strings/StringBuilderChars06/test.desc
+++ b/regression/strings/StringBuilderChars06/test.desc
@@ -1,7 +1,7 @@
 FUTURE
 StringBuilderChars06.class
 --string-refine --unwind 100
-^EXIT=0$
+^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
 --
diff --git a/regression/strings/StringBuilderConstructors02/test.desc b/regression/strings/StringBuilderConstructors02/test.desc
index 8cbad8cfe16..5e951bc8079 100644
--- a/regression/strings/StringBuilderConstructors02/test.desc
+++ b/regression/strings/StringBuilderConstructors02/test.desc
@@ -1,7 +1,7 @@
 KNOWNBUG
 StringBuilderConstructors02.class
 --string-refine
-^EXIT=0$
+^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
 --
diff --git a/regression/strings/StringBuilderInsertDelete02/test.desc b/regression/strings/StringBuilderInsertDelete02/test.desc
index f78bf3f983a..ae4d0ca5b81 100644
--- a/regression/strings/StringBuilderInsertDelete02/test.desc
+++ b/regression/strings/StringBuilderInsertDelete02/test.desc
@@ -1,7 +1,7 @@
 FUTURE
 StringBuilderInsertDelete02.class
 --string-refine
-^EXIT=0$
+^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
 --
diff --git a/regression/strings/StringBuilderInsertDelete03/test.desc b/regression/strings/StringBuilderInsertDelete03/test.desc
index b3882f41f7e..3dfa92f0338 100644
--- a/regression/strings/StringBuilderInsertDelete03/test.desc
+++ b/regression/strings/StringBuilderInsertDelete03/test.desc
@@ -1,7 +1,7 @@
 FUTURE
 StringBuilderInsertDelete03.class
 --string-refine
-^EXIT=0$
+^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
 --
diff --git a/regression/strings/StringCompare02/test.desc b/regression/strings/StringCompare02/test.desc
index abc986be65d..eb52d1f1a58 100644
--- a/regression/strings/StringCompare02/test.desc
+++ b/regression/strings/StringCompare02/test.desc
@@ -1,7 +1,7 @@
 FUTURE
 StringCompare02.class
 --string-refine
-^EXIT=0$
+^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
 --
diff --git a/regression/strings/StringCompare03/test.desc b/regression/strings/StringCompare03/test.desc
index fa518907143..bd0f3177acf 100644
--- a/regression/strings/StringCompare03/test.desc
+++ b/regression/strings/StringCompare03/test.desc
@@ -1,7 +1,7 @@
 FUTURE
 StringCompare03.class
 --string-refine
-^EXIT=0$
+^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
 --
diff --git a/regression/strings/StringCompare04/test.desc b/regression/strings/StringCompare04/test.desc
index f1b2a9790cc..88ecddbfcf6 100644
--- a/regression/strings/StringCompare04/test.desc
+++ b/regression/strings/StringCompare04/test.desc
@@ -1,7 +1,7 @@
 FUTURE
 StringCompare04.class
 --string-refine
-^EXIT=0$
+^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
 --
diff --git a/regression/strings/StringCompare05/test.desc b/regression/strings/StringCompare05/test.desc
index 159809fac0f..1358a05a36b 100644
--- a/regression/strings/StringCompare05/test.desc
+++ b/regression/strings/StringCompare05/test.desc
@@ -1,7 +1,7 @@
 FUTURE
 StringCompare05.class
 --string-refine
-^EXIT=0$
+^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
 --
diff --git a/regression/strings/StringConcatenation02/test.desc b/regression/strings/StringConcatenation02/test.desc
index 937caa3295e..0e1faf53d5e 100644
--- a/regression/strings/StringConcatenation02/test.desc
+++ b/regression/strings/StringConcatenation02/test.desc
@@ -1,7 +1,7 @@
 KNOWNBUG
 StringConcatenation02.class
 --string-refine
-^EXIT=0$
+^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
 --
diff --git a/regression/strings/StringConcatenation03/test.desc b/regression/strings/StringConcatenation03/test.desc
index 26ccc899a87..3c01a4ee0a9 100644
--- a/regression/strings/StringConcatenation03/test.desc
+++ b/regression/strings/StringConcatenation03/test.desc
@@ -1,7 +1,7 @@
 FUTURE
 StringConcatenation03.class
 --string-refine
-^EXIT=0$
+^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
 --
diff --git a/regression/strings/StringConcatenation04/test.desc b/regression/strings/StringConcatenation04/test.desc
index ea980c45d54..3dbecf065ba 100644
--- a/regression/strings/StringConcatenation04/test.desc
+++ b/regression/strings/StringConcatenation04/test.desc
@@ -1,7 +1,7 @@
 FUTURE
 StringConcatenation04.class
 --string-refine
-^EXIT=0$
+^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
 --
diff --git a/regression/strings/StringConstructors02/test.desc b/regression/strings/StringConstructors02/test.desc
index c2a30b3534c..e3904d1d557 100644
--- a/regression/strings/StringConstructors02/test.desc
+++ b/regression/strings/StringConstructors02/test.desc
@@ -1,7 +1,7 @@
 FUTURE
 StringConstructors02.class
 --string-refine
-^EXIT=0$
+^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
 --
diff --git a/regression/strings/StringConstructors03/test.desc b/regression/strings/StringConstructors03/test.desc
index 5419e5ae48e..0caf75f41ea 100644
--- a/regression/strings/StringConstructors03/test.desc
+++ b/regression/strings/StringConstructors03/test.desc
@@ -1,7 +1,7 @@
 FUTURE
 StringConstructors03.class
 --string-refine
-^EXIT=0$
+^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
 --
diff --git a/regression/strings/StringConstructors04/test.desc b/regression/strings/StringConstructors04/test.desc
index 21394f70327..75364dcde22 100644
--- a/regression/strings/StringConstructors04/test.desc
+++ b/regression/strings/StringConstructors04/test.desc
@@ -1,7 +1,7 @@
 FUTURE
 StringConstructors04.class
 --string-refine
-^EXIT=0$
+^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
 --
diff --git a/regression/strings/StringConstructors05/test.desc b/regression/strings/StringConstructors05/test.desc
index 9804850d77e..e74dfc73f6c 100644
--- a/regression/strings/StringConstructors05/test.desc
+++ b/regression/strings/StringConstructors05/test.desc
@@ -1,7 +1,7 @@
 FUTURE
 StringConstructors05.class
 --string-refine
-^EXIT=0$
+^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
 --
diff --git a/regression/strings/StringIndexMethods02/test.desc b/regression/strings/StringIndexMethods02/test.desc
index cad6c487fae..28df14f0145 100644
--- a/regression/strings/StringIndexMethods02/test.desc
+++ b/regression/strings/StringIndexMethods02/test.desc
@@ -1,7 +1,7 @@
 FUTURE
 StringIndexMethods02.class
 --string-refine
-^EXIT=0$
+^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
 --
diff --git a/regression/strings/StringIndexMethods03/test.desc b/regression/strings/StringIndexMethods03/test.desc
index 3dff0b27714..02f9934726b 100644
--- a/regression/strings/StringIndexMethods03/test.desc
+++ b/regression/strings/StringIndexMethods03/test.desc
@@ -1,7 +1,7 @@
 FUTURE
 StringIndexMethods03.class
 --string-refine
-^EXIT=0$
+^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
 --
diff --git a/regression/strings/StringIndexMethods04/test.desc b/regression/strings/StringIndexMethods04/test.desc
index 758f22d2bf4..cb94fecb6a6 100644
--- a/regression/strings/StringIndexMethods04/test.desc
+++ b/regression/strings/StringIndexMethods04/test.desc
@@ -1,7 +1,7 @@
 FUTURE
 StringIndexMethods04.class
 --string-refine
-^EXIT=0$
+^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
 --
diff --git a/regression/strings/StringIndexMethods05/test.desc b/regression/strings/StringIndexMethods05/test.desc
index d415ef1381e..cb43b009246 100644
--- a/regression/strings/StringIndexMethods05/test.desc
+++ b/regression/strings/StringIndexMethods05/test.desc
@@ -1,7 +1,7 @@
 FUTURE
 StringIndexMethods05.class
 --string-refine
-^EXIT=0$
+^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
 --
diff --git a/regression/strings/StringMiscellaneous02/test.desc b/regression/strings/StringMiscellaneous02/test.desc
index 53c46cf1a7f..8f1a1d9475f 100644
--- a/regression/strings/StringMiscellaneous02/test.desc
+++ b/regression/strings/StringMiscellaneous02/test.desc
@@ -1,7 +1,7 @@
 FUTURE
 StringMiscellaneous02.class
 --string-refine --unwind 30
-^EXIT=0$
+^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
 --
diff --git a/regression/strings/StringMiscellaneous03/test.desc b/regression/strings/StringMiscellaneous03/test.desc
index f255272ed5b..341867d536f 100644
--- a/regression/strings/StringMiscellaneous03/test.desc
+++ b/regression/strings/StringMiscellaneous03/test.desc
@@ -1,7 +1,7 @@
 FUTURE
 StringMiscellaneous03.class
 --string-refine --unwind 30
-^EXIT=0$
+^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
 --
diff --git a/regression/strings/StringStartEnd02/test.desc b/regression/strings/StringStartEnd02/test.desc
index 16f696efa01..8e623622f72 100644
--- a/regression/strings/StringStartEnd02/test.desc
+++ b/regression/strings/StringStartEnd02/test.desc
@@ -1,7 +1,7 @@
 KNOWNBUG
 StringStartEnd02.class
 --string-refine --unwind 30
-^EXIT=0$
+^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
 --
diff --git a/regression/strings/StringStartEnd03/test.desc b/regression/strings/StringStartEnd03/test.desc
index e6d8c460709..2903ec98e3e 100644
--- a/regression/strings/StringStartEnd03/test.desc
+++ b/regression/strings/StringStartEnd03/test.desc
@@ -1,7 +1,7 @@
 KNOWNBUG
 StringStartEnd03.class
 --string-refine --unwind 15
-^EXIT=0$
+^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
 --
diff --git a/regression/strings/StringValueOf02/test.desc b/regression/strings/StringValueOf02/test.desc
index 00835385bc8..a10b398bf41 100644
--- a/regression/strings/StringValueOf02/test.desc
+++ b/regression/strings/StringValueOf02/test.desc
@@ -1,7 +1,7 @@
 FUTURE
 StringValueOf02.class
 --string-refine
-^EXIT=0$
+^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
 --
diff --git a/regression/strings/StringValueOf03/test.desc b/regression/strings/StringValueOf03/test.desc
index 19921a8e98f..4ed709a2404 100644
--- a/regression/strings/StringValueOf03/test.desc
+++ b/regression/strings/StringValueOf03/test.desc
@@ -1,7 +1,7 @@
 FUTURE
 StringValueOf03.class
 --string-refine
-^EXIT=0$
+^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
 --
diff --git a/regression/strings/StringValueOf04/test.desc b/regression/strings/StringValueOf04/test.desc
index 1312d27676d..0d8442e9de1 100644
--- a/regression/strings/StringValueOf04/test.desc
+++ b/regression/strings/StringValueOf04/test.desc
@@ -1,7 +1,7 @@
 KNOWNBUG
 StringValueOf04.class
 --string-refine
-^EXIT=0$
+^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
 --
diff --git a/regression/strings/StringValueOf05/test.desc b/regression/strings/StringValueOf05/test.desc
index ccb5b3dc440..f77cdef0b8e 100644
--- a/regression/strings/StringValueOf05/test.desc
+++ b/regression/strings/StringValueOf05/test.desc
@@ -1,7 +1,7 @@
 KNOWNBUG
 StringValueOf05.class
 --string-refine
-^EXIT=0$
+^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
 --
diff --git a/regression/strings/StringValueOf06/test.desc b/regression/strings/StringValueOf06/test.desc
index c78afa98f2f..56551c4a14b 100644
--- a/regression/strings/StringValueOf06/test.desc
+++ b/regression/strings/StringValueOf06/test.desc
@@ -1,7 +1,7 @@
 KNOWNBUG
 StringValueOf06.class
 --string-refine
-^EXIT=0$
+^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
 --
diff --git a/regression/strings/StringValueOf07/test.desc b/regression/strings/StringValueOf07/test.desc
index 7b19c4ff67b..6dde9de229d 100644
--- a/regression/strings/StringValueOf07/test.desc
+++ b/regression/strings/StringValueOf07/test.desc
@@ -1,7 +1,7 @@
 KNOWNBUG
 StringValueOf07.class
 --string-refine
-^EXIT=0$
+^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
 --
diff --git a/regression/strings/StringValueOf08/test.desc b/regression/strings/StringValueOf08/test.desc
index a7d90b1b9ef..21d64075aaf 100644
--- a/regression/strings/StringValueOf08/test.desc
+++ b/regression/strings/StringValueOf08/test.desc
@@ -1,7 +1,7 @@
 FUTURE
 StringValueOf08.class
 --string-refine
-^EXIT=0$
+^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
 --
diff --git a/regression/strings/StringValueOf09/test.desc b/regression/strings/StringValueOf09/test.desc
index 10f6b102a67..4ff97a7caef 100644
--- a/regression/strings/StringValueOf09/test.desc
+++ b/regression/strings/StringValueOf09/test.desc
@@ -1,7 +1,7 @@
 FUTURE
 StringValueOf09.class
 --string-refine
-^EXIT=0$
+^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
 --
diff --git a/regression/strings/StringValueOf10/test.desc b/regression/strings/StringValueOf10/test.desc
index 5de3d5aade7..10e7f184189 100644
--- a/regression/strings/StringValueOf10/test.desc
+++ b/regression/strings/StringValueOf10/test.desc
@@ -1,7 +1,7 @@
 FUTURE
 StringValueOf10.class
 --string-refine
-^EXIT=0$
+^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
 --
diff --git a/regression/strings/SubString02/test.desc b/regression/strings/SubString02/test.desc
index e7b21cdd678..063ce88f0f2 100644
--- a/regression/strings/SubString02/test.desc
+++ b/regression/strings/SubString02/test.desc
@@ -1,7 +1,7 @@
 KNOWNBUG
 SubString02.class
 --string-refine
-^EXIT=0$
+^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
 --
diff --git a/regression/strings/SubString03/test.desc b/regression/strings/SubString03/test.desc
index 2b8db21a829..f985329ce2d 100644
--- a/regression/strings/SubString03/test.desc
+++ b/regression/strings/SubString03/test.desc
@@ -1,7 +1,7 @@
 KNOWNBUG
 SubString03.class
 --string-refine
-^EXIT=0$
+^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
 --
diff --git a/regression/strings/TokenTest02/test.desc b/regression/strings/TokenTest02/test.desc
index 3bcf7505e25..48e6b0c1ab6 100644
--- a/regression/strings/TokenTest02/test.desc
+++ b/regression/strings/TokenTest02/test.desc
@@ -1,7 +1,7 @@
 FUTURE
 TokenTest02.class
 --string-refine --unwind 15
-^EXIT=0$
+^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
 --
diff --git a/regression/strings/Validate02/test.desc b/regression/strings/Validate02/test.desc
index b30016bf880..a5a3a6f1d20 100644
--- a/regression/strings/Validate02/test.desc
+++ b/regression/strings/Validate02/test.desc
@@ -1,7 +1,7 @@
 FUTURE
 Validate02.class
 --string-refine
-^EXIT=0$
+^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
 --

From bbe06ad691d165f1dfc54b86cac0501ff4e931e6 Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Wed, 30 Nov 2016 11:00:31 +0000
Subject: [PATCH 089/699] Java checkcast: fix stack when check disabled

The checkcast instruction should always return the pointer it
checked, even when we're not generating an assert in the case that
it failed.
---
 src/java_bytecode/java_bytecode_convert_method.cpp | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/java_bytecode/java_bytecode_convert_method.cpp b/src/java_bytecode/java_bytecode_convert_method.cpp
index e0ffe460f77..3ce43acff02 100644
--- a/src/java_bytecode/java_bytecode_convert_method.cpp
+++ b/src/java_bytecode/java_bytecode_convert_method.cpp
@@ -1116,10 +1116,11 @@ codet java_bytecode_convert_methodt::convert_instructions(
         c=code_assertt(check);
         c.add_source_location().set_comment("Dynamic cast check");
         c.add_source_location().set_property_class("bad-dynamic-cast");
-        results[0]=op[0];
       }
       else
         c=code_skipt();
+
+      results[0]=op[0];
     }
     else if(statement=="invokedynamic")
     {

From 4854c9a350a52e0a515a78b6c089ab5bbec682d4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Matthias=20G=C3=BCdemann?= <matthias.guedemann@diffblue.com>
Date: Tue, 14 Feb 2017 11:53:11 +0100
Subject: [PATCH 090/699] initial support for miniz

---
 src/java_bytecode/jar_file.cpp | 92 +++++++++++++---------------------
 src/java_bytecode/jar_file.h   | 14 ++++--
 2 files changed, 45 insertions(+), 61 deletions(-)

diff --git a/src/java_bytecode/jar_file.cpp b/src/java_bytecode/jar_file.cpp
index 09c18a9cb4c..d679f21c070 100644
--- a/src/java_bytecode/jar_file.cpp
+++ b/src/java_bytecode/jar_file.cpp
@@ -6,15 +6,12 @@ Author: Daniel Kroening, kroening@kroening.com
 
 \*******************************************************************/
 
+#include <cstring>
 #include <cassert>
 #include <sstream>
 
 #include "jar_file.h"
 
-#ifdef HAVE_LIBZIP
-#include <zip.h>
-#endif
-
 /*******************************************************************\
 
 Function: jar_filet::open
@@ -29,33 +26,32 @@ Function: jar_filet::open
 
 void jar_filet::open(const std::string &filename)
 {
-  #ifdef HAVE_LIBZIP
-  if(zip!=nullptr)
-    // NOLINTNEXTLINE(readability/identifiers)
-    zip_close(static_cast<struct zip *>(zip));
-
-  int zip_error;
-  zip=zip_open(filename.c_str(), 0, &zip_error);
+  if(!mz_ok)
+  {
+    memset(&zip, 0, sizeof(zip));
+    mz_bool mz_open=mz_zip_reader_init_file(&zip, filename.c_str(), 0);
+    mz_ok=mz_open==MZ_TRUE;
+  }
 
-  if(zip!=nullptr)
+  if(mz_ok)
   {
     std::size_t number_of_files=
-      // NOLINTNEXTLINE(readability/identifiers)
-      zip_get_num_entries(static_cast<struct zip *>(zip), 0);
+      mz_zip_reader_get_num_files(&zip);
 
     index.reserve(number_of_files);
 
     for(std::size_t i=0; i<number_of_files; i++)
     {
-      std::string file_name=
-        // NOLINTNEXTLINE(readability/identifiers)
-        zip_get_name(static_cast<struct zip *>(zip), i, 0);
+      mz_uint filename_length=mz_zip_reader_get_filename(&zip, i, nullptr, 0);
+      char *filename_char=new char[filename_length+1];
+      mz_uint filename_len=
+        mz_zip_reader_get_filename(&zip, i, filename_char, filename_length);
+      assert(filename_length==filename_len);
+      std::string file_name(filename_char);
+      delete[] filename_char;
       index.push_back(file_name);
     }
   }
-  #else
-  zip=nullptr;
-  #endif
 }
 
 /*******************************************************************\
@@ -72,11 +68,11 @@ Function: jar_filet::~jar_filet
 
 jar_filet::~jar_filet()
 {
-  #ifdef HAVE_LIBZIP
-  if(zip!=nullptr)
-    // NOLINTNEXTLINE(readability/identifiers)
-    zip_close(static_cast<struct zip *>(zip));
-  #endif
+  if(mz_ok)
+  {
+    mz_zip_reader_end(&zip);
+    mz_ok=false;
+  }
 }
 
 /*******************************************************************\
@@ -91,47 +87,29 @@ Function: jar_filet::get_entry
 
 \*******************************************************************/
 
-#define ZIP_READ_SIZE 10000
-
 std::string jar_filet::get_entry(std::size_t i)
 {
-  if(zip==nullptr)
+  if(!mz_ok)
     return std::string("");
 
   assert(i<index.size());
 
   std::string dest;
 
-  #ifdef HAVE_LIBZIP
-  void *zip_e=zip; // zip is both a type and a non-type
-  // NOLINTNEXTLINE(readability/identifiers)
-  struct zip *zip_p=static_cast<struct zip*>(zip_e);
-
-  // NOLINTNEXTLINE(readability/identifiers)
-  struct zip_file *zip_file=zip_fopen_index(zip_p, i, 0);
-
-  if(zip_file==NULL)
-  {
-    zip_close(zip_p);
-    zip=nullptr;
-    return std::string(""); // error
-  }
-
+  mz_zip_archive_file_stat file_stat;
+  memset(&file_stat, 0, sizeof(file_stat));
+  mz_bool stat_ok=mz_zip_reader_file_stat(&zip, i, &file_stat);
+  if(stat_ok!=MZ_TRUE)
+    return std::string();
   std::vector<char> buffer;
-  buffer.resize(ZIP_READ_SIZE);
-
-  while(true)
-  {
-    int bytes_read=
-      zip_fread(zip_file, buffer.data(), ZIP_READ_SIZE);
-    assert(bytes_read<=ZIP_READ_SIZE);
-    if(bytes_read<=0)
-      break;
-    dest.insert(dest.end(), buffer.begin(), buffer.begin()+bytes_read);
-  }
-
-  zip_fclose(zip_file);
-  #endif
+  size_t bufsize=file_stat.m_uncomp_size;
+  buffer.resize(bufsize);
+  mz_bool read_ok=
+    mz_zip_reader_extract_to_mem(&zip, i, buffer.data(), bufsize, 0);
+  if(read_ok!=MZ_TRUE)
+    return std::string();
+
+  dest.insert(dest.end(), buffer.begin(), buffer.end());
 
   return dest;
 }
diff --git a/src/java_bytecode/jar_file.h b/src/java_bytecode/jar_file.h
index a128a2fcc37..6c2229d65be 100644
--- a/src/java_bytecode/jar_file.h
+++ b/src/java_bytecode/jar_file.h
@@ -9,6 +9,10 @@ Author: Daniel Kroening, kroening@kroening.com
 #ifndef CPROVER_JAVA_BYTECODE_JAR_FILE_H
 #define CPROVER_JAVA_BYTECODE_JAR_FILE_H
 
+//#define MINIZ_HEADER_FILE_ONLY
+#define _LARGEFILE64_SOURCE 1
+#include "miniz_zip.h"
+
 #include <string>
 #include <vector>
 #include <map>
@@ -16,9 +20,9 @@ Author: Daniel Kroening, kroening@kroening.com
 class jar_filet
 {
 public:
-  jar_filet():zip(nullptr) { }
+  jar_filet():mz_ok(false) { }
 
-  explicit jar_filet(const std::string &file_name):zip(nullptr)
+  inline explicit jar_filet(const std::string &file_name)
   {
     open(file_name);
   }
@@ -28,7 +32,8 @@ class jar_filet
   void open(const std::string &);
 
   // Test for error; 'true' means we are good.
-  explicit operator bool() const { return zip!=nullptr; }
+  inline explicit operator bool() const { return true;  // TODO
+  }
 
   typedef std::vector<std::string> indext;
   indext index;
@@ -39,7 +44,8 @@ class jar_filet
   manifestt get_manifest();
 
 protected:
-  void *zip;
+  mz_zip_archive zip;
+  bool mz_ok;
 };
 
 class jar_poolt

From 7d2536db699eafdb85c57324b00b85d048269209 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Matthias=20G=C3=BCdemann?= <matthias.guedemann@diffblue.com>
Date: Thu, 23 Feb 2017 12:39:16 +0100
Subject: [PATCH 091/699] use amalgamated files from release tarball

---
 src/java_bytecode/jar_file.h |    3 +-
 src/miniz/Makefile           |   15 +
 src/miniz/miniz.cpp          | 7189 ++++++++++++++++++++++++++++++++++
 src/miniz/miniz.h            | 1352 +++++++
 4 files changed, 8557 insertions(+), 2 deletions(-)
 create mode 100644 src/miniz/Makefile
 create mode 100644 src/miniz/miniz.cpp
 create mode 100644 src/miniz/miniz.h

diff --git a/src/java_bytecode/jar_file.h b/src/java_bytecode/jar_file.h
index 6c2229d65be..53f673102bf 100644
--- a/src/java_bytecode/jar_file.h
+++ b/src/java_bytecode/jar_file.h
@@ -9,9 +9,8 @@ Author: Daniel Kroening, kroening@kroening.com
 #ifndef CPROVER_JAVA_BYTECODE_JAR_FILE_H
 #define CPROVER_JAVA_BYTECODE_JAR_FILE_H
 
-//#define MINIZ_HEADER_FILE_ONLY
 #define _LARGEFILE64_SOURCE 1
-#include "miniz_zip.h"
+#include "miniz/miniz.h"
 
 #include <string>
 #include <vector>
diff --git a/src/miniz/Makefile b/src/miniz/Makefile
new file mode 100644
index 00000000000..f2367695802
--- /dev/null
+++ b/src/miniz/Makefile
@@ -0,0 +1,15 @@
+SRC = miniz.cpp
+
+INCLUDES= -I ..
+
+include ../config.inc
+include ../common
+
+CLEANFILES = miniz$(LIBEXT)
+
+all: miniz$(LIBEXT)
+
+###############################################################################
+
+miniz$(LIBEXT): $(OBJ)
+	$(LINKLIB)
diff --git a/src/miniz/miniz.cpp b/src/miniz/miniz.cpp
new file mode 100644
index 00000000000..fa5c1903e83
--- /dev/null
+++ b/src/miniz/miniz.cpp
@@ -0,0 +1,7189 @@
+/**************************************************************************
+ *
+ * Copyright 2013-2014 RAD Game Tools and Valve Software
+ * Copyright 2010-2014 Rich Geldreich and Tenacious Software LLC
+ * All Rights Reserved.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ *
+ **************************************************************************/
+
+#include  "miniz.h"
+
+typedef unsigned char mz_validate_uint16[sizeof(mz_uint16) == 2 ? 1 : -1];
+typedef unsigned char mz_validate_uint32[sizeof(mz_uint32) == 4 ? 1 : -1];
+typedef unsigned char mz_validate_uint64[sizeof(mz_uint64) == 8 ? 1 : -1];
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* ------------------- zlib-style API's */
+
+mz_ulong mz_adler32(mz_ulong adler, const unsigned char *ptr, size_t buf_len)
+{
+    mz_uint32 i, s1 = (mz_uint32)(adler & 0xffff), s2 = (mz_uint32)(adler >> 16);
+    size_t block_len = buf_len % 5552;
+    if (!ptr)
+        return MZ_ADLER32_INIT;
+    while (buf_len)
+    {
+        for (i = 0; i + 7 < block_len; i += 8, ptr += 8)
+        {
+            s1 += ptr[0], s2 += s1;
+            s1 += ptr[1], s2 += s1;
+            s1 += ptr[2], s2 += s1;
+            s1 += ptr[3], s2 += s1;
+            s1 += ptr[4], s2 += s1;
+            s1 += ptr[5], s2 += s1;
+            s1 += ptr[6], s2 += s1;
+            s1 += ptr[7], s2 += s1;
+        }
+        for (; i < block_len; ++i)
+            s1 += *ptr++, s2 += s1;
+        s1 %= 65521U, s2 %= 65521U;
+        buf_len -= block_len;
+        block_len = 5552;
+    }
+    return (s2 << 16) + s1;
+}
+
+/* Karl Malbrain's compact CRC-32. See "A compact CCITT crc16 and crc32 C implementation that balances processor cache usage against speed": http://www.geocities.com/malbrain/ */
+#if 0
+    mz_ulong mz_crc32(mz_ulong crc, const mz_uint8 *ptr, size_t buf_len)
+    {
+        static const mz_uint32 s_crc32[16] = { 0, 0x1db71064, 0x3b6e20c8, 0x26d930ac, 0x76dc4190, 0x6b6b51f4, 0x4db26158, 0x5005713c,
+                                               0xedb88320, 0xf00f9344, 0xd6d6a3e8, 0xcb61b38c, 0x9b64c2b0, 0x86d3d2d4, 0xa00ae278, 0xbdbdf21c };
+        mz_uint32 crcu32 = (mz_uint32)crc;
+        if (!ptr)
+            return MZ_CRC32_INIT;
+        crcu32 = ~crcu32;
+        while (buf_len--)
+        {
+            mz_uint8 b = *ptr++;
+            crcu32 = (crcu32 >> 4) ^ s_crc32[(crcu32 & 0xF) ^ (b & 0xF)];
+            crcu32 = (crcu32 >> 4) ^ s_crc32[(crcu32 & 0xF) ^ (b >> 4)];
+        }
+        return ~crcu32;
+    }
+#else
+/* Faster, but larger CPU cache footprint.
+ */
+mz_ulong mz_crc32(mz_ulong crc, const mz_uint8 *ptr, size_t buf_len)
+{
+    static const mz_uint32 s_crc_table[256] =
+        {
+            0x00000000, 0x77073096, 0xEE0E612C, 0x990951BA, 0x076DC419, 0x706AF48F, 0xE963A535,
+            0x9E6495A3, 0x0EDB8832, 0x79DCB8A4, 0xE0D5E91E, 0x97D2D988, 0x09B64C2B, 0x7EB17CBD,
+            0xE7B82D07, 0x90BF1D91, 0x1DB71064, 0x6AB020F2, 0xF3B97148, 0x84BE41DE, 0x1ADAD47D,
+            0x6DDDE4EB, 0xF4D4B551, 0x83D385C7, 0x136C9856, 0x646BA8C0, 0xFD62F97A, 0x8A65C9EC,
+            0x14015C4F, 0x63066CD9, 0xFA0F3D63, 0x8D080DF5, 0x3B6E20C8, 0x4C69105E, 0xD56041E4,
+            0xA2677172, 0x3C03E4D1, 0x4B04D447, 0xD20D85FD, 0xA50AB56B, 0x35B5A8FA, 0x42B2986C,
+            0xDBBBC9D6, 0xACBCF940, 0x32D86CE3, 0x45DF5C75, 0xDCD60DCF, 0xABD13D59, 0x26D930AC,
+            0x51DE003A, 0xC8D75180, 0xBFD06116, 0x21B4F4B5, 0x56B3C423, 0xCFBA9599, 0xB8BDA50F,
+            0x2802B89E, 0x5F058808, 0xC60CD9B2, 0xB10BE924, 0x2F6F7C87, 0x58684C11, 0xC1611DAB,
+            0xB6662D3D, 0x76DC4190, 0x01DB7106, 0x98D220BC, 0xEFD5102A, 0x71B18589, 0x06B6B51F,
+            0x9FBFE4A5, 0xE8B8D433, 0x7807C9A2, 0x0F00F934, 0x9609A88E, 0xE10E9818, 0x7F6A0DBB,
+            0x086D3D2D, 0x91646C97, 0xE6635C01, 0x6B6B51F4, 0x1C6C6162, 0x856530D8, 0xF262004E,
+            0x6C0695ED, 0x1B01A57B, 0x8208F4C1, 0xF50FC457, 0x65B0D9C6, 0x12B7E950, 0x8BBEB8EA,
+            0xFCB9887C, 0x62DD1DDF, 0x15DA2D49, 0x8CD37CF3, 0xFBD44C65, 0x4DB26158, 0x3AB551CE,
+            0xA3BC0074, 0xD4BB30E2, 0x4ADFA541, 0x3DD895D7, 0xA4D1C46D, 0xD3D6F4FB, 0x4369E96A,
+            0x346ED9FC, 0xAD678846, 0xDA60B8D0, 0x44042D73, 0x33031DE5, 0xAA0A4C5F, 0xDD0D7CC9,
+            0x5005713C, 0x270241AA, 0xBE0B1010, 0xC90C2086, 0x5768B525, 0x206F85B3, 0xB966D409,
+            0xCE61E49F, 0x5EDEF90E, 0x29D9C998, 0xB0D09822, 0xC7D7A8B4, 0x59B33D17, 0x2EB40D81,
+            0xB7BD5C3B, 0xC0BA6CAD, 0xEDB88320, 0x9ABFB3B6, 0x03B6E20C, 0x74B1D29A, 0xEAD54739,
+            0x9DD277AF, 0x04DB2615, 0x73DC1683, 0xE3630B12, 0x94643B84, 0x0D6D6A3E, 0x7A6A5AA8,
+            0xE40ECF0B, 0x9309FF9D, 0x0A00AE27, 0x7D079EB1, 0xF00F9344, 0x8708A3D2, 0x1E01F268,
+            0x6906C2FE, 0xF762575D, 0x806567CB, 0x196C3671, 0x6E6B06E7, 0xFED41B76, 0x89D32BE0,
+            0x10DA7A5A, 0x67DD4ACC, 0xF9B9DF6F, 0x8EBEEFF9, 0x17B7BE43, 0x60B08ED5, 0xD6D6A3E8,
+            0xA1D1937E, 0x38D8C2C4, 0x4FDFF252, 0xD1BB67F1, 0xA6BC5767, 0x3FB506DD, 0x48B2364B,
+            0xD80D2BDA, 0xAF0A1B4C, 0x36034AF6, 0x41047A60, 0xDF60EFC3, 0xA867DF55, 0x316E8EEF,
+            0x4669BE79, 0xCB61B38C, 0xBC66831A, 0x256FD2A0, 0x5268E236, 0xCC0C7795, 0xBB0B4703,
+            0x220216B9, 0x5505262F, 0xC5BA3BBE, 0xB2BD0B28, 0x2BB45A92, 0x5CB36A04, 0xC2D7FFA7,
+            0xB5D0CF31, 0x2CD99E8B, 0x5BDEAE1D, 0x9B64C2B0, 0xEC63F226, 0x756AA39C, 0x026D930A,
+            0x9C0906A9, 0xEB0E363F, 0x72076785, 0x05005713, 0x95BF4A82, 0xE2B87A14, 0x7BB12BAE,
+            0x0CB61B38, 0x92D28E9B, 0xE5D5BE0D, 0x7CDCEFB7, 0x0BDBDF21, 0x86D3D2D4, 0xF1D4E242,
+            0x68DDB3F8, 0x1FDA836E, 0x81BE16CD, 0xF6B9265B, 0x6FB077E1, 0x18B74777, 0x88085AE6,
+            0xFF0F6A70, 0x66063BCA, 0x11010B5C, 0x8F659EFF, 0xF862AE69, 0x616BFFD3, 0x166CCF45,
+            0xA00AE278, 0xD70DD2EE, 0x4E048354, 0x3903B3C2, 0xA7672661, 0xD06016F7, 0x4969474D,
+            0x3E6E77DB, 0xAED16A4A, 0xD9D65ADC, 0x40DF0B66, 0x37D83BF0, 0xA9BCAE53, 0xDEBB9EC5,
+            0x47B2CF7F, 0x30B5FFE9, 0xBDBDF21C, 0xCABAC28A, 0x53B39330, 0x24B4A3A6, 0xBAD03605,
+            0xCDD70693, 0x54DE5729, 0x23D967BF, 0xB3667A2E, 0xC4614AB8, 0x5D681B02, 0x2A6F2B94,
+            0xB40BBE37, 0xC30C8EA1, 0x5A05DF1B, 0x2D02EF8D
+        };
+
+    mz_uint32 crc32 = (mz_uint32)crc ^ 0xFFFFFFFF;
+    const mz_uint8 *pByte_buf = (const mz_uint8 *)ptr;
+
+    while (buf_len >= 4)
+    {
+        crc32 = (crc32 >> 8) ^ s_crc_table[(crc32 ^ pByte_buf[0]) & 0xFF];
+        crc32 = (crc32 >> 8) ^ s_crc_table[(crc32 ^ pByte_buf[1]) & 0xFF];
+        crc32 = (crc32 >> 8) ^ s_crc_table[(crc32 ^ pByte_buf[2]) & 0xFF];
+        crc32 = (crc32 >> 8) ^ s_crc_table[(crc32 ^ pByte_buf[3]) & 0xFF];
+        pByte_buf += 4;
+        buf_len -= 4;
+    }
+
+    while (buf_len)
+    {
+        crc32 = (crc32 >> 8) ^ s_crc_table[(crc32 ^ pByte_buf[0]) & 0xFF];
+        ++pByte_buf;
+        --buf_len;
+    }
+
+    return ~crc32;
+}
+#endif
+
+void mz_free(void *p)
+{
+    MZ_FREE(p);
+}
+
+#ifndef MINIZ_NO_ZLIB_APIS
+
+void *miniz_def_alloc_func(void *opaque, size_t items, size_t size)
+{
+    (void)opaque, (void)items, (void)size;
+    return MZ_MALLOC(items * size);
+}
+void miniz_def_free_func(void *opaque, void *address)
+{
+    (void)opaque, (void)address;
+    MZ_FREE(address);
+}
+void *miniz_def_realloc_func(void *opaque, void *address, size_t items, size_t size)
+{
+    (void)opaque, (void)address, (void)items, (void)size;
+    return MZ_REALLOC(address, items * size);
+}
+
+const char *mz_version(void)
+{
+    return MZ_VERSION;
+}
+
+int mz_deflateInit(mz_streamp pStream, int level)
+{
+    return mz_deflateInit2(pStream, level, MZ_DEFLATED, MZ_DEFAULT_WINDOW_BITS, 9, MZ_DEFAULT_STRATEGY);
+}
+
+int mz_deflateInit2(mz_streamp pStream, int level, int method, int window_bits, int mem_level, int strategy)
+{
+    tdefl_compressor *pComp;
+    mz_uint comp_flags = TDEFL_COMPUTE_ADLER32 | tdefl_create_comp_flags_from_zip_params(level, window_bits, strategy);
+
+    if (!pStream)
+        return MZ_STREAM_ERROR;
+    if ((method != MZ_DEFLATED) || ((mem_level < 1) || (mem_level > 9)) || ((window_bits != MZ_DEFAULT_WINDOW_BITS) && (-window_bits != MZ_DEFAULT_WINDOW_BITS)))
+        return MZ_PARAM_ERROR;
+
+    pStream->data_type = 0;
+    pStream->adler = MZ_ADLER32_INIT;
+    pStream->msg = NULL;
+    pStream->reserved = 0;
+    pStream->total_in = 0;
+    pStream->total_out = 0;
+    if (!pStream->zalloc)
+        pStream->zalloc = miniz_def_alloc_func;
+    if (!pStream->zfree)
+        pStream->zfree = miniz_def_free_func;
+
+    pComp = (tdefl_compressor *)pStream->zalloc(pStream->opaque, 1, sizeof(tdefl_compressor));
+    if (!pComp)
+        return MZ_MEM_ERROR;
+
+    pStream->state = (struct mz_internal_state *)pComp;
+
+    if (tdefl_init(pComp, NULL, NULL, comp_flags) != TDEFL_STATUS_OKAY)
+    {
+        mz_deflateEnd(pStream);
+        return MZ_PARAM_ERROR;
+    }
+
+    return MZ_OK;
+}
+
+int mz_deflateReset(mz_streamp pStream)
+{
+    if ((!pStream) || (!pStream->state) || (!pStream->zalloc) || (!pStream->zfree))
+        return MZ_STREAM_ERROR;
+    pStream->total_in = pStream->total_out = 0;
+    tdefl_init((tdefl_compressor *)pStream->state, NULL, NULL, ((tdefl_compressor *)pStream->state)->m_flags);
+    return MZ_OK;
+}
+
+int mz_deflate(mz_streamp pStream, int flush)
+{
+    size_t in_bytes, out_bytes;
+    mz_ulong orig_total_in, orig_total_out;
+    int mz_status = MZ_OK;
+
+    if ((!pStream) || (!pStream->state) || (flush < 0) || (flush > MZ_FINISH) || (!pStream->next_out))
+        return MZ_STREAM_ERROR;
+    if (!pStream->avail_out)
+        return MZ_BUF_ERROR;
+
+    if (flush == MZ_PARTIAL_FLUSH)
+        flush = MZ_SYNC_FLUSH;
+
+    if (((tdefl_compressor *)pStream->state)->m_prev_return_status == TDEFL_STATUS_DONE)
+        return (flush == MZ_FINISH) ? MZ_STREAM_END : MZ_BUF_ERROR;
+
+    orig_total_in = pStream->total_in;
+    orig_total_out = pStream->total_out;
+    for (;;)
+    {
+        tdefl_status defl_status;
+        in_bytes = pStream->avail_in;
+        out_bytes = pStream->avail_out;
+
+        defl_status = tdefl_compress((tdefl_compressor *)pStream->state, pStream->next_in, &in_bytes, pStream->next_out, &out_bytes, (tdefl_flush)flush);
+        pStream->next_in += (mz_uint)in_bytes;
+        pStream->avail_in -= (mz_uint)in_bytes;
+        pStream->total_in += (mz_uint)in_bytes;
+        pStream->adler = tdefl_get_adler32((tdefl_compressor *)pStream->state);
+
+        pStream->next_out += (mz_uint)out_bytes;
+        pStream->avail_out -= (mz_uint)out_bytes;
+        pStream->total_out += (mz_uint)out_bytes;
+
+        if (defl_status < 0)
+        {
+            mz_status = MZ_STREAM_ERROR;
+            break;
+        }
+        else if (defl_status == TDEFL_STATUS_DONE)
+        {
+            mz_status = MZ_STREAM_END;
+            break;
+        }
+        else if (!pStream->avail_out)
+            break;
+        else if ((!pStream->avail_in) && (flush != MZ_FINISH))
+        {
+            if ((flush) || (pStream->total_in != orig_total_in) || (pStream->total_out != orig_total_out))
+                break;
+            return MZ_BUF_ERROR; /* Can't make forward progress without some input.
+ */
+        }
+    }
+    return mz_status;
+}
+
+int mz_deflateEnd(mz_streamp pStream)
+{
+    if (!pStream)
+        return MZ_STREAM_ERROR;
+    if (pStream->state)
+    {
+        pStream->zfree(pStream->opaque, pStream->state);
+        pStream->state = NULL;
+    }
+    return MZ_OK;
+}
+
+mz_ulong mz_deflateBound(mz_streamp pStream, mz_ulong source_len)
+{
+    (void)pStream;
+    /* This is really over conservative. (And lame, but it's actually pretty tricky to compute a true upper bound given the way tdefl's blocking works.) */
+    return MZ_MAX(128 + (source_len * 110) / 100, 128 + source_len + ((source_len / (31 * 1024)) + 1) * 5);
+}
+
+int mz_compress2(unsigned char *pDest, mz_ulong *pDest_len, const unsigned char *pSource, mz_ulong source_len, int level)
+{
+    int status;
+    mz_stream stream;
+    memset(&stream, 0, sizeof(stream));
+
+    /* In case mz_ulong is 64-bits (argh I hate longs). */
+    if ((source_len | *pDest_len) > 0xFFFFFFFFU)
+        return MZ_PARAM_ERROR;
+
+    stream.next_in = pSource;
+    stream.avail_in = (mz_uint32)source_len;
+    stream.next_out = pDest;
+    stream.avail_out = (mz_uint32) * pDest_len;
+
+    status = mz_deflateInit(&stream, level);
+    if (status != MZ_OK)
+        return status;
+
+    status = mz_deflate(&stream, MZ_FINISH);
+    if (status != MZ_STREAM_END)
+    {
+        mz_deflateEnd(&stream);
+        return (status == MZ_OK) ? MZ_BUF_ERROR : status;
+    }
+
+    *pDest_len = stream.total_out;
+    return mz_deflateEnd(&stream);
+}
+
+int mz_compress(unsigned char *pDest, mz_ulong *pDest_len, const unsigned char *pSource, mz_ulong source_len)
+{
+    return mz_compress2(pDest, pDest_len, pSource, source_len, MZ_DEFAULT_COMPRESSION);
+}
+
+mz_ulong mz_compressBound(mz_ulong source_len)
+{
+    return mz_deflateBound(NULL, source_len);
+}
+
+typedef struct
+{
+    tinfl_decompressor m_decomp;
+    mz_uint m_dict_ofs, m_dict_avail, m_first_call, m_has_flushed;
+    int m_window_bits;
+    mz_uint8 m_dict[TINFL_LZ_DICT_SIZE];
+    tinfl_status m_last_status;
+} inflate_state;
+
+int mz_inflateInit2(mz_streamp pStream, int window_bits)
+{
+    inflate_state *pDecomp;
+    if (!pStream)
+        return MZ_STREAM_ERROR;
+    if ((window_bits != MZ_DEFAULT_WINDOW_BITS) && (-window_bits != MZ_DEFAULT_WINDOW_BITS))
+        return MZ_PARAM_ERROR;
+
+    pStream->data_type = 0;
+    pStream->adler = 0;
+    pStream->msg = NULL;
+    pStream->total_in = 0;
+    pStream->total_out = 0;
+    pStream->reserved = 0;
+    if (!pStream->zalloc)
+        pStream->zalloc = miniz_def_alloc_func;
+    if (!pStream->zfree)
+        pStream->zfree = miniz_def_free_func;
+
+    pDecomp = (inflate_state *)pStream->zalloc(pStream->opaque, 1, sizeof(inflate_state));
+    if (!pDecomp)
+        return MZ_MEM_ERROR;
+
+    pStream->state = (struct mz_internal_state *)pDecomp;
+
+    tinfl_init(&pDecomp->m_decomp);
+    pDecomp->m_dict_ofs = 0;
+    pDecomp->m_dict_avail = 0;
+    pDecomp->m_last_status = TINFL_STATUS_NEEDS_MORE_INPUT;
+    pDecomp->m_first_call = 1;
+    pDecomp->m_has_flushed = 0;
+    pDecomp->m_window_bits = window_bits;
+
+    return MZ_OK;
+}
+
+int mz_inflateInit(mz_streamp pStream)
+{
+    return mz_inflateInit2(pStream, MZ_DEFAULT_WINDOW_BITS);
+}
+
+int mz_inflate(mz_streamp pStream, int flush)
+{
+    inflate_state *pState;
+    mz_uint n, first_call, decomp_flags = TINFL_FLAG_COMPUTE_ADLER32;
+    size_t in_bytes, out_bytes, orig_avail_in;
+    tinfl_status status;
+
+    if ((!pStream) || (!pStream->state))
+        return MZ_STREAM_ERROR;
+    if (flush == MZ_PARTIAL_FLUSH)
+        flush = MZ_SYNC_FLUSH;
+    if ((flush) && (flush != MZ_SYNC_FLUSH) && (flush != MZ_FINISH))
+        return MZ_STREAM_ERROR;
+
+    pState = (inflate_state *)pStream->state;
+    if (pState->m_window_bits > 0)
+        decomp_flags |= TINFL_FLAG_PARSE_ZLIB_HEADER;
+    orig_avail_in = pStream->avail_in;
+
+    first_call = pState->m_first_call;
+    pState->m_first_call = 0;
+    if (pState->m_last_status < 0)
+        return MZ_DATA_ERROR;
+
+    if (pState->m_has_flushed && (flush != MZ_FINISH))
+        return MZ_STREAM_ERROR;
+    pState->m_has_flushed |= (flush == MZ_FINISH);
+
+    if ((flush == MZ_FINISH) && (first_call))
+    {
+        /* MZ_FINISH on the first call implies that the input and output buffers are large enough to hold the entire compressed/decompressed file. */
+        decomp_flags |= TINFL_FLAG_USING_NON_WRAPPING_OUTPUT_BUF;
+        in_bytes = pStream->avail_in;
+        out_bytes = pStream->avail_out;
+        status = tinfl_decompress(&pState->m_decomp, pStream->next_in, &in_bytes, pStream->next_out, pStream->next_out, &out_bytes, decomp_flags);
+        pState->m_last_status = status;
+        pStream->next_in += (mz_uint)in_bytes;
+        pStream->avail_in -= (mz_uint)in_bytes;
+        pStream->total_in += (mz_uint)in_bytes;
+        pStream->adler = tinfl_get_adler32(&pState->m_decomp);
+        pStream->next_out += (mz_uint)out_bytes;
+        pStream->avail_out -= (mz_uint)out_bytes;
+        pStream->total_out += (mz_uint)out_bytes;
+
+        if (status < 0)
+            return MZ_DATA_ERROR;
+        else if (status != TINFL_STATUS_DONE)
+        {
+            pState->m_last_status = TINFL_STATUS_FAILED;
+            return MZ_BUF_ERROR;
+        }
+        return MZ_STREAM_END;
+    }
+    /* flush != MZ_FINISH then we must assume there's more input. */
+    if (flush != MZ_FINISH)
+        decomp_flags |= TINFL_FLAG_HAS_MORE_INPUT;
+
+    if (pState->m_dict_avail)
+    {
+        n = MZ_MIN(pState->m_dict_avail, pStream->avail_out);
+        memcpy(pStream->next_out, pState->m_dict + pState->m_dict_ofs, n);
+        pStream->next_out += n;
+        pStream->avail_out -= n;
+        pStream->total_out += n;
+        pState->m_dict_avail -= n;
+        pState->m_dict_ofs = (pState->m_dict_ofs + n) & (TINFL_LZ_DICT_SIZE - 1);
+        return ((pState->m_last_status == TINFL_STATUS_DONE) && (!pState->m_dict_avail)) ? MZ_STREAM_END : MZ_OK;
+    }
+
+    for (;;)
+    {
+        in_bytes = pStream->avail_in;
+        out_bytes = TINFL_LZ_DICT_SIZE - pState->m_dict_ofs;
+
+        status = tinfl_decompress(&pState->m_decomp, pStream->next_in, &in_bytes, pState->m_dict, pState->m_dict + pState->m_dict_ofs, &out_bytes, decomp_flags);
+        pState->m_last_status = status;
+
+        pStream->next_in += (mz_uint)in_bytes;
+        pStream->avail_in -= (mz_uint)in_bytes;
+        pStream->total_in += (mz_uint)in_bytes;
+        pStream->adler = tinfl_get_adler32(&pState->m_decomp);
+
+        pState->m_dict_avail = (mz_uint)out_bytes;
+
+        n = MZ_MIN(pState->m_dict_avail, pStream->avail_out);
+        memcpy(pStream->next_out, pState->m_dict + pState->m_dict_ofs, n);
+        pStream->next_out += n;
+        pStream->avail_out -= n;
+        pStream->total_out += n;
+        pState->m_dict_avail -= n;
+        pState->m_dict_ofs = (pState->m_dict_ofs + n) & (TINFL_LZ_DICT_SIZE - 1);
+
+        if (status < 0)
+            return MZ_DATA_ERROR; /* Stream is corrupted (there could be some uncompressed data left in the output dictionary - oh well). */
+        else if ((status == TINFL_STATUS_NEEDS_MORE_INPUT) && (!orig_avail_in))
+            return MZ_BUF_ERROR; /* Signal caller that we can't make forward progress without supplying more input or by setting flush to MZ_FINISH. */
+        else if (flush == MZ_FINISH)
+        {
+            /* The output buffer MUST be large to hold the remaining uncompressed data when flush==MZ_FINISH. */
+            if (status == TINFL_STATUS_DONE)
+                return pState->m_dict_avail ? MZ_BUF_ERROR : MZ_STREAM_END;
+            /* status here must be TINFL_STATUS_HAS_MORE_OUTPUT, which means there's at least 1 more byte on the way. If there's no more room left in the output buffer then something is wrong. */
+            else if (!pStream->avail_out)
+                return MZ_BUF_ERROR;
+        }
+        else if ((status == TINFL_STATUS_DONE) || (!pStream->avail_in) || (!pStream->avail_out) || (pState->m_dict_avail))
+            break;
+    }
+
+    return ((status == TINFL_STATUS_DONE) && (!pState->m_dict_avail)) ? MZ_STREAM_END : MZ_OK;
+}
+
+int mz_inflateEnd(mz_streamp pStream)
+{
+    if (!pStream)
+        return MZ_STREAM_ERROR;
+    if (pStream->state)
+    {
+        pStream->zfree(pStream->opaque, pStream->state);
+        pStream->state = NULL;
+    }
+    return MZ_OK;
+}
+
+int mz_uncompress(unsigned char *pDest, mz_ulong *pDest_len, const unsigned char *pSource, mz_ulong source_len)
+{
+    mz_stream stream;
+    int status;
+    memset(&stream, 0, sizeof(stream));
+
+    /* In case mz_ulong is 64-bits (argh I hate longs). */
+    if ((source_len | *pDest_len) > 0xFFFFFFFFU)
+        return MZ_PARAM_ERROR;
+
+    stream.next_in = pSource;
+    stream.avail_in = (mz_uint32)source_len;
+    stream.next_out = pDest;
+    stream.avail_out = (mz_uint32) * pDest_len;
+
+    status = mz_inflateInit(&stream);
+    if (status != MZ_OK)
+        return status;
+
+    status = mz_inflate(&stream, MZ_FINISH);
+    if (status != MZ_STREAM_END)
+    {
+        mz_inflateEnd(&stream);
+        return ((status == MZ_BUF_ERROR) && (!stream.avail_in)) ? MZ_DATA_ERROR : status;
+    }
+    *pDest_len = stream.total_out;
+
+    return mz_inflateEnd(&stream);
+}
+
+const char *mz_error(int err)
+{
+    static struct
+    {
+        int m_err;
+        const char *m_pDesc;
+    } s_error_descs[] =
+          {
+              { MZ_OK, "" }, { MZ_STREAM_END, "stream end" }, { MZ_NEED_DICT, "need dictionary" }, { MZ_ERRNO, "file error" }, { MZ_STREAM_ERROR, "stream error" },
+              { MZ_DATA_ERROR, "data error" }, { MZ_MEM_ERROR, "out of memory" }, { MZ_BUF_ERROR, "buf error" }, { MZ_VERSION_ERROR, "version error" }, { MZ_PARAM_ERROR, "parameter error" }
+          };
+    mz_uint i;
+    for (i = 0; i < sizeof(s_error_descs) / sizeof(s_error_descs[0]); ++i)
+        if (s_error_descs[i].m_err == err)
+            return s_error_descs[i].m_pDesc;
+    return NULL;
+}
+
+#endif /*MINIZ_NO_ZLIB_APIS */
+
+#ifdef __cplusplus
+}
+#endif
+
+/*
+  This is free and unencumbered software released into the public domain.
+
+  Anyone is free to copy, modify, publish, use, compile, sell, or
+  distribute this software, either in source code form or as a compiled
+  binary, for any purpose, commercial or non-commercial, and by any
+  means.
+
+  In jurisdictions that recognize copyright laws, the author or authors
+  of this software dedicate any and all copyright interest in the
+  software to the public domain. We make this dedication for the benefit
+  of the public at large and to the detriment of our heirs and
+  successors. We intend this dedication to be an overt act of
+  relinquishment in perpetuity of all present and future rights to this
+  software under copyright law.
+
+  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+  EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+  MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+  IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
+  OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
+  ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+  OTHER DEALINGS IN THE SOFTWARE.
+
+  For more information, please refer to <http://unlicense.org/>
+*/
+/**************************************************************************
+ *
+ * Copyright 2013-2014 RAD Game Tools and Valve Software
+ * Copyright 2010-2014 Rich Geldreich and Tenacious Software LLC
+ * All Rights Reserved.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ *
+ **************************************************************************/
+
+
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* ------------------- Low-level Compression (independent from all decompression API's) */
+
+/* Purposely making these tables static for faster init and thread safety. */
+static const mz_uint16 s_tdefl_len_sym[256] =
+    {
+        257, 258, 259, 260, 261, 262, 263, 264, 265, 265, 266, 266, 267, 267, 268, 268, 269, 269, 269, 269, 270, 270, 270, 270, 271, 271, 271, 271, 272, 272, 272, 272,
+        273, 273, 273, 273, 273, 273, 273, 273, 274, 274, 274, 274, 274, 274, 274, 274, 275, 275, 275, 275, 275, 275, 275, 275, 276, 276, 276, 276, 276, 276, 276, 276,
+        277, 277, 277, 277, 277, 277, 277, 277, 277, 277, 277, 277, 277, 277, 277, 277, 278, 278, 278, 278, 278, 278, 278, 278, 278, 278, 278, 278, 278, 278, 278, 278,
+        279, 279, 279, 279, 279, 279, 279, 279, 279, 279, 279, 279, 279, 279, 279, 279, 280, 280, 280, 280, 280, 280, 280, 280, 280, 280, 280, 280, 280, 280, 280, 280,
+        281, 281, 281, 281, 281, 281, 281, 281, 281, 281, 281, 281, 281, 281, 281, 281, 281, 281, 281, 281, 281, 281, 281, 281, 281, 281, 281, 281, 281, 281, 281, 281,
+        282, 282, 282, 282, 282, 282, 282, 282, 282, 282, 282, 282, 282, 282, 282, 282, 282, 282, 282, 282, 282, 282, 282, 282, 282, 282, 282, 282, 282, 282, 282, 282,
+        283, 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, 283,
+        284, 284, 284, 284, 284, 284, 284, 284, 284, 284, 284, 284, 284, 284, 284, 284, 284, 284, 284, 284, 284, 284, 284, 284, 284, 284, 284, 284, 284, 284, 284, 285
+    };
+
+static const mz_uint8 s_tdefl_len_extra[256] =
+    {
+        0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3,
+        4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4,
+        5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5,
+        5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 0
+    };
+
+static const mz_uint8 s_tdefl_small_dist_sym[512] =
+    {
+        0, 1, 2, 3, 4, 4, 5, 5, 6, 6, 6, 6, 7, 7, 7, 7, 8, 8, 8, 8, 8, 8, 8, 8, 9, 9, 9, 9, 9, 9, 9, 9, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 11, 11, 11, 11, 11, 11,
+        11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 13,
+        13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14,
+        14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14,
+        14, 14, 14, 14, 14, 14, 14, 14, 14, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15,
+        15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16,
+        16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16,
+        16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16,
+        16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17,
+        17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17,
+        17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17,
+        17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17
+    };
+
+static const mz_uint8 s_tdefl_small_dist_extra[512] =
+    {
+        0, 0, 0, 0, 1, 1, 1, 1, 2, 2, 2, 2, 2, 2, 2, 2, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 5, 5, 5, 5, 5, 5, 5, 5,
+        5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6,
+        6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6,
+        6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7,
+        7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7,
+        7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7,
+        7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7,
+        7, 7, 7, 7, 7, 7, 7, 7
+    };
+
+static const mz_uint8 s_tdefl_large_dist_sym[128] =
+    {
+        0, 0, 18, 19, 20, 20, 21, 21, 22, 22, 22, 22, 23, 23, 23, 23, 24, 24, 24, 24, 24, 24, 24, 24, 25, 25, 25, 25, 25, 25, 25, 25, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26,
+        26, 26, 26, 26, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28,
+        28, 28, 28, 28, 28, 28, 28, 28, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29
+    };
+
+static const mz_uint8 s_tdefl_large_dist_extra[128] =
+    {
+        0, 0, 8, 8, 9, 9, 9, 9, 10, 10, 10, 10, 10, 10, 10, 10, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12,
+        12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13,
+        13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13
+    };
+
+/* Radix sorts tdefl_sym_freq[] array by 16-bit key m_key. Returns ptr to sorted values. */
+typedef struct
+{
+    mz_uint16 m_key, m_sym_index;
+} tdefl_sym_freq;
+static tdefl_sym_freq *tdefl_radix_sort_syms(mz_uint num_syms, tdefl_sym_freq *pSyms0, tdefl_sym_freq *pSyms1)
+{
+    mz_uint32 total_passes = 2, pass_shift, pass, i, hist[256 * 2];
+    tdefl_sym_freq *pCur_syms = pSyms0, *pNew_syms = pSyms1;
+    MZ_CLEAR_OBJ(hist);
+    for (i = 0; i < num_syms; i++)
+    {
+        mz_uint freq = pSyms0[i].m_key;
+        hist[freq & 0xFF]++;
+        hist[256 + ((freq >> 8) & 0xFF)]++;
+    }
+    while ((total_passes > 1) && (num_syms == hist[(total_passes - 1) * 256]))
+        total_passes--;
+    for (pass_shift = 0, pass = 0; pass < total_passes; pass++, pass_shift += 8)
+    {
+        const mz_uint32 *pHist = &hist[pass << 8];
+        mz_uint offsets[256], cur_ofs = 0;
+        for (i = 0; i < 256; i++)
+        {
+            offsets[i] = cur_ofs;
+            cur_ofs += pHist[i];
+        }
+        for (i = 0; i < num_syms; i++)
+            pNew_syms[offsets[(pCur_syms[i].m_key >> pass_shift) & 0xFF]++] = pCur_syms[i];
+        {
+            tdefl_sym_freq *t = pCur_syms;
+            pCur_syms = pNew_syms;
+            pNew_syms = t;
+        }
+    }
+    return pCur_syms;
+}
+
+/* tdefl_calculate_minimum_redundancy() originally written by: Alistair Moffat, alistair@cs.mu.oz.au, Jyrki Katajainen, jyrki@diku.dk, November 1996. */
+static void tdefl_calculate_minimum_redundancy(tdefl_sym_freq *A, int n)
+{
+    int root, leaf, next, avbl, used, dpth;
+    if (n == 0)
+        return;
+    else if (n == 1)
+    {
+        A[0].m_key = 1;
+        return;
+    }
+    A[0].m_key += A[1].m_key;
+    root = 0;
+    leaf = 2;
+    for (next = 1; next < n - 1; next++)
+    {
+        if (leaf >= n || A[root].m_key < A[leaf].m_key)
+        {
+            A[next].m_key = A[root].m_key;
+            A[root++].m_key = (mz_uint16)next;
+        }
+        else
+            A[next].m_key = A[leaf++].m_key;
+        if (leaf >= n || (root < next && A[root].m_key < A[leaf].m_key))
+        {
+            A[next].m_key = (mz_uint16)(A[next].m_key + A[root].m_key);
+            A[root++].m_key = (mz_uint16)next;
+        }
+        else
+            A[next].m_key = (mz_uint16)(A[next].m_key + A[leaf++].m_key);
+    }
+    A[n - 2].m_key = 0;
+    for (next = n - 3; next >= 0; next--)
+        A[next].m_key = A[A[next].m_key].m_key + 1;
+    avbl = 1;
+    used = dpth = 0;
+    root = n - 2;
+    next = n - 1;
+    while (avbl > 0)
+    {
+        while (root >= 0 && (int)A[root].m_key == dpth)
+        {
+            used++;
+            root--;
+        }
+        while (avbl > used)
+        {
+            A[next--].m_key = (mz_uint16)(dpth);
+            avbl--;
+        }
+        avbl = 2 * used;
+        dpth++;
+        used = 0;
+    }
+}
+
+/* Limits canonical Huffman code table's max code size. */
+enum
+{
+    TDEFL_MAX_SUPPORTED_HUFF_CODESIZE = 32
+};
+static void tdefl_huffman_enforce_max_code_size(int *pNum_codes, int code_list_len, int max_code_size)
+{
+    int i;
+    mz_uint32 total = 0;
+    if (code_list_len <= 1)
+        return;
+    for (i = max_code_size + 1; i <= TDEFL_MAX_SUPPORTED_HUFF_CODESIZE; i++)
+        pNum_codes[max_code_size] += pNum_codes[i];
+    for (i = max_code_size; i > 0; i--)
+        total += (((mz_uint32)pNum_codes[i]) << (max_code_size - i));
+    while (total != (1UL << max_code_size))
+    {
+        pNum_codes[max_code_size]--;
+        for (i = max_code_size - 1; i > 0; i--)
+            if (pNum_codes[i])
+            {
+                pNum_codes[i]--;
+                pNum_codes[i + 1] += 2;
+                break;
+            }
+        total--;
+    }
+}
+
+static void tdefl_optimize_huffman_table(tdefl_compressor *d, int table_num, int table_len, int code_size_limit, int static_table)
+{
+    int i, j, l, num_codes[1 + TDEFL_MAX_SUPPORTED_HUFF_CODESIZE];
+    mz_uint next_code[TDEFL_MAX_SUPPORTED_HUFF_CODESIZE + 1];
+    MZ_CLEAR_OBJ(num_codes);
+    if (static_table)
+    {
+        for (i = 0; i < table_len; i++)
+            num_codes[d->m_huff_code_sizes[table_num][i]]++;
+    }
+    else
+    {
+        tdefl_sym_freq syms0[TDEFL_MAX_HUFF_SYMBOLS], syms1[TDEFL_MAX_HUFF_SYMBOLS], *pSyms;
+        int num_used_syms = 0;
+        const mz_uint16 *pSym_count = &d->m_huff_count[table_num][0];
+        for (i = 0; i < table_len; i++)
+            if (pSym_count[i])
+            {
+                syms0[num_used_syms].m_key = (mz_uint16)pSym_count[i];
+                syms0[num_used_syms++].m_sym_index = (mz_uint16)i;
+            }
+
+        pSyms = tdefl_radix_sort_syms(num_used_syms, syms0, syms1);
+        tdefl_calculate_minimum_redundancy(pSyms, num_used_syms);
+
+        for (i = 0; i < num_used_syms; i++)
+            num_codes[pSyms[i].m_key]++;
+
+        tdefl_huffman_enforce_max_code_size(num_codes, num_used_syms, code_size_limit);
+
+        MZ_CLEAR_OBJ(d->m_huff_code_sizes[table_num]);
+        MZ_CLEAR_OBJ(d->m_huff_codes[table_num]);
+        for (i = 1, j = num_used_syms; i <= code_size_limit; i++)
+            for (l = num_codes[i]; l > 0; l--)
+                d->m_huff_code_sizes[table_num][pSyms[--j].m_sym_index] = (mz_uint8)(i);
+    }
+
+    next_code[1] = 0;
+    for (j = 0, i = 2; i <= code_size_limit; i++)
+        next_code[i] = j = ((j + num_codes[i - 1]) << 1);
+
+    for (i = 0; i < table_len; i++)
+    {
+        mz_uint rev_code = 0, code, code_size;
+        if ((code_size = d->m_huff_code_sizes[table_num][i]) == 0)
+            continue;
+        code = next_code[code_size]++;
+        for (l = code_size; l > 0; l--, code >>= 1)
+            rev_code = (rev_code << 1) | (code & 1);
+        d->m_huff_codes[table_num][i] = (mz_uint16)rev_code;
+    }
+}
+
+#define TDEFL_PUT_BITS(b, l)                                       \
+    do                                                             \
+    {                                                              \
+        mz_uint bits = b;                                          \
+        mz_uint len = l;                                           \
+        MZ_ASSERT(bits <= ((1U << len) - 1U));                     \
+        d->m_bit_buffer |= (bits << d->m_bits_in);                 \
+        d->m_bits_in += len;                                       \
+        while (d->m_bits_in >= 8)                                  \
+        {                                                          \
+            if (d->m_pOutput_buf < d->m_pOutput_buf_end)           \
+                *d->m_pOutput_buf++ = (mz_uint8)(d->m_bit_buffer); \
+            d->m_bit_buffer >>= 8;                                 \
+            d->m_bits_in -= 8;                                     \
+        }                                                          \
+    }                                                              \
+    MZ_MACRO_END
+
+#define TDEFL_RLE_PREV_CODE_SIZE()                                                                                       \
+    {                                                                                                                    \
+        if (rle_repeat_count)                                                                                            \
+        {                                                                                                                \
+            if (rle_repeat_count < 3)                                                                                    \
+            {                                                                                                            \
+                d->m_huff_count[2][prev_code_size] = (mz_uint16)(d->m_huff_count[2][prev_code_size] + rle_repeat_count); \
+                while (rle_repeat_count--)                                                                               \
+                    packed_code_sizes[num_packed_code_sizes++] = prev_code_size;                                         \
+            }                                                                                                            \
+            else                                                                                                         \
+            {                                                                                                            \
+                d->m_huff_count[2][16] = (mz_uint16)(d->m_huff_count[2][16] + 1);                                        \
+                packed_code_sizes[num_packed_code_sizes++] = 16;                                                         \
+                packed_code_sizes[num_packed_code_sizes++] = (mz_uint8)(rle_repeat_count - 3);                           \
+            }                                                                                                            \
+            rle_repeat_count = 0;                                                                                        \
+        }                                                                                                                \
+    }
+
+#define TDEFL_RLE_ZERO_CODE_SIZE()                                                         \
+    {                                                                                      \
+        if (rle_z_count)                                                                   \
+        {                                                                                  \
+            if (rle_z_count < 3)                                                           \
+            {                                                                              \
+                d->m_huff_count[2][0] = (mz_uint16)(d->m_huff_count[2][0] + rle_z_count);  \
+                while (rle_z_count--)                                                      \
+                    packed_code_sizes[num_packed_code_sizes++] = 0;                        \
+            }                                                                              \
+            else if (rle_z_count <= 10)                                                    \
+            {                                                                              \
+                d->m_huff_count[2][17] = (mz_uint16)(d->m_huff_count[2][17] + 1);          \
+                packed_code_sizes[num_packed_code_sizes++] = 17;                           \
+                packed_code_sizes[num_packed_code_sizes++] = (mz_uint8)(rle_z_count - 3);  \
+            }                                                                              \
+            else                                                                           \
+            {                                                                              \
+                d->m_huff_count[2][18] = (mz_uint16)(d->m_huff_count[2][18] + 1);          \
+                packed_code_sizes[num_packed_code_sizes++] = 18;                           \
+                packed_code_sizes[num_packed_code_sizes++] = (mz_uint8)(rle_z_count - 11); \
+            }                                                                              \
+            rle_z_count = 0;                                                               \
+        }                                                                                  \
+    }
+
+static mz_uint8 s_tdefl_packed_code_size_syms_swizzle[] = { 16, 17, 18, 0, 8, 7, 9, 6, 10, 5, 11, 4, 12, 3, 13, 2, 14, 1, 15 };
+
+static void tdefl_start_dynamic_block(tdefl_compressor *d)
+{
+    int num_lit_codes, num_dist_codes, num_bit_lengths;
+    mz_uint i, total_code_sizes_to_pack, num_packed_code_sizes, rle_z_count, rle_repeat_count, packed_code_sizes_index;
+    mz_uint8 code_sizes_to_pack[TDEFL_MAX_HUFF_SYMBOLS_0 + TDEFL_MAX_HUFF_SYMBOLS_1], packed_code_sizes[TDEFL_MAX_HUFF_SYMBOLS_0 + TDEFL_MAX_HUFF_SYMBOLS_1], prev_code_size = 0xFF;
+
+    d->m_huff_count[0][256] = 1;
+
+    tdefl_optimize_huffman_table(d, 0, TDEFL_MAX_HUFF_SYMBOLS_0, 15, MZ_FALSE);
+    tdefl_optimize_huffman_table(d, 1, TDEFL_MAX_HUFF_SYMBOLS_1, 15, MZ_FALSE);
+
+    for (num_lit_codes = 286; num_lit_codes > 257; num_lit_codes--)
+        if (d->m_huff_code_sizes[0][num_lit_codes - 1])
+            break;
+    for (num_dist_codes = 30; num_dist_codes > 1; num_dist_codes--)
+        if (d->m_huff_code_sizes[1][num_dist_codes - 1])
+            break;
+
+    memcpy(code_sizes_to_pack, &d->m_huff_code_sizes[0][0], num_lit_codes);
+    memcpy(code_sizes_to_pack + num_lit_codes, &d->m_huff_code_sizes[1][0], num_dist_codes);
+    total_code_sizes_to_pack = num_lit_codes + num_dist_codes;
+    num_packed_code_sizes = 0;
+    rle_z_count = 0;
+    rle_repeat_count = 0;
+
+    memset(&d->m_huff_count[2][0], 0, sizeof(d->m_huff_count[2][0]) * TDEFL_MAX_HUFF_SYMBOLS_2);
+    for (i = 0; i < total_code_sizes_to_pack; i++)
+    {
+        mz_uint8 code_size = code_sizes_to_pack[i];
+        if (!code_size)
+        {
+            TDEFL_RLE_PREV_CODE_SIZE();
+            if (++rle_z_count == 138)
+            {
+                TDEFL_RLE_ZERO_CODE_SIZE();
+            }
+        }
+        else
+        {
+            TDEFL_RLE_ZERO_CODE_SIZE();
+            if (code_size != prev_code_size)
+            {
+                TDEFL_RLE_PREV_CODE_SIZE();
+                d->m_huff_count[2][code_size] = (mz_uint16)(d->m_huff_count[2][code_size] + 1);
+                packed_code_sizes[num_packed_code_sizes++] = code_size;
+            }
+            else if (++rle_repeat_count == 6)
+            {
+                TDEFL_RLE_PREV_CODE_SIZE();
+            }
+        }
+        prev_code_size = code_size;
+    }
+    if (rle_repeat_count)
+    {
+        TDEFL_RLE_PREV_CODE_SIZE();
+    }
+    else
+    {
+        TDEFL_RLE_ZERO_CODE_SIZE();
+    }
+
+    tdefl_optimize_huffman_table(d, 2, TDEFL_MAX_HUFF_SYMBOLS_2, 7, MZ_FALSE);
+
+    TDEFL_PUT_BITS(2, 2);
+
+    TDEFL_PUT_BITS(num_lit_codes - 257, 5);
+    TDEFL_PUT_BITS(num_dist_codes - 1, 5);
+
+    for (num_bit_lengths = 18; num_bit_lengths >= 0; num_bit_lengths--)
+        if (d->m_huff_code_sizes[2][s_tdefl_packed_code_size_syms_swizzle[num_bit_lengths]])
+            break;
+    num_bit_lengths = MZ_MAX(4, (num_bit_lengths + 1));
+    TDEFL_PUT_BITS(num_bit_lengths - 4, 4);
+    for (i = 0; (int)i < num_bit_lengths; i++)
+        TDEFL_PUT_BITS(d->m_huff_code_sizes[2][s_tdefl_packed_code_size_syms_swizzle[i]], 3);
+
+    for (packed_code_sizes_index = 0; packed_code_sizes_index < num_packed_code_sizes;)
+    {
+        mz_uint code = packed_code_sizes[packed_code_sizes_index++];
+        MZ_ASSERT(code < TDEFL_MAX_HUFF_SYMBOLS_2);
+        TDEFL_PUT_BITS(d->m_huff_codes[2][code], d->m_huff_code_sizes[2][code]);
+        if (code >= 16)
+            TDEFL_PUT_BITS(packed_code_sizes[packed_code_sizes_index++], "\02\03\07"[code - 16]);
+    }
+}
+
+static void tdefl_start_static_block(tdefl_compressor *d)
+{
+    mz_uint i;
+    mz_uint8 *p = &d->m_huff_code_sizes[0][0];
+
+    for (i = 0; i <= 143; ++i)
+        *p++ = 8;
+    for (; i <= 255; ++i)
+        *p++ = 9;
+    for (; i <= 279; ++i)
+        *p++ = 7;
+    for (; i <= 287; ++i)
+        *p++ = 8;
+
+    memset(d->m_huff_code_sizes[1], 5, 32);
+
+    tdefl_optimize_huffman_table(d, 0, 288, 15, MZ_TRUE);
+    tdefl_optimize_huffman_table(d, 1, 32, 15, MZ_TRUE);
+
+    TDEFL_PUT_BITS(1, 2);
+}
+
+static const mz_uint mz_bitmasks[17] = { 0x0000, 0x0001, 0x0003, 0x0007, 0x000F, 0x001F, 0x003F, 0x007F, 0x00FF, 0x01FF, 0x03FF, 0x07FF, 0x0FFF, 0x1FFF, 0x3FFF, 0x7FFF, 0xFFFF };
+
+#if MINIZ_USE_UNALIGNED_LOADS_AND_STORES &&MINIZ_LITTLE_ENDIAN &&MINIZ_HAS_64BIT_REGISTERS
+static mz_bool tdefl_compress_lz_codes(tdefl_compressor *d)
+{
+    mz_uint flags;
+    mz_uint8 *pLZ_codes;
+    mz_uint8 *pOutput_buf = d->m_pOutput_buf;
+    mz_uint8 *pLZ_code_buf_end = d->m_pLZ_code_buf;
+    mz_uint64 bit_buffer = d->m_bit_buffer;
+    mz_uint bits_in = d->m_bits_in;
+
+#define TDEFL_PUT_BITS_FAST(b, l)                    \
+    {                                                \
+        bit_buffer |= (((mz_uint64)(b)) << bits_in); \
+        bits_in += (l);                              \
+    }
+
+    flags = 1;
+    for (pLZ_codes = d->m_lz_code_buf; pLZ_codes < pLZ_code_buf_end; flags >>= 1)
+    {
+        if (flags == 1)
+            flags = *pLZ_codes++ | 0x100;
+
+        if (flags & 1)
+        {
+            mz_uint s0, s1, n0, n1, sym, num_extra_bits;
+            mz_uint match_len = pLZ_codes[0], match_dist = *(const mz_uint16 *)(pLZ_codes + 1);
+            pLZ_codes += 3;
+
+            MZ_ASSERT(d->m_huff_code_sizes[0][s_tdefl_len_sym[match_len]]);
+            TDEFL_PUT_BITS_FAST(d->m_huff_codes[0][s_tdefl_len_sym[match_len]], d->m_huff_code_sizes[0][s_tdefl_len_sym[match_len]]);
+            TDEFL_PUT_BITS_FAST(match_len & mz_bitmasks[s_tdefl_len_extra[match_len]], s_tdefl_len_extra[match_len]);
+
+            /* This sequence coaxes MSVC into using cmov's vs. jmp's. */
+            s0 = s_tdefl_small_dist_sym[match_dist & 511];
+            n0 = s_tdefl_small_dist_extra[match_dist & 511];
+            s1 = s_tdefl_large_dist_sym[match_dist >> 8];
+            n1 = s_tdefl_large_dist_extra[match_dist >> 8];
+            sym = (match_dist < 512) ? s0 : s1;
+            num_extra_bits = (match_dist < 512) ? n0 : n1;
+
+            MZ_ASSERT(d->m_huff_code_sizes[1][sym]);
+            TDEFL_PUT_BITS_FAST(d->m_huff_codes[1][sym], d->m_huff_code_sizes[1][sym]);
+            TDEFL_PUT_BITS_FAST(match_dist & mz_bitmasks[num_extra_bits], num_extra_bits);
+        }
+        else
+        {
+            mz_uint lit = *pLZ_codes++;
+            MZ_ASSERT(d->m_huff_code_sizes[0][lit]);
+            TDEFL_PUT_BITS_FAST(d->m_huff_codes[0][lit], d->m_huff_code_sizes[0][lit]);
+
+            if (((flags & 2) == 0) && (pLZ_codes < pLZ_code_buf_end))
+            {
+                flags >>= 1;
+                lit = *pLZ_codes++;
+                MZ_ASSERT(d->m_huff_code_sizes[0][lit]);
+                TDEFL_PUT_BITS_FAST(d->m_huff_codes[0][lit], d->m_huff_code_sizes[0][lit]);
+
+                if (((flags & 2) == 0) && (pLZ_codes < pLZ_code_buf_end))
+                {
+                    flags >>= 1;
+                    lit = *pLZ_codes++;
+                    MZ_ASSERT(d->m_huff_code_sizes[0][lit]);
+                    TDEFL_PUT_BITS_FAST(d->m_huff_codes[0][lit], d->m_huff_code_sizes[0][lit]);
+                }
+            }
+        }
+
+        if (pOutput_buf >= d->m_pOutput_buf_end)
+            return MZ_FALSE;
+
+        *(mz_uint64 *)pOutput_buf = bit_buffer;
+        pOutput_buf += (bits_in >> 3);
+        bit_buffer >>= (bits_in & ~7);
+        bits_in &= 7;
+    }
+
+#undef TDEFL_PUT_BITS_FAST
+
+    d->m_pOutput_buf = pOutput_buf;
+    d->m_bits_in = 0;
+    d->m_bit_buffer = 0;
+
+    while (bits_in)
+    {
+        mz_uint32 n = MZ_MIN(bits_in, 16);
+        TDEFL_PUT_BITS((mz_uint)bit_buffer & mz_bitmasks[n], n);
+        bit_buffer >>= n;
+        bits_in -= n;
+    }
+
+    TDEFL_PUT_BITS(d->m_huff_codes[0][256], d->m_huff_code_sizes[0][256]);
+
+    return (d->m_pOutput_buf < d->m_pOutput_buf_end);
+}
+#else
+static mz_bool tdefl_compress_lz_codes(tdefl_compressor *d)
+{
+    mz_uint flags;
+    mz_uint8 *pLZ_codes;
+
+    flags = 1;
+    for (pLZ_codes = d->m_lz_code_buf; pLZ_codes < d->m_pLZ_code_buf; flags >>= 1)
+    {
+        if (flags == 1)
+            flags = *pLZ_codes++ | 0x100;
+        if (flags & 1)
+        {
+            mz_uint sym, num_extra_bits;
+            mz_uint match_len = pLZ_codes[0], match_dist = (pLZ_codes[1] | (pLZ_codes[2] << 8));
+            pLZ_codes += 3;
+
+            MZ_ASSERT(d->m_huff_code_sizes[0][s_tdefl_len_sym[match_len]]);
+            TDEFL_PUT_BITS(d->m_huff_codes[0][s_tdefl_len_sym[match_len]], d->m_huff_code_sizes[0][s_tdefl_len_sym[match_len]]);
+            TDEFL_PUT_BITS(match_len & mz_bitmasks[s_tdefl_len_extra[match_len]], s_tdefl_len_extra[match_len]);
+
+            if (match_dist < 512)
+            {
+                sym = s_tdefl_small_dist_sym[match_dist];
+                num_extra_bits = s_tdefl_small_dist_extra[match_dist];
+            }
+            else
+            {
+                sym = s_tdefl_large_dist_sym[match_dist >> 8];
+                num_extra_bits = s_tdefl_large_dist_extra[match_dist >> 8];
+            }
+            MZ_ASSERT(d->m_huff_code_sizes[1][sym]);
+            TDEFL_PUT_BITS(d->m_huff_codes[1][sym], d->m_huff_code_sizes[1][sym]);
+            TDEFL_PUT_BITS(match_dist & mz_bitmasks[num_extra_bits], num_extra_bits);
+        }
+        else
+        {
+            mz_uint lit = *pLZ_codes++;
+            MZ_ASSERT(d->m_huff_code_sizes[0][lit]);
+            TDEFL_PUT_BITS(d->m_huff_codes[0][lit], d->m_huff_code_sizes[0][lit]);
+        }
+    }
+
+    TDEFL_PUT_BITS(d->m_huff_codes[0][256], d->m_huff_code_sizes[0][256]);
+
+    return (d->m_pOutput_buf < d->m_pOutput_buf_end);
+}
+#endif /* MINIZ_USE_UNALIGNED_LOADS_AND_STORES && MINIZ_LITTLE_ENDIAN && MINIZ_HAS_64BIT_REGISTERS */
+
+static mz_bool tdefl_compress_block(tdefl_compressor *d, mz_bool static_block)
+{
+    if (static_block)
+        tdefl_start_static_block(d);
+    else
+        tdefl_start_dynamic_block(d);
+    return tdefl_compress_lz_codes(d);
+}
+
+static int tdefl_flush_block(tdefl_compressor *d, int flush)
+{
+    mz_uint saved_bit_buf, saved_bits_in;
+    mz_uint8 *pSaved_output_buf;
+    mz_bool comp_block_succeeded = MZ_FALSE;
+    int n, use_raw_block = ((d->m_flags & TDEFL_FORCE_ALL_RAW_BLOCKS) != 0) && (d->m_lookahead_pos - d->m_lz_code_buf_dict_pos) <= d->m_dict_size;
+    mz_uint8 *pOutput_buf_start = ((d->m_pPut_buf_func == NULL) && ((*d->m_pOut_buf_size - d->m_out_buf_ofs) >= TDEFL_OUT_BUF_SIZE)) ? ((mz_uint8 *)d->m_pOut_buf + d->m_out_buf_ofs) : d->m_output_buf;
+
+    d->m_pOutput_buf = pOutput_buf_start;
+    d->m_pOutput_buf_end = d->m_pOutput_buf + TDEFL_OUT_BUF_SIZE - 16;
+
+    MZ_ASSERT(!d->m_output_flush_remaining);
+    d->m_output_flush_ofs = 0;
+    d->m_output_flush_remaining = 0;
+
+    *d->m_pLZ_flags = (mz_uint8)(*d->m_pLZ_flags >> d->m_num_flags_left);
+    d->m_pLZ_code_buf -= (d->m_num_flags_left == 8);
+
+    if ((d->m_flags & TDEFL_WRITE_ZLIB_HEADER) && (!d->m_block_index))
+    {
+        TDEFL_PUT_BITS(0x78, 8);
+        TDEFL_PUT_BITS(0x01, 8);
+    }
+
+    TDEFL_PUT_BITS(flush == TDEFL_FINISH, 1);
+
+    pSaved_output_buf = d->m_pOutput_buf;
+    saved_bit_buf = d->m_bit_buffer;
+    saved_bits_in = d->m_bits_in;
+
+    if (!use_raw_block)
+        comp_block_succeeded = tdefl_compress_block(d, (d->m_flags & TDEFL_FORCE_ALL_STATIC_BLOCKS) || (d->m_total_lz_bytes < 48));
+
+    /* If the block gets expanded, forget the current contents of the output buffer and send a raw block instead. */
+    if (((use_raw_block) || ((d->m_total_lz_bytes) && ((d->m_pOutput_buf - pSaved_output_buf + 1U) >= d->m_total_lz_bytes))) &&
+        ((d->m_lookahead_pos - d->m_lz_code_buf_dict_pos) <= d->m_dict_size))
+    {
+        mz_uint i;
+        d->m_pOutput_buf = pSaved_output_buf;
+        d->m_bit_buffer = saved_bit_buf, d->m_bits_in = saved_bits_in;
+        TDEFL_PUT_BITS(0, 2);
+        if (d->m_bits_in)
+        {
+            TDEFL_PUT_BITS(0, 8 - d->m_bits_in);
+        }
+        for (i = 2; i; --i, d->m_total_lz_bytes ^= 0xFFFF)
+        {
+            TDEFL_PUT_BITS(d->m_total_lz_bytes & 0xFFFF, 16);
+        }
+        for (i = 0; i < d->m_total_lz_bytes; ++i)
+        {
+            TDEFL_PUT_BITS(d->m_dict[(d->m_lz_code_buf_dict_pos + i) & TDEFL_LZ_DICT_SIZE_MASK], 8);
+        }
+    }
+    /* Check for the extremely unlikely (if not impossible) case of the compressed block not fitting into the output buffer when using dynamic codes. */
+    else if (!comp_block_succeeded)
+    {
+        d->m_pOutput_buf = pSaved_output_buf;
+        d->m_bit_buffer = saved_bit_buf, d->m_bits_in = saved_bits_in;
+        tdefl_compress_block(d, MZ_TRUE);
+    }
+
+    if (flush)
+    {
+        if (flush == TDEFL_FINISH)
+        {
+            if (d->m_bits_in)
+            {
+                TDEFL_PUT_BITS(0, 8 - d->m_bits_in);
+            }
+            if (d->m_flags & TDEFL_WRITE_ZLIB_HEADER)
+            {
+                mz_uint i, a = d->m_adler32;
+                for (i = 0; i < 4; i++)
+                {
+                    TDEFL_PUT_BITS((a >> 24) & 0xFF, 8);
+                    a <<= 8;
+                }
+            }
+        }
+        else
+        {
+            mz_uint i, z = 0;
+            TDEFL_PUT_BITS(0, 3);
+            if (d->m_bits_in)
+            {
+                TDEFL_PUT_BITS(0, 8 - d->m_bits_in);
+            }
+            for (i = 2; i; --i, z ^= 0xFFFF)
+            {
+                TDEFL_PUT_BITS(z & 0xFFFF, 16);
+            }
+        }
+    }
+
+    MZ_ASSERT(d->m_pOutput_buf < d->m_pOutput_buf_end);
+
+    memset(&d->m_huff_count[0][0], 0, sizeof(d->m_huff_count[0][0]) * TDEFL_MAX_HUFF_SYMBOLS_0);
+    memset(&d->m_huff_count[1][0], 0, sizeof(d->m_huff_count[1][0]) * TDEFL_MAX_HUFF_SYMBOLS_1);
+
+    d->m_pLZ_code_buf = d->m_lz_code_buf + 1;
+    d->m_pLZ_flags = d->m_lz_code_buf;
+    d->m_num_flags_left = 8;
+    d->m_lz_code_buf_dict_pos += d->m_total_lz_bytes;
+    d->m_total_lz_bytes = 0;
+    d->m_block_index++;
+
+    if ((n = (int)(d->m_pOutput_buf - pOutput_buf_start)) != 0)
+    {
+        if (d->m_pPut_buf_func)
+        {
+            *d->m_pIn_buf_size = d->m_pSrc - (const mz_uint8 *)d->m_pIn_buf;
+            if (!(*d->m_pPut_buf_func)(d->m_output_buf, n, d->m_pPut_buf_user))
+                return (d->m_prev_return_status = TDEFL_STATUS_PUT_BUF_FAILED);
+        }
+        else if (pOutput_buf_start == d->m_output_buf)
+        {
+            int bytes_to_copy = (int)MZ_MIN((size_t)n, (size_t)(*d->m_pOut_buf_size - d->m_out_buf_ofs));
+            memcpy((mz_uint8 *)d->m_pOut_buf + d->m_out_buf_ofs, d->m_output_buf, bytes_to_copy);
+            d->m_out_buf_ofs += bytes_to_copy;
+            if ((n -= bytes_to_copy) != 0)
+            {
+                d->m_output_flush_ofs = bytes_to_copy;
+                d->m_output_flush_remaining = n;
+            }
+        }
+        else
+        {
+            d->m_out_buf_ofs += n;
+        }
+    }
+
+    return d->m_output_flush_remaining;
+}
+
+#if MINIZ_USE_UNALIGNED_LOADS_AND_STORES
+#define TDEFL_READ_UNALIGNED_WORD(p) *(const mz_uint16 *)(p)
+static MZ_FORCEINLINE void tdefl_find_match(tdefl_compressor *d, mz_uint lookahead_pos, mz_uint max_dist, mz_uint max_match_len, mz_uint *pMatch_dist, mz_uint *pMatch_len)
+{
+    mz_uint dist, pos = lookahead_pos & TDEFL_LZ_DICT_SIZE_MASK, match_len = *pMatch_len, probe_pos = pos, next_probe_pos, probe_len;
+    mz_uint num_probes_left = d->m_max_probes[match_len >= 32];
+    const mz_uint16 *s = (const mz_uint16 *)(d->m_dict + pos), *p, *q;
+    mz_uint16 c01 = TDEFL_READ_UNALIGNED_WORD(&d->m_dict[pos + match_len - 1]), s01 = TDEFL_READ_UNALIGNED_WORD(s);
+    MZ_ASSERT(max_match_len <= TDEFL_MAX_MATCH_LEN);
+    if (max_match_len <= match_len)
+        return;
+    for (;;)
+    {
+        for (;;)
+        {
+            if (--num_probes_left == 0)
+                return;
+#define TDEFL_PROBE                                                                             \
+    next_probe_pos = d->m_next[probe_pos];                                                      \
+    if ((!next_probe_pos) || ((dist = (mz_uint16)(lookahead_pos - next_probe_pos)) > max_dist)) \
+        return;                                                                                 \
+    probe_pos = next_probe_pos & TDEFL_LZ_DICT_SIZE_MASK;                                       \
+    if (TDEFL_READ_UNALIGNED_WORD(&d->m_dict[probe_pos + match_len - 1]) == c01)                \
+        break;
+            TDEFL_PROBE;
+            TDEFL_PROBE;
+            TDEFL_PROBE;
+        }
+        if (!dist)
+            break;
+        q = (const mz_uint16 *)(d->m_dict + probe_pos);
+        if (TDEFL_READ_UNALIGNED_WORD(q) != s01)
+            continue;
+        p = s;
+        probe_len = 32;
+        do
+        {
+        } while ((TDEFL_READ_UNALIGNED_WORD(++p) == TDEFL_READ_UNALIGNED_WORD(++q)) && (TDEFL_READ_UNALIGNED_WORD(++p) == TDEFL_READ_UNALIGNED_WORD(++q)) &&
+                 (TDEFL_READ_UNALIGNED_WORD(++p) == TDEFL_READ_UNALIGNED_WORD(++q)) && (TDEFL_READ_UNALIGNED_WORD(++p) == TDEFL_READ_UNALIGNED_WORD(++q)) && (--probe_len > 0));
+        if (!probe_len)
+        {
+            *pMatch_dist = dist;
+            *pMatch_len = MZ_MIN(max_match_len, (mz_uint)TDEFL_MAX_MATCH_LEN);
+            break;
+        }
+        else if ((probe_len = ((mz_uint)(p - s) * 2) + (mz_uint)(*(const mz_uint8 *)p == *(const mz_uint8 *)q)) > match_len)
+        {
+            *pMatch_dist = dist;
+            if ((*pMatch_len = match_len = MZ_MIN(max_match_len, probe_len)) == max_match_len)
+                break;
+            c01 = TDEFL_READ_UNALIGNED_WORD(&d->m_dict[pos + match_len - 1]);
+        }
+    }
+}
+#else
+static MZ_FORCEINLINE void tdefl_find_match(tdefl_compressor *d, mz_uint lookahead_pos, mz_uint max_dist, mz_uint max_match_len, mz_uint *pMatch_dist, mz_uint *pMatch_len)
+{
+    mz_uint dist, pos = lookahead_pos & TDEFL_LZ_DICT_SIZE_MASK, match_len = *pMatch_len, probe_pos = pos, next_probe_pos, probe_len;
+    mz_uint num_probes_left = d->m_max_probes[match_len >= 32];
+    const mz_uint8 *s = d->m_dict + pos, *p, *q;
+    mz_uint8 c0 = d->m_dict[pos + match_len], c1 = d->m_dict[pos + match_len - 1];
+    MZ_ASSERT(max_match_len <= TDEFL_MAX_MATCH_LEN);
+    if (max_match_len <= match_len)
+        return;
+    for (;;)
+    {
+        for (;;)
+        {
+            if (--num_probes_left == 0)
+                return;
+#define TDEFL_PROBE                                                                               \
+    next_probe_pos = d->m_next[probe_pos];                                                        \
+    if ((!next_probe_pos) || ((dist = (mz_uint16)(lookahead_pos - next_probe_pos)) > max_dist))   \
+        return;                                                                                   \
+    probe_pos = next_probe_pos & TDEFL_LZ_DICT_SIZE_MASK;                                         \
+    if ((d->m_dict[probe_pos + match_len] == c0) && (d->m_dict[probe_pos + match_len - 1] == c1)) \
+        break;
+            TDEFL_PROBE;
+            TDEFL_PROBE;
+            TDEFL_PROBE;
+        }
+        if (!dist)
+            break;
+        p = s;
+        q = d->m_dict + probe_pos;
+        for (probe_len = 0; probe_len < max_match_len; probe_len++)
+            if (*p++ != *q++)
+                break;
+        if (probe_len > match_len)
+        {
+            *pMatch_dist = dist;
+            if ((*pMatch_len = match_len = probe_len) == max_match_len)
+                return;
+            c0 = d->m_dict[pos + match_len];
+            c1 = d->m_dict[pos + match_len - 1];
+        }
+    }
+}
+#endif /* #if MINIZ_USE_UNALIGNED_LOADS_AND_STORES */
+
+#if MINIZ_USE_UNALIGNED_LOADS_AND_STORES &&MINIZ_LITTLE_ENDIAN
+static mz_bool tdefl_compress_fast(tdefl_compressor *d)
+{
+    /* Faster, minimally featured LZRW1-style match+parse loop with better register utilization. Intended for applications where raw throughput is valued more highly than ratio. */
+    mz_uint lookahead_pos = d->m_lookahead_pos, lookahead_size = d->m_lookahead_size, dict_size = d->m_dict_size, total_lz_bytes = d->m_total_lz_bytes, num_flags_left = d->m_num_flags_left;
+    mz_uint8 *pLZ_code_buf = d->m_pLZ_code_buf, *pLZ_flags = d->m_pLZ_flags;
+    mz_uint cur_pos = lookahead_pos & TDEFL_LZ_DICT_SIZE_MASK;
+
+    while ((d->m_src_buf_left) || ((d->m_flush) && (lookahead_size)))
+    {
+        const mz_uint TDEFL_COMP_FAST_LOOKAHEAD_SIZE = 4096;
+        mz_uint dst_pos = (lookahead_pos + lookahead_size) & TDEFL_LZ_DICT_SIZE_MASK;
+        mz_uint num_bytes_to_process = (mz_uint)MZ_MIN(d->m_src_buf_left, TDEFL_COMP_FAST_LOOKAHEAD_SIZE - lookahead_size);
+        d->m_src_buf_left -= num_bytes_to_process;
+        lookahead_size += num_bytes_to_process;
+
+        while (num_bytes_to_process)
+        {
+            mz_uint32 n = MZ_MIN(TDEFL_LZ_DICT_SIZE - dst_pos, num_bytes_to_process);
+            memcpy(d->m_dict + dst_pos, d->m_pSrc, n);
+            if (dst_pos < (TDEFL_MAX_MATCH_LEN - 1))
+                memcpy(d->m_dict + TDEFL_LZ_DICT_SIZE + dst_pos, d->m_pSrc, MZ_MIN(n, (TDEFL_MAX_MATCH_LEN - 1) - dst_pos));
+            d->m_pSrc += n;
+            dst_pos = (dst_pos + n) & TDEFL_LZ_DICT_SIZE_MASK;
+            num_bytes_to_process -= n;
+        }
+
+        dict_size = MZ_MIN(TDEFL_LZ_DICT_SIZE - lookahead_size, dict_size);
+        if ((!d->m_flush) && (lookahead_size < TDEFL_COMP_FAST_LOOKAHEAD_SIZE))
+            break;
+
+        while (lookahead_size >= 4)
+        {
+            mz_uint cur_match_dist, cur_match_len = 1;
+            mz_uint8 *pCur_dict = d->m_dict + cur_pos;
+            mz_uint first_trigram = (*(const mz_uint32 *)pCur_dict) & 0xFFFFFF;
+            mz_uint hash = (first_trigram ^ (first_trigram >> (24 - (TDEFL_LZ_HASH_BITS - 8)))) & TDEFL_LEVEL1_HASH_SIZE_MASK;
+            mz_uint probe_pos = d->m_hash[hash];
+            d->m_hash[hash] = (mz_uint16)lookahead_pos;
+
+            if (((cur_match_dist = (mz_uint16)(lookahead_pos - probe_pos)) <= dict_size) && ((*(const mz_uint32 *)(d->m_dict + (probe_pos &= TDEFL_LZ_DICT_SIZE_MASK)) & 0xFFFFFF) == first_trigram))
+            {
+                const mz_uint16 *p = (const mz_uint16 *)pCur_dict;
+                const mz_uint16 *q = (const mz_uint16 *)(d->m_dict + probe_pos);
+                mz_uint32 probe_len = 32;
+                do
+                {
+                } while ((TDEFL_READ_UNALIGNED_WORD(++p) == TDEFL_READ_UNALIGNED_WORD(++q)) && (TDEFL_READ_UNALIGNED_WORD(++p) == TDEFL_READ_UNALIGNED_WORD(++q)) &&
+                         (TDEFL_READ_UNALIGNED_WORD(++p) == TDEFL_READ_UNALIGNED_WORD(++q)) && (TDEFL_READ_UNALIGNED_WORD(++p) == TDEFL_READ_UNALIGNED_WORD(++q)) && (--probe_len > 0));
+                cur_match_len = ((mz_uint)(p - (const mz_uint16 *)pCur_dict) * 2) + (mz_uint)(*(const mz_uint8 *)p == *(const mz_uint8 *)q);
+                if (!probe_len)
+                    cur_match_len = cur_match_dist ? TDEFL_MAX_MATCH_LEN : 0;
+
+                if ((cur_match_len < TDEFL_MIN_MATCH_LEN) || ((cur_match_len == TDEFL_MIN_MATCH_LEN) && (cur_match_dist >= 8U * 1024U)))
+                {
+                    cur_match_len = 1;
+                    *pLZ_code_buf++ = (mz_uint8)first_trigram;
+                    *pLZ_flags = (mz_uint8)(*pLZ_flags >> 1);
+                    d->m_huff_count[0][(mz_uint8)first_trigram]++;
+                }
+                else
+                {
+                    mz_uint32 s0, s1;
+                    cur_match_len = MZ_MIN(cur_match_len, lookahead_size);
+
+                    MZ_ASSERT((cur_match_len >= TDEFL_MIN_MATCH_LEN) && (cur_match_dist >= 1) && (cur_match_dist <= TDEFL_LZ_DICT_SIZE));
+
+                    cur_match_dist--;
+
+                    pLZ_code_buf[0] = (mz_uint8)(cur_match_len - TDEFL_MIN_MATCH_LEN);
+                    *(mz_uint16 *)(&pLZ_code_buf[1]) = (mz_uint16)cur_match_dist;
+                    pLZ_code_buf += 3;
+                    *pLZ_flags = (mz_uint8)((*pLZ_flags >> 1) | 0x80);
+
+                    s0 = s_tdefl_small_dist_sym[cur_match_dist & 511];
+                    s1 = s_tdefl_large_dist_sym[cur_match_dist >> 8];
+                    d->m_huff_count[1][(cur_match_dist < 512) ? s0 : s1]++;
+
+                    d->m_huff_count[0][s_tdefl_len_sym[cur_match_len - TDEFL_MIN_MATCH_LEN]]++;
+                }
+            }
+            else
+            {
+                *pLZ_code_buf++ = (mz_uint8)first_trigram;
+                *pLZ_flags = (mz_uint8)(*pLZ_flags >> 1);
+                d->m_huff_count[0][(mz_uint8)first_trigram]++;
+            }
+
+            if (--num_flags_left == 0)
+            {
+                num_flags_left = 8;
+                pLZ_flags = pLZ_code_buf++;
+            }
+
+            total_lz_bytes += cur_match_len;
+            lookahead_pos += cur_match_len;
+            dict_size = MZ_MIN(dict_size + cur_match_len, (mz_uint)TDEFL_LZ_DICT_SIZE);
+            cur_pos = (cur_pos + cur_match_len) & TDEFL_LZ_DICT_SIZE_MASK;
+            MZ_ASSERT(lookahead_size >= cur_match_len);
+            lookahead_size -= cur_match_len;
+
+            if (pLZ_code_buf > &d->m_lz_code_buf[TDEFL_LZ_CODE_BUF_SIZE - 8])
+            {
+                int n;
+                d->m_lookahead_pos = lookahead_pos;
+                d->m_lookahead_size = lookahead_size;
+                d->m_dict_size = dict_size;
+                d->m_total_lz_bytes = total_lz_bytes;
+                d->m_pLZ_code_buf = pLZ_code_buf;
+                d->m_pLZ_flags = pLZ_flags;
+                d->m_num_flags_left = num_flags_left;
+                if ((n = tdefl_flush_block(d, 0)) != 0)
+                    return (n < 0) ? MZ_FALSE : MZ_TRUE;
+                total_lz_bytes = d->m_total_lz_bytes;
+                pLZ_code_buf = d->m_pLZ_code_buf;
+                pLZ_flags = d->m_pLZ_flags;
+                num_flags_left = d->m_num_flags_left;
+            }
+        }
+
+        while (lookahead_size)
+        {
+            mz_uint8 lit = d->m_dict[cur_pos];
+
+            total_lz_bytes++;
+            *pLZ_code_buf++ = lit;
+            *pLZ_flags = (mz_uint8)(*pLZ_flags >> 1);
+            if (--num_flags_left == 0)
+            {
+                num_flags_left = 8;
+                pLZ_flags = pLZ_code_buf++;
+            }
+
+            d->m_huff_count[0][lit]++;
+
+            lookahead_pos++;
+            dict_size = MZ_MIN(dict_size + 1, (mz_uint)TDEFL_LZ_DICT_SIZE);
+            cur_pos = (cur_pos + 1) & TDEFL_LZ_DICT_SIZE_MASK;
+            lookahead_size--;
+
+            if (pLZ_code_buf > &d->m_lz_code_buf[TDEFL_LZ_CODE_BUF_SIZE - 8])
+            {
+                int n;
+                d->m_lookahead_pos = lookahead_pos;
+                d->m_lookahead_size = lookahead_size;
+                d->m_dict_size = dict_size;
+                d->m_total_lz_bytes = total_lz_bytes;
+                d->m_pLZ_code_buf = pLZ_code_buf;
+                d->m_pLZ_flags = pLZ_flags;
+                d->m_num_flags_left = num_flags_left;
+                if ((n = tdefl_flush_block(d, 0)) != 0)
+                    return (n < 0) ? MZ_FALSE : MZ_TRUE;
+                total_lz_bytes = d->m_total_lz_bytes;
+                pLZ_code_buf = d->m_pLZ_code_buf;
+                pLZ_flags = d->m_pLZ_flags;
+                num_flags_left = d->m_num_flags_left;
+            }
+        }
+    }
+
+    d->m_lookahead_pos = lookahead_pos;
+    d->m_lookahead_size = lookahead_size;
+    d->m_dict_size = dict_size;
+    d->m_total_lz_bytes = total_lz_bytes;
+    d->m_pLZ_code_buf = pLZ_code_buf;
+    d->m_pLZ_flags = pLZ_flags;
+    d->m_num_flags_left = num_flags_left;
+    return MZ_TRUE;
+}
+#endif /* MINIZ_USE_UNALIGNED_LOADS_AND_STORES && MINIZ_LITTLE_ENDIAN */
+
+static MZ_FORCEINLINE void tdefl_record_literal(tdefl_compressor *d, mz_uint8 lit)
+{
+    d->m_total_lz_bytes++;
+    *d->m_pLZ_code_buf++ = lit;
+    *d->m_pLZ_flags = (mz_uint8)(*d->m_pLZ_flags >> 1);
+    if (--d->m_num_flags_left == 0)
+    {
+        d->m_num_flags_left = 8;
+        d->m_pLZ_flags = d->m_pLZ_code_buf++;
+    }
+    d->m_huff_count[0][lit]++;
+}
+
+static MZ_FORCEINLINE void tdefl_record_match(tdefl_compressor *d, mz_uint match_len, mz_uint match_dist)
+{
+    mz_uint32 s0, s1;
+
+    MZ_ASSERT((match_len >= TDEFL_MIN_MATCH_LEN) && (match_dist >= 1) && (match_dist <= TDEFL_LZ_DICT_SIZE));
+
+    d->m_total_lz_bytes += match_len;
+
+    d->m_pLZ_code_buf[0] = (mz_uint8)(match_len - TDEFL_MIN_MATCH_LEN);
+
+    match_dist -= 1;
+    d->m_pLZ_code_buf[1] = (mz_uint8)(match_dist & 0xFF);
+    d->m_pLZ_code_buf[2] = (mz_uint8)(match_dist >> 8);
+    d->m_pLZ_code_buf += 3;
+
+    *d->m_pLZ_flags = (mz_uint8)((*d->m_pLZ_flags >> 1) | 0x80);
+    if (--d->m_num_flags_left == 0)
+    {
+        d->m_num_flags_left = 8;
+        d->m_pLZ_flags = d->m_pLZ_code_buf++;
+    }
+
+    s0 = s_tdefl_small_dist_sym[match_dist & 511];
+    s1 = s_tdefl_large_dist_sym[(match_dist >> 8) & 127];
+    d->m_huff_count[1][(match_dist < 512) ? s0 : s1]++;
+
+    if (match_len >= TDEFL_MIN_MATCH_LEN)
+        d->m_huff_count[0][s_tdefl_len_sym[match_len - TDEFL_MIN_MATCH_LEN]]++;
+}
+
+static mz_bool tdefl_compress_normal(tdefl_compressor *d)
+{
+    const mz_uint8 *pSrc = d->m_pSrc;
+    size_t src_buf_left = d->m_src_buf_left;
+    tdefl_flush flush = d->m_flush;
+
+    while ((src_buf_left) || ((flush) && (d->m_lookahead_size)))
+    {
+        mz_uint len_to_move, cur_match_dist, cur_match_len, cur_pos;
+        /* Update dictionary and hash chains. Keeps the lookahead size equal to TDEFL_MAX_MATCH_LEN. */
+        if ((d->m_lookahead_size + d->m_dict_size) >= (TDEFL_MIN_MATCH_LEN - 1))
+        {
+            mz_uint dst_pos = (d->m_lookahead_pos + d->m_lookahead_size) & TDEFL_LZ_DICT_SIZE_MASK, ins_pos = d->m_lookahead_pos + d->m_lookahead_size - 2;
+            mz_uint hash = (d->m_dict[ins_pos & TDEFL_LZ_DICT_SIZE_MASK] << TDEFL_LZ_HASH_SHIFT) ^ d->m_dict[(ins_pos + 1) & TDEFL_LZ_DICT_SIZE_MASK];
+            mz_uint num_bytes_to_process = (mz_uint)MZ_MIN(src_buf_left, TDEFL_MAX_MATCH_LEN - d->m_lookahead_size);
+            const mz_uint8 *pSrc_end = pSrc + num_bytes_to_process;
+            src_buf_left -= num_bytes_to_process;
+            d->m_lookahead_size += num_bytes_to_process;
+            while (pSrc != pSrc_end)
+            {
+                mz_uint8 c = *pSrc++;
+                d->m_dict[dst_pos] = c;
+                if (dst_pos < (TDEFL_MAX_MATCH_LEN - 1))
+                    d->m_dict[TDEFL_LZ_DICT_SIZE + dst_pos] = c;
+                hash = ((hash << TDEFL_LZ_HASH_SHIFT) ^ c) & (TDEFL_LZ_HASH_SIZE - 1);
+                d->m_next[ins_pos & TDEFL_LZ_DICT_SIZE_MASK] = d->m_hash[hash];
+                d->m_hash[hash] = (mz_uint16)(ins_pos);
+                dst_pos = (dst_pos + 1) & TDEFL_LZ_DICT_SIZE_MASK;
+                ins_pos++;
+            }
+        }
+        else
+        {
+            while ((src_buf_left) && (d->m_lookahead_size < TDEFL_MAX_MATCH_LEN))
+            {
+                mz_uint8 c = *pSrc++;
+                mz_uint dst_pos = (d->m_lookahead_pos + d->m_lookahead_size) & TDEFL_LZ_DICT_SIZE_MASK;
+                src_buf_left--;
+                d->m_dict[dst_pos] = c;
+                if (dst_pos < (TDEFL_MAX_MATCH_LEN - 1))
+                    d->m_dict[TDEFL_LZ_DICT_SIZE + dst_pos] = c;
+                if ((++d->m_lookahead_size + d->m_dict_size) >= TDEFL_MIN_MATCH_LEN)
+                {
+                    mz_uint ins_pos = d->m_lookahead_pos + (d->m_lookahead_size - 1) - 2;
+                    mz_uint hash = ((d->m_dict[ins_pos & TDEFL_LZ_DICT_SIZE_MASK] << (TDEFL_LZ_HASH_SHIFT * 2)) ^ (d->m_dict[(ins_pos + 1) & TDEFL_LZ_DICT_SIZE_MASK] << TDEFL_LZ_HASH_SHIFT) ^ c) & (TDEFL_LZ_HASH_SIZE - 1);
+                    d->m_next[ins_pos & TDEFL_LZ_DICT_SIZE_MASK] = d->m_hash[hash];
+                    d->m_hash[hash] = (mz_uint16)(ins_pos);
+                }
+            }
+        }
+        d->m_dict_size = MZ_MIN(TDEFL_LZ_DICT_SIZE - d->m_lookahead_size, d->m_dict_size);
+        if ((!flush) && (d->m_lookahead_size < TDEFL_MAX_MATCH_LEN))
+            break;
+
+        /* Simple lazy/greedy parsing state machine. */
+        len_to_move = 1;
+        cur_match_dist = 0;
+        cur_match_len = d->m_saved_match_len ? d->m_saved_match_len : (TDEFL_MIN_MATCH_LEN - 1);
+        cur_pos = d->m_lookahead_pos & TDEFL_LZ_DICT_SIZE_MASK;
+        if (d->m_flags & (TDEFL_RLE_MATCHES | TDEFL_FORCE_ALL_RAW_BLOCKS))
+        {
+            if ((d->m_dict_size) && (!(d->m_flags & TDEFL_FORCE_ALL_RAW_BLOCKS)))
+            {
+                mz_uint8 c = d->m_dict[(cur_pos - 1) & TDEFL_LZ_DICT_SIZE_MASK];
+                cur_match_len = 0;
+                while (cur_match_len < d->m_lookahead_size)
+                {
+                    if (d->m_dict[cur_pos + cur_match_len] != c)
+                        break;
+                    cur_match_len++;
+                }
+                if (cur_match_len < TDEFL_MIN_MATCH_LEN)
+                    cur_match_len = 0;
+                else
+                    cur_match_dist = 1;
+            }
+        }
+        else
+        {
+            tdefl_find_match(d, d->m_lookahead_pos, d->m_dict_size, d->m_lookahead_size, &cur_match_dist, &cur_match_len);
+        }
+        if (((cur_match_len == TDEFL_MIN_MATCH_LEN) && (cur_match_dist >= 8U * 1024U)) || (cur_pos == cur_match_dist) || ((d->m_flags & TDEFL_FILTER_MATCHES) && (cur_match_len <= 5)))
+        {
+            cur_match_dist = cur_match_len = 0;
+        }
+        if (d->m_saved_match_len)
+        {
+            if (cur_match_len > d->m_saved_match_len)
+            {
+                tdefl_record_literal(d, (mz_uint8)d->m_saved_lit);
+                if (cur_match_len >= 128)
+                {
+                    tdefl_record_match(d, cur_match_len, cur_match_dist);
+                    d->m_saved_match_len = 0;
+                    len_to_move = cur_match_len;
+                }
+                else
+                {
+                    d->m_saved_lit = d->m_dict[cur_pos];
+                    d->m_saved_match_dist = cur_match_dist;
+                    d->m_saved_match_len = cur_match_len;
+                }
+            }
+            else
+            {
+                tdefl_record_match(d, d->m_saved_match_len, d->m_saved_match_dist);
+                len_to_move = d->m_saved_match_len - 1;
+                d->m_saved_match_len = 0;
+            }
+        }
+        else if (!cur_match_dist)
+            tdefl_record_literal(d, d->m_dict[MZ_MIN(cur_pos, sizeof(d->m_dict) - 1)]);
+        else if ((d->m_greedy_parsing) || (d->m_flags & TDEFL_RLE_MATCHES) || (cur_match_len >= 128))
+        {
+            tdefl_record_match(d, cur_match_len, cur_match_dist);
+            len_to_move = cur_match_len;
+        }
+        else
+        {
+            d->m_saved_lit = d->m_dict[MZ_MIN(cur_pos, sizeof(d->m_dict) - 1)];
+            d->m_saved_match_dist = cur_match_dist;
+            d->m_saved_match_len = cur_match_len;
+        }
+        /* Move the lookahead forward by len_to_move bytes. */
+        d->m_lookahead_pos += len_to_move;
+        MZ_ASSERT(d->m_lookahead_size >= len_to_move);
+        d->m_lookahead_size -= len_to_move;
+        d->m_dict_size = MZ_MIN(d->m_dict_size + len_to_move, (mz_uint)TDEFL_LZ_DICT_SIZE);
+        /* Check if it's time to flush the current LZ codes to the internal output buffer. */
+        if ((d->m_pLZ_code_buf > &d->m_lz_code_buf[TDEFL_LZ_CODE_BUF_SIZE - 8]) ||
+            ((d->m_total_lz_bytes > 31 * 1024) && (((((mz_uint)(d->m_pLZ_code_buf - d->m_lz_code_buf) * 115) >> 7) >= d->m_total_lz_bytes) || (d->m_flags & TDEFL_FORCE_ALL_RAW_BLOCKS))))
+        {
+            int n;
+            d->m_pSrc = pSrc;
+            d->m_src_buf_left = src_buf_left;
+            if ((n = tdefl_flush_block(d, 0)) != 0)
+                return (n < 0) ? MZ_FALSE : MZ_TRUE;
+        }
+    }
+
+    d->m_pSrc = pSrc;
+    d->m_src_buf_left = src_buf_left;
+    return MZ_TRUE;
+}
+
+static tdefl_status tdefl_flush_output_buffer(tdefl_compressor *d)
+{
+    if (d->m_pIn_buf_size)
+    {
+        *d->m_pIn_buf_size = d->m_pSrc - (const mz_uint8 *)d->m_pIn_buf;
+    }
+
+    if (d->m_pOut_buf_size)
+    {
+        size_t n = MZ_MIN(*d->m_pOut_buf_size - d->m_out_buf_ofs, d->m_output_flush_remaining);
+        memcpy((mz_uint8 *)d->m_pOut_buf + d->m_out_buf_ofs, d->m_output_buf + d->m_output_flush_ofs, n);
+        d->m_output_flush_ofs += (mz_uint)n;
+        d->m_output_flush_remaining -= (mz_uint)n;
+        d->m_out_buf_ofs += n;
+
+        *d->m_pOut_buf_size = d->m_out_buf_ofs;
+    }
+
+    return (d->m_finished && !d->m_output_flush_remaining) ? TDEFL_STATUS_DONE : TDEFL_STATUS_OKAY;
+}
+
+tdefl_status tdefl_compress(tdefl_compressor *d, const void *pIn_buf, size_t *pIn_buf_size, void *pOut_buf, size_t *pOut_buf_size, tdefl_flush flush)
+{
+    if (!d)
+    {
+        if (pIn_buf_size)
+            *pIn_buf_size = 0;
+        if (pOut_buf_size)
+            *pOut_buf_size = 0;
+        return TDEFL_STATUS_BAD_PARAM;
+    }
+
+    d->m_pIn_buf = pIn_buf;
+    d->m_pIn_buf_size = pIn_buf_size;
+    d->m_pOut_buf = pOut_buf;
+    d->m_pOut_buf_size = pOut_buf_size;
+    d->m_pSrc = (const mz_uint8 *)(pIn_buf);
+    d->m_src_buf_left = pIn_buf_size ? *pIn_buf_size : 0;
+    d->m_out_buf_ofs = 0;
+    d->m_flush = flush;
+
+    if (((d->m_pPut_buf_func != NULL) == ((pOut_buf != NULL) || (pOut_buf_size != NULL))) || (d->m_prev_return_status != TDEFL_STATUS_OKAY) ||
+        (d->m_wants_to_finish && (flush != TDEFL_FINISH)) || (pIn_buf_size && *pIn_buf_size && !pIn_buf) || (pOut_buf_size && *pOut_buf_size && !pOut_buf))
+    {
+        if (pIn_buf_size)
+            *pIn_buf_size = 0;
+        if (pOut_buf_size)
+            *pOut_buf_size = 0;
+        return (d->m_prev_return_status = TDEFL_STATUS_BAD_PARAM);
+    }
+    d->m_wants_to_finish |= (flush == TDEFL_FINISH);
+
+    if ((d->m_output_flush_remaining) || (d->m_finished))
+        return (d->m_prev_return_status = tdefl_flush_output_buffer(d));
+
+#if MINIZ_USE_UNALIGNED_LOADS_AND_STORES &&MINIZ_LITTLE_ENDIAN
+    if (((d->m_flags & TDEFL_MAX_PROBES_MASK) == 1) &&
+        ((d->m_flags & TDEFL_GREEDY_PARSING_FLAG) != 0) &&
+        ((d->m_flags & (TDEFL_FILTER_MATCHES | TDEFL_FORCE_ALL_RAW_BLOCKS | TDEFL_RLE_MATCHES)) == 0))
+    {
+        if (!tdefl_compress_fast(d))
+            return d->m_prev_return_status;
+    }
+    else
+#endif /* #if MINIZ_USE_UNALIGNED_LOADS_AND_STORES && MINIZ_LITTLE_ENDIAN */
+    {
+        if (!tdefl_compress_normal(d))
+            return d->m_prev_return_status;
+    }
+
+    if ((d->m_flags & (TDEFL_WRITE_ZLIB_HEADER | TDEFL_COMPUTE_ADLER32)) && (pIn_buf))
+        d->m_adler32 = (mz_uint32)mz_adler32(d->m_adler32, (const mz_uint8 *)pIn_buf, d->m_pSrc - (const mz_uint8 *)pIn_buf);
+
+    if ((flush) && (!d->m_lookahead_size) && (!d->m_src_buf_left) && (!d->m_output_flush_remaining))
+    {
+        if (tdefl_flush_block(d, flush) < 0)
+            return d->m_prev_return_status;
+        d->m_finished = (flush == TDEFL_FINISH);
+        if (flush == TDEFL_FULL_FLUSH)
+        {
+            MZ_CLEAR_OBJ(d->m_hash);
+            MZ_CLEAR_OBJ(d->m_next);
+            d->m_dict_size = 0;
+        }
+    }
+
+    return (d->m_prev_return_status = tdefl_flush_output_buffer(d));
+}
+
+tdefl_status tdefl_compress_buffer(tdefl_compressor *d, const void *pIn_buf, size_t in_buf_size, tdefl_flush flush)
+{
+    MZ_ASSERT(d->m_pPut_buf_func);
+    return tdefl_compress(d, pIn_buf, &in_buf_size, NULL, NULL, flush);
+}
+
+tdefl_status tdefl_init(tdefl_compressor *d, tdefl_put_buf_func_ptr pPut_buf_func, void *pPut_buf_user, int flags)
+{
+    d->m_pPut_buf_func = pPut_buf_func;
+    d->m_pPut_buf_user = pPut_buf_user;
+    d->m_flags = (mz_uint)(flags);
+    d->m_max_probes[0] = 1 + ((flags & 0xFFF) + 2) / 3;
+    d->m_greedy_parsing = (flags & TDEFL_GREEDY_PARSING_FLAG) != 0;
+    d->m_max_probes[1] = 1 + (((flags & 0xFFF) >> 2) + 2) / 3;
+    if (!(flags & TDEFL_NONDETERMINISTIC_PARSING_FLAG))
+        MZ_CLEAR_OBJ(d->m_hash);
+    d->m_lookahead_pos = d->m_lookahead_size = d->m_dict_size = d->m_total_lz_bytes = d->m_lz_code_buf_dict_pos = d->m_bits_in = 0;
+    d->m_output_flush_ofs = d->m_output_flush_remaining = d->m_finished = d->m_block_index = d->m_bit_buffer = d->m_wants_to_finish = 0;
+    d->m_pLZ_code_buf = d->m_lz_code_buf + 1;
+    d->m_pLZ_flags = d->m_lz_code_buf;
+    d->m_num_flags_left = 8;
+    d->m_pOutput_buf = d->m_output_buf;
+    d->m_pOutput_buf_end = d->m_output_buf;
+    d->m_prev_return_status = TDEFL_STATUS_OKAY;
+    d->m_saved_match_dist = d->m_saved_match_len = d->m_saved_lit = 0;
+    d->m_adler32 = 1;
+    d->m_pIn_buf = NULL;
+    d->m_pOut_buf = NULL;
+    d->m_pIn_buf_size = NULL;
+    d->m_pOut_buf_size = NULL;
+    d->m_flush = TDEFL_NO_FLUSH;
+    d->m_pSrc = NULL;
+    d->m_src_buf_left = 0;
+    d->m_out_buf_ofs = 0;
+    memset(&d->m_huff_count[0][0], 0, sizeof(d->m_huff_count[0][0]) * TDEFL_MAX_HUFF_SYMBOLS_0);
+    memset(&d->m_huff_count[1][0], 0, sizeof(d->m_huff_count[1][0]) * TDEFL_MAX_HUFF_SYMBOLS_1);
+    return TDEFL_STATUS_OKAY;
+}
+
+tdefl_status tdefl_get_prev_return_status(tdefl_compressor *d)
+{
+    return d->m_prev_return_status;
+}
+
+mz_uint32 tdefl_get_adler32(tdefl_compressor *d)
+{
+    return d->m_adler32;
+}
+
+mz_bool tdefl_compress_mem_to_output(const void *pBuf, size_t buf_len, tdefl_put_buf_func_ptr pPut_buf_func, void *pPut_buf_user, int flags)
+{
+    tdefl_compressor *pComp;
+    mz_bool succeeded;
+    if (((buf_len) && (!pBuf)) || (!pPut_buf_func))
+        return MZ_FALSE;
+    pComp = (tdefl_compressor *)MZ_MALLOC(sizeof(tdefl_compressor));
+    if (!pComp)
+        return MZ_FALSE;
+    succeeded = (tdefl_init(pComp, pPut_buf_func, pPut_buf_user, flags) == TDEFL_STATUS_OKAY);
+    succeeded = succeeded && (tdefl_compress_buffer(pComp, pBuf, buf_len, TDEFL_FINISH) == TDEFL_STATUS_DONE);
+    MZ_FREE(pComp);
+    return succeeded;
+}
+
+typedef struct
+{
+    size_t m_size, m_capacity;
+    mz_uint8 *m_pBuf;
+    mz_bool m_expandable;
+} tdefl_output_buffer;
+
+static mz_bool tdefl_output_buffer_putter(const void *pBuf, int len, void *pUser)
+{
+    tdefl_output_buffer *p = (tdefl_output_buffer *)pUser;
+    size_t new_size = p->m_size + len;
+    if (new_size > p->m_capacity)
+    {
+        size_t new_capacity = p->m_capacity;
+        mz_uint8 *pNew_buf;
+        if (!p->m_expandable)
+            return MZ_FALSE;
+        do
+        {
+            new_capacity = MZ_MAX(128U, new_capacity << 1U);
+        } while (new_size > new_capacity);
+        pNew_buf = (mz_uint8 *)MZ_REALLOC(p->m_pBuf, new_capacity);
+        if (!pNew_buf)
+            return MZ_FALSE;
+        p->m_pBuf = pNew_buf;
+        p->m_capacity = new_capacity;
+    }
+    memcpy((mz_uint8 *)p->m_pBuf + p->m_size, pBuf, len);
+    p->m_size = new_size;
+    return MZ_TRUE;
+}
+
+void *tdefl_compress_mem_to_heap(const void *pSrc_buf, size_t src_buf_len, size_t *pOut_len, int flags)
+{
+    tdefl_output_buffer out_buf;
+    MZ_CLEAR_OBJ(out_buf);
+    if (!pOut_len)
+        return nullptr;
+    else
+        *pOut_len = 0;
+    out_buf.m_expandable = MZ_TRUE;
+    if (!tdefl_compress_mem_to_output(pSrc_buf, src_buf_len, tdefl_output_buffer_putter, &out_buf, flags))
+        return NULL;
+    *pOut_len = out_buf.m_size;
+    return out_buf.m_pBuf;
+}
+
+size_t tdefl_compress_mem_to_mem(void *pOut_buf, size_t out_buf_len, const void *pSrc_buf, size_t src_buf_len, int flags)
+{
+    tdefl_output_buffer out_buf;
+    MZ_CLEAR_OBJ(out_buf);
+    if (!pOut_buf)
+        return 0;
+    out_buf.m_pBuf = (mz_uint8 *)pOut_buf;
+    out_buf.m_capacity = out_buf_len;
+    if (!tdefl_compress_mem_to_output(pSrc_buf, src_buf_len, tdefl_output_buffer_putter, &out_buf, flags))
+        return 0;
+    return out_buf.m_size;
+}
+
+#ifndef MINIZ_NO_ZLIB_APIS
+static const mz_uint s_tdefl_num_probes[11] = { 0, 1, 6, 32, 16, 32, 128, 256, 512, 768, 1500 };
+
+/* level may actually range from [0,10] (10 is a "hidden" max level, where we want a bit more compression and it's fine if throughput to fall off a cliff on some files). */
+mz_uint tdefl_create_comp_flags_from_zip_params(int level, int window_bits, int strategy)
+{
+    mz_uint comp_flags = s_tdefl_num_probes[(level >= 0) ? MZ_MIN(10, level) : MZ_DEFAULT_LEVEL] | ((level <= 3) ? TDEFL_GREEDY_PARSING_FLAG : 0);
+    if (window_bits > 0)
+        comp_flags |= TDEFL_WRITE_ZLIB_HEADER;
+
+    if (!level)
+        comp_flags |= TDEFL_FORCE_ALL_RAW_BLOCKS;
+    else if (strategy == MZ_FILTERED)
+        comp_flags |= TDEFL_FILTER_MATCHES;
+    else if (strategy == MZ_HUFFMAN_ONLY)
+        comp_flags &= ~TDEFL_MAX_PROBES_MASK;
+    else if (strategy == MZ_FIXED)
+        comp_flags |= TDEFL_FORCE_ALL_STATIC_BLOCKS;
+    else if (strategy == MZ_RLE)
+        comp_flags |= TDEFL_RLE_MATCHES;
+
+    return comp_flags;
+}
+#endif /*MINIZ_NO_ZLIB_APIS */
+
+#ifdef _MSC_VER
+#pragma warning(push)
+#pragma warning(disable : 4204) /* nonstandard extension used : non-constant aggregate initializer (also supported by GNU C and C99, so no big deal) */
+#endif
+
+/* Simple PNG writer function by Alex Evans, 2011. Released into the public domain: https://gist.github.com/908299, more context at
+ http://altdevblogaday.org/2011/04/06/a-smaller-jpg-encoder/.
+ This is actually a modification of Alex's original code so PNG files generated by this function pass pngcheck. */
+void *tdefl_write_image_to_png_file_in_memory_ex(const void *pImage, int w, int h, int num_chans, size_t *pLen_out, mz_uint level, mz_bool flip)
+{
+    /* Using a local copy of this array here in case MINIZ_NO_ZLIB_APIS was defined. */
+    static const mz_uint s_tdefl_png_num_probes[11] = { 0, 1, 6, 32, 16, 32, 128, 256, 512, 768, 1500 };
+    tdefl_compressor *pComp = (tdefl_compressor *)MZ_MALLOC(sizeof(tdefl_compressor));
+    tdefl_output_buffer out_buf;
+    int i, bpl = w * num_chans, y, z;
+    mz_uint32 c;
+    *pLen_out = 0;
+    if (!pComp)
+        return NULL;
+    MZ_CLEAR_OBJ(out_buf);
+    out_buf.m_expandable = MZ_TRUE;
+    out_buf.m_capacity = 57 + MZ_MAX(64, (1 + bpl) * h);
+    if (NULL == (out_buf.m_pBuf = (mz_uint8 *)MZ_MALLOC(out_buf.m_capacity)))
+    {
+        MZ_FREE(pComp);
+        return NULL;
+    }
+    /* write dummy header */
+    for (z = 41; z; --z)
+        tdefl_output_buffer_putter(&z, 1, &out_buf);
+    /* compress image data */
+    tdefl_init(pComp, tdefl_output_buffer_putter, &out_buf, s_tdefl_png_num_probes[MZ_MIN(10, level)] | TDEFL_WRITE_ZLIB_HEADER);
+    for (y = 0; y < h; ++y)
+    {
+        tdefl_compress_buffer(pComp, &z, 1, TDEFL_NO_FLUSH);
+        tdefl_compress_buffer(pComp, (mz_uint8 *)pImage + (flip ? (h - 1 - y) : y) * bpl, bpl, TDEFL_NO_FLUSH);
+    }
+    if (tdefl_compress_buffer(pComp, NULL, 0, TDEFL_FINISH) != TDEFL_STATUS_DONE)
+    {
+        MZ_FREE(pComp);
+        MZ_FREE(out_buf.m_pBuf);
+        return NULL;
+    }
+    /* write real header */
+    *pLen_out = out_buf.m_size - 41;
+    {
+        static const mz_uint8 chans[] = { 0x00, 0x00, 0x04, 0x02, 0x06 };
+        mz_uint8 pnghdr[41] = { 0x89, 0x50, 0x4e, 0x47, 0x0d, 0x0a, 0x1a, 0x0a, 0x00, 0x00, 0x00, 0x0d, 0x49, 0x48, 0x44, 0x52,
+                                0, 0, (mz_uint8)(w >> 8), (mz_uint8)w, 0, 0, (mz_uint8)(h >> 8), (mz_uint8)h, 8, chans[num_chans], 0, 0, 0, 0, 0, 0, 0,
+                                (mz_uint8)(*pLen_out >> 24), (mz_uint8)(*pLen_out >> 16), (mz_uint8)(*pLen_out >> 8), (mz_uint8) * pLen_out, 0x49, 0x44, 0x41, 0x54 };
+        c = (mz_uint32)mz_crc32(MZ_CRC32_INIT, pnghdr + 12, 17);
+        for (i = 0; i < 4; ++i, c <<= 8)
+            ((mz_uint8 *)(pnghdr + 29))[i] = (mz_uint8)(c >> 24);
+        memcpy(out_buf.m_pBuf, pnghdr, 41);
+    }
+    /* write footer (IDAT CRC-32, followed by IEND chunk) */
+    if (!tdefl_output_buffer_putter("\0\0\0\0\0\0\0\0\x49\x45\x4e\x44\xae\x42\x60\x82", 16, &out_buf))
+    {
+        *pLen_out = 0;
+        MZ_FREE(pComp);
+        MZ_FREE(out_buf.m_pBuf);
+        return NULL;
+    }
+    c = (mz_uint32)mz_crc32(MZ_CRC32_INIT, out_buf.m_pBuf + 41 - 4, *pLen_out + 4);
+    for (i = 0; i < 4; ++i, c <<= 8)
+        (out_buf.m_pBuf + out_buf.m_size - 16)[i] = (mz_uint8)(c >> 24);
+    /* compute final size of file, grab compressed data buffer and return */
+    *pLen_out += 57;
+    MZ_FREE(pComp);
+    return out_buf.m_pBuf;
+}
+void *tdefl_write_image_to_png_file_in_memory(const void *pImage, int w, int h, int num_chans, size_t *pLen_out)
+{
+    /* Level 6 corresponds to TDEFL_DEFAULT_MAX_PROBES or MZ_DEFAULT_LEVEL (but we can't depend on MZ_DEFAULT_LEVEL being available in case the zlib API's where #defined out) */
+    return tdefl_write_image_to_png_file_in_memory_ex(pImage, w, h, num_chans, pLen_out, 6, MZ_FALSE);
+}
+
+/* Allocate the tdefl_compressor and tinfl_decompressor structures in C so that */
+/* non-C language bindings to tdefL_ and tinfl_ API don't need to worry about */
+/* structure size and allocation mechanism. */
+tdefl_compressor *tdefl_compressor_alloc()
+{
+    return (tdefl_compressor *)MZ_MALLOC(sizeof(tdefl_compressor));
+}
+
+void tdefl_compressor_free(tdefl_compressor *pComp)
+{
+    MZ_FREE(pComp);
+}
+
+#ifdef _MSC_VER
+#pragma warning(pop)
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+/**************************************************************************
+ *
+ * Copyright 2013-2014 RAD Game Tools and Valve Software
+ * Copyright 2010-2014 Rich Geldreich and Tenacious Software LLC
+ * All Rights Reserved.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ *
+ **************************************************************************/
+
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* ------------------- Low-level Decompression (completely independent from all compression API's) */
+
+#define TINFL_MEMCPY(d, s, l) memcpy(d, s, l)
+#define TINFL_MEMSET(p, c, l) memset(p, c, l)
+
+#define TINFL_CR_BEGIN  \
+    switch (r->m_state) \
+    {                   \
+        case 0:
+#define TINFL_CR_RETURN(state_index, result) \
+    do                                       \
+    {                                        \
+        status = result;                     \
+        r->m_state = state_index;            \
+        goto common_exit;                    \
+        case state_index:                    \
+            ;                                \
+    }                                        \
+    MZ_MACRO_END
+#define TINFL_CR_RETURN_FOREVER(state_index, result) \
+    do                                               \
+    {                                                \
+        for (;;)                                     \
+        {                                            \
+            TINFL_CR_RETURN(state_index, result);    \
+        }                                            \
+    }                                                \
+    MZ_MACRO_END
+#define TINFL_CR_FINISH }
+
+#define TINFL_GET_BYTE(state_index, c)                                                                                                                          \
+    do                                                                                                                                                          \
+    {                                                                                                                                                           \
+        while (pIn_buf_cur >= pIn_buf_end)                                                                                                                      \
+        {                                                                                                                                                       \
+            TINFL_CR_RETURN(state_index, (decomp_flags &TINFL_FLAG_HAS_MORE_INPUT) ? TINFL_STATUS_NEEDS_MORE_INPUT : TINFL_STATUS_FAILED_CANNOT_MAKE_PROGRESS); \
+        }                                                                                                                                                       \
+        c = *pIn_buf_cur++;                                                                                                                                     \
+    }                                                                                                                                                           \
+    MZ_MACRO_END
+
+#define TINFL_NEED_BITS(state_index, n)                \
+    do                                                 \
+    {                                                  \
+        mz_uint c;                                     \
+        TINFL_GET_BYTE(state_index, c);                \
+        bit_buf |= (((tinfl_bit_buf_t)c) << num_bits); \
+        num_bits += 8;                                 \
+    } while (num_bits < (mz_uint)(n))
+#define TINFL_SKIP_BITS(state_index, n)      \
+    do                                       \
+    {                                        \
+        if (num_bits < (mz_uint)(n))         \
+        {                                    \
+            TINFL_NEED_BITS(state_index, n); \
+        }                                    \
+        bit_buf >>= (n);                     \
+        num_bits -= (n);                     \
+    }                                        \
+    MZ_MACRO_END
+#define TINFL_GET_BITS(state_index, b, n)    \
+    do                                       \
+    {                                        \
+        if (num_bits < (mz_uint)(n))         \
+        {                                    \
+            TINFL_NEED_BITS(state_index, n); \
+        }                                    \
+        b = bit_buf & ((1 << (n)) - 1);      \
+        bit_buf >>= (n);                     \
+        num_bits -= (n);                     \
+    }                                        \
+    MZ_MACRO_END
+
+/* TINFL_HUFF_BITBUF_FILL() is only used rarely, when the number of bytes remaining in the input buffer falls below 2. */
+/* It reads just enough bytes from the input stream that are needed to decode the next Huffman code (and absolutely no more). It works by trying to fully decode a */
+/* Huffman code by using whatever bits are currently present in the bit buffer. If this fails, it reads another byte, and tries again until it succeeds or until the */
+/* bit buffer contains >=15 bits (deflate's max. Huffman code size). */
+#define TINFL_HUFF_BITBUF_FILL(state_index, pHuff)                             \
+    do                                                                         \
+    {                                                                          \
+        temp = (pHuff)->m_look_up[bit_buf & (TINFL_FAST_LOOKUP_SIZE - 1)];     \
+        if (temp >= 0)                                                         \
+        {                                                                      \
+            code_len = temp >> 9;                                              \
+            if ((code_len) && (num_bits >= code_len))                          \
+                break;                                                         \
+        }                                                                      \
+        else if (num_bits > TINFL_FAST_LOOKUP_BITS)                            \
+        {                                                                      \
+            code_len = TINFL_FAST_LOOKUP_BITS;                                 \
+            do                                                                 \
+            {                                                                  \
+                temp = (pHuff)->m_tree[~temp + ((bit_buf >> code_len++) & 1)]; \
+            } while ((temp < 0) && (num_bits >= (code_len + 1)));              \
+            if (temp >= 0)                                                     \
+                break;                                                         \
+        }                                                                      \
+        TINFL_GET_BYTE(state_index, c);                                        \
+        bit_buf |= (((tinfl_bit_buf_t)c) << num_bits);                         \
+        num_bits += 8;                                                         \
+    } while (num_bits < 15);
+
+/* TINFL_HUFF_DECODE() decodes the next Huffman coded symbol. It's more complex than you would initially expect because the zlib API expects the decompressor to never read */
+/* beyond the final byte of the deflate stream. (In other words, when this macro wants to read another byte from the input, it REALLY needs another byte in order to fully */
+/* decode the next Huffman code.) Handling this properly is particularly important on raw deflate (non-zlib) streams, which aren't followed by a byte aligned adler-32. */
+/* The slow path is only executed at the very end of the input buffer. */
+/* v1.16: The original macro handled the case at the very end of the passed-in input buffer, but we also need to handle the case where the user passes in 1+zillion bytes */
+/* following the deflate data and our non-conservative read-ahead path won't kick in here on this code. This is much trickier. */
+#define TINFL_HUFF_DECODE(state_index, sym, pHuff)                                                                                  \
+    do                                                                                                                              \
+    {                                                                                                                               \
+        int temp;                                                                                                                   \
+        mz_uint code_len, c;                                                                                                        \
+        if (num_bits < 15)                                                                                                          \
+        {                                                                                                                           \
+            if ((pIn_buf_end - pIn_buf_cur) < 2)                                                                                    \
+            {                                                                                                                       \
+                TINFL_HUFF_BITBUF_FILL(state_index, pHuff);                                                                         \
+            }                                                                                                                       \
+            else                                                                                                                    \
+            {                                                                                                                       \
+                bit_buf |= (((tinfl_bit_buf_t)pIn_buf_cur[0]) << num_bits) | (((tinfl_bit_buf_t)pIn_buf_cur[1]) << (num_bits + 8)); \
+                pIn_buf_cur += 2;                                                                                                   \
+                num_bits += 16;                                                                                                     \
+            }                                                                                                                       \
+        }                                                                                                                           \
+        if ((temp = (pHuff)->m_look_up[bit_buf & (TINFL_FAST_LOOKUP_SIZE - 1)]) >= 0)                                               \
+            code_len = temp >> 9, temp &= 511;                                                                                      \
+        else                                                                                                                        \
+        {                                                                                                                           \
+            code_len = TINFL_FAST_LOOKUP_BITS;                                                                                      \
+            do                                                                                                                      \
+            {                                                                                                                       \
+                temp = (pHuff)->m_tree[~temp + ((bit_buf >> code_len++) & 1)];                                                      \
+            } while (temp < 0);                                                                                                     \
+        }                                                                                                                           \
+        sym = temp;                                                                                                                 \
+        bit_buf >>= code_len;                                                                                                       \
+        num_bits -= code_len;                                                                                                       \
+    }                                                                                                                               \
+    MZ_MACRO_END
+
+tinfl_status tinfl_decompress(tinfl_decompressor *r, const mz_uint8 *pIn_buf_next, size_t *pIn_buf_size, mz_uint8 *pOut_buf_start, mz_uint8 *pOut_buf_next, size_t *pOut_buf_size, const mz_uint32 decomp_flags)
+{
+    static const int s_length_base[31] = { 3, 4, 5, 6, 7, 8, 9, 10, 11, 13, 15, 17, 19, 23, 27, 31, 35, 43, 51, 59, 67, 83, 99, 115, 131, 163, 195, 227, 258, 0, 0 };
+    static const int s_length_extra[31] = { 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 2, 2, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 5, 5, 5, 5, 0, 0, 0 };
+    static const int s_dist_base[32] = { 1, 2, 3, 4, 5, 7, 9, 13, 17, 25, 33, 49, 65, 97, 129, 193, 257, 385, 513, 769, 1025, 1537, 2049, 3073, 4097, 6145, 8193, 12289, 16385, 24577, 0, 0 };
+    static const int s_dist_extra[32] = { 0, 0, 0, 0, 1, 1, 2, 2, 3, 3, 4, 4, 5, 5, 6, 6, 7, 7, 8, 8, 9, 9, 10, 10, 11, 11, 12, 12, 13, 13 };
+    static const mz_uint8 s_length_dezigzag[19] = { 16, 17, 18, 0, 8, 7, 9, 6, 10, 5, 11, 4, 12, 3, 13, 2, 14, 1, 15 };
+    static const int s_min_table_sizes[3] = { 257, 1, 4 };
+
+    tinfl_status status = TINFL_STATUS_FAILED;
+    mz_uint32 num_bits, dist, counter, num_extra;
+    tinfl_bit_buf_t bit_buf;
+    const mz_uint8 *pIn_buf_cur = pIn_buf_next, *const pIn_buf_end = pIn_buf_next + *pIn_buf_size;
+    mz_uint8 *pOut_buf_cur = pOut_buf_next, *const pOut_buf_end = pOut_buf_next + *pOut_buf_size;
+    size_t out_buf_size_mask = (decomp_flags & TINFL_FLAG_USING_NON_WRAPPING_OUTPUT_BUF) ? (size_t) - 1 : ((pOut_buf_next - pOut_buf_start) + *pOut_buf_size) - 1, dist_from_out_buf_start;
+
+    /* Ensure the output buffer's size is a power of 2, unless the output buffer is large enough to hold the entire output file (in which case it doesn't matter). */
+    if (((out_buf_size_mask + 1) & out_buf_size_mask) || (pOut_buf_next < pOut_buf_start))
+    {
+        *pIn_buf_size = *pOut_buf_size = 0;
+        return TINFL_STATUS_BAD_PARAM;
+    }
+
+    num_bits = r->m_num_bits;
+    bit_buf = r->m_bit_buf;
+    dist = r->m_dist;
+    counter = r->m_counter;
+    num_extra = r->m_num_extra;
+    dist_from_out_buf_start = r->m_dist_from_out_buf_start;
+    TINFL_CR_BEGIN
+
+    bit_buf = num_bits = dist = counter = num_extra = r->m_zhdr0 = r->m_zhdr1 = 0;
+    r->m_z_adler32 = r->m_check_adler32 = 1;
+    if (decomp_flags & TINFL_FLAG_PARSE_ZLIB_HEADER)
+    {
+        TINFL_GET_BYTE(1, r->m_zhdr0);
+        TINFL_GET_BYTE(2, r->m_zhdr1);
+        counter = (((r->m_zhdr0 * 256 + r->m_zhdr1) % 31 != 0) || (r->m_zhdr1 & 32) || ((r->m_zhdr0 & 15) != 8));
+        if (!(decomp_flags & TINFL_FLAG_USING_NON_WRAPPING_OUTPUT_BUF))
+            counter |= (((1U << (8U + (r->m_zhdr0 >> 4))) > 32768U) || ((out_buf_size_mask + 1) < (size_t)(1U << (8U + (r->m_zhdr0 >> 4)))));
+        if (counter)
+        {
+            TINFL_CR_RETURN_FOREVER(36, TINFL_STATUS_FAILED);
+        }
+    }
+
+    do
+    {
+        TINFL_GET_BITS(3, r->m_final, 3);
+        r->m_type = r->m_final >> 1;
+        if (r->m_type == 0)
+        {
+            TINFL_SKIP_BITS(5, num_bits & 7);
+            for (counter = 0; counter < 4; ++counter)
+            {
+                if (num_bits)
+                    TINFL_GET_BITS(6, r->m_raw_header[counter], 8);
+                else
+                    TINFL_GET_BYTE(7, r->m_raw_header[counter]);
+            }
+            if ((counter = (r->m_raw_header[0] | (r->m_raw_header[1] << 8))) != (mz_uint)(0xFFFF ^ (r->m_raw_header[2] | (r->m_raw_header[3] << 8))))
+            {
+                TINFL_CR_RETURN_FOREVER(39, TINFL_STATUS_FAILED);
+            }
+            while ((counter) && (num_bits))
+            {
+                TINFL_GET_BITS(51, dist, 8);
+                while (pOut_buf_cur >= pOut_buf_end)
+                {
+                    TINFL_CR_RETURN(52, TINFL_STATUS_HAS_MORE_OUTPUT);
+                }
+                *pOut_buf_cur++ = (mz_uint8)dist;
+                counter--;
+            }
+            while (counter)
+            {
+                size_t n;
+                while (pOut_buf_cur >= pOut_buf_end)
+                {
+                    TINFL_CR_RETURN(9, TINFL_STATUS_HAS_MORE_OUTPUT);
+                }
+                while (pIn_buf_cur >= pIn_buf_end)
+                {
+                    TINFL_CR_RETURN(38, (decomp_flags & TINFL_FLAG_HAS_MORE_INPUT) ? TINFL_STATUS_NEEDS_MORE_INPUT : TINFL_STATUS_FAILED_CANNOT_MAKE_PROGRESS);
+                }
+                n = MZ_MIN(MZ_MIN((size_t)(pOut_buf_end - pOut_buf_cur), (size_t)(pIn_buf_end - pIn_buf_cur)), counter);
+                TINFL_MEMCPY(pOut_buf_cur, pIn_buf_cur, n);
+                pIn_buf_cur += n;
+                pOut_buf_cur += n;
+                counter -= (mz_uint)n;
+            }
+        }
+        else if (r->m_type == 3)
+        {
+            TINFL_CR_RETURN_FOREVER(10, TINFL_STATUS_FAILED);
+        }
+        else
+        {
+            if (r->m_type == 1)
+            {
+                mz_uint8 *p = r->m_tables[0].m_code_size;
+                mz_uint i;
+                r->m_table_sizes[0] = 288;
+                r->m_table_sizes[1] = 32;
+                TINFL_MEMSET(r->m_tables[1].m_code_size, 5, 32);
+                for (i = 0; i <= 143; ++i)
+                    *p++ = 8;
+                for (; i <= 255; ++i)
+                    *p++ = 9;
+                for (; i <= 279; ++i)
+                    *p++ = 7;
+                for (; i <= 287; ++i)
+                    *p++ = 8;
+            }
+            else
+            {
+                for (counter = 0; counter < 3; counter++)
+                {
+                    TINFL_GET_BITS(11, r->m_table_sizes[counter], "\05\05\04"[counter]);
+                    r->m_table_sizes[counter] += s_min_table_sizes[counter];
+                }
+                MZ_CLEAR_OBJ(r->m_tables[2].m_code_size);
+                for (counter = 0; counter < r->m_table_sizes[2]; counter++)
+                {
+                    mz_uint s;
+                    TINFL_GET_BITS(14, s, 3);
+                    r->m_tables[2].m_code_size[s_length_dezigzag[counter]] = (mz_uint8)s;
+                }
+                r->m_table_sizes[2] = 19;
+            }
+            for (; (int)r->m_type >= 0; r->m_type--)
+            {
+                int tree_next, tree_cur;
+                tinfl_huff_table *pTable;
+                mz_uint i, j, used_syms, total, sym_index, next_code[17], total_syms[16];
+                pTable = &r->m_tables[r->m_type];
+                MZ_CLEAR_OBJ(total_syms);
+                MZ_CLEAR_OBJ(pTable->m_look_up);
+                MZ_CLEAR_OBJ(pTable->m_tree);
+                for (i = 0; i < r->m_table_sizes[r->m_type]; ++i)
+                    total_syms[pTable->m_code_size[i]]++;
+                used_syms = 0, total = 0;
+                next_code[0] = next_code[1] = 0;
+                for (i = 1; i <= 15; ++i)
+                {
+                    used_syms += total_syms[i];
+                    next_code[i + 1] = (total = ((total + total_syms[i]) << 1));
+                }
+                if ((65536 != total) && (used_syms > 1))
+                {
+                    TINFL_CR_RETURN_FOREVER(35, TINFL_STATUS_FAILED);
+                }
+                for (tree_next = -1, sym_index = 0; sym_index < r->m_table_sizes[r->m_type]; ++sym_index)
+                {
+                    mz_uint rev_code = 0, l, cur_code, code_size = pTable->m_code_size[sym_index];
+                    if (!code_size)
+                        continue;
+                    cur_code = next_code[code_size]++;
+                    for (l = code_size; l > 0; l--, cur_code >>= 1)
+                        rev_code = (rev_code << 1) | (cur_code & 1);
+                    if (code_size <= TINFL_FAST_LOOKUP_BITS)
+                    {
+                        mz_int16 k = (mz_int16)((code_size << 9) | sym_index);
+                        while (rev_code < TINFL_FAST_LOOKUP_SIZE)
+                        {
+                            pTable->m_look_up[rev_code] = k;
+                            rev_code += (1 << code_size);
+                        }
+                        continue;
+                    }
+                    if (0 == (tree_cur = pTable->m_look_up[rev_code & (TINFL_FAST_LOOKUP_SIZE - 1)]))
+                    {
+                        pTable->m_look_up[rev_code & (TINFL_FAST_LOOKUP_SIZE - 1)] = (mz_int16)tree_next;
+                        tree_cur = tree_next;
+                        tree_next -= 2;
+                    }
+                    rev_code >>= (TINFL_FAST_LOOKUP_BITS - 1);
+                    for (j = code_size; j > (TINFL_FAST_LOOKUP_BITS + 1); j--)
+                    {
+                        tree_cur -= ((rev_code >>= 1) & 1);
+                        if (!pTable->m_tree[-tree_cur - 1])
+                        {
+                            pTable->m_tree[-tree_cur - 1] = (mz_int16)tree_next;
+                            tree_cur = tree_next;
+                            tree_next -= 2;
+                        }
+                        else
+                            tree_cur = pTable->m_tree[-tree_cur - 1];
+                    }
+                    tree_cur -= ((rev_code >>= 1) & 1);
+                    pTable->m_tree[-tree_cur - 1] = (mz_int16)sym_index;
+                }
+                if (r->m_type == 2)
+                {
+                    for (counter = 0; counter < (r->m_table_sizes[0] + r->m_table_sizes[1]);)
+                    {
+                        mz_uint s;
+                        TINFL_HUFF_DECODE(16, dist, &r->m_tables[2]);
+                        if (dist < 16)
+                        {
+                            r->m_len_codes[counter++] = (mz_uint8)dist;
+                            continue;
+                        }
+                        if ((dist == 16) && (!counter))
+                        {
+                            TINFL_CR_RETURN_FOREVER(17, TINFL_STATUS_FAILED);
+                        }
+                        num_extra = "\02\03\07"[dist - 16];
+                        TINFL_GET_BITS(18, s, num_extra);
+                        s += "\03\03\013"[dist - 16];
+                        TINFL_MEMSET(r->m_len_codes + counter, (dist == 16) ? r->m_len_codes[counter - 1] : 0, s);
+                        counter += s;
+                    }
+                    if ((r->m_table_sizes[0] + r->m_table_sizes[1]) != counter)
+                    {
+                        TINFL_CR_RETURN_FOREVER(21, TINFL_STATUS_FAILED);
+                    }
+                    TINFL_MEMCPY(r->m_tables[0].m_code_size, r->m_len_codes, r->m_table_sizes[0]);
+                    TINFL_MEMCPY(r->m_tables[1].m_code_size, r->m_len_codes + r->m_table_sizes[0], r->m_table_sizes[1]);
+                }
+            }
+            for (;;)
+            {
+                mz_uint8 *pSrc;
+                for (;;)
+                {
+                    if (((pIn_buf_end - pIn_buf_cur) < 4) || ((pOut_buf_end - pOut_buf_cur) < 2))
+                    {
+                        TINFL_HUFF_DECODE(23, counter, &r->m_tables[0]);
+                        if (counter >= 256)
+                            break;
+                        while (pOut_buf_cur >= pOut_buf_end)
+                        {
+                            TINFL_CR_RETURN(24, TINFL_STATUS_HAS_MORE_OUTPUT);
+                        }
+                        *pOut_buf_cur++ = (mz_uint8)counter;
+                    }
+                    else
+                    {
+                        int sym2;
+                        mz_uint code_len;
+#if TINFL_USE_64BIT_BITBUF
+                        if (num_bits < 30)
+                        {
+                            bit_buf |= (((tinfl_bit_buf_t)MZ_READ_LE32(pIn_buf_cur)) << num_bits);
+                            pIn_buf_cur += 4;
+                            num_bits += 32;
+                        }
+#else
+                        if (num_bits < 15)
+                        {
+                            bit_buf |= (((tinfl_bit_buf_t)MZ_READ_LE16(pIn_buf_cur)) << num_bits);
+                            pIn_buf_cur += 2;
+                            num_bits += 16;
+                        }
+#endif
+                        if ((sym2 = r->m_tables[0].m_look_up[bit_buf & (TINFL_FAST_LOOKUP_SIZE - 1)]) >= 0)
+                            code_len = sym2 >> 9;
+                        else
+                        {
+                            code_len = TINFL_FAST_LOOKUP_BITS;
+                            do
+                            {
+                                sym2 = r->m_tables[0].m_tree[~sym2 + ((bit_buf >> code_len++) & 1)];
+                            } while (sym2 < 0);
+                        }
+                        counter = sym2;
+                        bit_buf >>= code_len;
+                        num_bits -= code_len;
+                        if (counter & 256)
+                            break;
+
+#if !TINFL_USE_64BIT_BITBUF
+                        if (num_bits < 15)
+                        {
+                            bit_buf |= (((tinfl_bit_buf_t)MZ_READ_LE16(pIn_buf_cur)) << num_bits);
+                            pIn_buf_cur += 2;
+                            num_bits += 16;
+                        }
+#endif
+                        if ((sym2 = r->m_tables[0].m_look_up[bit_buf & (TINFL_FAST_LOOKUP_SIZE - 1)]) >= 0)
+                            code_len = sym2 >> 9;
+                        else
+                        {
+                            code_len = TINFL_FAST_LOOKUP_BITS;
+                            do
+                            {
+                                sym2 = r->m_tables[0].m_tree[~sym2 + ((bit_buf >> code_len++) & 1)];
+                            } while (sym2 < 0);
+                        }
+                        bit_buf >>= code_len;
+                        num_bits -= code_len;
+
+                        pOut_buf_cur[0] = (mz_uint8)counter;
+                        if (sym2 & 256)
+                        {
+                            pOut_buf_cur++;
+                            counter = sym2;
+                            break;
+                        }
+                        pOut_buf_cur[1] = (mz_uint8)sym2;
+                        pOut_buf_cur += 2;
+                    }
+                }
+                if ((counter &= 511) == 256)
+                    break;
+
+                num_extra = s_length_extra[counter - 257];
+                counter = s_length_base[counter - 257];
+                if (num_extra)
+                {
+                    mz_uint extra_bits;
+                    TINFL_GET_BITS(25, extra_bits, num_extra);
+                    counter += extra_bits;
+                }
+
+                TINFL_HUFF_DECODE(26, dist, &r->m_tables[1]);
+                num_extra = s_dist_extra[dist];
+                dist = s_dist_base[dist];
+                if (num_extra)
+                {
+                    mz_uint extra_bits;
+                    TINFL_GET_BITS(27, extra_bits, num_extra);
+                    dist += extra_bits;
+                }
+
+                dist_from_out_buf_start = pOut_buf_cur - pOut_buf_start;
+                if ((dist > dist_from_out_buf_start) && (decomp_flags & TINFL_FLAG_USING_NON_WRAPPING_OUTPUT_BUF))
+                {
+                    TINFL_CR_RETURN_FOREVER(37, TINFL_STATUS_FAILED);
+                }
+
+                pSrc = pOut_buf_start + ((dist_from_out_buf_start - dist) & out_buf_size_mask);
+
+                if ((MZ_MAX(pOut_buf_cur, pSrc) + counter) > pOut_buf_end)
+                {
+                    while (counter--)
+                    {
+                        while (pOut_buf_cur >= pOut_buf_end)
+                        {
+                            TINFL_CR_RETURN(53, TINFL_STATUS_HAS_MORE_OUTPUT);
+                        }
+                        *pOut_buf_cur++ = pOut_buf_start[(dist_from_out_buf_start++ - dist) & out_buf_size_mask];
+                    }
+                    continue;
+                }
+#if MINIZ_USE_UNALIGNED_LOADS_AND_STORES
+                else if ((counter >= 9) && (counter <= dist))
+                {
+                    const mz_uint8 *pSrc_end = pSrc + (counter & ~7);
+                    do
+                    {
+                        ((mz_uint32 *)pOut_buf_cur)[0] = ((const mz_uint32 *)pSrc)[0];
+                        ((mz_uint32 *)pOut_buf_cur)[1] = ((const mz_uint32 *)pSrc)[1];
+                        pOut_buf_cur += 8;
+                    } while ((pSrc += 8) < pSrc_end);
+                    if ((counter &= 7) < 3)
+                    {
+                        if (counter)
+                        {
+                            pOut_buf_cur[0] = pSrc[0];
+                            if (counter > 1)
+                                pOut_buf_cur[1] = pSrc[1];
+                            pOut_buf_cur += counter;
+                        }
+                        continue;
+                    }
+                }
+#endif
+                do
+                {
+                    pOut_buf_cur[0] = pSrc[0];
+                    pOut_buf_cur[1] = pSrc[1];
+                    pOut_buf_cur[2] = pSrc[2];
+                    pOut_buf_cur += 3;
+                    pSrc += 3;
+                } while ((int)(counter -= 3) > 2);
+                if ((int)counter > 0)
+                {
+                    pOut_buf_cur[0] = pSrc[0];
+                    if ((int)counter > 1)
+                        pOut_buf_cur[1] = pSrc[1];
+                    pOut_buf_cur += counter;
+                }
+            }
+        }
+    } while (!(r->m_final & 1));
+
+    /* Ensure byte alignment and put back any bytes from the bitbuf if we've looked ahead too far on gzip, or other Deflate streams followed by arbitrary data. */
+    /* I'm being super conservative here. A number of simplifications can be made to the byte alignment part, and the Adler32 check shouldn't ever need to worry about reading from the bitbuf now. */
+    TINFL_SKIP_BITS(32, num_bits & 7);
+    while ((pIn_buf_cur > pIn_buf_next) && (num_bits >= 8))
+    {
+        --pIn_buf_cur;
+        num_bits -= 8;
+    }
+    bit_buf &= (tinfl_bit_buf_t)((1ULL << num_bits) - 1ULL);
+    MZ_ASSERT(!num_bits); /* if this assert fires then we've read beyond the end of non-deflate/zlib streams with following data (such as gzip streams). */
+
+    if (decomp_flags & TINFL_FLAG_PARSE_ZLIB_HEADER)
+    {
+        for (counter = 0; counter < 4; ++counter)
+        {
+            mz_uint s;
+            if (num_bits)
+                TINFL_GET_BITS(41, s, 8);
+            else
+                TINFL_GET_BYTE(42, s);
+            r->m_z_adler32 = (r->m_z_adler32 << 8) | s;
+        }
+    }
+    TINFL_CR_RETURN_FOREVER(34, TINFL_STATUS_DONE);
+
+    TINFL_CR_FINISH
+
+common_exit:
+    /* As long as we aren't telling the caller that we NEED more input to make forward progress: */
+    /* Put back any bytes from the bitbuf in case we've looked ahead too far on gzip, or other Deflate streams followed by arbitrary data. */
+    /* We need to be very careful here to NOT push back any bytes we definitely know we need to make forward progress, though, or we'll lock the caller up into an inf loop. */
+    if ((status != TINFL_STATUS_NEEDS_MORE_INPUT) && (status != TINFL_STATUS_FAILED_CANNOT_MAKE_PROGRESS))
+    {
+        while ((pIn_buf_cur > pIn_buf_next) && (num_bits >= 8))
+        {
+            --pIn_buf_cur;
+            num_bits -= 8;
+        }
+    }
+    r->m_num_bits = num_bits;
+    r->m_bit_buf = bit_buf & (tinfl_bit_buf_t)((1ULL << num_bits) - 1ULL);
+    r->m_dist = dist;
+    r->m_counter = counter;
+    r->m_num_extra = num_extra;
+    r->m_dist_from_out_buf_start = dist_from_out_buf_start;
+    *pIn_buf_size = pIn_buf_cur - pIn_buf_next;
+    *pOut_buf_size = pOut_buf_cur - pOut_buf_next;
+    if ((decomp_flags & (TINFL_FLAG_PARSE_ZLIB_HEADER | TINFL_FLAG_COMPUTE_ADLER32)) && (status >= 0))
+    {
+        const mz_uint8 *ptr = pOut_buf_next;
+        size_t buf_len = *pOut_buf_size;
+        mz_uint32 i, s1 = r->m_check_adler32 & 0xffff, s2 = r->m_check_adler32 >> 16;
+        size_t block_len = buf_len % 5552;
+        while (buf_len)
+        {
+            for (i = 0; i + 7 < block_len; i += 8, ptr += 8)
+            {
+                s1 += ptr[0], s2 += s1;
+                s1 += ptr[1], s2 += s1;
+                s1 += ptr[2], s2 += s1;
+                s1 += ptr[3], s2 += s1;
+                s1 += ptr[4], s2 += s1;
+                s1 += ptr[5], s2 += s1;
+                s1 += ptr[6], s2 += s1;
+                s1 += ptr[7], s2 += s1;
+            }
+            for (; i < block_len; ++i)
+                s1 += *ptr++, s2 += s1;
+            s1 %= 65521U, s2 %= 65521U;
+            buf_len -= block_len;
+            block_len = 5552;
+        }
+        r->m_check_adler32 = (s2 << 16) + s1;
+        if ((status == TINFL_STATUS_DONE) && (decomp_flags & TINFL_FLAG_PARSE_ZLIB_HEADER) && (r->m_check_adler32 != r->m_z_adler32))
+            status = TINFL_STATUS_ADLER32_MISMATCH;
+    }
+    return status;
+}
+
+/* Higher level helper functions. */
+void *tinfl_decompress_mem_to_heap(const void *pSrc_buf, size_t src_buf_len, size_t *pOut_len, int flags)
+{
+    tinfl_decompressor decomp;
+    void *pBuf = NULL, *pNew_buf;
+    size_t src_buf_ofs = 0, out_buf_capacity = 0;
+    *pOut_len = 0;
+    tinfl_init(&decomp);
+    for (;;)
+    {
+        size_t src_buf_size = src_buf_len - src_buf_ofs, dst_buf_size = out_buf_capacity - *pOut_len, new_out_buf_capacity;
+        tinfl_status status = tinfl_decompress(&decomp, (const mz_uint8 *)pSrc_buf + src_buf_ofs, &src_buf_size, (mz_uint8 *)pBuf, pBuf ? (mz_uint8 *)pBuf + *pOut_len : NULL, &dst_buf_size,
+                                               (flags & ~TINFL_FLAG_HAS_MORE_INPUT) | TINFL_FLAG_USING_NON_WRAPPING_OUTPUT_BUF);
+        if ((status < 0) || (status == TINFL_STATUS_NEEDS_MORE_INPUT))
+        {
+            MZ_FREE(pBuf);
+            *pOut_len = 0;
+            return NULL;
+        }
+        src_buf_ofs += src_buf_size;
+        *pOut_len += dst_buf_size;
+        if (status == TINFL_STATUS_DONE)
+            break;
+        new_out_buf_capacity = out_buf_capacity * 2;
+        if (new_out_buf_capacity < 128)
+            new_out_buf_capacity = 128;
+        pNew_buf = MZ_REALLOC(pBuf, new_out_buf_capacity);
+        if (!pNew_buf)
+        {
+            MZ_FREE(pBuf);
+            *pOut_len = 0;
+            return NULL;
+        }
+        pBuf = pNew_buf;
+        out_buf_capacity = new_out_buf_capacity;
+    }
+    return pBuf;
+}
+
+size_t tinfl_decompress_mem_to_mem(void *pOut_buf, size_t out_buf_len, const void *pSrc_buf, size_t src_buf_len, int flags)
+{
+    tinfl_decompressor decomp;
+    tinfl_status status;
+    tinfl_init(&decomp);
+    status = tinfl_decompress(&decomp, (const mz_uint8 *)pSrc_buf, &src_buf_len, (mz_uint8 *)pOut_buf, (mz_uint8 *)pOut_buf, &out_buf_len, (flags & ~TINFL_FLAG_HAS_MORE_INPUT) | TINFL_FLAG_USING_NON_WRAPPING_OUTPUT_BUF);
+    return (status != TINFL_STATUS_DONE) ? TINFL_DECOMPRESS_MEM_TO_MEM_FAILED : out_buf_len;
+}
+
+int tinfl_decompress_mem_to_callback(const void *pIn_buf, size_t *pIn_buf_size, tinfl_put_buf_func_ptr pPut_buf_func, void *pPut_buf_user, int flags)
+{
+    int result = 0;
+    tinfl_decompressor decomp;
+    mz_uint8 *pDict = (mz_uint8 *)MZ_MALLOC(TINFL_LZ_DICT_SIZE);
+    size_t in_buf_ofs = 0, dict_ofs = 0;
+    if (!pDict)
+        return TINFL_STATUS_FAILED;
+    tinfl_init(&decomp);
+    for (;;)
+    {
+        size_t in_buf_size = *pIn_buf_size - in_buf_ofs, dst_buf_size = TINFL_LZ_DICT_SIZE - dict_ofs;
+        tinfl_status status = tinfl_decompress(&decomp, (const mz_uint8 *)pIn_buf + in_buf_ofs, &in_buf_size, pDict, pDict + dict_ofs, &dst_buf_size,
+                                               (flags & ~(TINFL_FLAG_HAS_MORE_INPUT | TINFL_FLAG_USING_NON_WRAPPING_OUTPUT_BUF)));
+        in_buf_ofs += in_buf_size;
+        if ((dst_buf_size) && (!(*pPut_buf_func)(pDict + dict_ofs, (int)dst_buf_size, pPut_buf_user)))
+            break;
+        if (status != TINFL_STATUS_HAS_MORE_OUTPUT)
+        {
+            result = (status == TINFL_STATUS_DONE);
+            break;
+        }
+        dict_ofs = (dict_ofs + dst_buf_size) & (TINFL_LZ_DICT_SIZE - 1);
+    }
+    MZ_FREE(pDict);
+    *pIn_buf_size = in_buf_ofs;
+    return result;
+}
+
+tinfl_decompressor *tinfl_decompressor_alloc()
+{
+    tinfl_decompressor *pDecomp = (tinfl_decompressor *)MZ_MALLOC(sizeof(tinfl_decompressor));
+    if (pDecomp)
+        tinfl_init(pDecomp);
+    return pDecomp;
+}
+
+void tinfl_decompressor_free(tinfl_decompressor *pDecomp)
+{
+    MZ_FREE(pDecomp);
+}
+
+#ifdef __cplusplus
+}
+#endif
+/**************************************************************************
+ *
+ * Copyright 2013-2014 RAD Game Tools and Valve Software
+ * Copyright 2010-2014 Rich Geldreich and Tenacious Software LLC
+ * Copyright 2016 Martin Raiber
+ * All Rights Reserved.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ *
+ **************************************************************************/
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* ------------------- .ZIP archive reading */
+
+#ifdef MINIZ_NO_STDIO
+#define MZ_FILE void *
+#else
+#include <sys/stat.h>
+
+#if defined(_MSC_VER) || defined(__MINGW64__)
+static FILE *mz_fopen(const char *pFilename, const char *pMode)
+{
+    FILE *pFile = NULL;
+    fopen_s(&pFile, pFilename, pMode);
+    return pFile;
+}
+static FILE *mz_freopen(const char *pPath, const char *pMode, FILE *pStream)
+{
+    FILE *pFile = NULL;
+    if (freopen_s(&pFile, pPath, pMode, pStream))
+        return NULL;
+    return pFile;
+}
+#ifndef MINIZ_NO_TIME
+#include <sys/utime.h>
+#endif
+#define MZ_FOPEN mz_fopen
+#define MZ_FCLOSE fclose
+#define MZ_FREAD fread
+#define MZ_FWRITE fwrite
+#define MZ_FTELL64 _ftelli64
+#define MZ_FSEEK64 _fseeki64
+#define MZ_FILE_STAT_STRUCT _stat
+#define MZ_FILE_STAT _stat
+#define MZ_FFLUSH fflush
+#define MZ_FREOPEN mz_freopen
+#define MZ_DELETE_FILE remove
+#elif defined(__MINGW32__)
+#ifndef MINIZ_NO_TIME
+#include <sys/utime.h>
+#endif
+#define MZ_FOPEN(f, m) fopen(f, m)
+#define MZ_FCLOSE fclose
+#define MZ_FREAD fread
+#define MZ_FWRITE fwrite
+#define MZ_FTELL64 ftello64
+#define MZ_FSEEK64 fseeko64
+#define MZ_FILE_STAT_STRUCT _stat
+#define MZ_FILE_STAT _stat
+#define MZ_FFLUSH fflush
+#define MZ_FREOPEN(f, m, s) freopen(f, m, s)
+#define MZ_DELETE_FILE remove
+#elif defined(__TINYC__)
+#ifndef MINIZ_NO_TIME
+#include <sys/utime.h>
+#endif
+#define MZ_FOPEN(f, m) fopen(f, m)
+#define MZ_FCLOSE fclose
+#define MZ_FREAD fread
+#define MZ_FWRITE fwrite
+#define MZ_FTELL64 ftell
+#define MZ_FSEEK64 fseek
+#define MZ_FILE_STAT_STRUCT stat
+#define MZ_FILE_STAT stat
+#define MZ_FFLUSH fflush
+#define MZ_FREOPEN(f, m, s) freopen(f, m, s)
+#define MZ_DELETE_FILE remove
+#elif defined(__GNUC__) && _LARGEFILE64_SOURCE
+#ifndef MINIZ_NO_TIME
+#include <utime.h>
+#endif
+#define MZ_FOPEN(f, m) fopen64(f, m)
+#define MZ_FCLOSE fclose
+#define MZ_FREAD fread
+#define MZ_FWRITE fwrite
+#define MZ_FTELL64 ftello64
+#define MZ_FSEEK64 fseeko64
+#define MZ_FILE_STAT_STRUCT stat64
+#define MZ_FILE_STAT stat64
+#define MZ_FFLUSH fflush
+#define MZ_FREOPEN(p, m, s) freopen64(p, m, s)
+#define MZ_DELETE_FILE remove
+#elif defined(__APPLE__) && _LARGEFILE64_SOURCE
+#ifndef MINIZ_NO_TIME
+#include <utime.h>
+#endif
+#define MZ_FOPEN(f, m) fopen(f, m)
+#define MZ_FCLOSE fclose
+#define MZ_FREAD fread
+#define MZ_FWRITE fwrite
+#define MZ_FTELL64 ftello
+#define MZ_FSEEK64 fseeko
+#define MZ_FILE_STAT_STRUCT stat
+#define MZ_FILE_STAT stat
+#define MZ_FFLUSH fflush
+#define MZ_FREOPEN(p, m, s) freopen(p, m, s)
+#define MZ_DELETE_FILE remove
+
+#else
+#pragma message("Using fopen, ftello, fseeko, stat() etc. path for file I/O - this path may not support large files.")
+#ifndef MINIZ_NO_TIME
+#include <utime.h>
+#endif
+#define MZ_FOPEN(f, m) fopen(f, m)
+#define MZ_FCLOSE fclose
+#define MZ_FREAD fread
+#define MZ_FWRITE fwrite
+#define MZ_FTELL64 ftello
+#define MZ_FSEEK64 fseeko
+#define MZ_FILE_STAT_STRUCT stat
+#define MZ_FILE_STAT stat
+#define MZ_FFLUSH fflush
+#define MZ_FREOPEN(f, m, s) freopen(f, m, s)
+#define MZ_DELETE_FILE remove
+#endif /* #ifdef _MSC_VER */
+#endif /* #ifdef MINIZ_NO_STDIO */
+
+#define MZ_TOLOWER(c) ((((c) >= 'A') && ((c) <= 'Z')) ? ((c) - 'A' + 'a') : (c))
+
+/* Various ZIP archive enums. To completely avoid cross platform compiler alignment and platform endian issues, miniz.c doesn't use structs for any of this stuff. */
+enum
+{
+    /* ZIP archive identifiers and record sizes */
+    MZ_ZIP_END_OF_CENTRAL_DIR_HEADER_SIG = 0x06054b50,
+    MZ_ZIP_CENTRAL_DIR_HEADER_SIG = 0x02014b50,
+    MZ_ZIP_LOCAL_DIR_HEADER_SIG = 0x04034b50,
+    MZ_ZIP_LOCAL_DIR_HEADER_SIZE = 30,
+    MZ_ZIP_CENTRAL_DIR_HEADER_SIZE = 46,
+    MZ_ZIP_END_OF_CENTRAL_DIR_HEADER_SIZE = 22,
+
+    /* ZIP64 archive identifier and record sizes */
+    MZ_ZIP64_END_OF_CENTRAL_DIR_HEADER_SIG = 0x06064b50,
+    MZ_ZIP64_END_OF_CENTRAL_DIR_LOCATOR_SIG = 0x07064b50,
+    MZ_ZIP64_END_OF_CENTRAL_DIR_HEADER_SIZE = 56,
+    MZ_ZIP64_END_OF_CENTRAL_DIR_LOCATOR_SIZE = 20,
+    MZ_ZIP64_EXTENDED_INFORMATION_FIELD_HEADER_ID = 0x0001,
+    MZ_ZIP_DATA_DESCRIPTOR_ID = 0x08074b50,
+    MZ_ZIP_DATA_DESCRIPTER_SIZE64 = 24,
+    MZ_ZIP_DATA_DESCRIPTER_SIZE32 = 16,
+
+    /* Central directory header record offsets */
+    MZ_ZIP_CDH_SIG_OFS = 0,
+    MZ_ZIP_CDH_VERSION_MADE_BY_OFS = 4,
+    MZ_ZIP_CDH_VERSION_NEEDED_OFS = 6,
+    MZ_ZIP_CDH_BIT_FLAG_OFS = 8,
+    MZ_ZIP_CDH_METHOD_OFS = 10,
+    MZ_ZIP_CDH_FILE_TIME_OFS = 12,
+    MZ_ZIP_CDH_FILE_DATE_OFS = 14,
+    MZ_ZIP_CDH_CRC32_OFS = 16,
+    MZ_ZIP_CDH_COMPRESSED_SIZE_OFS = 20,
+    MZ_ZIP_CDH_DECOMPRESSED_SIZE_OFS = 24,
+    MZ_ZIP_CDH_FILENAME_LEN_OFS = 28,
+    MZ_ZIP_CDH_EXTRA_LEN_OFS = 30,
+    MZ_ZIP_CDH_COMMENT_LEN_OFS = 32,
+    MZ_ZIP_CDH_DISK_START_OFS = 34,
+    MZ_ZIP_CDH_INTERNAL_ATTR_OFS = 36,
+    MZ_ZIP_CDH_EXTERNAL_ATTR_OFS = 38,
+    MZ_ZIP_CDH_LOCAL_HEADER_OFS = 42,
+
+    /* Local directory header offsets */
+    MZ_ZIP_LDH_SIG_OFS = 0,
+    MZ_ZIP_LDH_VERSION_NEEDED_OFS = 4,
+    MZ_ZIP_LDH_BIT_FLAG_OFS = 6,
+    MZ_ZIP_LDH_METHOD_OFS = 8,
+    MZ_ZIP_LDH_FILE_TIME_OFS = 10,
+    MZ_ZIP_LDH_FILE_DATE_OFS = 12,
+    MZ_ZIP_LDH_CRC32_OFS = 14,
+    MZ_ZIP_LDH_COMPRESSED_SIZE_OFS = 18,
+    MZ_ZIP_LDH_DECOMPRESSED_SIZE_OFS = 22,
+    MZ_ZIP_LDH_FILENAME_LEN_OFS = 26,
+    MZ_ZIP_LDH_EXTRA_LEN_OFS = 28,
+    MZ_ZIP_LDH_BIT_FLAG_HAS_LOCATOR = 1 << 3,
+
+    /* End of central directory offsets */
+    MZ_ZIP_ECDH_SIG_OFS = 0,
+    MZ_ZIP_ECDH_NUM_THIS_DISK_OFS = 4,
+    MZ_ZIP_ECDH_NUM_DISK_CDIR_OFS = 6,
+    MZ_ZIP_ECDH_CDIR_NUM_ENTRIES_ON_DISK_OFS = 8,
+    MZ_ZIP_ECDH_CDIR_TOTAL_ENTRIES_OFS = 10,
+    MZ_ZIP_ECDH_CDIR_SIZE_OFS = 12,
+    MZ_ZIP_ECDH_CDIR_OFS_OFS = 16,
+    MZ_ZIP_ECDH_COMMENT_SIZE_OFS = 20,
+
+    /* ZIP64 End of central directory locator offsets */
+    MZ_ZIP64_ECDL_SIG_OFS = 0,                    /* 4 bytes */
+    MZ_ZIP64_ECDL_NUM_DISK_CDIR_OFS = 4,          /* 4 bytes */
+    MZ_ZIP64_ECDL_REL_OFS_TO_ZIP64_ECDR_OFS = 8,  /* 8 bytes */
+    MZ_ZIP64_ECDL_TOTAL_NUMBER_OF_DISKS_OFS = 16, /* 4 bytes */
+
+    /* ZIP64 End of central directory header offsets */
+    MZ_ZIP64_ECDH_SIG_OFS = 0,                       /* 4 bytes */
+    MZ_ZIP64_ECDH_SIZE_OF_RECORD_OFS = 4,            /* 8 bytes */
+    MZ_ZIP64_ECDH_VERSION_MADE_BY_OFS = 12,          /* 2 bytes */
+    MZ_ZIP64_ECDH_VERSION_NEEDED_OFS = 14,           /* 2 bytes */
+    MZ_ZIP64_ECDH_NUM_THIS_DISK_OFS = 16,            /* 4 bytes */
+    MZ_ZIP64_ECDH_NUM_DISK_CDIR_OFS = 20,            /* 4 bytes */
+    MZ_ZIP64_ECDH_CDIR_NUM_ENTRIES_ON_DISK_OFS = 24, /* 8 bytes */
+    MZ_ZIP64_ECDH_CDIR_TOTAL_ENTRIES_OFS = 32,       /* 8 bytes */
+    MZ_ZIP64_ECDH_CDIR_SIZE_OFS = 40,                /* 8 bytes */
+    MZ_ZIP64_ECDH_CDIR_OFS_OFS = 48,                 /* 8 bytes */
+    MZ_ZIP_VERSION_MADE_BY_DOS_FILESYSTEM_ID = 0,
+    MZ_ZIP_DOS_DIR_ATTRIBUTE_BITFLAG = 0x10,
+    MZ_ZIP_GENERAL_PURPOSE_BIT_FLAG_IS_ENCRYPTED = 1,
+    MZ_ZIP_GENERAL_PURPOSE_BIT_FLAG_COMPRESSED_PATCH_FLAG = 32,
+    MZ_ZIP_GENERAL_PURPOSE_BIT_FLAG_USES_STRONG_ENCRYPTION = 64,
+    MZ_ZIP_GENERAL_PURPOSE_BIT_FLAG_LOCAL_DIR_IS_MASKED = 8192,
+    MZ_ZIP_GENERAL_PURPOSE_BIT_FLAG_UTF8 = 1 << 11
+};
+
+typedef struct
+{
+    void *m_p;
+    size_t m_size, m_capacity;
+    mz_uint m_element_size;
+} mz_zip_array;
+
+struct mz_zip_internal_state_tag
+{
+    mz_zip_array m_central_dir;
+    mz_zip_array m_central_dir_offsets;
+    mz_zip_array m_sorted_central_dir_offsets;
+
+    /* The flags passed in when the archive is initially opened. */
+    uint32_t m_init_flags;
+
+    /* MZ_TRUE if the archive has a zip64 end of central directory headers, etc. */
+    mz_bool m_zip64;
+
+    /* MZ_TRUE if we found zip64 extended info in the central directory (m_zip64 will also be slammed to true too, even if we didn't find a zip64 end of central dir header, etc.) */
+    mz_bool m_zip64_has_extended_info_fields;
+
+    /* These fields are used by the file, FILE, memory, and memory/heap read/write helpers. */
+    MZ_FILE *m_pFile;
+    mz_uint64 m_file_archive_start_ofs;
+
+    void *m_pMem;
+    size_t m_mem_size;
+    size_t m_mem_capacity;
+};
+
+#define MZ_ZIP_ARRAY_SET_ELEMENT_SIZE(array_ptr, element_size) (array_ptr)->m_element_size = element_size
+
+#if defined(DEBUG) || defined(_DEBUG) || defined(NDEBUG)
+static MZ_FORCEINLINE mz_uint mz_zip_array_range_check(const mz_zip_array *pArray, mz_uint index)
+{
+    MZ_ASSERT(index < pArray->m_size);
+    return index;
+}
+#define MZ_ZIP_ARRAY_ELEMENT(array_ptr, element_type, index) ((element_type *)((array_ptr)->m_p))[mz_zip_array_range_check(array_ptr, index)]
+#else
+#define MZ_ZIP_ARRAY_ELEMENT(array_ptr, element_type, index) ((element_type *)((array_ptr)->m_p))[index]
+#endif
+
+static MZ_FORCEINLINE void mz_zip_array_init(mz_zip_array *pArray, mz_uint32 element_size)
+{
+    memset(pArray, 0, sizeof(mz_zip_array));
+    pArray->m_element_size = element_size;
+}
+
+static MZ_FORCEINLINE void mz_zip_array_clear(mz_zip_archive *pZip, mz_zip_array *pArray)
+{
+    pZip->m_pFree(pZip->m_pAlloc_opaque, pArray->m_p);
+    memset(pArray, 0, sizeof(mz_zip_array));
+}
+
+static mz_bool mz_zip_array_ensure_capacity(mz_zip_archive *pZip, mz_zip_array *pArray, size_t min_new_capacity, mz_uint growing)
+{
+    void *pNew_p;
+    size_t new_capacity = min_new_capacity;
+    MZ_ASSERT(pArray->m_element_size);
+    if (pArray->m_capacity >= min_new_capacity)
+        return MZ_TRUE;
+    if (growing)
+    {
+        new_capacity = MZ_MAX(1, pArray->m_capacity);
+        while (new_capacity < min_new_capacity)
+            new_capacity *= 2;
+    }
+    if (NULL == (pNew_p = pZip->m_pRealloc(pZip->m_pAlloc_opaque, pArray->m_p, pArray->m_element_size, new_capacity)))
+        return MZ_FALSE;
+    pArray->m_p = pNew_p;
+    pArray->m_capacity = new_capacity;
+    return MZ_TRUE;
+}
+
+static MZ_FORCEINLINE mz_bool mz_zip_array_reserve(mz_zip_archive *pZip, mz_zip_array *pArray, size_t new_capacity, mz_uint growing)
+{
+    if (new_capacity > pArray->m_capacity)
+    {
+        if (!mz_zip_array_ensure_capacity(pZip, pArray, new_capacity, growing))
+            return MZ_FALSE;
+    }
+    return MZ_TRUE;
+}
+
+static MZ_FORCEINLINE mz_bool mz_zip_array_resize(mz_zip_archive *pZip, mz_zip_array *pArray, size_t new_size, mz_uint growing)
+{
+    if (new_size > pArray->m_capacity)
+    {
+        if (!mz_zip_array_ensure_capacity(pZip, pArray, new_size, growing))
+            return MZ_FALSE;
+    }
+    pArray->m_size = new_size;
+    return MZ_TRUE;
+}
+
+static MZ_FORCEINLINE mz_bool mz_zip_array_ensure_room(mz_zip_archive *pZip, mz_zip_array *pArray, size_t n)
+{
+    return mz_zip_array_reserve(pZip, pArray, pArray->m_size + n, MZ_TRUE);
+}
+
+static MZ_FORCEINLINE mz_bool mz_zip_array_push_back(mz_zip_archive *pZip, mz_zip_array *pArray, const void *pElements, size_t n)
+{
+    size_t orig_size = pArray->m_size;
+    if (!mz_zip_array_resize(pZip, pArray, orig_size + n, MZ_TRUE))
+        return MZ_FALSE;
+    memcpy((mz_uint8 *)pArray->m_p + orig_size * pArray->m_element_size, pElements, n * pArray->m_element_size);
+    return MZ_TRUE;
+}
+
+#ifndef MINIZ_NO_TIME
+static MZ_TIME_T mz_zip_dos_to_time_t(int dos_time, int dos_date)
+{
+    struct tm tm;
+    memset(&tm, 0, sizeof(tm));
+    tm.tm_isdst = -1;
+    tm.tm_year = ((dos_date >> 9) & 127) + 1980 - 1900;
+    tm.tm_mon = ((dos_date >> 5) & 15) - 1;
+    tm.tm_mday = dos_date & 31;
+    tm.tm_hour = (dos_time >> 11) & 31;
+    tm.tm_min = (dos_time >> 5) & 63;
+    tm.tm_sec = (dos_time << 1) & 62;
+    return mktime(&tm);
+}
+
+static void mz_zip_time_t_to_dos_time(MZ_TIME_T time, mz_uint16 *pDOS_time, mz_uint16 *pDOS_date)
+{
+#ifdef _MSC_VER
+    struct tm tm_struct;
+    struct tm *tm = &tm_struct;
+    errno_t err = localtime_s(tm, &time);
+    if (err)
+    {
+        *pDOS_date = 0;
+        *pDOS_time = 0;
+        return;
+    }
+#else
+    struct tm *tm = localtime(&time);
+#endif /* #ifdef _MSC_VER */
+
+    *pDOS_time = (mz_uint16)(((tm->tm_hour) << 11) + ((tm->tm_min) << 5) + ((tm->tm_sec) >> 1));
+    *pDOS_date = (mz_uint16)(((tm->tm_year + 1900 - 1980) << 9) + ((tm->tm_mon + 1) << 5) + tm->tm_mday);
+}
+
+#ifndef MINIZ_NO_STDIO
+static mz_bool mz_zip_get_file_modified_time(const char *pFilename, MZ_TIME_T *pTime)
+{
+    struct MZ_FILE_STAT_STRUCT file_stat;
+
+    /* On Linux with x86 glibc, this call will fail on large files (I think >= 0x80000000 bytes) unless you compiled with _LARGEFILE64_SOURCE. Argh. */
+    if (MZ_FILE_STAT(pFilename, &file_stat) != 0)
+        return MZ_FALSE;
+
+    *pTime = file_stat.st_mtime;
+
+    return MZ_TRUE;
+}
+
+static mz_bool mz_zip_set_file_times(const char *pFilename, MZ_TIME_T access_time, MZ_TIME_T modified_time)
+{
+    struct utimbuf t;
+
+    memset(&t, 0, sizeof(t));
+    t.actime = access_time;
+    t.modtime = modified_time;
+
+    return !utime(pFilename, &t);
+}
+#endif /* #ifndef MINIZ_NO_STDIO */
+#endif /* #ifndef MINIZ_NO_TIME */
+
+static MZ_FORCEINLINE mz_bool mz_zip_set_error(mz_zip_archive *pZip, mz_zip_error err_num)
+{
+    if (pZip)
+        pZip->m_last_error = err_num;
+    return MZ_FALSE;
+}
+
+static mz_bool mz_zip_reader_init_internal(mz_zip_archive *pZip, mz_uint flags)
+{
+    (void)flags;
+    if ((!pZip) || (pZip->m_pState) || (pZip->m_zip_mode != MZ_ZIP_MODE_INVALID))
+        return mz_zip_set_error(pZip, MZ_ZIP_INVALID_PARAMETER);
+
+    if (!pZip->m_pAlloc)
+        pZip->m_pAlloc = miniz_def_alloc_func;
+    if (!pZip->m_pFree)
+        pZip->m_pFree = miniz_def_free_func;
+    if (!pZip->m_pRealloc)
+        pZip->m_pRealloc = miniz_def_realloc_func;
+
+    pZip->m_archive_size = 0;
+    pZip->m_central_directory_file_ofs = 0;
+    pZip->m_total_files = 0;
+    pZip->m_last_error = MZ_ZIP_NO_ERROR;
+
+    if (NULL == (pZip->m_pState = (mz_zip_internal_state *)pZip->m_pAlloc(pZip->m_pAlloc_opaque, 1, sizeof(mz_zip_internal_state))))
+        return mz_zip_set_error(pZip, MZ_ZIP_ALLOC_FAILED);
+
+    memset(pZip->m_pState, 0, sizeof(mz_zip_internal_state));
+    MZ_ZIP_ARRAY_SET_ELEMENT_SIZE(&pZip->m_pState->m_central_dir, sizeof(mz_uint8));
+    MZ_ZIP_ARRAY_SET_ELEMENT_SIZE(&pZip->m_pState->m_central_dir_offsets, sizeof(mz_uint32));
+    MZ_ZIP_ARRAY_SET_ELEMENT_SIZE(&pZip->m_pState->m_sorted_central_dir_offsets, sizeof(mz_uint32));
+    pZip->m_pState->m_init_flags = flags;
+    pZip->m_pState->m_zip64 = MZ_FALSE;
+    pZip->m_pState->m_zip64_has_extended_info_fields = MZ_FALSE;
+
+    pZip->m_zip_mode = MZ_ZIP_MODE_READING;
+
+    return MZ_TRUE;
+}
+
+static MZ_FORCEINLINE mz_bool mz_zip_reader_filename_less(const mz_zip_array *pCentral_dir_array, const mz_zip_array *pCentral_dir_offsets, mz_uint l_index, mz_uint r_index)
+{
+    const mz_uint8 *pL = &MZ_ZIP_ARRAY_ELEMENT(pCentral_dir_array, mz_uint8, MZ_ZIP_ARRAY_ELEMENT(pCentral_dir_offsets, mz_uint32, l_index)), *pE;
+    const mz_uint8 *pR = &MZ_ZIP_ARRAY_ELEMENT(pCentral_dir_array, mz_uint8, MZ_ZIP_ARRAY_ELEMENT(pCentral_dir_offsets, mz_uint32, r_index));
+    mz_uint l_len = MZ_READ_LE16(pL + MZ_ZIP_CDH_FILENAME_LEN_OFS), r_len = MZ_READ_LE16(pR + MZ_ZIP_CDH_FILENAME_LEN_OFS);
+    mz_uint8 l = 0, r = 0;
+    pL += MZ_ZIP_CENTRAL_DIR_HEADER_SIZE;
+    pR += MZ_ZIP_CENTRAL_DIR_HEADER_SIZE;
+    pE = pL + MZ_MIN(l_len, r_len);
+    while (pL < pE)
+    {
+        if ((l = MZ_TOLOWER(*pL)) != (r = MZ_TOLOWER(*pR)))
+            break;
+        pL++;
+        pR++;
+    }
+    return (pL == pE) ? (l_len < r_len) : (l < r);
+}
+
+#define MZ_SWAP_UINT32(a, b) \
+    do                       \
+    {                        \
+        mz_uint32 t = a;     \
+        a = b;               \
+        b = t;               \
+    }                        \
+    MZ_MACRO_END
+
+/* Heap sort of lowercased filenames, used to help accelerate plain central directory searches by mz_zip_reader_locate_file(). (Could also use qsort(), but it could allocate memory.) */
+static void mz_zip_reader_sort_central_dir_offsets_by_filename(mz_zip_archive *pZip)
+{
+    mz_zip_internal_state *pState = pZip->m_pState;
+    const mz_zip_array *pCentral_dir_offsets = &pState->m_central_dir_offsets;
+    const mz_zip_array *pCentral_dir = &pState->m_central_dir;
+    mz_uint32 *pIndices;
+    mz_uint32 start, end;
+    const mz_uint32 size = pZip->m_total_files;
+
+    if (size <= 1U)
+        return;
+
+    pIndices = &MZ_ZIP_ARRAY_ELEMENT(&pState->m_sorted_central_dir_offsets, mz_uint32, 0);
+
+    start = (size - 2U) >> 1U;
+    for (;;)
+    {
+        mz_uint64 child, root = start;
+        for (;;)
+        {
+            if ((child = (root << 1U) + 1U) >= size)
+                break;
+            child += (((child + 1U) < size) && (mz_zip_reader_filename_less(pCentral_dir, pCentral_dir_offsets, pIndices[child], pIndices[child + 1U])));
+            if (!mz_zip_reader_filename_less(pCentral_dir, pCentral_dir_offsets, pIndices[root], pIndices[child]))
+                break;
+            MZ_SWAP_UINT32(pIndices[root], pIndices[child]);
+            root = child;
+        }
+        if (!start)
+            break;
+        start--;
+    }
+
+    end = size - 1;
+    while (end > 0)
+    {
+        mz_uint64 child, root = 0;
+        MZ_SWAP_UINT32(pIndices[end], pIndices[0]);
+        for (;;)
+        {
+            if ((child = (root << 1U) + 1U) >= end)
+                break;
+            child += (((child + 1U) < end) && mz_zip_reader_filename_less(pCentral_dir, pCentral_dir_offsets, pIndices[child], pIndices[child + 1U]));
+            if (!mz_zip_reader_filename_less(pCentral_dir, pCentral_dir_offsets, pIndices[root], pIndices[child]))
+                break;
+            MZ_SWAP_UINT32(pIndices[root], pIndices[child]);
+            root = child;
+        }
+        end--;
+    }
+}
+
+static mz_bool mz_zip_reader_locate_header_sig(mz_zip_archive *pZip, mz_uint32 record_sig, mz_uint32 record_size, mz_int64 *pOfs)
+{
+    mz_int64 cur_file_ofs;
+    mz_uint32 buf_u32[4096 / sizeof(mz_uint32)];
+    mz_uint8 *pBuf = (mz_uint8 *)buf_u32;
+
+    /* Basic sanity checks - reject files which are too small */
+    if (pZip->m_archive_size < record_size)
+        return MZ_FALSE;
+
+    /* Find the record by scanning the file from the end towards the beginning. */
+    cur_file_ofs = MZ_MAX((mz_int64)pZip->m_archive_size - (mz_int64)sizeof(buf_u32), 0);
+    for (;;)
+    {
+        int i, n = (int)MZ_MIN(sizeof(buf_u32), pZip->m_archive_size - cur_file_ofs);
+
+        if (pZip->m_pRead(pZip->m_pIO_opaque, cur_file_ofs, pBuf, n) != (mz_uint)n)
+            return MZ_FALSE;
+
+        for (i = n - 4; i >= 0; --i)
+        {
+            mz_uint s = MZ_READ_LE32(pBuf + i);
+            if (s == record_sig)
+            {
+                if ((pZip->m_archive_size - (cur_file_ofs + i)) >= record_size)
+                    break;
+            }
+        }
+
+        if (i >= 0)
+        {
+            cur_file_ofs += i;
+            break;
+        }
+
+        /* Give up if we've searched the entire file, or we've gone back "too far" (~64kb) */
+        if ((!cur_file_ofs) || ((pZip->m_archive_size - cur_file_ofs) >= (MZ_UINT16_MAX + record_size)))
+            return MZ_FALSE;
+
+        cur_file_ofs = MZ_MAX(cur_file_ofs - (sizeof(buf_u32) - 3), 0);
+    }
+
+    *pOfs = cur_file_ofs;
+    return MZ_TRUE;
+}
+
+static mz_bool mz_zip_reader_read_central_dir(mz_zip_archive *pZip, mz_uint flags)
+{
+    mz_uint cdir_size = 0, cdir_entries_on_this_disk = 0, num_this_disk = 0, cdir_disk_index = 0;
+    mz_uint64 cdir_ofs = 0;
+    mz_int64 cur_file_ofs = 0;
+    const mz_uint8 *p;
+
+    mz_uint32 buf_u32[4096 / sizeof(mz_uint32)];
+    mz_uint8 *pBuf = (mz_uint8 *)buf_u32;
+    mz_bool sort_central_dir = ((flags & MZ_ZIP_FLAG_DO_NOT_SORT_CENTRAL_DIRECTORY) == 0);
+    mz_uint32 zip64_end_of_central_dir_locator_u32[(MZ_ZIP64_END_OF_CENTRAL_DIR_LOCATOR_SIZE + sizeof(mz_uint32) - 1) / sizeof(mz_uint32)];
+    mz_uint8 *pZip64_locator = (mz_uint8 *)zip64_end_of_central_dir_locator_u32;
+
+    mz_uint32 zip64_end_of_central_dir_header_u32[(MZ_ZIP64_END_OF_CENTRAL_DIR_HEADER_SIZE + sizeof(mz_uint32) - 1) / sizeof(mz_uint32)];
+    mz_uint8 *pZip64_end_of_central_dir = (mz_uint8 *)zip64_end_of_central_dir_header_u32;
+
+    mz_uint64 zip64_end_of_central_dir_ofs = 0;
+
+    /* Basic sanity checks - reject files which are too small, and check the first 4 bytes of the file to make sure a local header is there. */
+    if (pZip->m_archive_size < MZ_ZIP_END_OF_CENTRAL_DIR_HEADER_SIZE)
+        return mz_zip_set_error(pZip, MZ_ZIP_NOT_AN_ARCHIVE);
+
+    if (!mz_zip_reader_locate_header_sig(pZip, MZ_ZIP_END_OF_CENTRAL_DIR_HEADER_SIG, MZ_ZIP_END_OF_CENTRAL_DIR_HEADER_SIZE, &cur_file_ofs))
+        return mz_zip_set_error(pZip, MZ_ZIP_FAILED_FINDING_CENTRAL_DIR);
+
+    /* Read and verify the end of central directory record. */
+    if (pZip->m_pRead(pZip->m_pIO_opaque, cur_file_ofs, pBuf, MZ_ZIP_END_OF_CENTRAL_DIR_HEADER_SIZE) != MZ_ZIP_END_OF_CENTRAL_DIR_HEADER_SIZE)
+        return mz_zip_set_error(pZip, MZ_ZIP_FILE_READ_FAILED);
+
+    if (MZ_READ_LE32(pBuf + MZ_ZIP_ECDH_SIG_OFS) != MZ_ZIP_END_OF_CENTRAL_DIR_HEADER_SIG)
+        return mz_zip_set_error(pZip, MZ_ZIP_NOT_AN_ARCHIVE);
+
+    if (cur_file_ofs >= (MZ_ZIP64_END_OF_CENTRAL_DIR_LOCATOR_SIZE + MZ_ZIP64_END_OF_CENTRAL_DIR_HEADER_SIZE))
+    {
+        if (pZip->m_pRead(pZip->m_pIO_opaque, cur_file_ofs - MZ_ZIP64_END_OF_CENTRAL_DIR_LOCATOR_SIZE, pZip64_locator, MZ_ZIP64_END_OF_CENTRAL_DIR_LOCATOR_SIZE) == MZ_ZIP64_END_OF_CENTRAL_DIR_LOCATOR_SIZE)
+        {
+            if (MZ_READ_LE32(pZip64_locator + MZ_ZIP64_ECDL_SIG_OFS) == MZ_ZIP64_END_OF_CENTRAL_DIR_LOCATOR_SIG)
+            {
+                zip64_end_of_central_dir_ofs = MZ_READ_LE64(pZip64_locator + MZ_ZIP64_ECDL_REL_OFS_TO_ZIP64_ECDR_OFS);
+                if (zip64_end_of_central_dir_ofs > (pZip->m_archive_size - MZ_ZIP64_END_OF_CENTRAL_DIR_HEADER_SIZE))
+                    return mz_zip_set_error(pZip, MZ_ZIP_NOT_AN_ARCHIVE);
+
+                if (pZip->m_pRead(pZip->m_pIO_opaque, zip64_end_of_central_dir_ofs, pZip64_end_of_central_dir, MZ_ZIP64_END_OF_CENTRAL_DIR_HEADER_SIZE) == MZ_ZIP64_END_OF_CENTRAL_DIR_HEADER_SIZE)
+                {
+                    if (MZ_READ_LE32(pZip64_end_of_central_dir + MZ_ZIP64_ECDH_SIG_OFS) == MZ_ZIP64_END_OF_CENTRAL_DIR_HEADER_SIG)
+                    {
+                        pZip->m_pState->m_zip64 = MZ_TRUE;
+                    }
+                }
+            }
+        }
+    }
+
+    pZip->m_total_files = MZ_READ_LE16(pBuf + MZ_ZIP_ECDH_CDIR_TOTAL_ENTRIES_OFS);
+    cdir_entries_on_this_disk = MZ_READ_LE16(pBuf + MZ_ZIP_ECDH_CDIR_NUM_ENTRIES_ON_DISK_OFS);
+    num_this_disk = MZ_READ_LE16(pBuf + MZ_ZIP_ECDH_NUM_THIS_DISK_OFS);
+    cdir_disk_index = MZ_READ_LE16(pBuf + MZ_ZIP_ECDH_NUM_DISK_CDIR_OFS);
+    cdir_size = MZ_READ_LE32(pBuf + MZ_ZIP_ECDH_CDIR_SIZE_OFS);
+    cdir_ofs = MZ_READ_LE32(pBuf + MZ_ZIP_ECDH_CDIR_OFS_OFS);
+
+    if (pZip->m_pState->m_zip64)
+    {
+        mz_uint32 zip64_total_num_of_disks = MZ_READ_LE32(pZip64_locator + MZ_ZIP64_ECDL_TOTAL_NUMBER_OF_DISKS_OFS);
+        mz_uint64 zip64_cdir_total_entries = MZ_READ_LE64(pZip64_end_of_central_dir + MZ_ZIP64_ECDH_CDIR_TOTAL_ENTRIES_OFS);
+        mz_uint64 zip64_cdir_total_entries_on_this_disk = MZ_READ_LE64(pZip64_end_of_central_dir + MZ_ZIP64_ECDH_CDIR_NUM_ENTRIES_ON_DISK_OFS);
+        mz_uint64 zip64_size_of_end_of_central_dir_record = MZ_READ_LE64(pZip64_end_of_central_dir + MZ_ZIP64_ECDH_SIZE_OF_RECORD_OFS);
+        mz_uint64 zip64_size_of_central_directory = MZ_READ_LE64(pZip64_end_of_central_dir + MZ_ZIP64_ECDH_CDIR_SIZE_OFS);
+
+        if (zip64_size_of_end_of_central_dir_record < (MZ_ZIP64_END_OF_CENTRAL_DIR_HEADER_SIZE - 12))
+            return mz_zip_set_error(pZip, MZ_ZIP_INVALID_HEADER_OR_CORRUPTED);
+
+        if (zip64_total_num_of_disks != 1U)
+            return mz_zip_set_error(pZip, MZ_ZIP_UNSUPPORTED_MULTIDISK);
+
+        /* Check for miniz's practical limits */
+        if (zip64_cdir_total_entries > MZ_UINT32_MAX)
+            return mz_zip_set_error(pZip, MZ_ZIP_TOO_MANY_FILES);
+
+        pZip->m_total_files = (mz_uint32)zip64_cdir_total_entries;
+
+        if (zip64_cdir_total_entries_on_this_disk > MZ_UINT32_MAX)
+            return mz_zip_set_error(pZip, MZ_ZIP_TOO_MANY_FILES);
+
+        cdir_entries_on_this_disk = (mz_uint32)zip64_cdir_total_entries_on_this_disk;
+
+        /* Check for miniz's current practical limits (sorry, this should be enough for millions of files) */
+        if (zip64_size_of_central_directory > MZ_UINT32_MAX)
+            return mz_zip_set_error(pZip, MZ_ZIP_UNSUPPORTED_CDIR_SIZE);
+
+        cdir_size = (mz_uint32)zip64_size_of_central_directory;
+
+        num_this_disk = MZ_READ_LE32(pZip64_end_of_central_dir + MZ_ZIP64_ECDH_NUM_THIS_DISK_OFS);
+
+        cdir_disk_index = MZ_READ_LE32(pZip64_end_of_central_dir + MZ_ZIP64_ECDH_NUM_DISK_CDIR_OFS);
+
+        cdir_ofs = MZ_READ_LE64(pZip64_end_of_central_dir + MZ_ZIP64_ECDH_CDIR_OFS_OFS);
+    }
+
+    if (pZip->m_total_files != cdir_entries_on_this_disk)
+        return mz_zip_set_error(pZip, MZ_ZIP_UNSUPPORTED_MULTIDISK);
+
+    if (((num_this_disk | cdir_disk_index) != 0) && ((num_this_disk != 1) || (cdir_disk_index != 1)))
+        return mz_zip_set_error(pZip, MZ_ZIP_UNSUPPORTED_MULTIDISK);
+
+    if (cdir_size < pZip->m_total_files * MZ_ZIP_CENTRAL_DIR_HEADER_SIZE)
+        return mz_zip_set_error(pZip, MZ_ZIP_INVALID_HEADER_OR_CORRUPTED);
+
+    if ((cdir_ofs + (mz_uint64)cdir_size) > pZip->m_archive_size)
+        return mz_zip_set_error(pZip, MZ_ZIP_INVALID_HEADER_OR_CORRUPTED);
+
+    pZip->m_central_directory_file_ofs = cdir_ofs;
+
+    if (pZip->m_total_files)
+    {
+        mz_uint i, n;
+        /* Read the entire central directory into a heap block, and allocate another heap block to hold the unsorted central dir file record offsets, and possibly another to hold the sorted indices. */
+        if ((!mz_zip_array_resize(pZip, &pZip->m_pState->m_central_dir, cdir_size, MZ_FALSE)) ||
+            (!mz_zip_array_resize(pZip, &pZip->m_pState->m_central_dir_offsets, pZip->m_total_files, MZ_FALSE)))
+            return mz_zip_set_error(pZip, MZ_ZIP_ALLOC_FAILED);
+
+        if (sort_central_dir)
+        {
+            if (!mz_zip_array_resize(pZip, &pZip->m_pState->m_sorted_central_dir_offsets, pZip->m_total_files, MZ_FALSE))
+                return mz_zip_set_error(pZip, MZ_ZIP_ALLOC_FAILED);
+        }
+
+        if (pZip->m_pRead(pZip->m_pIO_opaque, cdir_ofs, pZip->m_pState->m_central_dir.m_p, cdir_size) != cdir_size)
+            return mz_zip_set_error(pZip, MZ_ZIP_FILE_READ_FAILED);
+
+        /* Now create an index into the central directory file records, do some basic sanity checking on each record */
+        p = (const mz_uint8 *)pZip->m_pState->m_central_dir.m_p;
+        for (n = cdir_size, i = 0; i < pZip->m_total_files; ++i)
+        {
+            mz_uint total_header_size, disk_index, bit_flags, filename_size, ext_data_size;
+            mz_uint64 comp_size, decomp_size, local_header_ofs;
+
+            if ((n < MZ_ZIP_CENTRAL_DIR_HEADER_SIZE) || (MZ_READ_LE32(p) != MZ_ZIP_CENTRAL_DIR_HEADER_SIG))
+                return mz_zip_set_error(pZip, MZ_ZIP_INVALID_HEADER_OR_CORRUPTED);
+
+            MZ_ZIP_ARRAY_ELEMENT(&pZip->m_pState->m_central_dir_offsets, mz_uint32, i) = (mz_uint32)(p - (const mz_uint8 *)pZip->m_pState->m_central_dir.m_p);
+
+            if (sort_central_dir)
+                MZ_ZIP_ARRAY_ELEMENT(&pZip->m_pState->m_sorted_central_dir_offsets, mz_uint32, i) = i;
+
+            comp_size = MZ_READ_LE32(p + MZ_ZIP_CDH_COMPRESSED_SIZE_OFS);
+            decomp_size = MZ_READ_LE32(p + MZ_ZIP_CDH_DECOMPRESSED_SIZE_OFS);
+            local_header_ofs = MZ_READ_LE32(p + MZ_ZIP_CDH_LOCAL_HEADER_OFS);
+            filename_size = MZ_READ_LE16(p + MZ_ZIP_CDH_FILENAME_LEN_OFS);
+            ext_data_size = MZ_READ_LE16(p + MZ_ZIP_CDH_EXTRA_LEN_OFS);
+
+            if ((!pZip->m_pState->m_zip64_has_extended_info_fields) &&
+                (ext_data_size) &&
+                (MZ_MAX(MZ_MAX(comp_size, decomp_size), local_header_ofs) == MZ_UINT32_MAX))
+            {
+                /* Attempt to find zip64 extended information field in the entry's extra data */
+                mz_uint32 extra_size_remaining = ext_data_size;
+
+                if (extra_size_remaining)
+                {
+                    const mz_uint8 *pExtra_data = p + MZ_ZIP_CENTRAL_DIR_HEADER_SIZE + filename_size;
+
+                    do
+                    {
+                        if (extra_size_remaining < (sizeof(mz_uint16) * 2))
+                            return mz_zip_set_error(pZip, MZ_ZIP_INVALID_HEADER_OR_CORRUPTED);
+
+                        mz_uint32 field_id = MZ_READ_LE16(pExtra_data);
+                        mz_uint32 field_data_size = MZ_READ_LE16(pExtra_data + sizeof(mz_uint16));
+
+                        if ((field_data_size + sizeof(mz_uint16) * 2) > extra_size_remaining)
+                            return mz_zip_set_error(pZip, MZ_ZIP_INVALID_HEADER_OR_CORRUPTED);
+
+                        if (field_id == MZ_ZIP64_EXTENDED_INFORMATION_FIELD_HEADER_ID)
+                        {
+                            /* Ok, the archive didn't have any zip64 headers but it uses a zip64 extended information field so mark it as zip64 anyway (this can occur with infozip's zip util when it reads compresses files from stdin). */
+                            pZip->m_pState->m_zip64 = MZ_TRUE;
+                            pZip->m_pState->m_zip64_has_extended_info_fields = MZ_TRUE;
+                            break;
+                        }
+
+                        pExtra_data += sizeof(mz_uint16) * 2 + field_data_size;
+                        extra_size_remaining = extra_size_remaining - sizeof(mz_uint16) * 2 - field_data_size;
+                    } while (extra_size_remaining);
+                }
+            }
+
+            /* I've seen archives that aren't marked as zip64 that uses zip64 ext data, argh */
+            if ((comp_size != MZ_UINT32_MAX) && (decomp_size != MZ_UINT32_MAX))
+            {
+                if (((!MZ_READ_LE32(p + MZ_ZIP_CDH_METHOD_OFS)) && (decomp_size != comp_size)) || (decomp_size && !comp_size))
+                    return mz_zip_set_error(pZip, MZ_ZIP_INVALID_HEADER_OR_CORRUPTED);
+            }
+
+            disk_index = MZ_READ_LE16(p + MZ_ZIP_CDH_DISK_START_OFS);
+            if ((disk_index == MZ_UINT16_MAX) || ((disk_index != num_this_disk) && (disk_index != 1)))
+                return mz_zip_set_error(pZip, MZ_ZIP_UNSUPPORTED_MULTIDISK);
+
+            if (comp_size != MZ_UINT32_MAX)
+            {
+                if (((mz_uint64)MZ_READ_LE32(p + MZ_ZIP_CDH_LOCAL_HEADER_OFS) + MZ_ZIP_LOCAL_DIR_HEADER_SIZE + comp_size) > pZip->m_archive_size)
+                    return mz_zip_set_error(pZip, MZ_ZIP_INVALID_HEADER_OR_CORRUPTED);
+            }
+
+            bit_flags = MZ_READ_LE16(p + MZ_ZIP_CDH_BIT_FLAG_OFS);
+            if (bit_flags & MZ_ZIP_GENERAL_PURPOSE_BIT_FLAG_LOCAL_DIR_IS_MASKED)
+                return mz_zip_set_error(pZip, MZ_ZIP_UNSUPPORTED_ENCRYPTION);
+
+            if ((total_header_size = MZ_ZIP_CENTRAL_DIR_HEADER_SIZE + MZ_READ_LE16(p + MZ_ZIP_CDH_FILENAME_LEN_OFS) + MZ_READ_LE16(p + MZ_ZIP_CDH_EXTRA_LEN_OFS) + MZ_READ_LE16(p + MZ_ZIP_CDH_COMMENT_LEN_OFS)) > n)
+                return mz_zip_set_error(pZip, MZ_ZIP_INVALID_HEADER_OR_CORRUPTED);
+
+            n -= total_header_size;
+            p += total_header_size;
+        }
+    }
+
+    if (sort_central_dir)
+        mz_zip_reader_sort_central_dir_offsets_by_filename(pZip);
+
+    return MZ_TRUE;
+}
+
+void mz_zip_zero_struct(mz_zip_archive *pZip)
+{
+    if (pZip)
+        MZ_CLEAR_OBJ(*pZip);
+}
+
+static mz_bool mz_zip_reader_end_internal(mz_zip_archive *pZip, mz_bool set_last_error)
+{
+    mz_bool status = MZ_TRUE;
+
+    if (!pZip)
+        return MZ_FALSE;
+
+    if ((!pZip->m_pState) || (!pZip->m_pAlloc) || (!pZip->m_pFree) || (pZip->m_zip_mode != MZ_ZIP_MODE_READING))
+    {
+        if (set_last_error)
+            pZip->m_last_error = MZ_ZIP_INVALID_PARAMETER;
+
+        return MZ_FALSE;
+    }
+
+    if (pZip->m_pState)
+    {
+        mz_zip_internal_state *pState = pZip->m_pState;
+        pZip->m_pState = NULL;
+
+        mz_zip_array_clear(pZip, &pState->m_central_dir);
+        mz_zip_array_clear(pZip, &pState->m_central_dir_offsets);
+        mz_zip_array_clear(pZip, &pState->m_sorted_central_dir_offsets);
+
+#ifndef MINIZ_NO_STDIO
+        if (pState->m_pFile)
+        {
+            if (pZip->m_zip_type == MZ_ZIP_TYPE_FILE)
+            {
+                if (MZ_FCLOSE(pState->m_pFile) == EOF)
+                {
+                    if (set_last_error)
+                        pZip->m_last_error = MZ_ZIP_FILE_CLOSE_FAILED;
+                    status = MZ_FALSE;
+                }
+            }
+            pState->m_pFile = NULL;
+        }
+#endif /* #ifndef MINIZ_NO_STDIO */
+
+        pZip->m_pFree(pZip->m_pAlloc_opaque, pState);
+    }
+    pZip->m_zip_mode = MZ_ZIP_MODE_INVALID;
+
+    return status;
+}
+
+mz_bool mz_zip_reader_end(mz_zip_archive *pZip)
+{
+    return mz_zip_reader_end_internal(pZip, MZ_TRUE);
+}
+mz_bool mz_zip_reader_init(mz_zip_archive *pZip, mz_uint64 size, mz_uint flags)
+{
+    if ((!pZip) || (!pZip->m_pRead))
+        return mz_zip_set_error(pZip, MZ_ZIP_INVALID_PARAMETER);
+
+    if (!mz_zip_reader_init_internal(pZip, flags))
+        return MZ_FALSE;
+
+    pZip->m_zip_type = MZ_ZIP_TYPE_USER;
+    pZip->m_archive_size = size;
+
+    if (!mz_zip_reader_read_central_dir(pZip, flags))
+    {
+        mz_zip_reader_end_internal(pZip, MZ_FALSE);
+        return MZ_FALSE;
+    }
+
+    return MZ_TRUE;
+}
+
+static size_t mz_zip_mem_read_func(void *pOpaque, mz_uint64 file_ofs, void *pBuf, size_t n)
+{
+    mz_zip_archive *pZip = (mz_zip_archive *)pOpaque;
+    size_t s = (file_ofs >= pZip->m_archive_size) ? 0 : (size_t)MZ_MIN(pZip->m_archive_size - file_ofs, n);
+    memcpy(pBuf, (const mz_uint8 *)pZip->m_pState->m_pMem + file_ofs, s);
+    return s;
+}
+
+mz_bool mz_zip_reader_init_mem(mz_zip_archive *pZip, const void *pMem, size_t size, mz_uint flags)
+{
+    if (!pMem)
+        return mz_zip_set_error(pZip, MZ_ZIP_INVALID_PARAMETER);
+
+    if (size < MZ_ZIP_END_OF_CENTRAL_DIR_HEADER_SIZE)
+        return mz_zip_set_error(pZip, MZ_ZIP_NOT_AN_ARCHIVE);
+
+    if (!mz_zip_reader_init_internal(pZip, flags))
+        return MZ_FALSE;
+
+    pZip->m_zip_type = MZ_ZIP_TYPE_MEMORY;
+    pZip->m_archive_size = size;
+    pZip->m_pRead = mz_zip_mem_read_func;
+    pZip->m_pIO_opaque = pZip;
+
+#ifdef __cplusplus
+    pZip->m_pState->m_pMem = const_cast<void *>(pMem);
+#else
+    pZip->m_pState->m_pMem = (void *)pMem;
+#endif
+
+    pZip->m_pState->m_mem_size = size;
+
+    if (!mz_zip_reader_read_central_dir(pZip, flags))
+    {
+        mz_zip_reader_end_internal(pZip, MZ_FALSE);
+        return MZ_FALSE;
+    }
+
+    return MZ_TRUE;
+}
+
+#ifndef MINIZ_NO_STDIO
+static size_t mz_zip_file_read_func(void *pOpaque, mz_uint64 file_ofs, void *pBuf, size_t n)
+{
+    mz_zip_archive *pZip = (mz_zip_archive *)pOpaque;
+    mz_int64 cur_ofs = MZ_FTELL64(pZip->m_pState->m_pFile);
+
+    file_ofs += pZip->m_pState->m_file_archive_start_ofs;
+
+    if (((mz_int64)file_ofs < 0) || (((cur_ofs != (mz_int64)file_ofs)) && (MZ_FSEEK64(pZip->m_pState->m_pFile, (mz_int64)file_ofs, SEEK_SET))))
+        return 0;
+
+    return MZ_FREAD(pBuf, 1, n, pZip->m_pState->m_pFile);
+}
+
+mz_bool mz_zip_reader_init_file(mz_zip_archive *pZip, const char *pFilename, mz_uint32 flags)
+{
+    return mz_zip_reader_init_file_v2(pZip, pFilename, flags, 0, 0);
+}
+
+mz_bool mz_zip_reader_init_file_v2(mz_zip_archive *pZip, const char *pFilename, mz_uint flags, mz_uint64 file_start_ofs, mz_uint64 archive_size)
+{
+    if ((!pZip) || (!pFilename) || ((archive_size) && (archive_size < MZ_ZIP_END_OF_CENTRAL_DIR_HEADER_SIZE)))
+        return mz_zip_set_error(pZip, MZ_ZIP_INVALID_PARAMETER);
+
+    mz_uint64 file_size;
+    MZ_FILE *pFile = MZ_FOPEN(pFilename, "rb");
+    if (!pFile)
+        return mz_zip_set_error(pZip, MZ_ZIP_FILE_OPEN_FAILED);
+
+    file_size = archive_size;
+    if (!file_size)
+    {
+        if (MZ_FSEEK64(pFile, 0, SEEK_END))
+        {
+            MZ_FCLOSE(pFile);
+            return mz_zip_set_error(pZip, MZ_ZIP_FILE_SEEK_FAILED);
+        }
+
+        file_size = MZ_FTELL64(pFile);
+    }
+
+    /* TODO: Better sanity check archive_size and the # of actual remaining bytes */
+
+    if (file_size < MZ_ZIP_END_OF_CENTRAL_DIR_HEADER_SIZE)
+        return mz_zip_set_error(pZip, MZ_ZIP_NOT_AN_ARCHIVE);
+
+    if (!mz_zip_reader_init_internal(pZip, flags))
+    {
+        MZ_FCLOSE(pFile);
+        return MZ_FALSE;
+    }
+
+    pZip->m_zip_type = MZ_ZIP_TYPE_FILE;
+    pZip->m_pRead = mz_zip_file_read_func;
+    pZip->m_pIO_opaque = pZip;
+    pZip->m_pState->m_pFile = pFile;
+    pZip->m_archive_size = file_size;
+    pZip->m_pState->m_file_archive_start_ofs = file_start_ofs;
+
+    if (!mz_zip_reader_read_central_dir(pZip, flags))
+    {
+        mz_zip_reader_end_internal(pZip, MZ_FALSE);
+        return MZ_FALSE;
+    }
+
+    return MZ_TRUE;
+}
+
+mz_bool mz_zip_reader_init_cfile(mz_zip_archive *pZip, MZ_FILE *pFile, mz_uint64 archive_size, mz_uint flags)
+{
+    mz_uint64 cur_file_ofs;
+
+    if ((!pZip) || (!pFile))
+        return mz_zip_set_error(pZip, MZ_ZIP_FILE_OPEN_FAILED);
+
+    cur_file_ofs = MZ_FTELL64(pFile);
+
+    if (!archive_size)
+    {
+        if (MZ_FSEEK64(pFile, 0, SEEK_END))
+            return mz_zip_set_error(pZip, MZ_ZIP_FILE_SEEK_FAILED);
+
+        archive_size = MZ_FTELL64(pFile) - cur_file_ofs;
+
+        if (archive_size < MZ_ZIP_END_OF_CENTRAL_DIR_HEADER_SIZE)
+            return mz_zip_set_error(pZip, MZ_ZIP_NOT_AN_ARCHIVE);
+    }
+
+    if (!mz_zip_reader_init_internal(pZip, flags))
+        return MZ_FALSE;
+
+    pZip->m_zip_type = MZ_ZIP_TYPE_CFILE;
+    pZip->m_pRead = mz_zip_file_read_func;
+
+    pZip->m_pIO_opaque = pZip;
+    pZip->m_pState->m_pFile = pFile;
+    pZip->m_archive_size = archive_size;
+    pZip->m_pState->m_file_archive_start_ofs = cur_file_ofs;
+
+    if (!mz_zip_reader_read_central_dir(pZip, flags))
+    {
+        mz_zip_reader_end_internal(pZip, MZ_FALSE);
+        return MZ_FALSE;
+    }
+
+    return MZ_TRUE;
+}
+
+#endif /* #ifndef MINIZ_NO_STDIO */
+
+static MZ_FORCEINLINE const mz_uint8 *mz_zip_get_cdh(mz_zip_archive *pZip, mz_uint file_index)
+{
+    if ((!pZip) || (!pZip->m_pState) || (file_index >= pZip->m_total_files))
+        return NULL;
+    return &MZ_ZIP_ARRAY_ELEMENT(&pZip->m_pState->m_central_dir, mz_uint8, MZ_ZIP_ARRAY_ELEMENT(&pZip->m_pState->m_central_dir_offsets, mz_uint32, file_index));
+}
+
+mz_bool mz_zip_reader_is_file_encrypted(mz_zip_archive *pZip, mz_uint file_index)
+{
+    mz_uint m_bit_flag;
+    const mz_uint8 *p = mz_zip_get_cdh(pZip, file_index);
+    if (!p)
+    {
+        mz_zip_set_error(pZip, MZ_ZIP_INVALID_PARAMETER);
+        return MZ_FALSE;
+    }
+
+    m_bit_flag = MZ_READ_LE16(p + MZ_ZIP_CDH_BIT_FLAG_OFS);
+    return (m_bit_flag & (MZ_ZIP_GENERAL_PURPOSE_BIT_FLAG_IS_ENCRYPTED | MZ_ZIP_GENERAL_PURPOSE_BIT_FLAG_USES_STRONG_ENCRYPTION)) != 0;
+}
+
+mz_bool mz_zip_reader_is_file_supported(mz_zip_archive *pZip, mz_uint file_index)
+{
+    mz_uint bit_flag;
+    mz_uint method;
+
+    const mz_uint8 *p = mz_zip_get_cdh(pZip, file_index);
+    if (!p)
+    {
+        mz_zip_set_error(pZip, MZ_ZIP_INVALID_PARAMETER);
+        return MZ_FALSE;
+    }
+
+    method = MZ_READ_LE16(p + MZ_ZIP_CDH_METHOD_OFS);
+    bit_flag = MZ_READ_LE16(p + MZ_ZIP_CDH_BIT_FLAG_OFS);
+
+    if ((method != 0) && (method != MZ_DEFLATED))
+    {
+        mz_zip_set_error(pZip, MZ_ZIP_UNSUPPORTED_METHOD);
+        return MZ_FALSE;
+    }
+
+    if (bit_flag & (MZ_ZIP_GENERAL_PURPOSE_BIT_FLAG_IS_ENCRYPTED | MZ_ZIP_GENERAL_PURPOSE_BIT_FLAG_USES_STRONG_ENCRYPTION))
+    {
+        mz_zip_set_error(pZip, MZ_ZIP_UNSUPPORTED_ENCRYPTION);
+        return MZ_FALSE;
+    }
+
+    if (bit_flag & MZ_ZIP_GENERAL_PURPOSE_BIT_FLAG_COMPRESSED_PATCH_FLAG)
+    {
+        mz_zip_set_error(pZip, MZ_ZIP_UNSUPPORTED_FEATURE);
+        return MZ_FALSE;
+    }
+
+    return MZ_TRUE;
+}
+
+mz_bool mz_zip_reader_is_file_a_directory(mz_zip_archive *pZip, mz_uint file_index)
+{
+    mz_uint filename_len, attribute_mapping_id, external_attr;
+    const mz_uint8 *p = mz_zip_get_cdh(pZip, file_index);
+    if (!p)
+    {
+        mz_zip_set_error(pZip, MZ_ZIP_INVALID_PARAMETER);
+        return MZ_FALSE;
+    }
+
+    filename_len = MZ_READ_LE16(p + MZ_ZIP_CDH_FILENAME_LEN_OFS);
+    if (filename_len)
+    {
+        if (*(p + MZ_ZIP_CENTRAL_DIR_HEADER_SIZE + filename_len - 1) == '/')
+            return MZ_TRUE;
+    }
+
+    /* Bugfix: This code was also checking if the internal attribute was non-zero, which wasn't correct. */
+    /* Most/all zip writers (hopefully) set DOS file/directory attributes in the low 16-bits, so check for the DOS directory flag and ignore the source OS ID in the created by field. */
+    /* FIXME: Remove this check? Is it necessary - we already check the filename. */
+    attribute_mapping_id = MZ_READ_LE16(p + MZ_ZIP_CDH_VERSION_MADE_BY_OFS) >> 8;
+    (void)attribute_mapping_id;
+
+    external_attr = MZ_READ_LE32(p + MZ_ZIP_CDH_EXTERNAL_ATTR_OFS);
+    if ((external_attr & MZ_ZIP_DOS_DIR_ATTRIBUTE_BITFLAG) != 0)
+    {
+        return MZ_TRUE;
+    }
+
+    return MZ_FALSE;
+}
+
+static mz_bool mz_zip_file_stat_internal(mz_zip_archive *pZip, mz_uint file_index, const mz_uint8 *pCentral_dir_header, mz_zip_archive_file_stat *pStat, mz_bool *pFound_zip64_extra_data)
+{
+    mz_uint n;
+    const mz_uint8 *p = pCentral_dir_header;
+
+    if (pFound_zip64_extra_data)
+        *pFound_zip64_extra_data = MZ_FALSE;
+
+    if ((!p) || (!pStat))
+        return mz_zip_set_error(pZip, MZ_ZIP_INVALID_PARAMETER);
+
+    /* Extract fields from the central directory record. */
+    pStat->m_file_index = file_index;
+    pStat->m_central_dir_ofs = MZ_ZIP_ARRAY_ELEMENT(&pZip->m_pState->m_central_dir_offsets, mz_uint32, file_index);
+    pStat->m_version_made_by = MZ_READ_LE16(p + MZ_ZIP_CDH_VERSION_MADE_BY_OFS);
+    pStat->m_version_needed = MZ_READ_LE16(p + MZ_ZIP_CDH_VERSION_NEEDED_OFS);
+    pStat->m_bit_flag = MZ_READ_LE16(p + MZ_ZIP_CDH_BIT_FLAG_OFS);
+    pStat->m_method = MZ_READ_LE16(p + MZ_ZIP_CDH_METHOD_OFS);
+#ifndef MINIZ_NO_TIME
+    pStat->m_time = mz_zip_dos_to_time_t(MZ_READ_LE16(p + MZ_ZIP_CDH_FILE_TIME_OFS), MZ_READ_LE16(p + MZ_ZIP_CDH_FILE_DATE_OFS));
+#endif
+    pStat->m_crc32 = MZ_READ_LE32(p + MZ_ZIP_CDH_CRC32_OFS);
+    pStat->m_comp_size = MZ_READ_LE32(p + MZ_ZIP_CDH_COMPRESSED_SIZE_OFS);
+    pStat->m_uncomp_size = MZ_READ_LE32(p + MZ_ZIP_CDH_DECOMPRESSED_SIZE_OFS);
+    pStat->m_internal_attr = MZ_READ_LE16(p + MZ_ZIP_CDH_INTERNAL_ATTR_OFS);
+    pStat->m_external_attr = MZ_READ_LE32(p + MZ_ZIP_CDH_EXTERNAL_ATTR_OFS);
+    pStat->m_local_header_ofs = MZ_READ_LE32(p + MZ_ZIP_CDH_LOCAL_HEADER_OFS);
+
+    /* Copy as much of the filename and comment as possible. */
+    n = MZ_READ_LE16(p + MZ_ZIP_CDH_FILENAME_LEN_OFS);
+    n = MZ_MIN(n, MZ_ZIP_MAX_ARCHIVE_FILENAME_SIZE - 1);
+    memcpy(pStat->m_filename, p + MZ_ZIP_CENTRAL_DIR_HEADER_SIZE, n);
+    pStat->m_filename[n] = '\0';
+
+    n = MZ_READ_LE16(p + MZ_ZIP_CDH_COMMENT_LEN_OFS);
+    n = MZ_MIN(n, MZ_ZIP_MAX_ARCHIVE_FILE_COMMENT_SIZE - 1);
+    pStat->m_comment_size = n;
+    memcpy(pStat->m_comment, p + MZ_ZIP_CENTRAL_DIR_HEADER_SIZE + MZ_READ_LE16(p + MZ_ZIP_CDH_FILENAME_LEN_OFS) + MZ_READ_LE16(p + MZ_ZIP_CDH_EXTRA_LEN_OFS), n);
+    pStat->m_comment[n] = '\0';
+
+    /* Set some flags for convienance */
+    pStat->m_is_directory = mz_zip_reader_is_file_a_directory(pZip, file_index);
+    pStat->m_is_encrypted = mz_zip_reader_is_file_encrypted(pZip, file_index);
+    pStat->m_is_supported = mz_zip_reader_is_file_supported(pZip, file_index);
+
+    /* See if we need to read any zip64 extended information fields. */
+    /* Confusingly, these zip64 fields can be present even on non-zip64 archives (Debian zip on a huge files from stdin piped to stdout creates them). */
+    if (MZ_MAX(MZ_MAX(pStat->m_comp_size, pStat->m_uncomp_size), pStat->m_local_header_ofs) == MZ_UINT32_MAX)
+    {
+        /* Attempt to find zip64 extended information field in the entry's extra data */
+        mz_uint32 extra_size_remaining = MZ_READ_LE16(p + MZ_ZIP_CDH_EXTRA_LEN_OFS);
+
+        if (extra_size_remaining)
+        {
+            const mz_uint8 *pExtra_data = p + MZ_ZIP_CENTRAL_DIR_HEADER_SIZE + MZ_READ_LE16(p + MZ_ZIP_CDH_FILENAME_LEN_OFS);
+
+            do
+            {
+                if (extra_size_remaining < (sizeof(mz_uint16) * 2))
+                    return mz_zip_set_error(pZip, MZ_ZIP_INVALID_HEADER_OR_CORRUPTED);
+
+                mz_uint32 field_id = MZ_READ_LE16(pExtra_data);
+                mz_uint32 field_data_size = MZ_READ_LE16(pExtra_data + sizeof(mz_uint16));
+
+                if ((field_data_size + sizeof(mz_uint16) * 2) > extra_size_remaining)
+                    return mz_zip_set_error(pZip, MZ_ZIP_INVALID_HEADER_OR_CORRUPTED);
+
+                if (field_id == MZ_ZIP64_EXTENDED_INFORMATION_FIELD_HEADER_ID)
+                {
+                    const mz_uint8 *pField_data = pExtra_data + sizeof(mz_uint16) * 2;
+                    mz_uint32 field_data_remaining = field_data_size;
+
+                    if (pFound_zip64_extra_data)
+                        *pFound_zip64_extra_data = MZ_TRUE;
+
+                    if (pStat->m_uncomp_size == MZ_UINT32_MAX)
+                    {
+                        if (field_data_remaining < sizeof(mz_uint64))
+                            return mz_zip_set_error(pZip, MZ_ZIP_INVALID_HEADER_OR_CORRUPTED);
+
+                        pStat->m_uncomp_size = MZ_READ_LE64(pField_data);
+                        pField_data += sizeof(mz_uint64);
+                        field_data_remaining -= sizeof(mz_uint64);
+                    }
+
+                    if (pStat->m_comp_size == MZ_UINT32_MAX)
+                    {
+                        if (field_data_remaining < sizeof(mz_uint64))
+                            return mz_zip_set_error(pZip, MZ_ZIP_INVALID_HEADER_OR_CORRUPTED);
+
+                        pStat->m_comp_size = MZ_READ_LE64(pField_data);
+                        pField_data += sizeof(mz_uint64);
+                        field_data_remaining -= sizeof(mz_uint64);
+                    }
+
+                    if (pStat->m_local_header_ofs == MZ_UINT32_MAX)
+                    {
+                        if (field_data_remaining < sizeof(mz_uint64))
+                            return mz_zip_set_error(pZip, MZ_ZIP_INVALID_HEADER_OR_CORRUPTED);
+
+                        pStat->m_local_header_ofs = MZ_READ_LE64(pField_data);
+                        pField_data += sizeof(mz_uint64);
+                        field_data_remaining -= sizeof(mz_uint64);
+                    }
+
+                    break;
+                }
+
+                pExtra_data += sizeof(mz_uint16) * 2 + field_data_size;
+                extra_size_remaining = extra_size_remaining - sizeof(mz_uint16) * 2 - field_data_size;
+            } while (extra_size_remaining);
+        }
+    }
+
+    return MZ_TRUE;
+}
+
+static MZ_FORCEINLINE mz_bool mz_zip_string_equal(const char *pA, const char *pB, mz_uint len, mz_uint flags)
+{
+    mz_uint i;
+    if (flags & MZ_ZIP_FLAG_CASE_SENSITIVE)
+        return 0 == memcmp(pA, pB, len);
+    for (i = 0; i < len; ++i)
+        if (MZ_TOLOWER(pA[i]) != MZ_TOLOWER(pB[i]))
+            return MZ_FALSE;
+    return MZ_TRUE;
+}
+
+static MZ_FORCEINLINE int mz_zip_filename_compare(const mz_zip_array *pCentral_dir_array, const mz_zip_array *pCentral_dir_offsets, mz_uint l_index, const char *pR, mz_uint r_len)
+{
+    const mz_uint8 *pL = &MZ_ZIP_ARRAY_ELEMENT(pCentral_dir_array, mz_uint8, MZ_ZIP_ARRAY_ELEMENT(pCentral_dir_offsets, mz_uint32, l_index)), *pE;
+    mz_uint l_len = MZ_READ_LE16(pL + MZ_ZIP_CDH_FILENAME_LEN_OFS);
+    mz_uint8 l = 0, r = 0;
+    pL += MZ_ZIP_CENTRAL_DIR_HEADER_SIZE;
+    pE = pL + MZ_MIN(l_len, r_len);
+    while (pL < pE)
+    {
+        if ((l = MZ_TOLOWER(*pL)) != (r = MZ_TOLOWER(*pR)))
+            break;
+        pL++;
+        pR++;
+    }
+    return (pL == pE) ? (int)(l_len - r_len) : (l - r);
+}
+
+static mz_bool mz_zip_locate_file_binary_search(mz_zip_archive *pZip, const char *pFilename, mz_uint32 *pIndex)
+{
+    mz_zip_internal_state *pState = pZip->m_pState;
+    const mz_zip_array *pCentral_dir_offsets = &pState->m_central_dir_offsets;
+    const mz_zip_array *pCentral_dir = &pState->m_central_dir;
+    mz_uint32 *pIndices = &MZ_ZIP_ARRAY_ELEMENT(&pState->m_sorted_central_dir_offsets, mz_uint32, 0);
+    const uint32_t size = pZip->m_total_files;
+    const mz_uint filename_len = (mz_uint)strlen(pFilename);
+
+    if (pIndex)
+        *pIndex = 0;
+
+    if (size)
+    {
+        /* yes I could use uint32_t's, but then we would have to add some special case checks in the loop, argh, and */
+        /* honestly the major expense here on 32-bit CPU's will still be the filename compare */
+        mz_int64 l = 0, h = (mz_int64)size - 1;
+
+        while (l <= h)
+        {
+            mz_int64 m = l + ((h - l) >> 1);
+            uint32_t file_index = pIndices[(uint32_t)m];
+
+            int comp = mz_zip_filename_compare(pCentral_dir, pCentral_dir_offsets, file_index, pFilename, filename_len);
+            if (!comp)
+            {
+                if (pIndex)
+                    *pIndex = file_index;
+                return MZ_TRUE;
+            }
+            else if (comp < 0)
+                l = m + 1;
+            else
+                h = m - 1;
+        }
+    }
+
+    return mz_zip_set_error(pZip, MZ_ZIP_FILE_NOT_FOUND);
+}
+
+int mz_zip_reader_locate_file(mz_zip_archive *pZip, const char *pName, const char *pComment, mz_uint flags)
+{
+    mz_uint32 index;
+    if (!mz_zip_reader_locate_file_v2(pZip, pName, pComment, flags, &index))
+        return -1;
+    else
+        return (int)index;
+}
+
+mz_bool mz_zip_reader_locate_file_v2(mz_zip_archive *pZip, const char *pName, const char *pComment, mz_uint flags, mz_uint32 *pIndex)
+{
+    mz_uint file_index;
+    size_t name_len, comment_len;
+
+    if (pIndex)
+        *pIndex = 0;
+
+    if ((!pZip) || (!pZip->m_pState) || (!pName))
+        return mz_zip_set_error(pZip, MZ_ZIP_INVALID_PARAMETER);
+
+    /* See if we can use a binary search */
+    if (((pZip->m_pState->m_init_flags & MZ_ZIP_FLAG_DO_NOT_SORT_CENTRAL_DIRECTORY) == 0) &&
+        (pZip->m_zip_mode == MZ_ZIP_MODE_READING) &&
+        ((flags & (MZ_ZIP_FLAG_IGNORE_PATH | MZ_ZIP_FLAG_CASE_SENSITIVE)) == 0) && (!pComment) && (pZip->m_pState->m_sorted_central_dir_offsets.m_size))
+    {
+        return mz_zip_locate_file_binary_search(pZip, pName, pIndex);
+    }
+
+    /* Locate the entry by scanning the entire central directory */
+    name_len = strlen(pName);
+    if (name_len > MZ_UINT16_MAX)
+        return mz_zip_set_error(pZip, MZ_ZIP_INVALID_PARAMETER);
+
+    comment_len = pComment ? strlen(pComment) : 0;
+    if (comment_len > MZ_UINT16_MAX)
+        return mz_zip_set_error(pZip, MZ_ZIP_INVALID_PARAMETER);
+
+    for (file_index = 0; file_index < pZip->m_total_files; file_index++)
+    {
+        const mz_uint8 *pHeader = &MZ_ZIP_ARRAY_ELEMENT(&pZip->m_pState->m_central_dir, mz_uint8, MZ_ZIP_ARRAY_ELEMENT(&pZip->m_pState->m_central_dir_offsets, mz_uint32, file_index));
+        mz_uint filename_len = MZ_READ_LE16(pHeader + MZ_ZIP_CDH_FILENAME_LEN_OFS);
+        const char *pFilename = (const char *)pHeader + MZ_ZIP_CENTRAL_DIR_HEADER_SIZE;
+        if (filename_len < name_len)
+            continue;
+        if (comment_len)
+        {
+            mz_uint file_extra_len = MZ_READ_LE16(pHeader + MZ_ZIP_CDH_EXTRA_LEN_OFS), file_comment_len = MZ_READ_LE16(pHeader + MZ_ZIP_CDH_COMMENT_LEN_OFS);
+            const char *pFile_comment = pFilename + filename_len + file_extra_len;
+            if ((file_comment_len != comment_len) || (!mz_zip_string_equal(pComment, pFile_comment, file_comment_len, flags)))
+                continue;
+        }
+        if ((flags & MZ_ZIP_FLAG_IGNORE_PATH) && (filename_len))
+        {
+            int ofs = filename_len - 1;
+            do
+            {
+                if ((pFilename[ofs] == '/') || (pFilename[ofs] == '\\') || (pFilename[ofs] == ':'))
+                    break;
+            } while (--ofs >= 0);
+            ofs++;
+            pFilename += ofs;
+            filename_len -= ofs;
+        }
+        if ((filename_len == name_len) && (mz_zip_string_equal(pName, pFilename, filename_len, flags)))
+        {
+            if (pIndex)
+                *pIndex = file_index;
+            return MZ_TRUE;
+        }
+    }
+
+    return mz_zip_set_error(pZip, MZ_ZIP_FILE_NOT_FOUND);
+}
+
+mz_bool mz_zip_reader_extract_to_mem_no_alloc(mz_zip_archive *pZip, mz_uint file_index, void *pBuf, size_t buf_size, mz_uint flags, void *pUser_read_buf, size_t user_read_buf_size)
+{
+    int status = TINFL_STATUS_DONE;
+    mz_uint64 needed_size, cur_file_ofs, comp_remaining, out_buf_ofs = 0, read_buf_size, read_buf_ofs = 0, read_buf_avail;
+    mz_zip_archive_file_stat file_stat;
+    void *pRead_buf;
+    mz_uint32 local_header_u32[(MZ_ZIP_LOCAL_DIR_HEADER_SIZE + sizeof(mz_uint32) - 1) / sizeof(mz_uint32)];
+    mz_uint8 *pLocal_header = (mz_uint8 *)local_header_u32;
+    tinfl_decompressor inflator;
+
+    if ((!pZip) || (!pZip->m_pState) || ((buf_size) && (!pBuf)) || ((user_read_buf_size) && (!pUser_read_buf)) || (!pZip->m_pRead))
+        return mz_zip_set_error(pZip, MZ_ZIP_INVALID_PARAMETER);
+
+    if (!mz_zip_reader_file_stat(pZip, file_index, &file_stat))
+        return MZ_FALSE;
+
+    /* A directory or zero length file */
+    if ((file_stat.m_is_directory) || (!file_stat.m_comp_size))
+        return MZ_TRUE;
+
+    /* Encryption and patch files are not supported. */
+    if (file_stat.m_bit_flag & (MZ_ZIP_GENERAL_PURPOSE_BIT_FLAG_IS_ENCRYPTED | MZ_ZIP_GENERAL_PURPOSE_BIT_FLAG_USES_STRONG_ENCRYPTION | MZ_ZIP_GENERAL_PURPOSE_BIT_FLAG_COMPRESSED_PATCH_FLAG))
+        return mz_zip_set_error(pZip, MZ_ZIP_UNSUPPORTED_ENCRYPTION);
+
+    /* This function only supports decompressing stored and deflate. */
+    if ((!(flags & MZ_ZIP_FLAG_COMPRESSED_DATA)) && (file_stat.m_method != 0) && (file_stat.m_method != MZ_DEFLATED))
+        return mz_zip_set_error(pZip, MZ_ZIP_UNSUPPORTED_METHOD);
+
+    /* Ensure supplied output buffer is large enough. */
+    needed_size = (flags & MZ_ZIP_FLAG_COMPRESSED_DATA) ? file_stat.m_comp_size : file_stat.m_uncomp_size;
+    if (buf_size < needed_size)
+        return mz_zip_set_error(pZip, MZ_ZIP_BUF_TOO_SMALL);
+
+    /* Read and parse the local directory entry. */
+    cur_file_ofs = file_stat.m_local_header_ofs;
+    if (pZip->m_pRead(pZip->m_pIO_opaque, cur_file_ofs, pLocal_header, MZ_ZIP_LOCAL_DIR_HEADER_SIZE) != MZ_ZIP_LOCAL_DIR_HEADER_SIZE)
+        return mz_zip_set_error(pZip, MZ_ZIP_FILE_READ_FAILED);
+
+    if (MZ_READ_LE32(pLocal_header) != MZ_ZIP_LOCAL_DIR_HEADER_SIG)
+        return mz_zip_set_error(pZip, MZ_ZIP_INVALID_HEADER_OR_CORRUPTED);
+
+    cur_file_ofs += MZ_ZIP_LOCAL_DIR_HEADER_SIZE + MZ_READ_LE16(pLocal_header + MZ_ZIP_LDH_FILENAME_LEN_OFS) + MZ_READ_LE16(pLocal_header + MZ_ZIP_LDH_EXTRA_LEN_OFS);
+    if ((cur_file_ofs + file_stat.m_comp_size) > pZip->m_archive_size)
+        return mz_zip_set_error(pZip, MZ_ZIP_INVALID_HEADER_OR_CORRUPTED);
+
+    if ((flags & MZ_ZIP_FLAG_COMPRESSED_DATA) || (!file_stat.m_method))
+    {
+        /* The file is stored or the caller has requested the compressed data. */
+        if (pZip->m_pRead(pZip->m_pIO_opaque, cur_file_ofs, pBuf, (size_t)needed_size) != needed_size)
+            return mz_zip_set_error(pZip, MZ_ZIP_FILE_READ_FAILED);
+
+#ifndef MINIZ_DISABLE_ZIP_READER_CRC32_CHECKS
+        if ((flags & MZ_ZIP_FLAG_COMPRESSED_DATA) == 0)
+        {
+            if (mz_crc32(MZ_CRC32_INIT, (const mz_uint8 *)pBuf, (size_t)file_stat.m_uncomp_size) != file_stat.m_crc32)
+                return mz_zip_set_error(pZip, MZ_ZIP_CRC_CHECK_FAILED);
+        }
+#endif
+
+        return MZ_TRUE;
+    }
+
+    /* Decompress the file either directly from memory or from a file input buffer. */
+    tinfl_init(&inflator);
+
+    if (pZip->m_pState->m_pMem)
+    {
+        /* Read directly from the archive in memory. */
+        pRead_buf = (mz_uint8 *)pZip->m_pState->m_pMem + cur_file_ofs;
+        read_buf_size = read_buf_avail = file_stat.m_comp_size;
+        comp_remaining = 0;
+    }
+    else if (pUser_read_buf)
+    {
+        /* Use a user provided read buffer. */
+        if (!user_read_buf_size)
+            return MZ_FALSE;
+        pRead_buf = (mz_uint8 *)pUser_read_buf;
+        read_buf_size = user_read_buf_size;
+        read_buf_avail = 0;
+        comp_remaining = file_stat.m_comp_size;
+    }
+    else
+    {
+        /* Temporarily allocate a read buffer. */
+        read_buf_size = MZ_MIN(file_stat.m_comp_size, (mz_uint64)MZ_ZIP_MAX_IO_BUF_SIZE);
+        if (((sizeof(size_t) == sizeof(mz_uint32))) && (read_buf_size > 0x7FFFFFFF))
+            return mz_zip_set_error(pZip, MZ_ZIP_INTERNAL_ERROR);
+
+        if (NULL == (pRead_buf = pZip->m_pAlloc(pZip->m_pAlloc_opaque, 1, (size_t)read_buf_size)))
+            return mz_zip_set_error(pZip, MZ_ZIP_ALLOC_FAILED);
+
+        read_buf_avail = 0;
+        comp_remaining = file_stat.m_comp_size;
+    }
+
+    do
+    {
+        /* The size_t cast here should be OK because we've verified that the output buffer is >= file_stat.m_uncomp_size above */
+        size_t in_buf_size, out_buf_size = (size_t)(file_stat.m_uncomp_size - out_buf_ofs);
+        if ((!read_buf_avail) && (!pZip->m_pState->m_pMem))
+        {
+            read_buf_avail = MZ_MIN(read_buf_size, comp_remaining);
+            if (pZip->m_pRead(pZip->m_pIO_opaque, cur_file_ofs, pRead_buf, (size_t)read_buf_avail) != read_buf_avail)
+            {
+                status = TINFL_STATUS_FAILED;
+                mz_zip_set_error(pZip, MZ_ZIP_DECOMPRESSION_FAILED);
+                break;
+            }
+            cur_file_ofs += read_buf_avail;
+            comp_remaining -= read_buf_avail;
+            read_buf_ofs = 0;
+        }
+        in_buf_size = (size_t)read_buf_avail;
+        status = tinfl_decompress(&inflator, (mz_uint8 *)pRead_buf + read_buf_ofs, &in_buf_size, (mz_uint8 *)pBuf, (mz_uint8 *)pBuf + out_buf_ofs, &out_buf_size, TINFL_FLAG_USING_NON_WRAPPING_OUTPUT_BUF | (comp_remaining ? TINFL_FLAG_HAS_MORE_INPUT : 0));
+        read_buf_avail -= in_buf_size;
+        read_buf_ofs += in_buf_size;
+        out_buf_ofs += out_buf_size;
+    } while (status == TINFL_STATUS_NEEDS_MORE_INPUT);
+
+    if (status == TINFL_STATUS_DONE)
+    {
+        /* Make sure the entire file was decompressed, and check its CRC. */
+        if (out_buf_ofs != file_stat.m_uncomp_size)
+        {
+            mz_zip_set_error(pZip, MZ_ZIP_UNEXPECTED_DECOMPRESSED_SIZE);
+            status = TINFL_STATUS_FAILED;
+        }
+#ifndef MINIZ_DISABLE_ZIP_READER_CRC32_CHECKS
+        else if (mz_crc32(MZ_CRC32_INIT, (const mz_uint8 *)pBuf, (size_t)file_stat.m_uncomp_size) != file_stat.m_crc32)
+        {
+            mz_zip_set_error(pZip, MZ_ZIP_CRC_CHECK_FAILED);
+            status = TINFL_STATUS_FAILED;
+        }
+#endif
+    }
+
+    if ((!pZip->m_pState->m_pMem) && (!pUser_read_buf))
+        pZip->m_pFree(pZip->m_pAlloc_opaque, pRead_buf);
+
+    return status == TINFL_STATUS_DONE;
+}
+
+mz_bool mz_zip_reader_extract_file_to_mem_no_alloc(mz_zip_archive *pZip, const char *pFilename, void *pBuf, size_t buf_size, mz_uint flags, void *pUser_read_buf, size_t user_read_buf_size)
+{
+    mz_uint32 file_index;
+    if (!mz_zip_reader_locate_file_v2(pZip, pFilename, NULL, flags, &file_index))
+        return MZ_FALSE;
+    return mz_zip_reader_extract_to_mem_no_alloc(pZip, file_index, pBuf, buf_size, flags, pUser_read_buf, user_read_buf_size);
+}
+
+mz_bool mz_zip_reader_extract_to_mem(mz_zip_archive *pZip, mz_uint file_index, void *pBuf, size_t buf_size, mz_uint flags)
+{
+    return mz_zip_reader_extract_to_mem_no_alloc(pZip, file_index, pBuf, buf_size, flags, NULL, 0);
+}
+
+mz_bool mz_zip_reader_extract_file_to_mem(mz_zip_archive *pZip, const char *pFilename, void *pBuf, size_t buf_size, mz_uint flags)
+{
+    return mz_zip_reader_extract_file_to_mem_no_alloc(pZip, pFilename, pBuf, buf_size, flags, NULL, 0);
+}
+
+void *mz_zip_reader_extract_to_heap(mz_zip_archive *pZip, mz_uint file_index, size_t *pSize, mz_uint flags)
+{
+    mz_uint64 comp_size, uncomp_size, alloc_size;
+    const mz_uint8 *p = mz_zip_get_cdh(pZip, file_index);
+    void *pBuf;
+
+    if (pSize)
+        *pSize = 0;
+
+    if (!p)
+    {
+        mz_zip_set_error(pZip, MZ_ZIP_INVALID_PARAMETER);
+        return NULL;
+    }
+
+    comp_size = MZ_READ_LE32(p + MZ_ZIP_CDH_COMPRESSED_SIZE_OFS);
+    uncomp_size = MZ_READ_LE32(p + MZ_ZIP_CDH_DECOMPRESSED_SIZE_OFS);
+
+    alloc_size = (flags & MZ_ZIP_FLAG_COMPRESSED_DATA) ? comp_size : uncomp_size;
+    if (((sizeof(size_t) == sizeof(mz_uint32))) && (alloc_size > 0x7FFFFFFF))
+    {
+        mz_zip_set_error(pZip, MZ_ZIP_INTERNAL_ERROR);
+        return NULL;
+    }
+
+    if (NULL == (pBuf = pZip->m_pAlloc(pZip->m_pAlloc_opaque, 1, (size_t)alloc_size)))
+    {
+        mz_zip_set_error(pZip, MZ_ZIP_ALLOC_FAILED);
+        return NULL;
+    }
+
+    if (!mz_zip_reader_extract_to_mem(pZip, file_index, pBuf, (size_t)alloc_size, flags))
+    {
+        pZip->m_pFree(pZip->m_pAlloc_opaque, pBuf);
+        return NULL;
+    }
+
+    if (pSize)
+        *pSize = (size_t)alloc_size;
+    return pBuf;
+}
+
+void *mz_zip_reader_extract_file_to_heap(mz_zip_archive *pZip, const char *pFilename, size_t *pSize, mz_uint flags)
+{
+    mz_uint32 file_index;
+    if (!mz_zip_reader_locate_file_v2(pZip, pFilename, NULL, flags, &file_index))
+    {
+        if (pSize)
+            *pSize = 0;
+        return nullptr;
+    }
+    return mz_zip_reader_extract_to_heap(pZip, file_index, pSize, flags);
+}
+
+mz_bool mz_zip_reader_extract_to_callback(mz_zip_archive *pZip, mz_uint file_index, mz_file_write_func pCallback, void *pOpaque, mz_uint flags)
+{
+    int status = TINFL_STATUS_DONE;
+    mz_uint file_crc32 = MZ_CRC32_INIT;
+    mz_uint64 read_buf_size, read_buf_ofs = 0, read_buf_avail, comp_remaining, out_buf_ofs = 0, cur_file_ofs;
+    mz_zip_archive_file_stat file_stat;
+    void *pRead_buf = NULL;
+    void *pWrite_buf = NULL;
+    mz_uint32 local_header_u32[(MZ_ZIP_LOCAL_DIR_HEADER_SIZE + sizeof(mz_uint32) - 1) / sizeof(mz_uint32)];
+    mz_uint8 *pLocal_header = (mz_uint8 *)local_header_u32;
+
+    if ((!pZip) || (!pZip->m_pState) || (!pCallback) || (!pZip->m_pRead))
+        return mz_zip_set_error(pZip, MZ_ZIP_INVALID_PARAMETER);
+
+    if (!mz_zip_reader_file_stat(pZip, file_index, &file_stat))
+        return MZ_FALSE;
+
+    /* A directory or zero length file */
+    if ((file_stat.m_is_directory) || (!file_stat.m_comp_size))
+        return MZ_TRUE;
+
+    /* Encryption and patch files are not supported. */
+    if (file_stat.m_bit_flag & (MZ_ZIP_GENERAL_PURPOSE_BIT_FLAG_IS_ENCRYPTED | MZ_ZIP_GENERAL_PURPOSE_BIT_FLAG_USES_STRONG_ENCRYPTION | MZ_ZIP_GENERAL_PURPOSE_BIT_FLAG_COMPRESSED_PATCH_FLAG))
+        return mz_zip_set_error(pZip, MZ_ZIP_UNSUPPORTED_ENCRYPTION);
+
+    /* This function only supports decompressing stored and deflate. */
+    if ((!(flags & MZ_ZIP_FLAG_COMPRESSED_DATA)) && (file_stat.m_method != 0) && (file_stat.m_method != MZ_DEFLATED))
+        return mz_zip_set_error(pZip, MZ_ZIP_UNSUPPORTED_METHOD);
+
+    /* Read and do some minimal validation of the local directory entry (this doesn't crack the zip64 stuff, which we already have from the central dir) */
+    cur_file_ofs = file_stat.m_local_header_ofs;
+    if (pZip->m_pRead(pZip->m_pIO_opaque, cur_file_ofs, pLocal_header, MZ_ZIP_LOCAL_DIR_HEADER_SIZE) != MZ_ZIP_LOCAL_DIR_HEADER_SIZE)
+        return mz_zip_set_error(pZip, MZ_ZIP_FILE_READ_FAILED);
+
+    if (MZ_READ_LE32(pLocal_header) != MZ_ZIP_LOCAL_DIR_HEADER_SIG)
+        return mz_zip_set_error(pZip, MZ_ZIP_INVALID_HEADER_OR_CORRUPTED);
+
+    cur_file_ofs += MZ_ZIP_LOCAL_DIR_HEADER_SIZE + MZ_READ_LE16(pLocal_header + MZ_ZIP_LDH_FILENAME_LEN_OFS) + MZ_READ_LE16(pLocal_header + MZ_ZIP_LDH_EXTRA_LEN_OFS);
+    if ((cur_file_ofs + file_stat.m_comp_size) > pZip->m_archive_size)
+        return mz_zip_set_error(pZip, MZ_ZIP_INVALID_HEADER_OR_CORRUPTED);
+
+    /* Decompress the file either directly from memory or from a file input buffer. */
+    if (pZip->m_pState->m_pMem)
+    {
+        pRead_buf = (mz_uint8 *)pZip->m_pState->m_pMem + cur_file_ofs;
+        read_buf_size = read_buf_avail = file_stat.m_comp_size;
+        comp_remaining = 0;
+    }
+    else
+    {
+        read_buf_size = MZ_MIN(file_stat.m_comp_size, (mz_uint64)MZ_ZIP_MAX_IO_BUF_SIZE);
+        if (NULL == (pRead_buf = pZip->m_pAlloc(pZip->m_pAlloc_opaque, 1, (size_t)read_buf_size)))
+            return mz_zip_set_error(pZip, MZ_ZIP_ALLOC_FAILED);
+
+        read_buf_avail = 0;
+        comp_remaining = file_stat.m_comp_size;
+    }
+
+    if ((flags & MZ_ZIP_FLAG_COMPRESSED_DATA) || (!file_stat.m_method))
+    {
+        /* The file is stored or the caller has requested the compressed data. */
+        if (pZip->m_pState->m_pMem)
+        {
+            if (((sizeof(size_t) == sizeof(mz_uint32))) && (file_stat.m_comp_size > MZ_UINT32_MAX))
+                return mz_zip_set_error(pZip, MZ_ZIP_INTERNAL_ERROR);
+
+            if (pCallback(pOpaque, out_buf_ofs, pRead_buf, (size_t)file_stat.m_comp_size) != file_stat.m_comp_size)
+            {
+                mz_zip_set_error(pZip, MZ_ZIP_WRITE_CALLBACK_FAILED);
+                status = TINFL_STATUS_FAILED;
+            }
+            else if (!(flags & MZ_ZIP_FLAG_COMPRESSED_DATA))
+            {
+#ifndef MINIZ_DISABLE_ZIP_READER_CRC32_CHECKS
+                file_crc32 = (mz_uint32)mz_crc32(file_crc32, (const mz_uint8 *)pRead_buf, (size_t)file_stat.m_comp_size);
+#endif
+            }
+
+            cur_file_ofs += file_stat.m_comp_size;
+            out_buf_ofs += file_stat.m_comp_size;
+            comp_remaining = 0;
+        }
+        else
+        {
+            while (comp_remaining)
+            {
+                read_buf_avail = MZ_MIN(read_buf_size, comp_remaining);
+                if (pZip->m_pRead(pZip->m_pIO_opaque, cur_file_ofs, pRead_buf, (size_t)read_buf_avail) != read_buf_avail)
+                {
+                    mz_zip_set_error(pZip, MZ_ZIP_FILE_READ_FAILED);
+                    status = TINFL_STATUS_FAILED;
+                    break;
+                }
+
+#ifndef MINIZ_DISABLE_ZIP_READER_CRC32_CHECKS
+                if (!(flags & MZ_ZIP_FLAG_COMPRESSED_DATA))
+                {
+                    file_crc32 = (mz_uint32)mz_crc32(file_crc32, (const mz_uint8 *)pRead_buf, (size_t)read_buf_avail);
+                }
+#endif
+
+                if (pCallback(pOpaque, out_buf_ofs, pRead_buf, (size_t)read_buf_avail) != read_buf_avail)
+                {
+                    mz_zip_set_error(pZip, MZ_ZIP_WRITE_CALLBACK_FAILED);
+                    status = TINFL_STATUS_FAILED;
+                    break;
+                }
+
+                cur_file_ofs += read_buf_avail;
+                out_buf_ofs += read_buf_avail;
+                comp_remaining -= read_buf_avail;
+            }
+        }
+    }
+    else
+    {
+        tinfl_decompressor inflator;
+        tinfl_init(&inflator);
+
+        if (NULL == (pWrite_buf = pZip->m_pAlloc(pZip->m_pAlloc_opaque, 1, TINFL_LZ_DICT_SIZE)))
+        {
+            mz_zip_set_error(pZip, MZ_ZIP_ALLOC_FAILED);
+            status = TINFL_STATUS_FAILED;
+        }
+        else
+        {
+            do
+            {
+                mz_uint8 *pWrite_buf_cur = (mz_uint8 *)pWrite_buf + (out_buf_ofs & (TINFL_LZ_DICT_SIZE - 1));
+                size_t in_buf_size, out_buf_size = TINFL_LZ_DICT_SIZE - (out_buf_ofs & (TINFL_LZ_DICT_SIZE - 1));
+                if ((!read_buf_avail) && (!pZip->m_pState->m_pMem))
+                {
+                    read_buf_avail = MZ_MIN(read_buf_size, comp_remaining);
+                    if (pZip->m_pRead(pZip->m_pIO_opaque, cur_file_ofs, pRead_buf, (size_t)read_buf_avail) != read_buf_avail)
+                    {
+                        mz_zip_set_error(pZip, MZ_ZIP_FILE_READ_FAILED);
+                        status = TINFL_STATUS_FAILED;
+                        break;
+                    }
+                    cur_file_ofs += read_buf_avail;
+                    comp_remaining -= read_buf_avail;
+                    read_buf_ofs = 0;
+                }
+
+                in_buf_size = (size_t)read_buf_avail;
+                status = tinfl_decompress(&inflator, (const mz_uint8 *)pRead_buf + read_buf_ofs, &in_buf_size, (mz_uint8 *)pWrite_buf, pWrite_buf_cur, &out_buf_size, comp_remaining ? TINFL_FLAG_HAS_MORE_INPUT : 0);
+                read_buf_avail -= in_buf_size;
+                read_buf_ofs += in_buf_size;
+
+                if (out_buf_size)
+                {
+                    if (pCallback(pOpaque, out_buf_ofs, pWrite_buf_cur, out_buf_size) != out_buf_size)
+                    {
+                        mz_zip_set_error(pZip, MZ_ZIP_WRITE_CALLBACK_FAILED);
+                        status = TINFL_STATUS_FAILED;
+                        break;
+                    }
+
+#ifndef MINIZ_DISABLE_ZIP_READER_CRC32_CHECKS
+                    file_crc32 = (mz_uint32)mz_crc32(file_crc32, pWrite_buf_cur, out_buf_size);
+#endif
+                    if ((out_buf_ofs += out_buf_size) > file_stat.m_uncomp_size)
+                    {
+                        mz_zip_set_error(pZip, MZ_ZIP_DECOMPRESSION_FAILED);
+                        status = TINFL_STATUS_FAILED;
+                        break;
+                    }
+                }
+            } while ((status == TINFL_STATUS_NEEDS_MORE_INPUT) || (status == TINFL_STATUS_HAS_MORE_OUTPUT));
+        }
+    }
+
+    if ((status == TINFL_STATUS_DONE) && (!(flags & MZ_ZIP_FLAG_COMPRESSED_DATA)))
+    {
+        /* Make sure the entire file was decompressed, and check its CRC. */
+        if (out_buf_ofs != file_stat.m_uncomp_size)
+        {
+            mz_zip_set_error(pZip, MZ_ZIP_UNEXPECTED_DECOMPRESSED_SIZE);
+            status = TINFL_STATUS_FAILED;
+        }
+#ifndef MINIZ_DISABLE_ZIP_READER_CRC32_CHECKS
+        else if (file_crc32 != file_stat.m_crc32)
+        {
+            mz_zip_set_error(pZip, MZ_ZIP_DECOMPRESSION_FAILED);
+            status = TINFL_STATUS_FAILED;
+        }
+#endif
+    }
+
+    if (!pZip->m_pState->m_pMem)
+        pZip->m_pFree(pZip->m_pAlloc_opaque, pRead_buf);
+
+    if (pWrite_buf)
+        pZip->m_pFree(pZip->m_pAlloc_opaque, pWrite_buf);
+
+    return status == TINFL_STATUS_DONE;
+}
+
+mz_bool mz_zip_reader_extract_file_to_callback(mz_zip_archive *pZip, const char *pFilename, mz_file_write_func pCallback, void *pOpaque, mz_uint flags)
+{
+    mz_uint32 file_index;
+    if (!mz_zip_reader_locate_file_v2(pZip, pFilename, NULL, flags, &file_index))
+        return MZ_FALSE;
+
+    return mz_zip_reader_extract_to_callback(pZip, file_index, pCallback, pOpaque, flags);
+}
+
+#ifndef MINIZ_NO_STDIO
+static size_t mz_zip_file_write_callback(void *pOpaque, mz_uint64 ofs, const void *pBuf, size_t n)
+{
+    (void)ofs;
+
+    return MZ_FWRITE(pBuf, 1, n, (MZ_FILE *)pOpaque);
+}
+
+mz_bool mz_zip_reader_extract_to_file(mz_zip_archive *pZip, mz_uint file_index, const char *pDst_filename, mz_uint flags)
+{
+    mz_bool status;
+    mz_zip_archive_file_stat file_stat;
+    MZ_FILE *pFile;
+
+    if (!mz_zip_reader_file_stat(pZip, file_index, &file_stat))
+        return MZ_FALSE;
+
+    if ((file_stat.m_is_directory) || (!file_stat.m_is_supported))
+        return mz_zip_set_error(pZip, MZ_ZIP_UNSUPPORTED_FEATURE);
+
+    pFile = MZ_FOPEN(pDst_filename, "wb");
+    if (!pFile)
+        return mz_zip_set_error(pZip, MZ_ZIP_FILE_OPEN_FAILED);
+
+    status = mz_zip_reader_extract_to_callback(pZip, file_index, mz_zip_file_write_callback, pFile, flags);
+
+    if (MZ_FCLOSE(pFile) == EOF)
+    {
+        if (status)
+            mz_zip_set_error(pZip, MZ_ZIP_FILE_CLOSE_FAILED);
+
+        status = MZ_FALSE;
+    }
+
+#if !defined(MINIZ_NO_TIME) && !defined(MINIZ_NO_STDIO)
+    if (status)
+        mz_zip_set_file_times(pDst_filename, file_stat.m_time, file_stat.m_time);
+#endif
+
+    return status;
+}
+
+mz_bool mz_zip_reader_extract_file_to_file(mz_zip_archive *pZip, const char *pArchive_filename, const char *pDst_filename, mz_uint flags)
+{
+    mz_uint32 file_index;
+    if (!mz_zip_reader_locate_file_v2(pZip, pArchive_filename, NULL, flags, &file_index))
+        return MZ_FALSE;
+
+    return mz_zip_reader_extract_to_file(pZip, file_index, pDst_filename, flags);
+}
+
+mz_bool mz_zip_reader_extract_to_cfile(mz_zip_archive *pZip, mz_uint file_index, MZ_FILE *pFile, mz_uint flags)
+{
+    mz_zip_archive_file_stat file_stat;
+
+    if (!mz_zip_reader_file_stat(pZip, file_index, &file_stat))
+        return MZ_FALSE;
+
+    if ((file_stat.m_is_directory) || (!file_stat.m_is_supported))
+        return mz_zip_set_error(pZip, MZ_ZIP_UNSUPPORTED_FEATURE);
+
+    return mz_zip_reader_extract_to_callback(pZip, file_index, mz_zip_file_write_callback, pFile, flags);
+}
+
+mz_bool mz_zip_reader_extract_file_to_cfile(mz_zip_archive *pZip, const char *pArchive_filename, MZ_FILE *pFile, mz_uint flags)
+{
+    mz_uint32 file_index;
+    if (!mz_zip_reader_locate_file_v2(pZip, pArchive_filename, NULL, flags, &file_index))
+        return MZ_FALSE;
+
+    return mz_zip_reader_extract_to_cfile(pZip, file_index, pFile, flags);
+}
+#endif /* #ifndef MINIZ_NO_STDIO */
+
+static size_t mz_zip_compute_crc32_callback(void *pOpaque, mz_uint64 file_ofs, const void *pBuf, size_t n)
+{
+    mz_uint32 *p = (mz_uint32 *)pOpaque;
+    (void)file_ofs;
+    *p = (mz_uint32)mz_crc32(*p, (const mz_uint8 *)pBuf, n);
+    return n;
+}
+
+mz_bool mz_zip_validate_file(mz_zip_archive *pZip, mz_uint file_index, mz_uint flags)
+{
+    mz_zip_archive_file_stat file_stat;
+    mz_zip_internal_state *pState;
+    const mz_uint8 *pCentral_dir_header;
+    mz_bool found_zip64_ext_data_in_cdir = MZ_FALSE;
+    mz_bool found_zip64_ext_data_in_ldir = MZ_FALSE;
+    mz_uint32 local_header_u32[(MZ_ZIP_LOCAL_DIR_HEADER_SIZE + sizeof(mz_uint32) - 1) / sizeof(mz_uint32)];
+    mz_uint8 *pLocal_header = (mz_uint8 *)local_header_u32;
+    mz_uint64 local_header_ofs = 0;
+    mz_uint32 local_header_filename_len, local_header_extra_len, local_header_crc32;
+    mz_uint64 local_header_comp_size, local_header_uncomp_size;
+    mz_uint32 uncomp_crc32 = MZ_CRC32_INIT;
+    mz_bool has_data_descriptor;
+    mz_uint32 local_header_bit_flags;
+
+    mz_zip_array file_data_array;
+    mz_zip_array_init(&file_data_array, 1);
+
+    if ((!pZip) || (!pZip->m_pState) || (!pZip->m_pAlloc) || (!pZip->m_pFree) || (!pZip->m_pRead))
+        return mz_zip_set_error(pZip, MZ_ZIP_INVALID_PARAMETER);
+
+    if (file_index > pZip->m_total_files)
+        return mz_zip_set_error(pZip, MZ_ZIP_INVALID_PARAMETER);
+
+    pState = pZip->m_pState;
+
+    pCentral_dir_header = mz_zip_get_cdh(pZip, file_index);
+
+    if (!mz_zip_file_stat_internal(pZip, file_index, pCentral_dir_header, &file_stat, &found_zip64_ext_data_in_cdir))
+        return MZ_FALSE;
+
+    /* A directory or zero length file */
+    if ((file_stat.m_is_directory) || (!file_stat.m_uncomp_size))
+        return MZ_TRUE;
+
+    /* Encryption and patch files are not supported. */
+    if (file_stat.m_is_encrypted)
+        return mz_zip_set_error(pZip, MZ_ZIP_UNSUPPORTED_ENCRYPTION);
+
+    /* This function only supports stored and deflate. */
+    if ((file_stat.m_method != 0) && (file_stat.m_method != MZ_DEFLATED))
+        return mz_zip_set_error(pZip, MZ_ZIP_UNSUPPORTED_METHOD);
+
+    if (!file_stat.m_is_supported)
+        return mz_zip_set_error(pZip, MZ_ZIP_UNSUPPORTED_FEATURE);
+
+    /* Read and parse the local directory entry. */
+    local_header_ofs = file_stat.m_local_header_ofs;
+    if (pZip->m_pRead(pZip->m_pIO_opaque, local_header_ofs, pLocal_header, MZ_ZIP_LOCAL_DIR_HEADER_SIZE) != MZ_ZIP_LOCAL_DIR_HEADER_SIZE)
+        return mz_zip_set_error(pZip, MZ_ZIP_FILE_READ_FAILED);
+
+    if (MZ_READ_LE32(pLocal_header) != MZ_ZIP_LOCAL_DIR_HEADER_SIG)
+        return mz_zip_set_error(pZip, MZ_ZIP_INVALID_HEADER_OR_CORRUPTED);
+
+    local_header_filename_len = MZ_READ_LE16(pLocal_header + MZ_ZIP_LDH_FILENAME_LEN_OFS);
+    local_header_extra_len = MZ_READ_LE16(pLocal_header + MZ_ZIP_LDH_EXTRA_LEN_OFS);
+    local_header_comp_size = MZ_READ_LE32(pLocal_header + MZ_ZIP_LDH_COMPRESSED_SIZE_OFS);
+    local_header_uncomp_size = MZ_READ_LE32(pLocal_header + MZ_ZIP_LDH_DECOMPRESSED_SIZE_OFS);
+    local_header_crc32 = MZ_READ_LE32(pLocal_header + MZ_ZIP_LDH_CRC32_OFS);
+    local_header_bit_flags = MZ_READ_LE16(pLocal_header + MZ_ZIP_LDH_BIT_FLAG_OFS);
+    has_data_descriptor = (local_header_bit_flags & 8) != 0;
+
+    if (local_header_filename_len != strlen(file_stat.m_filename))
+        return mz_zip_set_error(pZip, MZ_ZIP_INVALID_HEADER_OR_CORRUPTED);
+
+    if ((local_header_ofs + MZ_ZIP_LOCAL_DIR_HEADER_SIZE + local_header_filename_len + local_header_extra_len + file_stat.m_comp_size) > pZip->m_archive_size)
+        return mz_zip_set_error(pZip, MZ_ZIP_INVALID_HEADER_OR_CORRUPTED);
+
+    if (!mz_zip_array_resize(pZip, &file_data_array, MZ_MAX(local_header_filename_len, local_header_extra_len), MZ_FALSE))
+        return mz_zip_set_error(pZip, MZ_ZIP_ALLOC_FAILED);
+
+    if (local_header_filename_len)
+    {
+        if (pZip->m_pRead(pZip->m_pIO_opaque, local_header_ofs + MZ_ZIP_LOCAL_DIR_HEADER_SIZE, file_data_array.m_p, local_header_filename_len) != local_header_filename_len)
+        {
+            mz_zip_set_error(pZip, MZ_ZIP_FILE_READ_FAILED);
+            goto handle_failure;
+        }
+
+        /* I've seen 1 archive that had the same pathname, but used backslashes in the local dir and forward slashes in the central dir. Do we care about this? For now, this case will fail validation. */
+        if (memcmp(file_stat.m_filename, file_data_array.m_p, local_header_filename_len) != 0)
+        {
+            mz_zip_set_error(pZip, MZ_ZIP_VALIDATION_FAILED);
+            goto handle_failure;
+        }
+    }
+
+    if ((local_header_extra_len) && ((local_header_comp_size == MZ_UINT32_MAX) || (local_header_uncomp_size == MZ_UINT32_MAX)))
+    {
+        if (pZip->m_pRead(pZip->m_pIO_opaque, local_header_ofs + MZ_ZIP_LOCAL_DIR_HEADER_SIZE + local_header_filename_len, file_data_array.m_p, local_header_extra_len) != local_header_extra_len)
+        {
+            mz_zip_set_error(pZip, MZ_ZIP_FILE_READ_FAILED);
+            goto handle_failure;
+        }
+
+        mz_uint32 extra_size_remaining = local_header_extra_len;
+        const mz_uint8 *pExtra_data = (const mz_uint8 *)file_data_array.m_p;
+
+        do
+        {
+            mz_uint32 field_id, field_data_size, field_total_size;
+
+            if (extra_size_remaining < (sizeof(mz_uint16) * 2))
+                return mz_zip_set_error(pZip, MZ_ZIP_INVALID_HEADER_OR_CORRUPTED);
+
+            field_id = MZ_READ_LE16(pExtra_data);
+            field_data_size = MZ_READ_LE16(pExtra_data + sizeof(mz_uint16));
+            field_total_size = field_data_size + sizeof(mz_uint16) * 2;
+
+            if (field_total_size > extra_size_remaining)
+                return mz_zip_set_error(pZip, MZ_ZIP_INVALID_HEADER_OR_CORRUPTED);
+
+            if (field_id == MZ_ZIP64_EXTENDED_INFORMATION_FIELD_HEADER_ID)
+            {
+                const mz_uint8 *pSrc_field_data = pExtra_data + sizeof(mz_uint32);
+
+                if (field_data_size < sizeof(mz_uint64) * 2)
+                {
+                    mz_zip_set_error(pZip, MZ_ZIP_INVALID_HEADER_OR_CORRUPTED);
+                    goto handle_failure;
+                }
+
+                local_header_uncomp_size = MZ_READ_LE64(pSrc_field_data);
+                local_header_comp_size = MZ_READ_LE64(pSrc_field_data + sizeof(mz_uint64));
+
+                found_zip64_ext_data_in_ldir = MZ_TRUE;
+                break;
+            }
+
+            pExtra_data += field_total_size;
+            extra_size_remaining -= field_total_size;
+        } while (extra_size_remaining);
+    }
+
+    /* TODO: parse local header extra data when local_header_comp_size is 0xFFFFFFFF! (big_descriptor.zip) */
+    /* I've seen zips in the wild with the data descriptor bit set, but proper local header values and bogus data descriptors */
+    if ((has_data_descriptor) && (!local_header_comp_size) && (!local_header_crc32))
+    {
+        mz_uint8 descriptor_buf[32];
+
+        mz_uint32 num_descriptor_uint32s = ((pState->m_zip64) || (found_zip64_ext_data_in_ldir)) ? 6 : 4;
+
+        if (pZip->m_pRead(pZip->m_pIO_opaque, local_header_ofs + MZ_ZIP_LOCAL_DIR_HEADER_SIZE + local_header_filename_len + local_header_extra_len + file_stat.m_comp_size, descriptor_buf, sizeof(mz_uint32) * num_descriptor_uint32s) != (sizeof(mz_uint32) * num_descriptor_uint32s))
+        {
+            mz_zip_set_error(pZip, MZ_ZIP_FILE_READ_FAILED);
+            goto handle_failure;
+        }
+
+        mz_bool has_id = (MZ_READ_LE32(descriptor_buf) == MZ_ZIP_DATA_DESCRIPTOR_ID);
+        const mz_uint8 *pSrc = has_id ? (descriptor_buf + sizeof(mz_uint32)) : descriptor_buf;
+
+        mz_uint32 file_crc32 = MZ_READ_LE32(pSrc);
+        mz_uint64 comp_size = 0, uncomp_size = 0;
+
+        if ((pState->m_zip64) || (found_zip64_ext_data_in_ldir))
+        {
+            comp_size = MZ_READ_LE64(pSrc + sizeof(mz_uint32));
+            uncomp_size = MZ_READ_LE64(pSrc + sizeof(mz_uint32) + sizeof(mz_uint64));
+        }
+        else
+        {
+            comp_size = MZ_READ_LE32(pSrc + sizeof(mz_uint32));
+            uncomp_size = MZ_READ_LE32(pSrc + sizeof(mz_uint32) + sizeof(mz_uint32));
+        }
+
+        if ((file_crc32 != file_stat.m_crc32) || (comp_size != file_stat.m_comp_size) || (uncomp_size != file_stat.m_uncomp_size))
+        {
+            mz_zip_set_error(pZip, MZ_ZIP_VALIDATION_FAILED);
+            goto handle_failure;
+        }
+    }
+    else
+    {
+        if ((local_header_crc32 != file_stat.m_crc32) || (local_header_comp_size != file_stat.m_comp_size) || (local_header_uncomp_size != file_stat.m_uncomp_size))
+        {
+            mz_zip_set_error(pZip, MZ_ZIP_VALIDATION_FAILED);
+            goto handle_failure;
+        }
+    }
+
+    mz_zip_array_clear(pZip, &file_data_array);
+
+    if ((flags & MZ_ZIP_FLAG_VALIDATE_HEADERS_ONLY) == 0)
+    {
+        if (!mz_zip_reader_extract_to_callback(pZip, file_index, mz_zip_compute_crc32_callback, &uncomp_crc32, 0))
+            return MZ_FALSE;
+
+        /* 1 more check to be sure, although the extract checks too. */
+        if (uncomp_crc32 != file_stat.m_crc32)
+        {
+            mz_zip_set_error(pZip, MZ_ZIP_VALIDATION_FAILED);
+            return MZ_FALSE;
+        }
+    }
+
+    return MZ_TRUE;
+
+handle_failure:
+    mz_zip_array_clear(pZip, &file_data_array);
+    return MZ_FALSE;
+}
+
+mz_bool mz_zip_validate_archive(mz_zip_archive *pZip, mz_uint flags)
+{
+    mz_zip_internal_state *pState;
+    uint32_t i;
+
+    if ((!pZip) || (!pZip->m_pState) || (!pZip->m_pAlloc) || (!pZip->m_pFree) || (!pZip->m_pRead))
+        return mz_zip_set_error(pZip, MZ_ZIP_INVALID_PARAMETER);
+
+    pState = pZip->m_pState;
+
+    /* Basic sanity checks */
+    if (!pState->m_zip64)
+    {
+        if (pZip->m_total_files > MZ_UINT16_MAX)
+            return mz_zip_set_error(pZip, MZ_ZIP_ARCHIVE_TOO_LARGE);
+
+        if (pZip->m_archive_size > MZ_UINT32_MAX)
+            return mz_zip_set_error(pZip, MZ_ZIP_ARCHIVE_TOO_LARGE);
+    }
+    else
+    {
+        if (pZip->m_total_files >= MZ_UINT32_MAX)
+            return mz_zip_set_error(pZip, MZ_ZIP_ARCHIVE_TOO_LARGE);
+
+        if (pState->m_central_dir.m_size >= MZ_UINT32_MAX)
+            return mz_zip_set_error(pZip, MZ_ZIP_ARCHIVE_TOO_LARGE);
+    }
+
+    for (i = 0; i < pZip->m_total_files; i++)
+    {
+        if (MZ_ZIP_FLAG_VALIDATE_LOCATE_FILE_FLAG & flags)
+        {
+            mz_uint32 found_index;
+            mz_zip_archive_file_stat stat;
+
+            if (!mz_zip_reader_file_stat(pZip, i, &stat))
+                return MZ_FALSE;
+
+            if (!mz_zip_reader_locate_file_v2(pZip, stat.m_filename, NULL, 0, &found_index))
+                return MZ_FALSE;
+
+            /* This check can fail if there are duplicate filenames in the archive (which we don't check for when writing - that's up to the user) */
+            if (found_index != i)
+                return mz_zip_set_error(pZip, MZ_ZIP_VALIDATION_FAILED);
+        }
+
+        if (!mz_zip_validate_file(pZip, i, flags))
+            return MZ_FALSE;
+    }
+
+    return MZ_TRUE;
+}
+
+mz_bool mz_zip_validate_mem_archive(const void *pMem, size_t size, mz_uint flags, mz_zip_error *pErr)
+{
+    mz_bool success = MZ_TRUE;
+    mz_zip_archive zip;
+    mz_zip_error actual_err = MZ_ZIP_NO_ERROR;
+
+    if ((!pMem) || (!size))
+    {
+        if (pErr)
+            *pErr = MZ_ZIP_INVALID_PARAMETER;
+        return MZ_FALSE;
+    }
+
+    mz_zip_zero_struct(&zip);
+
+    if (!mz_zip_reader_init_mem(&zip, pMem, size, flags))
+    {
+        if (pErr)
+            *pErr = zip.m_last_error;
+        return MZ_FALSE;
+    }
+
+    if (!mz_zip_validate_archive(&zip, flags))
+    {
+        actual_err = zip.m_last_error;
+        success = MZ_FALSE;
+    }
+
+    if (!mz_zip_reader_end_internal(&zip, success))
+    {
+        if (!actual_err)
+            actual_err = zip.m_last_error;
+        success = MZ_FALSE;
+    }
+
+    if (pErr)
+        *pErr = actual_err;
+
+    return success;
+}
+
+#ifndef MINIZ_NO_STDIO
+mz_bool mz_zip_validate_file_archive(const char *pFilename, mz_uint flags, mz_zip_error *pErr)
+{
+    mz_bool success = MZ_TRUE;
+    mz_zip_archive zip;
+    mz_zip_error actual_err = MZ_ZIP_NO_ERROR;
+
+    if (!pFilename)
+    {
+        if (pErr)
+            *pErr = MZ_ZIP_INVALID_PARAMETER;
+        return MZ_FALSE;
+    }
+
+    mz_zip_zero_struct(&zip);
+
+    if (!mz_zip_reader_init_file_v2(&zip, pFilename, flags, 0, 0))
+    {
+        if (pErr)
+            *pErr = zip.m_last_error;
+        return MZ_FALSE;
+    }
+
+    if (!mz_zip_validate_archive(&zip, flags))
+    {
+        actual_err = zip.m_last_error;
+        success = MZ_FALSE;
+    }
+
+    if (!mz_zip_reader_end_internal(&zip, success))
+    {
+        if (!actual_err)
+            actual_err = zip.m_last_error;
+        success = MZ_FALSE;
+    }
+
+    if (pErr)
+        *pErr = actual_err;
+
+    return success;
+}
+#endif /* #ifndef MINIZ_NO_STDIO */
+
+/* ------------------- .ZIP archive writing */
+
+#ifndef MINIZ_NO_ARCHIVE_WRITING_APIS
+
+static MZ_FORCEINLINE void mz_write_le16(mz_uint8 *p, mz_uint16 v)
+{
+    p[0] = (mz_uint8)v;
+    p[1] = (mz_uint8)(v >> 8);
+}
+static MZ_FORCEINLINE void mz_write_le32(mz_uint8 *p, mz_uint32 v)
+{
+    p[0] = (mz_uint8)v;
+    p[1] = (mz_uint8)(v >> 8);
+    p[2] = (mz_uint8)(v >> 16);
+    p[3] = (mz_uint8)(v >> 24);
+}
+static MZ_FORCEINLINE void mz_write_le64(mz_uint8 *p, mz_uint64 v)
+{
+    mz_write_le32(p, (mz_uint32)v);
+    mz_write_le32(p + sizeof(mz_uint32), (mz_uint32)(v >> 32));
+}
+
+#define MZ_WRITE_LE16(p, v) mz_write_le16((mz_uint8 *)(p), (mz_uint16)(v))
+#define MZ_WRITE_LE32(p, v) mz_write_le32((mz_uint8 *)(p), (mz_uint32)(v))
+#define MZ_WRITE_LE64(p, v) mz_write_le64((mz_uint8 *)(p), (mz_uint64)(v))
+
+static size_t mz_zip_heap_write_func(void *pOpaque, mz_uint64 file_ofs, const void *pBuf, size_t n)
+{
+    mz_zip_archive *pZip = (mz_zip_archive *)pOpaque;
+    mz_zip_internal_state *pState = pZip->m_pState;
+    mz_uint64 new_size = MZ_MAX(file_ofs + n, pState->m_mem_size);
+
+    if (!n)
+        return 0;
+
+    /* An allocation this big is likely to just fail on 32-bit systems, so don't even go there. */
+    if ((sizeof(size_t) == sizeof(mz_uint32)) && (new_size > 0x7FFFFFFF))
+    {
+        mz_zip_set_error(pZip, MZ_ZIP_FILE_TOO_LARGE);
+        return 0;
+    }
+
+    if (new_size > pState->m_mem_capacity)
+    {
+        void *pNew_block;
+        size_t new_capacity = MZ_MAX(64, pState->m_mem_capacity);
+
+        while (new_capacity < new_size)
+            new_capacity *= 2;
+
+        if (NULL == (pNew_block = pZip->m_pRealloc(pZip->m_pAlloc_opaque, pState->m_pMem, 1, new_capacity)))
+        {
+            mz_zip_set_error(pZip, MZ_ZIP_ALLOC_FAILED);
+            return 0;
+        }
+
+        pState->m_pMem = pNew_block;
+        pState->m_mem_capacity = new_capacity;
+    }
+    memcpy((mz_uint8 *)pState->m_pMem + file_ofs, pBuf, n);
+    pState->m_mem_size = (size_t)new_size;
+    return n;
+}
+
+static mz_bool mz_zip_writer_end_internal(mz_zip_archive *pZip, mz_bool set_last_error)
+{
+    mz_zip_internal_state *pState;
+    mz_bool status = MZ_TRUE;
+
+    if ((!pZip) || (!pZip->m_pState) || (!pZip->m_pAlloc) || (!pZip->m_pFree) || ((pZip->m_zip_mode != MZ_ZIP_MODE_WRITING) && (pZip->m_zip_mode != MZ_ZIP_MODE_WRITING_HAS_BEEN_FINALIZED)))
+    {
+        if (set_last_error)
+            mz_zip_set_error(pZip, MZ_ZIP_INVALID_PARAMETER);
+        return MZ_FALSE;
+    }
+
+    pState = pZip->m_pState;
+    pZip->m_pState = NULL;
+    mz_zip_array_clear(pZip, &pState->m_central_dir);
+    mz_zip_array_clear(pZip, &pState->m_central_dir_offsets);
+    mz_zip_array_clear(pZip, &pState->m_sorted_central_dir_offsets);
+
+#ifndef MINIZ_NO_STDIO
+    if (pState->m_pFile)
+    {
+        if (pZip->m_zip_type == MZ_ZIP_TYPE_FILE)
+        {
+            if (MZ_FCLOSE(pState->m_pFile) == EOF)
+            {
+                if (set_last_error)
+                    mz_zip_set_error(pZip, MZ_ZIP_FILE_CLOSE_FAILED);
+                status = MZ_FALSE;
+            }
+        }
+
+        pState->m_pFile = NULL;
+    }
+#endif /* #ifndef MINIZ_NO_STDIO */
+
+    if ((pZip->m_pWrite == mz_zip_heap_write_func) && (pState->m_pMem))
+    {
+        pZip->m_pFree(pZip->m_pAlloc_opaque, pState->m_pMem);
+        pState->m_pMem = NULL;
+    }
+
+    pZip->m_pFree(pZip->m_pAlloc_opaque, pState);
+    pZip->m_zip_mode = MZ_ZIP_MODE_INVALID;
+    return status;
+}
+
+mz_bool mz_zip_writer_init_v2(mz_zip_archive *pZip, mz_uint64 existing_size, mz_uint flags)
+{
+    mz_bool zip64 = (flags & MZ_ZIP_FLAG_WRITE_ZIP64) != 0;
+
+    if ((!pZip) || (pZip->m_pState) || (!pZip->m_pWrite) || (pZip->m_zip_mode != MZ_ZIP_MODE_INVALID))
+        return mz_zip_set_error(pZip, MZ_ZIP_INVALID_PARAMETER);
+
+    if (flags & MZ_ZIP_FLAG_WRITE_ALLOW_READING)
+    {
+        if (!pZip->m_pRead)
+            return mz_zip_set_error(pZip, MZ_ZIP_INVALID_PARAMETER);
+    }
+
+    if (pZip->m_file_offset_alignment)
+    {
+        /* Ensure user specified file offset alignment is a power of 2. */
+        if (pZip->m_file_offset_alignment & (pZip->m_file_offset_alignment - 1))
+            return mz_zip_set_error(pZip, MZ_ZIP_INVALID_PARAMETER);
+    }
+
+    if (!pZip->m_pAlloc)
+        pZip->m_pAlloc = miniz_def_alloc_func;
+    if (!pZip->m_pFree)
+        pZip->m_pFree = miniz_def_free_func;
+    if (!pZip->m_pRealloc)
+        pZip->m_pRealloc = miniz_def_realloc_func;
+
+    pZip->m_archive_size = existing_size;
+    pZip->m_central_directory_file_ofs = 0;
+    pZip->m_total_files = 0;
+
+    if (NULL == (pZip->m_pState = (mz_zip_internal_state *)pZip->m_pAlloc(pZip->m_pAlloc_opaque, 1, sizeof(mz_zip_internal_state))))
+        return mz_zip_set_error(pZip, MZ_ZIP_ALLOC_FAILED);
+
+    memset(pZip->m_pState, 0, sizeof(mz_zip_internal_state));
+
+    MZ_ZIP_ARRAY_SET_ELEMENT_SIZE(&pZip->m_pState->m_central_dir, sizeof(mz_uint8));
+    MZ_ZIP_ARRAY_SET_ELEMENT_SIZE(&pZip->m_pState->m_central_dir_offsets, sizeof(mz_uint32));
+    MZ_ZIP_ARRAY_SET_ELEMENT_SIZE(&pZip->m_pState->m_sorted_central_dir_offsets, sizeof(mz_uint32));
+
+    pZip->m_pState->m_zip64 = zip64;
+    pZip->m_pState->m_zip64_has_extended_info_fields = zip64;
+
+    pZip->m_zip_type = MZ_ZIP_TYPE_USER;
+    pZip->m_zip_mode = MZ_ZIP_MODE_WRITING;
+
+    return MZ_TRUE;
+}
+
+mz_bool mz_zip_writer_init(mz_zip_archive *pZip, mz_uint64 existing_size)
+{
+    return mz_zip_writer_init_v2(pZip, existing_size, 0);
+}
+
+mz_bool mz_zip_writer_init_heap_v2(mz_zip_archive *pZip, size_t size_to_reserve_at_beginning, size_t initial_allocation_size, mz_uint flags)
+{
+    pZip->m_pWrite = mz_zip_heap_write_func;
+
+    if (flags & MZ_ZIP_FLAG_WRITE_ALLOW_READING)
+        pZip->m_pRead = mz_zip_mem_read_func;
+
+    pZip->m_pIO_opaque = pZip;
+
+    if (!mz_zip_writer_init_v2(pZip, size_to_reserve_at_beginning, flags))
+        return MZ_FALSE;
+
+    pZip->m_zip_type = MZ_ZIP_TYPE_HEAP;
+
+    if (0 != (initial_allocation_size = MZ_MAX(initial_allocation_size, size_to_reserve_at_beginning)))
+    {
+        if (NULL == (pZip->m_pState->m_pMem = pZip->m_pAlloc(pZip->m_pAlloc_opaque, 1, initial_allocation_size)))
+        {
+            mz_zip_writer_end_internal(pZip, MZ_FALSE);
+            return mz_zip_set_error(pZip, MZ_ZIP_ALLOC_FAILED);
+        }
+        pZip->m_pState->m_mem_capacity = initial_allocation_size;
+    }
+
+    return MZ_TRUE;
+}
+
+mz_bool mz_zip_writer_init_heap(mz_zip_archive *pZip, size_t size_to_reserve_at_beginning, size_t initial_allocation_size)
+{
+    return mz_zip_writer_init_heap_v2(pZip, size_to_reserve_at_beginning, initial_allocation_size, 0);
+}
+
+#ifndef MINIZ_NO_STDIO
+static size_t mz_zip_file_write_func(void *pOpaque, mz_uint64 file_ofs, const void *pBuf, size_t n)
+{
+    mz_zip_archive *pZip = (mz_zip_archive *)pOpaque;
+    mz_int64 cur_ofs = MZ_FTELL64(pZip->m_pState->m_pFile);
+
+    file_ofs += pZip->m_pState->m_file_archive_start_ofs;
+
+    if (((mz_int64)file_ofs < 0) || (((cur_ofs != (mz_int64)file_ofs)) && (MZ_FSEEK64(pZip->m_pState->m_pFile, (mz_int64)file_ofs, SEEK_SET))))
+    {
+        mz_zip_set_error(pZip, MZ_ZIP_FILE_SEEK_FAILED);
+        return 0;
+    }
+
+    return MZ_FWRITE(pBuf, 1, n, pZip->m_pState->m_pFile);
+}
+
+mz_bool mz_zip_writer_init_file(mz_zip_archive *pZip, const char *pFilename, mz_uint64 size_to_reserve_at_beginning)
+{
+    return mz_zip_writer_init_file_v2(pZip, pFilename, size_to_reserve_at_beginning, 0);
+}
+
+mz_bool mz_zip_writer_init_file_v2(mz_zip_archive *pZip, const char *pFilename, mz_uint64 size_to_reserve_at_beginning, mz_uint flags)
+{
+    MZ_FILE *pFile;
+
+    pZip->m_pWrite = mz_zip_file_write_func;
+
+    if (flags & MZ_ZIP_FLAG_WRITE_ALLOW_READING)
+        pZip->m_pRead = mz_zip_file_read_func;
+
+    pZip->m_pIO_opaque = pZip;
+
+    if (!mz_zip_writer_init_v2(pZip, size_to_reserve_at_beginning, flags))
+        return MZ_FALSE;
+
+    if (NULL == (pFile = MZ_FOPEN(pFilename, (flags & MZ_ZIP_FLAG_WRITE_ALLOW_READING) ? "w+b" : "wb")))
+    {
+        mz_zip_writer_end(pZip);
+        return mz_zip_set_error(pZip, MZ_ZIP_FILE_OPEN_FAILED);
+    }
+
+    pZip->m_pState->m_pFile = pFile;
+    pZip->m_zip_type = MZ_ZIP_TYPE_FILE;
+
+    if (size_to_reserve_at_beginning)
+    {
+        mz_uint64 cur_ofs = 0;
+        char buf[4096];
+
+        MZ_CLEAR_OBJ(buf);
+
+        do
+        {
+            size_t n = (size_t)MZ_MIN(sizeof(buf), size_to_reserve_at_beginning);
+            if (pZip->m_pWrite(pZip->m_pIO_opaque, cur_ofs, buf, n) != n)
+            {
+                mz_zip_writer_end(pZip);
+                return mz_zip_set_error(pZip, MZ_ZIP_FILE_WRITE_FAILED);
+            }
+            cur_ofs += n;
+            size_to_reserve_at_beginning -= n;
+        } while (size_to_reserve_at_beginning);
+    }
+
+    return MZ_TRUE;
+}
+
+mz_bool mz_zip_writer_init_cfile(mz_zip_archive *pZip, MZ_FILE *pFile, mz_uint flags)
+{
+    pZip->m_pWrite = mz_zip_file_write_func;
+
+    if (flags & MZ_ZIP_FLAG_WRITE_ALLOW_READING)
+        pZip->m_pRead = mz_zip_file_read_func;
+
+    pZip->m_pIO_opaque = pZip;
+
+    if (!mz_zip_writer_init_v2(pZip, 0, flags))
+        return MZ_FALSE;
+
+    pZip->m_pState->m_pFile = pFile;
+    pZip->m_pState->m_file_archive_start_ofs = MZ_FTELL64(pZip->m_pState->m_pFile);
+    pZip->m_zip_type = MZ_ZIP_TYPE_CFILE;
+
+    return MZ_TRUE;
+}
+#endif /* #ifndef MINIZ_NO_STDIO */
+
+mz_bool mz_zip_writer_init_from_reader_v2(mz_zip_archive *pZip, const char *pFilename, mz_uint flags)
+{
+    mz_zip_internal_state *pState;
+
+    if ((!pZip) || (!pZip->m_pState) || (pZip->m_zip_mode != MZ_ZIP_MODE_READING))
+        return mz_zip_set_error(pZip, MZ_ZIP_INVALID_PARAMETER);
+
+    if (flags & MZ_ZIP_FLAG_WRITE_ZIP64)
+    {
+        /* We don't support converting a non-zip64 file to zip64 - this seems like more trouble than it's worth. (What about the existing 32-bit data descriptors that could follow the compressed data?) */
+        if (!pZip->m_pState->m_zip64)
+            return mz_zip_set_error(pZip, MZ_ZIP_INVALID_PARAMETER);
+    }
+
+    /* No sense in trying to write to an archive that's already at the support max size */
+    if (pZip->m_pState->m_zip64)
+    {
+        if (pZip->m_total_files == MZ_UINT32_MAX)
+            return mz_zip_set_error(pZip, MZ_ZIP_TOO_MANY_FILES);
+    }
+    else
+    {
+        if (pZip->m_total_files == MZ_UINT16_MAX)
+            return mz_zip_set_error(pZip, MZ_ZIP_TOO_MANY_FILES);
+
+        if ((pZip->m_archive_size + MZ_ZIP_CENTRAL_DIR_HEADER_SIZE + MZ_ZIP_LOCAL_DIR_HEADER_SIZE) > MZ_UINT32_MAX)
+            return mz_zip_set_error(pZip, MZ_ZIP_FILE_TOO_LARGE);
+    }
+
+    pState = pZip->m_pState;
+
+    if (pState->m_pFile)
+    {
+#ifdef MINIZ_NO_STDIO
+        (void)pFilename;
+        return mz_zip_set_error(pZip, MZ_ZIP_INVALID_PARAMETER);
+#else
+        if (pZip->m_pIO_opaque != pZip)
+            return mz_zip_set_error(pZip, MZ_ZIP_INVALID_PARAMETER);
+
+        if (pZip->m_zip_type == MZ_ZIP_TYPE_FILE)
+        {
+            if (!pFilename)
+                return mz_zip_set_error(pZip, MZ_ZIP_INVALID_PARAMETER);
+
+            /* Archive is being read from stdio and was originally opened only for reading. Try to reopen as writable. */
+            if (NULL == (pState->m_pFile = MZ_FREOPEN(pFilename, "r+b", pState->m_pFile)))
+            {
+                /* The mz_zip_archive is now in a bogus state because pState->m_pFile is NULL, so just close it. */
+                mz_zip_reader_end_internal(pZip, MZ_FALSE);
+                return mz_zip_set_error(pZip, MZ_ZIP_FILE_OPEN_FAILED);
+            }
+        }
+
+        pZip->m_pWrite = mz_zip_file_write_func;
+#endif /* #ifdef MINIZ_NO_STDIO */
+    }
+    else if (pState->m_pMem)
+    {
+        /* Archive lives in a memory block. Assume it's from the heap that we can resize using the realloc callback. */
+        if (pZip->m_pIO_opaque != pZip)
+            return mz_zip_set_error(pZip, MZ_ZIP_INVALID_PARAMETER);
+
+        pState->m_mem_capacity = pState->m_mem_size;
+        pZip->m_pWrite = mz_zip_heap_write_func;
+    }
+    /* Archive is being read via a user provided read function - make sure the user has specified a write function too. */
+    else if (!pZip->m_pWrite)
+        return mz_zip_set_error(pZip, MZ_ZIP_INVALID_PARAMETER);
+
+    /* Start writing new files at the archive's current central directory location. */
+    /* TODO: We could add a flag that lets the user start writing immediately AFTER the existing central dir - this would be safer. */
+    pZip->m_archive_size = pZip->m_central_directory_file_ofs;
+    pZip->m_central_directory_file_ofs = 0;
+
+    /* Clear the sorted central dir offsets, they aren't useful or maintained now. */
+    /* Even though we're now in write mode, files can still be extracted and verified, but file locates will be slow. */
+    /* TODO: We could easily maintain the sorted central directory offsets. */
+    mz_zip_array_clear(pZip, &pZip->m_pState->m_sorted_central_dir_offsets);
+
+    pZip->m_zip_mode = MZ_ZIP_MODE_WRITING;
+
+    return MZ_TRUE;
+}
+
+mz_bool mz_zip_writer_init_from_reader(mz_zip_archive *pZip, const char *pFilename)
+{
+    return mz_zip_writer_init_from_reader_v2(pZip, pFilename, 0);
+}
+
+/* TODO: pArchive_name is a terrible name here! */
+mz_bool mz_zip_writer_add_mem(mz_zip_archive *pZip, const char *pArchive_name, const void *pBuf, size_t buf_size, mz_uint level_and_flags)
+{
+    return mz_zip_writer_add_mem_ex(pZip, pArchive_name, pBuf, buf_size, NULL, 0, level_and_flags, 0, 0);
+}
+
+typedef struct
+{
+    mz_zip_archive *m_pZip;
+    mz_uint64 m_cur_archive_file_ofs;
+    mz_uint64 m_comp_size;
+} mz_zip_writer_add_state;
+
+static mz_bool mz_zip_writer_add_put_buf_callback(const void *pBuf, int len, void *pUser)
+{
+    mz_zip_writer_add_state *pState = (mz_zip_writer_add_state *)pUser;
+    if ((int)pState->m_pZip->m_pWrite(pState->m_pZip->m_pIO_opaque, pState->m_cur_archive_file_ofs, pBuf, len) != len)
+        return MZ_FALSE;
+
+    pState->m_cur_archive_file_ofs += len;
+    pState->m_comp_size += len;
+    return MZ_TRUE;
+}
+
+#define MZ_ZIP64_MAX_LOCAL_EXTRA_FIELD_SIZE (sizeof(mz_uint16) * 2 + sizeof(mz_uint64) * 2)
+#define MZ_ZIP64_MAX_CENTRAL_EXTRA_FIELD_SIZE (sizeof(mz_uint16) * 2 + sizeof(mz_uint64) * 3)
+static mz_uint32 mz_zip_writer_create_zip64_extra_data(mz_uint8 *pBuf, mz_uint64 *pUncomp_size, mz_uint64 *pComp_size, mz_uint64 *pLocal_header_ofs)
+{
+    mz_uint8 *pDst = pBuf;
+
+    MZ_WRITE_LE16(pDst + 0, MZ_ZIP64_EXTENDED_INFORMATION_FIELD_HEADER_ID);
+    MZ_WRITE_LE16(pDst + 2, 0);
+    pDst += sizeof(mz_uint16) * 2;
+
+    mz_uint32 field_size = 0;
+
+    if (pUncomp_size)
+    {
+        MZ_WRITE_LE64(pDst, *pUncomp_size);
+        pDst += sizeof(mz_uint64);
+        field_size += sizeof(mz_uint64);
+    }
+
+    if (pComp_size)
+    {
+        MZ_WRITE_LE64(pDst, *pComp_size);
+        pDst += sizeof(mz_uint64);
+        field_size += sizeof(mz_uint64);
+    }
+
+    if (pLocal_header_ofs)
+    {
+        MZ_WRITE_LE64(pDst, *pLocal_header_ofs);
+        pDst += sizeof(mz_uint64);
+        field_size += sizeof(mz_uint64);
+    }
+
+    MZ_WRITE_LE16(pBuf + 2, field_size);
+
+    return (mz_uint32)(pDst - pBuf);
+}
+
+static mz_bool mz_zip_writer_create_local_dir_header(mz_zip_archive *pZip, mz_uint8 *pDst, mz_uint16 filename_size, mz_uint16 extra_size, mz_uint64 uncomp_size, mz_uint64 comp_size, mz_uint32 uncomp_crc32, mz_uint16 method, mz_uint16 bit_flags, mz_uint16 dos_time, mz_uint16 dos_date)
+{
+    (void)pZip;
+    memset(pDst, 0, MZ_ZIP_LOCAL_DIR_HEADER_SIZE);
+    MZ_WRITE_LE32(pDst + MZ_ZIP_LDH_SIG_OFS, MZ_ZIP_LOCAL_DIR_HEADER_SIG);
+    MZ_WRITE_LE16(pDst + MZ_ZIP_LDH_VERSION_NEEDED_OFS, method ? 20 : 0);
+    MZ_WRITE_LE16(pDst + MZ_ZIP_LDH_BIT_FLAG_OFS, bit_flags);
+    MZ_WRITE_LE16(pDst + MZ_ZIP_LDH_METHOD_OFS, method);
+    MZ_WRITE_LE16(pDst + MZ_ZIP_LDH_FILE_TIME_OFS, dos_time);
+    MZ_WRITE_LE16(pDst + MZ_ZIP_LDH_FILE_DATE_OFS, dos_date);
+    MZ_WRITE_LE32(pDst + MZ_ZIP_LDH_CRC32_OFS, uncomp_crc32);
+    MZ_WRITE_LE32(pDst + MZ_ZIP_LDH_COMPRESSED_SIZE_OFS, MZ_MIN(comp_size, MZ_UINT32_MAX));
+    MZ_WRITE_LE32(pDst + MZ_ZIP_LDH_DECOMPRESSED_SIZE_OFS, MZ_MIN(uncomp_size, MZ_UINT32_MAX));
+    MZ_WRITE_LE16(pDst + MZ_ZIP_LDH_FILENAME_LEN_OFS, filename_size);
+    MZ_WRITE_LE16(pDst + MZ_ZIP_LDH_EXTRA_LEN_OFS, extra_size);
+    return MZ_TRUE;
+}
+
+static mz_bool mz_zip_writer_create_central_dir_header(mz_zip_archive *pZip, mz_uint8 *pDst,
+                                                       mz_uint16 filename_size, mz_uint16 extra_size, mz_uint16 comment_size,
+                                                       mz_uint64 uncomp_size, mz_uint64 comp_size, mz_uint32 uncomp_crc32,
+                                                       mz_uint16 method, mz_uint16 bit_flags, mz_uint16 dos_time, mz_uint16 dos_date,
+                                                       mz_uint64 local_header_ofs, mz_uint32 ext_attributes)
+{
+    (void)pZip;
+    memset(pDst, 0, MZ_ZIP_CENTRAL_DIR_HEADER_SIZE);
+    MZ_WRITE_LE32(pDst + MZ_ZIP_CDH_SIG_OFS, MZ_ZIP_CENTRAL_DIR_HEADER_SIG);
+    MZ_WRITE_LE16(pDst + MZ_ZIP_CDH_VERSION_NEEDED_OFS, method ? 20 : 0);
+    MZ_WRITE_LE16(pDst + MZ_ZIP_CDH_BIT_FLAG_OFS, bit_flags);
+    MZ_WRITE_LE16(pDst + MZ_ZIP_CDH_METHOD_OFS, method);
+    MZ_WRITE_LE16(pDst + MZ_ZIP_CDH_FILE_TIME_OFS, dos_time);
+    MZ_WRITE_LE16(pDst + MZ_ZIP_CDH_FILE_DATE_OFS, dos_date);
+    MZ_WRITE_LE32(pDst + MZ_ZIP_CDH_CRC32_OFS, uncomp_crc32);
+    MZ_WRITE_LE32(pDst + MZ_ZIP_CDH_COMPRESSED_SIZE_OFS, MZ_MIN(comp_size, MZ_UINT32_MAX));
+    MZ_WRITE_LE32(pDst + MZ_ZIP_CDH_DECOMPRESSED_SIZE_OFS, MZ_MIN(uncomp_size, MZ_UINT32_MAX));
+    MZ_WRITE_LE16(pDst + MZ_ZIP_CDH_FILENAME_LEN_OFS, filename_size);
+    MZ_WRITE_LE16(pDst + MZ_ZIP_CDH_EXTRA_LEN_OFS, extra_size);
+    MZ_WRITE_LE16(pDst + MZ_ZIP_CDH_COMMENT_LEN_OFS, comment_size);
+    MZ_WRITE_LE32(pDst + MZ_ZIP_CDH_EXTERNAL_ATTR_OFS, ext_attributes);
+    MZ_WRITE_LE32(pDst + MZ_ZIP_CDH_LOCAL_HEADER_OFS, MZ_MIN(local_header_ofs, MZ_UINT32_MAX));
+    return MZ_TRUE;
+}
+
+static mz_bool mz_zip_writer_add_to_central_dir(mz_zip_archive *pZip, const char *pFilename, mz_uint16 filename_size,
+                                                const void *pExtra, mz_uint16 extra_size, const void *pComment, mz_uint16 comment_size,
+                                                mz_uint64 uncomp_size, mz_uint64 comp_size, mz_uint32 uncomp_crc32,
+                                                mz_uint16 method, mz_uint16 bit_flags, mz_uint16 dos_time, mz_uint16 dos_date,
+                                                mz_uint64 local_header_ofs, mz_uint32 ext_attributes,
+                                                const char *user_extra_data, mz_uint user_extra_data_len)
+{
+    mz_zip_internal_state *pState = pZip->m_pState;
+    mz_uint32 central_dir_ofs = (mz_uint32)pState->m_central_dir.m_size;
+    size_t orig_central_dir_size = pState->m_central_dir.m_size;
+    mz_uint8 central_dir_header[MZ_ZIP_CENTRAL_DIR_HEADER_SIZE];
+
+    if (!pZip->m_pState->m_zip64)
+    {
+        if (local_header_ofs > 0xFFFFFFFF)
+            return mz_zip_set_error(pZip, MZ_ZIP_FILE_TOO_LARGE);
+    }
+
+    /* miniz doesn't support central dirs >= MZ_UINT32_MAX bytes yet */
+    if (((mz_uint64)pState->m_central_dir.m_size + MZ_ZIP_CENTRAL_DIR_HEADER_SIZE + filename_size + extra_size + user_extra_data_len + comment_size) >= MZ_UINT32_MAX)
+        return mz_zip_set_error(pZip, MZ_ZIP_UNSUPPORTED_CDIR_SIZE);
+
+    if (!mz_zip_writer_create_central_dir_header(pZip, central_dir_header, filename_size, extra_size + user_extra_data_len, comment_size, uncomp_size, comp_size, uncomp_crc32, method, bit_flags, dos_time, dos_date, local_header_ofs, ext_attributes))
+        return mz_zip_set_error(pZip, MZ_ZIP_INTERNAL_ERROR);
+
+    if ((!mz_zip_array_push_back(pZip, &pState->m_central_dir, central_dir_header, MZ_ZIP_CENTRAL_DIR_HEADER_SIZE)) ||
+        (!mz_zip_array_push_back(pZip, &pState->m_central_dir, pFilename, filename_size)) ||
+        (!mz_zip_array_push_back(pZip, &pState->m_central_dir, pExtra, extra_size)) ||
+        (!mz_zip_array_push_back(pZip, &pState->m_central_dir, user_extra_data, user_extra_data_len)) ||
+        (!mz_zip_array_push_back(pZip, &pState->m_central_dir, pComment, comment_size)) ||
+        (!mz_zip_array_push_back(pZip, &pState->m_central_dir_offsets, &central_dir_ofs, 1)))
+    {
+        /* Try to resize the central directory array back into its original state. */
+        mz_zip_array_resize(pZip, &pState->m_central_dir, orig_central_dir_size, MZ_FALSE);
+        return mz_zip_set_error(pZip, MZ_ZIP_ALLOC_FAILED);
+    }
+
+    return MZ_TRUE;
+}
+
+static mz_bool mz_zip_writer_validate_archive_name(const char *pArchive_name)
+{
+    /* Basic ZIP archive filename validity checks: Valid filenames cannot start with a forward slash, cannot contain a drive letter, and cannot use DOS-style backward slashes. */
+    if (*pArchive_name == '/')
+        return MZ_FALSE;
+
+    while (*pArchive_name)
+    {
+        if ((*pArchive_name == '\\') || (*pArchive_name == ':'))
+            return MZ_FALSE;
+
+        pArchive_name++;
+    }
+
+    return MZ_TRUE;
+}
+
+static mz_uint mz_zip_writer_compute_padding_needed_for_file_alignment(mz_zip_archive *pZip)
+{
+    mz_uint32 n;
+    if (!pZip->m_file_offset_alignment)
+        return 0;
+    n = (mz_uint32)(pZip->m_archive_size & (pZip->m_file_offset_alignment - 1));
+    return (mz_uint)((pZip->m_file_offset_alignment - n) & (pZip->m_file_offset_alignment - 1));
+}
+
+static mz_bool mz_zip_writer_write_zeros(mz_zip_archive *pZip, mz_uint64 cur_file_ofs, mz_uint32 n)
+{
+    char buf[4096];
+    memset(buf, 0, MZ_MIN(sizeof(buf), n));
+    while (n)
+    {
+        mz_uint32 s = MZ_MIN(sizeof(buf), n);
+        if (pZip->m_pWrite(pZip->m_pIO_opaque, cur_file_ofs, buf, s) != s)
+            return mz_zip_set_error(pZip, MZ_ZIP_FILE_WRITE_FAILED);
+
+        cur_file_ofs += s;
+        n -= s;
+    }
+    return MZ_TRUE;
+}
+
+mz_bool mz_zip_writer_add_mem_ex(mz_zip_archive *pZip, const char *pArchive_name, const void *pBuf, size_t buf_size, const void *pComment, mz_uint16 comment_size, mz_uint level_and_flags,
+                                 mz_uint64 uncomp_size, mz_uint32 uncomp_crc32)
+{
+    return mz_zip_writer_add_mem_ex_v2(pZip, pArchive_name, pBuf, buf_size, pComment, comment_size, level_and_flags, uncomp_size, uncomp_crc32, NULL, NULL, 0, NULL, 0);
+}
+
+mz_bool mz_zip_writer_add_mem_ex_v2(mz_zip_archive *pZip, const char *pArchive_name, const void *pBuf, size_t buf_size, const void *pComment, mz_uint16 comment_size,
+                                    mz_uint level_and_flags, mz_uint64 uncomp_size, mz_uint32 uncomp_crc32, MZ_TIME_T *last_modified,
+                                    const char *user_extra_data, mz_uint user_extra_data_len, const char *user_extra_data_central, mz_uint user_extra_data_central_len)
+{
+    mz_uint16 method = 0, dos_time = 0, dos_date = 0;
+    mz_uint level, ext_attributes = 0, num_alignment_padding_bytes;
+    mz_uint64 local_dir_header_ofs = pZip->m_archive_size, cur_archive_file_ofs = pZip->m_archive_size, comp_size = 0;
+    size_t archive_name_size;
+    mz_uint8 local_dir_header[MZ_ZIP_LOCAL_DIR_HEADER_SIZE];
+    tdefl_compressor *pComp = NULL;
+    mz_bool store_data_uncompressed;
+    mz_zip_internal_state *pState;
+    mz_uint8 *pExtra_data = NULL;
+    mz_uint32 extra_size = 0;
+    mz_uint8 extra_data[MZ_ZIP64_MAX_CENTRAL_EXTRA_FIELD_SIZE];
+    mz_uint16 bit_flags = 0;
+
+    if (uncomp_size || (buf_size && !(level_and_flags & MZ_ZIP_FLAG_COMPRESSED_DATA)))
+        bit_flags |= MZ_ZIP_LDH_BIT_FLAG_HAS_LOCATOR;
+
+    if (level_and_flags & MZ_ZIP_FLAG_UTF8_FILENAME)
+        bit_flags |= MZ_ZIP_GENERAL_PURPOSE_BIT_FLAG_UTF8;
+
+    if ((int)level_and_flags < 0)
+        level_and_flags = MZ_DEFAULT_LEVEL;
+    level = level_and_flags & 0xF;
+    store_data_uncompressed = ((!level) || (level_and_flags & MZ_ZIP_FLAG_COMPRESSED_DATA));
+
+    if ((!pZip) || (!pZip->m_pState) || (pZip->m_zip_mode != MZ_ZIP_MODE_WRITING) || ((buf_size) && (!pBuf)) || (!pArchive_name) || ((comment_size) && (!pComment)) || (level > MZ_UBER_COMPRESSION))
+        return mz_zip_set_error(pZip, MZ_ZIP_INVALID_PARAMETER);
+
+    pState = pZip->m_pState;
+
+    if (pState->m_zip64)
+    {
+        if (pZip->m_total_files == MZ_UINT32_MAX)
+            return mz_zip_set_error(pZip, MZ_ZIP_TOO_MANY_FILES);
+    }
+    else
+    {
+        if (pZip->m_total_files == MZ_UINT16_MAX)
+        {
+            pState->m_zip64 = MZ_TRUE;
+            /*return mz_zip_set_error(pZip, MZ_ZIP_TOO_MANY_FILES); */
+        }
+        if ((buf_size > 0xFFFFFFFF) || (uncomp_size > 0xFFFFFFFF))
+        {
+            pState->m_zip64 = MZ_TRUE;
+            /*return mz_zip_set_error(pZip, MZ_ZIP_ARCHIVE_TOO_LARGE); */
+        }
+    }
+
+    if ((!(level_and_flags & MZ_ZIP_FLAG_COMPRESSED_DATA)) && (uncomp_size))
+        return mz_zip_set_error(pZip, MZ_ZIP_INVALID_PARAMETER);
+
+    if (!mz_zip_writer_validate_archive_name(pArchive_name))
+        return mz_zip_set_error(pZip, MZ_ZIP_INVALID_FILENAME);
+
+    if (last_modified != NULL)
+    {
+        mz_zip_time_t_to_dos_time(*last_modified, &dos_time, &dos_date);
+    }
+    else
+    {
+#ifndef MINIZ_NO_TIME
+        {
+            MZ_TIME_T cur_time;
+            time(&cur_time);
+            mz_zip_time_t_to_dos_time(cur_time, &dos_time, &dos_date);
+        }
+#endif /* #ifndef MINIZ_NO_TIME */
+    }
+
+    archive_name_size = strlen(pArchive_name);
+    if (archive_name_size > MZ_UINT16_MAX)
+        return mz_zip_set_error(pZip, MZ_ZIP_INVALID_FILENAME);
+
+    num_alignment_padding_bytes = mz_zip_writer_compute_padding_needed_for_file_alignment(pZip);
+
+    /* miniz doesn't support central dirs >= MZ_UINT32_MAX bytes yet */
+    if (((mz_uint64)pState->m_central_dir.m_size + MZ_ZIP_CENTRAL_DIR_HEADER_SIZE + archive_name_size + MZ_ZIP64_MAX_CENTRAL_EXTRA_FIELD_SIZE + comment_size) >= MZ_UINT32_MAX)
+        return mz_zip_set_error(pZip, MZ_ZIP_UNSUPPORTED_CDIR_SIZE);
+
+    if (!pState->m_zip64)
+    {
+        /* Bail early if the archive would obviously become too large */
+        if ((pZip->m_archive_size + num_alignment_padding_bytes + MZ_ZIP_LOCAL_DIR_HEADER_SIZE + archive_name_size + MZ_ZIP_CENTRAL_DIR_HEADER_SIZE + archive_name_size + comment_size + pState->m_central_dir.m_size + MZ_ZIP_END_OF_CENTRAL_DIR_HEADER_SIZE) > 0xFFFFFFFF)
+        {
+            pState->m_zip64 = MZ_TRUE;
+            /*return mz_zip_set_error(pZip, MZ_ZIP_ARCHIVE_TOO_LARGE); */
+        }
+    }
+
+    if ((archive_name_size) && (pArchive_name[archive_name_size - 1] == '/'))
+    {
+        /* Set DOS Subdirectory attribute bit. */
+        ext_attributes |= MZ_ZIP_DOS_DIR_ATTRIBUTE_BITFLAG;
+
+        /* Subdirectories cannot contain data. */
+        if ((buf_size) || (uncomp_size))
+            return mz_zip_set_error(pZip, MZ_ZIP_INVALID_PARAMETER);
+    }
+
+    /* Try to do any allocations before writing to the archive, so if an allocation fails the file remains unmodified. (A good idea if we're doing an in-place modification.) */
+    if ((!mz_zip_array_ensure_room(pZip, &pState->m_central_dir, MZ_ZIP_CENTRAL_DIR_HEADER_SIZE + archive_name_size + comment_size + (pState->m_zip64 ? MZ_ZIP64_MAX_CENTRAL_EXTRA_FIELD_SIZE : 0))) || (!mz_zip_array_ensure_room(pZip, &pState->m_central_dir_offsets, 1)))
+        return mz_zip_set_error(pZip, MZ_ZIP_ALLOC_FAILED);
+
+    if ((!store_data_uncompressed) && (buf_size))
+    {
+        if (NULL == (pComp = (tdefl_compressor *)pZip->m_pAlloc(pZip->m_pAlloc_opaque, 1, sizeof(tdefl_compressor))))
+            return mz_zip_set_error(pZip, MZ_ZIP_ALLOC_FAILED);
+    }
+
+    if (!mz_zip_writer_write_zeros(pZip, cur_archive_file_ofs, num_alignment_padding_bytes))
+    {
+        pZip->m_pFree(pZip->m_pAlloc_opaque, pComp);
+        return MZ_FALSE;
+    }
+
+    local_dir_header_ofs += num_alignment_padding_bytes;
+    if (pZip->m_file_offset_alignment)
+    {
+        MZ_ASSERT((local_dir_header_ofs & (pZip->m_file_offset_alignment - 1)) == 0);
+    }
+    cur_archive_file_ofs += num_alignment_padding_bytes;
+
+    MZ_CLEAR_OBJ(local_dir_header);
+
+    if (!store_data_uncompressed || (level_and_flags & MZ_ZIP_FLAG_COMPRESSED_DATA))
+    {
+        method = MZ_DEFLATED;
+    }
+
+    if (pState->m_zip64)
+    {
+        if (uncomp_size >= MZ_UINT32_MAX || local_dir_header_ofs >= MZ_UINT32_MAX)
+        {
+            pExtra_data = extra_data;
+            extra_size = mz_zip_writer_create_zip64_extra_data(extra_data, (uncomp_size >= MZ_UINT32_MAX) ? &uncomp_size : NULL,
+                                                               (uncomp_size >= MZ_UINT32_MAX) ? &comp_size : NULL, (local_dir_header_ofs >= MZ_UINT32_MAX) ? &local_dir_header_ofs : NULL);
+        }
+
+        if (!mz_zip_writer_create_local_dir_header(pZip, local_dir_header, (mz_uint16)archive_name_size, extra_size + user_extra_data_len, 0, 0, 0, method, bit_flags, dos_time, dos_date))
+            return mz_zip_set_error(pZip, MZ_ZIP_INTERNAL_ERROR);
+
+        if (pZip->m_pWrite(pZip->m_pIO_opaque, local_dir_header_ofs, local_dir_header, sizeof(local_dir_header)) != sizeof(local_dir_header))
+            return mz_zip_set_error(pZip, MZ_ZIP_FILE_WRITE_FAILED);
+
+        cur_archive_file_ofs += sizeof(local_dir_header);
+
+        if (pZip->m_pWrite(pZip->m_pIO_opaque, cur_archive_file_ofs, pArchive_name, archive_name_size) != archive_name_size)
+        {
+            pZip->m_pFree(pZip->m_pAlloc_opaque, pComp);
+            return mz_zip_set_error(pZip, MZ_ZIP_FILE_WRITE_FAILED);
+        }
+        cur_archive_file_ofs += archive_name_size;
+
+        if (pExtra_data != NULL)
+        {
+            if (pZip->m_pWrite(pZip->m_pIO_opaque, cur_archive_file_ofs, extra_data, extra_size) != extra_size)
+                return mz_zip_set_error(pZip, MZ_ZIP_FILE_WRITE_FAILED);
+
+            cur_archive_file_ofs += extra_size;
+        }
+    }
+    else
+    {
+        if ((comp_size > MZ_UINT32_MAX) || (cur_archive_file_ofs > MZ_UINT32_MAX))
+            return mz_zip_set_error(pZip, MZ_ZIP_ARCHIVE_TOO_LARGE);
+        if (!mz_zip_writer_create_local_dir_header(pZip, local_dir_header, (mz_uint16)archive_name_size, user_extra_data_len, 0, 0, 0, method, bit_flags, dos_time, dos_date))
+            return mz_zip_set_error(pZip, MZ_ZIP_INTERNAL_ERROR);
+
+        if (pZip->m_pWrite(pZip->m_pIO_opaque, local_dir_header_ofs, local_dir_header, sizeof(local_dir_header)) != sizeof(local_dir_header))
+            return mz_zip_set_error(pZip, MZ_ZIP_FILE_WRITE_FAILED);
+
+        cur_archive_file_ofs += sizeof(local_dir_header);
+
+        if (pZip->m_pWrite(pZip->m_pIO_opaque, cur_archive_file_ofs, pArchive_name, archive_name_size) != archive_name_size)
+        {
+            pZip->m_pFree(pZip->m_pAlloc_opaque, pComp);
+            return mz_zip_set_error(pZip, MZ_ZIP_FILE_WRITE_FAILED);
+        }
+        cur_archive_file_ofs += archive_name_size;
+    }
+
+    if (user_extra_data_len > 0)
+    {
+        if (pZip->m_pWrite(pZip->m_pIO_opaque, cur_archive_file_ofs, user_extra_data, user_extra_data_len) != user_extra_data_len)
+            return mz_zip_set_error(pZip, MZ_ZIP_FILE_WRITE_FAILED);
+
+        cur_archive_file_ofs += user_extra_data_len;
+    }
+
+    if (!(level_and_flags & MZ_ZIP_FLAG_COMPRESSED_DATA))
+    {
+        uncomp_crc32 = (mz_uint32)mz_crc32(MZ_CRC32_INIT, (const mz_uint8 *)pBuf, buf_size);
+        uncomp_size = buf_size;
+        if (uncomp_size <= 3)
+        {
+            level = 0;
+            store_data_uncompressed = MZ_TRUE;
+        }
+    }
+
+    if (store_data_uncompressed)
+    {
+        if (pZip->m_pWrite(pZip->m_pIO_opaque, cur_archive_file_ofs, pBuf, buf_size) != buf_size)
+        {
+            pZip->m_pFree(pZip->m_pAlloc_opaque, pComp);
+            return mz_zip_set_error(pZip, MZ_ZIP_FILE_WRITE_FAILED);
+        }
+
+        cur_archive_file_ofs += buf_size;
+        comp_size = buf_size;
+    }
+    else if (buf_size)
+    {
+        mz_zip_writer_add_state state;
+
+        state.m_pZip = pZip;
+        state.m_cur_archive_file_ofs = cur_archive_file_ofs;
+        state.m_comp_size = 0;
+
+        if ((tdefl_init(pComp, mz_zip_writer_add_put_buf_callback, &state, tdefl_create_comp_flags_from_zip_params(level, -15, MZ_DEFAULT_STRATEGY)) != TDEFL_STATUS_OKAY) ||
+            (tdefl_compress_buffer(pComp, pBuf, buf_size, TDEFL_FINISH) != TDEFL_STATUS_DONE))
+        {
+            pZip->m_pFree(pZip->m_pAlloc_opaque, pComp);
+            return mz_zip_set_error(pZip, MZ_ZIP_COMPRESSION_FAILED);
+        }
+
+        comp_size = state.m_comp_size;
+        cur_archive_file_ofs = state.m_cur_archive_file_ofs;
+    }
+
+    pZip->m_pFree(pZip->m_pAlloc_opaque, pComp);
+    pComp = NULL;
+
+    if (uncomp_size)
+    {
+        MZ_ASSERT(bit_flags & MZ_ZIP_LDH_BIT_FLAG_HAS_LOCATOR);
+
+        mz_uint8 local_dir_footer[MZ_ZIP_DATA_DESCRIPTER_SIZE64];
+        mz_uint32 local_dir_footer_size = MZ_ZIP_DATA_DESCRIPTER_SIZE32;
+
+        MZ_WRITE_LE32(local_dir_footer + 0, MZ_ZIP_DATA_DESCRIPTOR_ID);
+        MZ_WRITE_LE32(local_dir_footer + 4, uncomp_crc32);
+        if (pExtra_data == NULL)
+        {
+            if ((comp_size > MZ_UINT32_MAX) || (cur_archive_file_ofs > MZ_UINT32_MAX))
+                return mz_zip_set_error(pZip, MZ_ZIP_ARCHIVE_TOO_LARGE);
+
+            MZ_WRITE_LE32(local_dir_footer + 8, comp_size);
+            MZ_WRITE_LE32(local_dir_footer + 12, uncomp_size);
+        }
+        else
+        {
+            MZ_WRITE_LE64(local_dir_footer + 8, comp_size);
+            MZ_WRITE_LE64(local_dir_footer + 16, uncomp_size);
+            local_dir_footer_size = MZ_ZIP_DATA_DESCRIPTER_SIZE64;
+        }
+
+        if (pZip->m_pWrite(pZip->m_pIO_opaque, cur_archive_file_ofs, local_dir_footer, local_dir_footer_size) != local_dir_footer_size)
+            return MZ_FALSE;
+
+        cur_archive_file_ofs += local_dir_footer_size;
+    }
+
+    if (pExtra_data != NULL)
+    {
+        extra_size = mz_zip_writer_create_zip64_extra_data(extra_data, (uncomp_size >= MZ_UINT32_MAX) ? &uncomp_size : NULL,
+                                                           (uncomp_size >= MZ_UINT32_MAX) ? &comp_size : NULL, (local_dir_header_ofs >= MZ_UINT32_MAX) ? &local_dir_header_ofs : NULL);
+    }
+
+    if (!mz_zip_writer_add_to_central_dir(pZip, pArchive_name, (mz_uint16)archive_name_size, pExtra_data, extra_size, pComment,
+                                          comment_size, uncomp_size, comp_size, uncomp_crc32, method, bit_flags, dos_time, dos_date, local_dir_header_ofs, ext_attributes,
+                                          user_extra_data_central, user_extra_data_central_len))
+        return MZ_FALSE;
+
+    pZip->m_total_files++;
+    pZip->m_archive_size = cur_archive_file_ofs;
+
+    return MZ_TRUE;
+}
+
+#ifndef MINIZ_NO_STDIO
+mz_bool mz_zip_writer_add_cfile(mz_zip_archive *pZip, const char *pArchive_name, MZ_FILE *pSrc_file, mz_uint64 size_to_add, const MZ_TIME_T *pFile_time, const void *pComment, mz_uint16 comment_size, mz_uint level_and_flags,
+                                const char *user_extra_data, mz_uint user_extra_data_len, const char *user_extra_data_central, mz_uint user_extra_data_central_len)
+{
+    mz_uint16 gen_flags = MZ_ZIP_LDH_BIT_FLAG_HAS_LOCATOR;
+    mz_uint uncomp_crc32 = MZ_CRC32_INIT, level, num_alignment_padding_bytes;
+    mz_uint16 method = 0, dos_time = 0, dos_date = 0, ext_attributes = 0;
+    mz_uint64 local_dir_header_ofs, cur_archive_file_ofs = pZip->m_archive_size, uncomp_size = size_to_add, comp_size = 0;
+    size_t archive_name_size;
+    mz_uint8 local_dir_header[MZ_ZIP_LOCAL_DIR_HEADER_SIZE];
+    mz_uint8 *pExtra_data = NULL;
+    mz_uint32 extra_size = 0;
+    mz_uint8 extra_data[MZ_ZIP64_MAX_CENTRAL_EXTRA_FIELD_SIZE];
+    mz_zip_internal_state *pState;
+
+    if (level_and_flags & MZ_ZIP_FLAG_UTF8_FILENAME)
+        gen_flags |= MZ_ZIP_GENERAL_PURPOSE_BIT_FLAG_UTF8;
+
+    if ((int)level_and_flags < 0)
+        level_and_flags = MZ_DEFAULT_LEVEL;
+    level = level_and_flags & 0xF;
+
+    /* Sanity checks */
+    if ((!pZip) || (!pZip->m_pState) || (pZip->m_zip_mode != MZ_ZIP_MODE_WRITING) || (!pArchive_name) || ((comment_size) && (!pComment)) || (level > MZ_UBER_COMPRESSION))
+        return mz_zip_set_error(pZip, MZ_ZIP_INVALID_PARAMETER);
+
+    pState = pZip->m_pState;
+
+    if ((!pState->m_zip64) && (uncomp_size > MZ_UINT32_MAX))
+    {
+        /* Source file is too large for non-zip64 */
+        /*return mz_zip_set_error(pZip, MZ_ZIP_ARCHIVE_TOO_LARGE); */
+        pState->m_zip64 = MZ_TRUE;
+    }
+
+    /* We could support this, but why? */
+    if (level_and_flags & MZ_ZIP_FLAG_COMPRESSED_DATA)
+        return mz_zip_set_error(pZip, MZ_ZIP_INVALID_PARAMETER);
+
+    if (!mz_zip_writer_validate_archive_name(pArchive_name))
+        return mz_zip_set_error(pZip, MZ_ZIP_INVALID_FILENAME);
+
+    if (pState->m_zip64)
+    {
+        if (pZip->m_total_files == MZ_UINT32_MAX)
+            return mz_zip_set_error(pZip, MZ_ZIP_TOO_MANY_FILES);
+    }
+    else
+    {
+        if (pZip->m_total_files == MZ_UINT16_MAX)
+        {
+            pState->m_zip64 = MZ_TRUE;
+            /*return mz_zip_set_error(pZip, MZ_ZIP_TOO_MANY_FILES); */
+        }
+    }
+
+    archive_name_size = strlen(pArchive_name);
+    if (archive_name_size > MZ_UINT16_MAX)
+        return mz_zip_set_error(pZip, MZ_ZIP_INVALID_FILENAME);
+
+    num_alignment_padding_bytes = mz_zip_writer_compute_padding_needed_for_file_alignment(pZip);
+
+    /* miniz doesn't support central dirs >= MZ_UINT32_MAX bytes yet */
+    if (((mz_uint64)pState->m_central_dir.m_size + MZ_ZIP_CENTRAL_DIR_HEADER_SIZE + archive_name_size + MZ_ZIP64_MAX_CENTRAL_EXTRA_FIELD_SIZE + comment_size) >= MZ_UINT32_MAX)
+        return mz_zip_set_error(pZip, MZ_ZIP_UNSUPPORTED_CDIR_SIZE);
+
+    if (!pState->m_zip64)
+    {
+        /* Bail early if the archive would obviously become too large */
+        if ((pZip->m_archive_size + num_alignment_padding_bytes + MZ_ZIP_LOCAL_DIR_HEADER_SIZE + archive_name_size + MZ_ZIP_CENTRAL_DIR_HEADER_SIZE + archive_name_size + comment_size + pState->m_central_dir.m_size + MZ_ZIP_END_OF_CENTRAL_DIR_HEADER_SIZE + 1024) > 0xFFFFFFFF)
+        {
+            pState->m_zip64 = MZ_TRUE;
+            /*return mz_zip_set_error(pZip, MZ_ZIP_ARCHIVE_TOO_LARGE); */
+        }
+    }
+
+#ifndef MINIZ_NO_TIME
+    if (pFile_time)
+    {
+        mz_zip_time_t_to_dos_time(*pFile_time, &dos_time, &dos_date);
+    }
+#endif
+
+    if (uncomp_size <= 3)
+        level = 0;
+
+    if (!mz_zip_writer_write_zeros(pZip, cur_archive_file_ofs, num_alignment_padding_bytes))
+    {
+        return mz_zip_set_error(pZip, MZ_ZIP_FILE_WRITE_FAILED);
+    }
+
+    cur_archive_file_ofs += num_alignment_padding_bytes;
+    local_dir_header_ofs = cur_archive_file_ofs;
+
+    if (pZip->m_file_offset_alignment)
+    {
+        MZ_ASSERT((cur_archive_file_ofs & (pZip->m_file_offset_alignment - 1)) == 0);
+    }
+
+    if (uncomp_size && level)
+    {
+        method = MZ_DEFLATED;
+    }
+
+    MZ_CLEAR_OBJ(local_dir_header);
+    if (pState->m_zip64)
+    {
+        if (uncomp_size >= MZ_UINT32_MAX || local_dir_header_ofs >= MZ_UINT32_MAX)
+        {
+            pExtra_data = extra_data;
+            extra_size = mz_zip_writer_create_zip64_extra_data(extra_data, (uncomp_size >= MZ_UINT32_MAX) ? &uncomp_size : NULL,
+                                                               (uncomp_size >= MZ_UINT32_MAX) ? &comp_size : NULL, (local_dir_header_ofs >= MZ_UINT32_MAX) ? &local_dir_header_ofs : NULL);
+        }
+
+        if (!mz_zip_writer_create_local_dir_header(pZip, local_dir_header, (mz_uint16)archive_name_size, extra_size + user_extra_data_len, 0, 0, 0, method, gen_flags, dos_time, dos_date))
+            return mz_zip_set_error(pZip, MZ_ZIP_INTERNAL_ERROR);
+
+        if (pZip->m_pWrite(pZip->m_pIO_opaque, cur_archive_file_ofs, local_dir_header, sizeof(local_dir_header)) != sizeof(local_dir_header))
+            return mz_zip_set_error(pZip, MZ_ZIP_FILE_WRITE_FAILED);
+
+        cur_archive_file_ofs += sizeof(local_dir_header);
+
+        if (pZip->m_pWrite(pZip->m_pIO_opaque, cur_archive_file_ofs, pArchive_name, archive_name_size) != archive_name_size)
+        {
+            return mz_zip_set_error(pZip, MZ_ZIP_FILE_WRITE_FAILED);
+        }
+
+        cur_archive_file_ofs += archive_name_size;
+
+        if (pZip->m_pWrite(pZip->m_pIO_opaque, cur_archive_file_ofs, extra_data, extra_size) != extra_size)
+            return mz_zip_set_error(pZip, MZ_ZIP_FILE_WRITE_FAILED);
+
+        cur_archive_file_ofs += extra_size;
+    }
+    else
+    {
+        if ((comp_size > MZ_UINT32_MAX) || (cur_archive_file_ofs > MZ_UINT32_MAX))
+            return mz_zip_set_error(pZip, MZ_ZIP_ARCHIVE_TOO_LARGE);
+        if (!mz_zip_writer_create_local_dir_header(pZip, local_dir_header, (mz_uint16)archive_name_size, user_extra_data_len, 0, 0, 0, method, gen_flags, dos_time, dos_date))
+            return mz_zip_set_error(pZip, MZ_ZIP_INTERNAL_ERROR);
+
+        if (pZip->m_pWrite(pZip->m_pIO_opaque, cur_archive_file_ofs, local_dir_header, sizeof(local_dir_header)) != sizeof(local_dir_header))
+            return mz_zip_set_error(pZip, MZ_ZIP_FILE_WRITE_FAILED);
+
+        cur_archive_file_ofs += sizeof(local_dir_header);
+
+        if (pZip->m_pWrite(pZip->m_pIO_opaque, cur_archive_file_ofs, pArchive_name, archive_name_size) != archive_name_size)
+        {
+            return mz_zip_set_error(pZip, MZ_ZIP_FILE_WRITE_FAILED);
+        }
+
+        cur_archive_file_ofs += archive_name_size;
+    }
+
+    if (user_extra_data_len > 0)
+    {
+        if (pZip->m_pWrite(pZip->m_pIO_opaque, cur_archive_file_ofs, user_extra_data, user_extra_data_len) != user_extra_data_len)
+            return mz_zip_set_error(pZip, MZ_ZIP_FILE_WRITE_FAILED);
+
+        cur_archive_file_ofs += user_extra_data_len;
+    }
+
+    if (uncomp_size)
+    {
+        mz_uint64 uncomp_remaining = uncomp_size;
+        void *pRead_buf = pZip->m_pAlloc(pZip->m_pAlloc_opaque, 1, MZ_ZIP_MAX_IO_BUF_SIZE);
+        if (!pRead_buf)
+        {
+            return mz_zip_set_error(pZip, MZ_ZIP_ALLOC_FAILED);
+        }
+
+        if (!level)
+        {
+            while (uncomp_remaining)
+            {
+                mz_uint n = (mz_uint)MZ_MIN((mz_uint64)MZ_ZIP_MAX_IO_BUF_SIZE, uncomp_remaining);
+                if ((MZ_FREAD(pRead_buf, 1, n, pSrc_file) != n) || (pZip->m_pWrite(pZip->m_pIO_opaque, cur_archive_file_ofs, pRead_buf, n) != n))
+                {
+                    pZip->m_pFree(pZip->m_pAlloc_opaque, pRead_buf);
+                    return mz_zip_set_error(pZip, MZ_ZIP_FILE_READ_FAILED);
+                }
+                uncomp_crc32 = (mz_uint32)mz_crc32(uncomp_crc32, (const mz_uint8 *)pRead_buf, n);
+                uncomp_remaining -= n;
+                cur_archive_file_ofs += n;
+            }
+            comp_size = uncomp_size;
+        }
+        else
+        {
+            mz_bool result = MZ_FALSE;
+            mz_zip_writer_add_state state;
+            tdefl_compressor *pComp = (tdefl_compressor *)pZip->m_pAlloc(pZip->m_pAlloc_opaque, 1, sizeof(tdefl_compressor));
+            if (!pComp)
+            {
+                pZip->m_pFree(pZip->m_pAlloc_opaque, pRead_buf);
+                return mz_zip_set_error(pZip, MZ_ZIP_ALLOC_FAILED);
+            }
+
+            state.m_pZip = pZip;
+            state.m_cur_archive_file_ofs = cur_archive_file_ofs;
+            state.m_comp_size = 0;
+
+            if (tdefl_init(pComp, mz_zip_writer_add_put_buf_callback, &state, tdefl_create_comp_flags_from_zip_params(level, -15, MZ_DEFAULT_STRATEGY)) != TDEFL_STATUS_OKAY)
+            {
+                pZip->m_pFree(pZip->m_pAlloc_opaque, pComp);
+                pZip->m_pFree(pZip->m_pAlloc_opaque, pRead_buf);
+                return mz_zip_set_error(pZip, MZ_ZIP_INTERNAL_ERROR);
+            }
+
+            for (;;)
+            {
+                size_t in_buf_size = (mz_uint32)MZ_MIN(uncomp_remaining, (mz_uint64)MZ_ZIP_MAX_IO_BUF_SIZE);
+                tdefl_status status;
+
+                if (MZ_FREAD(pRead_buf, 1, in_buf_size, pSrc_file) != in_buf_size)
+                {
+                    mz_zip_set_error(pZip, MZ_ZIP_FILE_READ_FAILED);
+                    break;
+                }
+
+                uncomp_crc32 = (mz_uint32)mz_crc32(uncomp_crc32, (const mz_uint8 *)pRead_buf, in_buf_size);
+                uncomp_remaining -= in_buf_size;
+
+                status = tdefl_compress_buffer(pComp, pRead_buf, in_buf_size, uncomp_remaining ? TDEFL_NO_FLUSH : TDEFL_FINISH);
+                if (status == TDEFL_STATUS_DONE)
+                {
+                    result = MZ_TRUE;
+                    break;
+                }
+                else if (status != TDEFL_STATUS_OKAY)
+                {
+                    mz_zip_set_error(pZip, MZ_ZIP_COMPRESSION_FAILED);
+                    break;
+                }
+            }
+
+            pZip->m_pFree(pZip->m_pAlloc_opaque, pComp);
+
+            if (!result)
+            {
+                pZip->m_pFree(pZip->m_pAlloc_opaque, pRead_buf);
+                return MZ_FALSE;
+            }
+
+            comp_size = state.m_comp_size;
+            cur_archive_file_ofs = state.m_cur_archive_file_ofs;
+        }
+
+        pZip->m_pFree(pZip->m_pAlloc_opaque, pRead_buf);
+    }
+
+    mz_uint8 local_dir_footer[MZ_ZIP_DATA_DESCRIPTER_SIZE64];
+    mz_uint32 local_dir_footer_size = MZ_ZIP_DATA_DESCRIPTER_SIZE32;
+
+    MZ_WRITE_LE32(local_dir_footer + 0, MZ_ZIP_DATA_DESCRIPTOR_ID);
+    MZ_WRITE_LE32(local_dir_footer + 4, uncomp_crc32);
+    if (pExtra_data == NULL)
+    {
+        if (comp_size > MZ_UINT32_MAX)
+            return mz_zip_set_error(pZip, MZ_ZIP_ARCHIVE_TOO_LARGE);
+
+        MZ_WRITE_LE32(local_dir_footer + 8, comp_size);
+        MZ_WRITE_LE32(local_dir_footer + 12, uncomp_size);
+    }
+    else
+    {
+        MZ_WRITE_LE64(local_dir_footer + 8, comp_size);
+        MZ_WRITE_LE64(local_dir_footer + 16, uncomp_size);
+        local_dir_footer_size = MZ_ZIP_DATA_DESCRIPTER_SIZE64;
+    }
+
+    if (pZip->m_pWrite(pZip->m_pIO_opaque, cur_archive_file_ofs, local_dir_footer, local_dir_footer_size) != local_dir_footer_size)
+        return MZ_FALSE;
+
+    cur_archive_file_ofs += local_dir_footer_size;
+
+    if (pExtra_data != NULL)
+    {
+        extra_size = mz_zip_writer_create_zip64_extra_data(extra_data, (uncomp_size >= MZ_UINT32_MAX) ? &uncomp_size : NULL,
+                                                           (uncomp_size >= MZ_UINT32_MAX) ? &comp_size : NULL, (local_dir_header_ofs >= MZ_UINT32_MAX) ? &local_dir_header_ofs : NULL);
+    }
+
+    if (!mz_zip_writer_add_to_central_dir(pZip, pArchive_name, (mz_uint16)archive_name_size, pExtra_data, extra_size, pComment, comment_size,
+                                          uncomp_size, comp_size, uncomp_crc32, method, gen_flags, dos_time, dos_date, local_dir_header_ofs, ext_attributes,
+                                          user_extra_data_central, user_extra_data_central_len))
+        return MZ_FALSE;
+
+    pZip->m_total_files++;
+    pZip->m_archive_size = cur_archive_file_ofs;
+
+    return MZ_TRUE;
+}
+
+mz_bool mz_zip_writer_add_file(mz_zip_archive *pZip, const char *pArchive_name, const char *pSrc_filename, const void *pComment, mz_uint16 comment_size, mz_uint level_and_flags)
+{
+    MZ_FILE *pSrc_file = NULL;
+    mz_uint64 uncomp_size = 0;
+    MZ_TIME_T file_modified_time;
+    MZ_TIME_T *pFile_time = NULL;
+
+    memset(&file_modified_time, 0, sizeof(file_modified_time));
+
+#if !defined(MINIZ_NO_TIME) && !defined(MINIZ_NO_STDIO)
+    pFile_time = &file_modified_time;
+    if (!mz_zip_get_file_modified_time(pSrc_filename, &file_modified_time))
+        return mz_zip_set_error(pZip, MZ_ZIP_FILE_STAT_FAILED);
+#endif
+
+    pSrc_file = MZ_FOPEN(pSrc_filename, "rb");
+    if (!pSrc_file)
+        return mz_zip_set_error(pZip, MZ_ZIP_FILE_OPEN_FAILED);
+
+    MZ_FSEEK64(pSrc_file, 0, SEEK_END);
+    uncomp_size = MZ_FTELL64(pSrc_file);
+    MZ_FSEEK64(pSrc_file, 0, SEEK_SET);
+
+    mz_bool status = mz_zip_writer_add_cfile(pZip, pArchive_name, pSrc_file, uncomp_size, pFile_time, pComment, comment_size, level_and_flags, NULL, 0, NULL, 0);
+
+    MZ_FCLOSE(pSrc_file);
+
+    return status;
+}
+#endif /* #ifndef MINIZ_NO_STDIO */
+
+static mz_bool mz_zip_writer_update_zip64_extension_block(mz_zip_array *pNew_ext, mz_zip_archive *pZip, const mz_uint8 *pExt, uint32_t ext_len, mz_uint64 *pComp_size, mz_uint64 *pUncomp_size, mz_uint64 *pLocal_header_ofs, mz_uint32 *pDisk_start)
+{
+    /* + 64 should be enough for any new zip64 data */
+    if (!mz_zip_array_reserve(pZip, pNew_ext, ext_len + 64, MZ_FALSE))
+        return mz_zip_set_error(pZip, MZ_ZIP_ALLOC_FAILED);
+
+    mz_zip_array_resize(pZip, pNew_ext, 0, MZ_FALSE);
+
+    if ((pUncomp_size) || (pComp_size) || (pLocal_header_ofs) || (pDisk_start))
+    {
+        mz_uint8 new_ext_block[64];
+        mz_uint8 *pDst = new_ext_block;
+        mz_write_le16(pDst, MZ_ZIP64_EXTENDED_INFORMATION_FIELD_HEADER_ID);
+        mz_write_le16(pDst + sizeof(mz_uint16), 0);
+        pDst += sizeof(mz_uint16) * 2;
+
+        if (pUncomp_size)
+        {
+            mz_write_le64(pDst, *pUncomp_size);
+            pDst += sizeof(mz_uint64);
+        }
+
+        if (pComp_size)
+        {
+            mz_write_le64(pDst, *pComp_size);
+            pDst += sizeof(mz_uint64);
+        }
+
+        if (pLocal_header_ofs)
+        {
+            mz_write_le64(pDst, *pLocal_header_ofs);
+            pDst += sizeof(mz_uint64);
+        }
+
+        if (pDisk_start)
+        {
+            mz_write_le32(pDst, *pDisk_start);
+            pDst += sizeof(mz_uint32);
+        }
+
+        mz_write_le16(new_ext_block + sizeof(mz_uint16), (mz_uint16)((pDst - new_ext_block) - sizeof(mz_uint16) * 2));
+
+        if (!mz_zip_array_push_back(pZip, pNew_ext, new_ext_block, pDst - new_ext_block))
+            return mz_zip_set_error(pZip, MZ_ZIP_ALLOC_FAILED);
+    }
+
+    if ((pExt) && (ext_len))
+    {
+        mz_uint32 extra_size_remaining = ext_len;
+        const mz_uint8 *pExtra_data = pExt;
+
+        do
+        {
+            mz_uint32 field_id, field_data_size, field_total_size;
+
+            if (extra_size_remaining < (sizeof(mz_uint16) * 2))
+                return mz_zip_set_error(pZip, MZ_ZIP_INVALID_HEADER_OR_CORRUPTED);
+
+            field_id = MZ_READ_LE16(pExtra_data);
+            field_data_size = MZ_READ_LE16(pExtra_data + sizeof(mz_uint16));
+            field_total_size = field_data_size + sizeof(mz_uint16) * 2;
+
+            if (field_total_size > extra_size_remaining)
+                return mz_zip_set_error(pZip, MZ_ZIP_INVALID_HEADER_OR_CORRUPTED);
+
+            if (field_id != MZ_ZIP64_EXTENDED_INFORMATION_FIELD_HEADER_ID)
+            {
+                if (!mz_zip_array_push_back(pZip, pNew_ext, pExtra_data, field_total_size))
+                    return mz_zip_set_error(pZip, MZ_ZIP_ALLOC_FAILED);
+            }
+
+            pExtra_data += field_total_size;
+            extra_size_remaining -= field_total_size;
+        } while (extra_size_remaining);
+    }
+
+    return MZ_TRUE;
+}
+
+/* TODO: This func is now pretty freakin complex due to zip64, split it up? */
+mz_bool mz_zip_writer_add_from_zip_reader(mz_zip_archive *pZip, mz_zip_archive *pSource_zip, mz_uint src_file_index)
+{
+    mz_uint n, bit_flags, num_alignment_padding_bytes, src_central_dir_following_data_size;
+    mz_uint64 src_archive_bytes_remaining, local_dir_header_ofs;
+    mz_uint64 cur_src_file_ofs, cur_dst_file_ofs;
+    mz_uint32 local_header_u32[(MZ_ZIP_LOCAL_DIR_HEADER_SIZE + sizeof(mz_uint32) - 1) / sizeof(mz_uint32)];
+    mz_uint8 *pLocal_header = (mz_uint8 *)local_header_u32;
+    mz_uint8 new_central_header[MZ_ZIP_CENTRAL_DIR_HEADER_SIZE];
+    size_t orig_central_dir_size;
+    mz_zip_internal_state *pState;
+    void *pBuf;
+    const mz_uint8 *pSrc_central_header;
+    mz_zip_archive_file_stat src_file_stat;
+    mz_uint32 src_filename_len, src_comment_len, src_ext_len;
+    mz_uint32 local_header_filename_size, local_header_extra_len;
+    mz_uint64 local_header_comp_size, local_header_uncomp_size;
+    mz_bool found_zip64_ext_data_in_ldir = MZ_FALSE;
+
+    /* Sanity checks */
+    if ((!pZip) || (!pZip->m_pState) || (pZip->m_zip_mode != MZ_ZIP_MODE_WRITING) || (!pSource_zip->m_pRead))
+        return mz_zip_set_error(pZip, MZ_ZIP_INVALID_PARAMETER);
+
+    pState = pZip->m_pState;
+
+    /* Don't support copying files from zip64 archives to non-zip64, even though in some cases this is possible */
+    if ((pSource_zip->m_pState->m_zip64) && (!pZip->m_pState->m_zip64))
+        return mz_zip_set_error(pZip, MZ_ZIP_INVALID_PARAMETER);
+
+    /* Get pointer to the source central dir header and crack it */
+    if (NULL == (pSrc_central_header = mz_zip_get_cdh(pSource_zip, src_file_index)))
+        return mz_zip_set_error(pZip, MZ_ZIP_INVALID_PARAMETER);
+
+    if (MZ_READ_LE32(pSrc_central_header + MZ_ZIP_CDH_SIG_OFS) != MZ_ZIP_CENTRAL_DIR_HEADER_SIG)
+        return mz_zip_set_error(pZip, MZ_ZIP_INVALID_HEADER_OR_CORRUPTED);
+
+    src_filename_len = MZ_READ_LE16(pSrc_central_header + MZ_ZIP_CDH_FILENAME_LEN_OFS);
+    src_comment_len = MZ_READ_LE16(pSrc_central_header + MZ_ZIP_CDH_COMMENT_LEN_OFS);
+    src_ext_len = MZ_READ_LE16(pSrc_central_header + MZ_ZIP_CDH_EXTRA_LEN_OFS);
+    src_central_dir_following_data_size = src_filename_len + src_ext_len + src_comment_len;
+
+    /* TODO: We don't support central dir's >= MZ_UINT32_MAX bytes right now (+32 fudge factor in case we need to add more extra data) */
+    if ((pState->m_central_dir.m_size + MZ_ZIP_CENTRAL_DIR_HEADER_SIZE + src_central_dir_following_data_size + 32) >= MZ_UINT32_MAX)
+        return mz_zip_set_error(pZip, MZ_ZIP_UNSUPPORTED_CDIR_SIZE);
+
+    num_alignment_padding_bytes = mz_zip_writer_compute_padding_needed_for_file_alignment(pZip);
+
+    if (!pState->m_zip64)
+    {
+        if (pZip->m_total_files == MZ_UINT16_MAX)
+            return mz_zip_set_error(pZip, MZ_ZIP_TOO_MANY_FILES);
+    }
+    else
+    {
+        /* TODO: Our zip64 support still has some 32-bit limits that may not be worth fixing. */
+        if (pZip->m_total_files == MZ_UINT32_MAX)
+            return mz_zip_set_error(pZip, MZ_ZIP_TOO_MANY_FILES);
+    }
+
+    if (!mz_zip_file_stat_internal(pSource_zip, src_file_index, pSrc_central_header, &src_file_stat, NULL))
+        return MZ_FALSE;
+
+    cur_src_file_ofs = src_file_stat.m_local_header_ofs;
+    cur_dst_file_ofs = pZip->m_archive_size;
+
+    /* Read the source archive's local dir header */
+    if (pSource_zip->m_pRead(pSource_zip->m_pIO_opaque, cur_src_file_ofs, pLocal_header, MZ_ZIP_LOCAL_DIR_HEADER_SIZE) != MZ_ZIP_LOCAL_DIR_HEADER_SIZE)
+        return mz_zip_set_error(pZip, MZ_ZIP_FILE_READ_FAILED);
+
+    if (MZ_READ_LE32(pLocal_header) != MZ_ZIP_LOCAL_DIR_HEADER_SIG)
+        return mz_zip_set_error(pZip, MZ_ZIP_INVALID_HEADER_OR_CORRUPTED);
+
+    cur_src_file_ofs += MZ_ZIP_LOCAL_DIR_HEADER_SIZE;
+
+    /* Compute the total size we need to copy (filename+extra data+compressed data) */
+    local_header_filename_size = MZ_READ_LE16(pLocal_header + MZ_ZIP_LDH_FILENAME_LEN_OFS);
+    local_header_extra_len = MZ_READ_LE16(pLocal_header + MZ_ZIP_LDH_EXTRA_LEN_OFS);
+    local_header_comp_size = MZ_READ_LE32(pLocal_header + MZ_ZIP_LDH_COMPRESSED_SIZE_OFS);
+    local_header_uncomp_size = MZ_READ_LE32(pLocal_header + MZ_ZIP_LDH_DECOMPRESSED_SIZE_OFS);
+    src_archive_bytes_remaining = local_header_filename_size + local_header_extra_len + src_file_stat.m_comp_size;
+
+    /* Try to find a zip64 extended information field */
+    if ((local_header_extra_len) && ((local_header_comp_size == MZ_UINT32_MAX) || (local_header_uncomp_size == MZ_UINT32_MAX)))
+    {
+        mz_zip_array file_data_array;
+        mz_zip_array_init(&file_data_array, 1);
+        if (!mz_zip_array_resize(pZip, &file_data_array, local_header_extra_len, MZ_FALSE))
+        {
+            return mz_zip_set_error(pZip, MZ_ZIP_ALLOC_FAILED);
+        }
+
+        if (pSource_zip->m_pRead(pSource_zip->m_pIO_opaque, src_file_stat.m_local_header_ofs + MZ_ZIP_LOCAL_DIR_HEADER_SIZE + local_header_filename_size, file_data_array.m_p, local_header_extra_len) != local_header_extra_len)
+        {
+            mz_zip_array_clear(pZip, &file_data_array);
+            return mz_zip_set_error(pZip, MZ_ZIP_FILE_READ_FAILED);
+        }
+
+        mz_uint32 extra_size_remaining = local_header_extra_len;
+        const mz_uint8 *pExtra_data = (const mz_uint8 *)file_data_array.m_p;
+
+        do
+        {
+            mz_uint32 field_id, field_data_size, field_total_size;
+
+            if (extra_size_remaining < (sizeof(mz_uint16) * 2))
+            {
+                mz_zip_array_clear(pZip, &file_data_array);
+                return mz_zip_set_error(pZip, MZ_ZIP_INVALID_HEADER_OR_CORRUPTED);
+            }
+
+            field_id = MZ_READ_LE16(pExtra_data);
+            field_data_size = MZ_READ_LE16(pExtra_data + sizeof(mz_uint16));
+            field_total_size = field_data_size + sizeof(mz_uint16) * 2;
+
+            if (field_total_size > extra_size_remaining)
+            {
+                mz_zip_array_clear(pZip, &file_data_array);
+                return mz_zip_set_error(pZip, MZ_ZIP_INVALID_HEADER_OR_CORRUPTED);
+            }
+
+            if (field_id == MZ_ZIP64_EXTENDED_INFORMATION_FIELD_HEADER_ID)
+            {
+                const mz_uint8 *pSrc_field_data = pExtra_data + sizeof(mz_uint32);
+
+                if (field_data_size < sizeof(mz_uint64) * 2)
+                {
+                    mz_zip_array_clear(pZip, &file_data_array);
+                    return mz_zip_set_error(pZip, MZ_ZIP_INVALID_HEADER_OR_CORRUPTED);
+                }
+
+                local_header_uncomp_size = MZ_READ_LE64(pSrc_field_data);
+                local_header_comp_size = MZ_READ_LE64(pSrc_field_data + sizeof(mz_uint64)); /* may be 0 if there's a descriptor */
+
+                found_zip64_ext_data_in_ldir = MZ_TRUE;
+                break;
+            }
+
+            pExtra_data += field_total_size;
+            extra_size_remaining -= field_total_size;
+        } while (extra_size_remaining);
+
+        mz_zip_array_clear(pZip, &file_data_array);
+    }
+
+    if (!pState->m_zip64)
+    {
+        /* Try to detect if the new archive will most likely wind up too big and bail early (+(sizeof(mz_uint32) * 4) is for the optional descriptor which could be present, +64 is a fudge factor). */
+        /* We also check when the archive is finalized so this doesn't need to be perfect. */
+        mz_uint64 approx_new_archive_size = cur_dst_file_ofs + num_alignment_padding_bytes + MZ_ZIP_LOCAL_DIR_HEADER_SIZE + src_archive_bytes_remaining + (sizeof(mz_uint32) * 4) +
+                                            pState->m_central_dir.m_size + MZ_ZIP_CENTRAL_DIR_HEADER_SIZE + src_central_dir_following_data_size + MZ_ZIP_END_OF_CENTRAL_DIR_HEADER_SIZE + 64;
+
+        if (approx_new_archive_size >= MZ_UINT32_MAX)
+            return mz_zip_set_error(pZip, MZ_ZIP_ARCHIVE_TOO_LARGE);
+    }
+
+    /* Write dest archive padding */
+    if (!mz_zip_writer_write_zeros(pZip, cur_dst_file_ofs, num_alignment_padding_bytes))
+        return MZ_FALSE;
+
+    cur_dst_file_ofs += num_alignment_padding_bytes;
+
+    local_dir_header_ofs = cur_dst_file_ofs;
+    if (pZip->m_file_offset_alignment)
+    {
+        MZ_ASSERT((local_dir_header_ofs & (pZip->m_file_offset_alignment - 1)) == 0);
+    }
+
+    /* The original zip's local header+ext block doesn't change, even with zip64, so we can just copy it over to the dest zip */
+    if (pZip->m_pWrite(pZip->m_pIO_opaque, cur_dst_file_ofs, pLocal_header, MZ_ZIP_LOCAL_DIR_HEADER_SIZE) != MZ_ZIP_LOCAL_DIR_HEADER_SIZE)
+        return mz_zip_set_error(pZip, MZ_ZIP_FILE_WRITE_FAILED);
+
+    cur_dst_file_ofs += MZ_ZIP_LOCAL_DIR_HEADER_SIZE;
+
+    /* Copy over the source archive bytes to the dest archive, also ensure we have enough buf space to handle optional data descriptor */
+    if (NULL == (pBuf = pZip->m_pAlloc(pZip->m_pAlloc_opaque, 1, (size_t)MZ_MAX(32U, MZ_MIN((mz_uint64)MZ_ZIP_MAX_IO_BUF_SIZE, src_archive_bytes_remaining)))))
+        return mz_zip_set_error(pZip, MZ_ZIP_ALLOC_FAILED);
+
+    while (src_archive_bytes_remaining)
+    {
+        n = (mz_uint)MZ_MIN((mz_uint64)MZ_ZIP_MAX_IO_BUF_SIZE, src_archive_bytes_remaining);
+        if (pSource_zip->m_pRead(pSource_zip->m_pIO_opaque, cur_src_file_ofs, pBuf, n) != n)
+        {
+            pZip->m_pFree(pZip->m_pAlloc_opaque, pBuf);
+            return mz_zip_set_error(pZip, MZ_ZIP_FILE_READ_FAILED);
+        }
+        cur_src_file_ofs += n;
+
+        if (pZip->m_pWrite(pZip->m_pIO_opaque, cur_dst_file_ofs, pBuf, n) != n)
+        {
+            pZip->m_pFree(pZip->m_pAlloc_opaque, pBuf);
+            return mz_zip_set_error(pZip, MZ_ZIP_FILE_WRITE_FAILED);
+        }
+        cur_dst_file_ofs += n;
+
+        src_archive_bytes_remaining -= n;
+    }
+
+    /* Now deal with the optional data descriptor */
+    bit_flags = MZ_READ_LE16(pLocal_header + MZ_ZIP_LDH_BIT_FLAG_OFS);
+    if (bit_flags & 8)
+    {
+        /* Copy data descriptor */
+        if ((pSource_zip->m_pState->m_zip64) || (found_zip64_ext_data_in_ldir))
+        {
+            /* src is zip64, dest must be zip64 */
+
+            /* name			uint32_t's */
+            /* id				1 (optional in zip64?) */
+            /* crc			1 */
+            /* comp_size	2 */
+            /* uncomp_size 2 */
+            if (pSource_zip->m_pRead(pSource_zip->m_pIO_opaque, cur_src_file_ofs, pBuf, (sizeof(mz_uint32) * 6)) != (sizeof(mz_uint32) * 6))
+            {
+                pZip->m_pFree(pZip->m_pAlloc_opaque, pBuf);
+                return mz_zip_set_error(pZip, MZ_ZIP_FILE_READ_FAILED);
+            }
+
+            n = sizeof(mz_uint32) * ((MZ_READ_LE32(pBuf) == MZ_ZIP_DATA_DESCRIPTOR_ID) ? 6 : 5);
+        }
+        else
+        {
+            /* src is NOT zip64 */
+            mz_bool has_id;
+
+            if (pSource_zip->m_pRead(pSource_zip->m_pIO_opaque, cur_src_file_ofs, pBuf, sizeof(mz_uint32) * 4) != sizeof(mz_uint32) * 4)
+            {
+                pZip->m_pFree(pZip->m_pAlloc_opaque, pBuf);
+                return mz_zip_set_error(pZip, MZ_ZIP_FILE_READ_FAILED);
+            }
+
+            has_id = (MZ_READ_LE32(pBuf) == MZ_ZIP_DATA_DESCRIPTOR_ID);
+
+            if (pZip->m_pState->m_zip64)
+            {
+                /* dest is zip64, so upgrade the data descriptor */
+                const mz_uint32 *pSrc_descriptor = (const mz_uint32 *)((const mz_uint8 *)pBuf + (has_id ? sizeof(mz_uint32) : 0));
+                const mz_uint32 src_crc32 = pSrc_descriptor[0];
+                const mz_uint64 src_comp_size = pSrc_descriptor[1];
+                const mz_uint64 src_uncomp_size = pSrc_descriptor[2];
+
+                mz_write_le32((mz_uint8 *)pBuf, MZ_ZIP_DATA_DESCRIPTOR_ID);
+                mz_write_le32((mz_uint8 *)pBuf + sizeof(mz_uint32) * 1, src_crc32);
+                mz_write_le64((mz_uint8 *)pBuf + sizeof(mz_uint32) * 2, src_comp_size);
+                mz_write_le64((mz_uint8 *)pBuf + sizeof(mz_uint32) * 4, src_uncomp_size);
+
+                n = sizeof(mz_uint32) * 6;
+            }
+            else
+            {
+                /* dest is NOT zip64, just copy it as-is */
+                n = sizeof(mz_uint32) * (has_id ? 4 : 3);
+            }
+        }
+
+        if (pZip->m_pWrite(pZip->m_pIO_opaque, cur_dst_file_ofs, pBuf, n) != n)
+        {
+            pZip->m_pFree(pZip->m_pAlloc_opaque, pBuf);
+            return mz_zip_set_error(pZip, MZ_ZIP_FILE_WRITE_FAILED);
+        }
+
+        cur_src_file_ofs += n;
+        cur_dst_file_ofs += n;
+    }
+    pZip->m_pFree(pZip->m_pAlloc_opaque, pBuf);
+
+    /* Finally, add the new central dir header */
+    orig_central_dir_size = pState->m_central_dir.m_size;
+
+    memcpy(new_central_header, pSrc_central_header, MZ_ZIP_CENTRAL_DIR_HEADER_SIZE);
+
+    if (pState->m_zip64)
+    {
+        /* This is the painful part: We need to write a new central dir header + ext block with updated zip64 fields, and ensure the old fields (if any) are not included. */
+        const mz_uint8 *pSrc_ext = pSrc_central_header + MZ_ZIP_CENTRAL_DIR_HEADER_SIZE + src_filename_len;
+        mz_zip_array new_ext_block;
+
+        mz_zip_array_init(&new_ext_block, sizeof(mz_uint8));
+
+        MZ_WRITE_LE32(new_central_header + MZ_ZIP_CDH_COMPRESSED_SIZE_OFS, MZ_UINT32_MAX);
+        MZ_WRITE_LE32(new_central_header + MZ_ZIP_CDH_DECOMPRESSED_SIZE_OFS, MZ_UINT32_MAX);
+        MZ_WRITE_LE32(new_central_header + MZ_ZIP_CDH_LOCAL_HEADER_OFS, MZ_UINT32_MAX);
+
+        if (!mz_zip_writer_update_zip64_extension_block(&new_ext_block, pZip, pSrc_ext, src_ext_len, &src_file_stat.m_comp_size, &src_file_stat.m_uncomp_size, &local_dir_header_ofs, NULL))
+        {
+            mz_zip_array_clear(pZip, &new_ext_block);
+            return MZ_FALSE;
+        }
+
+        MZ_WRITE_LE16(new_central_header + MZ_ZIP_CDH_EXTRA_LEN_OFS, new_ext_block.m_size);
+
+        if (!mz_zip_array_push_back(pZip, &pState->m_central_dir, new_central_header, MZ_ZIP_CENTRAL_DIR_HEADER_SIZE))
+        {
+            mz_zip_array_clear(pZip, &new_ext_block);
+            return mz_zip_set_error(pZip, MZ_ZIP_ALLOC_FAILED);
+        }
+
+        if (!mz_zip_array_push_back(pZip, &pState->m_central_dir, pSrc_central_header + MZ_ZIP_CENTRAL_DIR_HEADER_SIZE, src_filename_len))
+        {
+            mz_zip_array_clear(pZip, &new_ext_block);
+            mz_zip_array_resize(pZip, &pState->m_central_dir, orig_central_dir_size, MZ_FALSE);
+            return mz_zip_set_error(pZip, MZ_ZIP_ALLOC_FAILED);
+        }
+
+        if (!mz_zip_array_push_back(pZip, &pState->m_central_dir, new_ext_block.m_p, new_ext_block.m_size))
+        {
+            mz_zip_array_clear(pZip, &new_ext_block);
+            mz_zip_array_resize(pZip, &pState->m_central_dir, orig_central_dir_size, MZ_FALSE);
+            return mz_zip_set_error(pZip, MZ_ZIP_ALLOC_FAILED);
+        }
+
+        if (!mz_zip_array_push_back(pZip, &pState->m_central_dir, pSrc_central_header + MZ_ZIP_CENTRAL_DIR_HEADER_SIZE + src_filename_len + src_ext_len, src_comment_len))
+        {
+            mz_zip_array_clear(pZip, &new_ext_block);
+            mz_zip_array_resize(pZip, &pState->m_central_dir, orig_central_dir_size, MZ_FALSE);
+            return mz_zip_set_error(pZip, MZ_ZIP_ALLOC_FAILED);
+        }
+
+        mz_zip_array_clear(pZip, &new_ext_block);
+    }
+    else
+    {
+        /* sanity checks */
+        if (cur_dst_file_ofs > MZ_UINT32_MAX)
+            return mz_zip_set_error(pZip, MZ_ZIP_ARCHIVE_TOO_LARGE);
+
+        if (local_dir_header_ofs >= MZ_UINT32_MAX)
+            return mz_zip_set_error(pZip, MZ_ZIP_ARCHIVE_TOO_LARGE);
+
+        MZ_WRITE_LE32(new_central_header + MZ_ZIP_CDH_LOCAL_HEADER_OFS, local_dir_header_ofs);
+
+        if (!mz_zip_array_push_back(pZip, &pState->m_central_dir, new_central_header, MZ_ZIP_CENTRAL_DIR_HEADER_SIZE))
+            return mz_zip_set_error(pZip, MZ_ZIP_ALLOC_FAILED);
+
+        if (!mz_zip_array_push_back(pZip, &pState->m_central_dir, pSrc_central_header + MZ_ZIP_CENTRAL_DIR_HEADER_SIZE, src_central_dir_following_data_size))
+        {
+            mz_zip_array_resize(pZip, &pState->m_central_dir, orig_central_dir_size, MZ_FALSE);
+            return mz_zip_set_error(pZip, MZ_ZIP_ALLOC_FAILED);
+        }
+    }
+
+    /* This shouldn't trigger unless we screwed up during the initial sanity checks */
+    if (pState->m_central_dir.m_size >= MZ_UINT32_MAX)
+    {
+        /* TODO: Support central dirs >= 32-bits in size */
+        mz_zip_array_resize(pZip, &pState->m_central_dir, orig_central_dir_size, MZ_FALSE);
+        return mz_zip_set_error(pZip, MZ_ZIP_UNSUPPORTED_CDIR_SIZE);
+    }
+
+    n = (mz_uint32)orig_central_dir_size;
+    if (!mz_zip_array_push_back(pZip, &pState->m_central_dir_offsets, &n, 1))
+    {
+        mz_zip_array_resize(pZip, &pState->m_central_dir, orig_central_dir_size, MZ_FALSE);
+        return mz_zip_set_error(pZip, MZ_ZIP_ALLOC_FAILED);
+    }
+
+    pZip->m_total_files++;
+    pZip->m_archive_size = cur_dst_file_ofs;
+
+    return MZ_TRUE;
+}
+
+mz_bool mz_zip_writer_finalize_archive(mz_zip_archive *pZip)
+{
+    mz_zip_internal_state *pState;
+    mz_uint64 central_dir_ofs, central_dir_size;
+    mz_uint8 hdr[256];
+
+    if ((!pZip) || (!pZip->m_pState) || (pZip->m_zip_mode != MZ_ZIP_MODE_WRITING))
+        return mz_zip_set_error(pZip, MZ_ZIP_INVALID_PARAMETER);
+
+    pState = pZip->m_pState;
+
+    if (pState->m_zip64)
+    {
+        if ((pZip->m_total_files > MZ_UINT32_MAX) || (pState->m_central_dir.m_size >= MZ_UINT32_MAX))
+            return mz_zip_set_error(pZip, MZ_ZIP_TOO_MANY_FILES);
+    }
+    else
+    {
+        if ((pZip->m_total_files > MZ_UINT16_MAX) || ((pZip->m_archive_size + pState->m_central_dir.m_size + MZ_ZIP_END_OF_CENTRAL_DIR_HEADER_SIZE) > MZ_UINT32_MAX))
+            return mz_zip_set_error(pZip, MZ_ZIP_TOO_MANY_FILES);
+    }
+
+    central_dir_ofs = 0;
+    central_dir_size = 0;
+    if (pZip->m_total_files)
+    {
+        /* Write central directory */
+        central_dir_ofs = pZip->m_archive_size;
+        central_dir_size = pState->m_central_dir.m_size;
+        pZip->m_central_directory_file_ofs = central_dir_ofs;
+        if (pZip->m_pWrite(pZip->m_pIO_opaque, central_dir_ofs, pState->m_central_dir.m_p, (size_t)central_dir_size) != central_dir_size)
+            return mz_zip_set_error(pZip, MZ_ZIP_FILE_WRITE_FAILED);
+
+        pZip->m_archive_size += central_dir_size;
+    }
+
+    if (pState->m_zip64)
+    {
+        /* Write zip64 end of central directory header */
+        mz_uint64 rel_ofs_to_zip64_ecdr = pZip->m_archive_size;
+
+        MZ_CLEAR_OBJ(hdr);
+        MZ_WRITE_LE32(hdr + MZ_ZIP64_ECDH_SIG_OFS, MZ_ZIP64_END_OF_CENTRAL_DIR_HEADER_SIG);
+        MZ_WRITE_LE64(hdr + MZ_ZIP64_ECDH_SIZE_OF_RECORD_OFS, MZ_ZIP64_END_OF_CENTRAL_DIR_HEADER_SIZE - sizeof(mz_uint32) - sizeof(mz_uint64));
+        MZ_WRITE_LE16(hdr + MZ_ZIP64_ECDH_VERSION_MADE_BY_OFS, 0x031E); /* TODO: always Unix */
+        MZ_WRITE_LE16(hdr + MZ_ZIP64_ECDH_VERSION_NEEDED_OFS, 0x002D);
+        MZ_WRITE_LE64(hdr + MZ_ZIP64_ECDH_CDIR_NUM_ENTRIES_ON_DISK_OFS, pZip->m_total_files);
+        MZ_WRITE_LE64(hdr + MZ_ZIP64_ECDH_CDIR_TOTAL_ENTRIES_OFS, pZip->m_total_files);
+        MZ_WRITE_LE64(hdr + MZ_ZIP64_ECDH_CDIR_SIZE_OFS, central_dir_size);
+        MZ_WRITE_LE64(hdr + MZ_ZIP64_ECDH_CDIR_OFS_OFS, central_dir_ofs);
+        if (pZip->m_pWrite(pZip->m_pIO_opaque, pZip->m_archive_size, hdr, MZ_ZIP64_END_OF_CENTRAL_DIR_HEADER_SIZE) != MZ_ZIP64_END_OF_CENTRAL_DIR_HEADER_SIZE)
+            return mz_zip_set_error(pZip, MZ_ZIP_FILE_WRITE_FAILED);
+
+        pZip->m_archive_size += MZ_ZIP64_END_OF_CENTRAL_DIR_HEADER_SIZE;
+
+        /* Write zip64 end of central directory locator */
+        MZ_CLEAR_OBJ(hdr);
+        MZ_WRITE_LE32(hdr + MZ_ZIP64_ECDL_SIG_OFS, MZ_ZIP64_END_OF_CENTRAL_DIR_LOCATOR_SIG);
+        MZ_WRITE_LE64(hdr + MZ_ZIP64_ECDL_REL_OFS_TO_ZIP64_ECDR_OFS, rel_ofs_to_zip64_ecdr);
+        MZ_WRITE_LE32(hdr + MZ_ZIP64_ECDL_TOTAL_NUMBER_OF_DISKS_OFS, 1);
+        if (pZip->m_pWrite(pZip->m_pIO_opaque, pZip->m_archive_size, hdr, MZ_ZIP64_END_OF_CENTRAL_DIR_LOCATOR_SIZE) != MZ_ZIP64_END_OF_CENTRAL_DIR_LOCATOR_SIZE)
+            return mz_zip_set_error(pZip, MZ_ZIP_FILE_WRITE_FAILED);
+
+        pZip->m_archive_size += MZ_ZIP64_END_OF_CENTRAL_DIR_LOCATOR_SIZE;
+    }
+
+    /* Write end of central directory record */
+    MZ_CLEAR_OBJ(hdr);
+    MZ_WRITE_LE32(hdr + MZ_ZIP_ECDH_SIG_OFS, MZ_ZIP_END_OF_CENTRAL_DIR_HEADER_SIG);
+    MZ_WRITE_LE16(hdr + MZ_ZIP_ECDH_CDIR_NUM_ENTRIES_ON_DISK_OFS, MZ_MIN(MZ_UINT16_MAX, pZip->m_total_files));
+    MZ_WRITE_LE16(hdr + MZ_ZIP_ECDH_CDIR_TOTAL_ENTRIES_OFS, MZ_MIN(MZ_UINT16_MAX, pZip->m_total_files));
+    MZ_WRITE_LE32(hdr + MZ_ZIP_ECDH_CDIR_SIZE_OFS, MZ_MIN(MZ_UINT32_MAX, central_dir_size));
+    MZ_WRITE_LE32(hdr + MZ_ZIP_ECDH_CDIR_OFS_OFS, MZ_MIN(MZ_UINT32_MAX, central_dir_ofs));
+
+    if (pZip->m_pWrite(pZip->m_pIO_opaque, pZip->m_archive_size, hdr, MZ_ZIP_END_OF_CENTRAL_DIR_HEADER_SIZE) != MZ_ZIP_END_OF_CENTRAL_DIR_HEADER_SIZE)
+        return mz_zip_set_error(pZip, MZ_ZIP_FILE_WRITE_FAILED);
+
+#ifndef MINIZ_NO_STDIO
+    if ((pState->m_pFile) && (MZ_FFLUSH(pState->m_pFile) == EOF))
+        return mz_zip_set_error(pZip, MZ_ZIP_FILE_CLOSE_FAILED);
+#endif /* #ifndef MINIZ_NO_STDIO */
+
+    pZip->m_archive_size += MZ_ZIP_END_OF_CENTRAL_DIR_HEADER_SIZE;
+
+    pZip->m_zip_mode = MZ_ZIP_MODE_WRITING_HAS_BEEN_FINALIZED;
+    return MZ_TRUE;
+}
+
+mz_bool mz_zip_writer_finalize_heap_archive(mz_zip_archive *pZip, void **ppBuf, size_t *pSize)
+{
+    if ((!ppBuf) || (!pSize))
+        return mz_zip_set_error(pZip, MZ_ZIP_INVALID_PARAMETER);
+
+    *ppBuf = NULL;
+    *pSize = 0;
+
+    if ((!pZip) || (!pZip->m_pState))
+        return mz_zip_set_error(pZip, MZ_ZIP_INVALID_PARAMETER);
+
+    if (pZip->m_pWrite != mz_zip_heap_write_func)
+        return mz_zip_set_error(pZip, MZ_ZIP_INVALID_PARAMETER);
+
+    if (!mz_zip_writer_finalize_archive(pZip))
+        return MZ_FALSE;
+
+    *ppBuf = pZip->m_pState->m_pMem;
+    *pSize = pZip->m_pState->m_mem_size;
+    pZip->m_pState->m_pMem = NULL;
+    pZip->m_pState->m_mem_size = pZip->m_pState->m_mem_capacity = 0;
+
+    return MZ_TRUE;
+}
+
+mz_bool mz_zip_writer_end(mz_zip_archive *pZip)
+{
+    return mz_zip_writer_end_internal(pZip, MZ_TRUE);
+}
+
+#ifndef MINIZ_NO_STDIO
+mz_bool mz_zip_add_mem_to_archive_file_in_place(const char *pZip_filename, const char *pArchive_name, const void *pBuf, size_t buf_size, const void *pComment, mz_uint16 comment_size, mz_uint level_and_flags)
+{
+    return mz_zip_add_mem_to_archive_file_in_place_v2(pZip_filename, pArchive_name, pBuf, buf_size, pComment, comment_size, level_and_flags, NULL);
+}
+
+mz_bool mz_zip_add_mem_to_archive_file_in_place_v2(const char *pZip_filename, const char *pArchive_name, const void *pBuf, size_t buf_size, const void *pComment, mz_uint16 comment_size, mz_uint level_and_flags, mz_zip_error *pErr)
+{
+    mz_bool status, created_new_archive = MZ_FALSE;
+    mz_zip_archive zip_archive;
+    struct MZ_FILE_STAT_STRUCT file_stat;
+    mz_zip_error actual_err = MZ_ZIP_NO_ERROR;
+
+    mz_zip_zero_struct(&zip_archive);
+    if ((int)level_and_flags < 0)
+        level_and_flags = MZ_DEFAULT_LEVEL;
+
+    if ((!pZip_filename) || (!pArchive_name) || ((buf_size) && (!pBuf)) || ((comment_size) && (!pComment)) || ((level_and_flags & 0xF) > MZ_UBER_COMPRESSION))
+    {
+        if (pErr)
+            *pErr = MZ_ZIP_INVALID_PARAMETER;
+        return MZ_FALSE;
+    }
+
+    if (!mz_zip_writer_validate_archive_name(pArchive_name))
+    {
+        if (pErr)
+            *pErr = MZ_ZIP_INVALID_FILENAME;
+        return MZ_FALSE;
+    }
+
+    /* Important: The regular non-64 bit version of stat() can fail here if the file is very large, which could cause the archive to be overwritten. */
+    /* So be sure to compile with _LARGEFILE64_SOURCE 1 */
+    if (MZ_FILE_STAT(pZip_filename, &file_stat) != 0)
+    {
+        /* Create a new archive. */
+        if (!mz_zip_writer_init_file_v2(&zip_archive, pZip_filename, 0, level_and_flags))
+        {
+            if (pErr)
+                *pErr = zip_archive.m_last_error;
+            return MZ_FALSE;
+        }
+
+        created_new_archive = MZ_TRUE;
+    }
+    else
+    {
+        /* Append to an existing archive. */
+        if (!mz_zip_reader_init_file_v2(&zip_archive, pZip_filename, level_and_flags | MZ_ZIP_FLAG_DO_NOT_SORT_CENTRAL_DIRECTORY, 0, 0))
+        {
+            if (pErr)
+                *pErr = zip_archive.m_last_error;
+            return MZ_FALSE;
+        }
+
+        if (!mz_zip_writer_init_from_reader_v2(&zip_archive, pZip_filename, level_and_flags))
+        {
+            if (pErr)
+                *pErr = zip_archive.m_last_error;
+
+            mz_zip_reader_end_internal(&zip_archive, MZ_FALSE);
+
+            return MZ_FALSE;
+        }
+    }
+
+    status = mz_zip_writer_add_mem_ex(&zip_archive, pArchive_name, pBuf, buf_size, pComment, comment_size, level_and_flags, 0, 0);
+    actual_err = zip_archive.m_last_error;
+
+    /* Always finalize, even if adding failed for some reason, so we have a valid central directory. (This may not always succeed, but we can try.) */
+    if (!mz_zip_writer_finalize_archive(&zip_archive))
+    {
+        if (!actual_err)
+            actual_err = zip_archive.m_last_error;
+
+        status = MZ_FALSE;
+    }
+
+    if (!mz_zip_writer_end_internal(&zip_archive, status))
+    {
+        if (!actual_err)
+            actual_err = zip_archive.m_last_error;
+
+        status = MZ_FALSE;
+    }
+
+    if ((!status) && (created_new_archive))
+    {
+        /* It's a new archive and something went wrong, so just delete it. */
+        int ignoredStatus = MZ_DELETE_FILE(pZip_filename);
+        (void)ignoredStatus;
+    }
+
+    if (pErr)
+        *pErr = actual_err;
+
+    return status;
+}
+
+void *mz_zip_extract_archive_file_to_heap_v2(const char *pZip_filename, const char *pArchive_name, const char *pComment, size_t *pSize, mz_uint flags, mz_zip_error *pErr)
+{
+    mz_uint32 file_index;
+    mz_zip_archive zip_archive;
+    void *p = NULL;
+
+    if (pSize)
+        *pSize = 0;
+
+    if ((!pZip_filename) || (!pArchive_name))
+    {
+        if (pErr)
+            *pErr = MZ_ZIP_INVALID_PARAMETER;
+
+        return NULL;
+    }
+
+    mz_zip_zero_struct(&zip_archive);
+    if (!mz_zip_reader_init_file_v2(&zip_archive, pZip_filename, flags | MZ_ZIP_FLAG_DO_NOT_SORT_CENTRAL_DIRECTORY, 0, 0))
+    {
+        if (pErr)
+            *pErr = zip_archive.m_last_error;
+
+        return NULL;
+    }
+
+    if (mz_zip_reader_locate_file_v2(&zip_archive, pArchive_name, pComment, flags, &file_index))
+    {
+        p = mz_zip_reader_extract_to_heap(&zip_archive, file_index, pSize, flags);
+    }
+
+    mz_zip_reader_end_internal(&zip_archive, p != NULL);
+
+    if (pErr)
+        *pErr = zip_archive.m_last_error;
+
+    return p;
+}
+
+void *mz_zip_extract_archive_file_to_heap(const char *pZip_filename, const char *pArchive_name, size_t *pSize, mz_uint flags)
+{
+    return mz_zip_extract_archive_file_to_heap_v2(pZip_filename, pArchive_name, NULL, pSize, flags, NULL);
+}
+
+#endif /* #ifndef MINIZ_NO_STDIO */
+
+#endif /* #ifndef MINIZ_NO_ARCHIVE_WRITING_APIS */
+
+/* ------------------- Misc utils */
+
+mz_zip_mode mz_zip_get_mode(mz_zip_archive *pZip)
+{
+    return pZip ? pZip->m_zip_mode : MZ_ZIP_MODE_INVALID;
+}
+
+mz_zip_type mz_zip_get_type(mz_zip_archive *pZip)
+{
+    return pZip ? pZip->m_zip_type : MZ_ZIP_TYPE_INVALID;
+}
+
+mz_zip_error mz_zip_set_last_error(mz_zip_archive *pZip, mz_zip_error err_num)
+{
+    mz_zip_error prev_err;
+
+    if (!pZip)
+        return MZ_ZIP_INVALID_PARAMETER;
+
+    prev_err = pZip->m_last_error;
+
+    pZip->m_last_error = err_num;
+    return prev_err;
+}
+
+mz_zip_error mz_zip_peek_last_error(mz_zip_archive *pZip)
+{
+    if (!pZip)
+        return MZ_ZIP_INVALID_PARAMETER;
+
+    return pZip->m_last_error;
+}
+
+mz_zip_error mz_zip_clear_last_error(mz_zip_archive *pZip)
+{
+    return mz_zip_set_last_error(pZip, MZ_ZIP_NO_ERROR);
+}
+
+mz_zip_error mz_zip_get_last_error(mz_zip_archive *pZip)
+{
+    mz_zip_error prev_err;
+
+    if (!pZip)
+        return MZ_ZIP_INVALID_PARAMETER;
+
+    prev_err = pZip->m_last_error;
+
+    pZip->m_last_error = MZ_ZIP_NO_ERROR;
+    return prev_err;
+}
+
+const char *mz_zip_get_error_string(mz_zip_error mz_err)
+{
+    switch (mz_err)
+    {
+        case MZ_ZIP_NO_ERROR:
+            return "no error";
+        case MZ_ZIP_UNDEFINED_ERROR:
+            return "undefined error";
+        case MZ_ZIP_TOO_MANY_FILES:
+            return "too many files";
+        case MZ_ZIP_FILE_TOO_LARGE:
+            return "file too large";
+        case MZ_ZIP_UNSUPPORTED_METHOD:
+            return "unsupported method";
+        case MZ_ZIP_UNSUPPORTED_ENCRYPTION:
+            return "unsupported encryption";
+        case MZ_ZIP_UNSUPPORTED_FEATURE:
+            return "unsupported feature";
+        case MZ_ZIP_FAILED_FINDING_CENTRAL_DIR:
+            return "failed finding central directory";
+        case MZ_ZIP_NOT_AN_ARCHIVE:
+            return "not a ZIP archive";
+        case MZ_ZIP_INVALID_HEADER_OR_CORRUPTED:
+            return "invalid header or archive is corrupted";
+        case MZ_ZIP_UNSUPPORTED_MULTIDISK:
+            return "unsupported multidisk archive";
+        case MZ_ZIP_DECOMPRESSION_FAILED:
+            return "decompression failed or archive is corrupted";
+        case MZ_ZIP_COMPRESSION_FAILED:
+            return "compression failed";
+        case MZ_ZIP_UNEXPECTED_DECOMPRESSED_SIZE:
+            return "unexpected decompressed size";
+        case MZ_ZIP_CRC_CHECK_FAILED:
+            return "CRC-32 check failed";
+        case MZ_ZIP_UNSUPPORTED_CDIR_SIZE:
+            return "unsupported central directory size";
+        case MZ_ZIP_ALLOC_FAILED:
+            return "allocation failed";
+        case MZ_ZIP_FILE_OPEN_FAILED:
+            return "file open failed";
+        case MZ_ZIP_FILE_CREATE_FAILED:
+            return "file create failed";
+        case MZ_ZIP_FILE_WRITE_FAILED:
+            return "file write failed";
+        case MZ_ZIP_FILE_READ_FAILED:
+            return "file read failed";
+        case MZ_ZIP_FILE_CLOSE_FAILED:
+            return "file close failed";
+        case MZ_ZIP_FILE_SEEK_FAILED:
+            return "file seek failed";
+        case MZ_ZIP_FILE_STAT_FAILED:
+            return "file stat failed";
+        case MZ_ZIP_INVALID_PARAMETER:
+            return "invalid parameter";
+        case MZ_ZIP_INVALID_FILENAME:
+            return "invalid filename";
+        case MZ_ZIP_BUF_TOO_SMALL:
+            return "buffer too small";
+        case MZ_ZIP_INTERNAL_ERROR:
+            return "internal error";
+        case MZ_ZIP_FILE_NOT_FOUND:
+            return "file not found";
+        case MZ_ZIP_ARCHIVE_TOO_LARGE:
+            return "archive is too large";
+        case MZ_ZIP_VALIDATION_FAILED:
+            return "validation failed";
+        case MZ_ZIP_WRITE_CALLBACK_FAILED:
+            return "write calledback failed";
+        default:
+            break;
+    }
+
+    return "unknown error";
+}
+
+/* Note: Just because the archive is not zip64 doesn't necessarily mean it doesn't have Zip64 extended information extra field, argh. */
+mz_bool mz_zip_is_zip64(mz_zip_archive *pZip)
+{
+    if ((!pZip) || (!pZip->m_pState))
+        return MZ_FALSE;
+
+    return pZip->m_pState->m_zip64;
+}
+
+size_t mz_zip_get_central_dir_size(mz_zip_archive *pZip)
+{
+    if ((!pZip) || (!pZip->m_pState))
+        return 0;
+
+    return pZip->m_pState->m_central_dir.m_size;
+}
+
+mz_uint mz_zip_reader_get_num_files(mz_zip_archive *pZip)
+{
+    return pZip ? pZip->m_total_files : 0;
+}
+
+mz_uint64 mz_zip_get_archive_size(mz_zip_archive *pZip)
+{
+    if (!pZip)
+        return 0;
+    return pZip->m_archive_size;
+}
+
+mz_uint64 mz_zip_get_archive_file_start_offset(mz_zip_archive *pZip)
+{
+    if ((!pZip) || (!pZip->m_pState))
+        return 0;
+    return pZip->m_pState->m_file_archive_start_ofs;
+}
+
+MZ_FILE *mz_zip_get_cfile(mz_zip_archive *pZip)
+{
+    if ((!pZip) || (!pZip->m_pState))
+        return 0;
+    return pZip->m_pState->m_pFile;
+}
+
+size_t mz_zip_read_archive_data(mz_zip_archive *pZip, mz_uint64 file_ofs, void *pBuf, size_t n)
+{
+    if ((!pZip) || (!pZip->m_pState) || (!pBuf) || (!pZip->m_pRead))
+        return mz_zip_set_error(pZip, MZ_ZIP_INVALID_PARAMETER);
+
+    return pZip->m_pRead(pZip->m_pIO_opaque, file_ofs, pBuf, n);
+}
+
+mz_uint mz_zip_reader_get_filename(mz_zip_archive *pZip, mz_uint file_index, char *pFilename, mz_uint filename_buf_size)
+{
+    mz_uint n;
+    const mz_uint8 *p = mz_zip_get_cdh(pZip, file_index);
+    if (!p)
+    {
+        if (filename_buf_size)
+            pFilename[0] = '\0';
+        mz_zip_set_error(pZip, MZ_ZIP_INVALID_PARAMETER);
+        return 0;
+    }
+    n = MZ_READ_LE16(p + MZ_ZIP_CDH_FILENAME_LEN_OFS);
+    if (filename_buf_size)
+    {
+        n = MZ_MIN(n, filename_buf_size - 1);
+        memcpy(pFilename, p + MZ_ZIP_CENTRAL_DIR_HEADER_SIZE, n);
+        pFilename[n] = '\0';
+    }
+    return n + 1;
+}
+
+mz_bool mz_zip_reader_file_stat(mz_zip_archive *pZip, mz_uint file_index, mz_zip_archive_file_stat *pStat)
+{
+    return mz_zip_file_stat_internal(pZip, file_index, mz_zip_get_cdh(pZip, file_index), pStat, NULL);
+}
+
+mz_bool mz_zip_end(mz_zip_archive *pZip)
+{
+    if (!pZip)
+        return MZ_FALSE;
+
+    if (pZip->m_zip_mode == MZ_ZIP_MODE_READING)
+        return mz_zip_reader_end(pZip);
+    else if ((pZip->m_zip_mode == MZ_ZIP_MODE_WRITING) || (pZip->m_zip_mode == MZ_ZIP_MODE_WRITING_HAS_BEEN_FINALIZED))
+        return mz_zip_writer_end(pZip);
+
+    return MZ_FALSE;
+}
+
+#ifdef __cplusplus
+}
+#endif
diff --git a/src/miniz/miniz.h b/src/miniz/miniz.h
new file mode 100644
index 00000000000..daa6423c08b
--- /dev/null
+++ b/src/miniz/miniz.h
@@ -0,0 +1,1352 @@
+/* miniz.c v1.16 beta r1 - public domain deflate/inflate, zlib-subset, ZIP reading/writing/appending, PNG writing
+   See "unlicense" statement at the end of this file.
+   Rich Geldreich <richgel99@gmail.com>, last updated Oct. 13, 2013
+   Implements RFC 1950: http://www.ietf.org/rfc/rfc1950.txt and RFC 1951: http://www.ietf.org/rfc/rfc1951.txt
+
+   Most API's defined in miniz.c are optional. For example, to disable the archive related functions just define
+   MINIZ_NO_ARCHIVE_APIS, or to get rid of all stdio usage define MINIZ_NO_STDIO (see the list below for more macros).
+
+   * Change History
+     10/19/13 v1.16 beta r1 - Two key inflator-only robustness and streaming related changes. Also merged in tdefl_compressor_alloc(), tdefl_compressor_free() helpers to make script bindings easier for rustyzip.
+       - The inflator coroutine func. is subtle and complex so I'm being cautious about this release. I would greatly appreciate any help with testing or any feedback.
+         I feel good about these changes, and they've been through several hours of automated testing, but they will probably not fix anything for the majority of prev. users so I'm
+         going to mark this release as beta for a few weeks and continue testing it at work/home on various things.
+       - The inflator in raw (non-zlib) mode is now usable on gzip or similiar data streams that have a bunch of bytes following the raw deflate data (problem discovered by rustyzip author williamw520).
+         This version should *never* read beyond the last byte of the raw deflate data independent of how many bytes you pass into the input buffer. This issue was caused by the various Huffman bitbuffer lookahead optimizations, and
+         would not be an issue if the caller knew and enforced the precise size of the raw compressed data *or* if the compressed data was in zlib format (i.e. always followed by the byte aligned zlib adler32).
+         So in other words, you can now call the inflator on deflate streams that are followed by arbitrary amounts of data and it's guaranteed that decompression will stop exactly on the last byte.
+       - The inflator now has a new failure status: TINFL_STATUS_FAILED_CANNOT_MAKE_PROGRESS (-4). Previously, if the inflator was starved of bytes and could not make progress (because the input buffer was empty and the
+         caller did not set the TINFL_FLAG_HAS_MORE_INPUT flag - say on truncated or corrupted compressed data stream) it would append all 0's to the input and try to soldier on.
+         This is scary, because in the worst case, I believe it was possible for the prev. inflator to start outputting large amounts of literal data. If the caller didn't know when to stop accepting output
+         (because it didn't know how much uncompressed data was expected, or didn't enforce a sane maximum) it could continue forever. v1.16 cannot fall into this failure mode, instead it'll return
+         TINFL_STATUS_FAILED_CANNOT_MAKE_PROGRESS immediately if it needs 1 or more bytes to make progress, the input buf is empty, and the caller has indicated that no more input is available. This is a "soft"
+         failure, so you can call the inflator again with more input and it will try to continue, or you can give up and fail. This could be very useful in network streaming scenarios.
+       - Added documentation to all the tinfl return status codes, fixed miniz_tester so it accepts double minus params for Linux, tweaked example1.c, added a simple "follower bytes" test to miniz_tester.cpp.
+     10/13/13 v1.15 r4 - Interim bugfix release while I work on the next major release with Zip64 support (almost there!):
+       - Critical fix for the MZ_ZIP_FLAG_DO_NOT_SORT_CENTRAL_DIRECTORY bug (thanks kahmyong.moon@hp.com) which could cause locate files to not find files. This bug
+        would only have occured in earlier versions if you explicitly used this flag, OR if you used mz_zip_extract_archive_file_to_heap() or mz_zip_add_mem_to_archive_file_in_place()
+        (which used this flag). If you can't switch to v1.15 but want to fix this bug, just remove the uses of this flag from both helper funcs (and of course don't use the flag).
+       - Bugfix in mz_zip_reader_extract_to_mem_no_alloc() from kymoon when pUser_read_buf is not NULL and compressed size is > uncompressed size
+       - Fixing mz_zip_reader_extract_*() funcs so they don't try to extract compressed data from directory entries, to account for weird zipfiles which contain zero-size compressed data on dir entries.
+         Hopefully this fix won't cause any issues on weird zip archives, because it assumes the low 16-bits of zip external attributes are DOS attributes (which I believe they always are in practice).
+       - Fixing mz_zip_reader_is_file_a_directory() so it doesn't check the internal attributes, just the filename and external attributes
+       - mz_zip_reader_init_file() - missing MZ_FCLOSE() call if the seek failed
+       - Added cmake support for Linux builds which builds all the examples, tested with clang v3.3 and gcc v4.6.
+       - Clang fix for tdefl_write_image_to_png_file_in_memory() from toffaletti
+       - Merged MZ_FORCEINLINE fix from hdeanclark
+       - Fix <time.h> include before config #ifdef, thanks emil.brink
+       - Added tdefl_write_image_to_png_file_in_memory_ex(): supports Y flipping (super useful for OpenGL apps), and explicit control over the compression level (so you can
+        set it to 1 for real-time compression).
+       - Merged in some compiler fixes from paulharris's github repro.
+       - Retested this build under Windows (VS 2010, including static analysis), tcc  0.9.26, gcc v4.6 and clang v3.3.
+       - Added example6.c, which dumps an image of the mandelbrot set to a PNG file.
+       - Modified example2 to help test the MZ_ZIP_FLAG_DO_NOT_SORT_CENTRAL_DIRECTORY flag more.
+       - In r3: Bugfix to mz_zip_writer_add_file() found during merge: Fix possible src file fclose() leak if alignment bytes+local header file write faiiled
+		 - In r4: Minor bugfix to mz_zip_writer_add_from_zip_reader(): Was pushing the wrong central dir header offset, appears harmless in this release, but it became a problem in the zip64 branch
+     5/20/12 v1.14 - MinGW32/64 GCC 4.6.1 compiler fixes: added MZ_FORCEINLINE, #include <time.h> (thanks fermtect).
+     5/19/12 v1.13 - From jason@cornsyrup.org and kelwert@mtu.edu - Fix mz_crc32() so it doesn't compute the wrong CRC-32's when mz_ulong is 64-bit.
+       - Temporarily/locally slammed in "typedef unsigned long mz_ulong" and re-ran a randomized regression test on ~500k files.
+       - Eliminated a bunch of warnings when compiling with GCC 32-bit/64.
+       - Ran all examples, miniz.c, and tinfl.c through MSVC 2008's /analyze (static analysis) option and fixed all warnings (except for the silly
+        "Use of the comma-operator in a tested expression.." analysis warning, which I purposely use to work around a MSVC compiler warning).
+       - Created 32-bit and 64-bit Codeblocks projects/workspace. Built and tested Linux executables. The codeblocks workspace is compatible with Linux+Win32/x64.
+       - Added miniz_tester solution/project, which is a useful little app derived from LZHAM's tester app that I use as part of the regression test.
+       - Ran miniz.c and tinfl.c through another series of regression testing on ~500,000 files and archives.
+       - Modified example5.c so it purposely disables a bunch of high-level functionality (MINIZ_NO_STDIO, etc.). (Thanks to corysama for the MINIZ_NO_STDIO bug report.)
+       - Fix ftell() usage in examples so they exit with an error on files which are too large (a limitation of the examples, not miniz itself).
+     4/12/12 v1.12 - More comments, added low-level example5.c, fixed a couple minor level_and_flags issues in the archive API's.
+      level_and_flags can now be set to MZ_DEFAULT_COMPRESSION. Thanks to Bruce Dawson <bruced@valvesoftware.com> for the feedback/bug report.
+     5/28/11 v1.11 - Added statement from unlicense.org
+     5/27/11 v1.10 - Substantial compressor optimizations:
+      - Level 1 is now ~4x faster than before. The L1 compressor's throughput now varies between 70-110MB/sec. on a
+      - Core i7 (actual throughput varies depending on the type of data, and x64 vs. x86).
+      - Improved baseline L2-L9 compression perf. Also, greatly improved compression perf. issues on some file types.
+      - Refactored the compression code for better readability and maintainability.
+      - Added level 10 compression level (L10 has slightly better ratio than level 9, but could have a potentially large
+       drop in throughput on some files).
+     5/15/11 v1.09 - Initial stable release.
+
+   * Low-level Deflate/Inflate implementation notes:
+
+     Compression: Use the "tdefl" API's. The compressor supports raw, static, and dynamic blocks, lazy or
+     greedy parsing, match length filtering, RLE-only, and Huffman-only streams. It performs and compresses
+     approximately as well as zlib.
+
+     Decompression: Use the "tinfl" API's. The entire decompressor is implemented as a single function
+     coroutine: see tinfl_decompress(). It supports decompression into a 32KB (or larger power of 2) wrapping buffer, or into a memory
+     block large enough to hold the entire file.
+
+     The low-level tdefl/tinfl API's do not make any use of dynamic memory allocation.
+
+   * zlib-style API notes:
+
+     miniz.c implements a fairly large subset of zlib. There's enough functionality present for it to be a drop-in
+     zlib replacement in many apps:
+        The z_stream struct, optional memory allocation callbacks
+        deflateInit/deflateInit2/deflate/deflateReset/deflateEnd/deflateBound
+        inflateInit/inflateInit2/inflate/inflateEnd
+        compress, compress2, compressBound, uncompress
+        CRC-32, Adler-32 - Using modern, minimal code size, CPU cache friendly routines.
+        Supports raw deflate streams or standard zlib streams with adler-32 checking.
+
+     Limitations:
+      The callback API's are not implemented yet. No support for gzip headers or zlib static dictionaries.
+      I've tried to closely emulate zlib's various flavors of stream flushing and return status codes, but
+      there are no guarantees that miniz.c pulls this off perfectly.
+
+   * PNG writing: See the tdefl_write_image_to_png_file_in_memory() function, originally written by
+     Alex Evans. Supports 1-4 bytes/pixel images.
+
+   * ZIP archive API notes:
+
+     The ZIP archive API's where designed with simplicity and efficiency in mind, with just enough abstraction to
+     get the job done with minimal fuss. There are simple API's to retrieve file information, read files from
+     existing archives, create new archives, append new files to existing archives, or clone archive data from
+     one archive to another. It supports archives located in memory or the heap, on disk (using stdio.h),
+     or you can specify custom file read/write callbacks.
+
+     - Archive reading: Just call this function to read a single file from a disk archive:
+
+      void *mz_zip_extract_archive_file_to_heap(const char *pZip_filename, const char *pArchive_name,
+        size_t *pSize, mz_uint zip_flags);
+
+     For more complex cases, use the "mz_zip_reader" functions. Upon opening an archive, the entire central
+     directory is located and read as-is into memory, and subsequent file access only occurs when reading individual files.
+
+     - Archives file scanning: The simple way is to use this function to scan a loaded archive for a specific file:
+
+     int mz_zip_reader_locate_file(mz_zip_archive *pZip, const char *pName, const char *pComment, mz_uint flags);
+
+     The locate operation can optionally check file comments too, which (as one example) can be used to identify
+     multiple versions of the same file in an archive. This function uses a simple linear search through the central
+     directory, so it's not very fast.
+
+     Alternately, you can iterate through all the files in an archive (using mz_zip_reader_get_num_files()) and
+     retrieve detailed info on each file by calling mz_zip_reader_file_stat().
+
+     - Archive creation: Use the "mz_zip_writer" functions. The ZIP writer immediately writes compressed file data
+     to disk and builds an exact image of the central directory in memory. The central directory image is written
+     all at once at the end of the archive file when the archive is finalized.
+
+     The archive writer can optionally align each file's local header and file data to any power of 2 alignment,
+     which can be useful when the archive will be read from optical media. Also, the writer supports placing
+     arbitrary data blobs at the very beginning of ZIP archives. Archives written using either feature are still
+     readable by any ZIP tool.
+
+     - Archive appending: The simple way to add a single file to an archive is to call this function:
+
+      mz_bool mz_zip_add_mem_to_archive_file_in_place(const char *pZip_filename, const char *pArchive_name,
+        const void *pBuf, size_t buf_size, const void *pComment, mz_uint16 comment_size, mz_uint level_and_flags);
+
+     The archive will be created if it doesn't already exist, otherwise it'll be appended to.
+     Note the appending is done in-place and is not an atomic operation, so if something goes wrong
+     during the operation it's possible the archive could be left without a central directory (although the local
+     file headers and file data will be fine, so the archive will be recoverable).
+
+     For more complex archive modification scenarios:
+     1. The safest way is to use a mz_zip_reader to read the existing archive, cloning only those bits you want to
+     preserve into a new archive using using the mz_zip_writer_add_from_zip_reader() function (which compiles the
+     compressed file data as-is). When you're done, delete the old archive and rename the newly written archive, and
+     you're done. This is safe but requires a bunch of temporary disk space or heap memory.
+
+     2. Or, you can convert an mz_zip_reader in-place to an mz_zip_writer using mz_zip_writer_init_from_reader(),
+     append new files as needed, then finalize the archive which will write an updated central directory to the
+     original archive. (This is basically what mz_zip_add_mem_to_archive_file_in_place() does.) There's a
+     possibility that the archive's central directory could be lost with this method if anything goes wrong, though.
+
+     - ZIP archive support limitations:
+     No zip64 or spanning support. Extraction functions can only handle unencrypted, stored or deflated files.
+     Requires streams capable of seeking.
+
+   * This is a header file library, like stb_image.c. To get only a header file, either cut and paste the
+     below header, or create miniz.h, #define MINIZ_HEADER_FILE_ONLY, and then include miniz.c from it.
+
+   * Important: For best perf. be sure to customize the below macros for your target platform:
+     #define MINIZ_USE_UNALIGNED_LOADS_AND_STORES 1
+     #define MINIZ_LITTLE_ENDIAN 1
+     #define MINIZ_HAS_64BIT_REGISTERS 1
+
+   * On platforms using glibc, Be sure to "#define _LARGEFILE64_SOURCE 1" before including miniz.c to ensure miniz
+     uses the 64-bit variants: fopen64(), stat64(), etc. Otherwise you won't be able to process large files
+     (i.e. 32-bit stat() fails for me on files > 0x7FFFFFFF bytes).
+*/
+#pragma once
+
+
+
+
+
+/* Defines to completely disable specific portions of miniz.c: 
+   If all macros here are defined the only functionality remaining will be CRC-32, adler-32, tinfl, and tdefl. */
+
+/* Define MINIZ_NO_STDIO to disable all usage and any functions which rely on stdio for file I/O. */
+/*#define MINIZ_NO_STDIO */
+
+/* If MINIZ_NO_TIME is specified then the ZIP archive functions will not be able to get the current time, or */
+/* get/set file times, and the C run-time funcs that get/set times won't be called. */
+/* The current downside is the times written to your archives will be from 1979. */
+/*#define MINIZ_NO_TIME */
+
+/* Define MINIZ_NO_ARCHIVE_APIS to disable all ZIP archive API's. */
+/*#define MINIZ_NO_ARCHIVE_APIS */
+
+/* Define MINIZ_NO_ARCHIVE_APIS to disable all writing related ZIP archive API's. */
+/*#define MINIZ_NO_ARCHIVE_WRITING_APIS */
+
+/* Define MINIZ_NO_ZLIB_APIS to remove all ZLIB-style compression/decompression API's. */
+/*#define MINIZ_NO_ZLIB_APIS */
+
+/* Define MINIZ_NO_ZLIB_COMPATIBLE_NAME to disable zlib names, to prevent conflicts against stock zlib. */
+/*#define MINIZ_NO_ZLIB_COMPATIBLE_NAMES */
+
+/* Define MINIZ_NO_MALLOC to disable all calls to malloc, free, and realloc. 
+   Note if MINIZ_NO_MALLOC is defined then the user must always provide custom user alloc/free/realloc
+   callbacks to the zlib and archive API's, and a few stand-alone helper API's which don't provide custom user
+   functions (such as tdefl_compress_mem_to_heap() and tinfl_decompress_mem_to_heap()) won't work. */
+/*#define MINIZ_NO_MALLOC */
+
+#if defined(__TINYC__) && (defined(__linux) || defined(__linux__))
+/* TODO: Work around "error: include file 'sys\utime.h' when compiling with tcc on Linux */
+#define MINIZ_NO_TIME
+#endif
+
+#if !defined(MINIZ_NO_TIME) && !defined(MINIZ_NO_ARCHIVE_APIS)
+#include <time.h>
+#endif
+
+#if defined(_M_IX86) || defined(_M_X64) || defined(__i386__) || defined(__i386) || defined(__i486__) || defined(__i486) || defined(i386) || defined(__ia64__) || defined(__x86_64__)
+/* MINIZ_X86_OR_X64_CPU is only used to help set the below macros. */
+#define MINIZ_X86_OR_X64_CPU 1
+#endif
+
+#if (__BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__) || MINIZ_X86_OR_X64_CPU
+/* Set MINIZ_LITTLE_ENDIAN to 1 if the processor is little endian. */
+#define MINIZ_LITTLE_ENDIAN 1
+#endif
+
+#if MINIZ_X86_OR_X64_CPU
+/* Set MINIZ_USE_UNALIGNED_LOADS_AND_STORES to 1 on CPU's that permit efficient integer loads and stores from unaligned addresses. */
+#define MINIZ_USE_UNALIGNED_LOADS_AND_STORES 1
+#endif
+
+#if defined(_M_X64) || defined(_WIN64) || defined(__MINGW64__) || defined(_LP64) || defined(__LP64__) || defined(__ia64__) || defined(__x86_64__)
+/* Set MINIZ_HAS_64BIT_REGISTERS to 1 if operations on 64-bit integers are reasonably fast (and don't involve compiler generated calls to helper functions). */
+#define MINIZ_HAS_64BIT_REGISTERS 1
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* ------------------- zlib-style API Definitions. */
+
+/* For more compatibility with zlib, miniz.c uses unsigned long for some parameters/struct members. Beware: mz_ulong can be either 32 or 64-bits! */
+typedef unsigned long mz_ulong;
+
+/* mz_free() internally uses the MZ_FREE() macro (which by default calls free() unless you've modified the MZ_MALLOC macro) to release a block allocated from the heap. */
+void mz_free(void *p);
+
+#define MZ_ADLER32_INIT (1)
+/* mz_adler32() returns the initial adler-32 value to use when called with ptr==NULL. */
+mz_ulong mz_adler32(mz_ulong adler, const unsigned char *ptr, size_t buf_len);
+
+#define MZ_CRC32_INIT (0)
+/* mz_crc32() returns the initial CRC-32 value to use when called with ptr==NULL. */
+mz_ulong mz_crc32(mz_ulong crc, const unsigned char *ptr, size_t buf_len);
+
+/* Compression strategies. */
+enum
+{
+    MZ_DEFAULT_STRATEGY = 0,
+    MZ_FILTERED = 1,
+    MZ_HUFFMAN_ONLY = 2,
+    MZ_RLE = 3,
+    MZ_FIXED = 4
+};
+
+/* Method */
+#define MZ_DEFLATED 8
+
+#ifndef MINIZ_NO_ZLIB_APIS
+
+/* Heap allocation callbacks.
+   Note that mz_alloc_func parameter types purpsosely differ from zlib's: items/size is size_t, not unsigned long. */
+typedef void *(*mz_alloc_func)(void *opaque, size_t items, size_t size);
+typedef void (*mz_free_func)(void *opaque, void *address);
+typedef void *(*mz_realloc_func)(void *opaque, void *address, size_t items, size_t size);
+
+/* TODO: I can't encode "1.16" here, argh */
+#define MZ_VERSION "9.1.15"
+#define MZ_VERNUM 0x91F0
+#define MZ_VER_MAJOR 9
+#define MZ_VER_MINOR 1
+#define MZ_VER_REVISION 15
+#define MZ_VER_SUBREVISION 0
+
+/* Flush values. For typical usage you only need MZ_NO_FLUSH and MZ_FINISH. The other values are for advanced use (refer to the zlib docs). */
+enum
+{
+    MZ_NO_FLUSH = 0,
+    MZ_PARTIAL_FLUSH = 1,
+    MZ_SYNC_FLUSH = 2,
+    MZ_FULL_FLUSH = 3,
+    MZ_FINISH = 4,
+    MZ_BLOCK = 5
+};
+
+/* Return status codes. MZ_PARAM_ERROR is non-standard. */
+enum
+{
+    MZ_OK = 0,
+    MZ_STREAM_END = 1,
+    MZ_NEED_DICT = 2,
+    MZ_ERRNO = -1,
+    MZ_STREAM_ERROR = -2,
+    MZ_DATA_ERROR = -3,
+    MZ_MEM_ERROR = -4,
+    MZ_BUF_ERROR = -5,
+    MZ_VERSION_ERROR = -6,
+    MZ_PARAM_ERROR = -10000
+};
+
+/* Compression levels: 0-9 are the standard zlib-style levels, 10 is best possible compression (not zlib compatible, and may be very slow), MZ_DEFAULT_COMPRESSION=MZ_DEFAULT_LEVEL. */
+enum
+{
+    MZ_NO_COMPRESSION = 0,
+    MZ_BEST_SPEED = 1,
+    MZ_BEST_COMPRESSION = 9,
+    MZ_UBER_COMPRESSION = 10,
+    MZ_DEFAULT_LEVEL = 6,
+    MZ_DEFAULT_COMPRESSION = -1
+};
+
+/* Window bits */
+#define MZ_DEFAULT_WINDOW_BITS 15
+
+struct mz_internal_state;
+
+/* Compression/decompression stream struct. */
+typedef struct mz_stream_s
+{
+    const unsigned char *next_in; /* pointer to next byte to read */
+    unsigned int avail_in;        /* number of bytes available at next_in */
+    mz_ulong total_in;            /* total number of bytes consumed so far */
+
+    unsigned char *next_out; /* pointer to next byte to write */
+    unsigned int avail_out;  /* number of bytes that can be written to next_out */
+    mz_ulong total_out;      /* total number of bytes produced so far */
+
+    char *msg;                       /* error msg (unused) */
+    struct mz_internal_state *state; /* internal state, allocated by zalloc/zfree */
+
+    mz_alloc_func zalloc; /* optional heap allocation function (defaults to malloc) */
+    mz_free_func zfree;   /* optional heap free function (defaults to free) */
+    void *opaque;         /* heap alloc function user pointer */
+
+    int data_type;     /* data_type (unused) */
+    mz_ulong adler;    /* adler32 of the source or uncompressed data */
+    mz_ulong reserved; /* not used */
+} mz_stream;
+
+typedef mz_stream *mz_streamp;
+
+/* Returns the version string of miniz.c. */
+const char *mz_version(void);
+
+/* mz_deflateInit() initializes a compressor with default options: */
+/* Parameters: */
+/*  pStream must point to an initialized mz_stream struct. */
+/*  level must be between [MZ_NO_COMPRESSION, MZ_BEST_COMPRESSION]. */
+/*  level 1 enables a specially optimized compression function that's been optimized purely for performance, not ratio. */
+/*  (This special func. is currently only enabled when MINIZ_USE_UNALIGNED_LOADS_AND_STORES and MINIZ_LITTLE_ENDIAN are defined.) */
+/* Return values: */
+/*  MZ_OK on success. */
+/*  MZ_STREAM_ERROR if the stream is bogus. */
+/*  MZ_PARAM_ERROR if the input parameters are bogus. */
+/*  MZ_MEM_ERROR on out of memory. */
+int mz_deflateInit(mz_streamp pStream, int level);
+
+/* mz_deflateInit2() is like mz_deflate(), except with more control: */
+/* Additional parameters: */
+/*   method must be MZ_DEFLATED */
+/*   window_bits must be MZ_DEFAULT_WINDOW_BITS (to wrap the deflate stream with zlib header/adler-32 footer) or -MZ_DEFAULT_WINDOW_BITS (raw deflate/no header or footer) */
+/*   mem_level must be between [1, 9] (it's checked but ignored by miniz.c) */
+int mz_deflateInit2(mz_streamp pStream, int level, int method, int window_bits, int mem_level, int strategy);
+
+/* Quickly resets a compressor without having to reallocate anything. Same as calling mz_deflateEnd() followed by mz_deflateInit()/mz_deflateInit2(). */
+int mz_deflateReset(mz_streamp pStream);
+
+/* mz_deflate() compresses the input to output, consuming as much of the input and producing as much output as possible. */
+/* Parameters: */
+/*   pStream is the stream to read from and write to. You must initialize/update the next_in, avail_in, next_out, and avail_out members. */
+/*   flush may be MZ_NO_FLUSH, MZ_PARTIAL_FLUSH/MZ_SYNC_FLUSH, MZ_FULL_FLUSH, or MZ_FINISH. */
+/* Return values: */
+/*   MZ_OK on success (when flushing, or if more input is needed but not available, and/or there's more output to be written but the output buffer is full). */
+/*   MZ_STREAM_END if all input has been consumed and all output bytes have been written. Don't call mz_deflate() on the stream anymore. */
+/*   MZ_STREAM_ERROR if the stream is bogus. */
+/*   MZ_PARAM_ERROR if one of the parameters is invalid. */
+/*   MZ_BUF_ERROR if no forward progress is possible because the input and/or output buffers are empty. (Fill up the input buffer or free up some output space and try again.) */
+int mz_deflate(mz_streamp pStream, int flush);
+
+/* mz_deflateEnd() deinitializes a compressor: */
+/* Return values: */
+/*  MZ_OK on success. */
+/*  MZ_STREAM_ERROR if the stream is bogus. */
+int mz_deflateEnd(mz_streamp pStream);
+
+/* mz_deflateBound() returns a (very) conservative upper bound on the amount of data that could be generated by deflate(), assuming flush is set to only MZ_NO_FLUSH or MZ_FINISH. */
+mz_ulong mz_deflateBound(mz_streamp pStream, mz_ulong source_len);
+
+/* Single-call compression functions mz_compress() and mz_compress2(): */
+/* Returns MZ_OK on success, or one of the error codes from mz_deflate() on failure. */
+int mz_compress(unsigned char *pDest, mz_ulong *pDest_len, const unsigned char *pSource, mz_ulong source_len);
+int mz_compress2(unsigned char *pDest, mz_ulong *pDest_len, const unsigned char *pSource, mz_ulong source_len, int level);
+
+/* mz_compressBound() returns a (very) conservative upper bound on the amount of data that could be generated by calling mz_compress(). */
+mz_ulong mz_compressBound(mz_ulong source_len);
+
+/* Initializes a decompressor. */
+int mz_inflateInit(mz_streamp pStream);
+
+/* mz_inflateInit2() is like mz_inflateInit() with an additional option that controls the window size and whether or not the stream has been wrapped with a zlib header/footer: */
+/* window_bits must be MZ_DEFAULT_WINDOW_BITS (to parse zlib header/footer) or -MZ_DEFAULT_WINDOW_BITS (raw deflate). */
+int mz_inflateInit2(mz_streamp pStream, int window_bits);
+
+/* Decompresses the input stream to the output, consuming only as much of the input as needed, and writing as much to the output as possible. */
+/* Parameters: */
+/*   pStream is the stream to read from and write to. You must initialize/update the next_in, avail_in, next_out, and avail_out members. */
+/*   flush may be MZ_NO_FLUSH, MZ_SYNC_FLUSH, or MZ_FINISH. */
+/*   On the first call, if flush is MZ_FINISH it's assumed the input and output buffers are both sized large enough to decompress the entire stream in a single call (this is slightly faster). */
+/*   MZ_FINISH implies that there are no more source bytes available beside what's already in the input buffer, and that the output buffer is large enough to hold the rest of the decompressed data. */
+/* Return values: */
+/*   MZ_OK on success. Either more input is needed but not available, and/or there's more output to be written but the output buffer is full. */
+/*   MZ_STREAM_END if all needed input has been consumed and all output bytes have been written. For zlib streams, the adler-32 of the decompressed data has also been verified. */
+/*   MZ_STREAM_ERROR if the stream is bogus. */
+/*   MZ_DATA_ERROR if the deflate stream is invalid. */
+/*   MZ_PARAM_ERROR if one of the parameters is invalid. */
+/*   MZ_BUF_ERROR if no forward progress is possible because the input buffer is empty but the inflater needs more input to continue, or if the output buffer is not large enough. Call mz_inflate() again */
+/*   with more input data, or with more room in the output buffer (except when using single call decompression, described above). */
+int mz_inflate(mz_streamp pStream, int flush);
+
+/* Deinitializes a decompressor. */
+int mz_inflateEnd(mz_streamp pStream);
+
+/* Single-call decompression. */
+/* Returns MZ_OK on success, or one of the error codes from mz_inflate() on failure. */
+int mz_uncompress(unsigned char *pDest, mz_ulong *pDest_len, const unsigned char *pSource, mz_ulong source_len);
+
+/* Returns a string description of the specified error code, or NULL if the error code is invalid. */
+const char *mz_error(int err);
+
+/* Redefine zlib-compatible names to miniz equivalents, so miniz.c can be used as a drop-in replacement for the subset of zlib that miniz.c supports. */
+/* Define MINIZ_NO_ZLIB_COMPATIBLE_NAMES to disable zlib-compatibility if you use zlib in the same project. */
+#ifndef MINIZ_NO_ZLIB_COMPATIBLE_NAMES
+typedef unsigned char Byte;
+typedef unsigned int uInt;
+typedef mz_ulong uLong;
+typedef Byte Bytef;
+typedef uInt uIntf;
+typedef char charf;
+typedef int intf;
+typedef void *voidpf;
+typedef uLong uLongf;
+typedef void *voidp;
+typedef void *const voidpc;
+#define Z_NULL 0
+#define Z_NO_FLUSH MZ_NO_FLUSH
+#define Z_PARTIAL_FLUSH MZ_PARTIAL_FLUSH
+#define Z_SYNC_FLUSH MZ_SYNC_FLUSH
+#define Z_FULL_FLUSH MZ_FULL_FLUSH
+#define Z_FINISH MZ_FINISH
+#define Z_BLOCK MZ_BLOCK
+#define Z_OK MZ_OK
+#define Z_STREAM_END MZ_STREAM_END
+#define Z_NEED_DICT MZ_NEED_DICT
+#define Z_ERRNO MZ_ERRNO
+#define Z_STREAM_ERROR MZ_STREAM_ERROR
+#define Z_DATA_ERROR MZ_DATA_ERROR
+#define Z_MEM_ERROR MZ_MEM_ERROR
+#define Z_BUF_ERROR MZ_BUF_ERROR
+#define Z_VERSION_ERROR MZ_VERSION_ERROR
+#define Z_PARAM_ERROR MZ_PARAM_ERROR
+#define Z_NO_COMPRESSION MZ_NO_COMPRESSION
+#define Z_BEST_SPEED MZ_BEST_SPEED
+#define Z_BEST_COMPRESSION MZ_BEST_COMPRESSION
+#define Z_DEFAULT_COMPRESSION MZ_DEFAULT_COMPRESSION
+#define Z_DEFAULT_STRATEGY MZ_DEFAULT_STRATEGY
+#define Z_FILTERED MZ_FILTERED
+#define Z_HUFFMAN_ONLY MZ_HUFFMAN_ONLY
+#define Z_RLE MZ_RLE
+#define Z_FIXED MZ_FIXED
+#define Z_DEFLATED MZ_DEFLATED
+#define Z_DEFAULT_WINDOW_BITS MZ_DEFAULT_WINDOW_BITS
+#define alloc_func mz_alloc_func
+#define free_func mz_free_func
+#define internal_state mz_internal_state
+#define z_stream mz_stream
+#define deflateInit mz_deflateInit
+#define deflateInit2 mz_deflateInit2
+#define deflateReset mz_deflateReset
+#define deflate mz_deflate
+#define deflateEnd mz_deflateEnd
+#define deflateBound mz_deflateBound
+#define compress mz_compress
+#define compress2 mz_compress2
+#define compressBound mz_compressBound
+#define inflateInit mz_inflateInit
+#define inflateInit2 mz_inflateInit2
+#define inflate mz_inflate
+#define inflateEnd mz_inflateEnd
+#define uncompress mz_uncompress
+#define crc32 mz_crc32
+#define adler32 mz_adler32
+#define MAX_WBITS 15
+#define MAX_MEM_LEVEL 9
+#define zError mz_error
+#define ZLIB_VERSION MZ_VERSION
+#define ZLIB_VERNUM MZ_VERNUM
+#define ZLIB_VER_MAJOR MZ_VER_MAJOR
+#define ZLIB_VER_MINOR MZ_VER_MINOR
+#define ZLIB_VER_REVISION MZ_VER_REVISION
+#define ZLIB_VER_SUBREVISION MZ_VER_SUBREVISION
+#define zlibVersion mz_version
+#define zlib_version mz_version()
+#endif /* #ifndef MINIZ_NO_ZLIB_COMPATIBLE_NAMES */
+
+#endif /* MINIZ_NO_ZLIB_APIS */
+
+#ifdef __cplusplus
+}
+#endif
+#pragma once
+#include <assert.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+/* ------------------- Types and macros */
+typedef unsigned char mz_uint8;
+typedef signed short mz_int16;
+typedef unsigned short mz_uint16;
+typedef unsigned int mz_uint32;
+typedef unsigned int mz_uint;
+typedef int64_t mz_int64;
+typedef uint64_t mz_uint64;
+typedef int mz_bool;
+
+#define MZ_FALSE (0)
+#define MZ_TRUE (1)
+
+/* Works around MSVC's spammy "warning C4127: conditional expression is constant" message. */
+#ifdef _MSC_VER
+#define MZ_MACRO_END while (0, 0)
+#else
+#define MZ_MACRO_END while (0)
+#endif
+
+#ifdef MINIZ_NO_STDIO
+#define MZ_FILE void *
+#else
+#include <stdio.h>
+#define MZ_FILE FILE
+#endif /* #ifdef MINIZ_NO_STDIO */
+
+#ifdef MINIZ_NO_TIME
+typedef struct mz_dummy_time_t_tag
+{
+    int m_dummy;
+} mz_dummy_time_t;
+#define MZ_TIME_T mz_dummy_time_t
+#else
+#define MZ_TIME_T time_t
+#endif
+
+#define MZ_ASSERT(x) assert(x)
+
+#ifdef MINIZ_NO_MALLOC
+#define MZ_MALLOC(x) NULL
+#define MZ_FREE(x) (void) x, ((void)0)
+#define MZ_REALLOC(p, x) NULL
+#else
+#define MZ_MALLOC(x) malloc(x)
+#define MZ_FREE(x) free(x)
+#define MZ_REALLOC(p, x) realloc(p, x)
+#endif
+
+#define MZ_MAX(a, b) (((a) > (b)) ? (a) : (b))
+#define MZ_MIN(a, b) (((a) < (b)) ? (a) : (b))
+#define MZ_CLEAR_OBJ(obj) memset(&(obj), 0, sizeof(obj))
+
+#if MINIZ_USE_UNALIGNED_LOADS_AND_STORES &&MINIZ_LITTLE_ENDIAN
+#define MZ_READ_LE16(p) *((const mz_uint16 *)(p))
+#define MZ_READ_LE32(p) *((const mz_uint32 *)(p))
+#else
+#define MZ_READ_LE16(p) ((mz_uint32)(((const mz_uint8 *)(p))[0]) | ((mz_uint32)(((const mz_uint8 *)(p))[1]) << 8U))
+#define MZ_READ_LE32(p) ((mz_uint32)(((const mz_uint8 *)(p))[0]) | ((mz_uint32)(((const mz_uint8 *)(p))[1]) << 8U) | ((mz_uint32)(((const mz_uint8 *)(p))[2]) << 16U) | ((mz_uint32)(((const mz_uint8 *)(p))[3]) << 24U))
+#endif
+
+#define MZ_READ_LE64(p) (((mz_uint64)MZ_READ_LE32(p)) | (((mz_uint64)MZ_READ_LE32((const mz_uint8 *)(p) + sizeof(mz_uint32))) << 32U))
+
+#ifdef _MSC_VER
+#define MZ_FORCEINLINE __forceinline
+#elif defined(__GNUC__)
+#define MZ_FORCEINLINE __inline__ __attribute__((__always_inline__))
+#else
+#define MZ_FORCEINLINE inline
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+extern void *miniz_def_alloc_func(void *opaque, size_t items, size_t size);
+extern void miniz_def_free_func(void *opaque, void *address);
+extern void *miniz_def_realloc_func(void *opaque, void *address, size_t items, size_t size);
+
+#define MZ_UINT16_MAX (0xFFFFU)
+#define MZ_UINT32_MAX (0xFFFFFFFFU)
+
+#ifdef __cplusplus
+}
+#endif
+#pragma once
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+/* ------------------- Low-level Compression API Definitions */
+
+/* Set TDEFL_LESS_MEMORY to 1 to use less memory (compression will be slightly slower, and raw/dynamic blocks will be output more frequently). */
+#define TDEFL_LESS_MEMORY 0
+
+/* tdefl_init() compression flags logically OR'd together (low 12 bits contain the max. number of probes per dictionary search): */
+/* TDEFL_DEFAULT_MAX_PROBES: The compressor defaults to 128 dictionary probes per dictionary search. 0=Huffman only, 1=Huffman+LZ (fastest/crap compression), 4095=Huffman+LZ (slowest/best compression). */
+enum
+{
+    TDEFL_HUFFMAN_ONLY = 0,
+    TDEFL_DEFAULT_MAX_PROBES = 128,
+    TDEFL_MAX_PROBES_MASK = 0xFFF
+};
+
+/* TDEFL_WRITE_ZLIB_HEADER: If set, the compressor outputs a zlib header before the deflate data, and the Adler-32 of the source data at the end. Otherwise, you'll get raw deflate data. */
+/* TDEFL_COMPUTE_ADLER32: Always compute the adler-32 of the input data (even when not writing zlib headers). */
+/* TDEFL_GREEDY_PARSING_FLAG: Set to use faster greedy parsing, instead of more efficient lazy parsing. */
+/* TDEFL_NONDETERMINISTIC_PARSING_FLAG: Enable to decrease the compressor's initialization time to the minimum, but the output may vary from run to run given the same input (depending on the contents of memory). */
+/* TDEFL_RLE_MATCHES: Only look for RLE matches (matches with a distance of 1) */
+/* TDEFL_FILTER_MATCHES: Discards matches <= 5 chars if enabled. */
+/* TDEFL_FORCE_ALL_STATIC_BLOCKS: Disable usage of optimized Huffman tables. */
+/* TDEFL_FORCE_ALL_RAW_BLOCKS: Only use raw (uncompressed) deflate blocks. */
+/* The low 12 bits are reserved to control the max # of hash probes per dictionary lookup (see TDEFL_MAX_PROBES_MASK). */
+enum
+{
+    TDEFL_WRITE_ZLIB_HEADER = 0x01000,
+    TDEFL_COMPUTE_ADLER32 = 0x02000,
+    TDEFL_GREEDY_PARSING_FLAG = 0x04000,
+    TDEFL_NONDETERMINISTIC_PARSING_FLAG = 0x08000,
+    TDEFL_RLE_MATCHES = 0x10000,
+    TDEFL_FILTER_MATCHES = 0x20000,
+    TDEFL_FORCE_ALL_STATIC_BLOCKS = 0x40000,
+    TDEFL_FORCE_ALL_RAW_BLOCKS = 0x80000
+};
+
+/* High level compression functions: */
+/* tdefl_compress_mem_to_heap() compresses a block in memory to a heap block allocated via malloc(). */
+/* On entry: */
+/*  pSrc_buf, src_buf_len: Pointer and size of source block to compress. */
+/*  flags: The max match finder probes (default is 128) logically OR'd against the above flags. Higher probes are slower but improve compression. */
+/* On return: */
+/*  Function returns a pointer to the compressed data, or NULL on failure. */
+/*  *pOut_len will be set to the compressed data's size, which could be larger than src_buf_len on uncompressible data. */
+/*  The caller must free() the returned block when it's no longer needed. */
+void *tdefl_compress_mem_to_heap(const void *pSrc_buf, size_t src_buf_len, size_t *pOut_len, int flags);
+
+/* tdefl_compress_mem_to_mem() compresses a block in memory to another block in memory. */
+/* Returns 0 on failure. */
+size_t tdefl_compress_mem_to_mem(void *pOut_buf, size_t out_buf_len, const void *pSrc_buf, size_t src_buf_len, int flags);
+
+/* Compresses an image to a compressed PNG file in memory. */
+/* On entry: */
+/*  pImage, w, h, and num_chans describe the image to compress. num_chans may be 1, 2, 3, or 4. */
+/*  The image pitch in bytes per scanline will be w*num_chans. The leftmost pixel on the top scanline is stored first in memory. */
+/*  level may range from [0,10], use MZ_NO_COMPRESSION, MZ_BEST_SPEED, MZ_BEST_COMPRESSION, etc. or a decent default is MZ_DEFAULT_LEVEL */
+/*  If flip is true, the image will be flipped on the Y axis (useful for OpenGL apps). */
+/* On return: */
+/*  Function returns a pointer to the compressed data, or NULL on failure. */
+/*  *pLen_out will be set to the size of the PNG image file. */
+/*  The caller must mz_free() the returned heap block (which will typically be larger than *pLen_out) when it's no longer needed. */
+void *tdefl_write_image_to_png_file_in_memory_ex(const void *pImage, int w, int h, int num_chans, size_t *pLen_out, mz_uint level, mz_bool flip);
+void *tdefl_write_image_to_png_file_in_memory(const void *pImage, int w, int h, int num_chans, size_t *pLen_out);
+
+/* Output stream interface. The compressor uses this interface to write compressed data. It'll typically be called TDEFL_OUT_BUF_SIZE at a time. */
+typedef mz_bool (*tdefl_put_buf_func_ptr)(const void *pBuf, int len, void *pUser);
+
+/* tdefl_compress_mem_to_output() compresses a block to an output stream. The above helpers use this function internally. */
+mz_bool tdefl_compress_mem_to_output(const void *pBuf, size_t buf_len, tdefl_put_buf_func_ptr pPut_buf_func, void *pPut_buf_user, int flags);
+
+enum
+{
+    TDEFL_MAX_HUFF_TABLES = 3,
+    TDEFL_MAX_HUFF_SYMBOLS_0 = 288,
+    TDEFL_MAX_HUFF_SYMBOLS_1 = 32,
+    TDEFL_MAX_HUFF_SYMBOLS_2 = 19,
+    TDEFL_LZ_DICT_SIZE = 32768,
+    TDEFL_LZ_DICT_SIZE_MASK = TDEFL_LZ_DICT_SIZE - 1,
+    TDEFL_MIN_MATCH_LEN = 3,
+    TDEFL_MAX_MATCH_LEN = 258
+};
+
+/* TDEFL_OUT_BUF_SIZE MUST be large enough to hold a single entire compressed output block (using static/fixed Huffman codes). */
+#if TDEFL_LESS_MEMORY
+enum
+{
+    TDEFL_LZ_CODE_BUF_SIZE = 24 * 1024,
+    TDEFL_OUT_BUF_SIZE = (TDEFL_LZ_CODE_BUF_SIZE * 13) / 10,
+    TDEFL_MAX_HUFF_SYMBOLS = 288,
+    TDEFL_LZ_HASH_BITS = 12,
+    TDEFL_LEVEL1_HASH_SIZE_MASK = 4095,
+    TDEFL_LZ_HASH_SHIFT = (TDEFL_LZ_HASH_BITS + 2) / 3,
+    TDEFL_LZ_HASH_SIZE = 1 << TDEFL_LZ_HASH_BITS
+};
+#else
+enum
+{
+    TDEFL_LZ_CODE_BUF_SIZE = 64 * 1024,
+    TDEFL_OUT_BUF_SIZE = (TDEFL_LZ_CODE_BUF_SIZE * 13) / 10,
+    TDEFL_MAX_HUFF_SYMBOLS = 288,
+    TDEFL_LZ_HASH_BITS = 15,
+    TDEFL_LEVEL1_HASH_SIZE_MASK = 4095,
+    TDEFL_LZ_HASH_SHIFT = (TDEFL_LZ_HASH_BITS + 2) / 3,
+    TDEFL_LZ_HASH_SIZE = 1 << TDEFL_LZ_HASH_BITS
+};
+#endif
+
+/* The low-level tdefl functions below may be used directly if the above helper functions aren't flexible enough. The low-level functions don't make any heap allocations, unlike the above helper functions. */
+typedef enum
+{
+    TDEFL_STATUS_BAD_PARAM = -2,
+    TDEFL_STATUS_PUT_BUF_FAILED = -1,
+    TDEFL_STATUS_OKAY = 0,
+    TDEFL_STATUS_DONE = 1,
+} tdefl_status;
+
+/* Must map to MZ_NO_FLUSH, MZ_SYNC_FLUSH, etc. enums */
+typedef enum
+{
+    TDEFL_NO_FLUSH = 0,
+    TDEFL_SYNC_FLUSH = 2,
+    TDEFL_FULL_FLUSH = 3,
+    TDEFL_FINISH = 4
+} tdefl_flush;
+
+/* tdefl's compression state structure. */
+typedef struct
+{
+    tdefl_put_buf_func_ptr m_pPut_buf_func;
+    void *m_pPut_buf_user;
+    mz_uint m_flags, m_max_probes[2];
+    int m_greedy_parsing;
+    mz_uint m_adler32, m_lookahead_pos, m_lookahead_size, m_dict_size;
+    mz_uint8 *m_pLZ_code_buf, *m_pLZ_flags, *m_pOutput_buf, *m_pOutput_buf_end;
+    mz_uint m_num_flags_left, m_total_lz_bytes, m_lz_code_buf_dict_pos, m_bits_in, m_bit_buffer;
+    mz_uint m_saved_match_dist, m_saved_match_len, m_saved_lit, m_output_flush_ofs, m_output_flush_remaining, m_finished, m_block_index, m_wants_to_finish;
+    tdefl_status m_prev_return_status;
+    const void *m_pIn_buf;
+    void *m_pOut_buf;
+    size_t *m_pIn_buf_size, *m_pOut_buf_size;
+    tdefl_flush m_flush;
+    const mz_uint8 *m_pSrc;
+    size_t m_src_buf_left, m_out_buf_ofs;
+    mz_uint8 m_dict[TDEFL_LZ_DICT_SIZE + TDEFL_MAX_MATCH_LEN - 1];
+    mz_uint16 m_huff_count[TDEFL_MAX_HUFF_TABLES][TDEFL_MAX_HUFF_SYMBOLS];
+    mz_uint16 m_huff_codes[TDEFL_MAX_HUFF_TABLES][TDEFL_MAX_HUFF_SYMBOLS];
+    mz_uint8 m_huff_code_sizes[TDEFL_MAX_HUFF_TABLES][TDEFL_MAX_HUFF_SYMBOLS];
+    mz_uint8 m_lz_code_buf[TDEFL_LZ_CODE_BUF_SIZE];
+    mz_uint16 m_next[TDEFL_LZ_DICT_SIZE];
+    mz_uint16 m_hash[TDEFL_LZ_HASH_SIZE];
+    mz_uint8 m_output_buf[TDEFL_OUT_BUF_SIZE];
+} tdefl_compressor;
+
+/* Initializes the compressor. */
+/* There is no corresponding deinit() function because the tdefl API's do not dynamically allocate memory. */
+/* pBut_buf_func: If NULL, output data will be supplied to the specified callback. In this case, the user should call the tdefl_compress_buffer() API for compression. */
+/* If pBut_buf_func is NULL the user should always call the tdefl_compress() API. */
+/* flags: See the above enums (TDEFL_HUFFMAN_ONLY, TDEFL_WRITE_ZLIB_HEADER, etc.) */
+tdefl_status tdefl_init(tdefl_compressor *d, tdefl_put_buf_func_ptr pPut_buf_func, void *pPut_buf_user, int flags);
+
+/* Compresses a block of data, consuming as much of the specified input buffer as possible, and writing as much compressed data to the specified output buffer as possible. */
+tdefl_status tdefl_compress(tdefl_compressor *d, const void *pIn_buf, size_t *pIn_buf_size, void *pOut_buf, size_t *pOut_buf_size, tdefl_flush flush);
+
+/* tdefl_compress_buffer() is only usable when the tdefl_init() is called with a non-NULL tdefl_put_buf_func_ptr. */
+/* tdefl_compress_buffer() always consumes the entire input buffer. */
+tdefl_status tdefl_compress_buffer(tdefl_compressor *d, const void *pIn_buf, size_t in_buf_size, tdefl_flush flush);
+
+tdefl_status tdefl_get_prev_return_status(tdefl_compressor *d);
+mz_uint32 tdefl_get_adler32(tdefl_compressor *d);
+
+/* Can't use tdefl_create_comp_flags_from_zip_params if MINIZ_NO_ZLIB_APIS isn't defined, because it uses some of its macros. */
+#ifndef MINIZ_NO_ZLIB_APIS
+/* Create tdefl_compress() flags given zlib-style compression parameters. */
+/* level may range from [0,10] (where 10 is absolute max compression, but may be much slower on some files) */
+/* window_bits may be -15 (raw deflate) or 15 (zlib) */
+/* strategy may be either MZ_DEFAULT_STRATEGY, MZ_FILTERED, MZ_HUFFMAN_ONLY, MZ_RLE, or MZ_FIXED */
+mz_uint tdefl_create_comp_flags_from_zip_params(int level, int window_bits, int strategy);
+#endif /* #ifndef MINIZ_NO_ZLIB_APIS */
+
+/* Allocate the tdefl_compressor structure in C so that */
+/* non-C language bindings to tdefl_ API don't need to worry about */
+/* structure size and allocation mechanism. */
+tdefl_compressor *tdefl_compressor_alloc();
+void tdefl_compressor_free(tdefl_compressor *pComp);
+
+#ifdef __cplusplus
+}
+#endif
+#pragma once
+
+/* ------------------- Low-level Decompression API Definitions */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+/* Decompression flags used by tinfl_decompress(). */
+/* TINFL_FLAG_PARSE_ZLIB_HEADER: If set, the input has a valid zlib header and ends with an adler32 checksum (it's a valid zlib stream). Otherwise, the input is a raw deflate stream. */
+/* TINFL_FLAG_HAS_MORE_INPUT: If set, there are more input bytes available beyond the end of the supplied input buffer. If clear, the input buffer contains all remaining input. */
+/* TINFL_FLAG_USING_NON_WRAPPING_OUTPUT_BUF: If set, the output buffer is large enough to hold the entire decompressed stream. If clear, the output buffer is at least the size of the dictionary (typically 32KB). */
+/* TINFL_FLAG_COMPUTE_ADLER32: Force adler-32 checksum computation of the decompressed bytes. */
+enum
+{
+    TINFL_FLAG_PARSE_ZLIB_HEADER = 1,
+    TINFL_FLAG_HAS_MORE_INPUT = 2,
+    TINFL_FLAG_USING_NON_WRAPPING_OUTPUT_BUF = 4,
+    TINFL_FLAG_COMPUTE_ADLER32 = 8
+};
+
+/* High level decompression functions: */
+/* tinfl_decompress_mem_to_heap() decompresses a block in memory to a heap block allocated via malloc(). */
+/* On entry: */
+/*  pSrc_buf, src_buf_len: Pointer and size of the Deflate or zlib source data to decompress. */
+/* On return: */
+/*  Function returns a pointer to the decompressed data, or NULL on failure. */
+/*  *pOut_len will be set to the decompressed data's size, which could be larger than src_buf_len on uncompressible data. */
+/*  The caller must call mz_free() on the returned block when it's no longer needed. */
+void *tinfl_decompress_mem_to_heap(const void *pSrc_buf, size_t src_buf_len, size_t *pOut_len, int flags);
+
+/* tinfl_decompress_mem_to_mem() decompresses a block in memory to another block in memory. */
+/* Returns TINFL_DECOMPRESS_MEM_TO_MEM_FAILED on failure, or the number of bytes written on success. */
+#define TINFL_DECOMPRESS_MEM_TO_MEM_FAILED ((size_t)(-1))
+size_t tinfl_decompress_mem_to_mem(void *pOut_buf, size_t out_buf_len, const void *pSrc_buf, size_t src_buf_len, int flags);
+
+/* tinfl_decompress_mem_to_callback() decompresses a block in memory to an internal 32KB buffer, and a user provided callback function will be called to flush the buffer. */
+/* Returns 1 on success or 0 on failure. */
+typedef int (*tinfl_put_buf_func_ptr)(const void *pBuf, int len, void *pUser);
+int tinfl_decompress_mem_to_callback(const void *pIn_buf, size_t *pIn_buf_size, tinfl_put_buf_func_ptr pPut_buf_func, void *pPut_buf_user, int flags);
+
+struct tinfl_decompressor_tag;
+typedef struct tinfl_decompressor_tag tinfl_decompressor;
+
+/* Allocate the tinfl_decompressor structure in C so that */
+/* non-C language bindings to tinfl_ API don't need to worry about */
+/* structure size and allocation mechanism. */
+
+tinfl_decompressor *tinfl_decompressor_alloc();
+void tinfl_decompressor_free(tinfl_decompressor *pDecomp);
+
+/* Max size of LZ dictionary. */
+#define TINFL_LZ_DICT_SIZE 32768
+
+/* Return status. */
+typedef enum
+{
+    /* This flags indicates the inflator needs 1 or more input bytes to make forward progress, but the caller is indicating that no more are available. The compressed data */
+    /* is probably corrupted. If you call the inflator again with more bytes it'll try to continue processing the input but this is a BAD sign (either the data is corrupted or you called it incorrectly). */
+    /* If you call it again with no input you'll just get TINFL_STATUS_FAILED_CANNOT_MAKE_PROGRESS again. */
+    TINFL_STATUS_FAILED_CANNOT_MAKE_PROGRESS = -4,
+
+    /* This flag indicates that one or more of the input parameters was obviously bogus. (You can try calling it again, but if you get this error the calling code is wrong.) */
+    TINFL_STATUS_BAD_PARAM = -3,
+
+    /* This flags indicate the inflator is finished but the adler32 check of the uncompressed data didn't match. If you call it again it'll return TINFL_STATUS_DONE. */
+    TINFL_STATUS_ADLER32_MISMATCH = -2,
+
+    /* This flags indicate the inflator has somehow failed (bad code, corrupted input, etc.). If you call it again without resetting via tinfl_init() it it'll just keep on returning the same status failure code. */
+    TINFL_STATUS_FAILED = -1,
+
+    /* Any status code less than TINFL_STATUS_DONE must indicate a failure. */
+
+    /* This flag indicates the inflator has returned every byte of uncompressed data that it can, has consumed every byte that it needed, has successfully reached the end of the deflate stream, and */
+    /* if zlib headers and adler32 checking enabled that it has successfully checked the uncompressed data's adler32. If you call it again you'll just get TINFL_STATUS_DONE over and over again. */
+    TINFL_STATUS_DONE = 0,
+
+    /* This flag indicates the inflator MUST have more input data (even 1 byte) before it can make any more forward progress, or you need to clear the TINFL_FLAG_HAS_MORE_INPUT */
+    /* flag on the next call if you don't have any more source data. If the source data was somehow corrupted it's also possible (but unlikely) for the inflator to keep on demanding input to */
+    /* proceed, so be sure to properly set the TINFL_FLAG_HAS_MORE_INPUT flag. */
+    TINFL_STATUS_NEEDS_MORE_INPUT = 1,
+
+    /* This flag indicates the inflator definitely has 1 or more bytes of uncompressed data available, but it cannot write this data into the output buffer. */
+    /* Note if the source compressed data was corrupted it's possible for the inflator to return a lot of uncompressed data to the caller. I've been assuming you know how much uncompressed data to expect */
+    /* (either exact or worst case) and will stop calling the inflator and fail after receiving too much. In pure streaming scenarios where you have no idea how many bytes to expect this may not be possible */
+    /* so I may need to add some code to address this. */
+    TINFL_STATUS_HAS_MORE_OUTPUT = 2
+} tinfl_status;
+
+/* Initializes the decompressor to its initial state. */
+#define tinfl_init(r)     \
+    do                    \
+    {                     \
+        (r)->m_state = 0; \
+    }                     \
+    MZ_MACRO_END
+#define tinfl_get_adler32(r) (r)->m_check_adler32
+
+/* Main low-level decompressor coroutine function. This is the only function actually needed for decompression. All the other functions are just high-level helpers for improved usability. */
+/* This is a universal API, i.e. it can be used as a building block to build any desired higher level decompression API. In the limit case, it can be called once per every byte input or output. */
+tinfl_status tinfl_decompress(tinfl_decompressor *r, const mz_uint8 *pIn_buf_next, size_t *pIn_buf_size, mz_uint8 *pOut_buf_start, mz_uint8 *pOut_buf_next, size_t *pOut_buf_size, const mz_uint32 decomp_flags);
+
+/* Internal/private bits follow. */
+enum
+{
+    TINFL_MAX_HUFF_TABLES = 3,
+    TINFL_MAX_HUFF_SYMBOLS_0 = 288,
+    TINFL_MAX_HUFF_SYMBOLS_1 = 32,
+    TINFL_MAX_HUFF_SYMBOLS_2 = 19,
+    TINFL_FAST_LOOKUP_BITS = 10,
+    TINFL_FAST_LOOKUP_SIZE = 1 << TINFL_FAST_LOOKUP_BITS
+};
+
+typedef struct
+{
+    mz_uint8 m_code_size[TINFL_MAX_HUFF_SYMBOLS_0];
+    mz_int16 m_look_up[TINFL_FAST_LOOKUP_SIZE], m_tree[TINFL_MAX_HUFF_SYMBOLS_0 * 2];
+} tinfl_huff_table;
+
+#if MINIZ_HAS_64BIT_REGISTERS
+#define TINFL_USE_64BIT_BITBUF 1
+#endif
+
+#if TINFL_USE_64BIT_BITBUF
+typedef mz_uint64 tinfl_bit_buf_t;
+#define TINFL_BITBUF_SIZE (64)
+#else
+typedef mz_uint32 tinfl_bit_buf_t;
+#define TINFL_BITBUF_SIZE (32)
+#endif
+
+struct tinfl_decompressor_tag
+{
+    mz_uint32 m_state, m_num_bits, m_zhdr0, m_zhdr1, m_z_adler32, m_final, m_type, m_check_adler32, m_dist, m_counter, m_num_extra, m_table_sizes[TINFL_MAX_HUFF_TABLES];
+    tinfl_bit_buf_t m_bit_buf;
+    size_t m_dist_from_out_buf_start;
+    tinfl_huff_table m_tables[TINFL_MAX_HUFF_TABLES];
+    mz_uint8 m_raw_header[4], m_len_codes[TINFL_MAX_HUFF_SYMBOLS_0 + TINFL_MAX_HUFF_SYMBOLS_1 + 137];
+};
+
+#ifdef __cplusplus
+}
+#endif
+
+#pragma once
+
+
+/* ------------------- ZIP archive reading/writing */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+enum
+{
+    /* Note: These enums can be reduced as needed to save memory or stack space - they are pretty conservative. */
+    MZ_ZIP_MAX_IO_BUF_SIZE = 64 * 1024,
+    MZ_ZIP_MAX_ARCHIVE_FILENAME_SIZE = 512,
+    MZ_ZIP_MAX_ARCHIVE_FILE_COMMENT_SIZE = 512
+};
+
+typedef struct
+{
+    /* Central directory file index. */
+    mz_uint32 m_file_index;
+
+    /* Byte offset of this entry in the archive's central directory. Note we currently only support up to UINT_MAX or less bytes in the central dir. */
+    mz_uint64 m_central_dir_ofs;
+
+    /* These fields are copied directly from the zip's central dir. */
+    mz_uint16 m_version_made_by;
+    mz_uint16 m_version_needed;
+    mz_uint16 m_bit_flag;
+    mz_uint16 m_method;
+
+#ifndef MINIZ_NO_TIME
+    MZ_TIME_T m_time;
+#endif
+
+    /* CRC-32 of uncompressed data. */
+    mz_uint32 m_crc32;
+
+    /* File's compressed size. */
+    mz_uint64 m_comp_size;
+
+    /* File's uncompressed size. Note, I've seen some old archives where directory entries had 512 bytes for their uncompressed sizes, but when you try to unpack them you actually get 0 bytes. */
+    mz_uint64 m_uncomp_size;
+
+    /* Zip internal and external file attributes. */
+    mz_uint16 m_internal_attr;
+    mz_uint32 m_external_attr;
+
+    /* Entry's local header file offset in bytes. */
+    mz_uint64 m_local_header_ofs;
+
+    /* Size of comment in bytes. */
+    mz_uint32 m_comment_size;
+
+    /* MZ_TRUE if the entry appears to be a directory. */
+    mz_bool m_is_directory;
+
+    /* MZ_TRUE if the entry uses encryption/strong encryption (which miniz_zip doesn't support) */
+    mz_bool m_is_encrypted;
+
+    /* MZ_TRUE if the file is not encrypted, a patch file, and if it uses a compression method we support. */
+    mz_bool m_is_supported;
+
+    /* Filename. If string ends in '/' it's a subdirectory entry. */
+    /* Guaranteed to be zero terminated, may be truncated to fit. */
+    char m_filename[MZ_ZIP_MAX_ARCHIVE_FILENAME_SIZE];
+
+    /* Comment field. */
+    /* Guaranteed to be zero terminated, may be truncated to fit. */
+    char m_comment[MZ_ZIP_MAX_ARCHIVE_FILE_COMMENT_SIZE];
+
+} mz_zip_archive_file_stat;
+
+typedef size_t (*mz_file_read_func)(void *pOpaque, mz_uint64 file_ofs, void *pBuf, size_t n);
+typedef size_t (*mz_file_write_func)(void *pOpaque, mz_uint64 file_ofs, const void *pBuf, size_t n);
+
+struct mz_zip_internal_state_tag;
+typedef struct mz_zip_internal_state_tag mz_zip_internal_state;
+
+typedef enum
+{
+    MZ_ZIP_MODE_INVALID = 0,
+    MZ_ZIP_MODE_READING = 1,
+    MZ_ZIP_MODE_WRITING = 2,
+    MZ_ZIP_MODE_WRITING_HAS_BEEN_FINALIZED = 3
+} mz_zip_mode;
+
+typedef enum
+{
+    MZ_ZIP_FLAG_CASE_SENSITIVE = 0x0100,
+    MZ_ZIP_FLAG_IGNORE_PATH = 0x0200,
+    MZ_ZIP_FLAG_COMPRESSED_DATA = 0x0400,
+    MZ_ZIP_FLAG_DO_NOT_SORT_CENTRAL_DIRECTORY = 0x0800,
+    MZ_ZIP_FLAG_VALIDATE_LOCATE_FILE_FLAG = 0x1000, /* if enabled, mz_zip_reader_locate_file() will be called on each file as its validated to ensure the func finds the file in the central dir (intended for testing) */
+    MZ_ZIP_FLAG_VALIDATE_HEADERS_ONLY = 0x2000,     /* validate the local headers, but don't decompress the entire file and check the crc32 */
+    MZ_ZIP_FLAG_WRITE_ZIP64 = 0x4000,               /* use the zip64 file format, instead of the original zip file format */
+    MZ_ZIP_FLAG_WRITE_ALLOW_READING = 0x8000,
+    MZ_ZIP_FLAG_UTF8_FILENAME = 0x10000
+} mz_zip_flags;
+
+typedef enum
+{
+    MZ_ZIP_TYPE_INVALID = 0,
+    MZ_ZIP_TYPE_USER,
+    MZ_ZIP_TYPE_MEMORY,
+    MZ_ZIP_TYPE_HEAP,
+    MZ_ZIP_TYPE_FILE,
+    MZ_ZIP_TYPE_CFILE,
+    MZ_ZIP_TOTAL_TYPES
+} mz_zip_type;
+
+/* miniz error codes. Be sure to update mz_zip_get_error_string() if you add or modify this enum. */
+typedef enum
+{
+    MZ_ZIP_NO_ERROR = 0,
+    MZ_ZIP_UNDEFINED_ERROR,
+    MZ_ZIP_TOO_MANY_FILES,
+    MZ_ZIP_FILE_TOO_LARGE,
+    MZ_ZIP_UNSUPPORTED_METHOD,
+    MZ_ZIP_UNSUPPORTED_ENCRYPTION,
+    MZ_ZIP_UNSUPPORTED_FEATURE,
+    MZ_ZIP_FAILED_FINDING_CENTRAL_DIR,
+    MZ_ZIP_NOT_AN_ARCHIVE,
+    MZ_ZIP_INVALID_HEADER_OR_CORRUPTED,
+    MZ_ZIP_UNSUPPORTED_MULTIDISK,
+    MZ_ZIP_DECOMPRESSION_FAILED,
+    MZ_ZIP_COMPRESSION_FAILED,
+    MZ_ZIP_UNEXPECTED_DECOMPRESSED_SIZE,
+    MZ_ZIP_CRC_CHECK_FAILED,
+    MZ_ZIP_UNSUPPORTED_CDIR_SIZE,
+    MZ_ZIP_ALLOC_FAILED,
+    MZ_ZIP_FILE_OPEN_FAILED,
+    MZ_ZIP_FILE_CREATE_FAILED,
+    MZ_ZIP_FILE_WRITE_FAILED,
+    MZ_ZIP_FILE_READ_FAILED,
+    MZ_ZIP_FILE_CLOSE_FAILED,
+    MZ_ZIP_FILE_SEEK_FAILED,
+    MZ_ZIP_FILE_STAT_FAILED,
+    MZ_ZIP_INVALID_PARAMETER,
+    MZ_ZIP_INVALID_FILENAME,
+    MZ_ZIP_BUF_TOO_SMALL,
+    MZ_ZIP_INTERNAL_ERROR,
+    MZ_ZIP_FILE_NOT_FOUND,
+    MZ_ZIP_ARCHIVE_TOO_LARGE,
+    MZ_ZIP_VALIDATION_FAILED,
+    MZ_ZIP_WRITE_CALLBACK_FAILED,
+    MZ_ZIP_TOTAL_ERRORS
+} mz_zip_error;
+
+typedef struct
+{
+    mz_uint64 m_archive_size;
+    mz_uint64 m_central_directory_file_ofs;
+
+    /* We only support up to UINT32_MAX files in zip64 mode. */
+    mz_uint32 m_total_files;
+    mz_zip_mode m_zip_mode;
+    mz_zip_type m_zip_type;
+    mz_zip_error m_last_error;
+
+    mz_uint64 m_file_offset_alignment;
+
+    mz_alloc_func m_pAlloc;
+    mz_free_func m_pFree;
+    mz_realloc_func m_pRealloc;
+    void *m_pAlloc_opaque;
+
+    mz_file_read_func m_pRead;
+    mz_file_write_func m_pWrite;
+    void *m_pIO_opaque;
+
+    mz_zip_internal_state *m_pState;
+
+} mz_zip_archive;
+
+/* -------- ZIP reading */
+
+/* Inits a ZIP archive reader. */
+/* These functions read and validate the archive's central directory. */
+mz_bool mz_zip_reader_init(mz_zip_archive *pZip, mz_uint64 size, mz_uint flags);
+
+mz_bool mz_zip_reader_init_mem(mz_zip_archive *pZip, const void *pMem, size_t size, mz_uint flags);
+
+#ifndef MINIZ_NO_STDIO
+/* Read a archive from a disk file. */
+/* file_start_ofs is the file offset where the archive actually begins, or 0. */
+/* actual_archive_size is the true total size of the archive, which may be smaller than the file's actual size on disk. If zero the entire file is treated as the archive. */
+mz_bool mz_zip_reader_init_file(mz_zip_archive *pZip, const char *pFilename, mz_uint32 flags);
+mz_bool mz_zip_reader_init_file_v2(mz_zip_archive *pZip, const char *pFilename, mz_uint flags, mz_uint64 file_start_ofs, mz_uint64 archive_size);
+
+/* Read an archive from an already opened FILE, beginning at the current file position. */
+/* The archive is assumed to be archive_size bytes long. If archive_size is < 0, then the entire rest of the file is assumed to contain the archive. */
+/* The FILE will NOT be closed when mz_zip_reader_end() is called. */
+mz_bool mz_zip_reader_init_cfile(mz_zip_archive *pZip, MZ_FILE *pFile, mz_uint64 archive_size, mz_uint flags);
+#endif
+
+/* Ends archive reading, freeing all allocations, and closing the input archive file if mz_zip_reader_init_file() was used. */
+mz_bool mz_zip_reader_end(mz_zip_archive *pZip);
+
+/* -------- ZIP reading or writing */
+
+/* Clears a mz_zip_archive struct to all zeros. */
+/* Important: This must be done before passing the struct to any mz_zip functions. */
+void mz_zip_zero_struct(mz_zip_archive *pZip);
+
+mz_zip_mode mz_zip_get_mode(mz_zip_archive *pZip);
+mz_zip_type mz_zip_get_type(mz_zip_archive *pZip);
+
+/* Returns the total number of files in the archive. */
+mz_uint mz_zip_reader_get_num_files(mz_zip_archive *pZip);
+
+mz_uint64 mz_zip_get_archive_size(mz_zip_archive *pZip);
+mz_uint64 mz_zip_get_archive_file_start_offset(mz_zip_archive *pZip);
+MZ_FILE *mz_zip_get_cfile(mz_zip_archive *pZip);
+
+/* Reads n bytes of raw archive data, starting at file offset file_ofs, to pBuf. */
+size_t mz_zip_read_archive_data(mz_zip_archive *pZip, mz_uint64 file_ofs, void *pBuf, size_t n);
+
+/* Attempts to locates a file in the archive's central directory. */
+/* Valid flags: MZ_ZIP_FLAG_CASE_SENSITIVE, MZ_ZIP_FLAG_IGNORE_PATH */
+/* Returns -1 if the file cannot be found. */
+int mz_zip_locate_file(mz_zip_archive *pZip, const char *pName, const char *pComment, mz_uint flags);
+/* Returns MZ_FALSE if the file cannot be found. */
+mz_bool mz_zip_locate_file_v2(mz_zip_archive *pZip, const char *pName, const char *pComment, mz_uint flags, mz_uint32 *pIndex);
+
+/* All mz_zip funcs set the m_last_error field in the mz_zip_archive struct. These functions retrieve/manipulate this field. */
+/* Note that the m_last_error functionality is not thread safe. */
+mz_zip_error mz_zip_set_last_error(mz_zip_archive *pZip, mz_zip_error err_num);
+mz_zip_error mz_zip_peek_last_error(mz_zip_archive *pZip);
+mz_zip_error mz_zip_clear_last_error(mz_zip_archive *pZip);
+mz_zip_error mz_zip_get_last_error(mz_zip_archive *pZip);
+const char *mz_zip_get_error_string(mz_zip_error mz_err);
+
+/* MZ_TRUE if the archive file entry is a directory entry. */
+mz_bool mz_zip_reader_is_file_a_directory(mz_zip_archive *pZip, mz_uint file_index);
+
+/* MZ_TRUE if the file is encrypted/strong encrypted. */
+mz_bool mz_zip_reader_is_file_encrypted(mz_zip_archive *pZip, mz_uint file_index);
+
+/* MZ_TRUE if the compression method is supported, and the file is not encrypted, and the file is not a compressed patch file. */
+mz_bool mz_zip_reader_is_file_supported(mz_zip_archive *pZip, mz_uint file_index);
+
+/* Retrieves the filename of an archive file entry. */
+/* Returns the number of bytes written to pFilename, or if filename_buf_size is 0 this function returns the number of bytes needed to fully store the filename. */
+mz_uint mz_zip_reader_get_filename(mz_zip_archive *pZip, mz_uint file_index, char *pFilename, mz_uint filename_buf_size);
+
+/* Attempts to locates a file in the archive's central directory. */
+/* Valid flags: MZ_ZIP_FLAG_CASE_SENSITIVE, MZ_ZIP_FLAG_IGNORE_PATH */
+/* Returns -1 if the file cannot be found. */
+int mz_zip_reader_locate_file(mz_zip_archive *pZip, const char *pName, const char *pComment, mz_uint flags);
+int mz_zip_reader_locate_file_v2(mz_zip_archive *pZip, const char *pName, const char *pComment, mz_uint flags, mz_uint32 *file_index);
+
+/* Returns detailed information about an archive file entry. */
+mz_bool mz_zip_reader_file_stat(mz_zip_archive *pZip, mz_uint file_index, mz_zip_archive_file_stat *pStat);
+
+/* MZ_TRUE if the file is in zip64 format. */
+/* A file is considered zip64 if it contained a zip64 end of central directory marker, or if it contained any zip64 extended file information fields in the central directory. */
+mz_bool mz_zip_is_zip64(mz_zip_archive *pZip);
+
+/* Returns the total central directory size in bytes. */
+/* The current max supported size is <= MZ_UINT32_MAX. */
+size_t mz_zip_get_central_dir_size(mz_zip_archive *pZip);
+
+/* Extracts a archive file to a memory buffer using no memory allocation. */
+/* There must be at least enough room on the stack to store the inflator's state (~34KB or so). */
+mz_bool mz_zip_reader_extract_to_mem_no_alloc(mz_zip_archive *pZip, mz_uint file_index, void *pBuf, size_t buf_size, mz_uint flags, void *pUser_read_buf, size_t user_read_buf_size);
+mz_bool mz_zip_reader_extract_file_to_mem_no_alloc(mz_zip_archive *pZip, const char *pFilename, void *pBuf, size_t buf_size, mz_uint flags, void *pUser_read_buf, size_t user_read_buf_size);
+
+/* Extracts a archive file to a memory buffer. */
+mz_bool mz_zip_reader_extract_to_mem(mz_zip_archive *pZip, mz_uint file_index, void *pBuf, size_t buf_size, mz_uint flags);
+mz_bool mz_zip_reader_extract_file_to_mem(mz_zip_archive *pZip, const char *pFilename, void *pBuf, size_t buf_size, mz_uint flags);
+
+/* Extracts a archive file to a dynamically allocated heap buffer. */
+/* The memory will be allocated via the mz_zip_archive's alloc/realloc functions. */
+/* Returns NULL and sets the last error on failure. */
+void *mz_zip_reader_extract_to_heap(mz_zip_archive *pZip, mz_uint file_index, size_t *pSize, mz_uint flags);
+void *mz_zip_reader_extract_file_to_heap(mz_zip_archive *pZip, const char *pFilename, size_t *pSize, mz_uint flags);
+
+/* Extracts a archive file using a callback function to output the file's data. */
+mz_bool mz_zip_reader_extract_to_callback(mz_zip_archive *pZip, mz_uint file_index, mz_file_write_func pCallback, void *pOpaque, mz_uint flags);
+mz_bool mz_zip_reader_extract_file_to_callback(mz_zip_archive *pZip, const char *pFilename, mz_file_write_func pCallback, void *pOpaque, mz_uint flags);
+
+#ifndef MINIZ_NO_STDIO
+/* Extracts a archive file to a disk file and sets its last accessed and modified times. */
+/* This function only extracts files, not archive directory records. */
+mz_bool mz_zip_reader_extract_to_file(mz_zip_archive *pZip, mz_uint file_index, const char *pDst_filename, mz_uint flags);
+mz_bool mz_zip_reader_extract_file_to_file(mz_zip_archive *pZip, const char *pArchive_filename, const char *pDst_filename, mz_uint flags);
+
+/* Extracts a archive file starting at the current position in the destination FILE stream. */
+mz_bool mz_zip_reader_extract_to_cfile(mz_zip_archive *pZip, mz_uint file_index, MZ_FILE *File, mz_uint flags);
+mz_bool mz_zip_reader_extract_file_to_cfile(mz_zip_archive *pZip, const char *pArchive_filename, MZ_FILE *pFile, mz_uint flags);
+#endif
+
+#if 0
+/* TODO */
+	typedef void *mz_zip_streaming_extract_state_ptr;
+	mz_zip_streaming_extract_state_ptr mz_zip_streaming_extract_begin(mz_zip_archive *pZip, mz_uint file_index, mz_uint flags);
+	uint64_t mz_zip_streaming_extract_get_size(mz_zip_archive *pZip, mz_zip_streaming_extract_state_ptr pState);
+	uint64_t mz_zip_streaming_extract_get_cur_ofs(mz_zip_archive *pZip, mz_zip_streaming_extract_state_ptr pState);
+	mz_bool mz_zip_streaming_extract_seek(mz_zip_archive *pZip, mz_zip_streaming_extract_state_ptr pState, uint64_t new_ofs);
+	size_t mz_zip_streaming_extract_read(mz_zip_archive *pZip, mz_zip_streaming_extract_state_ptr pState, void *pBuf, size_t buf_size);
+	mz_bool mz_zip_streaming_extract_end(mz_zip_archive *pZip, mz_zip_streaming_extract_state_ptr pState);
+#endif
+
+/* This function compares the archive's local headers, the optional local zip64 extended information block, and the optional descriptor following the compressed data vs. the data in the central directory. */
+/* It also validates that each file can be successfully uncompressed unless the MZ_ZIP_FLAG_VALIDATE_HEADERS_ONLY is specified. */
+mz_bool mz_zip_validate_file(mz_zip_archive *pZip, mz_uint file_index, mz_uint flags);
+
+/* Validates an entire archive by calling mz_zip_validate_file() on each file. */
+mz_bool mz_zip_validate_archive(mz_zip_archive *pZip, mz_uint flags);
+
+/* Misc utils/helpers, valid for ZIP reading or writing */
+mz_bool mz_zip_validate_mem_archive(const void *pMem, size_t size, mz_uint flags, mz_zip_error *pErr);
+mz_bool mz_zip_validate_file_archive(const char *pFilename, mz_uint flags, mz_zip_error *pErr);
+
+/* Universal end function - calls either mz_zip_reader_end() or mz_zip_writer_end(). */
+mz_bool mz_zip_end(mz_zip_archive *pZip);
+
+/* -------- ZIP writing */
+
+#ifndef MINIZ_NO_ARCHIVE_WRITING_APIS
+
+/* Inits a ZIP archive writer. */
+mz_bool mz_zip_writer_init(mz_zip_archive *pZip, mz_uint64 existing_size);
+mz_bool mz_zip_writer_init_v2(mz_zip_archive *pZip, mz_uint64 existing_size, mz_uint flags);
+mz_bool mz_zip_writer_init_heap(mz_zip_archive *pZip, size_t size_to_reserve_at_beginning, size_t initial_allocation_size);
+mz_bool mz_zip_writer_init_heap_v2(mz_zip_archive *pZip, size_t size_to_reserve_at_beginning, size_t initial_allocation_size, mz_uint flags);
+
+#ifndef MINIZ_NO_STDIO
+mz_bool mz_zip_writer_init_file(mz_zip_archive *pZip, const char *pFilename, mz_uint64 size_to_reserve_at_beginning);
+mz_bool mz_zip_writer_init_file_v2(mz_zip_archive *pZip, const char *pFilename, mz_uint64 size_to_reserve_at_beginning, mz_uint flags);
+mz_bool mz_zip_writer_init_cfile(mz_zip_archive *pZip, MZ_FILE *pFile, mz_uint flags);
+#endif
+
+/* Converts a ZIP archive reader object into a writer object, to allow efficient in-place file appends to occur on an existing archive. */
+/* For archives opened using mz_zip_reader_init_file, pFilename must be the archive's filename so it can be reopened for writing. If the file can't be reopened, mz_zip_reader_end() will be called. */
+/* For archives opened using mz_zip_reader_init_mem, the memory block must be growable using the realloc callback (which defaults to realloc unless you've overridden it). */
+/* Finally, for archives opened using mz_zip_reader_init, the mz_zip_archive's user provided m_pWrite function cannot be NULL. */
+/* Note: In-place archive modification is not recommended unless you know what you're doing, because if execution stops or something goes wrong before */
+/* the archive is finalized the file's central directory will be hosed. */
+mz_bool mz_zip_writer_init_from_reader(mz_zip_archive *pZip, const char *pFilename);
+mz_bool mz_zip_writer_init_from_reader_v2(mz_zip_archive *pZip, const char *pFilename, mz_uint flags);
+
+/* Adds the contents of a memory buffer to an archive. These functions record the current local time into the archive. */
+/* To add a directory entry, call this method with an archive name ending in a forwardslash with an empty buffer. */
+/* level_and_flags - compression level (0-10, see MZ_BEST_SPEED, MZ_BEST_COMPRESSION, etc.) logically OR'd with zero or more mz_zip_flags, or just set to MZ_DEFAULT_COMPRESSION. */
+mz_bool mz_zip_writer_add_mem(mz_zip_archive *pZip, const char *pArchive_name, const void *pBuf, size_t buf_size, mz_uint level_and_flags);
+
+/* Like mz_zip_writer_add_mem(), except you can specify a file comment field, and optionally supply the function with already compressed data. */
+/* uncomp_size/uncomp_crc32 are only used if the MZ_ZIP_FLAG_COMPRESSED_DATA flag is specified. */
+mz_bool mz_zip_writer_add_mem_ex(mz_zip_archive *pZip, const char *pArchive_name, const void *pBuf, size_t buf_size, const void *pComment, mz_uint16 comment_size, mz_uint level_and_flags,
+                                 mz_uint64 uncomp_size, mz_uint32 uncomp_crc32);
+
+mz_bool mz_zip_writer_add_mem_ex_v2(mz_zip_archive *pZip, const char *pArchive_name, const void *pBuf, size_t buf_size, const void *pComment, mz_uint16 comment_size, mz_uint level_and_flags,
+                                    mz_uint64 uncomp_size, mz_uint32 uncomp_crc32, MZ_TIME_T *last_modified, const char *user_extra_data_local, mz_uint user_extra_data_local_len,
+                                    const char *user_extra_data_central, mz_uint user_extra_data_central_len);
+
+#ifndef MINIZ_NO_STDIO
+/* Adds the contents of a disk file to an archive. This function also records the disk file's modified time into the archive. */
+/* level_and_flags - compression level (0-10, see MZ_BEST_SPEED, MZ_BEST_COMPRESSION, etc.) logically OR'd with zero or more mz_zip_flags, or just set to MZ_DEFAULT_COMPRESSION. */
+mz_bool mz_zip_writer_add_file(mz_zip_archive *pZip, const char *pArchive_name, const char *pSrc_filename, const void *pComment, mz_uint16 comment_size, mz_uint level_and_flags);
+
+/* Like mz_zip_writer_add_file(), except the file data is read from the specified FILE stream. */
+mz_bool mz_zip_writer_add_cfile(mz_zip_archive *pZip, const char *pArchive_name, MZ_FILE *pSrc_file, mz_uint64 size_to_add,
+                                const MZ_TIME_T *pFile_time, const void *pComment, mz_uint16 comment_size, mz_uint level_and_flags, const char *user_extra_data_local, mz_uint user_extra_data_local_len,
+                                const char *user_extra_data_central, mz_uint user_extra_data_central_len);
+#endif
+
+/* Adds a file to an archive by fully cloning the data from another archive. */
+/* This function fully clones the source file's compressed data (no recompression), along with its full filename, extra data (it may add or modify the zip64 local header extra data field), and the optional descriptor following the compressed data. */
+mz_bool mz_zip_writer_add_from_zip_reader(mz_zip_archive *pZip, mz_zip_archive *pSource_zip, mz_uint src_file_index);
+
+/* Finalizes the archive by writing the central directory records followed by the end of central directory record. */
+/* After an archive is finalized, the only valid call on the mz_zip_archive struct is mz_zip_writer_end(). */
+/* An archive must be manually finalized by calling this function for it to be valid. */
+mz_bool mz_zip_writer_finalize_archive(mz_zip_archive *pZip);
+
+/* Finalizes a heap archive, returning a poiner to the heap block and its size. */
+/* The heap block will be allocated using the mz_zip_archive's alloc/realloc callbacks. */
+mz_bool mz_zip_writer_finalize_heap_archive(mz_zip_archive *pZip, void **ppBuf, size_t *pSize);
+
+/* Ends archive writing, freeing all allocations, and closing the output file if mz_zip_writer_init_file() was used. */
+/* Note for the archive to be valid, it *must* have been finalized before ending (this function will not do it for you). */
+mz_bool mz_zip_writer_end(mz_zip_archive *pZip);
+
+/* -------- Misc. high-level helper functions: */
+
+/* mz_zip_add_mem_to_archive_file_in_place() efficiently (but not atomically) appends a memory blob to a ZIP archive. */
+/* Note this is NOT a fully safe operation. If it crashes or dies in some way your archive can be left in a screwed up state (without a central directory). */
+/* level_and_flags - compression level (0-10, see MZ_BEST_SPEED, MZ_BEST_COMPRESSION, etc.) logically OR'd with zero or more mz_zip_flags, or just set to MZ_DEFAULT_COMPRESSION. */
+/* TODO: Perhaps add an option to leave the existing central dir in place in case the add dies? We could then truncate the file (so the old central dir would be at the end) if something goes wrong. */
+mz_bool mz_zip_add_mem_to_archive_file_in_place(const char *pZip_filename, const char *pArchive_name, const void *pBuf, size_t buf_size, const void *pComment, mz_uint16 comment_size, mz_uint level_and_flags);
+mz_bool mz_zip_add_mem_to_archive_file_in_place_v2(const char *pZip_filename, const char *pArchive_name, const void *pBuf, size_t buf_size, const void *pComment, mz_uint16 comment_size, mz_uint level_and_flags, mz_zip_error *pErr);
+
+/* Reads a single file from an archive into a heap block. */
+/* If pComment is not NULL, only the file with the specified comment will be extracted. */
+/* Returns NULL on failure. */
+void *mz_zip_extract_archive_file_to_heap(const char *pZip_filename, const char *pArchive_name, size_t *pSize, mz_uint flags);
+void *mz_zip_extract_archive_file_to_heap_v2(const char *pZip_filename, const char *pArchive_name, const char *pComment, size_t *pSize, mz_uint flags, mz_zip_error *pErr);
+
+#endif /* #ifndef MINIZ_NO_ARCHIVE_WRITING_APIS */
+
+#ifdef __cplusplus
+}
+#endif

From c2a8fb2485c18a78749b895719c1946f526b3f87 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Matthias=20G=C3=BCdemann?= <matthias.guedemann@diffblue.com>
Date: Thu, 23 Feb 2017 13:03:47 +0100
Subject: [PATCH 092/699] type cleanup in miniz

---
 src/miniz/miniz.h | 21 +++++++++++----------
 1 file changed, 11 insertions(+), 10 deletions(-)

diff --git a/src/miniz/miniz.h b/src/miniz/miniz.h
index daa6423c08b..45659d8cf1a 100644
--- a/src/miniz/miniz.h
+++ b/src/miniz/miniz.h
@@ -176,7 +176,7 @@
 
 
 
-/* Defines to completely disable specific portions of miniz.c: 
+/* Defines to completely disable specific portions of miniz.c:
    If all macros here are defined the only functionality remaining will be CRC-32, adler-32, tinfl, and tdefl. */
 
 /* Define MINIZ_NO_STDIO to disable all usage and any functions which rely on stdio for file I/O. */
@@ -199,7 +199,7 @@
 /* Define MINIZ_NO_ZLIB_COMPATIBLE_NAME to disable zlib names, to prevent conflicts against stock zlib. */
 /*#define MINIZ_NO_ZLIB_COMPATIBLE_NAMES */
 
-/* Define MINIZ_NO_MALLOC to disable all calls to malloc, free, and realloc. 
+/* Define MINIZ_NO_MALLOC to disable all calls to malloc, free, and realloc.
    Note if MINIZ_NO_MALLOC is defined then the user must always provide custom user alloc/free/realloc
    callbacks to the zlib and archive API's, and a few stand-alone helper API's which don't provide custom user
    functions (such as tdefl_compress_mem_to_heap() and tinfl_decompress_mem_to_heap()) won't work. */
@@ -523,19 +523,20 @@ typedef void *const voidpc;
 #include <stdlib.h>
 #include <string.h>
 #include <stdint.h>
+#include <stdbool.h>
 
 /* ------------------- Types and macros */
-typedef unsigned char mz_uint8;
-typedef signed short mz_int16;
-typedef unsigned short mz_uint16;
-typedef unsigned int mz_uint32;
+typedef uint8_t mz_uint8;
+typedef int16_t mz_int16;
+typedef uint16_t mz_uint16;
+typedef uint32_t mz_uint32;
 typedef unsigned int mz_uint;
 typedef int64_t mz_int64;
 typedef uint64_t mz_uint64;
-typedef int mz_bool;
+typedef bool mz_bool;
 
-#define MZ_FALSE (0)
-#define MZ_TRUE (1)
+#define MZ_FALSE false
+#define MZ_TRUE true
 
 /* Works around MSVC's spammy "warning C4127: conditional expression is constant" message. */
 #ifdef _MSC_VER
@@ -1195,7 +1196,7 @@ mz_uint mz_zip_reader_get_filename(mz_zip_archive *pZip, mz_uint file_index, cha
 /* Valid flags: MZ_ZIP_FLAG_CASE_SENSITIVE, MZ_ZIP_FLAG_IGNORE_PATH */
 /* Returns -1 if the file cannot be found. */
 int mz_zip_reader_locate_file(mz_zip_archive *pZip, const char *pName, const char *pComment, mz_uint flags);
-int mz_zip_reader_locate_file_v2(mz_zip_archive *pZip, const char *pName, const char *pComment, mz_uint flags, mz_uint32 *file_index);
+mz_bool mz_zip_reader_locate_file_v2(mz_zip_archive *pZip, const char *pName, const char *pComment, mz_uint flags, mz_uint32 *file_index);
 
 /* Returns detailed information about an archive file entry. */
 mz_bool mz_zip_reader_file_stat(mz_zip_archive *pZip, mz_uint file_index, mz_zip_archive_file_stat *pStat);

From 1dd43f6344ea9042aeb4c472f9fbb697a5aa65b1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Matthias=20G=C3=BCdemann?= <matthias.guedemann@diffblue.com>
Date: Tue, 14 Feb 2017 12:08:07 +0100
Subject: [PATCH 093/699] update Makefiles / remove all references to
 libzip/zlib

---
 src/Makefile                                 | 30 ++------------------
 src/cbmc/Makefile                            |  6 ++--
 src/cegis/Makefile                           |  6 ++--
 src/clobber/Makefile                         |  3 +-
 src/config.inc                               |  2 --
 src/goto-analyzer/Makefile                   |  6 ++--
 src/goto-cc/Makefile                         |  6 ++--
 src/goto-diff/Makefile                       |  6 ++--
 src/goto-instrument/Makefile                 |  6 ++--
 src/java_bytecode/Makefile                   |  5 ----
 src/java_bytecode/java_bytecode_language.cpp |  6 ----
 src/java_bytecode/java_class_loader.cpp      |  5 ----
 src/miniz/Makefile                           |  7 ++---
 src/symex/Makefile                           |  6 ++--
 14 files changed, 21 insertions(+), 79 deletions(-)

diff --git a/src/Makefile b/src/Makefile
index e4c62f33eed..7562863742e 100644
--- a/src/Makefile
+++ b/src/Makefile
@@ -2,7 +2,7 @@ DIRS = ansi-c big-int cbmc cpp goto-cc goto-instrument goto-programs \
        goto-symex langapi pointer-analysis solvers util linking xmllang \
        assembler analyses java_bytecode path-symex musketeer \
        json cegis goto-analyzer jsil symex goto-diff clobber \
-       memory-models
+       memory-models miniz
 
 all: cbmc.dir goto-cc.dir goto-instrument.dir symex.dir goto-analyzer.dir goto-diff.dir
 
@@ -20,7 +20,7 @@ cpp.dir: ansi-c.dir linking.dir
 
 languages: util.dir langapi.dir \
            cpp.dir ansi-c.dir xmllang.dir assembler.dir java_bytecode.dir \
-           jsil.dir
+           jsil.dir miniz.dir
 
 goto-instrument.dir: languages goto-programs.dir pointer-analysis.dir \
                      goto-symex.dir linking.dir analyses.dir solvers.dir \
@@ -84,30 +84,6 @@ glucose-download:
 	@(cd ../glucose-syrup; patch -p1 < ../scripts/glucose-syrup-patch)
 	@rm glucose-syrup.tgz
 
-zlib-download:
-	@echo "Downloading zlib 1.2.11"
-	@lwp-download http://zlib.net/zlib-1.2.11.tar.gz
-	@tar xfz zlib-1.2.11.tar.gz
-	@rm -Rf ../zlib
-	@mv zlib-1.2.11 ../zlib
-	@rm zlib-1.2.11.tar.gz
-
-libzip-download:
-	@echo "Downloading libzip 1.1.2"
-	# The below wants SSL
-	#@lwp-download http://www.nih.at/libzip/libzip-1.1.2.tar.gz
-	@lwp-download http://http.debian.net/debian/pool/main/libz/libzip/libzip_1.1.2.orig.tar.gz
-	@tar xfz libzip_1.1.2.orig.tar.gz
-	@rm -Rf ../libzip
-	@mv libzip-1.1.2 ../libzip
-	@rm libzip_1.1.2.orig.tar.gz
-
-libzip-build:
-	@echo "Building zlib"
-	@(cd ../zlib; ./configure; make)
-	@echo "Building libzip"
-	@(cd ../libzip; BASE=`pwd`; ./configure --with-zlib=$(BASE)/zlib ; make)
-
 cprover-jar-build:
 	@echo "Building org.cprover.jar"
 	@(cd java_bytecode/library/; \
@@ -116,4 +92,4 @@ cprover-jar-build:
 	cd target; jar cf org.cprover.jar `find . -name "*.class"`; \
 	mv org.cprover.jar ../../../)
 
-.PHONY: minisat2-download glucose-download zlib-download libzip-download libzip-build cprover-jar-build
+.PHONY: minisat2-download glucose-download cprover-jar-build
diff --git a/src/cbmc/Makefile b/src/cbmc/Makefile
index 8bf055fe3b2..4fdb5338e41 100644
--- a/src/cbmc/Makefile
+++ b/src/cbmc/Makefile
@@ -28,7 +28,8 @@ OBJ += ../ansi-c/ansi-c$(LIBEXT) \
       ../assembler/assembler$(LIBEXT) \
       ../solvers/solvers$(LIBEXT) \
       ../util/util$(LIBEXT) \
-      ../json/json$(LIBEXT)
+      ../json/json$(LIBEXT) \
+      ../miniz/miniz$(OBJEXT)
 
 INCLUDES= -I ..
 
@@ -49,9 +50,6 @@ endif
 ifneq ($(wildcard ../java_bytecode/Makefile),)
   OBJ += ../java_bytecode/java_bytecode$(LIBEXT)
   CP_CXXFLAGS += -DHAVE_JAVA_BYTECODE
-  ifneq ($(wildcard $(LIBZIPINC)),)
-    LIBS += $(LIBZIPLIB)
-  endif
 endif
 
 ifneq ($(wildcard ../jsil/Makefile),)
diff --git a/src/cegis/Makefile b/src/cegis/Makefile
index a126776bd03..be519a9e8a1 100644
--- a/src/cegis/Makefile
+++ b/src/cegis/Makefile
@@ -116,7 +116,8 @@ OBJ += ../ansi-c/ansi-c$(LIBEXT) \
       ../cbmc/cbmc_dimacs$(OBJEXT) ../cbmc/all_properties$(OBJEXT) \
       ../cbmc/fault_localization$(OBJEXT) \
       ../cbmc/symex_coverage$(OBJEXT) \
-      ../json/json$(LIBEXT)
+      ../json/json$(LIBEXT) \
+      ../miniz/miniz$(OBJEXT)
 
 INCLUDES= -I ..
 
@@ -138,9 +139,6 @@ all: cegis$(EXEEXT)
 ifneq ($(wildcard ../java_bytecode/Makefile),)
   OBJ += ../java_bytecode/java_bytecode$(LIBEXT)
   CP_CXXFLAGS += -DHAVE_JAVA_BYTECODE
-  ifneq ($(wildcard $(LIBZIPINC)),)
-    LIBS += $(LIBZIPLIB)
-  endif
 endif
 
 ###############################################################################
diff --git a/src/clobber/Makefile b/src/clobber/Makefile
index f9c76dda397..ee77d22e33a 100644
--- a/src/clobber/Makefile
+++ b/src/clobber/Makefile
@@ -15,7 +15,8 @@ OBJ += ../ansi-c/ansi-c$(LIBEXT) \
        ../goto-symex/rewrite_union$(OBJEXT) \
        ../pointer-analysis/dereference$(OBJEXT) \
        ../goto-instrument/dump_c$(OBJEXT) \
-       ../goto-instrument/goto_program2code$(OBJEXT)
+       ../goto-instrument/goto_program2code$(OBJEXT) \
+       ../miniz/miniz$(OBJEXT)
 
 INCLUDES= -I ..
 
diff --git a/src/config.inc b/src/config.inc
index 2553a2062d8..e1c1266f683 100644
--- a/src/config.inc
+++ b/src/config.inc
@@ -24,8 +24,6 @@ BUILD_ENV = AUTO
 MINISAT2 = ../../minisat-2.2.1
 #GLUCOSE = ../../glucose-syrup
 #SMVSAT =
-LIBZIPLIB = ../../libzip/lib/.libs/libzip.a ../../zlib/libz.a
-LIBZIPINC = ../../libzip/lib
 
 # Signing identity for MacOS Gatekeeper
 
diff --git a/src/goto-analyzer/Makefile b/src/goto-analyzer/Makefile
index bfeac69abba..b27b514bf88 100644
--- a/src/goto-analyzer/Makefile
+++ b/src/goto-analyzer/Makefile
@@ -12,7 +12,8 @@ OBJ += ../ansi-c/ansi-c$(LIBEXT) \
       ../langapi/langapi$(LIBEXT) \
       ../json/json$(LIBEXT) \
       ../assembler/assembler$(LIBEXT) \
-      ../util/util$(LIBEXT)
+      ../util/util$(LIBEXT) \
+      ../miniz/miniz$(OBJEXT)
 
 INCLUDES= -I ..
 
@@ -28,9 +29,6 @@ all: goto-analyzer$(EXEEXT)
 ifneq ($(wildcard ../java_bytecode/Makefile),)
   OBJ += ../java_bytecode/java_bytecode$(LIBEXT)
   CP_CXXFLAGS += -DHAVE_JAVA_BYTECODE
-  ifneq ($(wildcard $(LIBZIPINC)),)
-    LIBS += $(LIBZIPLIB)
-  endif
 endif
 
 ifneq ($(wildcard ../jsil/Makefile),)
diff --git a/src/goto-cc/Makefile b/src/goto-cc/Makefile
index 727a010fb1d..04261db95f0 100644
--- a/src/goto-cc/Makefile
+++ b/src/goto-cc/Makefile
@@ -13,7 +13,8 @@ OBJ += ../big-int/big-int$(LIBEXT) \
       ../cpp/cpp$(LIBEXT) \
       ../xmllang/xmllang$(LIBEXT) \
       ../assembler/assembler$(LIBEXT) \
-      ../langapi/langapi$(LIBEXT)
+      ../langapi/langapi$(LIBEXT) \
+      ../miniz/miniz$(OBJEXT)
 
 INCLUDES= -I ..
 
@@ -31,9 +32,6 @@ all: goto-cc$(EXEEXT)
 
 ifneq ($(wildcard ../java_bytecode/Makefile),)
   OBJ += ../java_bytecode/java_bytecode$(LIBEXT)
-  ifneq ($(wildcard $(LIBZIPINC)),)
-    LIBS += $(LIBZIPLIB)
-  endif
 endif
 
 ifneq ($(wildcard ../jsil/Makefile),)
diff --git a/src/goto-diff/Makefile b/src/goto-diff/Makefile
index 6f9dd1a893a..c003d0c96b0 100644
--- a/src/goto-diff/Makefile
+++ b/src/goto-diff/Makefile
@@ -13,7 +13,8 @@ OBJ += ../ansi-c/ansi-c$(LIBEXT) \
       ../langapi/langapi$(LIBEXT) \
       ../xmllang/xmllang$(LIBEXT) \
       ../util/util$(LIBEXT) \
-      ../solvers/solvers$(LIBEXT)
+      ../solvers/solvers$(LIBEXT) \
+      ../miniz/miniz$(OBJEXT)
 
 INCLUDES= -I ..
 
@@ -29,9 +30,6 @@ all: goto-diff$(EXEEXT)
 ifneq ($(wildcard ../java_bytecode/Makefile),)
   OBJ += ../java_bytecode/java_bytecode$(LIBEXT)
   CP_CXXFLAGS += -DHAVE_JAVA_BYTECODE
-  ifneq ($(wildcard $(LIBZIPINC)),)
-    LIBS += $(LIBZIPLIB)
-  endif
 endif
 
 ifneq ($(wildcard ../specc/Makefile),)
diff --git a/src/goto-instrument/Makefile b/src/goto-instrument/Makefile
index df45e7612fe..571bdf90eb9 100644
--- a/src/goto-instrument/Makefile
+++ b/src/goto-instrument/Makefile
@@ -38,7 +38,8 @@ OBJ += ../ansi-c/ansi-c$(LIBEXT) \
       ../xmllang/xmllang$(LIBEXT) \
       ../util/util$(LIBEXT) \
       ../json/json$(LIBEXT) \
-      ../solvers/solvers$(LIBEXT)
+      ../solvers/solvers$(LIBEXT) \
+      ../miniz/miniz$(OBJEXT)
 
 INCLUDES= -I ..
 
@@ -54,9 +55,6 @@ all: goto-instrument$(EXEEXT)
 ifneq ($(wildcard ../java_bytecode/Makefile),)
   OBJ += ../java_bytecode/java_bytecode$(LIBEXT)
   CP_CXXFLAGS += -DHAVE_JAVA_BYTECODE
-  ifneq ($(wildcard $(LIBZIPINC)),)
-    LIBS += $(LIBZIPLIB)
-  endif
 endif
 
 ifneq ($(LIB_GLPK),)
diff --git a/src/java_bytecode/Makefile b/src/java_bytecode/Makefile
index e27bc3e038d..20958a3ede3 100644
--- a/src/java_bytecode/Makefile
+++ b/src/java_bytecode/Makefile
@@ -15,11 +15,6 @@ include ../common
 
 CLEANFILES = java_bytecode$(LIBEXT)
 
-ifneq ($(wildcard $(LIBZIPINC)),)
-  INCLUDES += -I $(LIBZIPINC)
-  CP_CXXFLAGS += -DHAVE_LIBZIP
-endif
-
 all: java_bytecode$(LIBEXT)
 
 ###############################################################################
diff --git a/src/java_bytecode/java_bytecode_language.cpp b/src/java_bytecode/java_bytecode_language.cpp
index eaae4b50a77..37ed835eca0 100644
--- a/src/java_bytecode/java_bytecode_language.cpp
+++ b/src/java_bytecode/java_bytecode_language.cpp
@@ -138,7 +138,6 @@ bool java_bytecode_languaget::parse(
   }
   else if(has_suffix(path, ".jar"))
   {
-    #ifdef HAVE_LIBZIP
     if(config.java.main_class.empty())
     {
       // Does it have a main class set in the manifest?
@@ -162,11 +161,6 @@ bool java_bytecode_languaget::parse(
     }
     else
       java_class_loader.add_jar_file(path);
-
-    #else
-    error() << "No support for reading JAR files" << eom;
-    return true;
-    #endif
   }
   else
     assert(false);
diff --git a/src/java_bytecode/java_class_loader.cpp b/src/java_bytecode/java_class_loader.cpp
index 541faf6828d..dc4330aa00c 100644
--- a/src/java_bytecode/java_class_loader.cpp
+++ b/src/java_bytecode/java_class_loader.cpp
@@ -212,11 +212,6 @@ void java_class_loadert::read_jar_file(const irep_idt &file)
   if(jar_map.find(file)!=jar_map.end())
     return;
 
-  #ifndef HAVE_LIBZIP
-  error() << "no support for reading JAR files configured" << eom;
-  return;
-  #endif
-
   jar_filet &jar_file=jar_pool(id2string(file));
 
   if(!jar_file)
diff --git a/src/miniz/Makefile b/src/miniz/Makefile
index f2367695802..324c9821b91 100644
--- a/src/miniz/Makefile
+++ b/src/miniz/Makefile
@@ -5,11 +5,8 @@ INCLUDES= -I ..
 include ../config.inc
 include ../common
 
-CLEANFILES = miniz$(LIBEXT)
+CLEANFILES = miniz$(OBJEXT)
 
-all: miniz$(LIBEXT)
+all: miniz$(OBJEXT)
 
 ###############################################################################
-
-miniz$(LIBEXT): $(OBJ)
-	$(LINKLIB)
diff --git a/src/symex/Makefile b/src/symex/Makefile
index e3a9c677b78..e152b2461bf 100644
--- a/src/symex/Makefile
+++ b/src/symex/Makefile
@@ -17,7 +17,8 @@ OBJ += ../ansi-c/ansi-c$(LIBEXT) \
        ../pointer-analysis/dereference$(OBJEXT) \
        ../goto-instrument/cover$(OBJEXT) \
        ../json/json$(LIBEXT) \
-       ../path-symex/path-symex$(LIBEXT)
+       ../path-symex/path-symex$(LIBEXT) \
+       ../miniz/miniz$(OBJEXT)
 
 INCLUDES= -I ..
 
@@ -38,9 +39,6 @@ endif
 ifneq ($(wildcard ../java_bytecode/Makefile),)
   OBJ += ../java_bytecode/java_bytecode$(LIBEXT)
   CP_CXXFLAGS += -DHAVE_JAVA_BYTECODE
-  ifneq ($(wildcard $(LIBZIPINC)),)
-    LIBS += $(LIBZIPLIB)
-  endif
 endif
 
 ifneq ($(wildcard ../specc/Makefile),)

From 8e3f681257ee906f7dafd24c52e741549dad3b2d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Matthias=20G=C3=BCdemann?= <matthias.guedemann@diffblue.com>
Date: Tue, 14 Feb 2017 11:53:34 +0100
Subject: [PATCH 094/699] regression test with multiple JARs/classpath

---
 regression/cbmc-java/jar-file3/A.jar          | Bin 0 -> 721 bytes
 regression/cbmc-java/jar-file3/B.jar          | Bin 0 -> 721 bytes
 regression/cbmc-java/jar-file3/C.jar          | Bin 0 -> 934 bytes
 regression/cbmc-java/jar-file3/jarfile3.class | Bin 0 -> 709 bytes
 regression/cbmc-java/jar-file3/jarfile3.java  |  19 ++++++++++++++++++
 regression/cbmc-java/jar-file3/test.desc      |   8 ++++++++
 6 files changed, 27 insertions(+)
 create mode 100644 regression/cbmc-java/jar-file3/A.jar
 create mode 100644 regression/cbmc-java/jar-file3/B.jar
 create mode 100644 regression/cbmc-java/jar-file3/C.jar
 create mode 100644 regression/cbmc-java/jar-file3/jarfile3.class
 create mode 100644 regression/cbmc-java/jar-file3/jarfile3.java
 create mode 100644 regression/cbmc-java/jar-file3/test.desc

diff --git a/regression/cbmc-java/jar-file3/A.jar b/regression/cbmc-java/jar-file3/A.jar
new file mode 100644
index 0000000000000000000000000000000000000000..e721e6f32f945341ca9aafca44a794bb16cfeb02
GIT binary patch
literal 721
zcmWIWW@Zs#;Nak3$Pf4PVn70%3@i-3t|5-Po_=on|4uP5Ff#;rvvYt{FhP|C;M6Pv
zQ~}rQ>*(j{<{BKL=j-;__snS@Z(Y5MyxzK6=gyqp9At3C_`%a6JuhD!Pv48Bt5`TA
zUPvC1mXg%U_#v*U_I!z!#dC4dC*rEp7_Mf2D*9N&2zG^l;4&o_pdGG2jBrIdnim9s
zvRR2mX_+~x#ww0_$vKI|#jgIo-iI9oYA>t!?p9O#8lCUNZ`vBR!Q6F1Q-DTQz@Ge9
ztE3-^O$zxFE!Xwnp!|b=p>*bhhozrA-fM1bzd!yygPO&wL#{dx7N&33mAAJ0#`)#k
z48dDhyY+rAXE8jV@^MLVY1z5E+_@#Co*eA|-%e(4vW~UWax%H@c6Uu&aOj=WCeQnJ
zM6c^=-F0mnhxA#E$@xYO>~|TM*coqqsFg9=oA_n@4?Z^oV>i*uG1Hc6ac&gtE6$vE
ze0%0HG0}sPH<+z@1&;seJ8r*CB8U6P#@HjG)}OZV_A!P#r$zWp;kmxxiSXJZv4?-I
z=u~tM?3bNZH7EDlG{JALIO}_I-!%OL2i}6vmH++&gC>v>6nKnGA`GZ002aNV6o3lg
zQ3^^A=vtBE1Qh=WU<+izwIZbkWD`JfhwLy=+#$eWAQL?%1H4(;Kq{Dla5snnb~gZw
CHqIXa

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/jar-file3/B.jar b/regression/cbmc-java/jar-file3/B.jar
new file mode 100644
index 0000000000000000000000000000000000000000..d381e413e74f2aa5d1f92381ec7fe608679b7e81
GIT binary patch
literal 721
zcmWIWW@Zs#;Nak3C=U1YVn70%3@i-3t|5-Po_=on|4uP5Ff#;rvvYt{FhP|C;M6Pv
zQ~}rQ>*(j{<{BKL=j-;__snS@Z(Y5MyxzK6=gyqp9At3C_`%a6JuhD!Pv48Bt5`TA
zUPvC1mXg%U_#v*U_I!z!#dC4dC*rEp7_Mf2D*9N&2zG^l;4&o_pdGG2jBrIdnim9s
zvRR2mX_+~x#wt#F$vKI|#jgIo-iI9oYA-Lln|61`kH3Y&RVy^NG~E;77i)34*!-wA
zIQ*_aut(6x{7Q``_WA~UuQ|Ld{P{Ebzu!Ca=TBWNv&G?s{QMJL*roMui`)>qp?twQ
z+3Q7^{<b&s1)k_!Jv#a9nU|L3`Z;;4y`2nx<jdO&>^b@9qQIe<XV0GfWNLVHub<Jo
z6T6RYnlU^3b=QK6Jwbn$iB^3ORrw~mOMr>pCtu>P_P*wY%PRA_JeQrmG^OPP=kb~6
z<{#hgne|L`p=|;C7b(TQA9MNs-$>e^E8v<Z82;wO?Q0fV>)Or~%rTH#=kQTIYU6gN
z-;34QWKwO#biP_fuh(^cb4~c4MDz{Dzl@+Lv^lv+>OU}O0vSPp$H*kYfSLke(F;le
zr~n?Np!9&Q6**2o@s9wuKqg!(Qffdp0Tg%04g<v<0vrZ1(PJ{eo0Scuf*A;RgBW0U
F0{|L0({um;

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/jar-file3/C.jar b/regression/cbmc-java/jar-file3/C.jar
new file mode 100644
index 0000000000000000000000000000000000000000..e318db6c41337660e8f6b907e09fa5681d712f70
GIT binary patch
literal 934
zcmWIWW@Zs#;Nak3Fpcx`Vn70%3@i-3t|5-Po_=on|4uP5Ff#;rvvYt{FhP|C;M6Pv
zQ~}rQ>*(j{<{BKL=j-;__snS@Z(Y5MyxzK6=gyqp9At3C_`%a6JuhD!Pv48Bt5`TA
zUPvC1mXg%U_#v*U_I!z!#dC4dC*rEp7_Mf2D*9N&2zG^l;4&o_pdGG2jBv&AXjCuo
z0cEoii_$W4QjPVJa}tY-eS>2Cg&jp~H{UJWEkD(1={5c%UKd##XPubMqPxOV*iOzs
z?ZdWQ_RU-K&c3<!BL3k~_xYhpoxWf0{$KL(%&8!`v}fmbK0jw!o>uq&??>SSR&rJv
ziT4i4va`JsduL@3xcy<$LA6U8HoRESQ90Yd{JYGZ_WVRohaAp|w;GeOss)a0?BU$X
zqQ$#6(9@#lQF@|G3EQUQXC^u%D)$^p308QnzgNg$d%LZs!B%0nqWmx0l&^aGs(qi~
zxqq$Y(q@$x`)=~yTdKKhiDTm<xAKCzDa8gdE7#QszB&|SA8@=!Ztd6R?~UzT>n2TX
z?49N|O<y@$ZkgfZhm2t?S-VzPaxA)jHtgEL;-zg}O_8mwq5RnyTvOEF{Pl}36F&9Z
zTJrryGkv>)EjJ&w%(^$lVXOM%fRp!H`EL8T6;>I$ulW4QyGAB(U1oJpk-#p=bDQs+
zEfkIUd^%kq-b66;T&u{H$5L6(uk`Df?zEFUY@uSi-MVdM^PhX+B7OmpmaVCEP1bH7
zKk$58|Nq4+%{ix6h#3Y=)cQ1M{efd5bEiJM{7`N2YZqII`Y-o)BtCqm^Z(3R?&Ggl
z>Lyej`^)#fWzzh_XZsc!SXvaX=RbA$!#pmvXP3U@W;IH&MHjAIYpl2Rs68lU{uE0H
zyurx8a1@w41H2iTL>N#LHZ0YG5;iJ;r&LffN7ss+)IiA^0c?RxxK^Y@j%)%bNg_K8
clq3=0Fp!CwKm)v4*+BBlK)4e~UkAGy09`dfUjP6A

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/jar-file3/jarfile3.class b/regression/cbmc-java/jar-file3/jarfile3.class
new file mode 100644
index 0000000000000000000000000000000000000000..ececc4cc3057d71a26d614fed6c32b64d2261195
GIT binary patch
literal 709
zcmYjPT~8B16g{)ucDo;yLZQ|V#7fZxfttvh1TCmZ6Fwd=Ch)dx2eY+q&Ft3bU*W|^
zpH(7>P4wOWr18w^QXY2Z&bepqIrr}T`t$t<fDJrwP{M+R+YSuWE!=TnqHe>*qD`b>
zVaY)e3pQaM?mD;!-@>wh*cR~GQ6$yQAc$ib6KV-m8v3A;a2Ul;!#L;+WRIC+fx>1O
zg~^sc&R>2hVD1ciQebK~jO704O-HI1noRBqlYU!sN{30%eZ3dFO;dD9g963P?%;nZ
z=WsYuUHLrJ7fby>oiKX1-Vfdd9x9j>a5Avb(#XnXWZT0uW<1=-sz6O&Y7T<vRkM|K
z@Jy+pqF`3T!kUM5GzH2N_CcpFy9wp}-Hi80n-}l-wb|i>nodff+LLjpWbZ<UZ6+fQ
zkdrw^ox?Bj=ZJDm+hddi=Zaabb3Dy+7u@qJ=MbMY5ml~*6x4~Us4>>m54>t}e>{e9
zM0##-3{waB{Vyn-qOy7h%lrs;jN;Kb?4SS8wKF)EQ7vMmB30xWUxAG&IxEAc!!1VF
zh<Y%7>$h>;!i_n;nVT1mH&ScB^o;ur-YF$N!OVR{VNy7AuM6d2cuxcs=TqHV)B-gO
Mw&GG-XIyHFzoIF8asU7T

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/jar-file3/jarfile3.java b/regression/cbmc-java/jar-file3/jarfile3.java
new file mode 100644
index 00000000000..c9c0cff46d1
--- /dev/null
+++ b/regression/cbmc-java/jar-file3/jarfile3.java
@@ -0,0 +1,19 @@
+public class jarfile3
+{
+  public class A
+  {
+    int x=1;
+  }
+  public class B
+  {
+    int x=1;
+  }
+
+  void f(int i)
+  {
+    A a=new A();
+    B b=new B();
+    assert(a.x==1);
+    assert(b.x==1);
+  }
+}
diff --git a/regression/cbmc-java/jar-file3/test.desc b/regression/cbmc-java/jar-file3/test.desc
new file mode 100644
index 00000000000..8d3b495e1c6
--- /dev/null
+++ b/regression/cbmc-java/jar-file3/test.desc
@@ -0,0 +1,8 @@
+CORE
+C.jar
+--function jarfile3.f -classpath A.jar:B.jar
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION SUCCESSFUL
+--
+^warning: ignoring

From 85889e9bdf187163e04674228bcb0992b8c68b55 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Matthias=20G=C3=BCdemann?= <matthias.guedemann@diffblue.com>
Date: Thu, 23 Feb 2017 14:05:13 +0100
Subject: [PATCH 095/699] disable unaligned load/store for g++

---
 src/miniz/miniz.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/miniz/miniz.h b/src/miniz/miniz.h
index 45659d8cf1a..6353d3782b2 100644
--- a/src/miniz/miniz.h
+++ b/src/miniz/miniz.h
@@ -224,7 +224,7 @@
 #define MINIZ_LITTLE_ENDIAN 1
 #endif
 
-#if MINIZ_X86_OR_X64_CPU
+#if defined(MINIZ_X86_OR_X64_CPU) && !defined(__GNUG__)
 /* Set MINIZ_USE_UNALIGNED_LOADS_AND_STORES to 1 on CPU's that permit efficient integer loads and stores from unaligned addresses. */
 #define MINIZ_USE_UNALIGNED_LOADS_AND_STORES 1
 #endif

From c384ff74ef2cd4ff16ebf43ed79383408985415c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Matthias=20G=C3=BCdemann?= <matthias.guedemann@diffblue.com>
Date: Thu, 23 Feb 2017 14:38:30 +0100
Subject: [PATCH 096/699] auto-fix cpplint errors with generated sed script

---
 src/miniz/miniz.cpp | 1870 +++++++++++++++++++++----------------------
 src/miniz/miniz.h   |   18 +-
 2 files changed, 944 insertions(+), 944 deletions(-)

diff --git a/src/miniz/miniz.cpp b/src/miniz/miniz.cpp
index fa5c1903e83..4fff76e87d7 100644
--- a/src/miniz/miniz.cpp
+++ b/src/miniz/miniz.cpp
@@ -40,11 +40,11 @@ mz_ulong mz_adler32(mz_ulong adler, const unsigned char *ptr, size_t buf_len)
 {
     mz_uint32 i, s1 = (mz_uint32)(adler & 0xffff), s2 = (mz_uint32)(adler >> 16);
     size_t block_len = buf_len % 5552;
-    if (!ptr)
+    if(!ptr)
         return MZ_ADLER32_INIT;
-    while (buf_len)
+    while(buf_len)
     {
-        for (i = 0; i + 7 < block_len; i += 8, ptr += 8)
+        for(i = 0; i + 7 < block_len; i += 8, ptr += 8)
         {
             s1 += ptr[0], s2 += s1;
             s1 += ptr[1], s2 += s1;
@@ -55,7 +55,7 @@ mz_ulong mz_adler32(mz_ulong adler, const unsigned char *ptr, size_t buf_len)
             s1 += ptr[6], s2 += s1;
             s1 += ptr[7], s2 += s1;
         }
-        for (; i < block_len; ++i)
+        for(; i < block_len; ++i)
             s1 += *ptr++, s2 += s1;
         s1 %= 65521U, s2 %= 65521U;
         buf_len -= block_len;
@@ -64,17 +64,17 @@ mz_ulong mz_adler32(mz_ulong adler, const unsigned char *ptr, size_t buf_len)
     return (s2 << 16) + s1;
 }
 
-/* Karl Malbrain's compact CRC-32. See "A compact CCITT crc16 and crc32 C implementation that balances processor cache usage against speed": http://www.geocities.com/malbrain/ */
+/* Karl Malbrain's compact CRC-32. See "A compact CCITT crc16 and crc32 C implementation that balances processor cache usage against speed": http:// www.geocities.com/malbrain/ */
 #if 0
     mz_ulong mz_crc32(mz_ulong crc, const mz_uint8 *ptr, size_t buf_len)
     {
         static const mz_uint32 s_crc32[16] = { 0, 0x1db71064, 0x3b6e20c8, 0x26d930ac, 0x76dc4190, 0x6b6b51f4, 0x4db26158, 0x5005713c,
                                                0xedb88320, 0xf00f9344, 0xd6d6a3e8, 0xcb61b38c, 0x9b64c2b0, 0x86d3d2d4, 0xa00ae278, 0xbdbdf21c };
         mz_uint32 crcu32 = (mz_uint32)crc;
-        if (!ptr)
+        if(!ptr)
             return MZ_CRC32_INIT;
         crcu32 = ~crcu32;
-        while (buf_len--)
+        while(buf_len--)
         {
             mz_uint8 b = *ptr++;
             crcu32 = (crcu32 >> 4) ^ s_crc32[(crcu32 & 0xF) ^ (b & 0xF)];
@@ -131,7 +131,7 @@ mz_ulong mz_crc32(mz_ulong crc, const mz_uint8 *ptr, size_t buf_len)
     mz_uint32 crc32 = (mz_uint32)crc ^ 0xFFFFFFFF;
     const mz_uint8 *pByte_buf = (const mz_uint8 *)ptr;
 
-    while (buf_len >= 4)
+    while(buf_len >= 4)
     {
         crc32 = (crc32 >> 8) ^ s_crc_table[(crc32 ^ pByte_buf[0]) & 0xFF];
         crc32 = (crc32 >> 8) ^ s_crc_table[(crc32 ^ pByte_buf[1]) & 0xFF];
@@ -141,7 +141,7 @@ mz_ulong mz_crc32(mz_ulong crc, const mz_uint8 *ptr, size_t buf_len)
         buf_len -= 4;
     }
 
-    while (buf_len)
+    while(buf_len)
     {
         crc32 = (crc32 >> 8) ^ s_crc_table[(crc32 ^ pByte_buf[0]) & 0xFF];
         ++pByte_buf;
@@ -190,9 +190,9 @@ int mz_deflateInit2(mz_streamp pStream, int level, int method, int window_bits,
     tdefl_compressor *pComp;
     mz_uint comp_flags = TDEFL_COMPUTE_ADLER32 | tdefl_create_comp_flags_from_zip_params(level, window_bits, strategy);
 
-    if (!pStream)
+    if(!pStream)
         return MZ_STREAM_ERROR;
-    if ((method != MZ_DEFLATED) || ((mem_level < 1) || (mem_level > 9)) || ((window_bits != MZ_DEFAULT_WINDOW_BITS) && (-window_bits != MZ_DEFAULT_WINDOW_BITS)))
+    if((method != MZ_DEFLATED) || ((mem_level < 1) || (mem_level > 9)) || ((window_bits != MZ_DEFAULT_WINDOW_BITS) && (-window_bits != MZ_DEFAULT_WINDOW_BITS)))
         return MZ_PARAM_ERROR;
 
     pStream->data_type = 0;
@@ -201,18 +201,18 @@ int mz_deflateInit2(mz_streamp pStream, int level, int method, int window_bits,
     pStream->reserved = 0;
     pStream->total_in = 0;
     pStream->total_out = 0;
-    if (!pStream->zalloc)
+    if(!pStream->zalloc)
         pStream->zalloc = miniz_def_alloc_func;
-    if (!pStream->zfree)
+    if(!pStream->zfree)
         pStream->zfree = miniz_def_free_func;
 
     pComp = (tdefl_compressor *)pStream->zalloc(pStream->opaque, 1, sizeof(tdefl_compressor));
-    if (!pComp)
+    if(!pComp)
         return MZ_MEM_ERROR;
 
     pStream->state = (struct mz_internal_state *)pComp;
 
-    if (tdefl_init(pComp, NULL, NULL, comp_flags) != TDEFL_STATUS_OKAY)
+    if(tdefl_init(pComp, NULL, NULL, comp_flags) != TDEFL_STATUS_OKAY)
     {
         mz_deflateEnd(pStream);
         return MZ_PARAM_ERROR;
@@ -223,7 +223,7 @@ int mz_deflateInit2(mz_streamp pStream, int level, int method, int window_bits,
 
 int mz_deflateReset(mz_streamp pStream)
 {
-    if ((!pStream) || (!pStream->state) || (!pStream->zalloc) || (!pStream->zfree))
+    if((!pStream) || (!pStream->state) || (!pStream->zalloc) || (!pStream->zfree))
         return MZ_STREAM_ERROR;
     pStream->total_in = pStream->total_out = 0;
     tdefl_init((tdefl_compressor *)pStream->state, NULL, NULL, ((tdefl_compressor *)pStream->state)->m_flags);
@@ -236,20 +236,20 @@ int mz_deflate(mz_streamp pStream, int flush)
     mz_ulong orig_total_in, orig_total_out;
     int mz_status = MZ_OK;
 
-    if ((!pStream) || (!pStream->state) || (flush < 0) || (flush > MZ_FINISH) || (!pStream->next_out))
+    if((!pStream) || (!pStream->state) || (flush < 0) || (flush > MZ_FINISH) || (!pStream->next_out))
         return MZ_STREAM_ERROR;
-    if (!pStream->avail_out)
+    if(!pStream->avail_out)
         return MZ_BUF_ERROR;
 
-    if (flush == MZ_PARTIAL_FLUSH)
+    if(flush == MZ_PARTIAL_FLUSH)
         flush = MZ_SYNC_FLUSH;
 
-    if (((tdefl_compressor *)pStream->state)->m_prev_return_status == TDEFL_STATUS_DONE)
+    if(((tdefl_compressor *)pStream->state)->m_prev_return_status == TDEFL_STATUS_DONE)
         return (flush == MZ_FINISH) ? MZ_STREAM_END : MZ_BUF_ERROR;
 
     orig_total_in = pStream->total_in;
     orig_total_out = pStream->total_out;
-    for (;;)
+    for(;;)
     {
         tdefl_status defl_status;
         in_bytes = pStream->avail_in;
@@ -265,21 +265,21 @@ int mz_deflate(mz_streamp pStream, int flush)
         pStream->avail_out -= (mz_uint)out_bytes;
         pStream->total_out += (mz_uint)out_bytes;
 
-        if (defl_status < 0)
+        if(defl_status < 0)
         {
             mz_status = MZ_STREAM_ERROR;
             break;
         }
-        else if (defl_status == TDEFL_STATUS_DONE)
+        else if(defl_status == TDEFL_STATUS_DONE)
         {
             mz_status = MZ_STREAM_END;
             break;
         }
-        else if (!pStream->avail_out)
+        else if(!pStream->avail_out)
             break;
-        else if ((!pStream->avail_in) && (flush != MZ_FINISH))
+        else if((!pStream->avail_in) && (flush != MZ_FINISH))
         {
-            if ((flush) || (pStream->total_in != orig_total_in) || (pStream->total_out != orig_total_out))
+            if((flush) || (pStream->total_in != orig_total_in) || (pStream->total_out != orig_total_out))
                 break;
             return MZ_BUF_ERROR; /* Can't make forward progress without some input.
  */
@@ -290,9 +290,9 @@ int mz_deflate(mz_streamp pStream, int flush)
 
 int mz_deflateEnd(mz_streamp pStream)
 {
-    if (!pStream)
+    if(!pStream)
         return MZ_STREAM_ERROR;
-    if (pStream->state)
+    if(pStream->state)
     {
         pStream->zfree(pStream->opaque, pStream->state);
         pStream->state = NULL;
@@ -314,7 +314,7 @@ int mz_compress2(unsigned char *pDest, mz_ulong *pDest_len, const unsigned char
     memset(&stream, 0, sizeof(stream));
 
     /* In case mz_ulong is 64-bits (argh I hate longs). */
-    if ((source_len | *pDest_len) > 0xFFFFFFFFU)
+    if((source_len | *pDest_len) > 0xFFFFFFFFU)
         return MZ_PARAM_ERROR;
 
     stream.next_in = pSource;
@@ -323,11 +323,11 @@ int mz_compress2(unsigned char *pDest, mz_ulong *pDest_len, const unsigned char
     stream.avail_out = (mz_uint32) * pDest_len;
 
     status = mz_deflateInit(&stream, level);
-    if (status != MZ_OK)
+    if(status != MZ_OK)
         return status;
 
     status = mz_deflate(&stream, MZ_FINISH);
-    if (status != MZ_STREAM_END)
+    if(status != MZ_STREAM_END)
     {
         mz_deflateEnd(&stream);
         return (status == MZ_OK) ? MZ_BUF_ERROR : status;
@@ -359,9 +359,9 @@ typedef struct
 int mz_inflateInit2(mz_streamp pStream, int window_bits)
 {
     inflate_state *pDecomp;
-    if (!pStream)
+    if(!pStream)
         return MZ_STREAM_ERROR;
-    if ((window_bits != MZ_DEFAULT_WINDOW_BITS) && (-window_bits != MZ_DEFAULT_WINDOW_BITS))
+    if((window_bits != MZ_DEFAULT_WINDOW_BITS) && (-window_bits != MZ_DEFAULT_WINDOW_BITS))
         return MZ_PARAM_ERROR;
 
     pStream->data_type = 0;
@@ -370,13 +370,13 @@ int mz_inflateInit2(mz_streamp pStream, int window_bits)
     pStream->total_in = 0;
     pStream->total_out = 0;
     pStream->reserved = 0;
-    if (!pStream->zalloc)
+    if(!pStream->zalloc)
         pStream->zalloc = miniz_def_alloc_func;
-    if (!pStream->zfree)
+    if(!pStream->zfree)
         pStream->zfree = miniz_def_free_func;
 
     pDecomp = (inflate_state *)pStream->zalloc(pStream->opaque, 1, sizeof(inflate_state));
-    if (!pDecomp)
+    if(!pDecomp)
         return MZ_MEM_ERROR;
 
     pStream->state = (struct mz_internal_state *)pDecomp;
@@ -404,28 +404,28 @@ int mz_inflate(mz_streamp pStream, int flush)
     size_t in_bytes, out_bytes, orig_avail_in;
     tinfl_status status;
 
-    if ((!pStream) || (!pStream->state))
+    if((!pStream) || (!pStream->state))
         return MZ_STREAM_ERROR;
-    if (flush == MZ_PARTIAL_FLUSH)
+    if(flush == MZ_PARTIAL_FLUSH)
         flush = MZ_SYNC_FLUSH;
-    if ((flush) && (flush != MZ_SYNC_FLUSH) && (flush != MZ_FINISH))
+    if((flush) && (flush != MZ_SYNC_FLUSH) && (flush != MZ_FINISH))
         return MZ_STREAM_ERROR;
 
     pState = (inflate_state *)pStream->state;
-    if (pState->m_window_bits > 0)
+    if(pState->m_window_bits > 0)
         decomp_flags |= TINFL_FLAG_PARSE_ZLIB_HEADER;
     orig_avail_in = pStream->avail_in;
 
     first_call = pState->m_first_call;
     pState->m_first_call = 0;
-    if (pState->m_last_status < 0)
+    if(pState->m_last_status < 0)
         return MZ_DATA_ERROR;
 
-    if (pState->m_has_flushed && (flush != MZ_FINISH))
+    if(pState->m_has_flushed && (flush != MZ_FINISH))
         return MZ_STREAM_ERROR;
     pState->m_has_flushed |= (flush == MZ_FINISH);
 
-    if ((flush == MZ_FINISH) && (first_call))
+    if((flush == MZ_FINISH) && (first_call))
     {
         /* MZ_FINISH on the first call implies that the input and output buffers are large enough to hold the entire compressed/decompressed file. */
         decomp_flags |= TINFL_FLAG_USING_NON_WRAPPING_OUTPUT_BUF;
@@ -441,9 +441,9 @@ int mz_inflate(mz_streamp pStream, int flush)
         pStream->avail_out -= (mz_uint)out_bytes;
         pStream->total_out += (mz_uint)out_bytes;
 
-        if (status < 0)
+        if(status < 0)
             return MZ_DATA_ERROR;
-        else if (status != TINFL_STATUS_DONE)
+        else if(status != TINFL_STATUS_DONE)
         {
             pState->m_last_status = TINFL_STATUS_FAILED;
             return MZ_BUF_ERROR;
@@ -451,10 +451,10 @@ int mz_inflate(mz_streamp pStream, int flush)
         return MZ_STREAM_END;
     }
     /* flush != MZ_FINISH then we must assume there's more input. */
-    if (flush != MZ_FINISH)
+    if(flush != MZ_FINISH)
         decomp_flags |= TINFL_FLAG_HAS_MORE_INPUT;
 
-    if (pState->m_dict_avail)
+    if(pState->m_dict_avail)
     {
         n = MZ_MIN(pState->m_dict_avail, pStream->avail_out);
         memcpy(pStream->next_out, pState->m_dict + pState->m_dict_ofs, n);
@@ -466,7 +466,7 @@ int mz_inflate(mz_streamp pStream, int flush)
         return ((pState->m_last_status == TINFL_STATUS_DONE) && (!pState->m_dict_avail)) ? MZ_STREAM_END : MZ_OK;
     }
 
-    for (;;)
+    for(;;)
     {
         in_bytes = pStream->avail_in;
         out_bytes = TINFL_LZ_DICT_SIZE - pState->m_dict_ofs;
@@ -489,20 +489,20 @@ int mz_inflate(mz_streamp pStream, int flush)
         pState->m_dict_avail -= n;
         pState->m_dict_ofs = (pState->m_dict_ofs + n) & (TINFL_LZ_DICT_SIZE - 1);
 
-        if (status < 0)
+        if(status < 0)
             return MZ_DATA_ERROR; /* Stream is corrupted (there could be some uncompressed data left in the output dictionary - oh well). */
-        else if ((status == TINFL_STATUS_NEEDS_MORE_INPUT) && (!orig_avail_in))
+        else if((status == TINFL_STATUS_NEEDS_MORE_INPUT) && (!orig_avail_in))
             return MZ_BUF_ERROR; /* Signal caller that we can't make forward progress without supplying more input or by setting flush to MZ_FINISH. */
-        else if (flush == MZ_FINISH)
+        else if(flush == MZ_FINISH)
         {
             /* The output buffer MUST be large to hold the remaining uncompressed data when flush==MZ_FINISH. */
-            if (status == TINFL_STATUS_DONE)
+            if(status == TINFL_STATUS_DONE)
                 return pState->m_dict_avail ? MZ_BUF_ERROR : MZ_STREAM_END;
             /* status here must be TINFL_STATUS_HAS_MORE_OUTPUT, which means there's at least 1 more byte on the way. If there's no more room left in the output buffer then something is wrong. */
-            else if (!pStream->avail_out)
+            else if(!pStream->avail_out)
                 return MZ_BUF_ERROR;
         }
-        else if ((status == TINFL_STATUS_DONE) || (!pStream->avail_in) || (!pStream->avail_out) || (pState->m_dict_avail))
+        else if((status == TINFL_STATUS_DONE) || (!pStream->avail_in) || (!pStream->avail_out) || (pState->m_dict_avail))
             break;
     }
 
@@ -511,9 +511,9 @@ int mz_inflate(mz_streamp pStream, int flush)
 
 int mz_inflateEnd(mz_streamp pStream)
 {
-    if (!pStream)
+    if(!pStream)
         return MZ_STREAM_ERROR;
-    if (pStream->state)
+    if(pStream->state)
     {
         pStream->zfree(pStream->opaque, pStream->state);
         pStream->state = NULL;
@@ -528,7 +528,7 @@ int mz_uncompress(unsigned char *pDest, mz_ulong *pDest_len, const unsigned char
     memset(&stream, 0, sizeof(stream));
 
     /* In case mz_ulong is 64-bits (argh I hate longs). */
-    if ((source_len | *pDest_len) > 0xFFFFFFFFU)
+    if((source_len | *pDest_len) > 0xFFFFFFFFU)
         return MZ_PARAM_ERROR;
 
     stream.next_in = pSource;
@@ -537,11 +537,11 @@ int mz_uncompress(unsigned char *pDest, mz_ulong *pDest_len, const unsigned char
     stream.avail_out = (mz_uint32) * pDest_len;
 
     status = mz_inflateInit(&stream);
-    if (status != MZ_OK)
+    if(status != MZ_OK)
         return status;
 
     status = mz_inflate(&stream, MZ_FINISH);
-    if (status != MZ_STREAM_END)
+    if(status != MZ_STREAM_END)
     {
         mz_inflateEnd(&stream);
         return ((status == MZ_BUF_ERROR) && (!stream.avail_in)) ? MZ_DATA_ERROR : status;
@@ -563,8 +563,8 @@ const char *mz_error(int err)
               { MZ_DATA_ERROR, "data error" }, { MZ_MEM_ERROR, "out of memory" }, { MZ_BUF_ERROR, "buf error" }, { MZ_VERSION_ERROR, "version error" }, { MZ_PARAM_ERROR, "parameter error" }
           };
     mz_uint i;
-    for (i = 0; i < sizeof(s_error_descs) / sizeof(s_error_descs[0]); ++i)
-        if (s_error_descs[i].m_err == err)
+    for(i = 0; i < sizeof(s_error_descs) / sizeof(s_error_descs[0]); ++i)
+        if(s_error_descs[i].m_err == err)
             return s_error_descs[i].m_pDesc;
     return NULL;
 }
@@ -709,24 +709,24 @@ static tdefl_sym_freq *tdefl_radix_sort_syms(mz_uint num_syms, tdefl_sym_freq *p
     mz_uint32 total_passes = 2, pass_shift, pass, i, hist[256 * 2];
     tdefl_sym_freq *pCur_syms = pSyms0, *pNew_syms = pSyms1;
     MZ_CLEAR_OBJ(hist);
-    for (i = 0; i < num_syms; i++)
+    for(i = 0; i < num_syms; i++)
     {
         mz_uint freq = pSyms0[i].m_key;
         hist[freq & 0xFF]++;
         hist[256 + ((freq >> 8) & 0xFF)]++;
     }
-    while ((total_passes > 1) && (num_syms == hist[(total_passes - 1) * 256]))
+    while((total_passes > 1) && (num_syms == hist[(total_passes - 1) * 256]))
         total_passes--;
-    for (pass_shift = 0, pass = 0; pass < total_passes; pass++, pass_shift += 8)
+    for(pass_shift = 0, pass = 0; pass < total_passes; pass++, pass_shift += 8)
     {
         const mz_uint32 *pHist = &hist[pass << 8];
         mz_uint offsets[256], cur_ofs = 0;
-        for (i = 0; i < 256; i++)
+        for(i = 0; i < 256; i++)
         {
             offsets[i] = cur_ofs;
             cur_ofs += pHist[i];
         }
-        for (i = 0; i < num_syms; i++)
+        for(i = 0; i < num_syms; i++)
             pNew_syms[offsets[(pCur_syms[i].m_key >> pass_shift) & 0xFF]++] = pCur_syms[i];
         {
             tdefl_sym_freq *t = pCur_syms;
@@ -741,9 +741,9 @@ static tdefl_sym_freq *tdefl_radix_sort_syms(mz_uint num_syms, tdefl_sym_freq *p
 static void tdefl_calculate_minimum_redundancy(tdefl_sym_freq *A, int n)
 {
     int root, leaf, next, avbl, used, dpth;
-    if (n == 0)
+    if(n == 0)
         return;
-    else if (n == 1)
+    else if(n == 1)
     {
         A[0].m_key = 1;
         return;
@@ -751,16 +751,16 @@ static void tdefl_calculate_minimum_redundancy(tdefl_sym_freq *A, int n)
     A[0].m_key += A[1].m_key;
     root = 0;
     leaf = 2;
-    for (next = 1; next < n - 1; next++)
+    for(next = 1; next < n - 1; next++)
     {
-        if (leaf >= n || A[root].m_key < A[leaf].m_key)
+        if(leaf >= n || A[root].m_key < A[leaf].m_key)
         {
             A[next].m_key = A[root].m_key;
             A[root++].m_key = (mz_uint16)next;
         }
         else
             A[next].m_key = A[leaf++].m_key;
-        if (leaf >= n || (root < next && A[root].m_key < A[leaf].m_key))
+        if(leaf >= n || (root < next && A[root].m_key < A[leaf].m_key))
         {
             A[next].m_key = (mz_uint16)(A[next].m_key + A[root].m_key);
             A[root++].m_key = (mz_uint16)next;
@@ -769,20 +769,20 @@ static void tdefl_calculate_minimum_redundancy(tdefl_sym_freq *A, int n)
             A[next].m_key = (mz_uint16)(A[next].m_key + A[leaf++].m_key);
     }
     A[n - 2].m_key = 0;
-    for (next = n - 3; next >= 0; next--)
+    for(next = n - 3; next >= 0; next--)
         A[next].m_key = A[A[next].m_key].m_key + 1;
     avbl = 1;
     used = dpth = 0;
     root = n - 2;
     next = n - 1;
-    while (avbl > 0)
+    while(avbl > 0)
     {
-        while (root >= 0 && (int)A[root].m_key == dpth)
+        while(root >= 0 && (int)A[root].m_key == dpth)
         {
             used++;
             root--;
         }
-        while (avbl > used)
+        while(avbl > used)
         {
             A[next--].m_key = (mz_uint16)(dpth);
             avbl--;
@@ -802,17 +802,17 @@ static void tdefl_huffman_enforce_max_code_size(int *pNum_codes, int code_list_l
 {
     int i;
     mz_uint32 total = 0;
-    if (code_list_len <= 1)
+    if(code_list_len <= 1)
         return;
-    for (i = max_code_size + 1; i <= TDEFL_MAX_SUPPORTED_HUFF_CODESIZE; i++)
+    for(i = max_code_size + 1; i <= TDEFL_MAX_SUPPORTED_HUFF_CODESIZE; i++)
         pNum_codes[max_code_size] += pNum_codes[i];
-    for (i = max_code_size; i > 0; i--)
+    for(i = max_code_size; i > 0; i--)
         total += (((mz_uint32)pNum_codes[i]) << (max_code_size - i));
-    while (total != (1UL << max_code_size))
+    while(total != (1UL << max_code_size))
     {
         pNum_codes[max_code_size]--;
-        for (i = max_code_size - 1; i > 0; i--)
-            if (pNum_codes[i])
+        for(i = max_code_size - 1; i > 0; i--)
+            if(pNum_codes[i])
             {
                 pNum_codes[i]--;
                 pNum_codes[i + 1] += 2;
@@ -827,9 +827,9 @@ static void tdefl_optimize_huffman_table(tdefl_compressor *d, int table_num, int
     int i, j, l, num_codes[1 + TDEFL_MAX_SUPPORTED_HUFF_CODESIZE];
     mz_uint next_code[TDEFL_MAX_SUPPORTED_HUFF_CODESIZE + 1];
     MZ_CLEAR_OBJ(num_codes);
-    if (static_table)
+    if(static_table)
     {
-        for (i = 0; i < table_len; i++)
+        for(i = 0; i < table_len; i++)
             num_codes[d->m_huff_code_sizes[table_num][i]]++;
     }
     else
@@ -837,8 +837,8 @@ static void tdefl_optimize_huffman_table(tdefl_compressor *d, int table_num, int
         tdefl_sym_freq syms0[TDEFL_MAX_HUFF_SYMBOLS], syms1[TDEFL_MAX_HUFF_SYMBOLS], *pSyms;
         int num_used_syms = 0;
         const mz_uint16 *pSym_count = &d->m_huff_count[table_num][0];
-        for (i = 0; i < table_len; i++)
-            if (pSym_count[i])
+        for(i = 0; i < table_len; i++)
+            if(pSym_count[i])
             {
                 syms0[num_used_syms].m_key = (mz_uint16)pSym_count[i];
                 syms0[num_used_syms++].m_sym_index = (mz_uint16)i;
@@ -847,29 +847,29 @@ static void tdefl_optimize_huffman_table(tdefl_compressor *d, int table_num, int
         pSyms = tdefl_radix_sort_syms(num_used_syms, syms0, syms1);
         tdefl_calculate_minimum_redundancy(pSyms, num_used_syms);
 
-        for (i = 0; i < num_used_syms; i++)
+        for(i = 0; i < num_used_syms; i++)
             num_codes[pSyms[i].m_key]++;
 
         tdefl_huffman_enforce_max_code_size(num_codes, num_used_syms, code_size_limit);
 
         MZ_CLEAR_OBJ(d->m_huff_code_sizes[table_num]);
         MZ_CLEAR_OBJ(d->m_huff_codes[table_num]);
-        for (i = 1, j = num_used_syms; i <= code_size_limit; i++)
-            for (l = num_codes[i]; l > 0; l--)
+        for(i = 1, j = num_used_syms; i <= code_size_limit; i++)
+            for(l = num_codes[i]; l > 0; l--)
                 d->m_huff_code_sizes[table_num][pSyms[--j].m_sym_index] = (mz_uint8)(i);
     }
 
     next_code[1] = 0;
-    for (j = 0, i = 2; i <= code_size_limit; i++)
+    for(j = 0, i = 2; i <= code_size_limit; i++)
         next_code[i] = j = ((j + num_codes[i - 1]) << 1);
 
-    for (i = 0; i < table_len; i++)
+    for(i = 0; i < table_len; i++)
     {
         mz_uint rev_code = 0, code, code_size;
-        if ((code_size = d->m_huff_code_sizes[table_num][i]) == 0)
+        if((code_size = d->m_huff_code_sizes[table_num][i]) == 0)
             continue;
         code = next_code[code_size]++;
-        for (l = code_size; l > 0; l--, code >>= 1)
+        for(l = code_size; l > 0; l--, code >>= 1)
             rev_code = (rev_code << 1) | (code & 1);
         d->m_huff_codes[table_num][i] = (mz_uint16)rev_code;
     }
@@ -883,9 +883,9 @@ static void tdefl_optimize_huffman_table(tdefl_compressor *d, int table_num, int
         MZ_ASSERT(bits <= ((1U << len) - 1U));                     \
         d->m_bit_buffer |= (bits << d->m_bits_in);                 \
         d->m_bits_in += len;                                       \
-        while (d->m_bits_in >= 8)                                  \
+        while(d->m_bits_in >= 8)                                  \
         {                                                          \
-            if (d->m_pOutput_buf < d->m_pOutput_buf_end)           \
+            if(d->m_pOutput_buf < d->m_pOutput_buf_end)           \
                 *d->m_pOutput_buf++ = (mz_uint8)(d->m_bit_buffer); \
             d->m_bit_buffer >>= 8;                                 \
             d->m_bits_in -= 8;                                     \
@@ -895,12 +895,12 @@ static void tdefl_optimize_huffman_table(tdefl_compressor *d, int table_num, int
 
 #define TDEFL_RLE_PREV_CODE_SIZE()                                                                                       \
     {                                                                                                                    \
-        if (rle_repeat_count)                                                                                            \
+        if(rle_repeat_count)                                                                                            \
         {                                                                                                                \
-            if (rle_repeat_count < 3)                                                                                    \
+            if(rle_repeat_count < 3)                                                                                    \
             {                                                                                                            \
                 d->m_huff_count[2][prev_code_size] = (mz_uint16)(d->m_huff_count[2][prev_code_size] + rle_repeat_count); \
-                while (rle_repeat_count--)                                                                               \
+                while(rle_repeat_count--)                                                                               \
                     packed_code_sizes[num_packed_code_sizes++] = prev_code_size;                                         \
             }                                                                                                            \
             else                                                                                                         \
@@ -915,15 +915,15 @@ static void tdefl_optimize_huffman_table(tdefl_compressor *d, int table_num, int
 
 #define TDEFL_RLE_ZERO_CODE_SIZE()                                                         \
     {                                                                                      \
-        if (rle_z_count)                                                                   \
+        if(rle_z_count)                                                                   \
         {                                                                                  \
-            if (rle_z_count < 3)                                                           \
+            if(rle_z_count < 3)                                                           \
             {                                                                              \
                 d->m_huff_count[2][0] = (mz_uint16)(d->m_huff_count[2][0] + rle_z_count);  \
-                while (rle_z_count--)                                                      \
+                while(rle_z_count--)                                                      \
                     packed_code_sizes[num_packed_code_sizes++] = 0;                        \
             }                                                                              \
-            else if (rle_z_count <= 10)                                                    \
+            else if(rle_z_count <= 10)                                                    \
             {                                                                              \
                 d->m_huff_count[2][17] = (mz_uint16)(d->m_huff_count[2][17] + 1);          \
                 packed_code_sizes[num_packed_code_sizes++] = 17;                           \
@@ -952,11 +952,11 @@ static void tdefl_start_dynamic_block(tdefl_compressor *d)
     tdefl_optimize_huffman_table(d, 0, TDEFL_MAX_HUFF_SYMBOLS_0, 15, MZ_FALSE);
     tdefl_optimize_huffman_table(d, 1, TDEFL_MAX_HUFF_SYMBOLS_1, 15, MZ_FALSE);
 
-    for (num_lit_codes = 286; num_lit_codes > 257; num_lit_codes--)
-        if (d->m_huff_code_sizes[0][num_lit_codes - 1])
+    for(num_lit_codes = 286; num_lit_codes > 257; num_lit_codes--)
+        if(d->m_huff_code_sizes[0][num_lit_codes - 1])
             break;
-    for (num_dist_codes = 30; num_dist_codes > 1; num_dist_codes--)
-        if (d->m_huff_code_sizes[1][num_dist_codes - 1])
+    for(num_dist_codes = 30; num_dist_codes > 1; num_dist_codes--)
+        if(d->m_huff_code_sizes[1][num_dist_codes - 1])
             break;
 
     memcpy(code_sizes_to_pack, &d->m_huff_code_sizes[0][0], num_lit_codes);
@@ -967,13 +967,13 @@ static void tdefl_start_dynamic_block(tdefl_compressor *d)
     rle_repeat_count = 0;
 
     memset(&d->m_huff_count[2][0], 0, sizeof(d->m_huff_count[2][0]) * TDEFL_MAX_HUFF_SYMBOLS_2);
-    for (i = 0; i < total_code_sizes_to_pack; i++)
+    for(i = 0; i < total_code_sizes_to_pack; i++)
     {
         mz_uint8 code_size = code_sizes_to_pack[i];
-        if (!code_size)
+        if(!code_size)
         {
             TDEFL_RLE_PREV_CODE_SIZE();
-            if (++rle_z_count == 138)
+            if(++rle_z_count == 138)
             {
                 TDEFL_RLE_ZERO_CODE_SIZE();
             }
@@ -981,20 +981,20 @@ static void tdefl_start_dynamic_block(tdefl_compressor *d)
         else
         {
             TDEFL_RLE_ZERO_CODE_SIZE();
-            if (code_size != prev_code_size)
+            if(code_size != prev_code_size)
             {
                 TDEFL_RLE_PREV_CODE_SIZE();
                 d->m_huff_count[2][code_size] = (mz_uint16)(d->m_huff_count[2][code_size] + 1);
                 packed_code_sizes[num_packed_code_sizes++] = code_size;
             }
-            else if (++rle_repeat_count == 6)
+            else if(++rle_repeat_count == 6)
             {
                 TDEFL_RLE_PREV_CODE_SIZE();
             }
         }
         prev_code_size = code_size;
     }
-    if (rle_repeat_count)
+    if(rle_repeat_count)
     {
         TDEFL_RLE_PREV_CODE_SIZE();
     }
@@ -1010,20 +1010,20 @@ static void tdefl_start_dynamic_block(tdefl_compressor *d)
     TDEFL_PUT_BITS(num_lit_codes - 257, 5);
     TDEFL_PUT_BITS(num_dist_codes - 1, 5);
 
-    for (num_bit_lengths = 18; num_bit_lengths >= 0; num_bit_lengths--)
-        if (d->m_huff_code_sizes[2][s_tdefl_packed_code_size_syms_swizzle[num_bit_lengths]])
+    for(num_bit_lengths = 18; num_bit_lengths >= 0; num_bit_lengths--)
+        if(d->m_huff_code_sizes[2][s_tdefl_packed_code_size_syms_swizzle[num_bit_lengths]])
             break;
     num_bit_lengths = MZ_MAX(4, (num_bit_lengths + 1));
     TDEFL_PUT_BITS(num_bit_lengths - 4, 4);
-    for (i = 0; (int)i < num_bit_lengths; i++)
+    for(i = 0; (int)i < num_bit_lengths; i++)
         TDEFL_PUT_BITS(d->m_huff_code_sizes[2][s_tdefl_packed_code_size_syms_swizzle[i]], 3);
 
-    for (packed_code_sizes_index = 0; packed_code_sizes_index < num_packed_code_sizes;)
+    for(packed_code_sizes_index = 0; packed_code_sizes_index < num_packed_code_sizes;)
     {
         mz_uint code = packed_code_sizes[packed_code_sizes_index++];
         MZ_ASSERT(code < TDEFL_MAX_HUFF_SYMBOLS_2);
         TDEFL_PUT_BITS(d->m_huff_codes[2][code], d->m_huff_code_sizes[2][code]);
-        if (code >= 16)
+        if(code >= 16)
             TDEFL_PUT_BITS(packed_code_sizes[packed_code_sizes_index++], "\02\03\07"[code - 16]);
     }
 }
@@ -1033,13 +1033,13 @@ static void tdefl_start_static_block(tdefl_compressor *d)
     mz_uint i;
     mz_uint8 *p = &d->m_huff_code_sizes[0][0];
 
-    for (i = 0; i <= 143; ++i)
+    for(i = 0; i <= 143; ++i)
         *p++ = 8;
-    for (; i <= 255; ++i)
+    for(; i <= 255; ++i)
         *p++ = 9;
-    for (; i <= 279; ++i)
+    for(; i <= 279; ++i)
         *p++ = 7;
-    for (; i <= 287; ++i)
+    for(; i <= 287; ++i)
         *p++ = 8;
 
     memset(d->m_huff_code_sizes[1], 5, 32);
@@ -1069,12 +1069,12 @@ static mz_bool tdefl_compress_lz_codes(tdefl_compressor *d)
     }
 
     flags = 1;
-    for (pLZ_codes = d->m_lz_code_buf; pLZ_codes < pLZ_code_buf_end; flags >>= 1)
+    for(pLZ_codes = d->m_lz_code_buf; pLZ_codes < pLZ_code_buf_end; flags >>= 1)
     {
-        if (flags == 1)
+        if(flags == 1)
             flags = *pLZ_codes++ | 0x100;
 
-        if (flags & 1)
+        if(flags & 1)
         {
             mz_uint s0, s1, n0, n1, sym, num_extra_bits;
             mz_uint match_len = pLZ_codes[0], match_dist = *(const mz_uint16 *)(pLZ_codes + 1);
@@ -1102,14 +1102,14 @@ static mz_bool tdefl_compress_lz_codes(tdefl_compressor *d)
             MZ_ASSERT(d->m_huff_code_sizes[0][lit]);
             TDEFL_PUT_BITS_FAST(d->m_huff_codes[0][lit], d->m_huff_code_sizes[0][lit]);
 
-            if (((flags & 2) == 0) && (pLZ_codes < pLZ_code_buf_end))
+            if(((flags & 2) == 0) && (pLZ_codes < pLZ_code_buf_end))
             {
                 flags >>= 1;
                 lit = *pLZ_codes++;
                 MZ_ASSERT(d->m_huff_code_sizes[0][lit]);
                 TDEFL_PUT_BITS_FAST(d->m_huff_codes[0][lit], d->m_huff_code_sizes[0][lit]);
 
-                if (((flags & 2) == 0) && (pLZ_codes < pLZ_code_buf_end))
+                if(((flags & 2) == 0) && (pLZ_codes < pLZ_code_buf_end))
                 {
                     flags >>= 1;
                     lit = *pLZ_codes++;
@@ -1119,7 +1119,7 @@ static mz_bool tdefl_compress_lz_codes(tdefl_compressor *d)
             }
         }
 
-        if (pOutput_buf >= d->m_pOutput_buf_end)
+        if(pOutput_buf >= d->m_pOutput_buf_end)
             return MZ_FALSE;
 
         *(mz_uint64 *)pOutput_buf = bit_buffer;
@@ -1134,7 +1134,7 @@ static mz_bool tdefl_compress_lz_codes(tdefl_compressor *d)
     d->m_bits_in = 0;
     d->m_bit_buffer = 0;
 
-    while (bits_in)
+    while(bits_in)
     {
         mz_uint32 n = MZ_MIN(bits_in, 16);
         TDEFL_PUT_BITS((mz_uint)bit_buffer & mz_bitmasks[n], n);
@@ -1153,11 +1153,11 @@ static mz_bool tdefl_compress_lz_codes(tdefl_compressor *d)
     mz_uint8 *pLZ_codes;
 
     flags = 1;
-    for (pLZ_codes = d->m_lz_code_buf; pLZ_codes < d->m_pLZ_code_buf; flags >>= 1)
+    for(pLZ_codes = d->m_lz_code_buf; pLZ_codes < d->m_pLZ_code_buf; flags >>= 1)
     {
-        if (flags == 1)
+        if(flags == 1)
             flags = *pLZ_codes++ | 0x100;
-        if (flags & 1)
+        if(flags & 1)
         {
             mz_uint sym, num_extra_bits;
             mz_uint match_len = pLZ_codes[0], match_dist = (pLZ_codes[1] | (pLZ_codes[2] << 8));
@@ -1167,7 +1167,7 @@ static mz_bool tdefl_compress_lz_codes(tdefl_compressor *d)
             TDEFL_PUT_BITS(d->m_huff_codes[0][s_tdefl_len_sym[match_len]], d->m_huff_code_sizes[0][s_tdefl_len_sym[match_len]]);
             TDEFL_PUT_BITS(match_len & mz_bitmasks[s_tdefl_len_extra[match_len]], s_tdefl_len_extra[match_len]);
 
-            if (match_dist < 512)
+            if(match_dist < 512)
             {
                 sym = s_tdefl_small_dist_sym[match_dist];
                 num_extra_bits = s_tdefl_small_dist_extra[match_dist];
@@ -1197,7 +1197,7 @@ static mz_bool tdefl_compress_lz_codes(tdefl_compressor *d)
 
 static mz_bool tdefl_compress_block(tdefl_compressor *d, mz_bool static_block)
 {
-    if (static_block)
+    if(static_block)
         tdefl_start_static_block(d);
     else
         tdefl_start_dynamic_block(d);
@@ -1222,7 +1222,7 @@ static int tdefl_flush_block(tdefl_compressor *d, int flush)
     *d->m_pLZ_flags = (mz_uint8)(*d->m_pLZ_flags >> d->m_num_flags_left);
     d->m_pLZ_code_buf -= (d->m_num_flags_left == 8);
 
-    if ((d->m_flags & TDEFL_WRITE_ZLIB_HEADER) && (!d->m_block_index))
+    if((d->m_flags & TDEFL_WRITE_ZLIB_HEADER) && (!d->m_block_index))
     {
         TDEFL_PUT_BITS(0x78, 8);
         TDEFL_PUT_BITS(0x01, 8);
@@ -1234,50 +1234,50 @@ static int tdefl_flush_block(tdefl_compressor *d, int flush)
     saved_bit_buf = d->m_bit_buffer;
     saved_bits_in = d->m_bits_in;
 
-    if (!use_raw_block)
+    if(!use_raw_block)
         comp_block_succeeded = tdefl_compress_block(d, (d->m_flags & TDEFL_FORCE_ALL_STATIC_BLOCKS) || (d->m_total_lz_bytes < 48));
 
     /* If the block gets expanded, forget the current contents of the output buffer and send a raw block instead. */
-    if (((use_raw_block) || ((d->m_total_lz_bytes) && ((d->m_pOutput_buf - pSaved_output_buf + 1U) >= d->m_total_lz_bytes))) &&
+    if(((use_raw_block) || ((d->m_total_lz_bytes) && ((d->m_pOutput_buf - pSaved_output_buf + 1U) >= d->m_total_lz_bytes))) &&
         ((d->m_lookahead_pos - d->m_lz_code_buf_dict_pos) <= d->m_dict_size))
     {
         mz_uint i;
         d->m_pOutput_buf = pSaved_output_buf;
         d->m_bit_buffer = saved_bit_buf, d->m_bits_in = saved_bits_in;
         TDEFL_PUT_BITS(0, 2);
-        if (d->m_bits_in)
+        if(d->m_bits_in)
         {
             TDEFL_PUT_BITS(0, 8 - d->m_bits_in);
         }
-        for (i = 2; i; --i, d->m_total_lz_bytes ^= 0xFFFF)
+        for(i = 2; i; --i, d->m_total_lz_bytes ^= 0xFFFF)
         {
             TDEFL_PUT_BITS(d->m_total_lz_bytes & 0xFFFF, 16);
         }
-        for (i = 0; i < d->m_total_lz_bytes; ++i)
+        for(i = 0; i < d->m_total_lz_bytes; ++i)
         {
             TDEFL_PUT_BITS(d->m_dict[(d->m_lz_code_buf_dict_pos + i) & TDEFL_LZ_DICT_SIZE_MASK], 8);
         }
     }
     /* Check for the extremely unlikely (if not impossible) case of the compressed block not fitting into the output buffer when using dynamic codes. */
-    else if (!comp_block_succeeded)
+    else if(!comp_block_succeeded)
     {
         d->m_pOutput_buf = pSaved_output_buf;
         d->m_bit_buffer = saved_bit_buf, d->m_bits_in = saved_bits_in;
         tdefl_compress_block(d, MZ_TRUE);
     }
 
-    if (flush)
+    if(flush)
     {
-        if (flush == TDEFL_FINISH)
+        if(flush == TDEFL_FINISH)
         {
-            if (d->m_bits_in)
+            if(d->m_bits_in)
             {
                 TDEFL_PUT_BITS(0, 8 - d->m_bits_in);
             }
-            if (d->m_flags & TDEFL_WRITE_ZLIB_HEADER)
+            if(d->m_flags & TDEFL_WRITE_ZLIB_HEADER)
             {
                 mz_uint i, a = d->m_adler32;
-                for (i = 0; i < 4; i++)
+                for(i = 0; i < 4; i++)
                 {
                     TDEFL_PUT_BITS((a >> 24) & 0xFF, 8);
                     a <<= 8;
@@ -1288,11 +1288,11 @@ static int tdefl_flush_block(tdefl_compressor *d, int flush)
         {
             mz_uint i, z = 0;
             TDEFL_PUT_BITS(0, 3);
-            if (d->m_bits_in)
+            if(d->m_bits_in)
             {
                 TDEFL_PUT_BITS(0, 8 - d->m_bits_in);
             }
-            for (i = 2; i; --i, z ^= 0xFFFF)
+            for(i = 2; i; --i, z ^= 0xFFFF)
             {
                 TDEFL_PUT_BITS(z & 0xFFFF, 16);
             }
@@ -1311,20 +1311,20 @@ static int tdefl_flush_block(tdefl_compressor *d, int flush)
     d->m_total_lz_bytes = 0;
     d->m_block_index++;
 
-    if ((n = (int)(d->m_pOutput_buf - pOutput_buf_start)) != 0)
+    if((n = (int)(d->m_pOutput_buf - pOutput_buf_start)) != 0)
     {
-        if (d->m_pPut_buf_func)
+        if(d->m_pPut_buf_func)
         {
             *d->m_pIn_buf_size = d->m_pSrc - (const mz_uint8 *)d->m_pIn_buf;
-            if (!(*d->m_pPut_buf_func)(d->m_output_buf, n, d->m_pPut_buf_user))
+            if(!(*d->m_pPut_buf_func)(d->m_output_buf, n, d->m_pPut_buf_user))
                 return (d->m_prev_return_status = TDEFL_STATUS_PUT_BUF_FAILED);
         }
-        else if (pOutput_buf_start == d->m_output_buf)
+        else if(pOutput_buf_start == d->m_output_buf)
         {
             int bytes_to_copy = (int)MZ_MIN((size_t)n, (size_t)(*d->m_pOut_buf_size - d->m_out_buf_ofs));
             memcpy((mz_uint8 *)d->m_pOut_buf + d->m_out_buf_ofs, d->m_output_buf, bytes_to_copy);
             d->m_out_buf_ofs += bytes_to_copy;
-            if ((n -= bytes_to_copy) != 0)
+            if((n -= bytes_to_copy) != 0)
             {
                 d->m_output_flush_ofs = bytes_to_copy;
                 d->m_output_flush_remaining = n;
@@ -1348,46 +1348,46 @@ static MZ_FORCEINLINE void tdefl_find_match(tdefl_compressor *d, mz_uint lookahe
     const mz_uint16 *s = (const mz_uint16 *)(d->m_dict + pos), *p, *q;
     mz_uint16 c01 = TDEFL_READ_UNALIGNED_WORD(&d->m_dict[pos + match_len - 1]), s01 = TDEFL_READ_UNALIGNED_WORD(s);
     MZ_ASSERT(max_match_len <= TDEFL_MAX_MATCH_LEN);
-    if (max_match_len <= match_len)
+    if(max_match_len <= match_len)
         return;
-    for (;;)
+    for(;;)
     {
-        for (;;)
+        for(;;)
         {
-            if (--num_probes_left == 0)
+            if(--num_probes_left == 0)
                 return;
 #define TDEFL_PROBE                                                                             \
     next_probe_pos = d->m_next[probe_pos];                                                      \
-    if ((!next_probe_pos) || ((dist = (mz_uint16)(lookahead_pos - next_probe_pos)) > max_dist)) \
+    if((!next_probe_pos) || ((dist = (mz_uint16)(lookahead_pos - next_probe_pos)) > max_dist)) \
         return;                                                                                 \
     probe_pos = next_probe_pos & TDEFL_LZ_DICT_SIZE_MASK;                                       \
-    if (TDEFL_READ_UNALIGNED_WORD(&d->m_dict[probe_pos + match_len - 1]) == c01)                \
+    if(TDEFL_READ_UNALIGNED_WORD(&d->m_dict[probe_pos + match_len - 1]) == c01)                \
         break;
             TDEFL_PROBE;
             TDEFL_PROBE;
             TDEFL_PROBE;
         }
-        if (!dist)
+        if(!dist)
             break;
         q = (const mz_uint16 *)(d->m_dict + probe_pos);
-        if (TDEFL_READ_UNALIGNED_WORD(q) != s01)
+        if(TDEFL_READ_UNALIGNED_WORD(q) != s01)
             continue;
         p = s;
         probe_len = 32;
         do
         {
-        } while ((TDEFL_READ_UNALIGNED_WORD(++p) == TDEFL_READ_UNALIGNED_WORD(++q)) && (TDEFL_READ_UNALIGNED_WORD(++p) == TDEFL_READ_UNALIGNED_WORD(++q)) &&
+        } while((TDEFL_READ_UNALIGNED_WORD(++p) == TDEFL_READ_UNALIGNED_WORD(++q)) && (TDEFL_READ_UNALIGNED_WORD(++p) == TDEFL_READ_UNALIGNED_WORD(++q)) &&
                  (TDEFL_READ_UNALIGNED_WORD(++p) == TDEFL_READ_UNALIGNED_WORD(++q)) && (TDEFL_READ_UNALIGNED_WORD(++p) == TDEFL_READ_UNALIGNED_WORD(++q)) && (--probe_len > 0));
-        if (!probe_len)
+        if(!probe_len)
         {
             *pMatch_dist = dist;
             *pMatch_len = MZ_MIN(max_match_len, (mz_uint)TDEFL_MAX_MATCH_LEN);
             break;
         }
-        else if ((probe_len = ((mz_uint)(p - s) * 2) + (mz_uint)(*(const mz_uint8 *)p == *(const mz_uint8 *)q)) > match_len)
+        else if((probe_len = ((mz_uint)(p - s) * 2) + (mz_uint)(*(const mz_uint8 *)p == *(const mz_uint8 *)q)) > match_len)
         {
             *pMatch_dist = dist;
-            if ((*pMatch_len = match_len = MZ_MIN(max_match_len, probe_len)) == max_match_len)
+            if((*pMatch_len = match_len = MZ_MIN(max_match_len, probe_len)) == max_match_len)
                 break;
             c01 = TDEFL_READ_UNALIGNED_WORD(&d->m_dict[pos + match_len - 1]);
         }
@@ -1401,36 +1401,36 @@ static MZ_FORCEINLINE void tdefl_find_match(tdefl_compressor *d, mz_uint lookahe
     const mz_uint8 *s = d->m_dict + pos, *p, *q;
     mz_uint8 c0 = d->m_dict[pos + match_len], c1 = d->m_dict[pos + match_len - 1];
     MZ_ASSERT(max_match_len <= TDEFL_MAX_MATCH_LEN);
-    if (max_match_len <= match_len)
+    if(max_match_len <= match_len)
         return;
-    for (;;)
+    for(;;)
     {
-        for (;;)
+        for(;;)
         {
-            if (--num_probes_left == 0)
+            if(--num_probes_left == 0)
                 return;
 #define TDEFL_PROBE                                                                               \
     next_probe_pos = d->m_next[probe_pos];                                                        \
-    if ((!next_probe_pos) || ((dist = (mz_uint16)(lookahead_pos - next_probe_pos)) > max_dist))   \
+    if((!next_probe_pos) || ((dist = (mz_uint16)(lookahead_pos - next_probe_pos)) > max_dist))   \
         return;                                                                                   \
     probe_pos = next_probe_pos & TDEFL_LZ_DICT_SIZE_MASK;                                         \
-    if ((d->m_dict[probe_pos + match_len] == c0) && (d->m_dict[probe_pos + match_len - 1] == c1)) \
+    if((d->m_dict[probe_pos + match_len] == c0) && (d->m_dict[probe_pos + match_len - 1] == c1)) \
         break;
             TDEFL_PROBE;
             TDEFL_PROBE;
             TDEFL_PROBE;
         }
-        if (!dist)
+        if(!dist)
             break;
         p = s;
         q = d->m_dict + probe_pos;
-        for (probe_len = 0; probe_len < max_match_len; probe_len++)
-            if (*p++ != *q++)
+        for(probe_len = 0; probe_len < max_match_len; probe_len++)
+            if(*p++ != *q++)
                 break;
-        if (probe_len > match_len)
+        if(probe_len > match_len)
         {
             *pMatch_dist = dist;
-            if ((*pMatch_len = match_len = probe_len) == max_match_len)
+            if((*pMatch_len = match_len = probe_len) == max_match_len)
                 return;
             c0 = d->m_dict[pos + match_len];
             c1 = d->m_dict[pos + match_len - 1];
@@ -1447,7 +1447,7 @@ static mz_bool tdefl_compress_fast(tdefl_compressor *d)
     mz_uint8 *pLZ_code_buf = d->m_pLZ_code_buf, *pLZ_flags = d->m_pLZ_flags;
     mz_uint cur_pos = lookahead_pos & TDEFL_LZ_DICT_SIZE_MASK;
 
-    while ((d->m_src_buf_left) || ((d->m_flush) && (lookahead_size)))
+    while((d->m_src_buf_left) || ((d->m_flush) && (lookahead_size)))
     {
         const mz_uint TDEFL_COMP_FAST_LOOKAHEAD_SIZE = 4096;
         mz_uint dst_pos = (lookahead_pos + lookahead_size) & TDEFL_LZ_DICT_SIZE_MASK;
@@ -1455,11 +1455,11 @@ static mz_bool tdefl_compress_fast(tdefl_compressor *d)
         d->m_src_buf_left -= num_bytes_to_process;
         lookahead_size += num_bytes_to_process;
 
-        while (num_bytes_to_process)
+        while(num_bytes_to_process)
         {
             mz_uint32 n = MZ_MIN(TDEFL_LZ_DICT_SIZE - dst_pos, num_bytes_to_process);
             memcpy(d->m_dict + dst_pos, d->m_pSrc, n);
-            if (dst_pos < (TDEFL_MAX_MATCH_LEN - 1))
+            if(dst_pos < (TDEFL_MAX_MATCH_LEN - 1))
                 memcpy(d->m_dict + TDEFL_LZ_DICT_SIZE + dst_pos, d->m_pSrc, MZ_MIN(n, (TDEFL_MAX_MATCH_LEN - 1) - dst_pos));
             d->m_pSrc += n;
             dst_pos = (dst_pos + n) & TDEFL_LZ_DICT_SIZE_MASK;
@@ -1467,10 +1467,10 @@ static mz_bool tdefl_compress_fast(tdefl_compressor *d)
         }
 
         dict_size = MZ_MIN(TDEFL_LZ_DICT_SIZE - lookahead_size, dict_size);
-        if ((!d->m_flush) && (lookahead_size < TDEFL_COMP_FAST_LOOKAHEAD_SIZE))
+        if((!d->m_flush) && (lookahead_size < TDEFL_COMP_FAST_LOOKAHEAD_SIZE))
             break;
 
-        while (lookahead_size >= 4)
+        while(lookahead_size >= 4)
         {
             mz_uint cur_match_dist, cur_match_len = 1;
             mz_uint8 *pCur_dict = d->m_dict + cur_pos;
@@ -1479,20 +1479,20 @@ static mz_bool tdefl_compress_fast(tdefl_compressor *d)
             mz_uint probe_pos = d->m_hash[hash];
             d->m_hash[hash] = (mz_uint16)lookahead_pos;
 
-            if (((cur_match_dist = (mz_uint16)(lookahead_pos - probe_pos)) <= dict_size) && ((*(const mz_uint32 *)(d->m_dict + (probe_pos &= TDEFL_LZ_DICT_SIZE_MASK)) & 0xFFFFFF) == first_trigram))
+            if(((cur_match_dist = (mz_uint16)(lookahead_pos - probe_pos)) <= dict_size) && ((*(const mz_uint32 *)(d->m_dict + (probe_pos &= TDEFL_LZ_DICT_SIZE_MASK)) & 0xFFFFFF) == first_trigram))
             {
                 const mz_uint16 *p = (const mz_uint16 *)pCur_dict;
                 const mz_uint16 *q = (const mz_uint16 *)(d->m_dict + probe_pos);
                 mz_uint32 probe_len = 32;
                 do
                 {
-                } while ((TDEFL_READ_UNALIGNED_WORD(++p) == TDEFL_READ_UNALIGNED_WORD(++q)) && (TDEFL_READ_UNALIGNED_WORD(++p) == TDEFL_READ_UNALIGNED_WORD(++q)) &&
+                } while((TDEFL_READ_UNALIGNED_WORD(++p) == TDEFL_READ_UNALIGNED_WORD(++q)) && (TDEFL_READ_UNALIGNED_WORD(++p) == TDEFL_READ_UNALIGNED_WORD(++q)) &&
                          (TDEFL_READ_UNALIGNED_WORD(++p) == TDEFL_READ_UNALIGNED_WORD(++q)) && (TDEFL_READ_UNALIGNED_WORD(++p) == TDEFL_READ_UNALIGNED_WORD(++q)) && (--probe_len > 0));
                 cur_match_len = ((mz_uint)(p - (const mz_uint16 *)pCur_dict) * 2) + (mz_uint)(*(const mz_uint8 *)p == *(const mz_uint8 *)q);
-                if (!probe_len)
+                if(!probe_len)
                     cur_match_len = cur_match_dist ? TDEFL_MAX_MATCH_LEN : 0;
 
-                if ((cur_match_len < TDEFL_MIN_MATCH_LEN) || ((cur_match_len == TDEFL_MIN_MATCH_LEN) && (cur_match_dist >= 8U * 1024U)))
+                if((cur_match_len < TDEFL_MIN_MATCH_LEN) || ((cur_match_len == TDEFL_MIN_MATCH_LEN) && (cur_match_dist >= 8U * 1024U)))
                 {
                     cur_match_len = 1;
                     *pLZ_code_buf++ = (mz_uint8)first_trigram;
@@ -1527,7 +1527,7 @@ static mz_bool tdefl_compress_fast(tdefl_compressor *d)
                 d->m_huff_count[0][(mz_uint8)first_trigram]++;
             }
 
-            if (--num_flags_left == 0)
+            if(--num_flags_left == 0)
             {
                 num_flags_left = 8;
                 pLZ_flags = pLZ_code_buf++;
@@ -1540,7 +1540,7 @@ static mz_bool tdefl_compress_fast(tdefl_compressor *d)
             MZ_ASSERT(lookahead_size >= cur_match_len);
             lookahead_size -= cur_match_len;
 
-            if (pLZ_code_buf > &d->m_lz_code_buf[TDEFL_LZ_CODE_BUF_SIZE - 8])
+            if(pLZ_code_buf > &d->m_lz_code_buf[TDEFL_LZ_CODE_BUF_SIZE - 8])
             {
                 int n;
                 d->m_lookahead_pos = lookahead_pos;
@@ -1550,7 +1550,7 @@ static mz_bool tdefl_compress_fast(tdefl_compressor *d)
                 d->m_pLZ_code_buf = pLZ_code_buf;
                 d->m_pLZ_flags = pLZ_flags;
                 d->m_num_flags_left = num_flags_left;
-                if ((n = tdefl_flush_block(d, 0)) != 0)
+                if((n = tdefl_flush_block(d, 0)) != 0)
                     return (n < 0) ? MZ_FALSE : MZ_TRUE;
                 total_lz_bytes = d->m_total_lz_bytes;
                 pLZ_code_buf = d->m_pLZ_code_buf;
@@ -1559,14 +1559,14 @@ static mz_bool tdefl_compress_fast(tdefl_compressor *d)
             }
         }
 
-        while (lookahead_size)
+        while(lookahead_size)
         {
             mz_uint8 lit = d->m_dict[cur_pos];
 
             total_lz_bytes++;
             *pLZ_code_buf++ = lit;
             *pLZ_flags = (mz_uint8)(*pLZ_flags >> 1);
-            if (--num_flags_left == 0)
+            if(--num_flags_left == 0)
             {
                 num_flags_left = 8;
                 pLZ_flags = pLZ_code_buf++;
@@ -1579,7 +1579,7 @@ static mz_bool tdefl_compress_fast(tdefl_compressor *d)
             cur_pos = (cur_pos + 1) & TDEFL_LZ_DICT_SIZE_MASK;
             lookahead_size--;
 
-            if (pLZ_code_buf > &d->m_lz_code_buf[TDEFL_LZ_CODE_BUF_SIZE - 8])
+            if(pLZ_code_buf > &d->m_lz_code_buf[TDEFL_LZ_CODE_BUF_SIZE - 8])
             {
                 int n;
                 d->m_lookahead_pos = lookahead_pos;
@@ -1589,7 +1589,7 @@ static mz_bool tdefl_compress_fast(tdefl_compressor *d)
                 d->m_pLZ_code_buf = pLZ_code_buf;
                 d->m_pLZ_flags = pLZ_flags;
                 d->m_num_flags_left = num_flags_left;
-                if ((n = tdefl_flush_block(d, 0)) != 0)
+                if((n = tdefl_flush_block(d, 0)) != 0)
                     return (n < 0) ? MZ_FALSE : MZ_TRUE;
                 total_lz_bytes = d->m_total_lz_bytes;
                 pLZ_code_buf = d->m_pLZ_code_buf;
@@ -1615,7 +1615,7 @@ static MZ_FORCEINLINE void tdefl_record_literal(tdefl_compressor *d, mz_uint8 li
     d->m_total_lz_bytes++;
     *d->m_pLZ_code_buf++ = lit;
     *d->m_pLZ_flags = (mz_uint8)(*d->m_pLZ_flags >> 1);
-    if (--d->m_num_flags_left == 0)
+    if(--d->m_num_flags_left == 0)
     {
         d->m_num_flags_left = 8;
         d->m_pLZ_flags = d->m_pLZ_code_buf++;
@@ -1639,7 +1639,7 @@ static MZ_FORCEINLINE void tdefl_record_match(tdefl_compressor *d, mz_uint match
     d->m_pLZ_code_buf += 3;
 
     *d->m_pLZ_flags = (mz_uint8)((*d->m_pLZ_flags >> 1) | 0x80);
-    if (--d->m_num_flags_left == 0)
+    if(--d->m_num_flags_left == 0)
     {
         d->m_num_flags_left = 8;
         d->m_pLZ_flags = d->m_pLZ_code_buf++;
@@ -1649,7 +1649,7 @@ static MZ_FORCEINLINE void tdefl_record_match(tdefl_compressor *d, mz_uint match
     s1 = s_tdefl_large_dist_sym[(match_dist >> 8) & 127];
     d->m_huff_count[1][(match_dist < 512) ? s0 : s1]++;
 
-    if (match_len >= TDEFL_MIN_MATCH_LEN)
+    if(match_len >= TDEFL_MIN_MATCH_LEN)
         d->m_huff_count[0][s_tdefl_len_sym[match_len - TDEFL_MIN_MATCH_LEN]]++;
 }
 
@@ -1659,11 +1659,11 @@ static mz_bool tdefl_compress_normal(tdefl_compressor *d)
     size_t src_buf_left = d->m_src_buf_left;
     tdefl_flush flush = d->m_flush;
 
-    while ((src_buf_left) || ((flush) && (d->m_lookahead_size)))
+    while((src_buf_left) || ((flush) && (d->m_lookahead_size)))
     {
         mz_uint len_to_move, cur_match_dist, cur_match_len, cur_pos;
         /* Update dictionary and hash chains. Keeps the lookahead size equal to TDEFL_MAX_MATCH_LEN. */
-        if ((d->m_lookahead_size + d->m_dict_size) >= (TDEFL_MIN_MATCH_LEN - 1))
+        if((d->m_lookahead_size + d->m_dict_size) >= (TDEFL_MIN_MATCH_LEN - 1))
         {
             mz_uint dst_pos = (d->m_lookahead_pos + d->m_lookahead_size) & TDEFL_LZ_DICT_SIZE_MASK, ins_pos = d->m_lookahead_pos + d->m_lookahead_size - 2;
             mz_uint hash = (d->m_dict[ins_pos & TDEFL_LZ_DICT_SIZE_MASK] << TDEFL_LZ_HASH_SHIFT) ^ d->m_dict[(ins_pos + 1) & TDEFL_LZ_DICT_SIZE_MASK];
@@ -1671,11 +1671,11 @@ static mz_bool tdefl_compress_normal(tdefl_compressor *d)
             const mz_uint8 *pSrc_end = pSrc + num_bytes_to_process;
             src_buf_left -= num_bytes_to_process;
             d->m_lookahead_size += num_bytes_to_process;
-            while (pSrc != pSrc_end)
+            while(pSrc != pSrc_end)
             {
                 mz_uint8 c = *pSrc++;
                 d->m_dict[dst_pos] = c;
-                if (dst_pos < (TDEFL_MAX_MATCH_LEN - 1))
+                if(dst_pos < (TDEFL_MAX_MATCH_LEN - 1))
                     d->m_dict[TDEFL_LZ_DICT_SIZE + dst_pos] = c;
                 hash = ((hash << TDEFL_LZ_HASH_SHIFT) ^ c) & (TDEFL_LZ_HASH_SIZE - 1);
                 d->m_next[ins_pos & TDEFL_LZ_DICT_SIZE_MASK] = d->m_hash[hash];
@@ -1686,15 +1686,15 @@ static mz_bool tdefl_compress_normal(tdefl_compressor *d)
         }
         else
         {
-            while ((src_buf_left) && (d->m_lookahead_size < TDEFL_MAX_MATCH_LEN))
+            while((src_buf_left) && (d->m_lookahead_size < TDEFL_MAX_MATCH_LEN))
             {
                 mz_uint8 c = *pSrc++;
                 mz_uint dst_pos = (d->m_lookahead_pos + d->m_lookahead_size) & TDEFL_LZ_DICT_SIZE_MASK;
                 src_buf_left--;
                 d->m_dict[dst_pos] = c;
-                if (dst_pos < (TDEFL_MAX_MATCH_LEN - 1))
+                if(dst_pos < (TDEFL_MAX_MATCH_LEN - 1))
                     d->m_dict[TDEFL_LZ_DICT_SIZE + dst_pos] = c;
-                if ((++d->m_lookahead_size + d->m_dict_size) >= TDEFL_MIN_MATCH_LEN)
+                if((++d->m_lookahead_size + d->m_dict_size) >= TDEFL_MIN_MATCH_LEN)
                 {
                     mz_uint ins_pos = d->m_lookahead_pos + (d->m_lookahead_size - 1) - 2;
                     mz_uint hash = ((d->m_dict[ins_pos & TDEFL_LZ_DICT_SIZE_MASK] << (TDEFL_LZ_HASH_SHIFT * 2)) ^ (d->m_dict[(ins_pos + 1) & TDEFL_LZ_DICT_SIZE_MASK] << TDEFL_LZ_HASH_SHIFT) ^ c) & (TDEFL_LZ_HASH_SIZE - 1);
@@ -1704,7 +1704,7 @@ static mz_bool tdefl_compress_normal(tdefl_compressor *d)
             }
         }
         d->m_dict_size = MZ_MIN(TDEFL_LZ_DICT_SIZE - d->m_lookahead_size, d->m_dict_size);
-        if ((!flush) && (d->m_lookahead_size < TDEFL_MAX_MATCH_LEN))
+        if((!flush) && (d->m_lookahead_size < TDEFL_MAX_MATCH_LEN))
             break;
 
         /* Simple lazy/greedy parsing state machine. */
@@ -1712,19 +1712,19 @@ static mz_bool tdefl_compress_normal(tdefl_compressor *d)
         cur_match_dist = 0;
         cur_match_len = d->m_saved_match_len ? d->m_saved_match_len : (TDEFL_MIN_MATCH_LEN - 1);
         cur_pos = d->m_lookahead_pos & TDEFL_LZ_DICT_SIZE_MASK;
-        if (d->m_flags & (TDEFL_RLE_MATCHES | TDEFL_FORCE_ALL_RAW_BLOCKS))
+        if(d->m_flags & (TDEFL_RLE_MATCHES | TDEFL_FORCE_ALL_RAW_BLOCKS))
         {
-            if ((d->m_dict_size) && (!(d->m_flags & TDEFL_FORCE_ALL_RAW_BLOCKS)))
+            if((d->m_dict_size) && (!(d->m_flags & TDEFL_FORCE_ALL_RAW_BLOCKS)))
             {
                 mz_uint8 c = d->m_dict[(cur_pos - 1) & TDEFL_LZ_DICT_SIZE_MASK];
                 cur_match_len = 0;
-                while (cur_match_len < d->m_lookahead_size)
+                while(cur_match_len < d->m_lookahead_size)
                 {
-                    if (d->m_dict[cur_pos + cur_match_len] != c)
+                    if(d->m_dict[cur_pos + cur_match_len] != c)
                         break;
                     cur_match_len++;
                 }
-                if (cur_match_len < TDEFL_MIN_MATCH_LEN)
+                if(cur_match_len < TDEFL_MIN_MATCH_LEN)
                     cur_match_len = 0;
                 else
                     cur_match_dist = 1;
@@ -1734,16 +1734,16 @@ static mz_bool tdefl_compress_normal(tdefl_compressor *d)
         {
             tdefl_find_match(d, d->m_lookahead_pos, d->m_dict_size, d->m_lookahead_size, &cur_match_dist, &cur_match_len);
         }
-        if (((cur_match_len == TDEFL_MIN_MATCH_LEN) && (cur_match_dist >= 8U * 1024U)) || (cur_pos == cur_match_dist) || ((d->m_flags & TDEFL_FILTER_MATCHES) && (cur_match_len <= 5)))
+        if(((cur_match_len == TDEFL_MIN_MATCH_LEN) && (cur_match_dist >= 8U * 1024U)) || (cur_pos == cur_match_dist) || ((d->m_flags & TDEFL_FILTER_MATCHES) && (cur_match_len <= 5)))
         {
             cur_match_dist = cur_match_len = 0;
         }
-        if (d->m_saved_match_len)
+        if(d->m_saved_match_len)
         {
-            if (cur_match_len > d->m_saved_match_len)
+            if(cur_match_len > d->m_saved_match_len)
             {
                 tdefl_record_literal(d, (mz_uint8)d->m_saved_lit);
-                if (cur_match_len >= 128)
+                if(cur_match_len >= 128)
                 {
                     tdefl_record_match(d, cur_match_len, cur_match_dist);
                     d->m_saved_match_len = 0;
@@ -1763,9 +1763,9 @@ static mz_bool tdefl_compress_normal(tdefl_compressor *d)
                 d->m_saved_match_len = 0;
             }
         }
-        else if (!cur_match_dist)
+        else if(!cur_match_dist)
             tdefl_record_literal(d, d->m_dict[MZ_MIN(cur_pos, sizeof(d->m_dict) - 1)]);
-        else if ((d->m_greedy_parsing) || (d->m_flags & TDEFL_RLE_MATCHES) || (cur_match_len >= 128))
+        else if((d->m_greedy_parsing) || (d->m_flags & TDEFL_RLE_MATCHES) || (cur_match_len >= 128))
         {
             tdefl_record_match(d, cur_match_len, cur_match_dist);
             len_to_move = cur_match_len;
@@ -1782,13 +1782,13 @@ static mz_bool tdefl_compress_normal(tdefl_compressor *d)
         d->m_lookahead_size -= len_to_move;
         d->m_dict_size = MZ_MIN(d->m_dict_size + len_to_move, (mz_uint)TDEFL_LZ_DICT_SIZE);
         /* Check if it's time to flush the current LZ codes to the internal output buffer. */
-        if ((d->m_pLZ_code_buf > &d->m_lz_code_buf[TDEFL_LZ_CODE_BUF_SIZE - 8]) ||
+        if((d->m_pLZ_code_buf > &d->m_lz_code_buf[TDEFL_LZ_CODE_BUF_SIZE - 8]) ||
             ((d->m_total_lz_bytes > 31 * 1024) && (((((mz_uint)(d->m_pLZ_code_buf - d->m_lz_code_buf) * 115) >> 7) >= d->m_total_lz_bytes) || (d->m_flags & TDEFL_FORCE_ALL_RAW_BLOCKS))))
         {
             int n;
             d->m_pSrc = pSrc;
             d->m_src_buf_left = src_buf_left;
-            if ((n = tdefl_flush_block(d, 0)) != 0)
+            if((n = tdefl_flush_block(d, 0)) != 0)
                 return (n < 0) ? MZ_FALSE : MZ_TRUE;
         }
     }
@@ -1800,12 +1800,12 @@ static mz_bool tdefl_compress_normal(tdefl_compressor *d)
 
 static tdefl_status tdefl_flush_output_buffer(tdefl_compressor *d)
 {
-    if (d->m_pIn_buf_size)
+    if(d->m_pIn_buf_size)
     {
         *d->m_pIn_buf_size = d->m_pSrc - (const mz_uint8 *)d->m_pIn_buf;
     }
 
-    if (d->m_pOut_buf_size)
+    if(d->m_pOut_buf_size)
     {
         size_t n = MZ_MIN(*d->m_pOut_buf_size - d->m_out_buf_ofs, d->m_output_flush_remaining);
         memcpy((mz_uint8 *)d->m_pOut_buf + d->m_out_buf_ofs, d->m_output_buf + d->m_output_flush_ofs, n);
@@ -1821,11 +1821,11 @@ static tdefl_status tdefl_flush_output_buffer(tdefl_compressor *d)
 
 tdefl_status tdefl_compress(tdefl_compressor *d, const void *pIn_buf, size_t *pIn_buf_size, void *pOut_buf, size_t *pOut_buf_size, tdefl_flush flush)
 {
-    if (!d)
+    if(!d)
     {
-        if (pIn_buf_size)
+        if(pIn_buf_size)
             *pIn_buf_size = 0;
-        if (pOut_buf_size)
+        if(pOut_buf_size)
             *pOut_buf_size = 0;
         return TDEFL_STATUS_BAD_PARAM;
     }
@@ -1839,44 +1839,44 @@ tdefl_status tdefl_compress(tdefl_compressor *d, const void *pIn_buf, size_t *pI
     d->m_out_buf_ofs = 0;
     d->m_flush = flush;
 
-    if (((d->m_pPut_buf_func != NULL) == ((pOut_buf != NULL) || (pOut_buf_size != NULL))) || (d->m_prev_return_status != TDEFL_STATUS_OKAY) ||
+    if(((d->m_pPut_buf_func != NULL) == ((pOut_buf != NULL) || (pOut_buf_size != NULL))) || (d->m_prev_return_status != TDEFL_STATUS_OKAY) ||
         (d->m_wants_to_finish && (flush != TDEFL_FINISH)) || (pIn_buf_size && *pIn_buf_size && !pIn_buf) || (pOut_buf_size && *pOut_buf_size && !pOut_buf))
     {
-        if (pIn_buf_size)
+        if(pIn_buf_size)
             *pIn_buf_size = 0;
-        if (pOut_buf_size)
+        if(pOut_buf_size)
             *pOut_buf_size = 0;
         return (d->m_prev_return_status = TDEFL_STATUS_BAD_PARAM);
     }
     d->m_wants_to_finish |= (flush == TDEFL_FINISH);
 
-    if ((d->m_output_flush_remaining) || (d->m_finished))
+    if((d->m_output_flush_remaining) || (d->m_finished))
         return (d->m_prev_return_status = tdefl_flush_output_buffer(d));
 
 #if MINIZ_USE_UNALIGNED_LOADS_AND_STORES &&MINIZ_LITTLE_ENDIAN
-    if (((d->m_flags & TDEFL_MAX_PROBES_MASK) == 1) &&
+    if(((d->m_flags & TDEFL_MAX_PROBES_MASK) == 1) &&
         ((d->m_flags & TDEFL_GREEDY_PARSING_FLAG) != 0) &&
         ((d->m_flags & (TDEFL_FILTER_MATCHES | TDEFL_FORCE_ALL_RAW_BLOCKS | TDEFL_RLE_MATCHES)) == 0))
     {
-        if (!tdefl_compress_fast(d))
+        if(!tdefl_compress_fast(d))
             return d->m_prev_return_status;
     }
     else
 #endif /* #if MINIZ_USE_UNALIGNED_LOADS_AND_STORES && MINIZ_LITTLE_ENDIAN */
     {
-        if (!tdefl_compress_normal(d))
+        if(!tdefl_compress_normal(d))
             return d->m_prev_return_status;
     }
 
-    if ((d->m_flags & (TDEFL_WRITE_ZLIB_HEADER | TDEFL_COMPUTE_ADLER32)) && (pIn_buf))
+    if((d->m_flags & (TDEFL_WRITE_ZLIB_HEADER | TDEFL_COMPUTE_ADLER32)) && (pIn_buf))
         d->m_adler32 = (mz_uint32)mz_adler32(d->m_adler32, (const mz_uint8 *)pIn_buf, d->m_pSrc - (const mz_uint8 *)pIn_buf);
 
-    if ((flush) && (!d->m_lookahead_size) && (!d->m_src_buf_left) && (!d->m_output_flush_remaining))
+    if((flush) && (!d->m_lookahead_size) && (!d->m_src_buf_left) && (!d->m_output_flush_remaining))
     {
-        if (tdefl_flush_block(d, flush) < 0)
+        if(tdefl_flush_block(d, flush) < 0)
             return d->m_prev_return_status;
         d->m_finished = (flush == TDEFL_FINISH);
-        if (flush == TDEFL_FULL_FLUSH)
+        if(flush == TDEFL_FULL_FLUSH)
         {
             MZ_CLEAR_OBJ(d->m_hash);
             MZ_CLEAR_OBJ(d->m_next);
@@ -1901,7 +1901,7 @@ tdefl_status tdefl_init(tdefl_compressor *d, tdefl_put_buf_func_ptr pPut_buf_fun
     d->m_max_probes[0] = 1 + ((flags & 0xFFF) + 2) / 3;
     d->m_greedy_parsing = (flags & TDEFL_GREEDY_PARSING_FLAG) != 0;
     d->m_max_probes[1] = 1 + (((flags & 0xFFF) >> 2) + 2) / 3;
-    if (!(flags & TDEFL_NONDETERMINISTIC_PARSING_FLAG))
+    if(!(flags & TDEFL_NONDETERMINISTIC_PARSING_FLAG))
         MZ_CLEAR_OBJ(d->m_hash);
     d->m_lookahead_pos = d->m_lookahead_size = d->m_dict_size = d->m_total_lz_bytes = d->m_lz_code_buf_dict_pos = d->m_bits_in = 0;
     d->m_output_flush_ofs = d->m_output_flush_remaining = d->m_finished = d->m_block_index = d->m_bit_buffer = d->m_wants_to_finish = 0;
@@ -1940,10 +1940,10 @@ mz_bool tdefl_compress_mem_to_output(const void *pBuf, size_t buf_len, tdefl_put
 {
     tdefl_compressor *pComp;
     mz_bool succeeded;
-    if (((buf_len) && (!pBuf)) || (!pPut_buf_func))
+    if(((buf_len) && (!pBuf)) || (!pPut_buf_func))
         return MZ_FALSE;
     pComp = (tdefl_compressor *)MZ_MALLOC(sizeof(tdefl_compressor));
-    if (!pComp)
+    if(!pComp)
         return MZ_FALSE;
     succeeded = (tdefl_init(pComp, pPut_buf_func, pPut_buf_user, flags) == TDEFL_STATUS_OKAY);
     succeeded = succeeded && (tdefl_compress_buffer(pComp, pBuf, buf_len, TDEFL_FINISH) == TDEFL_STATUS_DONE);
@@ -1962,18 +1962,18 @@ static mz_bool tdefl_output_buffer_putter(const void *pBuf, int len, void *pUser
 {
     tdefl_output_buffer *p = (tdefl_output_buffer *)pUser;
     size_t new_size = p->m_size + len;
-    if (new_size > p->m_capacity)
+    if(new_size > p->m_capacity)
     {
         size_t new_capacity = p->m_capacity;
         mz_uint8 *pNew_buf;
-        if (!p->m_expandable)
+        if(!p->m_expandable)
             return MZ_FALSE;
         do
         {
             new_capacity = MZ_MAX(128U, new_capacity << 1U);
-        } while (new_size > new_capacity);
+        } while(new_size > new_capacity);
         pNew_buf = (mz_uint8 *)MZ_REALLOC(p->m_pBuf, new_capacity);
-        if (!pNew_buf)
+        if(!pNew_buf)
             return MZ_FALSE;
         p->m_pBuf = pNew_buf;
         p->m_capacity = new_capacity;
@@ -1987,12 +1987,12 @@ void *tdefl_compress_mem_to_heap(const void *pSrc_buf, size_t src_buf_len, size_
 {
     tdefl_output_buffer out_buf;
     MZ_CLEAR_OBJ(out_buf);
-    if (!pOut_len)
+    if(!pOut_len)
         return nullptr;
     else
         *pOut_len = 0;
     out_buf.m_expandable = MZ_TRUE;
-    if (!tdefl_compress_mem_to_output(pSrc_buf, src_buf_len, tdefl_output_buffer_putter, &out_buf, flags))
+    if(!tdefl_compress_mem_to_output(pSrc_buf, src_buf_len, tdefl_output_buffer_putter, &out_buf, flags))
         return NULL;
     *pOut_len = out_buf.m_size;
     return out_buf.m_pBuf;
@@ -2002,11 +2002,11 @@ size_t tdefl_compress_mem_to_mem(void *pOut_buf, size_t out_buf_len, const void
 {
     tdefl_output_buffer out_buf;
     MZ_CLEAR_OBJ(out_buf);
-    if (!pOut_buf)
+    if(!pOut_buf)
         return 0;
     out_buf.m_pBuf = (mz_uint8 *)pOut_buf;
     out_buf.m_capacity = out_buf_len;
-    if (!tdefl_compress_mem_to_output(pSrc_buf, src_buf_len, tdefl_output_buffer_putter, &out_buf, flags))
+    if(!tdefl_compress_mem_to_output(pSrc_buf, src_buf_len, tdefl_output_buffer_putter, &out_buf, flags))
         return 0;
     return out_buf.m_size;
 }
@@ -2018,18 +2018,18 @@ static const mz_uint s_tdefl_num_probes[11] = { 0, 1, 6, 32, 16, 32, 128, 256, 5
 mz_uint tdefl_create_comp_flags_from_zip_params(int level, int window_bits, int strategy)
 {
     mz_uint comp_flags = s_tdefl_num_probes[(level >= 0) ? MZ_MIN(10, level) : MZ_DEFAULT_LEVEL] | ((level <= 3) ? TDEFL_GREEDY_PARSING_FLAG : 0);
-    if (window_bits > 0)
+    if(window_bits > 0)
         comp_flags |= TDEFL_WRITE_ZLIB_HEADER;
 
-    if (!level)
+    if(!level)
         comp_flags |= TDEFL_FORCE_ALL_RAW_BLOCKS;
-    else if (strategy == MZ_FILTERED)
+    else if(strategy == MZ_FILTERED)
         comp_flags |= TDEFL_FILTER_MATCHES;
-    else if (strategy == MZ_HUFFMAN_ONLY)
+    else if(strategy == MZ_HUFFMAN_ONLY)
         comp_flags &= ~TDEFL_MAX_PROBES_MASK;
-    else if (strategy == MZ_FIXED)
+    else if(strategy == MZ_FIXED)
         comp_flags |= TDEFL_FORCE_ALL_STATIC_BLOCKS;
-    else if (strategy == MZ_RLE)
+    else if(strategy == MZ_RLE)
         comp_flags |= TDEFL_RLE_MATCHES;
 
     return comp_flags;
@@ -2053,27 +2053,27 @@ void *tdefl_write_image_to_png_file_in_memory_ex(const void *pImage, int w, int
     int i, bpl = w * num_chans, y, z;
     mz_uint32 c;
     *pLen_out = 0;
-    if (!pComp)
+    if(!pComp)
         return NULL;
     MZ_CLEAR_OBJ(out_buf);
     out_buf.m_expandable = MZ_TRUE;
     out_buf.m_capacity = 57 + MZ_MAX(64, (1 + bpl) * h);
-    if (NULL == (out_buf.m_pBuf = (mz_uint8 *)MZ_MALLOC(out_buf.m_capacity)))
+    if(NULL == (out_buf.m_pBuf = (mz_uint8 *)MZ_MALLOC(out_buf.m_capacity)))
     {
         MZ_FREE(pComp);
         return NULL;
     }
     /* write dummy header */
-    for (z = 41; z; --z)
+    for(z = 41; z; --z)
         tdefl_output_buffer_putter(&z, 1, &out_buf);
     /* compress image data */
     tdefl_init(pComp, tdefl_output_buffer_putter, &out_buf, s_tdefl_png_num_probes[MZ_MIN(10, level)] | TDEFL_WRITE_ZLIB_HEADER);
-    for (y = 0; y < h; ++y)
+    for(y = 0; y < h; ++y)
     {
         tdefl_compress_buffer(pComp, &z, 1, TDEFL_NO_FLUSH);
         tdefl_compress_buffer(pComp, (mz_uint8 *)pImage + (flip ? (h - 1 - y) : y) * bpl, bpl, TDEFL_NO_FLUSH);
     }
-    if (tdefl_compress_buffer(pComp, NULL, 0, TDEFL_FINISH) != TDEFL_STATUS_DONE)
+    if(tdefl_compress_buffer(pComp, NULL, 0, TDEFL_FINISH) != TDEFL_STATUS_DONE)
     {
         MZ_FREE(pComp);
         MZ_FREE(out_buf.m_pBuf);
@@ -2087,12 +2087,12 @@ void *tdefl_write_image_to_png_file_in_memory_ex(const void *pImage, int w, int
                                 0, 0, (mz_uint8)(w >> 8), (mz_uint8)w, 0, 0, (mz_uint8)(h >> 8), (mz_uint8)h, 8, chans[num_chans], 0, 0, 0, 0, 0, 0, 0,
                                 (mz_uint8)(*pLen_out >> 24), (mz_uint8)(*pLen_out >> 16), (mz_uint8)(*pLen_out >> 8), (mz_uint8) * pLen_out, 0x49, 0x44, 0x41, 0x54 };
         c = (mz_uint32)mz_crc32(MZ_CRC32_INIT, pnghdr + 12, 17);
-        for (i = 0; i < 4; ++i, c <<= 8)
+        for(i = 0; i < 4; ++i, c <<= 8)
             ((mz_uint8 *)(pnghdr + 29))[i] = (mz_uint8)(c >> 24);
         memcpy(out_buf.m_pBuf, pnghdr, 41);
     }
     /* write footer (IDAT CRC-32, followed by IEND chunk) */
-    if (!tdefl_output_buffer_putter("\0\0\0\0\0\0\0\0\x49\x45\x4e\x44\xae\x42\x60\x82", 16, &out_buf))
+    if(!tdefl_output_buffer_putter("\0\0\0\0\0\0\0\0\x49\x45\x4e\x44\xae\x42\x60\x82", 16, &out_buf))
     {
         *pLen_out = 0;
         MZ_FREE(pComp);
@@ -2100,7 +2100,7 @@ void *tdefl_write_image_to_png_file_in_memory_ex(const void *pImage, int w, int
         return NULL;
     }
     c = (mz_uint32)mz_crc32(MZ_CRC32_INIT, out_buf.m_pBuf + 41 - 4, *pLen_out + 4);
-    for (i = 0; i < 4; ++i, c <<= 8)
+    for(i = 0; i < 4; ++i, c <<= 8)
         (out_buf.m_pBuf + out_buf.m_size - 16)[i] = (mz_uint8)(c >> 24);
     /* compute final size of file, grab compressed data buffer and return */
     *pLen_out += 57;
@@ -2171,7 +2171,7 @@ extern "C" {
 #define TINFL_MEMSET(p, c, l) memset(p, c, l)
 
 #define TINFL_CR_BEGIN  \
-    switch (r->m_state) \
+    switch(r->m_state) \
     {                   \
         case 0:
 #define TINFL_CR_RETURN(state_index, result) \
@@ -2187,7 +2187,7 @@ extern "C" {
 #define TINFL_CR_RETURN_FOREVER(state_index, result) \
     do                                               \
     {                                                \
-        for (;;)                                     \
+        for(;;)                                     \
         {                                            \
             TINFL_CR_RETURN(state_index, result);    \
         }                                            \
@@ -2198,7 +2198,7 @@ extern "C" {
 #define TINFL_GET_BYTE(state_index, c)                                                                                                                          \
     do                                                                                                                                                          \
     {                                                                                                                                                           \
-        while (pIn_buf_cur >= pIn_buf_end)                                                                                                                      \
+        while(pIn_buf_cur >= pIn_buf_end)                                                                                                                      \
         {                                                                                                                                                       \
             TINFL_CR_RETURN(state_index, (decomp_flags &TINFL_FLAG_HAS_MORE_INPUT) ? TINFL_STATUS_NEEDS_MORE_INPUT : TINFL_STATUS_FAILED_CANNOT_MAKE_PROGRESS); \
         }                                                                                                                                                       \
@@ -2213,11 +2213,11 @@ extern "C" {
         TINFL_GET_BYTE(state_index, c);                \
         bit_buf |= (((tinfl_bit_buf_t)c) << num_bits); \
         num_bits += 8;                                 \
-    } while (num_bits < (mz_uint)(n))
+    } while(num_bits < (mz_uint)(n))
 #define TINFL_SKIP_BITS(state_index, n)      \
     do                                       \
     {                                        \
-        if (num_bits < (mz_uint)(n))         \
+        if(num_bits < (mz_uint)(n))         \
         {                                    \
             TINFL_NEED_BITS(state_index, n); \
         }                                    \
@@ -2228,7 +2228,7 @@ extern "C" {
 #define TINFL_GET_BITS(state_index, b, n)    \
     do                                       \
     {                                        \
-        if (num_bits < (mz_uint)(n))         \
+        if(num_bits < (mz_uint)(n))         \
         {                                    \
             TINFL_NEED_BITS(state_index, n); \
         }                                    \
@@ -2246,26 +2246,26 @@ extern "C" {
     do                                                                         \
     {                                                                          \
         temp = (pHuff)->m_look_up[bit_buf & (TINFL_FAST_LOOKUP_SIZE - 1)];     \
-        if (temp >= 0)                                                         \
+        if(temp >= 0)                                                         \
         {                                                                      \
             code_len = temp >> 9;                                              \
-            if ((code_len) && (num_bits >= code_len))                          \
+            if((code_len) && (num_bits >= code_len))                          \
                 break;                                                         \
         }                                                                      \
-        else if (num_bits > TINFL_FAST_LOOKUP_BITS)                            \
+        else if(num_bits > TINFL_FAST_LOOKUP_BITS)                            \
         {                                                                      \
             code_len = TINFL_FAST_LOOKUP_BITS;                                 \
             do                                                                 \
             {                                                                  \
                 temp = (pHuff)->m_tree[~temp + ((bit_buf >> code_len++) & 1)]; \
-            } while ((temp < 0) && (num_bits >= (code_len + 1)));              \
-            if (temp >= 0)                                                     \
+            } while((temp < 0) && (num_bits >= (code_len + 1)));              \
+            if(temp >= 0)                                                     \
                 break;                                                         \
         }                                                                      \
         TINFL_GET_BYTE(state_index, c);                                        \
         bit_buf |= (((tinfl_bit_buf_t)c) << num_bits);                         \
         num_bits += 8;                                                         \
-    } while (num_bits < 15);
+    } while(num_bits < 15);
 
 /* TINFL_HUFF_DECODE() decodes the next Huffman coded symbol. It's more complex than you would initially expect because the zlib API expects the decompressor to never read */
 /* beyond the final byte of the deflate stream. (In other words, when this macro wants to read another byte from the input, it REALLY needs another byte in order to fully */
@@ -2278,9 +2278,9 @@ extern "C" {
     {                                                                                                                               \
         int temp;                                                                                                                   \
         mz_uint code_len, c;                                                                                                        \
-        if (num_bits < 15)                                                                                                          \
+        if(num_bits < 15)                                                                                                          \
         {                                                                                                                           \
-            if ((pIn_buf_end - pIn_buf_cur) < 2)                                                                                    \
+            if((pIn_buf_end - pIn_buf_cur) < 2)                                                                                    \
             {                                                                                                                       \
                 TINFL_HUFF_BITBUF_FILL(state_index, pHuff);                                                                         \
             }                                                                                                                       \
@@ -2291,7 +2291,7 @@ extern "C" {
                 num_bits += 16;                                                                                                     \
             }                                                                                                                       \
         }                                                                                                                           \
-        if ((temp = (pHuff)->m_look_up[bit_buf & (TINFL_FAST_LOOKUP_SIZE - 1)]) >= 0)                                               \
+        if((temp = (pHuff)->m_look_up[bit_buf & (TINFL_FAST_LOOKUP_SIZE - 1)]) >= 0)                                               \
             code_len = temp >> 9, temp &= 511;                                                                                      \
         else                                                                                                                        \
         {                                                                                                                           \
@@ -2299,7 +2299,7 @@ extern "C" {
             do                                                                                                                      \
             {                                                                                                                       \
                 temp = (pHuff)->m_tree[~temp + ((bit_buf >> code_len++) & 1)];                                                      \
-            } while (temp < 0);                                                                                                     \
+            } while(temp < 0);                                                                                                     \
         }                                                                                                                           \
         sym = temp;                                                                                                                 \
         bit_buf >>= code_len;                                                                                                       \
@@ -2324,7 +2324,7 @@ tinfl_status tinfl_decompress(tinfl_decompressor *r, const mz_uint8 *pIn_buf_nex
     size_t out_buf_size_mask = (decomp_flags & TINFL_FLAG_USING_NON_WRAPPING_OUTPUT_BUF) ? (size_t) - 1 : ((pOut_buf_next - pOut_buf_start) + *pOut_buf_size) - 1, dist_from_out_buf_start;
 
     /* Ensure the output buffer's size is a power of 2, unless the output buffer is large enough to hold the entire output file (in which case it doesn't matter). */
-    if (((out_buf_size_mask + 1) & out_buf_size_mask) || (pOut_buf_next < pOut_buf_start))
+    if(((out_buf_size_mask + 1) & out_buf_size_mask) || (pOut_buf_next < pOut_buf_start))
     {
         *pIn_buf_size = *pOut_buf_size = 0;
         return TINFL_STATUS_BAD_PARAM;
@@ -2340,14 +2340,14 @@ tinfl_status tinfl_decompress(tinfl_decompressor *r, const mz_uint8 *pIn_buf_nex
 
     bit_buf = num_bits = dist = counter = num_extra = r->m_zhdr0 = r->m_zhdr1 = 0;
     r->m_z_adler32 = r->m_check_adler32 = 1;
-    if (decomp_flags & TINFL_FLAG_PARSE_ZLIB_HEADER)
+    if(decomp_flags & TINFL_FLAG_PARSE_ZLIB_HEADER)
     {
         TINFL_GET_BYTE(1, r->m_zhdr0);
         TINFL_GET_BYTE(2, r->m_zhdr1);
         counter = (((r->m_zhdr0 * 256 + r->m_zhdr1) % 31 != 0) || (r->m_zhdr1 & 32) || ((r->m_zhdr0 & 15) != 8));
-        if (!(decomp_flags & TINFL_FLAG_USING_NON_WRAPPING_OUTPUT_BUF))
+        if(!(decomp_flags & TINFL_FLAG_USING_NON_WRAPPING_OUTPUT_BUF))
             counter |= (((1U << (8U + (r->m_zhdr0 >> 4))) > 32768U) || ((out_buf_size_mask + 1) < (size_t)(1U << (8U + (r->m_zhdr0 >> 4)))));
-        if (counter)
+        if(counter)
         {
             TINFL_CR_RETURN_FOREVER(36, TINFL_STATUS_FAILED);
         }
@@ -2357,38 +2357,38 @@ tinfl_status tinfl_decompress(tinfl_decompressor *r, const mz_uint8 *pIn_buf_nex
     {
         TINFL_GET_BITS(3, r->m_final, 3);
         r->m_type = r->m_final >> 1;
-        if (r->m_type == 0)
+        if(r->m_type == 0)
         {
             TINFL_SKIP_BITS(5, num_bits & 7);
-            for (counter = 0; counter < 4; ++counter)
+            for(counter = 0; counter < 4; ++counter)
             {
-                if (num_bits)
+                if(num_bits)
                     TINFL_GET_BITS(6, r->m_raw_header[counter], 8);
                 else
                     TINFL_GET_BYTE(7, r->m_raw_header[counter]);
             }
-            if ((counter = (r->m_raw_header[0] | (r->m_raw_header[1] << 8))) != (mz_uint)(0xFFFF ^ (r->m_raw_header[2] | (r->m_raw_header[3] << 8))))
+            if((counter = (r->m_raw_header[0] | (r->m_raw_header[1] << 8))) != (mz_uint)(0xFFFF ^ (r->m_raw_header[2] | (r->m_raw_header[3] << 8))))
             {
                 TINFL_CR_RETURN_FOREVER(39, TINFL_STATUS_FAILED);
             }
-            while ((counter) && (num_bits))
+            while((counter) && (num_bits))
             {
                 TINFL_GET_BITS(51, dist, 8);
-                while (pOut_buf_cur >= pOut_buf_end)
+                while(pOut_buf_cur >= pOut_buf_end)
                 {
                     TINFL_CR_RETURN(52, TINFL_STATUS_HAS_MORE_OUTPUT);
                 }
                 *pOut_buf_cur++ = (mz_uint8)dist;
                 counter--;
             }
-            while (counter)
+            while(counter)
             {
                 size_t n;
-                while (pOut_buf_cur >= pOut_buf_end)
+                while(pOut_buf_cur >= pOut_buf_end)
                 {
                     TINFL_CR_RETURN(9, TINFL_STATUS_HAS_MORE_OUTPUT);
                 }
-                while (pIn_buf_cur >= pIn_buf_end)
+                while(pIn_buf_cur >= pIn_buf_end)
                 {
                     TINFL_CR_RETURN(38, (decomp_flags & TINFL_FLAG_HAS_MORE_INPUT) ? TINFL_STATUS_NEEDS_MORE_INPUT : TINFL_STATUS_FAILED_CANNOT_MAKE_PROGRESS);
                 }
@@ -2399,37 +2399,37 @@ tinfl_status tinfl_decompress(tinfl_decompressor *r, const mz_uint8 *pIn_buf_nex
                 counter -= (mz_uint)n;
             }
         }
-        else if (r->m_type == 3)
+        else if(r->m_type == 3)
         {
             TINFL_CR_RETURN_FOREVER(10, TINFL_STATUS_FAILED);
         }
         else
         {
-            if (r->m_type == 1)
+            if(r->m_type == 1)
             {
                 mz_uint8 *p = r->m_tables[0].m_code_size;
                 mz_uint i;
                 r->m_table_sizes[0] = 288;
                 r->m_table_sizes[1] = 32;
                 TINFL_MEMSET(r->m_tables[1].m_code_size, 5, 32);
-                for (i = 0; i <= 143; ++i)
+                for(i = 0; i <= 143; ++i)
                     *p++ = 8;
-                for (; i <= 255; ++i)
+                for(; i <= 255; ++i)
                     *p++ = 9;
-                for (; i <= 279; ++i)
+                for(; i <= 279; ++i)
                     *p++ = 7;
-                for (; i <= 287; ++i)
+                for(; i <= 287; ++i)
                     *p++ = 8;
             }
             else
             {
-                for (counter = 0; counter < 3; counter++)
+                for(counter = 0; counter < 3; counter++)
                 {
                     TINFL_GET_BITS(11, r->m_table_sizes[counter], "\05\05\04"[counter]);
                     r->m_table_sizes[counter] += s_min_table_sizes[counter];
                 }
                 MZ_CLEAR_OBJ(r->m_tables[2].m_code_size);
-                for (counter = 0; counter < r->m_table_sizes[2]; counter++)
+                for(counter = 0; counter < r->m_table_sizes[2]; counter++)
                 {
                     mz_uint s;
                     TINFL_GET_BITS(14, s, 3);
@@ -2437,7 +2437,7 @@ tinfl_status tinfl_decompress(tinfl_decompressor *r, const mz_uint8 *pIn_buf_nex
                 }
                 r->m_table_sizes[2] = 19;
             }
-            for (; (int)r->m_type >= 0; r->m_type--)
+            for(; (int)r->m_type >= 0; r->m_type--)
             {
                 int tree_next, tree_cur;
                 tinfl_huff_table *pTable;
@@ -2446,48 +2446,48 @@ tinfl_status tinfl_decompress(tinfl_decompressor *r, const mz_uint8 *pIn_buf_nex
                 MZ_CLEAR_OBJ(total_syms);
                 MZ_CLEAR_OBJ(pTable->m_look_up);
                 MZ_CLEAR_OBJ(pTable->m_tree);
-                for (i = 0; i < r->m_table_sizes[r->m_type]; ++i)
+                for(i = 0; i < r->m_table_sizes[r->m_type]; ++i)
                     total_syms[pTable->m_code_size[i]]++;
                 used_syms = 0, total = 0;
                 next_code[0] = next_code[1] = 0;
-                for (i = 1; i <= 15; ++i)
+                for(i = 1; i <= 15; ++i)
                 {
                     used_syms += total_syms[i];
                     next_code[i + 1] = (total = ((total + total_syms[i]) << 1));
                 }
-                if ((65536 != total) && (used_syms > 1))
+                if((65536 != total) && (used_syms > 1))
                 {
                     TINFL_CR_RETURN_FOREVER(35, TINFL_STATUS_FAILED);
                 }
-                for (tree_next = -1, sym_index = 0; sym_index < r->m_table_sizes[r->m_type]; ++sym_index)
+                for(tree_next = -1, sym_index = 0; sym_index < r->m_table_sizes[r->m_type]; ++sym_index)
                 {
                     mz_uint rev_code = 0, l, cur_code, code_size = pTable->m_code_size[sym_index];
-                    if (!code_size)
+                    if(!code_size)
                         continue;
                     cur_code = next_code[code_size]++;
-                    for (l = code_size; l > 0; l--, cur_code >>= 1)
+                    for(l = code_size; l > 0; l--, cur_code >>= 1)
                         rev_code = (rev_code << 1) | (cur_code & 1);
-                    if (code_size <= TINFL_FAST_LOOKUP_BITS)
+                    if(code_size <= TINFL_FAST_LOOKUP_BITS)
                     {
                         mz_int16 k = (mz_int16)((code_size << 9) | sym_index);
-                        while (rev_code < TINFL_FAST_LOOKUP_SIZE)
+                        while(rev_code < TINFL_FAST_LOOKUP_SIZE)
                         {
                             pTable->m_look_up[rev_code] = k;
                             rev_code += (1 << code_size);
                         }
                         continue;
                     }
-                    if (0 == (tree_cur = pTable->m_look_up[rev_code & (TINFL_FAST_LOOKUP_SIZE - 1)]))
+                    if(0 == (tree_cur = pTable->m_look_up[rev_code & (TINFL_FAST_LOOKUP_SIZE - 1)]))
                     {
                         pTable->m_look_up[rev_code & (TINFL_FAST_LOOKUP_SIZE - 1)] = (mz_int16)tree_next;
                         tree_cur = tree_next;
                         tree_next -= 2;
                     }
                     rev_code >>= (TINFL_FAST_LOOKUP_BITS - 1);
-                    for (j = code_size; j > (TINFL_FAST_LOOKUP_BITS + 1); j--)
+                    for(j = code_size; j > (TINFL_FAST_LOOKUP_BITS + 1); j--)
                     {
                         tree_cur -= ((rev_code >>= 1) & 1);
-                        if (!pTable->m_tree[-tree_cur - 1])
+                        if(!pTable->m_tree[-tree_cur - 1])
                         {
                             pTable->m_tree[-tree_cur - 1] = (mz_int16)tree_next;
                             tree_cur = tree_next;
@@ -2499,18 +2499,18 @@ tinfl_status tinfl_decompress(tinfl_decompressor *r, const mz_uint8 *pIn_buf_nex
                     tree_cur -= ((rev_code >>= 1) & 1);
                     pTable->m_tree[-tree_cur - 1] = (mz_int16)sym_index;
                 }
-                if (r->m_type == 2)
+                if(r->m_type == 2)
                 {
-                    for (counter = 0; counter < (r->m_table_sizes[0] + r->m_table_sizes[1]);)
+                    for(counter = 0; counter < (r->m_table_sizes[0] + r->m_table_sizes[1]);)
                     {
                         mz_uint s;
                         TINFL_HUFF_DECODE(16, dist, &r->m_tables[2]);
-                        if (dist < 16)
+                        if(dist < 16)
                         {
                             r->m_len_codes[counter++] = (mz_uint8)dist;
                             continue;
                         }
-                        if ((dist == 16) && (!counter))
+                        if((dist == 16) && (!counter))
                         {
                             TINFL_CR_RETURN_FOREVER(17, TINFL_STATUS_FAILED);
                         }
@@ -2520,7 +2520,7 @@ tinfl_status tinfl_decompress(tinfl_decompressor *r, const mz_uint8 *pIn_buf_nex
                         TINFL_MEMSET(r->m_len_codes + counter, (dist == 16) ? r->m_len_codes[counter - 1] : 0, s);
                         counter += s;
                     }
-                    if ((r->m_table_sizes[0] + r->m_table_sizes[1]) != counter)
+                    if((r->m_table_sizes[0] + r->m_table_sizes[1]) != counter)
                     {
                         TINFL_CR_RETURN_FOREVER(21, TINFL_STATUS_FAILED);
                     }
@@ -2528,17 +2528,17 @@ tinfl_status tinfl_decompress(tinfl_decompressor *r, const mz_uint8 *pIn_buf_nex
                     TINFL_MEMCPY(r->m_tables[1].m_code_size, r->m_len_codes + r->m_table_sizes[0], r->m_table_sizes[1]);
                 }
             }
-            for (;;)
+            for(;;)
             {
                 mz_uint8 *pSrc;
-                for (;;)
+                for(;;)
                 {
-                    if (((pIn_buf_end - pIn_buf_cur) < 4) || ((pOut_buf_end - pOut_buf_cur) < 2))
+                    if(((pIn_buf_end - pIn_buf_cur) < 4) || ((pOut_buf_end - pOut_buf_cur) < 2))
                     {
                         TINFL_HUFF_DECODE(23, counter, &r->m_tables[0]);
-                        if (counter >= 256)
+                        if(counter >= 256)
                             break;
-                        while (pOut_buf_cur >= pOut_buf_end)
+                        while(pOut_buf_cur >= pOut_buf_end)
                         {
                             TINFL_CR_RETURN(24, TINFL_STATUS_HAS_MORE_OUTPUT);
                         }
@@ -2549,21 +2549,21 @@ tinfl_status tinfl_decompress(tinfl_decompressor *r, const mz_uint8 *pIn_buf_nex
                         int sym2;
                         mz_uint code_len;
 #if TINFL_USE_64BIT_BITBUF
-                        if (num_bits < 30)
+                        if(num_bits < 30)
                         {
                             bit_buf |= (((tinfl_bit_buf_t)MZ_READ_LE32(pIn_buf_cur)) << num_bits);
                             pIn_buf_cur += 4;
                             num_bits += 32;
                         }
 #else
-                        if (num_bits < 15)
+                        if(num_bits < 15)
                         {
                             bit_buf |= (((tinfl_bit_buf_t)MZ_READ_LE16(pIn_buf_cur)) << num_bits);
                             pIn_buf_cur += 2;
                             num_bits += 16;
                         }
 #endif
-                        if ((sym2 = r->m_tables[0].m_look_up[bit_buf & (TINFL_FAST_LOOKUP_SIZE - 1)]) >= 0)
+                        if((sym2 = r->m_tables[0].m_look_up[bit_buf & (TINFL_FAST_LOOKUP_SIZE - 1)]) >= 0)
                             code_len = sym2 >> 9;
                         else
                         {
@@ -2571,23 +2571,23 @@ tinfl_status tinfl_decompress(tinfl_decompressor *r, const mz_uint8 *pIn_buf_nex
                             do
                             {
                                 sym2 = r->m_tables[0].m_tree[~sym2 + ((bit_buf >> code_len++) & 1)];
-                            } while (sym2 < 0);
+                            } while(sym2 < 0);
                         }
                         counter = sym2;
                         bit_buf >>= code_len;
                         num_bits -= code_len;
-                        if (counter & 256)
+                        if(counter & 256)
                             break;
 
 #if !TINFL_USE_64BIT_BITBUF
-                        if (num_bits < 15)
+                        if(num_bits < 15)
                         {
                             bit_buf |= (((tinfl_bit_buf_t)MZ_READ_LE16(pIn_buf_cur)) << num_bits);
                             pIn_buf_cur += 2;
                             num_bits += 16;
                         }
 #endif
-                        if ((sym2 = r->m_tables[0].m_look_up[bit_buf & (TINFL_FAST_LOOKUP_SIZE - 1)]) >= 0)
+                        if((sym2 = r->m_tables[0].m_look_up[bit_buf & (TINFL_FAST_LOOKUP_SIZE - 1)]) >= 0)
                             code_len = sym2 >> 9;
                         else
                         {
@@ -2595,13 +2595,13 @@ tinfl_status tinfl_decompress(tinfl_decompressor *r, const mz_uint8 *pIn_buf_nex
                             do
                             {
                                 sym2 = r->m_tables[0].m_tree[~sym2 + ((bit_buf >> code_len++) & 1)];
-                            } while (sym2 < 0);
+                            } while(sym2 < 0);
                         }
                         bit_buf >>= code_len;
                         num_bits -= code_len;
 
                         pOut_buf_cur[0] = (mz_uint8)counter;
-                        if (sym2 & 256)
+                        if(sym2 & 256)
                         {
                             pOut_buf_cur++;
                             counter = sym2;
@@ -2611,12 +2611,12 @@ tinfl_status tinfl_decompress(tinfl_decompressor *r, const mz_uint8 *pIn_buf_nex
                         pOut_buf_cur += 2;
                     }
                 }
-                if ((counter &= 511) == 256)
+                if((counter &= 511) == 256)
                     break;
 
                 num_extra = s_length_extra[counter - 257];
                 counter = s_length_base[counter - 257];
-                if (num_extra)
+                if(num_extra)
                 {
                     mz_uint extra_bits;
                     TINFL_GET_BITS(25, extra_bits, num_extra);
@@ -2626,7 +2626,7 @@ tinfl_status tinfl_decompress(tinfl_decompressor *r, const mz_uint8 *pIn_buf_nex
                 TINFL_HUFF_DECODE(26, dist, &r->m_tables[1]);
                 num_extra = s_dist_extra[dist];
                 dist = s_dist_base[dist];
-                if (num_extra)
+                if(num_extra)
                 {
                     mz_uint extra_bits;
                     TINFL_GET_BITS(27, extra_bits, num_extra);
@@ -2634,18 +2634,18 @@ tinfl_status tinfl_decompress(tinfl_decompressor *r, const mz_uint8 *pIn_buf_nex
                 }
 
                 dist_from_out_buf_start = pOut_buf_cur - pOut_buf_start;
-                if ((dist > dist_from_out_buf_start) && (decomp_flags & TINFL_FLAG_USING_NON_WRAPPING_OUTPUT_BUF))
+                if((dist > dist_from_out_buf_start) && (decomp_flags & TINFL_FLAG_USING_NON_WRAPPING_OUTPUT_BUF))
                 {
                     TINFL_CR_RETURN_FOREVER(37, TINFL_STATUS_FAILED);
                 }
 
                 pSrc = pOut_buf_start + ((dist_from_out_buf_start - dist) & out_buf_size_mask);
 
-                if ((MZ_MAX(pOut_buf_cur, pSrc) + counter) > pOut_buf_end)
+                if((MZ_MAX(pOut_buf_cur, pSrc) + counter) > pOut_buf_end)
                 {
-                    while (counter--)
+                    while(counter--)
                     {
-                        while (pOut_buf_cur >= pOut_buf_end)
+                        while(pOut_buf_cur >= pOut_buf_end)
                         {
                             TINFL_CR_RETURN(53, TINFL_STATUS_HAS_MORE_OUTPUT);
                         }
@@ -2654,7 +2654,7 @@ tinfl_status tinfl_decompress(tinfl_decompressor *r, const mz_uint8 *pIn_buf_nex
                     continue;
                 }
 #if MINIZ_USE_UNALIGNED_LOADS_AND_STORES
-                else if ((counter >= 9) && (counter <= dist))
+                else if((counter >= 9) && (counter <= dist))
                 {
                     const mz_uint8 *pSrc_end = pSrc + (counter & ~7);
                     do
@@ -2662,13 +2662,13 @@ tinfl_status tinfl_decompress(tinfl_decompressor *r, const mz_uint8 *pIn_buf_nex
                         ((mz_uint32 *)pOut_buf_cur)[0] = ((const mz_uint32 *)pSrc)[0];
                         ((mz_uint32 *)pOut_buf_cur)[1] = ((const mz_uint32 *)pSrc)[1];
                         pOut_buf_cur += 8;
-                    } while ((pSrc += 8) < pSrc_end);
-                    if ((counter &= 7) < 3)
+                    } while((pSrc += 8) < pSrc_end);
+                    if((counter &= 7) < 3)
                     {
-                        if (counter)
+                        if(counter)
                         {
                             pOut_buf_cur[0] = pSrc[0];
-                            if (counter > 1)
+                            if(counter > 1)
                                 pOut_buf_cur[1] = pSrc[1];
                             pOut_buf_cur += counter;
                         }
@@ -2683,22 +2683,22 @@ tinfl_status tinfl_decompress(tinfl_decompressor *r, const mz_uint8 *pIn_buf_nex
                     pOut_buf_cur[2] = pSrc[2];
                     pOut_buf_cur += 3;
                     pSrc += 3;
-                } while ((int)(counter -= 3) > 2);
-                if ((int)counter > 0)
+                } while((int)(counter -= 3) > 2);
+                if((int)counter > 0)
                 {
                     pOut_buf_cur[0] = pSrc[0];
-                    if ((int)counter > 1)
+                    if((int)counter > 1)
                         pOut_buf_cur[1] = pSrc[1];
                     pOut_buf_cur += counter;
                 }
             }
         }
-    } while (!(r->m_final & 1));
+    } while(!(r->m_final & 1));
 
     /* Ensure byte alignment and put back any bytes from the bitbuf if we've looked ahead too far on gzip, or other Deflate streams followed by arbitrary data. */
     /* I'm being super conservative here. A number of simplifications can be made to the byte alignment part, and the Adler32 check shouldn't ever need to worry about reading from the bitbuf now. */
     TINFL_SKIP_BITS(32, num_bits & 7);
-    while ((pIn_buf_cur > pIn_buf_next) && (num_bits >= 8))
+    while((pIn_buf_cur > pIn_buf_next) && (num_bits >= 8))
     {
         --pIn_buf_cur;
         num_bits -= 8;
@@ -2706,12 +2706,12 @@ tinfl_status tinfl_decompress(tinfl_decompressor *r, const mz_uint8 *pIn_buf_nex
     bit_buf &= (tinfl_bit_buf_t)((1ULL << num_bits) - 1ULL);
     MZ_ASSERT(!num_bits); /* if this assert fires then we've read beyond the end of non-deflate/zlib streams with following data (such as gzip streams). */
 
-    if (decomp_flags & TINFL_FLAG_PARSE_ZLIB_HEADER)
+    if(decomp_flags & TINFL_FLAG_PARSE_ZLIB_HEADER)
     {
-        for (counter = 0; counter < 4; ++counter)
+        for(counter = 0; counter < 4; ++counter)
         {
             mz_uint s;
-            if (num_bits)
+            if(num_bits)
                 TINFL_GET_BITS(41, s, 8);
             else
                 TINFL_GET_BYTE(42, s);
@@ -2726,9 +2726,9 @@ tinfl_status tinfl_decompress(tinfl_decompressor *r, const mz_uint8 *pIn_buf_nex
     /* As long as we aren't telling the caller that we NEED more input to make forward progress: */
     /* Put back any bytes from the bitbuf in case we've looked ahead too far on gzip, or other Deflate streams followed by arbitrary data. */
     /* We need to be very careful here to NOT push back any bytes we definitely know we need to make forward progress, though, or we'll lock the caller up into an inf loop. */
-    if ((status != TINFL_STATUS_NEEDS_MORE_INPUT) && (status != TINFL_STATUS_FAILED_CANNOT_MAKE_PROGRESS))
+    if((status != TINFL_STATUS_NEEDS_MORE_INPUT) && (status != TINFL_STATUS_FAILED_CANNOT_MAKE_PROGRESS))
     {
-        while ((pIn_buf_cur > pIn_buf_next) && (num_bits >= 8))
+        while((pIn_buf_cur > pIn_buf_next) && (num_bits >= 8))
         {
             --pIn_buf_cur;
             num_bits -= 8;
@@ -2742,15 +2742,15 @@ tinfl_status tinfl_decompress(tinfl_decompressor *r, const mz_uint8 *pIn_buf_nex
     r->m_dist_from_out_buf_start = dist_from_out_buf_start;
     *pIn_buf_size = pIn_buf_cur - pIn_buf_next;
     *pOut_buf_size = pOut_buf_cur - pOut_buf_next;
-    if ((decomp_flags & (TINFL_FLAG_PARSE_ZLIB_HEADER | TINFL_FLAG_COMPUTE_ADLER32)) && (status >= 0))
+    if((decomp_flags & (TINFL_FLAG_PARSE_ZLIB_HEADER | TINFL_FLAG_COMPUTE_ADLER32)) && (status >= 0))
     {
         const mz_uint8 *ptr = pOut_buf_next;
         size_t buf_len = *pOut_buf_size;
         mz_uint32 i, s1 = r->m_check_adler32 & 0xffff, s2 = r->m_check_adler32 >> 16;
         size_t block_len = buf_len % 5552;
-        while (buf_len)
+        while(buf_len)
         {
-            for (i = 0; i + 7 < block_len; i += 8, ptr += 8)
+            for(i = 0; i + 7 < block_len; i += 8, ptr += 8)
             {
                 s1 += ptr[0], s2 += s1;
                 s1 += ptr[1], s2 += s1;
@@ -2761,14 +2761,14 @@ tinfl_status tinfl_decompress(tinfl_decompressor *r, const mz_uint8 *pIn_buf_nex
                 s1 += ptr[6], s2 += s1;
                 s1 += ptr[7], s2 += s1;
             }
-            for (; i < block_len; ++i)
+            for(; i < block_len; ++i)
                 s1 += *ptr++, s2 += s1;
             s1 %= 65521U, s2 %= 65521U;
             buf_len -= block_len;
             block_len = 5552;
         }
         r->m_check_adler32 = (s2 << 16) + s1;
-        if ((status == TINFL_STATUS_DONE) && (decomp_flags & TINFL_FLAG_PARSE_ZLIB_HEADER) && (r->m_check_adler32 != r->m_z_adler32))
+        if((status == TINFL_STATUS_DONE) && (decomp_flags & TINFL_FLAG_PARSE_ZLIB_HEADER) && (r->m_check_adler32 != r->m_z_adler32))
             status = TINFL_STATUS_ADLER32_MISMATCH;
     }
     return status;
@@ -2782,12 +2782,12 @@ void *tinfl_decompress_mem_to_heap(const void *pSrc_buf, size_t src_buf_len, siz
     size_t src_buf_ofs = 0, out_buf_capacity = 0;
     *pOut_len = 0;
     tinfl_init(&decomp);
-    for (;;)
+    for(;;)
     {
         size_t src_buf_size = src_buf_len - src_buf_ofs, dst_buf_size = out_buf_capacity - *pOut_len, new_out_buf_capacity;
         tinfl_status status = tinfl_decompress(&decomp, (const mz_uint8 *)pSrc_buf + src_buf_ofs, &src_buf_size, (mz_uint8 *)pBuf, pBuf ? (mz_uint8 *)pBuf + *pOut_len : NULL, &dst_buf_size,
                                                (flags & ~TINFL_FLAG_HAS_MORE_INPUT) | TINFL_FLAG_USING_NON_WRAPPING_OUTPUT_BUF);
-        if ((status < 0) || (status == TINFL_STATUS_NEEDS_MORE_INPUT))
+        if((status < 0) || (status == TINFL_STATUS_NEEDS_MORE_INPUT))
         {
             MZ_FREE(pBuf);
             *pOut_len = 0;
@@ -2795,13 +2795,13 @@ void *tinfl_decompress_mem_to_heap(const void *pSrc_buf, size_t src_buf_len, siz
         }
         src_buf_ofs += src_buf_size;
         *pOut_len += dst_buf_size;
-        if (status == TINFL_STATUS_DONE)
+        if(status == TINFL_STATUS_DONE)
             break;
         new_out_buf_capacity = out_buf_capacity * 2;
-        if (new_out_buf_capacity < 128)
+        if(new_out_buf_capacity < 128)
             new_out_buf_capacity = 128;
         pNew_buf = MZ_REALLOC(pBuf, new_out_buf_capacity);
-        if (!pNew_buf)
+        if(!pNew_buf)
         {
             MZ_FREE(pBuf);
             *pOut_len = 0;
@@ -2828,18 +2828,18 @@ int tinfl_decompress_mem_to_callback(const void *pIn_buf, size_t *pIn_buf_size,
     tinfl_decompressor decomp;
     mz_uint8 *pDict = (mz_uint8 *)MZ_MALLOC(TINFL_LZ_DICT_SIZE);
     size_t in_buf_ofs = 0, dict_ofs = 0;
-    if (!pDict)
+    if(!pDict)
         return TINFL_STATUS_FAILED;
     tinfl_init(&decomp);
-    for (;;)
+    for(;;)
     {
         size_t in_buf_size = *pIn_buf_size - in_buf_ofs, dst_buf_size = TINFL_LZ_DICT_SIZE - dict_ofs;
         tinfl_status status = tinfl_decompress(&decomp, (const mz_uint8 *)pIn_buf + in_buf_ofs, &in_buf_size, pDict, pDict + dict_ofs, &dst_buf_size,
                                                (flags & ~(TINFL_FLAG_HAS_MORE_INPUT | TINFL_FLAG_USING_NON_WRAPPING_OUTPUT_BUF)));
         in_buf_ofs += in_buf_size;
-        if ((dst_buf_size) && (!(*pPut_buf_func)(pDict + dict_ofs, (int)dst_buf_size, pPut_buf_user)))
+        if((dst_buf_size) && (!(*pPut_buf_func)(pDict + dict_ofs, (int)dst_buf_size, pPut_buf_user)))
             break;
-        if (status != TINFL_STATUS_HAS_MORE_OUTPUT)
+        if(status != TINFL_STATUS_HAS_MORE_OUTPUT)
         {
             result = (status == TINFL_STATUS_DONE);
             break;
@@ -2854,7 +2854,7 @@ int tinfl_decompress_mem_to_callback(const void *pIn_buf, size_t *pIn_buf_size,
 tinfl_decompressor *tinfl_decompressor_alloc()
 {
     tinfl_decompressor *pDecomp = (tinfl_decompressor *)MZ_MALLOC(sizeof(tinfl_decompressor));
-    if (pDecomp)
+    if(pDecomp)
         tinfl_init(pDecomp);
     return pDecomp;
 }
@@ -2916,7 +2916,7 @@ static FILE *mz_fopen(const char *pFilename, const char *pMode)
 static FILE *mz_freopen(const char *pPath, const char *pMode, FILE *pStream)
 {
     FILE *pFile = NULL;
-    if (freopen_s(&pFile, pPath, pMode, pStream))
+    if(freopen_s(&pFile, pPath, pMode, pStream))
         return NULL;
     return pFile;
 }
@@ -3167,15 +3167,15 @@ static mz_bool mz_zip_array_ensure_capacity(mz_zip_archive *pZip, mz_zip_array *
     void *pNew_p;
     size_t new_capacity = min_new_capacity;
     MZ_ASSERT(pArray->m_element_size);
-    if (pArray->m_capacity >= min_new_capacity)
+    if(pArray->m_capacity >= min_new_capacity)
         return MZ_TRUE;
-    if (growing)
+    if(growing)
     {
         new_capacity = MZ_MAX(1, pArray->m_capacity);
-        while (new_capacity < min_new_capacity)
+        while(new_capacity < min_new_capacity)
             new_capacity *= 2;
     }
-    if (NULL == (pNew_p = pZip->m_pRealloc(pZip->m_pAlloc_opaque, pArray->m_p, pArray->m_element_size, new_capacity)))
+    if(NULL == (pNew_p = pZip->m_pRealloc(pZip->m_pAlloc_opaque, pArray->m_p, pArray->m_element_size, new_capacity)))
         return MZ_FALSE;
     pArray->m_p = pNew_p;
     pArray->m_capacity = new_capacity;
@@ -3184,9 +3184,9 @@ static mz_bool mz_zip_array_ensure_capacity(mz_zip_archive *pZip, mz_zip_array *
 
 static MZ_FORCEINLINE mz_bool mz_zip_array_reserve(mz_zip_archive *pZip, mz_zip_array *pArray, size_t new_capacity, mz_uint growing)
 {
-    if (new_capacity > pArray->m_capacity)
+    if(new_capacity > pArray->m_capacity)
     {
-        if (!mz_zip_array_ensure_capacity(pZip, pArray, new_capacity, growing))
+        if(!mz_zip_array_ensure_capacity(pZip, pArray, new_capacity, growing))
             return MZ_FALSE;
     }
     return MZ_TRUE;
@@ -3194,9 +3194,9 @@ static MZ_FORCEINLINE mz_bool mz_zip_array_reserve(mz_zip_archive *pZip, mz_zip_
 
 static MZ_FORCEINLINE mz_bool mz_zip_array_resize(mz_zip_archive *pZip, mz_zip_array *pArray, size_t new_size, mz_uint growing)
 {
-    if (new_size > pArray->m_capacity)
+    if(new_size > pArray->m_capacity)
     {
-        if (!mz_zip_array_ensure_capacity(pZip, pArray, new_size, growing))
+        if(!mz_zip_array_ensure_capacity(pZip, pArray, new_size, growing))
             return MZ_FALSE;
     }
     pArray->m_size = new_size;
@@ -3211,7 +3211,7 @@ static MZ_FORCEINLINE mz_bool mz_zip_array_ensure_room(mz_zip_archive *pZip, mz_
 static MZ_FORCEINLINE mz_bool mz_zip_array_push_back(mz_zip_archive *pZip, mz_zip_array *pArray, const void *pElements, size_t n)
 {
     size_t orig_size = pArray->m_size;
-    if (!mz_zip_array_resize(pZip, pArray, orig_size + n, MZ_TRUE))
+    if(!mz_zip_array_resize(pZip, pArray, orig_size + n, MZ_TRUE))
         return MZ_FALSE;
     memcpy((mz_uint8 *)pArray->m_p + orig_size * pArray->m_element_size, pElements, n * pArray->m_element_size);
     return MZ_TRUE;
@@ -3238,7 +3238,7 @@ static void mz_zip_time_t_to_dos_time(MZ_TIME_T time, mz_uint16 *pDOS_time, mz_u
     struct tm tm_struct;
     struct tm *tm = &tm_struct;
     errno_t err = localtime_s(tm, &time);
-    if (err)
+    if(err)
     {
         *pDOS_date = 0;
         *pDOS_time = 0;
@@ -3258,7 +3258,7 @@ static mz_bool mz_zip_get_file_modified_time(const char *pFilename, MZ_TIME_T *p
     struct MZ_FILE_STAT_STRUCT file_stat;
 
     /* On Linux with x86 glibc, this call will fail on large files (I think >= 0x80000000 bytes) unless you compiled with _LARGEFILE64_SOURCE. Argh. */
-    if (MZ_FILE_STAT(pFilename, &file_stat) != 0)
+    if(MZ_FILE_STAT(pFilename, &file_stat) != 0)
         return MZ_FALSE;
 
     *pTime = file_stat.st_mtime;
@@ -3281,7 +3281,7 @@ static mz_bool mz_zip_set_file_times(const char *pFilename, MZ_TIME_T access_tim
 
 static MZ_FORCEINLINE mz_bool mz_zip_set_error(mz_zip_archive *pZip, mz_zip_error err_num)
 {
-    if (pZip)
+    if(pZip)
         pZip->m_last_error = err_num;
     return MZ_FALSE;
 }
@@ -3289,14 +3289,14 @@ static MZ_FORCEINLINE mz_bool mz_zip_set_error(mz_zip_archive *pZip, mz_zip_erro
 static mz_bool mz_zip_reader_init_internal(mz_zip_archive *pZip, mz_uint flags)
 {
     (void)flags;
-    if ((!pZip) || (pZip->m_pState) || (pZip->m_zip_mode != MZ_ZIP_MODE_INVALID))
+    if((!pZip) || (pZip->m_pState) || (pZip->m_zip_mode != MZ_ZIP_MODE_INVALID))
         return mz_zip_set_error(pZip, MZ_ZIP_INVALID_PARAMETER);
 
-    if (!pZip->m_pAlloc)
+    if(!pZip->m_pAlloc)
         pZip->m_pAlloc = miniz_def_alloc_func;
-    if (!pZip->m_pFree)
+    if(!pZip->m_pFree)
         pZip->m_pFree = miniz_def_free_func;
-    if (!pZip->m_pRealloc)
+    if(!pZip->m_pRealloc)
         pZip->m_pRealloc = miniz_def_realloc_func;
 
     pZip->m_archive_size = 0;
@@ -3304,7 +3304,7 @@ static mz_bool mz_zip_reader_init_internal(mz_zip_archive *pZip, mz_uint flags)
     pZip->m_total_files = 0;
     pZip->m_last_error = MZ_ZIP_NO_ERROR;
 
-    if (NULL == (pZip->m_pState = (mz_zip_internal_state *)pZip->m_pAlloc(pZip->m_pAlloc_opaque, 1, sizeof(mz_zip_internal_state))))
+    if(NULL == (pZip->m_pState = (mz_zip_internal_state *)pZip->m_pAlloc(pZip->m_pAlloc_opaque, 1, sizeof(mz_zip_internal_state))))
         return mz_zip_set_error(pZip, MZ_ZIP_ALLOC_FAILED);
 
     memset(pZip->m_pState, 0, sizeof(mz_zip_internal_state));
@@ -3329,9 +3329,9 @@ static MZ_FORCEINLINE mz_bool mz_zip_reader_filename_less(const mz_zip_array *pC
     pL += MZ_ZIP_CENTRAL_DIR_HEADER_SIZE;
     pR += MZ_ZIP_CENTRAL_DIR_HEADER_SIZE;
     pE = pL + MZ_MIN(l_len, r_len);
-    while (pL < pE)
+    while(pL < pE)
     {
-        if ((l = MZ_TOLOWER(*pL)) != (r = MZ_TOLOWER(*pR)))
+        if((l = MZ_TOLOWER(*pL)) != (r = MZ_TOLOWER(*pR)))
             break;
         pL++;
         pR++;
@@ -3358,41 +3358,41 @@ static void mz_zip_reader_sort_central_dir_offsets_by_filename(mz_zip_archive *p
     mz_uint32 start, end;
     const mz_uint32 size = pZip->m_total_files;
 
-    if (size <= 1U)
+    if(size <= 1U)
         return;
 
     pIndices = &MZ_ZIP_ARRAY_ELEMENT(&pState->m_sorted_central_dir_offsets, mz_uint32, 0);
 
     start = (size - 2U) >> 1U;
-    for (;;)
+    for(;;)
     {
         mz_uint64 child, root = start;
-        for (;;)
+        for(;;)
         {
-            if ((child = (root << 1U) + 1U) >= size)
+            if((child = (root << 1U) + 1U) >= size)
                 break;
             child += (((child + 1U) < size) && (mz_zip_reader_filename_less(pCentral_dir, pCentral_dir_offsets, pIndices[child], pIndices[child + 1U])));
-            if (!mz_zip_reader_filename_less(pCentral_dir, pCentral_dir_offsets, pIndices[root], pIndices[child]))
+            if(!mz_zip_reader_filename_less(pCentral_dir, pCentral_dir_offsets, pIndices[root], pIndices[child]))
                 break;
             MZ_SWAP_UINT32(pIndices[root], pIndices[child]);
             root = child;
         }
-        if (!start)
+        if(!start)
             break;
         start--;
     }
 
     end = size - 1;
-    while (end > 0)
+    while(end > 0)
     {
         mz_uint64 child, root = 0;
         MZ_SWAP_UINT32(pIndices[end], pIndices[0]);
-        for (;;)
+        for(;;)
         {
-            if ((child = (root << 1U) + 1U) >= end)
+            if((child = (root << 1U) + 1U) >= end)
                 break;
             child += (((child + 1U) < end) && mz_zip_reader_filename_less(pCentral_dir, pCentral_dir_offsets, pIndices[child], pIndices[child + 1U]));
-            if (!mz_zip_reader_filename_less(pCentral_dir, pCentral_dir_offsets, pIndices[root], pIndices[child]))
+            if(!mz_zip_reader_filename_less(pCentral_dir, pCentral_dir_offsets, pIndices[root], pIndices[child]))
                 break;
             MZ_SWAP_UINT32(pIndices[root], pIndices[child]);
             root = child;
@@ -3408,36 +3408,36 @@ static mz_bool mz_zip_reader_locate_header_sig(mz_zip_archive *pZip, mz_uint32 r
     mz_uint8 *pBuf = (mz_uint8 *)buf_u32;
 
     /* Basic sanity checks - reject files which are too small */
-    if (pZip->m_archive_size < record_size)
+    if(pZip->m_archive_size < record_size)
         return MZ_FALSE;
 
     /* Find the record by scanning the file from the end towards the beginning. */
     cur_file_ofs = MZ_MAX((mz_int64)pZip->m_archive_size - (mz_int64)sizeof(buf_u32), 0);
-    for (;;)
+    for(;;)
     {
         int i, n = (int)MZ_MIN(sizeof(buf_u32), pZip->m_archive_size - cur_file_ofs);
 
-        if (pZip->m_pRead(pZip->m_pIO_opaque, cur_file_ofs, pBuf, n) != (mz_uint)n)
+        if(pZip->m_pRead(pZip->m_pIO_opaque, cur_file_ofs, pBuf, n) != (mz_uint)n)
             return MZ_FALSE;
 
-        for (i = n - 4; i >= 0; --i)
+        for(i = n - 4; i >= 0; --i)
         {
             mz_uint s = MZ_READ_LE32(pBuf + i);
-            if (s == record_sig)
+            if(s == record_sig)
             {
-                if ((pZip->m_archive_size - (cur_file_ofs + i)) >= record_size)
+                if((pZip->m_archive_size - (cur_file_ofs + i)) >= record_size)
                     break;
             }
         }
 
-        if (i >= 0)
+        if(i >= 0)
         {
             cur_file_ofs += i;
             break;
         }
 
         /* Give up if we've searched the entire file, or we've gone back "too far" (~64kb) */
-        if ((!cur_file_ofs) || ((pZip->m_archive_size - cur_file_ofs) >= (MZ_UINT16_MAX + record_size)))
+        if((!cur_file_ofs) || ((pZip->m_archive_size - cur_file_ofs) >= (MZ_UINT16_MAX + record_size)))
             return MZ_FALSE;
 
         cur_file_ofs = MZ_MAX(cur_file_ofs - (sizeof(buf_u32) - 3), 0);
@@ -3466,32 +3466,32 @@ static mz_bool mz_zip_reader_read_central_dir(mz_zip_archive *pZip, mz_uint flag
     mz_uint64 zip64_end_of_central_dir_ofs = 0;
 
     /* Basic sanity checks - reject files which are too small, and check the first 4 bytes of the file to make sure a local header is there. */
-    if (pZip->m_archive_size < MZ_ZIP_END_OF_CENTRAL_DIR_HEADER_SIZE)
+    if(pZip->m_archive_size < MZ_ZIP_END_OF_CENTRAL_DIR_HEADER_SIZE)
         return mz_zip_set_error(pZip, MZ_ZIP_NOT_AN_ARCHIVE);
 
-    if (!mz_zip_reader_locate_header_sig(pZip, MZ_ZIP_END_OF_CENTRAL_DIR_HEADER_SIG, MZ_ZIP_END_OF_CENTRAL_DIR_HEADER_SIZE, &cur_file_ofs))
+    if(!mz_zip_reader_locate_header_sig(pZip, MZ_ZIP_END_OF_CENTRAL_DIR_HEADER_SIG, MZ_ZIP_END_OF_CENTRAL_DIR_HEADER_SIZE, &cur_file_ofs))
         return mz_zip_set_error(pZip, MZ_ZIP_FAILED_FINDING_CENTRAL_DIR);
 
     /* Read and verify the end of central directory record. */
-    if (pZip->m_pRead(pZip->m_pIO_opaque, cur_file_ofs, pBuf, MZ_ZIP_END_OF_CENTRAL_DIR_HEADER_SIZE) != MZ_ZIP_END_OF_CENTRAL_DIR_HEADER_SIZE)
+    if(pZip->m_pRead(pZip->m_pIO_opaque, cur_file_ofs, pBuf, MZ_ZIP_END_OF_CENTRAL_DIR_HEADER_SIZE) != MZ_ZIP_END_OF_CENTRAL_DIR_HEADER_SIZE)
         return mz_zip_set_error(pZip, MZ_ZIP_FILE_READ_FAILED);
 
-    if (MZ_READ_LE32(pBuf + MZ_ZIP_ECDH_SIG_OFS) != MZ_ZIP_END_OF_CENTRAL_DIR_HEADER_SIG)
+    if(MZ_READ_LE32(pBuf + MZ_ZIP_ECDH_SIG_OFS) != MZ_ZIP_END_OF_CENTRAL_DIR_HEADER_SIG)
         return mz_zip_set_error(pZip, MZ_ZIP_NOT_AN_ARCHIVE);
 
-    if (cur_file_ofs >= (MZ_ZIP64_END_OF_CENTRAL_DIR_LOCATOR_SIZE + MZ_ZIP64_END_OF_CENTRAL_DIR_HEADER_SIZE))
+    if(cur_file_ofs >= (MZ_ZIP64_END_OF_CENTRAL_DIR_LOCATOR_SIZE + MZ_ZIP64_END_OF_CENTRAL_DIR_HEADER_SIZE))
     {
-        if (pZip->m_pRead(pZip->m_pIO_opaque, cur_file_ofs - MZ_ZIP64_END_OF_CENTRAL_DIR_LOCATOR_SIZE, pZip64_locator, MZ_ZIP64_END_OF_CENTRAL_DIR_LOCATOR_SIZE) == MZ_ZIP64_END_OF_CENTRAL_DIR_LOCATOR_SIZE)
+        if(pZip->m_pRead(pZip->m_pIO_opaque, cur_file_ofs - MZ_ZIP64_END_OF_CENTRAL_DIR_LOCATOR_SIZE, pZip64_locator, MZ_ZIP64_END_OF_CENTRAL_DIR_LOCATOR_SIZE) == MZ_ZIP64_END_OF_CENTRAL_DIR_LOCATOR_SIZE)
         {
-            if (MZ_READ_LE32(pZip64_locator + MZ_ZIP64_ECDL_SIG_OFS) == MZ_ZIP64_END_OF_CENTRAL_DIR_LOCATOR_SIG)
+            if(MZ_READ_LE32(pZip64_locator + MZ_ZIP64_ECDL_SIG_OFS) == MZ_ZIP64_END_OF_CENTRAL_DIR_LOCATOR_SIG)
             {
                 zip64_end_of_central_dir_ofs = MZ_READ_LE64(pZip64_locator + MZ_ZIP64_ECDL_REL_OFS_TO_ZIP64_ECDR_OFS);
-                if (zip64_end_of_central_dir_ofs > (pZip->m_archive_size - MZ_ZIP64_END_OF_CENTRAL_DIR_HEADER_SIZE))
+                if(zip64_end_of_central_dir_ofs > (pZip->m_archive_size - MZ_ZIP64_END_OF_CENTRAL_DIR_HEADER_SIZE))
                     return mz_zip_set_error(pZip, MZ_ZIP_NOT_AN_ARCHIVE);
 
-                if (pZip->m_pRead(pZip->m_pIO_opaque, zip64_end_of_central_dir_ofs, pZip64_end_of_central_dir, MZ_ZIP64_END_OF_CENTRAL_DIR_HEADER_SIZE) == MZ_ZIP64_END_OF_CENTRAL_DIR_HEADER_SIZE)
+                if(pZip->m_pRead(pZip->m_pIO_opaque, zip64_end_of_central_dir_ofs, pZip64_end_of_central_dir, MZ_ZIP64_END_OF_CENTRAL_DIR_HEADER_SIZE) == MZ_ZIP64_END_OF_CENTRAL_DIR_HEADER_SIZE)
                 {
-                    if (MZ_READ_LE32(pZip64_end_of_central_dir + MZ_ZIP64_ECDH_SIG_OFS) == MZ_ZIP64_END_OF_CENTRAL_DIR_HEADER_SIG)
+                    if(MZ_READ_LE32(pZip64_end_of_central_dir + MZ_ZIP64_ECDH_SIG_OFS) == MZ_ZIP64_END_OF_CENTRAL_DIR_HEADER_SIG)
                     {
                         pZip->m_pState->m_zip64 = MZ_TRUE;
                     }
@@ -3507,7 +3507,7 @@ static mz_bool mz_zip_reader_read_central_dir(mz_zip_archive *pZip, mz_uint flag
     cdir_size = MZ_READ_LE32(pBuf + MZ_ZIP_ECDH_CDIR_SIZE_OFS);
     cdir_ofs = MZ_READ_LE32(pBuf + MZ_ZIP_ECDH_CDIR_OFS_OFS);
 
-    if (pZip->m_pState->m_zip64)
+    if(pZip->m_pState->m_zip64)
     {
         mz_uint32 zip64_total_num_of_disks = MZ_READ_LE32(pZip64_locator + MZ_ZIP64_ECDL_TOTAL_NUMBER_OF_DISKS_OFS);
         mz_uint64 zip64_cdir_total_entries = MZ_READ_LE64(pZip64_end_of_central_dir + MZ_ZIP64_ECDH_CDIR_TOTAL_ENTRIES_OFS);
@@ -3515,25 +3515,25 @@ static mz_bool mz_zip_reader_read_central_dir(mz_zip_archive *pZip, mz_uint flag
         mz_uint64 zip64_size_of_end_of_central_dir_record = MZ_READ_LE64(pZip64_end_of_central_dir + MZ_ZIP64_ECDH_SIZE_OF_RECORD_OFS);
         mz_uint64 zip64_size_of_central_directory = MZ_READ_LE64(pZip64_end_of_central_dir + MZ_ZIP64_ECDH_CDIR_SIZE_OFS);
 
-        if (zip64_size_of_end_of_central_dir_record < (MZ_ZIP64_END_OF_CENTRAL_DIR_HEADER_SIZE - 12))
+        if(zip64_size_of_end_of_central_dir_record < (MZ_ZIP64_END_OF_CENTRAL_DIR_HEADER_SIZE - 12))
             return mz_zip_set_error(pZip, MZ_ZIP_INVALID_HEADER_OR_CORRUPTED);
 
-        if (zip64_total_num_of_disks != 1U)
+        if(zip64_total_num_of_disks != 1U)
             return mz_zip_set_error(pZip, MZ_ZIP_UNSUPPORTED_MULTIDISK);
 
         /* Check for miniz's practical limits */
-        if (zip64_cdir_total_entries > MZ_UINT32_MAX)
+        if(zip64_cdir_total_entries > MZ_UINT32_MAX)
             return mz_zip_set_error(pZip, MZ_ZIP_TOO_MANY_FILES);
 
         pZip->m_total_files = (mz_uint32)zip64_cdir_total_entries;
 
-        if (zip64_cdir_total_entries_on_this_disk > MZ_UINT32_MAX)
+        if(zip64_cdir_total_entries_on_this_disk > MZ_UINT32_MAX)
             return mz_zip_set_error(pZip, MZ_ZIP_TOO_MANY_FILES);
 
         cdir_entries_on_this_disk = (mz_uint32)zip64_cdir_total_entries_on_this_disk;
 
         /* Check for miniz's current practical limits (sorry, this should be enough for millions of files) */
-        if (zip64_size_of_central_directory > MZ_UINT32_MAX)
+        if(zip64_size_of_central_directory > MZ_UINT32_MAX)
             return mz_zip_set_error(pZip, MZ_ZIP_UNSUPPORTED_CDIR_SIZE);
 
         cdir_size = (mz_uint32)zip64_size_of_central_directory;
@@ -3545,50 +3545,50 @@ static mz_bool mz_zip_reader_read_central_dir(mz_zip_archive *pZip, mz_uint flag
         cdir_ofs = MZ_READ_LE64(pZip64_end_of_central_dir + MZ_ZIP64_ECDH_CDIR_OFS_OFS);
     }
 
-    if (pZip->m_total_files != cdir_entries_on_this_disk)
+    if(pZip->m_total_files != cdir_entries_on_this_disk)
         return mz_zip_set_error(pZip, MZ_ZIP_UNSUPPORTED_MULTIDISK);
 
-    if (((num_this_disk | cdir_disk_index) != 0) && ((num_this_disk != 1) || (cdir_disk_index != 1)))
+    if(((num_this_disk | cdir_disk_index) != 0) && ((num_this_disk != 1) || (cdir_disk_index != 1)))
         return mz_zip_set_error(pZip, MZ_ZIP_UNSUPPORTED_MULTIDISK);
 
-    if (cdir_size < pZip->m_total_files * MZ_ZIP_CENTRAL_DIR_HEADER_SIZE)
+    if(cdir_size < pZip->m_total_files * MZ_ZIP_CENTRAL_DIR_HEADER_SIZE)
         return mz_zip_set_error(pZip, MZ_ZIP_INVALID_HEADER_OR_CORRUPTED);
 
-    if ((cdir_ofs + (mz_uint64)cdir_size) > pZip->m_archive_size)
+    if((cdir_ofs + (mz_uint64)cdir_size) > pZip->m_archive_size)
         return mz_zip_set_error(pZip, MZ_ZIP_INVALID_HEADER_OR_CORRUPTED);
 
     pZip->m_central_directory_file_ofs = cdir_ofs;
 
-    if (pZip->m_total_files)
+    if(pZip->m_total_files)
     {
         mz_uint i, n;
         /* Read the entire central directory into a heap block, and allocate another heap block to hold the unsorted central dir file record offsets, and possibly another to hold the sorted indices. */
-        if ((!mz_zip_array_resize(pZip, &pZip->m_pState->m_central_dir, cdir_size, MZ_FALSE)) ||
+        if((!mz_zip_array_resize(pZip, &pZip->m_pState->m_central_dir, cdir_size, MZ_FALSE)) ||
             (!mz_zip_array_resize(pZip, &pZip->m_pState->m_central_dir_offsets, pZip->m_total_files, MZ_FALSE)))
             return mz_zip_set_error(pZip, MZ_ZIP_ALLOC_FAILED);
 
-        if (sort_central_dir)
+        if(sort_central_dir)
         {
-            if (!mz_zip_array_resize(pZip, &pZip->m_pState->m_sorted_central_dir_offsets, pZip->m_total_files, MZ_FALSE))
+            if(!mz_zip_array_resize(pZip, &pZip->m_pState->m_sorted_central_dir_offsets, pZip->m_total_files, MZ_FALSE))
                 return mz_zip_set_error(pZip, MZ_ZIP_ALLOC_FAILED);
         }
 
-        if (pZip->m_pRead(pZip->m_pIO_opaque, cdir_ofs, pZip->m_pState->m_central_dir.m_p, cdir_size) != cdir_size)
+        if(pZip->m_pRead(pZip->m_pIO_opaque, cdir_ofs, pZip->m_pState->m_central_dir.m_p, cdir_size) != cdir_size)
             return mz_zip_set_error(pZip, MZ_ZIP_FILE_READ_FAILED);
 
         /* Now create an index into the central directory file records, do some basic sanity checking on each record */
         p = (const mz_uint8 *)pZip->m_pState->m_central_dir.m_p;
-        for (n = cdir_size, i = 0; i < pZip->m_total_files; ++i)
+        for(n = cdir_size, i = 0; i < pZip->m_total_files; ++i)
         {
             mz_uint total_header_size, disk_index, bit_flags, filename_size, ext_data_size;
             mz_uint64 comp_size, decomp_size, local_header_ofs;
 
-            if ((n < MZ_ZIP_CENTRAL_DIR_HEADER_SIZE) || (MZ_READ_LE32(p) != MZ_ZIP_CENTRAL_DIR_HEADER_SIG))
+            if((n < MZ_ZIP_CENTRAL_DIR_HEADER_SIZE) || (MZ_READ_LE32(p) != MZ_ZIP_CENTRAL_DIR_HEADER_SIG))
                 return mz_zip_set_error(pZip, MZ_ZIP_INVALID_HEADER_OR_CORRUPTED);
 
             MZ_ZIP_ARRAY_ELEMENT(&pZip->m_pState->m_central_dir_offsets, mz_uint32, i) = (mz_uint32)(p - (const mz_uint8 *)pZip->m_pState->m_central_dir.m_p);
 
-            if (sort_central_dir)
+            if(sort_central_dir)
                 MZ_ZIP_ARRAY_ELEMENT(&pZip->m_pState->m_sorted_central_dir_offsets, mz_uint32, i) = i;
 
             comp_size = MZ_READ_LE32(p + MZ_ZIP_CDH_COMPRESSED_SIZE_OFS);
@@ -3597,29 +3597,29 @@ static mz_bool mz_zip_reader_read_central_dir(mz_zip_archive *pZip, mz_uint flag
             filename_size = MZ_READ_LE16(p + MZ_ZIP_CDH_FILENAME_LEN_OFS);
             ext_data_size = MZ_READ_LE16(p + MZ_ZIP_CDH_EXTRA_LEN_OFS);
 
-            if ((!pZip->m_pState->m_zip64_has_extended_info_fields) &&
+            if((!pZip->m_pState->m_zip64_has_extended_info_fields) &&
                 (ext_data_size) &&
                 (MZ_MAX(MZ_MAX(comp_size, decomp_size), local_header_ofs) == MZ_UINT32_MAX))
             {
                 /* Attempt to find zip64 extended information field in the entry's extra data */
                 mz_uint32 extra_size_remaining = ext_data_size;
 
-                if (extra_size_remaining)
+                if(extra_size_remaining)
                 {
                     const mz_uint8 *pExtra_data = p + MZ_ZIP_CENTRAL_DIR_HEADER_SIZE + filename_size;
 
                     do
                     {
-                        if (extra_size_remaining < (sizeof(mz_uint16) * 2))
+                        if(extra_size_remaining < (sizeof(mz_uint16) * 2))
                             return mz_zip_set_error(pZip, MZ_ZIP_INVALID_HEADER_OR_CORRUPTED);
 
                         mz_uint32 field_id = MZ_READ_LE16(pExtra_data);
                         mz_uint32 field_data_size = MZ_READ_LE16(pExtra_data + sizeof(mz_uint16));
 
-                        if ((field_data_size + sizeof(mz_uint16) * 2) > extra_size_remaining)
+                        if((field_data_size + sizeof(mz_uint16) * 2) > extra_size_remaining)
                             return mz_zip_set_error(pZip, MZ_ZIP_INVALID_HEADER_OR_CORRUPTED);
 
-                        if (field_id == MZ_ZIP64_EXTENDED_INFORMATION_FIELD_HEADER_ID)
+                        if(field_id == MZ_ZIP64_EXTENDED_INFORMATION_FIELD_HEADER_ID)
                         {
                             /* Ok, the archive didn't have any zip64 headers but it uses a zip64 extended information field so mark it as zip64 anyway (this can occur with infozip's zip util when it reads compresses files from stdin). */
                             pZip->m_pState->m_zip64 = MZ_TRUE;
@@ -3629,32 +3629,32 @@ static mz_bool mz_zip_reader_read_central_dir(mz_zip_archive *pZip, mz_uint flag
 
                         pExtra_data += sizeof(mz_uint16) * 2 + field_data_size;
                         extra_size_remaining = extra_size_remaining - sizeof(mz_uint16) * 2 - field_data_size;
-                    } while (extra_size_remaining);
+                    } while(extra_size_remaining);
                 }
             }
 
             /* I've seen archives that aren't marked as zip64 that uses zip64 ext data, argh */
-            if ((comp_size != MZ_UINT32_MAX) && (decomp_size != MZ_UINT32_MAX))
+            if((comp_size != MZ_UINT32_MAX) && (decomp_size != MZ_UINT32_MAX))
             {
-                if (((!MZ_READ_LE32(p + MZ_ZIP_CDH_METHOD_OFS)) && (decomp_size != comp_size)) || (decomp_size && !comp_size))
+                if(((!MZ_READ_LE32(p + MZ_ZIP_CDH_METHOD_OFS)) && (decomp_size != comp_size)) || (decomp_size && !comp_size))
                     return mz_zip_set_error(pZip, MZ_ZIP_INVALID_HEADER_OR_CORRUPTED);
             }
 
             disk_index = MZ_READ_LE16(p + MZ_ZIP_CDH_DISK_START_OFS);
-            if ((disk_index == MZ_UINT16_MAX) || ((disk_index != num_this_disk) && (disk_index != 1)))
+            if((disk_index == MZ_UINT16_MAX) || ((disk_index != num_this_disk) && (disk_index != 1)))
                 return mz_zip_set_error(pZip, MZ_ZIP_UNSUPPORTED_MULTIDISK);
 
-            if (comp_size != MZ_UINT32_MAX)
+            if(comp_size != MZ_UINT32_MAX)
             {
-                if (((mz_uint64)MZ_READ_LE32(p + MZ_ZIP_CDH_LOCAL_HEADER_OFS) + MZ_ZIP_LOCAL_DIR_HEADER_SIZE + comp_size) > pZip->m_archive_size)
+                if(((mz_uint64)MZ_READ_LE32(p + MZ_ZIP_CDH_LOCAL_HEADER_OFS) + MZ_ZIP_LOCAL_DIR_HEADER_SIZE + comp_size) > pZip->m_archive_size)
                     return mz_zip_set_error(pZip, MZ_ZIP_INVALID_HEADER_OR_CORRUPTED);
             }
 
             bit_flags = MZ_READ_LE16(p + MZ_ZIP_CDH_BIT_FLAG_OFS);
-            if (bit_flags & MZ_ZIP_GENERAL_PURPOSE_BIT_FLAG_LOCAL_DIR_IS_MASKED)
+            if(bit_flags & MZ_ZIP_GENERAL_PURPOSE_BIT_FLAG_LOCAL_DIR_IS_MASKED)
                 return mz_zip_set_error(pZip, MZ_ZIP_UNSUPPORTED_ENCRYPTION);
 
-            if ((total_header_size = MZ_ZIP_CENTRAL_DIR_HEADER_SIZE + MZ_READ_LE16(p + MZ_ZIP_CDH_FILENAME_LEN_OFS) + MZ_READ_LE16(p + MZ_ZIP_CDH_EXTRA_LEN_OFS) + MZ_READ_LE16(p + MZ_ZIP_CDH_COMMENT_LEN_OFS)) > n)
+            if((total_header_size = MZ_ZIP_CENTRAL_DIR_HEADER_SIZE + MZ_READ_LE16(p + MZ_ZIP_CDH_FILENAME_LEN_OFS) + MZ_READ_LE16(p + MZ_ZIP_CDH_EXTRA_LEN_OFS) + MZ_READ_LE16(p + MZ_ZIP_CDH_COMMENT_LEN_OFS)) > n)
                 return mz_zip_set_error(pZip, MZ_ZIP_INVALID_HEADER_OR_CORRUPTED);
 
             n -= total_header_size;
@@ -3662,7 +3662,7 @@ static mz_bool mz_zip_reader_read_central_dir(mz_zip_archive *pZip, mz_uint flag
         }
     }
 
-    if (sort_central_dir)
+    if(sort_central_dir)
         mz_zip_reader_sort_central_dir_offsets_by_filename(pZip);
 
     return MZ_TRUE;
@@ -3670,7 +3670,7 @@ static mz_bool mz_zip_reader_read_central_dir(mz_zip_archive *pZip, mz_uint flag
 
 void mz_zip_zero_struct(mz_zip_archive *pZip)
 {
-    if (pZip)
+    if(pZip)
         MZ_CLEAR_OBJ(*pZip);
 }
 
@@ -3678,18 +3678,18 @@ static mz_bool mz_zip_reader_end_internal(mz_zip_archive *pZip, mz_bool set_last
 {
     mz_bool status = MZ_TRUE;
 
-    if (!pZip)
+    if(!pZip)
         return MZ_FALSE;
 
-    if ((!pZip->m_pState) || (!pZip->m_pAlloc) || (!pZip->m_pFree) || (pZip->m_zip_mode != MZ_ZIP_MODE_READING))
+    if((!pZip->m_pState) || (!pZip->m_pAlloc) || (!pZip->m_pFree) || (pZip->m_zip_mode != MZ_ZIP_MODE_READING))
     {
-        if (set_last_error)
+        if(set_last_error)
             pZip->m_last_error = MZ_ZIP_INVALID_PARAMETER;
 
         return MZ_FALSE;
     }
 
-    if (pZip->m_pState)
+    if(pZip->m_pState)
     {
         mz_zip_internal_state *pState = pZip->m_pState;
         pZip->m_pState = NULL;
@@ -3699,13 +3699,13 @@ static mz_bool mz_zip_reader_end_internal(mz_zip_archive *pZip, mz_bool set_last
         mz_zip_array_clear(pZip, &pState->m_sorted_central_dir_offsets);
 
 #ifndef MINIZ_NO_STDIO
-        if (pState->m_pFile)
+        if(pState->m_pFile)
         {
-            if (pZip->m_zip_type == MZ_ZIP_TYPE_FILE)
+            if(pZip->m_zip_type == MZ_ZIP_TYPE_FILE)
             {
-                if (MZ_FCLOSE(pState->m_pFile) == EOF)
+                if(MZ_FCLOSE(pState->m_pFile) == EOF)
                 {
-                    if (set_last_error)
+                    if(set_last_error)
                         pZip->m_last_error = MZ_ZIP_FILE_CLOSE_FAILED;
                     status = MZ_FALSE;
                 }
@@ -3727,16 +3727,16 @@ mz_bool mz_zip_reader_end(mz_zip_archive *pZip)
 }
 mz_bool mz_zip_reader_init(mz_zip_archive *pZip, mz_uint64 size, mz_uint flags)
 {
-    if ((!pZip) || (!pZip->m_pRead))
+    if((!pZip) || (!pZip->m_pRead))
         return mz_zip_set_error(pZip, MZ_ZIP_INVALID_PARAMETER);
 
-    if (!mz_zip_reader_init_internal(pZip, flags))
+    if(!mz_zip_reader_init_internal(pZip, flags))
         return MZ_FALSE;
 
     pZip->m_zip_type = MZ_ZIP_TYPE_USER;
     pZip->m_archive_size = size;
 
-    if (!mz_zip_reader_read_central_dir(pZip, flags))
+    if(!mz_zip_reader_read_central_dir(pZip, flags))
     {
         mz_zip_reader_end_internal(pZip, MZ_FALSE);
         return MZ_FALSE;
@@ -3755,13 +3755,13 @@ static size_t mz_zip_mem_read_func(void *pOpaque, mz_uint64 file_ofs, void *pBuf
 
 mz_bool mz_zip_reader_init_mem(mz_zip_archive *pZip, const void *pMem, size_t size, mz_uint flags)
 {
-    if (!pMem)
+    if(!pMem)
         return mz_zip_set_error(pZip, MZ_ZIP_INVALID_PARAMETER);
 
-    if (size < MZ_ZIP_END_OF_CENTRAL_DIR_HEADER_SIZE)
+    if(size < MZ_ZIP_END_OF_CENTRAL_DIR_HEADER_SIZE)
         return mz_zip_set_error(pZip, MZ_ZIP_NOT_AN_ARCHIVE);
 
-    if (!mz_zip_reader_init_internal(pZip, flags))
+    if(!mz_zip_reader_init_internal(pZip, flags))
         return MZ_FALSE;
 
     pZip->m_zip_type = MZ_ZIP_TYPE_MEMORY;
@@ -3777,7 +3777,7 @@ mz_bool mz_zip_reader_init_mem(mz_zip_archive *pZip, const void *pMem, size_t si
 
     pZip->m_pState->m_mem_size = size;
 
-    if (!mz_zip_reader_read_central_dir(pZip, flags))
+    if(!mz_zip_reader_read_central_dir(pZip, flags))
     {
         mz_zip_reader_end_internal(pZip, MZ_FALSE);
         return MZ_FALSE;
@@ -3794,7 +3794,7 @@ static size_t mz_zip_file_read_func(void *pOpaque, mz_uint64 file_ofs, void *pBu
 
     file_ofs += pZip->m_pState->m_file_archive_start_ofs;
 
-    if (((mz_int64)file_ofs < 0) || (((cur_ofs != (mz_int64)file_ofs)) && (MZ_FSEEK64(pZip->m_pState->m_pFile, (mz_int64)file_ofs, SEEK_SET))))
+    if(((mz_int64)file_ofs < 0) || (((cur_ofs != (mz_int64)file_ofs)) && (MZ_FSEEK64(pZip->m_pState->m_pFile, (mz_int64)file_ofs, SEEK_SET))))
         return 0;
 
     return MZ_FREAD(pBuf, 1, n, pZip->m_pState->m_pFile);
@@ -3807,18 +3807,18 @@ mz_bool mz_zip_reader_init_file(mz_zip_archive *pZip, const char *pFilename, mz_
 
 mz_bool mz_zip_reader_init_file_v2(mz_zip_archive *pZip, const char *pFilename, mz_uint flags, mz_uint64 file_start_ofs, mz_uint64 archive_size)
 {
-    if ((!pZip) || (!pFilename) || ((archive_size) && (archive_size < MZ_ZIP_END_OF_CENTRAL_DIR_HEADER_SIZE)))
+    if((!pZip) || (!pFilename) || ((archive_size) && (archive_size < MZ_ZIP_END_OF_CENTRAL_DIR_HEADER_SIZE)))
         return mz_zip_set_error(pZip, MZ_ZIP_INVALID_PARAMETER);
 
     mz_uint64 file_size;
     MZ_FILE *pFile = MZ_FOPEN(pFilename, "rb");
-    if (!pFile)
+    if(!pFile)
         return mz_zip_set_error(pZip, MZ_ZIP_FILE_OPEN_FAILED);
 
     file_size = archive_size;
-    if (!file_size)
+    if(!file_size)
     {
-        if (MZ_FSEEK64(pFile, 0, SEEK_END))
+        if(MZ_FSEEK64(pFile, 0, SEEK_END))
         {
             MZ_FCLOSE(pFile);
             return mz_zip_set_error(pZip, MZ_ZIP_FILE_SEEK_FAILED);
@@ -3829,10 +3829,10 @@ mz_bool mz_zip_reader_init_file_v2(mz_zip_archive *pZip, const char *pFilename,
 
     /* TODO: Better sanity check archive_size and the # of actual remaining bytes */
 
-    if (file_size < MZ_ZIP_END_OF_CENTRAL_DIR_HEADER_SIZE)
+    if(file_size < MZ_ZIP_END_OF_CENTRAL_DIR_HEADER_SIZE)
         return mz_zip_set_error(pZip, MZ_ZIP_NOT_AN_ARCHIVE);
 
-    if (!mz_zip_reader_init_internal(pZip, flags))
+    if(!mz_zip_reader_init_internal(pZip, flags))
     {
         MZ_FCLOSE(pFile);
         return MZ_FALSE;
@@ -3845,7 +3845,7 @@ mz_bool mz_zip_reader_init_file_v2(mz_zip_archive *pZip, const char *pFilename,
     pZip->m_archive_size = file_size;
     pZip->m_pState->m_file_archive_start_ofs = file_start_ofs;
 
-    if (!mz_zip_reader_read_central_dir(pZip, flags))
+    if(!mz_zip_reader_read_central_dir(pZip, flags))
     {
         mz_zip_reader_end_internal(pZip, MZ_FALSE);
         return MZ_FALSE;
@@ -3858,23 +3858,23 @@ mz_bool mz_zip_reader_init_cfile(mz_zip_archive *pZip, MZ_FILE *pFile, mz_uint64
 {
     mz_uint64 cur_file_ofs;
 
-    if ((!pZip) || (!pFile))
+    if((!pZip) || (!pFile))
         return mz_zip_set_error(pZip, MZ_ZIP_FILE_OPEN_FAILED);
 
     cur_file_ofs = MZ_FTELL64(pFile);
 
-    if (!archive_size)
+    if(!archive_size)
     {
-        if (MZ_FSEEK64(pFile, 0, SEEK_END))
+        if(MZ_FSEEK64(pFile, 0, SEEK_END))
             return mz_zip_set_error(pZip, MZ_ZIP_FILE_SEEK_FAILED);
 
         archive_size = MZ_FTELL64(pFile) - cur_file_ofs;
 
-        if (archive_size < MZ_ZIP_END_OF_CENTRAL_DIR_HEADER_SIZE)
+        if(archive_size < MZ_ZIP_END_OF_CENTRAL_DIR_HEADER_SIZE)
             return mz_zip_set_error(pZip, MZ_ZIP_NOT_AN_ARCHIVE);
     }
 
-    if (!mz_zip_reader_init_internal(pZip, flags))
+    if(!mz_zip_reader_init_internal(pZip, flags))
         return MZ_FALSE;
 
     pZip->m_zip_type = MZ_ZIP_TYPE_CFILE;
@@ -3885,7 +3885,7 @@ mz_bool mz_zip_reader_init_cfile(mz_zip_archive *pZip, MZ_FILE *pFile, mz_uint64
     pZip->m_archive_size = archive_size;
     pZip->m_pState->m_file_archive_start_ofs = cur_file_ofs;
 
-    if (!mz_zip_reader_read_central_dir(pZip, flags))
+    if(!mz_zip_reader_read_central_dir(pZip, flags))
     {
         mz_zip_reader_end_internal(pZip, MZ_FALSE);
         return MZ_FALSE;
@@ -3898,7 +3898,7 @@ mz_bool mz_zip_reader_init_cfile(mz_zip_archive *pZip, MZ_FILE *pFile, mz_uint64
 
 static MZ_FORCEINLINE const mz_uint8 *mz_zip_get_cdh(mz_zip_archive *pZip, mz_uint file_index)
 {
-    if ((!pZip) || (!pZip->m_pState) || (file_index >= pZip->m_total_files))
+    if((!pZip) || (!pZip->m_pState) || (file_index >= pZip->m_total_files))
         return NULL;
     return &MZ_ZIP_ARRAY_ELEMENT(&pZip->m_pState->m_central_dir, mz_uint8, MZ_ZIP_ARRAY_ELEMENT(&pZip->m_pState->m_central_dir_offsets, mz_uint32, file_index));
 }
@@ -3907,7 +3907,7 @@ mz_bool mz_zip_reader_is_file_encrypted(mz_zip_archive *pZip, mz_uint file_index
 {
     mz_uint m_bit_flag;
     const mz_uint8 *p = mz_zip_get_cdh(pZip, file_index);
-    if (!p)
+    if(!p)
     {
         mz_zip_set_error(pZip, MZ_ZIP_INVALID_PARAMETER);
         return MZ_FALSE;
@@ -3923,7 +3923,7 @@ mz_bool mz_zip_reader_is_file_supported(mz_zip_archive *pZip, mz_uint file_index
     mz_uint method;
 
     const mz_uint8 *p = mz_zip_get_cdh(pZip, file_index);
-    if (!p)
+    if(!p)
     {
         mz_zip_set_error(pZip, MZ_ZIP_INVALID_PARAMETER);
         return MZ_FALSE;
@@ -3932,19 +3932,19 @@ mz_bool mz_zip_reader_is_file_supported(mz_zip_archive *pZip, mz_uint file_index
     method = MZ_READ_LE16(p + MZ_ZIP_CDH_METHOD_OFS);
     bit_flag = MZ_READ_LE16(p + MZ_ZIP_CDH_BIT_FLAG_OFS);
 
-    if ((method != 0) && (method != MZ_DEFLATED))
+    if((method != 0) && (method != MZ_DEFLATED))
     {
         mz_zip_set_error(pZip, MZ_ZIP_UNSUPPORTED_METHOD);
         return MZ_FALSE;
     }
 
-    if (bit_flag & (MZ_ZIP_GENERAL_PURPOSE_BIT_FLAG_IS_ENCRYPTED | MZ_ZIP_GENERAL_PURPOSE_BIT_FLAG_USES_STRONG_ENCRYPTION))
+    if(bit_flag & (MZ_ZIP_GENERAL_PURPOSE_BIT_FLAG_IS_ENCRYPTED | MZ_ZIP_GENERAL_PURPOSE_BIT_FLAG_USES_STRONG_ENCRYPTION))
     {
         mz_zip_set_error(pZip, MZ_ZIP_UNSUPPORTED_ENCRYPTION);
         return MZ_FALSE;
     }
 
-    if (bit_flag & MZ_ZIP_GENERAL_PURPOSE_BIT_FLAG_COMPRESSED_PATCH_FLAG)
+    if(bit_flag & MZ_ZIP_GENERAL_PURPOSE_BIT_FLAG_COMPRESSED_PATCH_FLAG)
     {
         mz_zip_set_error(pZip, MZ_ZIP_UNSUPPORTED_FEATURE);
         return MZ_FALSE;
@@ -3957,16 +3957,16 @@ mz_bool mz_zip_reader_is_file_a_directory(mz_zip_archive *pZip, mz_uint file_ind
 {
     mz_uint filename_len, attribute_mapping_id, external_attr;
     const mz_uint8 *p = mz_zip_get_cdh(pZip, file_index);
-    if (!p)
+    if(!p)
     {
         mz_zip_set_error(pZip, MZ_ZIP_INVALID_PARAMETER);
         return MZ_FALSE;
     }
 
     filename_len = MZ_READ_LE16(p + MZ_ZIP_CDH_FILENAME_LEN_OFS);
-    if (filename_len)
+    if(filename_len)
     {
-        if (*(p + MZ_ZIP_CENTRAL_DIR_HEADER_SIZE + filename_len - 1) == '/')
+        if(*(p + MZ_ZIP_CENTRAL_DIR_HEADER_SIZE + filename_len - 1) == '/')
             return MZ_TRUE;
     }
 
@@ -3977,7 +3977,7 @@ mz_bool mz_zip_reader_is_file_a_directory(mz_zip_archive *pZip, mz_uint file_ind
     (void)attribute_mapping_id;
 
     external_attr = MZ_READ_LE32(p + MZ_ZIP_CDH_EXTERNAL_ATTR_OFS);
-    if ((external_attr & MZ_ZIP_DOS_DIR_ATTRIBUTE_BITFLAG) != 0)
+    if((external_attr & MZ_ZIP_DOS_DIR_ATTRIBUTE_BITFLAG) != 0)
     {
         return MZ_TRUE;
     }
@@ -3990,10 +3990,10 @@ static mz_bool mz_zip_file_stat_internal(mz_zip_archive *pZip, mz_uint file_inde
     mz_uint n;
     const mz_uint8 *p = pCentral_dir_header;
 
-    if (pFound_zip64_extra_data)
+    if(pFound_zip64_extra_data)
         *pFound_zip64_extra_data = MZ_FALSE;
 
-    if ((!p) || (!pStat))
+    if((!p) || (!pStat))
         return mz_zip_set_error(pZip, MZ_ZIP_INVALID_PARAMETER);
 
     /* Extract fields from the central directory record. */
@@ -4032,37 +4032,37 @@ static mz_bool mz_zip_file_stat_internal(mz_zip_archive *pZip, mz_uint file_inde
 
     /* See if we need to read any zip64 extended information fields. */
     /* Confusingly, these zip64 fields can be present even on non-zip64 archives (Debian zip on a huge files from stdin piped to stdout creates them). */
-    if (MZ_MAX(MZ_MAX(pStat->m_comp_size, pStat->m_uncomp_size), pStat->m_local_header_ofs) == MZ_UINT32_MAX)
+    if(MZ_MAX(MZ_MAX(pStat->m_comp_size, pStat->m_uncomp_size), pStat->m_local_header_ofs) == MZ_UINT32_MAX)
     {
         /* Attempt to find zip64 extended information field in the entry's extra data */
         mz_uint32 extra_size_remaining = MZ_READ_LE16(p + MZ_ZIP_CDH_EXTRA_LEN_OFS);
 
-        if (extra_size_remaining)
+        if(extra_size_remaining)
         {
             const mz_uint8 *pExtra_data = p + MZ_ZIP_CENTRAL_DIR_HEADER_SIZE + MZ_READ_LE16(p + MZ_ZIP_CDH_FILENAME_LEN_OFS);
 
             do
             {
-                if (extra_size_remaining < (sizeof(mz_uint16) * 2))
+                if(extra_size_remaining < (sizeof(mz_uint16) * 2))
                     return mz_zip_set_error(pZip, MZ_ZIP_INVALID_HEADER_OR_CORRUPTED);
 
                 mz_uint32 field_id = MZ_READ_LE16(pExtra_data);
                 mz_uint32 field_data_size = MZ_READ_LE16(pExtra_data + sizeof(mz_uint16));
 
-                if ((field_data_size + sizeof(mz_uint16) * 2) > extra_size_remaining)
+                if((field_data_size + sizeof(mz_uint16) * 2) > extra_size_remaining)
                     return mz_zip_set_error(pZip, MZ_ZIP_INVALID_HEADER_OR_CORRUPTED);
 
-                if (field_id == MZ_ZIP64_EXTENDED_INFORMATION_FIELD_HEADER_ID)
+                if(field_id == MZ_ZIP64_EXTENDED_INFORMATION_FIELD_HEADER_ID)
                 {
                     const mz_uint8 *pField_data = pExtra_data + sizeof(mz_uint16) * 2;
                     mz_uint32 field_data_remaining = field_data_size;
 
-                    if (pFound_zip64_extra_data)
+                    if(pFound_zip64_extra_data)
                         *pFound_zip64_extra_data = MZ_TRUE;
 
-                    if (pStat->m_uncomp_size == MZ_UINT32_MAX)
+                    if(pStat->m_uncomp_size == MZ_UINT32_MAX)
                     {
-                        if (field_data_remaining < sizeof(mz_uint64))
+                        if(field_data_remaining < sizeof(mz_uint64))
                             return mz_zip_set_error(pZip, MZ_ZIP_INVALID_HEADER_OR_CORRUPTED);
 
                         pStat->m_uncomp_size = MZ_READ_LE64(pField_data);
@@ -4070,9 +4070,9 @@ static mz_bool mz_zip_file_stat_internal(mz_zip_archive *pZip, mz_uint file_inde
                         field_data_remaining -= sizeof(mz_uint64);
                     }
 
-                    if (pStat->m_comp_size == MZ_UINT32_MAX)
+                    if(pStat->m_comp_size == MZ_UINT32_MAX)
                     {
-                        if (field_data_remaining < sizeof(mz_uint64))
+                        if(field_data_remaining < sizeof(mz_uint64))
                             return mz_zip_set_error(pZip, MZ_ZIP_INVALID_HEADER_OR_CORRUPTED);
 
                         pStat->m_comp_size = MZ_READ_LE64(pField_data);
@@ -4080,9 +4080,9 @@ static mz_bool mz_zip_file_stat_internal(mz_zip_archive *pZip, mz_uint file_inde
                         field_data_remaining -= sizeof(mz_uint64);
                     }
 
-                    if (pStat->m_local_header_ofs == MZ_UINT32_MAX)
+                    if(pStat->m_local_header_ofs == MZ_UINT32_MAX)
                     {
-                        if (field_data_remaining < sizeof(mz_uint64))
+                        if(field_data_remaining < sizeof(mz_uint64))
                             return mz_zip_set_error(pZip, MZ_ZIP_INVALID_HEADER_OR_CORRUPTED);
 
                         pStat->m_local_header_ofs = MZ_READ_LE64(pField_data);
@@ -4095,7 +4095,7 @@ static mz_bool mz_zip_file_stat_internal(mz_zip_archive *pZip, mz_uint file_inde
 
                 pExtra_data += sizeof(mz_uint16) * 2 + field_data_size;
                 extra_size_remaining = extra_size_remaining - sizeof(mz_uint16) * 2 - field_data_size;
-            } while (extra_size_remaining);
+            } while(extra_size_remaining);
         }
     }
 
@@ -4105,10 +4105,10 @@ static mz_bool mz_zip_file_stat_internal(mz_zip_archive *pZip, mz_uint file_inde
 static MZ_FORCEINLINE mz_bool mz_zip_string_equal(const char *pA, const char *pB, mz_uint len, mz_uint flags)
 {
     mz_uint i;
-    if (flags & MZ_ZIP_FLAG_CASE_SENSITIVE)
+    if(flags & MZ_ZIP_FLAG_CASE_SENSITIVE)
         return 0 == memcmp(pA, pB, len);
-    for (i = 0; i < len; ++i)
-        if (MZ_TOLOWER(pA[i]) != MZ_TOLOWER(pB[i]))
+    for(i = 0; i < len; ++i)
+        if(MZ_TOLOWER(pA[i]) != MZ_TOLOWER(pB[i]))
             return MZ_FALSE;
     return MZ_TRUE;
 }
@@ -4120,9 +4120,9 @@ static MZ_FORCEINLINE int mz_zip_filename_compare(const mz_zip_array *pCentral_d
     mz_uint8 l = 0, r = 0;
     pL += MZ_ZIP_CENTRAL_DIR_HEADER_SIZE;
     pE = pL + MZ_MIN(l_len, r_len);
-    while (pL < pE)
+    while(pL < pE)
     {
-        if ((l = MZ_TOLOWER(*pL)) != (r = MZ_TOLOWER(*pR)))
+        if((l = MZ_TOLOWER(*pL)) != (r = MZ_TOLOWER(*pR)))
             break;
         pL++;
         pR++;
@@ -4139,28 +4139,28 @@ static mz_bool mz_zip_locate_file_binary_search(mz_zip_archive *pZip, const char
     const uint32_t size = pZip->m_total_files;
     const mz_uint filename_len = (mz_uint)strlen(pFilename);
 
-    if (pIndex)
+    if(pIndex)
         *pIndex = 0;
 
-    if (size)
+    if(size)
     {
         /* yes I could use uint32_t's, but then we would have to add some special case checks in the loop, argh, and */
         /* honestly the major expense here on 32-bit CPU's will still be the filename compare */
         mz_int64 l = 0, h = (mz_int64)size - 1;
 
-        while (l <= h)
+        while(l <= h)
         {
             mz_int64 m = l + ((h - l) >> 1);
             uint32_t file_index = pIndices[(uint32_t)m];
 
             int comp = mz_zip_filename_compare(pCentral_dir, pCentral_dir_offsets, file_index, pFilename, filename_len);
-            if (!comp)
+            if(!comp)
             {
-                if (pIndex)
+                if(pIndex)
                     *pIndex = file_index;
                 return MZ_TRUE;
             }
-            else if (comp < 0)
+            else if(comp < 0)
                 l = m + 1;
             else
                 h = m - 1;
@@ -4173,7 +4173,7 @@ static mz_bool mz_zip_locate_file_binary_search(mz_zip_archive *pZip, const char
 int mz_zip_reader_locate_file(mz_zip_archive *pZip, const char *pName, const char *pComment, mz_uint flags)
 {
     mz_uint32 index;
-    if (!mz_zip_reader_locate_file_v2(pZip, pName, pComment, flags, &index))
+    if(!mz_zip_reader_locate_file_v2(pZip, pName, pComment, flags, &index))
         return -1;
     else
         return (int)index;
@@ -4184,14 +4184,14 @@ mz_bool mz_zip_reader_locate_file_v2(mz_zip_archive *pZip, const char *pName, co
     mz_uint file_index;
     size_t name_len, comment_len;
 
-    if (pIndex)
+    if(pIndex)
         *pIndex = 0;
 
-    if ((!pZip) || (!pZip->m_pState) || (!pName))
+    if((!pZip) || (!pZip->m_pState) || (!pName))
         return mz_zip_set_error(pZip, MZ_ZIP_INVALID_PARAMETER);
 
     /* See if we can use a binary search */
-    if (((pZip->m_pState->m_init_flags & MZ_ZIP_FLAG_DO_NOT_SORT_CENTRAL_DIRECTORY) == 0) &&
+    if(((pZip->m_pState->m_init_flags & MZ_ZIP_FLAG_DO_NOT_SORT_CENTRAL_DIRECTORY) == 0) &&
         (pZip->m_zip_mode == MZ_ZIP_MODE_READING) &&
         ((flags & (MZ_ZIP_FLAG_IGNORE_PATH | MZ_ZIP_FLAG_CASE_SENSITIVE)) == 0) && (!pComment) && (pZip->m_pState->m_sorted_central_dir_offsets.m_size))
     {
@@ -4200,42 +4200,42 @@ mz_bool mz_zip_reader_locate_file_v2(mz_zip_archive *pZip, const char *pName, co
 
     /* Locate the entry by scanning the entire central directory */
     name_len = strlen(pName);
-    if (name_len > MZ_UINT16_MAX)
+    if(name_len > MZ_UINT16_MAX)
         return mz_zip_set_error(pZip, MZ_ZIP_INVALID_PARAMETER);
 
     comment_len = pComment ? strlen(pComment) : 0;
-    if (comment_len > MZ_UINT16_MAX)
+    if(comment_len > MZ_UINT16_MAX)
         return mz_zip_set_error(pZip, MZ_ZIP_INVALID_PARAMETER);
 
-    for (file_index = 0; file_index < pZip->m_total_files; file_index++)
+    for(file_index = 0; file_index < pZip->m_total_files; file_index++)
     {
         const mz_uint8 *pHeader = &MZ_ZIP_ARRAY_ELEMENT(&pZip->m_pState->m_central_dir, mz_uint8, MZ_ZIP_ARRAY_ELEMENT(&pZip->m_pState->m_central_dir_offsets, mz_uint32, file_index));
         mz_uint filename_len = MZ_READ_LE16(pHeader + MZ_ZIP_CDH_FILENAME_LEN_OFS);
         const char *pFilename = (const char *)pHeader + MZ_ZIP_CENTRAL_DIR_HEADER_SIZE;
-        if (filename_len < name_len)
+        if(filename_len < name_len)
             continue;
-        if (comment_len)
+        if(comment_len)
         {
             mz_uint file_extra_len = MZ_READ_LE16(pHeader + MZ_ZIP_CDH_EXTRA_LEN_OFS), file_comment_len = MZ_READ_LE16(pHeader + MZ_ZIP_CDH_COMMENT_LEN_OFS);
             const char *pFile_comment = pFilename + filename_len + file_extra_len;
-            if ((file_comment_len != comment_len) || (!mz_zip_string_equal(pComment, pFile_comment, file_comment_len, flags)))
+            if((file_comment_len != comment_len) || (!mz_zip_string_equal(pComment, pFile_comment, file_comment_len, flags)))
                 continue;
         }
-        if ((flags & MZ_ZIP_FLAG_IGNORE_PATH) && (filename_len))
+        if((flags & MZ_ZIP_FLAG_IGNORE_PATH) && (filename_len))
         {
             int ofs = filename_len - 1;
             do
             {
-                if ((pFilename[ofs] == '/') || (pFilename[ofs] == '\\') || (pFilename[ofs] == ':'))
+                if((pFilename[ofs] == '/') || (pFilename[ofs] == '\\') || (pFilename[ofs] == ':'))
                     break;
-            } while (--ofs >= 0);
+            } while(--ofs >= 0);
             ofs++;
             pFilename += ofs;
             filename_len -= ofs;
         }
-        if ((filename_len == name_len) && (mz_zip_string_equal(pName, pFilename, filename_len, flags)))
+        if((filename_len == name_len) && (mz_zip_string_equal(pName, pFilename, filename_len, flags)))
         {
-            if (pIndex)
+            if(pIndex)
                 *pIndex = file_index;
             return MZ_TRUE;
         }
@@ -4254,51 +4254,51 @@ mz_bool mz_zip_reader_extract_to_mem_no_alloc(mz_zip_archive *pZip, mz_uint file
     mz_uint8 *pLocal_header = (mz_uint8 *)local_header_u32;
     tinfl_decompressor inflator;
 
-    if ((!pZip) || (!pZip->m_pState) || ((buf_size) && (!pBuf)) || ((user_read_buf_size) && (!pUser_read_buf)) || (!pZip->m_pRead))
+    if((!pZip) || (!pZip->m_pState) || ((buf_size) && (!pBuf)) || ((user_read_buf_size) && (!pUser_read_buf)) || (!pZip->m_pRead))
         return mz_zip_set_error(pZip, MZ_ZIP_INVALID_PARAMETER);
 
-    if (!mz_zip_reader_file_stat(pZip, file_index, &file_stat))
+    if(!mz_zip_reader_file_stat(pZip, file_index, &file_stat))
         return MZ_FALSE;
 
     /* A directory or zero length file */
-    if ((file_stat.m_is_directory) || (!file_stat.m_comp_size))
+    if((file_stat.m_is_directory) || (!file_stat.m_comp_size))
         return MZ_TRUE;
 
     /* Encryption and patch files are not supported. */
-    if (file_stat.m_bit_flag & (MZ_ZIP_GENERAL_PURPOSE_BIT_FLAG_IS_ENCRYPTED | MZ_ZIP_GENERAL_PURPOSE_BIT_FLAG_USES_STRONG_ENCRYPTION | MZ_ZIP_GENERAL_PURPOSE_BIT_FLAG_COMPRESSED_PATCH_FLAG))
+    if(file_stat.m_bit_flag & (MZ_ZIP_GENERAL_PURPOSE_BIT_FLAG_IS_ENCRYPTED | MZ_ZIP_GENERAL_PURPOSE_BIT_FLAG_USES_STRONG_ENCRYPTION | MZ_ZIP_GENERAL_PURPOSE_BIT_FLAG_COMPRESSED_PATCH_FLAG))
         return mz_zip_set_error(pZip, MZ_ZIP_UNSUPPORTED_ENCRYPTION);
 
     /* This function only supports decompressing stored and deflate. */
-    if ((!(flags & MZ_ZIP_FLAG_COMPRESSED_DATA)) && (file_stat.m_method != 0) && (file_stat.m_method != MZ_DEFLATED))
+    if((!(flags & MZ_ZIP_FLAG_COMPRESSED_DATA)) && (file_stat.m_method != 0) && (file_stat.m_method != MZ_DEFLATED))
         return mz_zip_set_error(pZip, MZ_ZIP_UNSUPPORTED_METHOD);
 
     /* Ensure supplied output buffer is large enough. */
     needed_size = (flags & MZ_ZIP_FLAG_COMPRESSED_DATA) ? file_stat.m_comp_size : file_stat.m_uncomp_size;
-    if (buf_size < needed_size)
+    if(buf_size < needed_size)
         return mz_zip_set_error(pZip, MZ_ZIP_BUF_TOO_SMALL);
 
     /* Read and parse the local directory entry. */
     cur_file_ofs = file_stat.m_local_header_ofs;
-    if (pZip->m_pRead(pZip->m_pIO_opaque, cur_file_ofs, pLocal_header, MZ_ZIP_LOCAL_DIR_HEADER_SIZE) != MZ_ZIP_LOCAL_DIR_HEADER_SIZE)
+    if(pZip->m_pRead(pZip->m_pIO_opaque, cur_file_ofs, pLocal_header, MZ_ZIP_LOCAL_DIR_HEADER_SIZE) != MZ_ZIP_LOCAL_DIR_HEADER_SIZE)
         return mz_zip_set_error(pZip, MZ_ZIP_FILE_READ_FAILED);
 
-    if (MZ_READ_LE32(pLocal_header) != MZ_ZIP_LOCAL_DIR_HEADER_SIG)
+    if(MZ_READ_LE32(pLocal_header) != MZ_ZIP_LOCAL_DIR_HEADER_SIG)
         return mz_zip_set_error(pZip, MZ_ZIP_INVALID_HEADER_OR_CORRUPTED);
 
     cur_file_ofs += MZ_ZIP_LOCAL_DIR_HEADER_SIZE + MZ_READ_LE16(pLocal_header + MZ_ZIP_LDH_FILENAME_LEN_OFS) + MZ_READ_LE16(pLocal_header + MZ_ZIP_LDH_EXTRA_LEN_OFS);
-    if ((cur_file_ofs + file_stat.m_comp_size) > pZip->m_archive_size)
+    if((cur_file_ofs + file_stat.m_comp_size) > pZip->m_archive_size)
         return mz_zip_set_error(pZip, MZ_ZIP_INVALID_HEADER_OR_CORRUPTED);
 
-    if ((flags & MZ_ZIP_FLAG_COMPRESSED_DATA) || (!file_stat.m_method))
+    if((flags & MZ_ZIP_FLAG_COMPRESSED_DATA) || (!file_stat.m_method))
     {
         /* The file is stored or the caller has requested the compressed data. */
-        if (pZip->m_pRead(pZip->m_pIO_opaque, cur_file_ofs, pBuf, (size_t)needed_size) != needed_size)
+        if(pZip->m_pRead(pZip->m_pIO_opaque, cur_file_ofs, pBuf, (size_t)needed_size) != needed_size)
             return mz_zip_set_error(pZip, MZ_ZIP_FILE_READ_FAILED);
 
 #ifndef MINIZ_DISABLE_ZIP_READER_CRC32_CHECKS
-        if ((flags & MZ_ZIP_FLAG_COMPRESSED_DATA) == 0)
+        if((flags & MZ_ZIP_FLAG_COMPRESSED_DATA) == 0)
         {
-            if (mz_crc32(MZ_CRC32_INIT, (const mz_uint8 *)pBuf, (size_t)file_stat.m_uncomp_size) != file_stat.m_crc32)
+            if(mz_crc32(MZ_CRC32_INIT, (const mz_uint8 *)pBuf, (size_t)file_stat.m_uncomp_size) != file_stat.m_crc32)
                 return mz_zip_set_error(pZip, MZ_ZIP_CRC_CHECK_FAILED);
         }
 #endif
@@ -4309,17 +4309,17 @@ mz_bool mz_zip_reader_extract_to_mem_no_alloc(mz_zip_archive *pZip, mz_uint file
     /* Decompress the file either directly from memory or from a file input buffer. */
     tinfl_init(&inflator);
 
-    if (pZip->m_pState->m_pMem)
+    if(pZip->m_pState->m_pMem)
     {
         /* Read directly from the archive in memory. */
         pRead_buf = (mz_uint8 *)pZip->m_pState->m_pMem + cur_file_ofs;
         read_buf_size = read_buf_avail = file_stat.m_comp_size;
         comp_remaining = 0;
     }
-    else if (pUser_read_buf)
+    else if(pUser_read_buf)
     {
         /* Use a user provided read buffer. */
-        if (!user_read_buf_size)
+        if(!user_read_buf_size)
             return MZ_FALSE;
         pRead_buf = (mz_uint8 *)pUser_read_buf;
         read_buf_size = user_read_buf_size;
@@ -4330,10 +4330,10 @@ mz_bool mz_zip_reader_extract_to_mem_no_alloc(mz_zip_archive *pZip, mz_uint file
     {
         /* Temporarily allocate a read buffer. */
         read_buf_size = MZ_MIN(file_stat.m_comp_size, (mz_uint64)MZ_ZIP_MAX_IO_BUF_SIZE);
-        if (((sizeof(size_t) == sizeof(mz_uint32))) && (read_buf_size > 0x7FFFFFFF))
+        if(((sizeof(size_t) == sizeof(mz_uint32))) && (read_buf_size > 0x7FFFFFFF))
             return mz_zip_set_error(pZip, MZ_ZIP_INTERNAL_ERROR);
 
-        if (NULL == (pRead_buf = pZip->m_pAlloc(pZip->m_pAlloc_opaque, 1, (size_t)read_buf_size)))
+        if(NULL == (pRead_buf = pZip->m_pAlloc(pZip->m_pAlloc_opaque, 1, (size_t)read_buf_size)))
             return mz_zip_set_error(pZip, MZ_ZIP_ALLOC_FAILED);
 
         read_buf_avail = 0;
@@ -4344,10 +4344,10 @@ mz_bool mz_zip_reader_extract_to_mem_no_alloc(mz_zip_archive *pZip, mz_uint file
     {
         /* The size_t cast here should be OK because we've verified that the output buffer is >= file_stat.m_uncomp_size above */
         size_t in_buf_size, out_buf_size = (size_t)(file_stat.m_uncomp_size - out_buf_ofs);
-        if ((!read_buf_avail) && (!pZip->m_pState->m_pMem))
+        if((!read_buf_avail) && (!pZip->m_pState->m_pMem))
         {
             read_buf_avail = MZ_MIN(read_buf_size, comp_remaining);
-            if (pZip->m_pRead(pZip->m_pIO_opaque, cur_file_ofs, pRead_buf, (size_t)read_buf_avail) != read_buf_avail)
+            if(pZip->m_pRead(pZip->m_pIO_opaque, cur_file_ofs, pRead_buf, (size_t)read_buf_avail) != read_buf_avail)
             {
                 status = TINFL_STATUS_FAILED;
                 mz_zip_set_error(pZip, MZ_ZIP_DECOMPRESSION_FAILED);
@@ -4362,18 +4362,18 @@ mz_bool mz_zip_reader_extract_to_mem_no_alloc(mz_zip_archive *pZip, mz_uint file
         read_buf_avail -= in_buf_size;
         read_buf_ofs += in_buf_size;
         out_buf_ofs += out_buf_size;
-    } while (status == TINFL_STATUS_NEEDS_MORE_INPUT);
+    } while(status == TINFL_STATUS_NEEDS_MORE_INPUT);
 
-    if (status == TINFL_STATUS_DONE)
+    if(status == TINFL_STATUS_DONE)
     {
         /* Make sure the entire file was decompressed, and check its CRC. */
-        if (out_buf_ofs != file_stat.m_uncomp_size)
+        if(out_buf_ofs != file_stat.m_uncomp_size)
         {
             mz_zip_set_error(pZip, MZ_ZIP_UNEXPECTED_DECOMPRESSED_SIZE);
             status = TINFL_STATUS_FAILED;
         }
 #ifndef MINIZ_DISABLE_ZIP_READER_CRC32_CHECKS
-        else if (mz_crc32(MZ_CRC32_INIT, (const mz_uint8 *)pBuf, (size_t)file_stat.m_uncomp_size) != file_stat.m_crc32)
+        else if(mz_crc32(MZ_CRC32_INIT, (const mz_uint8 *)pBuf, (size_t)file_stat.m_uncomp_size) != file_stat.m_crc32)
         {
             mz_zip_set_error(pZip, MZ_ZIP_CRC_CHECK_FAILED);
             status = TINFL_STATUS_FAILED;
@@ -4381,7 +4381,7 @@ mz_bool mz_zip_reader_extract_to_mem_no_alloc(mz_zip_archive *pZip, mz_uint file
 #endif
     }
 
-    if ((!pZip->m_pState->m_pMem) && (!pUser_read_buf))
+    if((!pZip->m_pState->m_pMem) && (!pUser_read_buf))
         pZip->m_pFree(pZip->m_pAlloc_opaque, pRead_buf);
 
     return status == TINFL_STATUS_DONE;
@@ -4390,7 +4390,7 @@ mz_bool mz_zip_reader_extract_to_mem_no_alloc(mz_zip_archive *pZip, mz_uint file
 mz_bool mz_zip_reader_extract_file_to_mem_no_alloc(mz_zip_archive *pZip, const char *pFilename, void *pBuf, size_t buf_size, mz_uint flags, void *pUser_read_buf, size_t user_read_buf_size)
 {
     mz_uint32 file_index;
-    if (!mz_zip_reader_locate_file_v2(pZip, pFilename, NULL, flags, &file_index))
+    if(!mz_zip_reader_locate_file_v2(pZip, pFilename, NULL, flags, &file_index))
         return MZ_FALSE;
     return mz_zip_reader_extract_to_mem_no_alloc(pZip, file_index, pBuf, buf_size, flags, pUser_read_buf, user_read_buf_size);
 }
@@ -4411,10 +4411,10 @@ void *mz_zip_reader_extract_to_heap(mz_zip_archive *pZip, mz_uint file_index, si
     const mz_uint8 *p = mz_zip_get_cdh(pZip, file_index);
     void *pBuf;
 
-    if (pSize)
+    if(pSize)
         *pSize = 0;
 
-    if (!p)
+    if(!p)
     {
         mz_zip_set_error(pZip, MZ_ZIP_INVALID_PARAMETER);
         return NULL;
@@ -4424,25 +4424,25 @@ void *mz_zip_reader_extract_to_heap(mz_zip_archive *pZip, mz_uint file_index, si
     uncomp_size = MZ_READ_LE32(p + MZ_ZIP_CDH_DECOMPRESSED_SIZE_OFS);
 
     alloc_size = (flags & MZ_ZIP_FLAG_COMPRESSED_DATA) ? comp_size : uncomp_size;
-    if (((sizeof(size_t) == sizeof(mz_uint32))) && (alloc_size > 0x7FFFFFFF))
+    if(((sizeof(size_t) == sizeof(mz_uint32))) && (alloc_size > 0x7FFFFFFF))
     {
         mz_zip_set_error(pZip, MZ_ZIP_INTERNAL_ERROR);
         return NULL;
     }
 
-    if (NULL == (pBuf = pZip->m_pAlloc(pZip->m_pAlloc_opaque, 1, (size_t)alloc_size)))
+    if(NULL == (pBuf = pZip->m_pAlloc(pZip->m_pAlloc_opaque, 1, (size_t)alloc_size)))
     {
         mz_zip_set_error(pZip, MZ_ZIP_ALLOC_FAILED);
         return NULL;
     }
 
-    if (!mz_zip_reader_extract_to_mem(pZip, file_index, pBuf, (size_t)alloc_size, flags))
+    if(!mz_zip_reader_extract_to_mem(pZip, file_index, pBuf, (size_t)alloc_size, flags))
     {
         pZip->m_pFree(pZip->m_pAlloc_opaque, pBuf);
         return NULL;
     }
 
-    if (pSize)
+    if(pSize)
         *pSize = (size_t)alloc_size;
     return pBuf;
 }
@@ -4450,9 +4450,9 @@ void *mz_zip_reader_extract_to_heap(mz_zip_archive *pZip, mz_uint file_index, si
 void *mz_zip_reader_extract_file_to_heap(mz_zip_archive *pZip, const char *pFilename, size_t *pSize, mz_uint flags)
 {
     mz_uint32 file_index;
-    if (!mz_zip_reader_locate_file_v2(pZip, pFilename, NULL, flags, &file_index))
+    if(!mz_zip_reader_locate_file_v2(pZip, pFilename, NULL, flags, &file_index))
     {
-        if (pSize)
+        if(pSize)
             *pSize = 0;
         return nullptr;
     }
@@ -4470,38 +4470,38 @@ mz_bool mz_zip_reader_extract_to_callback(mz_zip_archive *pZip, mz_uint file_ind
     mz_uint32 local_header_u32[(MZ_ZIP_LOCAL_DIR_HEADER_SIZE + sizeof(mz_uint32) - 1) / sizeof(mz_uint32)];
     mz_uint8 *pLocal_header = (mz_uint8 *)local_header_u32;
 
-    if ((!pZip) || (!pZip->m_pState) || (!pCallback) || (!pZip->m_pRead))
+    if((!pZip) || (!pZip->m_pState) || (!pCallback) || (!pZip->m_pRead))
         return mz_zip_set_error(pZip, MZ_ZIP_INVALID_PARAMETER);
 
-    if (!mz_zip_reader_file_stat(pZip, file_index, &file_stat))
+    if(!mz_zip_reader_file_stat(pZip, file_index, &file_stat))
         return MZ_FALSE;
 
     /* A directory or zero length file */
-    if ((file_stat.m_is_directory) || (!file_stat.m_comp_size))
+    if((file_stat.m_is_directory) || (!file_stat.m_comp_size))
         return MZ_TRUE;
 
     /* Encryption and patch files are not supported. */
-    if (file_stat.m_bit_flag & (MZ_ZIP_GENERAL_PURPOSE_BIT_FLAG_IS_ENCRYPTED | MZ_ZIP_GENERAL_PURPOSE_BIT_FLAG_USES_STRONG_ENCRYPTION | MZ_ZIP_GENERAL_PURPOSE_BIT_FLAG_COMPRESSED_PATCH_FLAG))
+    if(file_stat.m_bit_flag & (MZ_ZIP_GENERAL_PURPOSE_BIT_FLAG_IS_ENCRYPTED | MZ_ZIP_GENERAL_PURPOSE_BIT_FLAG_USES_STRONG_ENCRYPTION | MZ_ZIP_GENERAL_PURPOSE_BIT_FLAG_COMPRESSED_PATCH_FLAG))
         return mz_zip_set_error(pZip, MZ_ZIP_UNSUPPORTED_ENCRYPTION);
 
     /* This function only supports decompressing stored and deflate. */
-    if ((!(flags & MZ_ZIP_FLAG_COMPRESSED_DATA)) && (file_stat.m_method != 0) && (file_stat.m_method != MZ_DEFLATED))
+    if((!(flags & MZ_ZIP_FLAG_COMPRESSED_DATA)) && (file_stat.m_method != 0) && (file_stat.m_method != MZ_DEFLATED))
         return mz_zip_set_error(pZip, MZ_ZIP_UNSUPPORTED_METHOD);
 
     /* Read and do some minimal validation of the local directory entry (this doesn't crack the zip64 stuff, which we already have from the central dir) */
     cur_file_ofs = file_stat.m_local_header_ofs;
-    if (pZip->m_pRead(pZip->m_pIO_opaque, cur_file_ofs, pLocal_header, MZ_ZIP_LOCAL_DIR_HEADER_SIZE) != MZ_ZIP_LOCAL_DIR_HEADER_SIZE)
+    if(pZip->m_pRead(pZip->m_pIO_opaque, cur_file_ofs, pLocal_header, MZ_ZIP_LOCAL_DIR_HEADER_SIZE) != MZ_ZIP_LOCAL_DIR_HEADER_SIZE)
         return mz_zip_set_error(pZip, MZ_ZIP_FILE_READ_FAILED);
 
-    if (MZ_READ_LE32(pLocal_header) != MZ_ZIP_LOCAL_DIR_HEADER_SIG)
+    if(MZ_READ_LE32(pLocal_header) != MZ_ZIP_LOCAL_DIR_HEADER_SIG)
         return mz_zip_set_error(pZip, MZ_ZIP_INVALID_HEADER_OR_CORRUPTED);
 
     cur_file_ofs += MZ_ZIP_LOCAL_DIR_HEADER_SIZE + MZ_READ_LE16(pLocal_header + MZ_ZIP_LDH_FILENAME_LEN_OFS) + MZ_READ_LE16(pLocal_header + MZ_ZIP_LDH_EXTRA_LEN_OFS);
-    if ((cur_file_ofs + file_stat.m_comp_size) > pZip->m_archive_size)
+    if((cur_file_ofs + file_stat.m_comp_size) > pZip->m_archive_size)
         return mz_zip_set_error(pZip, MZ_ZIP_INVALID_HEADER_OR_CORRUPTED);
 
     /* Decompress the file either directly from memory or from a file input buffer. */
-    if (pZip->m_pState->m_pMem)
+    if(pZip->m_pState->m_pMem)
     {
         pRead_buf = (mz_uint8 *)pZip->m_pState->m_pMem + cur_file_ofs;
         read_buf_size = read_buf_avail = file_stat.m_comp_size;
@@ -4510,27 +4510,27 @@ mz_bool mz_zip_reader_extract_to_callback(mz_zip_archive *pZip, mz_uint file_ind
     else
     {
         read_buf_size = MZ_MIN(file_stat.m_comp_size, (mz_uint64)MZ_ZIP_MAX_IO_BUF_SIZE);
-        if (NULL == (pRead_buf = pZip->m_pAlloc(pZip->m_pAlloc_opaque, 1, (size_t)read_buf_size)))
+        if(NULL == (pRead_buf = pZip->m_pAlloc(pZip->m_pAlloc_opaque, 1, (size_t)read_buf_size)))
             return mz_zip_set_error(pZip, MZ_ZIP_ALLOC_FAILED);
 
         read_buf_avail = 0;
         comp_remaining = file_stat.m_comp_size;
     }
 
-    if ((flags & MZ_ZIP_FLAG_COMPRESSED_DATA) || (!file_stat.m_method))
+    if((flags & MZ_ZIP_FLAG_COMPRESSED_DATA) || (!file_stat.m_method))
     {
         /* The file is stored or the caller has requested the compressed data. */
-        if (pZip->m_pState->m_pMem)
+        if(pZip->m_pState->m_pMem)
         {
-            if (((sizeof(size_t) == sizeof(mz_uint32))) && (file_stat.m_comp_size > MZ_UINT32_MAX))
+            if(((sizeof(size_t) == sizeof(mz_uint32))) && (file_stat.m_comp_size > MZ_UINT32_MAX))
                 return mz_zip_set_error(pZip, MZ_ZIP_INTERNAL_ERROR);
 
-            if (pCallback(pOpaque, out_buf_ofs, pRead_buf, (size_t)file_stat.m_comp_size) != file_stat.m_comp_size)
+            if(pCallback(pOpaque, out_buf_ofs, pRead_buf, (size_t)file_stat.m_comp_size) != file_stat.m_comp_size)
             {
                 mz_zip_set_error(pZip, MZ_ZIP_WRITE_CALLBACK_FAILED);
                 status = TINFL_STATUS_FAILED;
             }
-            else if (!(flags & MZ_ZIP_FLAG_COMPRESSED_DATA))
+            else if(!(flags & MZ_ZIP_FLAG_COMPRESSED_DATA))
             {
 #ifndef MINIZ_DISABLE_ZIP_READER_CRC32_CHECKS
                 file_crc32 = (mz_uint32)mz_crc32(file_crc32, (const mz_uint8 *)pRead_buf, (size_t)file_stat.m_comp_size);
@@ -4543,10 +4543,10 @@ mz_bool mz_zip_reader_extract_to_callback(mz_zip_archive *pZip, mz_uint file_ind
         }
         else
         {
-            while (comp_remaining)
+            while(comp_remaining)
             {
                 read_buf_avail = MZ_MIN(read_buf_size, comp_remaining);
-                if (pZip->m_pRead(pZip->m_pIO_opaque, cur_file_ofs, pRead_buf, (size_t)read_buf_avail) != read_buf_avail)
+                if(pZip->m_pRead(pZip->m_pIO_opaque, cur_file_ofs, pRead_buf, (size_t)read_buf_avail) != read_buf_avail)
                 {
                     mz_zip_set_error(pZip, MZ_ZIP_FILE_READ_FAILED);
                     status = TINFL_STATUS_FAILED;
@@ -4554,13 +4554,13 @@ mz_bool mz_zip_reader_extract_to_callback(mz_zip_archive *pZip, mz_uint file_ind
                 }
 
 #ifndef MINIZ_DISABLE_ZIP_READER_CRC32_CHECKS
-                if (!(flags & MZ_ZIP_FLAG_COMPRESSED_DATA))
+                if(!(flags & MZ_ZIP_FLAG_COMPRESSED_DATA))
                 {
                     file_crc32 = (mz_uint32)mz_crc32(file_crc32, (const mz_uint8 *)pRead_buf, (size_t)read_buf_avail);
                 }
 #endif
 
-                if (pCallback(pOpaque, out_buf_ofs, pRead_buf, (size_t)read_buf_avail) != read_buf_avail)
+                if(pCallback(pOpaque, out_buf_ofs, pRead_buf, (size_t)read_buf_avail) != read_buf_avail)
                 {
                     mz_zip_set_error(pZip, MZ_ZIP_WRITE_CALLBACK_FAILED);
                     status = TINFL_STATUS_FAILED;
@@ -4578,7 +4578,7 @@ mz_bool mz_zip_reader_extract_to_callback(mz_zip_archive *pZip, mz_uint file_ind
         tinfl_decompressor inflator;
         tinfl_init(&inflator);
 
-        if (NULL == (pWrite_buf = pZip->m_pAlloc(pZip->m_pAlloc_opaque, 1, TINFL_LZ_DICT_SIZE)))
+        if(NULL == (pWrite_buf = pZip->m_pAlloc(pZip->m_pAlloc_opaque, 1, TINFL_LZ_DICT_SIZE)))
         {
             mz_zip_set_error(pZip, MZ_ZIP_ALLOC_FAILED);
             status = TINFL_STATUS_FAILED;
@@ -4589,10 +4589,10 @@ mz_bool mz_zip_reader_extract_to_callback(mz_zip_archive *pZip, mz_uint file_ind
             {
                 mz_uint8 *pWrite_buf_cur = (mz_uint8 *)pWrite_buf + (out_buf_ofs & (TINFL_LZ_DICT_SIZE - 1));
                 size_t in_buf_size, out_buf_size = TINFL_LZ_DICT_SIZE - (out_buf_ofs & (TINFL_LZ_DICT_SIZE - 1));
-                if ((!read_buf_avail) && (!pZip->m_pState->m_pMem))
+                if((!read_buf_avail) && (!pZip->m_pState->m_pMem))
                 {
                     read_buf_avail = MZ_MIN(read_buf_size, comp_remaining);
-                    if (pZip->m_pRead(pZip->m_pIO_opaque, cur_file_ofs, pRead_buf, (size_t)read_buf_avail) != read_buf_avail)
+                    if(pZip->m_pRead(pZip->m_pIO_opaque, cur_file_ofs, pRead_buf, (size_t)read_buf_avail) != read_buf_avail)
                     {
                         mz_zip_set_error(pZip, MZ_ZIP_FILE_READ_FAILED);
                         status = TINFL_STATUS_FAILED;
@@ -4608,9 +4608,9 @@ mz_bool mz_zip_reader_extract_to_callback(mz_zip_archive *pZip, mz_uint file_ind
                 read_buf_avail -= in_buf_size;
                 read_buf_ofs += in_buf_size;
 
-                if (out_buf_size)
+                if(out_buf_size)
                 {
-                    if (pCallback(pOpaque, out_buf_ofs, pWrite_buf_cur, out_buf_size) != out_buf_size)
+                    if(pCallback(pOpaque, out_buf_ofs, pWrite_buf_cur, out_buf_size) != out_buf_size)
                     {
                         mz_zip_set_error(pZip, MZ_ZIP_WRITE_CALLBACK_FAILED);
                         status = TINFL_STATUS_FAILED;
@@ -4620,27 +4620,27 @@ mz_bool mz_zip_reader_extract_to_callback(mz_zip_archive *pZip, mz_uint file_ind
 #ifndef MINIZ_DISABLE_ZIP_READER_CRC32_CHECKS
                     file_crc32 = (mz_uint32)mz_crc32(file_crc32, pWrite_buf_cur, out_buf_size);
 #endif
-                    if ((out_buf_ofs += out_buf_size) > file_stat.m_uncomp_size)
+                    if((out_buf_ofs += out_buf_size) > file_stat.m_uncomp_size)
                     {
                         mz_zip_set_error(pZip, MZ_ZIP_DECOMPRESSION_FAILED);
                         status = TINFL_STATUS_FAILED;
                         break;
                     }
                 }
-            } while ((status == TINFL_STATUS_NEEDS_MORE_INPUT) || (status == TINFL_STATUS_HAS_MORE_OUTPUT));
+            } while((status == TINFL_STATUS_NEEDS_MORE_INPUT) || (status == TINFL_STATUS_HAS_MORE_OUTPUT));
         }
     }
 
-    if ((status == TINFL_STATUS_DONE) && (!(flags & MZ_ZIP_FLAG_COMPRESSED_DATA)))
+    if((status == TINFL_STATUS_DONE) && (!(flags & MZ_ZIP_FLAG_COMPRESSED_DATA)))
     {
         /* Make sure the entire file was decompressed, and check its CRC. */
-        if (out_buf_ofs != file_stat.m_uncomp_size)
+        if(out_buf_ofs != file_stat.m_uncomp_size)
         {
             mz_zip_set_error(pZip, MZ_ZIP_UNEXPECTED_DECOMPRESSED_SIZE);
             status = TINFL_STATUS_FAILED;
         }
 #ifndef MINIZ_DISABLE_ZIP_READER_CRC32_CHECKS
-        else if (file_crc32 != file_stat.m_crc32)
+        else if(file_crc32 != file_stat.m_crc32)
         {
             mz_zip_set_error(pZip, MZ_ZIP_DECOMPRESSION_FAILED);
             status = TINFL_STATUS_FAILED;
@@ -4648,10 +4648,10 @@ mz_bool mz_zip_reader_extract_to_callback(mz_zip_archive *pZip, mz_uint file_ind
 #endif
     }
 
-    if (!pZip->m_pState->m_pMem)
+    if(!pZip->m_pState->m_pMem)
         pZip->m_pFree(pZip->m_pAlloc_opaque, pRead_buf);
 
-    if (pWrite_buf)
+    if(pWrite_buf)
         pZip->m_pFree(pZip->m_pAlloc_opaque, pWrite_buf);
 
     return status == TINFL_STATUS_DONE;
@@ -4660,7 +4660,7 @@ mz_bool mz_zip_reader_extract_to_callback(mz_zip_archive *pZip, mz_uint file_ind
 mz_bool mz_zip_reader_extract_file_to_callback(mz_zip_archive *pZip, const char *pFilename, mz_file_write_func pCallback, void *pOpaque, mz_uint flags)
 {
     mz_uint32 file_index;
-    if (!mz_zip_reader_locate_file_v2(pZip, pFilename, NULL, flags, &file_index))
+    if(!mz_zip_reader_locate_file_v2(pZip, pFilename, NULL, flags, &file_index))
         return MZ_FALSE;
 
     return mz_zip_reader_extract_to_callback(pZip, file_index, pCallback, pOpaque, flags);
@@ -4680,28 +4680,28 @@ mz_bool mz_zip_reader_extract_to_file(mz_zip_archive *pZip, mz_uint file_index,
     mz_zip_archive_file_stat file_stat;
     MZ_FILE *pFile;
 
-    if (!mz_zip_reader_file_stat(pZip, file_index, &file_stat))
+    if(!mz_zip_reader_file_stat(pZip, file_index, &file_stat))
         return MZ_FALSE;
 
-    if ((file_stat.m_is_directory) || (!file_stat.m_is_supported))
+    if((file_stat.m_is_directory) || (!file_stat.m_is_supported))
         return mz_zip_set_error(pZip, MZ_ZIP_UNSUPPORTED_FEATURE);
 
     pFile = MZ_FOPEN(pDst_filename, "wb");
-    if (!pFile)
+    if(!pFile)
         return mz_zip_set_error(pZip, MZ_ZIP_FILE_OPEN_FAILED);
 
     status = mz_zip_reader_extract_to_callback(pZip, file_index, mz_zip_file_write_callback, pFile, flags);
 
-    if (MZ_FCLOSE(pFile) == EOF)
+    if(MZ_FCLOSE(pFile) == EOF)
     {
-        if (status)
+        if(status)
             mz_zip_set_error(pZip, MZ_ZIP_FILE_CLOSE_FAILED);
 
         status = MZ_FALSE;
     }
 
 #if !defined(MINIZ_NO_TIME) && !defined(MINIZ_NO_STDIO)
-    if (status)
+    if(status)
         mz_zip_set_file_times(pDst_filename, file_stat.m_time, file_stat.m_time);
 #endif
 
@@ -4711,7 +4711,7 @@ mz_bool mz_zip_reader_extract_to_file(mz_zip_archive *pZip, mz_uint file_index,
 mz_bool mz_zip_reader_extract_file_to_file(mz_zip_archive *pZip, const char *pArchive_filename, const char *pDst_filename, mz_uint flags)
 {
     mz_uint32 file_index;
-    if (!mz_zip_reader_locate_file_v2(pZip, pArchive_filename, NULL, flags, &file_index))
+    if(!mz_zip_reader_locate_file_v2(pZip, pArchive_filename, NULL, flags, &file_index))
         return MZ_FALSE;
 
     return mz_zip_reader_extract_to_file(pZip, file_index, pDst_filename, flags);
@@ -4721,10 +4721,10 @@ mz_bool mz_zip_reader_extract_to_cfile(mz_zip_archive *pZip, mz_uint file_index,
 {
     mz_zip_archive_file_stat file_stat;
 
-    if (!mz_zip_reader_file_stat(pZip, file_index, &file_stat))
+    if(!mz_zip_reader_file_stat(pZip, file_index, &file_stat))
         return MZ_FALSE;
 
-    if ((file_stat.m_is_directory) || (!file_stat.m_is_supported))
+    if((file_stat.m_is_directory) || (!file_stat.m_is_supported))
         return mz_zip_set_error(pZip, MZ_ZIP_UNSUPPORTED_FEATURE);
 
     return mz_zip_reader_extract_to_callback(pZip, file_index, mz_zip_file_write_callback, pFile, flags);
@@ -4733,7 +4733,7 @@ mz_bool mz_zip_reader_extract_to_cfile(mz_zip_archive *pZip, mz_uint file_index,
 mz_bool mz_zip_reader_extract_file_to_cfile(mz_zip_archive *pZip, const char *pArchive_filename, MZ_FILE *pFile, mz_uint flags)
 {
     mz_uint32 file_index;
-    if (!mz_zip_reader_locate_file_v2(pZip, pArchive_filename, NULL, flags, &file_index))
+    if(!mz_zip_reader_locate_file_v2(pZip, pArchive_filename, NULL, flags, &file_index))
         return MZ_FALSE;
 
     return mz_zip_reader_extract_to_cfile(pZip, file_index, pFile, flags);
@@ -4767,40 +4767,40 @@ mz_bool mz_zip_validate_file(mz_zip_archive *pZip, mz_uint file_index, mz_uint f
     mz_zip_array file_data_array;
     mz_zip_array_init(&file_data_array, 1);
 
-    if ((!pZip) || (!pZip->m_pState) || (!pZip->m_pAlloc) || (!pZip->m_pFree) || (!pZip->m_pRead))
+    if((!pZip) || (!pZip->m_pState) || (!pZip->m_pAlloc) || (!pZip->m_pFree) || (!pZip->m_pRead))
         return mz_zip_set_error(pZip, MZ_ZIP_INVALID_PARAMETER);
 
-    if (file_index > pZip->m_total_files)
+    if(file_index > pZip->m_total_files)
         return mz_zip_set_error(pZip, MZ_ZIP_INVALID_PARAMETER);
 
     pState = pZip->m_pState;
 
     pCentral_dir_header = mz_zip_get_cdh(pZip, file_index);
 
-    if (!mz_zip_file_stat_internal(pZip, file_index, pCentral_dir_header, &file_stat, &found_zip64_ext_data_in_cdir))
+    if(!mz_zip_file_stat_internal(pZip, file_index, pCentral_dir_header, &file_stat, &found_zip64_ext_data_in_cdir))
         return MZ_FALSE;
 
     /* A directory or zero length file */
-    if ((file_stat.m_is_directory) || (!file_stat.m_uncomp_size))
+    if((file_stat.m_is_directory) || (!file_stat.m_uncomp_size))
         return MZ_TRUE;
 
     /* Encryption and patch files are not supported. */
-    if (file_stat.m_is_encrypted)
+    if(file_stat.m_is_encrypted)
         return mz_zip_set_error(pZip, MZ_ZIP_UNSUPPORTED_ENCRYPTION);
 
     /* This function only supports stored and deflate. */
-    if ((file_stat.m_method != 0) && (file_stat.m_method != MZ_DEFLATED))
+    if((file_stat.m_method != 0) && (file_stat.m_method != MZ_DEFLATED))
         return mz_zip_set_error(pZip, MZ_ZIP_UNSUPPORTED_METHOD);
 
-    if (!file_stat.m_is_supported)
+    if(!file_stat.m_is_supported)
         return mz_zip_set_error(pZip, MZ_ZIP_UNSUPPORTED_FEATURE);
 
     /* Read and parse the local directory entry. */
     local_header_ofs = file_stat.m_local_header_ofs;
-    if (pZip->m_pRead(pZip->m_pIO_opaque, local_header_ofs, pLocal_header, MZ_ZIP_LOCAL_DIR_HEADER_SIZE) != MZ_ZIP_LOCAL_DIR_HEADER_SIZE)
+    if(pZip->m_pRead(pZip->m_pIO_opaque, local_header_ofs, pLocal_header, MZ_ZIP_LOCAL_DIR_HEADER_SIZE) != MZ_ZIP_LOCAL_DIR_HEADER_SIZE)
         return mz_zip_set_error(pZip, MZ_ZIP_FILE_READ_FAILED);
 
-    if (MZ_READ_LE32(pLocal_header) != MZ_ZIP_LOCAL_DIR_HEADER_SIG)
+    if(MZ_READ_LE32(pLocal_header) != MZ_ZIP_LOCAL_DIR_HEADER_SIG)
         return mz_zip_set_error(pZip, MZ_ZIP_INVALID_HEADER_OR_CORRUPTED);
 
     local_header_filename_len = MZ_READ_LE16(pLocal_header + MZ_ZIP_LDH_FILENAME_LEN_OFS);
@@ -4811,34 +4811,34 @@ mz_bool mz_zip_validate_file(mz_zip_archive *pZip, mz_uint file_index, mz_uint f
     local_header_bit_flags = MZ_READ_LE16(pLocal_header + MZ_ZIP_LDH_BIT_FLAG_OFS);
     has_data_descriptor = (local_header_bit_flags & 8) != 0;
 
-    if (local_header_filename_len != strlen(file_stat.m_filename))
+    if(local_header_filename_len != strlen(file_stat.m_filename))
         return mz_zip_set_error(pZip, MZ_ZIP_INVALID_HEADER_OR_CORRUPTED);
 
-    if ((local_header_ofs + MZ_ZIP_LOCAL_DIR_HEADER_SIZE + local_header_filename_len + local_header_extra_len + file_stat.m_comp_size) > pZip->m_archive_size)
+    if((local_header_ofs + MZ_ZIP_LOCAL_DIR_HEADER_SIZE + local_header_filename_len + local_header_extra_len + file_stat.m_comp_size) > pZip->m_archive_size)
         return mz_zip_set_error(pZip, MZ_ZIP_INVALID_HEADER_OR_CORRUPTED);
 
-    if (!mz_zip_array_resize(pZip, &file_data_array, MZ_MAX(local_header_filename_len, local_header_extra_len), MZ_FALSE))
+    if(!mz_zip_array_resize(pZip, &file_data_array, MZ_MAX(local_header_filename_len, local_header_extra_len), MZ_FALSE))
         return mz_zip_set_error(pZip, MZ_ZIP_ALLOC_FAILED);
 
-    if (local_header_filename_len)
+    if(local_header_filename_len)
     {
-        if (pZip->m_pRead(pZip->m_pIO_opaque, local_header_ofs + MZ_ZIP_LOCAL_DIR_HEADER_SIZE, file_data_array.m_p, local_header_filename_len) != local_header_filename_len)
+        if(pZip->m_pRead(pZip->m_pIO_opaque, local_header_ofs + MZ_ZIP_LOCAL_DIR_HEADER_SIZE, file_data_array.m_p, local_header_filename_len) != local_header_filename_len)
         {
             mz_zip_set_error(pZip, MZ_ZIP_FILE_READ_FAILED);
             goto handle_failure;
         }
 
         /* I've seen 1 archive that had the same pathname, but used backslashes in the local dir and forward slashes in the central dir. Do we care about this? For now, this case will fail validation. */
-        if (memcmp(file_stat.m_filename, file_data_array.m_p, local_header_filename_len) != 0)
+        if(memcmp(file_stat.m_filename, file_data_array.m_p, local_header_filename_len) != 0)
         {
             mz_zip_set_error(pZip, MZ_ZIP_VALIDATION_FAILED);
             goto handle_failure;
         }
     }
 
-    if ((local_header_extra_len) && ((local_header_comp_size == MZ_UINT32_MAX) || (local_header_uncomp_size == MZ_UINT32_MAX)))
+    if((local_header_extra_len) && ((local_header_comp_size == MZ_UINT32_MAX) || (local_header_uncomp_size == MZ_UINT32_MAX)))
     {
-        if (pZip->m_pRead(pZip->m_pIO_opaque, local_header_ofs + MZ_ZIP_LOCAL_DIR_HEADER_SIZE + local_header_filename_len, file_data_array.m_p, local_header_extra_len) != local_header_extra_len)
+        if(pZip->m_pRead(pZip->m_pIO_opaque, local_header_ofs + MZ_ZIP_LOCAL_DIR_HEADER_SIZE + local_header_filename_len, file_data_array.m_p, local_header_extra_len) != local_header_extra_len)
         {
             mz_zip_set_error(pZip, MZ_ZIP_FILE_READ_FAILED);
             goto handle_failure;
@@ -4851,21 +4851,21 @@ mz_bool mz_zip_validate_file(mz_zip_archive *pZip, mz_uint file_index, mz_uint f
         {
             mz_uint32 field_id, field_data_size, field_total_size;
 
-            if (extra_size_remaining < (sizeof(mz_uint16) * 2))
+            if(extra_size_remaining < (sizeof(mz_uint16) * 2))
                 return mz_zip_set_error(pZip, MZ_ZIP_INVALID_HEADER_OR_CORRUPTED);
 
             field_id = MZ_READ_LE16(pExtra_data);
             field_data_size = MZ_READ_LE16(pExtra_data + sizeof(mz_uint16));
             field_total_size = field_data_size + sizeof(mz_uint16) * 2;
 
-            if (field_total_size > extra_size_remaining)
+            if(field_total_size > extra_size_remaining)
                 return mz_zip_set_error(pZip, MZ_ZIP_INVALID_HEADER_OR_CORRUPTED);
 
-            if (field_id == MZ_ZIP64_EXTENDED_INFORMATION_FIELD_HEADER_ID)
+            if(field_id == MZ_ZIP64_EXTENDED_INFORMATION_FIELD_HEADER_ID)
             {
                 const mz_uint8 *pSrc_field_data = pExtra_data + sizeof(mz_uint32);
 
-                if (field_data_size < sizeof(mz_uint64) * 2)
+                if(field_data_size < sizeof(mz_uint64) * 2)
                 {
                     mz_zip_set_error(pZip, MZ_ZIP_INVALID_HEADER_OR_CORRUPTED);
                     goto handle_failure;
@@ -4880,18 +4880,18 @@ mz_bool mz_zip_validate_file(mz_zip_archive *pZip, mz_uint file_index, mz_uint f
 
             pExtra_data += field_total_size;
             extra_size_remaining -= field_total_size;
-        } while (extra_size_remaining);
+        } while(extra_size_remaining);
     }
 
     /* TODO: parse local header extra data when local_header_comp_size is 0xFFFFFFFF! (big_descriptor.zip) */
     /* I've seen zips in the wild with the data descriptor bit set, but proper local header values and bogus data descriptors */
-    if ((has_data_descriptor) && (!local_header_comp_size) && (!local_header_crc32))
+    if((has_data_descriptor) && (!local_header_comp_size) && (!local_header_crc32))
     {
         mz_uint8 descriptor_buf[32];
 
         mz_uint32 num_descriptor_uint32s = ((pState->m_zip64) || (found_zip64_ext_data_in_ldir)) ? 6 : 4;
 
-        if (pZip->m_pRead(pZip->m_pIO_opaque, local_header_ofs + MZ_ZIP_LOCAL_DIR_HEADER_SIZE + local_header_filename_len + local_header_extra_len + file_stat.m_comp_size, descriptor_buf, sizeof(mz_uint32) * num_descriptor_uint32s) != (sizeof(mz_uint32) * num_descriptor_uint32s))
+        if(pZip->m_pRead(pZip->m_pIO_opaque, local_header_ofs + MZ_ZIP_LOCAL_DIR_HEADER_SIZE + local_header_filename_len + local_header_extra_len + file_stat.m_comp_size, descriptor_buf, sizeof(mz_uint32) * num_descriptor_uint32s) != (sizeof(mz_uint32) * num_descriptor_uint32s))
         {
             mz_zip_set_error(pZip, MZ_ZIP_FILE_READ_FAILED);
             goto handle_failure;
@@ -4903,7 +4903,7 @@ mz_bool mz_zip_validate_file(mz_zip_archive *pZip, mz_uint file_index, mz_uint f
         mz_uint32 file_crc32 = MZ_READ_LE32(pSrc);
         mz_uint64 comp_size = 0, uncomp_size = 0;
 
-        if ((pState->m_zip64) || (found_zip64_ext_data_in_ldir))
+        if((pState->m_zip64) || (found_zip64_ext_data_in_ldir))
         {
             comp_size = MZ_READ_LE64(pSrc + sizeof(mz_uint32));
             uncomp_size = MZ_READ_LE64(pSrc + sizeof(mz_uint32) + sizeof(mz_uint64));
@@ -4914,7 +4914,7 @@ mz_bool mz_zip_validate_file(mz_zip_archive *pZip, mz_uint file_index, mz_uint f
             uncomp_size = MZ_READ_LE32(pSrc + sizeof(mz_uint32) + sizeof(mz_uint32));
         }
 
-        if ((file_crc32 != file_stat.m_crc32) || (comp_size != file_stat.m_comp_size) || (uncomp_size != file_stat.m_uncomp_size))
+        if((file_crc32 != file_stat.m_crc32) || (comp_size != file_stat.m_comp_size) || (uncomp_size != file_stat.m_uncomp_size))
         {
             mz_zip_set_error(pZip, MZ_ZIP_VALIDATION_FAILED);
             goto handle_failure;
@@ -4922,7 +4922,7 @@ mz_bool mz_zip_validate_file(mz_zip_archive *pZip, mz_uint file_index, mz_uint f
     }
     else
     {
-        if ((local_header_crc32 != file_stat.m_crc32) || (local_header_comp_size != file_stat.m_comp_size) || (local_header_uncomp_size != file_stat.m_uncomp_size))
+        if((local_header_crc32 != file_stat.m_crc32) || (local_header_comp_size != file_stat.m_comp_size) || (local_header_uncomp_size != file_stat.m_uncomp_size))
         {
             mz_zip_set_error(pZip, MZ_ZIP_VALIDATION_FAILED);
             goto handle_failure;
@@ -4931,13 +4931,13 @@ mz_bool mz_zip_validate_file(mz_zip_archive *pZip, mz_uint file_index, mz_uint f
 
     mz_zip_array_clear(pZip, &file_data_array);
 
-    if ((flags & MZ_ZIP_FLAG_VALIDATE_HEADERS_ONLY) == 0)
+    if((flags & MZ_ZIP_FLAG_VALIDATE_HEADERS_ONLY) == 0)
     {
-        if (!mz_zip_reader_extract_to_callback(pZip, file_index, mz_zip_compute_crc32_callback, &uncomp_crc32, 0))
+        if(!mz_zip_reader_extract_to_callback(pZip, file_index, mz_zip_compute_crc32_callback, &uncomp_crc32, 0))
             return MZ_FALSE;
 
         /* 1 more check to be sure, although the extract checks too. */
-        if (uncomp_crc32 != file_stat.m_crc32)
+        if(uncomp_crc32 != file_stat.m_crc32)
         {
             mz_zip_set_error(pZip, MZ_ZIP_VALIDATION_FAILED);
             return MZ_FALSE;
@@ -4956,48 +4956,48 @@ mz_bool mz_zip_validate_archive(mz_zip_archive *pZip, mz_uint flags)
     mz_zip_internal_state *pState;
     uint32_t i;
 
-    if ((!pZip) || (!pZip->m_pState) || (!pZip->m_pAlloc) || (!pZip->m_pFree) || (!pZip->m_pRead))
+    if((!pZip) || (!pZip->m_pState) || (!pZip->m_pAlloc) || (!pZip->m_pFree) || (!pZip->m_pRead))
         return mz_zip_set_error(pZip, MZ_ZIP_INVALID_PARAMETER);
 
     pState = pZip->m_pState;
 
     /* Basic sanity checks */
-    if (!pState->m_zip64)
+    if(!pState->m_zip64)
     {
-        if (pZip->m_total_files > MZ_UINT16_MAX)
+        if(pZip->m_total_files > MZ_UINT16_MAX)
             return mz_zip_set_error(pZip, MZ_ZIP_ARCHIVE_TOO_LARGE);
 
-        if (pZip->m_archive_size > MZ_UINT32_MAX)
+        if(pZip->m_archive_size > MZ_UINT32_MAX)
             return mz_zip_set_error(pZip, MZ_ZIP_ARCHIVE_TOO_LARGE);
     }
     else
     {
-        if (pZip->m_total_files >= MZ_UINT32_MAX)
+        if(pZip->m_total_files >= MZ_UINT32_MAX)
             return mz_zip_set_error(pZip, MZ_ZIP_ARCHIVE_TOO_LARGE);
 
-        if (pState->m_central_dir.m_size >= MZ_UINT32_MAX)
+        if(pState->m_central_dir.m_size >= MZ_UINT32_MAX)
             return mz_zip_set_error(pZip, MZ_ZIP_ARCHIVE_TOO_LARGE);
     }
 
-    for (i = 0; i < pZip->m_total_files; i++)
+    for(i = 0; i < pZip->m_total_files; i++)
     {
-        if (MZ_ZIP_FLAG_VALIDATE_LOCATE_FILE_FLAG & flags)
+        if(MZ_ZIP_FLAG_VALIDATE_LOCATE_FILE_FLAG & flags)
         {
             mz_uint32 found_index;
             mz_zip_archive_file_stat stat;
 
-            if (!mz_zip_reader_file_stat(pZip, i, &stat))
+            if(!mz_zip_reader_file_stat(pZip, i, &stat))
                 return MZ_FALSE;
 
-            if (!mz_zip_reader_locate_file_v2(pZip, stat.m_filename, NULL, 0, &found_index))
+            if(!mz_zip_reader_locate_file_v2(pZip, stat.m_filename, NULL, 0, &found_index))
                 return MZ_FALSE;
 
             /* This check can fail if there are duplicate filenames in the archive (which we don't check for when writing - that's up to the user) */
-            if (found_index != i)
+            if(found_index != i)
                 return mz_zip_set_error(pZip, MZ_ZIP_VALIDATION_FAILED);
         }
 
-        if (!mz_zip_validate_file(pZip, i, flags))
+        if(!mz_zip_validate_file(pZip, i, flags))
             return MZ_FALSE;
     }
 
@@ -5010,36 +5010,36 @@ mz_bool mz_zip_validate_mem_archive(const void *pMem, size_t size, mz_uint flags
     mz_zip_archive zip;
     mz_zip_error actual_err = MZ_ZIP_NO_ERROR;
 
-    if ((!pMem) || (!size))
+    if((!pMem) || (!size))
     {
-        if (pErr)
+        if(pErr)
             *pErr = MZ_ZIP_INVALID_PARAMETER;
         return MZ_FALSE;
     }
 
     mz_zip_zero_struct(&zip);
 
-    if (!mz_zip_reader_init_mem(&zip, pMem, size, flags))
+    if(!mz_zip_reader_init_mem(&zip, pMem, size, flags))
     {
-        if (pErr)
+        if(pErr)
             *pErr = zip.m_last_error;
         return MZ_FALSE;
     }
 
-    if (!mz_zip_validate_archive(&zip, flags))
+    if(!mz_zip_validate_archive(&zip, flags))
     {
         actual_err = zip.m_last_error;
         success = MZ_FALSE;
     }
 
-    if (!mz_zip_reader_end_internal(&zip, success))
+    if(!mz_zip_reader_end_internal(&zip, success))
     {
-        if (!actual_err)
+        if(!actual_err)
             actual_err = zip.m_last_error;
         success = MZ_FALSE;
     }
 
-    if (pErr)
+    if(pErr)
         *pErr = actual_err;
 
     return success;
@@ -5052,36 +5052,36 @@ mz_bool mz_zip_validate_file_archive(const char *pFilename, mz_uint flags, mz_zi
     mz_zip_archive zip;
     mz_zip_error actual_err = MZ_ZIP_NO_ERROR;
 
-    if (!pFilename)
+    if(!pFilename)
     {
-        if (pErr)
+        if(pErr)
             *pErr = MZ_ZIP_INVALID_PARAMETER;
         return MZ_FALSE;
     }
 
     mz_zip_zero_struct(&zip);
 
-    if (!mz_zip_reader_init_file_v2(&zip, pFilename, flags, 0, 0))
+    if(!mz_zip_reader_init_file_v2(&zip, pFilename, flags, 0, 0))
     {
-        if (pErr)
+        if(pErr)
             *pErr = zip.m_last_error;
         return MZ_FALSE;
     }
 
-    if (!mz_zip_validate_archive(&zip, flags))
+    if(!mz_zip_validate_archive(&zip, flags))
     {
         actual_err = zip.m_last_error;
         success = MZ_FALSE;
     }
 
-    if (!mz_zip_reader_end_internal(&zip, success))
+    if(!mz_zip_reader_end_internal(&zip, success))
     {
-        if (!actual_err)
+        if(!actual_err)
             actual_err = zip.m_last_error;
         success = MZ_FALSE;
     }
 
-    if (pErr)
+    if(pErr)
         *pErr = actual_err;
 
     return success;
@@ -5120,25 +5120,25 @@ static size_t mz_zip_heap_write_func(void *pOpaque, mz_uint64 file_ofs, const vo
     mz_zip_internal_state *pState = pZip->m_pState;
     mz_uint64 new_size = MZ_MAX(file_ofs + n, pState->m_mem_size);
 
-    if (!n)
+    if(!n)
         return 0;
 
     /* An allocation this big is likely to just fail on 32-bit systems, so don't even go there. */
-    if ((sizeof(size_t) == sizeof(mz_uint32)) && (new_size > 0x7FFFFFFF))
+    if((sizeof(size_t) == sizeof(mz_uint32)) && (new_size > 0x7FFFFFFF))
     {
         mz_zip_set_error(pZip, MZ_ZIP_FILE_TOO_LARGE);
         return 0;
     }
 
-    if (new_size > pState->m_mem_capacity)
+    if(new_size > pState->m_mem_capacity)
     {
         void *pNew_block;
         size_t new_capacity = MZ_MAX(64, pState->m_mem_capacity);
 
-        while (new_capacity < new_size)
+        while(new_capacity < new_size)
             new_capacity *= 2;
 
-        if (NULL == (pNew_block = pZip->m_pRealloc(pZip->m_pAlloc_opaque, pState->m_pMem, 1, new_capacity)))
+        if(NULL == (pNew_block = pZip->m_pRealloc(pZip->m_pAlloc_opaque, pState->m_pMem, 1, new_capacity)))
         {
             mz_zip_set_error(pZip, MZ_ZIP_ALLOC_FAILED);
             return 0;
@@ -5157,9 +5157,9 @@ static mz_bool mz_zip_writer_end_internal(mz_zip_archive *pZip, mz_bool set_last
     mz_zip_internal_state *pState;
     mz_bool status = MZ_TRUE;
 
-    if ((!pZip) || (!pZip->m_pState) || (!pZip->m_pAlloc) || (!pZip->m_pFree) || ((pZip->m_zip_mode != MZ_ZIP_MODE_WRITING) && (pZip->m_zip_mode != MZ_ZIP_MODE_WRITING_HAS_BEEN_FINALIZED)))
+    if((!pZip) || (!pZip->m_pState) || (!pZip->m_pAlloc) || (!pZip->m_pFree) || ((pZip->m_zip_mode != MZ_ZIP_MODE_WRITING) && (pZip->m_zip_mode != MZ_ZIP_MODE_WRITING_HAS_BEEN_FINALIZED)))
     {
-        if (set_last_error)
+        if(set_last_error)
             mz_zip_set_error(pZip, MZ_ZIP_INVALID_PARAMETER);
         return MZ_FALSE;
     }
@@ -5171,13 +5171,13 @@ static mz_bool mz_zip_writer_end_internal(mz_zip_archive *pZip, mz_bool set_last
     mz_zip_array_clear(pZip, &pState->m_sorted_central_dir_offsets);
 
 #ifndef MINIZ_NO_STDIO
-    if (pState->m_pFile)
+    if(pState->m_pFile)
     {
-        if (pZip->m_zip_type == MZ_ZIP_TYPE_FILE)
+        if(pZip->m_zip_type == MZ_ZIP_TYPE_FILE)
         {
-            if (MZ_FCLOSE(pState->m_pFile) == EOF)
+            if(MZ_FCLOSE(pState->m_pFile) == EOF)
             {
-                if (set_last_error)
+                if(set_last_error)
                     mz_zip_set_error(pZip, MZ_ZIP_FILE_CLOSE_FAILED);
                 status = MZ_FALSE;
             }
@@ -5187,7 +5187,7 @@ static mz_bool mz_zip_writer_end_internal(mz_zip_archive *pZip, mz_bool set_last
     }
 #endif /* #ifndef MINIZ_NO_STDIO */
 
-    if ((pZip->m_pWrite == mz_zip_heap_write_func) && (pState->m_pMem))
+    if((pZip->m_pWrite == mz_zip_heap_write_func) && (pState->m_pMem))
     {
         pZip->m_pFree(pZip->m_pAlloc_opaque, pState->m_pMem);
         pState->m_pMem = NULL;
@@ -5202,34 +5202,34 @@ mz_bool mz_zip_writer_init_v2(mz_zip_archive *pZip, mz_uint64 existing_size, mz_
 {
     mz_bool zip64 = (flags & MZ_ZIP_FLAG_WRITE_ZIP64) != 0;
 
-    if ((!pZip) || (pZip->m_pState) || (!pZip->m_pWrite) || (pZip->m_zip_mode != MZ_ZIP_MODE_INVALID))
+    if((!pZip) || (pZip->m_pState) || (!pZip->m_pWrite) || (pZip->m_zip_mode != MZ_ZIP_MODE_INVALID))
         return mz_zip_set_error(pZip, MZ_ZIP_INVALID_PARAMETER);
 
-    if (flags & MZ_ZIP_FLAG_WRITE_ALLOW_READING)
+    if(flags & MZ_ZIP_FLAG_WRITE_ALLOW_READING)
     {
-        if (!pZip->m_pRead)
+        if(!pZip->m_pRead)
             return mz_zip_set_error(pZip, MZ_ZIP_INVALID_PARAMETER);
     }
 
-    if (pZip->m_file_offset_alignment)
+    if(pZip->m_file_offset_alignment)
     {
         /* Ensure user specified file offset alignment is a power of 2. */
-        if (pZip->m_file_offset_alignment & (pZip->m_file_offset_alignment - 1))
+        if(pZip->m_file_offset_alignment & (pZip->m_file_offset_alignment - 1))
             return mz_zip_set_error(pZip, MZ_ZIP_INVALID_PARAMETER);
     }
 
-    if (!pZip->m_pAlloc)
+    if(!pZip->m_pAlloc)
         pZip->m_pAlloc = miniz_def_alloc_func;
-    if (!pZip->m_pFree)
+    if(!pZip->m_pFree)
         pZip->m_pFree = miniz_def_free_func;
-    if (!pZip->m_pRealloc)
+    if(!pZip->m_pRealloc)
         pZip->m_pRealloc = miniz_def_realloc_func;
 
     pZip->m_archive_size = existing_size;
     pZip->m_central_directory_file_ofs = 0;
     pZip->m_total_files = 0;
 
-    if (NULL == (pZip->m_pState = (mz_zip_internal_state *)pZip->m_pAlloc(pZip->m_pAlloc_opaque, 1, sizeof(mz_zip_internal_state))))
+    if(NULL == (pZip->m_pState = (mz_zip_internal_state *)pZip->m_pAlloc(pZip->m_pAlloc_opaque, 1, sizeof(mz_zip_internal_state))))
         return mz_zip_set_error(pZip, MZ_ZIP_ALLOC_FAILED);
 
     memset(pZip->m_pState, 0, sizeof(mz_zip_internal_state));
@@ -5256,19 +5256,19 @@ mz_bool mz_zip_writer_init_heap_v2(mz_zip_archive *pZip, size_t size_to_reserve_
 {
     pZip->m_pWrite = mz_zip_heap_write_func;
 
-    if (flags & MZ_ZIP_FLAG_WRITE_ALLOW_READING)
+    if(flags & MZ_ZIP_FLAG_WRITE_ALLOW_READING)
         pZip->m_pRead = mz_zip_mem_read_func;
 
     pZip->m_pIO_opaque = pZip;
 
-    if (!mz_zip_writer_init_v2(pZip, size_to_reserve_at_beginning, flags))
+    if(!mz_zip_writer_init_v2(pZip, size_to_reserve_at_beginning, flags))
         return MZ_FALSE;
 
     pZip->m_zip_type = MZ_ZIP_TYPE_HEAP;
 
-    if (0 != (initial_allocation_size = MZ_MAX(initial_allocation_size, size_to_reserve_at_beginning)))
+    if(0 != (initial_allocation_size = MZ_MAX(initial_allocation_size, size_to_reserve_at_beginning)))
     {
-        if (NULL == (pZip->m_pState->m_pMem = pZip->m_pAlloc(pZip->m_pAlloc_opaque, 1, initial_allocation_size)))
+        if(NULL == (pZip->m_pState->m_pMem = pZip->m_pAlloc(pZip->m_pAlloc_opaque, 1, initial_allocation_size)))
         {
             mz_zip_writer_end_internal(pZip, MZ_FALSE);
             return mz_zip_set_error(pZip, MZ_ZIP_ALLOC_FAILED);
@@ -5292,7 +5292,7 @@ static size_t mz_zip_file_write_func(void *pOpaque, mz_uint64 file_ofs, const vo
 
     file_ofs += pZip->m_pState->m_file_archive_start_ofs;
 
-    if (((mz_int64)file_ofs < 0) || (((cur_ofs != (mz_int64)file_ofs)) && (MZ_FSEEK64(pZip->m_pState->m_pFile, (mz_int64)file_ofs, SEEK_SET))))
+    if(((mz_int64)file_ofs < 0) || (((cur_ofs != (mz_int64)file_ofs)) && (MZ_FSEEK64(pZip->m_pState->m_pFile, (mz_int64)file_ofs, SEEK_SET))))
     {
         mz_zip_set_error(pZip, MZ_ZIP_FILE_SEEK_FAILED);
         return 0;
@@ -5312,15 +5312,15 @@ mz_bool mz_zip_writer_init_file_v2(mz_zip_archive *pZip, const char *pFilename,
 
     pZip->m_pWrite = mz_zip_file_write_func;
 
-    if (flags & MZ_ZIP_FLAG_WRITE_ALLOW_READING)
+    if(flags & MZ_ZIP_FLAG_WRITE_ALLOW_READING)
         pZip->m_pRead = mz_zip_file_read_func;
 
     pZip->m_pIO_opaque = pZip;
 
-    if (!mz_zip_writer_init_v2(pZip, size_to_reserve_at_beginning, flags))
+    if(!mz_zip_writer_init_v2(pZip, size_to_reserve_at_beginning, flags))
         return MZ_FALSE;
 
-    if (NULL == (pFile = MZ_FOPEN(pFilename, (flags & MZ_ZIP_FLAG_WRITE_ALLOW_READING) ? "w+b" : "wb")))
+    if(NULL == (pFile = MZ_FOPEN(pFilename, (flags & MZ_ZIP_FLAG_WRITE_ALLOW_READING) ? "w+b" : "wb")))
     {
         mz_zip_writer_end(pZip);
         return mz_zip_set_error(pZip, MZ_ZIP_FILE_OPEN_FAILED);
@@ -5329,7 +5329,7 @@ mz_bool mz_zip_writer_init_file_v2(mz_zip_archive *pZip, const char *pFilename,
     pZip->m_pState->m_pFile = pFile;
     pZip->m_zip_type = MZ_ZIP_TYPE_FILE;
 
-    if (size_to_reserve_at_beginning)
+    if(size_to_reserve_at_beginning)
     {
         mz_uint64 cur_ofs = 0;
         char buf[4096];
@@ -5339,14 +5339,14 @@ mz_bool mz_zip_writer_init_file_v2(mz_zip_archive *pZip, const char *pFilename,
         do
         {
             size_t n = (size_t)MZ_MIN(sizeof(buf), size_to_reserve_at_beginning);
-            if (pZip->m_pWrite(pZip->m_pIO_opaque, cur_ofs, buf, n) != n)
+            if(pZip->m_pWrite(pZip->m_pIO_opaque, cur_ofs, buf, n) != n)
             {
                 mz_zip_writer_end(pZip);
                 return mz_zip_set_error(pZip, MZ_ZIP_FILE_WRITE_FAILED);
             }
             cur_ofs += n;
             size_to_reserve_at_beginning -= n;
-        } while (size_to_reserve_at_beginning);
+        } while(size_to_reserve_at_beginning);
     }
 
     return MZ_TRUE;
@@ -5356,12 +5356,12 @@ mz_bool mz_zip_writer_init_cfile(mz_zip_archive *pZip, MZ_FILE *pFile, mz_uint f
 {
     pZip->m_pWrite = mz_zip_file_write_func;
 
-    if (flags & MZ_ZIP_FLAG_WRITE_ALLOW_READING)
+    if(flags & MZ_ZIP_FLAG_WRITE_ALLOW_READING)
         pZip->m_pRead = mz_zip_file_read_func;
 
     pZip->m_pIO_opaque = pZip;
 
-    if (!mz_zip_writer_init_v2(pZip, 0, flags))
+    if(!mz_zip_writer_init_v2(pZip, 0, flags))
         return MZ_FALSE;
 
     pZip->m_pState->m_pFile = pFile;
@@ -5376,49 +5376,49 @@ mz_bool mz_zip_writer_init_from_reader_v2(mz_zip_archive *pZip, const char *pFil
 {
     mz_zip_internal_state *pState;
 
-    if ((!pZip) || (!pZip->m_pState) || (pZip->m_zip_mode != MZ_ZIP_MODE_READING))
+    if((!pZip) || (!pZip->m_pState) || (pZip->m_zip_mode != MZ_ZIP_MODE_READING))
         return mz_zip_set_error(pZip, MZ_ZIP_INVALID_PARAMETER);
 
-    if (flags & MZ_ZIP_FLAG_WRITE_ZIP64)
+    if(flags & MZ_ZIP_FLAG_WRITE_ZIP64)
     {
         /* We don't support converting a non-zip64 file to zip64 - this seems like more trouble than it's worth. (What about the existing 32-bit data descriptors that could follow the compressed data?) */
-        if (!pZip->m_pState->m_zip64)
+        if(!pZip->m_pState->m_zip64)
             return mz_zip_set_error(pZip, MZ_ZIP_INVALID_PARAMETER);
     }
 
     /* No sense in trying to write to an archive that's already at the support max size */
-    if (pZip->m_pState->m_zip64)
+    if(pZip->m_pState->m_zip64)
     {
-        if (pZip->m_total_files == MZ_UINT32_MAX)
+        if(pZip->m_total_files == MZ_UINT32_MAX)
             return mz_zip_set_error(pZip, MZ_ZIP_TOO_MANY_FILES);
     }
     else
     {
-        if (pZip->m_total_files == MZ_UINT16_MAX)
+        if(pZip->m_total_files == MZ_UINT16_MAX)
             return mz_zip_set_error(pZip, MZ_ZIP_TOO_MANY_FILES);
 
-        if ((pZip->m_archive_size + MZ_ZIP_CENTRAL_DIR_HEADER_SIZE + MZ_ZIP_LOCAL_DIR_HEADER_SIZE) > MZ_UINT32_MAX)
+        if((pZip->m_archive_size + MZ_ZIP_CENTRAL_DIR_HEADER_SIZE + MZ_ZIP_LOCAL_DIR_HEADER_SIZE) > MZ_UINT32_MAX)
             return mz_zip_set_error(pZip, MZ_ZIP_FILE_TOO_LARGE);
     }
 
     pState = pZip->m_pState;
 
-    if (pState->m_pFile)
+    if(pState->m_pFile)
     {
 #ifdef MINIZ_NO_STDIO
         (void)pFilename;
         return mz_zip_set_error(pZip, MZ_ZIP_INVALID_PARAMETER);
 #else
-        if (pZip->m_pIO_opaque != pZip)
+        if(pZip->m_pIO_opaque != pZip)
             return mz_zip_set_error(pZip, MZ_ZIP_INVALID_PARAMETER);
 
-        if (pZip->m_zip_type == MZ_ZIP_TYPE_FILE)
+        if(pZip->m_zip_type == MZ_ZIP_TYPE_FILE)
         {
-            if (!pFilename)
+            if(!pFilename)
                 return mz_zip_set_error(pZip, MZ_ZIP_INVALID_PARAMETER);
 
             /* Archive is being read from stdio and was originally opened only for reading. Try to reopen as writable. */
-            if (NULL == (pState->m_pFile = MZ_FREOPEN(pFilename, "r+b", pState->m_pFile)))
+            if(NULL == (pState->m_pFile = MZ_FREOPEN(pFilename, "r+b", pState->m_pFile)))
             {
                 /* The mz_zip_archive is now in a bogus state because pState->m_pFile is NULL, so just close it. */
                 mz_zip_reader_end_internal(pZip, MZ_FALSE);
@@ -5429,17 +5429,17 @@ mz_bool mz_zip_writer_init_from_reader_v2(mz_zip_archive *pZip, const char *pFil
         pZip->m_pWrite = mz_zip_file_write_func;
 #endif /* #ifdef MINIZ_NO_STDIO */
     }
-    else if (pState->m_pMem)
+    else if(pState->m_pMem)
     {
         /* Archive lives in a memory block. Assume it's from the heap that we can resize using the realloc callback. */
-        if (pZip->m_pIO_opaque != pZip)
+        if(pZip->m_pIO_opaque != pZip)
             return mz_zip_set_error(pZip, MZ_ZIP_INVALID_PARAMETER);
 
         pState->m_mem_capacity = pState->m_mem_size;
         pZip->m_pWrite = mz_zip_heap_write_func;
     }
     /* Archive is being read via a user provided read function - make sure the user has specified a write function too. */
-    else if (!pZip->m_pWrite)
+    else if(!pZip->m_pWrite)
         return mz_zip_set_error(pZip, MZ_ZIP_INVALID_PARAMETER);
 
     /* Start writing new files at the archive's current central directory location. */
@@ -5478,7 +5478,7 @@ typedef struct
 static mz_bool mz_zip_writer_add_put_buf_callback(const void *pBuf, int len, void *pUser)
 {
     mz_zip_writer_add_state *pState = (mz_zip_writer_add_state *)pUser;
-    if ((int)pState->m_pZip->m_pWrite(pState->m_pZip->m_pIO_opaque, pState->m_cur_archive_file_ofs, pBuf, len) != len)
+    if((int)pState->m_pZip->m_pWrite(pState->m_pZip->m_pIO_opaque, pState->m_cur_archive_file_ofs, pBuf, len) != len)
         return MZ_FALSE;
 
     pState->m_cur_archive_file_ofs += len;
@@ -5498,21 +5498,21 @@ static mz_uint32 mz_zip_writer_create_zip64_extra_data(mz_uint8 *pBuf, mz_uint64
 
     mz_uint32 field_size = 0;
 
-    if (pUncomp_size)
+    if(pUncomp_size)
     {
         MZ_WRITE_LE64(pDst, *pUncomp_size);
         pDst += sizeof(mz_uint64);
         field_size += sizeof(mz_uint64);
     }
 
-    if (pComp_size)
+    if(pComp_size)
     {
         MZ_WRITE_LE64(pDst, *pComp_size);
         pDst += sizeof(mz_uint64);
         field_size += sizeof(mz_uint64);
     }
 
-    if (pLocal_header_ofs)
+    if(pLocal_header_ofs)
     {
         MZ_WRITE_LE64(pDst, *pLocal_header_ofs);
         pDst += sizeof(mz_uint64);
@@ -5579,20 +5579,20 @@ static mz_bool mz_zip_writer_add_to_central_dir(mz_zip_archive *pZip, const char
     size_t orig_central_dir_size = pState->m_central_dir.m_size;
     mz_uint8 central_dir_header[MZ_ZIP_CENTRAL_DIR_HEADER_SIZE];
 
-    if (!pZip->m_pState->m_zip64)
+    if(!pZip->m_pState->m_zip64)
     {
-        if (local_header_ofs > 0xFFFFFFFF)
+        if(local_header_ofs > 0xFFFFFFFF)
             return mz_zip_set_error(pZip, MZ_ZIP_FILE_TOO_LARGE);
     }
 
     /* miniz doesn't support central dirs >= MZ_UINT32_MAX bytes yet */
-    if (((mz_uint64)pState->m_central_dir.m_size + MZ_ZIP_CENTRAL_DIR_HEADER_SIZE + filename_size + extra_size + user_extra_data_len + comment_size) >= MZ_UINT32_MAX)
+    if(((mz_uint64)pState->m_central_dir.m_size + MZ_ZIP_CENTRAL_DIR_HEADER_SIZE + filename_size + extra_size + user_extra_data_len + comment_size) >= MZ_UINT32_MAX)
         return mz_zip_set_error(pZip, MZ_ZIP_UNSUPPORTED_CDIR_SIZE);
 
-    if (!mz_zip_writer_create_central_dir_header(pZip, central_dir_header, filename_size, extra_size + user_extra_data_len, comment_size, uncomp_size, comp_size, uncomp_crc32, method, bit_flags, dos_time, dos_date, local_header_ofs, ext_attributes))
+    if(!mz_zip_writer_create_central_dir_header(pZip, central_dir_header, filename_size, extra_size + user_extra_data_len, comment_size, uncomp_size, comp_size, uncomp_crc32, method, bit_flags, dos_time, dos_date, local_header_ofs, ext_attributes))
         return mz_zip_set_error(pZip, MZ_ZIP_INTERNAL_ERROR);
 
-    if ((!mz_zip_array_push_back(pZip, &pState->m_central_dir, central_dir_header, MZ_ZIP_CENTRAL_DIR_HEADER_SIZE)) ||
+    if((!mz_zip_array_push_back(pZip, &pState->m_central_dir, central_dir_header, MZ_ZIP_CENTRAL_DIR_HEADER_SIZE)) ||
         (!mz_zip_array_push_back(pZip, &pState->m_central_dir, pFilename, filename_size)) ||
         (!mz_zip_array_push_back(pZip, &pState->m_central_dir, pExtra, extra_size)) ||
         (!mz_zip_array_push_back(pZip, &pState->m_central_dir, user_extra_data, user_extra_data_len)) ||
@@ -5610,12 +5610,12 @@ static mz_bool mz_zip_writer_add_to_central_dir(mz_zip_archive *pZip, const char
 static mz_bool mz_zip_writer_validate_archive_name(const char *pArchive_name)
 {
     /* Basic ZIP archive filename validity checks: Valid filenames cannot start with a forward slash, cannot contain a drive letter, and cannot use DOS-style backward slashes. */
-    if (*pArchive_name == '/')
+    if(*pArchive_name == '/')
         return MZ_FALSE;
 
-    while (*pArchive_name)
+    while(*pArchive_name)
     {
-        if ((*pArchive_name == '\\') || (*pArchive_name == ':'))
+        if((*pArchive_name == '\\') || (*pArchive_name == ':'))
             return MZ_FALSE;
 
         pArchive_name++;
@@ -5627,7 +5627,7 @@ static mz_bool mz_zip_writer_validate_archive_name(const char *pArchive_name)
 static mz_uint mz_zip_writer_compute_padding_needed_for_file_alignment(mz_zip_archive *pZip)
 {
     mz_uint32 n;
-    if (!pZip->m_file_offset_alignment)
+    if(!pZip->m_file_offset_alignment)
         return 0;
     n = (mz_uint32)(pZip->m_archive_size & (pZip->m_file_offset_alignment - 1));
     return (mz_uint)((pZip->m_file_offset_alignment - n) & (pZip->m_file_offset_alignment - 1));
@@ -5637,10 +5637,10 @@ static mz_bool mz_zip_writer_write_zeros(mz_zip_archive *pZip, mz_uint64 cur_fil
 {
     char buf[4096];
     memset(buf, 0, MZ_MIN(sizeof(buf), n));
-    while (n)
+    while(n)
     {
         mz_uint32 s = MZ_MIN(sizeof(buf), n);
-        if (pZip->m_pWrite(pZip->m_pIO_opaque, cur_file_ofs, buf, s) != s)
+        if(pZip->m_pWrite(pZip->m_pIO_opaque, cur_file_ofs, buf, s) != s)
             return mz_zip_set_error(pZip, MZ_ZIP_FILE_WRITE_FAILED);
 
         cur_file_ofs += s;
@@ -5672,48 +5672,48 @@ mz_bool mz_zip_writer_add_mem_ex_v2(mz_zip_archive *pZip, const char *pArchive_n
     mz_uint8 extra_data[MZ_ZIP64_MAX_CENTRAL_EXTRA_FIELD_SIZE];
     mz_uint16 bit_flags = 0;
 
-    if (uncomp_size || (buf_size && !(level_and_flags & MZ_ZIP_FLAG_COMPRESSED_DATA)))
+    if(uncomp_size || (buf_size && !(level_and_flags & MZ_ZIP_FLAG_COMPRESSED_DATA)))
         bit_flags |= MZ_ZIP_LDH_BIT_FLAG_HAS_LOCATOR;
 
-    if (level_and_flags & MZ_ZIP_FLAG_UTF8_FILENAME)
+    if(level_and_flags & MZ_ZIP_FLAG_UTF8_FILENAME)
         bit_flags |= MZ_ZIP_GENERAL_PURPOSE_BIT_FLAG_UTF8;
 
-    if ((int)level_and_flags < 0)
+    if((int)level_and_flags < 0)
         level_and_flags = MZ_DEFAULT_LEVEL;
     level = level_and_flags & 0xF;
     store_data_uncompressed = ((!level) || (level_and_flags & MZ_ZIP_FLAG_COMPRESSED_DATA));
 
-    if ((!pZip) || (!pZip->m_pState) || (pZip->m_zip_mode != MZ_ZIP_MODE_WRITING) || ((buf_size) && (!pBuf)) || (!pArchive_name) || ((comment_size) && (!pComment)) || (level > MZ_UBER_COMPRESSION))
+    if((!pZip) || (!pZip->m_pState) || (pZip->m_zip_mode != MZ_ZIP_MODE_WRITING) || ((buf_size) && (!pBuf)) || (!pArchive_name) || ((comment_size) && (!pComment)) || (level > MZ_UBER_COMPRESSION))
         return mz_zip_set_error(pZip, MZ_ZIP_INVALID_PARAMETER);
 
     pState = pZip->m_pState;
 
-    if (pState->m_zip64)
+    if(pState->m_zip64)
     {
-        if (pZip->m_total_files == MZ_UINT32_MAX)
+        if(pZip->m_total_files == MZ_UINT32_MAX)
             return mz_zip_set_error(pZip, MZ_ZIP_TOO_MANY_FILES);
     }
     else
     {
-        if (pZip->m_total_files == MZ_UINT16_MAX)
+        if(pZip->m_total_files == MZ_UINT16_MAX)
         {
             pState->m_zip64 = MZ_TRUE;
             /*return mz_zip_set_error(pZip, MZ_ZIP_TOO_MANY_FILES); */
         }
-        if ((buf_size > 0xFFFFFFFF) || (uncomp_size > 0xFFFFFFFF))
+        if((buf_size > 0xFFFFFFFF) || (uncomp_size > 0xFFFFFFFF))
         {
             pState->m_zip64 = MZ_TRUE;
             /*return mz_zip_set_error(pZip, MZ_ZIP_ARCHIVE_TOO_LARGE); */
         }
     }
 
-    if ((!(level_and_flags & MZ_ZIP_FLAG_COMPRESSED_DATA)) && (uncomp_size))
+    if((!(level_and_flags & MZ_ZIP_FLAG_COMPRESSED_DATA)) && (uncomp_size))
         return mz_zip_set_error(pZip, MZ_ZIP_INVALID_PARAMETER);
 
-    if (!mz_zip_writer_validate_archive_name(pArchive_name))
+    if(!mz_zip_writer_validate_archive_name(pArchive_name))
         return mz_zip_set_error(pZip, MZ_ZIP_INVALID_FILENAME);
 
-    if (last_modified != NULL)
+    if(last_modified != NULL)
     {
         mz_zip_time_t_to_dos_time(*last_modified, &dos_time, &dos_date);
     }
@@ -5729,53 +5729,53 @@ mz_bool mz_zip_writer_add_mem_ex_v2(mz_zip_archive *pZip, const char *pArchive_n
     }
 
     archive_name_size = strlen(pArchive_name);
-    if (archive_name_size > MZ_UINT16_MAX)
+    if(archive_name_size > MZ_UINT16_MAX)
         return mz_zip_set_error(pZip, MZ_ZIP_INVALID_FILENAME);
 
     num_alignment_padding_bytes = mz_zip_writer_compute_padding_needed_for_file_alignment(pZip);
 
     /* miniz doesn't support central dirs >= MZ_UINT32_MAX bytes yet */
-    if (((mz_uint64)pState->m_central_dir.m_size + MZ_ZIP_CENTRAL_DIR_HEADER_SIZE + archive_name_size + MZ_ZIP64_MAX_CENTRAL_EXTRA_FIELD_SIZE + comment_size) >= MZ_UINT32_MAX)
+    if(((mz_uint64)pState->m_central_dir.m_size + MZ_ZIP_CENTRAL_DIR_HEADER_SIZE + archive_name_size + MZ_ZIP64_MAX_CENTRAL_EXTRA_FIELD_SIZE + comment_size) >= MZ_UINT32_MAX)
         return mz_zip_set_error(pZip, MZ_ZIP_UNSUPPORTED_CDIR_SIZE);
 
-    if (!pState->m_zip64)
+    if(!pState->m_zip64)
     {
         /* Bail early if the archive would obviously become too large */
-        if ((pZip->m_archive_size + num_alignment_padding_bytes + MZ_ZIP_LOCAL_DIR_HEADER_SIZE + archive_name_size + MZ_ZIP_CENTRAL_DIR_HEADER_SIZE + archive_name_size + comment_size + pState->m_central_dir.m_size + MZ_ZIP_END_OF_CENTRAL_DIR_HEADER_SIZE) > 0xFFFFFFFF)
+        if((pZip->m_archive_size + num_alignment_padding_bytes + MZ_ZIP_LOCAL_DIR_HEADER_SIZE + archive_name_size + MZ_ZIP_CENTRAL_DIR_HEADER_SIZE + archive_name_size + comment_size + pState->m_central_dir.m_size + MZ_ZIP_END_OF_CENTRAL_DIR_HEADER_SIZE) > 0xFFFFFFFF)
         {
             pState->m_zip64 = MZ_TRUE;
             /*return mz_zip_set_error(pZip, MZ_ZIP_ARCHIVE_TOO_LARGE); */
         }
     }
 
-    if ((archive_name_size) && (pArchive_name[archive_name_size - 1] == '/'))
+    if((archive_name_size) && (pArchive_name[archive_name_size - 1] == '/'))
     {
         /* Set DOS Subdirectory attribute bit. */
         ext_attributes |= MZ_ZIP_DOS_DIR_ATTRIBUTE_BITFLAG;
 
         /* Subdirectories cannot contain data. */
-        if ((buf_size) || (uncomp_size))
+        if((buf_size) || (uncomp_size))
             return mz_zip_set_error(pZip, MZ_ZIP_INVALID_PARAMETER);
     }
 
     /* Try to do any allocations before writing to the archive, so if an allocation fails the file remains unmodified. (A good idea if we're doing an in-place modification.) */
-    if ((!mz_zip_array_ensure_room(pZip, &pState->m_central_dir, MZ_ZIP_CENTRAL_DIR_HEADER_SIZE + archive_name_size + comment_size + (pState->m_zip64 ? MZ_ZIP64_MAX_CENTRAL_EXTRA_FIELD_SIZE : 0))) || (!mz_zip_array_ensure_room(pZip, &pState->m_central_dir_offsets, 1)))
+    if((!mz_zip_array_ensure_room(pZip, &pState->m_central_dir, MZ_ZIP_CENTRAL_DIR_HEADER_SIZE + archive_name_size + comment_size + (pState->m_zip64 ? MZ_ZIP64_MAX_CENTRAL_EXTRA_FIELD_SIZE : 0))) || (!mz_zip_array_ensure_room(pZip, &pState->m_central_dir_offsets, 1)))
         return mz_zip_set_error(pZip, MZ_ZIP_ALLOC_FAILED);
 
-    if ((!store_data_uncompressed) && (buf_size))
+    if((!store_data_uncompressed) && (buf_size))
     {
-        if (NULL == (pComp = (tdefl_compressor *)pZip->m_pAlloc(pZip->m_pAlloc_opaque, 1, sizeof(tdefl_compressor))))
+        if(NULL == (pComp = (tdefl_compressor *)pZip->m_pAlloc(pZip->m_pAlloc_opaque, 1, sizeof(tdefl_compressor))))
             return mz_zip_set_error(pZip, MZ_ZIP_ALLOC_FAILED);
     }
 
-    if (!mz_zip_writer_write_zeros(pZip, cur_archive_file_ofs, num_alignment_padding_bytes))
+    if(!mz_zip_writer_write_zeros(pZip, cur_archive_file_ofs, num_alignment_padding_bytes))
     {
         pZip->m_pFree(pZip->m_pAlloc_opaque, pComp);
         return MZ_FALSE;
     }
 
     local_dir_header_ofs += num_alignment_padding_bytes;
-    if (pZip->m_file_offset_alignment)
+    if(pZip->m_file_offset_alignment)
     {
         MZ_ASSERT((local_dir_header_ofs & (pZip->m_file_offset_alignment - 1)) == 0);
     }
@@ -5783,38 +5783,38 @@ mz_bool mz_zip_writer_add_mem_ex_v2(mz_zip_archive *pZip, const char *pArchive_n
 
     MZ_CLEAR_OBJ(local_dir_header);
 
-    if (!store_data_uncompressed || (level_and_flags & MZ_ZIP_FLAG_COMPRESSED_DATA))
+    if(!store_data_uncompressed || (level_and_flags & MZ_ZIP_FLAG_COMPRESSED_DATA))
     {
         method = MZ_DEFLATED;
     }
 
-    if (pState->m_zip64)
+    if(pState->m_zip64)
     {
-        if (uncomp_size >= MZ_UINT32_MAX || local_dir_header_ofs >= MZ_UINT32_MAX)
+        if(uncomp_size >= MZ_UINT32_MAX || local_dir_header_ofs >= MZ_UINT32_MAX)
         {
             pExtra_data = extra_data;
             extra_size = mz_zip_writer_create_zip64_extra_data(extra_data, (uncomp_size >= MZ_UINT32_MAX) ? &uncomp_size : NULL,
                                                                (uncomp_size >= MZ_UINT32_MAX) ? &comp_size : NULL, (local_dir_header_ofs >= MZ_UINT32_MAX) ? &local_dir_header_ofs : NULL);
         }
 
-        if (!mz_zip_writer_create_local_dir_header(pZip, local_dir_header, (mz_uint16)archive_name_size, extra_size + user_extra_data_len, 0, 0, 0, method, bit_flags, dos_time, dos_date))
+        if(!mz_zip_writer_create_local_dir_header(pZip, local_dir_header, (mz_uint16)archive_name_size, extra_size + user_extra_data_len, 0, 0, 0, method, bit_flags, dos_time, dos_date))
             return mz_zip_set_error(pZip, MZ_ZIP_INTERNAL_ERROR);
 
-        if (pZip->m_pWrite(pZip->m_pIO_opaque, local_dir_header_ofs, local_dir_header, sizeof(local_dir_header)) != sizeof(local_dir_header))
+        if(pZip->m_pWrite(pZip->m_pIO_opaque, local_dir_header_ofs, local_dir_header, sizeof(local_dir_header)) != sizeof(local_dir_header))
             return mz_zip_set_error(pZip, MZ_ZIP_FILE_WRITE_FAILED);
 
         cur_archive_file_ofs += sizeof(local_dir_header);
 
-        if (pZip->m_pWrite(pZip->m_pIO_opaque, cur_archive_file_ofs, pArchive_name, archive_name_size) != archive_name_size)
+        if(pZip->m_pWrite(pZip->m_pIO_opaque, cur_archive_file_ofs, pArchive_name, archive_name_size) != archive_name_size)
         {
             pZip->m_pFree(pZip->m_pAlloc_opaque, pComp);
             return mz_zip_set_error(pZip, MZ_ZIP_FILE_WRITE_FAILED);
         }
         cur_archive_file_ofs += archive_name_size;
 
-        if (pExtra_data != NULL)
+        if(pExtra_data != NULL)
         {
-            if (pZip->m_pWrite(pZip->m_pIO_opaque, cur_archive_file_ofs, extra_data, extra_size) != extra_size)
+            if(pZip->m_pWrite(pZip->m_pIO_opaque, cur_archive_file_ofs, extra_data, extra_size) != extra_size)
                 return mz_zip_set_error(pZip, MZ_ZIP_FILE_WRITE_FAILED);
 
             cur_archive_file_ofs += extra_size;
@@ -5822,17 +5822,17 @@ mz_bool mz_zip_writer_add_mem_ex_v2(mz_zip_archive *pZip, const char *pArchive_n
     }
     else
     {
-        if ((comp_size > MZ_UINT32_MAX) || (cur_archive_file_ofs > MZ_UINT32_MAX))
+        if((comp_size > MZ_UINT32_MAX) || (cur_archive_file_ofs > MZ_UINT32_MAX))
             return mz_zip_set_error(pZip, MZ_ZIP_ARCHIVE_TOO_LARGE);
-        if (!mz_zip_writer_create_local_dir_header(pZip, local_dir_header, (mz_uint16)archive_name_size, user_extra_data_len, 0, 0, 0, method, bit_flags, dos_time, dos_date))
+        if(!mz_zip_writer_create_local_dir_header(pZip, local_dir_header, (mz_uint16)archive_name_size, user_extra_data_len, 0, 0, 0, method, bit_flags, dos_time, dos_date))
             return mz_zip_set_error(pZip, MZ_ZIP_INTERNAL_ERROR);
 
-        if (pZip->m_pWrite(pZip->m_pIO_opaque, local_dir_header_ofs, local_dir_header, sizeof(local_dir_header)) != sizeof(local_dir_header))
+        if(pZip->m_pWrite(pZip->m_pIO_opaque, local_dir_header_ofs, local_dir_header, sizeof(local_dir_header)) != sizeof(local_dir_header))
             return mz_zip_set_error(pZip, MZ_ZIP_FILE_WRITE_FAILED);
 
         cur_archive_file_ofs += sizeof(local_dir_header);
 
-        if (pZip->m_pWrite(pZip->m_pIO_opaque, cur_archive_file_ofs, pArchive_name, archive_name_size) != archive_name_size)
+        if(pZip->m_pWrite(pZip->m_pIO_opaque, cur_archive_file_ofs, pArchive_name, archive_name_size) != archive_name_size)
         {
             pZip->m_pFree(pZip->m_pAlloc_opaque, pComp);
             return mz_zip_set_error(pZip, MZ_ZIP_FILE_WRITE_FAILED);
@@ -5840,28 +5840,28 @@ mz_bool mz_zip_writer_add_mem_ex_v2(mz_zip_archive *pZip, const char *pArchive_n
         cur_archive_file_ofs += archive_name_size;
     }
 
-    if (user_extra_data_len > 0)
+    if(user_extra_data_len > 0)
     {
-        if (pZip->m_pWrite(pZip->m_pIO_opaque, cur_archive_file_ofs, user_extra_data, user_extra_data_len) != user_extra_data_len)
+        if(pZip->m_pWrite(pZip->m_pIO_opaque, cur_archive_file_ofs, user_extra_data, user_extra_data_len) != user_extra_data_len)
             return mz_zip_set_error(pZip, MZ_ZIP_FILE_WRITE_FAILED);
 
         cur_archive_file_ofs += user_extra_data_len;
     }
 
-    if (!(level_and_flags & MZ_ZIP_FLAG_COMPRESSED_DATA))
+    if(!(level_and_flags & MZ_ZIP_FLAG_COMPRESSED_DATA))
     {
         uncomp_crc32 = (mz_uint32)mz_crc32(MZ_CRC32_INIT, (const mz_uint8 *)pBuf, buf_size);
         uncomp_size = buf_size;
-        if (uncomp_size <= 3)
+        if(uncomp_size <= 3)
         {
             level = 0;
             store_data_uncompressed = MZ_TRUE;
         }
     }
 
-    if (store_data_uncompressed)
+    if(store_data_uncompressed)
     {
-        if (pZip->m_pWrite(pZip->m_pIO_opaque, cur_archive_file_ofs, pBuf, buf_size) != buf_size)
+        if(pZip->m_pWrite(pZip->m_pIO_opaque, cur_archive_file_ofs, pBuf, buf_size) != buf_size)
         {
             pZip->m_pFree(pZip->m_pAlloc_opaque, pComp);
             return mz_zip_set_error(pZip, MZ_ZIP_FILE_WRITE_FAILED);
@@ -5870,7 +5870,7 @@ mz_bool mz_zip_writer_add_mem_ex_v2(mz_zip_archive *pZip, const char *pArchive_n
         cur_archive_file_ofs += buf_size;
         comp_size = buf_size;
     }
-    else if (buf_size)
+    else if(buf_size)
     {
         mz_zip_writer_add_state state;
 
@@ -5878,7 +5878,7 @@ mz_bool mz_zip_writer_add_mem_ex_v2(mz_zip_archive *pZip, const char *pArchive_n
         state.m_cur_archive_file_ofs = cur_archive_file_ofs;
         state.m_comp_size = 0;
 
-        if ((tdefl_init(pComp, mz_zip_writer_add_put_buf_callback, &state, tdefl_create_comp_flags_from_zip_params(level, -15, MZ_DEFAULT_STRATEGY)) != TDEFL_STATUS_OKAY) ||
+        if((tdefl_init(pComp, mz_zip_writer_add_put_buf_callback, &state, tdefl_create_comp_flags_from_zip_params(level, -15, MZ_DEFAULT_STRATEGY)) != TDEFL_STATUS_OKAY) ||
             (tdefl_compress_buffer(pComp, pBuf, buf_size, TDEFL_FINISH) != TDEFL_STATUS_DONE))
         {
             pZip->m_pFree(pZip->m_pAlloc_opaque, pComp);
@@ -5892,7 +5892,7 @@ mz_bool mz_zip_writer_add_mem_ex_v2(mz_zip_archive *pZip, const char *pArchive_n
     pZip->m_pFree(pZip->m_pAlloc_opaque, pComp);
     pComp = NULL;
 
-    if (uncomp_size)
+    if(uncomp_size)
     {
         MZ_ASSERT(bit_flags & MZ_ZIP_LDH_BIT_FLAG_HAS_LOCATOR);
 
@@ -5901,9 +5901,9 @@ mz_bool mz_zip_writer_add_mem_ex_v2(mz_zip_archive *pZip, const char *pArchive_n
 
         MZ_WRITE_LE32(local_dir_footer + 0, MZ_ZIP_DATA_DESCRIPTOR_ID);
         MZ_WRITE_LE32(local_dir_footer + 4, uncomp_crc32);
-        if (pExtra_data == NULL)
+        if(pExtra_data == NULL)
         {
-            if ((comp_size > MZ_UINT32_MAX) || (cur_archive_file_ofs > MZ_UINT32_MAX))
+            if((comp_size > MZ_UINT32_MAX) || (cur_archive_file_ofs > MZ_UINT32_MAX))
                 return mz_zip_set_error(pZip, MZ_ZIP_ARCHIVE_TOO_LARGE);
 
             MZ_WRITE_LE32(local_dir_footer + 8, comp_size);
@@ -5916,19 +5916,19 @@ mz_bool mz_zip_writer_add_mem_ex_v2(mz_zip_archive *pZip, const char *pArchive_n
             local_dir_footer_size = MZ_ZIP_DATA_DESCRIPTER_SIZE64;
         }
 
-        if (pZip->m_pWrite(pZip->m_pIO_opaque, cur_archive_file_ofs, local_dir_footer, local_dir_footer_size) != local_dir_footer_size)
+        if(pZip->m_pWrite(pZip->m_pIO_opaque, cur_archive_file_ofs, local_dir_footer, local_dir_footer_size) != local_dir_footer_size)
             return MZ_FALSE;
 
         cur_archive_file_ofs += local_dir_footer_size;
     }
 
-    if (pExtra_data != NULL)
+    if(pExtra_data != NULL)
     {
         extra_size = mz_zip_writer_create_zip64_extra_data(extra_data, (uncomp_size >= MZ_UINT32_MAX) ? &uncomp_size : NULL,
                                                            (uncomp_size >= MZ_UINT32_MAX) ? &comp_size : NULL, (local_dir_header_ofs >= MZ_UINT32_MAX) ? &local_dir_header_ofs : NULL);
     }
 
-    if (!mz_zip_writer_add_to_central_dir(pZip, pArchive_name, (mz_uint16)archive_name_size, pExtra_data, extra_size, pComment,
+    if(!mz_zip_writer_add_to_central_dir(pZip, pArchive_name, (mz_uint16)archive_name_size, pExtra_data, extra_size, pComment,
                                           comment_size, uncomp_size, comp_size, uncomp_crc32, method, bit_flags, dos_time, dos_date, local_dir_header_ofs, ext_attributes,
                                           user_extra_data_central, user_extra_data_central_len))
         return MZ_FALSE;
@@ -5954,20 +5954,20 @@ mz_bool mz_zip_writer_add_cfile(mz_zip_archive *pZip, const char *pArchive_name,
     mz_uint8 extra_data[MZ_ZIP64_MAX_CENTRAL_EXTRA_FIELD_SIZE];
     mz_zip_internal_state *pState;
 
-    if (level_and_flags & MZ_ZIP_FLAG_UTF8_FILENAME)
+    if(level_and_flags & MZ_ZIP_FLAG_UTF8_FILENAME)
         gen_flags |= MZ_ZIP_GENERAL_PURPOSE_BIT_FLAG_UTF8;
 
-    if ((int)level_and_flags < 0)
+    if((int)level_and_flags < 0)
         level_and_flags = MZ_DEFAULT_LEVEL;
     level = level_and_flags & 0xF;
 
     /* Sanity checks */
-    if ((!pZip) || (!pZip->m_pState) || (pZip->m_zip_mode != MZ_ZIP_MODE_WRITING) || (!pArchive_name) || ((comment_size) && (!pComment)) || (level > MZ_UBER_COMPRESSION))
+    if((!pZip) || (!pZip->m_pState) || (pZip->m_zip_mode != MZ_ZIP_MODE_WRITING) || (!pArchive_name) || ((comment_size) && (!pComment)) || (level > MZ_UBER_COMPRESSION))
         return mz_zip_set_error(pZip, MZ_ZIP_INVALID_PARAMETER);
 
     pState = pZip->m_pState;
 
-    if ((!pState->m_zip64) && (uncomp_size > MZ_UINT32_MAX))
+    if((!pState->m_zip64) && (uncomp_size > MZ_UINT32_MAX))
     {
         /* Source file is too large for non-zip64 */
         /*return mz_zip_set_error(pZip, MZ_ZIP_ARCHIVE_TOO_LARGE); */
@@ -5975,20 +5975,20 @@ mz_bool mz_zip_writer_add_cfile(mz_zip_archive *pZip, const char *pArchive_name,
     }
 
     /* We could support this, but why? */
-    if (level_and_flags & MZ_ZIP_FLAG_COMPRESSED_DATA)
+    if(level_and_flags & MZ_ZIP_FLAG_COMPRESSED_DATA)
         return mz_zip_set_error(pZip, MZ_ZIP_INVALID_PARAMETER);
 
-    if (!mz_zip_writer_validate_archive_name(pArchive_name))
+    if(!mz_zip_writer_validate_archive_name(pArchive_name))
         return mz_zip_set_error(pZip, MZ_ZIP_INVALID_FILENAME);
 
-    if (pState->m_zip64)
+    if(pState->m_zip64)
     {
-        if (pZip->m_total_files == MZ_UINT32_MAX)
+        if(pZip->m_total_files == MZ_UINT32_MAX)
             return mz_zip_set_error(pZip, MZ_ZIP_TOO_MANY_FILES);
     }
     else
     {
-        if (pZip->m_total_files == MZ_UINT16_MAX)
+        if(pZip->m_total_files == MZ_UINT16_MAX)
         {
             pState->m_zip64 = MZ_TRUE;
             /*return mz_zip_set_error(pZip, MZ_ZIP_TOO_MANY_FILES); */
@@ -5996,19 +5996,19 @@ mz_bool mz_zip_writer_add_cfile(mz_zip_archive *pZip, const char *pArchive_name,
     }
 
     archive_name_size = strlen(pArchive_name);
-    if (archive_name_size > MZ_UINT16_MAX)
+    if(archive_name_size > MZ_UINT16_MAX)
         return mz_zip_set_error(pZip, MZ_ZIP_INVALID_FILENAME);
 
     num_alignment_padding_bytes = mz_zip_writer_compute_padding_needed_for_file_alignment(pZip);
 
     /* miniz doesn't support central dirs >= MZ_UINT32_MAX bytes yet */
-    if (((mz_uint64)pState->m_central_dir.m_size + MZ_ZIP_CENTRAL_DIR_HEADER_SIZE + archive_name_size + MZ_ZIP64_MAX_CENTRAL_EXTRA_FIELD_SIZE + comment_size) >= MZ_UINT32_MAX)
+    if(((mz_uint64)pState->m_central_dir.m_size + MZ_ZIP_CENTRAL_DIR_HEADER_SIZE + archive_name_size + MZ_ZIP64_MAX_CENTRAL_EXTRA_FIELD_SIZE + comment_size) >= MZ_UINT32_MAX)
         return mz_zip_set_error(pZip, MZ_ZIP_UNSUPPORTED_CDIR_SIZE);
 
-    if (!pState->m_zip64)
+    if(!pState->m_zip64)
     {
         /* Bail early if the archive would obviously become too large */
-        if ((pZip->m_archive_size + num_alignment_padding_bytes + MZ_ZIP_LOCAL_DIR_HEADER_SIZE + archive_name_size + MZ_ZIP_CENTRAL_DIR_HEADER_SIZE + archive_name_size + comment_size + pState->m_central_dir.m_size + MZ_ZIP_END_OF_CENTRAL_DIR_HEADER_SIZE + 1024) > 0xFFFFFFFF)
+        if((pZip->m_archive_size + num_alignment_padding_bytes + MZ_ZIP_LOCAL_DIR_HEADER_SIZE + archive_name_size + MZ_ZIP_CENTRAL_DIR_HEADER_SIZE + archive_name_size + comment_size + pState->m_central_dir.m_size + MZ_ZIP_END_OF_CENTRAL_DIR_HEADER_SIZE + 1024) > 0xFFFFFFFF)
         {
             pState->m_zip64 = MZ_TRUE;
             /*return mz_zip_set_error(pZip, MZ_ZIP_ARCHIVE_TOO_LARGE); */
@@ -6016,16 +6016,16 @@ mz_bool mz_zip_writer_add_cfile(mz_zip_archive *pZip, const char *pArchive_name,
     }
 
 #ifndef MINIZ_NO_TIME
-    if (pFile_time)
+    if(pFile_time)
     {
         mz_zip_time_t_to_dos_time(*pFile_time, &dos_time, &dos_date);
     }
 #endif
 
-    if (uncomp_size <= 3)
+    if(uncomp_size <= 3)
         level = 0;
 
-    if (!mz_zip_writer_write_zeros(pZip, cur_archive_file_ofs, num_alignment_padding_bytes))
+    if(!mz_zip_writer_write_zeros(pZip, cur_archive_file_ofs, num_alignment_padding_bytes))
     {
         return mz_zip_set_error(pZip, MZ_ZIP_FILE_WRITE_FAILED);
     }
@@ -6033,59 +6033,59 @@ mz_bool mz_zip_writer_add_cfile(mz_zip_archive *pZip, const char *pArchive_name,
     cur_archive_file_ofs += num_alignment_padding_bytes;
     local_dir_header_ofs = cur_archive_file_ofs;
 
-    if (pZip->m_file_offset_alignment)
+    if(pZip->m_file_offset_alignment)
     {
         MZ_ASSERT((cur_archive_file_ofs & (pZip->m_file_offset_alignment - 1)) == 0);
     }
 
-    if (uncomp_size && level)
+    if(uncomp_size && level)
     {
         method = MZ_DEFLATED;
     }
 
     MZ_CLEAR_OBJ(local_dir_header);
-    if (pState->m_zip64)
+    if(pState->m_zip64)
     {
-        if (uncomp_size >= MZ_UINT32_MAX || local_dir_header_ofs >= MZ_UINT32_MAX)
+        if(uncomp_size >= MZ_UINT32_MAX || local_dir_header_ofs >= MZ_UINT32_MAX)
         {
             pExtra_data = extra_data;
             extra_size = mz_zip_writer_create_zip64_extra_data(extra_data, (uncomp_size >= MZ_UINT32_MAX) ? &uncomp_size : NULL,
                                                                (uncomp_size >= MZ_UINT32_MAX) ? &comp_size : NULL, (local_dir_header_ofs >= MZ_UINT32_MAX) ? &local_dir_header_ofs : NULL);
         }
 
-        if (!mz_zip_writer_create_local_dir_header(pZip, local_dir_header, (mz_uint16)archive_name_size, extra_size + user_extra_data_len, 0, 0, 0, method, gen_flags, dos_time, dos_date))
+        if(!mz_zip_writer_create_local_dir_header(pZip, local_dir_header, (mz_uint16)archive_name_size, extra_size + user_extra_data_len, 0, 0, 0, method, gen_flags, dos_time, dos_date))
             return mz_zip_set_error(pZip, MZ_ZIP_INTERNAL_ERROR);
 
-        if (pZip->m_pWrite(pZip->m_pIO_opaque, cur_archive_file_ofs, local_dir_header, sizeof(local_dir_header)) != sizeof(local_dir_header))
+        if(pZip->m_pWrite(pZip->m_pIO_opaque, cur_archive_file_ofs, local_dir_header, sizeof(local_dir_header)) != sizeof(local_dir_header))
             return mz_zip_set_error(pZip, MZ_ZIP_FILE_WRITE_FAILED);
 
         cur_archive_file_ofs += sizeof(local_dir_header);
 
-        if (pZip->m_pWrite(pZip->m_pIO_opaque, cur_archive_file_ofs, pArchive_name, archive_name_size) != archive_name_size)
+        if(pZip->m_pWrite(pZip->m_pIO_opaque, cur_archive_file_ofs, pArchive_name, archive_name_size) != archive_name_size)
         {
             return mz_zip_set_error(pZip, MZ_ZIP_FILE_WRITE_FAILED);
         }
 
         cur_archive_file_ofs += archive_name_size;
 
-        if (pZip->m_pWrite(pZip->m_pIO_opaque, cur_archive_file_ofs, extra_data, extra_size) != extra_size)
+        if(pZip->m_pWrite(pZip->m_pIO_opaque, cur_archive_file_ofs, extra_data, extra_size) != extra_size)
             return mz_zip_set_error(pZip, MZ_ZIP_FILE_WRITE_FAILED);
 
         cur_archive_file_ofs += extra_size;
     }
     else
     {
-        if ((comp_size > MZ_UINT32_MAX) || (cur_archive_file_ofs > MZ_UINT32_MAX))
+        if((comp_size > MZ_UINT32_MAX) || (cur_archive_file_ofs > MZ_UINT32_MAX))
             return mz_zip_set_error(pZip, MZ_ZIP_ARCHIVE_TOO_LARGE);
-        if (!mz_zip_writer_create_local_dir_header(pZip, local_dir_header, (mz_uint16)archive_name_size, user_extra_data_len, 0, 0, 0, method, gen_flags, dos_time, dos_date))
+        if(!mz_zip_writer_create_local_dir_header(pZip, local_dir_header, (mz_uint16)archive_name_size, user_extra_data_len, 0, 0, 0, method, gen_flags, dos_time, dos_date))
             return mz_zip_set_error(pZip, MZ_ZIP_INTERNAL_ERROR);
 
-        if (pZip->m_pWrite(pZip->m_pIO_opaque, cur_archive_file_ofs, local_dir_header, sizeof(local_dir_header)) != sizeof(local_dir_header))
+        if(pZip->m_pWrite(pZip->m_pIO_opaque, cur_archive_file_ofs, local_dir_header, sizeof(local_dir_header)) != sizeof(local_dir_header))
             return mz_zip_set_error(pZip, MZ_ZIP_FILE_WRITE_FAILED);
 
         cur_archive_file_ofs += sizeof(local_dir_header);
 
-        if (pZip->m_pWrite(pZip->m_pIO_opaque, cur_archive_file_ofs, pArchive_name, archive_name_size) != archive_name_size)
+        if(pZip->m_pWrite(pZip->m_pIO_opaque, cur_archive_file_ofs, pArchive_name, archive_name_size) != archive_name_size)
         {
             return mz_zip_set_error(pZip, MZ_ZIP_FILE_WRITE_FAILED);
         }
@@ -6093,29 +6093,29 @@ mz_bool mz_zip_writer_add_cfile(mz_zip_archive *pZip, const char *pArchive_name,
         cur_archive_file_ofs += archive_name_size;
     }
 
-    if (user_extra_data_len > 0)
+    if(user_extra_data_len > 0)
     {
-        if (pZip->m_pWrite(pZip->m_pIO_opaque, cur_archive_file_ofs, user_extra_data, user_extra_data_len) != user_extra_data_len)
+        if(pZip->m_pWrite(pZip->m_pIO_opaque, cur_archive_file_ofs, user_extra_data, user_extra_data_len) != user_extra_data_len)
             return mz_zip_set_error(pZip, MZ_ZIP_FILE_WRITE_FAILED);
 
         cur_archive_file_ofs += user_extra_data_len;
     }
 
-    if (uncomp_size)
+    if(uncomp_size)
     {
         mz_uint64 uncomp_remaining = uncomp_size;
         void *pRead_buf = pZip->m_pAlloc(pZip->m_pAlloc_opaque, 1, MZ_ZIP_MAX_IO_BUF_SIZE);
-        if (!pRead_buf)
+        if(!pRead_buf)
         {
             return mz_zip_set_error(pZip, MZ_ZIP_ALLOC_FAILED);
         }
 
-        if (!level)
+        if(!level)
         {
-            while (uncomp_remaining)
+            while(uncomp_remaining)
             {
                 mz_uint n = (mz_uint)MZ_MIN((mz_uint64)MZ_ZIP_MAX_IO_BUF_SIZE, uncomp_remaining);
-                if ((MZ_FREAD(pRead_buf, 1, n, pSrc_file) != n) || (pZip->m_pWrite(pZip->m_pIO_opaque, cur_archive_file_ofs, pRead_buf, n) != n))
+                if((MZ_FREAD(pRead_buf, 1, n, pSrc_file) != n) || (pZip->m_pWrite(pZip->m_pIO_opaque, cur_archive_file_ofs, pRead_buf, n) != n))
                 {
                     pZip->m_pFree(pZip->m_pAlloc_opaque, pRead_buf);
                     return mz_zip_set_error(pZip, MZ_ZIP_FILE_READ_FAILED);
@@ -6131,7 +6131,7 @@ mz_bool mz_zip_writer_add_cfile(mz_zip_archive *pZip, const char *pArchive_name,
             mz_bool result = MZ_FALSE;
             mz_zip_writer_add_state state;
             tdefl_compressor *pComp = (tdefl_compressor *)pZip->m_pAlloc(pZip->m_pAlloc_opaque, 1, sizeof(tdefl_compressor));
-            if (!pComp)
+            if(!pComp)
             {
                 pZip->m_pFree(pZip->m_pAlloc_opaque, pRead_buf);
                 return mz_zip_set_error(pZip, MZ_ZIP_ALLOC_FAILED);
@@ -6141,19 +6141,19 @@ mz_bool mz_zip_writer_add_cfile(mz_zip_archive *pZip, const char *pArchive_name,
             state.m_cur_archive_file_ofs = cur_archive_file_ofs;
             state.m_comp_size = 0;
 
-            if (tdefl_init(pComp, mz_zip_writer_add_put_buf_callback, &state, tdefl_create_comp_flags_from_zip_params(level, -15, MZ_DEFAULT_STRATEGY)) != TDEFL_STATUS_OKAY)
+            if(tdefl_init(pComp, mz_zip_writer_add_put_buf_callback, &state, tdefl_create_comp_flags_from_zip_params(level, -15, MZ_DEFAULT_STRATEGY)) != TDEFL_STATUS_OKAY)
             {
                 pZip->m_pFree(pZip->m_pAlloc_opaque, pComp);
                 pZip->m_pFree(pZip->m_pAlloc_opaque, pRead_buf);
                 return mz_zip_set_error(pZip, MZ_ZIP_INTERNAL_ERROR);
             }
 
-            for (;;)
+            for(;;)
             {
                 size_t in_buf_size = (mz_uint32)MZ_MIN(uncomp_remaining, (mz_uint64)MZ_ZIP_MAX_IO_BUF_SIZE);
                 tdefl_status status;
 
-                if (MZ_FREAD(pRead_buf, 1, in_buf_size, pSrc_file) != in_buf_size)
+                if(MZ_FREAD(pRead_buf, 1, in_buf_size, pSrc_file) != in_buf_size)
                 {
                     mz_zip_set_error(pZip, MZ_ZIP_FILE_READ_FAILED);
                     break;
@@ -6163,12 +6163,12 @@ mz_bool mz_zip_writer_add_cfile(mz_zip_archive *pZip, const char *pArchive_name,
                 uncomp_remaining -= in_buf_size;
 
                 status = tdefl_compress_buffer(pComp, pRead_buf, in_buf_size, uncomp_remaining ? TDEFL_NO_FLUSH : TDEFL_FINISH);
-                if (status == TDEFL_STATUS_DONE)
+                if(status == TDEFL_STATUS_DONE)
                 {
                     result = MZ_TRUE;
                     break;
                 }
-                else if (status != TDEFL_STATUS_OKAY)
+                else if(status != TDEFL_STATUS_OKAY)
                 {
                     mz_zip_set_error(pZip, MZ_ZIP_COMPRESSION_FAILED);
                     break;
@@ -6177,7 +6177,7 @@ mz_bool mz_zip_writer_add_cfile(mz_zip_archive *pZip, const char *pArchive_name,
 
             pZip->m_pFree(pZip->m_pAlloc_opaque, pComp);
 
-            if (!result)
+            if(!result)
             {
                 pZip->m_pFree(pZip->m_pAlloc_opaque, pRead_buf);
                 return MZ_FALSE;
@@ -6195,9 +6195,9 @@ mz_bool mz_zip_writer_add_cfile(mz_zip_archive *pZip, const char *pArchive_name,
 
     MZ_WRITE_LE32(local_dir_footer + 0, MZ_ZIP_DATA_DESCRIPTOR_ID);
     MZ_WRITE_LE32(local_dir_footer + 4, uncomp_crc32);
-    if (pExtra_data == NULL)
+    if(pExtra_data == NULL)
     {
-        if (comp_size > MZ_UINT32_MAX)
+        if(comp_size > MZ_UINT32_MAX)
             return mz_zip_set_error(pZip, MZ_ZIP_ARCHIVE_TOO_LARGE);
 
         MZ_WRITE_LE32(local_dir_footer + 8, comp_size);
@@ -6210,18 +6210,18 @@ mz_bool mz_zip_writer_add_cfile(mz_zip_archive *pZip, const char *pArchive_name,
         local_dir_footer_size = MZ_ZIP_DATA_DESCRIPTER_SIZE64;
     }
 
-    if (pZip->m_pWrite(pZip->m_pIO_opaque, cur_archive_file_ofs, local_dir_footer, local_dir_footer_size) != local_dir_footer_size)
+    if(pZip->m_pWrite(pZip->m_pIO_opaque, cur_archive_file_ofs, local_dir_footer, local_dir_footer_size) != local_dir_footer_size)
         return MZ_FALSE;
 
     cur_archive_file_ofs += local_dir_footer_size;
 
-    if (pExtra_data != NULL)
+    if(pExtra_data != NULL)
     {
         extra_size = mz_zip_writer_create_zip64_extra_data(extra_data, (uncomp_size >= MZ_UINT32_MAX) ? &uncomp_size : NULL,
                                                            (uncomp_size >= MZ_UINT32_MAX) ? &comp_size : NULL, (local_dir_header_ofs >= MZ_UINT32_MAX) ? &local_dir_header_ofs : NULL);
     }
 
-    if (!mz_zip_writer_add_to_central_dir(pZip, pArchive_name, (mz_uint16)archive_name_size, pExtra_data, extra_size, pComment, comment_size,
+    if(!mz_zip_writer_add_to_central_dir(pZip, pArchive_name, (mz_uint16)archive_name_size, pExtra_data, extra_size, pComment, comment_size,
                                           uncomp_size, comp_size, uncomp_crc32, method, gen_flags, dos_time, dos_date, local_dir_header_ofs, ext_attributes,
                                           user_extra_data_central, user_extra_data_central_len))
         return MZ_FALSE;
@@ -6243,12 +6243,12 @@ mz_bool mz_zip_writer_add_file(mz_zip_archive *pZip, const char *pArchive_name,
 
 #if !defined(MINIZ_NO_TIME) && !defined(MINIZ_NO_STDIO)
     pFile_time = &file_modified_time;
-    if (!mz_zip_get_file_modified_time(pSrc_filename, &file_modified_time))
+    if(!mz_zip_get_file_modified_time(pSrc_filename, &file_modified_time))
         return mz_zip_set_error(pZip, MZ_ZIP_FILE_STAT_FAILED);
 #endif
 
     pSrc_file = MZ_FOPEN(pSrc_filename, "rb");
-    if (!pSrc_file)
+    if(!pSrc_file)
         return mz_zip_set_error(pZip, MZ_ZIP_FILE_OPEN_FAILED);
 
     MZ_FSEEK64(pSrc_file, 0, SEEK_END);
@@ -6266,12 +6266,12 @@ mz_bool mz_zip_writer_add_file(mz_zip_archive *pZip, const char *pArchive_name,
 static mz_bool mz_zip_writer_update_zip64_extension_block(mz_zip_array *pNew_ext, mz_zip_archive *pZip, const mz_uint8 *pExt, uint32_t ext_len, mz_uint64 *pComp_size, mz_uint64 *pUncomp_size, mz_uint64 *pLocal_header_ofs, mz_uint32 *pDisk_start)
 {
     /* + 64 should be enough for any new zip64 data */
-    if (!mz_zip_array_reserve(pZip, pNew_ext, ext_len + 64, MZ_FALSE))
+    if(!mz_zip_array_reserve(pZip, pNew_ext, ext_len + 64, MZ_FALSE))
         return mz_zip_set_error(pZip, MZ_ZIP_ALLOC_FAILED);
 
     mz_zip_array_resize(pZip, pNew_ext, 0, MZ_FALSE);
 
-    if ((pUncomp_size) || (pComp_size) || (pLocal_header_ofs) || (pDisk_start))
+    if((pUncomp_size) || (pComp_size) || (pLocal_header_ofs) || (pDisk_start))
     {
         mz_uint8 new_ext_block[64];
         mz_uint8 *pDst = new_ext_block;
@@ -6279,25 +6279,25 @@ static mz_bool mz_zip_writer_update_zip64_extension_block(mz_zip_array *pNew_ext
         mz_write_le16(pDst + sizeof(mz_uint16), 0);
         pDst += sizeof(mz_uint16) * 2;
 
-        if (pUncomp_size)
+        if(pUncomp_size)
         {
             mz_write_le64(pDst, *pUncomp_size);
             pDst += sizeof(mz_uint64);
         }
 
-        if (pComp_size)
+        if(pComp_size)
         {
             mz_write_le64(pDst, *pComp_size);
             pDst += sizeof(mz_uint64);
         }
 
-        if (pLocal_header_ofs)
+        if(pLocal_header_ofs)
         {
             mz_write_le64(pDst, *pLocal_header_ofs);
             pDst += sizeof(mz_uint64);
         }
 
-        if (pDisk_start)
+        if(pDisk_start)
         {
             mz_write_le32(pDst, *pDisk_start);
             pDst += sizeof(mz_uint32);
@@ -6305,11 +6305,11 @@ static mz_bool mz_zip_writer_update_zip64_extension_block(mz_zip_array *pNew_ext
 
         mz_write_le16(new_ext_block + sizeof(mz_uint16), (mz_uint16)((pDst - new_ext_block) - sizeof(mz_uint16) * 2));
 
-        if (!mz_zip_array_push_back(pZip, pNew_ext, new_ext_block, pDst - new_ext_block))
+        if(!mz_zip_array_push_back(pZip, pNew_ext, new_ext_block, pDst - new_ext_block))
             return mz_zip_set_error(pZip, MZ_ZIP_ALLOC_FAILED);
     }
 
-    if ((pExt) && (ext_len))
+    if((pExt) && (ext_len))
     {
         mz_uint32 extra_size_remaining = ext_len;
         const mz_uint8 *pExtra_data = pExt;
@@ -6318,25 +6318,25 @@ static mz_bool mz_zip_writer_update_zip64_extension_block(mz_zip_array *pNew_ext
         {
             mz_uint32 field_id, field_data_size, field_total_size;
 
-            if (extra_size_remaining < (sizeof(mz_uint16) * 2))
+            if(extra_size_remaining < (sizeof(mz_uint16) * 2))
                 return mz_zip_set_error(pZip, MZ_ZIP_INVALID_HEADER_OR_CORRUPTED);
 
             field_id = MZ_READ_LE16(pExtra_data);
             field_data_size = MZ_READ_LE16(pExtra_data + sizeof(mz_uint16));
             field_total_size = field_data_size + sizeof(mz_uint16) * 2;
 
-            if (field_total_size > extra_size_remaining)
+            if(field_total_size > extra_size_remaining)
                 return mz_zip_set_error(pZip, MZ_ZIP_INVALID_HEADER_OR_CORRUPTED);
 
-            if (field_id != MZ_ZIP64_EXTENDED_INFORMATION_FIELD_HEADER_ID)
+            if(field_id != MZ_ZIP64_EXTENDED_INFORMATION_FIELD_HEADER_ID)
             {
-                if (!mz_zip_array_push_back(pZip, pNew_ext, pExtra_data, field_total_size))
+                if(!mz_zip_array_push_back(pZip, pNew_ext, pExtra_data, field_total_size))
                     return mz_zip_set_error(pZip, MZ_ZIP_ALLOC_FAILED);
             }
 
             pExtra_data += field_total_size;
             extra_size_remaining -= field_total_size;
-        } while (extra_size_remaining);
+        } while(extra_size_remaining);
     }
 
     return MZ_TRUE;
@@ -6362,20 +6362,20 @@ mz_bool mz_zip_writer_add_from_zip_reader(mz_zip_archive *pZip, mz_zip_archive *
     mz_bool found_zip64_ext_data_in_ldir = MZ_FALSE;
 
     /* Sanity checks */
-    if ((!pZip) || (!pZip->m_pState) || (pZip->m_zip_mode != MZ_ZIP_MODE_WRITING) || (!pSource_zip->m_pRead))
+    if((!pZip) || (!pZip->m_pState) || (pZip->m_zip_mode != MZ_ZIP_MODE_WRITING) || (!pSource_zip->m_pRead))
         return mz_zip_set_error(pZip, MZ_ZIP_INVALID_PARAMETER);
 
     pState = pZip->m_pState;
 
     /* Don't support copying files from zip64 archives to non-zip64, even though in some cases this is possible */
-    if ((pSource_zip->m_pState->m_zip64) && (!pZip->m_pState->m_zip64))
+    if((pSource_zip->m_pState->m_zip64) && (!pZip->m_pState->m_zip64))
         return mz_zip_set_error(pZip, MZ_ZIP_INVALID_PARAMETER);
 
     /* Get pointer to the source central dir header and crack it */
-    if (NULL == (pSrc_central_header = mz_zip_get_cdh(pSource_zip, src_file_index)))
+    if(NULL == (pSrc_central_header = mz_zip_get_cdh(pSource_zip, src_file_index)))
         return mz_zip_set_error(pZip, MZ_ZIP_INVALID_PARAMETER);
 
-    if (MZ_READ_LE32(pSrc_central_header + MZ_ZIP_CDH_SIG_OFS) != MZ_ZIP_CENTRAL_DIR_HEADER_SIG)
+    if(MZ_READ_LE32(pSrc_central_header + MZ_ZIP_CDH_SIG_OFS) != MZ_ZIP_CENTRAL_DIR_HEADER_SIG)
         return mz_zip_set_error(pZip, MZ_ZIP_INVALID_HEADER_OR_CORRUPTED);
 
     src_filename_len = MZ_READ_LE16(pSrc_central_header + MZ_ZIP_CDH_FILENAME_LEN_OFS);
@@ -6384,34 +6384,34 @@ mz_bool mz_zip_writer_add_from_zip_reader(mz_zip_archive *pZip, mz_zip_archive *
     src_central_dir_following_data_size = src_filename_len + src_ext_len + src_comment_len;
 
     /* TODO: We don't support central dir's >= MZ_UINT32_MAX bytes right now (+32 fudge factor in case we need to add more extra data) */
-    if ((pState->m_central_dir.m_size + MZ_ZIP_CENTRAL_DIR_HEADER_SIZE + src_central_dir_following_data_size + 32) >= MZ_UINT32_MAX)
+    if((pState->m_central_dir.m_size + MZ_ZIP_CENTRAL_DIR_HEADER_SIZE + src_central_dir_following_data_size + 32) >= MZ_UINT32_MAX)
         return mz_zip_set_error(pZip, MZ_ZIP_UNSUPPORTED_CDIR_SIZE);
 
     num_alignment_padding_bytes = mz_zip_writer_compute_padding_needed_for_file_alignment(pZip);
 
-    if (!pState->m_zip64)
+    if(!pState->m_zip64)
     {
-        if (pZip->m_total_files == MZ_UINT16_MAX)
+        if(pZip->m_total_files == MZ_UINT16_MAX)
             return mz_zip_set_error(pZip, MZ_ZIP_TOO_MANY_FILES);
     }
     else
     {
         /* TODO: Our zip64 support still has some 32-bit limits that may not be worth fixing. */
-        if (pZip->m_total_files == MZ_UINT32_MAX)
+        if(pZip->m_total_files == MZ_UINT32_MAX)
             return mz_zip_set_error(pZip, MZ_ZIP_TOO_MANY_FILES);
     }
 
-    if (!mz_zip_file_stat_internal(pSource_zip, src_file_index, pSrc_central_header, &src_file_stat, NULL))
+    if(!mz_zip_file_stat_internal(pSource_zip, src_file_index, pSrc_central_header, &src_file_stat, NULL))
         return MZ_FALSE;
 
     cur_src_file_ofs = src_file_stat.m_local_header_ofs;
     cur_dst_file_ofs = pZip->m_archive_size;
 
     /* Read the source archive's local dir header */
-    if (pSource_zip->m_pRead(pSource_zip->m_pIO_opaque, cur_src_file_ofs, pLocal_header, MZ_ZIP_LOCAL_DIR_HEADER_SIZE) != MZ_ZIP_LOCAL_DIR_HEADER_SIZE)
+    if(pSource_zip->m_pRead(pSource_zip->m_pIO_opaque, cur_src_file_ofs, pLocal_header, MZ_ZIP_LOCAL_DIR_HEADER_SIZE) != MZ_ZIP_LOCAL_DIR_HEADER_SIZE)
         return mz_zip_set_error(pZip, MZ_ZIP_FILE_READ_FAILED);
 
-    if (MZ_READ_LE32(pLocal_header) != MZ_ZIP_LOCAL_DIR_HEADER_SIG)
+    if(MZ_READ_LE32(pLocal_header) != MZ_ZIP_LOCAL_DIR_HEADER_SIG)
         return mz_zip_set_error(pZip, MZ_ZIP_INVALID_HEADER_OR_CORRUPTED);
 
     cur_src_file_ofs += MZ_ZIP_LOCAL_DIR_HEADER_SIZE;
@@ -6424,16 +6424,16 @@ mz_bool mz_zip_writer_add_from_zip_reader(mz_zip_archive *pZip, mz_zip_archive *
     src_archive_bytes_remaining = local_header_filename_size + local_header_extra_len + src_file_stat.m_comp_size;
 
     /* Try to find a zip64 extended information field */
-    if ((local_header_extra_len) && ((local_header_comp_size == MZ_UINT32_MAX) || (local_header_uncomp_size == MZ_UINT32_MAX)))
+    if((local_header_extra_len) && ((local_header_comp_size == MZ_UINT32_MAX) || (local_header_uncomp_size == MZ_UINT32_MAX)))
     {
         mz_zip_array file_data_array;
         mz_zip_array_init(&file_data_array, 1);
-        if (!mz_zip_array_resize(pZip, &file_data_array, local_header_extra_len, MZ_FALSE))
+        if(!mz_zip_array_resize(pZip, &file_data_array, local_header_extra_len, MZ_FALSE))
         {
             return mz_zip_set_error(pZip, MZ_ZIP_ALLOC_FAILED);
         }
 
-        if (pSource_zip->m_pRead(pSource_zip->m_pIO_opaque, src_file_stat.m_local_header_ofs + MZ_ZIP_LOCAL_DIR_HEADER_SIZE + local_header_filename_size, file_data_array.m_p, local_header_extra_len) != local_header_extra_len)
+        if(pSource_zip->m_pRead(pSource_zip->m_pIO_opaque, src_file_stat.m_local_header_ofs + MZ_ZIP_LOCAL_DIR_HEADER_SIZE + local_header_filename_size, file_data_array.m_p, local_header_extra_len) != local_header_extra_len)
         {
             mz_zip_array_clear(pZip, &file_data_array);
             return mz_zip_set_error(pZip, MZ_ZIP_FILE_READ_FAILED);
@@ -6446,7 +6446,7 @@ mz_bool mz_zip_writer_add_from_zip_reader(mz_zip_archive *pZip, mz_zip_archive *
         {
             mz_uint32 field_id, field_data_size, field_total_size;
 
-            if (extra_size_remaining < (sizeof(mz_uint16) * 2))
+            if(extra_size_remaining < (sizeof(mz_uint16) * 2))
             {
                 mz_zip_array_clear(pZip, &file_data_array);
                 return mz_zip_set_error(pZip, MZ_ZIP_INVALID_HEADER_OR_CORRUPTED);
@@ -6456,17 +6456,17 @@ mz_bool mz_zip_writer_add_from_zip_reader(mz_zip_archive *pZip, mz_zip_archive *
             field_data_size = MZ_READ_LE16(pExtra_data + sizeof(mz_uint16));
             field_total_size = field_data_size + sizeof(mz_uint16) * 2;
 
-            if (field_total_size > extra_size_remaining)
+            if(field_total_size > extra_size_remaining)
             {
                 mz_zip_array_clear(pZip, &file_data_array);
                 return mz_zip_set_error(pZip, MZ_ZIP_INVALID_HEADER_OR_CORRUPTED);
             }
 
-            if (field_id == MZ_ZIP64_EXTENDED_INFORMATION_FIELD_HEADER_ID)
+            if(field_id == MZ_ZIP64_EXTENDED_INFORMATION_FIELD_HEADER_ID)
             {
                 const mz_uint8 *pSrc_field_data = pExtra_data + sizeof(mz_uint32);
 
-                if (field_data_size < sizeof(mz_uint64) * 2)
+                if(field_data_size < sizeof(mz_uint64) * 2)
                 {
                     mz_zip_array_clear(pZip, &file_data_array);
                     return mz_zip_set_error(pZip, MZ_ZIP_INVALID_HEADER_OR_CORRUPTED);
@@ -6481,55 +6481,55 @@ mz_bool mz_zip_writer_add_from_zip_reader(mz_zip_archive *pZip, mz_zip_archive *
 
             pExtra_data += field_total_size;
             extra_size_remaining -= field_total_size;
-        } while (extra_size_remaining);
+        } while(extra_size_remaining);
 
         mz_zip_array_clear(pZip, &file_data_array);
     }
 
-    if (!pState->m_zip64)
+    if(!pState->m_zip64)
     {
         /* Try to detect if the new archive will most likely wind up too big and bail early (+(sizeof(mz_uint32) * 4) is for the optional descriptor which could be present, +64 is a fudge factor). */
         /* We also check when the archive is finalized so this doesn't need to be perfect. */
         mz_uint64 approx_new_archive_size = cur_dst_file_ofs + num_alignment_padding_bytes + MZ_ZIP_LOCAL_DIR_HEADER_SIZE + src_archive_bytes_remaining + (sizeof(mz_uint32) * 4) +
                                             pState->m_central_dir.m_size + MZ_ZIP_CENTRAL_DIR_HEADER_SIZE + src_central_dir_following_data_size + MZ_ZIP_END_OF_CENTRAL_DIR_HEADER_SIZE + 64;
 
-        if (approx_new_archive_size >= MZ_UINT32_MAX)
+        if(approx_new_archive_size >= MZ_UINT32_MAX)
             return mz_zip_set_error(pZip, MZ_ZIP_ARCHIVE_TOO_LARGE);
     }
 
     /* Write dest archive padding */
-    if (!mz_zip_writer_write_zeros(pZip, cur_dst_file_ofs, num_alignment_padding_bytes))
+    if(!mz_zip_writer_write_zeros(pZip, cur_dst_file_ofs, num_alignment_padding_bytes))
         return MZ_FALSE;
 
     cur_dst_file_ofs += num_alignment_padding_bytes;
 
     local_dir_header_ofs = cur_dst_file_ofs;
-    if (pZip->m_file_offset_alignment)
+    if(pZip->m_file_offset_alignment)
     {
         MZ_ASSERT((local_dir_header_ofs & (pZip->m_file_offset_alignment - 1)) == 0);
     }
 
     /* The original zip's local header+ext block doesn't change, even with zip64, so we can just copy it over to the dest zip */
-    if (pZip->m_pWrite(pZip->m_pIO_opaque, cur_dst_file_ofs, pLocal_header, MZ_ZIP_LOCAL_DIR_HEADER_SIZE) != MZ_ZIP_LOCAL_DIR_HEADER_SIZE)
+    if(pZip->m_pWrite(pZip->m_pIO_opaque, cur_dst_file_ofs, pLocal_header, MZ_ZIP_LOCAL_DIR_HEADER_SIZE) != MZ_ZIP_LOCAL_DIR_HEADER_SIZE)
         return mz_zip_set_error(pZip, MZ_ZIP_FILE_WRITE_FAILED);
 
     cur_dst_file_ofs += MZ_ZIP_LOCAL_DIR_HEADER_SIZE;
 
     /* Copy over the source archive bytes to the dest archive, also ensure we have enough buf space to handle optional data descriptor */
-    if (NULL == (pBuf = pZip->m_pAlloc(pZip->m_pAlloc_opaque, 1, (size_t)MZ_MAX(32U, MZ_MIN((mz_uint64)MZ_ZIP_MAX_IO_BUF_SIZE, src_archive_bytes_remaining)))))
+    if(NULL == (pBuf = pZip->m_pAlloc(pZip->m_pAlloc_opaque, 1, (size_t)MZ_MAX(32U, MZ_MIN((mz_uint64)MZ_ZIP_MAX_IO_BUF_SIZE, src_archive_bytes_remaining)))))
         return mz_zip_set_error(pZip, MZ_ZIP_ALLOC_FAILED);
 
-    while (src_archive_bytes_remaining)
+    while(src_archive_bytes_remaining)
     {
         n = (mz_uint)MZ_MIN((mz_uint64)MZ_ZIP_MAX_IO_BUF_SIZE, src_archive_bytes_remaining);
-        if (pSource_zip->m_pRead(pSource_zip->m_pIO_opaque, cur_src_file_ofs, pBuf, n) != n)
+        if(pSource_zip->m_pRead(pSource_zip->m_pIO_opaque, cur_src_file_ofs, pBuf, n) != n)
         {
             pZip->m_pFree(pZip->m_pAlloc_opaque, pBuf);
             return mz_zip_set_error(pZip, MZ_ZIP_FILE_READ_FAILED);
         }
         cur_src_file_ofs += n;
 
-        if (pZip->m_pWrite(pZip->m_pIO_opaque, cur_dst_file_ofs, pBuf, n) != n)
+        if(pZip->m_pWrite(pZip->m_pIO_opaque, cur_dst_file_ofs, pBuf, n) != n)
         {
             pZip->m_pFree(pZip->m_pAlloc_opaque, pBuf);
             return mz_zip_set_error(pZip, MZ_ZIP_FILE_WRITE_FAILED);
@@ -6541,19 +6541,19 @@ mz_bool mz_zip_writer_add_from_zip_reader(mz_zip_archive *pZip, mz_zip_archive *
 
     /* Now deal with the optional data descriptor */
     bit_flags = MZ_READ_LE16(pLocal_header + MZ_ZIP_LDH_BIT_FLAG_OFS);
-    if (bit_flags & 8)
+    if(bit_flags & 8)
     {
         /* Copy data descriptor */
-        if ((pSource_zip->m_pState->m_zip64) || (found_zip64_ext_data_in_ldir))
+        if((pSource_zip->m_pState->m_zip64) || (found_zip64_ext_data_in_ldir))
         {
             /* src is zip64, dest must be zip64 */
 
-            /* name			uint32_t's */
-            /* id				1 (optional in zip64?) */
-            /* crc			1 */
-            /* comp_size	2 */
+            /* name  		uint32_t's */
+            /* id  			1 (optional in zip64?) */
+            /* crc  		1 */
+            /* comp_size  2 */
             /* uncomp_size 2 */
-            if (pSource_zip->m_pRead(pSource_zip->m_pIO_opaque, cur_src_file_ofs, pBuf, (sizeof(mz_uint32) * 6)) != (sizeof(mz_uint32) * 6))
+            if(pSource_zip->m_pRead(pSource_zip->m_pIO_opaque, cur_src_file_ofs, pBuf, (sizeof(mz_uint32) * 6)) != (sizeof(mz_uint32) * 6))
             {
                 pZip->m_pFree(pZip->m_pAlloc_opaque, pBuf);
                 return mz_zip_set_error(pZip, MZ_ZIP_FILE_READ_FAILED);
@@ -6566,7 +6566,7 @@ mz_bool mz_zip_writer_add_from_zip_reader(mz_zip_archive *pZip, mz_zip_archive *
             /* src is NOT zip64 */
             mz_bool has_id;
 
-            if (pSource_zip->m_pRead(pSource_zip->m_pIO_opaque, cur_src_file_ofs, pBuf, sizeof(mz_uint32) * 4) != sizeof(mz_uint32) * 4)
+            if(pSource_zip->m_pRead(pSource_zip->m_pIO_opaque, cur_src_file_ofs, pBuf, sizeof(mz_uint32) * 4) != sizeof(mz_uint32) * 4)
             {
                 pZip->m_pFree(pZip->m_pAlloc_opaque, pBuf);
                 return mz_zip_set_error(pZip, MZ_ZIP_FILE_READ_FAILED);
@@ -6574,7 +6574,7 @@ mz_bool mz_zip_writer_add_from_zip_reader(mz_zip_archive *pZip, mz_zip_archive *
 
             has_id = (MZ_READ_LE32(pBuf) == MZ_ZIP_DATA_DESCRIPTOR_ID);
 
-            if (pZip->m_pState->m_zip64)
+            if(pZip->m_pState->m_zip64)
             {
                 /* dest is zip64, so upgrade the data descriptor */
                 const mz_uint32 *pSrc_descriptor = (const mz_uint32 *)((const mz_uint8 *)pBuf + (has_id ? sizeof(mz_uint32) : 0));
@@ -6596,7 +6596,7 @@ mz_bool mz_zip_writer_add_from_zip_reader(mz_zip_archive *pZip, mz_zip_archive *
             }
         }
 
-        if (pZip->m_pWrite(pZip->m_pIO_opaque, cur_dst_file_ofs, pBuf, n) != n)
+        if(pZip->m_pWrite(pZip->m_pIO_opaque, cur_dst_file_ofs, pBuf, n) != n)
         {
             pZip->m_pFree(pZip->m_pAlloc_opaque, pBuf);
             return mz_zip_set_error(pZip, MZ_ZIP_FILE_WRITE_FAILED);
@@ -6612,7 +6612,7 @@ mz_bool mz_zip_writer_add_from_zip_reader(mz_zip_archive *pZip, mz_zip_archive *
 
     memcpy(new_central_header, pSrc_central_header, MZ_ZIP_CENTRAL_DIR_HEADER_SIZE);
 
-    if (pState->m_zip64)
+    if(pState->m_zip64)
     {
         /* This is the painful part: We need to write a new central dir header + ext block with updated zip64 fields, and ensure the old fields (if any) are not included. */
         const mz_uint8 *pSrc_ext = pSrc_central_header + MZ_ZIP_CENTRAL_DIR_HEADER_SIZE + src_filename_len;
@@ -6624,7 +6624,7 @@ mz_bool mz_zip_writer_add_from_zip_reader(mz_zip_archive *pZip, mz_zip_archive *
         MZ_WRITE_LE32(new_central_header + MZ_ZIP_CDH_DECOMPRESSED_SIZE_OFS, MZ_UINT32_MAX);
         MZ_WRITE_LE32(new_central_header + MZ_ZIP_CDH_LOCAL_HEADER_OFS, MZ_UINT32_MAX);
 
-        if (!mz_zip_writer_update_zip64_extension_block(&new_ext_block, pZip, pSrc_ext, src_ext_len, &src_file_stat.m_comp_size, &src_file_stat.m_uncomp_size, &local_dir_header_ofs, NULL))
+        if(!mz_zip_writer_update_zip64_extension_block(&new_ext_block, pZip, pSrc_ext, src_ext_len, &src_file_stat.m_comp_size, &src_file_stat.m_uncomp_size, &local_dir_header_ofs, NULL))
         {
             mz_zip_array_clear(pZip, &new_ext_block);
             return MZ_FALSE;
@@ -6632,27 +6632,27 @@ mz_bool mz_zip_writer_add_from_zip_reader(mz_zip_archive *pZip, mz_zip_archive *
 
         MZ_WRITE_LE16(new_central_header + MZ_ZIP_CDH_EXTRA_LEN_OFS, new_ext_block.m_size);
 
-        if (!mz_zip_array_push_back(pZip, &pState->m_central_dir, new_central_header, MZ_ZIP_CENTRAL_DIR_HEADER_SIZE))
+        if(!mz_zip_array_push_back(pZip, &pState->m_central_dir, new_central_header, MZ_ZIP_CENTRAL_DIR_HEADER_SIZE))
         {
             mz_zip_array_clear(pZip, &new_ext_block);
             return mz_zip_set_error(pZip, MZ_ZIP_ALLOC_FAILED);
         }
 
-        if (!mz_zip_array_push_back(pZip, &pState->m_central_dir, pSrc_central_header + MZ_ZIP_CENTRAL_DIR_HEADER_SIZE, src_filename_len))
+        if(!mz_zip_array_push_back(pZip, &pState->m_central_dir, pSrc_central_header + MZ_ZIP_CENTRAL_DIR_HEADER_SIZE, src_filename_len))
         {
             mz_zip_array_clear(pZip, &new_ext_block);
             mz_zip_array_resize(pZip, &pState->m_central_dir, orig_central_dir_size, MZ_FALSE);
             return mz_zip_set_error(pZip, MZ_ZIP_ALLOC_FAILED);
         }
 
-        if (!mz_zip_array_push_back(pZip, &pState->m_central_dir, new_ext_block.m_p, new_ext_block.m_size))
+        if(!mz_zip_array_push_back(pZip, &pState->m_central_dir, new_ext_block.m_p, new_ext_block.m_size))
         {
             mz_zip_array_clear(pZip, &new_ext_block);
             mz_zip_array_resize(pZip, &pState->m_central_dir, orig_central_dir_size, MZ_FALSE);
             return mz_zip_set_error(pZip, MZ_ZIP_ALLOC_FAILED);
         }
 
-        if (!mz_zip_array_push_back(pZip, &pState->m_central_dir, pSrc_central_header + MZ_ZIP_CENTRAL_DIR_HEADER_SIZE + src_filename_len + src_ext_len, src_comment_len))
+        if(!mz_zip_array_push_back(pZip, &pState->m_central_dir, pSrc_central_header + MZ_ZIP_CENTRAL_DIR_HEADER_SIZE + src_filename_len + src_ext_len, src_comment_len))
         {
             mz_zip_array_clear(pZip, &new_ext_block);
             mz_zip_array_resize(pZip, &pState->m_central_dir, orig_central_dir_size, MZ_FALSE);
@@ -6664,18 +6664,18 @@ mz_bool mz_zip_writer_add_from_zip_reader(mz_zip_archive *pZip, mz_zip_archive *
     else
     {
         /* sanity checks */
-        if (cur_dst_file_ofs > MZ_UINT32_MAX)
+        if(cur_dst_file_ofs > MZ_UINT32_MAX)
             return mz_zip_set_error(pZip, MZ_ZIP_ARCHIVE_TOO_LARGE);
 
-        if (local_dir_header_ofs >= MZ_UINT32_MAX)
+        if(local_dir_header_ofs >= MZ_UINT32_MAX)
             return mz_zip_set_error(pZip, MZ_ZIP_ARCHIVE_TOO_LARGE);
 
         MZ_WRITE_LE32(new_central_header + MZ_ZIP_CDH_LOCAL_HEADER_OFS, local_dir_header_ofs);
 
-        if (!mz_zip_array_push_back(pZip, &pState->m_central_dir, new_central_header, MZ_ZIP_CENTRAL_DIR_HEADER_SIZE))
+        if(!mz_zip_array_push_back(pZip, &pState->m_central_dir, new_central_header, MZ_ZIP_CENTRAL_DIR_HEADER_SIZE))
             return mz_zip_set_error(pZip, MZ_ZIP_ALLOC_FAILED);
 
-        if (!mz_zip_array_push_back(pZip, &pState->m_central_dir, pSrc_central_header + MZ_ZIP_CENTRAL_DIR_HEADER_SIZE, src_central_dir_following_data_size))
+        if(!mz_zip_array_push_back(pZip, &pState->m_central_dir, pSrc_central_header + MZ_ZIP_CENTRAL_DIR_HEADER_SIZE, src_central_dir_following_data_size))
         {
             mz_zip_array_resize(pZip, &pState->m_central_dir, orig_central_dir_size, MZ_FALSE);
             return mz_zip_set_error(pZip, MZ_ZIP_ALLOC_FAILED);
@@ -6683,7 +6683,7 @@ mz_bool mz_zip_writer_add_from_zip_reader(mz_zip_archive *pZip, mz_zip_archive *
     }
 
     /* This shouldn't trigger unless we screwed up during the initial sanity checks */
-    if (pState->m_central_dir.m_size >= MZ_UINT32_MAX)
+    if(pState->m_central_dir.m_size >= MZ_UINT32_MAX)
     {
         /* TODO: Support central dirs >= 32-bits in size */
         mz_zip_array_resize(pZip, &pState->m_central_dir, orig_central_dir_size, MZ_FALSE);
@@ -6691,7 +6691,7 @@ mz_bool mz_zip_writer_add_from_zip_reader(mz_zip_archive *pZip, mz_zip_archive *
     }
 
     n = (mz_uint32)orig_central_dir_size;
-    if (!mz_zip_array_push_back(pZip, &pState->m_central_dir_offsets, &n, 1))
+    if(!mz_zip_array_push_back(pZip, &pState->m_central_dir_offsets, &n, 1))
     {
         mz_zip_array_resize(pZip, &pState->m_central_dir, orig_central_dir_size, MZ_FALSE);
         return mz_zip_set_error(pZip, MZ_ZIP_ALLOC_FAILED);
@@ -6709,37 +6709,37 @@ mz_bool mz_zip_writer_finalize_archive(mz_zip_archive *pZip)
     mz_uint64 central_dir_ofs, central_dir_size;
     mz_uint8 hdr[256];
 
-    if ((!pZip) || (!pZip->m_pState) || (pZip->m_zip_mode != MZ_ZIP_MODE_WRITING))
+    if((!pZip) || (!pZip->m_pState) || (pZip->m_zip_mode != MZ_ZIP_MODE_WRITING))
         return mz_zip_set_error(pZip, MZ_ZIP_INVALID_PARAMETER);
 
     pState = pZip->m_pState;
 
-    if (pState->m_zip64)
+    if(pState->m_zip64)
     {
-        if ((pZip->m_total_files > MZ_UINT32_MAX) || (pState->m_central_dir.m_size >= MZ_UINT32_MAX))
+        if((pZip->m_total_files > MZ_UINT32_MAX) || (pState->m_central_dir.m_size >= MZ_UINT32_MAX))
             return mz_zip_set_error(pZip, MZ_ZIP_TOO_MANY_FILES);
     }
     else
     {
-        if ((pZip->m_total_files > MZ_UINT16_MAX) || ((pZip->m_archive_size + pState->m_central_dir.m_size + MZ_ZIP_END_OF_CENTRAL_DIR_HEADER_SIZE) > MZ_UINT32_MAX))
+        if((pZip->m_total_files > MZ_UINT16_MAX) || ((pZip->m_archive_size + pState->m_central_dir.m_size + MZ_ZIP_END_OF_CENTRAL_DIR_HEADER_SIZE) > MZ_UINT32_MAX))
             return mz_zip_set_error(pZip, MZ_ZIP_TOO_MANY_FILES);
     }
 
     central_dir_ofs = 0;
     central_dir_size = 0;
-    if (pZip->m_total_files)
+    if(pZip->m_total_files)
     {
         /* Write central directory */
         central_dir_ofs = pZip->m_archive_size;
         central_dir_size = pState->m_central_dir.m_size;
         pZip->m_central_directory_file_ofs = central_dir_ofs;
-        if (pZip->m_pWrite(pZip->m_pIO_opaque, central_dir_ofs, pState->m_central_dir.m_p, (size_t)central_dir_size) != central_dir_size)
+        if(pZip->m_pWrite(pZip->m_pIO_opaque, central_dir_ofs, pState->m_central_dir.m_p, (size_t)central_dir_size) != central_dir_size)
             return mz_zip_set_error(pZip, MZ_ZIP_FILE_WRITE_FAILED);
 
         pZip->m_archive_size += central_dir_size;
     }
 
-    if (pState->m_zip64)
+    if(pState->m_zip64)
     {
         /* Write zip64 end of central directory header */
         mz_uint64 rel_ofs_to_zip64_ecdr = pZip->m_archive_size;
@@ -6753,7 +6753,7 @@ mz_bool mz_zip_writer_finalize_archive(mz_zip_archive *pZip)
         MZ_WRITE_LE64(hdr + MZ_ZIP64_ECDH_CDIR_TOTAL_ENTRIES_OFS, pZip->m_total_files);
         MZ_WRITE_LE64(hdr + MZ_ZIP64_ECDH_CDIR_SIZE_OFS, central_dir_size);
         MZ_WRITE_LE64(hdr + MZ_ZIP64_ECDH_CDIR_OFS_OFS, central_dir_ofs);
-        if (pZip->m_pWrite(pZip->m_pIO_opaque, pZip->m_archive_size, hdr, MZ_ZIP64_END_OF_CENTRAL_DIR_HEADER_SIZE) != MZ_ZIP64_END_OF_CENTRAL_DIR_HEADER_SIZE)
+        if(pZip->m_pWrite(pZip->m_pIO_opaque, pZip->m_archive_size, hdr, MZ_ZIP64_END_OF_CENTRAL_DIR_HEADER_SIZE) != MZ_ZIP64_END_OF_CENTRAL_DIR_HEADER_SIZE)
             return mz_zip_set_error(pZip, MZ_ZIP_FILE_WRITE_FAILED);
 
         pZip->m_archive_size += MZ_ZIP64_END_OF_CENTRAL_DIR_HEADER_SIZE;
@@ -6763,7 +6763,7 @@ mz_bool mz_zip_writer_finalize_archive(mz_zip_archive *pZip)
         MZ_WRITE_LE32(hdr + MZ_ZIP64_ECDL_SIG_OFS, MZ_ZIP64_END_OF_CENTRAL_DIR_LOCATOR_SIG);
         MZ_WRITE_LE64(hdr + MZ_ZIP64_ECDL_REL_OFS_TO_ZIP64_ECDR_OFS, rel_ofs_to_zip64_ecdr);
         MZ_WRITE_LE32(hdr + MZ_ZIP64_ECDL_TOTAL_NUMBER_OF_DISKS_OFS, 1);
-        if (pZip->m_pWrite(pZip->m_pIO_opaque, pZip->m_archive_size, hdr, MZ_ZIP64_END_OF_CENTRAL_DIR_LOCATOR_SIZE) != MZ_ZIP64_END_OF_CENTRAL_DIR_LOCATOR_SIZE)
+        if(pZip->m_pWrite(pZip->m_pIO_opaque, pZip->m_archive_size, hdr, MZ_ZIP64_END_OF_CENTRAL_DIR_LOCATOR_SIZE) != MZ_ZIP64_END_OF_CENTRAL_DIR_LOCATOR_SIZE)
             return mz_zip_set_error(pZip, MZ_ZIP_FILE_WRITE_FAILED);
 
         pZip->m_archive_size += MZ_ZIP64_END_OF_CENTRAL_DIR_LOCATOR_SIZE;
@@ -6777,11 +6777,11 @@ mz_bool mz_zip_writer_finalize_archive(mz_zip_archive *pZip)
     MZ_WRITE_LE32(hdr + MZ_ZIP_ECDH_CDIR_SIZE_OFS, MZ_MIN(MZ_UINT32_MAX, central_dir_size));
     MZ_WRITE_LE32(hdr + MZ_ZIP_ECDH_CDIR_OFS_OFS, MZ_MIN(MZ_UINT32_MAX, central_dir_ofs));
 
-    if (pZip->m_pWrite(pZip->m_pIO_opaque, pZip->m_archive_size, hdr, MZ_ZIP_END_OF_CENTRAL_DIR_HEADER_SIZE) != MZ_ZIP_END_OF_CENTRAL_DIR_HEADER_SIZE)
+    if(pZip->m_pWrite(pZip->m_pIO_opaque, pZip->m_archive_size, hdr, MZ_ZIP_END_OF_CENTRAL_DIR_HEADER_SIZE) != MZ_ZIP_END_OF_CENTRAL_DIR_HEADER_SIZE)
         return mz_zip_set_error(pZip, MZ_ZIP_FILE_WRITE_FAILED);
 
 #ifndef MINIZ_NO_STDIO
-    if ((pState->m_pFile) && (MZ_FFLUSH(pState->m_pFile) == EOF))
+    if((pState->m_pFile) && (MZ_FFLUSH(pState->m_pFile) == EOF))
         return mz_zip_set_error(pZip, MZ_ZIP_FILE_CLOSE_FAILED);
 #endif /* #ifndef MINIZ_NO_STDIO */
 
@@ -6793,19 +6793,19 @@ mz_bool mz_zip_writer_finalize_archive(mz_zip_archive *pZip)
 
 mz_bool mz_zip_writer_finalize_heap_archive(mz_zip_archive *pZip, void **ppBuf, size_t *pSize)
 {
-    if ((!ppBuf) || (!pSize))
+    if((!ppBuf) || (!pSize))
         return mz_zip_set_error(pZip, MZ_ZIP_INVALID_PARAMETER);
 
     *ppBuf = NULL;
     *pSize = 0;
 
-    if ((!pZip) || (!pZip->m_pState))
+    if((!pZip) || (!pZip->m_pState))
         return mz_zip_set_error(pZip, MZ_ZIP_INVALID_PARAMETER);
 
-    if (pZip->m_pWrite != mz_zip_heap_write_func)
+    if(pZip->m_pWrite != mz_zip_heap_write_func)
         return mz_zip_set_error(pZip, MZ_ZIP_INVALID_PARAMETER);
 
-    if (!mz_zip_writer_finalize_archive(pZip))
+    if(!mz_zip_writer_finalize_archive(pZip))
         return MZ_FALSE;
 
     *ppBuf = pZip->m_pState->m_pMem;
@@ -6835,31 +6835,31 @@ mz_bool mz_zip_add_mem_to_archive_file_in_place_v2(const char *pZip_filename, co
     mz_zip_error actual_err = MZ_ZIP_NO_ERROR;
 
     mz_zip_zero_struct(&zip_archive);
-    if ((int)level_and_flags < 0)
+    if((int)level_and_flags < 0)
         level_and_flags = MZ_DEFAULT_LEVEL;
 
-    if ((!pZip_filename) || (!pArchive_name) || ((buf_size) && (!pBuf)) || ((comment_size) && (!pComment)) || ((level_and_flags & 0xF) > MZ_UBER_COMPRESSION))
+    if((!pZip_filename) || (!pArchive_name) || ((buf_size) && (!pBuf)) || ((comment_size) && (!pComment)) || ((level_and_flags & 0xF) > MZ_UBER_COMPRESSION))
     {
-        if (pErr)
+        if(pErr)
             *pErr = MZ_ZIP_INVALID_PARAMETER;
         return MZ_FALSE;
     }
 
-    if (!mz_zip_writer_validate_archive_name(pArchive_name))
+    if(!mz_zip_writer_validate_archive_name(pArchive_name))
     {
-        if (pErr)
+        if(pErr)
             *pErr = MZ_ZIP_INVALID_FILENAME;
         return MZ_FALSE;
     }
 
     /* Important: The regular non-64 bit version of stat() can fail here if the file is very large, which could cause the archive to be overwritten. */
     /* So be sure to compile with _LARGEFILE64_SOURCE 1 */
-    if (MZ_FILE_STAT(pZip_filename, &file_stat) != 0)
+    if(MZ_FILE_STAT(pZip_filename, &file_stat) != 0)
     {
         /* Create a new archive. */
-        if (!mz_zip_writer_init_file_v2(&zip_archive, pZip_filename, 0, level_and_flags))
+        if(!mz_zip_writer_init_file_v2(&zip_archive, pZip_filename, 0, level_and_flags))
         {
-            if (pErr)
+            if(pErr)
                 *pErr = zip_archive.m_last_error;
             return MZ_FALSE;
         }
@@ -6869,16 +6869,16 @@ mz_bool mz_zip_add_mem_to_archive_file_in_place_v2(const char *pZip_filename, co
     else
     {
         /* Append to an existing archive. */
-        if (!mz_zip_reader_init_file_v2(&zip_archive, pZip_filename, level_and_flags | MZ_ZIP_FLAG_DO_NOT_SORT_CENTRAL_DIRECTORY, 0, 0))
+        if(!mz_zip_reader_init_file_v2(&zip_archive, pZip_filename, level_and_flags | MZ_ZIP_FLAG_DO_NOT_SORT_CENTRAL_DIRECTORY, 0, 0))
         {
-            if (pErr)
+            if(pErr)
                 *pErr = zip_archive.m_last_error;
             return MZ_FALSE;
         }
 
-        if (!mz_zip_writer_init_from_reader_v2(&zip_archive, pZip_filename, level_and_flags))
+        if(!mz_zip_writer_init_from_reader_v2(&zip_archive, pZip_filename, level_and_flags))
         {
-            if (pErr)
+            if(pErr)
                 *pErr = zip_archive.m_last_error;
 
             mz_zip_reader_end_internal(&zip_archive, MZ_FALSE);
@@ -6891,30 +6891,30 @@ mz_bool mz_zip_add_mem_to_archive_file_in_place_v2(const char *pZip_filename, co
     actual_err = zip_archive.m_last_error;
 
     /* Always finalize, even if adding failed for some reason, so we have a valid central directory. (This may not always succeed, but we can try.) */
-    if (!mz_zip_writer_finalize_archive(&zip_archive))
+    if(!mz_zip_writer_finalize_archive(&zip_archive))
     {
-        if (!actual_err)
+        if(!actual_err)
             actual_err = zip_archive.m_last_error;
 
         status = MZ_FALSE;
     }
 
-    if (!mz_zip_writer_end_internal(&zip_archive, status))
+    if(!mz_zip_writer_end_internal(&zip_archive, status))
     {
-        if (!actual_err)
+        if(!actual_err)
             actual_err = zip_archive.m_last_error;
 
         status = MZ_FALSE;
     }
 
-    if ((!status) && (created_new_archive))
+    if((!status) && (created_new_archive))
     {
         /* It's a new archive and something went wrong, so just delete it. */
         int ignoredStatus = MZ_DELETE_FILE(pZip_filename);
         (void)ignoredStatus;
     }
 
-    if (pErr)
+    if(pErr)
         *pErr = actual_err;
 
     return status;
@@ -6926,34 +6926,34 @@ void *mz_zip_extract_archive_file_to_heap_v2(const char *pZip_filename, const ch
     mz_zip_archive zip_archive;
     void *p = NULL;
 
-    if (pSize)
+    if(pSize)
         *pSize = 0;
 
-    if ((!pZip_filename) || (!pArchive_name))
+    if((!pZip_filename) || (!pArchive_name))
     {
-        if (pErr)
+        if(pErr)
             *pErr = MZ_ZIP_INVALID_PARAMETER;
 
         return NULL;
     }
 
     mz_zip_zero_struct(&zip_archive);
-    if (!mz_zip_reader_init_file_v2(&zip_archive, pZip_filename, flags | MZ_ZIP_FLAG_DO_NOT_SORT_CENTRAL_DIRECTORY, 0, 0))
+    if(!mz_zip_reader_init_file_v2(&zip_archive, pZip_filename, flags | MZ_ZIP_FLAG_DO_NOT_SORT_CENTRAL_DIRECTORY, 0, 0))
     {
-        if (pErr)
+        if(pErr)
             *pErr = zip_archive.m_last_error;
 
         return NULL;
     }
 
-    if (mz_zip_reader_locate_file_v2(&zip_archive, pArchive_name, pComment, flags, &file_index))
+    if(mz_zip_reader_locate_file_v2(&zip_archive, pArchive_name, pComment, flags, &file_index))
     {
         p = mz_zip_reader_extract_to_heap(&zip_archive, file_index, pSize, flags);
     }
 
     mz_zip_reader_end_internal(&zip_archive, p != NULL);
 
-    if (pErr)
+    if(pErr)
         *pErr = zip_archive.m_last_error;
 
     return p;
@@ -6984,7 +6984,7 @@ mz_zip_error mz_zip_set_last_error(mz_zip_archive *pZip, mz_zip_error err_num)
 {
     mz_zip_error prev_err;
 
-    if (!pZip)
+    if(!pZip)
         return MZ_ZIP_INVALID_PARAMETER;
 
     prev_err = pZip->m_last_error;
@@ -6995,7 +6995,7 @@ mz_zip_error mz_zip_set_last_error(mz_zip_archive *pZip, mz_zip_error err_num)
 
 mz_zip_error mz_zip_peek_last_error(mz_zip_archive *pZip)
 {
-    if (!pZip)
+    if(!pZip)
         return MZ_ZIP_INVALID_PARAMETER;
 
     return pZip->m_last_error;
@@ -7010,7 +7010,7 @@ mz_zip_error mz_zip_get_last_error(mz_zip_archive *pZip)
 {
     mz_zip_error prev_err;
 
-    if (!pZip)
+    if(!pZip)
         return MZ_ZIP_INVALID_PARAMETER;
 
     prev_err = pZip->m_last_error;
@@ -7021,7 +7021,7 @@ mz_zip_error mz_zip_get_last_error(mz_zip_archive *pZip)
 
 const char *mz_zip_get_error_string(mz_zip_error mz_err)
 {
-    switch (mz_err)
+    switch(mz_err)
     {
         case MZ_ZIP_NO_ERROR:
             return "no error";
@@ -7097,7 +7097,7 @@ const char *mz_zip_get_error_string(mz_zip_error mz_err)
 /* Note: Just because the archive is not zip64 doesn't necessarily mean it doesn't have Zip64 extended information extra field, argh. */
 mz_bool mz_zip_is_zip64(mz_zip_archive *pZip)
 {
-    if ((!pZip) || (!pZip->m_pState))
+    if((!pZip) || (!pZip->m_pState))
         return MZ_FALSE;
 
     return pZip->m_pState->m_zip64;
@@ -7105,7 +7105,7 @@ mz_bool mz_zip_is_zip64(mz_zip_archive *pZip)
 
 size_t mz_zip_get_central_dir_size(mz_zip_archive *pZip)
 {
-    if ((!pZip) || (!pZip->m_pState))
+    if((!pZip) || (!pZip->m_pState))
         return 0;
 
     return pZip->m_pState->m_central_dir.m_size;
@@ -7118,28 +7118,28 @@ mz_uint mz_zip_reader_get_num_files(mz_zip_archive *pZip)
 
 mz_uint64 mz_zip_get_archive_size(mz_zip_archive *pZip)
 {
-    if (!pZip)
+    if(!pZip)
         return 0;
     return pZip->m_archive_size;
 }
 
 mz_uint64 mz_zip_get_archive_file_start_offset(mz_zip_archive *pZip)
 {
-    if ((!pZip) || (!pZip->m_pState))
+    if((!pZip) || (!pZip->m_pState))
         return 0;
     return pZip->m_pState->m_file_archive_start_ofs;
 }
 
 MZ_FILE *mz_zip_get_cfile(mz_zip_archive *pZip)
 {
-    if ((!pZip) || (!pZip->m_pState))
+    if((!pZip) || (!pZip->m_pState))
         return 0;
     return pZip->m_pState->m_pFile;
 }
 
 size_t mz_zip_read_archive_data(mz_zip_archive *pZip, mz_uint64 file_ofs, void *pBuf, size_t n)
 {
-    if ((!pZip) || (!pZip->m_pState) || (!pBuf) || (!pZip->m_pRead))
+    if((!pZip) || (!pZip->m_pState) || (!pBuf) || (!pZip->m_pRead))
         return mz_zip_set_error(pZip, MZ_ZIP_INVALID_PARAMETER);
 
     return pZip->m_pRead(pZip->m_pIO_opaque, file_ofs, pBuf, n);
@@ -7149,15 +7149,15 @@ mz_uint mz_zip_reader_get_filename(mz_zip_archive *pZip, mz_uint file_index, cha
 {
     mz_uint n;
     const mz_uint8 *p = mz_zip_get_cdh(pZip, file_index);
-    if (!p)
+    if(!p)
     {
-        if (filename_buf_size)
+        if(filename_buf_size)
             pFilename[0] = '\0';
         mz_zip_set_error(pZip, MZ_ZIP_INVALID_PARAMETER);
         return 0;
     }
     n = MZ_READ_LE16(p + MZ_ZIP_CDH_FILENAME_LEN_OFS);
-    if (filename_buf_size)
+    if(filename_buf_size)
     {
         n = MZ_MIN(n, filename_buf_size - 1);
         memcpy(pFilename, p + MZ_ZIP_CENTRAL_DIR_HEADER_SIZE, n);
@@ -7173,12 +7173,12 @@ mz_bool mz_zip_reader_file_stat(mz_zip_archive *pZip, mz_uint file_index, mz_zip
 
 mz_bool mz_zip_end(mz_zip_archive *pZip)
 {
-    if (!pZip)
+    if(!pZip)
         return MZ_FALSE;
 
-    if (pZip->m_zip_mode == MZ_ZIP_MODE_READING)
+    if(pZip->m_zip_mode == MZ_ZIP_MODE_READING)
         return mz_zip_reader_end(pZip);
-    else if ((pZip->m_zip_mode == MZ_ZIP_MODE_WRITING) || (pZip->m_zip_mode == MZ_ZIP_MODE_WRITING_HAS_BEEN_FINALIZED))
+    else if((pZip->m_zip_mode == MZ_ZIP_MODE_WRITING) || (pZip->m_zip_mode == MZ_ZIP_MODE_WRITING_HAS_BEEN_FINALIZED))
         return mz_zip_writer_end(pZip);
 
     return MZ_FALSE;
diff --git a/src/miniz/miniz.h b/src/miniz/miniz.h
index 6353d3782b2..0f75976248f 100644
--- a/src/miniz/miniz.h
+++ b/src/miniz/miniz.h
@@ -540,9 +540,9 @@ typedef bool mz_bool;
 
 /* Works around MSVC's spammy "warning C4127: conditional expression is constant" message. */
 #ifdef _MSC_VER
-#define MZ_MACRO_END while (0, 0)
+#define MZ_MACRO_END while(0, 0)
 #else
-#define MZ_MACRO_END while (0)
+#define MZ_MACRO_END while(0)
 #endif
 
 #ifdef MINIZ_NO_STDIO
@@ -1241,13 +1241,13 @@ mz_bool mz_zip_reader_extract_file_to_cfile(mz_zip_archive *pZip, const char *pA
 
 #if 0
 /* TODO */
-	typedef void *mz_zip_streaming_extract_state_ptr;
-	mz_zip_streaming_extract_state_ptr mz_zip_streaming_extract_begin(mz_zip_archive *pZip, mz_uint file_index, mz_uint flags);
-	uint64_t mz_zip_streaming_extract_get_size(mz_zip_archive *pZip, mz_zip_streaming_extract_state_ptr pState);
-	uint64_t mz_zip_streaming_extract_get_cur_ofs(mz_zip_archive *pZip, mz_zip_streaming_extract_state_ptr pState);
-	mz_bool mz_zip_streaming_extract_seek(mz_zip_archive *pZip, mz_zip_streaming_extract_state_ptr pState, uint64_t new_ofs);
-	size_t mz_zip_streaming_extract_read(mz_zip_archive *pZip, mz_zip_streaming_extract_state_ptr pState, void *pBuf, size_t buf_size);
-	mz_bool mz_zip_streaming_extract_end(mz_zip_archive *pZip, mz_zip_streaming_extract_state_ptr pState);
+  typedef void *mz_zip_streaming_extract_state_ptr;
+  mz_zip_streaming_extract_state_ptr mz_zip_streaming_extract_begin(mz_zip_archive *pZip, mz_uint file_index, mz_uint flags);
+  uint64_t mz_zip_streaming_extract_get_size(mz_zip_archive *pZip, mz_zip_streaming_extract_state_ptr pState);
+  uint64_t mz_zip_streaming_extract_get_cur_ofs(mz_zip_archive *pZip, mz_zip_streaming_extract_state_ptr pState);
+  mz_bool mz_zip_streaming_extract_seek(mz_zip_archive *pZip, mz_zip_streaming_extract_state_ptr pState, uint64_t new_ofs);
+  size_t mz_zip_streaming_extract_read(mz_zip_archive *pZip, mz_zip_streaming_extract_state_ptr pState, void *pBuf, size_t buf_size);
+  mz_bool mz_zip_streaming_extract_end(mz_zip_archive *pZip, mz_zip_streaming_extract_state_ptr pState);
 #endif
 
 /* This function compares the archive's local headers, the optional local zip64 extended information block, and the optional descriptor following the compressed data vs. the data in the central directory. */

From 7d73d66f17de3179c81738f713dbb344273aed69 Mon Sep 17 00:00:00 2001
From: Daniel Kroening <kroening@cs.ox.ac.uk>
Date: Tue, 7 Mar 2017 19:30:12 -0800
Subject: [PATCH 097/699] libzip/zlib download no longer needed

---
 COMPILING | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/COMPILING b/COMPILING
index 13b8339abd7..60579fe9f3b 100644
--- a/COMPILING
+++ b/COMPILING
@@ -48,8 +48,6 @@ We assume that you have a Debian/Ubuntu or Red Hat-like distribution.
 
    cd cbmc-git/src
    make minisat2-download
-   make libzip-download zlib-download
-   make libzip-build
    make
 
 
@@ -126,8 +124,6 @@ Follow these instructions:
 
    cd cbmc-git/src
    make minisat2-download
-   make libzip-download zlib-download
-   make libzip-build
    make
 
 

From f430ec5a4f839d9c67f6ecdb1fdb2992b278ac24 Mon Sep 17 00:00:00 2001
From: Pascal Kesseli <pascal_kesseli@hotmail.com>
Date: Wed, 8 Mar 2017 15:12:37 +0000
Subject: [PATCH 098/699] Fixed compilation issues on MinGW

Added missing <cstdlib> includes which caused compilation errors on MinGW
5.3.0.
---
 src/cegis/cegis-util/cbmc_runner.cpp             | 2 ++
 src/cegis/genetic/dynamic_test_runner_helper.cpp | 1 +
 src/cegis/jsa/learn/extract_candidate.cpp        | 2 ++
 3 files changed, 5 insertions(+)

diff --git a/src/cegis/cegis-util/cbmc_runner.cpp b/src/cegis/cegis-util/cbmc_runner.cpp
index 58739658ab1..1d30bbfa63e 100644
--- a/src/cegis/cegis-util/cbmc_runner.cpp
+++ b/src/cegis/cegis-util/cbmc_runner.cpp
@@ -7,6 +7,8 @@ Author: Daniel Kroening, kroening@kroening.com
 
 \*******************************************************************/
 
+#include <cstdlib>
+
 #include <util/config.h>
 #include <util/substitute.h>
 
diff --git a/src/cegis/genetic/dynamic_test_runner_helper.cpp b/src/cegis/genetic/dynamic_test_runner_helper.cpp
index f357b80b72d..bb3de1236d5 100644
--- a/src/cegis/genetic/dynamic_test_runner_helper.cpp
+++ b/src/cegis/genetic/dynamic_test_runner_helper.cpp
@@ -12,6 +12,7 @@ Author: Daniel Kroening, kroening@kroening.com
 #endif
 
 #include <cassert>
+#include <cstdlib>
 #include <fstream>
 
 #include <util/config.h>
diff --git a/src/cegis/jsa/learn/extract_candidate.cpp b/src/cegis/jsa/learn/extract_candidate.cpp
index 40ed53af0b2..0a27a48c2bd 100644
--- a/src/cegis/jsa/learn/extract_candidate.cpp
+++ b/src/cegis/jsa/learn/extract_candidate.cpp
@@ -7,6 +7,8 @@ Author: Daniel Kroening, kroening@kroening.com
 
 \*******************************************************************/
 
+#include <cstdlib>
+
 #include <util/bv_arithmetic.h>
 #include <goto-programs/goto_functions.h>
 #include <goto-programs/goto_trace.h>

From 6861a5826d9dd2d4c1d0ce68c9d6d64fb3e0414a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Matthias=20G=C3=BCdemann?= <matthias.guedemann@diffblue.com>
Date: Thu, 9 Mar 2017 11:05:27 +0100
Subject: [PATCH 099/699] remove `<regex>` from unapproved headers in cpplint

The reason for `<regex>` being discouraged seems to be a preference for an
external library within Google:

https://github.com/google/styleguide/issues/194
---
 scripts/cpplint.py | 1 -
 1 file changed, 1 deletion(-)

diff --git a/scripts/cpplint.py b/scripts/cpplint.py
index 7fdc937ecf5..3d457bb4113 100755
--- a/scripts/cpplint.py
+++ b/scripts/cpplint.py
@@ -6264,7 +6264,6 @@ def FlagCxx11Features(filename, clean_lines, linenum, error):
                                       'thread',
                                       'chrono',
                                       'ratio',
-                                      'regex',
                                       'system_error',
                                      ):
     error(filename, linenum, 'build/c++11', 5,

From 4d316064ccf97aa38c7bcc956019a376fbcf98ef Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Wed, 14 Dec 2016 11:22:40 +0000
Subject: [PATCH 100/699] Use remove_instanceof in driver programs

This adds a remove_instanceof call wherever there was an existing remove_virtual_functions call.
---
 src/cbmc/cbmc_parse_options.cpp                   | 2 +-
 src/goto-analyzer/goto_analyzer_parse_options.cpp | 2 +-
 src/symex/symex_parse_options.cpp                 | 1 -
 3 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/src/cbmc/cbmc_parse_options.cpp b/src/cbmc/cbmc_parse_options.cpp
index 7364752d093..842b0b26f70 100644
--- a/src/cbmc/cbmc_parse_options.cpp
+++ b/src/cbmc/cbmc_parse_options.cpp
@@ -894,7 +894,7 @@ bool cbmc_parse_optionst::process_goto_program(
       cmdline.isset("pointer-check"));
     // Java virtual functions -> explicit dispatch tables:
     remove_virtual_functions(symbol_table, goto_functions);
-    // Java instanceof -> clsid comparison:
+    // Similar removal of RTTI inspection:
     remove_instanceof(symbol_table, goto_functions);
 
     // full slice?
diff --git a/src/goto-analyzer/goto_analyzer_parse_options.cpp b/src/goto-analyzer/goto_analyzer_parse_options.cpp
index 68e28755041..89d3d56731c 100644
--- a/src/goto-analyzer/goto_analyzer_parse_options.cpp
+++ b/src/goto-analyzer/goto_analyzer_parse_options.cpp
@@ -387,7 +387,7 @@ bool goto_analyzer_parse_optionst::process_goto_program(
     remove_function_pointers(goto_model, cmdline.isset("pointer-check"));
     // Java virtual functions -> explicit dispatch tables:
     remove_virtual_functions(goto_model);
-    // Java instanceof -> clsid comparison:
+    // remove rtti
     remove_instanceof(goto_model);
 
     // do partial inlining
diff --git a/src/symex/symex_parse_options.cpp b/src/symex/symex_parse_options.cpp
index 518e64a2ecd..2ed3fedc518 100644
--- a/src/symex/symex_parse_options.cpp
+++ b/src/symex/symex_parse_options.cpp
@@ -369,7 +369,6 @@ bool symex_parse_optionst::process_goto_program(const optionst &options)
     remove_vector(goto_model);
     // Java virtual functions -> explicit dispatch tables:
     remove_virtual_functions(goto_model);
-    // Java instanceof -> clsid comparison:
     remove_instanceof(goto_model);
     rewrite_union(goto_model);
     adjust_float_expressions(goto_model);

From 206f7f4d6bb11cf6f6a8d25fdc597ecc6d2c93f2 Mon Sep 17 00:00:00 2001
From: Cristina <cristina.david@gmail.com>
Date: Wed, 8 Feb 2017 17:16:06 +0000
Subject: [PATCH 101/699] Added a side effect expr that pushes/pops Java
 try-catch handlers + irep ids for Java exception handling

These are used to recreate Java try-catch contructs from bytecode.
---
 src/util/irep_ids.txt |  2 ++
 src/util/std_code.h   | 30 ++++++++++++++++++++++++++++++
 2 files changed, 32 insertions(+)

diff --git a/src/util/irep_ids.txt b/src/util/irep_ids.txt
index 29907f11040..dca7a814276 100644
--- a/src/util/irep_ids.txt
+++ b/src/util/irep_ids.txt
@@ -739,6 +739,8 @@ java_instanceof
 java_super_method_call
 skip_initialize
 java_enum_static_unwind
+push_catch
+handler
 string_constraint
 string_not_contains_constraint
 cprover_char_literal_func
diff --git a/src/util/std_code.h b/src/util/std_code.h
index 08aec694e9e..ed1f8f28b74 100644
--- a/src/util/std_code.h
+++ b/src/util/std_code.h
@@ -1122,6 +1122,36 @@ inline const side_effect_expr_throwt &to_side_effect_expr_throw(
   assert(expr.get(ID_statement)==ID_throw);
   return static_cast<const side_effect_expr_throwt &>(expr);
 }
+/*! \brief A side effect that pushes/pops a catch handler
+*/
+class side_effect_expr_catcht:public side_effect_exprt
+{
+public:
+  inline side_effect_expr_catcht():side_effect_exprt(ID_push_catch)
+  {
+  }
+  // TODO: change to ID_catch
+  inline explicit side_effect_expr_catcht(const irept &exception_list):
+    side_effect_exprt(ID_push_catch)
+  {
+    set(ID_exception_list, exception_list);
+  }
+};
+
+static inline side_effect_expr_catcht &to_side_effect_expr_catch(exprt &expr)
+{
+  assert(expr.id()==ID_side_effect);
+  assert(expr.get(ID_statement)==ID_push_catch);
+  return static_cast<side_effect_expr_catcht &>(expr);
+}
+
+static inline const side_effect_expr_catcht &to_side_effect_expr_catch(
+  const exprt &expr)
+{
+  assert(expr.id()==ID_side_effect);
+  assert(expr.get(ID_statement)==ID_push_catch);
+  return static_cast<const side_effect_expr_catcht &>(expr);
+}
 
 /*! \brief A try/catch block
 */

From ebf9002e3c44c56ca866413390ff96c1d4cc2186 Mon Sep 17 00:00:00 2001
From: Cristina <cristina.david@gmail.com>
Date: Thu, 15 Dec 2016 09:42:25 +0000
Subject: [PATCH 102/699] Regression tests for exception handling

---
 regression/exceptions/Makefile                |  14 +++++++
 regression/exceptions/exceptions1/A.class     | Bin 0 -> 234 bytes
 regression/exceptions/exceptions1/B.class     | Bin 0 -> 216 bytes
 regression/exceptions/exceptions1/C.class     | Bin 0 -> 216 bytes
 regression/exceptions/exceptions1/D.class     | Bin 0 -> 216 bytes
 regression/exceptions/exceptions1/test.class  | Bin 0 -> 1025 bytes
 regression/exceptions/exceptions1/test.desc   |  10 +++++
 regression/exceptions/exceptions1/test.java   |  30 ++++++++++++++
 regression/exceptions/exceptions10/A.class    | Bin 0 -> 241 bytes
 regression/exceptions/exceptions10/B.class    | Bin 0 -> 216 bytes
 regression/exceptions/exceptions10/C.class    | Bin 0 -> 216 bytes
 regression/exceptions/exceptions10/test.class | Bin 0 -> 875 bytes
 regression/exceptions/exceptions10/test.desc  |   9 ++++
 regression/exceptions/exceptions10/test.java  |  25 +++++++++++
 regression/exceptions/exceptions11/A.class    | Bin 0 -> 276 bytes
 regression/exceptions/exceptions11/B.class    | Bin 0 -> 216 bytes
 regression/exceptions/exceptions11/test.class | Bin 0 -> 976 bytes
 regression/exceptions/exceptions11/test.desc  |   9 ++++
 regression/exceptions/exceptions11/test.java  |  39 ++++++++++++++++++
 regression/exceptions/exceptions12/A.class    | Bin 0 -> 241 bytes
 regression/exceptions/exceptions12/B.class    | Bin 0 -> 216 bytes
 regression/exceptions/exceptions12/C.class    | Bin 0 -> 216 bytes
 regression/exceptions/exceptions12/F.class    | Bin 0 -> 641 bytes
 regression/exceptions/exceptions12/test.class | Bin 0 -> 740 bytes
 regression/exceptions/exceptions12/test.desc  |   9 ++++
 regression/exceptions/exceptions12/test.java  |  27 ++++++++++++
 regression/exceptions/exceptions13/A.class    | Bin 0 -> 241 bytes
 regression/exceptions/exceptions13/B.class    | Bin 0 -> 216 bytes
 regression/exceptions/exceptions13/C.class    | Bin 0 -> 216 bytes
 regression/exceptions/exceptions13/F.class    | Bin 0 -> 405 bytes
 regression/exceptions/exceptions13/test.class | Bin 0 -> 740 bytes
 regression/exceptions/exceptions13/test.desc  |   9 ++++
 regression/exceptions/exceptions13/test.java  |  28 +++++++++++++
 regression/exceptions/exceptions14/A.class    | Bin 0 -> 241 bytes
 regression/exceptions/exceptions14/B.class    | Bin 0 -> 216 bytes
 regression/exceptions/exceptions14/C.class    | Bin 0 -> 216 bytes
 regression/exceptions/exceptions14/test.class | Bin 0 -> 858 bytes
 regression/exceptions/exceptions14/test.desc  |   8 ++++
 regression/exceptions/exceptions14/test.java  |  24 +++++++++++
 regression/exceptions/exceptions2/A.class     | Bin 0 -> 234 bytes
 regression/exceptions/exceptions2/B.class     | Bin 0 -> 216 bytes
 regression/exceptions/exceptions2/C.class     | Bin 0 -> 216 bytes
 regression/exceptions/exceptions2/test.class  | Bin 0 -> 771 bytes
 regression/exceptions/exceptions2/test.desc   |  10 +++++
 regression/exceptions/exceptions2/test.java   |  18 ++++++++
 regression/exceptions/exceptions3/A.class     | Bin 0 -> 234 bytes
 regression/exceptions/exceptions3/B.class     | Bin 0 -> 216 bytes
 regression/exceptions/exceptions3/C.class     | Bin 0 -> 216 bytes
 regression/exceptions/exceptions3/test.class  | Bin 0 -> 751 bytes
 regression/exceptions/exceptions3/test.desc   |   9 ++++
 regression/exceptions/exceptions3/test.java   |  17 ++++++++
 regression/exceptions/exceptions4/A.class     | Bin 0 -> 234 bytes
 regression/exceptions/exceptions4/B.class     | Bin 0 -> 216 bytes
 regression/exceptions/exceptions4/C.class     | Bin 0 -> 216 bytes
 regression/exceptions/exceptions4/test.class  | Bin 0 -> 743 bytes
 regression/exceptions/exceptions4/test.desc   |   8 ++++
 regression/exceptions/exceptions4/test.java   |  19 +++++++++
 regression/exceptions/exceptions5/A.class     | Bin 0 -> 234 bytes
 regression/exceptions/exceptions5/B.class     | Bin 0 -> 216 bytes
 regression/exceptions/exceptions5/C.class     | Bin 0 -> 216 bytes
 regression/exceptions/exceptions5/D.class     | Bin 0 -> 216 bytes
 regression/exceptions/exceptions5/test.class  | Bin 0 -> 997 bytes
 regression/exceptions/exceptions5/test.desc   |   8 ++++
 regression/exceptions/exceptions5/test.java   |  27 ++++++++++++
 regression/exceptions/exceptions6/A.class     | Bin 0 -> 280 bytes
 regression/exceptions/exceptions6/B.class     | Bin 0 -> 216 bytes
 regression/exceptions/exceptions6/C.class     | Bin 0 -> 216 bytes
 regression/exceptions/exceptions6/D.class     | Bin 0 -> 216 bytes
 regression/exceptions/exceptions6/test.class  | Bin 0 -> 806 bytes
 regression/exceptions/exceptions6/test.desc   |   9 ++++
 regression/exceptions/exceptions6/test.java   |  26 ++++++++++++
 regression/exceptions/exceptions7/A.class     | Bin 0 -> 241 bytes
 regression/exceptions/exceptions7/B.class     | Bin 0 -> 216 bytes
 regression/exceptions/exceptions7/C.class     | Bin 0 -> 216 bytes
 regression/exceptions/exceptions7/test.class  | Bin 0 -> 871 bytes
 regression/exceptions/exceptions7/test.desc   |   9 ++++
 regression/exceptions/exceptions7/test.java   |  25 +++++++++++
 regression/exceptions/exceptions8/A.class     | Bin 0 -> 241 bytes
 regression/exceptions/exceptions8/B.class     | Bin 0 -> 216 bytes
 regression/exceptions/exceptions8/C.class     | Bin 0 -> 216 bytes
 regression/exceptions/exceptions8/test.class  | Bin 0 -> 935 bytes
 regression/exceptions/exceptions8/test.desc   |   9 ++++
 regression/exceptions/exceptions8/test.java   |  29 +++++++++++++
 regression/exceptions/exceptions9/A.class     | Bin 0 -> 276 bytes
 regression/exceptions/exceptions9/B.class     | Bin 0 -> 216 bytes
 regression/exceptions/exceptions9/C.class     | Bin 0 -> 216 bytes
 regression/exceptions/exceptions9/test.class  | Bin 0 -> 976 bytes
 regression/exceptions/exceptions9/test.desc   |   8 ++++
 regression/exceptions/exceptions9/test.java   |  39 ++++++++++++++++++
 89 files changed, 511 insertions(+)
 create mode 100644 regression/exceptions/Makefile
 create mode 100644 regression/exceptions/exceptions1/A.class
 create mode 100644 regression/exceptions/exceptions1/B.class
 create mode 100644 regression/exceptions/exceptions1/C.class
 create mode 100644 regression/exceptions/exceptions1/D.class
 create mode 100644 regression/exceptions/exceptions1/test.class
 create mode 100644 regression/exceptions/exceptions1/test.desc
 create mode 100644 regression/exceptions/exceptions1/test.java
 create mode 100644 regression/exceptions/exceptions10/A.class
 create mode 100644 regression/exceptions/exceptions10/B.class
 create mode 100644 regression/exceptions/exceptions10/C.class
 create mode 100644 regression/exceptions/exceptions10/test.class
 create mode 100644 regression/exceptions/exceptions10/test.desc
 create mode 100644 regression/exceptions/exceptions10/test.java
 create mode 100644 regression/exceptions/exceptions11/A.class
 create mode 100644 regression/exceptions/exceptions11/B.class
 create mode 100644 regression/exceptions/exceptions11/test.class
 create mode 100644 regression/exceptions/exceptions11/test.desc
 create mode 100644 regression/exceptions/exceptions11/test.java
 create mode 100644 regression/exceptions/exceptions12/A.class
 create mode 100644 regression/exceptions/exceptions12/B.class
 create mode 100644 regression/exceptions/exceptions12/C.class
 create mode 100644 regression/exceptions/exceptions12/F.class
 create mode 100644 regression/exceptions/exceptions12/test.class
 create mode 100644 regression/exceptions/exceptions12/test.desc
 create mode 100644 regression/exceptions/exceptions12/test.java
 create mode 100644 regression/exceptions/exceptions13/A.class
 create mode 100644 regression/exceptions/exceptions13/B.class
 create mode 100644 regression/exceptions/exceptions13/C.class
 create mode 100644 regression/exceptions/exceptions13/F.class
 create mode 100644 regression/exceptions/exceptions13/test.class
 create mode 100644 regression/exceptions/exceptions13/test.desc
 create mode 100644 regression/exceptions/exceptions13/test.java
 create mode 100644 regression/exceptions/exceptions14/A.class
 create mode 100644 regression/exceptions/exceptions14/B.class
 create mode 100644 regression/exceptions/exceptions14/C.class
 create mode 100644 regression/exceptions/exceptions14/test.class
 create mode 100644 regression/exceptions/exceptions14/test.desc
 create mode 100644 regression/exceptions/exceptions14/test.java
 create mode 100644 regression/exceptions/exceptions2/A.class
 create mode 100644 regression/exceptions/exceptions2/B.class
 create mode 100644 regression/exceptions/exceptions2/C.class
 create mode 100644 regression/exceptions/exceptions2/test.class
 create mode 100644 regression/exceptions/exceptions2/test.desc
 create mode 100644 regression/exceptions/exceptions2/test.java
 create mode 100644 regression/exceptions/exceptions3/A.class
 create mode 100644 regression/exceptions/exceptions3/B.class
 create mode 100644 regression/exceptions/exceptions3/C.class
 create mode 100644 regression/exceptions/exceptions3/test.class
 create mode 100644 regression/exceptions/exceptions3/test.desc
 create mode 100644 regression/exceptions/exceptions3/test.java
 create mode 100644 regression/exceptions/exceptions4/A.class
 create mode 100644 regression/exceptions/exceptions4/B.class
 create mode 100644 regression/exceptions/exceptions4/C.class
 create mode 100644 regression/exceptions/exceptions4/test.class
 create mode 100644 regression/exceptions/exceptions4/test.desc
 create mode 100644 regression/exceptions/exceptions4/test.java
 create mode 100644 regression/exceptions/exceptions5/A.class
 create mode 100644 regression/exceptions/exceptions5/B.class
 create mode 100644 regression/exceptions/exceptions5/C.class
 create mode 100644 regression/exceptions/exceptions5/D.class
 create mode 100644 regression/exceptions/exceptions5/test.class
 create mode 100644 regression/exceptions/exceptions5/test.desc
 create mode 100644 regression/exceptions/exceptions5/test.java
 create mode 100644 regression/exceptions/exceptions6/A.class
 create mode 100644 regression/exceptions/exceptions6/B.class
 create mode 100644 regression/exceptions/exceptions6/C.class
 create mode 100644 regression/exceptions/exceptions6/D.class
 create mode 100644 regression/exceptions/exceptions6/test.class
 create mode 100644 regression/exceptions/exceptions6/test.desc
 create mode 100644 regression/exceptions/exceptions6/test.java
 create mode 100644 regression/exceptions/exceptions7/A.class
 create mode 100644 regression/exceptions/exceptions7/B.class
 create mode 100644 regression/exceptions/exceptions7/C.class
 create mode 100644 regression/exceptions/exceptions7/test.class
 create mode 100644 regression/exceptions/exceptions7/test.desc
 create mode 100644 regression/exceptions/exceptions7/test.java
 create mode 100644 regression/exceptions/exceptions8/A.class
 create mode 100644 regression/exceptions/exceptions8/B.class
 create mode 100644 regression/exceptions/exceptions8/C.class
 create mode 100644 regression/exceptions/exceptions8/test.class
 create mode 100644 regression/exceptions/exceptions8/test.desc
 create mode 100644 regression/exceptions/exceptions8/test.java
 create mode 100644 regression/exceptions/exceptions9/A.class
 create mode 100644 regression/exceptions/exceptions9/B.class
 create mode 100644 regression/exceptions/exceptions9/C.class
 create mode 100644 regression/exceptions/exceptions9/test.class
 create mode 100644 regression/exceptions/exceptions9/test.desc
 create mode 100644 regression/exceptions/exceptions9/test.java

diff --git a/regression/exceptions/Makefile b/regression/exceptions/Makefile
new file mode 100644
index 00000000000..5ac5a21995e
--- /dev/null
+++ b/regression/exceptions/Makefile
@@ -0,0 +1,14 @@
+default: tests.log
+
+test:
+	@../test.pl -c ../../../src/cbmc/cbmc
+
+tests.log: ../test.pl
+	@../test.pl -c ../../../src/cbmc/cbmc
+
+show:
+	@for dir in *; do \
+		if [ -d "$$dir" ]; then \
+			vim -o "$$dir/*.java" "$$dir/*.out"; \
+		fi; \
+	done;
diff --git a/regression/exceptions/exceptions1/A.class b/regression/exceptions/exceptions1/A.class
new file mode 100644
index 0000000000000000000000000000000000000000..eb19ef6be2b4b0dc315cdfd2ae091ecc67882efd
GIT binary patch
literal 234
zcmXX=%MQU%5IsX5TBX7dSYn|YJ0fW$R*em@zv_l7)h5;QT~-ncAK;_J+%n0`dF0Gw
z-k;|Szyuu^b+l}>ZTJLhrczbR3H8BnOE4DMUK0FBrE*oCcQW6IUBXT`%3_ghMXt2|
zn?`X|7ha9RDZyQ5Wgg3=(s8GdmtuSpSK+~cNuZF>(>h2*dI&bhJiF;j=%dE}=pt^;
iGFr?6M(voR2k6eE2Aii<nS=&&?-zgrmldH|rMxfZ(<w^;

literal 0
HcmV?d00001

diff --git a/regression/exceptions/exceptions1/B.class b/regression/exceptions/exceptions1/B.class
new file mode 100644
index 0000000000000000000000000000000000000000..47ae8f218e49b4ac942425d72a88b21c2772b518
GIT binary patch
literal 216
zcmXX<I|{;35S-1|#Aw75SgM6Kc8XvGt6-y~e~Ax#5);VBdszt<9>7D1o9M#q%+AiT
z@6YoEV1a=P9X%U;8$Q8WsZ3RCf<B%^1Y?_@B*70=CinF<mc>!TDLcb3PedAtLN)W>
zG^(>I`7{ic1ox2FMIv{qi93}ntJy`|ga-pAfda+`BWV1+DPr)3*<v+kZX9#^0Nq(=
Wu(?~UsiDK#`vu^@<%!U3Q{ERCG9oho

literal 0
HcmV?d00001

diff --git a/regression/exceptions/exceptions1/C.class b/regression/exceptions/exceptions1/C.class
new file mode 100644
index 0000000000000000000000000000000000000000..0c9779a4c2b0d3631b1a6b0ea46fd00e04361efa
GIT binary patch
literal 216
zcmXX<I}U<S5S-;Jh+;f}rCMlXr?HU4ir8rAANUfVK}g`?y{t?uJb;HXF6t(;Gdnw*
zeZ3z~01FI!nCQ9ay9f!+N)<}43Fdf`5Ui*?N<tW`LhhPNDyxG?b9RPtnTb3Rm1^g|
zY3Y-y`81A}1b<&PRVKHpjeA<wdUh695x{~?pop=-2nK&|ix|9Nc391sTgRT>K{pl#
WT<*@-G|^!l`~vXc^F-)=Q^5xrb|N<b

literal 0
HcmV?d00001

diff --git a/regression/exceptions/exceptions1/D.class b/regression/exceptions/exceptions1/D.class
new file mode 100644
index 0000000000000000000000000000000000000000..12179e84294d669f8f9f06e51f5400f5cc8f5db6
GIT binary patch
literal 216
zcmXX<I}U<S5S-;Jh+;f}rCMlXr?G)p5gQHt17G4Z2niqWWo2UF0X&p(Q8t;K+1c6b
z`}2GOSYhNs$H2zWhEK3IDp&QEpigHp!3c_zB>0ia<-WNlvOJ0;V`m%{smNkcs&?*7
zqdu#OPor>6a1TXOrgEp+xKqojUR=aYcraiRC}aefK;!Ri5ra3(7ON$5>zMNg=*~ie
V&E4u^J=Weo00%Blg#It(eE}M}B0B&8

literal 0
HcmV?d00001

diff --git a/regression/exceptions/exceptions1/test.class b/regression/exceptions/exceptions1/test.class
new file mode 100644
index 0000000000000000000000000000000000000000..c76687b1bc7a0547086d763afd30f531210e3b7a
GIT binary patch
literal 1025
zcmZuvZBNr+6g|({ty|ZPF%&@&5kWUp<_m&uXoR7Oro#^y5+Q+fTZQ82Ok0e<g+IV&
zG?Bz5^4%Y0JhvhwVwUH*=ic47bDsYE_5BBc89X)7hl+uFCK6)ro6yBRFp(1b&_o)Q
z404z;@W@0~g0m*(@Yui;g@Fkt4Ba5|x_-Fig-)~MwiVQxLTcXgz37>ORw}P5==E;f
zRp_%l-(B9@ZMwl*NmeM@-Imi?bplWPlb{}Ldm($+ksC%eR_{8VuP|6zw|AURPNn1c
zTa}e4@cgZsbXOdz*-Ok+EkSibO+kx-96<|$I8bvxOO6w4asB`FQ^>7EPU}O%`513Q
zai|L=p&AP5`BvwIn7Pv33tH|=PiSOh(`i}GLJ<QTwZv2BS>#!;P(Z)J(AoA2e|38i
z1l@oXrGbH}g&O7+3TK&bnmcYQqIPGYdWW)8kG30nf!jXq#l@pN{z1*xaGkH#$5&Q`
zA(>93fqG+r_XT<tT1A_jI)XYRNZ=yxR2)oUkl6Z@fJ+#nm%%VDGs0pOFgwMV-$UZv
z5#{Ycr%g6`NYNV0J)~(fRee~mCWn*9_7|A@$o7zB*g8JI?77Iqxk&M!$RWQ@pu}Gy
zw$&5gj&~_xgI}u_vv^ISvT+(F$!EF06$>(nJgW;RQ;<1aL6vgU$mkWZP0kH+T_@fk
z*G;nB#Yn8gd-h3VjQ@;Kfdczo#VEHBX|FM^vAe-D&W$GN-5^SGN*)t&MJ-07tZl?-
zjA%1P<3!YvRX1sG@eCrpZJ?B2G*FgnO0L^^&cAc|cr$So&|l1bLw+BIegIwj3iJF!
RO3Ne?)^mC8yL1wm{teh!r=|b^

literal 0
HcmV?d00001

diff --git a/regression/exceptions/exceptions1/test.desc b/regression/exceptions/exceptions1/test.desc
new file mode 100644
index 00000000000..baf72e7da81
--- /dev/null
+++ b/regression/exceptions/exceptions1/test.desc
@@ -0,0 +1,10 @@
+CORE
+test.class
+
+^EXIT=10$
+^SIGNAL=0$
+^.*assertion at file test.java line 26 function.*: FAILURE$
+\*\* 1 of 35 failed (2 iterations)$
+^VERIFICATION FAILED$
+--
+^warning: ignoring
diff --git a/regression/exceptions/exceptions1/test.java b/regression/exceptions/exceptions1/test.java
new file mode 100644
index 00000000000..bc925b32d65
--- /dev/null
+++ b/regression/exceptions/exceptions1/test.java
@@ -0,0 +1,30 @@
+class A extends Throwable {}
+class B extends A {}
+class C extends B {}
+class D extends C {}
+
+public class test {
+ public static void main (String arg[]) {
+   try {
+     D d = new D();
+     C c = new C();
+     B b = new B();
+     A a = new A();
+     A e = a;
+     throw e;
+   }
+   catch(D exc) {
+     assert false;
+   }
+   catch(C exc) {
+     assert false;
+   }
+   catch(B exc) {
+     assert false;
+   }
+   catch(A exc) {
+     assert false;
+   }  
+ }
+}
+
diff --git a/regression/exceptions/exceptions10/A.class b/regression/exceptions/exceptions10/A.class
new file mode 100644
index 0000000000000000000000000000000000000000..963ae156be051ca07ea2d602053e012a3d27a7a4
GIT binary patch
literal 241
zcmXX=O;5r=5PbuswY3W2=*gpUuorF+lg8kw;Q*%hZQaP2c5B)#@o#xD@!${OM-gX{
zNoL+h-b?0i{P_hi$0WiKR{^dAj0ygd4ckY;@a{e*cu&o%CX6#SdfnHBZeLVUi8IZb
zQdPNX+3B<C*&TOM&C&%S+BSV#>SuQG(CW@UysN#6;bBCelyKv8QYrJ6Y<gq4)~nA_
ve^_n|ZZVLz+>oqP1btzNpmRpEZ_t;J0Rp-H$s}9|kN*P*5s4yPo>K82_(?21

literal 0
HcmV?d00001

diff --git a/regression/exceptions/exceptions10/B.class b/regression/exceptions/exceptions10/B.class
new file mode 100644
index 0000000000000000000000000000000000000000..47ae8f218e49b4ac942425d72a88b21c2772b518
GIT binary patch
literal 216
zcmXX<I|{;35S-1|#Aw75SgM6Kc8XvGt6-y~e~Ax#5);VBdszt<9>7D1o9M#q%+AiT
z@6YoEV1a=P9X%U;8$Q8WsZ3RCf<B%^1Y?_@B*70=CinF<mc>!TDLcb3PedAtLN)W>
zG^(>I`7{ic1ox2FMIv{qi93}ntJy`|ga-pAfda+`BWV1+DPr)3*<v+kZX9#^0Nq(=
Wu(?~UsiDK#`vu^@<%!U3Q{ERCG9oho

literal 0
HcmV?d00001

diff --git a/regression/exceptions/exceptions10/C.class b/regression/exceptions/exceptions10/C.class
new file mode 100644
index 0000000000000000000000000000000000000000..0c9779a4c2b0d3631b1a6b0ea46fd00e04361efa
GIT binary patch
literal 216
zcmXX<I}U<S5S-;Jh+;f}rCMlXr?HU4ir8rAANUfVK}g`?y{t?uJb;HXF6t(;Gdnw*
zeZ3z~01FI!nCQ9ay9f!+N)<}43Fdf`5Ui*?N<tW`LhhPNDyxG?b9RPtnTb3Rm1^g|
zY3Y-y`81A}1b<&PRVKHpjeA<wdUh695x{~?pop=-2nK&|ix|9Nc391sTgRT>K{pl#
WT<*@-G|^!l`~vXc^F-)=Q^5xrb|N<b

literal 0
HcmV?d00001

diff --git a/regression/exceptions/exceptions10/test.class b/regression/exceptions/exceptions10/test.class
new file mode 100644
index 0000000000000000000000000000000000000000..2ff5d07c9a9b0f076fd03d0d6e67b6b8ef2308a9
GIT binary patch
literal 875
zcmZuvO;giQ6g@9Zn>GzlS}mmtic&3AsXFXn91H3~A};DMBd*dk)?i7TBz61){t5m7
zYjj2&nUTFe%JJM-=|UEHxgY1Ad+vSj*Y6)c0j%Mni6R;XZkf=~D4>Ab2AU?aXqa?X
z473c~F>x3746G_tmYq2EqQnn__=z7oy`k4vP<slw4L|UcM+%wd%C3UG74|)a8QTxM
zozX$hi(Uy>p=^h)Gu(9|U;J@UPu}@4IqbxXlXY^u4MWoQXxSa{y-%*fR5x+l_b;3e
zX%$7Y&4J?w3f1Ntd*Au!w1-YGXm^vy4+iTZLpegRNebPG25eEe0LUQ~@*D1OJb~E_
zN0IA2^F?n#B&`a$g=x%?vSY!*ltOLNvGZ>!PopS|EL={3o9rsp2HF<x<AFkHQu4C5
z@3{##Gzo1Dxm*s@_hLWt`sbt^I~g&-&F*1|*HYx&sZvd3(9)qq8P5{EHvfwMZ0iK-
zn1+T~p1Hq4lxbUIyMjyf@}iazDUOMj;`%AH*C)tqx6Zb|KtDwB6j=sxXUA#YguItb
z%3S4R5tclK$!jW-f1ZM*Q<bPZzbfYF6&bCi);v7}+H(W-X_j5V)v<uj1Zzw#js@7?
zVI1+zTqHv1@?#No4hXi)qrx_G%*aqxEU=*nxlWv57ntMDQz47#D2uqpEGRjZv}0gN
oXm6bFWG#gOv*p4!n1?X*Bj}m0(EneqaAcubkL3z(($TQ|2Mgzm?f?J)

literal 0
HcmV?d00001

diff --git a/regression/exceptions/exceptions10/test.desc b/regression/exceptions/exceptions10/test.desc
new file mode 100644
index 00000000000..4654e88cbb6
--- /dev/null
+++ b/regression/exceptions/exceptions10/test.desc
@@ -0,0 +1,9 @@
+CORE
+test.class
+
+^EXIT=10$
+^SIGNAL=0$
+^.*assertion at file test.java line 12 function.*: FAILURE$
+^VERIFICATION FAILED$
+--
+^warning: ignoring
diff --git a/regression/exceptions/exceptions10/test.java b/regression/exceptions/exceptions10/test.java
new file mode 100644
index 00000000000..14feb2f9b1d
--- /dev/null
+++ b/regression/exceptions/exceptions10/test.java
@@ -0,0 +1,25 @@
+class A extends RuntimeException {}
+class B extends A {}
+class C extends B {}
+
+public class test {
+  static void foo() {
+    try {
+      A b = new A();
+      throw b;
+    }
+    catch(A exc) {
+      assert false;
+    }
+  }
+  
+  public static void main (String args[]) {
+    try {
+      A a = new A();
+      foo();
+    }
+    catch(B exc) {
+      assert false;
+    }
+  }
+}
diff --git a/regression/exceptions/exceptions11/A.class b/regression/exceptions/exceptions11/A.class
new file mode 100644
index 0000000000000000000000000000000000000000..ad46eafd1d9234e74590cd579aff0f7eb17f9bfd
GIT binary patch
literal 276
zcmXYrK}*9x5QX2QYh%`EYxU&GqxN7g9t4X}N((~ppwjy`F1nI#B;AOA%Yz6W`UCt?
z#h2Q{%$xaU9y7n|pA~>h9BU|a6SQy`qZi{yAdYb>Xb+ut;YQFpJD&;ExO}pLPUgJ5
zs~2-yJ(_tz(#y)+6f;w~rr$ypUfhz_Y;-Nq4`p5DcIuk-B-mxRcs1`PMU34PJ81LZ
zNO01?L1Fy!;J)_3E$rkYw{O9f9;f_J@nd1ou&wAPN!VQ>+RSwS8`4)_h(1XpXl6}q
ToQk@~D*fN2?r-=3bA-+x##1h8

literal 0
HcmV?d00001

diff --git a/regression/exceptions/exceptions11/B.class b/regression/exceptions/exceptions11/B.class
new file mode 100644
index 0000000000000000000000000000000000000000..3af09687e1afeb9c7dd88272ec5fde0e48c3b12d
GIT binary patch
literal 216
zcmXX<I|{;35S-1|#Aw75SgM6Kc8XvGt6-y~e~Ax#5);VBdszt<9>7D18_mM(%+AiT
z@6YoEV1a=P9X%U;8$Q8WsZ3RCf<B%^1Y?_@B*70=CinF<mc>!TDLcb3PedAtLN#-1
z8r4~qd>RHzf_up8B9S}Q#GOi()$Af}!h->mKmlWe5j6hZ6ft<iY_Xa%H;y@dfbJ|b
V*xaqZi4JS8)ec;q2;E=G`vMq=A~pa3

literal 0
HcmV?d00001

diff --git a/regression/exceptions/exceptions11/test.class b/regression/exceptions/exceptions11/test.class
new file mode 100644
index 0000000000000000000000000000000000000000..0bba614224465ad6eefa96fd90c32ba8c7d4f549
GIT binary patch
literal 976
zcmZuwO-~b16g_V`?M#PhDXrF0QNFP)N=5N25F?-_O{&IVFyd<3jyO;{W@c*q8Lrv5
zWT6|>h>=A0{wU*lk3vm!G4I`v^Ugi@-psGxKYjvOz#R)IR1C~o(ByqNi2+<mLdTqe
zss#fTi;=5IrWu*Ha1GZDEC}SLoG^5Q$n!hleJ^wxZMP*LHUtt&UdM~>3dBm~bpd_V
zZ@B`4b+6+-?(Q_);F$yqWb1y@X|FqhC;eVfk6wErIqH!cMvLTl<@@9))yg%pI}Fs9
z85Rv%?z^V+SERqqkBHP-<TSS*Id2pl`{COi$Lk2>OE2qN&ReJ2b~>BYwJ7j9n~O@H
z6Kt|#?mubHMZjEYwtEd(YkoIqx(_`mKPeT?NlF_T46*()zZDy44BEJXQGr6g;PT0^
z9t43O*f@s*rAZ0{H*MU)ZGlW5{-m+xHY4(RoLoP=+UC&NOUn(tz-^t9vg@eJ1Sh_M
zaV{*y?TSo6YN4fr<QU?arB~%Gc*iRT5c@PV<aj1j(8L+q_Avlwk*8-$wT#HeABom@
z&lh)*I)wJ(fE$=S>Ra{Ci0>jd`xOcO0|pLZ5MmzbpA=<*L^@)s-~@?5tvc1psij#U
z&rE^khIv*|RAMSb*ep6spS{yMudHF(Be<Y==W!9EWE<mWB9^Wh7|$b#2~09Cg}?6!
zFP})wB)%j0d=JIGVk`ca;(bM&=Ge5J;38)vOPCyS8q>^7l6ndy%qXE_#F@k#3zf}`
zD4{@^sA=^U{H3&~24?bvUOL^$f+_|KWe2{&-i4v>L63bw{NMeIktYt#z9+X>qNAbw
E2bxcsM*si-

literal 0
HcmV?d00001

diff --git a/regression/exceptions/exceptions11/test.desc b/regression/exceptions/exceptions11/test.desc
new file mode 100644
index 00000000000..cb92a091217
--- /dev/null
+++ b/regression/exceptions/exceptions11/test.desc
@@ -0,0 +1,9 @@
+CORE
+test.class
+
+^EXIT=10$
+^SIGNAL=0$
+^.*assertion at file test.java line 36 function.*: FAILURE$
+^VERIFICATION FAILED$
+--
+^warning: ignoring
diff --git a/regression/exceptions/exceptions11/test.java b/regression/exceptions/exceptions11/test.java
new file mode 100644
index 00000000000..032af621fc3
--- /dev/null
+++ b/regression/exceptions/exceptions11/test.java
@@ -0,0 +1,39 @@
+class A extends RuntimeException {
+  int i=1;
+};
+
+class B extends A {
+};
+
+public class test {
+  static int foo(int k) {
+    try {
+      if(k==0)
+      {
+	A a = new A();
+	throw a;
+      }
+      else
+      {
+	A b = new A();
+	throw b;
+      }
+	
+    }
+    catch(B exc) {
+      assert exc.i==1;
+    }
+    return 1;
+  }
+
+  
+  public static void main (String args[]) {
+    try {
+      A a = new A();
+      foo(6);
+    }
+    catch(A exc) {
+      assert exc.i==2;
+    }
+  }
+}
diff --git a/regression/exceptions/exceptions12/A.class b/regression/exceptions/exceptions12/A.class
new file mode 100644
index 0000000000000000000000000000000000000000..963ae156be051ca07ea2d602053e012a3d27a7a4
GIT binary patch
literal 241
zcmXX=O;5r=5PbuswY3W2=*gpUuorF+lg8kw;Q*%hZQaP2c5B)#@o#xD@!${OM-gX{
zNoL+h-b?0i{P_hi$0WiKR{^dAj0ygd4ckY;@a{e*cu&o%CX6#SdfnHBZeLVUi8IZb
zQdPNX+3B<C*&TOM&C&%S+BSV#>SuQG(CW@UysN#6;bBCelyKv8QYrJ6Y<gq4)~nA_
ve^_n|ZZVLz+>oqP1btzNpmRpEZ_t;J0Rp-H$s}9|kN*P*5s4yPo>K82_(?21

literal 0
HcmV?d00001

diff --git a/regression/exceptions/exceptions12/B.class b/regression/exceptions/exceptions12/B.class
new file mode 100644
index 0000000000000000000000000000000000000000..47ae8f218e49b4ac942425d72a88b21c2772b518
GIT binary patch
literal 216
zcmXX<I|{;35S-1|#Aw75SgM6Kc8XvGt6-y~e~Ax#5);VBdszt<9>7D1o9M#q%+AiT
z@6YoEV1a=P9X%U;8$Q8WsZ3RCf<B%^1Y?_@B*70=CinF<mc>!TDLcb3PedAtLN)W>
zG^(>I`7{ic1ox2FMIv{qi93}ntJy`|ga-pAfda+`BWV1+DPr)3*<v+kZX9#^0Nq(=
Wu(?~UsiDK#`vu^@<%!U3Q{ERCG9oho

literal 0
HcmV?d00001

diff --git a/regression/exceptions/exceptions12/C.class b/regression/exceptions/exceptions12/C.class
new file mode 100644
index 0000000000000000000000000000000000000000..0c9779a4c2b0d3631b1a6b0ea46fd00e04361efa
GIT binary patch
literal 216
zcmXX<I}U<S5S-;Jh+;f}rCMlXr?HU4ir8rAANUfVK}g`?y{t?uJb;HXF6t(;Gdnw*
zeZ3z~01FI!nCQ9ay9f!+N)<}43Fdf`5Ui*?N<tW`LhhPNDyxG?b9RPtnTb3Rm1^g|
zY3Y-y`81A}1b<&PRVKHpjeA<wdUh695x{~?pop=-2nK&|ix|9Nc391sTgRT>K{pl#
WT<*@-G|^!l`~vXc^F-)=Q^5xrb|N<b

literal 0
HcmV?d00001

diff --git a/regression/exceptions/exceptions12/F.class b/regression/exceptions/exceptions12/F.class
new file mode 100644
index 0000000000000000000000000000000000000000..fa452c177216134c291fea52a69e7f45604e6492
GIT binary patch
literal 641
zcmZWm!EVz)5Pjn~+1PR0G=-3s0s#uNAdyRNR0vwg0R=b|Rid|zv%nS;Bilh-_>ukq
z=Ym8fD$zS1g?Q_R^nk40ee?8Y-pu&-pP#<~Y~oIc0ILdDLU>pWpm0^;T8OG6yCJUQ
zhQdw3(wfe5lNB}{=TB^|hlv>pWM5F*vSV936jatX_5}V;Ix>QVfgPI{lMh3ay>enf
zYmmk|+0&VI@s#w7cQ$A0p#OmPn>1z3p^LX&Y(B?=x!pp?@1N_BWePhL)VJbfY8vjQ
zlPorU>nwu8<i-61{YgiNFvnWk5kfQs9Y^*OJ$~DJ{BMq@S(awh^cB`3+`?@^^IZ0F
zcwpj!gPc=433ni9k4$beGny4*gT=&6vA(g7E>{?EwbJZ3YoZDdyMbVysK;0MR_`7|
zjtD#~@UESaXc9+LyoeSfU}={8g=&w?$_c#J$6V9B)4@0RhiIIjN}_gpROW`X_Gs)X
zxA`xDI=`T7sKNTnY{fZssi{+W0T-FqAlohx9dPD;i7Ex}nL=lt(&bqzo23!3*it`G
bKZNqX!moUX|Nl&`MipN4$W6Y&z{BOgR*PqV

literal 0
HcmV?d00001

diff --git a/regression/exceptions/exceptions12/test.class b/regression/exceptions/exceptions12/test.class
new file mode 100644
index 0000000000000000000000000000000000000000..a4350fcd81d62534433b034e2f9d88328d74c8b8
GIT binary patch
literal 740
zcmZuu%Tg0T6g@q8OfnhrRE($u5H)}j7wn)c1<h)dMJTGoRcF$~#$m>qnOJ^-AHff}
zMysGos&wy1S)Lw|EOgP`_ufADoYS{|{`&SEzy=;Ws9?#)T?ZDH%(iUfUKwTFxADM%
zZ7#bGR<LSgO`x?blSIX-j>6=*PUJ99BLQ(BP~6g?PM-+mx-0tv`JHH_1ZtiR)vL+z
zP{n%&EYS2KUk3X!)+WC!=F_)2A%~Z$B;929vDBf!Z1;_KBtOVrAj5HQkj6S3ZyI)S
zNFA?FWKMnbO}uToWIQHI>px8bGlNw6?_SFHnIs=6P}=f?OViFEn#8{9Yh$r&T&x>m
z7gf|K*LU$S3$|Ujm=S1CZ9V%tkQZ?r#dKl1Z9H<Zj-Eh$irgI@DL<v#!zkitrWZQ_
zr^@G!RH9=wx?-f|bixac^Z<+elnOsh)Z4}bqa1|s$Gy(1$5Zeute!)hGO*C#Ud)OO
zG#R^p0BGSFvofw@mKD?diD-*w=K|L2bIx<^4EfLetS=~@pmG75)zXjCjKHO4f$D~S
zjshT2iBvAL8rmehiFw@0Bo~M)A&(oZ8>uSq<}#KJ5x3cUhs%bwYh%7jXy@ud8yO5}
fG|OjjPGHkeKKB*He;;Q!3b5R#W&{gNEG+&8z8Qep

literal 0
HcmV?d00001

diff --git a/regression/exceptions/exceptions12/test.desc b/regression/exceptions/exceptions12/test.desc
new file mode 100644
index 00000000000..4654e88cbb6
--- /dev/null
+++ b/regression/exceptions/exceptions12/test.desc
@@ -0,0 +1,9 @@
+CORE
+test.class
+
+^EXIT=10$
+^SIGNAL=0$
+^.*assertion at file test.java line 12 function.*: FAILURE$
+^VERIFICATION FAILED$
+--
+^warning: ignoring
diff --git a/regression/exceptions/exceptions12/test.java b/regression/exceptions/exceptions12/test.java
new file mode 100644
index 00000000000..5828419fac6
--- /dev/null
+++ b/regression/exceptions/exceptions12/test.java
@@ -0,0 +1,27 @@
+class A extends RuntimeException {}
+class B extends A {}
+class C extends B {}
+
+class F {
+  void foo() {
+    try {
+      B b = new B();
+      throw b;
+    }
+    catch(B exc) {
+      assert false;
+    }
+  }
+}
+
+public class test {
+  public static void main (String args[]) {
+    try {
+      F f = new F();
+      f.foo();
+    }
+    catch(B exc) {
+      assert false;
+    }
+  }
+}
diff --git a/regression/exceptions/exceptions13/A.class b/regression/exceptions/exceptions13/A.class
new file mode 100644
index 0000000000000000000000000000000000000000..963ae156be051ca07ea2d602053e012a3d27a7a4
GIT binary patch
literal 241
zcmXX=O;5r=5PbuswY3W2=*gpUuorF+lg8kw;Q*%hZQaP2c5B)#@o#xD@!${OM-gX{
zNoL+h-b?0i{P_hi$0WiKR{^dAj0ygd4ckY;@a{e*cu&o%CX6#SdfnHBZeLVUi8IZb
zQdPNX+3B<C*&TOM&C&%S+BSV#>SuQG(CW@UysN#6;bBCelyKv8QYrJ6Y<gq4)~nA_
ve^_n|ZZVLz+>oqP1btzNpmRpEZ_t;J0Rp-H$s}9|kN*P*5s4yPo>K82_(?21

literal 0
HcmV?d00001

diff --git a/regression/exceptions/exceptions13/B.class b/regression/exceptions/exceptions13/B.class
new file mode 100644
index 0000000000000000000000000000000000000000..47ae8f218e49b4ac942425d72a88b21c2772b518
GIT binary patch
literal 216
zcmXX<I|{;35S-1|#Aw75SgM6Kc8XvGt6-y~e~Ax#5);VBdszt<9>7D1o9M#q%+AiT
z@6YoEV1a=P9X%U;8$Q8WsZ3RCf<B%^1Y?_@B*70=CinF<mc>!TDLcb3PedAtLN)W>
zG^(>I`7{ic1ox2FMIv{qi93}ntJy`|ga-pAfda+`BWV1+DPr)3*<v+kZX9#^0Nq(=
Wu(?~UsiDK#`vu^@<%!U3Q{ERCG9oho

literal 0
HcmV?d00001

diff --git a/regression/exceptions/exceptions13/C.class b/regression/exceptions/exceptions13/C.class
new file mode 100644
index 0000000000000000000000000000000000000000..0c9779a4c2b0d3631b1a6b0ea46fd00e04361efa
GIT binary patch
literal 216
zcmXX<I}U<S5S-;Jh+;f}rCMlXr?HU4ir8rAANUfVK}g`?y{t?uJb;HXF6t(;Gdnw*
zeZ3z~01FI!nCQ9ay9f!+N)<}43Fdf`5Ui*?N<tW`LhhPNDyxG?b9RPtnTb3Rm1^g|
zY3Y-y`81A}1b<&PRVKHpjeA<wdUh695x{~?pop=-2nK&|ix|9Nc391sTgRT>K{pl#
WT<*@-G|^!l`~vXc^F-)=Q^5xrb|N<b

literal 0
HcmV?d00001

diff --git a/regression/exceptions/exceptions13/F.class b/regression/exceptions/exceptions13/F.class
new file mode 100644
index 0000000000000000000000000000000000000000..85408ad5f8a3cd289c0b8f5a1f4af743446c440b
GIT binary patch
literal 405
zcmX|6O;5r=6r5KIg+c}K`^M3aL@wSm9x&;_R6SrwJZ|f%1*8Ou@o#w|(M0e5DC4|h
z+;sb9-p<V1{r-9X1aN{qA7yNL*!JOQ-SMz1sGOyfG(Q)V_74UE_aeKuf@YLX?DgU~
zwzFFkkJ)KQSz^WmGfS2KHQoFvozohHr~E%;nLuLYJ>~W_5d{6*B%>=cEi9Za@cY?f
zme?@W+*)qu`SH-am<B5F7|`Pm1ugA$$7b@_y@`i5$<cw!7wB@hDTbg*)MXXc^5GKl
zRvgy~LD7Uy+*k=vC(;%Cn@0@OxZnfM-I7;7`r=o}eOeuqpkZy!2B%fYe8y;y26uQ~
drD_dLdg?^20_lj=uyv{`kV}slf(<eUo4+7(I4b}E

literal 0
HcmV?d00001

diff --git a/regression/exceptions/exceptions13/test.class b/regression/exceptions/exceptions13/test.class
new file mode 100644
index 0000000000000000000000000000000000000000..a4350fcd81d62534433b034e2f9d88328d74c8b8
GIT binary patch
literal 740
zcmZuu%Tg0T6g@q8OfnhrRE($u5H)}j7wn)c1<h)dMJTGoRcF$~#$m>qnOJ^-AHff}
zMysGos&wy1S)Lw|EOgP`_ufADoYS{|{`&SEzy=;Ws9?#)T?ZDH%(iUfUKwTFxADM%
zZ7#bGR<LSgO`x?blSIX-j>6=*PUJ99BLQ(BP~6g?PM-+mx-0tv`JHH_1ZtiR)vL+z
zP{n%&EYS2KUk3X!)+WC!=F_)2A%~Z$B;929vDBf!Z1;_KBtOVrAj5HQkj6S3ZyI)S
zNFA?FWKMnbO}uToWIQHI>px8bGlNw6?_SFHnIs=6P}=f?OViFEn#8{9Yh$r&T&x>m
z7gf|K*LU$S3$|Ujm=S1CZ9V%tkQZ?r#dKl1Z9H<Zj-Eh$irgI@DL<v#!zkitrWZQ_
zr^@G!RH9=wx?-f|bixac^Z<+elnOsh)Z4}bqa1|s$Gy(1$5Zeute!)hGO*C#Ud)OO
zG#R^p0BGSFvofw@mKD?diD-*w=K|L2bIx<^4EfLetS=~@pmG75)zXjCjKHO4f$D~S
zjshT2iBvAL8rmehiFw@0Bo~M)A&(oZ8>uSq<}#KJ5x3cUhs%bwYh%7jXy@ud8yO5}
fG|OjjPGHkeKKB*He;;Q!3b5R#W&{gNEG+&8z8Qep

literal 0
HcmV?d00001

diff --git a/regression/exceptions/exceptions13/test.desc b/regression/exceptions/exceptions13/test.desc
new file mode 100644
index 00000000000..cb7c1b81341
--- /dev/null
+++ b/regression/exceptions/exceptions13/test.desc
@@ -0,0 +1,9 @@
+CORE
+test.class
+
+^EXIT=10$
+^SIGNAL=0$
+^.*assertion at file test.java line 25 function.*: FAILURE$
+^VERIFICATION FAILED$
+--
+^warning: ignoring
diff --git a/regression/exceptions/exceptions13/test.java b/regression/exceptions/exceptions13/test.java
new file mode 100644
index 00000000000..56d763f68d3
--- /dev/null
+++ b/regression/exceptions/exceptions13/test.java
@@ -0,0 +1,28 @@
+class A extends RuntimeException {}
+class B extends A {}
+class C extends B {}
+
+class F {
+  void foo() {
+    try {
+      B b = new B();
+      throw b;
+    }
+    catch(B exc) {
+      throw exc;
+    }
+  }
+}
+
+public class test {
+ 
+  public static void main (String args[]) {
+    try {
+      F f = new F();
+      f.foo();
+    }
+    catch(B exc) {
+      assert false;
+    }
+  }
+}
diff --git a/regression/exceptions/exceptions14/A.class b/regression/exceptions/exceptions14/A.class
new file mode 100644
index 0000000000000000000000000000000000000000..963ae156be051ca07ea2d602053e012a3d27a7a4
GIT binary patch
literal 241
zcmXX=O;5r=5PbuswY3W2=*gpUuorF+lg8kw;Q*%hZQaP2c5B)#@o#xD@!${OM-gX{
zNoL+h-b?0i{P_hi$0WiKR{^dAj0ygd4ckY;@a{e*cu&o%CX6#SdfnHBZeLVUi8IZb
zQdPNX+3B<C*&TOM&C&%S+BSV#>SuQG(CW@UysN#6;bBCelyKv8QYrJ6Y<gq4)~nA_
ve^_n|ZZVLz+>oqP1btzNpmRpEZ_t;J0Rp-H$s}9|kN*P*5s4yPo>K82_(?21

literal 0
HcmV?d00001

diff --git a/regression/exceptions/exceptions14/B.class b/regression/exceptions/exceptions14/B.class
new file mode 100644
index 0000000000000000000000000000000000000000..47ae8f218e49b4ac942425d72a88b21c2772b518
GIT binary patch
literal 216
zcmXX<I|{;35S-1|#Aw75SgM6Kc8XvGt6-y~e~Ax#5);VBdszt<9>7D1o9M#q%+AiT
z@6YoEV1a=P9X%U;8$Q8WsZ3RCf<B%^1Y?_@B*70=CinF<mc>!TDLcb3PedAtLN)W>
zG^(>I`7{ic1ox2FMIv{qi93}ntJy`|ga-pAfda+`BWV1+DPr)3*<v+kZX9#^0Nq(=
Wu(?~UsiDK#`vu^@<%!U3Q{ERCG9oho

literal 0
HcmV?d00001

diff --git a/regression/exceptions/exceptions14/C.class b/regression/exceptions/exceptions14/C.class
new file mode 100644
index 0000000000000000000000000000000000000000..0c9779a4c2b0d3631b1a6b0ea46fd00e04361efa
GIT binary patch
literal 216
zcmXX<I}U<S5S-;Jh+;f}rCMlXr?HU4ir8rAANUfVK}g`?y{t?uJb;HXF6t(;Gdnw*
zeZ3z~01FI!nCQ9ay9f!+N)<}43Fdf`5Ui*?N<tW`LhhPNDyxG?b9RPtnTb3Rm1^g|
zY3Y-y`81A}1b<&PRVKHpjeA<wdUh695x{~?pop=-2nK&|ix|9Nc391sTgRT>K{pl#
WT<*@-G|^!l`~vXc^F-)=Q^5xrb|N<b

literal 0
HcmV?d00001

diff --git a/regression/exceptions/exceptions14/test.class b/regression/exceptions/exceptions14/test.class
new file mode 100644
index 0000000000000000000000000000000000000000..1737cbde0b5cdfb0ea5d288cd0e532dad05f3c80
GIT binary patch
literal 858
zcmah{U2oD*7=BJ$D0Cg`04ILC3CN}nog`bb#R$0Vrqc_|66aMZ4R*3(+G6}I`vY80
z6PHM$_x>KQjnAn#E;R9?=Y8JyydTf=o__!N<tu;&9vd)G)p6H=B5lophH4fDR&}fy
z&}HzRj{624U|mODpip+A$O~hC7(~zf$mtHeo`5(KNbmT8A3qULYpaI>T6@^@1Qu*R
z@ScxOx?cEFCJW^4q3a9|ozR#5G^oXI{D?j5*o)$AR-ZV2Ah1+>Z67=Do%+BD`t?p6
z`ayqNb{8(^*llL2-iHLYB(|Hf)(QLURrp7#z<eim+_wkLyJRq>Cjx5%nH_g96<~CR
zqtNyCd`UMe8LdkaCKh0Ebemt(#5{5Wr5U^CpS|pc;V@)Qi&SK>j)x{5VMD;0Wxwbi
zdv47A%tGw}S4+)3FY-gLchQfG;}I{o*CQ<RaZEm*uu75vkqUN!#dDEfomSAM*3Kc$
z2o&Ubrhf-fAU3DCh)eXcSi)sSWbqGXtF-$QD6h`B&IvTy)WH~K`y<k)n43UnB=c>|
zcl=-EENNzOsKTZeDjX(%yG{OOYC>xx(UL`msw`3{&@WQg3UP(1s*E;BbCWk)yxAjF
zDWQQBYceR|3aJ;lhpP#yCg>VtTM4?JNZrQ`++@`)ev3$VbllFhbS%qbCC4^*F4osb
h3YeBRK4b0_x;BQUenR^1RmyHDDCSeS@G>0*m0$24k%|BS

literal 0
HcmV?d00001

diff --git a/regression/exceptions/exceptions14/test.desc b/regression/exceptions/exceptions14/test.desc
new file mode 100644
index 00000000000..dc5ca4fa5cb
--- /dev/null
+++ b/regression/exceptions/exceptions14/test.desc
@@ -0,0 +1,8 @@
+CORE
+test.class
+
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION SUCCESSFUL$
+--
+^warning: ignoring
diff --git a/regression/exceptions/exceptions14/test.java b/regression/exceptions/exceptions14/test.java
new file mode 100644
index 00000000000..24f44a5d3d9
--- /dev/null
+++ b/regression/exceptions/exceptions14/test.java
@@ -0,0 +1,24 @@
+class A extends RuntimeException {}
+class B extends A {}
+class C extends B {}
+
+public class test {
+  public static void main (String args[]) {
+    try {
+      try {
+	C c = new C();
+	A a = new A();
+      }
+      catch(C exc) {
+	assert false;
+      }
+      catch(B exc) {
+	assert false;
+      }
+    }
+    catch(A exc) {
+      assert false;
+    }
+
+  }
+}
diff --git a/regression/exceptions/exceptions2/A.class b/regression/exceptions/exceptions2/A.class
new file mode 100644
index 0000000000000000000000000000000000000000..eb19ef6be2b4b0dc315cdfd2ae091ecc67882efd
GIT binary patch
literal 234
zcmXX=%MQU%5IsX5TBX7dSYn|YJ0fW$R*em@zv_l7)h5;QT~-ncAK;_J+%n0`dF0Gw
z-k;|Szyuu^b+l}>ZTJLhrczbR3H8BnOE4DMUK0FBrE*oCcQW6IUBXT`%3_ghMXt2|
zn?`X|7ha9RDZyQ5Wgg3=(s8GdmtuSpSK+~cNuZF>(>h2*dI&bhJiF;j=%dE}=pt^;
iGFr?6M(voR2k6eE2Aii<nS=&&?-zgrmldH|rMxfZ(<w^;

literal 0
HcmV?d00001

diff --git a/regression/exceptions/exceptions2/B.class b/regression/exceptions/exceptions2/B.class
new file mode 100644
index 0000000000000000000000000000000000000000..47ae8f218e49b4ac942425d72a88b21c2772b518
GIT binary patch
literal 216
zcmXX<I|{;35S-1|#Aw75SgM6Kc8XvGt6-y~e~Ax#5);VBdszt<9>7D1o9M#q%+AiT
z@6YoEV1a=P9X%U;8$Q8WsZ3RCf<B%^1Y?_@B*70=CinF<mc>!TDLcb3PedAtLN)W>
zG^(>I`7{ic1ox2FMIv{qi93}ntJy`|ga-pAfda+`BWV1+DPr)3*<v+kZX9#^0Nq(=
Wu(?~UsiDK#`vu^@<%!U3Q{ERCG9oho

literal 0
HcmV?d00001

diff --git a/regression/exceptions/exceptions2/C.class b/regression/exceptions/exceptions2/C.class
new file mode 100644
index 0000000000000000000000000000000000000000..0c9779a4c2b0d3631b1a6b0ea46fd00e04361efa
GIT binary patch
literal 216
zcmXX<I}U<S5S-;Jh+;f}rCMlXr?HU4ir8rAANUfVK}g`?y{t?uJb;HXF6t(;Gdnw*
zeZ3z~01FI!nCQ9ay9f!+N)<}43Fdf`5Ui*?N<tW`LhhPNDyxG?b9RPtnTb3Rm1^g|
zY3Y-y`81A}1b<&PRVKHpjeA<wdUh695x{~?pop=-2nK&|ix|9Nc391sTgRT>K{pl#
WT<*@-G|^!l`~vXc^F-)=Q^5xrb|N<b

literal 0
HcmV?d00001

diff --git a/regression/exceptions/exceptions2/test.class b/regression/exceptions/exceptions2/test.class
new file mode 100644
index 0000000000000000000000000000000000000000..a6aed72e3b3c222e6f88edb1257ddbfa96fe05c7
GIT binary patch
literal 771
zcmZuvO>fgc6r6RO*m2x6O`rrwftCVkQkqL|tq>%@0U0<1Rid0W&MIti9b`L*-_k$O
zbBjbJD$zSX3Naf(BLs)_``9;c=DqcgpWnU%*v6Iz4{HwYda#ULFT%w=2lqV`O#Hw@
z6B`a%0=0FSrYgzwI8LAHR1P9F6cGCYg<T!%?2$mOxv?i;_r^mduo&oAy_y^jRPx3Y
z3si$~D5E`@XcNzpcJ^MU>=9%t&31@BlsXnzZoUf+<R{sQWIXEhvqZ<E9n)P5$P;u~
znNy!b<M#|oCL?yK{Rbql(9dM};iddIrR0#DSHRs3qnU26Kb|C^dajMiq7kxXxP2_3
zOvWxx&qoQqKz%Oi$)9yROOkOy4F>3-?PC)U1uFB(*MkEUW?acU)r+`IjyY7RPSo(S
z7o}zsUT~HBSmk4Qd?!(<8+Lj*a2%BRU1Zdu6}0)*8N>-43l)9~zmr&^@6Y@yYK)4w
zf~(9J@F}Y;+RbxVZ_l{L_C;`t{1Hm$C@|q%9P`Eg&YVmU=AW^N^w40On{uvEDtKIS
zcob{oUgu4NVpqu5rW&KCMWjpAGOkfaiMMsu3Dy|T<fsTYaFe#d<HLU8V5Qu3aH~w@
n?aSe}r?tRR)%}X%5ghv%cJ2%E|1QEb%ER&>n|0k`U}5za)c=H&

literal 0
HcmV?d00001

diff --git a/regression/exceptions/exceptions2/test.desc b/regression/exceptions/exceptions2/test.desc
new file mode 100644
index 00000000000..eb7fa309bea
--- /dev/null
+++ b/regression/exceptions/exceptions2/test.desc
@@ -0,0 +1,10 @@
+CORE
+test.class
+
+^EXIT=10$
+^SIGNAL=0$
+^.*assertion at file test.java line 15 function.*: FAILURE$
+^\*\* 1 of 20 failed (2 iterations)$
+^VERIFICATION FAILED$
+--
+^warning: ignoring
diff --git a/regression/exceptions/exceptions2/test.java b/regression/exceptions/exceptions2/test.java
new file mode 100644
index 00000000000..420b50219c1
--- /dev/null
+++ b/regression/exceptions/exceptions2/test.java
@@ -0,0 +1,18 @@
+class A extends Throwable {}
+class B extends A {}
+class C extends B {}
+
+public class test {
+  public static void main (String args[]) {
+    try {
+      B b = new B();
+      throw b;
+    }
+    catch(C exc) {
+      assert false;
+    }
+    catch(B exc) {
+      assert false;
+    }
+  }
+}
diff --git a/regression/exceptions/exceptions3/A.class b/regression/exceptions/exceptions3/A.class
new file mode 100644
index 0000000000000000000000000000000000000000..eb19ef6be2b4b0dc315cdfd2ae091ecc67882efd
GIT binary patch
literal 234
zcmXX=%MQU%5IsX5TBX7dSYn|YJ0fW$R*em@zv_l7)h5;QT~-ncAK;_J+%n0`dF0Gw
z-k;|Szyuu^b+l}>ZTJLhrczbR3H8BnOE4DMUK0FBrE*oCcQW6IUBXT`%3_ghMXt2|
zn?`X|7ha9RDZyQ5Wgg3=(s8GdmtuSpSK+~cNuZF>(>h2*dI&bhJiF;j=%dE}=pt^;
iGFr?6M(voR2k6eE2Aii<nS=&&?-zgrmldH|rMxfZ(<w^;

literal 0
HcmV?d00001

diff --git a/regression/exceptions/exceptions3/B.class b/regression/exceptions/exceptions3/B.class
new file mode 100644
index 0000000000000000000000000000000000000000..47ae8f218e49b4ac942425d72a88b21c2772b518
GIT binary patch
literal 216
zcmXX<I|{;35S-1|#Aw75SgM6Kc8XvGt6-y~e~Ax#5);VBdszt<9>7D1o9M#q%+AiT
z@6YoEV1a=P9X%U;8$Q8WsZ3RCf<B%^1Y?_@B*70=CinF<mc>!TDLcb3PedAtLN)W>
zG^(>I`7{ic1ox2FMIv{qi93}ntJy`|ga-pAfda+`BWV1+DPr)3*<v+kZX9#^0Nq(=
Wu(?~UsiDK#`vu^@<%!U3Q{ERCG9oho

literal 0
HcmV?d00001

diff --git a/regression/exceptions/exceptions3/C.class b/regression/exceptions/exceptions3/C.class
new file mode 100644
index 0000000000000000000000000000000000000000..0c9779a4c2b0d3631b1a6b0ea46fd00e04361efa
GIT binary patch
literal 216
zcmXX<I}U<S5S-;Jh+;f}rCMlXr?HU4ir8rAANUfVK}g`?y{t?uJb;HXF6t(;Gdnw*
zeZ3z~01FI!nCQ9ay9f!+N)<}43Fdf`5Ui*?N<tW`LhhPNDyxG?b9RPtnTb3Rm1^g|
zY3Y-y`81A}1b<&PRVKHpjeA<wdUh695x{~?pop=-2nK&|ix|9Nc391sTgRT>K{pl#
WT<*@-G|^!l`~vXc^F-)=Q^5xrb|N<b

literal 0
HcmV?d00001

diff --git a/regression/exceptions/exceptions3/test.class b/regression/exceptions/exceptions3/test.class
new file mode 100644
index 0000000000000000000000000000000000000000..2e669adea88774634ce0f2e95b5411c54fada652
GIT binary patch
literal 751
zcmZuuO>fgc5PfSqaqPNjnm`BzN(%*&@R3Vztq>%DI2d{eszf<$oK@J8I>>eqzokbm
zJr^V@QHkF9QHZxDG(vFLoq4lwX5P&H`1$QSfKA-@;bYy!4Ih@VH$9ZF;o_E$qQSR)
z+(FYtOQ5zP(^Msyp2X=Boyx&j4F$xWKyh2gI(sN!H(R>`PH!?)0!yKe)ywI@KqapX
zS)dwDB01ibi8go^bh5WPWsNXXX|~1e1F2(ydh<=VFF(l6SjMAHKTC8x+A`H`^)ccd
z_Q<uvuE~(eh!tx8Nf21<XEJ*CLcY)2aX`*0P}+{hGtGW~GEE}&OdExs5%IwE4X}tZ
z$LsR+0xTd9Xv_sY{<DgwNis>O!6dq92e^xS0+l&)XRxoLjO&<(dSh;qBMw!n6E!@q
zMXA}84_xCO*7*@W|439CraL_w90z6IOGF)7L0f2_KpfMtP~lzt9mF#IVCGj*Bl2(o
z7a1|hpUAdo+o!NzpTIr~KcjGng;Nv>-LoV9)!&ihoL{0Shj}He5ZigjRk(S?$n_}o
z5<9F==oLzBkztgqk?RrH`6}|4IvTmUHZGG5#*AL)xr?jiu8V7B_E<e1b~EP!%hl3X
cc!zMEBRKXK6#gCD6e_?99+~xAC$O;g3#cB03;+NC

literal 0
HcmV?d00001

diff --git a/regression/exceptions/exceptions3/test.desc b/regression/exceptions/exceptions3/test.desc
new file mode 100644
index 00000000000..8b917c506ae
--- /dev/null
+++ b/regression/exceptions/exceptions3/test.desc
@@ -0,0 +1,9 @@
+CORE
+test.class
+
+^EXIT=10$
+^SIGNAL=0$
+^.*assertion at file test.java line 14 function.*: FAILURE$
+^VERIFICATION FAILED$
+--
+^warning: ignoring
diff --git a/regression/exceptions/exceptions3/test.java b/regression/exceptions/exceptions3/test.java
new file mode 100644
index 00000000000..9f6a55e11b4
--- /dev/null
+++ b/regression/exceptions/exceptions3/test.java
@@ -0,0 +1,17 @@
+class A extends Throwable {}
+class B extends A {}
+class C extends B {}
+
+public class test {
+  public static void main (String args[]) {
+    try {
+      throw new B();
+    }
+    catch(C exc) {
+      assert false;
+    }
+    catch(B exc) {
+      assert false;
+    }
+  }
+}
diff --git a/regression/exceptions/exceptions4/A.class b/regression/exceptions/exceptions4/A.class
new file mode 100644
index 0000000000000000000000000000000000000000..eb19ef6be2b4b0dc315cdfd2ae091ecc67882efd
GIT binary patch
literal 234
zcmXX=%MQU%5IsX5TBX7dSYn|YJ0fW$R*em@zv_l7)h5;QT~-ncAK;_J+%n0`dF0Gw
z-k;|Szyuu^b+l}>ZTJLhrczbR3H8BnOE4DMUK0FBrE*oCcQW6IUBXT`%3_ghMXt2|
zn?`X|7ha9RDZyQ5Wgg3=(s8GdmtuSpSK+~cNuZF>(>h2*dI&bhJiF;j=%dE}=pt^;
iGFr?6M(voR2k6eE2Aii<nS=&&?-zgrmldH|rMxfZ(<w^;

literal 0
HcmV?d00001

diff --git a/regression/exceptions/exceptions4/B.class b/regression/exceptions/exceptions4/B.class
new file mode 100644
index 0000000000000000000000000000000000000000..47ae8f218e49b4ac942425d72a88b21c2772b518
GIT binary patch
literal 216
zcmXX<I|{;35S-1|#Aw75SgM6Kc8XvGt6-y~e~Ax#5);VBdszt<9>7D1o9M#q%+AiT
z@6YoEV1a=P9X%U;8$Q8WsZ3RCf<B%^1Y?_@B*70=CinF<mc>!TDLcb3PedAtLN)W>
zG^(>I`7{ic1ox2FMIv{qi93}ntJy`|ga-pAfda+`BWV1+DPr)3*<v+kZX9#^0Nq(=
Wu(?~UsiDK#`vu^@<%!U3Q{ERCG9oho

literal 0
HcmV?d00001

diff --git a/regression/exceptions/exceptions4/C.class b/regression/exceptions/exceptions4/C.class
new file mode 100644
index 0000000000000000000000000000000000000000..0c9779a4c2b0d3631b1a6b0ea46fd00e04361efa
GIT binary patch
literal 216
zcmXX<I}U<S5S-;Jh+;f}rCMlXr?HU4ir8rAANUfVK}g`?y{t?uJb;HXF6t(;Gdnw*
zeZ3z~01FI!nCQ9ay9f!+N)<}43Fdf`5Ui*?N<tW`LhhPNDyxG?b9RPtnTb3Rm1^g|
zY3Y-y`81A}1b<&PRVKHpjeA<wdUh695x{~?pop=-2nK&|ix|9Nc391sTgRT>K{pl#
WT<*@-G|^!l`~vXc^F-)=Q^5xrb|N<b

literal 0
HcmV?d00001

diff --git a/regression/exceptions/exceptions4/test.class b/regression/exceptions/exceptions4/test.class
new file mode 100644
index 0000000000000000000000000000000000000000..e7ffa43cd87dfaf11bac4517d8d90e5096a49e33
GIT binary patch
literal 743
zcmZuvO>fgc5Pj=7apJgXnm|b*4gCVr7Me?Mtq>%@0U3G-szf<$oK@J8+Q@bgzl1~o
z0Ox{4B`VQ7KML{IgysOUc6Vm>&Ad0W{`u?s4*<K^ap7Xk!MY2}oEs$+amT@37X{<r
zbJ518gDrvjhD;I_r#cFgCpwXXu^I}9BZ0!c4t4raAlKeJ6tH{IPzlWYI#e$wCj%9~
zGGKw49|dxJC}VB>Y0ysJ>V!4?R3+&ivrnWB1s2<H{A2k+cE&Osb^2+n!_l6pE(YZB
zyF}*H$H3S<lO^L3tJMFKBrw-cW$^BWe4kOWN%kvH+z-Z6-EKdc#DRLIjmnY{vSYYC
z%%MWYE?3V(8J<96ChGCuaXgLVD5eIJ=wRE!eLN7T&X5O#V-=(v$t=_xbDC^(s1hBk
z;Z-e4O((qID37qp$8h;hqS`R*v~plOsBoXB*WoF6=C{rv&S+SuaxeS|Vu7|dwQH!;
zE8!ZhGh&iI5pD5oUBG&M&N*&h`d^SgMfm~+2As>!u>G?PWBwAGSQkzDxs0U+hmj(`
z6657e;1Vl0DQ}qw!@fdnkr|7)LDn*F8d%B{wQv)+h-h+ou%A0vu5=x=OvT$*4en-G
gV4+t0hSDh<o0@W8k^i?@Qz#G1dt^qkLdU}DZ|9kRr2qf`

literal 0
HcmV?d00001

diff --git a/regression/exceptions/exceptions4/test.desc b/regression/exceptions/exceptions4/test.desc
new file mode 100644
index 00000000000..dc5ca4fa5cb
--- /dev/null
+++ b/regression/exceptions/exceptions4/test.desc
@@ -0,0 +1,8 @@
+CORE
+test.class
+
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION SUCCESSFUL$
+--
+^warning: ignoring
diff --git a/regression/exceptions/exceptions4/test.java b/regression/exceptions/exceptions4/test.java
new file mode 100644
index 00000000000..478673da2ab
--- /dev/null
+++ b/regression/exceptions/exceptions4/test.java
@@ -0,0 +1,19 @@
+class A extends Throwable {}
+class B extends A {}
+class C extends B {}
+
+public class test {
+  public static void main (String args[]) {
+    try {
+      B b = new B();
+      throw b;
+    }
+    catch(C exc) {
+      assert false;
+    }
+    catch(B exc) {
+    }
+  }
+}
+
+
diff --git a/regression/exceptions/exceptions5/A.class b/regression/exceptions/exceptions5/A.class
new file mode 100644
index 0000000000000000000000000000000000000000..eb19ef6be2b4b0dc315cdfd2ae091ecc67882efd
GIT binary patch
literal 234
zcmXX=%MQU%5IsX5TBX7dSYn|YJ0fW$R*em@zv_l7)h5;QT~-ncAK;_J+%n0`dF0Gw
z-k;|Szyuu^b+l}>ZTJLhrczbR3H8BnOE4DMUK0FBrE*oCcQW6IUBXT`%3_ghMXt2|
zn?`X|7ha9RDZyQ5Wgg3=(s8GdmtuSpSK+~cNuZF>(>h2*dI&bhJiF;j=%dE}=pt^;
iGFr?6M(voR2k6eE2Aii<nS=&&?-zgrmldH|rMxfZ(<w^;

literal 0
HcmV?d00001

diff --git a/regression/exceptions/exceptions5/B.class b/regression/exceptions/exceptions5/B.class
new file mode 100644
index 0000000000000000000000000000000000000000..47ae8f218e49b4ac942425d72a88b21c2772b518
GIT binary patch
literal 216
zcmXX<I|{;35S-1|#Aw75SgM6Kc8XvGt6-y~e~Ax#5);VBdszt<9>7D1o9M#q%+AiT
z@6YoEV1a=P9X%U;8$Q8WsZ3RCf<B%^1Y?_@B*70=CinF<mc>!TDLcb3PedAtLN)W>
zG^(>I`7{ic1ox2FMIv{qi93}ntJy`|ga-pAfda+`BWV1+DPr)3*<v+kZX9#^0Nq(=
Wu(?~UsiDK#`vu^@<%!U3Q{ERCG9oho

literal 0
HcmV?d00001

diff --git a/regression/exceptions/exceptions5/C.class b/regression/exceptions/exceptions5/C.class
new file mode 100644
index 0000000000000000000000000000000000000000..0c9779a4c2b0d3631b1a6b0ea46fd00e04361efa
GIT binary patch
literal 216
zcmXX<I}U<S5S-;Jh+;f}rCMlXr?HU4ir8rAANUfVK}g`?y{t?uJb;HXF6t(;Gdnw*
zeZ3z~01FI!nCQ9ay9f!+N)<}43Fdf`5Ui*?N<tW`LhhPNDyxG?b9RPtnTb3Rm1^g|
zY3Y-y`81A}1b<&PRVKHpjeA<wdUh695x{~?pop=-2nK&|ix|9Nc391sTgRT>K{pl#
WT<*@-G|^!l`~vXc^F-)=Q^5xrb|N<b

literal 0
HcmV?d00001

diff --git a/regression/exceptions/exceptions5/D.class b/regression/exceptions/exceptions5/D.class
new file mode 100644
index 0000000000000000000000000000000000000000..12179e84294d669f8f9f06e51f5400f5cc8f5db6
GIT binary patch
literal 216
zcmXX<I}U<S5S-;Jh+;f}rCMlXr?G)p5gQHt17G4Z2niqWWo2UF0X&p(Q8t;K+1c6b
z`}2GOSYhNs$H2zWhEK3IDp&QEpigHp!3c_zB>0ia<-WNlvOJ0;V`m%{smNkcs&?*7
zqdu#OPor>6a1TXOrgEp+xKqojUR=aYcraiRC}aefK;!Ri5ra3(7ON$5>zMNg=*~ie
V&E4u^J=Weo00%Blg#It(eE}M}B0B&8

literal 0
HcmV?d00001

diff --git a/regression/exceptions/exceptions5/test.class b/regression/exceptions/exceptions5/test.class
new file mode 100644
index 0000000000000000000000000000000000000000..1b251e32471f5d7fe325eac698256834648f5e0a
GIT binary patch
literal 997
zcmZuv+fEZv6kVq??X=U<7SKw)AS&p9O1)Ik77etO#AJ#O7!tuC({=)br8P5y@mu%-
zp3y`So5;H#Wn6nic)&F0?6r6IZLKrEe*gFhpo|wLawr*iU?L{=p$T2=BNGX+k4+>|
zN?{0P15Zq(CHU0D9G)3?t}r_31cB>^UcVPKyufL7-Hw7<Q%KBvJuiHzpjp$a3VOZY
zaTRj5*K?Qmc3ZChR+1G)?0(znt~$Oa{z*^|x4nQp?9dIuDyw%LucuJ3*6khVvs3Ci
zy{*zp=zG1bs&rQzs@V-@s<xoIpq8MTAV<)mAP&^rFOuW<TU`G?{S<~)LZ|()>3oW|
zp*Ylql28qW<b1n(Ld;z0@A++a$rBnW*>qNx%U}ef9M#~d^VE12Gst6DVeD-C#ecfJ
z^8LO~iqgP9C4(yF74m19Z(2KUJEV4Jp?a6HQ;&`tc)r^??Zw5zJ^n$>*KmWcmg6g{
z{FqE9(m=g2%KHMn60M?*&m2J=62x$kcOnYvC=h4<Cg2jr=%rA^Wky)6R+*h(Y;%Cv
zyCcdwfKD544v?TVmIp}ErYd?-uf&V-WBV)2eWV9SGn_d-fORfXI2Y0FLw=8d#a}G4
zl@s5Nrd!zH_o+pDFGUm$`bpAFabuGbq%lPn7P6S87;}tPm{+9?uZeAPX|j5qc!MlI
zkfHE?&-x@La0OS%H_v~sVVoO?kk=X4*xBH@$!(_S-6D!}LKc%zMKwa>tZhbUBGPe_
zxwqN<4o?BeZ39-eW?)*b8M*F)Q}3NVP&ujshDV0JBfAenKY*@%gL(e3q-7kj%z`}W
JeL6AB{sHnbp}znC

literal 0
HcmV?d00001

diff --git a/regression/exceptions/exceptions5/test.desc b/regression/exceptions/exceptions5/test.desc
new file mode 100644
index 00000000000..dc5ca4fa5cb
--- /dev/null
+++ b/regression/exceptions/exceptions5/test.desc
@@ -0,0 +1,8 @@
+CORE
+test.class
+
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION SUCCESSFUL$
+--
+^warning: ignoring
diff --git a/regression/exceptions/exceptions5/test.java b/regression/exceptions/exceptions5/test.java
new file mode 100644
index 00000000000..e539f06df1e
--- /dev/null
+++ b/regression/exceptions/exceptions5/test.java
@@ -0,0 +1,27 @@
+class A extends Throwable {}
+class B extends A {}
+class C extends B {}
+class D extends C {}public class test {
+ public static void main (String arg[]) {
+   try {
+     D d = new D();
+     C c = new C();
+     B b = new B();
+     A a = new A();
+     A e = a;
+     throw e;
+   }
+   catch(D exc) {
+     assert false;
+   }
+   catch(C exc) {
+     assert false;
+   }
+   catch(B exc) {
+     assert false;
+   }
+   catch(A exc) {
+   }  
+  }
+}
+
diff --git a/regression/exceptions/exceptions6/A.class b/regression/exceptions/exceptions6/A.class
new file mode 100644
index 0000000000000000000000000000000000000000..fbaaf105dbaddd4eb32dc843a524880a3ff50fe4
GIT binary patch
literal 280
zcmXYru};H45JYF4ON@<4AW%_JLJHE*5g|ngBqWOhQ2L8G!6N63oHNRAQ6MA=K7fxx
zj6;gO-FZ8s+n?XBZvbaFNMW#>po6^_!x;MlQPz#1H&L(QLeM!rnF-8g_2>kHT)n$(
z7IRlW*m+4Z%&WqdGh1t`H_(J<T{4<a&jsmy)zpQ%*4CZ`w+yE*_RVI9v6Z2V9zUE4
z4qG@bt$!NdH9qLVU9AfD8np5_;)RA63yXox#5_qtH9@rArK3;C$b2ArCykKu?K6vY
U-q72{HdXfTX5XO_dRq734}!xkg#Z8m

literal 0
HcmV?d00001

diff --git a/regression/exceptions/exceptions6/B.class b/regression/exceptions/exceptions6/B.class
new file mode 100644
index 0000000000000000000000000000000000000000..ec8971aad2eee1947408fffcd8359833ec6c7381
GIT binary patch
literal 216
zcmXX<I|{;35S-1|#Aw75SgM6Kc8XvGt6-y~e~Ax#5);VBdszt<9>7D1o9M#q%+AiT
z@6YoEV1a=P9X%U;8$Q8WsZ3RCf<B%^1Y?_@B*70=CinF<mc>!TDLcb3PedAtLN)W>
zG^(>I`7{ic1ox2FMIv{qi93}ntJy`|ga-pAfda+`BWV1+DPr)3*<v+kZX9#^0Nq(=
Wu(?~UX`{p1`vu^@<%!U3Q{ERC!y-5U

literal 0
HcmV?d00001

diff --git a/regression/exceptions/exceptions6/C.class b/regression/exceptions/exceptions6/C.class
new file mode 100644
index 0000000000000000000000000000000000000000..aeeb2cef5bfa500158c0f742e325e31e500aa27a
GIT binary patch
literal 216
zcmXX<I|{;35S-0FF&gm%mTIAmonm3YD%dFLU*ZFw#02v3URHvI2k=nhCb}>?v$M18
z`}2GOSYqfwN8iT4MnJIEDp&P}piibT!3c|!Bm|Ml<-WNlvOJ0;V`mf<smNkcs&@XH
zMtxQlpGM(|;2nylOyy3sakrLLJ->*X@L|9tP{`O~42{3HMGW3BTdWq$tz*s}pgRi<
WHg~Ht9XPE0UjQyVo(R1z<$nPh2O>NG

literal 0
HcmV?d00001

diff --git a/regression/exceptions/exceptions6/D.class b/regression/exceptions/exceptions6/D.class
new file mode 100644
index 0000000000000000000000000000000000000000..12179e84294d669f8f9f06e51f5400f5cc8f5db6
GIT binary patch
literal 216
zcmXX<I}U<S5S-;Jh+;f}rCMlXr?G)p5gQHt17G4Z2niqWWo2UF0X&p(Q8t;K+1c6b
z`}2GOSYhNs$H2zWhEK3IDp&QEpigHp!3c_zB>0ia<-WNlvOJ0;V`m%{smNkcs&?*7
zqdu#OPor>6a1TXOrgEp+xKqojUR=aYcraiRC}aefK;!Ri5ra3(7ON$5>zMNg=*~ie
V&E4u^J=Weo00%Blg#It(eE}M}B0B&8

literal 0
HcmV?d00001

diff --git a/regression/exceptions/exceptions6/test.class b/regression/exceptions/exceptions6/test.class
new file mode 100644
index 0000000000000000000000000000000000000000..e0c57f3e31882cdf481a96c6f9f53834e3440c85
GIT binary patch
literal 806
zcmZuv&2JJx9DTF9u<Ww66cj0bQb8%zqNX>95vnGdRS%dZ*3+_Va4KEQ?qd8~dhytE
z)!4))Hu2~mWqh;NVxotc`F+0Mn>X|0=htrlHgMO5gNBLgHZ(LW*tlWQYMNNJkyV+N
zg`D!&Y}~{x6YBz{x);Yml*nlqKajCEoCG5Qu`Q78%1|cv1oY<WmVmK29R&i5t_*``
zv)y43y->vhMR)3ZlPxcj%0CGj$!i%C!%c!X>9Bj(lc7Ml`O4k#-g)hb7mnM5B$DB{
zqtJ!qddykDd!M`8V~_6kRi_t?iB$Seqrk!-@%%SWy|?LDUY&Oo$aVe633q!iokf1|
zNGhh5BD1dMJ6J@46MGI8aK=Fe%L0`-v)&&~9!AkLVqu>|RJVz?gWI?xP?%RgAMONx
zLT%=u%?V}YeMdnoqhNH3N509732M5H8lTAF(}_Yw(V(S+C@64WqSxjrcxGCM5C=3g
z6uD>9pp6o3=XU|l;v78-Wt?Y3HGgNd#<Qz;kD$FggnsOPgt3Rx+Gk`kACNynmSOXF
zAJuur`a5%wBG{y<kZP#&`{*f$6<Q!=jdX3!%QITz>^gZg$fASglwS)5YjR3p^2#$)
z#RXcbrizOx`z|iwGSRMZIWV4>xLWR;sFm5baw^6~S_>={?Jvmh!8G<^=$~NxD~tll
OKy&UZ`L5B?Q2zx(l8Oxg

literal 0
HcmV?d00001

diff --git a/regression/exceptions/exceptions6/test.desc b/regression/exceptions/exceptions6/test.desc
new file mode 100644
index 00000000000..79549d80731
--- /dev/null
+++ b/regression/exceptions/exceptions6/test.desc
@@ -0,0 +1,9 @@
+CORE
+test.class
+
+^EXIT=10$
+^SIGNAL=0$
+^.*assertion at file test.java line 18 function.*: FAILURE$
+^VERIFICATION FAILED$
+--
+^warning: ignoring
diff --git a/regression/exceptions/exceptions6/test.java b/regression/exceptions/exceptions6/test.java
new file mode 100644
index 00000000000..fd9a7fd5326
--- /dev/null
+++ b/regression/exceptions/exceptions6/test.java
@@ -0,0 +1,26 @@
+class A extends RuntimeException {
+  int i;
+  A() {
+    i = 1;
+  }
+}
+class B extends A {}
+class C extends B {}
+
+public class test {
+  public static void main (String args[]) {
+    try {
+      try {
+	int i = 0;
+	throw new A();
+      }
+      catch(A exc) {
+	assert exc.i==2;
+      }
+    }
+    catch(B exc) {
+      assert exc.i==2;
+    }
+
+  }
+}
diff --git a/regression/exceptions/exceptions7/A.class b/regression/exceptions/exceptions7/A.class
new file mode 100644
index 0000000000000000000000000000000000000000..963ae156be051ca07ea2d602053e012a3d27a7a4
GIT binary patch
literal 241
zcmXX=O;5r=5PbuswY3W2=*gpUuorF+lg8kw;Q*%hZQaP2c5B)#@o#xD@!${OM-gX{
zNoL+h-b?0i{P_hi$0WiKR{^dAj0ygd4ckY;@a{e*cu&o%CX6#SdfnHBZeLVUi8IZb
zQdPNX+3B<C*&TOM&C&%S+BSV#>SuQG(CW@UysN#6;bBCelyKv8QYrJ6Y<gq4)~nA_
ve^_n|ZZVLz+>oqP1btzNpmRpEZ_t;J0Rp-H$s}9|kN*P*5s4yPo>K82_(?21

literal 0
HcmV?d00001

diff --git a/regression/exceptions/exceptions7/B.class b/regression/exceptions/exceptions7/B.class
new file mode 100644
index 0000000000000000000000000000000000000000..47ae8f218e49b4ac942425d72a88b21c2772b518
GIT binary patch
literal 216
zcmXX<I|{;35S-1|#Aw75SgM6Kc8XvGt6-y~e~Ax#5);VBdszt<9>7D1o9M#q%+AiT
z@6YoEV1a=P9X%U;8$Q8WsZ3RCf<B%^1Y?_@B*70=CinF<mc>!TDLcb3PedAtLN)W>
zG^(>I`7{ic1ox2FMIv{qi93}ntJy`|ga-pAfda+`BWV1+DPr)3*<v+kZX9#^0Nq(=
Wu(?~UsiDK#`vu^@<%!U3Q{ERCG9oho

literal 0
HcmV?d00001

diff --git a/regression/exceptions/exceptions7/C.class b/regression/exceptions/exceptions7/C.class
new file mode 100644
index 0000000000000000000000000000000000000000..0c9779a4c2b0d3631b1a6b0ea46fd00e04361efa
GIT binary patch
literal 216
zcmXX<I}U<S5S-;Jh+;f}rCMlXr?HU4ir8rAANUfVK}g`?y{t?uJb;HXF6t(;Gdnw*
zeZ3z~01FI!nCQ9ay9f!+N)<}43Fdf`5Ui*?N<tW`LhhPNDyxG?b9RPtnTb3Rm1^g|
zY3Y-y`81A}1b<&PRVKHpjeA<wdUh695x{~?pop=-2nK&|ix|9Nc391sTgRT>K{pl#
WT<*@-G|^!l`~vXc^F-)=Q^5xrb|N<b

literal 0
HcmV?d00001

diff --git a/regression/exceptions/exceptions7/test.class b/regression/exceptions/exceptions7/test.class
new file mode 100644
index 0000000000000000000000000000000000000000..f9e3cf244d9cfc5b86ec4ea69682468476fb64c0
GIT binary patch
literal 871
zcmah{QBTuQ7(KV`)~)MC*$}6wh%#Y_OxXet5aKr3Q_;j367i|qnpqs3X*=U@;ScbP
zCX%>B-u+J+&n?qEXyU`Y_q(UxcfNDJ+wVWWegjZL&47s&9jgWud6o@mSV_acnvRDC
zbP2BOcw}G$6&;TS3d>Fyx<TX({qUI=I-P;r6A(uN$z9L)qCEk1wR|X`HHSS{V8-@*
z_xb3g;|8x}vOwM*cAdeY6L|7I0k!C@7m~w{+%Vc<^@-#80`seH>|^JHQyDmZztWBZ
z&+qR@cF|=YyU9%9$f(Xpbw9>vL)JS%pL~UXlnZ3rk<)#5;JlBU(|&BSERfpm4kjjy
z_HYz*-IgaMr=_Y5Da6DKEH-U&)lFoP6DUp<)_>1tKL~~aa~hN)i*-CPv5BgHHO+p}
zId;1dXEcSH1CE!zdv53jZto8t6-Og};B1eu#0N6@fWj(D1&maX1s3;N-YPr=&&1jV
z#5n^6dG5(85Cz8OB%Z@H-qM)Ibt1C(2eVb4tud6>7aZ*v8qdVR`lbB|$x~#;&<Uh2
z&-j%8L(XHaJo_u;%ww6ofGW25qp7i~&DcsBDVnm7A(o}W98Jn>3ni+mQr{NluuZl5
zD8>%<=ttHRaf8Y&^54V)cUgNY#!7K?n_su%Xd(98!W}G9!(FafBwy-S$~AP{liU3q
oDP_~EQPkoBrsa(<$ecpg&Y-EEk^Fn6k}Uznd@3hj;zhxOUndZfg#Z8m

literal 0
HcmV?d00001

diff --git a/regression/exceptions/exceptions7/test.desc b/regression/exceptions/exceptions7/test.desc
new file mode 100644
index 00000000000..e138e4349ec
--- /dev/null
+++ b/regression/exceptions/exceptions7/test.desc
@@ -0,0 +1,9 @@
+CORE
+test.class
+
+^EXIT=10$
+^SIGNAL=0$
+^.*assertion at file test.java line 21 function.*: FAILURE$
+^VERIFICATION FAILED$
+--
+^warning: ignoring
diff --git a/regression/exceptions/exceptions7/test.java b/regression/exceptions/exceptions7/test.java
new file mode 100644
index 00000000000..e03be8a56fb
--- /dev/null
+++ b/regression/exceptions/exceptions7/test.java
@@ -0,0 +1,25 @@
+class A extends RuntimeException {}
+class B extends A {}
+class C extends B {}
+
+public class test {
+  public static void main (String args[]) {
+    try {
+      try {
+	C c = new C();
+	A a = new A();
+	throw a;
+      }
+      catch(C exc) {
+	assert false;
+      }
+      catch(B exc) {
+	assert false;
+      }
+    }
+    catch(A exc) {
+      assert false;
+    }
+
+  }
+}
diff --git a/regression/exceptions/exceptions8/A.class b/regression/exceptions/exceptions8/A.class
new file mode 100644
index 0000000000000000000000000000000000000000..963ae156be051ca07ea2d602053e012a3d27a7a4
GIT binary patch
literal 241
zcmXX=O;5r=5PbuswY3W2=*gpUuorF+lg8kw;Q*%hZQaP2c5B)#@o#xD@!${OM-gX{
zNoL+h-b?0i{P_hi$0WiKR{^dAj0ygd4ckY;@a{e*cu&o%CX6#SdfnHBZeLVUi8IZb
zQdPNX+3B<C*&TOM&C&%S+BSV#>SuQG(CW@UysN#6;bBCelyKv8QYrJ6Y<gq4)~nA_
ve^_n|ZZVLz+>oqP1btzNpmRpEZ_t;J0Rp-H$s}9|kN*P*5s4yPo>K82_(?21

literal 0
HcmV?d00001

diff --git a/regression/exceptions/exceptions8/B.class b/regression/exceptions/exceptions8/B.class
new file mode 100644
index 0000000000000000000000000000000000000000..47ae8f218e49b4ac942425d72a88b21c2772b518
GIT binary patch
literal 216
zcmXX<I|{;35S-1|#Aw75SgM6Kc8XvGt6-y~e~Ax#5);VBdszt<9>7D1o9M#q%+AiT
z@6YoEV1a=P9X%U;8$Q8WsZ3RCf<B%^1Y?_@B*70=CinF<mc>!TDLcb3PedAtLN)W>
zG^(>I`7{ic1ox2FMIv{qi93}ntJy`|ga-pAfda+`BWV1+DPr)3*<v+kZX9#^0Nq(=
Wu(?~UsiDK#`vu^@<%!U3Q{ERCG9oho

literal 0
HcmV?d00001

diff --git a/regression/exceptions/exceptions8/C.class b/regression/exceptions/exceptions8/C.class
new file mode 100644
index 0000000000000000000000000000000000000000..0c9779a4c2b0d3631b1a6b0ea46fd00e04361efa
GIT binary patch
literal 216
zcmXX<I}U<S5S-;Jh+;f}rCMlXr?HU4ir8rAANUfVK}g`?y{t?uJb;HXF6t(;Gdnw*
zeZ3z~01FI!nCQ9ay9f!+N)<}43Fdf`5Ui*?N<tW`LhhPNDyxG?b9RPtnTb3Rm1^g|
zY3Y-y`81A}1b<&PRVKHpjeA<wdUh695x{~?pop=-2nK&|ix|9Nc391sTgRT>K{pl#
WT<*@-G|^!l`~vXc^F-)=Q^5xrb|N<b

literal 0
HcmV?d00001

diff --git a/regression/exceptions/exceptions8/test.class b/regression/exceptions/exceptions8/test.class
new file mode 100644
index 0000000000000000000000000000000000000000..c5420fc89b8664baf2d245979e2c69379a7f97dc
GIT binary patch
literal 935
zcmZuvO>fgc5Ph3Cwd2@nJ|MJEXn<0Z6dFDX92y~#00-*AA*d4N<Ror!Nn>QYh~Lsb
z&~rheKqPwSM<L#X&<ep}ci+s;ym>RbKYo7u4qycjOxUREsF_H}xuoNUi4>|PGPs%M
zwydLWA}yD<Ox(sD9d{Lq3vLv7VeALP=&>KU-GSFvP@4)<4S(pz4;7M?>V|^W4*H(L
zwBrxG=X<+dFMKJ%3I!+Vxq}Ti^u?YywfK!6k;93-C|)JURuGW3OXRe~_CE9kw~6ge
z?DpQSyYI%il+I$iu0K>LRbD$g?t8aBaEIIVP8|Bf?Nt$@TuE*+S#!f}7ApQHki*~*
z6pTi1Floi?1bbo6d+Lkuv}juvehWF|$=c#-b2TlTL*7Cb(+V@E3YvdL^&|{~ki~^T
z$BKn}xUY~qjeODF@p>`Gb?RylIBE9O_aZ;^`X^lMKHlR6$GnNld?=d_s&X?@ok#<T
zk>_5ZRp+UArfNq}hXe@}xljFe;ta7h!DmsTWk@IVNb(k=6FjpcBwigMxmG(~OEwP2
z@g_``N{-n|{5O(m@VChK$&k~g9APh!!Qh&~EUgUDd0Zfx<D!aZIxaHn66Pm0zcNB<
z)<;OO=9KdV`qHuU5yn0;Bc$mwj}Q2X{`MS>lWdliWSexUiMU15gY6iUnxQ0{lCo@a
zjxy#cs!T!4v_x!;Eg8%#bFPX}S>DYOmB&bYGSMrz%2OJ!psnjz$hLG`%QAEEWOOUz
iSRh}>e1^3TT|0o5`~>6QHxQx}64oPmsp~WnsQdzqm68qs

literal 0
HcmV?d00001

diff --git a/regression/exceptions/exceptions8/test.desc b/regression/exceptions/exceptions8/test.desc
new file mode 100644
index 00000000000..a400cbb8d02
--- /dev/null
+++ b/regression/exceptions/exceptions8/test.desc
@@ -0,0 +1,9 @@
+CORE
+test.class
+
+^EXIT=10$
+^SIGNAL=0$
+^.*assertion at file test.java line 23 function.*: FAILURE$
+^VERIFICATION FAILED$
+--
+^warning: ignoring
diff --git a/regression/exceptions/exceptions8/test.java b/regression/exceptions/exceptions8/test.java
new file mode 100644
index 00000000000..7d6af5324b7
--- /dev/null
+++ b/regression/exceptions/exceptions8/test.java
@@ -0,0 +1,29 @@
+class A extends RuntimeException {}
+class B extends A {}
+class C extends B {}
+
+public class test {
+  static void foo() {
+    try {
+      B b = new B();
+      throw b;
+    }
+    catch(C exc) {
+      int i=0;
+    }
+  }
+  
+  public static void main (String args[]) {
+    try {
+      A a = new A();
+      foo();
+      throw a;
+    }
+    catch(B exc) {
+      assert false;
+    }
+    catch(A exc) {
+      assert false;
+    }
+  }
+}
diff --git a/regression/exceptions/exceptions9/A.class b/regression/exceptions/exceptions9/A.class
new file mode 100644
index 0000000000000000000000000000000000000000..ad46eafd1d9234e74590cd579aff0f7eb17f9bfd
GIT binary patch
literal 276
zcmXYrK}*9x5QX2QYh%`EYxU&GqxN7g9t4X}N((~ppwjy`F1nI#B;AOA%Yz6W`UCt?
z#h2Q{%$xaU9y7n|pA~>h9BU|a6SQy`qZi{yAdYb>Xb+ut;YQFpJD&;ExO}pLPUgJ5
zs~2-yJ(_tz(#y)+6f;w~rr$ypUfhz_Y;-Nq4`p5DcIuk-B-mxRcs1`PMU34PJ81LZ
zNO01?L1Fy!;J)_3E$rkYw{O9f9;f_J@nd1ou&wAPN!VQ>+RSwS8`4)_h(1XpXl6}q
ToQk@~D*fN2?r-=3bA-+x##1h8

literal 0
HcmV?d00001

diff --git a/regression/exceptions/exceptions9/B.class b/regression/exceptions/exceptions9/B.class
new file mode 100644
index 0000000000000000000000000000000000000000..3af09687e1afeb9c7dd88272ec5fde0e48c3b12d
GIT binary patch
literal 216
zcmXX<I|{;35S-1|#Aw75SgM6Kc8XvGt6-y~e~Ax#5);VBdszt<9>7D18_mM(%+AiT
z@6YoEV1a=P9X%U;8$Q8WsZ3RCf<B%^1Y?_@B*70=CinF<mc>!TDLcb3PedAtLN#-1
z8r4~qd>RHzf_up8B9S}Q#GOi()$Af}!h->mKmlWe5j6hZ6ft<iY_Xa%H;y@dfbJ|b
V*xaqZi4JS8)ec;q2;E=G`vMq=A~pa3

literal 0
HcmV?d00001

diff --git a/regression/exceptions/exceptions9/C.class b/regression/exceptions/exceptions9/C.class
new file mode 100644
index 0000000000000000000000000000000000000000..0c9779a4c2b0d3631b1a6b0ea46fd00e04361efa
GIT binary patch
literal 216
zcmXX<I}U<S5S-;Jh+;f}rCMlXr?HU4ir8rAANUfVK}g`?y{t?uJb;HXF6t(;Gdnw*
zeZ3z~01FI!nCQ9ay9f!+N)<}43Fdf`5Ui*?N<tW`LhhPNDyxG?b9RPtnTb3Rm1^g|
zY3Y-y`81A}1b<&PRVKHpjeA<wdUh695x{~?pop=-2nK&|ix|9Nc391sTgRT>K{pl#
WT<*@-G|^!l`~vXc^F-)=Q^5xrb|N<b

literal 0
HcmV?d00001

diff --git a/regression/exceptions/exceptions9/test.class b/regression/exceptions/exceptions9/test.class
new file mode 100644
index 0000000000000000000000000000000000000000..42f38bdf8b411bc40f4fb15444a6d085cda2a375
GIT binary patch
literal 976
zcmZuwO-~b16g_V`?M#PhDXrF0Q9k6OElNf4D-a`~CQYiwU@+op+KzRgbj-|P{28v<
zxMZOl)QFKp_Wmg2d5=O(bTRMUkMqtw_ukB}-#>l=Sil_%DO3#1TF~TuIf(&WNkYe*
zfvN=q6^oIpNv0W@w{Q*D4J-)cCY>;JgUIu{;e9W38XdPKAT|UNOJ3KD?h3?8<#hpl
z)o-~1gLSX#KHk}GxWO|C7Rc89rqfw>0#EwApdP*ULUPn2H;fj^@yhqfQL2?|WOo>-
zFEcC}wA^=1>90tCiyslGwa961J#yYCI`+f2+m6>2$d_K$H=Vamwc~W#)wL+_y6r`!
z&k5SBnEOwfa}h9?nw?%l)|$T)G~I`ul%JFe=Om?#42D>Lncs?yGzM+lz^Fi>UvT+k
zSPz204{V%6fzl*}ftxmN;kH1g4}a3wbej?RJWj43UhQz`?4{*~Uf{M)N!fL@!vrV3
zfpIP@#qEkrL299;gX9?EnWb0dEqKQ(2N3%-G~{?DRM5m3+V(L3XOX98O0|s0#~+E-
zc+VGikvfF-;(!~NJ?dNa&xr3LH~SR{{R0LLVGv>->7Nv3fkZlDs^A2PL9IH~%BiJU
zAkR#J<%W4yQB-0oMA$4kOrO2eI<Kr@+9SB2c;|5uqhuT7XCjua85qwai3wa{UJ8HT
z6J9=%nn`>|^7$T$eZ|(_iuV<9nq$*?f{UDyEMaoQX-qRSN$M$-Fr$Qy5oZ!}EL1i#
zqJ#ovBB#__@R!n_8ko)#I&->{1yu|f$_{*ky$eI%gC6^W_`mxZBTpQfeNS$&L`OsU
E51X%=N&o-=

literal 0
HcmV?d00001

diff --git a/regression/exceptions/exceptions9/test.desc b/regression/exceptions/exceptions9/test.desc
new file mode 100644
index 00000000000..dc5ca4fa5cb
--- /dev/null
+++ b/regression/exceptions/exceptions9/test.desc
@@ -0,0 +1,8 @@
+CORE
+test.class
+
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION SUCCESSFUL$
+--
+^warning: ignoring
diff --git a/regression/exceptions/exceptions9/test.java b/regression/exceptions/exceptions9/test.java
new file mode 100644
index 00000000000..53f7838fd03
--- /dev/null
+++ b/regression/exceptions/exceptions9/test.java
@@ -0,0 +1,39 @@
+class A extends RuntimeException {
+  int i=1;
+};
+
+class B extends A {
+};
+
+public class test {
+  static int foo(int k) {
+    try {
+      if(k==0)
+      {
+	A a = new A();
+	throw a;
+      }
+      else
+      {
+	A b = new A();
+	throw b;
+      }
+	
+    }
+    catch(B exc) {
+      assert exc.i==1;
+    }
+    return 1;
+  }
+
+  
+  public static void main (String args[]) {
+    try {
+      A a = new A();
+      foo(6);
+    }
+    catch(A exc) {
+      assert exc.i==1;
+    }
+  }
+}

From a07691896f8640a0b12cf24c75157720ab0d7d4f Mon Sep 17 00:00:00 2001
From: Cristina <cristina.david@gmail.com>
Date: Wed, 8 Feb 2017 17:26:27 +0000
Subject: [PATCH 103/699]     Recreate the try-catch structure from the
 exception table

    - Adjust the working set conversion algorithm from bytecode to codet to also handler exception handlers.
    - Use CATCH-PUSH and CATCH-POP expressions to recreate the try-catch blocks.
---
 .../java_bytecode_convert_method.cpp          | 225 ++++++++++++++++--
 .../java_bytecode_convert_method_class.h      |   1 +
 2 files changed, 201 insertions(+), 25 deletions(-)

diff --git a/src/java_bytecode/java_bytecode_convert_method.cpp b/src/java_bytecode/java_bytecode_convert_method.cpp
index 3ce43acff02..6f816424354 100644
--- a/src/java_bytecode/java_bytecode_convert_method.cpp
+++ b/src/java_bytecode/java_bytecode_convert_method.cpp
@@ -157,6 +157,13 @@ exprt::operandst java_bytecode_convert_methodt::pop(std::size_t n)
   return operands;
 }
 
+void java_bytecode_convert_methodt::pop_residue(std::size_t n)
+{
+  std::size_t residue_size=n<=stack.size()?n:stack.size();
+
+  stack.resize(stack.size()-residue_size);
+}
+
 void java_bytecode_convert_methodt::push(const exprt::operandst &o)
 {
   stack.resize(stack.size()+o.size());
@@ -218,7 +225,6 @@ const exprt java_bytecode_convert_methodt::variable(
     symbol_exprt result(identifier, t);
     result.set(ID_C_base_name, base_name);
     used_local_names.insert(result);
-
     return result;
   }
   else
@@ -952,6 +958,24 @@ codet java_bytecode_convert_methodt::convert_instructions(
         a_entry.first->second.successors.push_back(next->address);
     }
 
+    if(i_it->statement=="athrow" ||
+       i_it->statement=="invokestatic" ||
+       i_it->statement=="invokevirtual")
+    {
+      // find the corresponding try-catch blocks and add the handlers
+      // to the targets
+      for(std::size_t e=0; e<method.exception_table.size(); e++)
+      {
+        if(i_it->address>=method.exception_table[e].start_pc &&
+           i_it->address<method.exception_table[e].end_pc)
+        {
+          a_entry.first->second.successors.push_back(
+            method.exception_table[e].handler_pc);
+          targets.insert(method.exception_table[e].handler_pc);
+        }
+      }
+    }
+
     if(i_it->statement=="goto" ||
        i_it->statement==patternt("if_?cmp??") ||
        i_it->statement==patternt("if??") ||
@@ -1029,7 +1053,6 @@ codet java_bytecode_convert_methodt::convert_instructions(
   setup_local_variables(method, address_map);
 
   std::set<unsigned> working_set;
-  bool assertion_failure=false;
 
   if(!instructions.empty())
     working_set.insert(instructions.front().address);
@@ -1039,6 +1062,7 @@ codet java_bytecode_convert_methodt::convert_instructions(
     std::set<unsigned>::iterator cur=working_set.begin();
     address_mapt::iterator a_it=address_map.find(*cur);
     assert(a_it!=address_map.end());
+    unsigned cur_pc=*cur;
     working_set.erase(cur);
 
     if(a_it->second.done)
@@ -1075,6 +1099,46 @@ codet java_bytecode_convert_methodt::convert_instructions(
       statement=std::string(id2string(statement), 0, statement.size()-2);
     }
 
+    // we throw away the first statement in an exception handler
+    // as we don't know if a function call had a normal or exceptional return
+    size_t e;
+    for(e=0; e<method.exception_table.size(); ++e)
+    {
+      if(cur_pc==method.exception_table[e].handler_pc)
+      {
+        exprt exc_var=variable(
+          arg0, statement[0],
+          i_it->address,
+          false);
+
+        // throw away the operands
+        pop_residue(bytecode_info.pop);
+
+        // add a CATCH-PUSH signaling a handler
+        side_effect_expr_catcht catch_handler_expr;
+        // pack the exception variable so that it can be used
+        // later for instrumentation
+        catch_handler_expr.set(ID_handler, exc_var);
+        codet catch_handler=code_expressiont(catch_handler_expr);
+
+        code_labelt newlabel(label(i2string(cur_pc)), code_blockt());
+        code_blockt label_block=to_code_block(newlabel.code());
+        code_blockt handler_block;
+        handler_block.move_to_operands(c);
+        handler_block.move_to_operands(catch_handler);
+        handler_block.move_to_operands(label_block);
+        c=handler_block;
+
+        break;
+      }
+    }
+
+    if(e<method.exception_table.size())
+    {
+      // go straight to the next statement
+      continue;
+    }
+
     exprt::operandst op=pop(bytecode_info.pop);
     exprt::operandst results;
     results.resize(bytecode_info.push, nil_exprt());
@@ -1087,21 +1151,11 @@ codet java_bytecode_convert_methodt::convert_instructions(
     else if(statement=="athrow")
     {
       assert(op.size()==1 && results.size()==1);
-      if(!assertion_failure)
-      {
-        side_effect_expr_throwt throw_expr;
-        throw_expr.add_source_location()=i_it->source_location;
-        throw_expr.copy_to_operands(op[0]);
-        c=code_expressiont(throw_expr);
-        results[0]=op[0];
-      }
-      else
-      {
-        // TODO: this can be removed once we properly handle throw
-        // if this athrow is generated by an assertion, then skip it
-        c=code_skipt();
-        assertion_failure=false;
-      }
+      side_effect_expr_throwt throw_expr;
+      throw_expr.add_source_location()=i_it->source_location;
+      throw_expr.copy_to_operands(op[0]);
+      c=code_expressiont(throw_expr);
+      results[0]=op[0];
     }
     else if(statement=="checkcast")
     {
@@ -1167,14 +1221,7 @@ codet java_bytecode_convert_methodt::convert_instructions(
             statement=="invokevirtual" ||
             statement=="invokestatic")
     {
-      // Remember that this is triggered by an assertion
-      if(statement=="invokespecial" &&
-         id2string(arg0.get(ID_identifier))
-         .find("AssertionError")!=std::string::npos)
-      {
-        assertion_failure=true;
-      }
-      const bool use_this(statement!="invokestatic");
+      const bool use_this(statement != "invokestatic");
       const bool is_virtual(
         statement=="invokevirtual" || statement=="invokeinterface");
 
@@ -2107,6 +2154,134 @@ codet java_bytecode_convert_methodt::convert_instructions(
       c.operands()=op;
     }
 
+    // next we do the exception handling
+    std::vector<irep_idt> exception_ids;
+    std::vector<irep_idt> handler_labels;
+
+    // add the CATCH-PUSH instruction(s)
+    // be aware of different try-catch blocks with the same starting pc
+    std::size_t pos=0;
+    int end_pc=-1;
+    while(pos<method.exception_table.size())
+    {
+      // check if this is the beginning of a try block
+      for(; pos<method.exception_table.size(); ++pos)
+      {
+        // unexplored try-catch?
+        if(cur_pc==method.exception_table[pos].start_pc && end_pc==-1)
+          end_pc=method.exception_table[pos].end_pc;
+
+	// currently explored try-catch?
+        if(cur_pc==method.exception_table[pos].start_pc &&
+           method.exception_table[pos].end_pc==end_pc)
+        {
+          exception_ids.push_back(
+            method.exception_table[pos].
+            catch_type.get_identifier());
+          // record the exception handler in the CATCH-PUSH
+          // instruction by generating a label corresponding to
+          // the handler's pc
+          handler_labels.push_back(
+            label(i2string(method.exception_table[pos].handler_pc)));
+        }
+        else
+          break;
+      }
+
+      // add the actual PUSH-CATCH instruction
+      if(!exception_ids.empty())
+      {
+        // add the exception ids
+        side_effect_expr_catcht catch_push_expr;
+        irept result(ID_exception_list);
+        result.get_sub().resize(exception_ids.size());
+        for(size_t i=0; i<exception_ids.size(); ++i)
+          result.get_sub()[i].id(exception_ids[i]);
+        catch_push_expr.set(ID_exception_list, result);
+
+        // add the labels corresponding to the handlers
+        irept labels(ID_label);
+        labels.get_sub().resize(handler_labels.size());
+        for(size_t i=0; i<handler_labels.size(); ++i)
+          labels.get_sub()[i].id(handler_labels[i]);
+        catch_push_expr.set(ID_label, labels);
+
+        code_blockt try_block;
+        codet catch_push=code_expressiont(catch_push_expr);
+        try_block.move_to_operands(catch_push);
+        try_block.move_to_operands(c);
+        c=try_block;
+      }
+      else
+      {
+        // advance
+        ++pos;
+      }
+
+      // reset
+      end_pc=-1;
+      exception_ids.clear();
+      handler_labels.clear();
+    }
+
+    // next add the CATCH-POP instructions
+    int start_pc=-1;
+    // check if this is the end of a try block
+    for(std::size_t e=0; e<method.exception_table.size(); e++)
+    {
+      // add the CATCH-POP before the end of the try block
+      if(cur_pc<method.exception_table[e].end_pc &&
+        !working_set.empty() &&
+        *working_set.begin()==method.exception_table[e].end_pc)
+      {
+        // have we already added a CATCH-POP for the current try-catch?
+        // (each row corresponds to a handler)
+        if(method.exception_table[e].start_pc!=start_pc)
+        {
+          // remember the beginning of the try-catch so that we don't add
+          // another CATCH-POP for the same try-catch
+          start_pc=method.exception_table[e].start_pc;
+          // add CATCH_POP instruction
+          side_effect_expr_catcht catch_pop_expr;
+          code_blockt end_try_block;
+          codet catch_pop=code_expressiont(catch_pop_expr);
+          catch_pop.set(ID_exception_list, get_nil_irep());
+          catch_pop.set(ID_label, get_nil_irep());
+          end_try_block.move_to_operands(c);
+          end_try_block.move_to_operands(catch_pop);
+          c=end_try_block;
+        }
+      }
+    }
+
+    for(std::size_t e=0; e<method.exception_table.size(); e++)
+    {
+      if(cur_pc==method.exception_table[e].handler_pc)
+      {
+        // add a CATCH-PUSH signaling a handler (by using ID_handler)
+        // this will serve to signal the beginning of a handler
+        side_effect_expr_catcht catch_handler_expr;
+        irept exc_handler(ID_handler);
+        exc_handler.get_sub().resize(1);
+        exc_handler.get_sub()[0].id(
+          method.exception_table[e].catch_type.get_identifier());
+        catch_handler_expr.set(ID_handler, exc_handler);
+        codet catch_handler=code_expressiont(catch_handler_expr);
+
+        // create labels for the handlers that match those used
+        // in CATCH-PUSH above
+        code_labelt newlabel(label(i2string(cur_pc)), code_blockt());
+        code_blockt label_block=to_code_block(newlabel.code());
+        code_blockt handler_block;
+        handler_block.move_to_operands(c);
+        handler_block.move_to_operands(catch_handler);
+        handler_block.move_to_operands(label_block);
+
+        c=handler_block;
+        break;
+      }
+    }
+
     if(!i_it->source_location.get_line().empty())
       c.add_source_location()=i_it->source_location;
 
diff --git a/src/java_bytecode/java_bytecode_convert_method_class.h b/src/java_bytecode/java_bytecode_convert_method_class.h
index 6844e337f22..263d0c68810 100644
--- a/src/java_bytecode/java_bytecode_convert_method_class.h
+++ b/src/java_bytecode/java_bytecode_convert_method_class.h
@@ -141,6 +141,7 @@ class java_bytecode_convert_methodt:public messaget
 
   exprt::operandst pop(std::size_t n);
 
+  void pop_residue(std::size_t n);
   void push(const exprt::operandst &o);
 
   bool is_constructor(const class_typet::methodt &method);

From 33c8e3714b9a5efbdc231e71b8c4e5f49f4cc4ed Mon Sep 17 00:00:00 2001
From: Cristina <cristina.david@gmail.com>
Date: Wed, 14 Dec 2016 15:24:53 +0000
Subject: [PATCH 104/699] Remove throw/try-catch and add the required
 instrumentation

For each function f we record its exceptional return value as variable f#exception_value and each throw/function call is instrumented with assignments involving these variables.
Then, the dynamic dispatch of exception handlers is done by using instanceof over such variables.
---
 regression/exceptions/exceptions1/test.desc   |   2 +-
 .../exceptions/exceptions15/InetAddress.class | Bin 0 -> 251 bytes
 .../exceptions15/InetSocketAddress.class      | Bin 0 -> 263 bytes
 regression/exceptions/exceptions15/test.class | Bin 0 -> 1006 bytes
 regression/exceptions/exceptions15/test.desc  |   8 +
 regression/exceptions/exceptions15/test.java  |  20 +
 regression/exceptions/exceptions2/test.desc   |   2 +-
 regression/exceptions/exceptions4/test.class  | Bin 743 -> 914 bytes
 regression/exceptions/exceptions4/test.java   |   2 +
 regression/exceptions/exceptions5/test.class  | Bin 997 -> 1198 bytes
 regression/exceptions/exceptions5/test.java   |  45 +-
 src/cbmc/cbmc_parse_options.cpp               |   3 +
 .../goto_analyzer_parse_options.cpp           |   3 +
 .../goto_instrument_parse_options.cpp         |   3 +
 src/goto-programs/Makefile                    |   4 +-
 src/goto-programs/goto_convert.cpp            |  80 +++
 src/goto-programs/goto_convert_class.h        |   4 +
 src/goto-programs/goto_convert_exceptions.cpp |  67 ++
 .../goto_convert_side_effect.cpp              |  25 +
 src/goto-programs/remove_exceptions.cpp       | 586 ++++++++++++++++++
 src/goto-programs/remove_exceptions.h         |  24 +
 .../java_bytecode_convert_method.cpp          | 132 ++--
 src/symex/symex_parse_options.cpp             |   4 +
 src/util/irep_ids.txt                         |   1 -
 src/util/std_code.h                           |   1 -
 25 files changed, 936 insertions(+), 80 deletions(-)
 create mode 100644 regression/exceptions/exceptions15/InetAddress.class
 create mode 100644 regression/exceptions/exceptions15/InetSocketAddress.class
 create mode 100644 regression/exceptions/exceptions15/test.class
 create mode 100644 regression/exceptions/exceptions15/test.desc
 create mode 100644 regression/exceptions/exceptions15/test.java
 create mode 100644 src/goto-programs/remove_exceptions.cpp
 create mode 100644 src/goto-programs/remove_exceptions.h

diff --git a/regression/exceptions/exceptions1/test.desc b/regression/exceptions/exceptions1/test.desc
index baf72e7da81..7c6146907d0 100644
--- a/regression/exceptions/exceptions1/test.desc
+++ b/regression/exceptions/exceptions1/test.desc
@@ -4,7 +4,7 @@ test.class
 ^EXIT=10$
 ^SIGNAL=0$
 ^.*assertion at file test.java line 26 function.*: FAILURE$
-\*\* 1 of 35 failed (2 iterations)$
+\*\* 1 of 4 failed (2 iterations)$
 ^VERIFICATION FAILED$
 --
 ^warning: ignoring
diff --git a/regression/exceptions/exceptions15/InetAddress.class b/regression/exceptions/exceptions15/InetAddress.class
new file mode 100644
index 0000000000000000000000000000000000000000..3229324e624dde300b6b541750ba938c64539274
GIT binary patch
literal 251
zcmYjL%L>9k44i0fwbloIfk*XVFWwYE1VJczP`q#3MOSJI?dpGd5<K_;ew3J14+fH%
zOeQ4H*Zl!tgtm(^8V;HcS_FHdQl+Paa<9K5So18FgjS$ZxjLUhnQujyu+j;#NF+Ov
zE7Si(OCMB0Xavht>RBA;vM9y`caxp-NG_CFtZ7;3;Za<K2MZNK{m)Ejn~9%@bnmaj
uql`4VDDi_Ph?7?sZDu~BQ7VHQ=*px7hpYV&303Ca*MJ&a?)cQl<-Gw~FfcU$

literal 0
HcmV?d00001

diff --git a/regression/exceptions/exceptions15/InetSocketAddress.class b/regression/exceptions/exceptions15/InetSocketAddress.class
new file mode 100644
index 0000000000000000000000000000000000000000..1303bb9a0a9bda3fb689f6ef0f9fb77279a209ab
GIT binary patch
literal 263
zcmZWjO>4qX5S)!MscHOZ`v-bd56#7!QV>B9f*vg1Uy?<i#sre5|Es4$5B`AusNz1`
zn+v-$J39mW^ZR`PFhVat18pB2A6<es(S<heghqd`A-J<LV?sC91usv>gsTsg<f1&s
zWvcRxs<hqzMc3?fO?ZhH1)Fu59@tE?tm3*J6M}Vls#2b78*dq|&D&m`RR|YN!qZ)Z
z(6jd_SH(73C3{W{Ug5~Iwn$onf}XHQ&??R07wA)n17D_h6CFGV5C05kA&`ymcyonU
DZ2mPA

literal 0
HcmV?d00001

diff --git a/regression/exceptions/exceptions15/test.class b/regression/exceptions/exceptions15/test.class
new file mode 100644
index 0000000000000000000000000000000000000000..b3f0d2daa477462fe0f0f7d55d16e192c1f191fc
GIT binary patch
literal 1006
zcmZWnT~8B16g{(Dy6v(QC{j_2iXuW$>IcyWh>;*9Bn6Ea5_wy;6I@t#$?TN)8~h3U
z0bWHDNHo!Rf0Xe|S=)kXI(O#YbI+N3W`F<r{u97F=3Vq-s(|}0ikLRbjDuQ{an`{D
z7Y?QzJajRKx`RgoBa?obN~OajPG5zozZ1!(fY=tuFNSfbUkK!;XSM|F<)kSE1{+~4
zH(DQeq<Uw-0_8>$_|cZHLUYcNw*C;N<Y;J_>IJq%NwVKMc%#)@86=7l6Vr{gSn8!_
zQ^_=4m}%_!hkiZs<K6nER$;u$F2_Hw3JhETv!djoR4L`Fmw9?w1&UhvaT@uW(BX^F
zH8YlAezZq><x?OJj2n~}A^&R>-_(AvzwRHjhohYWg~cGs>~S}fmI~x*Xv`>@dFRY1
z9!eObd8<j{;To=c7)6DCcgO5VdGIhGFxD+C{d<!Yr4mK+4XuO69-iQ-z)%<YdS_1t
zng(}M%MqVcpwg6SsARLl#VK@)1-|DtCiq44^NSHfV@933J_vJVu0uT48HLH#&LB>>
zu`tXv-%i>nbMKu4FoG*Q(MD9bn&#(>7Gth#ePQTr&9_@C=jE)GKwQNbn}l&HBYBpQ
zShJTo+#U|A!(nweZlIcRd?vHa8;sX#v!}?N!rnMWdE+bcN9g|n=lvN9zfK4ST$<2F
zxS6uT9cYCS8sJ1FW~&r3Q`bmX;%^)`i6(XD0^`{QOzswLbHoYO9a!rQ?vzl#-HyBS
jZAoCbTs(z)1jjyxo%@FT|4ti@K3LvM<IW@x7ViB80VA*U

literal 0
HcmV?d00001

diff --git a/regression/exceptions/exceptions15/test.desc b/regression/exceptions/exceptions15/test.desc
new file mode 100644
index 00000000000..f2414f96a67
--- /dev/null
+++ b/regression/exceptions/exceptions15/test.desc
@@ -0,0 +1,8 @@
+CORE
+test.class
+--function test.translate
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION SUCCESSFUL$
+--
+^warning: ignoring
diff --git a/regression/exceptions/exceptions15/test.java b/regression/exceptions/exceptions15/test.java
new file mode 100644
index 00000000000..057d3223a63
--- /dev/null
+++ b/regression/exceptions/exceptions15/test.java
@@ -0,0 +1,20 @@
+class InetAddress {}
+class InetSocketAddress {}
+
+public class test {
+  public String lookupPtrRecord(InetAddress address) {
+    return "Foo";
+  }
+
+  public InetAddress reverse(InetAddress address) {
+    return address;
+  }
+
+  public void translate(InetAddress address, int i) {
+    try {
+      String domainName = lookupPtrRecord(reverse(address));
+    } catch (Exception e) {
+      assert false;
+    }
+  }
+}
diff --git a/regression/exceptions/exceptions2/test.desc b/regression/exceptions/exceptions2/test.desc
index eb7fa309bea..179b234c875 100644
--- a/regression/exceptions/exceptions2/test.desc
+++ b/regression/exceptions/exceptions2/test.desc
@@ -4,7 +4,7 @@ test.class
 ^EXIT=10$
 ^SIGNAL=0$
 ^.*assertion at file test.java line 15 function.*: FAILURE$
-^\*\* 1 of 20 failed (2 iterations)$
+^\*\* 1 of 2 failed (2 iterations)$
 ^VERIFICATION FAILED$
 --
 ^warning: ignoring
diff --git a/regression/exceptions/exceptions4/test.class b/regression/exceptions/exceptions4/test.class
index e7ffa43cd87dfaf11bac4517d8d90e5096a49e33..0718c0cd81c7a53a2d2ffeb256272ad9f18a29ed 100644
GIT binary patch
literal 914
zcmZuvTTc@~7(LUL?xhR8*@}t^+LltJ^@3L#Bdz*i>LsZm5udj0q%O9*WOr-yukZ(W
z1`{xn$h$wvc%~qP$WC_VyMO09Gr#}*`~_ecbrVx4X_z+=QD@n}0xCMnCKhqafQ2Ou
zRTBnEI_5RhOx(sD4R-~y1v?0&A3B~JJa+=SGmt$2u`Up=JFXKx6^ND>)&ycruO|hP
zEytB_M#GNu->YDOOv~%qgEiZClzwcCg`b>&HCmwz!WCu@ZO0YJmp`^P>@Rk0V7vWV
zJM<m5zoM#(4*RqkjEu^!T_rbFmhJahC3{Yiz+^kLyPsd%o8y)on)3_j_3q#px7qea
zepkM96iPz@sjA)<(#Wu5gMU-QJ&Oe1*YLo?Lp-vOL`q=#6y)kZdS3Xx=M$4Eq~WoJ
zCm_VsY2@3^hU|uCOzm$$D2E)!8_|(Fn%(hg?>KnK@ufXvjqJF_S+jt)se%S%EmuCD
zwB%{;=785oetR--eAznzO^(759lXPJ%<&;i@xh4Hv>KCA6hg7VJxi^|Q}CRq>_hBO
zh~NVE_>mDg%GR-*$3<!erg4cDmHdOz5uVipL_X~E0v8WkyO_wt_n_@U-$LR51|8<%
zHmtEHLC?-O$ApO(b4?VeN5@@DtPbd02JHzhi+v_JM4C}a6gj{Wp(|7sX6wwnj4MQw
zKpr!=N~uWe%-BX;xQ6SDo#k&K_DaKCzM<iU>TvUff@Nl@FP*XWFu4USwvAZyJM{nQ
Rm}S@mBGxlST7gOg#lQE)sVM*e

delta 439
zcmZWlOG*Pl6s(?K&(AoCzeFcv)G=zJ1|$av<4yu@bvcR%L0pO3oIwX%<N{eo!GHm?
z7w_RMg4Lt0r0MrwRad{?qx>?DK4x$40NOZo;bK!_%Y~+V?7+shMBRm@@Q#aJ>`62p
zl20S1E-Q(8Fo%MGNO+HZc<{3`5m%Z%_HiH(^wRsZb(7v+w@xp5SC@C$Otkwp>i{As
zD?K9}0!%|YPt>9p^k!oWF=C)0ptXKT6dC)!aS01V4i>RQMty#wTBDC9(9XxuyUl6$
z8Rh`q1QrQ79ine^N4ZGNYf$VWB-ZmX5hNL#$06_K9afk+WPepERQVdUHh(N*g=Iay
zlu^lBim-|`Dnec##)(9=kVr%-<NDu(9qw8U2oy{9E1UtOF@&MN!2Cb1%49<GJ8CI4
H0u3AAY<?=8

diff --git a/regression/exceptions/exceptions4/test.java b/regression/exceptions/exceptions4/test.java
index 478673da2ab..8a144925f9f 100644
--- a/regression/exceptions/exceptions4/test.java
+++ b/regression/exceptions/exceptions4/test.java
@@ -9,9 +9,11 @@ public static void main (String args[]) {
       throw b;
     }
     catch(C exc) {
+      System.out.println("C");
       assert false;
     }
     catch(B exc) {
+      System.out.println("B");
     }
   }
 }
diff --git a/regression/exceptions/exceptions5/test.class b/regression/exceptions/exceptions5/test.class
index 1b251e32471f5d7fe325eac698256834648f5e0a..7873fdd3ad4e09071cf4b927930a66da0e2f7dfb 100644
GIT binary patch
literal 1198
zcmZuw+fEZv6kVsCcBaE%OMzOvqksjKih^7P+5%oEXo4XD;bB@v80>}2OhKRI6MW_e
zcm@+lY$ES|lyRK_Aw)8nv)4ZRa`s;PoZo+b{sPdCIUTJSQ1L=XK*~WKij+e-!cq?F
z&@d3e2u3yOG=`TEG-F)FgpO+%&@iZBNW-v-NgWwvRpbPkJ51NL9M7&++$q~N3ngn!
zKr9P{$LxyjjSB=*-HQTBuDWIkMDupVny-}$mh(Y63&iu)qFGur9b4*Wn~Jw#yUdaI
zEY}-lblJ2k0*Tbe{HD2Wrb}jJJ-y&Lc4d83W*0m(n4hAjC`y!*s31{RB2%J_L_9EP
zeUUz<v(ECb$S2Ua;F-nGbLN&`4JjjAB#ImfXk*3FS!4P_wdNG98C$jyk(Kt!;tV9w
z#-pbAlOd7ipHVSoU>Y+jUKx0eHwF^8E|9$FCi9QSX~(HLY*{8$@z%gB@&d67&v%7Q
ztLR<YTKMXER+(K@Yc#Z;l4MuY@5zuyo-DJ>?wkD_m$wDfE$LJuy{)OM*^OSDohxzP
z9K@RC+K#n$UNjl=YBX@z%V_7lY2~F8v7~I1C<yk7Hm*0Qr6~nvsOK2sfFOXIT*LmR
zf?LGKsRM4~4z&pG;vRPxEWXn_%)Q+@0!zo7YaI$@Xs(Vhr8-}SMj07V+LVz{Tj(Tz
z2tD3#1mh5mduXWR8qLv@eN6h6*cFy8-_mr2#qce0S`PSpfE2%gFSBR*ieFs{+k8$z
zzpq7~43)Zu7<)-VCq)hDWS1#Et!_loN6Q2|&mxW->6=9hmZ-0gz*SOcG0LUBO%8UL
z^&6RyJbhv=joh^3KKY5!>j64gQIfb5U96xTDjxD2g?f-@r4ZtpK#w1h^HB$5SAEn)
zw8M-&^phjn#UnhXe8N8gZ9_$Gf-gTUm#1>+lU+SKA8o%M1vJH*kI=FQRoRCU{DH>*
S$1GEZ5HKd?Wq3{{fd0S!tketu

delta 581
zcmZXRO-~b16o#LfX*=!hv=q=<M6n<rMbM&DkrorF1VU1DXF@=1H3UKoE5g>DdonxX
zo}CGjK!S<x{R!@k|HAOzt1gI{oX`87bKZ02Q|4#5^!@kwSD?ldLl@PMDT8nAeM7?9
z2Zofj(}pzF3^{5c4-HwHd}Ns6ameh!t6yeHMZyajKlesUJ@k5b3zBD&rer>%KzIDn
z8}6$|G??=!>~!`!)pwoUt?G+6JDYF!;-+8g&xs0ng_6a~3-C}o=_~PpU!1<GTuKq5
zSd@;OpX3@PMH%|IZn0|dQp=>2YsWwQ$@U@HFJxEGh`t?BX?@0A$`t?0BwEKB0Tq3|
zv-Q7m%eAerp{oQ~LW^4MLooP$MkMN@-4Nwv`7IGy5n@gLhA6%kJxh9BMAMY%=Z44@
z^m>y4O|eVgQa)giP%@;6BZ_XzOEONLVOP;`-hgUXoL6>7XzvO<s`g`&BI)grO1>E~
zZq*&DCeYZ)Ki3qd=E|VECwEHzkT7vXA~?Yu>(O_c{X4a7nZ%Et>R)o#J>R<k6EQ&o

diff --git a/regression/exceptions/exceptions5/test.java b/regression/exceptions/exceptions5/test.java
index e539f06df1e..6ba7b653b89 100644
--- a/regression/exceptions/exceptions5/test.java
+++ b/regression/exceptions/exceptions5/test.java
@@ -2,26 +2,29 @@ class A extends Throwable {}
 class B extends A {}
 class C extends B {}
 class D extends C {}public class test {
- public static void main (String arg[]) {
-   try {
-     D d = new D();
-     C c = new C();
-     B b = new B();
-     A a = new A();
-     A e = a;
-     throw e;
-   }
-   catch(D exc) {
-     assert false;
-   }
-   catch(C exc) {
-     assert false;
-   }
-   catch(B exc) {
-     assert false;
-   }
-   catch(A exc) {
-   }  
+  public static void main (String arg[]) {
+    try {
+      D d = new D();
+      C c = new C();
+      B b = new B();
+      A a = new A();
+      A e = a;
+      throw e;
+    }
+    catch(D exc) {
+      System.out.println("D");
+      assert false;
+    }
+    catch(C exc) {
+      System.out.println("C");
+      assert false;
+    }
+    catch(B exc) {
+      System.out.println("B");
+      assert false;
+    }
+    catch(A exc) {
+      System.out.println("A");
+    }
   }
 }
-
diff --git a/src/cbmc/cbmc_parse_options.cpp b/src/cbmc/cbmc_parse_options.cpp
index 842b0b26f70..6eb044257c6 100644
--- a/src/cbmc/cbmc_parse_options.cpp
+++ b/src/cbmc/cbmc_parse_options.cpp
@@ -24,6 +24,7 @@ Author: Daniel Kroening, kroening@kroening.com
 #include <goto-programs/remove_virtual_functions.h>
 #include <goto-programs/remove_instanceof.h>
 #include <goto-programs/remove_returns.h>
+#include <goto-programs/remove_exceptions.h>
 #include <goto-programs/remove_vector.h>
 #include <goto-programs/remove_complex.h>
 #include <goto-programs/remove_asm.h>
@@ -894,6 +895,8 @@ bool cbmc_parse_optionst::process_goto_program(
       cmdline.isset("pointer-check"));
     // Java virtual functions -> explicit dispatch tables:
     remove_virtual_functions(symbol_table, goto_functions);
+    // remove catch and throw
+    remove_exceptions(symbol_table, goto_functions);
     // Similar removal of RTTI inspection:
     remove_instanceof(symbol_table, goto_functions);
 
diff --git a/src/goto-analyzer/goto_analyzer_parse_options.cpp b/src/goto-analyzer/goto_analyzer_parse_options.cpp
index 89d3d56731c..e462740c1cc 100644
--- a/src/goto-analyzer/goto_analyzer_parse_options.cpp
+++ b/src/goto-analyzer/goto_analyzer_parse_options.cpp
@@ -19,6 +19,7 @@ Author: Daniel Kroening, kroening@kroening.com
 #include <goto-programs/set_properties.h>
 #include <goto-programs/remove_function_pointers.h>
 #include <goto-programs/remove_virtual_functions.h>
+#include <goto-programs/remove_exceptions.h>
 #include <goto-programs/remove_instanceof.h>
 #include <goto-programs/remove_returns.h>
 #include <goto-programs/remove_vector.h>
@@ -387,6 +388,8 @@ bool goto_analyzer_parse_optionst::process_goto_program(
     remove_function_pointers(goto_model, cmdline.isset("pointer-check"));
     // Java virtual functions -> explicit dispatch tables:
     remove_virtual_functions(goto_model);
+    // remove Java throw and catch
+    remove_exceptions(goto_model);
     // remove rtti
     remove_instanceof(goto_model);
 
diff --git a/src/goto-instrument/goto_instrument_parse_options.cpp b/src/goto-instrument/goto_instrument_parse_options.cpp
index cce5aaad42b..0a322cf299f 100644
--- a/src/goto-instrument/goto_instrument_parse_options.cpp
+++ b/src/goto-instrument/goto_instrument_parse_options.cpp
@@ -18,6 +18,7 @@ Author: Daniel Kroening, kroening@kroening.com
 #include <goto-programs/goto_convert_functions.h>
 #include <goto-programs/remove_function_pointers.h>
 #include <goto-programs/remove_virtual_functions.h>
+#include <goto-programs/remove_exceptions.h>
 #include <goto-programs/remove_instanceof.h>
 #include <goto-programs/remove_skip.h>
 #include <goto-programs/goto_inline.h>
@@ -810,6 +811,8 @@ void goto_instrument_parse_optionst::do_indirect_call_and_rtti_removal(
     cmdline.isset("pointer-check"));
   status() << "Virtual function removal" << eom;
   remove_virtual_functions(symbol_table, goto_functions);
+  status() << "Catch and throw removal" << eom;
+  remove_exceptions(symbol_table, goto_functions);
   status() << "Java instanceof removal" << eom;
   remove_instanceof(symbol_table, goto_functions);
 }
diff --git a/src/goto-programs/Makefile b/src/goto-programs/Makefile
index 8b69282c381..1b303c759b9 100644
--- a/src/goto-programs/Makefile
+++ b/src/goto-programs/Makefile
@@ -13,8 +13,8 @@ SRC = goto_convert.cpp goto_convert_function_call.cpp \
       remove_unused_functions.cpp remove_vector.cpp \
       wp.cpp goto_clean_expr.cpp safety_checker.cpp parameter_assignments.cpp \
       compute_called_functions.cpp link_to_library.cpp \
-      remove_returns.cpp osx_fat_reader.cpp remove_complex.cpp \
-      goto_trace.cpp xml_goto_trace.cpp vcd_goto_trace.cpp \
+      remove_returns.cpp remove_exceptions.cpp osx_fat_reader.cpp \
+      remove_complex.cpp goto_trace.cpp xml_goto_trace.cpp vcd_goto_trace.cpp \
       graphml_witness.cpp remove_virtual_functions.cpp \
       class_hierarchy.cpp show_goto_functions.cpp get_goto_model.cpp \
       slice_global_inits.cpp goto_inline_class.cpp class_identifier.cpp \
diff --git a/src/goto-programs/goto_convert.cpp b/src/goto-programs/goto_convert.cpp
index a3124f3b898..58cf6666897 100644
--- a/src/goto-programs/goto_convert.cpp
+++ b/src/goto-programs/goto_convert.cpp
@@ -47,6 +47,85 @@ static bool is_empty(const goto_programt &goto_program)
 
 /*******************************************************************\
 
+Function: finish_catch_push_targets
+
+  Inputs:
+
+ Outputs:
+
+ Purpose: Populate the CATCH instructions with the targets 
+          corresponding to their associated labels
+
+\*******************************************************************/
+
+static void finish_catch_push_targets(goto_programt &dest)
+{
+  std::map<irep_idt, goto_programt::targett> label_targets;
+
+  // in the first pass collect the labels and the corresponding targets
+  Forall_goto_program_instructions(it, dest)
+  {
+    if(!it->labels.empty())
+    {
+      for(auto label : it->labels)
+        // record the label and the corresponding target
+        label_targets.insert(std::make_pair(label, it));
+    }
+  }
+
+  // in the second pass set the targets
+  Forall_goto_program_instructions(it, dest)
+  {
+    if(it->is_catch())
+    {
+      bool handler_added=true;
+      irept exceptions=it->code.find(ID_exception_list);
+
+      if(exceptions.is_nil() &&
+         it->code.has_operands())
+        exceptions=it->code.op0().find(ID_exception_list);
+
+      const irept::subt &exception_list=exceptions.get_sub();
+
+      if(!exception_list.empty())
+      {
+        // in this case we have a CATCH_PUSH
+        irept handlers=it->code.find(ID_label);
+        if(handlers.is_nil() &&
+           it->code.has_operands())
+          handlers=it->code.op0().find(ID_label);
+        const irept::subt &handler_list=handlers.get_sub();
+
+        // some handlers may not have been converted (if there was no
+        // exception to be caught); in such a situation we abort
+        for(const auto &handler : handler_list)
+        {
+          if(label_targets.find(handler.id())==label_targets.end())
+          {
+            handler_added=false;
+            break;
+          }
+        }
+
+        if(!handler_added)
+          continue;
+
+        for(const auto &handler : handler_list)
+        {
+          std::map<irep_idt,
+                   goto_programt::targett>::const_iterator handler_it=
+            label_targets.find(handler.id());
+          assert(handler_it!=label_targets.end());
+          // set the target
+          it->targets.push_back(handler_it->second);
+        }
+      }
+    }
+  }
+}
+
+/*******************************************************************	\
+
 Function: goto_convertt::finish_gotos
 
   Inputs:
@@ -302,6 +381,7 @@ void goto_convertt::goto_convert_rec(
   finish_gotos(dest);
   finish_computed_gotos(dest);
   finish_guarded_gotos(dest);
+  finish_catch_push_targets(dest);
 }
 
 /*******************************************************************\
diff --git a/src/goto-programs/goto_convert_class.h b/src/goto-programs/goto_convert_class.h
index feab8197046..05c35efa3c0 100644
--- a/src/goto-programs/goto_convert_class.h
+++ b/src/goto-programs/goto_convert_class.h
@@ -94,6 +94,9 @@ class goto_convertt:public messaget
     side_effect_exprt &expr,
     goto_programt &dest,
     bool result_is_used);
+  void remove_push_catch(
+    side_effect_exprt &expr,
+    goto_programt &dest);
   void remove_assignment(
     side_effect_exprt &expr,
     goto_programt &dest,
@@ -237,6 +240,7 @@ class goto_convertt:public messaget
   void convert_msc_try_except(const codet &code, goto_programt &dest);
   void convert_msc_leave(const codet &code, goto_programt &dest);
   void convert_try_catch(const codet &code, goto_programt &dest);
+  void convert_java_try_catch(const codet &code, goto_programt &dest);
   void convert_CPROVER_try_catch(const codet &code, goto_programt &dest);
   void convert_CPROVER_try_finally(const codet &code, goto_programt &dest);
   void convert_CPROVER_throw(const codet &code, goto_programt &dest);
diff --git a/src/goto-programs/goto_convert_exceptions.cpp b/src/goto-programs/goto_convert_exceptions.cpp
index 8d04f3cca16..63f503e8a0b 100644
--- a/src/goto-programs/goto_convert_exceptions.cpp
+++ b/src/goto-programs/goto_convert_exceptions.cpp
@@ -128,6 +128,73 @@ void goto_convertt::convert_msc_leave(
 
 /*******************************************************************\
 
+Function: goto_convertt::convert_java_try_catch
+
+  Inputs:
+
+ Outputs:
+
+ Purpose:
+
+\*******************************************************************/
+
+void goto_convertt::convert_java_try_catch(
+  const codet &code,
+  goto_programt &dest)
+{
+  assert(!code.operands().empty());
+
+  // add the CATCH instruction to 'dest'
+  goto_programt::targett catch_instruction=dest.add_instruction();
+  catch_instruction->make_catch();
+  catch_instruction->code.set_statement(ID_catch);
+  catch_instruction->source_location=code.source_location();
+  catch_instruction->function=code.source_location().get_function();
+
+  // the CATCH instruction is annotated with a list of exception IDs
+  const irept exceptions=code.op0().find(ID_exception_list);
+  if(exceptions.is_not_nil())
+  {
+    irept::subt exceptions_sub=exceptions.get_sub();
+    irept::subt &exception_list=
+      catch_instruction->code.add(ID_exception_list).get_sub();
+    exception_list.resize(exceptions_sub.size());
+    for(size_t i=0; i<exceptions_sub.size(); ++i)
+      exception_list[i].id(exceptions_sub[i].id());
+  }
+
+  // the CATCH instruction is also annotated with a list of handle labels
+  const irept handlers=code.op0().find(ID_label);
+  if(handlers.is_not_nil())
+  {
+    irept::subt handlers_sub=handlers.get_sub();
+    irept::subt &handlers_list=
+      catch_instruction->code.add(ID_label).get_sub();
+    handlers_list.resize(handlers_sub.size());
+    for(size_t i=0; i<handlers_sub.size(); ++i)
+      handlers_list[i].id(handlers_sub[i].id());
+  }
+
+  // the CATCH instruction may also signal a handler
+  if(code.op0().has_operands())
+  {
+    catch_instruction->code.get_sub().resize(1);
+    catch_instruction->code.get_sub()[0]=code.op0().op0();
+  }
+
+  // add a SKIP target for the end of everything
+  goto_programt end;
+  goto_programt::targett end_target=end.add_instruction();
+  end_target->make_skip();
+  end_target->source_location=code.source_location();
+  end_target->function=code.source_location().get_function();
+
+  // add the end-target
+  dest.destructive_append(end);
+}
+
+/*******************************************************************\
+
 Function: goto_convertt::convert_try_catch
 
   Inputs:
diff --git a/src/goto-programs/goto_convert_side_effect.cpp b/src/goto-programs/goto_convert_side_effect.cpp
index f34ee9d03a0..dbebb856ec1 100644
--- a/src/goto-programs/goto_convert_side_effect.cpp
+++ b/src/goto-programs/goto_convert_side_effect.cpp
@@ -767,6 +767,29 @@ void goto_convertt::remove_statement_expression(
 
 /*******************************************************************\
 
+Function: goto_convertt::remove_push_catch
+
+  Inputs:
+
+ Outputs:
+
+ Purpose:
+
+\*******************************************************************/
+
+void goto_convertt::remove_push_catch(
+  side_effect_exprt &expr,
+  goto_programt &dest)
+{
+  // we only get here for ID_push_catch, which is only used for Java
+  convert_java_try_catch(code_expressiont(expr), dest);
+
+  // the result can't be used, these are void
+  expr.make_nil();
+}
+
+/*******************************************************************\
+
 Function: goto_convertt::remove_side_effect
 
   Inputs:
@@ -837,6 +860,8 @@ void goto_convertt::remove_side_effect(
     // the result can't be used, these are void
     expr.make_nil();
   }
+  else if(statement==ID_push_catch)
+    remove_push_catch(expr, dest);
   else
   {
     error().source_location=expr.find_source_location();
diff --git a/src/goto-programs/remove_exceptions.cpp b/src/goto-programs/remove_exceptions.cpp
new file mode 100644
index 00000000000..14700921e24
--- /dev/null
+++ b/src/goto-programs/remove_exceptions.cpp
@@ -0,0 +1,586 @@
+/*******************************************************************\
+
+Module: Remove exception handling 
+
+Author: Cristina David
+
+Date:   December 2016
+
+\*******************************************************************/
+#define DEBUG
+#ifdef DEBUG
+#include <iostream>
+#endif
+#include <stack>
+
+#include <util/std_expr.h>
+#include <util/symbol_table.h>
+
+#include "remove_exceptions.h"
+
+class remove_exceptionst
+{
+  typedef std::vector<std::pair<
+    irep_idt, goto_programt::targett>> catch_handlerst;
+  typedef std::vector<catch_handlerst> stack_catcht;
+
+public:
+  explicit remove_exceptionst(symbol_tablet &_symbol_table):
+    symbol_table(_symbol_table)
+  {
+  }
+
+  void operator()(
+    goto_functionst &goto_functions);
+
+protected:
+  symbol_tablet &symbol_table;
+
+  void add_exceptional_returns(
+    const goto_functionst::function_mapt::iterator &);
+
+  void replace_throws(
+    const goto_functionst::function_mapt::iterator &);
+
+  void instrument_function_calls(
+    const goto_functionst::function_mapt::iterator &);
+
+  void instrument_exception_handlers(
+    const goto_functionst::function_mapt::iterator &);
+
+  void add_gotos(
+    const goto_functionst::function_mapt::iterator &);
+
+  void add_throw_gotos(
+    const goto_functionst::function_mapt::iterator &,
+    const goto_programt::instructionst::iterator &,
+    const stack_catcht &);
+
+  void add_function_call_gotos(
+    const goto_functionst::function_mapt::iterator &,
+    const goto_programt::instructionst::iterator &,
+    const stack_catcht &);
+};
+
+/*******************************************************************\
+
+Function: remove_exceptionst::add_exceptional_returns
+
+Inputs:
+
+Outputs:
+
+Purpose: adds exceptional return variables for every function that
+         may escape exceptions
+
+\*******************************************************************/
+
+void remove_exceptionst::add_exceptional_returns(
+  const goto_functionst::function_mapt::iterator &func_it)
+{
+  const irep_idt &function_id=func_it->first;
+  goto_programt &goto_program=func_it->second.body;
+
+  assert(symbol_table.has_symbol(function_id));
+  const symbolt &function_symbol=symbol_table.lookup(function_id);
+
+  // for now only add exceptional returns for Java
+  if(function_symbol.mode!=ID_java)
+    return;
+
+  if(goto_program.empty())
+    return;
+
+  // We generate an exceptional return value for any function that has
+  // a throw or a function call. This can be improved by only considering
+  // function calls that may escape exceptions. However, this will
+  // require multiple passes.
+  bool add_exceptional_var=false;
+  Forall_goto_program_instructions(instr_it, goto_program)
+    if(instr_it->is_throw() || instr_it->is_function_call())
+    {
+      add_exceptional_var=true;
+      break;
+    }
+
+  if(add_exceptional_var)
+  {
+    // look up the function symbol
+    symbol_tablet::symbolst::iterator s_it=
+      symbol_table.symbols.find(function_id);
+
+    assert(s_it!=symbol_table.symbols.end());
+
+    auxiliary_symbolt new_symbol;
+    new_symbol.is_static_lifetime=true;
+    new_symbol.module=function_symbol.module;
+    new_symbol.base_name=id2string(function_symbol.base_name)+EXC_SUFFIX;
+    new_symbol.name=id2string(function_symbol.name)+EXC_SUFFIX;
+    new_symbol.mode=function_symbol.mode;
+    new_symbol.type=typet(ID_pointer, empty_typet());
+    symbol_table.add(new_symbol);
+
+    // initialize the exceptional return with NULL
+    symbol_exprt lhs_expr_null=new_symbol.symbol_expr();
+    exprt rhs_expr_null;
+    rhs_expr_null=null_pointer_exprt(pointer_typet(empty_typet()));
+    goto_programt::targett t_null=
+      goto_program.insert_before(goto_program.instructions.begin());
+    t_null->make_assignment();
+    t_null->source_location=
+      goto_program.instructions.begin()->source_location;
+    t_null->code=code_assignt(
+      lhs_expr_null,
+      rhs_expr_null);
+    t_null->function=function_id;
+  }
+  return;
+}
+
+/*******************************************************************\
+
+Function: remove_exceptionst::replace_throws
+
+Inputs:
+
+Outputs:
+
+Purpose: turns 'throw x' in function f into an assignment to f#exc_value
+
+\*******************************************************************/
+
+void remove_exceptionst::replace_throws(
+  const goto_functionst::function_mapt::iterator &func_it)
+{
+  const irep_idt &function_id=func_it->first;
+  goto_programt &goto_program=func_it->second.body;
+
+  if(goto_program.empty())
+    return;
+
+  Forall_goto_program_instructions(instr_it, goto_program)
+  {
+    if(instr_it->is_throw() &&
+       symbol_table.has_symbol(id2string(function_id)+EXC_SUFFIX))
+    {
+      assert(instr_it->code.operands().size()==1);
+      const symbolt &exc_symbol=
+        symbol_table.lookup(id2string(function_id)+EXC_SUFFIX);
+
+      // replace "throw x;" by "f#exception_value=x;"
+      symbol_exprt lhs_expr=exc_symbol.symbol_expr();
+      // find the symbol corresponding to the thrown exceptions
+      exprt exc_expr=instr_it->code;
+      while(exc_expr.id()!=ID_symbol && exc_expr.has_operands())
+        exc_expr=exc_expr.op0();
+
+      // add the assignment with the appropriate cast
+      code_assignt assignment(typecast_exprt(lhs_expr, exc_expr.type()),
+                              exc_expr);
+      // now turn the `throw' into `assignment'
+      instr_it->type=ASSIGN;
+      instr_it->code=assignment;
+    }
+  }
+}
+
+/*******************************************************************\
+
+Function: remove_exceptionst::instrument_function_calls
+
+Inputs:
+
+Outputs:
+
+Purpose: after each function call g() in function f 
+         adds f#exception_value=g#exception_value;
+
+\*******************************************************************/
+
+void remove_exceptionst::instrument_function_calls(
+  const goto_functionst::function_mapt::iterator &func_it)
+{
+  const irep_idt &caller_id=func_it->first;
+  goto_programt &goto_program=func_it->second.body;
+
+  if(goto_program.empty())
+    return;
+
+  Forall_goto_program_instructions(instr_it, goto_program)
+  {
+    if(instr_it->is_function_call())
+    {
+      code_function_callt &function_call=to_code_function_call(instr_it->code);
+      const irep_idt &callee_id=
+        to_symbol_expr(function_call.function()).get_identifier();
+
+      // can exceptions escape?
+      if(symbol_table.has_symbol(id2string(callee_id)+EXC_SUFFIX) &&
+         symbol_table.has_symbol(id2string(caller_id)+EXC_SUFFIX))
+      {
+        const symbolt &callee=
+          symbol_table.lookup(id2string(callee_id)+EXC_SUFFIX);
+        const symbolt &caller=
+          symbol_table.lookup(id2string(caller_id)+EXC_SUFFIX);
+
+        symbol_exprt rhs_expr=callee.symbol_expr();
+        symbol_exprt lhs_expr=caller.symbol_expr();
+
+        goto_programt::targett t=goto_program.insert_after(instr_it);
+        t->make_assignment();
+        t->source_location=instr_it->source_location;
+        t->code=code_assignt(lhs_expr, rhs_expr);
+        t->function=instr_it->function;
+      }
+    }
+  }
+}
+
+/*******************************************************************\
+
+Function: remove_exceptionst::instrument_exception_handlers
+
+Inputs:
+
+Outputs:
+
+Purpose: at the beginning of each handler in function f 
+         adds exc=f#exception_value; f#exception_value=NULL;
+
+\*******************************************************************/
+
+void remove_exceptionst::instrument_exception_handlers(
+  const goto_functionst::function_mapt::iterator &func_it)
+{
+  const irep_idt &function_id=func_it->first;
+  goto_programt &goto_program=func_it->second.body;
+
+  if(goto_program.empty())
+    return;
+
+  Forall_goto_program_instructions(instr_it, goto_program)
+  {
+    // is this a handler
+    if(instr_it->type==CATCH && instr_it->code.has_operands())
+    {
+      // retrieve the exception variable
+      const irept &exception=instr_it->code.op0();
+
+      if(symbol_table.has_symbol(id2string(function_id)+EXC_SUFFIX))
+      {
+        const symbolt &function_symbol=
+          symbol_table.lookup(id2string(function_id)+EXC_SUFFIX);
+        // next we reset the exceptional return to NULL
+        symbol_exprt lhs_expr_null=function_symbol.symbol_expr();
+        exprt rhs_expr_null;
+        rhs_expr_null=null_pointer_exprt(pointer_typet(empty_typet()));
+
+        // add the assignment
+        goto_programt::targett t_null=goto_program.insert_after(instr_it);
+        t_null->make_assignment();
+        t_null->source_location=instr_it->source_location;
+        t_null->code=code_assignt(
+          lhs_expr_null,
+          rhs_expr_null);
+        t_null->function=instr_it->function;
+
+        // add the assignment exc=f#exception_value
+        symbol_exprt rhs_expr_exc=function_symbol.symbol_expr();
+
+        const exprt &lhs_expr_exc=static_cast<const exprt &>(exception);
+        goto_programt::targett t_exc=goto_program.insert_after(instr_it);
+        t_exc->make_assignment();
+        t_exc->source_location=instr_it->source_location;
+        t_exc->code=code_assignt(
+          typecast_exprt(lhs_expr_exc, rhs_expr_exc.type()),
+          rhs_expr_exc);
+        t_exc->function=instr_it->function;
+      }
+
+      instr_it->make_skip();
+    }
+  }
+}
+
+/*******************************************************************\
+
+Function: remove_exceptionst::add_gotos_throw
+
+Inputs:
+
+Outputs:
+
+Purpose: instruments each throw with conditional GOTOS to the 
+         corresponding exception handlers
+
+\*******************************************************************/
+
+void remove_exceptionst::add_throw_gotos(
+  const goto_functionst::function_mapt::iterator &func_it,
+  const goto_programt::instructionst::iterator &instr_it,
+  const remove_exceptionst::stack_catcht &stack_catch)
+{
+  assert(instr_it->type==THROW);
+
+  goto_programt &goto_program=func_it->second.body;
+
+  assert(instr_it->code.operands().size()==1);
+
+  // find the end of the function
+  goto_programt::targett end_function;
+  for(end_function=instr_it;
+      !end_function->is_end_function();
+      end_function++) {}
+  if(end_function!=instr_it)
+  {
+    // jump to the end of the function
+    // this will appear after the GOTO-based dynamic dispatch below
+    goto_programt::targett t_end=goto_program.insert_after(instr_it);
+    t_end->make_goto(end_function);
+    t_end->source_location=instr_it->source_location;
+    t_end->function=instr_it->function;
+  }
+
+  // add GOTOs implementing the dynamic dispatch of the
+  // exception handlers
+  for(std::size_t i=stack_catch.size(); i-->0;)
+  {
+    for(std::size_t j=stack_catch[i].size(); j-->0;)
+    {
+      goto_programt::targett new_state_pc=
+        stack_catch[i][j].second;
+
+      // find handler
+      goto_programt::targett t_exc=goto_program.insert_after(instr_it);
+      t_exc->make_goto(new_state_pc);
+      t_exc->source_location=instr_it->source_location;
+      t_exc->function=instr_it->function;
+
+      // use instanceof to check that this is the correct handler
+      symbol_typet type(stack_catch[i][j].first);
+      type_exprt expr(type);
+      // find the symbol corresponding to the caught exceptions
+      exprt exc_symbol=instr_it->code;
+      while(exc_symbol.id()!=ID_symbol)
+        exc_symbol=exc_symbol.op0();
+
+      binary_predicate_exprt check(exc_symbol, ID_java_instanceof, expr);
+      t_exc->guard=check;
+    }
+  }
+}
+
+/*******************************************************************\
+
+Function: remove_exceptionst::add_function_call_gotos
+
+Inputs:
+
+Outputs:
+
+Purpose: instruments each function call that may escape exceptions
+          with conditional GOTOS to the corresponding exception handlers
+
+\*******************************************************************/
+
+void remove_exceptionst::add_function_call_gotos(
+  const goto_functionst::function_mapt::iterator &func_it,
+  const goto_programt::instructionst::iterator &instr_it,
+  const stack_catcht &stack_catch)
+{
+  assert(instr_it->type==FUNCTION_CALL);
+
+  goto_programt &goto_program=func_it->second.body;
+
+  // save the address of the next instruction
+  goto_programt::instructionst::iterator next_it=instr_it;
+  next_it++;
+
+  code_function_callt &function_call=to_code_function_call(instr_it->code);
+  assert(function_call.function().id()==ID_symbol);
+  const irep_idt &callee_id=
+    to_symbol_expr(function_call.function()).get_identifier();
+
+  if(symbol_table.has_symbol(id2string(callee_id)+EXC_SUFFIX))
+  {
+    // dynamic dispatch of the escaped exception
+    const symbolt &callee_exc_symbol=
+      symbol_table.lookup(id2string(callee_id)+EXC_SUFFIX);
+    symbol_exprt callee_exc=callee_exc_symbol.symbol_expr();
+
+    for(std::size_t i=stack_catch.size(); i-->0;)
+    {
+      for(std::size_t j=stack_catch[i].size(); j-->0;)
+      {
+        goto_programt::targett new_state_pc;
+        new_state_pc=stack_catch[i][j].second;
+        goto_programt::targett t_exc=goto_program.insert_after(instr_it);
+        t_exc->make_goto(new_state_pc);
+        t_exc->source_location=instr_it->source_location;
+        t_exc->function=instr_it->function;
+        // use instanceof to check that this is the correct handler
+        symbol_typet type(stack_catch[i][j].first);
+        type_exprt expr(type);
+        binary_predicate_exprt check_instanceof(
+          callee_exc,
+          ID_java_instanceof,
+          expr);
+        t_exc->guard=check_instanceof;
+      }
+    }
+
+    // add a null check (so that instanceof can be applied)
+    equal_exprt eq_null(
+      callee_exc,
+      null_pointer_exprt(pointer_typet(empty_typet())));
+    // jump to the next instruction
+    goto_programt::targett t_null=goto_program.insert_after(instr_it);
+    t_null->make_goto(next_it);
+    t_null->source_location=instr_it->source_location;
+    t_null->function=instr_it->function;
+    t_null->guard=eq_null;
+  }
+}
+
+/*******************************************************************\
+
+Function: remove_exceptionst::add_gotos
+
+Inputs:
+
+Outputs:
+
+Purpose: instruments each throw and function calls that may escape exceptions
+         with conditional GOTOS to the corresponding exception handlers
+
+\*******************************************************************/
+
+void remove_exceptionst::add_gotos(
+  const goto_functionst::function_mapt::iterator &func_it)
+{
+  // Stack of try-catch blocks
+  stack_catcht stack_catch;
+
+  goto_programt &goto_program=func_it->second.body;
+
+  if(goto_program.empty())
+    return;
+  Forall_goto_program_instructions(instr_it, goto_program)
+  {
+    // it's a CATCH but not a handler
+    if(instr_it->type==CATCH && !instr_it->code.has_operands())
+    {
+      if(instr_it->targets.empty()) // pop
+      {
+        // pop from the stack if possible
+        if(!stack_catch.empty())
+        {
+          stack_catch.pop_back();
+        }
+        else
+        {
+#ifdef DEBUG
+          std::cout << "Remove exceptions: empty stack" << std::endl;
+#endif
+        }
+      }
+      else // push
+      {
+        remove_exceptionst::catch_handlerst exception;
+        stack_catch.push_back(exception);
+        remove_exceptionst::catch_handlerst &last_exception=
+          stack_catch.back();
+
+        // copy targets
+        const irept::subt &exception_list=
+          instr_it->code.find(ID_exception_list).get_sub();
+        assert(exception_list.size()==instr_it->targets.size());
+
+        // Fill the map with the catch type and the target
+        unsigned i=0;
+        for(auto target : instr_it->targets)
+        {
+          last_exception.push_back(
+            std::make_pair(exception_list[i].id(), target));
+          i++;
+        }
+      }
+
+      instr_it->make_skip();
+    }
+    else if(instr_it->type==THROW)
+    {
+      add_throw_gotos(func_it, instr_it, stack_catch);
+    }
+    else if(instr_it->type==FUNCTION_CALL)
+    {
+      add_function_call_gotos(func_it, instr_it, stack_catch);
+    }
+  }
+}
+
+
+/*******************************************************************\
+
+Function: remove_exceptionst::operator()
+
+Inputs:
+
+Outputs:
+
+Purpose:
+
+\*******************************************************************/
+
+void remove_exceptionst::operator()(goto_functionst &goto_functions)
+{
+  Forall_goto_functions(it, goto_functions)
+  {
+    add_exceptional_returns(it);
+  }
+  Forall_goto_functions(it, goto_functions)
+  {
+    instrument_exception_handlers(it);
+    add_gotos(it);
+    instrument_function_calls(it);
+    replace_throws(it);
+  }
+}
+
+/*******************************************************************\
+
+Function: remove_exceptions
+
+Inputs:
+
+Outputs:
+
+Purpose: removes throws/CATCH-POP/CATCH-PUSH
+
+\*******************************************************************/
+
+void remove_exceptions(
+  symbol_tablet &symbol_table,
+  goto_functionst &goto_functions)
+{
+  remove_exceptionst remove_exceptions(symbol_table);
+  remove_exceptions(goto_functions);
+}
+
+/*******************************************************************\
+
+Function: remove_exceptions
+
+Inputs:
+
+Outputs:
+
+Purpose: removes throws/CATCH-POP/CATCH-PUSH
+
+\*******************************************************************/
+
+void remove_exceptions(goto_modelt &goto_model)
+{
+  remove_exceptionst remove_exceptions(goto_model.symbol_table);
+  remove_exceptions(goto_model.goto_functions);
+}
diff --git a/src/goto-programs/remove_exceptions.h b/src/goto-programs/remove_exceptions.h
new file mode 100644
index 00000000000..89162b5833d
--- /dev/null
+++ b/src/goto-programs/remove_exceptions.h
@@ -0,0 +1,24 @@
+/*******************************************************************\
+
+Module: Remove function exceptional returns
+
+Author: Cristina David
+
+Date:   December 2016
+
+\*******************************************************************/
+
+#ifndef CPROVER_GOTO_PROGRAMS_REMOVE_EXCEPTIONS_H
+#define CPROVER_GOTO_PROGRAMS_REMOVE_EXCEPTIONS_H
+
+#include <goto-programs/goto_model.h>
+
+#define EXC_SUFFIX "#exception_value"
+
+// Removes 'throw x' and CATCH-PUSH/CATCH-POP
+// and adds the required instrumentation (GOTOs and assignments)
+
+void remove_exceptions(symbol_tablet &, goto_functionst &);
+void remove_exceptions(goto_modelt &);
+
+#endif
diff --git a/src/java_bytecode/java_bytecode_convert_method.cpp b/src/java_bytecode/java_bytecode_convert_method.cpp
index 6f816424354..44afd69b72a 100644
--- a/src/java_bytecode/java_bytecode_convert_method.cpp
+++ b/src/java_bytecode/java_bytecode_convert_method.cpp
@@ -157,9 +157,21 @@ exprt::operandst java_bytecode_convert_methodt::pop(std::size_t n)
   return operands;
 }
 
+/*******************************************************************\
+
+Function: java_bytecode_convert_methodt::pop_residue
+
+Inputs:
+
+Outputs:
+
+Purpose: removes minimum(n, stack.size()) elements from the stack
+
+\*******************************************************************/
+
 void java_bytecode_convert_methodt::pop_residue(std::size_t n)
 {
-  std::size_t residue_size=n<=stack.size()?n:stack.size();
+  std::size_t residue_size=std::min(n, stack.size());
 
   stack.resize(stack.size()-residue_size);
 }
@@ -853,8 +865,10 @@ static void gather_symbol_live_ranges(
     }
   }
   else
+  {
     forall_operands(it, e)
       gather_symbol_live_ranges(pc, *it, result);
+  }
 }
 
 /*******************************************************************\
@@ -960,18 +974,20 @@ codet java_bytecode_convert_methodt::convert_instructions(
 
     if(i_it->statement=="athrow" ||
        i_it->statement=="invokestatic" ||
-       i_it->statement=="invokevirtual")
+       i_it->statement=="invokevirtual" ||
+       i_it->statement=="invokespecial" ||
+       i_it->statement=="invokeinterface")
     {
       // find the corresponding try-catch blocks and add the handlers
       // to the targets
-      for(std::size_t e=0; e<method.exception_table.size(); e++)
+      for(const auto &exception_row : method.exception_table)
       {
-        if(i_it->address>=method.exception_table[e].start_pc &&
-           i_it->address<method.exception_table[e].end_pc)
+        if(i_it->address>=exception_row.start_pc &&
+           i_it->address<exception_row.end_pc)
         {
           a_entry.first->second.successors.push_back(
-            method.exception_table[e].handler_pc);
-          targets.insert(method.exception_table[e].handler_pc);
+            exception_row.handler_pc);
+          targets.insert(exception_row.handler_pc);
         }
       }
     }
@@ -1109,7 +1125,7 @@ codet java_bytecode_convert_methodt::convert_instructions(
         exprt exc_var=variable(
           arg0, statement[0],
           i_it->address,
-          false);
+          NO_CAST);
 
         // throw away the operands
         pop_residue(bytecode_info.pop);
@@ -1118,17 +1134,19 @@ codet java_bytecode_convert_methodt::convert_instructions(
         side_effect_expr_catcht catch_handler_expr;
         // pack the exception variable so that it can be used
         // later for instrumentation
-        catch_handler_expr.set(ID_handler, exc_var);
+        catch_handler_expr.get_sub().resize(1);
+        catch_handler_expr.get_sub()[0]=exc_var;
+
         codet catch_handler=code_expressiont(catch_handler_expr);
+        code_labelt newlabel(label(std::to_string(cur_pc)),
+                             code_blockt());
 
-        code_labelt newlabel(label(i2string(cur_pc)), code_blockt());
         code_blockt label_block=to_code_block(newlabel.code());
         code_blockt handler_block;
         handler_block.move_to_operands(c);
         handler_block.move_to_operands(catch_handler);
         handler_block.move_to_operands(label_block);
         c=handler_block;
-
         break;
       }
     }
@@ -1151,11 +1169,30 @@ codet java_bytecode_convert_methodt::convert_instructions(
     else if(statement=="athrow")
     {
       assert(op.size()==1 && results.size()==1);
+      code_blockt block;
+      if(!disable_runtime_checks)
+      {
+        // TODO throw NullPointerException instead
+        const typecast_exprt lhs(op[0], pointer_typet(empty_typet()));
+        const exprt rhs(null_pointer_exprt(to_pointer_type(lhs.type())));
+        const exprt not_equal_null(
+          binary_relation_exprt(lhs, ID_notequal, rhs));
+        code_assertt check(not_equal_null);
+        check.add_source_location()
+          .set_comment("Throw null");
+        check.add_source_location()
+          .set_property_class("null-pointer-exception");
+        block.move_to_operands(check);
+      }
+
       side_effect_expr_throwt throw_expr;
       throw_expr.add_source_location()=i_it->source_location;
       throw_expr.copy_to_operands(op[0]);
       c=code_expressiont(throw_expr);
       results[0]=op[0];
+
+      block.move_to_operands(c);
+      c=block;
     }
     else if(statement=="checkcast")
     {
@@ -1221,7 +1258,7 @@ codet java_bytecode_convert_methodt::convert_instructions(
             statement=="invokevirtual" ||
             statement=="invokestatic")
     {
-      const bool use_this(statement != "invokestatic");
+      const bool use_this(statement!="invokestatic");
       const bool is_virtual(
         statement=="invokevirtual" || statement=="invokeinterface");
 
@@ -2161,17 +2198,19 @@ codet java_bytecode_convert_methodt::convert_instructions(
     // add the CATCH-PUSH instruction(s)
     // be aware of different try-catch blocks with the same starting pc
     std::size_t pos=0;
-    int end_pc=-1;
+    size_t end_pc=0;
     while(pos<method.exception_table.size())
     {
       // check if this is the beginning of a try block
       for(; pos<method.exception_table.size(); ++pos)
       {
         // unexplored try-catch?
-        if(cur_pc==method.exception_table[pos].start_pc && end_pc==-1)
+        if(cur_pc==method.exception_table[pos].start_pc && end_pc==0)
+        {
           end_pc=method.exception_table[pos].end_pc;
+        }
 
-	// currently explored try-catch?
+        // currently explored try-catch?
         if(cur_pc==method.exception_table[pos].start_pc &&
            method.exception_table[pos].end_pc==end_pc)
         {
@@ -2182,7 +2221,7 @@ codet java_bytecode_convert_methodt::convert_instructions(
           // instruction by generating a label corresponding to
           // the handler's pc
           handler_labels.push_back(
-            label(i2string(method.exception_table[pos].handler_pc)));
+            label(std::to_string(method.exception_table[pos].handler_pc)));
         }
         else
           break;
@@ -2219,28 +2258,33 @@ codet java_bytecode_convert_methodt::convert_instructions(
       }
 
       // reset
-      end_pc=-1;
+      end_pc=0;
       exception_ids.clear();
       handler_labels.clear();
     }
 
     // next add the CATCH-POP instructions
-    int start_pc=-1;
+    size_t start_pc=0;
+    // as the first try block may have start_pc 0, we
+    // must track it separately
+    bool first_handler=false;
     // check if this is the end of a try block
-    for(std::size_t e=0; e<method.exception_table.size(); e++)
+    for(const auto &exception_row : method.exception_table)
     {
       // add the CATCH-POP before the end of the try block
-      if(cur_pc<method.exception_table[e].end_pc &&
+      if(cur_pc<exception_row.end_pc &&
         !working_set.empty() &&
-        *working_set.begin()==method.exception_table[e].end_pc)
+        *working_set.begin()==exception_row.end_pc)
       {
         // have we already added a CATCH-POP for the current try-catch?
         // (each row corresponds to a handler)
-        if(method.exception_table[e].start_pc!=start_pc)
+        if(exception_row.start_pc!=start_pc || !first_handler)
         {
+          if(!first_handler)
+            first_handler=true;
           // remember the beginning of the try-catch so that we don't add
           // another CATCH-POP for the same try-catch
-          start_pc=method.exception_table[e].start_pc;
+          start_pc=exception_row.start_pc;
           // add CATCH_POP instruction
           side_effect_expr_catcht catch_pop_expr;
           code_blockt end_try_block;
@@ -2254,34 +2298,6 @@ codet java_bytecode_convert_methodt::convert_instructions(
       }
     }
 
-    for(std::size_t e=0; e<method.exception_table.size(); e++)
-    {
-      if(cur_pc==method.exception_table[e].handler_pc)
-      {
-        // add a CATCH-PUSH signaling a handler (by using ID_handler)
-        // this will serve to signal the beginning of a handler
-        side_effect_expr_catcht catch_handler_expr;
-        irept exc_handler(ID_handler);
-        exc_handler.get_sub().resize(1);
-        exc_handler.get_sub()[0].id(
-          method.exception_table[e].catch_type.get_identifier());
-        catch_handler_expr.set(ID_handler, exc_handler);
-        codet catch_handler=code_expressiont(catch_handler_expr);
-
-        // create labels for the handlers that match those used
-        // in CATCH-PUSH above
-        code_labelt newlabel(label(i2string(cur_pc)), code_blockt());
-        code_blockt label_block=to_code_block(newlabel.code());
-        code_blockt handler_block;
-        handler_block.move_to_operands(c);
-        handler_block.move_to_operands(catch_handler);
-        handler_block.move_to_operands(label_block);
-
-        c=handler_block;
-        break;
-      }
-    }
-
     if(!i_it->source_location.get_line().empty())
       c.add_source_location()=i_it->source_location;
 
@@ -2293,6 +2309,18 @@ codet java_bytecode_convert_methodt::convert_instructions(
       address_mapt::iterator a_it2=address_map.find(address);
       assert(a_it2!=address_map.end());
 
+      // we don't worry about exception handlers as we don't load the
+      // operands from the stack anyway -- we keep explicit global
+      // exception variables
+      for(const auto &exception_row : method.exception_table)
+      {
+        if(address==exception_row.handler_pc)
+        {
+          stack.clear();
+          break;
+        }
+      }
+
       if(!stack.empty() && a_it2->second.predecessors.size()>1)
       {
         // copy into temporaries
@@ -2357,8 +2385,6 @@ codet java_bytecode_convert_methodt::convert_instructions(
     }
   }
 
-  // TODO: add exception handlers from exception table
-  // review successor computation of athrow!
   code_blockt code;
 
   // Add anonymous locals to the symtab:
diff --git a/src/symex/symex_parse_options.cpp b/src/symex/symex_parse_options.cpp
index 2ed3fedc518..54aa9382759 100644
--- a/src/symex/symex_parse_options.cpp
+++ b/src/symex/symex_parse_options.cpp
@@ -32,6 +32,7 @@ Author: Daniel Kroening, kroening@kroening.com
 #include <goto-programs/remove_complex.h>
 #include <goto-programs/remove_vector.h>
 #include <goto-programs/remove_virtual_functions.h>
+#include <goto-programs/remove_exceptions.h>
 #include <goto-programs/remove_instanceof.h>
 
 #include <goto-symex/rewrite_union.h>
@@ -369,6 +370,9 @@ bool symex_parse_optionst::process_goto_program(const optionst &options)
     remove_vector(goto_model);
     // Java virtual functions -> explicit dispatch tables:
     remove_virtual_functions(goto_model);
+    // Java throw and catch -> explicit exceptional return variables:
+    remove_exceptions(goto_model);
+    // Java instanceof -> clsid comparison:
     remove_instanceof(goto_model);
     rewrite_union(goto_model);
     adjust_float_expressions(goto_model);
diff --git a/src/util/irep_ids.txt b/src/util/irep_ids.txt
index dca7a814276..b9d2d253538 100644
--- a/src/util/irep_ids.txt
+++ b/src/util/irep_ids.txt
@@ -740,7 +740,6 @@ java_super_method_call
 skip_initialize
 java_enum_static_unwind
 push_catch
-handler
 string_constraint
 string_not_contains_constraint
 cprover_char_literal_func
diff --git a/src/util/std_code.h b/src/util/std_code.h
index ed1f8f28b74..eb7982f3bbd 100644
--- a/src/util/std_code.h
+++ b/src/util/std_code.h
@@ -1130,7 +1130,6 @@ class side_effect_expr_catcht:public side_effect_exprt
   inline side_effect_expr_catcht():side_effect_exprt(ID_push_catch)
   {
   }
-  // TODO: change to ID_catch
   inline explicit side_effect_expr_catcht(const irept &exception_list):
     side_effect_exprt(ID_push_catch)
   {

From 05f223359db5bb9b17c0fbf17faaff5ea7ffd9bb Mon Sep 17 00:00:00 2001
From: Cristina <cristina.david@gmail.com>
Date: Wed, 15 Feb 2017 14:20:28 +0000
Subject: [PATCH 105/699] Moved Java exceptions regression tests

These tests are now under cbmc-java.
---
 .../cbmc-java/NullPointer3/NullPointer3.class | Bin 270 -> 380 bytes
 .../cbmc-java/NullPointer3/NullPointer3.java  |   1 -
 regression/cbmc-java/NullPointer3/test.desc   |   4 ++--
 .../exceptions1/A.class                       | Bin
 .../exceptions1/B.class                       | Bin
 .../exceptions1/C.class                       | Bin
 .../exceptions1/D.class                       | Bin
 .../exceptions1/test.class                    | Bin
 .../exceptions1/test.desc                     |   2 +-
 .../exceptions1/test.java                     |   0
 .../exceptions10/A.class                      | Bin
 .../exceptions10/B.class                      | Bin
 .../exceptions10/C.class                      | Bin
 .../exceptions10/test.class                   | Bin
 .../exceptions10/test.desc                    |   0
 .../exceptions10/test.java                    |   0
 .../exceptions11/A.class                      | Bin
 .../exceptions11/B.class                      | Bin
 .../exceptions11/test.class                   | Bin
 .../exceptions11/test.desc                    |   0
 .../exceptions11/test.java                    |   0
 .../exceptions12/A.class                      | Bin
 .../exceptions12/B.class                      | Bin
 .../exceptions12/C.class                      | Bin
 .../exceptions12/F.class                      | Bin
 .../exceptions12/test.class                   | Bin
 .../exceptions12/test.desc                    |   0
 .../exceptions12/test.java                    |   0
 .../exceptions13/A.class                      | Bin
 .../exceptions13/B.class                      | Bin
 .../exceptions13/C.class                      | Bin
 .../exceptions13/F.class                      | Bin
 .../exceptions13/test.class                   | Bin
 .../exceptions13/test.desc                    |   0
 .../exceptions13/test.java                    |   0
 .../exceptions14/A.class                      | Bin
 .../exceptions14/B.class                      | Bin
 .../exceptions14/C.class                      | Bin
 .../exceptions14/test.class                   | Bin
 .../exceptions14/test.desc                    |   0
 .../exceptions14/test.java                    |   0
 .../exceptions15/InetAddress.class            | Bin
 .../exceptions15/InetSocketAddress.class      | Bin
 .../exceptions15/test.class                   | Bin
 .../exceptions15/test.desc                    |   0
 .../exceptions15/test.java                    |   0
 .../exceptions16}/A.class                     | Bin
 .../exceptions16}/B.class                     | Bin
 .../exceptions16}/C.class                     | Bin
 regression/cbmc-java/exceptions16/test.class  | Bin 0 -> 718 bytes
 regression/cbmc-java/exceptions16/test.desc   |   9 ++++++++
 regression/cbmc-java/exceptions16/test.java   |  21 ++++++++++++++++++
 .../exceptions2/A.class                       | Bin
 .../exceptions2}/B.class                      | Bin
 .../exceptions2}/C.class                      | Bin
 .../exceptions2/test.class                    | Bin
 .../exceptions2/test.desc                     |   2 +-
 .../exceptions2/test.java                     |   0
 .../exceptions3/A.class                       | Bin
 .../exceptions3}/B.class                      | Bin
 .../exceptions3}/C.class                      | Bin
 .../exceptions3/test.class                    | Bin
 .../exceptions3/test.desc                     |   0
 .../exceptions3/test.java                     |   0
 .../exceptions4/A.class                       | Bin
 .../exceptions4}/B.class                      | Bin
 .../exceptions4}/C.class                      | Bin
 .../exceptions4/test.class                    | Bin
 .../exceptions4/test.desc                     |   0
 .../exceptions4/test.java                     |   0
 .../exceptions5/A.class                       | Bin
 .../exceptions5}/B.class                      | Bin
 .../exceptions5}/C.class                      | Bin
 .../exceptions5/D.class                       | Bin
 .../exceptions5/test.class                    | Bin
 .../exceptions5/test.desc                     |   0
 .../exceptions5/test.java                     |   0
 .../exceptions6/A.class                       | Bin
 .../exceptions6/B.class                       | Bin
 .../exceptions6/C.class                       | Bin
 .../exceptions6/D.class                       | Bin
 .../exceptions6/test.class                    | Bin
 .../exceptions6/test.desc                     |   0
 .../exceptions6/test.java                     |   0
 .../exceptions7}/A.class                      | Bin
 .../exceptions7}/B.class                      | Bin
 .../exceptions7}/C.class                      | Bin
 .../exceptions7/test.class                    | Bin
 .../exceptions7/test.desc                     |   0
 .../exceptions7/test.java                     |   0
 regression/cbmc-java/exceptions8/A.class      | Bin 0 -> 241 bytes
 regression/cbmc-java/exceptions8/B.class      | Bin 0 -> 216 bytes
 .../exceptions8}/C.class                      | Bin
 .../exceptions8/test.class                    | Bin
 .../exceptions8/test.desc                     |   0
 .../exceptions8/test.java                     |   0
 .../exceptions9/A.class                       | Bin
 .../exceptions9/B.class                       | Bin
 regression/cbmc-java/exceptions9/C.class      | Bin 0 -> 216 bytes
 .../exceptions9/test.class                    | Bin
 .../exceptions9/test.desc                     |   0
 .../exceptions9/test.java                     |   0
 regression/exceptions/Makefile                |  14 ------------
 103 files changed, 34 insertions(+), 19 deletions(-)
 rename regression/{exceptions => cbmc-java}/exceptions1/A.class (100%)
 rename regression/{exceptions => cbmc-java}/exceptions1/B.class (100%)
 rename regression/{exceptions => cbmc-java}/exceptions1/C.class (100%)
 rename regression/{exceptions => cbmc-java}/exceptions1/D.class (100%)
 rename regression/{exceptions => cbmc-java}/exceptions1/test.class (100%)
 rename regression/{exceptions => cbmc-java}/exceptions1/test.desc (80%)
 rename regression/{exceptions => cbmc-java}/exceptions1/test.java (100%)
 rename regression/{exceptions => cbmc-java}/exceptions10/A.class (100%)
 rename regression/{exceptions => cbmc-java}/exceptions10/B.class (100%)
 rename regression/{exceptions => cbmc-java}/exceptions10/C.class (100%)
 rename regression/{exceptions => cbmc-java}/exceptions10/test.class (100%)
 rename regression/{exceptions => cbmc-java}/exceptions10/test.desc (100%)
 rename regression/{exceptions => cbmc-java}/exceptions10/test.java (100%)
 rename regression/{exceptions => cbmc-java}/exceptions11/A.class (100%)
 rename regression/{exceptions => cbmc-java}/exceptions11/B.class (100%)
 rename regression/{exceptions => cbmc-java}/exceptions11/test.class (100%)
 rename regression/{exceptions => cbmc-java}/exceptions11/test.desc (100%)
 rename regression/{exceptions => cbmc-java}/exceptions11/test.java (100%)
 rename regression/{exceptions => cbmc-java}/exceptions12/A.class (100%)
 rename regression/{exceptions => cbmc-java}/exceptions12/B.class (100%)
 rename regression/{exceptions => cbmc-java}/exceptions12/C.class (100%)
 rename regression/{exceptions => cbmc-java}/exceptions12/F.class (100%)
 rename regression/{exceptions => cbmc-java}/exceptions12/test.class (100%)
 rename regression/{exceptions => cbmc-java}/exceptions12/test.desc (100%)
 rename regression/{exceptions => cbmc-java}/exceptions12/test.java (100%)
 rename regression/{exceptions => cbmc-java}/exceptions13/A.class (100%)
 rename regression/{exceptions => cbmc-java}/exceptions13/B.class (100%)
 rename regression/{exceptions => cbmc-java}/exceptions13/C.class (100%)
 rename regression/{exceptions => cbmc-java}/exceptions13/F.class (100%)
 rename regression/{exceptions => cbmc-java}/exceptions13/test.class (100%)
 rename regression/{exceptions => cbmc-java}/exceptions13/test.desc (100%)
 rename regression/{exceptions => cbmc-java}/exceptions13/test.java (100%)
 rename regression/{exceptions => cbmc-java}/exceptions14/A.class (100%)
 rename regression/{exceptions => cbmc-java}/exceptions14/B.class (100%)
 rename regression/{exceptions => cbmc-java}/exceptions14/C.class (100%)
 rename regression/{exceptions => cbmc-java}/exceptions14/test.class (100%)
 rename regression/{exceptions => cbmc-java}/exceptions14/test.desc (100%)
 rename regression/{exceptions => cbmc-java}/exceptions14/test.java (100%)
 rename regression/{exceptions => cbmc-java}/exceptions15/InetAddress.class (100%)
 rename regression/{exceptions => cbmc-java}/exceptions15/InetSocketAddress.class (100%)
 rename regression/{exceptions => cbmc-java}/exceptions15/test.class (100%)
 rename regression/{exceptions => cbmc-java}/exceptions15/test.desc (100%)
 rename regression/{exceptions => cbmc-java}/exceptions15/test.java (100%)
 rename regression/{exceptions/exceptions7 => cbmc-java/exceptions16}/A.class (100%)
 rename regression/{exceptions/exceptions2 => cbmc-java/exceptions16}/B.class (100%)
 rename regression/{exceptions/exceptions2 => cbmc-java/exceptions16}/C.class (100%)
 create mode 100644 regression/cbmc-java/exceptions16/test.class
 create mode 100644 regression/cbmc-java/exceptions16/test.desc
 create mode 100644 regression/cbmc-java/exceptions16/test.java
 rename regression/{exceptions => cbmc-java}/exceptions2/A.class (100%)
 rename regression/{exceptions/exceptions3 => cbmc-java/exceptions2}/B.class (100%)
 rename regression/{exceptions/exceptions3 => cbmc-java/exceptions2}/C.class (100%)
 rename regression/{exceptions => cbmc-java}/exceptions2/test.class (100%)
 rename regression/{exceptions => cbmc-java}/exceptions2/test.desc (79%)
 rename regression/{exceptions => cbmc-java}/exceptions2/test.java (100%)
 rename regression/{exceptions => cbmc-java}/exceptions3/A.class (100%)
 rename regression/{exceptions/exceptions4 => cbmc-java/exceptions3}/B.class (100%)
 rename regression/{exceptions/exceptions4 => cbmc-java/exceptions3}/C.class (100%)
 rename regression/{exceptions => cbmc-java}/exceptions3/test.class (100%)
 rename regression/{exceptions => cbmc-java}/exceptions3/test.desc (100%)
 rename regression/{exceptions => cbmc-java}/exceptions3/test.java (100%)
 rename regression/{exceptions => cbmc-java}/exceptions4/A.class (100%)
 rename regression/{exceptions/exceptions5 => cbmc-java/exceptions4}/B.class (100%)
 rename regression/{exceptions/exceptions5 => cbmc-java/exceptions4}/C.class (100%)
 rename regression/{exceptions => cbmc-java}/exceptions4/test.class (100%)
 rename regression/{exceptions => cbmc-java}/exceptions4/test.desc (100%)
 rename regression/{exceptions => cbmc-java}/exceptions4/test.java (100%)
 rename regression/{exceptions => cbmc-java}/exceptions5/A.class (100%)
 rename regression/{exceptions/exceptions7 => cbmc-java/exceptions5}/B.class (100%)
 rename regression/{exceptions/exceptions7 => cbmc-java/exceptions5}/C.class (100%)
 rename regression/{exceptions => cbmc-java}/exceptions5/D.class (100%)
 rename regression/{exceptions => cbmc-java}/exceptions5/test.class (100%)
 rename regression/{exceptions => cbmc-java}/exceptions5/test.desc (100%)
 rename regression/{exceptions => cbmc-java}/exceptions5/test.java (100%)
 rename regression/{exceptions => cbmc-java}/exceptions6/A.class (100%)
 rename regression/{exceptions => cbmc-java}/exceptions6/B.class (100%)
 rename regression/{exceptions => cbmc-java}/exceptions6/C.class (100%)
 rename regression/{exceptions => cbmc-java}/exceptions6/D.class (100%)
 rename regression/{exceptions => cbmc-java}/exceptions6/test.class (100%)
 rename regression/{exceptions => cbmc-java}/exceptions6/test.desc (100%)
 rename regression/{exceptions => cbmc-java}/exceptions6/test.java (100%)
 rename regression/{exceptions/exceptions8 => cbmc-java/exceptions7}/A.class (100%)
 rename regression/{exceptions/exceptions8 => cbmc-java/exceptions7}/B.class (100%)
 rename regression/{exceptions/exceptions8 => cbmc-java/exceptions7}/C.class (100%)
 rename regression/{exceptions => cbmc-java}/exceptions7/test.class (100%)
 rename regression/{exceptions => cbmc-java}/exceptions7/test.desc (100%)
 rename regression/{exceptions => cbmc-java}/exceptions7/test.java (100%)
 create mode 100644 regression/cbmc-java/exceptions8/A.class
 create mode 100644 regression/cbmc-java/exceptions8/B.class
 rename regression/{exceptions/exceptions9 => cbmc-java/exceptions8}/C.class (100%)
 rename regression/{exceptions => cbmc-java}/exceptions8/test.class (100%)
 rename regression/{exceptions => cbmc-java}/exceptions8/test.desc (100%)
 rename regression/{exceptions => cbmc-java}/exceptions8/test.java (100%)
 rename regression/{exceptions => cbmc-java}/exceptions9/A.class (100%)
 rename regression/{exceptions => cbmc-java}/exceptions9/B.class (100%)
 create mode 100644 regression/cbmc-java/exceptions9/C.class
 rename regression/{exceptions => cbmc-java}/exceptions9/test.class (100%)
 rename regression/{exceptions => cbmc-java}/exceptions9/test.desc (100%)
 rename regression/{exceptions => cbmc-java}/exceptions9/test.java (100%)
 delete mode 100644 regression/exceptions/Makefile

diff --git a/regression/cbmc-java/NullPointer3/NullPointer3.class b/regression/cbmc-java/NullPointer3/NullPointer3.class
index 8ad089310c3a7896b660934861b104537c1edd65..b79f5adef44f30757862ddef9c91c22f2700cf2a 100644
GIT binary patch
delta 224
zcmeBU`oko8>ff$?3=9k=3?f_%%nX9;3_|P-!V^Wcw1s@~lM{2o5{ohulX6l+Km;QL
zOG!p%F(U(?k6&p{PC$NUUP)?^vGqh-C25w#qI95)aI{ZWVp*boPGVlVesD=qW?s7W
z#Ms0VeFjD#WME*`+RnhZ5y)U-U<Z<HU_nL(4j`KcqJV*ufeXmvWZ(viumRaRP|Zw?
Z`++=UovcVYnHYE(_<-_^4E$hK0s!?5BbopJ

delta 116
zcmeyv)W;-x>ff$?3=9k=4E$US%nUs247}_Nd=o{rCgvziTp1rA%fJYP3=FJV+Zh-)
r0vU`9>_CzYEXc^f$-n``j6gmEgA|YkDP>~ZkEV_lD9#0vVc-S;HuwxN

diff --git a/regression/cbmc-java/NullPointer3/NullPointer3.java b/regression/cbmc-java/NullPointer3/NullPointer3.java
index 00004f14467..fa8b227dd94 100644
--- a/regression/cbmc-java/NullPointer3/NullPointer3.java
+++ b/regression/cbmc-java/NullPointer3/NullPointer3.java
@@ -4,5 +4,4 @@ public static void main(String[] args)
   {
     throw null; // NULL pointer dereference
   }
-
 }
diff --git a/regression/cbmc-java/NullPointer3/test.desc b/regression/cbmc-java/NullPointer3/test.desc
index cc33c21738b..5dd14d8dfb9 100644
--- a/regression/cbmc-java/NullPointer3/test.desc
+++ b/regression/cbmc-java/NullPointer3/test.desc
@@ -1,9 +1,9 @@
 CORE
 NullPointer3.class
---pointer-check --stop-on-fail
+--pointer-check
 ^EXIT=10$
 ^SIGNAL=0$
-^  file NullPointer3.java line 5 function java::NullPointer3.main:\(\[Ljava/lang/String;\)V bytecode_index 1$
+^.*Throw null: FAILURE$
 ^VERIFICATION FAILED$
 --
 ^warning: ignoring
diff --git a/regression/exceptions/exceptions1/A.class b/regression/cbmc-java/exceptions1/A.class
similarity index 100%
rename from regression/exceptions/exceptions1/A.class
rename to regression/cbmc-java/exceptions1/A.class
diff --git a/regression/exceptions/exceptions1/B.class b/regression/cbmc-java/exceptions1/B.class
similarity index 100%
rename from regression/exceptions/exceptions1/B.class
rename to regression/cbmc-java/exceptions1/B.class
diff --git a/regression/exceptions/exceptions1/C.class b/regression/cbmc-java/exceptions1/C.class
similarity index 100%
rename from regression/exceptions/exceptions1/C.class
rename to regression/cbmc-java/exceptions1/C.class
diff --git a/regression/exceptions/exceptions1/D.class b/regression/cbmc-java/exceptions1/D.class
similarity index 100%
rename from regression/exceptions/exceptions1/D.class
rename to regression/cbmc-java/exceptions1/D.class
diff --git a/regression/exceptions/exceptions1/test.class b/regression/cbmc-java/exceptions1/test.class
similarity index 100%
rename from regression/exceptions/exceptions1/test.class
rename to regression/cbmc-java/exceptions1/test.class
diff --git a/regression/exceptions/exceptions1/test.desc b/regression/cbmc-java/exceptions1/test.desc
similarity index 80%
rename from regression/exceptions/exceptions1/test.desc
rename to regression/cbmc-java/exceptions1/test.desc
index 7c6146907d0..ca52107829c 100644
--- a/regression/exceptions/exceptions1/test.desc
+++ b/regression/cbmc-java/exceptions1/test.desc
@@ -4,7 +4,7 @@ test.class
 ^EXIT=10$
 ^SIGNAL=0$
 ^.*assertion at file test.java line 26 function.*: FAILURE$
-\*\* 1 of 4 failed (2 iterations)$
+\*\* 1 of 9 failed (2 iterations)$
 ^VERIFICATION FAILED$
 --
 ^warning: ignoring
diff --git a/regression/exceptions/exceptions1/test.java b/regression/cbmc-java/exceptions1/test.java
similarity index 100%
rename from regression/exceptions/exceptions1/test.java
rename to regression/cbmc-java/exceptions1/test.java
diff --git a/regression/exceptions/exceptions10/A.class b/regression/cbmc-java/exceptions10/A.class
similarity index 100%
rename from regression/exceptions/exceptions10/A.class
rename to regression/cbmc-java/exceptions10/A.class
diff --git a/regression/exceptions/exceptions10/B.class b/regression/cbmc-java/exceptions10/B.class
similarity index 100%
rename from regression/exceptions/exceptions10/B.class
rename to regression/cbmc-java/exceptions10/B.class
diff --git a/regression/exceptions/exceptions10/C.class b/regression/cbmc-java/exceptions10/C.class
similarity index 100%
rename from regression/exceptions/exceptions10/C.class
rename to regression/cbmc-java/exceptions10/C.class
diff --git a/regression/exceptions/exceptions10/test.class b/regression/cbmc-java/exceptions10/test.class
similarity index 100%
rename from regression/exceptions/exceptions10/test.class
rename to regression/cbmc-java/exceptions10/test.class
diff --git a/regression/exceptions/exceptions10/test.desc b/regression/cbmc-java/exceptions10/test.desc
similarity index 100%
rename from regression/exceptions/exceptions10/test.desc
rename to regression/cbmc-java/exceptions10/test.desc
diff --git a/regression/exceptions/exceptions10/test.java b/regression/cbmc-java/exceptions10/test.java
similarity index 100%
rename from regression/exceptions/exceptions10/test.java
rename to regression/cbmc-java/exceptions10/test.java
diff --git a/regression/exceptions/exceptions11/A.class b/regression/cbmc-java/exceptions11/A.class
similarity index 100%
rename from regression/exceptions/exceptions11/A.class
rename to regression/cbmc-java/exceptions11/A.class
diff --git a/regression/exceptions/exceptions11/B.class b/regression/cbmc-java/exceptions11/B.class
similarity index 100%
rename from regression/exceptions/exceptions11/B.class
rename to regression/cbmc-java/exceptions11/B.class
diff --git a/regression/exceptions/exceptions11/test.class b/regression/cbmc-java/exceptions11/test.class
similarity index 100%
rename from regression/exceptions/exceptions11/test.class
rename to regression/cbmc-java/exceptions11/test.class
diff --git a/regression/exceptions/exceptions11/test.desc b/regression/cbmc-java/exceptions11/test.desc
similarity index 100%
rename from regression/exceptions/exceptions11/test.desc
rename to regression/cbmc-java/exceptions11/test.desc
diff --git a/regression/exceptions/exceptions11/test.java b/regression/cbmc-java/exceptions11/test.java
similarity index 100%
rename from regression/exceptions/exceptions11/test.java
rename to regression/cbmc-java/exceptions11/test.java
diff --git a/regression/exceptions/exceptions12/A.class b/regression/cbmc-java/exceptions12/A.class
similarity index 100%
rename from regression/exceptions/exceptions12/A.class
rename to regression/cbmc-java/exceptions12/A.class
diff --git a/regression/exceptions/exceptions12/B.class b/regression/cbmc-java/exceptions12/B.class
similarity index 100%
rename from regression/exceptions/exceptions12/B.class
rename to regression/cbmc-java/exceptions12/B.class
diff --git a/regression/exceptions/exceptions12/C.class b/regression/cbmc-java/exceptions12/C.class
similarity index 100%
rename from regression/exceptions/exceptions12/C.class
rename to regression/cbmc-java/exceptions12/C.class
diff --git a/regression/exceptions/exceptions12/F.class b/regression/cbmc-java/exceptions12/F.class
similarity index 100%
rename from regression/exceptions/exceptions12/F.class
rename to regression/cbmc-java/exceptions12/F.class
diff --git a/regression/exceptions/exceptions12/test.class b/regression/cbmc-java/exceptions12/test.class
similarity index 100%
rename from regression/exceptions/exceptions12/test.class
rename to regression/cbmc-java/exceptions12/test.class
diff --git a/regression/exceptions/exceptions12/test.desc b/regression/cbmc-java/exceptions12/test.desc
similarity index 100%
rename from regression/exceptions/exceptions12/test.desc
rename to regression/cbmc-java/exceptions12/test.desc
diff --git a/regression/exceptions/exceptions12/test.java b/regression/cbmc-java/exceptions12/test.java
similarity index 100%
rename from regression/exceptions/exceptions12/test.java
rename to regression/cbmc-java/exceptions12/test.java
diff --git a/regression/exceptions/exceptions13/A.class b/regression/cbmc-java/exceptions13/A.class
similarity index 100%
rename from regression/exceptions/exceptions13/A.class
rename to regression/cbmc-java/exceptions13/A.class
diff --git a/regression/exceptions/exceptions13/B.class b/regression/cbmc-java/exceptions13/B.class
similarity index 100%
rename from regression/exceptions/exceptions13/B.class
rename to regression/cbmc-java/exceptions13/B.class
diff --git a/regression/exceptions/exceptions13/C.class b/regression/cbmc-java/exceptions13/C.class
similarity index 100%
rename from regression/exceptions/exceptions13/C.class
rename to regression/cbmc-java/exceptions13/C.class
diff --git a/regression/exceptions/exceptions13/F.class b/regression/cbmc-java/exceptions13/F.class
similarity index 100%
rename from regression/exceptions/exceptions13/F.class
rename to regression/cbmc-java/exceptions13/F.class
diff --git a/regression/exceptions/exceptions13/test.class b/regression/cbmc-java/exceptions13/test.class
similarity index 100%
rename from regression/exceptions/exceptions13/test.class
rename to regression/cbmc-java/exceptions13/test.class
diff --git a/regression/exceptions/exceptions13/test.desc b/regression/cbmc-java/exceptions13/test.desc
similarity index 100%
rename from regression/exceptions/exceptions13/test.desc
rename to regression/cbmc-java/exceptions13/test.desc
diff --git a/regression/exceptions/exceptions13/test.java b/regression/cbmc-java/exceptions13/test.java
similarity index 100%
rename from regression/exceptions/exceptions13/test.java
rename to regression/cbmc-java/exceptions13/test.java
diff --git a/regression/exceptions/exceptions14/A.class b/regression/cbmc-java/exceptions14/A.class
similarity index 100%
rename from regression/exceptions/exceptions14/A.class
rename to regression/cbmc-java/exceptions14/A.class
diff --git a/regression/exceptions/exceptions14/B.class b/regression/cbmc-java/exceptions14/B.class
similarity index 100%
rename from regression/exceptions/exceptions14/B.class
rename to regression/cbmc-java/exceptions14/B.class
diff --git a/regression/exceptions/exceptions14/C.class b/regression/cbmc-java/exceptions14/C.class
similarity index 100%
rename from regression/exceptions/exceptions14/C.class
rename to regression/cbmc-java/exceptions14/C.class
diff --git a/regression/exceptions/exceptions14/test.class b/regression/cbmc-java/exceptions14/test.class
similarity index 100%
rename from regression/exceptions/exceptions14/test.class
rename to regression/cbmc-java/exceptions14/test.class
diff --git a/regression/exceptions/exceptions14/test.desc b/regression/cbmc-java/exceptions14/test.desc
similarity index 100%
rename from regression/exceptions/exceptions14/test.desc
rename to regression/cbmc-java/exceptions14/test.desc
diff --git a/regression/exceptions/exceptions14/test.java b/regression/cbmc-java/exceptions14/test.java
similarity index 100%
rename from regression/exceptions/exceptions14/test.java
rename to regression/cbmc-java/exceptions14/test.java
diff --git a/regression/exceptions/exceptions15/InetAddress.class b/regression/cbmc-java/exceptions15/InetAddress.class
similarity index 100%
rename from regression/exceptions/exceptions15/InetAddress.class
rename to regression/cbmc-java/exceptions15/InetAddress.class
diff --git a/regression/exceptions/exceptions15/InetSocketAddress.class b/regression/cbmc-java/exceptions15/InetSocketAddress.class
similarity index 100%
rename from regression/exceptions/exceptions15/InetSocketAddress.class
rename to regression/cbmc-java/exceptions15/InetSocketAddress.class
diff --git a/regression/exceptions/exceptions15/test.class b/regression/cbmc-java/exceptions15/test.class
similarity index 100%
rename from regression/exceptions/exceptions15/test.class
rename to regression/cbmc-java/exceptions15/test.class
diff --git a/regression/exceptions/exceptions15/test.desc b/regression/cbmc-java/exceptions15/test.desc
similarity index 100%
rename from regression/exceptions/exceptions15/test.desc
rename to regression/cbmc-java/exceptions15/test.desc
diff --git a/regression/exceptions/exceptions15/test.java b/regression/cbmc-java/exceptions15/test.java
similarity index 100%
rename from regression/exceptions/exceptions15/test.java
rename to regression/cbmc-java/exceptions15/test.java
diff --git a/regression/exceptions/exceptions7/A.class b/regression/cbmc-java/exceptions16/A.class
similarity index 100%
rename from regression/exceptions/exceptions7/A.class
rename to regression/cbmc-java/exceptions16/A.class
diff --git a/regression/exceptions/exceptions2/B.class b/regression/cbmc-java/exceptions16/B.class
similarity index 100%
rename from regression/exceptions/exceptions2/B.class
rename to regression/cbmc-java/exceptions16/B.class
diff --git a/regression/exceptions/exceptions2/C.class b/regression/cbmc-java/exceptions16/C.class
similarity index 100%
rename from regression/exceptions/exceptions2/C.class
rename to regression/cbmc-java/exceptions16/C.class
diff --git a/regression/cbmc-java/exceptions16/test.class b/regression/cbmc-java/exceptions16/test.class
new file mode 100644
index 0000000000000000000000000000000000000000..189317658cea5cab3e52e378ccf0809e28a7198b
GIT binary patch
literal 718
zcmZWl-A)rh7(KJQ-D#Jllp<Jvih!U6slDM&Vk{_zWW@^%iQH|sBMz=zv%57sfKR~-
z5HHb05=rFVhccd7swA4pe1CK1eCPXq{`&p{z#7^fJj_chR8YoUiA4{N$(KC1#^3XB
zA1#SxfvLqX%T$`{WRN}8S=ftJUqI{&xa)eL^Tz^qYk5z=*-ZLMU?R{1wKII*Q|T)M
z7N`eF6vlgDs!cvBI{90jkt4`emOmoLn<ODeYuixS>L{WOy5=F+pcO~F+XCaec^JKW
z5q>CWH~=*Zl-Hwpq{Z7!hH0d>wCP+i<PQ(SkD-roR7uhGF$Q0tVTzqN92|7If5v;3
zrb$Z726dQ^5-UC)U{#=Yg?`yPR8h_`uS%OSHzY9ASD8*#|1Te<=0iSkJ^PsFqCM_j
z)EY(sBO4qCRoV$=9eP1uS~-I_WniI3>s}Ty$=DyobxbiU;~J(}F`qvZZPB+sL7Z^k
zUtk|&>>SSPGn6jQ;nK^Cf6AxD7n?0C5;b{TYBEh1NNyU~Z0S<9q~d8dYEs55>R4rK
zBWR8Y$q8m~okC`ds8NV);|6XLaf{c7vn6r6`dp$}C9A<*%3dq5z+}Dr4V7a^=LC-Z
V754x08=?{{|B2bs9VQm$egkzSbi@Dv

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/exceptions16/test.desc b/regression/cbmc-java/exceptions16/test.desc
new file mode 100644
index 00000000000..960b995f7d3
--- /dev/null
+++ b/regression/cbmc-java/exceptions16/test.desc
@@ -0,0 +1,9 @@
+CORE
+test.class
+--function test.foo
+^EXIT=10$
+^SIGNAL=0$
+^.*assertion at file test.java line 18 function.*: FAILURE$
+^VERIFICATION FAILED$
+--
+^warning: ignoring
diff --git a/regression/cbmc-java/exceptions16/test.java b/regression/cbmc-java/exceptions16/test.java
new file mode 100644
index 00000000000..9d1c2729516
--- /dev/null
+++ b/regression/cbmc-java/exceptions16/test.java
@@ -0,0 +1,21 @@
+class A extends RuntimeException {}
+class B extends A {}
+class C extends B {}
+
+public class test {
+  static void foo (int x) {
+    try {
+      x++;
+    }
+    catch(A exc) {
+      assert false;
+    }
+
+    try {
+      throw new B();
+    }
+    catch(B exc) {
+      assert false;
+    }
+  }
+}
diff --git a/regression/exceptions/exceptions2/A.class b/regression/cbmc-java/exceptions2/A.class
similarity index 100%
rename from regression/exceptions/exceptions2/A.class
rename to regression/cbmc-java/exceptions2/A.class
diff --git a/regression/exceptions/exceptions3/B.class b/regression/cbmc-java/exceptions2/B.class
similarity index 100%
rename from regression/exceptions/exceptions3/B.class
rename to regression/cbmc-java/exceptions2/B.class
diff --git a/regression/exceptions/exceptions3/C.class b/regression/cbmc-java/exceptions2/C.class
similarity index 100%
rename from regression/exceptions/exceptions3/C.class
rename to regression/cbmc-java/exceptions2/C.class
diff --git a/regression/exceptions/exceptions2/test.class b/regression/cbmc-java/exceptions2/test.class
similarity index 100%
rename from regression/exceptions/exceptions2/test.class
rename to regression/cbmc-java/exceptions2/test.class
diff --git a/regression/exceptions/exceptions2/test.desc b/regression/cbmc-java/exceptions2/test.desc
similarity index 79%
rename from regression/exceptions/exceptions2/test.desc
rename to regression/cbmc-java/exceptions2/test.desc
index 179b234c875..45f5bac3bc2 100644
--- a/regression/exceptions/exceptions2/test.desc
+++ b/regression/cbmc-java/exceptions2/test.desc
@@ -4,7 +4,7 @@ test.class
 ^EXIT=10$
 ^SIGNAL=0$
 ^.*assertion at file test.java line 15 function.*: FAILURE$
-^\*\* 1 of 2 failed (2 iterations)$
+^\*\* 1 of 5 failed (2 iterations)$
 ^VERIFICATION FAILED$
 --
 ^warning: ignoring
diff --git a/regression/exceptions/exceptions2/test.java b/regression/cbmc-java/exceptions2/test.java
similarity index 100%
rename from regression/exceptions/exceptions2/test.java
rename to regression/cbmc-java/exceptions2/test.java
diff --git a/regression/exceptions/exceptions3/A.class b/regression/cbmc-java/exceptions3/A.class
similarity index 100%
rename from regression/exceptions/exceptions3/A.class
rename to regression/cbmc-java/exceptions3/A.class
diff --git a/regression/exceptions/exceptions4/B.class b/regression/cbmc-java/exceptions3/B.class
similarity index 100%
rename from regression/exceptions/exceptions4/B.class
rename to regression/cbmc-java/exceptions3/B.class
diff --git a/regression/exceptions/exceptions4/C.class b/regression/cbmc-java/exceptions3/C.class
similarity index 100%
rename from regression/exceptions/exceptions4/C.class
rename to regression/cbmc-java/exceptions3/C.class
diff --git a/regression/exceptions/exceptions3/test.class b/regression/cbmc-java/exceptions3/test.class
similarity index 100%
rename from regression/exceptions/exceptions3/test.class
rename to regression/cbmc-java/exceptions3/test.class
diff --git a/regression/exceptions/exceptions3/test.desc b/regression/cbmc-java/exceptions3/test.desc
similarity index 100%
rename from regression/exceptions/exceptions3/test.desc
rename to regression/cbmc-java/exceptions3/test.desc
diff --git a/regression/exceptions/exceptions3/test.java b/regression/cbmc-java/exceptions3/test.java
similarity index 100%
rename from regression/exceptions/exceptions3/test.java
rename to regression/cbmc-java/exceptions3/test.java
diff --git a/regression/exceptions/exceptions4/A.class b/regression/cbmc-java/exceptions4/A.class
similarity index 100%
rename from regression/exceptions/exceptions4/A.class
rename to regression/cbmc-java/exceptions4/A.class
diff --git a/regression/exceptions/exceptions5/B.class b/regression/cbmc-java/exceptions4/B.class
similarity index 100%
rename from regression/exceptions/exceptions5/B.class
rename to regression/cbmc-java/exceptions4/B.class
diff --git a/regression/exceptions/exceptions5/C.class b/regression/cbmc-java/exceptions4/C.class
similarity index 100%
rename from regression/exceptions/exceptions5/C.class
rename to regression/cbmc-java/exceptions4/C.class
diff --git a/regression/exceptions/exceptions4/test.class b/regression/cbmc-java/exceptions4/test.class
similarity index 100%
rename from regression/exceptions/exceptions4/test.class
rename to regression/cbmc-java/exceptions4/test.class
diff --git a/regression/exceptions/exceptions4/test.desc b/regression/cbmc-java/exceptions4/test.desc
similarity index 100%
rename from regression/exceptions/exceptions4/test.desc
rename to regression/cbmc-java/exceptions4/test.desc
diff --git a/regression/exceptions/exceptions4/test.java b/regression/cbmc-java/exceptions4/test.java
similarity index 100%
rename from regression/exceptions/exceptions4/test.java
rename to regression/cbmc-java/exceptions4/test.java
diff --git a/regression/exceptions/exceptions5/A.class b/regression/cbmc-java/exceptions5/A.class
similarity index 100%
rename from regression/exceptions/exceptions5/A.class
rename to regression/cbmc-java/exceptions5/A.class
diff --git a/regression/exceptions/exceptions7/B.class b/regression/cbmc-java/exceptions5/B.class
similarity index 100%
rename from regression/exceptions/exceptions7/B.class
rename to regression/cbmc-java/exceptions5/B.class
diff --git a/regression/exceptions/exceptions7/C.class b/regression/cbmc-java/exceptions5/C.class
similarity index 100%
rename from regression/exceptions/exceptions7/C.class
rename to regression/cbmc-java/exceptions5/C.class
diff --git a/regression/exceptions/exceptions5/D.class b/regression/cbmc-java/exceptions5/D.class
similarity index 100%
rename from regression/exceptions/exceptions5/D.class
rename to regression/cbmc-java/exceptions5/D.class
diff --git a/regression/exceptions/exceptions5/test.class b/regression/cbmc-java/exceptions5/test.class
similarity index 100%
rename from regression/exceptions/exceptions5/test.class
rename to regression/cbmc-java/exceptions5/test.class
diff --git a/regression/exceptions/exceptions5/test.desc b/regression/cbmc-java/exceptions5/test.desc
similarity index 100%
rename from regression/exceptions/exceptions5/test.desc
rename to regression/cbmc-java/exceptions5/test.desc
diff --git a/regression/exceptions/exceptions5/test.java b/regression/cbmc-java/exceptions5/test.java
similarity index 100%
rename from regression/exceptions/exceptions5/test.java
rename to regression/cbmc-java/exceptions5/test.java
diff --git a/regression/exceptions/exceptions6/A.class b/regression/cbmc-java/exceptions6/A.class
similarity index 100%
rename from regression/exceptions/exceptions6/A.class
rename to regression/cbmc-java/exceptions6/A.class
diff --git a/regression/exceptions/exceptions6/B.class b/regression/cbmc-java/exceptions6/B.class
similarity index 100%
rename from regression/exceptions/exceptions6/B.class
rename to regression/cbmc-java/exceptions6/B.class
diff --git a/regression/exceptions/exceptions6/C.class b/regression/cbmc-java/exceptions6/C.class
similarity index 100%
rename from regression/exceptions/exceptions6/C.class
rename to regression/cbmc-java/exceptions6/C.class
diff --git a/regression/exceptions/exceptions6/D.class b/regression/cbmc-java/exceptions6/D.class
similarity index 100%
rename from regression/exceptions/exceptions6/D.class
rename to regression/cbmc-java/exceptions6/D.class
diff --git a/regression/exceptions/exceptions6/test.class b/regression/cbmc-java/exceptions6/test.class
similarity index 100%
rename from regression/exceptions/exceptions6/test.class
rename to regression/cbmc-java/exceptions6/test.class
diff --git a/regression/exceptions/exceptions6/test.desc b/regression/cbmc-java/exceptions6/test.desc
similarity index 100%
rename from regression/exceptions/exceptions6/test.desc
rename to regression/cbmc-java/exceptions6/test.desc
diff --git a/regression/exceptions/exceptions6/test.java b/regression/cbmc-java/exceptions6/test.java
similarity index 100%
rename from regression/exceptions/exceptions6/test.java
rename to regression/cbmc-java/exceptions6/test.java
diff --git a/regression/exceptions/exceptions8/A.class b/regression/cbmc-java/exceptions7/A.class
similarity index 100%
rename from regression/exceptions/exceptions8/A.class
rename to regression/cbmc-java/exceptions7/A.class
diff --git a/regression/exceptions/exceptions8/B.class b/regression/cbmc-java/exceptions7/B.class
similarity index 100%
rename from regression/exceptions/exceptions8/B.class
rename to regression/cbmc-java/exceptions7/B.class
diff --git a/regression/exceptions/exceptions8/C.class b/regression/cbmc-java/exceptions7/C.class
similarity index 100%
rename from regression/exceptions/exceptions8/C.class
rename to regression/cbmc-java/exceptions7/C.class
diff --git a/regression/exceptions/exceptions7/test.class b/regression/cbmc-java/exceptions7/test.class
similarity index 100%
rename from regression/exceptions/exceptions7/test.class
rename to regression/cbmc-java/exceptions7/test.class
diff --git a/regression/exceptions/exceptions7/test.desc b/regression/cbmc-java/exceptions7/test.desc
similarity index 100%
rename from regression/exceptions/exceptions7/test.desc
rename to regression/cbmc-java/exceptions7/test.desc
diff --git a/regression/exceptions/exceptions7/test.java b/regression/cbmc-java/exceptions7/test.java
similarity index 100%
rename from regression/exceptions/exceptions7/test.java
rename to regression/cbmc-java/exceptions7/test.java
diff --git a/regression/cbmc-java/exceptions8/A.class b/regression/cbmc-java/exceptions8/A.class
new file mode 100644
index 0000000000000000000000000000000000000000..963ae156be051ca07ea2d602053e012a3d27a7a4
GIT binary patch
literal 241
zcmXX=O;5r=5PbuswY3W2=*gpUuorF+lg8kw;Q*%hZQaP2c5B)#@o#xD@!${OM-gX{
zNoL+h-b?0i{P_hi$0WiKR{^dAj0ygd4ckY;@a{e*cu&o%CX6#SdfnHBZeLVUi8IZb
zQdPNX+3B<C*&TOM&C&%S+BSV#>SuQG(CW@UysN#6;bBCelyKv8QYrJ6Y<gq4)~nA_
ve^_n|ZZVLz+>oqP1btzNpmRpEZ_t;J0Rp-H$s}9|kN*P*5s4yPo>K82_(?21

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/exceptions8/B.class b/regression/cbmc-java/exceptions8/B.class
new file mode 100644
index 0000000000000000000000000000000000000000..47ae8f218e49b4ac942425d72a88b21c2772b518
GIT binary patch
literal 216
zcmXX<I|{;35S-1|#Aw75SgM6Kc8XvGt6-y~e~Ax#5);VBdszt<9>7D1o9M#q%+AiT
z@6YoEV1a=P9X%U;8$Q8WsZ3RCf<B%^1Y?_@B*70=CinF<mc>!TDLcb3PedAtLN)W>
zG^(>I`7{ic1ox2FMIv{qi93}ntJy`|ga-pAfda+`BWV1+DPr)3*<v+kZX9#^0Nq(=
Wu(?~UsiDK#`vu^@<%!U3Q{ERCG9oho

literal 0
HcmV?d00001

diff --git a/regression/exceptions/exceptions9/C.class b/regression/cbmc-java/exceptions8/C.class
similarity index 100%
rename from regression/exceptions/exceptions9/C.class
rename to regression/cbmc-java/exceptions8/C.class
diff --git a/regression/exceptions/exceptions8/test.class b/regression/cbmc-java/exceptions8/test.class
similarity index 100%
rename from regression/exceptions/exceptions8/test.class
rename to regression/cbmc-java/exceptions8/test.class
diff --git a/regression/exceptions/exceptions8/test.desc b/regression/cbmc-java/exceptions8/test.desc
similarity index 100%
rename from regression/exceptions/exceptions8/test.desc
rename to regression/cbmc-java/exceptions8/test.desc
diff --git a/regression/exceptions/exceptions8/test.java b/regression/cbmc-java/exceptions8/test.java
similarity index 100%
rename from regression/exceptions/exceptions8/test.java
rename to regression/cbmc-java/exceptions8/test.java
diff --git a/regression/exceptions/exceptions9/A.class b/regression/cbmc-java/exceptions9/A.class
similarity index 100%
rename from regression/exceptions/exceptions9/A.class
rename to regression/cbmc-java/exceptions9/A.class
diff --git a/regression/exceptions/exceptions9/B.class b/regression/cbmc-java/exceptions9/B.class
similarity index 100%
rename from regression/exceptions/exceptions9/B.class
rename to regression/cbmc-java/exceptions9/B.class
diff --git a/regression/cbmc-java/exceptions9/C.class b/regression/cbmc-java/exceptions9/C.class
new file mode 100644
index 0000000000000000000000000000000000000000..0c9779a4c2b0d3631b1a6b0ea46fd00e04361efa
GIT binary patch
literal 216
zcmXX<I}U<S5S-;Jh+;f}rCMlXr?HU4ir8rAANUfVK}g`?y{t?uJb;HXF6t(;Gdnw*
zeZ3z~01FI!nCQ9ay9f!+N)<}43Fdf`5Ui*?N<tW`LhhPNDyxG?b9RPtnTb3Rm1^g|
zY3Y-y`81A}1b<&PRVKHpjeA<wdUh695x{~?pop=-2nK&|ix|9Nc391sTgRT>K{pl#
WT<*@-G|^!l`~vXc^F-)=Q^5xrb|N<b

literal 0
HcmV?d00001

diff --git a/regression/exceptions/exceptions9/test.class b/regression/cbmc-java/exceptions9/test.class
similarity index 100%
rename from regression/exceptions/exceptions9/test.class
rename to regression/cbmc-java/exceptions9/test.class
diff --git a/regression/exceptions/exceptions9/test.desc b/regression/cbmc-java/exceptions9/test.desc
similarity index 100%
rename from regression/exceptions/exceptions9/test.desc
rename to regression/cbmc-java/exceptions9/test.desc
diff --git a/regression/exceptions/exceptions9/test.java b/regression/cbmc-java/exceptions9/test.java
similarity index 100%
rename from regression/exceptions/exceptions9/test.java
rename to regression/cbmc-java/exceptions9/test.java
diff --git a/regression/exceptions/Makefile b/regression/exceptions/Makefile
deleted file mode 100644
index 5ac5a21995e..00000000000
--- a/regression/exceptions/Makefile
+++ /dev/null
@@ -1,14 +0,0 @@
-default: tests.log
-
-test:
-	@../test.pl -c ../../../src/cbmc/cbmc
-
-tests.log: ../test.pl
-	@../test.pl -c ../../../src/cbmc/cbmc
-
-show:
-	@for dir in *; do \
-		if [ -d "$$dir" ]; then \
-			vim -o "$$dir/*.java" "$$dir/*.out"; \
-		fi; \
-	done;

From 58a076309abc26f87a3ab465c72691cdc124d1fe Mon Sep 17 00:00:00 2001
From: Cristina <cristina.david@gmail.com>
Date: Fri, 17 Feb 2017 08:42:35 +0000
Subject: [PATCH 106/699] Escaping brackets in test descriptions

---
 regression/cbmc-java/exceptions1/test.desc | 2 +-
 regression/cbmc-java/exceptions2/test.desc | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/regression/cbmc-java/exceptions1/test.desc b/regression/cbmc-java/exceptions1/test.desc
index ca52107829c..638351f4397 100644
--- a/regression/cbmc-java/exceptions1/test.desc
+++ b/regression/cbmc-java/exceptions1/test.desc
@@ -4,7 +4,7 @@ test.class
 ^EXIT=10$
 ^SIGNAL=0$
 ^.*assertion at file test.java line 26 function.*: FAILURE$
-\*\* 1 of 9 failed (2 iterations)$
+\*\* 1 of 9 failed \(2 iterations\)$
 ^VERIFICATION FAILED$
 --
 ^warning: ignoring
diff --git a/regression/cbmc-java/exceptions2/test.desc b/regression/cbmc-java/exceptions2/test.desc
index 45f5bac3bc2..8645e5ea074 100644
--- a/regression/cbmc-java/exceptions2/test.desc
+++ b/regression/cbmc-java/exceptions2/test.desc
@@ -4,7 +4,7 @@ test.class
 ^EXIT=10$
 ^SIGNAL=0$
 ^.*assertion at file test.java line 15 function.*: FAILURE$
-^\*\* 1 of 5 failed (2 iterations)$
+^\*\* 1 of 5 failed \(2 iterations\)$
 ^VERIFICATION FAILED$
 --
 ^warning: ignoring

From 50dfffb70edce4c47ea6a35dfe26b43588011a2e Mon Sep 17 00:00:00 2001
From: Cristina <cristina.david@gmail.com>
Date: Fri, 17 Feb 2017 09:38:26 +0000
Subject: [PATCH 107/699] Fixed test description for cbmc-java/virtual7

The exception handling instrumentation introduces new labels and thus the target of the gotos in the goto-program needs to be incremented.
---
 regression/cbmc-java/virtual7/test.desc | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/regression/cbmc-java/virtual7/test.desc b/regression/cbmc-java/virtual7/test.desc
index b2b26ecb9ce..3846f5c4a69 100644
--- a/regression/cbmc-java/virtual7/test.desc
+++ b/regression/cbmc-java/virtual7/test.desc
@@ -3,10 +3,10 @@ test.class
 --show-goto-functions
 ^EXIT=0$
 ^SIGNAL=0$
-IF "java::E".*THEN GOTO [12]
-IF "java::B".*THEN GOTO [12]
-IF "java::D".*THEN GOTO [12]
-IF "java::C".*THEN GOTO [12]
+IF "java::E".*THEN GOTO [67]
+IF "java::B".*THEN GOTO [67]
+IF "java::D".*THEN GOTO [67]
+IF "java::C".*THEN GOTO [67]
 --
 IF "java::A".*THEN GOTO
-GOTO 4
+GOTO 9

From 6f5d6409f3d335102cfc5ec93bbfda07c2d879d3 Mon Sep 17 00:00:00 2001
From: Cristina <cristina.david@gmail.com>
Date: Tue, 28 Feb 2017 19:34:06 +0000
Subject: [PATCH 108/699] Recompute live ranges for local variables and add
 corresponding DEAD instructions

This needs to be done because the exception handling instrumentation introduces GOTOs which modify the existent live ranges.
---
 src/goto-programs/remove_exceptions.cpp | 104 +++++++++++++++++++-----
 1 file changed, 83 insertions(+), 21 deletions(-)

diff --git a/src/goto-programs/remove_exceptions.cpp b/src/goto-programs/remove_exceptions.cpp
index 14700921e24..4b4e5debe35 100644
--- a/src/goto-programs/remove_exceptions.cpp
+++ b/src/goto-programs/remove_exceptions.cpp
@@ -7,11 +7,13 @@ Author: Cristina David
 Date:   December 2016
 
 \*******************************************************************/
-#define DEBUG
+
 #ifdef DEBUG
 #include <iostream>
 #endif
+
 #include <stack>
+#include <algorithm>
 
 #include <util/std_expr.h>
 #include <util/symbol_table.h>
@@ -47,19 +49,20 @@ class remove_exceptionst
 
   void instrument_exception_handlers(
     const goto_functionst::function_mapt::iterator &);
-
   void add_gotos(
     const goto_functionst::function_mapt::iterator &);
 
   void add_throw_gotos(
     const goto_functionst::function_mapt::iterator &,
     const goto_programt::instructionst::iterator &,
-    const stack_catcht &);
+    const stack_catcht &,
+    std::vector<exprt> &);
 
   void add_function_call_gotos(
     const goto_functionst::function_mapt::iterator &,
     const goto_programt::instructionst::iterator &,
-    const stack_catcht &);
+    const stack_catcht &,
+    std::vector<exprt> &);
 };
 
 /*******************************************************************\
@@ -134,7 +137,6 @@ void remove_exceptionst::add_exceptional_returns(
       rhs_expr_null);
     t_null->function=function_id;
   }
-  return;
 }
 
 /*******************************************************************\
@@ -318,11 +320,13 @@ Purpose: instruments each throw with conditional GOTOS to the
 void remove_exceptionst::add_throw_gotos(
   const goto_functionst::function_mapt::iterator &func_it,
   const goto_programt::instructionst::iterator &instr_it,
-  const remove_exceptionst::stack_catcht &stack_catch)
+  const remove_exceptionst::stack_catcht &stack_catch,
+  std::vector<exprt> &locals)
 {
   assert(instr_it->type==THROW);
 
   goto_programt &goto_program=func_it->second.body;
+  const irep_idt &function_id=func_it->first;
 
   assert(instr_it->code.operands().size()==1);
 
@@ -341,6 +345,11 @@ void remove_exceptionst::add_throw_gotos(
     t_end->function=instr_it->function;
   }
 
+  // find the symbol corresponding to the caught exceptions
+  const symbolt &exc_symbol=
+        symbol_table.lookup(id2string(function_id)+EXC_SUFFIX);
+  symbol_exprt exc_thrown=exc_symbol.symbol_expr();
+
   // add GOTOs implementing the dynamic dispatch of the
   // exception handlers
   for(std::size_t i=stack_catch.size(); i-->0;)
@@ -359,15 +368,21 @@ void remove_exceptionst::add_throw_gotos(
       // use instanceof to check that this is the correct handler
       symbol_typet type(stack_catch[i][j].first);
       type_exprt expr(type);
-      // find the symbol corresponding to the caught exceptions
-      exprt exc_symbol=instr_it->code;
-      while(exc_symbol.id()!=ID_symbol)
-        exc_symbol=exc_symbol.op0();
 
-      binary_predicate_exprt check(exc_symbol, ID_java_instanceof, expr);
+      binary_predicate_exprt check(exc_thrown, ID_java_instanceof, expr);
       t_exc->guard=check;
     }
   }
+
+  // add dead instructions
+  for(const auto &local : locals)
+  {
+    goto_programt::targett t_dead=goto_program.insert_after(instr_it);
+    t_dead->make_dead();
+    t_dead->code=code_deadt(local);
+    t_dead->source_location=instr_it->source_location;
+    t_dead->function=instr_it->function;
+  }
 }
 
 /*******************************************************************\
@@ -386,7 +401,8 @@ Purpose: instruments each function call that may escape exceptions
 void remove_exceptionst::add_function_call_gotos(
   const goto_functionst::function_mapt::iterator &func_it,
   const goto_programt::instructionst::iterator &instr_it,
-  const stack_catcht &stack_catch)
+  const stack_catcht &stack_catch,
+  std::vector<exprt> &locals)
 {
   assert(instr_it->type==FUNCTION_CALL);
 
@@ -403,7 +419,7 @@ void remove_exceptionst::add_function_call_gotos(
 
   if(symbol_table.has_symbol(id2string(callee_id)+EXC_SUFFIX))
   {
-    // dynamic dispatch of the escaped exception
+    // we may have an escaping exception
     const symbolt &callee_exc_symbol=
       symbol_table.lookup(id2string(callee_id)+EXC_SUFFIX);
     symbol_exprt callee_exc=callee_exc_symbol.symbol_expr();
@@ -429,11 +445,20 @@ void remove_exceptionst::add_function_call_gotos(
       }
     }
 
+    // add dead instructions
+    for(const auto &local : locals)
+    {
+      goto_programt::targett t_dead=goto_program.insert_after(instr_it);
+      t_dead->make_dead();
+      t_dead->code=code_deadt(local);
+      t_dead->source_location=instr_it->source_location;
+      t_dead->function=instr_it->function;
+    }
+
     // add a null check (so that instanceof can be applied)
     equal_exprt eq_null(
       callee_exc,
       null_pointer_exprt(pointer_typet(empty_typet())));
-    // jump to the next instruction
     goto_programt::targett t_null=goto_program.insert_after(instr_it);
     t_null->make_goto(next_it);
     t_null->source_location=instr_it->source_location;
@@ -458,20 +483,54 @@ Purpose: instruments each throw and function calls that may escape exceptions
 void remove_exceptionst::add_gotos(
   const goto_functionst::function_mapt::iterator &func_it)
 {
-  // Stack of try-catch blocks
-  stack_catcht stack_catch;
-
+  stack_catcht stack_catch; // stack of try-catch blocks
+  std::vector<std::vector<exprt>> stack_locals; // stack of local vars
+  std::vector<exprt> locals;
+  bool skip_dead=false;
   goto_programt &goto_program=func_it->second.body;
 
   if(goto_program.empty())
     return;
   Forall_goto_program_instructions(instr_it, goto_program)
   {
+    if(!instr_it->labels.empty())
+      skip_dead=false;
+    if(instr_it->is_decl())
+    {
+      code_declt decl=to_code_decl(instr_it->code);
+      locals.push_back(decl.symbol());
+    }
+    if(instr_it->is_dead())
+    {
+      code_deadt dead=to_code_dead(instr_it->code);
+      auto it=std::find(locals.begin(),
+                        locals.end(),
+                        dead.symbol());
+      // avoid DEAD re-declarations
+      if(it==locals.end())
+      {
+        if(skip_dead)
+        {
+          // this DEAD has been already added by a throw
+          instr_it->make_skip();
+        }
+      }
+      else
+      {
+        locals.erase(it);
+      }
+    }
     // it's a CATCH but not a handler
-    if(instr_it->type==CATCH && !instr_it->code.has_operands())
+    else if(instr_it->type==CATCH && !instr_it->code.has_operands())
     {
       if(instr_it->targets.empty()) // pop
       {
+        // pop the local vars stack
+        if(!stack_locals.empty())
+        {
+          locals=stack_locals.back();
+          stack_locals.pop_back();
+        }
         // pop from the stack if possible
         if(!stack_catch.empty())
         {
@@ -486,6 +545,9 @@ void remove_exceptionst::add_gotos(
       }
       else // push
       {
+        stack_locals.push_back(locals);
+        locals.clear();
+
         remove_exceptionst::catch_handlerst exception;
         stack_catch.push_back(exception);
         remove_exceptionst::catch_handlerst &last_exception=
@@ -505,16 +567,16 @@ void remove_exceptionst::add_gotos(
           i++;
         }
       }
-
       instr_it->make_skip();
     }
     else if(instr_it->type==THROW)
     {
-      add_throw_gotos(func_it, instr_it, stack_catch);
+      skip_dead=true;
+      add_throw_gotos(func_it, instr_it, stack_catch, locals);
     }
     else if(instr_it->type==FUNCTION_CALL)
     {
-      add_function_call_gotos(func_it, instr_it, stack_catch);
+      add_function_call_gotos(func_it, instr_it, stack_catch, locals);
     }
   }
 }

From d0d20360ef4cd04b32dc254c6ccab5f4a101fbdf Mon Sep 17 00:00:00 2001
From: Cristina <cristina.david@gmail.com>
Date: Tue, 28 Feb 2017 19:35:54 +0000
Subject: [PATCH 109/699] Forced try-catch to start a new basic block

This was required in order for variables local to the try-catch to be declared at the right location. This way, after adding
the exception instrumentation in remove_exceptions, we will be able to correctly re-compute live ranges for these variables.
---
 .../java_bytecode_convert_method.cpp          | 21 ++++++++++++++++---
 1 file changed, 18 insertions(+), 3 deletions(-)

diff --git a/src/java_bytecode/java_bytecode_convert_method.cpp b/src/java_bytecode/java_bytecode_convert_method.cpp
index 44afd69b72a..6b4cec79055 100644
--- a/src/java_bytecode/java_bytecode_convert_method.cpp
+++ b/src/java_bytecode/java_bytecode_convert_method.cpp
@@ -2195,7 +2195,10 @@ codet java_bytecode_convert_methodt::convert_instructions(
     std::vector<irep_idt> exception_ids;
     std::vector<irep_idt> handler_labels;
 
-    // add the CATCH-PUSH instruction(s)
+    // for each try-catch add a CATCH-PUSH instruction
+    // each CATCH-PUSH records a list of all the handler labels
+    // together with a list of all the exception ids
+
     // be aware of different try-catch blocks with the same starting pc
     std::size_t pos=0;
     size_t end_pc=0;
@@ -2215,8 +2218,7 @@ codet java_bytecode_convert_methodt::convert_instructions(
            method.exception_table[pos].end_pc==end_pc)
         {
           exception_ids.push_back(
-            method.exception_table[pos].
-            catch_type.get_identifier());
+            method.exception_table[pos].catch_type.get_identifier());
           // record the exception handler in the CATCH-PUSH
           // instruction by generating a label corresponding to
           // the handler's pc
@@ -2413,6 +2415,7 @@ codet java_bytecode_convert_methodt::convert_instructions(
   // First create a simple flat list of basic blocks. We'll add lexical nesting
   // constructs as variable live-ranges require next.
   bool start_new_block=true;
+  int previous_address=-1;
   for(const auto &address_pair : address_map)
   {
     const unsigned address=address_pair.first;
@@ -2426,6 +2429,16 @@ codet java_bytecode_convert_methodt::convert_instructions(
     // (e.g. due to exceptional control flow)
     if(!start_new_block)
       start_new_block=address_pair.second.predecessors.size()>1;
+    // Start a new lexical block if we've just entered a try block
+    if(!start_new_block && previous_address!=-1)
+    {
+      for(const auto &exception_row : method.exception_table)
+        if(exception_row.start_pc==previous_address)
+        {
+          start_new_block=true;
+          break;
+        }
+    }
 
     if(start_new_block)
     {
@@ -2445,6 +2458,8 @@ codet java_bytecode_convert_methodt::convert_instructions(
       add_to_block.add(c);
     }
     start_new_block=address_pair.second.successors.size()>1;
+
+    previous_address=address;
   }
 
   // Find out where temporaries are used:

From 18fa65d50c84162e55b761c27c1f63c9f509cd98 Mon Sep 17 00:00:00 2001
From: Cristina <cristina.david@gmail.com>
Date: Thu, 2 Mar 2017 15:46:03 +0000
Subject: [PATCH 110/699] Restructuring such that the exceptions
 instrumentation is added in one pass over the goto-program

---
 src/goto-programs/goto_program_template.h     |   8 +
 src/goto-programs/remove_exceptions.cpp       | 286 +++++++-----------
 .../java_bytecode_convert_method.cpp          |  21 +-
 src/util/std_code.h                           |   4 +-
 4 files changed, 124 insertions(+), 195 deletions(-)

diff --git a/src/goto-programs/goto_program_template.h b/src/goto-programs/goto_program_template.h
index 77161fcb4d8..bd9cb39c73e 100644
--- a/src/goto-programs/goto_program_template.h
+++ b/src/goto-programs/goto_program_template.h
@@ -474,6 +474,14 @@ class goto_program_templatet
     instructions.clear();
   }
 
+  targett get_end_function()
+  {
+    assert(!instructions.empty());
+    targett end_function=--instructions.end();
+    assert(end_function->is_end_function());
+    return end_function;
+  }
+
   //! Copy a full goto program, preserving targets
   void copy_from(const goto_program_templatet<codeT, guardT> &src);
 
diff --git a/src/goto-programs/remove_exceptions.cpp b/src/goto-programs/remove_exceptions.cpp
index 4b4e5debe35..8bbbd79e165 100644
--- a/src/goto-programs/remove_exceptions.cpp
+++ b/src/goto-programs/remove_exceptions.cpp
@@ -41,28 +41,24 @@ class remove_exceptionst
   void add_exceptional_returns(
     const goto_functionst::function_mapt::iterator &);
 
-  void replace_throws(
-    const goto_functionst::function_mapt::iterator &);
-
-  void instrument_function_calls(
-    const goto_functionst::function_mapt::iterator &);
-
-  void instrument_exception_handlers(
-    const goto_functionst::function_mapt::iterator &);
-  void add_gotos(
-    const goto_functionst::function_mapt::iterator &);
+  void instrument_exception_handler(
+    const goto_functionst::function_mapt::iterator &,
+    const goto_programt::instructionst::iterator &);
 
-  void add_throw_gotos(
+  void instrument_throw(
     const goto_functionst::function_mapt::iterator &,
     const goto_programt::instructionst::iterator &,
     const stack_catcht &,
     std::vector<exprt> &);
 
-  void add_function_call_gotos(
+  void instrument_function_call(
     const goto_functionst::function_mapt::iterator &,
     const goto_programt::instructionst::iterator &,
     const stack_catcht &,
     std::vector<exprt> &);
+
+  void instrument_exceptions(
+    const goto_functionst::function_mapt::iterator &);
 };
 
 /*******************************************************************\
@@ -99,7 +95,7 @@ void remove_exceptionst::add_exceptional_returns(
   // function calls that may escape exceptions. However, this will
   // require multiple passes.
   bool add_exceptional_var=false;
-  Forall_goto_program_instructions(instr_it, goto_program)
+  forall_goto_program_instructions(instr_it, goto_program)
     if(instr_it->is_throw() || instr_it->is_function_call())
     {
       add_exceptional_var=true;
@@ -125,8 +121,7 @@ void remove_exceptionst::add_exceptional_returns(
 
     // initialize the exceptional return with NULL
     symbol_exprt lhs_expr_null=new_symbol.symbol_expr();
-    exprt rhs_expr_null;
-    rhs_expr_null=null_pointer_exprt(pointer_typet(empty_typet()));
+    null_pointer_exprt rhs_expr_null((pointer_typet(empty_typet())));
     goto_programt::targett t_null=
       goto_program.insert_before(goto_program.instructions.begin());
     t_null->make_assignment();
@@ -141,106 +136,7 @@ void remove_exceptionst::add_exceptional_returns(
 
 /*******************************************************************\
 
-Function: remove_exceptionst::replace_throws
-
-Inputs:
-
-Outputs:
-
-Purpose: turns 'throw x' in function f into an assignment to f#exc_value
-
-\*******************************************************************/
-
-void remove_exceptionst::replace_throws(
-  const goto_functionst::function_mapt::iterator &func_it)
-{
-  const irep_idt &function_id=func_it->first;
-  goto_programt &goto_program=func_it->second.body;
-
-  if(goto_program.empty())
-    return;
-
-  Forall_goto_program_instructions(instr_it, goto_program)
-  {
-    if(instr_it->is_throw() &&
-       symbol_table.has_symbol(id2string(function_id)+EXC_SUFFIX))
-    {
-      assert(instr_it->code.operands().size()==1);
-      const symbolt &exc_symbol=
-        symbol_table.lookup(id2string(function_id)+EXC_SUFFIX);
-
-      // replace "throw x;" by "f#exception_value=x;"
-      symbol_exprt lhs_expr=exc_symbol.symbol_expr();
-      // find the symbol corresponding to the thrown exceptions
-      exprt exc_expr=instr_it->code;
-      while(exc_expr.id()!=ID_symbol && exc_expr.has_operands())
-        exc_expr=exc_expr.op0();
-
-      // add the assignment with the appropriate cast
-      code_assignt assignment(typecast_exprt(lhs_expr, exc_expr.type()),
-                              exc_expr);
-      // now turn the `throw' into `assignment'
-      instr_it->type=ASSIGN;
-      instr_it->code=assignment;
-    }
-  }
-}
-
-/*******************************************************************\
-
-Function: remove_exceptionst::instrument_function_calls
-
-Inputs:
-
-Outputs:
-
-Purpose: after each function call g() in function f 
-         adds f#exception_value=g#exception_value;
-
-\*******************************************************************/
-
-void remove_exceptionst::instrument_function_calls(
-  const goto_functionst::function_mapt::iterator &func_it)
-{
-  const irep_idt &caller_id=func_it->first;
-  goto_programt &goto_program=func_it->second.body;
-
-  if(goto_program.empty())
-    return;
-
-  Forall_goto_program_instructions(instr_it, goto_program)
-  {
-    if(instr_it->is_function_call())
-    {
-      code_function_callt &function_call=to_code_function_call(instr_it->code);
-      const irep_idt &callee_id=
-        to_symbol_expr(function_call.function()).get_identifier();
-
-      // can exceptions escape?
-      if(symbol_table.has_symbol(id2string(callee_id)+EXC_SUFFIX) &&
-         symbol_table.has_symbol(id2string(caller_id)+EXC_SUFFIX))
-      {
-        const symbolt &callee=
-          symbol_table.lookup(id2string(callee_id)+EXC_SUFFIX);
-        const symbolt &caller=
-          symbol_table.lookup(id2string(caller_id)+EXC_SUFFIX);
-
-        symbol_exprt rhs_expr=callee.symbol_expr();
-        symbol_exprt lhs_expr=caller.symbol_expr();
-
-        goto_programt::targett t=goto_program.insert_after(instr_it);
-        t->make_assignment();
-        t->source_location=instr_it->source_location;
-        t->code=code_assignt(lhs_expr, rhs_expr);
-        t->function=instr_it->function;
-      }
-    }
-  }
-}
-
-/*******************************************************************\
-
-Function: remove_exceptionst::instrument_exception_handlers
+Function: remove_exceptionst::instrument_exception_handler
 
 Inputs:
 
@@ -251,62 +147,52 @@ Purpose: at the beginning of each handler in function f
 
 \*******************************************************************/
 
-void remove_exceptionst::instrument_exception_handlers(
-  const goto_functionst::function_mapt::iterator &func_it)
+void remove_exceptionst::instrument_exception_handler(
+  const goto_functionst::function_mapt::iterator &func_it,
+  const goto_programt::instructionst::iterator &instr_it)
 {
   const irep_idt &function_id=func_it->first;
   goto_programt &goto_program=func_it->second.body;
 
-  if(goto_program.empty())
-    return;
+  assert(instr_it->type==CATCH && instr_it->code.has_operands());
 
-  Forall_goto_program_instructions(instr_it, goto_program)
+  // retrieve the exception variable
+  const exprt &exception=instr_it->code.op0();
+
+  if(symbol_table.has_symbol(id2string(function_id)+EXC_SUFFIX))
   {
-    // is this a handler
-    if(instr_it->type==CATCH && instr_it->code.has_operands())
-    {
-      // retrieve the exception variable
-      const irept &exception=instr_it->code.op0();
+    const symbolt &function_symbol=
+      symbol_table.lookup(id2string(function_id)+EXC_SUFFIX);
+    // next we reset the exceptional return to NULL
+    symbol_exprt lhs_expr_null=function_symbol.symbol_expr();
+    null_pointer_exprt rhs_expr_null((pointer_typet(empty_typet())));
 
-      if(symbol_table.has_symbol(id2string(function_id)+EXC_SUFFIX))
-      {
-        const symbolt &function_symbol=
-          symbol_table.lookup(id2string(function_id)+EXC_SUFFIX);
-        // next we reset the exceptional return to NULL
-        symbol_exprt lhs_expr_null=function_symbol.symbol_expr();
-        exprt rhs_expr_null;
-        rhs_expr_null=null_pointer_exprt(pointer_typet(empty_typet()));
-
-        // add the assignment
-        goto_programt::targett t_null=goto_program.insert_after(instr_it);
-        t_null->make_assignment();
-        t_null->source_location=instr_it->source_location;
-        t_null->code=code_assignt(
-          lhs_expr_null,
-          rhs_expr_null);
-        t_null->function=instr_it->function;
-
-        // add the assignment exc=f#exception_value
-        symbol_exprt rhs_expr_exc=function_symbol.symbol_expr();
-
-        const exprt &lhs_expr_exc=static_cast<const exprt &>(exception);
-        goto_programt::targett t_exc=goto_program.insert_after(instr_it);
-        t_exc->make_assignment();
-        t_exc->source_location=instr_it->source_location;
-        t_exc->code=code_assignt(
-          typecast_exprt(lhs_expr_exc, rhs_expr_exc.type()),
-          rhs_expr_exc);
-        t_exc->function=instr_it->function;
-      }
+    // add the assignment
+    goto_programt::targett t_null=goto_program.insert_after(instr_it);
+    t_null->make_assignment();
+    t_null->source_location=instr_it->source_location;
+    t_null->code=code_assignt(
+      lhs_expr_null,
+      rhs_expr_null);
+    t_null->function=instr_it->function;
 
-      instr_it->make_skip();
-    }
+    // add the assignment exc=f#exception_value
+    symbol_exprt rhs_expr_exc=function_symbol.symbol_expr();
+
+    goto_programt::targett t_exc=goto_program.insert_after(instr_it);
+    t_exc->make_assignment();
+    t_exc->source_location=instr_it->source_location;
+    t_exc->code=code_assignt(
+      typecast_exprt(exception, rhs_expr_exc.type()),
+      rhs_expr_exc);
+    t_exc->function=instr_it->function;
   }
+  instr_it->make_skip();
 }
 
 /*******************************************************************\
 
-Function: remove_exceptionst::add_gotos_throw
+Function: remove_exceptionst::instrument_throw
 
 Inputs:
 
@@ -317,7 +203,7 @@ Purpose: instruments each throw with conditional GOTOS to the
 
 \*******************************************************************/
 
-void remove_exceptionst::add_throw_gotos(
+void remove_exceptionst::instrument_throw(
   const goto_functionst::function_mapt::iterator &func_it,
   const goto_programt::instructionst::iterator &instr_it,
   const remove_exceptionst::stack_catcht &stack_catch,
@@ -331,10 +217,7 @@ void remove_exceptionst::add_throw_gotos(
   assert(instr_it->code.operands().size()==1);
 
   // find the end of the function
-  goto_programt::targett end_function;
-  for(end_function=instr_it;
-      !end_function->is_end_function();
-      end_function++) {}
+  goto_programt::targett end_function=goto_program.get_end_function();
   if(end_function!=instr_it)
   {
     // jump to the end of the function
@@ -345,6 +228,7 @@ void remove_exceptionst::add_throw_gotos(
     t_end->function=instr_it->function;
   }
 
+
   // find the symbol corresponding to the caught exceptions
   const symbolt &exc_symbol=
         symbol_table.lookup(id2string(function_id)+EXC_SUFFIX);
@@ -383,22 +267,34 @@ void remove_exceptionst::add_throw_gotos(
     t_dead->source_location=instr_it->source_location;
     t_dead->function=instr_it->function;
   }
+
+  // replace "throw x;" by "f#exception_value=x;"
+  exprt exc_expr=instr_it->code;
+  while(exc_expr.id()!=ID_symbol && exc_expr.has_operands())
+    exc_expr=exc_expr.op0();
+
+  // add the assignment with the appropriate cast
+  code_assignt assignment(typecast_exprt(exc_thrown, exc_expr.type()),
+                          exc_expr);
+  // now turn the `throw' into `assignment'
+  instr_it->type=ASSIGN;
+  instr_it->code=assignment;
 }
 
 /*******************************************************************\
 
-Function: remove_exceptionst::add_function_call_gotos
+Function: remove_exceptionst::instrument_function_call
 
 Inputs:
 
 Outputs:
 
 Purpose: instruments each function call that may escape exceptions
-          with conditional GOTOS to the corresponding exception handlers
+         with conditional GOTOS to the corresponding exception handlers
 
 \*******************************************************************/
 
-void remove_exceptionst::add_function_call_gotos(
+void remove_exceptionst::instrument_function_call(
   const goto_functionst::function_mapt::iterator &func_it,
   const goto_programt::instructionst::iterator &instr_it,
   const stack_catcht &stack_catch,
@@ -407,6 +303,7 @@ void remove_exceptionst::add_function_call_gotos(
   assert(instr_it->type==FUNCTION_CALL);
 
   goto_programt &goto_program=func_it->second.body;
+  const irep_idt &function_id=func_it->first;
 
   // save the address of the next instruction
   goto_programt::instructionst::iterator next_it=instr_it;
@@ -424,6 +321,18 @@ void remove_exceptionst::add_function_call_gotos(
       symbol_table.lookup(id2string(callee_id)+EXC_SUFFIX);
     symbol_exprt callee_exc=callee_exc_symbol.symbol_expr();
 
+    // find the end of the function
+    goto_programt::targett end_function=goto_program.get_end_function();
+    if(end_function!=instr_it)
+    {
+      // jump to the end of the function
+      // this will appear after the GOTO-based dynamic dispatch below
+      goto_programt::targett t_end=goto_program.insert_after(instr_it);
+      t_end->make_goto(end_function);
+      t_end->source_location=instr_it->source_location;
+      t_end->function=instr_it->function;
+    }
+
     for(std::size_t i=stack_catch.size(); i-->0;)
     {
       for(std::size_t j=stack_catch[i].size(); j-->0;)
@@ -464,43 +373,57 @@ void remove_exceptionst::add_function_call_gotos(
     t_null->source_location=instr_it->source_location;
     t_null->function=instr_it->function;
     t_null->guard=eq_null;
+
+    // after each function call g() in function f
+    // adds f#exception_value=g#exception_value;
+    const symbolt &caller=
+      symbol_table.lookup(id2string(function_id)+EXC_SUFFIX);
+    const symbol_exprt &lhs_expr=caller.symbol_expr();
+
+    goto_programt::targett t=goto_program.insert_after(instr_it);
+    t->make_assignment();
+    t->source_location=instr_it->source_location;
+    t->code=code_assignt(lhs_expr, callee_exc);
+    t->function=instr_it->function;
   }
 }
 
 /*******************************************************************\
 
-Function: remove_exceptionst::add_gotos
+Function: remove_exceptionst::instrument_exceptions
 
 Inputs:
 
 Outputs:
 
-Purpose: instruments each throw and function calls that may escape exceptions
-         with conditional GOTOS to the corresponding exception handlers
+Purpose: instruments throws, function calls that may escape exceptions
+         and exception handlers. Additionally, it re-computes
+         the live-range of local variables in order to add DEAD instructions.
 
 \*******************************************************************/
 
-void remove_exceptionst::add_gotos(
+void remove_exceptionst::instrument_exceptions(
   const goto_functionst::function_mapt::iterator &func_it)
 {
   stack_catcht stack_catch; // stack of try-catch blocks
   std::vector<std::vector<exprt>> stack_locals; // stack of local vars
   std::vector<exprt> locals;
-  bool skip_dead=false;
   goto_programt &goto_program=func_it->second.body;
 
   if(goto_program.empty())
     return;
   Forall_goto_program_instructions(instr_it, goto_program)
   {
+    // this flag is used to skip DEAD redeclaration
     if(!instr_it->labels.empty())
       skip_dead=false;
+
     if(instr_it->is_decl())
     {
       code_declt decl=to_code_decl(instr_it->code);
       locals.push_back(decl.symbol());
     }
-    if(instr_it->is_dead())
+    else if(instr_it->is_dead())
     {
       code_deadt dead=to_code_dead(instr_it->code);
       auto it=std::find(locals.begin(),
@@ -569,19 +492,23 @@ void remove_exceptionst::add_gotos(
       }
       instr_it->make_skip();
     }
+    // handler
+    else if(instr_it->type==CATCH && instr_it->code.has_operands())
+    {
+      instrument_exception_handler(func_it, instr_it);
+    }
     else if(instr_it->type==THROW)
     {
       skip_dead=true;
-      add_throw_gotos(func_it, instr_it, stack_catch, locals);
+      instrument_throw(func_it, instr_it, stack_catch, locals);
     }
     else if(instr_it->type==FUNCTION_CALL)
     {
-      add_function_call_gotos(func_it, instr_it, stack_catch, locals);
+      instrument_function_call(func_it, instr_it, stack_catch, locals);
     }
   }
 }
 
-
 /*******************************************************************\
 
 Function: remove_exceptionst::operator()
@@ -597,16 +524,9 @@ Function: remove_exceptionst::operator()
 void remove_exceptionst::operator()(goto_functionst &goto_functions)
 {
   Forall_goto_functions(it, goto_functions)
-  {
     add_exceptional_returns(it);
-  }
   Forall_goto_functions(it, goto_functions)
-  {
-    instrument_exception_handlers(it);
-    add_gotos(it);
-    instrument_function_calls(it);
-    replace_throws(it);
-  }
+    instrument_exceptions(it);
 }
 
 /*******************************************************************\
diff --git a/src/java_bytecode/java_bytecode_convert_method.cpp b/src/java_bytecode/java_bytecode_convert_method.cpp
index 6b4cec79055..8e14d5731dc 100644
--- a/src/java_bytecode/java_bytecode_convert_method.cpp
+++ b/src/java_bytecode/java_bytecode_convert_method.cpp
@@ -5,6 +5,7 @@ Module: JAVA Bytecode Language Conversion
 Author: Daniel Kroening, kroening@kroening.com
 
 \*******************************************************************/
+
 #ifdef DEBUG
 #include <iostream>
 #endif
@@ -1117,10 +1118,10 @@ codet java_bytecode_convert_methodt::convert_instructions(
 
     // we throw away the first statement in an exception handler
     // as we don't know if a function call had a normal or exceptional return
-    size_t e;
-    for(e=0; e<method.exception_table.size(); ++e)
+    auto it=method.exception_table.begin();
+    for(; it!=method.exception_table.end(); ++it)
     {
-      if(cur_pc==method.exception_table[e].handler_pc)
+      if(cur_pc==it->handler_pc)
       {
         exprt exc_var=variable(
           arg0, statement[0],
@@ -1137,7 +1138,7 @@ codet java_bytecode_convert_methodt::convert_instructions(
         catch_handler_expr.get_sub().resize(1);
         catch_handler_expr.get_sub()[0]=exc_var;
 
-        codet catch_handler=code_expressiont(catch_handler_expr);
+        code_expressiont catch_handler(catch_handler_expr);
         code_labelt newlabel(label(std::to_string(cur_pc)),
                              code_blockt());
 
@@ -1151,7 +1152,7 @@ codet java_bytecode_convert_methodt::convert_instructions(
       }
     }
 
-    if(e<method.exception_table.size())
+    if(it!=method.exception_table.end())
     {
       // go straight to the next statement
       continue;
@@ -2201,7 +2202,7 @@ codet java_bytecode_convert_methodt::convert_instructions(
 
     // be aware of different try-catch blocks with the same starting pc
     std::size_t pos=0;
-    size_t end_pc=0;
+    std::size_t end_pc=0;
     while(pos<method.exception_table.size())
     {
       // check if this is the beginning of a try block
@@ -2248,7 +2249,7 @@ codet java_bytecode_convert_methodt::convert_instructions(
         catch_push_expr.set(ID_label, labels);
 
         code_blockt try_block;
-        codet catch_push=code_expressiont(catch_push_expr);
+        code_expressiont catch_push(catch_push_expr);
         try_block.move_to_operands(catch_push);
         try_block.move_to_operands(c);
         c=try_block;
@@ -2275,8 +2276,8 @@ codet java_bytecode_convert_methodt::convert_instructions(
     {
       // add the CATCH-POP before the end of the try block
       if(cur_pc<exception_row.end_pc &&
-        !working_set.empty() &&
-        *working_set.begin()==exception_row.end_pc)
+         !working_set.empty() &&
+         *working_set.begin()==exception_row.end_pc)
       {
         // have we already added a CATCH-POP for the current try-catch?
         // (each row corresponds to a handler)
@@ -2290,7 +2291,7 @@ codet java_bytecode_convert_methodt::convert_instructions(
           // add CATCH_POP instruction
           side_effect_expr_catcht catch_pop_expr;
           code_blockt end_try_block;
-          codet catch_pop=code_expressiont(catch_pop_expr);
+          code_expressiont catch_pop(catch_pop_expr);
           catch_pop.set(ID_exception_list, get_nil_irep());
           catch_pop.set(ID_label, get_nil_irep());
           end_try_block.move_to_operands(c);
diff --git a/src/util/std_code.h b/src/util/std_code.h
index eb7982f3bbd..17d038274a3 100644
--- a/src/util/std_code.h
+++ b/src/util/std_code.h
@@ -1127,10 +1127,10 @@ inline const side_effect_expr_throwt &to_side_effect_expr_throw(
 class side_effect_expr_catcht:public side_effect_exprt
 {
 public:
-  inline side_effect_expr_catcht():side_effect_exprt(ID_push_catch)
+  side_effect_expr_catcht():side_effect_exprt(ID_push_catch)
   {
   }
-  inline explicit side_effect_expr_catcht(const irept &exception_list):
+  explicit side_effect_expr_catcht(const irept &exception_list):
     side_effect_exprt(ID_push_catch)
   {
     set(ID_exception_list, exception_list);

From 0a11374e755e3ac30b5f8dbe590cc7925b67466e Mon Sep 17 00:00:00 2001
From: Cristina <cristina.david@gmail.com>
Date: Thu, 2 Mar 2017 16:53:29 +0000
Subject: [PATCH 111/699] Add jump to the end of the current function if a
 function call throws an exception for which there is no handler

---
 regression/cbmc-java/exceptions9/test.class | Bin 976 -> 976 bytes
 src/goto-programs/remove_exceptions.cpp     |  29 ++------------------
 2 files changed, 2 insertions(+), 27 deletions(-)

diff --git a/regression/cbmc-java/exceptions9/test.class b/regression/cbmc-java/exceptions9/test.class
index 42f38bdf8b411bc40f4fb15444a6d085cda2a375..ee137ed9bf6ccb8312157e118fe6f87aedaec1a9 100644
GIT binary patch
delta 25
gcmcb>et~_13p1}OgCK)4gAjuXg9d}z<Ur<n07@MM_5c6?

delta 25
gcmcb>et~_13p1}8gCK(ngAju%g9d~8<Ur<n07^*&`Tzg`

diff --git a/src/goto-programs/remove_exceptions.cpp b/src/goto-programs/remove_exceptions.cpp
index 8bbbd79e165..e73eba8d2ec 100644
--- a/src/goto-programs/remove_exceptions.cpp
+++ b/src/goto-programs/remove_exceptions.cpp
@@ -414,36 +414,12 @@ void remove_exceptionst::instrument_exceptions(
     return;
   Forall_goto_program_instructions(instr_it, goto_program)
   {
-    // this flag is used to skip DEAD redeclaration
-    if(!instr_it->labels.empty())
-      skip_dead=false;
-
     if(instr_it->is_decl())
     {
       code_declt decl=to_code_decl(instr_it->code);
       locals.push_back(decl.symbol());
     }
-    else if(instr_it->is_dead())
-    {
-      code_deadt dead=to_code_dead(instr_it->code);
-      auto it=std::find(locals.begin(),
-                        locals.end(),
-                        dead.symbol());
-      // avoid DEAD re-declarations
-      if(it==locals.end())
-      {
-        if(skip_dead)
-        {
-          // this DEAD has been already added by a throw
-          instr_it->make_skip();
-        }
-      }
-      else
-      {
-        locals.erase(it);
-      }
-    }
-    // it's a CATCH but not a handler
+    // it's a CATCH but not a handler (as it has no operands)
     else if(instr_it->type==CATCH && !instr_it->code.has_operands())
     {
       if(instr_it->targets.empty()) // pop
@@ -492,14 +468,13 @@ void remove_exceptionst::instrument_exceptions(
       }
       instr_it->make_skip();
     }
-    // handler
+    // CATCH handler
     else if(instr_it->type==CATCH && instr_it->code.has_operands())
     {
       instrument_exception_handler(func_it, instr_it);
     }
     else if(instr_it->type==THROW)
     {
-      skip_dead=true;
       instrument_throw(func_it, instr_it, stack_catch, locals);
     }
     else if(instr_it->type==FUNCTION_CALL)

From 8d2a26b86b1ecc3b4d3b16b98a229000a988d07f Mon Sep 17 00:00:00 2001
From: Cristina <cristina.david@gmail.com>
Date: Thu, 2 Mar 2017 16:59:39 +0000
Subject: [PATCH 112/699] Modified the expected goto-program for
 cbmc-java/virtual7 as exception handling instrumentation introduces new
 labels and GOTOs

---
 regression/cbmc-java/virtual7/test.desc | 1 -
 1 file changed, 1 deletion(-)

diff --git a/regression/cbmc-java/virtual7/test.desc b/regression/cbmc-java/virtual7/test.desc
index 3846f5c4a69..2e196d82e8c 100644
--- a/regression/cbmc-java/virtual7/test.desc
+++ b/regression/cbmc-java/virtual7/test.desc
@@ -9,4 +9,3 @@ IF "java::D".*THEN GOTO [67]
 IF "java::C".*THEN GOTO [67]
 --
 IF "java::A".*THEN GOTO
-GOTO 9

From 28d00ebd17309691e57064248477df8b8e1e3dc0 Mon Sep 17 00:00:00 2001
From: Cristina <cristina.david@gmail.com>
Date: Thu, 2 Mar 2017 17:13:47 +0000
Subject: [PATCH 113/699] + regression test for Java exception handling

---
 regression/cbmc-java/exceptions18/A.class    | Bin 0 -> 241 bytes
 regression/cbmc-java/exceptions18/Test.class | Bin 0 -> 756 bytes
 regression/cbmc-java/exceptions18/Test.java  |  23 +++++++++++++++++++
 regression/cbmc-java/exceptions18/test.desc  |   8 +++++++
 4 files changed, 31 insertions(+)
 create mode 100644 regression/cbmc-java/exceptions18/A.class
 create mode 100644 regression/cbmc-java/exceptions18/Test.class
 create mode 100644 regression/cbmc-java/exceptions18/Test.java
 create mode 100644 regression/cbmc-java/exceptions18/test.desc

diff --git a/regression/cbmc-java/exceptions18/A.class b/regression/cbmc-java/exceptions18/A.class
new file mode 100644
index 0000000000000000000000000000000000000000..eb37079f4ed73d57cc2b6947f9e46c6bcc1e8e5b
GIT binary patch
literal 241
zcmXX=Jxjzu5Pg$RlZ!?ytt{2z(%30N5Uqm6T}Z!)i|&!^9?3@hTULUFKfoU)&PE4j
z-Usi&eE)oY0l30(3Ll3tj$-75=tgN}ZwdbSMMDVg%#$SKmD2KY9$GopqV3r^sZ1yO
zMvThoe>1QzYT{~DUK7%-na55(C>Kv^Iob72yow9~LIRb9Q>Tkw=;vZHYpVu%|JKR9
tRYv0s9>3*=c)7wDF)J9I6JCCR-kEra`9_OLIAEUr1&|<RMOZDV>=)<>EFAy<

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/exceptions18/Test.class b/regression/cbmc-java/exceptions18/Test.class
new file mode 100644
index 0000000000000000000000000000000000000000..1c2f3dba0083acf483f5b48a1fc3425e77f16268
GIT binary patch
literal 756
zcmX|7O-~b16g_w5&Ac)cD71peSBs#fel!v60+j?zNH7%_5E2s;GOZ&H){ZGtqptfq
z+_GjPi6(aMPjZ2t_gY=N`*H5Q=e&D=U48!vU<0cGd=xcG0UQ(qcv#lBsj(vPAII%D
z-4eLvwIhLgn!Jt#6ZN<q?RVcdqRwI1Xc3vJC(W>R6n0{h4?&f_jnBwYKa9@ON8~t3
z5`jm195SnK8|;n2RC&+P%NM>qfew%3c01}Y`@~0nB1t#3$Y*Aaf7#eU8aCfO4?kE*
z`|FY*I7qskX0#iduZ<Y>`={Z@Fbj<g`L?qdH-R!0LC(~wt+0JkebG3Lnkh;=fzQ(b
zE~thK?Fh3fz0iA=OUMNS2LY{bK^LQpvx5fuF=jAAM9lCGyB+%A2b`CeT>nm=*?_?u
z9#$x0S*8b_LzWD)3FIvEB&G&@QX#52Rdb*898p_6SKOMK`-;3<^M)Fme&rifPsuq(
zHx)Z(RsS6R{=NPMrvt3uHoe2e9?-gWn`cx2e{VEBs%lIU&l4#ynx>t>0<QB&H#lD;
z!#vioh`U%K&nlUgvChgv+_Jm8;`Rkj=V?7oDqJJ0Ph`fjDNg&0bF65T$z0%1)~RnW
v*KGLznl;R_Dy(f#y+A+5dJ*0gN+R-y0!m|^Aw*;0H}npj!-+-qIavA&F`-{k

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/exceptions18/Test.java b/regression/cbmc-java/exceptions18/Test.java
new file mode 100644
index 00000000000..92ecf88c98b
--- /dev/null
+++ b/regression/cbmc-java/exceptions18/Test.java
@@ -0,0 +1,23 @@
+class A extends RuntimeException {}
+class B extends A {}
+
+public class Test {
+  void foo()
+  {
+    A a=new A();
+    throw a;
+  }
+  void goo()
+  {
+    try
+    {
+      foo();
+      assert false;
+    }
+    catch(B e)
+    {
+      assert false;
+    } 
+  }
+  
+}
diff --git a/regression/cbmc-java/exceptions18/test.desc b/regression/cbmc-java/exceptions18/test.desc
new file mode 100644
index 00000000000..eff4927d2da
--- /dev/null
+++ b/regression/cbmc-java/exceptions18/test.desc
@@ -0,0 +1,8 @@
+CORE
+Test.class
+--function Test.goo
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION SUCCESSFUL$
+--
+^warning: ignoring

From 15fd106b1ee8470e5bc7ab28c5237d2c28aad0fc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Matthias=20G=C3=BCdemann?= <matthias.guedemann@diffblue.com>
Date: Sat, 4 Mar 2017 12:00:51 +0100
Subject: [PATCH 114/699] allow regex to limit class files loaded from JAR

---
 src/cbmc/cbmc_parse_options.cpp              |  1 +
 src/cbmc/cbmc_parse_options.h                |  1 +
 src/java_bytecode/jar_file.cpp               | 23 ++++++++++++------
 src/java_bytecode/jar_file.h                 | 25 +++++++++++++-------
 src/java_bytecode/java_bytecode_language.cpp |  5 ++++
 src/java_bytecode/java_bytecode_language.h   |  1 +
 src/java_bytecode/java_class_loader.h        |  4 ++++
 7 files changed, 44 insertions(+), 16 deletions(-)

diff --git a/src/cbmc/cbmc_parse_options.cpp b/src/cbmc/cbmc_parse_options.cpp
index 6eb044257c6..069034fa7a6 100644
--- a/src/cbmc/cbmc_parse_options.cpp
+++ b/src/cbmc/cbmc_parse_options.cpp
@@ -1158,6 +1158,7 @@ void cbmc_parse_optionst::help()
     // NOLINTNEXTLINE(whitespace/line_length)
     " --java-max-vla-length        limit the length of user-code-created arrays\n"
     // NOLINTNEXTLINE(whitespace/line_length)
+    " --java-cp-include-files      regexp of class files to load\n"
     " --java-unwind-enum-static    try to unwind loops in static initialization of enums\n"
     "\n"
     "Semantic transformations:\n"
diff --git a/src/cbmc/cbmc_parse_options.h b/src/cbmc/cbmc_parse_options.h
index adc6e2ee517..a3fc5e7e7d3 100644
--- a/src/cbmc/cbmc_parse_options.h
+++ b/src/cbmc/cbmc_parse_options.h
@@ -55,6 +55,7 @@ class optionst;
   "(round-to-nearest)(round-to-plus-inf)(round-to-minus-inf)(round-to-zero)" \
   "(graphml-witness):" \
   "(java-max-vla-length):(java-unwind-enum-static)" \
+  "(java-cp-include-files):" \
   "(localize-faults)(localize-faults-method):" \
   "(lazy-methods)" \
   "(fixedbv)(floatbv)(all-claims)(all-properties)" // legacy, and will eventually disappear // NOLINT(whitespace/line_length)
diff --git a/src/java_bytecode/jar_file.cpp b/src/java_bytecode/jar_file.cpp
index d679f21c070..f7cb0726494 100644
--- a/src/java_bytecode/jar_file.cpp
+++ b/src/java_bytecode/jar_file.cpp
@@ -9,8 +9,8 @@ Author: Daniel Kroening, kroening@kroening.com
 #include <cstring>
 #include <cassert>
 #include <sstream>
-
 #include "jar_file.h"
+#include <util/suffix.h>
 
 /*******************************************************************\
 
@@ -24,7 +24,7 @@ Function: jar_filet::open
 
 \*******************************************************************/
 
-void jar_filet::open(const std::string &filename)
+void jar_filet::open(std::string &java_cp_include_files, const std::string &filename)
 {
   if(!mz_ok)
   {
@@ -38,8 +38,7 @@ void jar_filet::open(const std::string &filename)
     std::size_t number_of_files=
       mz_zip_reader_get_num_files(&zip);
 
-    index.reserve(number_of_files);
-
+    size_t filtered_index=0;
     for(std::size_t i=0; i<number_of_files; i++)
     {
       mz_uint filename_length=mz_zip_reader_get_filename(&zip, i, nullptr, 0);
@@ -48,8 +47,17 @@ void jar_filet::open(const std::string &filename)
         mz_zip_reader_get_filename(&zip, i, filename_char, filename_length);
       assert(filename_length==filename_len);
       std::string file_name(filename_char);
+      std::smatch string_matcher;
+      std::regex matcher(java_cp_include_files);
+      // load .class files only if they match regex
+      if(std::regex_match(file_name, string_matcher, matcher) ||
+         !has_suffix(file_name, ".class"))
+      {
+        index.push_back(file_name);
+        filtered_jar[filtered_index]=i;
+        filtered_index++;
+      }
       delete[] filename_char;
-      index.push_back(file_name);
     }
   }
 }
@@ -96,16 +104,17 @@ std::string jar_filet::get_entry(std::size_t i)
 
   std::string dest;
 
+  size_t real_index=filtered_jar[i];
   mz_zip_archive_file_stat file_stat;
   memset(&file_stat, 0, sizeof(file_stat));
-  mz_bool stat_ok=mz_zip_reader_file_stat(&zip, i, &file_stat);
+  mz_bool stat_ok=mz_zip_reader_file_stat(&zip, real_index, &file_stat);
   if(stat_ok!=MZ_TRUE)
     return std::string();
   std::vector<char> buffer;
   size_t bufsize=file_stat.m_uncomp_size;
   buffer.resize(bufsize);
   mz_bool read_ok=
-    mz_zip_reader_extract_to_mem(&zip, i, buffer.data(), bufsize, 0);
+    mz_zip_reader_extract_to_mem(&zip, real_index, buffer.data(), bufsize, 0);
   if(read_ok!=MZ_TRUE)
     return std::string();
 
diff --git a/src/java_bytecode/jar_file.h b/src/java_bytecode/jar_file.h
index 53f673102bf..7670cbf6a8b 100644
--- a/src/java_bytecode/jar_file.h
+++ b/src/java_bytecode/jar_file.h
@@ -15,27 +15,26 @@ Author: Daniel Kroening, kroening@kroening.com
 #include <string>
 #include <vector>
 #include <map>
+#include <regex>
 
 class jar_filet
 {
 public:
   jar_filet():mz_ok(false) { }
-
-  inline explicit jar_filet(const std::string &file_name)
-  {
-    open(file_name);
-  }
+  inline explicit jar_filet(const std::string &file_name) { }
 
   ~jar_filet();
 
-  void open(const std::string &);
+  void open(std::string &java_cp_include_files, const std::string &);
 
   // Test for error; 'true' means we are good.
-  inline explicit operator bool() const { return true;  // TODO
-  }
+  inline explicit operator bool() const { return mz_ok; }
 
   typedef std::vector<std::string> indext;
   indext index;
+  // map internal index to real index in jar central directory
+  typedef std::map<int, int> filtered_jart;
+  filtered_jart filtered_jar;
 
   std::string get_entry(std::size_t i);
 
@@ -45,18 +44,25 @@ class jar_filet
 protected:
   mz_zip_archive zip;
   bool mz_ok;
+  std::string matcher;
+  std::map<int, int> index_map;
 };
 
 class jar_poolt
 {
 public:
+  void set_java_cp_include_files(std::string &_java_cp_include_files)
+  {
+    java_cp_include_files=_java_cp_include_files;
+  }
   jar_filet &operator()(const std::string &file_name)
   {
+    assert(!java_cp_include_files.empty() && "class regexp cannot be empty");
     file_mapt::iterator it=file_map.find(file_name);
     if(it==file_map.end())
     {
       jar_filet &jar_file=file_map[file_name];
-      jar_file.open(file_name);
+      jar_file.open(java_cp_include_files, file_name);
       return jar_file;
     }
     else
@@ -66,6 +72,7 @@ class jar_poolt
 protected:
   typedef std::map<std::string, jar_filet> file_mapt;
   file_mapt file_map;
+  std::string java_cp_include_files;
 };
 
 #endif // CPROVER_JAVA_BYTECODE_JAR_FILE_H
diff --git a/src/java_bytecode/java_bytecode_language.cpp b/src/java_bytecode/java_bytecode_language.cpp
index 37ed835eca0..22f15aa8447 100644
--- a/src/java_bytecode/java_bytecode_language.cpp
+++ b/src/java_bytecode/java_bytecode_language.cpp
@@ -55,6 +55,10 @@ void java_bytecode_languaget::get_language_options(const cmdlinet &cmd)
     lazy_methods_mode=LAZY_METHODS_MODE_CONTEXT_INSENSITIVE;
   else
     lazy_methods_mode=LAZY_METHODS_MODE_EAGER;
+  if(cmd.isset("java-cp-include-files"))
+    java_cp_include_files=cmd.get_value("java-cp-include-files");
+  else
+    java_cp_include_files=".*";
 }
 
 /*******************************************************************\
@@ -129,6 +133,7 @@ bool java_bytecode_languaget::parse(
   const std::string &path)
 {
   java_class_loader.set_message_handler(get_message_handler());
+  java_class_loader.set_java_cp_include_files(java_cp_include_files);
 
   // look at extension
   if(has_suffix(path, ".class"))
diff --git a/src/java_bytecode/java_bytecode_language.h b/src/java_bytecode/java_bytecode_language.h
index 48f45e2d39e..b3bdc8a5aa1 100644
--- a/src/java_bytecode/java_bytecode_language.h
+++ b/src/java_bytecode/java_bytecode_language.h
@@ -105,6 +105,7 @@ class java_bytecode_languaget:public languaget
   lazy_methodst lazy_methods;
   lazy_methods_modet lazy_methods_mode;
   bool string_refinement_enabled;
+  std::string java_cp_include_files;
 };
 
 languaget *new_java_bytecode_language();
diff --git a/src/java_bytecode/java_class_loader.h b/src/java_bytecode/java_class_loader.h
index b2a4953445a..8e8f5c5b82c 100644
--- a/src/java_bytecode/java_class_loader.h
+++ b/src/java_bytecode/java_class_loader.h
@@ -20,6 +20,10 @@ class java_class_loadert:public messaget
 {
 public:
   java_bytecode_parse_treet &operator()(const irep_idt &);
+  void set_java_cp_include_files(std::string &java_cp_include_files)
+  {
+    jar_pool.set_java_cp_include_files(java_cp_include_files);
+  }
 
   // maps class names to the parse trees
   typedef std::map<irep_idt, java_bytecode_parse_treet> class_mapt;

From 6de183b7d18be96916ac713a122aba47d8eefef1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Matthias=20G=C3=BCdemann?= <matthias.guedemann@diffblue.com>
Date: Tue, 7 Mar 2017 13:04:24 +0100
Subject: [PATCH 115/699] support class load configuration via JSON file

e.g.

```
{
  "jar":
  [
    "A.jar",
    "B.jar"
  ],
  "classFiles":
  [
    "jarfile3$A.class",
    "jarfile3.class"
  ]
}
```
---
 src/cbmc/Makefile                     |  4 +--
 src/cbmc/cbmc_parse_options.cpp       |  2 +-
 src/cegis/Makefile                    |  4 +--
 src/goto-cc/Makefile                  |  3 +-
 src/goto-diff/Makefile                |  3 +-
 src/goto-instrument/Makefile          |  3 +-
 src/java_bytecode/jar_file.cpp        | 50 ++++++++++++++++++++++-----
 src/java_bytecode/jar_file.h          |  6 ++--
 src/java_bytecode/java_class_loader.h |  1 +
 src/symex/Makefile                    |  3 +-
 10 files changed, 60 insertions(+), 19 deletions(-)

diff --git a/src/cbmc/Makefile b/src/cbmc/Makefile
index 4fdb5338e41..8132097565c 100644
--- a/src/cbmc/Makefile
+++ b/src/cbmc/Makefile
@@ -28,8 +28,8 @@ OBJ += ../ansi-c/ansi-c$(LIBEXT) \
       ../assembler/assembler$(LIBEXT) \
       ../solvers/solvers$(LIBEXT) \
       ../util/util$(LIBEXT) \
-      ../json/json$(LIBEXT) \
-      ../miniz/miniz$(OBJEXT)
+      ../miniz/miniz$(OBJEXT) \
+      ../json/json$(LIBEXT)
 
 INCLUDES= -I ..
 
diff --git a/src/cbmc/cbmc_parse_options.cpp b/src/cbmc/cbmc_parse_options.cpp
index 069034fa7a6..4c080b10ceb 100644
--- a/src/cbmc/cbmc_parse_options.cpp
+++ b/src/cbmc/cbmc_parse_options.cpp
@@ -1158,7 +1158,7 @@ void cbmc_parse_optionst::help()
     // NOLINTNEXTLINE(whitespace/line_length)
     " --java-max-vla-length        limit the length of user-code-created arrays\n"
     // NOLINTNEXTLINE(whitespace/line_length)
-    " --java-cp-include-files      regexp of class files to load\n"
+    " --java-cp-include-files      regexp or JSON list of files to load (with '@' prefix)\n"
     " --java-unwind-enum-static    try to unwind loops in static initialization of enums\n"
     "\n"
     "Semantic transformations:\n"
diff --git a/src/cegis/Makefile b/src/cegis/Makefile
index be519a9e8a1..f1a38ce4915 100644
--- a/src/cegis/Makefile
+++ b/src/cegis/Makefile
@@ -116,8 +116,8 @@ OBJ += ../ansi-c/ansi-c$(LIBEXT) \
       ../cbmc/cbmc_dimacs$(OBJEXT) ../cbmc/all_properties$(OBJEXT) \
       ../cbmc/fault_localization$(OBJEXT) \
       ../cbmc/symex_coverage$(OBJEXT) \
-      ../json/json$(LIBEXT) \
-      ../miniz/miniz$(OBJEXT)
+      ../miniz/miniz$(OBJEXT) \
+      ../json/json$(LIBEXT)
 
 INCLUDES= -I ..
 
diff --git a/src/goto-cc/Makefile b/src/goto-cc/Makefile
index 04261db95f0..3079e7ebb00 100644
--- a/src/goto-cc/Makefile
+++ b/src/goto-cc/Makefile
@@ -14,7 +14,8 @@ OBJ += ../big-int/big-int$(LIBEXT) \
       ../xmllang/xmllang$(LIBEXT) \
       ../assembler/assembler$(LIBEXT) \
       ../langapi/langapi$(LIBEXT) \
-      ../miniz/miniz$(OBJEXT)
+      ../miniz/miniz$(OBJEXT) \
+      ../json/json$(LIBEXT)
 
 INCLUDES= -I ..
 
diff --git a/src/goto-diff/Makefile b/src/goto-diff/Makefile
index c003d0c96b0..fd18897aaea 100644
--- a/src/goto-diff/Makefile
+++ b/src/goto-diff/Makefile
@@ -14,7 +14,8 @@ OBJ += ../ansi-c/ansi-c$(LIBEXT) \
       ../xmllang/xmllang$(LIBEXT) \
       ../util/util$(LIBEXT) \
       ../solvers/solvers$(LIBEXT) \
-      ../miniz/miniz$(OBJEXT)
+      ../miniz/miniz$(OBJEXT) \
+      ../json/json$(LIBEXT)
 
 INCLUDES= -I ..
 
diff --git a/src/goto-instrument/Makefile b/src/goto-instrument/Makefile
index 571bdf90eb9..b706e789c29 100644
--- a/src/goto-instrument/Makefile
+++ b/src/goto-instrument/Makefile
@@ -39,7 +39,8 @@ OBJ += ../ansi-c/ansi-c$(LIBEXT) \
       ../util/util$(LIBEXT) \
       ../json/json$(LIBEXT) \
       ../solvers/solvers$(LIBEXT) \
-      ../miniz/miniz$(OBJEXT)
+      ../miniz/miniz$(OBJEXT) \
+      ../json/json$(LIBEXT)
 
 INCLUDES= -I ..
 
diff --git a/src/java_bytecode/jar_file.cpp b/src/java_bytecode/jar_file.cpp
index f7cb0726494..0f45af67d33 100644
--- a/src/java_bytecode/jar_file.cpp
+++ b/src/java_bytecode/jar_file.cpp
@@ -8,10 +8,11 @@ Author: Daniel Kroening, kroening@kroening.com
 
 #include <cstring>
 #include <cassert>
-#include <sstream>
+#include <json/json_parser.h>
+#include <unordered_set>
 #include "jar_file.h"
 #include <util/suffix.h>
-
+#include <iostream>
 /*******************************************************************\
 
 Function: jar_filet::open
@@ -24,7 +25,9 @@ Function: jar_filet::open
 
 \*******************************************************************/
 
-void jar_filet::open(std::string &java_cp_include_files, const std::string &filename)
+void jar_filet::open(
+  std::string &java_cp_include_files,
+  const std::string &filename)
 {
   if(!mz_ok)
   {
@@ -35,6 +38,32 @@ void jar_filet::open(std::string &java_cp_include_files, const std::string &file
 
   if(mz_ok)
   {
+    // '@' signals file reading with list of class files to load
+    bool regex_match=java_cp_include_files[0]!='@';
+    std::regex regex_matcher;
+    std::smatch string_matcher;
+    std::unordered_set<std::string> set_matcher;
+    jsont json_cp_config;
+    if(regex_match)
+      regex_matcher=std::regex(java_cp_include_files);
+    else
+    {
+      assert(java_cp_include_files.length()>1);
+      if(parse_json(
+           java_cp_include_files.substr(1),
+           get_message_handler(),
+           json_cp_config))
+        throw "cannot read JSON input configuration for JAR loading";
+      assert(json_cp_config.is_object() && "JSON has wrong format");
+      jsont include_files=json_cp_config["classFiles"];
+      assert(include_files.is_array() && "JSON has wrong format");
+      for(const jsont &file_entry : include_files.array)
+      {
+        assert(file_entry.is_string());
+        set_matcher.insert(file_entry.value);
+      }
+    }
+
     std::size_t number_of_files=
       mz_zip_reader_get_num_files(&zip);
 
@@ -47,11 +76,16 @@ void jar_filet::open(std::string &java_cp_include_files, const std::string &file
         mz_zip_reader_get_filename(&zip, i, filename_char, filename_length);
       assert(filename_length==filename_len);
       std::string file_name(filename_char);
-      std::smatch string_matcher;
-      std::regex matcher(java_cp_include_files);
-      // load .class files only if they match regex
-      if(std::regex_match(file_name, string_matcher, matcher) ||
-         !has_suffix(file_name, ".class"))
+
+      // non-class files are loaded in any case
+      bool add_file=!has_suffix(file_name, ".class");
+      // load .class file only if they match regex
+      if(regex_match)
+        add_file|=std::regex_match(file_name, string_matcher, regex_matcher);
+      // load .class file only if it is in the match set
+      else
+        add_file|=set_matcher.count(file_name)>0;
+      if(add_file)
       {
         index.push_back(file_name);
         filtered_jar[filtered_index]=i;
diff --git a/src/java_bytecode/jar_file.h b/src/java_bytecode/jar_file.h
index 7670cbf6a8b..a1ff04bb933 100644
--- a/src/java_bytecode/jar_file.h
+++ b/src/java_bytecode/jar_file.h
@@ -16,8 +16,9 @@ Author: Daniel Kroening, kroening@kroening.com
 #include <vector>
 #include <map>
 #include <regex>
+#include <util/message.h>
 
-class jar_filet
+class jar_filet:public messaget
 {
 public:
   jar_filet():mz_ok(false) { }
@@ -48,7 +49,7 @@ class jar_filet
   std::map<int, int> index_map;
 };
 
-class jar_poolt
+class jar_poolt:public messaget
 {
 public:
   void set_java_cp_include_files(std::string &_java_cp_include_files)
@@ -62,6 +63,7 @@ class jar_poolt
     if(it==file_map.end())
     {
       jar_filet &jar_file=file_map[file_name];
+      jar_file.set_message_handler(get_message_handler());
       jar_file.open(java_cp_include_files, file_name);
       return jar_file;
     }
diff --git a/src/java_bytecode/java_class_loader.h b/src/java_bytecode/java_class_loader.h
index 8e8f5c5b82c..e76d5894860 100644
--- a/src/java_bytecode/java_class_loader.h
+++ b/src/java_bytecode/java_class_loader.h
@@ -23,6 +23,7 @@ class java_class_loadert:public messaget
   void set_java_cp_include_files(std::string &java_cp_include_files)
   {
     jar_pool.set_java_cp_include_files(java_cp_include_files);
+    jar_pool.set_message_handler(get_message_handler());
   }
 
   // maps class names to the parse trees
diff --git a/src/symex/Makefile b/src/symex/Makefile
index e152b2461bf..51b672e7a72 100644
--- a/src/symex/Makefile
+++ b/src/symex/Makefile
@@ -18,7 +18,8 @@ OBJ += ../ansi-c/ansi-c$(LIBEXT) \
        ../goto-instrument/cover$(OBJEXT) \
        ../json/json$(LIBEXT) \
        ../path-symex/path-symex$(LIBEXT) \
-       ../miniz/miniz$(OBJEXT)
+       ../miniz/miniz$(OBJEXT) \
+       ../json/json$(LIBEXT)
 
 INCLUDES= -I ..
 

From 898ba0c1e9a549a9c740b756331f9b1cce62d6a9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Matthias=20G=C3=BCdemann?= <matthias.guedemann@diffblue.com>
Date: Tue, 7 Mar 2017 13:32:27 +0100
Subject: [PATCH 116/699] add jars from JSON config to classpath

---
 src/java_bytecode/java_bytecode_language.cpp | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/src/java_bytecode/java_bytecode_language.cpp b/src/java_bytecode/java_bytecode_language.cpp
index 22f15aa8447..620b3c17129 100644
--- a/src/java_bytecode/java_bytecode_language.cpp
+++ b/src/java_bytecode/java_bytecode_language.cpp
@@ -13,6 +13,7 @@ Author: Daniel Kroening, kroening@kroening.com
 #include <util/config.h>
 #include <util/cmdline.h>
 #include <util/string2int.h>
+#include <json/json_parser.h>
 
 #include <goto-programs/class_hierarchy.h>
 
@@ -59,6 +60,25 @@ void java_bytecode_languaget::get_language_options(const cmdlinet &cmd)
     java_cp_include_files=cmd.get_value("java-cp-include-files");
   else
     java_cp_include_files=".*";
+  // load file list from JSON file
+  if(java_cp_include_files[0]=='@')
+  {
+    jsont json_cp_config;
+    if(parse_json(
+         java_cp_include_files.substr(1),
+         get_message_handler(),
+         json_cp_config))
+      throw "cannot read JSON input configuration for JAR loading";
+    assert(json_cp_config.is_object() && "JSON has wrong format");
+    jsont include_files=json_cp_config["jar"];
+    assert(include_files.is_array() && "JSON has wrong format");
+    // add jars from JSON config file to classpath
+    for(const jsont &file_entry : include_files.array)
+    {
+      assert(file_entry.is_string() && has_suffix(file_entry.value, ".jar"));
+      config.java.classpath.push_back(file_entry.value);
+    }
+  }
 }
 
 /*******************************************************************\

From 52952bb688f6dad6e8492dc11bfcc39cff7c471a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Matthias=20G=C3=BCdemann?= <matthias.guedemann@diffblue.com>
Date: Tue, 7 Mar 2017 14:51:08 +0100
Subject: [PATCH 117/699] add regression test

---
 regression/cbmc-java/jar-file4/A.jar     | Bin 0 -> 721 bytes
 regression/cbmc-java/jar-file4/B.jar     | Bin 0 -> 721 bytes
 regression/cbmc-java/jar-file4/C.jar     | Bin 0 -> 934 bytes
 regression/cbmc-java/jar-file4/jar.json  |  12 ++++++++++++
 regression/cbmc-java/jar-file4/test.desc |  10 ++++++++++
 5 files changed, 22 insertions(+)
 create mode 100644 regression/cbmc-java/jar-file4/A.jar
 create mode 100644 regression/cbmc-java/jar-file4/B.jar
 create mode 100644 regression/cbmc-java/jar-file4/C.jar
 create mode 100644 regression/cbmc-java/jar-file4/jar.json
 create mode 100644 regression/cbmc-java/jar-file4/test.desc

diff --git a/regression/cbmc-java/jar-file4/A.jar b/regression/cbmc-java/jar-file4/A.jar
new file mode 100644
index 0000000000000000000000000000000000000000..e721e6f32f945341ca9aafca44a794bb16cfeb02
GIT binary patch
literal 721
zcmWIWW@Zs#;Nak3$Pf4PVn70%3@i-3t|5-Po_=on|4uP5Ff#;rvvYt{FhP|C;M6Pv
zQ~}rQ>*(j{<{BKL=j-;__snS@Z(Y5MyxzK6=gyqp9At3C_`%a6JuhD!Pv48Bt5`TA
zUPvC1mXg%U_#v*U_I!z!#dC4dC*rEp7_Mf2D*9N&2zG^l;4&o_pdGG2jBrIdnim9s
zvRR2mX_+~x#ww0_$vKI|#jgIo-iI9oYA>t!?p9O#8lCUNZ`vBR!Q6F1Q-DTQz@Ge9
ztE3-^O$zxFE!Xwnp!|b=p>*bhhozrA-fM1bzd!yygPO&wL#{dx7N&33mAAJ0#`)#k
z48dDhyY+rAXE8jV@^MLVY1z5E+_@#Co*eA|-%e(4vW~UWax%H@c6Uu&aOj=WCeQnJ
zM6c^=-F0mnhxA#E$@xYO>~|TM*coqqsFg9=oA_n@4?Z^oV>i*uG1Hc6ac&gtE6$vE
ze0%0HG0}sPH<+z@1&;seJ8r*CB8U6P#@HjG)}OZV_A!P#r$zWp;kmxxiSXJZv4?-I
z=u~tM?3bNZH7EDlG{JALIO}_I-!%OL2i}6vmH++&gC>v>6nKnGA`GZ002aNV6o3lg
zQ3^^A=vtBE1Qh=WU<+izwIZbkWD`JfhwLy=+#$eWAQL?%1H4(;Kq{Dla5snnb~gZw
CHqIXa

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/jar-file4/B.jar b/regression/cbmc-java/jar-file4/B.jar
new file mode 100644
index 0000000000000000000000000000000000000000..d381e413e74f2aa5d1f92381ec7fe608679b7e81
GIT binary patch
literal 721
zcmWIWW@Zs#;Nak3C=U1YVn70%3@i-3t|5-Po_=on|4uP5Ff#;rvvYt{FhP|C;M6Pv
zQ~}rQ>*(j{<{BKL=j-;__snS@Z(Y5MyxzK6=gyqp9At3C_`%a6JuhD!Pv48Bt5`TA
zUPvC1mXg%U_#v*U_I!z!#dC4dC*rEp7_Mf2D*9N&2zG^l;4&o_pdGG2jBrIdnim9s
zvRR2mX_+~x#wt#F$vKI|#jgIo-iI9oYA-Lln|61`kH3Y&RVy^NG~E;77i)34*!-wA
zIQ*_aut(6x{7Q``_WA~UuQ|Ld{P{Ebzu!Ca=TBWNv&G?s{QMJL*roMui`)>qp?twQ
z+3Q7^{<b&s1)k_!Jv#a9nU|L3`Z;;4y`2nx<jdO&>^b@9qQIe<XV0GfWNLVHub<Jo
z6T6RYnlU^3b=QK6Jwbn$iB^3ORrw~mOMr>pCtu>P_P*wY%PRA_JeQrmG^OPP=kb~6
z<{#hgne|L`p=|;C7b(TQA9MNs-$>e^E8v<Z82;wO?Q0fV>)Or~%rTH#=kQTIYU6gN
z-;34QWKwO#biP_fuh(^cb4~c4MDz{Dzl@+Lv^lv+>OU}O0vSPp$H*kYfSLke(F;le
zr~n?Np!9&Q6**2o@s9wuKqg!(Qffdp0Tg%04g<v<0vrZ1(PJ{eo0Scuf*A;RgBW0U
F0{|L0({um;

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/jar-file4/C.jar b/regression/cbmc-java/jar-file4/C.jar
new file mode 100644
index 0000000000000000000000000000000000000000..e318db6c41337660e8f6b907e09fa5681d712f70
GIT binary patch
literal 934
zcmWIWW@Zs#;Nak3Fpcx`Vn70%3@i-3t|5-Po_=on|4uP5Ff#;rvvYt{FhP|C;M6Pv
zQ~}rQ>*(j{<{BKL=j-;__snS@Z(Y5MyxzK6=gyqp9At3C_`%a6JuhD!Pv48Bt5`TA
zUPvC1mXg%U_#v*U_I!z!#dC4dC*rEp7_Mf2D*9N&2zG^l;4&o_pdGG2jBv&AXjCuo
z0cEoii_$W4QjPVJa}tY-eS>2Cg&jp~H{UJWEkD(1={5c%UKd##XPubMqPxOV*iOzs
z?ZdWQ_RU-K&c3<!BL3k~_xYhpoxWf0{$KL(%&8!`v}fmbK0jw!o>uq&??>SSR&rJv
ziT4i4va`JsduL@3xcy<$LA6U8HoRESQ90Yd{JYGZ_WVRohaAp|w;GeOss)a0?BU$X
zqQ$#6(9@#lQF@|G3EQUQXC^u%D)$^p308QnzgNg$d%LZs!B%0nqWmx0l&^aGs(qi~
zxqq$Y(q@$x`)=~yTdKKhiDTm<xAKCzDa8gdE7#QszB&|SA8@=!Ztd6R?~UzT>n2TX
z?49N|O<y@$ZkgfZhm2t?S-VzPaxA)jHtgEL;-zg}O_8mwq5RnyTvOEF{Pl}36F&9Z
zTJrryGkv>)EjJ&w%(^$lVXOM%fRp!H`EL8T6;>I$ulW4QyGAB(U1oJpk-#p=bDQs+
zEfkIUd^%kq-b66;T&u{H$5L6(uk`Df?zEFUY@uSi-MVdM^PhX+B7OmpmaVCEP1bH7
zKk$58|Nq4+%{ix6h#3Y=)cQ1M{efd5bEiJM{7`N2YZqII`Y-o)BtCqm^Z(3R?&Ggl
z>Lyej`^)#fWzzh_XZsc!SXvaX=RbA$!#pmvXP3U@W;IH&MHjAIYpl2Rs68lU{uE0H
zyurx8a1@w41H2iTL>N#LHZ0YG5;iJ;r&LffN7ss+)IiA^0c?RxxK^Y@j%)%bNg_K8
clq3=0Fp!CwKm)v4*+BBlK)4e~UkAGy09`dfUjP6A

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/jar-file4/jar.json b/regression/cbmc-java/jar-file4/jar.json
new file mode 100644
index 00000000000..09df8008b8c
--- /dev/null
+++ b/regression/cbmc-java/jar-file4/jar.json
@@ -0,0 +1,12 @@
+{
+  "jar":
+  [
+    "A.jar",
+    "B.jar"
+  ],
+  "classFiles":
+  [
+    "jarfile3$A.class",
+    "jarfile3.class"
+  ]
+}
diff --git a/regression/cbmc-java/jar-file4/test.desc b/regression/cbmc-java/jar-file4/test.desc
new file mode 100644
index 00000000000..5c34bdcd5a8
--- /dev/null
+++ b/regression/cbmc-java/jar-file4/test.desc
@@ -0,0 +1,10 @@
+CORE
+C.jar
+--function jarfile3.f --java-cp-include-files "@jar.json"
+^EXIT=10$
+^SIGNAL=0$
+.*SUCCESS$
+.*FAILURE$
+^VERIFICATION FAILED
+--
+^warning: ignoring

From aec47b7000f45ea5f5f0986b93853e2942810c88 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Matthias=20G=C3=BCdemann?= <matthias.guedemann@diffblue.com>
Date: Fri, 10 Mar 2017 11:18:52 +0100
Subject: [PATCH 118/699] take comments into account

---
 src/java_bytecode/jar_file.cpp               | 14 ++++---
 src/java_bytecode/jar_file.h                 |  9 ++--
 src/java_bytecode/java_bytecode_language.cpp | 43 ++++++++++++--------
 src/java_bytecode/java_class_loader.h        |  1 +
 4 files changed, 38 insertions(+), 29 deletions(-)

diff --git a/src/java_bytecode/jar_file.cpp b/src/java_bytecode/jar_file.cpp
index 0f45af67d33..0980e1466ea 100644
--- a/src/java_bytecode/jar_file.cpp
+++ b/src/java_bytecode/jar_file.cpp
@@ -8,11 +8,11 @@ Author: Daniel Kroening, kroening@kroening.com
 
 #include <cstring>
 #include <cassert>
-#include <json/json_parser.h>
 #include <unordered_set>
-#include "jar_file.h"
+
+#include <json/json_parser.h>
 #include <util/suffix.h>
-#include <iostream>
+#include "jar_file.h"
 /*******************************************************************\
 
 Function: jar_filet::open
@@ -54,9 +54,11 @@ void jar_filet::open(
            get_message_handler(),
            json_cp_config))
         throw "cannot read JSON input configuration for JAR loading";
-      assert(json_cp_config.is_object() && "JSON has wrong format");
+      if(!json_cp_config.is_object())
+        throw "the JSON file has a wrong format";
       jsont include_files=json_cp_config["classFiles"];
-      assert(include_files.is_array() && "JSON has wrong format");
+      if(!include_files.is_array())
+        throw "the JSON file has a wrong format";
       for(const jsont &file_entry : include_files.array)
       {
         assert(file_entry.is_string());
@@ -84,7 +86,7 @@ void jar_filet::open(
         add_file|=std::regex_match(file_name, string_matcher, regex_matcher);
       // load .class file only if it is in the match set
       else
-        add_file|=set_matcher.count(file_name)>0;
+        add_file|=set_matcher.find(file_name)!=set_matcher.end();
       if(add_file)
       {
         index.push_back(file_name);
diff --git a/src/java_bytecode/jar_file.h b/src/java_bytecode/jar_file.h
index a1ff04bb933..c168b8b4199 100644
--- a/src/java_bytecode/jar_file.h
+++ b/src/java_bytecode/jar_file.h
@@ -22,14 +22,13 @@ class jar_filet:public messaget
 {
 public:
   jar_filet():mz_ok(false) { }
-  inline explicit jar_filet(const std::string &file_name) { }
 
   ~jar_filet();
 
   void open(std::string &java_cp_include_files, const std::string &);
 
   // Test for error; 'true' means we are good.
-  inline explicit operator bool() const { return mz_ok; }
+  explicit operator bool() const { return mz_ok; }
 
   typedef std::vector<std::string> indext;
   indext index;
@@ -45,8 +44,6 @@ class jar_filet:public messaget
 protected:
   mz_zip_archive zip;
   bool mz_ok;
-  std::string matcher;
-  std::map<int, int> index_map;
 };
 
 class jar_poolt:public messaget
@@ -56,9 +53,11 @@ class jar_poolt:public messaget
   {
     java_cp_include_files=_java_cp_include_files;
   }
+
   jar_filet &operator()(const std::string &file_name)
   {
-    assert(!java_cp_include_files.empty() && "class regexp cannot be empty");
+    if(java_cp_include_files.empty())
+      throw "class regexp cannot be empty";
     file_mapt::iterator it=file_map.find(file_name);
     if(it==file_map.end())
     {
diff --git a/src/java_bytecode/java_bytecode_language.cpp b/src/java_bytecode/java_bytecode_language.cpp
index 620b3c17129..9faa16f676a 100644
--- a/src/java_bytecode/java_bytecode_language.cpp
+++ b/src/java_bytecode/java_bytecode_language.cpp
@@ -56,29 +56,36 @@ void java_bytecode_languaget::get_language_options(const cmdlinet &cmd)
     lazy_methods_mode=LAZY_METHODS_MODE_CONTEXT_INSENSITIVE;
   else
     lazy_methods_mode=LAZY_METHODS_MODE_EAGER;
+
   if(cmd.isset("java-cp-include-files"))
-    java_cp_include_files=cmd.get_value("java-cp-include-files");
-  else
-    java_cp_include_files=".*";
-  // load file list from JSON file
-  if(java_cp_include_files[0]=='@')
   {
-    jsont json_cp_config;
-    if(parse_json(
-         java_cp_include_files.substr(1),
-         get_message_handler(),
-         json_cp_config))
-      throw "cannot read JSON input configuration for JAR loading";
-    assert(json_cp_config.is_object() && "JSON has wrong format");
-    jsont include_files=json_cp_config["jar"];
-    assert(include_files.is_array() && "JSON has wrong format");
-    // add jars from JSON config file to classpath
-    for(const jsont &file_entry : include_files.array)
+    java_cp_include_files=cmd.get_value("java-cp-include-files");
+    // load file list from JSON file
+    if(java_cp_include_files[0]=='@')
     {
-      assert(file_entry.is_string() && has_suffix(file_entry.value, ".jar"));
-      config.java.classpath.push_back(file_entry.value);
+      jsont json_cp_config;
+      if(parse_json(
+           java_cp_include_files.substr(1),
+           get_message_handler(),
+           json_cp_config))
+        throw "cannot read JSON input configuration for JAR loading";
+
+      if(!json_cp_config.is_object())
+        throw "the JSON file has a wrong format";
+      jsont include_files=json_cp_config["jar"];
+      if(!include_files.is_array())
+         throw "the JSON file has a wrong format";
+
+      // add jars from JSON config file to classpath
+      for(const jsont &file_entry : include_files.array)
+      {
+        assert(file_entry.is_string() && has_suffix(file_entry.value, ".jar"));
+        config.java.classpath.push_back(file_entry.value);
+      }
     }
   }
+  else
+    java_cp_include_files=".*";
 }
 
 /*******************************************************************\
diff --git a/src/java_bytecode/java_class_loader.h b/src/java_bytecode/java_class_loader.h
index e76d5894860..dfd57ac9ac7 100644
--- a/src/java_bytecode/java_class_loader.h
+++ b/src/java_bytecode/java_class_loader.h
@@ -20,6 +20,7 @@ class java_class_loadert:public messaget
 {
 public:
   java_bytecode_parse_treet &operator()(const irep_idt &);
+
   void set_java_cp_include_files(std::string &java_cp_include_files)
   {
     jar_pool.set_java_cp_include_files(java_cp_include_files);

From 039ac4d8cade36ed90d0fb532c4bfe109e673893 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Matthias=20G=C3=BCdemann?= <matthias.guedemann@diffblue.com>
Date: Fri, 10 Mar 2017 14:10:38 +0100
Subject: [PATCH 119/699] change from vector indices to map

---
 src/java_bytecode/jar_file.cpp          | 36 +++++++++----------------
 src/java_bytecode/jar_file.h            |  6 ++---
 src/java_bytecode/java_class_loader.cpp | 11 ++++----
 src/java_bytecode/java_class_loader.h   |  2 +-
 4 files changed, 20 insertions(+), 35 deletions(-)

diff --git a/src/java_bytecode/jar_file.cpp b/src/java_bytecode/jar_file.cpp
index 0980e1466ea..07d7719e500 100644
--- a/src/java_bytecode/jar_file.cpp
+++ b/src/java_bytecode/jar_file.cpp
@@ -69,7 +69,6 @@ void jar_filet::open(
     std::size_t number_of_files=
       mz_zip_reader_get_num_files(&zip);
 
-    size_t filtered_index=0;
     for(std::size_t i=0; i<number_of_files; i++)
     {
       mz_uint filename_length=mz_zip_reader_get_filename(&zip, i, nullptr, 0);
@@ -89,9 +88,10 @@ void jar_filet::open(
         add_file|=set_matcher.find(file_name)!=set_matcher.end();
       if(add_file)
       {
-        index.push_back(file_name);
-        filtered_jar[filtered_index]=i;
-        filtered_index++;
+        if(has_suffix(file_name, ".class"))
+          status() << "read class file " << file_name
+                   << " from " << filename << eom;
+        filtered_jar[file_name]=i;
       }
       delete[] filename_char;
     }
@@ -131,16 +131,17 @@ Function: jar_filet::get_entry
 
 \*******************************************************************/
 
-std::string jar_filet::get_entry(std::size_t i)
+std::string jar_filet::get_entry(const irep_idt &name)
 {
   if(!mz_ok)
     return std::string("");
 
-  assert(i<index.size());
-
   std::string dest;
 
-  size_t real_index=filtered_jar[i];
+  auto entry=filtered_jar.find(name);
+  assert(entry!=filtered_jar.end());
+
+  size_t real_index=entry->second;
   mz_zip_archive_file_stat file_stat;
   memset(&file_stat, 0, sizeof(file_stat));
   mz_bool stat_ok=mz_zip_reader_file_stat(&zip, real_index, &file_stat);
@@ -173,24 +174,11 @@ Function: jar_filet::get_manifest
 
 jar_filet::manifestt jar_filet::get_manifest()
 {
-  std::size_t i=0;
-  bool found=false;
-
-  for(const auto &e : index)
-  {
-    if(e=="META-INF/MANIFEST.MF")
-    {
-      found=true;
-      break;
-    }
-
-    i++;
-  }
-
-  if(!found)
+  auto entry=filtered_jar.find("META-INF/MANIFEST.MF");
+  if(entry==filtered_jar.end())
     return manifestt();
 
-  std::string dest=get_entry(i);
+  std::string dest=get_entry(entry->first);
   std::istringstream in(dest);
 
   manifestt manifest;
diff --git a/src/java_bytecode/jar_file.h b/src/java_bytecode/jar_file.h
index c168b8b4199..9407e711128 100644
--- a/src/java_bytecode/jar_file.h
+++ b/src/java_bytecode/jar_file.h
@@ -30,13 +30,11 @@ class jar_filet:public messaget
   // Test for error; 'true' means we are good.
   explicit operator bool() const { return mz_ok; }
 
-  typedef std::vector<std::string> indext;
-  indext index;
   // map internal index to real index in jar central directory
-  typedef std::map<int, int> filtered_jart;
+  typedef std::map<irep_idt, size_t> filtered_jart;
   filtered_jart filtered_jar;
 
-  std::string get_entry(std::size_t i);
+  std::string get_entry(const irep_idt &);
 
   typedef std::map<std::string, std::string> manifestt;
   manifestt get_manifest();
diff --git a/src/java_bytecode/java_class_loader.cpp b/src/java_bytecode/java_class_loader.cpp
index dc4330aa00c..c8e6bbf5bb4 100644
--- a/src/java_bytecode/java_class_loader.cpp
+++ b/src/java_bytecode/java_class_loader.cpp
@@ -98,7 +98,7 @@ java_bytecode_parse_treet &java_class_loadert::get_parse_tree(
       debug() << "Getting class `" << class_name << "' from JAR "
               << jf << eom;
 
-      std::string data=jar_pool(jf).get_entry(jm_it->second.index);
+      std::string data=jar_pool(jf).get_entry(jm_it->second.class_file_name);
 
       std::istringstream istream(data);
 
@@ -129,7 +129,7 @@ java_bytecode_parse_treet &java_class_loadert::get_parse_tree(
         debug() << "Getting class `" << class_name << "' from JAR "
                 << cp << eom;
 
-        std::string data=jar_pool(cp).get_entry(jm_it->second.index);
+        std::string data=jar_pool(cp).get_entry(jm_it->second.class_file_name);
 
         std::istringstream istream(data);
 
@@ -223,11 +223,10 @@ void java_class_loadert::read_jar_file(const irep_idt &file)
   debug() << "adding JAR file `" << file << "'" << eom;
 
   auto &jm=jar_map[file];
-  std::size_t number_of_files=jar_file.index.size();
 
-  for(std::size_t i=0; i<number_of_files; i++)
+  for(auto &jar_entry : jar_file.filtered_jar)
   {
-    std::string file_name=jar_file.index[i];
+    std::string file_name=id2string(jar_entry.first);
 
     // does it end on .class?
     if(has_suffix(file_name, ".class"))
@@ -235,7 +234,7 @@ void java_class_loadert::read_jar_file(const irep_idt &file)
       irep_idt class_name=file_to_class_name(file_name);
 
       // record
-      jm.entries[class_name].index=i;
+      jm.entries[class_name].class_file_name=file_name;
     }
   }
 }
diff --git a/src/java_bytecode/java_class_loader.h b/src/java_bytecode/java_class_loader.h
index dfd57ac9ac7..7a8f6da2b5c 100644
--- a/src/java_bytecode/java_class_loader.h
+++ b/src/java_bytecode/java_class_loader.h
@@ -48,7 +48,7 @@ class java_class_loadert:public messaget
   public:
     struct entryt
     {
-      std::size_t index;
+      std::string class_file_name;
     };
 
     // class name to index map

From db2858718d897a0013636b5440ffff2dbf3f2827 Mon Sep 17 00:00:00 2001
From: "Robert (Jamie) Munro" <jamie@diffblue.com>
Date: Thu, 16 Feb 2017 16:36:33 +0000
Subject: [PATCH 120/699] Explore matching nested bracketed stuff

---
 scripts/cpplint.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/scripts/cpplint.py b/scripts/cpplint.py
index 3d457bb4113..62c2f93b09b 100755
--- a/scripts/cpplint.py
+++ b/scripts/cpplint.py
@@ -552,7 +552,9 @@
   "Missing space before {": r's/\([^ ]\){/\1 {/',
   "Tab found, replace by spaces": r's/\t/  /',
   "Line ends in whitespace.  Consider deleting these extra spaces.": r's/\s*$//',
-  #"Redundant blank line at the end of a code block should be deleted.": "d", # messes up line numbers for other errors.
+  # "Statement after an if should be on a new line": r's/^\(\s*\)if *\(([^()]*)\) *\(.*\)$/\1if\2\n\1  \3/', # Single layer of nested bracets
+  # "Statement after an if should be on a new line": r's/^\(\s*\)if *\((\([^()]\|([^()]*)\)*)\) *\(.*\)$/\1if\2\n\1  \4/', # Max 2 layers of nested bracets; messes up line numbers for other errors.
+  # "Redundant blank line at the end of a code block should be deleted.": "d", # messes up line numbers for other errors.
 }
 
 _regexp_compile_cache = {}

From 32f91b828f2df865407f3712eb714a039c8b9d2d Mon Sep 17 00:00:00 2001
From: "Robert (Jamie) Munro" <jamie@diffblue.com>
Date: Mon, 20 Feb 2017 00:50:11 +0000
Subject: [PATCH 121/699] Fix ; after } errors

---
 scripts/cpplint.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/scripts/cpplint.py b/scripts/cpplint.py
index 62c2f93b09b..94b30c3851a 100755
--- a/scripts/cpplint.py
+++ b/scripts/cpplint.py
@@ -552,6 +552,7 @@
   "Missing space before {": r's/\([^ ]\){/\1 {/',
   "Tab found, replace by spaces": r's/\t/  /',
   "Line ends in whitespace.  Consider deleting these extra spaces.": r's/\s*$//',
+  "You don't need a ; after a }": r's/};/}/',
   # "Statement after an if should be on a new line": r's/^\(\s*\)if *\(([^()]*)\) *\(.*\)$/\1if\2\n\1  \3/', # Single layer of nested bracets
   # "Statement after an if should be on a new line": r's/^\(\s*\)if *\((\([^()]\|([^()]*)\)*)\) *\(.*\)$/\1if\2\n\1  \4/', # Max 2 layers of nested bracets; messes up line numbers for other errors.
   # "Redundant blank line at the end of a code block should be deleted.": "d", # messes up line numbers for other errors.

From 0f69c9341527461005efe95dbbe92d75f1176201 Mon Sep 17 00:00:00 2001
From: "Robert (Jamie) Munro" <jamie@diffblue.com>
Date: Mon, 20 Feb 2017 11:01:20 +0000
Subject: [PATCH 122/699] Fix missing space after , errors

---
 scripts/cpplint.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/scripts/cpplint.py b/scripts/cpplint.py
index 94b30c3851a..3dfb5f4326c 100755
--- a/scripts/cpplint.py
+++ b/scripts/cpplint.py
@@ -553,6 +553,7 @@
   "Tab found, replace by spaces": r's/\t/  /',
   "Line ends in whitespace.  Consider deleting these extra spaces.": r's/\s*$//',
   "You don't need a ; after a }": r's/};/}/',
+  "Missing space after ,": r's/,\([^ ]\)/, \1/',
   # "Statement after an if should be on a new line": r's/^\(\s*\)if *\(([^()]*)\) *\(.*\)$/\1if\2\n\1  \3/', # Single layer of nested bracets
   # "Statement after an if should be on a new line": r's/^\(\s*\)if *\((\([^()]\|([^()]*)\)*)\) *\(.*\)$/\1if\2\n\1  \4/', # Max 2 layers of nested bracets; messes up line numbers for other errors.
   # "Redundant blank line at the end of a code block should be deleted.": "d", # messes up line numbers for other errors.

From f1a99f78f22018d76db6a3fd798cc6c8d05de8c3 Mon Sep 17 00:00:00 2001
From: "Robert (Jamie) Munro" <jamie@diffblue.com>
Date: Mon, 20 Feb 2017 11:13:14 +0000
Subject: [PATCH 123/699] Replace tabs globally within the line

---
 scripts/cpplint.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/cpplint.py b/scripts/cpplint.py
index 3dfb5f4326c..0c366c78a1e 100755
--- a/scripts/cpplint.py
+++ b/scripts/cpplint.py
@@ -550,7 +550,7 @@
   "Remove space before ( in switch (": "s/switch (/switch(/",
   "Should have a space between // and comment": 's/\/\//\/\/ /',
   "Missing space before {": r's/\([^ ]\){/\1 {/',
-  "Tab found, replace by spaces": r's/\t/  /',
+  "Tab found, replace by spaces": r's/\t/  /g',
   "Line ends in whitespace.  Consider deleting these extra spaces.": r's/\s*$//',
   "You don't need a ; after a }": r's/};/}/',
   "Missing space after ,": r's/,\([^ ]\)/, \1/',

From 5baa807a63b1d64168009e93e171727e0bad3c4f Mon Sep 17 00:00:00 2001
From: "Robert (Jamie) Munro" <jamie@diffblue.com>
Date: Fri, 3 Mar 2017 10:22:19 +0000
Subject: [PATCH 124/699] Add space after comma globally within the line

---
 scripts/cpplint.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/cpplint.py b/scripts/cpplint.py
index 0c366c78a1e..52350b4923f 100755
--- a/scripts/cpplint.py
+++ b/scripts/cpplint.py
@@ -553,7 +553,7 @@
   "Tab found, replace by spaces": r's/\t/  /g',
   "Line ends in whitespace.  Consider deleting these extra spaces.": r's/\s*$//',
   "You don't need a ; after a }": r's/};/}/',
-  "Missing space after ,": r's/,\([^ ]\)/, \1/',
+  "Missing space after ,": r's/,\([^ ]\)/, \1/g',
   # "Statement after an if should be on a new line": r's/^\(\s*\)if *\(([^()]*)\) *\(.*\)$/\1if\2\n\1  \3/', # Single layer of nested bracets
   # "Statement after an if should be on a new line": r's/^\(\s*\)if *\((\([^()]\|([^()]*)\)*)\) *\(.*\)$/\1if\2\n\1  \4/', # Max 2 layers of nested bracets; messes up line numbers for other errors.
   # "Redundant blank line at the end of a code block should be deleted.": "d", # messes up line numbers for other errors.

From 712f94ff89b6e04158e1867d692497863cb3cdd4 Mon Sep 17 00:00:00 2001
From: martin <martin@raphael>
Date: Fri, 10 Feb 2017 16:58:28 +0000
Subject: [PATCH 125/699] Remove the top variable from the cfg_dominator
 analysis.

This variable is not used anywhere, it is not clear what it's purpose is and in profiling it was shown to be expensive.
---
 src/analyses/cfg_dominators.h | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/src/analyses/cfg_dominators.h b/src/analyses/cfg_dominators.h
index 687d84e1416..1a4d6090f47 100644
--- a/src/analyses/cfg_dominators.h
+++ b/src/analyses/cfg_dominators.h
@@ -35,7 +35,6 @@ class cfg_dominators_templatet
 
   void operator()(P &program);
 
-  target_sett top;
   T entry_node;
 
   void output(std::ostream &) const;
@@ -101,10 +100,6 @@ template <class P, class T, bool post_dom>
 void cfg_dominators_templatet<P, T, post_dom>::initialise(P &program)
 {
   cfg(program);
-
-  // initialise top element
-  for(const auto &node : cfg.entry_map)
-    top.insert(cfg[node.second].PC);
 }
 
 /*******************************************************************\

From 0381aab5ef65158d936a2549d158cf7986ad726c Mon Sep 17 00:00:00 2001
From: Vlastimil Zeman <vlastimil.zeman@diffblue.com>
Date: Fri, 10 Mar 2017 11:58:17 +0000
Subject: [PATCH 126/699] Support for Linux based on musl-libc.

Change `#ifdef __linux__` and `#if defined(__linux__)` when it really
means *linux with glibc*. To avoid failures and be more specific
it is now adding `defined(__GLIBC__)` to check if `glibc` is present.
---
 regression/cpp/enum8/test.desc |  2 +-
 scripts/minisat-2.2.1-patch    | 12 ++++++++++++
 src/util/memory_info.cpp       |  2 +-
 3 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/regression/cpp/enum8/test.desc b/regression/cpp/enum8/test.desc
index a003b07b93c..f935f5ace1b 100644
--- a/regression/cpp/enum8/test.desc
+++ b/regression/cpp/enum8/test.desc
@@ -1,6 +1,6 @@
 CORE
 main.cpp
-
+--std=c++11
 ^EXIT=0$
 ^SIGNAL=0$
 --
diff --git a/scripts/minisat-2.2.1-patch b/scripts/minisat-2.2.1-patch
index ec0fa3e439d..f00ea308d59 100644
--- a/scripts/minisat-2.2.1-patch
+++ b/scripts/minisat-2.2.1-patch
@@ -196,3 +196,15 @@ diff -urN minisat-2.2.1/minisat/utils/ParseUtils.h minisat-2.2.1.patched/minisat
  
      int  operator *  () const { return (pos >= size) ? EOF : buf[pos]; }
      void operator ++ ()       { pos++; assureLookahead(); }
+diff -urN minisat-2.2.1/minisat/utils/System.h minisat-2.2.1.patched/minisat/utils/System.h
+--- minisat-2.2.1/minisat/utils/System.h	2017-02-21 18:23:22.727464369 +0000
++++ minisat-2.2.1.patched/minisat/utils/System.h	2017-02-21 18:23:14.451343361 +0000
+@@ -21,7 +21,7 @@
+ #ifndef Minisat_System_h
+ #define Minisat_System_h
+ 
+-#if defined(__linux__)
++#if defined(__linux__) && defined(__GLIBC__)
+ #include <fpu_control.h>
+ #endif
+ 
diff --git a/src/util/memory_info.cpp b/src/util/memory_info.cpp
index cb8b0161252..af4f2ef1d52 100644
--- a/src/util/memory_info.cpp
+++ b/src/util/memory_info.cpp
@@ -39,7 +39,7 @@ Function: memory_info
 
 void memory_info(std::ostream &out)
 {
-  #ifdef __linux__
+  #if defined(__linux__) && defined(__GLIBC__)
   // NOLINTNEXTLINE(readability/identifiers)
   struct mallinfo m = mallinfo();
   out << "  non-mmapped space allocated from system: " << m.arena << "\n";

From dcd0c52df4c7221a657c186b6640d56dc3a76222 Mon Sep 17 00:00:00 2001
From: Vlastimil Zeman <vlastimil.zeman@diffblue.com>
Date: Fri, 10 Mar 2017 12:03:46 +0000
Subject: [PATCH 127/699] Add test for Alpine linux (musl-libc).

- new environment in matrix that run compilation in alpine docker container.
- reordering matrix environments from the longest run to the shortest run time.
- rewrite of `script` to be able to run compilation in a container if needed.
---
 .travis.yml | 51 +++++++++++++++++++++++++++++++++++++++------------
 1 file changed, 39 insertions(+), 12 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index 2f1c8103990..d74ec93f7e3 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,10 +1,35 @@
 language: cpp
 
-sudo: false
-
 matrix:
   include:
+
+    # Alpine Linux with musl-libc using g++
+    - os: linux
+      sudo: required
+      compiler: gcc
+      services:
+        - docker
+      before_install:
+        - docker pull diffblue/cbmc-builder:alpine
+      env:
+        - PRE_COMMAND="docker run -v ${TRAVIS_BUILD_DIR}:/cbmc diffblue/cbmc-builder:alpine"
+        - COMPILER=g++
+
+    # OS X using g++
+    - os: osx
+      sudo: false
+      compiler: gcc
+      env: COMPILER=g++
+
+    # OS X using clang++
+    - os: osx
+      sudo: false
+      compiler: clang
+      env: COMPILER=clang++
+
+    # Ubuntu Linux with glibc using g++-5
     - os: linux
+      sudo: false
       compiler: gcc
       addons:
         apt:
@@ -18,7 +43,10 @@ matrix:
         - mkdir bin ; ln -s /usr/bin/gcc-5 bin/gcc
       # env: COMPILER=g++-5 SAN_FLAGS="-fsanitize=undefined -fno-sanitize-recover -fno-omit-frame-pointer"
       env: COMPILER=g++-5
+
+    # Ubuntu Linux with glibc using clang++-3.7
     - os: linux
+      sudo: false
       compiler: clang
       addons:
         apt:
@@ -34,18 +62,17 @@ matrix:
         - mkdir bin ; ln -s /usr/bin/clang-3.7 bin/gcc
       # env: COMPILER=clang++-3.7 SAN_FLAGS="-fsanitize=undefined -fno-sanitize-recover=undefined,integer -fno-omit-frame-pointer"
       env: COMPILER=clang++-3.7
-    - os: osx
-      compiler: gcc
-      env: COMPILER=g++
-    - os: osx
-      compiler: clang
-      env: COMPILER=clang++
+
     - env: NAME="CPP-LINT"
       script: scripts/travis_lint.sh || true
 
 script:
   - if [ -L bin/gcc ] ; then export PATH=$PWD/bin:$PATH ; fi ;
-    make -C src minisat2-download &&
-    make -C src CXX=$COMPILER CXXFLAGS="-Wall -O2 -g -Werror -Wno-deprecated-register -pedantic -Wno-sign-compare" -j2 &&
-    env UBSAN_OPTIONS=print_stacktrace=1 make -C regression test &&
-    make -C src CXX=$COMPILER CXXFLAGS=$FLAGS -j2 cegis.dir clobber.dir memory-models.dir musketeer.dir
+    COMMAND="make -C src minisat2-download" &&
+    eval ${PRE_COMMAND} ${COMMAND} &&
+    COMMAND="make -C src CXX=$COMPILER CXXFLAGS=\"-Wall -O2 -g -Werror -Wno-deprecated-register -pedantic -Wno-sign-compare\" -j2" &&
+    eval ${PRE_COMMAND} ${COMMAND} &&
+    COMMAND="env UBSAN_OPTIONS=print_stacktrace=1 make -C regression test" &&
+    eval ${PRE_COMMAND} ${COMMAND} &&
+    COMMAND="make -C src CXX=$COMPILER CXXFLAGS=$FLAGS -j2 cegis.dir clobber.dir memory-models.dir musketeer.dir" &&
+    eval ${PRE_COMMAND} ${COMMAND}

From 1aede785e785904825ff3e62aa432b9e0ce585d4 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Sat, 31 Dec 2016 15:27:04 +0300
Subject: [PATCH 128/699] Preprocessing of goto programs for string refinement

---
 .../string_refine_preprocess.cpp              | 1289 +++++++++++++++++
 src/goto-programs/string_refine_preprocess.h  |  215 +++
 src/util/std_expr.h                           |   13 +
 3 files changed, 1517 insertions(+)
 create mode 100644 src/goto-programs/string_refine_preprocess.cpp
 create mode 100644 src/goto-programs/string_refine_preprocess.h

diff --git a/src/goto-programs/string_refine_preprocess.cpp b/src/goto-programs/string_refine_preprocess.cpp
new file mode 100644
index 00000000000..c4dc1a92960
--- /dev/null
+++ b/src/goto-programs/string_refine_preprocess.cpp
@@ -0,0 +1,1289 @@
+/*******************************************************************\
+
+Module: Preprocess a goto-programs so that calls to the java String
+        library are recognized by the string solver
+
+Author: Romain Brenguier
+
+Date:   September 2016
+
+\*******************************************************************/
+
+#include <util/std_expr.h>
+#include <util/symbol_table.h>
+#include <util/pointer_offset_size.h>
+#include <util/prefix.h>
+#include <util/string_expr.h>
+#include <util/fresh_symbol.h>
+#include <goto-programs/class_identifier.h>
+// TODO: refined_string_type should be moved to util
+#include <solvers/refinement/refined_string_type.h>
+#include <java_bytecode/java_types.h>
+
+#include "string_refine_preprocess.h"
+
+/*******************************************************************    \
+
+Function: string_refine_preprocesst::fresh_array
+
+  Inputs:
+    type - an array type
+    location - a location in the program
+
+ Outputs: a new symbol
+
+ Purpose: add a symbol with static lifetime and name containing
+          `cprover_string_array` and given type
+
+\*******************************************************************/
+
+symbol_exprt string_refine_preprocesst::fresh_array(
+  const typet &type, const source_locationt &location)
+{
+  symbolt array_symbol=get_fresh_aux_symbol(
+    type,
+    "cprover_string_array",
+    "cprover_string_array",
+    location,
+    ID_java,
+    symbol_table);
+  array_symbol.is_static_lifetime=true;
+  return array_symbol.symbol_expr();
+}
+
+/*******************************************************************\
+
+Function: string_refine_preprocesst::fresh_string
+
+  Inputs:
+    type - a type for refined strings
+    location - a location in the program
+
+ Outputs: a new symbol
+
+ Purpose: add a symbol with static lifetime and name containing
+          `cprover_string` and given type
+
+\*******************************************************************/
+
+symbol_exprt string_refine_preprocesst::fresh_string(
+  const typet &type, const source_locationt &location)
+{
+  symbolt array_symbol=get_fresh_aux_symbol(
+    type, "cprover_string", "cprover_string", location, ID_java, symbol_table);
+  array_symbol.is_static_lifetime=true;
+  return array_symbol.symbol_expr();
+}
+
+/*******************************************************************\
+
+Function: string_refine_preprocesst::declare_function
+
+  Inputs: a name and a type
+
+ Purpose: declare a function with the given name and type
+
+\*******************************************************************/
+
+void string_refine_preprocesst::declare_function(
+  irep_idt function_name, const typet &type)
+{
+  auxiliary_symbolt func_symbol;
+  func_symbol.base_name=function_name;
+  func_symbol.is_static_lifetime=false;
+  func_symbol.mode=ID_java;
+  func_symbol.name=function_name;
+  func_symbol.type=type;
+  symbol_table.add(func_symbol);
+  goto_functions.function_map[function_name];
+}
+
+/*******************************************************************\
+
+Function: string_refine_preprocesst::get_data_and_length_type_of_string
+
+  Inputs: an expression, a reference to a data type and a reference to a
+          length type
+
+ Purpose: assuming the expression is a java string, figure out what
+          the types for length and data are and put them into the references
+          given as argument
+
+\*******************************************************************/
+
+void string_refine_preprocesst::get_data_and_length_type_of_string(
+  const exprt &expr, typet &data_type, typet &length_type)
+{
+  assert(refined_string_typet::is_java_string_type(expr.type()) ||
+         refined_string_typet::is_java_string_builder_type(expr.type()));
+  typet object_type=ns.follow(expr.type());
+  const struct_typet &struct_type=to_struct_type(object_type);
+  for(const auto &component : struct_type.components())
+    if(component.get_name()=="length")
+      length_type=component.type();
+    else if(component.get_name()=="data")
+      data_type=component.type();
+}
+
+/*******************************************************************\
+
+Function: string_refine_preprocesst::make_cprover_string_assign
+
+  Inputs: a goto_program, a position in this program, an expression and a
+          location
+
+ Outputs: an expression
+
+ Purpose: Introduce a temporary variable for cprover strings;
+          returns the cprover_string corresponding to rhs if it is a string
+          pointer and the original rhs otherwise.
+
+\*******************************************************************/
+
+exprt string_refine_preprocesst::make_cprover_string_assign(
+  goto_programt &goto_program,
+  goto_programt::targett &target,
+  const exprt &rhs,
+  const source_locationt &location)
+{
+  if(refined_string_typet::is_java_string_pointer_type(rhs.type()))
+  {
+    auto pair=java_to_cprover_strings.insert(
+      std::pair<exprt, exprt>(rhs, nil_exprt()));
+
+    if(pair.second)
+    {
+      // We do the following assignments:
+      // cprover_string_array = *(rhs->data)
+      // cprover_string = { rhs->length; cprover_string_array }
+
+      dereference_exprt deref(rhs, rhs.type().subtype());
+
+      typet data_type, length_type;
+      get_data_and_length_type_of_string(deref, data_type, length_type);
+      member_exprt length(deref, "length", length_type);
+      symbol_exprt array_lhs=fresh_array(data_type.subtype(), location);
+
+      // string expression for the rhs of the second assignment
+      string_exprt new_rhs(
+        length, array_lhs, refined_string_typet(length_type, data_type));
+
+      member_exprt data(deref, "data", data_type);
+      dereference_exprt deref_data(data, data_type.subtype());
+      symbol_exprt lhs=fresh_string(new_rhs.type(), location);
+
+      std::list<code_assignt> assignments;
+      assignments.emplace_back(array_lhs, deref_data);
+      assignments.emplace_back(lhs, new_rhs);
+      insert_assignments(
+        goto_program, target, target->function, location, assignments);
+      target=goto_program.insert_after(target);
+      pair.first->second=lhs;
+    }
+    return pair.first->second;
+  }
+  else if(rhs.id()==ID_typecast &&
+          refined_string_typet::is_java_string_pointer_type(rhs.op0().type()))
+  {
+    exprt new_rhs=make_cprover_string_assign(
+      goto_program, target, rhs.op0(), location);
+    return typecast_exprt(new_rhs, rhs.type());
+  }
+  else
+    return rhs;
+}
+
+/*******************************************************************\
+
+Function: string_refine_preprocesst::make_normal_assign
+
+  Inputs: a goto_program, a position in this program, an expression lhs,
+          a function type, a function name, a vector of arguments, a location
+          and a signature
+
+ Purpose: replace the current instruction by:
+          > lhs=function_name(arguments) : return_type @ location
+          If given, signature can force String conversion of given arguments.
+          The convention for signature is one character by argument
+          and 'S' denotes string.
+
+\*******************************************************************/
+
+void string_refine_preprocesst::make_normal_assign(
+  goto_programt &goto_program,
+  goto_programt::targett target,
+  const exprt &lhs,
+  const code_typet &function_type,
+  const irep_idt &function_name,
+  const exprt::operandst &arguments,
+  const source_locationt &location,
+  const std::string &signature)
+{
+  if(function_name==ID_cprover_string_copy_func)
+  {
+    assert(!arguments.empty());
+    make_string_copy(goto_program, target, lhs, arguments[0], location);
+  }
+  else
+  {
+    function_application_exprt rhs(
+      symbol_exprt(function_name), function_type.return_type());
+    rhs.add_source_location()=location;
+    declare_function(function_name, function_type);
+
+    exprt::operandst processed_arguments=process_arguments(
+      goto_program, target, arguments, location, signature);
+    rhs.arguments()=processed_arguments;
+
+    code_assignt assignment(lhs, rhs);
+    assignment.add_source_location()=location;
+    target->make_assignment();
+    target->code=assignment;
+  }
+}
+
+/*******************************************************************\
+
+Function: string_refine_preprocesst::insert_assignments
+
+  Inputs: a goto_program, a position in this program, a list of assignments
+
+ Purpose: add the assignments to the program in the order they are given
+
+\*******************************************************************/
+
+void string_refine_preprocesst::insert_assignments(
+  goto_programt &goto_program,
+  goto_programt::targett &target,
+  irep_idt function,
+  source_locationt location,
+  const std::list<code_assignt> &va)
+{
+  if(va.empty())
+    return;
+
+  auto i=va.begin();
+  target->make_assignment();
+  target->code=*i;
+  target->function=function;
+  target->source_location=location;
+  for(i++; i!=va.end(); i++)
+  {
+    target=goto_program.insert_after(target);
+    target->make_assignment();
+    target->code=*i;
+    target->function=function;
+    target->source_location=location;
+  }
+}
+
+/*******************************************************************\
+
+Function: string_refine_preprocesst::make_string_assign
+
+  Inputs: a goto_program, a position in this program, an expression lhs,
+          a function type, a function name, a vector of arguments, a location
+          and a signature
+
+ Purpose: replace the current instruction by:
+          > lhs=malloc(String *)
+          > lhs->length=function_name_length(arguments)
+          > tmp_data=function_name_data(arguments)
+          > lhs->data=&tmp_data
+
+\*******************************************************************/
+
+void string_refine_preprocesst::make_string_assign(
+  goto_programt &goto_program,
+  goto_programt::targett &target,
+  const exprt &lhs,
+  const code_typet &function_type,
+  const irep_idt &function_name,
+  const exprt::operandst &arguments,
+  const source_locationt &location,
+  const std::string &signature)
+{
+  assert(refined_string_typet::is_java_string_pointer_type(
+           function_type.return_type()));
+  dereference_exprt deref(lhs, lhs.type().subtype());
+  typet object_type=ns.follow(deref.type());
+  exprt object_size=size_of_expr(object_type, ns);
+  typet length_type, data_type;
+  get_data_and_length_type_of_string(deref, data_type, length_type);
+
+  std::string fnamel=id2string(function_name)+"_length";
+  std::string fnamed=id2string(function_name)+"_data";
+  declare_function(fnamel, length_type);
+  declare_function(fnamed, data_type);
+  function_application_exprt rhs_length(symbol_exprt(fnamel), length_type);
+  function_application_exprt rhs_data(
+    symbol_exprt(fnamed), data_type.subtype());
+
+  exprt::operandst processed_arguments=process_arguments(
+    goto_program, target, arguments, location, signature);
+  rhs_length.arguments()=processed_arguments;
+  rhs_data.arguments()=processed_arguments;
+
+  symbolt sym_length=get_fresh_aux_symbol(
+    length_type, "length", "length", location, ID_java, symbol_table);
+  symbol_exprt tmp_length=sym_length.symbol_expr();
+  symbol_exprt tmp_array=fresh_array(data_type.subtype(), location);
+  member_exprt lhs_length(deref, "length", length_type);
+  member_exprt lhs_data(deref, "data", tmp_array.type());
+
+  // lhs=malloc(String *)
+  assert(object_size.is_not_nil()); // got nil object_size
+  side_effect_exprt malloc_expr(ID_malloc);
+  malloc_expr.copy_to_operands(object_size);
+  malloc_expr.type()=pointer_typet(object_type);
+  malloc_expr.add_source_location()=location;
+
+  std::list<code_assignt> assigns;
+  assigns.emplace_back(lhs, malloc_expr);
+  assigns.emplace_back(tmp_length, rhs_length);
+  assigns.emplace_back(lhs_length, tmp_length);
+  assigns.emplace_back(tmp_array, rhs_data);
+  assigns.emplace_back(lhs_data, address_of_exprt(tmp_array));
+  insert_assignments(goto_program, target, target->function, location, assigns);
+}
+
+/*******************************************************************\
+
+Function: string_refine_preprocesst::make_assign
+
+  Inputs: a goto_program, a position in this program, an expression lhs,
+          a function type, a function name, a vector of arguments, a location
+          and a signature
+
+ Purpose: assign the result of the function application to lhs,
+          in case the function type is string, it does a special assignment
+          using `make_string_assign`
+
+\*******************************************************************/
+
+void string_refine_preprocesst::make_assign(
+  goto_programt &goto_program,
+  goto_programt::targett &target,
+  const exprt &lhs,
+  const code_typet &function_type,
+  const irep_idt &function_name,
+  const exprt::operandst &arg,
+  const source_locationt &loc,
+  const std::string &sig)
+{
+  if(refined_string_typet::is_java_string_pointer_type(
+       function_type.return_type()))
+    make_string_assign(
+      goto_program, target, lhs, function_type, function_name, arg, loc, sig);
+  else
+    make_normal_assign(
+      goto_program, target, lhs, function_type, function_name, arg, loc, sig);
+}
+
+/*******************************************************************\
+
+Function: string_refine_preprocesst::make_string_copy
+
+  Inputs: a goto_program, a position in this program, a lhs expression,
+          an argument expression and a location
+
+ Outputs: an expression
+
+ Purpose: replace the current instruction by:
+          > lhs->length=argument->length
+          > tmp_data=*(argument->data)
+          > lhs->data=&tmp_data
+
+\*******************************************************************/
+
+void string_refine_preprocesst::make_string_copy(
+  goto_programt &goto_program,
+  goto_programt::targett &target,
+  const exprt &lhs,
+  const exprt &argument,
+  const source_locationt &location)
+{
+  // TODO : treat CharSequence and StringBuffer
+  assert(refined_string_typet::is_java_string_pointer_type(lhs.type()) ||
+         refined_string_typet::is_java_string_builder_pointer_type(lhs.type()));
+  exprt deref=dereference_exprt(lhs, lhs.type().subtype());
+
+  typet length_type, data_type;
+  get_data_and_length_type_of_string(deref, data_type, length_type);
+
+  dereference_exprt deref_arg(argument, argument.type().subtype());
+  std::list<code_assignt> assignments;
+
+  exprt lhs_length=get_length(deref, length_type);
+  exprt rhs_length=get_length(deref_arg, length_type);
+  assignments.emplace_back(lhs_length, rhs_length);
+
+  symbol_exprt tmp_data=fresh_array(data_type.subtype(), location);
+  exprt rhs_data=get_data(deref_arg, data_type);
+  exprt lhs_data=get_data(deref, data_type);
+  assignments.emplace_back(
+    tmp_data, dereference_exprt(rhs_data, data_type.subtype()));
+  assignments.emplace_back(lhs_data, address_of_exprt(tmp_data));
+
+  insert_assignments(
+    goto_program, target, target->function, location, assignments);
+}
+
+/*******************************************************************\
+
+Function: string_refine_preprocesst::make_string_function
+
+  Inputs: a position in a goto program, a function name, an expression lhs,
+          a function type, name, arguments, a location and a signature string
+
+ Purpose: at the current position replace `lhs=s.some_function(x,...)`
+          by `lhs=function_name(s,x,...)`;
+
+\*******************************************************************/
+
+void string_refine_preprocesst::make_string_function(
+  goto_programt &goto_program,
+  goto_programt::targett &target,
+  const exprt &lhs,
+  const code_typet &function_type,
+  const irep_idt &function_name,
+  const exprt::operandst &arguments,
+  const source_locationt &location,
+  const std::string &signature)
+{
+  if(refined_string_typet::is_java_string_pointer_type(
+       function_type.return_type()))
+    make_string_assign(
+      goto_program,
+      target,
+      lhs,
+      function_type,
+      function_name,
+      arguments,
+      location,
+      signature);
+  else
+    make_normal_assign(
+      goto_program,
+      target,
+      lhs,
+      function_type,
+      function_name,
+      arguments,
+      location,
+      signature);
+}
+
+/*******************************************************************\
+
+Function: string_refine_preprocesst::make_string_function
+
+  Inputs: a position in a goto program, a function name and two Boolean options
+
+ Purpose: at the current position replace `lhs=s.some_function(x,...)`
+          by `lhs=function_name(s,x,...)`;
+          option `assign_first_arg` uses `s` instead of `lhs` in the resulting
+          expression;
+          option `skip_first_arg`, removes `s` from the arguments, ie `x` is
+          the first one
+
+\*******************************************************************/
+
+void string_refine_preprocesst::make_string_function(
+  goto_programt &goto_program,
+  goto_programt::targett &target,
+  const irep_idt &function_name,
+  const std::string &signature,
+  bool assign_first_arg,
+  bool skip_first_arg)
+{
+  code_function_callt &function_call=to_code_function_call(target->code);
+  code_typet function_type=to_code_type(function_call.function().type());
+  code_typet new_type;
+  const source_locationt &loc=function_call.source_location();
+  declare_function(function_name, function_type);
+  function_application_exprt rhs;
+  std::vector<exprt> args;
+  if(assign_first_arg)
+  {
+    assert(!function_call.arguments().empty());
+    rhs.type()=function_call.arguments()[0].type();
+  }
+  else
+    rhs.type()=function_type.return_type();
+  rhs.add_source_location()=function_call.source_location();
+  rhs.function()=symbol_exprt(function_name);
+
+  std::size_t start_index=skip_first_arg?1:0;
+  for(std::size_t i=start_index; i<function_call.arguments().size(); i++)
+  {
+    args.push_back(function_call.arguments()[i]);
+    new_type.parameters().push_back(function_type.parameters()[i]);
+  }
+
+  exprt lhs;
+  if(assign_first_arg)
+  {
+    assert(!function_call.arguments().empty());
+    lhs=function_call.arguments()[0];
+  }
+  else
+    lhs=function_call.lhs();
+
+  if(lhs.id()==ID_typecast)
+    lhs=to_typecast_expr(lhs).op();
+
+  new_type.return_type()=lhs.type();
+
+  make_string_function(
+    goto_program, target, lhs, new_type, function_name, args, loc, signature);
+}
+
+/*******************************************************************\
+
+Function: string_refine_preprocesst::make_string_function_call
+
+  Inputs: a position in a goto program and a function name
+
+ Purpose: at the current position, replace `s.some_function(x,...)` by
+          `s=function_name(x,...)`
+
+\*******************************************************************/
+
+void string_refine_preprocesst::make_string_function_call(
+  goto_programt &goto_program,
+  goto_programt::targett &target,
+  const irep_idt &function_name,
+  const std::string &signature)
+{
+  make_string_function(
+    goto_program, target, function_name, signature, true, true);
+}
+
+/*******************************************************************\
+
+Function: string_refine_preprocesst::make_string_function_side_effect
+
+  Inputs: a position in a goto program and a function name
+
+ Purpose: at the current position, replace `r=s.some_function(x,...)`
+          by `s=function_name(s,x,...)` and add a correspondance from r
+          to s in the `string_builders` map
+
+\*******************************************************************/
+
+void string_refine_preprocesst::make_string_function_side_effect(
+  goto_programt &goto_program,
+  goto_programt::targett &target,
+  const irep_idt &function_name,
+  const std::string &signature)
+{
+  const code_function_callt function_call=to_code_function_call(target->code);
+  assert(!function_call.arguments().empty());
+  string_builders[function_call.lhs()]=function_call.arguments()[0];
+  make_string_function(
+    goto_program, target, function_name, signature, true, false);
+}
+
+/*******************************************************************\
+
+Function: string_refine_preprocesst::build_function_application
+
+  Inputs: a function name, a type, a location and a vector of arguments
+
+ Outputs: a function application expression
+
+ Purpose: declare a function and construct an function application expression
+          with the given function name, type, location and arguments
+
+\*******************************************************************/
+
+function_application_exprt
+  string_refine_preprocesst::build_function_application(
+    const irep_idt &function_name,
+    const typet &type,
+    const source_locationt &location,
+    const exprt::operandst &arguments)
+{
+  declare_function(function_name, type);
+  function_application_exprt function_app(symbol_exprt(function_name), type);
+  function_app.add_source_location()=location;
+  for(const auto &arg : arguments)
+    function_app.arguments().push_back(arg);
+
+  return function_app;
+}
+
+/*******************************************************************\
+
+Function: string_refine_preprocesst::make_to_char_array_function
+
+  Inputs: a goto program and a position in that goto program
+
+ Purpose: at the given position replace `return_tmp0=s.toCharArray()` with:
+          > return_tmp0->data=&((s->data)[0])
+          > return_tmp0->length=s->length
+
+\*******************************************************************/
+
+void string_refine_preprocesst::make_to_char_array_function(
+  goto_programt &goto_program, goto_programt::targett &target)
+{
+  const code_function_callt &function_call=to_code_function_call(target->code);
+
+  assert(!function_call.arguments().empty());
+  const exprt &string_argument=function_call.arguments()[0];
+  assert(refined_string_typet::is_java_string_pointer_type(
+           string_argument.type()));
+
+  dereference_exprt deref(string_argument, string_argument.type().subtype());
+  typet length_type, data_type;
+  get_data_and_length_type_of_string(deref, data_type, length_type);
+  std::list<code_assignt> assignments;
+
+  // &((s->data)[0])
+  exprt rhs_data=get_data(deref, data_type);
+  dereference_exprt rhs_array(rhs_data, data_type.subtype());
+  exprt first_index=from_integer(0, java_int_type());
+  index_exprt first_element(rhs_array, first_index, java_char_type());
+  address_of_exprt rhs_pointer(first_element);
+
+  // return_tmp0->data=&((s->data)[0])
+  typet deref_type=function_call.lhs().type().subtype();
+  dereference_exprt deref_lhs(function_call.lhs(), deref_type);
+  exprt lhs_data=get_data(deref_lhs, data_type);
+  assignments.emplace_back(lhs_data, rhs_pointer);
+
+  // return_tmp0->length=s->length
+  exprt rhs_length=get_length(deref, length_type);
+  exprt lhs_length=get_length(deref_lhs, length_type);
+  assignments.emplace_back(lhs_length, rhs_length);
+  source_locationt location=target->source_location;
+  insert_assignments(
+    goto_program, target, target->function, location, assignments);
+}
+
+/*******************************************************************\
+
+Function: string_refine_preprocesst::make_cprover_char_array_assign
+
+  Inputs: a goto_program, a position in this program, an expression and a
+          location
+
+ Outputs: a char array expression (not a pointer)
+
+ Purpose: Introduce a temporary variable for cprover strings;
+          returns the cprover_string corresponding to rhs
+
+\*******************************************************************/
+
+exprt string_refine_preprocesst::make_cprover_char_array_assign(
+  goto_programt &goto_program,
+  goto_programt::targett &target,
+  const exprt &rhs,
+  const source_locationt &location)
+{
+  // TODO : add an assertion on the type of rhs
+
+  // We do the following assignments:
+  // cprover_string_array = rhs.data
+  // cprover_string = { rhs.length; cprover_string_array }
+
+  // string expression for the rhs of the second assignment
+  string_exprt new_rhs(java_char_type());
+
+  typet data_type=new_rhs.content().type();
+  typet length_type=java_int_type();
+
+  symbol_exprt array_lhs=fresh_array(data_type, location);
+  exprt array_rhs=get_data(rhs, new_rhs.content().type());
+  symbol_exprt lhs=fresh_string(new_rhs.type(), location);
+  new_rhs.length()=get_length(rhs, length_type);
+  new_rhs.content()=array_lhs;
+
+  std::list<code_assignt> assignments;
+  assignments.emplace_back(array_lhs, array_rhs);
+  assignments.emplace_back(lhs, new_rhs);
+  insert_assignments(
+    goto_program, target, target->function, location, assignments);
+  target=goto_program.insert_after(target);
+  return lhs;
+}
+
+/*******************************************************************\
+
+Function: string_refine_preprocesst::make_char_array_function
+
+  Inputs: a position in a goto program, a function name, two Boolean options,
+          and the index of the char array argument in the function
+
+ Purpose: at the given position replace
+          `lhs=s.some_function(...,char_array,...)` by
+          > cprover_string = { char_array->length, *char_array }
+          > tmp_string=function_name(s, cprover_string, ...)
+          option `assign_first_arg` uses `s` instead of `lhs` in the second
+          assignment;
+          option `skip_first_arg`, removes `s` from the arguments, ie `x` is
+          the first one;
+          argument index gives the index of the argument containing char_array
+
+\*******************************************************************/
+
+void string_refine_preprocesst::make_char_array_function(
+  goto_programt &goto_program,
+  goto_programt::targett &target,
+  const irep_idt &function_name,
+  const std::string &signature,
+  std::size_t index,
+  bool assign_first_arg,
+  bool skip_first_arg)
+{
+  code_function_callt &function_call=to_code_function_call(target->code);
+  code_typet function_type=to_code_type(function_call.function().type());
+  code_typet new_function_type;
+  const source_locationt &location=function_call.source_location();
+  assert(!function_call.arguments().size()>index);
+  const std::vector<exprt> &args=function_call.arguments();
+  std::vector<exprt> new_args;
+
+  exprt lhs;
+  if(assign_first_arg)
+  {
+    assert(!function_call.arguments().empty());
+    lhs=function_call.arguments()[0];
+  else
+    lhs=function_call.lhs();
+
+  if(lhs.id()==ID_typecast)
+    lhs=to_typecast_expr(lhs).op();
+
+  exprt char_array=dereference_exprt(
+    function_call.arguments()[index],
+    function_call.arguments()[index].type().subtype());
+  exprt string=make_cprover_char_array_assign(
+    goto_program, target, char_array, location);
+
+  std::size_t start_index=skip_first_arg?1:0;
+  for(std::size_t i=start_index; i<args.size(); i++)
+  {
+    if(i==index)
+      new_args.push_back(string);
+    else
+      new_args.push_back(args[i]);
+    new_function_type.parameters().push_back(function_type.parameters()[i]);
+  }
+
+  new_function_type.return_type()=lhs.type();
+
+  make_string_function(
+    goto_program,
+    target,
+    lhs,
+    new_function_type,
+    function_name,
+    new_args,
+    location,
+    signature);
+}
+
+/*******************************************************************\
+
+Function: string_refine_preprocesst::make_char_array_function_call
+
+  Inputs: a position in a goto program and a function name
+
+ Purpose: at the given position replace `r.some_function(arr,...)` by
+          `r=function_name({arr.length, arr.data}, ...)`
+
+\*******************************************************************/
+
+void string_refine_preprocesst::make_char_array_function_call(
+  goto_programt &goto_program,
+  goto_programt::targett &target,
+  const irep_idt &function_name,
+  const std::string &signature)
+{
+  make_char_array_function(
+    goto_program, target, function_name, signature, 1, true, true);
+}
+
+/*******************************************************************\
+
+Function: string_refine_preprocesst::make_char_array_side_effect
+
+  Inputs: a position in a goto program and a function name
+
+ Purpose: replace `r=s.some_function(i,arr,...)` by
+          `s=function_name(s,{arr.length,arr.data})`
+          and add a correspondance from r to s in the `string_builders` map
+
+\*******************************************************************/
+
+void string_refine_preprocesst::make_char_array_side_effect(
+  goto_programt &goto_program,
+  goto_programt::targett &target,
+  const irep_idt &function_name,
+  const std::string &signature)
+{
+  make_char_array_function(
+    goto_program, target, function_name, signature, 1, true, false);
+  code_function_callt &function_call=to_code_function_call(target->code);
+  assert(!function_call.arguments().empty());
+  string_builders[function_call.lhs()]=function_call.arguments()[0];
+}
+
+/*******************************************************************\
+
+Function: string_refine_preprocesst::process_arguments
+
+  Inputs: a goto program, a position, a list of expressions, a location and a
+          signature
+
+ Outputs: a list of expressions
+
+ Purpose: for each expression that is a string or that is at a position with
+          an 'S' character in the signature, we declare a new `cprover_string`
+          whose contents is deduced from the expression and replace the
+          expression by this cprover_string in the output list;
+          in the other case the expression is kept as is for the output list.
+
+\*******************************************************************/
+
+exprt::operandst string_refine_preprocesst::process_arguments(
+  goto_programt &goto_program,
+  goto_programt::targett &target,
+  const exprt::operandst &arguments,
+  const source_locationt &location,
+  const std::string &signature)
+{
+  exprt::operandst new_arguments;
+
+  for(std::size_t i=0; i<arguments.size(); i++)
+  {
+    exprt arg=arguments[i];
+    auto it=string_builders.find(arg);
+    if(it!=string_builders.end())
+      new_arguments.push_back(it->second);
+    else
+    {
+      if(i<signature.length() && signature[i]=='S')
+      {
+        while(arg.id()==ID_typecast)
+          arg=arg.op0();
+        if(!refined_string_typet::is_java_string_type(arg.type()))
+          arg=typecast_exprt(arg, jls_ptr);
+      }
+      exprt arg2=make_cprover_string_assign(
+        goto_program, target, arg, location);
+      new_arguments.push_back(arg2);
+    }
+  }
+  return new_arguments;
+}
+
+/*******************************************************************\
+
+Function: string_refine_preprocesst::function_signature
+
+  Inputs: the name of a cprover string function
+
+ Outputs: a signature string
+
+ Purpose: if the signature of the given function is defined, return it
+          otherwise return an empty string
+
+\*******************************************************************/
+
+std::string string_refine_preprocesst::function_signature(
+  const irep_idt &function_id)
+{
+  auto it=signatures.find(function_id);
+  if(it!=signatures.end())
+    return it->second;
+  else
+    return "";
+}
+
+/*******************************************************************\
+
+Function: string_refine_preprocesst::replace_string_calls
+
+  Inputs: a function in a goto_program
+
+ Purpose: goes through the instructions, replace function calls to string
+          function by equivalent instructions using functions defined
+          for the string solver, replace string literals by string
+          expressions of the type used by the string solver
+          TODO: the current implementation is only for java functions,
+          we should add support for other languages
+
+\*******************************************************************/
+
+void string_refine_preprocesst::replace_string_calls(
+  goto_functionst::function_mapt::iterator f_it)
+{
+  goto_programt &goto_program=f_it->second.body;
+
+  Forall_goto_program_instructions(target, goto_program)
+  {
+    if(target->is_function_call())
+    {
+      code_function_callt &function_call=to_code_function_call(target->code);
+      for(auto &arg : function_call.arguments())
+      {
+        auto sb_it=string_builders.find(arg);
+        if(sb_it!=string_builders.end())
+          arg=sb_it->second;
+      }
+
+      if(function_call.function().id()==ID_symbol)
+      {
+        const irep_idt &function_id=
+          to_symbol_expr(function_call.function()).get_identifier();
+        std::string signature=function_signature(function_id);
+
+        auto it=string_functions.find(function_id);
+        if(it!=string_functions.end())
+          make_string_function(
+            goto_program, target, it->second, signature, false, false);
+
+        it=side_effect_functions.find(function_id);
+        if(it!=side_effect_functions.end())
+          make_string_function_side_effect(
+            goto_program, target, it->second, signature);
+
+        it=string_function_calls.find(function_id);
+        if(it!=string_function_calls.end())
+          make_string_function_call(
+            goto_program, target, it->second, signature);
+
+        it=string_of_char_array_functions.find(function_id);
+        if(it!=string_of_char_array_functions.end())
+          make_char_array_function(
+            goto_program, target, it->second, signature, 0);
+
+        it=string_of_char_array_function_calls.find(function_id);
+        if(it!=string_of_char_array_function_calls.end())
+          make_char_array_function_call(
+            goto_program, target, it->second, signature);
+
+        it=side_effect_char_array_functions.find(function_id);
+        if(it!=side_effect_char_array_functions.end())
+          make_char_array_side_effect(
+            goto_program, target, it->second, signature);
+
+        if(function_id==irep_idt("java::java.lang.String.toCharArray:()[C"))
+          make_to_char_array_function(goto_program, target);
+      }
+    }
+    else
+    {
+      if(target->is_assign())
+      {
+        // In assignments we replace string literals and C string functions
+        code_assignt assignment=to_code_assign(target->code);
+
+        exprt new_rhs=assignment.rhs();
+        code_assignt new_assignment(assignment.lhs(), new_rhs);
+
+        if(new_rhs.id()==ID_function_application)
+        {
+          function_application_exprt f=to_function_application_expr(new_rhs);
+          const exprt &name=f.function();
+          assert(name.id()==ID_symbol);
+          const irep_idt &id=to_symbol_expr(name).get_identifier();
+          auto it=c_string_functions.find(id);
+          if(it!=c_string_functions.end())
+          {
+            declare_function(it->second, f.type());
+            f.function()=symbol_exprt(it->second);
+            new_assignment=code_assignt(assignment.lhs(), f);
+          }
+        }
+
+        new_assignment.add_source_location()=assignment.source_location();
+        target->make_assignment();
+        target->code=new_assignment;
+      }
+    }
+  }
+  return;
+}
+
+/*******************************************************************\
+
+Function: string_refine_preprocesst::initialize_string_function_table
+
+ Purpose: fill maps with correspondance from java method names to cprover
+          functions
+
+\*******************************************************************/
+
+void string_refine_preprocesst::initialize_string_function_table()
+{
+  string_functions["java::java.lang.String.codePointAt:(I)I"]=
+    ID_cprover_string_code_point_at_func;
+  string_functions["java::java.lang.String.codePointBefore:(I)I"]=
+    ID_cprover_string_code_point_before_func;
+  string_functions["java::java.lang.String.codePointCount:(II)I"]=
+    ID_cprover_string_code_point_count_func;
+  string_functions["java::java.lang.String.offsetByCodePoints:(II)I"]=
+    ID_cprover_string_offset_by_code_point_func;
+  string_functions["java::java.lang.String.hashCode:()I"]=
+    ID_cprover_string_hash_code_func;
+  string_functions["java::java.lang.String.indexOf:(I)I"]=
+    ID_cprover_string_index_of_func;
+  string_functions["java::java.lang.String.indexOf:(II)I"]=
+    ID_cprover_string_index_of_func;
+  string_functions["java::java.lang.String.indexOf:(Ljava/lang/String;)I"]=
+    ID_cprover_string_index_of_func;
+  string_functions["java::java.lang.String.indexOf:(Ljava/lang/String;I)I"]=
+    ID_cprover_string_index_of_func;
+  string_functions["java::java.lang.String.lastIndexOf:(I)I"]=
+    ID_cprover_string_last_index_of_func;
+  string_functions["java::java.lang.String.lastIndexOf:(II)I"]=
+    ID_cprover_string_last_index_of_func;
+  string_functions
+    ["java::java.lang.String.lastIndexOf:(Ljava/lang/String;)I"]=
+    ID_cprover_string_last_index_of_func;
+  string_functions
+    ["java::java.lang.String.lastIndexOf:(Ljava/lang/String;I)I"]=
+    ID_cprover_string_last_index_of_func;
+  string_functions
+    ["java::java.lang.String.concat:(Ljava/lang/String;)Ljava/lang/String;"]=
+    ID_cprover_string_concat_func;
+  string_functions["java::java.lang.String.length:()I"]=
+    ID_cprover_string_length_func;
+  string_functions["java::java.lang.StringBuilder.length:()I"]=
+    ID_cprover_string_length_func;
+  string_functions["java::java.lang.String.equals:(Ljava/lang/Object;)Z"]=
+    ID_cprover_string_equal_func;
+  string_functions
+    ["java::java.lang.String.equalsIgnoreCase:(Ljava/lang/String;)Z"]=
+    ID_cprover_string_equals_ignore_case_func;
+  string_functions["java::java.lang.String.startsWith:(Ljava/lang/String;)Z"]=
+    ID_cprover_string_startswith_func;
+  string_functions
+    ["java::java.lang.String.startsWith:(Ljava/lang/String;I)Z"]=
+    ID_cprover_string_startswith_func;
+  string_functions["java::java.lang.String.endsWith:(Ljava/lang/String;)Z"]=
+    ID_cprover_string_endswith_func;
+  string_functions["java::java.lang.String.substring:(II)Ljava/lang/String;"]=
+    ID_cprover_string_substring_func;
+  string_functions["java::java.lang.String.substring:(II)Ljava/lang/String;"]=
+    ID_cprover_string_substring_func;
+  string_functions["java::java.lang.String.substring:(I)Ljava/lang/String;"]=
+    ID_cprover_string_substring_func;
+  string_functions
+    ["java::java.lang.StringBuilder.substring:(II)Ljava/lang/String;"]=
+    ID_cprover_string_substring_func;
+  string_functions
+    ["java::java.lang.StringBuilder.substring:(I)Ljava/lang/String;"]=
+    ID_cprover_string_substring_func;
+  string_functions
+    ["java::java.lang.String.subSequence:(II)Ljava/lang/CharSequence;"]=
+    ID_cprover_string_substring_func;
+  string_functions["java::java.lang.String.trim:()Ljava/lang/String;"]=
+    ID_cprover_string_trim_func;
+  string_functions["java::java.lang.String.toLowerCase:()Ljava/lang/String;"]=
+    ID_cprover_string_to_lower_case_func;
+  string_functions["java::java.lang.String.toUpperCase:()Ljava/lang/String;"]=
+    ID_cprover_string_to_upper_case_func;
+  string_functions["java::java.lang.String.replace:(CC)Ljava/lang/String;"]=
+    ID_cprover_string_replace_func;
+  string_functions
+    ["java::java.lang.String.contains:(Ljava/lang/CharSequence;)Z"]=
+    ID_cprover_string_contains_func;
+  string_functions["java::java.lang.String.compareTo:(Ljava/lang/String;)I"]=
+    ID_cprover_string_compare_to_func;
+  string_functions["java::java.lang.String.intern:()Ljava/lang/String;"]=
+    ID_cprover_string_intern_func;
+  string_functions["java::java.lang.String.isEmpty:()Z"]=
+    ID_cprover_string_is_empty_func;
+  string_functions["java::java.lang.String.charAt:(I)C"]=
+    ID_cprover_string_char_at_func;
+  string_functions["java::java.lang.StringBuilder.charAt:(I)C"]=
+    ID_cprover_string_char_at_func;
+  string_functions["java::java.lang.CharSequence.charAt:(I)C"]=
+    ID_cprover_string_char_at_func;
+  string_functions
+    ["java::java.lang.StringBuilder.toString:()Ljava/lang/String;"]=
+    ID_cprover_string_copy_func;
+
+  string_functions["java::java.lang.String.valueOf:(F)Ljava/lang/String;"]=
+    ID_cprover_string_of_float_func;
+  string_functions["java::java.lang.Float.toString:(F)Ljava/lang/String;"]=
+    ID_cprover_string_of_float_func;
+  string_functions["java::java.lang.Integer.toString:(I)Ljava/lang/String;"]=
+    ID_cprover_string_of_int_func;
+  string_functions["java::java.lang.String.valueOf:(I)Ljava/lang/String;"]=
+    ID_cprover_string_of_int_func;
+  string_functions["java::java.lang.Integer.toHexString:(I)Ljava/lang/String;"]=
+    ID_cprover_string_of_int_hex_func;
+  string_functions["java::java.lang.String.valueOf:(L)Ljava/lang/String;"]=
+    ID_cprover_string_of_long_func;
+  string_functions["java::java.lang.String.valueOf:(D)Ljava/lang/String;"]=
+    ID_cprover_string_of_double_func;
+  string_functions["java::java.lang.String.valueOf:(Z)Ljava/lang/String;"]=
+    ID_cprover_string_of_bool_func;
+  string_functions["java::java.lang.String.valueOf:(C)Ljava/lang/String;"]=
+    ID_cprover_string_of_char_func;
+  string_functions["java::java.lang.Integer.parseInt:(Ljava/lang/String;)I"]=
+    ID_cprover_string_parse_int_func;
+
+  side_effect_functions
+    ["java::java.lang.StringBuilder.append:(Ljava/lang/String;)"
+      "Ljava/lang/StringBuilder;"]=
+    ID_cprover_string_concat_func;
+  side_effect_functions["java::java.lang.StringBuilder.setCharAt:(IC)V"]=
+    ID_cprover_string_char_set_func;
+  side_effect_functions
+    ["java::java.lang.StringBuilder.append:(I)Ljava/lang/StringBuilder;"]=
+    ID_cprover_string_concat_int_func;
+  side_effect_functions
+    ["java::java.lang.StringBuilder.append:(J)Ljava/lang/StringBuilder;"]=
+    ID_cprover_string_concat_long_func;
+  side_effect_functions
+    ["java::java.lang.StringBuilder.append:(Z)Ljava/lang/StringBuilder;"]=
+    ID_cprover_string_concat_bool_func;
+  side_effect_functions
+    ["java::java.lang.StringBuilder.append:(C)Ljava/lang/StringBuilder;"]=
+    ID_cprover_string_concat_char_func;
+  side_effect_functions
+    ["java::java.lang.StringBuilder.append:(D)Ljava/lang/StringBuilder;"]=
+    ID_cprover_string_concat_double_func;
+  side_effect_functions
+    ["java::java.lang.StringBuilder.append:(F)Ljava/lang/StringBuilder;"]=
+    ID_cprover_string_concat_float_func;
+  side_effect_functions
+    ["java::java.lang.StringBuilder.appendCodePoint:(I)"
+     "Ljava/lang/StringBuilder;"]=
+    ID_cprover_string_concat_code_point_func;
+  side_effect_functions
+    ["java::java.lang.StringBuilder.delete:(II)Ljava/lang/StringBuilder;"]=
+    ID_cprover_string_delete_func;
+  side_effect_functions
+    ["java::java.lang.StringBuilder.deleteCharAt:(I)Ljava/lang/StringBuilder;"]=
+    ID_cprover_string_delete_char_at_func;
+  side_effect_functions
+    ["java::java.lang.StringBuilder.insert:(ILjava/lang/String;)"
+     "Ljava/lang/StringBuilder;"]=
+    ID_cprover_string_insert_func;
+  side_effect_functions
+    ["java::java.lang.StringBuilder.insert:(II)Ljava/lang/StringBuilder;"]=
+    ID_cprover_string_insert_int_func;
+  side_effect_functions
+    ["java::java.lang.StringBuilder.insert:(IJ)Ljava/lang/StringBuilder;"]=
+    ID_cprover_string_insert_long_func;
+  side_effect_functions
+    ["java::java.lang.StringBuilder.insert:(IC)Ljava/lang/StringBuilder;"]=
+    ID_cprover_string_insert_char_func;
+  side_effect_functions
+    ["java::java.lang.StringBuilder.insert:(IZ)Ljava/lang/StringBuilder;"]=
+    ID_cprover_string_insert_bool_func;
+  side_effect_functions
+    ["java::java.lang.StringBuilder.setLength:(I)V"]=
+    ID_cprover_string_set_length_func;
+
+
+  side_effect_char_array_functions
+    ["java::java.lang.StringBuilder.insert:(I[CII)Ljava/lang/StringBuilder;"]=
+    ID_cprover_string_insert_char_array_func;
+  side_effect_char_array_functions
+    ["java::java.lang.StringBuilder.insert:(I[C)Ljava/lang/StringBuilder;"]=
+    ID_cprover_string_insert_char_array_func;
+
+  string_function_calls
+    ["java::java.lang.String.<init>:(Ljava/lang/String;)V"]=
+    ID_cprover_string_copy_func;
+  string_function_calls
+    ["java::java.lang.String.<init>:(Ljava/lang/StringBuilder;)V"]=
+    ID_cprover_string_copy_func;
+  string_function_calls
+    ["java::java.lang.StringBuilder.<init>:(Ljava/lang/String;)V"]=
+    ID_cprover_string_copy_func;
+  string_function_calls["java::java.lang.String.<init>:()V"]=
+    ID_cprover_string_empty_string_func;
+  string_function_calls["java::java.lang.StringBuilder.<init>:()V"]=
+    ID_cprover_string_empty_string_func;
+
+  string_of_char_array_function_calls["java::java.lang.String.<init>:([C)V"]=
+    ID_cprover_string_of_char_array_func;
+  string_of_char_array_function_calls["java::java.lang.String.<init>:([CII)V"]=
+    ID_cprover_string_of_char_array_func;
+
+  string_of_char_array_functions
+    ["java::java.lang.String.valueOf:([CII)Ljava/lang/String;"]=
+    ID_cprover_string_of_char_array_func;
+  string_of_char_array_functions
+    ["java::java.lang.String.valueOf:([C)Ljava/lang/String;"]=
+    ID_cprover_string_of_char_array_func;
+  string_of_char_array_functions
+    ["java::java.lang.String.copyValueOf:([CII)Ljava/lang/String;"]=
+    ID_cprover_string_of_char_array_func;
+  string_of_char_array_functions
+    ["java::java.lang.String.copyValueOf:([C)Ljava/lang/String;"]=
+    ID_cprover_string_of_char_array_func;
+
+  c_string_functions["__CPROVER_uninterpreted_string_literal_func"]=
+    ID_cprover_string_literal_func;
+  c_string_functions["__CPROVER_uninterpreted_string_char_at_func"]=
+    ID_cprover_string_char_at_func;
+  c_string_functions["__CPROVER_uninterpreted_string_equal_func"]=
+    ID_cprover_string_equal_func;
+  c_string_functions["__CPROVER_uninterpreted_string_concat_func"]=
+    ID_cprover_string_concat_func;
+  c_string_functions["__CPROVER_uninterpreted_string_length_func"]=
+    ID_cprover_string_length_func;
+  c_string_functions["__CPROVER_uninterpreted_string_substring_func"]=
+    ID_cprover_string_substring_func;
+  c_string_functions["__CPROVER_uninterpreted_string_is_prefix_func"]=
+    ID_cprover_string_is_prefix_func;
+  c_string_functions["__CPROVER_uninterpreted_string_is_suffix_func"]=
+    ID_cprover_string_is_suffix_func;
+  c_string_functions["__CPROVER_uninterpreted_string_contains_func"]=
+    ID_cprover_string_contains_func;
+  c_string_functions["__CPROVER_uninterpreted_string_index_of_func"]=
+    ID_cprover_string_index_of_func;
+  c_string_functions["__CPROVER_uninterpreted_string_last_index_of_func"]=
+    ID_cprover_string_last_index_of_func;
+  c_string_functions["__CPROVER_uninterpreted_string_char_set_func"]=
+    ID_cprover_string_char_set_func;
+  c_string_functions["__CPROVER_uninterpreted_string_copy_func"]=
+    ID_cprover_string_copy_func;
+  c_string_functions["__CPROVER_uninterpreted_string_parse_int_func"]=
+    ID_cprover_string_parse_int_func;
+  c_string_functions["__CPROVER_uninterpreted_string_of_int_func"]=
+    ID_cprover_string_of_int_func;
+
+  signatures["java::java.lang.String.equals:(Ljava/lang/Object;)Z"]="SSZ";
+  signatures
+    ["java::java.lang.String.contains:(Ljava/lang/CharSequence;)Z"]=
+      "SSZ";
+}
+
+/*******************************************************************\
+
+Constructor: string_refine_preprocesst::string_refine_preprocesst
+
+     Inputs: a symbol table, goto functions, a message handler
+
+    Purpose: process the goto function by replacing calls to string functions
+
+\*******************************************************************/
+
+string_refine_preprocesst::string_refine_preprocesst(
+  symbol_tablet &_symbol_table,
+  goto_functionst &_goto_functions,
+  message_handlert &_message_handler):
+    messaget(_message_handler),
+    ns(_symbol_table),
+    symbol_table(_symbol_table),
+    goto_functions(_goto_functions),
+    next_symbol_id(0),
+    jls_ptr(symbol_typet("java::java.lang.String"))
+{
+  initialize_string_function_table();
+  Forall_goto_functions(it, goto_functions)
+    replace_string_calls(it);
+}
diff --git a/src/goto-programs/string_refine_preprocess.h b/src/goto-programs/string_refine_preprocess.h
new file mode 100644
index 00000000000..37e178f799a
--- /dev/null
+++ b/src/goto-programs/string_refine_preprocess.h
@@ -0,0 +1,215 @@
+/*******************************************************************\
+
+Module: Preprocess a goto-programs so that calls to the java String
+        library are recognized by the PASS algorithm
+
+Author: Romain Brenguier
+
+Date:   September 2016
+
+\*******************************************************************/
+
+#ifndef CPROVER_GOTO_PROGRAMS_STRING_REFINE_PREPROCESS_H
+#define CPROVER_GOTO_PROGRAMS_STRING_REFINE_PREPROCESS_H
+
+#include <goto-programs/goto_model.h>
+#include <util/ui_message.h>
+
+class string_refine_preprocesst:public messaget
+{
+ public:
+  string_refine_preprocesst(
+    symbol_tablet &, goto_functionst &, message_handlert &);
+
+ private:
+  namespacet ns;
+  symbol_tablet & symbol_table;
+  goto_functionst & goto_functions;
+
+  typedef std::unordered_map<irep_idt, irep_idt, irep_id_hash> id_mapt;
+  typedef std::unordered_map<exprt, exprt, irep_hash> expr_mapt;
+
+  // String builders maps the different names of a same StringBuilder object
+  // to a unique expression.
+  expr_mapt string_builders;
+
+  // Map name of Java string functions to there equivalent in the solver
+  id_mapt side_effect_functions;
+  id_mapt string_functions;
+  id_mapt c_string_functions;
+  id_mapt string_function_calls;
+  id_mapt string_of_char_array_functions;
+  id_mapt string_of_char_array_function_calls;
+  id_mapt side_effect_char_array_functions;
+
+  std::unordered_map<irep_idt, std::string, irep_id_hash> signatures;
+  expr_mapt hidden_strings;
+  expr_mapt java_to_cprover_strings;
+
+  // unique id for each newly created symbols
+  int next_symbol_id;
+
+  void initialize_string_function_table();
+
+  symbol_exprt fresh_array(
+    const typet &type, const source_locationt &location);
+  symbol_exprt fresh_string(
+    const typet &type, const source_locationt &location);
+
+  // get the data member of a java string
+  static exprt get_data(const exprt &string, const typet &data_type)
+  {
+    return member_exprt(string, "data", data_type);
+  }
+
+  // get the length member of a java string
+  exprt get_length(const exprt &string, const typet &length_type)
+  {
+    return member_exprt(string, "length", length_type);
+  }
+
+  // type of pointers to string
+  pointer_typet jls_ptr;
+  exprt replace_string(const exprt &in);
+  exprt replace_string_in_assign(const exprt &in);
+
+  void insert_assignments(
+    goto_programt &goto_program,
+    goto_programt::targett &target,
+    irep_idt function,
+    source_locationt location,
+    const std::list<code_assignt> &va);
+
+  exprt replace_string_pointer(const exprt &in);
+
+  // Replace string builders by expression of the mapping and make
+  // assignments for strings as string_exprt
+  exprt::operandst process_arguments(
+    goto_programt &goto_program,
+    goto_programt::targett &target,
+    const exprt::operandst &arguments,
+    const source_locationt &location,
+    const std::string &signature="");
+
+  // Signature of the named function if it is defined in the signature map,
+  // empty string otherwise
+  std::string function_signature(const irep_idt &function_id);
+
+  void declare_function(irep_idt function_name, const typet &type);
+
+  void get_data_and_length_type_of_string(
+    const exprt &expr, typet &data_type, typet &length_type);
+
+  function_application_exprt build_function_application(
+    const irep_idt &function_name,
+    const typet &type,
+    const source_locationt &location,
+    const exprt::operandst &arguments);
+
+  void make_normal_assign(
+    goto_programt &goto_program,
+    goto_programt::targett target,
+    const exprt &lhs,
+    const code_typet &function_type,
+    const irep_idt &function_name,
+    const exprt::operandst &arguments,
+    const source_locationt &location,
+    const std::string &signature="");
+
+  void make_string_assign(
+    goto_programt &goto_program,
+    goto_programt::targett &target,
+    const exprt &lhs,
+    const code_typet &function_type,
+    const irep_idt &function_name,
+    const exprt::operandst &arguments,
+    const source_locationt &location,
+    const std::string &signature);
+
+  void make_assign(
+    goto_programt &goto_program,
+    goto_programt::targett &target,
+    const exprt &lhs,
+    const code_typet &function_type,
+    const irep_idt &function_name,
+    const exprt::operandst &arg,
+    const source_locationt &loc,
+    const std::string &sig);
+
+  exprt make_cprover_string_assign(
+    goto_programt &goto_program,
+    goto_programt::targett &target,
+    const exprt &rhs,
+    const source_locationt &location);
+
+  void make_string_copy(
+    goto_programt &goto_program,
+    goto_programt::targett &target,
+    const exprt &lhs,
+    const exprt &argument,
+    const source_locationt &location);
+
+  void make_string_function(
+    goto_programt &goto_program,
+    goto_programt::targett &target,
+    const irep_idt &function_name,
+    const std::string &signature,
+    bool assign_first_arg=false,
+    bool skip_first_arg=false);
+
+  void make_string_function(
+    goto_programt &goto_program,
+    goto_programt::targett &target,
+    const exprt &lhs,
+    const code_typet &function_type,
+    const irep_idt &function_name,
+    const exprt::operandst &arguments,
+    const source_locationt &location,
+    const std::string &signature);
+
+  void make_string_function_call(
+    goto_programt &goto_program,
+    goto_programt::targett &target,
+    const irep_idt &function_name,
+    const std::string &signature);
+
+  void make_string_function_side_effect(
+    goto_programt &goto_program,
+    goto_programt::targett &target,
+    const irep_idt &function_name,
+    const std::string &signature);
+
+  void make_to_char_array_function(
+    goto_programt &goto_program, goto_programt::targett &);
+
+  exprt make_cprover_char_array_assign(
+    goto_programt &goto_program,
+    goto_programt::targett &target,
+    const exprt &rhs,
+    const source_locationt &location);
+
+  void make_char_array_function(
+    goto_programt &goto_program,
+    goto_programt::targett &target,
+    const irep_idt &function_name,
+    const std::string &signature,
+    std::size_t index,
+    bool assign_first_arg=false,
+    bool skip_first_arg=false);
+
+  void make_char_array_function_call(
+    goto_programt &goto_program,
+    goto_programt::targett &target,
+    const irep_idt &function_name,
+    const std::string &signature);
+
+  void make_char_array_side_effect(
+    goto_programt &goto_program,
+    goto_programt::targett &target,
+    const irep_idt &function_name,
+    const std::string &signature);
+
+  void replace_string_calls(goto_functionst::function_mapt::iterator f_it);
+};
+
+#endif
diff --git a/src/util/std_expr.h b/src/util/std_expr.h
index a2f78ab25e8..5c5856b4a9d 100644
--- a/src/util/std_expr.h
+++ b/src/util/std_expr.h
@@ -3450,6 +3450,19 @@ class function_application_exprt:public exprt
     operands().resize(2);
   }
 
+  explicit function_application_exprt(const typet &_type):
+    exprt(ID_function_application, _type)
+  {
+    operands().resize(2);
+  }
+
+  function_application_exprt(
+    const symbol_exprt &_function, const typet &_type):
+      function_application_exprt(_type) // NOLINT(runtime/explicit)
+  {
+    function()=_function;
+  }
+
   exprt &function()
   {
     return op0();

From 3a2e210d482e568f6114108ce28bf14aa43569ab Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Fri, 17 Feb 2017 13:10:40 +0000
Subject: [PATCH 129/699] Moving is_java_string_type functions to
 string_preprocess

This avoid dependencies between goto-programs and solver.

We also removed function is_unrefined_string_type which should not be needed in the string solver.

Removed also mention of java string types and unrefined types in the
solver. These mentions should
not be necessary, since we are not supposed to do anything java
specific. The solver should only have to deal with refined string
types and possibly char arrays.
---
 .../string_refine_preprocess.cpp              | 146 ++++++++++++++++--
 src/goto-programs/string_refine_preprocess.h  |  10 ++
 .../refinement/refined_string_type.cpp        |  95 ------------
 src/solvers/refinement/refined_string_type.h  |  36 +----
 .../string_constraint_generator_constants.cpp |   2 +-
 .../string_constraint_generator_indexof.cpp   |  20 ++-
 .../string_constraint_generator_main.cpp      |   4 +-
 src/solvers/refinement/string_refinement.cpp  |   6 +-
 8 files changed, 166 insertions(+), 153 deletions(-)

diff --git a/src/goto-programs/string_refine_preprocess.cpp b/src/goto-programs/string_refine_preprocess.cpp
index c4dc1a92960..b14153c26c1 100644
--- a/src/goto-programs/string_refine_preprocess.cpp
+++ b/src/goto-programs/string_refine_preprocess.cpp
@@ -22,7 +22,125 @@ Date:   September 2016
 
 #include "string_refine_preprocess.h"
 
-/*******************************************************************    \
+/*******************************************************************\
+
+Function: string_refine_preprocesst::is_java_string_pointer_type
+
+  Inputs: a type
+
+ Outputs: Boolean telling whether the type is that of java string pointers
+
+\*******************************************************************/
+
+bool string_refine_preprocesst::is_java_string_pointer_type(const typet &type)
+{
+  if(type.id()==ID_pointer)
+  {
+    const pointer_typet &pt=to_pointer_type(type);
+    const typet &subtype=pt.subtype();
+    return is_java_string_type(subtype);
+  }
+  return false;
+}
+
+/*******************************************************************\
+
+Function: string_refine_preprocesst::is_java_string_type
+
+  Inputs: a type
+
+ Outputs: Boolean telling whether the type is that of java string
+
+\*******************************************************************/
+
+bool string_refine_preprocesst::is_java_string_type(const typet &type)
+{
+  if(type.id()==ID_symbol)
+  {
+    const irep_idt &tag=to_symbol_type(type).get_identifier();
+    return tag=="java::java.lang.String";
+  }
+  else if(type.id()==ID_struct)
+  {
+    const irep_idt &tag=to_struct_type(type).get_tag();
+    return tag=="java.lang.String";
+  }
+  return false;
+}
+
+/*******************************************************************\
+
+Function: string_refine_preprocesst::is_java_string_builder_type
+
+  Inputs: a type
+
+ Outputs: Boolean telling whether the type is that of java string builder
+
+\*******************************************************************/
+
+bool string_refine_preprocesst::is_java_string_builder_type(const typet &type)
+{
+  if(type.id()==ID_pointer)
+  {
+    const pointer_typet &pt=to_pointer_type(type);
+    const typet &subtype=pt.subtype();
+    if(subtype.id()==ID_struct)
+    {
+      const irep_idt &tag=to_struct_type(subtype).get_tag();
+      return tag=="java.lang.StringBuilder";
+    }
+  }
+  return false;
+}
+
+/*******************************************************************\
+
+Function: string_refine_preprocesst::is_java_string_builder_pointer_type
+
+  Inputs: a type
+
+ Outputs: Boolean telling whether the type is that of java StringBuilder
+          pointers
+
+\*******************************************************************/
+
+bool string_refine_preprocesst::is_java_string_builder_pointer_type(
+  const typet &type)
+{
+  if(type.id()==ID_pointer)
+  {
+    const pointer_typet &pt=to_pointer_type(type);
+    const typet &subtype=pt.subtype();
+    return is_java_string_builder_type(subtype);
+  }
+  return false;
+}
+/*******************************************************************\
+
+Function: string_refine_preprocesst::is_java_char_sequence_type
+
+  Inputs: a type
+
+ Outputs: Boolean telling whether the type is that of java char sequence
+
+\*******************************************************************/
+
+bool string_refine_preprocesst::is_java_char_sequence_type(const typet &type)
+{
+  if(type.id()==ID_pointer)
+  {
+    const pointer_typet &pt=to_pointer_type(type);
+    const typet &subtype=pt.subtype();
+    if(subtype.id()==ID_struct)
+    {
+      const irep_idt &tag=to_struct_type(subtype).get_tag();
+      return tag=="java.lang.CharSequence";
+    }
+  }
+  return false;
+}
+
+/*******************************************************************\
 
 Function: string_refine_preprocesst::fresh_array
 
@@ -114,8 +232,8 @@ Function: string_refine_preprocesst::get_data_and_length_type_of_string
 void string_refine_preprocesst::get_data_and_length_type_of_string(
   const exprt &expr, typet &data_type, typet &length_type)
 {
-  assert(refined_string_typet::is_java_string_type(expr.type()) ||
-         refined_string_typet::is_java_string_builder_type(expr.type()));
+  assert(is_java_string_type(expr.type()) ||
+         is_java_string_builder_type(expr.type()));
   typet object_type=ns.follow(expr.type());
   const struct_typet &struct_type=to_struct_type(object_type);
   for(const auto &component : struct_type.components())
@@ -146,7 +264,7 @@ exprt string_refine_preprocesst::make_cprover_string_assign(
   const exprt &rhs,
   const source_locationt &location)
 {
-  if(refined_string_typet::is_java_string_pointer_type(rhs.type()))
+  if(is_java_string_pointer_type(rhs.type()))
   {
     auto pair=java_to_cprover_strings.insert(
       std::pair<exprt, exprt>(rhs, nil_exprt()));
@@ -183,7 +301,7 @@ exprt string_refine_preprocesst::make_cprover_string_assign(
     return pair.first->second;
   }
   else if(rhs.id()==ID_typecast &&
-          refined_string_typet::is_java_string_pointer_type(rhs.op0().type()))
+          is_java_string_pointer_type(rhs.op0().type()))
   {
     exprt new_rhs=make_cprover_string_assign(
       goto_program, target, rhs.op0(), location);
@@ -303,8 +421,7 @@ void string_refine_preprocesst::make_string_assign(
   const source_locationt &location,
   const std::string &signature)
 {
-  assert(refined_string_typet::is_java_string_pointer_type(
-           function_type.return_type()));
+  assert(is_java_string_pointer_type(function_type.return_type()));
   dereference_exprt deref(lhs, lhs.type().subtype());
   typet object_type=ns.follow(deref.type());
   exprt object_size=size_of_expr(object_type, ns);
@@ -371,8 +488,7 @@ void string_refine_preprocesst::make_assign(
   const source_locationt &loc,
   const std::string &sig)
 {
-  if(refined_string_typet::is_java_string_pointer_type(
-       function_type.return_type()))
+  if(is_java_string_pointer_type(function_type.return_type()))
     make_string_assign(
       goto_program, target, lhs, function_type, function_name, arg, loc, sig);
   else
@@ -404,8 +520,8 @@ void string_refine_preprocesst::make_string_copy(
   const source_locationt &location)
 {
   // TODO : treat CharSequence and StringBuffer
-  assert(refined_string_typet::is_java_string_pointer_type(lhs.type()) ||
-         refined_string_typet::is_java_string_builder_pointer_type(lhs.type()));
+  assert(is_java_string_pointer_type(lhs.type()) ||
+         is_java_string_builder_pointer_type(lhs.type()));
   exprt deref=dereference_exprt(lhs, lhs.type().subtype());
 
   typet length_type, data_type;
@@ -451,8 +567,7 @@ void string_refine_preprocesst::make_string_function(
   const source_locationt &location,
   const std::string &signature)
 {
-  if(refined_string_typet::is_java_string_pointer_type(
-       function_type.return_type()))
+  if(is_java_string_pointer_type(function_type.return_type()))
     make_string_assign(
       goto_program,
       target,
@@ -633,8 +748,7 @@ void string_refine_preprocesst::make_to_char_array_function(
 
   assert(!function_call.arguments().empty());
   const exprt &string_argument=function_call.arguments()[0];
-  assert(refined_string_typet::is_java_string_pointer_type(
-           string_argument.type()));
+  assert(is_java_string_pointer_type(string_argument.type()));
 
   dereference_exprt deref(string_argument, string_argument.type().subtype());
   typet length_type, data_type;
@@ -870,7 +984,7 @@ exprt::operandst string_refine_preprocesst::process_arguments(
       {
         while(arg.id()==ID_typecast)
           arg=arg.op0();
-        if(!refined_string_typet::is_java_string_type(arg.type()))
+        if(!is_java_string_type(arg.type()))
           arg=typecast_exprt(arg, jls_ptr);
       }
       exprt arg2=make_cprover_string_assign(
diff --git a/src/goto-programs/string_refine_preprocess.h b/src/goto-programs/string_refine_preprocess.h
index 37e178f799a..613d0161926 100644
--- a/src/goto-programs/string_refine_preprocess.h
+++ b/src/goto-programs/string_refine_preprocess.h
@@ -51,6 +51,16 @@ class string_refine_preprocesst:public messaget
 
   void initialize_string_function_table();
 
+  static bool is_java_string_pointer_type(const typet &type);
+
+  static bool is_java_string_type(const typet &type);
+
+  static bool is_java_string_builder_type(const typet &type);
+
+  static bool is_java_string_builder_pointer_type(const typet &type);
+
+  static bool is_java_char_sequence_type(const typet &type);
+
   symbol_exprt fresh_array(
     const typet &type, const source_locationt &location);
   symbol_exprt fresh_string(
diff --git a/src/solvers/refinement/refined_string_type.cpp b/src/solvers/refinement/refined_string_type.cpp
index 012d30eb8de..3362c71e0db 100644
--- a/src/solvers/refinement/refined_string_type.cpp
+++ b/src/solvers/refinement/refined_string_type.cpp
@@ -48,98 +48,3 @@ bool refined_string_typet::is_c_string_type(const typet &type)
     to_struct_type(type).get_tag()==CPROVER_PREFIX"string";
 }
 
-/*******************************************************************\
-
-Function: refined_string_typet::is_java_string_pointer_type
-
-  Inputs: a type
-
- Outputs: Boolean telling whether the type is that of java string pointers
-
-\*******************************************************************/
-
-bool refined_string_typet::is_java_string_pointer_type(const typet &type)
-{
-  if(type.id()==ID_pointer)
-  {
-    const pointer_typet &pt=to_pointer_type(type);
-    const typet &subtype=pt.subtype();
-    return is_java_string_type(subtype);
-  }
-  return false;
-}
-
-/*******************************************************************\
-
-Function: refined_string_typet::is_java_string_type
-
-  Inputs: a type
-
- Outputs: Boolean telling whether the type is that of java string
-
-\*******************************************************************/
-
-bool refined_string_typet::is_java_string_type(const typet &type)
-{
-  if(type.id()==ID_symbol)
-  {
-    irep_idt tag=to_symbol_type(type).get_identifier();
-    return tag=="java::java.lang.String";
-  }
-  else if(type.id()==ID_struct)
-  {
-    irep_idt tag=to_struct_type(type).get_tag();
-    return tag=="java.lang.String";
-  }
-  return false;
-}
-
-/*******************************************************************\
-
-Function: refined_string_typet::is_java_string_builder_type
-
-  Inputs: a type
-
- Outputs: Boolean telling whether the type is that of java string builder
-
-\*******************************************************************/
-
-bool refined_string_typet::is_java_string_builder_type(const typet &type)
-{
-  if(type.id()==ID_pointer)
-  {
-    const pointer_typet &pt=to_pointer_type(type);
-    const typet &subtype=pt.subtype();
-    if(subtype.id()==ID_struct)
-    {
-      irep_idt tag=to_struct_type(subtype).get_tag();
-      return tag=="java.lang.StringBuilder";
-    }
-  }
-  return false;
-}
-
-/*******************************************************************\
-
-Function: refined_string_typet::is_java_char_sequence_type
-
-  Inputs: a type
-
- Outputs: Boolean telling whether the type is that of java char sequence
-
-\*******************************************************************/
-
-bool refined_string_typet::is_java_char_sequence_type(const typet &type)
-{
-  if(type.id()==ID_pointer)
-  {
-    const pointer_typet &pt=to_pointer_type(type);
-    const typet &subtype=pt.subtype();
-    if(subtype.id()==ID_struct)
-    {
-      const irep_idt &tag=to_struct_type(subtype).get_tag();
-      return tag=="java.lang.CharSequence";
-    }
-  }
-  return false;
-}
diff --git a/src/solvers/refinement/refined_string_type.h b/src/solvers/refinement/refined_string_type.h
index 3ecc0ac3a9f..3b36b19e826 100644
--- a/src/solvers/refinement/refined_string_type.h
+++ b/src/solvers/refinement/refined_string_type.h
@@ -33,41 +33,20 @@ class refined_string_typet: public struct_typet
 
   const typet &get_char_type() const
   {
-    assert(components().size()==2);
-    return components()[0].type();
+    return get_content_type().subtype();
   }
 
   const typet &get_index_type() const
   {
-    return get_content_type().size().type();
+    assert(components().size()==2);
+    return components()[0].type();
   }
 
-  // For C the unrefined string type is __CPROVER_string, for java it is a
-  // pointer to a struct with tag java.lang.String
+  // For C the unrefined string type is __CPROVER_string
 
   static bool is_c_string_type(const typet &type);
 
-  static bool is_java_string_pointer_type(const typet &type);
-
-  static bool is_java_string_type(const typet &type);
-
-  static bool is_java_string_builder_type(const typet &type);
-
-  static bool is_java_char_sequence_type(const typet &type);
-
-  static bool is_unrefined_string_type(const typet &type)
-  {
-    return (
-      is_c_string_type(type) ||
-      is_java_string_pointer_type(type) ||
-      is_java_string_builder_type(type) ||
-      is_java_char_sequence_type(type));
-  }
-
-  static bool is_unrefined_string(const exprt &expr)
-  {
-    return (is_unrefined_string_type(expr.type()));
-  }
+  static bool is_refined_string_type(const typet &type);
 
   constant_exprt index_of_int(int i) const
   {
@@ -75,9 +54,10 @@ class refined_string_typet: public struct_typet
   }
 };
 
-const refined_string_typet &to_refined_string_type(const typet &type)
+extern inline const refined_string_typet &to_refined_string_type(
+  const typet &type)
 {
-  assert(type.id()==ID_struct);
+  assert(refined_string_typet::is_refined_string_type(type));
   return static_cast<const refined_string_typet &>(type);
 }
 
diff --git a/src/solvers/refinement/string_constraint_generator_constants.cpp b/src/solvers/refinement/string_constraint_generator_constants.cpp
index 90769747949..64ffabfd266 100644
--- a/src/solvers/refinement/string_constraint_generator_constants.cpp
+++ b/src/solvers/refinement/string_constraint_generator_constants.cpp
@@ -132,7 +132,7 @@ string_exprt string_constraint_generatort::add_axioms_from_literal(
   else
   {
     // Java string constant
-    assert(refined_string_typet::is_unrefined_string_type(arg.type()));
+    assert(arg.id()==ID_symbol);
     const exprt &s=arg.op0();
 
     // It seems the value of the string is lost,
diff --git a/src/solvers/refinement/string_constraint_generator_indexof.cpp b/src/solvers/refinement/string_constraint_generator_indexof.cpp
index 93db048458b..283de683bd6 100644
--- a/src/solvers/refinement/string_constraint_generator_indexof.cpp
+++ b/src/solvers/refinement/string_constraint_generator_indexof.cpp
@@ -186,14 +186,16 @@ exprt string_constraint_generatort::add_axioms_for_index_of(
   else
     assert(false);
 
-  if(refined_string_typet::is_java_string_pointer_type(c.type()))
+  if(c.type().id()==ID_unsignedbv)
+  {
+    return add_axioms_for_index_of(
+      str, typecast_exprt(c, ref_type.get_char_type()), from_index);
+  }
+  else
   {
     string_exprt sub=add_axioms_for_string_expr(c);
     return add_axioms_for_index_of_string(str, sub, from_index);
   }
-  else
-    return add_axioms_for_index_of(
-      str, typecast_exprt(c, ref_type.get_char_type()), from_index);
 }
 
 exprt string_constraint_generatort::add_axioms_for_last_index_of(
@@ -280,12 +282,14 @@ exprt string_constraint_generatort::add_axioms_for_last_index_of(
   else
     assert(false);
 
-  if(refined_string_typet::is_java_string_pointer_type(c.type()))
+  if(c.type().id()==ID_unsignedbv)
+  {
+    return add_axioms_for_last_index_of(
+      str, typecast_exprt(c, ref_type.get_char_type()), from_index);
+  }
+  else
   {
     string_exprt sub=add_axioms_for_string_expr(c);
     return add_axioms_for_last_index_of_string(str, sub, from_index);
   }
-  else
-    return add_axioms_for_last_index_of(
-      str, typecast_exprt(c, ref_type.get_char_type()), from_index);
 }
diff --git a/src/solvers/refinement/string_constraint_generator_main.cpp b/src/solvers/refinement/string_constraint_generator_main.cpp
index 5a269e5ad3b..0179a2fcb61 100644
--- a/src/solvers/refinement/string_constraint_generator_main.cpp
+++ b/src/solvers/refinement/string_constraint_generator_main.cpp
@@ -215,10 +215,10 @@ string_exprt string_constraint_generatort::add_axioms_for_if(
   const if_exprt &expr)
 {
   assert(
-    refined_string_typet::is_unrefined_string_type(expr.true_case().type()));
+    refined_string_typet::is_c_string_type(expr.true_case().type()));
   string_exprt t=add_axioms_for_string_expr(expr.true_case());
   assert(
-    refined_string_typet::is_unrefined_string_type(expr.false_case().type()));
+    refined_string_typet::is_c_string_type(expr.false_case().type()));
   string_exprt f=add_axioms_for_string_expr(expr.false_case());
   const refined_string_typet &ref_type=to_refined_string_type(t.type());
   const typet &index_type=ref_type.get_index_type();
diff --git a/src/solvers/refinement/string_refinement.cpp b/src/solvers/refinement/string_refinement.cpp
index 16b89bc43c8..db9a2c460cc 100644
--- a/src/solvers/refinement/string_refinement.cpp
+++ b/src/solvers/refinement/string_refinement.cpp
@@ -146,7 +146,7 @@ bvt string_refinementt::convert_symbol(const exprt &expr)
   const irep_idt &identifier=expr.get(ID_identifier);
   assert(!identifier.empty());
 
-  if(refined_string_typet::is_unrefined_string_type(type))
+  if(refined_string_typet::is_refined_string_type(type))
   {
     string_exprt str=
       generator.find_or_add_string_of_symbol(to_symbol_expr(expr));
@@ -216,7 +216,7 @@ bool string_refinementt::boolbv_set_equality_to_true(const equal_exprt &expr)
     if(expr.rhs().id()==ID_typecast)
     {
       exprt uncast=to_typecast_expr(expr.rhs()).op();
-      if(refined_string_typet::is_unrefined_string_type(uncast.type()))
+      if(refined_string_typet::is_refined_string_type(uncast.type()))
       {
         debug() << "(sr) detected casted string" << eom;
         symbol_exprt sym=to_symbol_expr(expr.lhs());
@@ -225,7 +225,7 @@ bool string_refinementt::boolbv_set_equality_to_true(const equal_exprt &expr)
       }
     }
 
-    if(refined_string_typet::is_unrefined_string_type(type))
+    if(refined_string_typet::is_refined_string_type(type))
     {
       symbol_exprt sym=to_symbol_expr(expr.lhs());
       generator.set_string_symbol_equal_to_expr(sym, expr.rhs());

From 70af9ce6148e03ed7c2179642486651db06ff47f Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Fri, 24 Feb 2017 11:02:55 +0000
Subject: [PATCH 130/699] Moving refined_string_type to util

This is a more appropriate location for this module since it's used
both in the preprocessing of goto-programs and the string solver.
---
 src/goto-programs/string_refine_preprocess.cpp           | 3 +--
 src/solvers/refinement/string_constraint.h               | 2 +-
 src/solvers/refinement/string_constraint_generator.h     | 2 +-
 src/{solvers/refinement => util}/refined_string_type.cpp | 0
 src/{solvers/refinement => util}/refined_string_type.h   | 4 ++--
 5 files changed, 5 insertions(+), 6 deletions(-)
 rename src/{solvers/refinement => util}/refined_string_type.cpp (100%)
 rename src/{solvers/refinement => util}/refined_string_type.h (93%)

diff --git a/src/goto-programs/string_refine_preprocess.cpp b/src/goto-programs/string_refine_preprocess.cpp
index b14153c26c1..ec02988d577 100644
--- a/src/goto-programs/string_refine_preprocess.cpp
+++ b/src/goto-programs/string_refine_preprocess.cpp
@@ -14,10 +14,9 @@ Date:   September 2016
 #include <util/pointer_offset_size.h>
 #include <util/prefix.h>
 #include <util/string_expr.h>
+#include <util/refined_string_type.h>
 #include <util/fresh_symbol.h>
 #include <goto-programs/class_identifier.h>
-// TODO: refined_string_type should be moved to util
-#include <solvers/refinement/refined_string_type.h>
 #include <java_bytecode/java_types.h>
 
 #include "string_refine_preprocess.h"
diff --git a/src/solvers/refinement/string_constraint.h b/src/solvers/refinement/string_constraint.h
index 61a6f3ebdd6..4b8d1229e09 100644
--- a/src/solvers/refinement/string_constraint.h
+++ b/src/solvers/refinement/string_constraint.h
@@ -15,7 +15,7 @@ Author: Romain Brenguier, romain.brenguier@diffblue.com
 
 #include <langapi/language_ui.h>
 #include <solvers/refinement/bv_refinement.h>
-#include <solvers/refinement/refined_string_type.h>
+#include <util/refined_string_type.h>
 
 class string_constraintt: public exprt
 {
diff --git a/src/solvers/refinement/string_constraint_generator.h b/src/solvers/refinement/string_constraint_generator.h
index 2a56f09fddd..ed898cb9a18 100644
--- a/src/solvers/refinement/string_constraint_generator.h
+++ b/src/solvers/refinement/string_constraint_generator.h
@@ -14,7 +14,7 @@ Author: Romain Brenguier, romain.brenguier@diffblue.com
 #define CPROVER_SOLVERS_REFINEMENT_STRING_CONSTRAINT_GENERATOR_H
 
 #include <util/string_expr.h>
-#include <solvers/refinement/refined_string_type.h>
+#include <util/refined_string_type.h>
 #include <solvers/refinement/string_constraint.h>
 
 class string_constraint_generatort
diff --git a/src/solvers/refinement/refined_string_type.cpp b/src/util/refined_string_type.cpp
similarity index 100%
rename from src/solvers/refinement/refined_string_type.cpp
rename to src/util/refined_string_type.cpp
diff --git a/src/solvers/refinement/refined_string_type.h b/src/util/refined_string_type.h
similarity index 93%
rename from src/solvers/refinement/refined_string_type.h
rename to src/util/refined_string_type.h
index 3b36b19e826..477b00139ed 100644
--- a/src/solvers/refinement/refined_string_type.h
+++ b/src/util/refined_string_type.h
@@ -10,8 +10,8 @@ Author: Romain Brenguier, romain.brenguier@diffblue.com
 
 \*******************************************************************/
 
-#ifndef CPROVER_SOLVERS_REFINEMENT_REFINED_STRING_TYPE_H
-#define CPROVER_SOLVERS_REFINEMENT_REFINED_STRING_TYPE_H
+#ifndef CPROVER_UTIL_REFINED_STRING_TYPE_H
+#define CPROVER_UTIL_REFINED_STRING_TYPE_H
 
 #include <util/std_types.h>
 #include <util/std_expr.h>

From 2929d7f04a77c3a805c61e09d19c1a9d99423411 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Mon, 27 Feb 2017 11:14:11 +0000
Subject: [PATCH 131/699] Removed distinction between c string type and refined
 string type

---
 src/util/refined_string_type.cpp | 9 +++++----
 src/util/refined_string_type.h   | 4 ----
 2 files changed, 5 insertions(+), 8 deletions(-)

diff --git a/src/util/refined_string_type.cpp b/src/util/refined_string_type.cpp
index 3362c71e0db..0625149cf83 100644
--- a/src/util/refined_string_type.cpp
+++ b/src/util/refined_string_type.cpp
@@ -29,22 +29,23 @@ refined_string_typet::refined_string_typet(
   array_typet char_array(char_type, infinite_index);
   components().emplace_back("length", index_type);
   components().emplace_back("content", char_array);
+  set_tag(CPROVER_PREFIX"refined_string_type");
 }
 
 /*******************************************************************\
 
-Function: refined_string_typet::is_c_string_type
+Function: refined_string_typet::is_refined_string_type
 
   Inputs: a type
 
- Outputs: Boolean telling whether the type is that of C strings
+ Outputs: Boolean telling whether the input is a refined string type
 
 \*******************************************************************/
 
-bool refined_string_typet::is_c_string_type(const typet &type)
+bool refined_string_typet::is_refined_string_type(const typet &type)
 {
   return
     type.id()==ID_struct &&
-    to_struct_type(type).get_tag()==CPROVER_PREFIX"string";
+    to_struct_type(type).get_tag()==CPROVER_PREFIX"refined_string_type";
 }
 
diff --git a/src/util/refined_string_type.h b/src/util/refined_string_type.h
index 477b00139ed..a0cb7500e7f 100644
--- a/src/util/refined_string_type.h
+++ b/src/util/refined_string_type.h
@@ -42,10 +42,6 @@ class refined_string_typet: public struct_typet
     return components()[0].type();
   }
 
-  // For C the unrefined string type is __CPROVER_string
-
-  static bool is_c_string_type(const typet &type);
-
   static bool is_refined_string_type(const typet &type);
 
   constant_exprt index_of_int(int i) const

From 5cb0e5e09eac930280c6aa53a0c6be0410700820 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Mon, 27 Feb 2017 11:14:21 +0000
Subject: [PATCH 132/699] Removed mention of c string type

Refined string type should be used instead as we are trying to be
language independent.
---
 src/solvers/refinement/string_constraint_generator_main.cpp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/solvers/refinement/string_constraint_generator_main.cpp b/src/solvers/refinement/string_constraint_generator_main.cpp
index 0179a2fcb61..7fe510c2e35 100644
--- a/src/solvers/refinement/string_constraint_generator_main.cpp
+++ b/src/solvers/refinement/string_constraint_generator_main.cpp
@@ -215,10 +215,10 @@ string_exprt string_constraint_generatort::add_axioms_for_if(
   const if_exprt &expr)
 {
   assert(
-    refined_string_typet::is_c_string_type(expr.true_case().type()));
+    refined_string_typet::is_refined_string_type(expr.true_case().type()));
   string_exprt t=add_axioms_for_string_expr(expr.true_case());
   assert(
-    refined_string_typet::is_c_string_type(expr.false_case().type()));
+    refined_string_typet::is_refined_string_type(expr.false_case().type()));
   string_exprt f=add_axioms_for_string_expr(expr.false_case());
   const refined_string_typet &ref_type=to_refined_string_type(t.type());
   const typet &index_type=ref_type.get_index_type();

From 72ad6ad81ee9e8477390ed64f9836a671fdbc4c7 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Tue, 7 Feb 2017 11:11:47 +0000
Subject: [PATCH 133/699] Making add_string_type more generic

The class_name is now passed as argument so that we can reuse this
function for StringBuilder and other "String-like" classes.
---
 .../java_bytecode_convert_class.cpp           | 27 +++++++++++++------
 1 file changed, 19 insertions(+), 8 deletions(-)

diff --git a/src/java_bytecode/java_bytecode_convert_class.cpp b/src/java_bytecode/java_bytecode_convert_class.cpp
index f21b0bb1ce2..7f52c6ef77b 100644
--- a/src/java_bytecode/java_bytecode_convert_class.cpp
+++ b/src/java_bytecode/java_bytecode_convert_class.cpp
@@ -50,7 +50,16 @@ class java_bytecode_convert_classt:public messaget
       convert(parse_tree.parsed_class);
     else if(string_refinement_enabled &&
             parse_tree.parsed_class.name=="java.lang.String")
-      add_string_type();
+      add_string_type("java.lang.String");
+    else if(string_refinement_enabled &&
+            parse_tree.parsed_class.name=="java.lang.StringBuilder")
+      add_string_type("java.lang.StringBuilder");
+    else if(string_refinement_enabled &&
+            parse_tree.parsed_class.name=="java.lang.CharSequence")
+      add_string_type("java.lang.CharSequence");
+    else if(string_refinement_enabled &&
+            parse_tree.parsed_class.name=="java.lang.StringBuffer")
+      add_string_type("java.lang.StringBuffer");
     else
       generate_class_stub(parse_tree.parsed_class.name);
   }
@@ -72,7 +81,7 @@ class java_bytecode_convert_classt:public messaget
 
   void generate_class_stub(const irep_idt &class_name);
   void add_array_types();
-  void add_string_type();
+  void add_string_type(const irep_idt &class_name);
 };
 
 /*******************************************************************\
@@ -406,15 +415,17 @@ bool java_bytecode_convert_class(
 
 Function: java_bytecode_convert_classt::add_string_type
 
+  Inputs: a name for the class such as "java.lang.String"
+
  Purpose: Implements the java.lang.String type in the case that
           we provide an internal implementation.
 
 \*******************************************************************/
 
-void java_bytecode_convert_classt::add_string_type()
+void java_bytecode_convert_classt::add_string_type(const irep_idt &class_name)
 {
   class_typet string_type;
-  string_type.set_tag("java.lang.String");
+  string_type.set_tag(class_name);
   string_type.components().resize(3);
   string_type.components()[0].set_name("@java.lang.Object");
   string_type.components()[0].set_pretty_name("@java.lang.Object");
@@ -432,8 +443,8 @@ void java_bytecode_convert_classt::add_string_type()
   string_type.add_base(symbol_typet("java::java.lang.Object"));
 
   symbolt string_symbol;
-  string_symbol.name="java::java.lang.String";
-  string_symbol.base_name="java.lang.String";
+  string_symbol.name="java::"+id2string(class_name);
+  string_symbol.base_name=id2string(class_name);
   string_symbol.type=string_type;
   string_symbol.is_type=true;
 
@@ -445,8 +456,8 @@ void java_bytecode_convert_classt::add_string_type()
   symbolt string_equals_symbol;
   string_equals_symbol.name=
     "java::java.lang.String.equals:(Ljava/lang/Object;)Z";
-  string_equals_symbol.base_name="java.lang.String.equals";
-  string_equals_symbol.pretty_name="java.lang.String.equals";
+  string_equals_symbol.base_name=id2string(class_name)+".equals";
+  string_equals_symbol.pretty_name=id2string(class_name)+".equals";
   string_equals_symbol.mode=ID_java;
 
   code_typet string_equals_type;

From c9ff379f11992cafc7a5be00875802f0bd6c7ef5 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Thu, 9 Mar 2017 15:02:08 +0000
Subject: [PATCH 134/699] new identifier for converting char pointer to array

---
 src/util/irep_ids.txt | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/util/irep_ids.txt b/src/util/irep_ids.txt
index b9d2d253538..1958522eaee 100644
--- a/src/util/irep_ids.txt
+++ b/src/util/irep_ids.txt
@@ -744,6 +744,7 @@ string_constraint
 string_not_contains_constraint
 cprover_char_literal_func
 cprover_string_literal_func
+cprover_string_array_of_char_pointer_func
 cprover_string_char_at_func
 cprover_string_char_set_func
 cprover_string_code_point_at_func

From a04dc21fc7d02eafb8fd4d792536707084acf93d Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Fri, 17 Feb 2017 13:18:54 +0000
Subject: [PATCH 135/699] Many corrections in preprocessing of strings

Better signatures and string detection

Better detection of string-like types and handling of char arrays

Changing the way we deal with string initialisation from array
Factorized part of type recognition and added StringBuilder and
CharSequence to the list of java classes that should be
considered as string.

Changed the way we deal with StringBuilders: instead of having a map
we add an assignment to the instructions.

We also detect char arrays and handle them better.
We now use substring and copy functions for initialisation from char
array since the argument are always
transformed into refined strings.

For each string returned by a string function we also add into the
java_string_to_cprover_string map a string_exprt.

Corrected detection of typecast in make_cprover_string_assign

Ensuring refined_string arguments of function applications are string_exprt

Correct string_refine_preprocesst constructor.
Order of initialisation is now the same as the order of
declaration.
This was picked up by g++ and clang.

Added signatures for some StringBuilder functions.

Removed map java_to_cprover_string and adapt signature for
side effects.
The usage of a map is not correct since strings can be modified by
side effects. Signature is necessary for StringBuilders to be assigned
in the right way with methods with side effects.

Assign all string_exprt to refined string symbols in preprocessing.
This makes it then easier to debug and to find
witnesses for counter examples in the solver.

Make signatures take priority over actual type and add signature
for intern.

Linting corrections

Adding malloc for char arrays for String.toCharArray

Fixing preprocessing of string function with side effect

This fixes problems we were getting with some StringBuilder functions.
The return value should contain a pointer to the original
StringBuilder and the fields of the StringBuilder should be filled
with the result of the function call.

Corrected mistake in preprocessing of string functions with side effects

char array assignements returns a string_exprt

This is to be uniform with other preprocessing functions also
returning string_exprt

Preprocessing for StringBuilder.append on char array

Corrected update of signature and commented out some unused code

Corrected the initialization from char array

We cannot use the substring function because the meaning of the third
argument is different between `String.<init>([CII)` and
`String.substring(SII)`

Using new id for conversion between char pointer and array

Cleaning of preprocessing for strings

Removed useless functions and merged some maps

Make a copy of the function call to be modified

Removed redeclaration of location
---
 .../string_refine_preprocess.cpp              | 797 +++++++++---------
 src/goto-programs/string_refine_preprocess.h  |  71 +-
 2 files changed, 416 insertions(+), 452 deletions(-)

diff --git a/src/goto-programs/string_refine_preprocess.cpp b/src/goto-programs/string_refine_preprocess.cpp
index ec02988d577..8403d4bf044 100644
--- a/src/goto-programs/string_refine_preprocess.cpp
+++ b/src/goto-programs/string_refine_preprocess.cpp
@@ -23,6 +23,32 @@ Date:   September 2016
 
 /*******************************************************************\
 
+Function: string_refine_preprocesst::check_java_type
+
+  Inputs: a type and a string
+
+ Outputs: Boolean telling whether the type is a struct with the given
+          tag or a symbolic type with the tag prefixed by "java::"
+
+\*******************************************************************/
+
+bool string_refine_preprocesst::check_java_type(
+  const typet &type, const std::string &tag)
+{
+  if(type.id()==ID_symbol)
+  {
+    irep_idt tag_id=to_symbol_type(type).get_identifier();
+    return tag_id=="java::"+tag;
+  }
+  else if(type.id()==ID_struct)
+  {
+    irep_idt tag_id=to_struct_type(type).get_tag();
+    return tag_id==tag;
+  }
+  return false;
+}
+/*******************************************************************\
+
 Function: string_refine_preprocesst::is_java_string_pointer_type
 
   Inputs: a type
@@ -54,17 +80,7 @@ Function: string_refine_preprocesst::is_java_string_type
 
 bool string_refine_preprocesst::is_java_string_type(const typet &type)
 {
-  if(type.id()==ID_symbol)
-  {
-    const irep_idt &tag=to_symbol_type(type).get_identifier();
-    return tag=="java::java.lang.String";
-  }
-  else if(type.id()==ID_struct)
-  {
-    const irep_idt &tag=to_struct_type(type).get_tag();
-    return tag=="java.lang.String";
-  }
-  return false;
+  return check_java_type(type, "java.lang.String");
 }
 
 /*******************************************************************\
@@ -79,17 +95,7 @@ Function: string_refine_preprocesst::is_java_string_builder_type
 
 bool string_refine_preprocesst::is_java_string_builder_type(const typet &type)
 {
-  if(type.id()==ID_pointer)
-  {
-    const pointer_typet &pt=to_pointer_type(type);
-    const typet &subtype=pt.subtype();
-    if(subtype.id()==ID_struct)
-    {
-      const irep_idt &tag=to_struct_type(subtype).get_tag();
-      return tag=="java.lang.StringBuilder";
-    }
-  }
-  return false;
+  return check_java_type(type, "java.lang.StringBuilder");
 }
 
 /*******************************************************************\
@@ -114,6 +120,7 @@ bool string_refine_preprocesst::is_java_string_builder_pointer_type(
   }
   return false;
 }
+
 /*******************************************************************\
 
 Function: string_refine_preprocesst::is_java_char_sequence_type
@@ -125,16 +132,67 @@ Function: string_refine_preprocesst::is_java_char_sequence_type
 \*******************************************************************/
 
 bool string_refine_preprocesst::is_java_char_sequence_type(const typet &type)
+{
+  return check_java_type(type, "java.lang.CharSequence");
+}
+
+/*******************************************************************\
+
+Function: string_refine_preprocesst::is_java_char_sequence_pointer_type
+
+  Inputs: a type
+
+ Outputs: Boolean telling whether the type is that of a pointer
+          to a java char sequence
+
+\*******************************************************************/
+
+bool string_refine_preprocesst::is_java_char_sequence_pointer_type(
+  const typet &type)
 {
   if(type.id()==ID_pointer)
   {
     const pointer_typet &pt=to_pointer_type(type);
     const typet &subtype=pt.subtype();
-    if(subtype.id()==ID_struct)
-    {
-      const irep_idt &tag=to_struct_type(subtype).get_tag();
-      return tag=="java.lang.CharSequence";
-    }
+    return is_java_char_sequence_type(subtype);
+  }
+  return false;
+}
+
+/*******************************************************************\
+
+Function: string_refine_preprocesst::is_java_char_array_type
+
+  Inputs: a type
+
+ Outputs: Boolean telling whether the type is that of java char array
+
+\*******************************************************************/
+
+bool string_refine_preprocesst::is_java_char_array_type(const typet &type)
+{
+  return check_java_type(type, "array[char]");
+}
+
+/*******************************************************************\
+
+Function: string_refine_preprocesst::is_java_char_array_pointer_type
+
+  Inputs: a type
+
+ Outputs: Boolean telling whether the type is that of a pointer
+          to a java char array
+
+\*******************************************************************/
+
+bool string_refine_preprocesst::is_java_char_array_pointer_type(
+  const typet &type)
+{
+  if(type.id()==ID_pointer)
+  {
+    const pointer_typet &pt=to_pointer_type(type);
+    const typet &subtype=pt.subtype();
+    return is_java_char_array_type(subtype);
   }
   return false;
 }
@@ -217,6 +275,32 @@ void string_refine_preprocesst::declare_function(
 
 /*******************************************************************\
 
+Function: string_refine_preprocesst::get_data_and_length_type_of_char_array
+
+  Inputs: an expression, a reference to a data type and a reference to a
+          length type
+
+ Purpose: assuming the expression is a char array, figure out what
+          the types for length and data are and put them into the references
+          given as argument
+
+\*******************************************************************/
+
+void string_refine_preprocesst::get_data_and_length_type_of_char_array(
+  const exprt &expr, typet &data_type, typet &length_type)
+{
+  typet object_type=ns.follow(expr.type());
+  assert(object_type.id()==ID_struct);
+  const struct_typet &struct_type=to_struct_type(object_type);
+  for(auto component : struct_type.components())
+    if(component.get_name()=="length")
+      length_type=component.type();
+    else if(component.get_name()=="data")
+      data_type=component.type();
+}
+
+/*******************************************************************\
+
 Function: string_refine_preprocesst::get_data_and_length_type_of_string
 
   Inputs: an expression, a reference to a data type and a reference to a
@@ -232,7 +316,8 @@ void string_refine_preprocesst::get_data_and_length_type_of_string(
   const exprt &expr, typet &data_type, typet &length_type)
 {
   assert(is_java_string_type(expr.type()) ||
-         is_java_string_builder_type(expr.type()));
+         is_java_string_builder_type(expr.type()) ||
+         is_java_char_sequence_type(expr.type()));
   typet object_type=ns.follow(expr.type());
   const struct_typet &struct_type=to_struct_type(object_type);
   for(const auto &component : struct_type.components())
@@ -263,44 +348,43 @@ exprt string_refine_preprocesst::make_cprover_string_assign(
   const exprt &rhs,
   const source_locationt &location)
 {
-  if(is_java_string_pointer_type(rhs.type()))
+  if(implements_java_char_sequence(rhs.type()))
   {
-    auto pair=java_to_cprover_strings.insert(
-      std::pair<exprt, exprt>(rhs, nil_exprt()));
-
-    if(pair.second)
-    {
-      // We do the following assignments:
-      // cprover_string_array = *(rhs->data)
-      // cprover_string = { rhs->length; cprover_string_array }
-
-      dereference_exprt deref(rhs, rhs.type().subtype());
-
-      typet data_type, length_type;
-      get_data_and_length_type_of_string(deref, data_type, length_type);
-      member_exprt length(deref, "length", length_type);
-      symbol_exprt array_lhs=fresh_array(data_type.subtype(), location);
-
-      // string expression for the rhs of the second assignment
-      string_exprt new_rhs(
-        length, array_lhs, refined_string_typet(length_type, data_type));
-
-      member_exprt data(deref, "data", data_type);
-      dereference_exprt deref_data(data, data_type.subtype());
-      symbol_exprt lhs=fresh_string(new_rhs.type(), location);
-
-      std::list<code_assignt> assignments;
-      assignments.emplace_back(array_lhs, deref_data);
-      assignments.emplace_back(lhs, new_rhs);
-      insert_assignments(
-        goto_program, target, target->function, location, assignments);
-      target=goto_program.insert_after(target);
-      pair.first->second=lhs;
-    }
-    return pair.first->second;
+    // We do the following assignments:
+    // 1 length= *(rhs->length)
+    // 2 cprover_string_array = *(rhs->data)
+    // 3 cprover_string = { length; cprover_string_array }
+
+    dereference_exprt deref(rhs, rhs.type().subtype());
+    typet data_type, length_type;
+    get_data_and_length_type_of_string(deref, data_type, length_type);
+    std::list<code_assignt> assignments;
+
+    // 1) cprover_string_length= *(rhs->length)
+    member_exprt length(deref, "length", length_type);
+
+    // 2) cprover_string_array = *(rhs->data)
+    symbol_exprt array_lhs=fresh_array(data_type.subtype(), location);
+    member_exprt data(deref, "data", data_type);
+    dereference_exprt deref_data(data, data_type.subtype());
+    assignments.emplace_back(array_lhs, deref_data);
+
+    // 3) cprover_string = { cprover_string_length; cprover_string_array }
+    // This assignment is useful for finding witnessing strings for counter
+    // examples
+    refined_string_typet ref_type(length_type, java_char_type());
+    string_exprt new_rhs(length, array_lhs, ref_type);
+
+    symbol_exprt lhs=fresh_string(new_rhs.type(), location);
+    assignments.emplace_back(lhs, new_rhs);
+
+    insert_assignments(
+      goto_program, target, target->function, location, assignments);
+    target=goto_program.insert_after(target);
+    return new_rhs;
   }
   else if(rhs.id()==ID_typecast &&
-          is_java_string_pointer_type(rhs.op0().type()))
+          implements_java_char_sequence(rhs.op0().type()))
   {
     exprt new_rhs=make_cprover_string_assign(
       goto_program, target, rhs.op0(), location);
@@ -312,6 +396,75 @@ exprt string_refine_preprocesst::make_cprover_string_assign(
 
 /*******************************************************************\
 
+Function: string_refine_preprocesst::make_cprover_char_array_assign
+
+  Inputs: a goto_program, a position in this program, an expression of
+          type char array pointer and a location
+
+ Outputs: a string expression
+
+ Purpose: Introduce a temporary variable for cprover strings;
+          returns the cprover_string corresponding to rhs
+
+\*******************************************************************/
+
+string_exprt string_refine_preprocesst::make_cprover_char_array_assign(
+  goto_programt &goto_program,
+  goto_programt::targett &target,
+  const exprt &rhs,
+  const source_locationt &location)
+{
+  assert(is_java_char_array_pointer_type(rhs.type()));
+
+  // We do the following assignments:
+  // deref=*(rhs->data)
+  // array= typecast(&deref);
+  // string={ rhs->length; array }
+
+  dereference_exprt deref(rhs, rhs.type().subtype());
+  typet length_type, data_type;
+  get_data_and_length_type_of_char_array(deref, data_type, length_type);
+  assert(data_type.id()==ID_pointer);
+  typet char_type=to_pointer_type(data_type).subtype();
+
+  refined_string_typet ref_type(length_type, java_char_type());
+  typet content_type=ref_type.get_content_type();
+  std::list<code_assignt> assignments;
+
+  // deref=*(rhs->data)
+  member_exprt array_rhs(deref, "data", data_type);
+  dereference_exprt deref_array(array_rhs, data_type.subtype());
+  symbolt sym_lhs_deref=get_fresh_aux_symbol(
+    data_type.subtype(),
+    "char_array_assign$deref",
+    "char_array_assign$deref",
+    location,
+    ID_java,
+    symbol_table);
+  symbol_exprt lhs_deref=sym_lhs_deref.symbol_expr();
+  assignments.emplace_back(lhs_deref, deref_array);
+
+  // array=convert_pointer_to_char_array(*rhs->data)
+  declare_function(ID_cprover_string_array_of_char_pointer_func, content_type);
+  function_application_exprt fun_app(symbol_exprt(
+    ID_cprover_string_array_of_char_pointer_func), content_type);
+  fun_app.arguments().push_back(deref_array);
+  symbol_exprt array=fresh_array(content_type, location);
+  assignments.emplace_back(array, fun_app);
+
+  // string={ rhs->length; string_array }
+  string_exprt new_rhs(get_length(deref, length_type), array, ref_type);
+  symbol_exprt lhs=fresh_string(ref_type, location);
+  assignments.emplace_back(lhs, new_rhs);
+
+  insert_assignments(
+    goto_program, target, target->function, location, assignments);
+  target=goto_program.insert_after(target);
+  return new_rhs;
+}
+
+/*******************************************************************\
+
 Function: string_refine_preprocesst::make_normal_assign
 
   Inputs: a goto_program, a position in this program, an expression lhs,
@@ -336,27 +489,19 @@ void string_refine_preprocesst::make_normal_assign(
   const source_locationt &location,
   const std::string &signature)
 {
-  if(function_name==ID_cprover_string_copy_func)
-  {
-    assert(!arguments.empty());
-    make_string_copy(goto_program, target, lhs, arguments[0], location);
-  }
-  else
-  {
-    function_application_exprt rhs(
-      symbol_exprt(function_name), function_type.return_type());
-    rhs.add_source_location()=location;
-    declare_function(function_name, function_type);
+  function_application_exprt rhs(
+    symbol_exprt(function_name), function_type.return_type());
+  rhs.add_source_location()=location;
+  declare_function(function_name, function_type);
 
-    exprt::operandst processed_arguments=process_arguments(
-      goto_program, target, arguments, location, signature);
-    rhs.arguments()=processed_arguments;
+  exprt::operandst processed_arguments=process_arguments(
+    goto_program, target, arguments, location, signature);
+  rhs.arguments()=processed_arguments;
 
-    code_assignt assignment(lhs, rhs);
-    assignment.add_source_location()=location;
-    target->make_assignment();
-    target->code=assignment;
-  }
+  code_assignt assignment(lhs, rhs);
+  assignment.add_source_location()=location;
+  target->make_assignment();
+  target->code=assignment;
 }
 
 /*******************************************************************\
@@ -420,7 +565,7 @@ void string_refine_preprocesst::make_string_assign(
   const source_locationt &location,
   const std::string &signature)
 {
-  assert(is_java_string_pointer_type(function_type.return_type()));
+  assert(implements_java_char_sequence(function_type.return_type()));
   dereference_exprt deref(lhs, lhs.type().subtype());
   typet object_type=ns.follow(deref.type());
   exprt object_size=size_of_expr(object_type, ns);
@@ -454,98 +599,22 @@ void string_refine_preprocesst::make_string_assign(
   malloc_expr.type()=pointer_typet(object_type);
   malloc_expr.add_source_location()=location;
 
+  refined_string_typet ref_type(length_type, data_type.subtype().subtype());
+  string_exprt str(tmp_length, tmp_array, ref_type);
+  symbol_exprt cprover_string_sym=fresh_string(ref_type, location);
+
   std::list<code_assignt> assigns;
   assigns.emplace_back(lhs, malloc_expr);
   assigns.emplace_back(tmp_length, rhs_length);
   assigns.emplace_back(lhs_length, tmp_length);
   assigns.emplace_back(tmp_array, rhs_data);
+  assigns.emplace_back(cprover_string_sym, str);
   assigns.emplace_back(lhs_data, address_of_exprt(tmp_array));
   insert_assignments(goto_program, target, target->function, location, assigns);
 }
 
 /*******************************************************************\
 
-Function: string_refine_preprocesst::make_assign
-
-  Inputs: a goto_program, a position in this program, an expression lhs,
-          a function type, a function name, a vector of arguments, a location
-          and a signature
-
- Purpose: assign the result of the function application to lhs,
-          in case the function type is string, it does a special assignment
-          using `make_string_assign`
-
-\*******************************************************************/
-
-void string_refine_preprocesst::make_assign(
-  goto_programt &goto_program,
-  goto_programt::targett &target,
-  const exprt &lhs,
-  const code_typet &function_type,
-  const irep_idt &function_name,
-  const exprt::operandst &arg,
-  const source_locationt &loc,
-  const std::string &sig)
-{
-  if(is_java_string_pointer_type(function_type.return_type()))
-    make_string_assign(
-      goto_program, target, lhs, function_type, function_name, arg, loc, sig);
-  else
-    make_normal_assign(
-      goto_program, target, lhs, function_type, function_name, arg, loc, sig);
-}
-
-/*******************************************************************\
-
-Function: string_refine_preprocesst::make_string_copy
-
-  Inputs: a goto_program, a position in this program, a lhs expression,
-          an argument expression and a location
-
- Outputs: an expression
-
- Purpose: replace the current instruction by:
-          > lhs->length=argument->length
-          > tmp_data=*(argument->data)
-          > lhs->data=&tmp_data
-
-\*******************************************************************/
-
-void string_refine_preprocesst::make_string_copy(
-  goto_programt &goto_program,
-  goto_programt::targett &target,
-  const exprt &lhs,
-  const exprt &argument,
-  const source_locationt &location)
-{
-  // TODO : treat CharSequence and StringBuffer
-  assert(is_java_string_pointer_type(lhs.type()) ||
-         is_java_string_builder_pointer_type(lhs.type()));
-  exprt deref=dereference_exprt(lhs, lhs.type().subtype());
-
-  typet length_type, data_type;
-  get_data_and_length_type_of_string(deref, data_type, length_type);
-
-  dereference_exprt deref_arg(argument, argument.type().subtype());
-  std::list<code_assignt> assignments;
-
-  exprt lhs_length=get_length(deref, length_type);
-  exprt rhs_length=get_length(deref_arg, length_type);
-  assignments.emplace_back(lhs_length, rhs_length);
-
-  symbol_exprt tmp_data=fresh_array(data_type.subtype(), location);
-  exprt rhs_data=get_data(deref_arg, data_type);
-  exprt lhs_data=get_data(deref, data_type);
-  assignments.emplace_back(
-    tmp_data, dereference_exprt(rhs_data, data_type.subtype()));
-  assignments.emplace_back(lhs_data, address_of_exprt(tmp_data));
-
-  insert_assignments(
-    goto_program, target, target->function, location, assignments);
-}
-
-/*******************************************************************\
-
 Function: string_refine_preprocesst::make_string_function
 
   Inputs: a position in a goto program, a function name, an expression lhs,
@@ -566,7 +635,36 @@ void string_refine_preprocesst::make_string_function(
   const source_locationt &location,
   const std::string &signature)
 {
-  if(is_java_string_pointer_type(function_type.return_type()))
+  if(signature.length()>0)
+  {
+    if(signature.back()=='S')
+    {
+      code_typet ft=function_type;
+      ft.return_type()=jls_ptr;
+      typecast_exprt lhs2(lhs, jls_ptr);
+
+      make_string_assign(
+        goto_program,
+        target,
+        lhs2,
+        ft,
+        function_name,
+        arguments,
+        location,
+         signature);
+    }
+    else
+      make_normal_assign(
+      goto_program,
+      target,
+      lhs,
+      function_type,
+      function_name,
+      arguments,
+      location,
+      signature);
+  }
+  else if(implements_java_char_sequence(function_type.return_type()))
     make_string_assign(
       goto_program,
       target,
@@ -597,9 +695,11 @@ Function: string_refine_preprocesst::make_string_function
  Purpose: at the current position replace `lhs=s.some_function(x,...)`
           by `lhs=function_name(s,x,...)`;
           option `assign_first_arg` uses `s` instead of `lhs` in the resulting
-          expression;
+          expression, Warning : it assumes that `s` is string-like
           option `skip_first_arg`, removes `s` from the arguments, ie `x` is
-          the first one
+          the first one;
+          arguments that are string (TODO: and char array) are replaced
+          by string_exprt
 
 \*******************************************************************/
 
@@ -635,11 +735,17 @@ void string_refine_preprocesst::make_string_function(
     new_type.parameters().push_back(function_type.parameters()[i]);
   }
 
+  std::string new_sig=signature;
   exprt lhs;
   if(assign_first_arg)
   {
     assert(!function_call.arguments().empty());
     lhs=function_call.arguments()[0];
+    std::size_t size=function_call.arguments().size();
+    if(signature.length()<=size)
+      new_sig.resize(size+1, '_');
+
+    new_sig.replace(size, 1, "S");
   }
   else
     lhs=function_call.lhs();
@@ -650,7 +756,7 @@ void string_refine_preprocesst::make_string_function(
   new_type.return_type()=lhs.type();
 
   make_string_function(
-    goto_program, target, lhs, new_type, function_name, args, loc, signature);
+    goto_program, target, lhs, new_type, function_name, args, loc, new_sig);
 }
 
 /*******************************************************************\
@@ -680,9 +786,11 @@ Function: string_refine_preprocesst::make_string_function_side_effect
 
   Inputs: a position in a goto program and a function name
 
- Purpose: at the current position, replace `r=s.some_function(x,...)`
-          by `s=function_name(s,x,...)` and add a correspondance from r
-          to s in the `string_builders` map
+ Purpose: at the current position, replace `r=s.some_function(x,...)` by
+          > tmp=function_name(x,...)
+          > s->data=tmp.data
+          > s->length=tmp.length
+          > r=s
 
 \*******************************************************************/
 
@@ -692,11 +800,48 @@ void string_refine_preprocesst::make_string_function_side_effect(
   const irep_idt &function_name,
   const std::string &signature)
 {
-  const code_function_callt function_call=to_code_function_call(target->code);
-  assert(!function_call.arguments().empty());
-  string_builders[function_call.lhs()]=function_call.arguments()[0];
-  make_string_function(
-    goto_program, target, function_name, signature, true, false);
+  code_function_callt function_call=to_code_function_call(target->code);
+  source_locationt loc=function_call.source_location();
+  std::list<code_assignt> assignments;
+  exprt lhs=function_call.lhs();
+  exprt s=function_call.arguments()[0];
+  code_typet function_type=to_code_type(function_call.type());
+
+  function_type.return_type()=s.type();
+
+  if(lhs.is_not_nil())
+  {
+    symbol_exprt tmp_string=fresh_string(lhs.type(), loc);
+
+    make_string_assign(
+      goto_program,
+      target,
+      tmp_string,
+      function_type,
+      function_name,
+      function_call.arguments(),
+      loc,
+      signature);
+    dereference_exprt deref_lhs(s, s.type().subtype());
+    typet data_type, length_type;
+    get_data_and_length_type_of_string(deref_lhs, data_type, length_type);
+    member_exprt lhs_data(deref_lhs, "data", data_type);
+    member_exprt lhs_length(deref_lhs, "length", length_type);
+    dereference_exprt deref_rhs(tmp_string, s.type().subtype());
+    member_exprt rhs_data(deref_rhs, "data", data_type);
+    member_exprt rhs_length(deref_rhs, "length", length_type);
+    assignments.emplace_back(lhs_length, rhs_length);
+    assignments.emplace_back(lhs_data, rhs_data);
+    assignments.emplace_back(lhs, s);
+    target=goto_program.insert_after(target);
+    insert_assignments(
+      goto_program, target, target->function, loc, assignments);
+  }
+  else
+  {
+    make_string_function(
+      goto_program, target, function_name, signature, true, false);
+  }
 }
 
 /*******************************************************************\
@@ -735,6 +880,7 @@ Function: string_refine_preprocesst::make_to_char_array_function
   Inputs: a goto program and a position in that goto program
 
  Purpose: at the given position replace `return_tmp0=s.toCharArray()` with:
+          > return_tmp0 = malloc(array[char]);
           > return_tmp0->data=&((s->data)[0])
           > return_tmp0->length=s->length
 
@@ -744,16 +890,36 @@ void string_refine_preprocesst::make_to_char_array_function(
   goto_programt &goto_program, goto_programt::targett &target)
 {
   const code_function_callt &function_call=to_code_function_call(target->code);
+  source_locationt location=function_call.source_location();
 
-  assert(!function_call.arguments().empty());
+  assert(function_call.arguments().size()>=1);
   const exprt &string_argument=function_call.arguments()[0];
   assert(is_java_string_pointer_type(string_argument.type()));
 
+  typet deref_type=function_call.lhs().type().subtype();
+  const exprt &lhs=function_call.lhs();
+  dereference_exprt deref_lhs(lhs, deref_type);
+
   dereference_exprt deref(string_argument, string_argument.type().subtype());
   typet length_type, data_type;
   get_data_and_length_type_of_string(deref, data_type, length_type);
   std::list<code_assignt> assignments;
 
+  // lhs=malloc(array[char])
+  typet object_type=ns.follow(deref_type);
+  exprt object_size=size_of_expr(object_type, ns);
+
+  if(object_size.is_nil())
+    debug() << "string_refine_preprocesst::make_to_char_array_function "
+            << "got nil object_size" << eom;
+
+  side_effect_exprt malloc_expr(ID_malloc);
+  malloc_expr.copy_to_operands(object_size);
+  malloc_expr.type()=pointer_typet(object_type);
+  malloc_expr.add_source_location()=location;
+  assignments.emplace_back(lhs, malloc_expr);
+
+
   // &((s->data)[0])
   exprt rhs_data=get_data(deref, data_type);
   dereference_exprt rhs_array(rhs_data, data_type.subtype());
@@ -762,8 +928,6 @@ void string_refine_preprocesst::make_to_char_array_function(
   address_of_exprt rhs_pointer(first_element);
 
   // return_tmp0->data=&((s->data)[0])
-  typet deref_type=function_call.lhs().type().subtype();
-  dereference_exprt deref_lhs(function_call.lhs(), deref_type);
   exprt lhs_data=get_data(deref_lhs, data_type);
   assignments.emplace_back(lhs_data, rhs_pointer);
 
@@ -771,178 +935,8 @@ void string_refine_preprocesst::make_to_char_array_function(
   exprt rhs_length=get_length(deref, length_type);
   exprt lhs_length=get_length(deref_lhs, length_type);
   assignments.emplace_back(lhs_length, rhs_length);
-  source_locationt location=target->source_location;
-  insert_assignments(
-    goto_program, target, target->function, location, assignments);
-}
-
-/*******************************************************************\
-
-Function: string_refine_preprocesst::make_cprover_char_array_assign
-
-  Inputs: a goto_program, a position in this program, an expression and a
-          location
-
- Outputs: a char array expression (not a pointer)
-
- Purpose: Introduce a temporary variable for cprover strings;
-          returns the cprover_string corresponding to rhs
-
-\*******************************************************************/
-
-exprt string_refine_preprocesst::make_cprover_char_array_assign(
-  goto_programt &goto_program,
-  goto_programt::targett &target,
-  const exprt &rhs,
-  const source_locationt &location)
-{
-  // TODO : add an assertion on the type of rhs
-
-  // We do the following assignments:
-  // cprover_string_array = rhs.data
-  // cprover_string = { rhs.length; cprover_string_array }
-
-  // string expression for the rhs of the second assignment
-  string_exprt new_rhs(java_char_type());
-
-  typet data_type=new_rhs.content().type();
-  typet length_type=java_int_type();
-
-  symbol_exprt array_lhs=fresh_array(data_type, location);
-  exprt array_rhs=get_data(rhs, new_rhs.content().type());
-  symbol_exprt lhs=fresh_string(new_rhs.type(), location);
-  new_rhs.length()=get_length(rhs, length_type);
-  new_rhs.content()=array_lhs;
-
-  std::list<code_assignt> assignments;
-  assignments.emplace_back(array_lhs, array_rhs);
-  assignments.emplace_back(lhs, new_rhs);
   insert_assignments(
     goto_program, target, target->function, location, assignments);
-  target=goto_program.insert_after(target);
-  return lhs;
-}
-
-/*******************************************************************\
-
-Function: string_refine_preprocesst::make_char_array_function
-
-  Inputs: a position in a goto program, a function name, two Boolean options,
-          and the index of the char array argument in the function
-
- Purpose: at the given position replace
-          `lhs=s.some_function(...,char_array,...)` by
-          > cprover_string = { char_array->length, *char_array }
-          > tmp_string=function_name(s, cprover_string, ...)
-          option `assign_first_arg` uses `s` instead of `lhs` in the second
-          assignment;
-          option `skip_first_arg`, removes `s` from the arguments, ie `x` is
-          the first one;
-          argument index gives the index of the argument containing char_array
-
-\*******************************************************************/
-
-void string_refine_preprocesst::make_char_array_function(
-  goto_programt &goto_program,
-  goto_programt::targett &target,
-  const irep_idt &function_name,
-  const std::string &signature,
-  std::size_t index,
-  bool assign_first_arg,
-  bool skip_first_arg)
-{
-  code_function_callt &function_call=to_code_function_call(target->code);
-  code_typet function_type=to_code_type(function_call.function().type());
-  code_typet new_function_type;
-  const source_locationt &location=function_call.source_location();
-  assert(!function_call.arguments().size()>index);
-  const std::vector<exprt> &args=function_call.arguments();
-  std::vector<exprt> new_args;
-
-  exprt lhs;
-  if(assign_first_arg)
-  {
-    assert(!function_call.arguments().empty());
-    lhs=function_call.arguments()[0];
-  else
-    lhs=function_call.lhs();
-
-  if(lhs.id()==ID_typecast)
-    lhs=to_typecast_expr(lhs).op();
-
-  exprt char_array=dereference_exprt(
-    function_call.arguments()[index],
-    function_call.arguments()[index].type().subtype());
-  exprt string=make_cprover_char_array_assign(
-    goto_program, target, char_array, location);
-
-  std::size_t start_index=skip_first_arg?1:0;
-  for(std::size_t i=start_index; i<args.size(); i++)
-  {
-    if(i==index)
-      new_args.push_back(string);
-    else
-      new_args.push_back(args[i]);
-    new_function_type.parameters().push_back(function_type.parameters()[i]);
-  }
-
-  new_function_type.return_type()=lhs.type();
-
-  make_string_function(
-    goto_program,
-    target,
-    lhs,
-    new_function_type,
-    function_name,
-    new_args,
-    location,
-    signature);
-}
-
-/*******************************************************************\
-
-Function: string_refine_preprocesst::make_char_array_function_call
-
-  Inputs: a position in a goto program and a function name
-
- Purpose: at the given position replace `r.some_function(arr,...)` by
-          `r=function_name({arr.length, arr.data}, ...)`
-
-\*******************************************************************/
-
-void string_refine_preprocesst::make_char_array_function_call(
-  goto_programt &goto_program,
-  goto_programt::targett &target,
-  const irep_idt &function_name,
-  const std::string &signature)
-{
-  make_char_array_function(
-    goto_program, target, function_name, signature, 1, true, true);
-}
-
-/*******************************************************************\
-
-Function: string_refine_preprocesst::make_char_array_side_effect
-
-  Inputs: a position in a goto program and a function name
-
- Purpose: replace `r=s.some_function(i,arr,...)` by
-          `s=function_name(s,{arr.length,arr.data})`
-          and add a correspondance from r to s in the `string_builders` map
-
-\*******************************************************************/
-
-void string_refine_preprocesst::make_char_array_side_effect(
-  goto_programt &goto_program,
-  goto_programt::targett &target,
-  const irep_idt &function_name,
-  const std::string &signature)
-{
-  make_char_array_function(
-    goto_program, target, function_name, signature, 1, true, false);
-  code_function_callt &function_call=to_code_function_call(target->code);
-  assert(!function_call.arguments().empty());
-  string_builders[function_call.lhs()]=function_call.arguments()[0];
 }
 
 /*******************************************************************\
@@ -974,22 +968,20 @@ exprt::operandst string_refine_preprocesst::process_arguments(
   for(std::size_t i=0; i<arguments.size(); i++)
   {
     exprt arg=arguments[i];
-    auto it=string_builders.find(arg);
-    if(it!=string_builders.end())
-      new_arguments.push_back(it->second);
-    else
+    if(i<signature.length() && signature[i]=='S')
     {
-      if(i<signature.length() && signature[i]=='S')
-      {
-        while(arg.id()==ID_typecast)
-          arg=arg.op0();
-        if(!is_java_string_type(arg.type()))
-          arg=typecast_exprt(arg, jls_ptr);
-      }
-      exprt arg2=make_cprover_string_assign(
-        goto_program, target, arg, location);
-      new_arguments.push_back(arg2);
+      while(arg.id()==ID_typecast)
+        arg=arg.op0();
+      if(!implements_java_char_sequence(arg.type()))
+        arg=typecast_exprt(arg, jls_ptr);
     }
+    arg=make_cprover_string_assign(goto_program, target, arg, location);
+    typet type=ns.follow(arg.type());
+    if(is_java_char_array_pointer_type(type))
+    {
+      arg=make_cprover_char_array_assign(goto_program, target, arg, location);
+    }
+    new_arguments.push_back(arg);
   }
   return new_arguments;
 }
@@ -1042,12 +1034,6 @@ void string_refine_preprocesst::replace_string_calls(
     if(target->is_function_call())
     {
       code_function_callt &function_call=to_code_function_call(target->code);
-      for(auto &arg : function_call.arguments())
-      {
-        auto sb_it=string_builders.find(arg);
-        if(sb_it!=string_builders.end())
-          arg=sb_it->second;
-      }
 
       if(function_call.function().id()==ID_symbol)
       {
@@ -1070,21 +1056,6 @@ void string_refine_preprocesst::replace_string_calls(
           make_string_function_call(
             goto_program, target, it->second, signature);
 
-        it=string_of_char_array_functions.find(function_id);
-        if(it!=string_of_char_array_functions.end())
-          make_char_array_function(
-            goto_program, target, it->second, signature, 0);
-
-        it=string_of_char_array_function_calls.find(function_id);
-        if(it!=string_of_char_array_function_calls.end())
-          make_char_array_function_call(
-            goto_program, target, it->second, signature);
-
-        it=side_effect_char_array_functions.find(function_id);
-        if(it!=side_effect_char_array_functions.end())
-          make_char_array_side_effect(
-            goto_program, target, it->second, signature);
-
         if(function_id==irep_idt("java::java.lang.String.toCharArray:()[C"))
           make_to_char_array_function(goto_program, target);
       }
@@ -1299,12 +1270,18 @@ void string_refine_preprocesst::initialize_string_function_table()
     ID_cprover_string_set_length_func;
 
 
-  side_effect_char_array_functions
+
+  side_effect_functions
+    ["java::java.lang.StringBuilder.append:([C)"
+      "Ljava/lang/StringBuilder;"]=
+    ID_cprover_string_concat_func;
+  side_effect_functions
     ["java::java.lang.StringBuilder.insert:(I[CII)Ljava/lang/StringBuilder;"]=
-    ID_cprover_string_insert_char_array_func;
-  side_effect_char_array_functions
+    ID_cprover_string_insert_func;
+  side_effect_functions
     ["java::java.lang.StringBuilder.insert:(I[C)Ljava/lang/StringBuilder;"]=
-    ID_cprover_string_insert_char_array_func;
+    ID_cprover_string_insert_func;
+    // TODO clean irep ids from insert_char_array etc...
 
   string_function_calls
     ["java::java.lang.String.<init>:(Ljava/lang/String;)V"]=
@@ -1320,23 +1297,23 @@ void string_refine_preprocesst::initialize_string_function_table()
   string_function_calls["java::java.lang.StringBuilder.<init>:()V"]=
     ID_cprover_string_empty_string_func;
 
-  string_of_char_array_function_calls["java::java.lang.String.<init>:([C)V"]=
-    ID_cprover_string_of_char_array_func;
-  string_of_char_array_function_calls["java::java.lang.String.<init>:([CII)V"]=
-    ID_cprover_string_of_char_array_func;
+  string_function_calls["java::java.lang.String.<init>:([C)V"]=
+    ID_cprover_string_copy_func;
+  string_function_calls["java::java.lang.String.<init>:([CII)V"]=
+    ID_cprover_string_copy_func;
 
-  string_of_char_array_functions
+  string_functions
     ["java::java.lang.String.valueOf:([CII)Ljava/lang/String;"]=
-    ID_cprover_string_of_char_array_func;
-  string_of_char_array_functions
+    ID_cprover_string_copy_func;
+  string_functions
     ["java::java.lang.String.valueOf:([C)Ljava/lang/String;"]=
-    ID_cprover_string_of_char_array_func;
-  string_of_char_array_functions
+    ID_cprover_string_copy_func;
+  string_functions
     ["java::java.lang.String.copyValueOf:([CII)Ljava/lang/String;"]=
-    ID_cprover_string_of_char_array_func;
-  string_of_char_array_functions
+    ID_cprover_string_copy_func;
+  string_functions
     ["java::java.lang.String.copyValueOf:([C)Ljava/lang/String;"]=
-    ID_cprover_string_of_char_array_func;
+    ID_cprover_string_copy_func;
 
   c_string_functions["__CPROVER_uninterpreted_string_literal_func"]=
     ID_cprover_string_literal_func;
@@ -1370,9 +1347,23 @@ void string_refine_preprocesst::initialize_string_function_table()
     ID_cprover_string_of_int_func;
 
   signatures["java::java.lang.String.equals:(Ljava/lang/Object;)Z"]="SSZ";
-  signatures
-    ["java::java.lang.String.contains:(Ljava/lang/CharSequence;)Z"]=
-      "SSZ";
+  signatures["java::java.lang.String.contains:(Ljava/lang/CharSequence;)Z"]=
+    "SSZ";
+  signatures["java::java.lang.StringBuilder.insert:(IZ)"
+             "Ljava/lang/StringBuilder;"]="SIZS";
+  signatures["java::java.lang.StringBuilder.insert:(IJ)"
+             "Ljava/lang/StringBuilder;"]="SIJS";
+  signatures["java::java.lang.StringBuilder.insert:(II)"
+             "Ljava/lang/StringBuilder;"]="SIIS";
+  signatures["java::java.lang.StringBuilder.insert:(IC)"
+             "Ljava/lang/StringBuilder;"]="SICS";
+  signatures["java::java.lang.StringBuilder.insert:(ILjava/lang/String;)"
+             "Ljava/lang/StringBuilder;"]="SISS";
+  signatures["java::java.lang.StringBuilder.insert:(ILjava/lang/String;)"
+             "Ljava/lang/StringBuilder;"]="SISS";
+  signatures["java::java.lang.StringBuilder.insert:(I[C)"
+             "Ljava/lang/StringBuilder;"]="SI[S";
+  signatures["java::java.lang.String.intern:()Ljava/lang/String;"]="SV";
 }
 
 /*******************************************************************\
diff --git a/src/goto-programs/string_refine_preprocess.h b/src/goto-programs/string_refine_preprocess.h
index 613d0161926..5ae398b757a 100644
--- a/src/goto-programs/string_refine_preprocess.h
+++ b/src/goto-programs/string_refine_preprocess.h
@@ -14,6 +14,7 @@ Date:   September 2016
 
 #include <goto-programs/goto_model.h>
 #include <util/ui_message.h>
+#include <util/string_expr.h>
 
 class string_refine_preprocesst:public messaget
 {
@@ -29,28 +30,21 @@ class string_refine_preprocesst:public messaget
   typedef std::unordered_map<irep_idt, irep_idt, irep_id_hash> id_mapt;
   typedef std::unordered_map<exprt, exprt, irep_hash> expr_mapt;
 
-  // String builders maps the different names of a same StringBuilder object
-  // to a unique expression.
-  expr_mapt string_builders;
-
   // Map name of Java string functions to there equivalent in the solver
   id_mapt side_effect_functions;
   id_mapt string_functions;
   id_mapt c_string_functions;
   id_mapt string_function_calls;
-  id_mapt string_of_char_array_functions;
-  id_mapt string_of_char_array_function_calls;
-  id_mapt side_effect_char_array_functions;
 
   std::unordered_map<irep_idt, std::string, irep_id_hash> signatures;
-  expr_mapt hidden_strings;
-  expr_mapt java_to_cprover_strings;
 
   // unique id for each newly created symbols
   int next_symbol_id;
 
   void initialize_string_function_table();
 
+  static bool check_java_type(const typet &type, const std::string &tag);
+
   static bool is_java_string_pointer_type(const typet &type);
 
   static bool is_java_string_type(const typet &type);
@@ -61,6 +55,20 @@ class string_refine_preprocesst:public messaget
 
   static bool is_java_char_sequence_type(const typet &type);
 
+  static bool is_java_char_sequence_pointer_type(const typet &type);
+
+  static bool is_java_char_array_type(const typet &type);
+
+  static bool is_java_char_array_pointer_type(const typet &type);
+
+  static bool implements_java_char_sequence(const typet &type)
+  {
+      return
+        is_java_char_sequence_pointer_type(type) ||
+        is_java_string_builder_pointer_type(type) ||
+        is_java_string_pointer_type(type);
+  }
+
   symbol_exprt fresh_array(
     const typet &type, const source_locationt &location);
   symbol_exprt fresh_string(
@@ -110,6 +118,9 @@ class string_refine_preprocesst:public messaget
   void get_data_and_length_type_of_string(
     const exprt &expr, typet &data_type, typet &length_type);
 
+  void get_data_and_length_type_of_char_array(
+    const exprt &expr, typet &data_type, typet &length_type);
+
   function_application_exprt build_function_application(
     const irep_idt &function_name,
     const typet &type,
@@ -136,27 +147,16 @@ class string_refine_preprocesst:public messaget
     const source_locationt &location,
     const std::string &signature);
 
-  void make_assign(
-    goto_programt &goto_program,
-    goto_programt::targett &target,
-    const exprt &lhs,
-    const code_typet &function_type,
-    const irep_idt &function_name,
-    const exprt::operandst &arg,
-    const source_locationt &loc,
-    const std::string &sig);
-
   exprt make_cprover_string_assign(
     goto_programt &goto_program,
     goto_programt::targett &target,
     const exprt &rhs,
     const source_locationt &location);
 
-  void make_string_copy(
+  string_exprt make_cprover_char_array_assign(
     goto_programt &goto_program,
     goto_programt::targett &target,
-    const exprt &lhs,
-    const exprt &argument,
+    const exprt &rhs,
     const source_locationt &location);
 
   void make_string_function(
@@ -192,33 +192,6 @@ class string_refine_preprocesst:public messaget
   void make_to_char_array_function(
     goto_programt &goto_program, goto_programt::targett &);
 
-  exprt make_cprover_char_array_assign(
-    goto_programt &goto_program,
-    goto_programt::targett &target,
-    const exprt &rhs,
-    const source_locationt &location);
-
-  void make_char_array_function(
-    goto_programt &goto_program,
-    goto_programt::targett &target,
-    const irep_idt &function_name,
-    const std::string &signature,
-    std::size_t index,
-    bool assign_first_arg=false,
-    bool skip_first_arg=false);
-
-  void make_char_array_function_call(
-    goto_programt &goto_program,
-    goto_programt::targett &target,
-    const irep_idt &function_name,
-    const std::string &signature);
-
-  void make_char_array_side_effect(
-    goto_programt &goto_program,
-    goto_programt::targett &target,
-    const irep_idt &function_name,
-    const std::string &signature);
-
   void replace_string_calls(goto_functionst::function_mapt::iterator f_it);
 };
 

From bdbeaf586aa45a429b0fa390169514e5d2a3c7ad Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Tue, 28 Feb 2017 13:50:25 +0000
Subject: [PATCH 136/699] Many corrections in string refinement

Overhaul of string solver contributions

The code adding lemmas to the solver for each equality has been
completely remastered. It has been simplified and should
now cover all foreseable cases.

 Add overflow constraints on sums for string solver
 When creating sum expressions during string
refinement, e.g. when
 adding string lengths, we shall add axioms to prevent the solver
 from finding values that actually come from an integer
overflow.
 Therefore, we introduce a new method plus_exprt_with_overflow_check()
 that wraps around plus_exprt and generates the
relevant axioms.

Cache function applications
Cache converted function applications to avoid re-generating the axioms
if it has already been done for a given function application.
This seems to happen for function applications that are in an
assertion, and thus are treated separately by convert_bitvector.

Remove string_refinement::convert_symbol: the behaviour of
this function was to convert java strings to strings of
symbols. In hindsight, this was not a good idea, as we still refer
to the actual java string fields in some cases, e.g. to read its
length.

Replace add_axioms_for_string_expr
In all add_axioms_... methods, we replace all calls to
add_axioms_for_string_expr by the newly created function
get_string_expr, which simply returns a
string_exprt when we give it
an refined expr (such as a string_exprt or a symbol).

Update doc in add_axioms_for_index_string
Simplify constraint for is_prefix: apply distribution
law and update (and refactor) documentation.

Remove set_string_symbol_equal_to_expr()

Removed mentions of java string type in the string solver

Removing mentions of is_c_string_type
To use the string solver in C, we
should use a struct type with tag
    __CPROVER_refined_string_type

Keep non-string axioms in a list
Instead of giving axioms to
super::boolbv_set_equality_to_true, which
may contain un-substituted symbols, we keep them in a list and
substitute them in dec_solve() before giving them to the
function.

Cleaning the add_axioms_for_string_expr method and renamed it
to add_axioms_for_refined_string to signify that it should
 only be called on expression of type refined string.
An assertion was added at the beginning to ensure that.

Better get_array and string_of_array functions.
Cleaned the implementation of get_array and factorized
part of it.
Made string_of_array directly take a array_exprt, which can be
 obtained from get_array.
Improved string_of_array for non printable characters

Resolve symbol to char arrays in non-string axioms.
We introduce a mapping that expresses the
maximal traversal of symbols
of char array type.
We use that map to, either obtain a char array from a symbol,
either get a unique symbol the aliases equivalence class.
This map is used to replace all symbols of char array type in
the axioms that are added using the parent method:
        supert::boolbv_set_equality_to_true.

Defining several intermediary functions for
check_axioms and cleaning.
Check axioms is quite complicated so we splitted it in several
parts.

Avoid using same universal variable name in string comparison function.

Corrected test in index_of as characters could be signed

Corrected return type retrieval in
from_float functions.
The return type should be given as argument of the helper function
add_axioms_from_float.

Fixed type of contains in constraint generation

Introduce string_refinementt::set_to.
We now override the set_to() method
instead of set_equality_to_true().
This solves a problem where many lemmas were being dropped.

Handle array_of in set_char_array_equality.
Java assignments such as char[] str=new char[10]
involves assigning
the char array to 0, which is done using the array_of operator.
This operator is now handled when found on the rhs of a char
array assignment.

Optimized string hash code and intern functions to only
look at seen strings.
We only compare the argument to the strings on which hash_code
(resp. intern) was already called.

Add missing override keyword in declarations

Integrate strings into symbol resolution.
We now use for strings the mechanism that was
made for resolving symbols
    to char arrays.
  As a result, the symbol_to_string map has been removed.
 We introduce an unresolved_symbol map to associate symbols
to string
    expressions that were introduced during constraint generation.

 Preventing return of nil exprt in sum_over_map

Enforce -1 for witnesses when strings are unequal.
This makes it easier to see when models for string
have different length.

Correct array index in get_array
Correct a bad array access that caused a segmentation fault on
the java_delete test.

Adding option to concretize result and get method in string solver
The option to concretize makes sure that the model that we get in the
end is correct.
Overiding the get method is necessary to get the actual valuation of
string gotten by the solver.
This two additions makes the trace generation for program with strings
more likely to be actual traces of the program.

Avoid adding axioms for copy

Corrected `get` to not replace strings

Simplifying lemmas before handing them to the solver
This seems to improve performances

Ignoring char array that are not symbol or constants

Avoid creating new length variable for concat

Adding constraint on positive length for refined strings

Using get method of the parent class for the size

Add function to fill the found_length map

Signature for get_array should be constant

Corrected overflow problem when integer get to the max size

Removing overflow check in universal constraint

Enforcing witness -1 when length is not sufficient in suffix

Corrected index variable which should be universally quantified

Factorizing addition to index set and more debug information

Avoiding generating a fresh string for the empty string

Enabling string solver to treat more cases and more debug infos

Conversion from char pointer to array in the solver

Raise a warning if found length is negative

Ensure the arguments of parseInt are of the right format
For now we add axioms asking for the argument to have the right format
but ultimately we should raise an exception when it is not the case
(which is not done right now).

Corrects the specification of int to string conversion
Some problems where encountered for strings with the maximal size
possible for an int, which could cause an overflow.

Disallow + sign in string from int
Java will not add the sign for positive numbers

Use get instead of current_model in check_axioms

Streamline code of check_axioms() by calling get() insteand of relying
on the 'current_model' variable.
get() has been adapted to convert array-lists into with expressions, the
former not being handled by the string solver.
---
 src/solvers/refinement/string_constraint.h    |   1 -
 .../refinement/string_constraint_generator.h  |  45 +-
 ...tring_constraint_generator_code_points.cpp |  18 +-
 ...string_constraint_generator_comparison.cpp | 102 +-
 .../string_constraint_generator_concat.cpp    |  31 +-
 .../string_constraint_generator_constants.cpp |   9 +-
 .../string_constraint_generator_indexof.cpp   |  27 +-
 .../string_constraint_generator_insert.cpp    |  24 +-
 .../string_constraint_generator_main.cpp      | 422 +++++---
 .../string_constraint_generator_testing.cpp   |  46 +-
 ...ng_constraint_generator_transformation.cpp |  39 +-
 .../string_constraint_generator_valueof.cpp   | 101 +-
 src/solvers/refinement/string_refinement.cpp  | 917 ++++++++++++++----
 src/solvers/refinement/string_refinement.h    |  66 +-
 14 files changed, 1323 insertions(+), 525 deletions(-)

diff --git a/src/solvers/refinement/string_constraint.h b/src/solvers/refinement/string_constraint.h
index 4b8d1229e09..1bb460349b7 100644
--- a/src/solvers/refinement/string_constraint.h
+++ b/src/solvers/refinement/string_constraint.h
@@ -48,7 +48,6 @@ class string_constraintt: public exprt
     return operands()[4];
   }
 
-
  private:
   string_constraintt();
 
diff --git a/src/solvers/refinement/string_constraint_generator.h b/src/solvers/refinement/string_constraint_generator.h
index ed898cb9a18..12447e0cf04 100644
--- a/src/solvers/refinement/string_constraint_generator.h
+++ b/src/solvers/refinement/string_constraint_generator.h
@@ -14,6 +14,7 @@ Author: Romain Brenguier, romain.brenguier@diffblue.com
 #define CPROVER_SOLVERS_REFINEMENT_STRING_CONSTRAINT_GENERATOR_H
 
 #include <util/string_expr.h>
+#include <util/replace_expr.h>
 #include <util/refined_string_type.h>
 #include <solvers/refinement/string_constraint.h>
 
@@ -65,21 +66,20 @@ class string_constraint_generatort
   symbol_exprt fresh_univ_index(const irep_idt &prefix, const typet &type);
   symbol_exprt fresh_boolean(const irep_idt &prefix);
   string_exprt fresh_string(const refined_string_typet &type);
+  string_exprt get_string_expr(const exprt &expr);
+  string_exprt convert_java_string_to_string_exprt(
+    const exprt &underlying);
+  plus_exprt plus_exprt_with_overflow_check(const exprt &op1, const exprt &op2);
 
-  // We maintain a map from symbols to strings.
-  std::map<irep_idt, string_exprt> symbol_to_string;
+  // Maps unresolved symbols to the string_exprt that was created for them
+  std::map<irep_idt, string_exprt> unresolved_symbols;
 
-  string_exprt find_or_add_string_of_symbol(const symbol_exprt &sym);
 
-  void assign_to_symbol(
-    const symbol_exprt &sym, const string_exprt &expr)
-  {
-    symbol_to_string[sym.get_identifier()]=expr;
-  }
+  string_exprt find_or_add_string_of_symbol(
+    const symbol_exprt &sym,
+    const refined_string_typet &ref_type);
 
-  string_exprt add_axioms_for_string_expr(const exprt &expr);
-  void set_string_symbol_equal_to_expr(
-    const symbol_exprt &sym, const exprt &str);
+  string_exprt add_axioms_for_refined_string(const exprt &expr);
 
   exprt add_axioms_for_function_application(
     const function_application_exprt &expr);
@@ -96,6 +96,8 @@ class string_constraint_generatort
   const std::size_t MAX_FLOAT_LENGTH=15;
   const std::size_t MAX_DOUBLE_LENGTH=30;
 
+  std::map<function_application_exprt, exprt> function_application_cache;
+
   static irep_idt extract_java_string(const symbol_exprt &s);
 
   exprt axiom_for_is_positive_index(const exprt &x);
@@ -117,6 +119,9 @@ class string_constraint_generatort
   // The specification is partial: the actual value is not actually computed
   // but we ensure that hash codes of equal strings are equal.
   exprt add_axioms_for_hash_code(const function_application_exprt &f);
+  // To each string on which hash_code was called we associate a symbol
+  // representing the return value of the hash_code function.
+  std::map<string_exprt, exprt> hash_code_of_string;
 
   exprt add_axioms_for_is_empty(const function_application_exprt &f);
   exprt add_axioms_for_is_prefix(
@@ -224,7 +229,9 @@ class string_constraint_generatort
   // the start for negative number
   string_exprt add_axioms_from_float(const function_application_exprt &f);
   string_exprt add_axioms_from_float(
-    const exprt &f, bool double_precision=false);
+    const exprt &f,
+    const refined_string_typet &ref_type,
+    bool double_precision);
 
   // Add axioms corresponding to the String.valueOf(D) java function
   // TODO: the specifications is only partial
@@ -253,6 +260,7 @@ class string_constraint_generatort
   string_exprt add_axioms_for_code_point(
     const exprt &code_point, const refined_string_typet &ref_type);
   string_exprt add_axioms_for_java_char_array(const exprt &char_array);
+  exprt add_axioms_for_char_pointer(const function_application_exprt &fun);
   string_exprt add_axioms_for_if(const if_exprt &expr);
   exprt add_axioms_for_char_literal(const function_application_exprt &f);
 
@@ -270,6 +278,8 @@ class string_constraint_generatort
     const function_application_exprt &f);
 
   exprt add_axioms_for_parse_int(const function_application_exprt &f);
+  exprt add_axioms_for_correct_number_format(
+    const string_exprt &str, std::size_t max_size=10);
   exprt add_axioms_for_to_char_array(const function_application_exprt &f);
   exprt add_axioms_for_compare_to(const function_application_exprt &f);
 
@@ -278,6 +288,9 @@ class string_constraint_generatort
   // string pointers
   symbol_exprt add_axioms_for_intern(const function_application_exprt &f);
 
+  // Pool used for the intern method
+  std::map<string_exprt, symbol_exprt> intern_of_string;
+
   // Tells which language is used. C and Java are supported
   irep_idt mode;
 
@@ -293,14 +306,8 @@ class string_constraint_generatort
   exprt int_of_hex_char(const exprt &chr) const;
   exprt is_high_surrogate(const exprt &chr) const;
   exprt is_low_surrogate(const exprt &chr) const;
-  static exprt character_equals_ignore_case(
+  exprt character_equals_ignore_case(
     exprt char1, exprt char2, exprt char_a, exprt char_A, exprt char_Z);
-
-  // Pool used for the intern method
-  std::map<string_exprt, symbol_exprt> pool;
-
-  // Used to determine whether hashcode should be equal
-  std::map<string_exprt, symbol_exprt> hash;
 };
 
 #endif
diff --git a/src/solvers/refinement/string_constraint_generator_code_points.cpp b/src/solvers/refinement/string_constraint_generator_code_points.cpp
index 7c035a0d3e4..16763dfc97c 100644
--- a/src/solvers/refinement/string_constraint_generator_code_points.cpp
+++ b/src/solvers/refinement/string_constraint_generator_code_points.cpp
@@ -160,17 +160,18 @@ exprt string_constraint_generatort::add_axioms_for_code_point_at(
 {
   typet return_type=f.type();
   assert(return_type.id()==ID_signedbv);
-  string_exprt str=add_axioms_for_string_expr(args(f, 2)[0]);
+  string_exprt str=get_string_expr(args(f, 2)[0]);
   const exprt &pos=args(f, 2)[1];
 
   symbol_exprt result=fresh_symbol("char", return_type);
   exprt index1=from_integer(1, str.length().type());
   const exprt &char1=str[pos];
-  const exprt &char2=str[plus_exprt(pos, index1)];
+  const exprt &char2=str[plus_exprt_with_overflow_check(pos, index1)];
   exprt char1_as_int=typecast_exprt(char1, return_type);
   exprt char2_as_int=typecast_exprt(char2, return_type);
   exprt pair=pair_value(char1_as_int, char2_as_int, return_type);
-  exprt is_low=is_low_surrogate(str[plus_exprt(pos, index1)]);
+  exprt is_low=is_low_surrogate(
+    str[plus_exprt_with_overflow_check(pos, index1)]);
   exprt return_pair=and_exprt(is_high_surrogate(str[pos]), is_low);
 
   axioms.push_back(implies_exprt(return_pair, equal_exprt(result, pair)));
@@ -199,7 +200,7 @@ exprt string_constraint_generatort::add_axioms_for_code_point_before(
   typet return_type=f.type();
   assert(return_type.id()==ID_signedbv);
   symbol_exprt result=fresh_symbol("char", return_type);
-  string_exprt str=add_axioms_for_string_expr(args[0]);
+  string_exprt str=get_string_expr(args[0]);
 
   const exprt &char1=
     str[minus_exprt(args[1], from_integer(2, str.length().type()))];
@@ -234,7 +235,7 @@ Function: string_constraint_generatort::add_axioms_for_code_point_count
 exprt string_constraint_generatort::add_axioms_for_code_point_count(
   const function_application_exprt &f)
 {
-  string_exprt str=add_axioms_for_string_expr(args(f, 3)[0]);
+  string_exprt str=get_string_expr(args(f, 3)[0]);
   const exprt &begin=args(f, 3)[1];
   const exprt &end=args(f, 3)[2];
   const typet &return_type=f.type();
@@ -265,14 +266,15 @@ Function: string_constraint_generatort::add_axioms_for_offset_by_code_point
 exprt string_constraint_generatort::add_axioms_for_offset_by_code_point(
   const function_application_exprt &f)
 {
-  string_exprt str=add_axioms_for_string_expr(args(f, 3)[0]);
+  string_exprt str=get_string_expr(args(f, 3)[0]);
   const exprt &index=args(f, 3)[1];
   const exprt &offset=args(f, 3)[2];
   const typet &return_type=f.type();
   symbol_exprt result=fresh_symbol("offset_by_code_point", return_type);
 
-  exprt minimum=plus_exprt(index, offset);
-  exprt maximum=plus_exprt(index, plus_exprt(offset, offset));
+  exprt minimum=plus_exprt_with_overflow_check(index, offset);
+  exprt maximum=plus_exprt_with_overflow_check(
+    index, plus_exprt_with_overflow_check(offset, offset));
   axioms.push_back(binary_relation_exprt(result, ID_le, maximum));
   axioms.push_back(binary_relation_exprt(result, ID_ge, minimum));
 
diff --git a/src/solvers/refinement/string_constraint_generator_comparison.cpp b/src/solvers/refinement/string_constraint_generator_comparison.cpp
index 321282ee9c1..a51e2abe3cd 100644
--- a/src/solvers/refinement/string_constraint_generator_comparison.cpp
+++ b/src/solvers/refinement/string_constraint_generator_comparison.cpp
@@ -18,7 +18,9 @@ Function: string_constraint_generatort::add_axioms_for_equals
  Outputs: a expression of Boolean type
 
  Purpose: add axioms stating that the result is true exactly when the strings
-          represented by the arguments are equal
+          represented by the arguments are equal.
+          the variable ending in `witness_unequal` is -1 if the length differs
+          or an index at which the strings are different
 
 \*******************************************************************/
 
@@ -29,8 +31,8 @@ exprt string_constraint_generatort::add_axioms_for_equals(
   symbol_exprt eq=fresh_boolean("equal");
   typecast_exprt tc_eq(eq, f.type());
 
-  string_exprt s1=add_axioms_for_string_expr(args(f, 2)[0]);
-  string_exprt s2=add_axioms_for_string_expr(args(f, 2)[1]);
+  string_exprt s1=get_string_expr(args(f, 2)[0]);
+  string_exprt s2=get_string_expr(args(f, 2)[1]);
   typet index_type=s1.length().type();
 
   // We want to write:
@@ -54,9 +56,10 @@ exprt string_constraint_generatort::add_axioms_for_equals(
     binary_relation_exprt(witness, ID_lt, s1.length()),
     binary_relation_exprt(witness, ID_ge, zero));
   and_exprt witnessing(bound_witness, notequal_exprt(s1[witness], s2[witness]));
-  implies_exprt a3(
-    not_exprt(eq),
-    or_exprt(notequal_exprt(s1.length(), s2.length()), witnessing));
+  and_exprt diff_length(
+    notequal_exprt(s1.length(), s2.length()),
+    equal_exprt(witness, from_integer(-1, index_type)));
+  implies_exprt a3(not_exprt(eq), or_exprt(diff_length, witnessing));
   axioms.push_back(a3);
 
   return tc_eq;
@@ -92,8 +95,13 @@ exprt string_constraint_generatort::character_equals_ignore_case(
   // p3 : (is_up2&&'a'-'A'+char2=char1)
   equal_exprt p1(char1, char2);
   minus_exprt diff=minus_exprt(char_a, char_A);
-  and_exprt p2(is_upper_case_1, equal_exprt(plus_exprt(diff, char1), char2));
-  and_exprt p3(is_upper_case_2, equal_exprt(plus_exprt(diff, char2), char1));
+
+  // Overflow is not a problem here because is_upper_case conditions
+  // ensure that we are within a safe range.
+  and_exprt p2(is_upper_case_1,
+               equal_exprt(plus_exprt(diff, char1), char2));
+  and_exprt p3(is_upper_case_2,
+               equal_exprt(plus_exprt(diff, char2), char1));
   return or_exprt(or_exprt(p1, p2), p3);
 }
 
@@ -116,8 +124,8 @@ exprt string_constraint_generatort::add_axioms_for_equals_ignore_case(
 
   symbol_exprt eq=fresh_boolean("equal_ignore_case");
   typecast_exprt tc_eq(eq, f.type());
-  string_exprt s1=add_axioms_for_string_expr(args(f, 2)[0]);
-  string_exprt s2=add_axioms_for_string_expr(args(f, 2)[1]);
+  string_exprt s1=get_string_expr(args(f, 2)[0]);
+  string_exprt s2=get_string_expr(args(f, 2)[1]);
   typet char_type=to_refined_string_type(s1.type()).get_char_type();
   exprt char_a=constant_char('a', char_type);
   exprt char_A=constant_char('A', char_type);
@@ -174,37 +182,35 @@ Function: string_constraint_generatort::add_axioms_for_hash_code
 exprt string_constraint_generatort::add_axioms_for_hash_code(
   const function_application_exprt &f)
 {
-  string_exprt str=add_axioms_for_string_expr(args(f, 1)[0]);
+  string_exprt str=get_string_expr(args(f, 1)[0]);
   typet return_type=f.type();
   typet index_type=str.length().type();
 
-  // initialisation of the missing pool variable
-  std::map<irep_idt, string_exprt>::iterator it;
-  for(it=symbol_to_string.begin(); it!=symbol_to_string.end(); it++)
-    if(hash.find(it->second)==hash.end())
-      hash[it->second]=fresh_symbol("hash", return_type);
+  auto pair=hash_code_of_string.insert(
+    std::make_pair(str, fresh_symbol("hash", return_type)));
+  exprt hash=pair.first->second;
 
   // for each string s. either:
   //   c1: hash(str)=hash(s)
   //   c2: |str|!=|s|
-  //   c3: (|str|==|s| &&exists i<|s|. s[i]!=str[i])
+  //   c3: (|str|==|s| && exists i<|s|. s[i]!=str[i])
 
   // WARNING: the specification may be incomplete
-  for(it=symbol_to_string.begin(); it!=symbol_to_string.end(); it++)
+  for(auto it : hash_code_of_string)
   {
     symbol_exprt i=fresh_exist_index("index_hash", index_type);
-    equal_exprt c1(hash[it->second], hash[str]);
-    not_exprt c2(equal_exprt(it->second.length(), str.length()));
+    equal_exprt c1(it.second, hash);
+    not_exprt c2(equal_exprt(it.first.length(), str.length()));
     and_exprt c3(
-      equal_exprt(it->second.length(), str.length()),
+      equal_exprt(it.first.length(), str.length()),
       and_exprt(
-        not_exprt(equal_exprt(str[i], it->second[i])),
+        not_exprt(equal_exprt(str[i], it.first[i])),
         and_exprt(
           str.axiom_for_is_strictly_longer_than(i),
           axiom_for_is_positive_index(i))));
     axioms.push_back(or_exprt(c1, or_exprt(c2, c3)));
   }
-  return hash[str];
+  return hash;
 }
 
 /*******************************************************************\
@@ -222,8 +228,8 @@ Function: string_constraint_generatort::add_axioms_for_compare_to
 exprt string_constraint_generatort::add_axioms_for_compare_to(
   const function_application_exprt &f)
 {
-  string_exprt s1=add_axioms_for_string_expr(args(f, 2)[0]);
-  string_exprt s2=add_axioms_for_string_expr(args(f, 2)[1]);
+  string_exprt s1=get_string_expr(args(f, 2)[0]);
+  string_exprt s2=get_string_expr(args(f, 2)[1]);
   const typet &return_type=f.type();
   symbol_exprt res=fresh_symbol("compare_to", return_type);
   typet index_type=s1.length().type();
@@ -234,12 +240,12 @@ exprt string_constraint_generatort::add_axioms_for_compare_to(
   // a1 : res==0 => |s1|=|s2|
   // a2 : forall i<|s1|. s1[i]==s2[i]
   // a3 : exists x.
-  // res!=0 ==> x> 0 &&
-  //   ((|s1| <= |s2| &&x<|s1|) || (|s1| >= |s2| &&x<|s2|)
-  //   &&res=s1[x]-s2[x] )
-  // || cond2:
-  //   (|s1|<|s2| &&x=|s1|) || (|s1| > |s2| &&x=|s2|) &&res=|s1|-|s2|)
-  // a4 : forall i<x. res!=0 => s1[i]=s2[i]
+  //        res!=0 ==> x > 0
+  //        && ((|s1| <= |s2| && x<|s1|) || (|s1| >= |s2| &&x<|s2|)
+  //        && res=s1[x]-s2[x] )
+  //     || cond2:
+  //       (|s1|<|s2| &&x=|s1|) || (|s1| > |s2| &&x=|s2|) &&res=|s1|-|s2|)
+  // a4 : forall i'<x. res!=0 => s1[i]=s2[i]
 
   assert(return_type.id()==ID_signedbv);
 
@@ -282,7 +288,9 @@ exprt string_constraint_generatort::add_axioms_for_compare_to(
       or_exprt(cond1, cond2)));
   axioms.push_back(a3);
 
-  string_constraintt a4(i, x, not_exprt(res_null), equal_exprt(s1[i], s2[i]));
+  symbol_exprt i2=fresh_univ_index("QA_compare_to", index_type);
+  string_constraintt a4(
+    i2, x, not_exprt(res_null), equal_exprt(s1[i2], s2[i2]));
   axioms.push_back(a4);
 
   return res;
@@ -304,15 +312,15 @@ Function: string_constraint_generatort::add_axioms_for_intern
 symbol_exprt string_constraint_generatort::add_axioms_for_intern(
   const function_application_exprt &f)
 {
-  string_exprt str=add_axioms_for_string_expr(args(f, 1)[0]);
+  string_exprt str=get_string_expr(args(f, 1)[0]);
+  // For now we only enforce content equality and not pointer equality
   const typet &return_type=f.type();
+
   typet index_type=str.length().type();
 
-  // initialisation of the missing pool variable
-  std::map<irep_idt, string_exprt>::iterator it;
-  for(it=symbol_to_string.begin(); it!=symbol_to_string.end(); it++)
-    if(pool.find(it->second)==pool.end())
-      pool[it->second]=fresh_symbol("pool", return_type);
+  auto pair=intern_of_string.insert(
+    std::make_pair(str, fresh_symbol("pool", return_type)));
+  symbol_exprt intern=pair.first->second;
 
   // intern(str)=s_0 || s_1 || ...
   // for each string s.
@@ -320,30 +328,30 @@ symbol_exprt string_constraint_generatort::add_axioms_for_intern(
   //    || (|str|==|s| &&exists i<|s|. s[i]!=str[i])
 
   exprt disj=false_exprt();
-  for(it=symbol_to_string.begin(); it!=symbol_to_string.end(); it++)
+  for(auto it : intern_of_string)
     disj=or_exprt(
-      disj, equal_exprt(pool[str], symbol_exprt(it->first, return_type)));
+      disj, equal_exprt(intern, it.second));
 
   axioms.push_back(disj);
 
 
   // WARNING: the specification may be incomplete or incorrect
-  for(it=symbol_to_string.begin(); it!=symbol_to_string.end(); it++)
-    if(it->second!=str)
+  for(auto it : intern_of_string)
+    if(it.second!=str)
     {
       symbol_exprt i=fresh_exist_index("index_intern", index_type);
       axioms.push_back(
         or_exprt(
-          equal_exprt(pool[it->second], pool[str]),
+          equal_exprt(it.second, intern),
           or_exprt(
-            not_exprt(str.axiom_for_has_same_length_as(it->second)),
+            not_exprt(str.axiom_for_has_same_length_as(it.first)),
             and_exprt(
-              str.axiom_for_has_same_length_as(it->second),
+              str.axiom_for_has_same_length_as(it.first),
               and_exprt(
-                not_exprt(equal_exprt(str[i], it->second[i])),
+                not_exprt(equal_exprt(str[i], it.first[i])),
                 and_exprt(str.axiom_for_is_strictly_longer_than(i),
                           axiom_for_is_positive_index(i)))))));
     }
 
-  return pool[str];
+  return intern;
 }
diff --git a/src/solvers/refinement/string_constraint_generator_concat.cpp b/src/solvers/refinement/string_constraint_generator_concat.cpp
index a7d9c4921c4..fb8e24d5320 100644
--- a/src/solvers/refinement/string_constraint_generator_concat.cpp
+++ b/src/solvers/refinement/string_constraint_generator_concat.cpp
@@ -35,9 +35,7 @@ string_exprt string_constraint_generatort::add_axioms_for_concat(
   // a4 : forall i<|s1|. res[i]=s1[i]
   // a5 : forall i<|s2|. res[i+|s1|]=s2[i]
 
-  exprt a1=res.axiom_for_has_length(
-    plus_exprt(s1.length(), s2.length()));
-  axioms.push_back(a1);
+  res.length()=plus_exprt_with_overflow_check(s1.length(), s2.length());
   axioms.push_back(s1.axiom_for_is_shorter_than(res));
   axioms.push_back(s2.axiom_for_is_shorter_than(res));
 
@@ -73,8 +71,8 @@ string_exprt string_constraint_generatort::add_axioms_for_concat(
   const function_application_exprt::argumentst &args=f.arguments();
   assert(args.size()==2);
 
-  string_exprt s1=add_axioms_for_string_expr(args[0]);
-  string_exprt s2=add_axioms_for_string_expr(args[1]);
+  string_exprt s1=get_string_expr(args[0]);
+  string_exprt s2=get_string_expr(args[1]);
 
   return add_axioms_for_concat(s1, s2);
 }
@@ -95,7 +93,7 @@ string_exprt string_constraint_generatort::add_axioms_for_concat_int(
   const function_application_exprt &f)
 {
   const refined_string_typet &ref_type=to_refined_string_type(f.type());
-  string_exprt s1=add_axioms_for_string_expr(args(f, 2)[0]);
+  string_exprt s1=get_string_expr(args(f, 2)[0]);
   string_exprt s2=add_axioms_from_int(
     args(f, 2)[1], MAX_INTEGER_LENGTH, ref_type);
   return add_axioms_for_concat(s1, s2);
@@ -118,7 +116,7 @@ string_exprt string_constraint_generatort::add_axioms_for_concat_long(
   const function_application_exprt &f)
 {
   const refined_string_typet &ref_type=to_refined_string_type(f.type());
-  string_exprt s1=add_axioms_for_string_expr(args(f, 2)[0]);
+  string_exprt s1=get_string_expr(args(f, 2)[0]);
   string_exprt s2=add_axioms_from_int(args(f, 2)[1], MAX_LONG_LENGTH, ref_type);
   return add_axioms_for_concat(s1, s2);
 }
@@ -138,7 +136,7 @@ Function: string_constraint_generatort::add_axioms_for_concat_bool
 string_exprt string_constraint_generatort::add_axioms_for_concat_bool(
   const function_application_exprt &f)
 {
-  string_exprt s1=add_axioms_for_string_expr(args(f, 2)[0]);
+  string_exprt s1=get_string_expr(args(f, 2)[0]);
   const refined_string_typet &ref_type=to_refined_string_type(s1.type());
   string_exprt s2=add_axioms_from_bool(args(f, 2)[1], ref_type);
   return add_axioms_for_concat(s1, s2);
@@ -159,7 +157,7 @@ Function: string_constraint_generatort::add_axioms_for_concat_char
 string_exprt string_constraint_generatort::add_axioms_for_concat_char(
   const function_application_exprt &f)
 {
-  string_exprt s1=add_axioms_for_string_expr(args(f, 2)[0]);
+  string_exprt s1=get_string_expr(args(f, 2)[0]);
   const refined_string_typet &ref_type=to_refined_string_type(s1.type());
   string_exprt s2=add_axioms_from_char(args(f, 2)[1], ref_type);
   return add_axioms_for_concat(s1, s2);
@@ -180,9 +178,10 @@ Function: string_constraint_generatort::add_axioms_for_concat_double
 string_exprt string_constraint_generatort::add_axioms_for_concat_double(
   const function_application_exprt &f)
 {
-  string_exprt s1=add_axioms_for_string_expr(args(f, 2)[0]);
-  string_exprt s2=add_axioms_from_float(
-    args(f, 2)[1], MAX_DOUBLE_LENGTH);
+  string_exprt s1=get_string_expr(args(f, 2)[0]);
+  assert(refined_string_typet::is_refined_string_type(f.type()));
+  refined_string_typet ref_type=to_refined_string_type(f.type());
+  string_exprt s2=add_axioms_from_float(args(f, 2)[1], ref_type, true);
   return add_axioms_for_concat(s1, s2);
 }
 
@@ -201,8 +200,10 @@ Function: string_constraint_generatort::add_axioms_for_concat_float
 string_exprt string_constraint_generatort::add_axioms_for_concat_float(
   const function_application_exprt &f)
 {
-  string_exprt s1=add_axioms_for_string_expr(args(f, 2)[0]);
-  string_exprt s2=add_axioms_from_float(args(f, 2)[1], MAX_FLOAT_LENGTH);
+  string_exprt s1=get_string_expr(args(f, 2)[0]);
+  assert(refined_string_typet::is_refined_string_type(f.type()));
+  refined_string_typet ref_type=to_refined_string_type(f.type());
+  string_exprt s2=add_axioms_from_float(args(f, 2)[1], ref_type, false);
   return add_axioms_for_concat(s1, s2);
 }
 
@@ -222,7 +223,7 @@ Function: string_constraint_generatort::add_axioms_for_concat_code_point
 string_exprt string_constraint_generatort::add_axioms_for_concat_code_point(
   const function_application_exprt &f)
 {
-  string_exprt s1=add_axioms_for_string_expr(args(f, 2)[0]);
+  string_exprt s1=get_string_expr(args(f, 2)[0]);
   const refined_string_typet &ref_type=to_refined_string_type(s1.type());
   string_exprt s2=add_axioms_for_code_point(args(f, 2)[1], ref_type);
   return add_axioms_for_concat(s1, s2);
diff --git a/src/solvers/refinement/string_constraint_generator_constants.cpp b/src/solvers/refinement/string_constraint_generator_constants.cpp
index 64ffabfd266..2905c6a5f21 100644
--- a/src/solvers/refinement/string_constraint_generator_constants.cpp
+++ b/src/solvers/refinement/string_constraint_generator_constants.cpp
@@ -93,9 +93,13 @@ string_exprt string_constraint_generatort::add_axioms_for_empty_string(
   const function_application_exprt &f)
 {
   assert(f.arguments().empty());
+  assert(refined_string_typet::is_refined_string_type(f.type()));
   const refined_string_typet &ref_type=to_refined_string_type(f.type());
-  string_exprt res=fresh_string(ref_type);
-  axioms.push_back(res.axiom_for_has_length(0));
+  exprt size=from_integer(0, ref_type.get_index_type());
+  const array_typet &content_type=ref_type.get_content_type();
+  array_of_exprt empty_array(
+    from_integer(0, ref_type.get_content_type().subtype()), content_type);
+  string_exprt res(size, empty_array, ref_type);
   return res;
 }
 
@@ -132,6 +136,7 @@ string_exprt string_constraint_generatort::add_axioms_from_literal(
   else
   {
     // Java string constant
+    assert(false); // TODO: Check if used. On the contrary, discard else.
     assert(arg.id()==ID_symbol);
     const exprt &s=arg.op0();
 
diff --git a/src/solvers/refinement/string_constraint_generator_indexof.cpp b/src/solvers/refinement/string_constraint_generator_indexof.cpp
index 283de683bd6..d799091a573 100644
--- a/src/solvers/refinement/string_constraint_generator_indexof.cpp
+++ b/src/solvers/refinement/string_constraint_generator_indexof.cpp
@@ -92,15 +92,16 @@ exprt string_constraint_generatort::add_axioms_for_index_of_string(
   symbol_exprt contains=fresh_boolean("contains_substring");
 
   // We add axioms:
-  // a1 : contains => |substring|>=offset>=from_index
+  // a1 : contains => |str|-|substring|>=offset>=from_index
   // a2 : !contains => offset=-1
-  // a3 : forall 0 <= witness<substring.length.
-  //   contains => str[witness+offset]=substring[witness]
+  // a3 : forall 0<=witness<|substring|.
+  //        contains => str[witness+offset]=substring[witness]
 
   implies_exprt a1(
     contains,
     and_exprt(
-      str.axiom_for_is_longer_than(plus_exprt(substring.length(), offset)),
+      str.axiom_for_is_longer_than(plus_exprt_with_overflow_check(
+        substring.length(), offset)),
       binary_relation_exprt(offset, ID_ge, from_index)));
   axioms.push_back(a1);
 
@@ -138,7 +139,8 @@ exprt string_constraint_generatort::add_axioms_for_last_index_of_string(
   implies_exprt a1(
     contains,
     and_exprt(
-      str.axiom_for_is_longer_than(plus_exprt(substring.length(), offset)),
+      str.axiom_for_is_longer_than(
+        plus_exprt_with_overflow_check(substring.length(), offset)),
       binary_relation_exprt(offset, ID_le, from_index)));
   axioms.push_back(a1);
 
@@ -173,7 +175,7 @@ exprt string_constraint_generatort::add_axioms_for_index_of(
   const function_application_exprt &f)
 {
   const function_application_exprt::argumentst &args=f.arguments();
-  string_exprt str=add_axioms_for_string_expr(args[0]);
+  string_exprt str=get_string_expr(args[0]);
   const exprt &c=args[1];
   const refined_string_typet &ref_type=to_refined_string_type(str.type());
   assert(f.type()==ref_type.get_index_type());
@@ -186,14 +188,15 @@ exprt string_constraint_generatort::add_axioms_for_index_of(
   else
     assert(false);
 
-  if(c.type().id()==ID_unsignedbv)
+  if(c.type().id()==ID_unsignedbv || c.type().id()==ID_signedbv)
   {
     return add_axioms_for_index_of(
       str, typecast_exprt(c, ref_type.get_char_type()), from_index);
   }
   else
   {
-    string_exprt sub=add_axioms_for_string_expr(c);
+    assert(refined_string_typet::is_refined_string_type(c.type()));
+    string_exprt sub=get_string_expr(c);
     return add_axioms_for_index_of_string(str, sub, from_index);
   }
 }
@@ -215,7 +218,7 @@ exprt string_constraint_generatort::add_axioms_for_last_index_of(
 
   exprt index1=from_integer(1, index_type);
   exprt minus1=from_integer(-1, index_type);
-  exprt from_index_plus_one=plus_exprt(from_index, index1);
+  exprt from_index_plus_one=plus_exprt_with_overflow_check(from_index, index1);
   and_exprt a1(
     binary_relation_exprt(index, ID_ge, minus1),
     binary_relation_exprt(index, ID_lt, from_index_plus_one));
@@ -269,7 +272,7 @@ exprt string_constraint_generatort::add_axioms_for_last_index_of(
   const function_application_exprt &f)
 {
   const function_application_exprt::argumentst &args=f.arguments();
-  string_exprt str=add_axioms_for_string_expr(args[0]);
+  string_exprt str=get_string_expr(args[0]);
   exprt c=args[1];
   const refined_string_typet &ref_type=to_refined_string_type(str.type());
   exprt from_index;
@@ -282,14 +285,14 @@ exprt string_constraint_generatort::add_axioms_for_last_index_of(
   else
     assert(false);
 
-  if(c.type().id()==ID_unsignedbv)
+  if(c.type().id()==ID_unsignedbv || c.type().id()==ID_signedbv)
   {
     return add_axioms_for_last_index_of(
       str, typecast_exprt(c, ref_type.get_char_type()), from_index);
   }
   else
   {
-    string_exprt sub=add_axioms_for_string_expr(c);
+    string_exprt sub=get_string_expr(c);
     return add_axioms_for_last_index_of_string(str, sub, from_index);
   }
 }
diff --git a/src/solvers/refinement/string_constraint_generator_insert.cpp b/src/solvers/refinement/string_constraint_generator_insert.cpp
index 6a080a5dc6c..cd5f4376a93 100644
--- a/src/solvers/refinement/string_constraint_generator_insert.cpp
+++ b/src/solvers/refinement/string_constraint_generator_insert.cpp
@@ -48,8 +48,8 @@ Function: string_constraint_generatort::add_axioms_for_insert
 string_exprt string_constraint_generatort::add_axioms_for_insert(
   const function_application_exprt &f)
 {
-  string_exprt s1=add_axioms_for_string_expr(args(f, 3)[0]);
-  string_exprt s2=add_axioms_for_string_expr(args(f, 3)[2]);
+  string_exprt s1=get_string_expr(args(f, 3)[0]);
+  string_exprt s2=get_string_expr(args(f, 3)[2]);
   return add_axioms_for_insert(s1, s2, args(f, 3)[1]);
 }
 
@@ -70,7 +70,7 @@ string_exprt string_constraint_generatort::add_axioms_for_insert_int(
   const function_application_exprt &f)
 {
   const refined_string_typet &ref_type=to_refined_string_type(f.type());
-  string_exprt s1=add_axioms_for_string_expr(args(f, 3)[0]);
+  string_exprt s1=get_string_expr(args(f, 3)[0]);
   string_exprt s2=add_axioms_from_int(
     args(f, 3)[2], MAX_INTEGER_LENGTH, ref_type);
   return add_axioms_for_insert(s1, s2, args(f, 3)[1]);
@@ -93,7 +93,7 @@ string_exprt string_constraint_generatort::add_axioms_for_insert_long(
   const function_application_exprt &f)
 {
   const refined_string_typet &ref_type=to_refined_string_type(f.type());
-  string_exprt s1=add_axioms_for_string_expr(args(f, 3)[0]);
+  string_exprt s1=get_string_expr(args(f, 3)[0]);
   string_exprt s2=add_axioms_from_int(args(f, 3)[2], MAX_LONG_LENGTH, ref_type);
   return add_axioms_for_insert(s1, s2, args(f, 3)[1]);
 }
@@ -115,7 +115,7 @@ string_exprt string_constraint_generatort::add_axioms_for_insert_bool(
   const function_application_exprt &f)
 {
   const refined_string_typet &ref_type=to_refined_string_type(f.type());
-  string_exprt s1=add_axioms_for_string_expr(args(f, 3)[0]);
+  string_exprt s1=get_string_expr(args(f, 3)[0]);
   string_exprt s2=add_axioms_from_bool(args(f, 3)[2], ref_type);
   return add_axioms_for_insert(s1, s2, args(f, 3)[1]);
 }
@@ -136,7 +136,7 @@ Function: string_constraint_generatort::add_axioms_for_insert_char
 string_exprt string_constraint_generatort::add_axioms_for_insert_char(
   const function_application_exprt &f)
 {
-  string_exprt s1=add_axioms_for_string_expr(args(f, 3)[0]);
+  string_exprt s1=get_string_expr(args(f, 3)[0]);
   const refined_string_typet &ref_type=to_refined_string_type(s1.type());
   string_exprt s2=add_axioms_from_char(args(f, 3)[2], ref_type);
   return add_axioms_for_insert(s1, s2, args(f, 3)[1]);
@@ -158,8 +158,9 @@ Function: string_constraint_generatort::add_axioms_for_insert_double
 string_exprt string_constraint_generatort::add_axioms_for_insert_double(
   const function_application_exprt &f)
 {
-  string_exprt s1=add_axioms_for_string_expr(args(f, 3)[0]);
-  string_exprt s2=add_axioms_from_float(args(f, 3)[2]);
+  string_exprt s1=get_string_expr(args(f, 3)[0]);
+  const refined_string_typet &ref_type=to_refined_string_type(s1.type());
+  string_exprt s2=add_axioms_from_float(args(f, 3)[2], ref_type, true);
   return add_axioms_for_insert(s1, s2, args(f, 3)[1]);
 }
 
@@ -179,8 +180,9 @@ Function: string_constraint_generatort::add_axioms_for_insert_float
 string_exprt string_constraint_generatort::add_axioms_for_insert_float(
   const function_application_exprt &f)
 {
-  string_exprt s1=add_axioms_for_string_expr(args(f, 3)[0]);
-  string_exprt s2=add_axioms_from_float(args(f, 3)[2]);
+  string_exprt s1=get_string_expr(args(f, 3)[0]);
+  const refined_string_typet &ref_type=to_refined_string_type(s1.type());
+  string_exprt s2=add_axioms_from_float(args(f, 3)[2], ref_type, false);
   return add_axioms_for_insert(s1, s2, args(f, 3)[1]);
 }
 
@@ -216,7 +218,7 @@ string_exprt string_constraint_generatort::add_axioms_for_insert_char_array(
     offset=from_integer(0, count.type());
   }
 
-  string_exprt str=add_axioms_for_string_expr(f.arguments()[0]);
+  string_exprt str=get_string_expr(f.arguments()[0]);
   const exprt &length=f.arguments()[2];
   const exprt &data=f.arguments()[3];
   string_exprt arr=add_axioms_from_char_array(
diff --git a/src/solvers/refinement/string_constraint_generator_main.cpp b/src/solvers/refinement/string_constraint_generator_main.cpp
index 7fe510c2e35..f8dedaab9a7 100644
--- a/src/solvers/refinement/string_constraint_generator_main.cpp
+++ b/src/solvers/refinement/string_constraint_generator_main.cpp
@@ -16,6 +16,7 @@ Author: Romain Brenguier, romain.brenguier@diffblue.com
 #include <util/arith_tools.h>
 #include <util/pointer_predicates.h>
 #include <util/ssa_expr.h>
+#include <iostream>
 
 unsigned string_constraint_generatort::next_symbol_id=1;
 
@@ -122,6 +123,42 @@ symbol_exprt string_constraint_generatort::fresh_boolean(
 
 /*******************************************************************\
 
+Function: string_constraint_generatort::plus_exprt_with_overflow_check
+
+ Inputs:
+  op1 - First term of the sum
+  op2 - Second term of the sum
+
+ Outputs: A plus expression representing the sum of the arguments
+
+ Purpose: Create a plus expression while adding extra constraints to
+          axioms in order to prevent overflows.
+
+\*******************************************************************/
+plus_exprt string_constraint_generatort::plus_exprt_with_overflow_check(
+  const exprt &op1, const exprt &op2)
+{
+  plus_exprt sum(plus_exprt(op1, op2));
+
+  exprt zero=from_integer(0, op1.type());
+
+  binary_relation_exprt neg1(op1, ID_lt, zero);
+  binary_relation_exprt neg2(op2, ID_lt, zero);
+  binary_relation_exprt neg_sum(sum, ID_lt, zero);
+
+  // We prevent overflows by adding the following constraint:
+  // If the signs of the two operands are the same, then the sign of the sum
+  // should also be the same.
+  implies_exprt no_overflow(equal_exprt(neg1, neg2),
+                            equal_exprt(neg1, neg_sum));
+
+  axioms.push_back(no_overflow);
+
+  return sum;
+}
+
+/*******************************************************************\
+
 Function: string_constraint_generatort::fresh_string
 
   Inputs: a type for string
@@ -144,59 +181,113 @@ string_exprt string_constraint_generatort::fresh_string(
 
 /*******************************************************************\
 
-Function: string_constraint_generatort::add_axioms_for_string_expr
+Function: string_constraint_generatort::get_string_expr
+
+  Inputs: an expression of refined string type
+
+ Outputs: a string expression
+
+ Purpose: casts an expression to a string expression, or fetches the
+          actual string_exprt in the case of a symbol.
+
+\*******************************************************************/
+
+string_exprt string_constraint_generatort::get_string_expr(const exprt &expr)
+{
+  assert(refined_string_typet::is_refined_string_type(expr.type()));
+
+  if(expr.id()==ID_symbol)
+  {
+    return find_or_add_string_of_symbol(
+      to_symbol_expr(expr),
+      to_refined_string_type(expr.type()));
+  }
+  else
+  {
+    return to_string_expr(expr);
+  }
+}
+
+string_exprt string_constraint_generatort::convert_java_string_to_string_exprt(
+    const exprt &jls)
+{
+  assert(get_mode()==ID_java);
+  assert(jls.id()==ID_struct);
+
+  exprt length(to_struct_expr(jls).op1());
+  // TODO: Add assertion on the type.
+  // assert(length.type()==refined_string_typet::index_type());
+  exprt java_content(to_struct_expr(jls).op2());
+  if(java_content.id()==ID_address_of)
+  {
+    java_content=to_address_of_expr(java_content).object();
+  }
+  else
+  {
+    java_content=dereference_exprt(java_content, java_content.type());
+  }
+
+  refined_string_typet type(java_int_type(), java_char_type());
+
+  return string_exprt(length, java_content, type);
+}
+
+/*******************************************************************\
+
+Function: string_constraint_generatort::add_axioms_for_refined_string
 
-  Inputs: an expression of type string
+  Inputs: an expression of refined string type
 
  Outputs: a string expression that is linked to the argument through
           axioms that are added to the list
 
- Purpose: obtain a refined string expression corresponding to string
-          variable of string function call
+ Purpose: obtain a refined string expression corresponding to a expression
+          of type string
 
 \*******************************************************************/
 
-string_exprt string_constraint_generatort::add_axioms_for_string_expr(
-  const exprt &unrefined_string)
+
+string_exprt string_constraint_generatort::add_axioms_for_refined_string(
+  const exprt &string)
 {
-  string_exprt s;
+  assert(refined_string_typet::is_refined_string_type(string.type()));
+  refined_string_typet type=to_refined_string_type(string.type());
 
-  if(unrefined_string.id()==ID_function_application)
+  // Function applications should have been removed before
+  assert(string.id()!=ID_function_application);
+
+  if(string.id()==ID_symbol)
   {
-    exprt res=add_axioms_for_function_application(
-      to_function_application_expr(unrefined_string));
-    s=to_string_expr(res);
+    const symbol_exprt &sym=to_symbol_expr(string);
+    string_exprt s=find_or_add_string_of_symbol(sym, type);
+    axioms.push_back(
+      s.axiom_for_is_longer_than(from_integer(0, s.length().type())));
+    return s;
   }
-  else if(unrefined_string.id()==ID_symbol)
-    s=find_or_add_string_of_symbol(to_symbol_expr(unrefined_string));
-  else if(unrefined_string.id()==ID_address_of)
+  else if(string.id()==ID_nondet_symbol)
   {
-    assert(unrefined_string.op0().id()==ID_symbol);
-    s=find_or_add_string_of_symbol(to_symbol_expr(unrefined_string.op0()));
+    string_exprt s=fresh_string(type);
+    axioms.push_back(
+      s.axiom_for_is_longer_than(from_integer(0, s.length().type())));
+    return s;
   }
-  else if(unrefined_string.id()==ID_if)
-    s=add_axioms_for_if(to_if_expr(unrefined_string));
-  else if(unrefined_string.id()==ID_nondet_symbol ||
-          unrefined_string.id()==ID_struct)
+  else if(string.id()==ID_if)
   {
-    // TODO: for now we ignore non deterministic symbols and struct
+    return add_axioms_for_if(to_if_expr(string));
   }
-  else if(unrefined_string.id()==ID_typecast)
+  else if(string.id()==ID_struct)
   {
-    exprt arg=to_typecast_expr(unrefined_string).op();
-    exprt res=add_axioms_for_string_expr(arg);
-    s=to_string_expr(res);
+    const string_exprt &s=to_string_expr(string);
+    axioms.push_back(
+      s.axiom_for_is_longer_than(from_integer(0, s.length().type())));
+    return s;
   }
   else
   {
-    throw "add_axioms_for_string_expr:\n"+unrefined_string.pretty()+
+    throw "add_axioms_for_refined_string:\n"+string.pretty()+
       "\nwhich is not a function application, "+
-      "a symbol or an if expression";
+      "a symbol, a struct or an if expression";
   }
-
-  axioms.push_back(
-    s.axiom_for_is_longer_than(from_integer(0, s.length().type())));
-  return s;
 }
 
 /*******************************************************************\
@@ -216,10 +307,10 @@ string_exprt string_constraint_generatort::add_axioms_for_if(
 {
   assert(
     refined_string_typet::is_refined_string_type(expr.true_case().type()));
-  string_exprt t=add_axioms_for_string_expr(expr.true_case());
+  string_exprt t=get_string_expr(expr.true_case());
   assert(
     refined_string_typet::is_refined_string_type(expr.false_case().type()));
-  string_exprt f=add_axioms_for_string_expr(expr.false_case());
+  string_exprt f=get_string_expr(expr.false_case());
   const refined_string_typet &ref_type=to_refined_string_type(t.type());
   const typet &index_type=ref_type.get_index_type();
   string_exprt res=fresh_string(ref_type);
@@ -246,7 +337,7 @@ Function: string_constraint_generatort::find_or_add_string_of_symbol
 
  Outputs: a string expression
 
- Purpose: if a symbol represent a string is present in the symbol_to_string
+ Purpose: if a symbol representing a string is present in the symbol_to_string
           table, returns the corresponding string, if the symbol is not yet
           present, creates a new string with the correct type depending on
           whether the mode is java or c, adds it to the table and returns it.
@@ -254,12 +345,11 @@ Function: string_constraint_generatort::find_or_add_string_of_symbol
 \*******************************************************************/
 
 string_exprt string_constraint_generatort::find_or_add_string_of_symbol(
-  const symbol_exprt &sym)
+  const symbol_exprt &sym, const refined_string_typet &ref_type)
 {
   irep_idt id=sym.get_identifier();
-  const refined_string_typet &ref_type=to_refined_string_type(sym.type());
   string_exprt str=fresh_string(ref_type);
-  auto entry=symbol_to_string.insert(std::make_pair(id, str));
+  auto entry=unresolved_symbols.insert(std::make_pair(id, str));
   return entry.first->second;
 }
 
@@ -286,125 +376,180 @@ exprt string_constraint_generatort::add_axioms_for_function_application(
   const irep_idt &id=is_ssa_expr(name)?to_ssa_expr(name).get_object_name():
     to_symbol_expr(name).get_identifier();
 
+  std::string str_id(id.c_str());
+
+  size_t pos=str_id.find("func_length");
+  if(pos!=std::string::npos)
+  {
+    function_application_exprt new_expr(expr);
+    // TODO: This part needs some improvement.
+    // Stripping the symbol name is not a very robust process.
+    new_expr.function() = symbol_exprt(str_id.substr(0, pos+4));
+    assert(get_mode()==ID_java);
+    new_expr.type() = refined_string_typet(java_int_type(), java_char_type());
+
+    auto res_it=function_application_cache.insert(std::make_pair(new_expr,
+                                                                 nil_exprt()));
+    if(res_it.second)
+    {
+      string_exprt res=to_string_expr(
+        add_axioms_for_function_application(new_expr));
+      res_it.first->second=res;
+      return res.length();
+    }
+    else
+      return to_string_expr(res_it.first->second).length();
+  }
+
+  pos = str_id.find("func_data");
+  if(pos!=std::string::npos)
+  {
+    function_application_exprt new_expr(expr);
+    new_expr.function() = symbol_exprt(str_id.substr(0, pos+4));
+    new_expr.type() = refined_string_typet(java_int_type(), java_char_type());
+
+    auto res_it=function_application_cache.insert(std::make_pair(new_expr,
+                                                                 nil_exprt()));
+    if(res_it.second)
+    {
+      string_exprt res=to_string_expr(
+        add_axioms_for_function_application(new_expr));
+      res_it.first->second=res;
+      return res.content();
+    }
+    else
+      return to_string_expr(res_it.first->second).content();
+  }
+
   // TODO: improve efficiency of this test by either ordering test by frequency
   // or using a map
 
+  auto res_it=function_application_cache.find(expr);
+  if(res_it!=function_application_cache.end() && res_it->second!=nil_exprt())
+    return res_it->second;
+
+  exprt res;
+
   if(id==ID_cprover_char_literal_func)
-    return add_axioms_for_char_literal(expr);
+    res=add_axioms_for_char_literal(expr);
   else if(id==ID_cprover_string_length_func)
-    return add_axioms_for_length(expr);
+    res=add_axioms_for_length(expr);
   else if(id==ID_cprover_string_equal_func)
-    return add_axioms_for_equals(expr);
+    res=add_axioms_for_equals(expr);
   else if(id==ID_cprover_string_equals_ignore_case_func)
-    return add_axioms_for_equals_ignore_case(expr);
+    res=add_axioms_for_equals_ignore_case(expr);
   else if(id==ID_cprover_string_is_empty_func)
-    return add_axioms_for_is_empty(expr);
+    res=add_axioms_for_is_empty(expr);
   else if(id==ID_cprover_string_char_at_func)
-    return add_axioms_for_char_at(expr);
+    res=add_axioms_for_char_at(expr);
   else if(id==ID_cprover_string_is_prefix_func)
-    return add_axioms_for_is_prefix(expr);
+    res=add_axioms_for_is_prefix(expr);
   else if(id==ID_cprover_string_is_suffix_func)
-    return add_axioms_for_is_suffix(expr);
+    res=add_axioms_for_is_suffix(expr);
   else if(id==ID_cprover_string_startswith_func)
-    return add_axioms_for_is_prefix(expr, true);
+    res=add_axioms_for_is_prefix(expr, true);
   else if(id==ID_cprover_string_endswith_func)
-    return add_axioms_for_is_suffix(expr, true);
+    res=add_axioms_for_is_suffix(expr, true);
   else if(id==ID_cprover_string_contains_func)
-    return add_axioms_for_contains(expr);
+    res=add_axioms_for_contains(expr);
   else if(id==ID_cprover_string_hash_code_func)
-    return add_axioms_for_hash_code(expr);
+    res=add_axioms_for_hash_code(expr);
   else if(id==ID_cprover_string_index_of_func)
-    return add_axioms_for_index_of(expr);
+    res=add_axioms_for_index_of(expr);
   else if(id==ID_cprover_string_last_index_of_func)
-    return add_axioms_for_last_index_of(expr);
+    res=add_axioms_for_last_index_of(expr);
   else if(id==ID_cprover_string_parse_int_func)
-    return add_axioms_for_parse_int(expr);
+    res=add_axioms_for_parse_int(expr);
   else if(id==ID_cprover_string_to_char_array_func)
-    return add_axioms_for_to_char_array(expr);
+    res=add_axioms_for_to_char_array(expr);
   else if(id==ID_cprover_string_code_point_at_func)
-    return add_axioms_for_code_point_at(expr);
+    res=add_axioms_for_code_point_at(expr);
   else if(id==ID_cprover_string_code_point_before_func)
-    return add_axioms_for_code_point_before(expr);
+    res=add_axioms_for_code_point_before(expr);
   else if(id==ID_cprover_string_code_point_count_func)
-    return add_axioms_for_code_point_count(expr);
+    res=add_axioms_for_code_point_count(expr);
   else if(id==ID_cprover_string_offset_by_code_point_func)
-    return add_axioms_for_offset_by_code_point(expr);
+    res=add_axioms_for_offset_by_code_point(expr);
   else if(id==ID_cprover_string_compare_to_func)
-    return add_axioms_for_compare_to(expr);
+    res=add_axioms_for_compare_to(expr);
   else if(id==ID_cprover_string_literal_func)
-    return add_axioms_from_literal(expr);
+    res=add_axioms_from_literal(expr);
   else if(id==ID_cprover_string_concat_func)
-    return add_axioms_for_concat(expr);
+    res=add_axioms_for_concat(expr);
   else if(id==ID_cprover_string_concat_int_func)
-    return add_axioms_for_concat_int(expr);
+    res=add_axioms_for_concat_int(expr);
   else if(id==ID_cprover_string_concat_long_func)
-    return add_axioms_for_concat_long(expr);
+    res=add_axioms_for_concat_long(expr);
   else if(id==ID_cprover_string_concat_bool_func)
-      return add_axioms_for_concat_bool(expr);
+      res=add_axioms_for_concat_bool(expr);
   else if(id==ID_cprover_string_concat_char_func)
-    return add_axioms_for_concat_char(expr);
+    res=add_axioms_for_concat_char(expr);
   else if(id==ID_cprover_string_concat_double_func)
-    return add_axioms_for_concat_double(expr);
+    res=add_axioms_for_concat_double(expr);
   else if(id==ID_cprover_string_concat_float_func)
-    return add_axioms_for_concat_float(expr);
+    res=add_axioms_for_concat_float(expr);
   else if(id==ID_cprover_string_concat_code_point_func)
-    return add_axioms_for_concat_code_point(expr);
+    res=add_axioms_for_concat_code_point(expr);
   else if(id==ID_cprover_string_insert_func)
-    return add_axioms_for_insert(expr);
+    res=add_axioms_for_insert(expr);
   else if(id==ID_cprover_string_insert_int_func)
-    return add_axioms_for_insert_int(expr);
+    res=add_axioms_for_insert_int(expr);
   else if(id==ID_cprover_string_insert_long_func)
-    return add_axioms_for_insert_long(expr);
+    res=add_axioms_for_insert_long(expr);
   else if(id==ID_cprover_string_insert_bool_func)
-    return add_axioms_for_insert_bool(expr);
+    res=add_axioms_for_insert_bool(expr);
   else if(id==ID_cprover_string_insert_char_func)
-    return add_axioms_for_insert_char(expr);
+    res=add_axioms_for_insert_char(expr);
   else if(id==ID_cprover_string_insert_double_func)
-    return add_axioms_for_insert_double(expr);
+    res=add_axioms_for_insert_double(expr);
   else if(id==ID_cprover_string_insert_float_func)
-    return add_axioms_for_insert_float(expr);
+    res=add_axioms_for_insert_float(expr);
+#if 0
   else if(id==ID_cprover_string_insert_char_array_func)
-    return add_axioms_for_insert_char_array(expr);
+    res=add_axioms_for_insert_char_array(expr);
+#endif
   else if(id==ID_cprover_string_substring_func)
-    return add_axioms_for_substring(expr);
+    res=add_axioms_for_substring(expr);
   else if(id==ID_cprover_string_trim_func)
-    return add_axioms_for_trim(expr);
+    res=add_axioms_for_trim(expr);
   else if(id==ID_cprover_string_to_lower_case_func)
-    return add_axioms_for_to_lower_case(expr);
+    res=add_axioms_for_to_lower_case(expr);
   else if(id==ID_cprover_string_to_upper_case_func)
-    return add_axioms_for_to_upper_case(expr);
+    res=add_axioms_for_to_upper_case(expr);
   else if(id==ID_cprover_string_char_set_func)
-    return add_axioms_for_char_set(expr);
+    res=add_axioms_for_char_set(expr);
   else if(id==ID_cprover_string_value_of_func)
-    return add_axioms_for_value_of(expr);
+    res=add_axioms_for_value_of(expr);
   else if(id==ID_cprover_string_empty_string_func)
-    return add_axioms_for_empty_string(expr);
+    res=add_axioms_for_empty_string(expr);
   else if(id==ID_cprover_string_copy_func)
-    return add_axioms_for_copy(expr);
+    res=add_axioms_for_copy(expr);
   else if(id==ID_cprover_string_of_int_func)
-    return add_axioms_from_int(expr);
+    res=add_axioms_from_int(expr);
   else if(id==ID_cprover_string_of_int_hex_func)
-    return add_axioms_from_int_hex(expr);
+    res=add_axioms_from_int_hex(expr);
   else if(id==ID_cprover_string_of_float_func)
-    return add_axioms_from_float(expr);
+    res=add_axioms_from_float(expr);
   else if(id==ID_cprover_string_of_double_func)
-    return add_axioms_from_double(expr);
+    res=add_axioms_from_double(expr);
   else if(id==ID_cprover_string_of_long_func)
-    return add_axioms_from_long(expr);
+    res=add_axioms_from_long(expr);
   else if(id==ID_cprover_string_of_bool_func)
-    return add_axioms_from_bool(expr);
+    res=add_axioms_from_bool(expr);
   else if(id==ID_cprover_string_of_char_func)
-    return add_axioms_from_char(expr);
-  else if(id==ID_cprover_string_of_char_array_func)
-    return add_axioms_from_char_array(expr);
+    res=add_axioms_from_char(expr);
   else if(id==ID_cprover_string_set_length_func)
-    return add_axioms_for_set_length(expr);
+    res=add_axioms_for_set_length(expr);
   else if(id==ID_cprover_string_delete_func)
-    return add_axioms_for_delete(expr);
+    res=add_axioms_for_delete(expr);
   else if(id==ID_cprover_string_delete_char_at_func)
-    return add_axioms_for_delete_char_at(expr);
+    res=add_axioms_for_delete_char_at(expr);
   else if(id==ID_cprover_string_replace_func)
-    return add_axioms_for_replace(expr);
+    res=add_axioms_for_replace(expr);
+  else if(id==ID_cprover_string_intern_func)
+    res=add_axioms_for_intern(expr);
+  else if(id==ID_cprover_string_array_of_char_pointer_func)
+    res=add_axioms_for_char_pointer(expr);
   else
   {
     std::string msg(
@@ -412,13 +557,16 @@ exprt string_constraint_generatort::add_axioms_for_function_application(
     msg+=id2string(id);
     throw msg;
   }
+  function_application_cache[expr]=res;
+  return res;
 }
 
 /*******************************************************************\
 
 Function: string_constraint_generatort::add_axioms_for_copy
 
-  Inputs: function application with one argument, which is a string
+  Inputs: function application with one argument, which is a string,
+          or three arguments: string, integer offset and count
 
  Outputs: a new string expression
 
@@ -430,20 +578,20 @@ Function: string_constraint_generatort::add_axioms_for_copy
 string_exprt string_constraint_generatort::add_axioms_for_copy(
   const function_application_exprt &f)
 {
-  string_exprt s1=add_axioms_for_string_expr(args(f, 1)[0]);
-  const refined_string_typet &ref_type=to_refined_string_type(s1.type());
-  string_exprt res=fresh_string(ref_type);
-
-  // We add axioms:
-  // a1 : |res|=|s1|
-  // a2 : forall i<|s1|. s1[i]=res[i]
-
-  axioms.push_back(res.axiom_for_has_same_length_as(s1));
-
-  symbol_exprt idx=fresh_univ_index("QA_index_copy", ref_type.get_index_type());
-  string_constraintt a2(idx, s1.length(), equal_exprt(s1[idx], res[idx]));
-  axioms.push_back(a2);
-  return res;
+  const auto &args=f.arguments();
+  if(args.size()==1)
+  {
+    string_exprt s1=get_string_expr(args[0]);
+    return s1;
+  }
+  else
+  {
+    assert(args.size()==3);
+    string_exprt s1=get_string_expr(args[0]);
+    exprt offset=args[1];
+    exprt count=args[2];
+    return add_axioms_for_substring(s1, offset, plus_exprt(offset, count));
+  }
 }
 
 /*******************************************************************\
@@ -473,6 +621,28 @@ string_exprt string_constraint_generatort::add_axioms_for_java_char_array(
 
 /*******************************************************************\
 
+Function: string_constraint_generatort::add_axioms_for_char_pointer
+
+  Inputs: an expression of type char
+
+ Outputs: an array expression
+
+ Purpose: for an expression of the form `array[0]` returns `array`
+
+\*******************************************************************/
+
+exprt string_constraint_generatort::add_axioms_for_char_pointer(
+  const function_application_exprt &fun)
+{
+  exprt char_pointer=args(fun, 1)[0];
+  if(char_pointer.id()==ID_index)
+    return char_pointer.op0();
+  // TODO: we do not know what to do in the other cases
+  assert(false);
+}
+
+/*******************************************************************\
+
 Function: string_constraint_generatort::add_axioms_for_length
 
   Inputs: function application with one string argument
@@ -486,7 +656,7 @@ Function: string_constraint_generatort::add_axioms_for_length
 exprt string_constraint_generatort::add_axioms_for_length(
   const function_application_exprt &f)
 {
-  string_exprt str=add_axioms_for_string_expr(args(f, 1)[0]);
+  string_exprt str=get_string_expr(args(f, 1)[0]);
   return str.length();
 }
 
@@ -511,6 +681,7 @@ string_exprt string_constraint_generatort::add_axioms_from_char_array(
   const exprt &offset,
   const exprt &count)
 {
+  assert(false); // deprecated, we should use add_axioms_for_substring instead
   const typet &char_type=to_array_type(data.type()).subtype();
   const typet &index_type=length.type();
   refined_string_typet ref_type(index_type, char_type);
@@ -523,7 +694,7 @@ string_exprt string_constraint_generatort::add_axioms_from_char_array(
   symbol_exprt qvar=fresh_univ_index("QA_string_of_char_array", index_type);
   exprt char_in_tab=data;
   assert(char_in_tab.id()==ID_index);
-  char_in_tab.op1()=plus_exprt(qvar, offset);
+  char_in_tab.op1()=plus_exprt_with_overflow_check(qvar, offset);
 
   string_constraintt a1(qvar, count, equal_exprt(str[qvar], char_in_tab));
   axioms.push_back(a1);
@@ -549,6 +720,7 @@ Function: string_constraint_generatort::add_axioms_from_char_array
 string_exprt string_constraint_generatort::add_axioms_from_char_array(
   const function_application_exprt &f)
 {
+  assert(false); // deprecated, we should use add_axioms_for_substring instead
   exprt offset;
   exprt count;
   if(f.arguments().size()==4)
@@ -638,7 +810,7 @@ Function: string_constraint_generatort::add_axioms_for_char_at
 exprt string_constraint_generatort::add_axioms_for_char_at(
   const function_application_exprt &f)
 {
-  string_exprt str=add_axioms_for_string_expr(args(f, 2)[0]);
+  string_exprt str=get_string_expr(args(f, 2)[0]);
   const refined_string_typet &ref_type=to_refined_string_type(str.type());
   symbol_exprt char_sym=fresh_symbol("char", ref_type.get_char_type());
   axioms.push_back(equal_exprt(char_sym, str[args(f, 2)[1]]));
@@ -660,26 +832,6 @@ Function: string_constraint_generatort::add_axioms_for_to_char_array
 exprt string_constraint_generatort::add_axioms_for_to_char_array(
   const function_application_exprt &f)
 {
-  string_exprt str=add_axioms_for_string_expr(args(f, 1)[0]);
+  string_exprt str=get_string_expr(args(f, 1)[0]);
   return str.content();
 }
-
-/*******************************************************************\
-
-Function: string_constraint_generatort::set_string_symbol_equal_to_expr
-
-  Inputs: a symbol and a string
-
- Purpose: add a correspondence to make sure the symbol points to the
-          same string as the second argument
-
-\*******************************************************************/
-
-void string_constraint_generatort::set_string_symbol_equal_to_expr(
-  const symbol_exprt &sym, const exprt &str)
-{
-  if(str.id()==ID_symbol)
-    assign_to_symbol(sym, find_or_add_string_of_symbol(to_symbol_expr(str)));
-  else
-    assign_to_symbol(sym, add_axioms_for_string_expr(str));
-}
diff --git a/src/solvers/refinement/string_constraint_generator_testing.cpp b/src/solvers/refinement/string_constraint_generator_testing.cpp
index 8b1c7bca9d4..2a08b021070 100644
--- a/src/solvers/refinement/string_constraint_generator_testing.cpp
+++ b/src/solvers/refinement/string_constraint_generator_testing.cpp
@@ -31,15 +31,15 @@ exprt string_constraint_generatort::add_axioms_for_is_prefix(
 
   // We add axioms:
   // a1 : isprefix => |str| >= |prefix|+offset
-  // a2 : forall 0<=qvar<prefix.length. isprefix =>
-  //   s0[witness+offset]=s2[witness]
-  // a3 : !isprefix => |str| < |prefix|+offset
-  //   || (|str| >= |prefix|+offset &&0<=witness<|prefix|
-  //     &&str[witness+ofsset]!=prefix[witness])
+  // a2 : forall 0<=qvar<|prefix|. isprefix => s0[witness+offset]=s2[witness]
+  // a3 : !isprefix =>
+  //        |str|<|prefix|+offset ||
+  //        (0<=witness<|prefix| && str[witness+offset]!=prefix[witness])
 
   implies_exprt a1(
     isprefix,
-    str.axiom_for_is_longer_than(plus_exprt(prefix.length(), offset)));
+    str.axiom_for_is_longer_than(plus_exprt_with_overflow_check(
+      prefix.length(), offset)));
   axioms.push_back(a1);
 
   symbol_exprt qvar=fresh_univ_index("QA_isprefix", index_type);
@@ -47,7 +47,8 @@ exprt string_constraint_generatort::add_axioms_for_is_prefix(
     qvar,
     prefix.length(),
     isprefix,
-    equal_exprt(str[plus_exprt(qvar, offset)], prefix[qvar]));
+    equal_exprt(str[plus_exprt_with_overflow_check(qvar, offset)],
+                prefix[qvar]));
   axioms.push_back(a2);
 
   symbol_exprt witness=fresh_exist_index("witness_not_isprefix", index_type);
@@ -55,14 +56,13 @@ exprt string_constraint_generatort::add_axioms_for_is_prefix(
     axiom_for_is_positive_index(witness),
     and_exprt(
       prefix.axiom_for_is_strictly_longer_than(witness),
-      notequal_exprt(str[plus_exprt(witness, offset)], prefix[witness])));
+      notequal_exprt(str[plus_exprt_with_overflow_check(witness, offset)],
+                     prefix[witness])));
   or_exprt s0_notpref_s1(
     not_exprt(
-      str.axiom_for_is_longer_than(plus_exprt(prefix.length(), offset))),
-    and_exprt(
-      witness_diff,
       str.axiom_for_is_longer_than(
-        plus_exprt(prefix.length(), offset))));
+        plus_exprt_with_overflow_check(prefix.length(), offset))),
+    witness_diff);
 
   implies_exprt a3(not_exprt(isprefix), s0_notpref_s1);
   axioms.push_back(a3);
@@ -88,8 +88,8 @@ exprt string_constraint_generatort::add_axioms_for_is_prefix(
 {
   const function_application_exprt::argumentst &args=f.arguments();
   assert(f.type()==bool_typet() || f.type().id()==ID_c_bool);
-  string_exprt s0=add_axioms_for_string_expr(args[swap_arguments?1:0]);
-  string_exprt s1=add_axioms_for_string_expr(args[swap_arguments?0:1]);
+  string_exprt s0=get_string_expr(args[swap_arguments?1:0]);
+  string_exprt s1=get_string_expr(args[swap_arguments?0:1]);
   exprt offset;
   if(args.size()==2)
     offset=from_integer(0, s0.length().type());
@@ -121,7 +121,7 @@ exprt string_constraint_generatort::add_axioms_for_is_empty(
   // a2 : s0 => is_empty
 
   symbol_exprt is_empty=fresh_boolean("is_empty");
-  string_exprt s0=add_axioms_for_string_expr(args(f, 1)[0]);
+  string_exprt s0=get_string_expr(args(f, 1)[0]);
   axioms.push_back(implies_exprt(is_empty, s0.axiom_for_has_length(0)));
   axioms.push_back(implies_exprt(s0.axiom_for_has_length(0), is_empty));
   return typecast_exprt(is_empty, f.type());
@@ -150,8 +150,8 @@ exprt string_constraint_generatort::add_axioms_for_is_suffix(
 
   symbol_exprt issuffix=fresh_boolean("issuffix");
   typecast_exprt tc_issuffix(issuffix, f.type());
-  string_exprt s0=add_axioms_for_string_expr(args[swap_arguments?1:0]);
-  string_exprt s1=add_axioms_for_string_expr(args[swap_arguments?0:1]);
+  string_exprt s0=get_string_expr(args[swap_arguments?1:0]);
+  string_exprt s1=get_string_expr(args[swap_arguments?0:1]);
   const typet &index_type=s0.length().type();
 
   // We add axioms:
@@ -159,7 +159,7 @@ exprt string_constraint_generatort::add_axioms_for_is_suffix(
   // a2 : forall witness<s1.length.
   //     issufix => s1[witness]=s0[witness + s0.length-s1.length]
   // a3 : !issuffix =>
-  //   s1.length > s0.length
+  //   (s1.length > s0.length && witness=-1)
   //     || (s1.length > witness>=0
   //       &&s1[witness]!=s0[witness + s0.length-s1.length]
 
@@ -177,7 +177,8 @@ exprt string_constraint_generatort::add_axioms_for_is_suffix(
   exprt shifted=plus_exprt(
     witness, minus_exprt(s1.length(), s0.length()));
   or_exprt constr3(
-    s0.axiom_for_is_strictly_longer_than(s1),
+    and_exprt(s0.axiom_for_is_strictly_longer_than(s1),
+              equal_exprt(witness, from_integer(-1, index_type))),
     and_exprt(
       notequal_exprt(s0[witness], s1[shifted]),
       and_exprt(
@@ -207,9 +208,10 @@ exprt string_constraint_generatort::add_axioms_for_contains(
   assert(f.type()==bool_typet() || f.type().id()==ID_c_bool);
   symbol_exprt contains=fresh_boolean("contains");
   typecast_exprt tc_contains(contains, f.type());
-  string_exprt s0=add_axioms_for_string_expr(args(f, 2)[0]);
-  string_exprt s1=add_axioms_for_string_expr(args(f, 2)[1]);
-  const typet &index_type=s0.type();
+  string_exprt s0=get_string_expr(args(f, 2)[0]);
+  string_exprt s1=get_string_expr(args(f, 2)[1]);
+  const refined_string_typet ref_type=to_refined_string_type(s0.type());
+  const typet &index_type=ref_type.get_index_type();
 
   // We add axioms:
   // a1 : contains => s0.length >= s1.length
diff --git a/src/solvers/refinement/string_constraint_generator_transformation.cpp b/src/solvers/refinement/string_constraint_generator_transformation.cpp
index 83735e0d5b5..f27fe5d4317 100644
--- a/src/solvers/refinement/string_constraint_generator_transformation.cpp
+++ b/src/solvers/refinement/string_constraint_generator_transformation.cpp
@@ -29,7 +29,7 @@ Function: string_constraint_generatort::add_axioms_for_set_length
 string_exprt string_constraint_generatort::add_axioms_for_set_length(
   const function_application_exprt &f)
 {
-  string_exprt s1=add_axioms_for_string_expr(args(f, 2)[0]);
+  string_exprt s1=get_string_expr(args(f, 2)[0]);
   exprt k=args(f, 2)[1];
   const refined_string_typet &ref_type=to_refined_string_type(s1.type());
   string_exprt res=fresh_string(ref_type);
@@ -76,7 +76,7 @@ string_exprt string_constraint_generatort::add_axioms_for_substring(
 {
   const function_application_exprt::argumentst &args=f.arguments();
   assert(args.size()>=2);
-  string_exprt str=add_axioms_for_string_expr(args[0]);
+  string_exprt str=get_string_expr(args[0]);
   exprt i(args[1]);
   exprt j;
   if(args.size()==3)
@@ -110,7 +110,6 @@ string_exprt string_constraint_generatort::add_axioms_for_substring(
 {
   const refined_string_typet &ref_type=to_refined_string_type(str.type());
   const typet &index_type=ref_type.get_index_type();
-  symbol_exprt idx=fresh_exist_index("index_substring", index_type);
   assert(start.type()==index_type);
   assert(end.type()==index_type);
   string_exprt res=fresh_string(ref_type);
@@ -133,8 +132,11 @@ string_exprt string_constraint_generatort::add_axioms_for_substring(
   // Warning: check what to do if the string is not long enough
   axioms.push_back(str.axiom_for_is_longer_than(end));
 
-  string_constraintt a4(
-    idx, res.length(), equal_exprt(res[idx], str[plus_exprt(start, idx)]));
+  symbol_exprt idx=fresh_univ_index("QA_index_substring", index_type);
+  string_constraintt a4(idx,
+                        res.length(),
+                        equal_exprt(res[idx],
+                        str[plus_exprt_with_overflow_check(start, idx)]));
   axioms.push_back(a4);
   return res;
 }
@@ -154,7 +156,7 @@ Function: string_constraint_generatort::add_axioms_for_trim
 string_exprt string_constraint_generatort::add_axioms_for_trim(
   const function_application_exprt &expr)
 {
-  string_exprt str=add_axioms_for_string_expr(args(expr, 1)[0]);
+  string_exprt str=get_string_expr(args(expr, 1)[0]);
   const refined_string_typet &ref_type=to_refined_string_type(str.type());
   const typet &index_type=ref_type.get_index_type();
   string_exprt res=fresh_string(ref_type);
@@ -173,7 +175,8 @@ string_exprt string_constraint_generatort::add_axioms_for_trim(
   // a8 : forall n<|s1|, s[idx+n]=s1[n]
   // a9 : (s[m]>' ' &&s[m+|s1|-1]>' ') || m=|s|
 
-  exprt a1=str.axiom_for_is_longer_than(plus_exprt(idx, res.length()));
+  exprt a1=str.axiom_for_is_longer_than(
+    plus_exprt_with_overflow_check(idx, res.length()));
   axioms.push_back(a1);
 
   binary_relation_exprt a2(idx, ID_ge, from_integer(0, index_type));
@@ -195,7 +198,8 @@ string_exprt string_constraint_generatort::add_axioms_for_trim(
   axioms.push_back(a6);
 
   symbol_exprt n2=fresh_univ_index("QA_index_trim2", index_type);
-  minus_exprt bound(str.length(), plus_exprt(idx, res.length()));
+  minus_exprt bound(str.length(), plus_exprt_with_overflow_check(idx,
+                                                                 res.length()));
   binary_relation_exprt eqn2(
     str[plus_exprt(idx, plus_exprt(res.length(), n2))],
     ID_le,
@@ -210,7 +214,8 @@ string_exprt string_constraint_generatort::add_axioms_for_trim(
   axioms.push_back(a8);
 
   minus_exprt index_before(
-    plus_exprt(idx, res.length()), from_integer(1, index_type));
+    plus_exprt_with_overflow_check(idx, res.length()),
+      from_integer(1, index_type));
   binary_relation_exprt no_space_before(str[index_before], ID_gt, space_char);
   or_exprt a9(
     equal_exprt(idx, str.length()),
@@ -236,7 +241,7 @@ Function: string_constraint_generatort::add_axioms_for_to_lower_case
 string_exprt string_constraint_generatort::add_axioms_for_to_lower_case(
   const function_application_exprt &expr)
 {
-  string_exprt str=add_axioms_for_string_expr(args(expr, 1)[0]);
+  string_exprt str=get_string_expr(args(expr, 1)[0]);
   const refined_string_typet &ref_type=to_refined_string_type(str.type());
   const typet &char_type=ref_type.get_char_type();
   const typet &index_type=ref_type.get_index_type();
@@ -289,7 +294,7 @@ Function: string_constraint_generatort::add_axioms_for_to_upper_case
 string_exprt string_constraint_generatort::add_axioms_for_to_upper_case(
   const function_application_exprt &expr)
 {
-  string_exprt str=add_axioms_for_string_expr(args(expr, 1)[0]);
+  string_exprt str=get_string_expr(args(expr, 1)[0]);
   const refined_string_typet &ref_type=to_refined_string_type(str.type());
   const typet &char_type=ref_type.get_char_type();
   const typet &index_type=ref_type.get_index_type();
@@ -345,7 +350,7 @@ Function: string_constraint_generatort::add_axioms_for_char_set
 string_exprt string_constraint_generatort::add_axioms_for_char_set(
   const function_application_exprt &f)
 {
-  string_exprt str=add_axioms_for_string_expr(args(f, 3)[0]);
+  string_exprt str=get_string_expr(args(f, 3)[0]);
   const refined_string_typet &ref_type=to_refined_string_type(str.type());
   string_exprt res=fresh_string(ref_type);
   with_exprt sarrnew(str.content(), args(f, 3)[1], args(f, 3)[2]);
@@ -378,7 +383,7 @@ Function: string_constraint_generatort::add_axioms_for_replace
 string_exprt string_constraint_generatort::add_axioms_for_replace(
   const function_application_exprt &f)
 {
-  string_exprt str=add_axioms_for_string_expr(args(f, 3)[0]);
+  string_exprt str=get_string_expr(args(f, 3)[0]);
   const refined_string_typet &ref_type=to_refined_string_type(str.type());
   const exprt &old_char=args(f, 3)[1];
   const exprt &new_char=args(f, 3)[2];
@@ -421,10 +426,12 @@ Function: string_constraint_generatort::add_axioms_for_delete_char_at
 string_exprt string_constraint_generatort::add_axioms_for_delete_char_at(
   const function_application_exprt &f)
 {
-  string_exprt str=add_axioms_for_string_expr(args(f, 2)[0]);
+  string_exprt str=get_string_expr(args(f, 2)[0]);
   exprt index_one=from_integer(1, str.length().type());
   return add_axioms_for_delete(
-    str, args(f, 2)[1], plus_exprt(args(f, 2)[1], index_one));
+    str,
+    args(f, 2)[1],
+    plus_exprt_with_overflow_check(args(f, 2)[1], index_one));
 }
 
 /*******************************************************************\
@@ -468,6 +475,6 @@ Function: string_constraint_generatort::add_axioms_for_delete
 string_exprt string_constraint_generatort::add_axioms_for_delete(
   const function_application_exprt &f)
 {
-  string_exprt str=add_axioms_for_string_expr(args(f, 3)[0]);
+  string_exprt str=get_string_expr(args(f, 3)[0]);
   return add_axioms_for_delete(str, args(f, 3)[1], args(f, 3)[2]);
 }
diff --git a/src/solvers/refinement/string_constraint_generator_valueof.cpp b/src/solvers/refinement/string_constraint_generator_valueof.cpp
index d1030e5e085..10fe490259a 100644
--- a/src/solvers/refinement/string_constraint_generator_valueof.cpp
+++ b/src/solvers/refinement/string_constraint_generator_valueof.cpp
@@ -63,7 +63,8 @@ Function: string_constraint_generatort::add_axioms_from_float
 string_exprt string_constraint_generatort::add_axioms_from_float(
   const function_application_exprt &f)
 {
-  return add_axioms_from_float(args(f, 1)[0], false);
+  const refined_string_typet &ref_type=to_refined_string_type(f.type());
+  return add_axioms_from_float(args(f, 1)[0], ref_type, false);
 }
 
 /*******************************************************************\
@@ -81,7 +82,8 @@ Function: string_constraint_generatort::add_axioms_from_double
 string_exprt string_constraint_generatort::add_axioms_from_double(
   const function_application_exprt &f)
 {
-  return add_axioms_from_float(args(f, 1)[0], true);
+  const refined_string_typet &ref_type=to_refined_string_type(f.type());
+  return add_axioms_from_float(args(f, 1)[0], ref_type, true);
 }
 
 /*******************************************************************\
@@ -99,13 +101,12 @@ Function: string_constraint_generatort::add_axioms_from_float
 \*******************************************************************/
 
 string_exprt string_constraint_generatort::add_axioms_from_float(
-  const exprt &f, bool double_precision)
+  const exprt &f, const refined_string_typet &ref_type, bool double_precision)
 {
-  const refined_string_typet &ref_type=to_refined_string_type(f.type());
+  string_exprt res=fresh_string(ref_type);
   const typet &index_type=ref_type.get_index_type();
   const typet &char_type=ref_type.get_char_type();
-  string_exprt res=fresh_string(ref_type);
-  const exprt &index24=from_integer(24, ref_type.get_index_type());
+  const exprt &index24=from_integer(24, index_type);
   axioms.push_back(res.axiom_for_is_shorter_than(index24));
 
   string_exprt magnitude=fresh_string(ref_type);
@@ -323,13 +324,22 @@ string_exprt string_constraint_generatort::add_axioms_from_int(
   axioms.push_back(a1);
 
   exprt chr=res[0];
-  exprt starts_with_minus=equal_exprt(chr, minus_char);
-  exprt starts_with_digit=and_exprt(
+  equal_exprt starts_with_minus(chr, minus_char);
+  and_exprt starts_with_digit(
     binary_relation_exprt(chr, ID_ge, zero_char),
     binary_relation_exprt(chr, ID_le, nine_char));
   or_exprt a2(starts_with_digit, starts_with_minus);
   axioms.push_back(a2);
 
+  // These are constraints to detect number that requiere the maximum number
+  // of digits
+  exprt smallest_with_max_digits=
+    from_integer(smallest_by_digit(max_size-1), type);
+  binary_relation_exprt big_negative(
+    i, ID_le, unary_minus_exprt(smallest_with_max_digits));
+  binary_relation_exprt big_positive(i, ID_ge, smallest_with_max_digits);
+  or_exprt requieres_max_digits(big_negative, big_positive);
+
   for(size_t size=1; size<=max_size; size++)
   {
     // For each possible size, we add axioms:
@@ -387,13 +397,18 @@ string_exprt string_constraint_generatort::add_axioms_from_int(
       axioms.push_back(a6);
     }
 
-    // we have to be careful when exceeding the maximal size of integers
+    // when the size is close to the maximum, either the number is very big
+    // or it is negative
+    if(size==max_size-1)
+    {
+      implies_exprt a7(premise, or_exprt(requieres_max_digits,
+                                         starts_with_minus));
+      axioms.push_back(a7);
+    }
+    // when we reach the maximal size the number is very big in the negative
     if(size==max_size)
     {
-      exprt smallest_with_10_digits=from_integer(
-        smallest_by_digit(max_size), type);
-      binary_relation_exprt big(i, ID_ge, smallest_with_10_digits);
-      implies_exprt a7(premise, big);
+      implies_exprt a7(premise, and_exprt(starts_with_minus, big_negative));
       axioms.push_back(a7);
     }
   }
@@ -597,6 +612,60 @@ string_exprt string_constraint_generatort::add_axioms_for_value_of(
 
 /*******************************************************************\
 
+Function: string_constraint_generatort::add_axioms_for_correct_number_format
+
+  Inputs: function application with one string expression
+
+ Outputs: an boolean expression
+
+ Purpose: add axioms making the return value true if the given string is
+          a correct number
+
+\*******************************************************************/
+
+exprt string_constraint_generatort::add_axioms_for_correct_number_format(
+  const string_exprt &str, std::size_t max_size)
+{
+  symbol_exprt correct=fresh_boolean("correct_number_format");
+  const refined_string_typet &ref_type=to_refined_string_type(str.type());
+  const typet &char_type=ref_type.get_char_type();
+  const typet &index_type=ref_type.get_index_type();
+  exprt zero_char=constant_char('0', char_type);
+  exprt nine_char=constant_char('9', char_type);
+  exprt minus_char=constant_char('-', char_type);
+  exprt plus_char=constant_char('+', char_type);
+
+  exprt chr=str[0];
+  equal_exprt starts_with_minus(chr, minus_char);
+  equal_exprt starts_with_plus(chr, plus_char);
+  and_exprt starts_with_digit(
+    binary_relation_exprt(chr, ID_ge, zero_char),
+    binary_relation_exprt(chr, ID_le, nine_char));
+
+  or_exprt correct_first(
+    or_exprt(starts_with_minus, starts_with_plus), starts_with_digit);
+  exprt has_first=str.axiom_for_is_longer_than(from_integer(1, index_type));
+  implies_exprt a1(correct, and_exprt(has_first, correct_first));
+  axioms.push_back(a1);
+
+  exprt not_too_long=str.axiom_for_is_shorter_than(max_size);
+  axioms.push_back(not_too_long);
+
+  symbol_exprt qvar=fresh_univ_index("number_format", index_type);
+
+  and_exprt is_digit(
+    binary_relation_exprt(str[qvar], ID_ge, zero_char),
+    binary_relation_exprt(str[qvar], ID_le, nine_char));
+
+  string_constraintt a2(
+    qvar, from_integer(1, index_type), str.length(), correct, is_digit);
+
+  axioms.push_back(a2);
+  return correct;
+}
+
+/*******************************************************************\
+
 Function: string_constraint_generatort::add_axioms_for_parse_int
 
   Inputs: function application with one string expression
@@ -610,7 +679,7 @@ Function: string_constraint_generatort::add_axioms_for_parse_int
 exprt string_constraint_generatort::add_axioms_for_parse_int(
   const function_application_exprt &f)
 {
-  string_exprt str=add_axioms_for_string_expr(args(f, 1)[0]);
+  string_exprt str=get_string_expr(args(f, 1)[0]);
   const typet &type=f.type();
   symbol_exprt i=fresh_symbol("parsed_int", type);
   const refined_string_typet &ref_type=to_refined_string_type(str.type());
@@ -626,6 +695,10 @@ exprt string_constraint_generatort::add_axioms_for_parse_int(
   exprt starts_with_plus=equal_exprt(chr, plus_char);
   exprt starts_with_digit=binary_relation_exprt(chr, ID_ge, zero_char);
 
+  // TODO: we should throw an exception when this does not hold:
+  exprt correct=add_axioms_for_correct_number_format(str);
+  axioms.push_back(correct);
+
   for(unsigned size=1; size<=10; size++)
   {
     exprt sum=from_integer(0, type);
diff --git a/src/solvers/refinement/string_refinement.cpp b/src/solvers/refinement/string_refinement.cpp
index db9a2c460cc..1391ffd2315 100644
--- a/src/solvers/refinement/string_refinement.cpp
+++ b/src/solvers/refinement/string_refinement.cpp
@@ -11,17 +11,38 @@ Author: Alberto Griggio, alberto.griggio@gmail.com
 \*******************************************************************/
 
 #include <sstream>
+#include <iomanip>
 #include <ansi-c/string_constant.h>
 #include <util/cprover_prefix.h>
 #include <util/replace_expr.h>
+#include <util/refined_string_type.h>
+#include <util/simplify_expr.h>
 #include <solvers/sat/satcheck.h>
 #include <solvers/refinement/string_refinement.h>
 #include <langapi/language_util.h>
+#include <java_bytecode/java_types.h>
+
+/*******************************************************************\
+
+Constructor: string_refinementt
+
+     Inputs: a namespace, a decision procedure, a bound on the number
+             of refinements and a boolean flag `concretize_result`
+
+    Purpose: refinement_bound is a bound on the number of refinement allowed.
+             if `concretize_result` is set to true, at the end of the decision
+             procedure, the solver try to find a concrete value for each
+             character
+
+\*******************************************************************/
 
 string_refinementt::string_refinementt(
-  const namespacet &_ns, propt &_prop, unsigned refinement_bound):
+  const namespacet &_ns,
+  propt &_prop,
+  unsigned refinement_bound):
   supert(_ns, _prop),
   use_counter_example(false),
+  do_concretizing(false),
   initial_loop_bound(refinement_bound)
 { }
 
@@ -52,15 +73,27 @@ Function: string_refinementt::display_index_set
 
 void string_refinementt::display_index_set()
 {
+  std::size_t count=0;
+  std::size_t count_current=0;
   for(const auto &i : index_set)
   {
     const exprt &s=i.first;
-    debug() << "IS(" << from_expr(s) << ")=={";
+    debug() << "IS(" << from_expr(s) << ")=={" << eom;
 
     for(auto j : i.second)
-      debug() << from_expr(j) << "; ";
+    {
+      if(current_index_set[i.first].find(j)!=current_index_set[i.first].end())
+      {
+        count_current++;
+        debug() << "**";
+      }
+      debug() << "  " << from_expr(j) << ";" << eom;
+      count++;
+    }
     debug() << "}"  << eom;
   }
+  debug() << count << " elements in index set (" << count_current
+          << " newly added)" << eom;
 }
 
 /*******************************************************************\
@@ -100,152 +133,320 @@ void string_refinementt::add_instantiations()
 
 /*******************************************************************\
 
-Function: string_refinementt::convert_rest
-
-  Inputs: an expression
+Function: string_refinementt::add_symbol_to_symbol_map()
 
- Outputs: a literal
+  Inputs: a symbol and the expression to map it to
 
- Purpose: if the expression is a function application, we convert it
-          using our own convert_function_application method
+ Purpose: keeps a map of symbols to expressions, such as none of the
+          mapped values exist as a key
 
 \*******************************************************************/
 
-literalt string_refinementt::convert_rest(const exprt &expr)
+void string_refinementt::add_symbol_to_symbol_map
+(const exprt &lhs, const exprt &rhs)
 {
-  if(expr.id()==ID_function_application)
+  assert(lhs.id()==ID_symbol);
+
+  // We insert the mapped value of the rhs, if it exists.
+  auto it=symbol_resolve.find(rhs);
+  const exprt &new_rhs=it!=symbol_resolve.end()?it->second:rhs;
+
+  symbol_resolve[lhs]=new_rhs;
+  reverse_symbol_resolve[new_rhs].push_back(lhs);
+
+  std::list<exprt> symbols_to_update_with_new_rhs(reverse_symbol_resolve[rhs]);
+  for(exprt item : symbols_to_update_with_new_rhs)
   {
-    // can occur in __CPROVER_assume
-    bvt bv=convert_function_application(to_function_application_expr(expr));
-    assert(bv.size()==1);
-    return bv[0];
+    symbol_resolve[item]=new_rhs;
+    reverse_symbol_resolve[new_rhs].push_back(item);
   }
-  else
+}
+
+/*******************************************************************\
+
+Function: string_refinementt::set_char_array_equality()
+
+  Inputs: the rhs and lhs of an equality over character arrays
+
+ Purpose: add axioms if the rhs is a character array
+
+\*******************************************************************/
+
+void string_refinementt::set_char_array_equality(
+  const exprt &lhs, const exprt &rhs)
+{
+  assert(lhs.id()==ID_symbol);
+
+  if(rhs.id()==ID_array && rhs.type().id()==ID_array)
   {
-    return supert::convert_rest(expr);
+    const typet &index_type=to_array_type(rhs.type()).size().type();
+    for(size_t i=0, ilim=rhs.operands().size(); i!=ilim; ++i)
+    {
+      // Introduce axioms to map symbolic rhs to its char array.
+      index_exprt arraycell(rhs, from_integer(i, index_type));
+      equal_exprt arrayeq(arraycell, rhs.operands()[i]);
+      add_lemma(arrayeq, false);
+#if 0
+      generator.axioms.push_back(arrayeq);
+#endif
+    }
   }
+  // At least for Java (as it is currently pre-processed), we need not consider
+  // other cases, because all character arrays find themselves on the rhs of an
+  // equality. Note that this might not be the case for other languages.
 }
 
 /*******************************************************************\
 
-Function: string_refinementt::convert_symbol
+Function: string_refinementt::substitute_function_applications()
 
-  Inputs: an expression
+  Inputs: an expression containing function applications
 
- Outputs: a bitvector
+ Outputs: an epression containing no function application
 
- Purpose: if the expression as string type, look up for the string in the
-          list of string symbols that we maintain, and convert it;
-          otherwise use the method of the parent class
+ Purpose: remove functions applications and create the necessary
+          axioms
 
 \*******************************************************************/
 
-bvt string_refinementt::convert_symbol(const exprt &expr)
+exprt string_refinementt::substitute_function_applications(exprt expr)
 {
-  const typet &type=expr.type();
-  const irep_idt &identifier=expr.get(ID_identifier);
-  assert(!identifier.empty());
+  for(size_t i=0; i<expr.operands().size(); ++i)
+  {
+    // TODO: only copy when necessary
+    exprt op(expr.operands()[i]);
+    expr.operands()[i]=substitute_function_applications(op);
+  }
 
-  if(refined_string_typet::is_refined_string_type(type))
+  if(expr.id()==ID_function_application)
   {
-    string_exprt str=
-      generator.find_or_add_string_of_symbol(to_symbol_expr(expr));
-    bvt bv=convert_bv(str);
-    return bv;
+    function_application_exprt f=to_function_application_expr(expr);
+    return generator.add_axioms_for_function_application(f);
   }
-  else
-    return supert::convert_symbol(expr);
+
+  return expr;
+}
+
+bool string_refinementt::is_char_array(const typet &type) const
+{
+  if(type.id()==ID_symbol)
+    return is_char_array(ns.follow(type));
+
+  return (type.id()==ID_array && type.subtype()==java_char_type());
 }
 
 /*******************************************************************\
 
-Function: string_refinementt::convert_function_application
+Function: string_refinementt::boolbv_set_equality_to_true
 
-  Inputs: a function_application
+  Inputs: the lhs and rhs of an equality expression
 
- Outputs: a bitvector
+ Outputs: false if the lemmas were added successfully, true otherwise
 
- Purpose: generate an expression, add lemmas stating that this expression
-          corresponds to the result of the given function call, and convert
-          this expression
+ Purpose: add lemmas to the solver corresponding to the given equation
 
 \*******************************************************************/
 
-bvt string_refinementt::convert_function_application
-(const function_application_exprt &expr)
+bool string_refinementt::add_axioms_for_string_assigns(const exprt &lhs,
+                                                       const exprt &rhs)
 {
-  debug() << "string_refinementt::convert_function_application "
-          << from_expr(expr) << eom;
-  exprt f=generator.add_axioms_for_function_application(expr);
-  return convert_bv(f);
+  if(is_char_array(rhs.type()))
+  {
+    set_char_array_equality(lhs, rhs);
+    if(rhs.id() == ID_symbol || rhs.id() == ID_array)
+    {
+      add_symbol_to_symbol_map(lhs, rhs);
+      return false;
+    }
+    else if(rhs.id() == ID_nondet_symbol)
+    {
+      add_symbol_to_symbol_map(
+        lhs, generator.fresh_symbol("nondet_array", lhs.type()));
+      return false;
+    }
+    else
+    {
+      debug() << "string_refinement warning: not handling char_array: "
+              << from_expr(rhs) << eom;
+      return true;
+    }
+  }
+  if(refined_string_typet::is_refined_string_type(rhs.type()))
+  {
+    exprt refined_rhs=generator.add_axioms_for_refined_string(rhs);
+    add_symbol_to_symbol_map(lhs, refined_rhs);
+    return false;
+  }
+  // Other cases are to be handled by supert::set_to.
+  return true;
 }
 
 /*******************************************************************\
 
-Function: string_refinementt::boolbv_set_equality_to_true
+Function: string_refinementt::concretize_results
 
-  Inputs: an equality expression
+ Purpose: For each string whose length has been solved, add constants
+          to the index set to force the solver to pick concrete values
+          for each character, and fill the map `found_length`
 
- Outputs: a Boolean flag to signal a proble
+\*******************************************************************/
 
- Purpose: add lemmas to the solver corresponding to the given equation
+void string_refinementt::concretize_results()
+{
+  for(const auto& it : symbol_resolve)
+  {
+    if(refined_string_typet::is_refined_string_type(it.second.type()))
+    {
+      string_exprt str=to_string_expr(it.second);
+      exprt length=current_model[str.length()];
+      exprt content=str.content();
+      replace_expr(symbol_resolve, content);
+      found_length[content]=length;
+      mp_integer found_length;
+      if(!to_integer(length, found_length))
+      {
+        assert(found_length.is_long());
+        if(found_length < 0)
+        {
+          debug() << "concretize_results: WARNING found length is negative"
+                  << eom;
+        }
+        else
+        {
+          size_t concretize_limit=found_length.to_long();
+          concretize_limit=concretize_limit>MAX_CONCRETE_STRING_SIZE?
+                MAX_CONCRETE_STRING_SIZE:concretize_limit;
+          exprt content_expr=str.content();
+          replace_expr(current_model, content_expr);
+          for(size_t i=0; i<concretize_limit; ++i)
+          {
+            auto i_expr=from_integer(i, str.length().type());
+            debug() << "Concretizing " << from_expr(content_expr)
+                    << " / " << i << eom;
+            current_index_set[str.content()].insert(i_expr);
+          }
+        }
+      }
+    }
+  }
+  add_instantiations();
+}
+
+/*******************************************************************\
+
+Function: string_refinementt::concretize_lengths
+
+ Purpose: For each string whose length has been solved, add constants
+          to the map `found_length`
 
 \*******************************************************************/
 
-bool string_refinementt::boolbv_set_equality_to_true(const equal_exprt &expr)
+void string_refinementt::concretize_lengths()
 {
-  if(!equality_propagation)
-    return true;
+  for(const auto& it : symbol_resolve)
+  {
+    if(refined_string_typet::is_refined_string_type(it.second.type()))
+    {
+      string_exprt str=to_string_expr(it.second);
+      exprt length=current_model[str.length()];
+      exprt content=str.content();
+      replace_expr(symbol_resolve, content);
+      found_length[content]=length;
+     }
+  }
+}
+
+/*******************************************************************\
+
+Function: string_refinementt::set_to
+
+  Inputs: an expression and the value to set it to
 
-  // We should not do that everytime, but I cannot find
-  // another good entry point
+ Purpose: add lemmas representing the setting of an expression to a
+          given value
+
+\*******************************************************************/
+
+void string_refinementt::set_to(const exprt &expr, bool value)
+{
+  assert(equality_propagation);
+
+  // TODO: remove the mode field of generator since we should be language
+  // independent.
+  // We only set the mode once.
   if(generator.get_mode()==ID_unknown)
     set_mode();
 
-  typet type=ns.follow(expr.lhs().type());
-
-  if(expr.lhs().id()==ID_symbol &&
-     // We can have affectation of string from StringBuilder or CharSequence
-     // type==ns.follow(expr.rhs().type()) &&
-     type.id()!=ID_bool)
+  if(expr.id()==ID_equal)
   {
-    debug() << "string_refinementt " << from_expr(expr.lhs()) << " <- "
-            << from_expr(expr.rhs()) << eom;
+    equal_exprt eq_expr=to_equal_expr(expr);
+
+    if(eq_expr.lhs().type()!=eq_expr.rhs().type())
+    {
+      debug() << "(sr::set_to) WARNING: ignoring "
+              << from_expr(expr) << " [inconsistent types]" << eom;
+      return;
+    }
+
+    if(expr.type().id()!=ID_bool)
+    {
+      error() << "string_refinementt::set_to got non-boolean operand: "
+              << expr.pretty() << eom;
+      throw 0;
+    }
+
+    // Preprocessing to remove function applications.
+    const exprt &lhs=eq_expr.lhs();
+    debug() << "(sr::set_to) " << from_expr(lhs)
+            << " = " << from_expr(eq_expr.rhs()) << eom;
 
+    // TODO: See if this happens at all.
+    if(lhs.id()!=ID_symbol)
+    {
+      debug() << "(sr::set_to) WARNING: ignoring "
+              << from_expr(expr) << eom;
+      return;
+    }
 
-    if(expr.rhs().id()==ID_typecast)
+    exprt subst_rhs=substitute_function_applications(eq_expr.rhs());
+    if(eq_expr.lhs().type()!=subst_rhs.type())
     {
-      exprt uncast=to_typecast_expr(expr.rhs()).op();
-      if(refined_string_typet::is_refined_string_type(uncast.type()))
+      if(eq_expr.lhs().type().id() != ID_array ||
+         subst_rhs.type().id() != ID_array ||
+         eq_expr.lhs().type().subtype() != subst_rhs.type().subtype())
+      {
+        debug() << "(sr::set_to) WARNING: ignoring "
+                << from_expr(expr) << " [inconsistent types after substitution]"
+                << eom;
+        return;
+      }
+      else
       {
-        debug() << "(sr) detected casted string" << eom;
-        symbol_exprt sym=to_symbol_expr(expr.lhs());
-        generator.set_string_symbol_equal_to_expr(sym, uncast);
-        return false;
+        debug() << "(sr::set_to) accepting arrays with "
+                << "same subtype but different sizes" << eom;
       }
     }
 
-    if(refined_string_typet::is_refined_string_type(type))
+    if(value)
     {
-      symbol_exprt sym=to_symbol_expr(expr.lhs());
-      generator.set_string_symbol_equal_to_expr(sym, expr.rhs());
-      return false;
+      if(!add_axioms_for_string_assigns(lhs, subst_rhs))
+        return;
     }
-    else if(type==ns.follow(expr.rhs().type()))
+    else
     {
-      if(is_unbounded_array(type))
-        return true;
-      bvt bv1=convert_bv(expr.rhs());
-      const irep_idt &identifier=
-        to_symbol_expr(expr.lhs()).get_identifier();
-      map.set_literals(identifier, type, bv1);
-      if(freeze_all)
-        set_frozen(bv1);
-      return false;
+      // TODO: Something should also be done if value is false.
+      assert(!is_char_array(eq_expr.rhs().type()));
+      assert(!refined_string_typet::is_refined_string_type(
+        eq_expr.rhs().type()));
     }
-  }
 
-  return true;
+    non_string_axioms.push_back(std::make_pair(equal_exprt(lhs, subst_rhs),
+                                               value));
+  }
+  // We keep a list of the axioms to give to supert::set_to in order to
+  // substitute the symbols in dec_solve().
+  else
+    non_string_axioms.push_back(std::make_pair(expr, value));
 }
 
 /*******************************************************************\
@@ -261,7 +462,18 @@ Function: string_refinementt::dec_solve
 
 decision_proceduret::resultt string_refinementt::dec_solve()
 {
-  for(const exprt &axiom : generator.axioms)
+  // Substitute all symbols to char arrays in the axioms to give to
+  // supert::set_to().
+  for(std::pair<exprt, bool> &pair : non_string_axioms)
+  {
+    replace_expr(symbol_resolve, pair.first);
+    debug() << "super::set_to " << from_expr(pair.first) << eom;
+    supert::set_to(pair.first, pair.second);
+  }
+
+  for(exprt &axiom : generator.axioms)
+  {
+    replace_expr(symbol_resolve, axiom);
     if(axiom.id()==ID_string_constraint)
     {
       string_constraintt c=to_string_constraint(axiom);
@@ -282,6 +494,7 @@ decision_proceduret::resultt string_refinementt::dec_solve()
     {
       add_lemma(axiom);
     }
+  }
 
   initial_index_set(universal_axioms);
   update_index_set(cur);
@@ -302,6 +515,7 @@ decision_proceduret::resultt string_refinementt::dec_solve()
       else
       {
         debug() << "check_SAT: the model is correct" << eom;
+        concretize_lengths();
         return D_SATISFIABLE;
       }
 
@@ -318,7 +532,13 @@ decision_proceduret::resultt string_refinementt::dec_solve()
       if(current_index_set.empty())
       {
         debug() << "current index set is empty" << eom;
-        return D_SATISFIABLE;
+        if(do_concretizing)
+        {
+          concretize_results();
+          do_concretizing=false;
+        }
+        else
+          return D_SATISFIABLE;
       }
 
       display_index_set();
@@ -367,131 +587,337 @@ bvt string_refinementt::convert_bool_bv(const exprt &boole, const exprt &orig)
 
 Function: string_refinementt::add_lemma
 
-  Inputs: a lemma
+  Inputs: a lemma and Boolean value stating whether the lemma should
+          be added to the index set.
 
  Purpose: add the given lemma to the solver
 
 \*******************************************************************/
 
-void string_refinementt::add_lemma(const exprt &lemma, bool add_to_index_set)
+void string_refinementt::add_lemma(
+  const exprt &lemma, bool _simplify, bool add_to_index_set)
 {
   if(!seen_instances.insert(lemma).second)
     return;
 
-  if(lemma.is_true())
+  if(add_to_index_set)
+    cur.push_back(lemma);
+
+  exprt simple_lemma=lemma;
+  if(_simplify)
+    simplify(simple_lemma, ns);
+
+  if(simple_lemma.is_true())
   {
+#if 0
     debug() << "string_refinementt::add_lemma : tautology" << eom;
+#endif
     return;
   }
 
-  debug() << "adding lemma " << from_expr(lemma) << eom;
+  debug() << "adding lemma " << from_expr(simple_lemma) << eom;
 
-  prop.l_set_to_true(convert(lemma));
-  if(add_to_index_set)
-    cur.push_back(lemma);
+  prop.l_set_to_true(convert(simple_lemma));
 }
 
 /*******************************************************************\
 
-Function: string_refinementt::string_of_array
+Function: string_refinementt::get_array
 
-  Inputs: a constant array expression and a integer expression
+  Inputs: an expression representing an array and an expression
+          representing an integer
 
- Outputs: a string
+ Outputs: an array expression or an array_of_exprt
 
- Purpose: convert the content of a string to a more readable representation.
-          This should only be used for debbuging.
+ Purpose: get a model of an array and put it in a certain form.
+          If the size cannot be obtained or if it is too big, return an
+          empty array.
 
 \*******************************************************************/
 
-std::string string_refinementt::string_of_array(
-  const exprt &arr, const exprt &size) const
+exprt string_refinementt::get_array(const exprt &arr, const exprt &size) const
 {
-  if(size.id()!=ID_constant)
-    return "string of unknown size";
+  exprt arr_val=get_array(arr);
+  exprt size_val=supert::get(size);
+  size_val=simplify_expr(size_val, ns);
+  typet char_type=arr.type().subtype();
+  typet index_type=size.type();
+  array_typet empty_ret_type(char_type, from_integer(0, index_type));
+  array_of_exprt empty_ret(from_integer(0, char_type), empty_ret_type);
+
+  if(size_val.id()!=ID_constant)
+  {
+#if 0
+    debug() << "(sr::get_array) string of unknown size: "
+            << from_expr(size_val) << eom;
+#endif
+    return empty_ret;
+  }
+
   unsigned n;
-  if(to_unsigned_integer(to_constant_expr(size), n))
-    n=0;
+  if(to_unsigned_integer(to_constant_expr(size_val), n))
+  {
+#if 0
+    debug() << "(sr::get_array) size is not valid" << eom;
+#endif
+    return empty_ret;
+  }
+
+  array_typet ret_type(char_type, from_integer(n, index_type));
+  array_exprt ret(ret_type);
 
   if(n>MAX_CONCRETE_STRING_SIZE)
-    return "very long string";
+  {
+#if 0
+    debug() << "(sr::get_array) long string (size=" << n << ")" << eom;
+#endif
+    return empty_ret;
+  }
+
   if(n==0)
-    return "\"\"";
+  {
+#if 0
+    debug() << "(sr::get_array) empty string" << eom;
+#endif
+    return empty_ret;
+  }
 
-  std::ostringstream buf;
-  buf << "\"";
-  exprt val=get(arr);
+  std::vector<unsigned> concrete_array(n);
 
-  if(val.id()=="array-list")
+  if(arr_val.id()=="array-list")
   {
-    for(size_t i=0; i<val.operands().size()/2; i++)
+    for(size_t i=0; i<arr_val.operands().size()/2; i++)
     {
-      exprt index=val.operands()[i*2];
+      exprt index=arr_val.operands()[i*2];
       unsigned idx;
       if(!to_unsigned_integer(to_constant_expr(index), idx))
       {
         if(idx<n)
         {
-          exprt value=val.operands()[i*2+1];
-          unsigned c;
-          if(!to_unsigned_integer(to_constant_expr(value), c))
-            buf << static_cast<char>(c);
+          exprt value=arr_val.operands()[i*2+1];
+          to_unsigned_integer(to_constant_expr(value), concrete_array[idx]);
         }
       }
     }
   }
+  else if(arr_val.id()==ID_array)
+  {
+    for(size_t i=0; i<arr_val.operands().size() && i<n; i++)
+    {
+      unsigned c;
+      exprt op=arr_val.operands()[i];
+      if(op.id()==ID_constant)
+      {
+        to_unsigned_integer(to_constant_expr(op), c);
+        concrete_array[i]=c;
+      }
+    }
+  }
   else
   {
-    return "unable to get array-list";
+#if 0
+    debug() << "unable to get array-list value of " << from_expr(arr)
+            << " of size " << n << eom;
+#endif
+    return array_of_exprt(from_integer(0, char_type), ret_type);
+  }
+
+  for(size_t i=0; i<n; i++)
+  {
+    exprt c_expr=from_integer(concrete_array[i], char_type);
+    ret.move_to_operands(c_expr);
   }
 
-  buf << "\"";
-  return buf.str();
+  return ret;
 }
 
+
 /*******************************************************************\
 
 Function: string_refinementt::get_array
 
-  Inputs: an array expression and a integer expression
+  Inputs: an expression representing an array
 
- Outputs: a string expression
+ Outputs: an expression
 
- Purpose: gets a model of an array and put it in a certain form
+ Purpose: get a model of an array of unknown size and infer the size if
+          possible
 
 \*******************************************************************/
 
-exprt string_refinementt::get_array(const exprt &arr, const exprt &size)
+exprt string_refinementt::get_array(const exprt &arr) const
 {
-  exprt val=get(arr);
-  typet char_type=arr.type().subtype();
-  typet index_type=size.type();
+  exprt arr_model=supert::get(arr);
+  if(arr_model.id()==ID_array)
+  {
+    array_typet &arr_type=to_array_type(arr_model.type());
+    arr_type.size()=from_integer(
+      arr_model.operands().size(), arr_type.size().type());
+  }
+  return arr_model;
+}
+
+/*******************************************************************\
 
-  if(val.id()=="array-list")
+Function: string_refinementt::string_of_array
+
+  Inputs: a constant array expression and a integer expression
+
+ Outputs: a string
+
+ Purpose: convert the content of a string to a more readable representation.
+          This should only be used for debbuging.
+
+\*******************************************************************/
+
+std::string string_refinementt::string_of_array(const array_exprt &arr)
+{
+  unsigned n;
+  if(arr.type().id()!=ID_array)
+      return std::string("");
+
+  exprt size_expr=to_array_type(arr.type()).size();
+  assert(size_expr.id()==ID_constant);
+  to_unsigned_integer(to_constant_expr(size_expr), n);
+  std::string str(n, '?');
+
+  std::ostringstream result;
+  std::locale loc;
+
+  for(size_t i=0; i<arr.operands().size() && i<n; i++)
   {
-    array_typet ret_type(char_type, infinity_exprt(index_type));
-    exprt ret=array_of_exprt(from_integer(0, char_type), ret_type);
+    // TODO: factorize with utf16_little_endian_to_ascii
+    unsigned c;
+    exprt arr_i=arr.operands()[i];
+    assert(arr_i.id()==ID_constant);
+    to_unsigned_integer(to_constant_expr(arr_i), c);
+    if(c<=255 && c>=32)
+      result << (unsigned char) c;
+    else
+    {
+      result << "\\u" << std::hex << std::setw(4) << std::setfill('0')
+             << (unsigned int) c;
+    }
+  }
+
+  return result.str();
+}
+
+/*******************************************************************\
 
-    for(size_t i=0; i<val.operands().size()/2; i++)
+Function: string_refinementt::fill_model
+
+ Purpose: Fill in `current_model` by mapping the variables created by
+          the solver to constant expressions given by the current model
+
+\*******************************************************************/
+
+void string_refinementt::fill_model()
+{
+  for(auto it : symbol_resolve)
+  {
+    if(refined_string_typet::is_refined_string_type(it.second.type()))
+    {
+      string_exprt refined=to_string_expr(it.second);
+      // TODO: check whith this is necessary:
+      replace_expr(symbol_resolve, refined);
+      const exprt &econtent=refined.content();
+      const exprt &elength=refined.length();
+
+      exprt len=supert::get(elength);
+      len=simplify_expr(len, ns);
+      exprt arr=get_array(econtent, len);
+
+      current_model[elength]=len;
+      current_model[econtent]=arr;
+      debug() << from_expr(to_symbol_expr(it.first)) << "="
+              << from_expr(refined);
+
+      if(arr.id()==ID_array)
+        debug() << " = \"" << string_of_array(to_array_expr(arr))
+                << "\" (size:" << from_expr(len) << ")"<< eom;
+      else
+        debug() << " = " << from_expr(arr) << " (size:" << from_expr(len)
+                << ")" << eom;
+    }
+    else
     {
-      exprt index=val.operands()[i*2];
-      assert(index.type()==index_type);
-      exprt value=val.operands()[i*2+1];
-      assert(value.type()==char_type);
-      ret=with_exprt(ret, index, value);
+      assert(is_char_array(it.second.type()));
+      exprt arr=it.second;
+      replace_expr(symbol_resolve, arr);
+      replace_expr(current_model, arr);
+      exprt arr_model=get_array(arr);
+      current_model[it.first]=arr_model;
+
+      debug() << from_expr(to_symbol_expr(it.first)) << "="
+              << from_expr(arr) << " = " << from_expr(arr_model) << "" << eom;
     }
-    return ret;
   }
-  else
+
+  for(auto it : generator.boolean_symbols)
   {
-    debug() << "unable to get array-list value of "
-            << from_expr(val) << eom;
-    return arr;
+      debug() << "" << it.get_identifier() << " := "
+              << from_expr(supert::get(it)) << eom;
+      current_model[it]=supert::get(it);
+  }
+
+  for(auto it : generator.index_symbols)
+  {
+     debug() << "" << it.get_identifier() << " := "
+              << from_expr(supert::get(it)) << eom;
+     current_model[it]=supert::get(it);
   }
 }
 
 /*******************************************************************\
 
+Function: string_refinementt::add_negation_of_constraint_to_solver
+
+  Inputs: a string constraint and a solver for non string expressions
+
+ Purpose: negates the constraint and add it to the solver.
+          the intended usage is to find an assignement of the universal
+          variable that would violate the axiom,
+          to avoid false positives the symbols other than the universal
+          variable should have been replaced by there valuation in the
+          current model
+
+\*******************************************************************/
+
+void string_refinementt::add_negation_of_constraint_to_solver(
+  const string_constraintt &axiom, supert &solver)
+{
+  exprt lb=axiom.lower_bound();
+  exprt ub=axiom.upper_bound();
+  if(lb.id()==ID_constant && ub.id()==ID_constant)
+  {
+    mp_integer lb_int, ub_int;
+    to_integer(to_constant_expr(lb), lb_int);
+    to_integer(to_constant_expr(ub), ub_int);
+    if(ub_int<=lb_int)
+    {
+      debug() << "empty constraint with current model" << eom;
+      solver << false_exprt();
+      return;
+    }
+  }
+
+  if(axiom.premise()==false_exprt())
+  {
+      debug() << "(string_refinement::check_axioms) adding false" << eom;
+      solver << false_exprt();
+      return;
+  }
+
+  and_exprt premise(axiom.premise(), axiom.univ_within_bounds());
+  and_exprt negaxiom(premise, not_exprt(axiom.body()));
+
+  debug() << "(sr::check_axioms) negated axiom: " << from_expr(negaxiom) << eom;
+  solver << negaxiom;
+}
+
+/*******************************************************************\
+
 Function: string_refinementt::check_axioms
 
  Outputs: a Boolean
@@ -506,38 +932,7 @@ bool string_refinementt::check_axioms()
           << "===========================================" << eom;
   debug() << "string_refinementt::check_axioms: build the"
           << " interpretation from the model of the prop_solver" << eom;
-  replace_mapt fmodel;
-
-  for(auto it : generator.symbol_to_string)
-  {
-    string_exprt refined=it.second;
-    const exprt &econtent=refined.content();
-    const exprt &elength=refined.length();
-
-    exprt len=get(elength);
-    exprt arr=get_array(econtent, len);
-
-    fmodel[elength]=len;
-    fmodel[econtent]=arr;
-    debug() << it.first << "=" << from_expr(it.second)
-            << " of length " << from_expr(len) <<" := " << eom
-            << from_expr(get(econtent)) << eom
-            << string_of_array(econtent, len) << eom;
-  }
-
-  for(auto it : generator.boolean_symbols)
-  {
-    debug() << "" << it.get_identifier() << " := "
-            << from_expr(get(it)) << eom;
-    fmodel[it]=get(it);
-  }
-
-  for(auto it : generator.index_symbols)
-  {
-    debug() << "" << it.get_identifier() << " := "
-            << from_expr(get(it)) << eom;
-    fmodel[it]=get(it);
-  }
+  fill_model();
 
   // Maps from indexes of violated universal axiom to a witness of violation
   std::map<size_t, exprt> violated;
@@ -547,21 +942,27 @@ bool string_refinementt::check_axioms()
   for(size_t i=0; i<universal_axioms.size(); i++)
   {
     const string_constraintt &axiom=universal_axioms[i];
+    symbol_exprt univ_var=axiom.univ_var();
+    exprt bound_inf=axiom.lower_bound();
+    exprt bound_sup=axiom.upper_bound();
+    exprt prem=axiom.premise();
+    exprt body=axiom.body();
 
-    exprt negaxiom=and_exprt(axiom.premise(), not_exprt(axiom.body()));
-    replace_expr(fmodel, negaxiom);
-
-    debug() << "negaxiom: " << from_expr(negaxiom) << eom;
+    string_constraintt axiom_in_model(
+      univ_var, get(bound_inf), get(bound_sup), get(prem), get(body));
 
     satcheck_no_simplifiert sat_check;
     supert solver(ns, sat_check);
-    solver << negaxiom;
+    add_negation_of_constraint_to_solver(axiom_in_model, solver);
 
     switch(solver())
     {
     case decision_proceduret::D_SATISFIABLE:
       {
-        exprt val=solver.get(axiom.univ_var());
+        exprt val=solver.get(axiom_in_model.univ_var());
+        debug() << "string constraint can be violated for "
+                << axiom_in_model.univ_var().get_identifier()
+                << " = " << from_expr(val) << eom;
         violated[i]=val;
       }
       break;
@@ -607,10 +1008,8 @@ bool string_refinementt::check_axioms()
         exprt body(axiom.body());
         implies_exprt instance(premise, body);
         replace_expr(axiom.univ_var(), val, instance);
-        if(seen_instances.insert(instance).second)
-          add_lemma(instance);
-        else
-          debug() << "instance already seen" << eom;
+        debug() << "adding counter example " << from_expr(instance) << eom;
+        add_lemma(instance);
       }
     }
 
@@ -682,13 +1081,13 @@ Function: string_refinementt::sum_over_map
 \*******************************************************************/
 
 exprt string_refinementt::sum_over_map(
-  std::map<exprt, int> &m, bool negated) const
+  std::map<exprt, int> &m, const typet &type, bool negated) const
 {
   exprt sum=nil_exprt();
   mp_integer constants=0;
   typet index_type;
   if(m.empty())
-    return nil_exprt();
+    return from_integer(0, type);
   else
     index_type=m.begin()->first.type();
 
@@ -723,12 +1122,20 @@ exprt string_refinementt::sum_over_map(
       default:
         if(second>1)
         {
-          for(int i=0; i<second; i++)
+          if(sum.is_nil())
+            sum=t;
+          else
+            plus_exprt(sum, t);
+          for(int i=1; i<second; i++)
             sum=plus_exprt(sum, t);
         }
-        else
+        else if(second<-1)
         {
-          for(int i=0; i>second; i--)
+          if(sum.is_nil())
+            sum=unary_minus_exprt(t);
+          else
+            sum=minus_exprt(sum, t);
+          for(int i=-1; i>second; i--)
             sum=minus_exprt(sum, t);
         }
       }
@@ -755,7 +1162,7 @@ Function: string_refinementt::simplify_sum
 exprt string_refinementt::simplify_sum(const exprt &f) const
 {
   std::map<exprt, int> map=map_representation_of_sum(f);
-  return sum_over_map(map);
+  return sum_over_map(map, f.type());
 }
 
 /*******************************************************************\
@@ -800,7 +1207,7 @@ exprt string_refinementt::compute_inverse_function(
   }
 
   elems.erase(it);
-  return sum_over_map(elems, neg);
+  return sum_over_map(elems, f.type(), neg);
 }
 
 
@@ -830,7 +1237,7 @@ Function: find_qvar
 
  Outputs: a Boolean
 
- Purpose: looks for the symbol and return true if it is found
+ Purpose: look for the symbol and return true if it is found
 
 \*******************************************************************/
 
@@ -885,6 +1292,26 @@ Function: string_refinementt::initial_index_set
           and the upper bound minus one
 
 \*******************************************************************/
+void string_refinementt::add_to_index_set(const exprt &s, exprt i)
+{
+  simplify(i, ns);
+  if(i.id()==ID_constant)
+  {
+    mp_integer mpi;
+    to_integer(i, mpi);
+    if(mpi<0)
+    {
+      debug() << "add_to_index_set : ignoring negative number " << mpi << eom;
+      return;
+    }
+  }
+  if(index_set[s].insert(i).second)
+  {
+    debug() << "adding to index set of " << from_expr(s)
+            << ": " << from_expr(i) << eom;
+    current_index_set[s].insert(i);
+  }
+}
 
 void string_refinementt::initial_index_set(const string_constraintt &axiom)
 {
@@ -906,8 +1333,7 @@ void string_refinementt::initial_index_set(const string_constraintt &axiom)
       // if cur is of the form s[i] and no quantified variable appears in i
       if(!has_quant_var)
       {
-        current_index_set[s].insert(i);
-        index_set[s].insert(i);
+        add_to_index_set(s, i);
       }
       else
       {
@@ -917,8 +1343,7 @@ void string_refinementt::initial_index_set(const string_constraintt &axiom)
           axiom.upper_bound(),
           from_integer(1, axiom.upper_bound().type()));
         replace_expr(qvar, kminus1, e);
-        current_index_set[s].insert(e);
-        index_set[s].insert(e);
+        add_to_index_set(s, e);
       }
     }
     else
@@ -952,12 +1377,7 @@ void string_refinementt::update_index_set(const exprt &formula)
       const exprt &i=cur.op1();
       assert(s.type().id()==ID_array);
       exprt simplified=simplify_sum(i);
-      if(index_set[s].insert(simplified).second)
-      {
-        debug() << "adding to index set of " << from_expr(s)
-                << ": " << from_expr(simplified) << eom;
-        current_index_set[s].insert(simplified);
-      }
+      add_to_index_set(s, simplified);
     }
     else
     {
@@ -1014,19 +1434,18 @@ exprt find_index(const exprt &expr, const exprt &str)
   catch (exprt i) { return i; }
 }
 
-
 /*******************************************************************\
 
 Function: string_refinementt::instantiate
 
-  Inputs: an universaly quantified formula `axiom`, an array of char
+  Inputs: a universally quantified formula `axiom`, an array of char
           variable `str`, and an index expression `val`.
 
- Outputs: substitute `qvar` the universaly quantified variable of `axiom`, by
+ Outputs: substitute `qvar` the universally quantified variable of `axiom`, by
           an index `val`, in `axiom`, so that the index used for `str` equals
           `val`. For instance, if `axiom` corresponds to
-          $\forall q. s[q+x]='a' && t[q]='b'$, `instantiate(axom,s,v)` would return
-          an expression for $s[v]='a' && t[v-x]='b'$.
+          $\forall q. s[q+x]='a' && t[q]='b'$, `instantiate(axom,s,v)`
+          would return an expression for $s[v]='a' && t[v-x]='b'$.
 
 \*******************************************************************/
 
@@ -1051,6 +1470,17 @@ exprt string_refinementt::instantiate(
   return implies_exprt(bounds, instance);
 }
 
+/*******************************************************************\
+
+Function: string_refinementt::instantiate_not_contains
+
+  Inputs: a quantified formula representing `not_contains`, and a
+          list to which to add the created lemmas to
+
+ Purpose: instantiate a quantified formula representing `not_contains`
+          by substituting the quantifiers and generating axioms
+
+\*******************************************************************/
 
 void string_refinementt::instantiate_not_contains(
   const string_not_contains_constraintt &axiom, std::list<exprt> &new_lemmas)
@@ -1102,3 +1532,76 @@ void string_refinementt::instantiate_not_contains(
       new_lemmas.push_back(witness_bounds);
     }
 }
+
+/*******************************************************************\
+
+Function: string_refinementt::substitute_array_lists()
+
+  Inputs: an expression containing array-list expressions
+
+ Outputs: an epression containing no array-list
+
+ Purpose: replace array-lists by 'with' expressions
+
+\*******************************************************************/
+
+exprt string_refinementt::substitute_array_lists(exprt expr) const
+{
+  for(size_t i=0; i<expr.operands().size(); ++i)
+  {
+    // TODO: only copy when necessary
+    exprt op(expr.operands()[i]);
+    expr.operands()[i]=substitute_array_lists(op);
+  }
+
+  if(expr.id()=="array-list")
+  {
+    assert(expr.operands().size()>=2);
+    typet &char_type=expr.operands()[1].type();
+    array_typet arr_type(char_type, infinity_exprt(char_type));
+    array_of_exprt new_arr(from_integer(0, char_type),
+                           arr_type);
+
+    with_exprt ret_expr(new_arr,
+                        expr.operands()[0],
+                        expr.operands()[1]);
+
+    for(size_t i=2; i<expr.operands().size()/2; i++)
+    {
+      ret_expr=with_exprt(ret_expr,
+                          expr.operands()[i*2],
+                          expr.operands()[i*2+1]);
+    }
+    return ret_expr;
+  }
+
+  return expr;
+}
+
+/*******************************************************************\
+
+Function: string_refinementt::get
+
+  Inputs: an expression
+
+ Outputs: an expression
+
+ Purpose: evaluation of the expression in the current model
+
+\*******************************************************************/
+
+exprt string_refinementt::get(const exprt &expr) const
+{
+  exprt ecopy(expr);
+  replace_expr(symbol_resolve, ecopy);
+  if(is_char_array(ecopy.type()))
+  {
+    auto it=found_length.find(ecopy);
+    if(it!=found_length.end())
+      return get_array(ecopy, it->second);
+  }
+
+  ecopy=supert::get(ecopy);
+
+  return substitute_array_lists(ecopy);
+}
diff --git a/src/solvers/refinement/string_refinement.h b/src/solvers/refinement/string_refinement.h
index be0cd332bc3..252146f4620 100644
--- a/src/solvers/refinement/string_refinement.h
+++ b/src/solvers/refinement/string_refinement.h
@@ -14,6 +14,7 @@ Author: Alberto Griggio, alberto.griggio@gmail.com
 #define CPROVER_SOLVERS_REFINEMENT_STRING_REFINEMENT_H
 
 #include <util/string_expr.h>
+#include <util/replace_expr.h>
 #include <solvers/refinement/string_constraint.h>
 #include <solvers/refinement/string_constraint_generator.h>
 
@@ -27,30 +28,32 @@ Author: Alberto Griggio, alberto.griggio@gmail.com
 class string_refinementt: public bv_refinementt
 {
 public:
-  // refinement_bound is a bound on the number of refinement allowed
   string_refinementt(
-    const namespacet &_ns, propt &_prop, unsigned refinement_bound);
+    const namespacet &_ns,
+    propt &_prop,
+    unsigned refinement_bound);
 
   void set_mode();
 
   // Should we use counter examples at each iteration?
   bool use_counter_example;
 
-  virtual std::string decision_procedure_text() const
+  bool do_concretizing;
+
+  virtual std::string decision_procedure_text() const override
   {
     return "string refinement loop with "+prop.solver_text();
   }
 
   static exprt is_positive(const exprt &x);
 
+  exprt get(const exprt &expr) const override;
+
 protected:
   typedef std::set<exprt> expr_sett;
+  typedef std::list<exprt> exprt_listt;
 
-  virtual bvt convert_symbol(const exprt &expr);
-  virtual bvt convert_function_application(
-    const function_application_exprt &expr);
-
-  decision_proceduret::resultt dec_solve();
+  decision_proceduret::resultt dec_solve() override;
 
   bvt convert_bool_bv(const exprt &boole, const exprt &orig);
 
@@ -60,6 +63,9 @@ class string_refinementt: public bv_refinementt
 
   unsigned initial_loop_bound;
 
+  // Is the current model correct
+  bool concrete_model;
+
   string_constraint_generatort generator;
 
   // Simple constraints that have been given to the solver
@@ -76,23 +82,42 @@ class string_refinementt: public bv_refinementt
   // Warning: this is indexed by array_expressions and not string expressions
   std::map<exprt, expr_sett> current_index_set;
   std::map<exprt, expr_sett> index_set;
+  replace_mapt symbol_resolve;
+  std::map<exprt, exprt_listt> reverse_symbol_resolve;
+  std::list<std::pair<exprt, bool>> non_string_axioms;
 
-  void display_index_set();
+  // Valuation in the current model of the symbols that have been created
+  // by the solver
+  replace_mapt current_model;
 
-  void add_lemma(const exprt &lemma, bool add_to_index_set=true);
+  void add_equivalence(const irep_idt & lhs, const exprt & rhs);
 
-  bool boolbv_set_equality_to_true(const equal_exprt &expr);
+  void display_index_set();
 
-  literalt convert_rest(const exprt &expr);
+  void add_lemma(const exprt &lemma,
+                 bool simplify=true,
+                 bool add_to_index_set=true);
 
-  void add_instantiations();
+  exprt substitute_function_applications(exprt expr);
+  typet substitute_java_string_types(typet type);
+  exprt substitute_java_strings(exprt expr);
+  void add_symbol_to_symbol_map(const exprt &lhs, const exprt &rhs);
+  bool is_char_array(const typet &type) const;
+  bool add_axioms_for_string_assigns(const exprt &lhs, const exprt &rhs);
+  void set_to(const exprt &expr, bool value) override;
 
+  void add_instantiations();
+  void add_negation_of_constraint_to_solver(
+    const string_constraintt &axiom, supert &solver);
+  void fill_model();
   bool check_axioms();
 
+  void set_char_array_equality(const exprt &lhs, const exprt &rhs);
   void update_index_set(const exprt &formula);
   void update_index_set(const std::vector<exprt> &cur);
   void initial_index_set(const string_constraintt &axiom);
   void initial_index_set(const std::vector<string_constraintt> &string_axioms);
+  void add_to_index_set(const exprt &s, exprt i);
 
   exprt instantiate(
     const string_constraintt &axiom, const exprt &str, const exprt &val);
@@ -101,17 +126,26 @@ class string_refinementt: public bv_refinementt
     const string_not_contains_constraintt &axiom,
     std::list<exprt> &new_lemmas);
 
+  exprt substitute_array_lists(exprt) const;
+
   exprt compute_inverse_function(
     const exprt &qvar, const exprt &val, const exprt &f);
 
   std::map<exprt, int> map_representation_of_sum(const exprt &f) const;
-  exprt sum_over_map(std::map<exprt, int> &m, bool negated=false) const;
+  exprt sum_over_map(
+    std::map<exprt, int> &m, const typet &type, bool negated=false) const;
 
   exprt simplify_sum(const exprt &f) const;
 
-  exprt get_array(const exprt &arr, const exprt &size);
+  void concretize_results();
+  void concretize_lengths();
+  // Length of char arrays found during concretization
+  std::map<exprt, exprt> found_length;
+
+  exprt get_array(const exprt &arr, const exprt &size) const;
+  exprt get_array(const exprt &arr) const;
 
-  std::string string_of_array(const exprt &arr, const exprt &size) const;
+  std::string string_of_array(const array_exprt &arr);
 };
 
 #endif

From 6958a561df0a601687cdee2230d4df4f8f3a6176 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Wed, 22 Mar 2017 15:05:40 +0000
Subject: [PATCH 137/699] Need to assign length before calls since it can be
 overwritten by functions with side-effect

---
 src/goto-programs/string_refine_preprocess.cpp | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/src/goto-programs/string_refine_preprocess.cpp b/src/goto-programs/string_refine_preprocess.cpp
index 8403d4bf044..7243f66049a 100644
--- a/src/goto-programs/string_refine_preprocess.cpp
+++ b/src/goto-programs/string_refine_preprocess.cpp
@@ -361,7 +361,16 @@ exprt string_refine_preprocesst::make_cprover_string_assign(
     std::list<code_assignt> assignments;
 
     // 1) cprover_string_length= *(rhs->length)
+    symbolt sym_length=get_fresh_aux_symbol(
+      length_type,
+      "cprover_string_length",
+      "cprover_string_length",
+      location,
+      ID_java,
+      symbol_table);
+    symbol_exprt cprover_length=sym_length.symbol_expr();
     member_exprt length(deref, "length", length_type);
+    assignments.emplace_back(cprover_length, length);
 
     // 2) cprover_string_array = *(rhs->data)
     symbol_exprt array_lhs=fresh_array(data_type.subtype(), location);
@@ -373,7 +382,7 @@ exprt string_refine_preprocesst::make_cprover_string_assign(
     // This assignment is useful for finding witnessing strings for counter
     // examples
     refined_string_typet ref_type(length_type, java_char_type());
-    string_exprt new_rhs(length, array_lhs, ref_type);
+    string_exprt new_rhs(cprover_length, array_lhs, ref_type);
 
     symbol_exprt lhs=fresh_string(new_rhs.type(), location);
     assignments.emplace_back(lhs, new_rhs);

From df36fecdef239ef7ede60f4873d28e199ca30dc9 Mon Sep 17 00:00:00 2001
From: Joel Allred <joel.allred@diffblue.com>
Date: Thu, 23 Mar 2017 15:05:27 +0000
Subject: [PATCH 138/699] const refs and clean up

Corrections on PR 675 requested by Peter Schrammel
---
 src/goto-programs/string_refine_preprocess.cpp       | 10 ++++++----
 .../refinement/string_constraint_generator_main.cpp  | 12 ++++++++++++
 src/solvers/refinement/string_refinement.h           |  3 ---
 3 files changed, 18 insertions(+), 7 deletions(-)

diff --git a/src/goto-programs/string_refine_preprocess.cpp b/src/goto-programs/string_refine_preprocess.cpp
index 7243f66049a..8b491bab0ab 100644
--- a/src/goto-programs/string_refine_preprocess.cpp
+++ b/src/goto-programs/string_refine_preprocess.cpp
@@ -809,11 +809,13 @@ void string_refine_preprocesst::make_string_function_side_effect(
   const irep_idt &function_name,
   const std::string &signature)
 {
+  // Cannot use const & here
   code_function_callt function_call=to_code_function_call(target->code);
   source_locationt loc=function_call.source_location();
   std::list<code_assignt> assignments;
-  exprt lhs=function_call.lhs();
-  exprt s=function_call.arguments()[0];
+  const exprt &lhs=function_call.lhs();
+  assert(!function_call.arguments().empty());
+  const exprt &s=function_call.arguments()[0];
   code_typet function_type=to_code_type(function_call.type());
 
   function_type.return_type()=s.type();
@@ -901,7 +903,7 @@ void string_refine_preprocesst::make_to_char_array_function(
   const code_function_callt &function_call=to_code_function_call(target->code);
   source_locationt location=function_call.source_location();
 
-  assert(function_call.arguments().size()>=1);
+  assert(!function_call.arguments().empty());
   const exprt &string_argument=function_call.arguments()[0];
   assert(is_java_string_pointer_type(string_argument.type()));
 
@@ -985,7 +987,7 @@ exprt::operandst string_refine_preprocesst::process_arguments(
         arg=typecast_exprt(arg, jls_ptr);
     }
     arg=make_cprover_string_assign(goto_program, target, arg, location);
-    typet type=ns.follow(arg.type());
+    const typet &type=ns.follow(arg.type());
     if(is_java_char_array_pointer_type(type))
     {
       arg=make_cprover_char_array_assign(goto_program, target, arg, location);
diff --git a/src/solvers/refinement/string_constraint_generator_main.cpp b/src/solvers/refinement/string_constraint_generator_main.cpp
index f8dedaab9a7..e4292da542b 100644
--- a/src/solvers/refinement/string_constraint_generator_main.cpp
+++ b/src/solvers/refinement/string_constraint_generator_main.cpp
@@ -208,6 +208,18 @@ string_exprt string_constraint_generatort::get_string_expr(const exprt &expr)
   }
 }
 
+/*******************************************************************\
+
+Function: string_constraint_generatort::convert_java_string_to_string_exprt
+
+  Inputs: a java string
+
+ Outputs: a string expression
+
+ Purpose: create a new string_exprt as a conversion of a java string
+
+\*******************************************************************/
+
 string_exprt string_constraint_generatort::convert_java_string_to_string_exprt(
     const exprt &jls)
 {
diff --git a/src/solvers/refinement/string_refinement.h b/src/solvers/refinement/string_refinement.h
index 252146f4620..0a62a6abe7d 100644
--- a/src/solvers/refinement/string_refinement.h
+++ b/src/solvers/refinement/string_refinement.h
@@ -63,9 +63,6 @@ class string_refinementt: public bv_refinementt
 
   unsigned initial_loop_bound;
 
-  // Is the current model correct
-  bool concrete_model;
-
   string_constraint_generatort generator;
 
   // Simple constraints that have been given to the solver

From 6cc1266de12af40c9c1b852e5272a3c2aa82e872 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Mon, 27 Feb 2017 10:40:20 +0000
Subject: [PATCH 139/699] Adding refined_string_type to util Makefile

---
 src/util/Makefile | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/util/Makefile b/src/util/Makefile
index e9dd739db8e..61cff93b9f0 100644
--- a/src/util/Makefile
+++ b/src/util/Makefile
@@ -23,7 +23,11 @@ SRC = arith_tools.cpp base_type.cpp cmdline.cpp config.cpp symbol_table.cpp \
       memory_info.cpp pipe_stream.cpp irep_hash.cpp endianness_map.cpp \
       ssa_expr.cpp json_irep.cpp json_expr.cpp \
       fresh_symbol.cpp \
-      format_number_range.cpp string_utils.cpp nondet_ifthenelse.cpp
+      format_number_range.cpp \
+      nondet_ifthenelse.cpp \
+      string_utils.cpp \
+      refined_string_type.cpp \
+      #Empty last line
 
 INCLUDES= -I ..
 

From 402f8e180f04ffbf1ce73aad1ea9e084a3cb4837 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Tue, 10 Jan 2017 13:42:48 +0000
Subject: [PATCH 140/699] Adding string preprocessing of goto-programs to
 Makefile

---
 src/goto-programs/Makefile | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/goto-programs/Makefile b/src/goto-programs/Makefile
index 1b303c759b9..1d8ac6e1752 100644
--- a/src/goto-programs/Makefile
+++ b/src/goto-programs/Makefile
@@ -24,7 +24,8 @@ SRC = goto_convert.cpp goto_convert_function_call.cpp \
       remove_instanceof.cpp \
       class_identifier.cpp \
       system_library_symbols.cpp \
-
+      string_refine_preprocess.cpp \
+      # Empty last line
 
 INCLUDES= -I ..
 

From 05582912383fd88e01e74a6b1107d2f18d46ee76 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Tue, 10 Jan 2017 13:43:30 +0000
Subject: [PATCH 141/699] Adding string solver cpp files to Makefile

---
 src/solvers/Makefile | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/src/solvers/Makefile b/src/solvers/Makefile
index 95ea7650274..136db5765c1 100644
--- a/src/solvers/Makefile
+++ b/src/solvers/Makefile
@@ -118,6 +118,17 @@ SRC = $(CHAFF_SRC) $(BOOLEFORCE_SRC) $(MINISAT_SRC) $(MINISAT2_SRC) \
       floatbv/float_utils.cpp floatbv/float_bv.cpp \
       refinement/bv_refinement_loop.cpp refinement/refine_arithmetic.cpp \
       refinement/refine_arrays.cpp \
+      refinement/string_refinement.cpp \
+      refinement/string_constraint_generator_code_points.cpp \
+      refinement/string_constraint_generator_comparison.cpp \
+      refinement/string_constraint_generator_concat.cpp \
+      refinement/string_constraint_generator_constants.cpp \
+      refinement/string_constraint_generator_indexof.cpp \
+      refinement/string_constraint_generator_insert.cpp \
+      refinement/string_constraint_generator_main.cpp \
+      refinement/string_constraint_generator_testing.cpp \
+      refinement/string_constraint_generator_transformation.cpp \
+      refinement/string_constraint_generator_valueof.cpp \
       miniBDD/miniBDD.cpp
 
 INCLUDES += -I .. \

From c7328e225f1e00e34aff9afe3067e4dfd02d30e9 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Tue, 10 Jan 2017 13:36:33 +0000
Subject: [PATCH 142/699] Adding the string refinement option to the CBMC
 solvers

We add the option `--string-refine` which can be used to activate the
string solver, in order to deal precisely with string functions.
---
 src/cbmc/cbmc_parse_options.cpp | 15 +++++++++++++++
 src/cbmc/cbmc_parse_options.h   |  1 +
 src/cbmc/cbmc_solvers.cpp       | 24 ++++++++++++++++++++++++
 src/cbmc/cbmc_solvers.h         | 13 ++++++++-----
 4 files changed, 48 insertions(+), 5 deletions(-)

diff --git a/src/cbmc/cbmc_parse_options.cpp b/src/cbmc/cbmc_parse_options.cpp
index e33e700e0ca..b6a96d1e178 100644
--- a/src/cbmc/cbmc_parse_options.cpp
+++ b/src/cbmc/cbmc_parse_options.cpp
@@ -20,6 +20,7 @@ Author: Daniel Kroening, kroening@kroening.com
 #include <ansi-c/c_preprocess.h>
 
 #include <goto-programs/goto_convert_functions.h>
+#include <goto-programs/string_refine_preprocess.h>
 #include <goto-programs/remove_function_pointers.h>
 #include <goto-programs/remove_virtual_functions.h>
 #include <goto-programs/remove_instanceof.h>
@@ -310,6 +311,11 @@ void cbmc_parse_optionst::get_command_line_options(optionst &options)
     options.set_option("refine-arithmetic", true);
   }
 
+  if(cmdline.isset("string-refine"))
+  {
+    options.set_option("string-refine", true);
+  }
+
   if(cmdline.isset("max-node-refinement"))
     options.set_option(
       "max-node-refinement",
@@ -904,6 +910,14 @@ bool cbmc_parse_optionst::process_goto_program(
     status() << "Partial Inlining" << eom;
     goto_partial_inline(goto_functions, ns, ui_message_handler);
 
+
+    if(cmdline.isset("string-refine"))
+    {
+      status() << "Preprocessing for string refinement" << eom;
+      string_refine_preprocesst(
+        symbol_table, goto_functions, ui_message_handler);
+    }
+
     // remove returns, gcc vectors, complex
     remove_returns(symbol_table, goto_functions);
     remove_vector(symbol_table, goto_functions);
@@ -1191,6 +1205,7 @@ void cbmc_parse_optionst::help()
     " --yices                      use Yices\n"
     " --z3                         use Z3\n"
     " --refine                     use refinement procedure (experimental)\n"
+    " --string-refine              use string refinement (experimental)\n"
     " --outfile filename           output formula to given file\n"
     " --arrays-uf-never            never turn arrays into uninterpreted functions\n" // NOLINT(*)
     " --arrays-uf-always           always turn arrays into uninterpreted functions\n" // NOLINT(*)
diff --git a/src/cbmc/cbmc_parse_options.h b/src/cbmc/cbmc_parse_options.h
index a3fc5e7e7d3..c6ed41c1e6a 100644
--- a/src/cbmc/cbmc_parse_options.h
+++ b/src/cbmc/cbmc_parse_options.h
@@ -37,6 +37,7 @@ class optionst;
   "(no-sat-preprocessor)" \
   "(no-pretty-names)(beautify)" \
   "(dimacs)(refine)(max-node-refinement):(refine-arrays)(refine-arithmetic)"\
+  "(string-refine)" \
   "(aig)(16)(32)(64)(LP64)(ILP64)(LLP64)(ILP32)(LP32)" \
   "(little-endian)(big-endian)" \
   "(show-goto-functions)(show-loops)" \
diff --git a/src/cbmc/cbmc_solvers.cpp b/src/cbmc/cbmc_solvers.cpp
index ccd660dc586..a72546a8d0c 100644
--- a/src/cbmc/cbmc_solvers.cpp
+++ b/src/cbmc/cbmc_solvers.cpp
@@ -14,6 +14,7 @@ Author: Daniel Kroening, kroening@kroening.com
 
 #include <solvers/sat/satcheck.h>
 #include <solvers/refinement/bv_refinement.h>
+#include <solvers/refinement/string_refinement.h>
 #include <solvers/smt1/smt1_dec.h>
 #include <solvers/smt2/smt2_dec.h>
 #include <solvers/cvc/cvc_dec.h>
@@ -213,6 +214,29 @@ cbmc_solverst::solvert* cbmc_solverst::get_bv_refinement()
 
 /*******************************************************************\
 
+Function: cbmc_solverst::get_string_refinement
+
+ Outputs: a solver for cbmc
+
+ Purpose: the string refinement adds to the bit vector refinement
+          specifications for functions from the Java string library
+
+\*******************************************************************/
+
+cbmc_solverst::solvert* cbmc_solverst::get_string_refinement()
+{
+  propt *prop;
+  prop=new satcheck_no_simplifiert();
+  prop->set_message_handler(get_message_handler());
+
+  string_refinementt *string_refinement=new string_refinementt(
+    ns, *prop, MAX_NB_REFINEMENT);
+  string_refinement->set_ui(ui);
+  return new solvert(string_refinement, prop);
+}
+
+/*******************************************************************\
+
 Function: cbmc_solverst::get_smt1
 
   Inputs:
diff --git a/src/cbmc/cbmc_solvers.h b/src/cbmc/cbmc_solvers.h
index 42d47fcaed3..be4a0e0ccde 100644
--- a/src/cbmc/cbmc_solvers.h
+++ b/src/cbmc/cbmc_solvers.h
@@ -111,15 +111,17 @@ class cbmc_solverst:public messaget
     solvert *solver;
 
     if(options.get_bool_option("dimacs"))
-      solver = get_dimacs();
+      solver=get_dimacs();
     else if(options.get_bool_option("refine"))
-      solver = get_bv_refinement();
+      solver=get_bv_refinement();
+    else if(options.get_bool_option("string-refine"))
+      solver=get_string_refinement();
     else if(options.get_bool_option("smt1"))
-      solver = get_smt1(get_smt1_solver_type());
+      solver=get_smt1(get_smt1_solver_type());
     else if(options.get_bool_option("smt2"))
-      solver = get_smt2(get_smt2_solver_type());
+      solver=get_smt2(get_smt2_solver_type());
     else
-      solver = get_default();
+      solver=get_default();
 
     return std::unique_ptr<solvert>(solver);
   }
@@ -141,6 +143,7 @@ class cbmc_solverst:public messaget
   solvert *get_default();
   solvert *get_dimacs();
   solvert *get_bv_refinement();
+  solvert *get_string_refinement();
   solvert *get_smt1(smt1_dect::solvert solver);
   solvert *get_smt2(smt2_dect::solvert solver);
 

From 9d2a1158dd4ff7f42083efcf47c80b8b1bc6b947 Mon Sep 17 00:00:00 2001
From: Joel Allred <joel.allred@diffblue.com>
Date: Thu, 23 Mar 2017 18:18:14 +0000
Subject: [PATCH 143/699] Change option name to --refine-strings

---
 src/cbmc/cbmc_parse_options.cpp              | 8 ++++----
 src/cbmc/cbmc_parse_options.h                | 2 +-
 src/cbmc/cbmc_solvers.h                      | 2 +-
 src/java_bytecode/java_bytecode_language.cpp | 2 +-
 4 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/src/cbmc/cbmc_parse_options.cpp b/src/cbmc/cbmc_parse_options.cpp
index b6a96d1e178..b90afbb307e 100644
--- a/src/cbmc/cbmc_parse_options.cpp
+++ b/src/cbmc/cbmc_parse_options.cpp
@@ -311,9 +311,9 @@ void cbmc_parse_optionst::get_command_line_options(optionst &options)
     options.set_option("refine-arithmetic", true);
   }
 
-  if(cmdline.isset("string-refine"))
+  if(cmdline.isset("refine-strings"))
   {
-    options.set_option("string-refine", true);
+    options.set_option("refine-strings", true);
   }
 
   if(cmdline.isset("max-node-refinement"))
@@ -911,7 +911,7 @@ bool cbmc_parse_optionst::process_goto_program(
     goto_partial_inline(goto_functions, ns, ui_message_handler);
 
 
-    if(cmdline.isset("string-refine"))
+    if(cmdline.isset("refine-strings"))
     {
       status() << "Preprocessing for string refinement" << eom;
       string_refine_preprocesst(
@@ -1205,7 +1205,7 @@ void cbmc_parse_optionst::help()
     " --yices                      use Yices\n"
     " --z3                         use Z3\n"
     " --refine                     use refinement procedure (experimental)\n"
-    " --string-refine              use string refinement (experimental)\n"
+    " --refine-strings             use string refinement (experimental)\n"
     " --outfile filename           output formula to given file\n"
     " --arrays-uf-never            never turn arrays into uninterpreted functions\n" // NOLINT(*)
     " --arrays-uf-always           always turn arrays into uninterpreted functions\n" // NOLINT(*)
diff --git a/src/cbmc/cbmc_parse_options.h b/src/cbmc/cbmc_parse_options.h
index c6ed41c1e6a..266984c5c17 100644
--- a/src/cbmc/cbmc_parse_options.h
+++ b/src/cbmc/cbmc_parse_options.h
@@ -37,7 +37,7 @@ class optionst;
   "(no-sat-preprocessor)" \
   "(no-pretty-names)(beautify)" \
   "(dimacs)(refine)(max-node-refinement):(refine-arrays)(refine-arithmetic)"\
-  "(string-refine)" \
+  "(refine-strings)" \
   "(aig)(16)(32)(64)(LP64)(ILP64)(LLP64)(ILP32)(LP32)" \
   "(little-endian)(big-endian)" \
   "(show-goto-functions)(show-loops)" \
diff --git a/src/cbmc/cbmc_solvers.h b/src/cbmc/cbmc_solvers.h
index be4a0e0ccde..c837bd55806 100644
--- a/src/cbmc/cbmc_solvers.h
+++ b/src/cbmc/cbmc_solvers.h
@@ -114,7 +114,7 @@ class cbmc_solverst:public messaget
       solver=get_dimacs();
     else if(options.get_bool_option("refine"))
       solver=get_bv_refinement();
-    else if(options.get_bool_option("string-refine"))
+    else if(options.get_bool_option("refine-strings"))
       solver=get_string_refinement();
     else if(options.get_bool_option("smt1"))
       solver=get_smt1(get_smt1_solver_type());
diff --git a/src/java_bytecode/java_bytecode_language.cpp b/src/java_bytecode/java_bytecode_language.cpp
index 9faa16f676a..8ab88cf9dc6 100644
--- a/src/java_bytecode/java_bytecode_language.cpp
+++ b/src/java_bytecode/java_bytecode_language.cpp
@@ -44,7 +44,7 @@ void java_bytecode_languaget::get_language_options(const cmdlinet &cmd)
 {
   disable_runtime_checks=cmd.isset("disable-runtime-check");
   assume_inputs_non_null=cmd.isset("java-assume-inputs-non-null");
-  string_refinement_enabled=cmd.isset("string-refine");
+  string_refinement_enabled=cmd.isset("refine-strings");
   if(cmd.isset("java-max-input-array-length"))
     max_nondet_array_length=
       std::stoi(cmd.get_value("java-max-input-array-length"));

From c7691a4ffd6a4075df7e0b1976e2a3b472be211b Mon Sep 17 00:00:00 2001
From: Joel Allred <joel.allred@diffblue.com>
Date: Fri, 24 Feb 2017 17:36:40 +0000
Subject: [PATCH 144/699] Restructuration of tests on strings

Add test java_intern
Adapt test.desc to new output format
Make more robust java tests.
Add test for parseint.

Correction in the hacks to use refined strings in C programs

Add smoke tests for java string support
Quick set of tests.
Created by modifying the existing development tests.
Longer tests are run when using 'make testall'.
Format of java files was adapted.
No change to the validation tests (written by Lucas Cordeiro).

Update smoke tests

Add a series of performance tests that check that the negation of the
assertions found in the smoke tests indeed fail.

Update java_char_array_init/test_init.class

Add first fixed_bugs test
For bug #95

Update test description with new option name
String refinement option name has changed to --refine-strings

Formatting in cprover-string-hack.h

Move smoke tests to regression folder.

Move fixed bugs tests to strings folder

Move string perfomance tests to strings directory

These are not really performance tests, only tests that are longer than
the smoke tests.

Adapt Makefile for new location of smoke tests
---
 regression/strings-smoke-tests/Makefile       |   9 ++
 .../java_append_char/test.desc                |   7 ++
 .../java_append_char/test_append_char.class   | Bin 0 -> 999 bytes
 .../java_append_char/test_append_char.java    |  17 ++++
 .../java_append_int/test.desc                 |   7 ++
 .../java_append_int/test_append_int.class     | Bin 0 -> 842 bytes
 .../java_append_int/test_append_int.java      |  11 +++
 .../java_append_object/test.desc              |   7 ++
 .../test_append_object.class                  | Bin 0 -> 992 bytes
 .../test_append_object.java                   |  17 ++++
 .../java_append_string/test.desc              |   7 ++
 .../test_append_string.class                  | Bin 0 -> 1032 bytes
 .../test_append_string.java                   |  14 +++
 .../strings-smoke-tests/java_case/test.desc   |   7 ++
 .../java_case/test_case.class                 | Bin 0 -> 865 bytes
 .../java_case/test_case.java                  |  12 +++
 .../java_char_array/test.desc                 |   7 ++
 .../java_char_array/test_char_array.class     | Bin 0 -> 714 bytes
 .../java_char_array/test_char_array.java      |  13 +++
 .../java_char_array_init/test.desc            |   7 ++
 .../java_char_array_init/test_init.class      | Bin 0 -> 1046 bytes
 .../java_char_array_init/test_init.java       |  21 ++++
 .../java_char_at/test.desc                    |   7 ++
 .../java_char_at/test_char_at.class           | Bin 0 -> 628 bytes
 .../java_char_at/test_char_at.java            |   7 ++
 .../java_code_point/test.desc                 |   7 ++
 .../java_code_point/test_code_point.class     | Bin 0 -> 999 bytes
 .../java_code_point/test_code_point.java      |  14 +++
 .../java_compare/test.desc                    |   7 ++
 .../java_compare/test_compare.class           | Bin 0 -> 623 bytes
 .../java_compare/test_compare.java            |   9 ++
 .../strings-smoke-tests/java_concat/test.desc |   8 ++
 .../java_concat/test_concat.class             | Bin 0 -> 798 bytes
 .../java_concat/test_concat.java              |  13 +++
 .../java_contains/test.desc                   |   8 ++
 .../java_contains/test_contains.class         | Bin 0 -> 716 bytes
 .../java_contains/test_contains.java          |  11 +++
 .../strings-smoke-tests/java_delete/test.desc |   7 ++
 .../java_delete/test_delete.class             | Bin 0 -> 943 bytes
 .../java_delete/test_delete.java              |  10 ++
 .../java_delete_char_at/test.desc             |   7 ++
 .../test_delete_char_at.class                 | Bin 0 -> 867 bytes
 .../test_delete_char_at.java                  |  11 +++
 .../strings-smoke-tests/java_empty/test.desc  |   7 ++
 .../java_empty/test_empty.class               | Bin 0 -> 571 bytes
 .../java_empty/test_empty.java                |   8 ++
 .../java_endswith/test.desc                   |   8 ++
 .../java_endswith/test_endswith.class         | Bin 0 -> 711 bytes
 .../java_endswith/test_endswith.java          |  12 +++
 .../strings-smoke-tests/java_equal/test.desc  |   8 ++
 .../java_equal/test_equal.class               | Bin 0 -> 725 bytes
 .../java_equal/test_equal.java                |  11 +++
 .../strings-smoke-tests/java_float/test.desc  |   7 ++
 .../java_float/test_float.class               | Bin 0 -> 965 bytes
 .../java_float/test_float.java                |  15 +++
 .../java_hash_code/test.desc                  |   8 ++
 .../java_hash_code/test_hash_code.class       | Bin 0 -> 650 bytes
 .../java_hash_code/test_hash_code.java        |  11 +++
 .../java_index_of/test.desc                   |   7 ++
 .../java_index_of/test_index_of.class         | Bin 0 -> 631 bytes
 .../java_index_of/test_index_of.java          |  10 ++
 .../java_index_of_char/test.desc              |   7 ++
 .../test_index_of_char.class                  | Bin 0 -> 614 bytes
 .../test_index_of_char.java                   |  10 ++
 .../java_insert_char/test.desc                |   7 ++
 .../java_insert_char/test_insert_char.class   | Bin 0 -> 811 bytes
 .../java_insert_char/test_insert_char.java    |  10 ++
 .../java_insert_char_array/test.desc          |   7 ++
 .../test_insert_char_array.class              | Bin 0 -> 979 bytes
 .../test_insert_char_array.java               |  14 +++
 .../java_insert_int/test.desc                 |   7 ++
 .../java_insert_int/test_insert_int.class     | Bin 0 -> 810 bytes
 .../java_insert_int/test_insert_int.java      |  10 ++
 .../.test_insert.java.swp                     | Bin 0 -> 12288 bytes
 .../java_insert_multiple/test.desc            |   7 ++
 .../test_insert_multiple.class                | Bin 0 -> 898 bytes
 .../test_insert_multiple.java                 |  11 +++
 .../java_insert_string/test.desc              |   7 ++
 .../test_insert_string.class                  | Bin 0 -> 841 bytes
 .../test_insert_string.java                   |  10 ++
 .../java_int_to_string/test.desc              |   7 ++
 .../java_int_to_string/test_int.class         | Bin 0 -> 859 bytes
 .../java_int_to_string/test_int.java          |  11 +++
 .../strings-smoke-tests/java_intern/test.desc |   7 ++
 .../java_intern/test_intern.class             | Bin 0 -> 634 bytes
 .../java_intern/test_intern.java              |  11 +++
 .../java_last_index_of/test.desc              |   7 ++
 .../test_last_index_of.class                  | Bin 0 -> 647 bytes
 .../test_last_index_of.java                   |  10 ++
 .../java_last_index_of_char/test.desc         |   7 ++
 .../test_last_index_of_char.class             | Bin 0 -> 623 bytes
 .../test_last_index_of_char.java              |   9 ++
 .../strings-smoke-tests/java_length/test.desc |   7 ++
 .../java_length/test_length.class             | Bin 0 -> 630 bytes
 .../java_length/test_length.java              |   9 ++
 .../java_parseint/test.desc                   |   8 ++
 .../java_parseint/test_parseint.class         | Bin 0 -> 727 bytes
 .../java_parseint/test_parseint.java          |  10 ++
 .../java_replace/test.desc                    |   7 ++
 .../java_replace/test_replace.class           | Bin 0 -> 980 bytes
 .../java_replace/test_replace.java            |  13 +++
 .../java_replace_char/test.desc               |   7 ++
 .../java_replace_char/test_replace_char.class | Bin 0 -> 730 bytes
 .../java_replace_char/test_replace_char.java  |   9 ++
 .../java_set_char_at/test.desc                |   7 ++
 .../java_set_char_at/test_set_char_at.class   | Bin 0 -> 874 bytes
 .../java_set_char_at/test_set_char_at.java    |  13 +++
 .../java_set_length/test.desc                 |   9 ++
 .../java_set_length/test_set_length.class     | Bin 0 -> 861 bytes
 .../java_set_length/test_set_length.java      |  12 +++
 .../java_starts_with/test.desc                |   8 ++
 .../java_starts_with/test_starts_with.class   | Bin 0 -> 719 bytes
 .../java_starts_with/test_starts_with.java    |  11 +++
 .../java_string_builder_length/test.desc      |   7 ++
 .../test_sb_length.class                      | Bin 0 -> 722 bytes
 .../test_sb_length.java                       |   9 ++
 .../java_subsequence/test.desc                |   7 ++
 .../java_subsequence/test_subsequence.class   | Bin 0 -> 789 bytes
 .../java_subsequence/test_subsequence.java    |  14 +++
 .../java_substring/test.desc                  |   7 ++
 .../java_substring/test_substring.class       | Bin 0 -> 740 bytes
 .../java_substring/test_substring.java        |  14 +++
 .../strings-smoke-tests/java_trim/test.desc   |   8 ++
 .../java_trim/test_trim.class                 | Bin 0 -> 641 bytes
 .../java_trim/test_trim.java                  |   9 ++
 regression/strings/RegexMatches01/test.desc   |   2 +-
 regression/strings/RegexMatches02/test.desc   |   2 +-
 .../strings/RegexSubstitution01/test.desc     |   2 +-
 .../strings/RegexSubstitution02/test.desc     |   2 +-
 .../strings/RegexSubstitution03/test.desc     |   2 +-
 .../strings/StaticCharMethods01/test.desc     |   2 +-
 .../strings/StaticCharMethods02/test.desc     |   2 +-
 .../strings/StaticCharMethods03/test.desc     |   2 +-
 .../strings/StaticCharMethods04/test.desc     |   2 +-
 .../strings/StaticCharMethods05/test.desc     |   2 +-
 .../strings/StaticCharMethods06/test.desc     |   2 +-
 .../strings/StringBuilderAppend01/test.desc   |   2 +-
 .../strings/StringBuilderAppend02/test.desc   |   2 +-
 .../strings/StringBuilderCapLen01/test.desc   |   2 +-
 .../strings/StringBuilderCapLen02/test.desc   |   2 +-
 .../strings/StringBuilderCapLen03/test.desc   |   2 +-
 .../strings/StringBuilderCapLen04/test.desc   |   2 +-
 .../strings/StringBuilderChars01/test.desc    |   2 +-
 .../strings/StringBuilderChars02/test.desc    |   2 +-
 .../strings/StringBuilderChars03/test.desc    |   2 +-
 .../strings/StringBuilderChars04/test.desc    |   2 +-
 .../strings/StringBuilderChars05/test.desc    |   2 +-
 .../strings/StringBuilderChars06/test.desc    |   2 +-
 .../StringBuilderConstructors01/test.desc     |   2 +-
 .../StringBuilderConstructors02/test.desc     |   2 +-
 .../StringBuilderInsertDelete01/test.desc     |   2 +-
 .../StringBuilderInsertDelete02/test.desc     |   2 +-
 .../StringBuilderInsertDelete03/test.desc     |   2 +-
 regression/strings/StringCompare01/test.desc  |   2 +-
 regression/strings/StringCompare02/test.desc  |   2 +-
 regression/strings/StringCompare03/test.desc  |   2 +-
 regression/strings/StringCompare04/test.desc  |   2 +-
 regression/strings/StringCompare05/test.desc  |   2 +-
 .../strings/StringConcatenation01/test.desc   |   2 +-
 .../strings/StringConcatenation02/test.desc   |   2 +-
 .../strings/StringConcatenation03/test.desc   |   2 +-
 .../strings/StringConcatenation04/test.desc   |   2 +-
 .../strings/StringConstructors01/test.desc    |   2 +-
 .../strings/StringConstructors02/test.desc    |   2 +-
 .../strings/StringConstructors03/test.desc    |   2 +-
 .../strings/StringConstructors04/test.desc    |   2 +-
 .../strings/StringConstructors05/test.desc    |   2 +-
 .../strings/StringIndexMethods01/test.desc    |   2 +-
 .../strings/StringIndexMethods02/test.desc    |   2 +-
 .../strings/StringIndexMethods03/test.desc    |   2 +-
 .../strings/StringIndexMethods04/test.desc    |   2 +-
 .../strings/StringIndexMethods05/test.desc    |   2 +-
 .../strings/StringMiscellaneous01/test.desc   |   2 +-
 .../strings/StringMiscellaneous02/test.desc   |   2 +-
 .../strings/StringMiscellaneous03/test.desc   |   2 +-
 .../strings/StringMiscellaneous04/test.desc   |   2 +-
 regression/strings/StringStartEnd01/test.desc |   2 +-
 regression/strings/StringStartEnd02/test.desc |   2 +-
 regression/strings/StringStartEnd03/test.desc |   2 +-
 regression/strings/StringValueOf01/test.desc  |   2 +-
 regression/strings/StringValueOf02/test.desc  |   2 +-
 regression/strings/StringValueOf03/test.desc  |   2 +-
 regression/strings/StringValueOf04/test.desc  |   2 +-
 regression/strings/StringValueOf05/test.desc  |   2 +-
 regression/strings/StringValueOf06/test.desc  |   2 +-
 regression/strings/StringValueOf07/test.desc  |   2 +-
 regression/strings/StringValueOf08/test.desc  |   2 +-
 regression/strings/StringValueOf09/test.desc  |   2 +-
 regression/strings/StringValueOf10/test.desc  |   2 +-
 regression/strings/SubString01/test.desc      |   2 +-
 regression/strings/SubString02/test.desc      |   2 +-
 regression/strings/SubString03/test.desc      |   2 +-
 regression/strings/TokenTest01/test.desc      |   2 +-
 regression/strings/TokenTest02/test.desc      |   2 +-
 regression/strings/Validate01/test.desc       |   2 +-
 regression/strings/Validate02/test.desc       |   2 +-
 .../strings/bug-test-gen-095/test.class       | Bin 0 -> 822 bytes
 regression/strings/bug-test-gen-095/test.desc |   7 ++
 regression/strings/bug-test-gen-095/test.java |  10 ++
 regression/strings/cprover-string-hack.h      |  90 ++++++++++++------
 regression/strings/java_append_char/test.desc |   7 ++
 .../java_append_char/test_append_char.class   | Bin 0 -> 999 bytes
 .../java_append_char/test_append_char.java    |  17 ++++
 regression/strings/java_append_int/test.desc  |   7 ++
 .../java_append_int/test_append_int.class     | Bin 0 -> 842 bytes
 .../java_append_int/test_append_int.java      |  11 +++
 .../strings/java_append_object/test.desc      |   7 ++
 .../test_append_object.class                  | Bin 0 -> 992 bytes
 .../test_append_object.java                   |  17 ++++
 .../strings/java_append_string/test.desc      |   7 ++
 .../test_append_string.class                  | Bin 0 -> 1032 bytes
 .../test_append_string.java                   |  14 +++
 regression/strings/java_case/test.desc        |   7 +-
 regression/strings/java_case/test_case.class  | Bin 1073 -> 839 bytes
 regression/strings/java_case/test_case.java   |  26 +++--
 regression/strings/java_char_array/test.desc  |   6 +-
 .../java_char_array/test_char_array.class     | Bin 820 -> 676 bytes
 .../java_char_array/test_char_array.java      |  26 +++--
 .../strings/java_char_array_init/test.desc    |   8 +-
 .../java_char_array_init/test_init.class      | Bin 1209 -> 836 bytes
 .../java_char_array_init/test_init.java       |  33 +++----
 regression/strings/java_char_at/test.desc     |   6 +-
 .../strings/java_char_at/test_char_at.class   | Bin 951 -> 628 bytes
 .../strings/java_char_at/test_char_at.java    |  18 +---
 regression/strings/java_code_point/test.desc  |  10 +-
 .../java_code_point/test_code_point.class     | Bin 1025 -> 941 bytes
 .../java_code_point/test_code_point.java      |  25 ++---
 regression/strings/java_compare/test.desc     |   7 +-
 .../strings/java_compare/test_compare.class   | Bin 780 -> 623 bytes
 .../strings/java_compare/test_compare.java    |  25 ++---
 regression/strings/java_concat/test.desc      |   6 +-
 .../strings/java_concat/test_concat.class     | Bin 854 -> 798 bytes
 .../strings/java_concat/test_concat.java      |  23 ++---
 regression/strings/java_contains/test.desc    |   5 +-
 .../strings/java_contains/test_contains.class | Bin 753 -> 671 bytes
 .../strings/java_contains/test_contains.java  |  17 ++--
 regression/strings/java_delete/test.desc      |   5 +-
 .../strings/java_delete/test_delete.class     | Bin 1126 -> 800 bytes
 .../strings/java_delete/test_delete.java      |  23 ++---
 .../strings/java_delete_char_at/test.desc     |   7 ++
 .../test_delete_char_at.class                 | Bin 0 -> 867 bytes
 .../test_delete_char_at.java                  |  11 +++
 .../strings/java_easychair/easychair.class    | Bin 1164 -> 1163 bytes
 .../strings/java_easychair/easychair.java     |  62 ++++++------
 regression/strings/java_easychair/test.desc   |   6 +-
 regression/strings/java_empty/test.desc       |   5 +-
 .../strings/java_empty/test_empty.class       | Bin 669 -> 571 bytes
 regression/strings/java_empty/test_empty.java |  13 +--
 regression/strings/java_endswith/test.desc    |   7 ++
 .../strings/java_endswith/test_endswith.class | Bin 0 -> 666 bytes
 .../strings/java_endswith/test_endswith.java  |   9 ++
 regression/strings/java_equal/test.desc       |   5 +-
 .../strings/java_equal/test_equal.class       | Bin 726 -> 725 bytes
 regression/strings/java_equal/test_equal.java |  17 ++--
 regression/strings/java_float/test.desc       |   7 +-
 .../strings/java_float/test_float.class       | Bin 1095 -> 1015 bytes
 regression/strings/java_float/test_float.java |  35 ++++---
 regression/strings/java_hash_code/test.desc   |   7 ++
 .../java_hash_code/test_hash_code.class       | Bin 0 -> 602 bytes
 .../java_hash_code/test_hash_code.java        |   9 ++
 regression/strings/java_index_of/test.desc    |  13 +--
 .../strings/java_index_of/test_index_of.class | Bin 1108 -> 631 bytes
 .../strings/java_index_of/test_index_of.java  |  40 ++------
 .../strings/java_index_of_char/test.desc      |   7 ++
 .../test_index_of_char.class                  | Bin 0 -> 614 bytes
 .../test_index_of_char.java                   |  10 ++
 .../strings/java_insert/test_insert.class     | Bin 1318 -> 0 bytes
 .../strings/java_insert/test_insert.java      |  19 ----
 .../strings/java_insert/test_insert1.class    | Bin 1035 -> 0 bytes
 .../strings/java_insert/test_insert1.java     |  23 -----
 regression/strings/java_insert_char/test.desc |   7 ++
 .../java_insert_char/test_insert_char.class   | Bin 0 -> 811 bytes
 .../java_insert_char/test_insert_char.java    |  10 ++
 .../strings/java_insert_char_array/test.desc  |   7 ++
 .../test_insert_char_array.class              | Bin 0 -> 979 bytes
 .../test_insert_char_array.java               |  14 +++
 regression/strings/java_insert_int/test.desc  |   7 ++
 .../java_insert_int/test_insert_int.class     | Bin 0 -> 810 bytes
 .../java_insert_int/test_insert_int.java      |  10 ++
 .../strings/java_insert_multiple/test.desc    |   7 ++
 .../test_insert_multiple.class                | Bin 0 -> 898 bytes
 .../test_insert_multiple.java                 |  11 +++
 .../strings/java_insert_string/test.desc      |   7 ++
 .../test_insert_string.class                  | Bin 0 -> 841 bytes
 .../test_insert_string.java                   |  10 ++
 regression/strings/java_int/test.desc         |  13 ---
 regression/strings/java_int/test_int.class    | Bin 1140 -> 0 bytes
 regression/strings/java_int/test_int.java     |  25 -----
 regression/strings/java_prefix/test.desc      |  10 --
 .../strings/java_prefix/test_prefix.class     | Bin 933 -> 0 bytes
 .../strings/java_prefix/test_prefix.java      |  23 -----
 regression/strings/java_replace/test.desc     |   8 --
 .../strings/java_replace/test_replace.class   | Bin 904 -> 0 bytes
 .../strings/java_replace/test_replace.java    |  10 --
 regression/strings/java_set_length/test.desc  |   9 --
 .../java_set_length/test_set_length.class     | Bin 887 -> 0 bytes
 .../java_set_length/test_set_length.java      |  12 ---
 .../strings/java_string_builder/test.desc     |   9 --
 .../test_string_builder.class                 | Bin 1003 -> 0 bytes
 .../test_string_builder.java                  |  16 ----
 .../java_string_builder_insert/test.desc      |   8 --
 .../test_insert.class                         | Bin 1049 -> 0 bytes
 .../test_insert.java                          |  20 ----
 .../java_string_builder_length/test.desc      |   8 --
 .../test_sb_length.class                      | Bin 791 -> 0 bytes
 .../test_sb_length.java                       |  11 ---
 regression/strings/java_strlen/test.desc      |   8 --
 .../strings/java_strlen/test_length.class     | Bin 864 -> 0 bytes
 .../strings/java_strlen/test_length.java      |  14 ---
 regression/strings/java_substring/test.desc   |  10 --
 .../java_substring/test_substring.class       | Bin 1051 -> 0 bytes
 .../java_substring/test_substring.java        |  27 ------
 regression/strings/java_suffix/test.desc      |   8 --
 .../strings/java_suffix/test_suffix.class     | Bin 811 -> 0 bytes
 .../strings/java_suffix/test_suffix.java      |  15 ---
 regression/strings/java_trim/test.desc        |   8 --
 regression/strings/java_trim/test_trim.class  | Bin 730 -> 0 bytes
 regression/strings/java_trim/test_trim.java   |   8 --
 regression/strings/test1/test.desc            |   2 +-
 regression/strings/test2/test.desc            |   2 +-
 regression/strings/test3.1/test.desc          |   2 +-
 regression/strings/test3.2/test.desc          |   2 +-
 regression/strings/test3.3/test.desc          |   2 +-
 regression/strings/test3.4/test.desc          |   8 +-
 regression/strings/test3/test.desc            |   2 +-
 regression/strings/test4/test.desc            |   2 +-
 regression/strings/test5/test.desc            |   2 +-
 regression/strings/test_char_set/test.desc    |   6 +-
 regression/strings/test_concat/test.desc      |   2 +-
 regression/strings/test_contains/test.desc    |   2 +-
 regression/strings/test_equal/test.desc       |   6 +-
 regression/strings/test_index_of/test.desc    |   2 +-
 regression/strings/test_int/test.desc         |   2 +-
 regression/strings/test_pass1/test.desc       |   2 +-
 regression/strings/test_pass_pc3/test.desc    |   2 +-
 regression/strings/test_prefix/test.desc      |   2 +-
 regression/strings/test_strlen/test.desc      |   2 +-
 regression/strings/test_substring/test.desc   |  10 +-
 regression/strings/test_suffix/test.desc      |   2 +-
 339 files changed, 1402 insertions(+), 738 deletions(-)
 create mode 100644 regression/strings-smoke-tests/Makefile
 create mode 100644 regression/strings-smoke-tests/java_append_char/test.desc
 create mode 100644 regression/strings-smoke-tests/java_append_char/test_append_char.class
 create mode 100644 regression/strings-smoke-tests/java_append_char/test_append_char.java
 create mode 100644 regression/strings-smoke-tests/java_append_int/test.desc
 create mode 100644 regression/strings-smoke-tests/java_append_int/test_append_int.class
 create mode 100644 regression/strings-smoke-tests/java_append_int/test_append_int.java
 create mode 100644 regression/strings-smoke-tests/java_append_object/test.desc
 create mode 100644 regression/strings-smoke-tests/java_append_object/test_append_object.class
 create mode 100644 regression/strings-smoke-tests/java_append_object/test_append_object.java
 create mode 100644 regression/strings-smoke-tests/java_append_string/test.desc
 create mode 100644 regression/strings-smoke-tests/java_append_string/test_append_string.class
 create mode 100644 regression/strings-smoke-tests/java_append_string/test_append_string.java
 create mode 100644 regression/strings-smoke-tests/java_case/test.desc
 create mode 100644 regression/strings-smoke-tests/java_case/test_case.class
 create mode 100644 regression/strings-smoke-tests/java_case/test_case.java
 create mode 100644 regression/strings-smoke-tests/java_char_array/test.desc
 create mode 100644 regression/strings-smoke-tests/java_char_array/test_char_array.class
 create mode 100644 regression/strings-smoke-tests/java_char_array/test_char_array.java
 create mode 100644 regression/strings-smoke-tests/java_char_array_init/test.desc
 create mode 100644 regression/strings-smoke-tests/java_char_array_init/test_init.class
 create mode 100644 regression/strings-smoke-tests/java_char_array_init/test_init.java
 create mode 100644 regression/strings-smoke-tests/java_char_at/test.desc
 create mode 100644 regression/strings-smoke-tests/java_char_at/test_char_at.class
 create mode 100644 regression/strings-smoke-tests/java_char_at/test_char_at.java
 create mode 100644 regression/strings-smoke-tests/java_code_point/test.desc
 create mode 100644 regression/strings-smoke-tests/java_code_point/test_code_point.class
 create mode 100644 regression/strings-smoke-tests/java_code_point/test_code_point.java
 create mode 100644 regression/strings-smoke-tests/java_compare/test.desc
 create mode 100644 regression/strings-smoke-tests/java_compare/test_compare.class
 create mode 100644 regression/strings-smoke-tests/java_compare/test_compare.java
 create mode 100644 regression/strings-smoke-tests/java_concat/test.desc
 create mode 100644 regression/strings-smoke-tests/java_concat/test_concat.class
 create mode 100644 regression/strings-smoke-tests/java_concat/test_concat.java
 create mode 100644 regression/strings-smoke-tests/java_contains/test.desc
 create mode 100644 regression/strings-smoke-tests/java_contains/test_contains.class
 create mode 100644 regression/strings-smoke-tests/java_contains/test_contains.java
 create mode 100644 regression/strings-smoke-tests/java_delete/test.desc
 create mode 100644 regression/strings-smoke-tests/java_delete/test_delete.class
 create mode 100644 regression/strings-smoke-tests/java_delete/test_delete.java
 create mode 100644 regression/strings-smoke-tests/java_delete_char_at/test.desc
 create mode 100644 regression/strings-smoke-tests/java_delete_char_at/test_delete_char_at.class
 create mode 100644 regression/strings-smoke-tests/java_delete_char_at/test_delete_char_at.java
 create mode 100644 regression/strings-smoke-tests/java_empty/test.desc
 create mode 100644 regression/strings-smoke-tests/java_empty/test_empty.class
 create mode 100644 regression/strings-smoke-tests/java_empty/test_empty.java
 create mode 100644 regression/strings-smoke-tests/java_endswith/test.desc
 create mode 100644 regression/strings-smoke-tests/java_endswith/test_endswith.class
 create mode 100644 regression/strings-smoke-tests/java_endswith/test_endswith.java
 create mode 100644 regression/strings-smoke-tests/java_equal/test.desc
 create mode 100644 regression/strings-smoke-tests/java_equal/test_equal.class
 create mode 100644 regression/strings-smoke-tests/java_equal/test_equal.java
 create mode 100644 regression/strings-smoke-tests/java_float/test.desc
 create mode 100644 regression/strings-smoke-tests/java_float/test_float.class
 create mode 100644 regression/strings-smoke-tests/java_float/test_float.java
 create mode 100644 regression/strings-smoke-tests/java_hash_code/test.desc
 create mode 100644 regression/strings-smoke-tests/java_hash_code/test_hash_code.class
 create mode 100644 regression/strings-smoke-tests/java_hash_code/test_hash_code.java
 create mode 100644 regression/strings-smoke-tests/java_index_of/test.desc
 create mode 100644 regression/strings-smoke-tests/java_index_of/test_index_of.class
 create mode 100644 regression/strings-smoke-tests/java_index_of/test_index_of.java
 create mode 100644 regression/strings-smoke-tests/java_index_of_char/test.desc
 create mode 100644 regression/strings-smoke-tests/java_index_of_char/test_index_of_char.class
 create mode 100644 regression/strings-smoke-tests/java_index_of_char/test_index_of_char.java
 create mode 100644 regression/strings-smoke-tests/java_insert_char/test.desc
 create mode 100644 regression/strings-smoke-tests/java_insert_char/test_insert_char.class
 create mode 100644 regression/strings-smoke-tests/java_insert_char/test_insert_char.java
 create mode 100644 regression/strings-smoke-tests/java_insert_char_array/test.desc
 create mode 100644 regression/strings-smoke-tests/java_insert_char_array/test_insert_char_array.class
 create mode 100644 regression/strings-smoke-tests/java_insert_char_array/test_insert_char_array.java
 create mode 100644 regression/strings-smoke-tests/java_insert_int/test.desc
 create mode 100644 regression/strings-smoke-tests/java_insert_int/test_insert_int.class
 create mode 100644 regression/strings-smoke-tests/java_insert_int/test_insert_int.java
 create mode 100644 regression/strings-smoke-tests/java_insert_multiple/.test_insert.java.swp
 create mode 100644 regression/strings-smoke-tests/java_insert_multiple/test.desc
 create mode 100644 regression/strings-smoke-tests/java_insert_multiple/test_insert_multiple.class
 create mode 100644 regression/strings-smoke-tests/java_insert_multiple/test_insert_multiple.java
 create mode 100644 regression/strings-smoke-tests/java_insert_string/test.desc
 create mode 100644 regression/strings-smoke-tests/java_insert_string/test_insert_string.class
 create mode 100644 regression/strings-smoke-tests/java_insert_string/test_insert_string.java
 create mode 100644 regression/strings-smoke-tests/java_int_to_string/test.desc
 create mode 100644 regression/strings-smoke-tests/java_int_to_string/test_int.class
 create mode 100644 regression/strings-smoke-tests/java_int_to_string/test_int.java
 create mode 100644 regression/strings-smoke-tests/java_intern/test.desc
 create mode 100644 regression/strings-smoke-tests/java_intern/test_intern.class
 create mode 100644 regression/strings-smoke-tests/java_intern/test_intern.java
 create mode 100644 regression/strings-smoke-tests/java_last_index_of/test.desc
 create mode 100644 regression/strings-smoke-tests/java_last_index_of/test_last_index_of.class
 create mode 100644 regression/strings-smoke-tests/java_last_index_of/test_last_index_of.java
 create mode 100644 regression/strings-smoke-tests/java_last_index_of_char/test.desc
 create mode 100644 regression/strings-smoke-tests/java_last_index_of_char/test_last_index_of_char.class
 create mode 100644 regression/strings-smoke-tests/java_last_index_of_char/test_last_index_of_char.java
 create mode 100644 regression/strings-smoke-tests/java_length/test.desc
 create mode 100644 regression/strings-smoke-tests/java_length/test_length.class
 create mode 100644 regression/strings-smoke-tests/java_length/test_length.java
 create mode 100644 regression/strings-smoke-tests/java_parseint/test.desc
 create mode 100644 regression/strings-smoke-tests/java_parseint/test_parseint.class
 create mode 100644 regression/strings-smoke-tests/java_parseint/test_parseint.java
 create mode 100644 regression/strings-smoke-tests/java_replace/test.desc
 create mode 100644 regression/strings-smoke-tests/java_replace/test_replace.class
 create mode 100644 regression/strings-smoke-tests/java_replace/test_replace.java
 create mode 100644 regression/strings-smoke-tests/java_replace_char/test.desc
 create mode 100644 regression/strings-smoke-tests/java_replace_char/test_replace_char.class
 create mode 100644 regression/strings-smoke-tests/java_replace_char/test_replace_char.java
 create mode 100644 regression/strings-smoke-tests/java_set_char_at/test.desc
 create mode 100644 regression/strings-smoke-tests/java_set_char_at/test_set_char_at.class
 create mode 100644 regression/strings-smoke-tests/java_set_char_at/test_set_char_at.java
 create mode 100644 regression/strings-smoke-tests/java_set_length/test.desc
 create mode 100644 regression/strings-smoke-tests/java_set_length/test_set_length.class
 create mode 100644 regression/strings-smoke-tests/java_set_length/test_set_length.java
 create mode 100644 regression/strings-smoke-tests/java_starts_with/test.desc
 create mode 100644 regression/strings-smoke-tests/java_starts_with/test_starts_with.class
 create mode 100644 regression/strings-smoke-tests/java_starts_with/test_starts_with.java
 create mode 100644 regression/strings-smoke-tests/java_string_builder_length/test.desc
 create mode 100644 regression/strings-smoke-tests/java_string_builder_length/test_sb_length.class
 create mode 100644 regression/strings-smoke-tests/java_string_builder_length/test_sb_length.java
 create mode 100644 regression/strings-smoke-tests/java_subsequence/test.desc
 create mode 100644 regression/strings-smoke-tests/java_subsequence/test_subsequence.class
 create mode 100644 regression/strings-smoke-tests/java_subsequence/test_subsequence.java
 create mode 100644 regression/strings-smoke-tests/java_substring/test.desc
 create mode 100644 regression/strings-smoke-tests/java_substring/test_substring.class
 create mode 100644 regression/strings-smoke-tests/java_substring/test_substring.java
 create mode 100644 regression/strings-smoke-tests/java_trim/test.desc
 create mode 100644 regression/strings-smoke-tests/java_trim/test_trim.class
 create mode 100644 regression/strings-smoke-tests/java_trim/test_trim.java
 create mode 100644 regression/strings/bug-test-gen-095/test.class
 create mode 100644 regression/strings/bug-test-gen-095/test.desc
 create mode 100644 regression/strings/bug-test-gen-095/test.java
 create mode 100644 regression/strings/java_append_char/test.desc
 create mode 100644 regression/strings/java_append_char/test_append_char.class
 create mode 100644 regression/strings/java_append_char/test_append_char.java
 create mode 100644 regression/strings/java_append_int/test.desc
 create mode 100644 regression/strings/java_append_int/test_append_int.class
 create mode 100644 regression/strings/java_append_int/test_append_int.java
 create mode 100644 regression/strings/java_append_object/test.desc
 create mode 100644 regression/strings/java_append_object/test_append_object.class
 create mode 100644 regression/strings/java_append_object/test_append_object.java
 create mode 100644 regression/strings/java_append_string/test.desc
 create mode 100644 regression/strings/java_append_string/test_append_string.class
 create mode 100644 regression/strings/java_append_string/test_append_string.java
 create mode 100644 regression/strings/java_delete_char_at/test.desc
 create mode 100644 regression/strings/java_delete_char_at/test_delete_char_at.class
 create mode 100644 regression/strings/java_delete_char_at/test_delete_char_at.java
 create mode 100644 regression/strings/java_endswith/test.desc
 create mode 100644 regression/strings/java_endswith/test_endswith.class
 create mode 100644 regression/strings/java_endswith/test_endswith.java
 create mode 100644 regression/strings/java_hash_code/test.desc
 create mode 100644 regression/strings/java_hash_code/test_hash_code.class
 create mode 100644 regression/strings/java_hash_code/test_hash_code.java
 create mode 100644 regression/strings/java_index_of_char/test.desc
 create mode 100644 regression/strings/java_index_of_char/test_index_of_char.class
 create mode 100644 regression/strings/java_index_of_char/test_index_of_char.java
 delete mode 100644 regression/strings/java_insert/test_insert.class
 delete mode 100644 regression/strings/java_insert/test_insert.java
 delete mode 100644 regression/strings/java_insert/test_insert1.class
 delete mode 100644 regression/strings/java_insert/test_insert1.java
 create mode 100644 regression/strings/java_insert_char/test.desc
 create mode 100644 regression/strings/java_insert_char/test_insert_char.class
 create mode 100644 regression/strings/java_insert_char/test_insert_char.java
 create mode 100644 regression/strings/java_insert_char_array/test.desc
 create mode 100644 regression/strings/java_insert_char_array/test_insert_char_array.class
 create mode 100644 regression/strings/java_insert_char_array/test_insert_char_array.java
 create mode 100644 regression/strings/java_insert_int/test.desc
 create mode 100644 regression/strings/java_insert_int/test_insert_int.class
 create mode 100644 regression/strings/java_insert_int/test_insert_int.java
 create mode 100644 regression/strings/java_insert_multiple/test.desc
 create mode 100644 regression/strings/java_insert_multiple/test_insert_multiple.class
 create mode 100644 regression/strings/java_insert_multiple/test_insert_multiple.java
 create mode 100644 regression/strings/java_insert_string/test.desc
 create mode 100644 regression/strings/java_insert_string/test_insert_string.class
 create mode 100644 regression/strings/java_insert_string/test_insert_string.java
 delete mode 100644 regression/strings/java_int/test.desc
 delete mode 100644 regression/strings/java_int/test_int.class
 delete mode 100644 regression/strings/java_int/test_int.java
 delete mode 100644 regression/strings/java_prefix/test.desc
 delete mode 100644 regression/strings/java_prefix/test_prefix.class
 delete mode 100644 regression/strings/java_prefix/test_prefix.java
 delete mode 100644 regression/strings/java_replace/test.desc
 delete mode 100644 regression/strings/java_replace/test_replace.class
 delete mode 100644 regression/strings/java_replace/test_replace.java
 delete mode 100644 regression/strings/java_set_length/test.desc
 delete mode 100644 regression/strings/java_set_length/test_set_length.class
 delete mode 100644 regression/strings/java_set_length/test_set_length.java
 delete mode 100644 regression/strings/java_string_builder/test.desc
 delete mode 100644 regression/strings/java_string_builder/test_string_builder.class
 delete mode 100644 regression/strings/java_string_builder/test_string_builder.java
 delete mode 100644 regression/strings/java_string_builder_insert/test.desc
 delete mode 100644 regression/strings/java_string_builder_insert/test_insert.class
 delete mode 100644 regression/strings/java_string_builder_insert/test_insert.java
 delete mode 100644 regression/strings/java_string_builder_length/test.desc
 delete mode 100644 regression/strings/java_string_builder_length/test_sb_length.class
 delete mode 100644 regression/strings/java_string_builder_length/test_sb_length.java
 delete mode 100644 regression/strings/java_strlen/test.desc
 delete mode 100644 regression/strings/java_strlen/test_length.class
 delete mode 100644 regression/strings/java_strlen/test_length.java
 delete mode 100644 regression/strings/java_substring/test.desc
 delete mode 100644 regression/strings/java_substring/test_substring.class
 delete mode 100644 regression/strings/java_substring/test_substring.java
 delete mode 100644 regression/strings/java_suffix/test.desc
 delete mode 100644 regression/strings/java_suffix/test_suffix.class
 delete mode 100644 regression/strings/java_suffix/test_suffix.java
 delete mode 100644 regression/strings/java_trim/test.desc
 delete mode 100644 regression/strings/java_trim/test_trim.class
 delete mode 100644 regression/strings/java_trim/test_trim.java

diff --git a/regression/strings-smoke-tests/Makefile b/regression/strings-smoke-tests/Makefile
new file mode 100644
index 00000000000..c41ab1c5be8
--- /dev/null
+++ b/regression/strings-smoke-tests/Makefile
@@ -0,0 +1,9 @@
+
+test:
+	@../test.pl -c ../../../src/cbmc/cbmc
+
+testfuture:
+	@../test.pl -c ../../../src/cbmc/cbmc -CF
+
+testall:
+	@../test.pl -c ../../../src/cbmc/cbmc -CFTK
diff --git a/regression/strings-smoke-tests/java_append_char/test.desc b/regression/strings-smoke-tests/java_append_char/test.desc
new file mode 100644
index 00000000000..0f1b3ae243f
--- /dev/null
+++ b/regression/strings-smoke-tests/java_append_char/test.desc
@@ -0,0 +1,7 @@
+FUTURE
+test_append_char.class
+--refine-strings
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION SUCCESSFUL$
+--
diff --git a/regression/strings-smoke-tests/java_append_char/test_append_char.class b/regression/strings-smoke-tests/java_append_char/test_append_char.class
new file mode 100644
index 0000000000000000000000000000000000000000..00c40aef6f6514f718dc1137889e4124d8bd7230
GIT binary patch
literal 999
zcmZWnYf}<Y7=8{c99UMt3rZI(%M83>Wo2Pz(&a;H%@8%{2WMdqwzlljUYhBz_y_u&
z&ES+xeeXwA?}3!mVR?7YbKcAIyzl$#_qQJa7O<isi7}2#Dnb~O=CU;7aa_Sw6%)7?
zM;|6*xUM3HJjaxZgbbKgF@sr-IfkJL-SdR&n~v>0Ha)#&34?)cGDMe5+w_+i!nyow
z2BqW}f+4wP+F~PU)`a^?I@3i{H*JQ#vai?Qt?R80%uyg-9P<pZrMmSmlUjBHw=SNV
zGA`{4&)?QtEnyqm^|!h^x2u29H4I{iVN`w>EZyEIlzrE<cUA+_GK8z)25xG&g$0h=
z8t&jO$D)RNxUV6F0jg%0jYiE11l871#1ccMm+R4y)+es(xD2V&95^0mSjI!T>P5Y%
z?TWh35ZWr8z`M+-Q(X}Z+1yqszt#&pLA^-ieCH@;ICs{OJpQX%{^<FlN$qz6s-5np
zHJ!psYKKp0gx;ipp-#1vFavK%CyU0C&Yj^?l;ezw_knJCryROUi+LJ<vL~Zt(T*^T
z7{W7MVH`J+ChiAxK?|~paay$`ttCrk<Rs`T3?_$3c9>3CdNX=QrVhY9OGl*1Mmr!w
z93#iBU!l+sXz=fmYB*(7s!GbNR3oWIr5Yvkyo=W)Zb>|lxTvfhB2+y<cztH74P~1C
zZ)VzvZ0sXC+Xml9Y!Ab;gYh=hJtPj1AZP8T<Pz#|nIslO5E)`Mj~EuA(k>*hO46R8
z9~&f4khoFuN`w8OgTj&NJm)yh6CA^ZV;Kt_X~4i>UmN{<;L0Z`;V+2wDjunq86ya3
ME3!uy=@3HpFJ~^+h5!Hn

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_append_char/test_append_char.java b/regression/strings-smoke-tests/java_append_char/test_append_char.java
new file mode 100644
index 00000000000..3eec4f30abe
--- /dev/null
+++ b/regression/strings-smoke-tests/java_append_char/test_append_char.java
@@ -0,0 +1,17 @@
+public class test_append_char
+{
+   public static void main(/*String[] args*/)
+   {
+      char[] diff = {'d', 'i', 'f', 'f'};
+      char[] blue = {'b', 'l', 'u', 'e'};
+
+      StringBuilder buffer = new StringBuilder();
+
+      buffer.append(diff)
+            .append(blue);
+
+      String tmp=buffer.toString();
+      System.out.println(tmp);
+      assert tmp.equals("diffblue");
+   }
+}
diff --git a/regression/strings-smoke-tests/java_append_int/test.desc b/regression/strings-smoke-tests/java_append_int/test.desc
new file mode 100644
index 00000000000..e1455859470
--- /dev/null
+++ b/regression/strings-smoke-tests/java_append_int/test.desc
@@ -0,0 +1,7 @@
+FUTURE
+test_append_int.class
+--refine-strings
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION SUCCESSFUL$
+--
diff --git a/regression/strings-smoke-tests/java_append_int/test_append_int.class b/regression/strings-smoke-tests/java_append_int/test_append_int.class
new file mode 100644
index 0000000000000000000000000000000000000000..16948397e03dc279cdae32b41c8692bcfbb44978
GIT binary patch
literal 842
zcmaJ<O>fgc5Pjo(*l`@3rfC~W0~87*DQ!pza7cxK0upKphaf6?shoIKxwv+)9ezyy
z0B1l-B`U$4{{&*zX&Rssmzmx9c<=4Z{`mFv8-OMr=rB=Maao6gvW6?tUzKKAnrj*4
za9zWSjvKhC;+BrAEU)OOqNZY%FuP)fp$H<!_rj-6Xmwp-6KIc+-gG=CdPqoAs&5F%
zE#DRdv+a1|<>06*g4eQ`6GxWg5ptc#>b={s`f->gsklwhHhb<VjNb7FK~Fq)WK%H`
zVYF}c`@*yL9WPoxv_4n{3YaA<$aCGbyn}it3LNj?$-r@K5wI-Vz#7)2sT;V1hJie0
z2#VcgHUk^DODIj-A5Wh4EC_t=H~(Q((KK)m_X+uF)2r^G=tX~p#xi&$W5I;AN_*Nc
z&bF%OLZ`Z0gr&-h|E0CapHLJl=L;DiE#40-Hzdsc$vl?Ys`9qXsh%yDS4x<-Md$>=
zJ{tlrC>n5r_qm5<{uw6!A<CEJ4EdA*$@#M_@~zCC*r#g8pii<8b8ORbkdVRrS*g!I
zP2t?e36!_TNNm>%$q`b!HFbpaZfyj${TbR2#nnP)1bv9?39?*he3!UNjJwFlOa_g;
z36*0S7MZ019SfYvf_|c*qNL(toSNut#)5#ELT-c$L#WA*NG85On_^EiOPmxG<B@#X
IrI>o@H<&=ME&u=k

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_append_int/test_append_int.java b/regression/strings-smoke-tests/java_append_int/test_append_int.java
new file mode 100644
index 00000000000..963f3d7c063
--- /dev/null
+++ b/regression/strings-smoke-tests/java_append_int/test_append_int.java
@@ -0,0 +1,11 @@
+public class test_append_int
+{
+   public static void main(/*String[] args*/)
+   {
+      StringBuilder diffblue = new StringBuilder();
+      diffblue.append("d");
+      diffblue.append(4);
+      String s = diffblue.toString();
+      assert s.equals("d4");
+   }
+}
diff --git a/regression/strings-smoke-tests/java_append_object/test.desc b/regression/strings-smoke-tests/java_append_object/test.desc
new file mode 100644
index 00000000000..5db2ac1db73
--- /dev/null
+++ b/regression/strings-smoke-tests/java_append_object/test.desc
@@ -0,0 +1,7 @@
+FUTURE
+test_append_object.class
+--refine-strings
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION SUCCESSFUL$
+--
diff --git a/regression/strings-smoke-tests/java_append_object/test_append_object.class b/regression/strings-smoke-tests/java_append_object/test_append_object.class
new file mode 100644
index 0000000000000000000000000000000000000000..ed6942a1fa6ddb20c36b528444d598e867e347f5
GIT binary patch
literal 992
zcmZWn*>2N76g`t|9M@^mbPIb6p(Jh7u#`2SEAT>Ekb*$;rE=nF<>J`E3ld+!dwzgt
zij+!Jf_FX&xZ{wfX=VG4=gygP&s~21`SBCLGB#C=VMf8Mg6kYNRKzeNO<tOtNzCDv
ziUNvBq%p5xLB%3U97`%vnBgd^xQ#m;cNxa>y5|YkHyzu1W_o(V5(Wd?VMtU>+w@l$
zqJ`pHhS;WK2!?dcw8eJNY6$m@1k*uFH*JPg-PfBRw)A%BCT`NjagRZ%Hm(0mYTXIk
zrg&k>d(*z~{9V1>7PhhLG!8`5Upmk~=^7?5NwkK!w?|9E3M5#blr7!fFV}t7wD&gx
z(=vpsQ8Dgocz}l-k2E~S6OM|8DxPY{Vw|E&8p%OgG^}8iAvfS!@8|y9bsd)>dtMXA
znuc|3Fk}YzUWIapTs>J-wq8aIr9$oOg-Y?1YbcKjDfOK`$3)>gkPxQ?)IWQ^Xi;yR
zz-O53(V9;AHPyx^8lku7!gwfP*v-J(5@b=&CQnQ31+U0nC&b4<x4bieUec8!%|?2V
z*``GU#4u$D&vb=xQc)TQKcEAeo*m569FEcCvP@34h5n*ovd?6vXm^EHMr(Zj2<)2#
zVw!9sbTTB7JAr;dgk~J5W+N}N(b_R$?~f4QTAc49u|VIu#V+{vA(T=V$wR0eOq8-C
zU1%MQ93w^G(O)t`B#bae+!U7NB<N8v3YBDyP`nh08bzLjSCGL4LXp_Nw25(C4Btx}
sm&vUVu%E|rC>R*arn|^=z++z#i++bXh}h3bGR6_n)@0^aX%oS<e{GZ1nE(I)

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_append_object/test_append_object.java b/regression/strings-smoke-tests/java_append_object/test_append_object.java
new file mode 100644
index 00000000000..121690451ca
--- /dev/null
+++ b/regression/strings-smoke-tests/java_append_object/test_append_object.java
@@ -0,0 +1,17 @@
+public class test_append_object
+{
+   public static void main(/*String[] args*/)
+   {
+      Object diff = "diff";
+      Object blue = "blue";
+
+      StringBuilder buffer = new StringBuilder();
+
+      buffer.append(diff)
+            .append(blue);
+
+      String tmp=buffer.toString();
+      System.out.println(tmp);
+      assert tmp.equals("diffblue");
+   }
+}
diff --git a/regression/strings-smoke-tests/java_append_string/test.desc b/regression/strings-smoke-tests/java_append_string/test.desc
new file mode 100644
index 00000000000..18035539d58
--- /dev/null
+++ b/regression/strings-smoke-tests/java_append_string/test.desc
@@ -0,0 +1,7 @@
+FUTURE
+test_append_string.class
+--refine-strings
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION SUCCESSFUL$
+--
diff --git a/regression/strings-smoke-tests/java_append_string/test_append_string.class b/regression/strings-smoke-tests/java_append_string/test_append_string.class
new file mode 100644
index 0000000000000000000000000000000000000000..622e08467f9e30515731b6cc57a5f93c9f0c02bc
GIT binary patch
literal 1032
zcmZ`%+fEZv6kVscnGRDZLxFlh1rZAcs)(Y3+`*urCN&y(Aw%bs9GuS7nW>3C;sZb6
zvzWArB>L`05%-x=nu<QmK700Ut$q1@_TwjjSv=Q}!H9y}Dn>O#a7V$IhB!u~xT_+U
z#5g82<S{8NQ&O8w!azaAJ(+M{!HkBqtnomjf)5ouV(1$+eV==Qa2<bL_~wDlEe5v7
zkXR6o2o@Qlx$$=lu{GD?3_aVz;je0y1Ma<*!Q`lz!eK}i1GDsD$E=2C;z|4%)P<6L
zUPddrHLt`sg-jX@xF77B)hc(aeLwJob2xouelm3oBFm7LdciiG!$L81GDIvPopY4?
zw{x{7Y>Rt39^(lGmdgsB>X^rZf@eAwv7}=eD^i=&(T@S*Y>9GN$12tsvh8v!tx;@v
zp6f9fmsu)U*Rg@k4vw!6j(90x=+AApi#3VQ%h@HGjWSIAE8tSjc|Y?V7{$+iz$>&3
zw<eLANy06>q1gq5#mx#O^o97HW(K7ygKXMT2g4@qkf9p5twCpU<Chpw<plp&Gj0Dr
zCFovy+O4nIbW{uj7Wak6t&6eJi3Bxr&_(TGm~Jyer_It?xfIf(pyeV<@(TS8(aY$K
zPc*>3$v|8snFx&xNnE=K{X(fx^1V1kWY>r`5PNxw_-+G<?fgU?%KN;b%I5^hd>tBn
zT|1;t)}fyub&SlU(OpN+F}hBXrnKH)5-$?sjS&)&fJVp$6v9+-lWb#T$)gK1(6NOS
zu2WPu*crAI3@NxlGK_4sGaK>-dJUtFzGEn{uZTszBh`j#wI)l&5z&|B0B+Gw1jBy-
D<i+2c

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_append_string/test_append_string.java b/regression/strings-smoke-tests/java_append_string/test_append_string.java
new file mode 100644
index 00000000000..e7f961172fa
--- /dev/null
+++ b/regression/strings-smoke-tests/java_append_string/test_append_string.java
@@ -0,0 +1,14 @@
+public class test_append_string
+{
+   public static void main(/*String[] args*/)
+   {
+      String di = new String("di");
+      StringBuilder diff = new StringBuilder();
+      diff.append(di);
+      diff.append("ff");
+      System.out.println(diff);
+      String s = diff.toString();
+      System.out.println(s);
+      assert s.equals("diff");
+   }
+}
diff --git a/regression/strings-smoke-tests/java_case/test.desc b/regression/strings-smoke-tests/java_case/test.desc
new file mode 100644
index 00000000000..e01a5054419
--- /dev/null
+++ b/regression/strings-smoke-tests/java_case/test.desc
@@ -0,0 +1,7 @@
+FUTURE
+test_case.class
+--refine-strings
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION SUCCESSFUL$
+--
diff --git a/regression/strings-smoke-tests/java_case/test_case.class b/regression/strings-smoke-tests/java_case/test_case.class
new file mode 100644
index 0000000000000000000000000000000000000000..9f7eaab446cd3578f404528b7c77e09fc18c5ab9
GIT binary patch
literal 865
zcmZuvTW=CU6#j+<c3HLswt#pkTCK{Z7B6^hV=SmiQ>qWB3A~sECS)t!#oa~!3s1iJ
ztR|4yMBn{Ujc0ZRv^JTXnK|b>=ljl?`E~sL2Y@ObsYoF&<D!B~DneKj=CUwXVn|?J
z!Bug&CgZva6?p{(1x4X1$tbJXzzrFj3@ht~>vG34ZOeUXx<+Tfdkn125ZyK{(|gPy
z6^d^d!gagH84?ZC;x9&r9qzmmU<w=>rp2(-^o;JiePigmNf?8&-5va?p*HQ2)8)@i
zk+JM?*L&MFT)uf=d@wYmkzq)Rb7f#y{YukwOsmfj+Uba3MZ-<p(r{ZC9V-+tC~yZ=
zhTI}+XV%Cw$FUueT@%QfhP$}O5Sz2gxUb;>9{$7mvU9+@9z&+kSd<KeY>EEkp53rN
za;HwR8PbK~|1cl)dN`bcqWt~H7`P{D21Hv$8gViJ?Dj3&;X&b3=?R)xh^i0h$r!Rd
z?wSto&D*92@J1A%_iAH}K0%6p3QOk1$mk@2WFtd1OSe_p8SRnM6zq!t;tbiS@1$WN
zH-~<rREc8kBZOMIG(~u?G(n_6Cc6I>@)+r|u1pXcBYp(6HAVbq;NH-+)7&L}X@cdy
z(1JhY^XDPcIYK`+N)5;)SV5W8)X3999A_z-gmjFujB~-tW(jkCuD0rT0HpN91j#Yv
a@MnajZ;%%xvnEBc2twKuF^UVmhSlFL=B-Bn

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_case/test_case.java b/regression/strings-smoke-tests/java_case/test_case.java
new file mode 100644
index 00000000000..b3437a6f83e
--- /dev/null
+++ b/regression/strings-smoke-tests/java_case/test_case.java
@@ -0,0 +1,12 @@
+public class test_case
+{
+   public static void main(/*String[] argv*/)
+   {
+      String s = new String("Ab");
+      String l = s.toLowerCase();
+      String u = s.toUpperCase();
+      assert(l.equals("ab"));
+      assert(u.equals("AB"));
+      assert(s.equalsIgnoreCase("aB"));
+   }
+}
diff --git a/regression/strings-smoke-tests/java_char_array/test.desc b/regression/strings-smoke-tests/java_char_array/test.desc
new file mode 100644
index 00000000000..ecce56c1ab8
--- /dev/null
+++ b/regression/strings-smoke-tests/java_char_array/test.desc
@@ -0,0 +1,7 @@
+FUTURE
+test_char_array.class
+--refine-strings
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION SUCCESSFUL$
+--
diff --git a/regression/strings-smoke-tests/java_char_array/test_char_array.class b/regression/strings-smoke-tests/java_char_array/test_char_array.class
new file mode 100644
index 0000000000000000000000000000000000000000..0d2056042ca2ef3063d717972cfe8bf0f7b0d053
GIT binary patch
literal 714
zcmZXR%Wl&^6o&t?9gpL<jT4s=paEJ+$pz6(R;W}&0VG6e7ePpE7uCcW6_?aTV+V;>
zsgPK*2BcI1sqA?u;EbUOm(7`(|J=TF=G*trX8=05?ZQRP!6g@$aYdV@A{^8?uDY;M
z<GAMHI+i(B7=l%ircz~55~mNMR18LP$iVg(?2RanvP}lF(R|Ke^^&1vC~rlv+#Vkf
zq<W@<$#E>Am|?D;iSXr9@hX=&Zg8wJI2+;UcNw>zj8!NfMLKCAlWBGkz7Xm_C?($9
zITEjhhdInsKQRa?-@{F;dANm!hY~!7nvPi?iTH56d(Qk&sYDUgKjk=@9$IKK__L&)
z!I2EJzodSqqWF-(*zYlvvZO~qUCl#dHJVzqHDi~utj6Oez00$Dy%DXBVR0zaNXg-p
zi58KK$w7PD!!m8&rEg(=O;15L6SOSMlP%M$PA8+Y&^iVCpabEPwR4f7h{`ndEeu%X
z+o>8)S`(OC?Ly~X%bdX4{D{H{D(y4-9ZFwd@1BBx{iW4?@t?Njhkt0gsgXBbAyy(G
zLYr=!XdP4uVT~rZOZ3~MR4F2W`GZ7@Bj8wIgdYSHdSOc1$?1Vg)tR7p0&cyBWqv|o
U*6VygU9SMcyRX-<n4?_$2@Q~h@c;k-

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_char_array/test_char_array.java b/regression/strings-smoke-tests/java_char_array/test_char_array.java
new file mode 100644
index 00000000000..017fe704124
--- /dev/null
+++ b/regression/strings-smoke-tests/java_char_array/test_char_array.java
@@ -0,0 +1,13 @@
+public class test_char_array
+{
+   public static void main(/*String[] argv*/)
+   {
+      String s = "abc";
+      char [] str = s.toCharArray();
+      char c = str[2];
+      char a = s.charAt(0);
+      assert(str.length == 3);
+      assert(a == 'a');
+      assert(c == 'c');
+   }
+}
diff --git a/regression/strings-smoke-tests/java_char_array_init/test.desc b/regression/strings-smoke-tests/java_char_array_init/test.desc
new file mode 100644
index 00000000000..fc1cde2392c
--- /dev/null
+++ b/regression/strings-smoke-tests/java_char_array_init/test.desc
@@ -0,0 +1,7 @@
+FUTURE
+test_init.class
+--refine-strings
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION SUCCESSFUL$
+--
diff --git a/regression/strings-smoke-tests/java_char_array_init/test_init.class b/regression/strings-smoke-tests/java_char_array_init/test_init.class
new file mode 100644
index 0000000000000000000000000000000000000000..48075eb9187d595911a17ba978135e4608218804
GIT binary patch
literal 1046
zcmZuw-%ry}6#nkk?rx>9GGO8l5EOL`WQzE66TtyO1T~q{01u{YH(2aiY&)ZWg+BA*
zqt9ZpC1Uj5KgdVoxt)xWm^SB}d(U^y{m$3h--q9S0+_)g4JnLpjB1GBf;1Ns7{etQ
zUDj{~nFI`sb7VCnFd}y*;+T}_t8q+8pX0cu;X0-{ZZPzXnZ7T)z;Ydb!Sc;5TT~g?
z21Bf1IaV;s5Y3FgU{H!~RWKx1Ek``5*S3WBT!JZ4GcAXqyA+s}H*4l@xXm#`BpKp`
ziv6#RR&wiJMJ!pes3#D9@JeQ;cFcFCjsc_@3>oKa)7j3I0?%@`<^D}+ZgJe!aR+yG
z+(VwDpyNJfb@ZX1Veq(Y{%Dv*&vQKqdcY77wvIW>GpNhLwp|?$QDjK8IdClKSj5r^
z22ZzkL?xi=O~R^~&7xF+lV4epQ76|AejsWjlv^kKz-maxa&ymUgn$MSW-U*8+QQim
zUWa<FknsOOQU6_8W0RgrCOl>!(`wftN?slx6L0IL?bC6cfEMTcIDJ0N4@@ucUt03W
z6QGu~At-sQT+ybBz>uyA-||GYEhK%`piT+81sfQp%ax*w$c#ZLJw;JaccjUlqSX+2
zMqbS}!M;i$2Fb?4O;Q}E+t5EysTlZVXg}1)*{HEx&MJl|XH~;4XJgWE!z~{mvQEvS
zt6`w1O(<*oP$wFQHNf`~-$TD#7}{ra9U!sZg!Zci=pr}S067VoOz91D?{$L0+Eh;i
z$&PKwIuf#;MUrBbo)|Q6TE%H(IfI5_bkVP+V;VguP^Lt}Y@in=$@8A1`AEn!RBa%7
zh!V$Hj&t;mrK!hITZ5TU7oay~G|;;Tu6%(K{f784i6iM`GZhhiP6|96ay<VRouJTT

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_char_array_init/test_init.java b/regression/strings-smoke-tests/java_char_array_init/test_init.java
new file mode 100644
index 00000000000..8e0f656e3e8
--- /dev/null
+++ b/regression/strings-smoke-tests/java_char_array_init/test_init.java
@@ -0,0 +1,21 @@
+public class test_init {
+
+  public static void main(/*String[] argv*/)
+  {
+     char [] str = new char[10];
+     str[0] = 'H';
+     str[1] = 'e';
+     str[2] = 'l';
+     str[3] = 'l';
+     str[4] = 'o';
+     String s = new String(str);
+     String t = new String(str,1,2);
+
+     System.out.println(s.length());
+     assert(s.length() == 10);
+     System.out.println(s);
+     System.out.println(t);
+     assert(t.equals("el"));
+     assert(s.startsWith("Hello"));
+   }
+}
diff --git a/regression/strings-smoke-tests/java_char_at/test.desc b/regression/strings-smoke-tests/java_char_at/test.desc
new file mode 100644
index 00000000000..5bf29fc7a4d
--- /dev/null
+++ b/regression/strings-smoke-tests/java_char_at/test.desc
@@ -0,0 +1,7 @@
+FUTURE
+test_char_at.class
+--refine-strings
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION SUCCESSFUL$
+--
diff --git a/regression/strings-smoke-tests/java_char_at/test_char_at.class b/regression/strings-smoke-tests/java_char_at/test_char_at.class
new file mode 100644
index 0000000000000000000000000000000000000000..de5fe888245402b54400942a31c1deaea5296cfc
GIT binary patch
literal 628
zcmY*W!A=`75Pg&EW|PeVNoXL2LLoq#a3~jUAXJosgrKcZP$jq^XJdgOY$~tQkKxi|
z&n*&>K%)14Q&n}mKmr$g#`EUAH{(D5ZteiAqV6M)iiek3O!-J*I)@xy*=WYYtPjr?
zU;CKDyoV}bd{M-))JAoq_=Ac?t0UV4IwEA&Riw-YAziC~Avle0TN1|hR3tz3E?QC_
zSTGkZgo+3wO(VkdkK$|c%mxVA^|156;WxWI9m;KGJBmie<~TeR`dFBEXX2X(Fp4ok
z!Nw~c5uL0wjaJbKi;Grhs|x`Fj09N35}`80Z9cl+(z>e&!BcJzZvwnU?HTju)|m_q
zp<LS=(%j3f*+Dbb*d_y<+D^T}6Aw|14lj!^(U!5&vOUn|(M^vFys0D1^TPA|7gVTN
z%N(Uac0N7}oXzk}e7nni&`%3Qk<U!>NZec+K=+eYVBr?2!&15rXZIJ}OO%)0Yh()H
zcjRy39rls^ZHZC|(I__o4t%(%GVM5LS<qipJ-pzkJfL4qB!OZncMbm%p7R4v`U>ul
S?9r7aaghq%TkjKz*5rTZxpr0n

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_char_at/test_char_at.java b/regression/strings-smoke-tests/java_char_at/test_char_at.java
new file mode 100644
index 00000000000..3b8663d62ae
--- /dev/null
+++ b/regression/strings-smoke-tests/java_char_at/test_char_at.java
@@ -0,0 +1,7 @@
+public class test_char_at {
+
+  public static void main(/*String[] argv*/) {
+    String s = new String("abc");
+    assert(s.charAt(2)=='c');
+  }
+}
diff --git a/regression/strings-smoke-tests/java_code_point/test.desc b/regression/strings-smoke-tests/java_code_point/test.desc
new file mode 100644
index 00000000000..012c7c3501b
--- /dev/null
+++ b/regression/strings-smoke-tests/java_code_point/test.desc
@@ -0,0 +1,7 @@
+FUTURE
+test_code_point.class
+--refine-strings
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION SUCCESSFUL$
+--
diff --git a/regression/strings-smoke-tests/java_code_point/test_code_point.class b/regression/strings-smoke-tests/java_code_point/test_code_point.class
new file mode 100644
index 0000000000000000000000000000000000000000..1d5d2269325d6c4baed8f6c6f44326db9fc57985
GIT binary patch
literal 999
zcmZuw+fEZv6kVsCOFJE)43|~`0Yz-7f+BbW2~ag@sF$QhBQIo_9&n({G&55ZUya5G
zqaVPF#uuNxq$HB)yZ_)P@CU@W&q!NPU-rzbv-aA1?S1CQudm+#OkqxgfuR_N<4EG9
zhEo`cg2h!8r!^=T63D0sXGF-T$ZALkIDs*N<iuM}#aRvKFs@>Pp=-qSeeMOe>-aZp
z-(0QmG6P#?P-bn%4(1r5nd}1wDesm!Lr2ke_?_C;D);USG97H0w!_d?3QTMBwpk5f
z73ZlsLu}Tn9LQ)Tx8_;=mMxOH1MUYa7D=vDUE2x9H_Rudjvn+f3=Z$Td$#xGWf-4_
z@ztUDLPr<6seq0Pm}E$c)QO7etWPX7tlacG*VAzklRAxUTE`_!Go)I~QsCLn`eMzl
zlsOSE<BE=}xJLf|YD~q9j#*r1NVc-?u5NHEI0F3<WJm~4_k^VdB1oA+wm_myaFMUM
z9{F!?B6+vw5L3<+LaO1et@%7ye420Q_>^x}tK2C!A%=buF18vvVrPbSXFWE(Mgw^g
zXi@VOS~x>*nftcK%gvF|`hprA(6*N`O!v#6E60*)F>HFHdnUF+F-2bk^knpu$9BLz
z3L?@Jl@Mfz<5-jWlTsse_Qr@TeL{2_J!4WGk|DoEVi(Gz9jM<AaHWpe|8OZ*M_hjY
z4_}h&(3C^?E)t}t7jp)kv^@-E)1q8^E?P&&p^BpCNZ9izbxTI5O9g#U>CVKkM3@B)
zoAkSQ(D52=I8Lli$ouG1(U(f4_K{W5Pvn87)v3@v(Trpro!d~Q50Ijt5p7j#Oh~B7
Oi0JcTjwixq27d!;VcgOH

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_code_point/test_code_point.java b/regression/strings-smoke-tests/java_code_point/test_code_point.java
new file mode 100644
index 00000000000..faf9a2051d5
--- /dev/null
+++ b/regression/strings-smoke-tests/java_code_point/test_code_point.java
@@ -0,0 +1,14 @@
+public class test_code_point
+{
+   public static void main(/*String[] argv*/)
+   {
+      String s = "!𐤇𐤄𐤋𐤋𐤅";
+      assert(s.codePointAt(1) == 67847);
+      assert(s.codePointBefore(3) == 67847);
+      assert(s.codePointCount(1,5) >= 2);
+      assert(s.offsetByCodePoints(1,2) >= 3);
+      StringBuilder sb = new StringBuilder();
+      sb.appendCodePoint(0x10907);
+      assert(s.charAt(1) == sb.charAt(0));
+   }
+}
diff --git a/regression/strings-smoke-tests/java_compare/test.desc b/regression/strings-smoke-tests/java_compare/test.desc
new file mode 100644
index 00000000000..38aa025f416
--- /dev/null
+++ b/regression/strings-smoke-tests/java_compare/test.desc
@@ -0,0 +1,7 @@
+FUTURE
+test_compare.class
+--refine-strings
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION SUCCESSFUL$
+--
diff --git a/regression/strings-smoke-tests/java_compare/test_compare.class b/regression/strings-smoke-tests/java_compare/test_compare.class
new file mode 100644
index 0000000000000000000000000000000000000000..3a807f4d203aecb2c12a4dab57637aeb3ded9359
GIT binary patch
literal 623
zcmY*WO;6iE5Pjn~w&NH`%vTBxA1!SINaex}RJEcYA=37c2njCL##y1IiH+7ye+(Cn
zoM|PHiqziuPgI?CA!)U%+1)oYZ{Ez_{r>S2z$O|#e9U^Nd3aKShdCefc<Q3=!@;bJ
z1s{u8a<NR9ToGw1b*7RyeXml{>B%mEjtS1TidFW8P-v_k66~F%D+v=#70Zu<en;xI
z31&xMsF*O;%0%?#gE-4!7taXZcGP>|@LS11M{-Y@jA|y+>~oa#&xDq*PsLXeU<~5~
zOLUCkXBh!g1bB`WLd}G1^hA8J@$OOVuGWbr1piXGcoE<wUJ)vzj8C0Y8D;-LtxT)<
zgiv~r&`t=`jpiulZ@|{-KKDC9cX~W3!c14DO3Ut03OAk&*uir;#xjrF=TD$Y%{0Nc
z0(dwWXFI{KI-kU6aqR|lWdc!Q>*OFyLUkD0g2fA12(5##(EJAb98+uS*C^T-DBr?4
zx`F%4a9BA<2%GOkF6i*$-)1QxBW2J%>MkaEGc+|Uu$dPHs-bs{(m7oF5_aJ`>=Eaq
RF2hrV6}&a-r}L6Ce*kI)bz}el

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_compare/test_compare.java b/regression/strings-smoke-tests/java_compare/test_compare.java
new file mode 100644
index 00000000000..c052ed429bd
--- /dev/null
+++ b/regression/strings-smoke-tests/java_compare/test_compare.java
@@ -0,0 +1,9 @@
+public class test_compare
+{
+   public static void main(/*String[] argv*/)
+   {
+      String s1 = "ab";
+      String s2 = "aa";
+      assert(s1.compareTo(s2) == 1);
+   }
+}
diff --git a/regression/strings-smoke-tests/java_concat/test.desc b/regression/strings-smoke-tests/java_concat/test.desc
new file mode 100644
index 00000000000..fb784efd723
--- /dev/null
+++ b/regression/strings-smoke-tests/java_concat/test.desc
@@ -0,0 +1,8 @@
+FUTURE
+test_concat.class
+--refine-strings
+^EXIT=10$
+^SIGNAL=0$
+^\[.*assertion.1\].* line 10.* SUCCESS$
+^\[.*assertion.2\].* line 11.* FAILURE$
+--
diff --git a/regression/strings-smoke-tests/java_concat/test_concat.class b/regression/strings-smoke-tests/java_concat/test_concat.class
new file mode 100644
index 0000000000000000000000000000000000000000..e4143c157737bffffa1af323a7918a12ba9a88e1
GIT binary patch
literal 798
zcmZuvT~E_s6n;+Eu3cAP42MHR1aWQ?m><L&79*LO5CJtaCU9fA?#(EcwrM+m3^#h`
zwVG^+Bzo_UQqNmt!{|lN_c_mV&f6b9zkUO-f%_&VF|XsQfdvx^u1T?I;JVaHQY`0S
z;f9VC6Q-=ZX`+H#I;w=36+4bal(>N(KXzlg<B2YT4hY$%>$}NALZ(`KO;B4wR}iLl
zTwm<<k2@lIC5t(6Y`Z>TqMg{z+g&?M!_0<YG#&5H46_~dBS$=SWk(?qaq`9qe8*1K
zkL-80g=rKyF71YA`@KdxiCn)&P(oKGYZmIb%~ZlLu&|0X3+rfDm_mV29=C0s@A4#y
zf{2j6fTZJ&g}b=-7tZs}k#G`1sk$?sat6LBx6XRP?<I%n5w_VqBTcCMum0Z=vg6Q>
zwirRJZr56TzcEb9<I@vnyCQZY(H(K;LneJr@ZArv#4k6=&rF4~+?K5jNS=%340{W#
ziM3WAf<DPYTw<9`gM=JPqtXxDs&Ve+DU|(UW(f6JeE_YQx><I2>#GCkdu#Ip7!TCX
z$eo~AQVZdG<WFJl50U>q3I-Q~5>`oJmtnB2@n4o@wmRn6Ut|&$j%*^27rf0ZSCpXq
z;((^(GVv!Bcz}WOi0wwY0We*(2ADX3u6~4?`GVXS?R-f&QG;SVlBbwU$z1sjB)pi=

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_concat/test_concat.java b/regression/strings-smoke-tests/java_concat/test_concat.java
new file mode 100644
index 00000000000..b9909c723d4
--- /dev/null
+++ b/regression/strings-smoke-tests/java_concat/test_concat.java
@@ -0,0 +1,13 @@
+public class test_concat
+{
+   public static void main(/*String[] argv*/)
+   {
+      String s = new String("pi");
+      int i = s.length();
+      String t = new String("ppo");
+      String u = s.concat(t);
+      char c = u.charAt(i);
+      assert(c == 'p');
+      assert(c == 'o');
+   }
+}
diff --git a/regression/strings-smoke-tests/java_contains/test.desc b/regression/strings-smoke-tests/java_contains/test.desc
new file mode 100644
index 00000000000..2b96346d718
--- /dev/null
+++ b/regression/strings-smoke-tests/java_contains/test.desc
@@ -0,0 +1,8 @@
+FUTURE
+test_contains.class
+--refine-strings
+^EXIT=10$
+^SIGNAL=0$
+^\[.*assertion.1\].* line 8.* SUCCESS$
+^\[.*assertion.2\].* line 9.* FAILURE$
+--
diff --git a/regression/strings-smoke-tests/java_contains/test_contains.class b/regression/strings-smoke-tests/java_contains/test_contains.class
new file mode 100644
index 0000000000000000000000000000000000000000..adf0ece000a23e9f4fd98803c8c74cbbf0aec72e
GIT binary patch
literal 716
zcmY*W!EVz)5Pf4OvEw)-aYzX*1qvli(n2r2H6W@07g9K+s?=W4+F2F1sSUQnkq^la
za0aACq7vNssES#)Nr<$X-JLfx@6F8Lt6#qX?BJ<|B9;xTn7C&_!>Wn<CLZKbz(e(4
zGw{elUWGiiu#P7N8ieY)h+`Qgei+2B{8+d{IUvw6A=mK(KY2mWo2^4arW+0<q15vO
z`EGRX%IH7^GjJ~afKcow!aLg+pHer=AebF*cvHjbhoi`oZ+w;EBr;AucwvxmX8i0_
zd=WOvs1VBPy*(7c$#y@9{NRMy_gqh*8wAbu*a+9gEtG6D(IV968GF-4UPn<Fv7!YU
z18p0d*jgZY@19C8A=H|^d7W$KUDdQX6-ik6KcxFnM1A>rBm+<Gws=^jd3txq6D2GS
zWb8+BFjK|zNk$CtIFGT$TPgC|s9aag@Jk0PLxruwzg518?`(Sl`mO>|Wt&T##9O>Q
z3;oKeI%Cf-p&dE;1ev!^w&&#bf4~@{+TOf?IY!|U`J)M}KR4d3MX#dJQi^3JVP05#
z7h$j_6AdQpu&2gI3ECAJ29~Z*jo~{pEjy_`pyCuRV2@#Bz9FOkgfXu_Z9&z_LbG40
JM(Zj4-GA+{itGRY

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_contains/test_contains.java b/regression/strings-smoke-tests/java_contains/test_contains.java
new file mode 100644
index 00000000000..5112c344c09
--- /dev/null
+++ b/regression/strings-smoke-tests/java_contains/test_contains.java
@@ -0,0 +1,11 @@
+public class test_contains
+{
+   public static void main(/*String[] argv*/)
+   {
+      String s = new String("Abc");
+      String u = "bc";
+      String t = "ab";
+      assert(s.contains(u));
+      assert(s.contains(t));
+   }
+}
diff --git a/regression/strings-smoke-tests/java_delete/test.desc b/regression/strings-smoke-tests/java_delete/test.desc
new file mode 100644
index 00000000000..27a1406cdb7
--- /dev/null
+++ b/regression/strings-smoke-tests/java_delete/test.desc
@@ -0,0 +1,7 @@
+FUTURE
+test_delete.class
+--refine-strings
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION SUCCESSFUL$
+--
diff --git a/regression/strings-smoke-tests/java_delete/test_delete.class b/regression/strings-smoke-tests/java_delete/test_delete.class
new file mode 100644
index 0000000000000000000000000000000000000000..f18891851b1e69aae1bc9416dd3316dab6c8e3b1
GIT binary patch
literal 943
zcmZuv+iuf95IvjQ#*W+O+J-`aLV=_S4VRQ#0yHfkRZ0OV2-Na`9D7x{IB~HZBz`47
zz%xZkBr3r>{{&(-X_{Vm*|BHNoIP`Pe*gXP6F>!PD&n}raXE?w6#-n4$5nYOD!7L0
zDsCXJU>b!emQ)l`;<%|olRe8S%DBaGn<2HRd!BH8%jtN}EKhIQ!en6E43V1EvHT|t
z!F=H@LulPG1;b3k>WG)!c1yT#B$x_q-RdyR=HEAV_0M|Q);l}prteyvovLh{YWlkI
zaZ}$L;z=;a9foMlun+mwrqgu|@xqd9abI};2UFO>7t4}QLkekzxzpThUCTCwOY-V1
zLxS#V<jRVMd$`Z>K*K{k;;3q<$w~rAhCtn*yEQxpO_iMx*2fM!cU^}VW5+abJk_v@
zIw_kpylU+V!#|N44a|_q|KEkkXe5SQeq*C>26H$~m5lM7F;_Z&7D$L=LYiMZU$n^s
zr%Q4&BU;NTzb5y6q7izV8d5{$C({gkPl9ZEx`_DH)ot&T_|cHn0<FT#Wb}2L_Jv;C
z6rSY@^T;}SWWP%VT9$1r(AvdmOIbWCou{uLNCwh$X6P?Rkx>jU4ZyxhAZF=|43i8B
z=8&at33aJ8NO9!=fvse4fKa0t3ilCySL`FQxes3IBf1Zzhjb~a_7UqLb^vW_fT>@S
zIxwW3Cvv(ED#Zji<)WlQp^Z^-jw&&*Kd5lbbDXErg(Inzp(Y@aobF?$2Oj#0Q1CmH
U3HMmG<Ow67t;*qY!>cd;12=iei~s-t

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_delete/test_delete.java b/regression/strings-smoke-tests/java_delete/test_delete.java
new file mode 100644
index 00000000000..13bd09cd075
--- /dev/null
+++ b/regression/strings-smoke-tests/java_delete/test_delete.java
@@ -0,0 +1,10 @@
+public class test_delete
+{
+   public static void main(/*String[] argv*/)
+   {
+      StringBuilder s = new StringBuilder("Abc");
+      s.delete(1,2);
+      String str = s.toString();
+      assert(str.equals("Ac"));
+   }
+}
diff --git a/regression/strings-smoke-tests/java_delete_char_at/test.desc b/regression/strings-smoke-tests/java_delete_char_at/test.desc
new file mode 100644
index 00000000000..94ba56a2c54
--- /dev/null
+++ b/regression/strings-smoke-tests/java_delete_char_at/test.desc
@@ -0,0 +1,7 @@
+FUTURE
+test_delete_char_at.class
+--refine-strings
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION SUCCESSFUL$
+--
diff --git a/regression/strings-smoke-tests/java_delete_char_at/test_delete_char_at.class b/regression/strings-smoke-tests/java_delete_char_at/test_delete_char_at.class
new file mode 100644
index 0000000000000000000000000000000000000000..cfd8561e5960688dd28ec9e722c7353b57d35ec8
GIT binary patch
literal 867
zcmaJ<U2hUm5IuMK*kxIS0&TGtwOSRZEmH9#p)q3B#EANUv9T}YvU^jvZg+8a@yGB7
zd{z^h*hJs`Pa5YgrD$sUGIQ_Dxo6JI+@HU{eFxCQeH~epRb14epseAN^p~Ysk>*MY
z8C=z{s^c22tGJ;fE#Va%Rn%0hF%(vL5C}iCJvVr42fXhHi-GMjB)4qW4j(YYD%Cd(
z@omo%4B3wDikHKKzVKg5FeMJS?J{J#AvfQ@;Dabkl2qJe(6&tHm`3k<L*EonZTYAa
ziXiM+!V#h9neVvY<Kf0W|HuvGQD9h<=eon)y?QtFZFld{&~_~0lbUwlG_Z~h19jXo
z(7>jF9Of95wn;S&+(wfM%m~`k2A}x8M+}Ak)K+oFz+K#9$ju(U>hB9P{3kRKL&M>N
zfpBS3>y^&z!6e(No(dhSZ!s8?p0}yxHc>BEo}Go(LT_5JSUC+OzNGjt<W9ga|F@8d
z@>Z4Bn4QVnc4*fO3zi6MUsxw|q0NOuO3<Qru|i)aOP`D7N^-1pih;?ckS)@!OrDWX
z)DFQuOCaXSCZixj3JWJtkG`Nnxy>UeZx0cBUdzYFNbJ<eCU<IMsGTp+Mkuc3Q)B2O
zq>qp$pz%ZUDiQAzF;g*U<g-vIreTSyG@xUVGHI}1Xs9TuI3J~^I-8LoU@o5-<J<^p
a{1f7_uh3@PQ_Yem0mXPIJG&5-Uj75Aceteh

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_delete_char_at/test_delete_char_at.java b/regression/strings-smoke-tests/java_delete_char_at/test_delete_char_at.java
new file mode 100644
index 00000000000..94787c5283d
--- /dev/null
+++ b/regression/strings-smoke-tests/java_delete_char_at/test_delete_char_at.java
@@ -0,0 +1,11 @@
+public class test_delete_char_at
+{
+   public static void main(/*String[] argv*/)
+   {
+      StringBuilder s = new StringBuilder();
+      s.append("Abc");
+      s.deleteCharAt(1);
+      String str = s.toString();
+      assert(str.equals("Ac"));
+   }
+}
diff --git a/regression/strings-smoke-tests/java_empty/test.desc b/regression/strings-smoke-tests/java_empty/test.desc
new file mode 100644
index 00000000000..9951c8a13ee
--- /dev/null
+++ b/regression/strings-smoke-tests/java_empty/test.desc
@@ -0,0 +1,7 @@
+FUTURE
+test_empty.class
+--refine-strings
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION SUCCESSFUL$
+--
diff --git a/regression/strings-smoke-tests/java_empty/test_empty.class b/regression/strings-smoke-tests/java_empty/test_empty.class
new file mode 100644
index 0000000000000000000000000000000000000000..8e9a17d387e018eab40fb786dd1c200c507739da
GIT binary patch
literal 571
zcmY*V%T5A85Ugf_!F3fx#YM%piF%L=M`JX;4!#Z;6TO%PCT0{CvpbmhEBt_GHGxDE
zz57kZ*t1cHm!5u9RaejF_v<@=5|(WYAeX|#00dkcc}xmS*+?KKFm0oN8G%{C=#m$P
zGSI5&hr25DDs@>S&?O<cp?sw`3D(N$IU&B&tVu%pNcr-l)u_ne%z$~&@RUy&Dr>KL
zd+gmsZGkyLYNJ~J)v(LWR#27u$}rMehWbi2?)1a@jd$-ka4<yRXk(C>4(72yaLue(
z_x$VP_MgYSAZP{zyRRUy=wQj<GkyGN<wjQZzgAfX%D*NE74DhM(OrCIy3g9F^Is5h
zH5sZv)_P0%GTjQ<l;A%FDB~KVoLL}ao#QZ91%CMoB-Xm1Cj&&9V=`(IQ!_p20b)@%
zpN$<p!)hbD)<L|D!8ar>x=4N)dMu(3^A^_Rn1ss?Mz~6WzTgUEIUDVXmLf@DBr7^d
cwISk<h+8kP`eJ`xj7S18XUjMqi*}9w0K8&p1^@s6

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_empty/test_empty.java b/regression/strings-smoke-tests/java_empty/test_empty.java
new file mode 100644
index 00000000000..47c335e16fa
--- /dev/null
+++ b/regression/strings-smoke-tests/java_empty/test_empty.java
@@ -0,0 +1,8 @@
+public class test_empty
+{
+   public static void main(/*String[] argv*/)
+   {
+      String empty = "";
+      assert(empty.isEmpty());
+   }
+}
diff --git a/regression/strings-smoke-tests/java_endswith/test.desc b/regression/strings-smoke-tests/java_endswith/test.desc
new file mode 100644
index 00000000000..0461a3e50e6
--- /dev/null
+++ b/regression/strings-smoke-tests/java_endswith/test.desc
@@ -0,0 +1,8 @@
+FUTURE
+test_endswith.class
+--refine-strings
+^EXIT=10$
+^SIGNAL=0$
+^\[.*assertion.1\].* line 9.* SUCCESS$
+^\[.*assertion.2\].* line 10.* FAILURE$
+--
diff --git a/regression/strings-smoke-tests/java_endswith/test_endswith.class b/regression/strings-smoke-tests/java_endswith/test_endswith.class
new file mode 100644
index 0000000000000000000000000000000000000000..1f86e94431db46af05b50269fc47d0cd7e516c86
GIT binary patch
literal 711
zcmZ`$O-~b16g_vQ?VC=gww+q6C@PAz6qF4+s*#{>EV8K4z{bqS3qCAUGc(nlKcs)a
zwVKcb65acwi1!W9rVEpocfapB_ujwfr@sMg;<1e~76oouxNXD0l7%}K?iNwPJ#8-w
z+_zEGDGzL{;GsZ^P+#$qM8>HaM#&46c>X|!1UeuTx++rXGlJP(eMiXc3`0q%^i(9@
zjE;R7ztzbcIQCRTDECt@__XVN&fH9cV0DARWe>YQ9L0frrF4ax$|U_DqcHiZ(vMG$
zyf2=EDr$tP);9)Tbhyz^V-+28`)xl6b@&m%2$-AU2M(^G;-HOHLUUHKeKpC;I3C7K
zX%0uA<6sTzb0~ZMkqlBoqurbJxq#l%Q(KzlduI8c6y8&1R=6|ZWfB%bnW$KXQ$D<!
zbi@JP<N=oXAZ5N7RhxPY)=V%b)cAMVT4G5o^PLIkhfYMD|3c;@KH&9f>NhSmIrj7n
z#=dJ#kbCXsdv0O(C&U=_&e{pAF-m7B?oVL<x%95jdo_fSK`b%|<HBZHhG0%bwAku0
z;|516FwW5uSh#o%Shz9evYGJ%YHsNS&KM&19XazC#H|0-2)b7uhVxtx+RWf@{sXhI
Bi3b1x

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_endswith/test_endswith.java b/regression/strings-smoke-tests/java_endswith/test_endswith.java
new file mode 100644
index 00000000000..f7729ef6a40
--- /dev/null
+++ b/regression/strings-smoke-tests/java_endswith/test_endswith.java
@@ -0,0 +1,12 @@
+public class test_endswith
+{
+   public static void main(/*String[] argv*/)
+   {
+      String s = new String("Abcd");
+      String suff = "cd";
+      String bad_suff = "bc";
+
+      assert(s.endsWith(suff));
+      assert(s.endsWith(bad_suff));
+   }
+}
diff --git a/regression/strings-smoke-tests/java_equal/test.desc b/regression/strings-smoke-tests/java_equal/test.desc
new file mode 100644
index 00000000000..05f0f383230
--- /dev/null
+++ b/regression/strings-smoke-tests/java_equal/test.desc
@@ -0,0 +1,8 @@
+FUTURE
+test_equal.class
+--refine-strings
+^EXIT=10$
+^SIGNAL=0$
+^\[.*assertion.1\].* line 8.* FAILURE$
+^\[.*assertion.2\].* line 9.* SUCCESS$
+--
diff --git a/regression/strings-smoke-tests/java_equal/test_equal.class b/regression/strings-smoke-tests/java_equal/test_equal.class
new file mode 100644
index 0000000000000000000000000000000000000000..e0fc6db8aaf91eb799f5e02cfdd3194a232479f1
GIT binary patch
literal 725
zcmZuv(M}Ul5IwWq?rxXGEv<!$qM(Q^wDQ6mglLLB6?`Z$0Upe4dqXZPySTgc5B!P#
zfX`||6G`;lk0Q+73Jt_$b7$_HnR905?%%6lzX5EZ;ljhbjmHk2xG=Eb;AsIap6Sb?
zjU^Y3#-F=*fn^&n3FT#xBr;A_6ec?=5#2!c33N!Xwp6InZ9=YA|41-fQC|}LwhHCm
z;H)d-eVxp}nNT5NwszD$5nsf5Aj0GIP8zH5cvBZncT&+i-4*9qJ~u~jwtB%oa<>x=
z;+}l3G?kyqB>f~m4@B@<b9wMlBoy!S5{z@D!4>UA9;WfY!z<JX)k*H#o59}2aTF8W
z3A>HDhgGcI;r`G)k-d~qsr`QtD{CydmoTo{tn<eFiFPaCwenK>GEuSY-?qZLNCyn?
zP7krfPvh~!QL(BgU@r$|L6OfHzAdmNw)xc&=(|otiBBsF5(+5eA^SS@E0>yVcP?QZ
zlyW1O?aa%ww_D2Z{eU$@d985)dx)t^I0qvX{*0rI=G~}PGBTxk)?#^X(_$qXbNu@>
zS+~WJ3L`#@D>QA)j=u`SbGO}ZWNiX7CHDeTL)hjwn7N;@Cj2*(Xs$dA?~R_fn#n)9
E2H7QzvH$=8

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_equal/test_equal.java b/regression/strings-smoke-tests/java_equal/test_equal.java
new file mode 100644
index 00000000000..a3acb0ebda5
--- /dev/null
+++ b/regression/strings-smoke-tests/java_equal/test_equal.java
@@ -0,0 +1,11 @@
+public class test_equal
+{
+   public static void main(String[] argv)
+   {
+      String s = new String("pi");
+      String t = new String("po");
+      String u = "po";
+      assert(s.equals(t));
+      assert(t.equals(u));
+   }
+}
diff --git a/regression/strings-smoke-tests/java_float/test.desc b/regression/strings-smoke-tests/java_float/test.desc
new file mode 100644
index 00000000000..427d1fca836
--- /dev/null
+++ b/regression/strings-smoke-tests/java_float/test.desc
@@ -0,0 +1,7 @@
+FUTURE
+test_float.class
+--refine-strings
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION SUCCESSFUL$
+--
diff --git a/regression/strings-smoke-tests/java_float/test_float.class b/regression/strings-smoke-tests/java_float/test_float.class
new file mode 100644
index 0000000000000000000000000000000000000000..e4448d415584df7b1d4015eaf7189dcde13f9c81
GIT binary patch
literal 965
zcmZuwZBNrs6n<{k?RKSOqp<O!pu*G*-R29v4Dc<$5)+&xGbZxIl<k7WuEn-9;S>H2
z{(zsw1dJx?CqMY3#B)1gpr*~ax6ggfInO!g_UEt9UjfYEfsO%8s5|cf^-!9f?|_bT
zIG@A?OzN0IK8Z9gYPh81G720;9etS4Fs<PV$5kCAlsPI4gLx|mgdf_T8!Xy^wdRNx
z16yTC%-gOV-e-sviq9F;1+OI-(#y6h>YetQ@SjOC9keamWk@wbtNHqgwH3h}*BG?<
zrt>F;-tanpQ`Btfkq$)=zFc=aD=cqXZ!H5u$Z}jaa053vW(?fIZH_wz?xJeI#2|^N
zTXhO*U>0)>BhsznSnfvU(UJTm-}ih<`q*8UNw*o2rQTle<>Z(*a1T^jrWfYv+NNlR
zr=UjY+wKO*?XhZ7Gvx@qqr+^WR$T58x-cm`5xTJ*grZF)cpdW1cG<R9S)uSDIS8vw
z4uesU(=Y?yk|c-vn=SmCM$RQ6-gGP{_>0gjXRb(dJRyI<p<y%RS|YH0(K>D&jV|oa
z0Zn?9Zcv)87r-(jvh}o!fyoJx&C%C5t&G<A^a0ohNyISOL<CaPF>*}(0flhDHkAc4
zwrHwLlb;Z;Pm!5b^U}umkSOhg??Kx|b~J7#_o45i?+f}~9KiS%;X@@e^&dDps+#?$
zaVbZM<do^YlSa~>pofzz4gF+?=tmhtDyp)I3|6StS5)UHv4;^mL=_1|Q8>oBFOVB1
q*E7d8%|vwq17><3nO$)8J=EAoXuaG=t&lO}P>hGNVP_+0<G%qB5643Q

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_float/test_float.java b/regression/strings-smoke-tests/java_float/test_float.java
new file mode 100644
index 00000000000..d2791d5c343
--- /dev/null
+++ b/regression/strings-smoke-tests/java_float/test_float.java
@@ -0,0 +1,15 @@
+public class test_float
+{
+   public static void main(/*String[] arg*/)
+   {
+      float inf = 100.0f / 0.0f;
+      float minus_inf = -100.0f / 0.0f;
+      float nan = 0.0f / 0.0f;
+      String inf_string = Float.toString(inf);
+      String mininf_string = Float.toString(minus_inf);
+      String nan_string = Float.toString(nan);
+      assert(nan_string.equals("NaN"));
+      assert(inf_string.equals("Infinity"));
+      assert(mininf_string.equals("-Infinity"));
+   }
+}
diff --git a/regression/strings-smoke-tests/java_hash_code/test.desc b/regression/strings-smoke-tests/java_hash_code/test.desc
new file mode 100644
index 00000000000..2db8d7116f9
--- /dev/null
+++ b/regression/strings-smoke-tests/java_hash_code/test.desc
@@ -0,0 +1,8 @@
+FUTURE
+test_hash_code.class
+--refine-strings
+^EXIT=10$
+^SIGNAL=0$
+^\[.*assertion.1\].* line 8.* SUCCESS$
+^\[.*assertion.2\].* line 9.* FAILURE$
+--
diff --git a/regression/strings-smoke-tests/java_hash_code/test_hash_code.class b/regression/strings-smoke-tests/java_hash_code/test_hash_code.class
new file mode 100644
index 0000000000000000000000000000000000000000..21bc5d96ca9a445a071980994f306dafe0589d72
GIT binary patch
literal 650
zcmY*VO;6iE5Pjn~UdNauI5ecR6bRo?l?%5<RV&&`RiQluA(0E(I4f8P4ze9?{1Gl3
zIk%NSYNhtxAB8$=N}|a2taskbdvE6N{m<V3wy^5K!<37fi>C#+nD+1t&jn^YIG7T6
z;b9hY0`r8*qD&GMr@9v<?{y;EUDY8_i{LbLq|-Nq-0Ips!QSq56rr@EBlV?!)>iSJ
zDQ4hI>WDDjOl5ewE6=mEK%L+=!tQ?#ui5Lzq57yzM<rEBdU!08<HL|iU!BMc>0=y4
zf+gD~@O2D6llWM`BB5qVHoG!9+I;tD_d^`_VnT70Okl~!GFAxXVb9n0i3-z^R5Oir
zbi^Kwjfc^A&QCnxux-1`yCGCND$%j(43v4&w9f!Hv@p;6^?2)4t{Kn#mjiDDMUExD
z&G1Ql=GX5)-%KIO9GxslC}3hxdI^i0fkt3`4y>IZxBDIT6{_pE$Zzm>jj>;F4(=fS
z41t%UfKjkAg=yAcS!Q(j5v=5*&ha(d4HzlGx<_50^6=Ieo*Y=&%IpCXfqRR>6@+~Q
YJNE<jkpFQ4!<C2Szcq6{$>gj507B+?5dZ)H

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_hash_code/test_hash_code.java b/regression/strings-smoke-tests/java_hash_code/test_hash_code.java
new file mode 100644
index 00000000000..d9f42b7ff9d
--- /dev/null
+++ b/regression/strings-smoke-tests/java_hash_code/test_hash_code.java
@@ -0,0 +1,11 @@
+public class test_hash_code
+{
+   public static void main(/*String[] argv*/)
+   {
+      String s1 = "ab";
+      String s2 = "ab";
+      String s3 = "aa";
+      assert(s1.hashCode() == s2.hashCode());
+      assert(s1.hashCode() == s3.hashCode());
+   }
+}
diff --git a/regression/strings-smoke-tests/java_index_of/test.desc b/regression/strings-smoke-tests/java_index_of/test.desc
new file mode 100644
index 00000000000..f2fa825597d
--- /dev/null
+++ b/regression/strings-smoke-tests/java_index_of/test.desc
@@ -0,0 +1,7 @@
+FUTURE
+test_index_of.class
+--refine-strings
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION SUCCESSFUL$
+--
diff --git a/regression/strings-smoke-tests/java_index_of/test_index_of.class b/regression/strings-smoke-tests/java_index_of/test_index_of.class
new file mode 100644
index 0000000000000000000000000000000000000000..1acb3335d57d4664c88fb229efaf15666076d900
GIT binary patch
literal 631
zcmY*WOHbQC5dOxoy^b-Em=aRTD=oAEq;la_Kt<3>RZ}<wRcbECj|D9RyRseB-@=6>
zXQ%`cNc7$xg&4af5%OwxJu}~9cK$xx-UC=g(}s-+3v~-GZA{`-85X7lrfry*5SXzs
zi#dS?VQk(@Q<-Ecj?!(FdVW`i1nLmXH5I9BgHUQNekbT#aVQC+EfvX~-ia@hy}Xzc
zC!UH3!|luqj=y<7i?G0Jg0&WO|8v;wxR(U-v&s=}Cev(RMWOt)A0NCw@=iSm!x&+y
zO+O%Le!zGKZ!qs*2o9m1*Q|8C=x}B8$?m5li4)d+MkcV};4R(}Dg(%_e<XwKS*V>Q
zDmo;H!o}_ZVZ7NIApWI4EPmmJ2hpuAzZIbt%2XvX>^tGkvmPh-p*m>rQ`<ZRs?>Au
zd@F%nVubfm{+s5L_%xPoK$m$TD!iLTkWfaoU)q7jU|`PGzPhE>((*O*^(z=>s7&eS
z7`lV`;|AhS&Y~48H5hz17-jM&Sl;4Em*H~M0X<+=V2l^f1~2+LtA#dDb**cZ&mi;*
Y=%wE<2E<SHav}qo^D%E?ywI&Z0#?y>82|tP

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_index_of/test_index_of.java b/regression/strings-smoke-tests/java_index_of/test_index_of.java
new file mode 100644
index 00000000000..270267196c5
--- /dev/null
+++ b/regression/strings-smoke-tests/java_index_of/test_index_of.java
@@ -0,0 +1,10 @@
+public class test_index_of
+{
+   public static void main(/*String[] argv*/)
+   {
+      String s = "Abc";
+      String bc = "bc";
+      int i = s.indexOf(bc);
+      assert(i == 1);
+   }
+}
diff --git a/regression/strings-smoke-tests/java_index_of_char/test.desc b/regression/strings-smoke-tests/java_index_of_char/test.desc
new file mode 100644
index 00000000000..63382a455f3
--- /dev/null
+++ b/regression/strings-smoke-tests/java_index_of_char/test.desc
@@ -0,0 +1,7 @@
+FUTURE
+test_index_of_char.class
+--refine-strings
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION SUCCESSFUL$
+--
diff --git a/regression/strings-smoke-tests/java_index_of_char/test_index_of_char.class b/regression/strings-smoke-tests/java_index_of_char/test_index_of_char.class
new file mode 100644
index 0000000000000000000000000000000000000000..f87a10266837a4d7315b07e7dbb86aad5cd9ca03
GIT binary patch
literal 614
zcmZWmO;6iE5Pg%_*<egD0Yb`011&|s0WKU<1foSk{os(Q0xr?UUg$!w(b_@$7A_n)
zLnV+vYVZ9~sIyi{R8=eO$IQI<=FR?odiV)o4GSIyP%UG^Lk%wnATTK~<-tW&VA{hB
zUJ29*qw_LNmC1Axr|)$t+Z`1V=zvga=vZg#gyQ1TH-fX3M2ax{Nyq9-_q46dS6j@9
zQ>kOZP&1R^$!B?%hXrN{<wn@~%i%SXt_jt)wup&LrCCeIk-BIlhpq6tG%LsQT>9`a
z#Cn_Uknuj|@Y;umK|;-@S35F3THSnZ_k%HsAyob+6L{le9&ZUjAGg~+R$=x}sF@iZ
z9}z^}%I+b1S=?FLVUvB>R)^<9s75N)Mnye!cAIrM!NWP=Mg>nBprB^^<y#SC&G7z$
zUo(6XpYHNK=*AXenD<g1B!&jP(mfOy49r#vAA_*5JavcSyIVMy2&UaD3_il$zenkp
zWhvw=RsK_^W>krnVA(S2%sIkQ5A=k(K!x}>FxpdD%awtVinv4h62iHLQ~Uv^Py5`Q
PrEyX4H>`!RTy^{pEv0g(

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_index_of_char/test_index_of_char.java b/regression/strings-smoke-tests/java_index_of_char/test_index_of_char.java
new file mode 100644
index 00000000000..6a5d3d60bd6
--- /dev/null
+++ b/regression/strings-smoke-tests/java_index_of_char/test_index_of_char.java
@@ -0,0 +1,10 @@
+public class test_index_of_char
+{
+   public static void main(/*String[] argv*/)
+   {
+      String s = "Abc";
+      char c = 'c';
+      int i = s.indexOf(c);
+      assert(i == 2);
+   }
+}
diff --git a/regression/strings-smoke-tests/java_insert_char/test.desc b/regression/strings-smoke-tests/java_insert_char/test.desc
new file mode 100644
index 00000000000..77d3ce2ebd9
--- /dev/null
+++ b/regression/strings-smoke-tests/java_insert_char/test.desc
@@ -0,0 +1,7 @@
+FUTURE
+test_insert_char.class
+--refine-strings
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION SUCCESSFUL$
+--
diff --git a/regression/strings-smoke-tests/java_insert_char/test_insert_char.class b/regression/strings-smoke-tests/java_insert_char/test_insert_char.class
new file mode 100644
index 0000000000000000000000000000000000000000..481304a9f6deb435deed6561f574cf664acb1da3
GIT binary patch
literal 811
zcmZWnU2hUW6g{)R?y_tPrIg|aYPBj*1wX1UG)Bdm7*QWEn)am`b|>xB?XK>JKZZZx
zvzkC+6MgqTX}kjkV*7G;_S`e)o_p{7{`=!6fK5EKu!xHWswOU3&~RCWD=MsIVdJWa
zYZlgV-M|eCmSWztP($57gJF4{N0A6)8TipN8S%a+Tn4twpl?ZE#*Y|MwfZ}TbSH2H
zL%u70@j5x`i}0-?Q{sqApJAaFbLYb={&5VG8v`2*=9c4~$XLA~2_5lVs!J=eh~hoz
ztI~VU0S}vp{4=+)gd)SLI=4LT@3(q!DE<AXiS%3%GHBdUoLe?-qiLgsJ2vttkVoEk
zsGyCzxW`bL3p|;2w;hH7DHKi@HgMmjAwHng{MMWPp>X2=potT5UhB?z6R@r3qfeS)
zsMcO|>Ss77EwpJQaWK^?)y@)$p^Hxm_o7p^CZ5`LT1|fLpySd07|O1QWGLKOyR?ls
zp#&{&7i;tk7U`|9LPd>>PAM=oYl_SCSEVnbZ>BK<`>Kd2QPjsELl!GD>H%HVDAziM
zwo^=vkbc=n7y3hF-ZzHOyWe08P}(S(Lu3cY9mCogA@@s(YGctdGIY++L)1ysz$#2M
zsYIF39M~T;2{TY3_}r}O=GY0aRJ4a!7{Ew>K|1vv#$0!5R_SD**^gCA=f`C)`~&hw
Br?3D3

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_insert_char/test_insert_char.java b/regression/strings-smoke-tests/java_insert_char/test_insert_char.java
new file mode 100644
index 00000000000..ac6beb4ffcf
--- /dev/null
+++ b/regression/strings-smoke-tests/java_insert_char/test_insert_char.java
@@ -0,0 +1,10 @@
+public class test_insert_char
+{
+   public static void main(/*String[] argv*/)
+   {
+      StringBuilder sb = new StringBuilder("ac");
+      sb.insert(1, 'b');
+      String s = sb.toString();
+      assert(s.equals("abc"));
+   }
+}
diff --git a/regression/strings-smoke-tests/java_insert_char_array/test.desc b/regression/strings-smoke-tests/java_insert_char_array/test.desc
new file mode 100644
index 00000000000..d48c601b61b
--- /dev/null
+++ b/regression/strings-smoke-tests/java_insert_char_array/test.desc
@@ -0,0 +1,7 @@
+FUTURE
+test_insert_char_array.class
+--refine-strings
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION SUCCESSFUL$
+--
diff --git a/regression/strings-smoke-tests/java_insert_char_array/test_insert_char_array.class b/regression/strings-smoke-tests/java_insert_char_array/test_insert_char_array.class
new file mode 100644
index 0000000000000000000000000000000000000000..3c0b53292301c003d9745154f7ecba9ccf1a4695
GIT binary patch
literal 979
zcmZuwTTc^F5dKbYr(G5(ZMi4{qKLg9^@7(TmsU-Tpe7X!@IX#?PjGR&i@RGBeueM+
z0iVUBBx3a4A4QzgLM!6SoU`A2GxN=y+26<Ce*&08MMDx39GBym)DXfIWv(hSmB2Mj
zYq*YV0)5EEk=Ibb495)(x{8_AP{d7+TMX$b;rr4HEZ6a$SiY#)(qv#846%93v4RDL
za5ndrAyRQo$<V)IIr3$rUX$J%MJ7jGSPnyPH4w&!Rk7QGNf*a$jynwTdBZ-*q*dL9
zXUJ!kiW?22A8c8Us=j5s7v7feJh3;sBR&ZoX=E6N)xBs7XS-MpJj>ZGH!Rzf9z#f&
ziZiF<F7D~Lj|UtNbv#0eV_wH&<rzSV)QOs5k`5gUSY#OKW?Vk)`>E%-lyd0*dN`JJ
zEThbj?8d&T?MNda8Jm?ecv~gIV0NWTZi6K?#8|sshVkt4%}VYZ>7>6BO)YRwlV!5!
ziNyFzPIb=@WSw5hZIGzJc3R6VzNVQ4ltzj=1*BV&&cY0QSCMRb!I=Em5Vrr1`gW_O
z9Bo8@x2K9tYeO?LrEhuC?97suAZU<-c4h;Uw0%ihR+b!5k3qLENCq-w2kC2!PDW=m
ze+c$f5ivwI)&dz4817I%Q)rlcl_P}KQ{h8IUPOOHR|?@|ZLJVV8f*DTp^50bd=s(N
z1Mrz9;s;3VBQulIn&{a_&k^+XL-hVqg+i@D(^P`0L!**?;G`^$5yB=2nL-c!GdjxX
zB@E<e$0&1L;JC;!O3X_gadR!fz(A_6iT-`?$QMMy-;n5*I_*iNiXx;hsm{k*O2+>H
DG=<Sh

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_insert_char_array/test_insert_char_array.java b/regression/strings-smoke-tests/java_insert_char_array/test_insert_char_array.java
new file mode 100644
index 00000000000..2c2840df672
--- /dev/null
+++ b/regression/strings-smoke-tests/java_insert_char_array/test_insert_char_array.java
@@ -0,0 +1,14 @@
+public class test_insert_char_array
+{
+   public static void main(/*String[] argv*/)
+   {
+      StringBuilder sb = new StringBuilder("ad");
+      char[] array = new char[2];
+      array[0] = 'b';
+      array[1] = 'c';
+      sb.insert(1, array);
+      String s = sb.toString();
+      System.out.println(s);
+      assert(s.equals("abcd"));
+   }
+}
diff --git a/regression/strings-smoke-tests/java_insert_int/test.desc b/regression/strings-smoke-tests/java_insert_int/test.desc
new file mode 100644
index 00000000000..dc039fedbea
--- /dev/null
+++ b/regression/strings-smoke-tests/java_insert_int/test.desc
@@ -0,0 +1,7 @@
+FUTURE
+test_insert_int.class
+--refine-strings
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION SUCCESSFUL$
+--
diff --git a/regression/strings-smoke-tests/java_insert_int/test_insert_int.class b/regression/strings-smoke-tests/java_insert_int/test_insert_int.class
new file mode 100644
index 0000000000000000000000000000000000000000..8b0121ec6814ebfb8aff4dafa89d588b6c20c5bc
GIT binary patch
literal 810
zcmZWnU2hUW6g_u=U0Ak-QcCdywOSRZf>!i}#;CO>ji?V8P5WYoWm2bZ7u{X_G5i6a
z)dUio=)3<(;~gjv+m|~tXU?2^?!EK-?~k7V8hBu15f?3#lDK5Uz-1k-=&+W8gR4ng
zv$2lr7H-(EHS?y8GAb6TgynS+hBAm$&kvufP;@-mCD1;>+)}=Z9ui{Z${Rv_yVsS3
zOiTIlW&fxngV&nO7e_+*goSn_+z&6r$1%)qENl>xTdsE^W4C+#z?ILGew2@77`;=z
zPR&bHI~1RVgC*n$t9oDegnv+PM}hJWp7fR1l>xyJuIAiwa2quTb=+}~L6$v;#-_^&
z9o)qxp*UA~Jgsgg2zo4$IhEMLJ%@XEpOBqDdeu3UZuB2CaY9%rx8}SF*wpPYC$$ht
z<=x%N8O})wP3}n4n`-6DXNk-(<)^;z!c(~>o|+Y&OlIz2+vD*O3SAkhKz3)<@-U)4
zU-0bqvBtk(k-rLMi@IIBi-B~nIWF_5#4GWdsE$BiH4%A^<`^WTuri~*=cfkW)sJE9
z<zgempI77A>JW*y9L&}?SOerYa>*f51Eh~(?~RcDrA3XgXaNb{C-@(lENWpDNz^z+
zfzdSR4{D5AC^CF*mbEc<0xad6Ar=O(;$IMteTOyIoto7;2^h{JUDEk++6(^xKTD?D

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_insert_int/test_insert_int.java b/regression/strings-smoke-tests/java_insert_int/test_insert_int.java
new file mode 100644
index 00000000000..b787141e51a
--- /dev/null
+++ b/regression/strings-smoke-tests/java_insert_int/test_insert_int.java
@@ -0,0 +1,10 @@
+public class test_insert_int
+{
+   public static void main(/*String[] argv*/)
+   {
+      StringBuilder sb = new StringBuilder("ac");
+      sb.insert(1, 42);
+      String s = sb.toString();
+      assert(s.equals("a42c"));
+   }
+}
diff --git a/regression/strings-smoke-tests/java_insert_multiple/.test_insert.java.swp b/regression/strings-smoke-tests/java_insert_multiple/.test_insert.java.swp
new file mode 100644
index 0000000000000000000000000000000000000000..5596a2c906d7e2a9c8e731f9ddba55e45b991bea
GIT binary patch
literal 12288
zcmeI&%Sr<=6b9hbx)QvgxNsN8MW@AfynzLA<IaU3UWy<hnVDFk)0sNS)P<-kAHhd)
zCq9ATOXw50ap_4rf)>TC${#p{Bqz5Ix+oKWuCczsmupLm${1sJH}`uN#jWDQAY;dg
zjBNK$#pYEvQyD0&lDN8)oXNDhxU?|WH}TRYdV${xyi_(*scpKaO{(Ii_O@HeiQJLe
zXzy5b#G#6{OwC~{i;QYV(la!ach+n|-{NRO00Q3&Wag+^A7+aS^WC52j5EzA#&^HZ
z#|Q)<009U<00Izz00bcL?*vS{z^>?41NqH{^19Gh=S@@)fB*y_009U<00Izz00bZa
z0SNp-0TD9xIKtS(C>@@@|G)qLf2Q^m#Vy4(MNHA4s8dW)Oj6i6uQd0C0tEsPfB*y_
z009U<00Izz00bcL+XOCbVVv6#+P*S(bxodTBGRrS{P&?R2ZK;L<?;&6<b1pPa-D0w
z%C%oJNw4kZqtw-V!tTz`awiC#ulh@V>C<9snTkT0(t5OLEYI>i@@_gE?QS=3XMUst
pu8lBMbrKcwmQb<lReFcmKj0#5b}C+(pEH(c2NB(te|SevV{gU+kc9vM

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_insert_multiple/test.desc b/regression/strings-smoke-tests/java_insert_multiple/test.desc
new file mode 100644
index 00000000000..983d416dd3b
--- /dev/null
+++ b/regression/strings-smoke-tests/java_insert_multiple/test.desc
@@ -0,0 +1,7 @@
+FUTURE
+test_insert_multiple.class
+--refine-strings
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION SUCCESSFUL$
+--
diff --git a/regression/strings-smoke-tests/java_insert_multiple/test_insert_multiple.class b/regression/strings-smoke-tests/java_insert_multiple/test_insert_multiple.class
new file mode 100644
index 0000000000000000000000000000000000000000..17ced6ec67ccfb1c029201464eccaaedd035cffc
GIT binary patch
literal 898
zcmaJ<+int36kTT+m|>U}I;AbG)>^GPPz5iQsx(GLO&U=jFgEQ=Gt8VcQ-`6>#gE|!
zd{z@kY@+Y}lg53ZKosN4-skMg+G}5a{QCM0z!qv6a=4&iO~pkG64r&dq~fyB8$w)3
zV-{CcT+?8psGy`l7a5xxuH%M+GQ<3a6^1;B+>ReUbwjJ=afg8&Fr;=|-;EwJB+TMl
z2D#pGI77DK`utVgZt>ua2qs6{a(#xGW@Op#URoyuGqF-oVNiE$?+iw3cH+S1&s~wU
z9PuzZbbV3!upN7md*bo(vGu{yF^@dMl6Y4<%Rj0#qrml#p2V)_@PI+G91(L<$1U6@
zsx9%jqtig{>X?H;jI5UJP<b6yY%>%lP>)BwJ_~{lVdeitL%}^A_wj%sH_3e6I_7rt
zhiS-*VZm%n;)ceWm{@Aq9>c1+TQ5$<oHbNqD4V-e-rD~X)TlEmo;Rlh2{Ogs$CelV
zMQ+$ctw`I=PAJzsIst}7hlg&!o$-ulp;1f@+W!I8>5_7Eb}UyAL#9^(bUnzET%g}7
zX+}C(>Vtg}fmkG&8W<VUSQ>{$lq!*L`xMf?k?2EyQId0Z56QifY@~Wn_DVgdjn7DT
zk>5159x`2IPNDDjG4ox3O9Su~f~ShmNE=YF0u^gis!Emuc`{%>QB|-!be$VB*cz|`
h=8V}MvRx?hN63jUNKddw#05?glKx1vcYaWM^*86Xz$pL#

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_insert_multiple/test_insert_multiple.java b/regression/strings-smoke-tests/java_insert_multiple/test_insert_multiple.java
new file mode 100644
index 00000000000..cce6881ca7d
--- /dev/null
+++ b/regression/strings-smoke-tests/java_insert_multiple/test_insert_multiple.java
@@ -0,0 +1,11 @@
+public class test_insert_multiple
+{
+   public static void main(/*String[] argv*/)
+   {
+      StringBuilder sb = new StringBuilder("ad");
+      sb.insert(1, 'c');
+      sb.insert(1, "b");
+      String s = sb.toString();
+      assert(s.equals("abcd"));
+   }
+}
diff --git a/regression/strings-smoke-tests/java_insert_string/test.desc b/regression/strings-smoke-tests/java_insert_string/test.desc
new file mode 100644
index 00000000000..b438d32d6d9
--- /dev/null
+++ b/regression/strings-smoke-tests/java_insert_string/test.desc
@@ -0,0 +1,7 @@
+FUTURE
+test_insert_string.class
+--refine-strings
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION SUCCESSFUL$
+--
diff --git a/regression/strings-smoke-tests/java_insert_string/test_insert_string.class b/regression/strings-smoke-tests/java_insert_string/test_insert_string.class
new file mode 100644
index 0000000000000000000000000000000000000000..39cc969a902e163ccfdfe821e6b8ae8b9f30aa07
GIT binary patch
literal 841
zcmZuv+iuf95IyT$>^KfdoiquT0)+xe3JI5Rky0U`fP@I}5Cm#ps*SxWTU-ZhhmXk*
z@C-<aL?w9VpFqqyO(JMtcE@MVo;fq)Uw^*;0MN!g6M3xYIBVdX2@U5Btg8EhIxc3A
z!<vChCNATOj+%+ABG*kcu&(1OLvf9Vp$H;5@WaP4<b6-L3~ZYry&-)W-DgPD>Tej5
zn*&!c<h#-rFNgbm5xiDpO6+s#Gvs;^ciz9?A7Ypc>A1#VY&hPbjM*Cu14lfS>QN;U
zVYDNCReC3k0_pEI_xLAn!A6nNDsFk)-);5c<fEbVToEv6+*O<=MSaIY3)d~&z)cGU
zERh%9cU&rL;TGBq)rHK%S(i_OU_d(dQ3E<|TeyR}428wJSN%QVME^ijM-0og?t(W3
zJ8DwtX<H1<+OuOAN1(&rIy9|lFcUA;>PLvgNQ;j{?uGvqpPKB{X>0j~rA?1k%TRVj
zC<EcnCqRpehLoVaZex}HkUafKtWZ@Wq$mNJ4vKV^=xc>;Mt7<)0sEqeSf(=_gA5sz
z=hS!fRHIz$0NR$Fm>~JQk+f4|q~A8i(7Rt@j8Iy)Gh>(|WDk(tn!x(0M73D7j1<Kw
zm?UpQM+F9&RH8y?7VI~gI;uKO5`1c2wH-SFmh9XZCq~edpOH*_gR#(^nN>O|Xx0PO
J(&@PDnZGzkv2FkW

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_insert_string/test_insert_string.java b/regression/strings-smoke-tests/java_insert_string/test_insert_string.java
new file mode 100644
index 00000000000..7c161205131
--- /dev/null
+++ b/regression/strings-smoke-tests/java_insert_string/test_insert_string.java
@@ -0,0 +1,10 @@
+public class test_insert_string
+{
+   public static void main(/*String[] argv*/)
+   {
+      StringBuilder sb = new StringBuilder("ad");
+      sb.insert(1, "bc");
+      String s = sb.toString();
+      assert(s.equals("abcd"));
+   }
+}
diff --git a/regression/strings-smoke-tests/java_int_to_string/test.desc b/regression/strings-smoke-tests/java_int_to_string/test.desc
new file mode 100644
index 00000000000..a615a10f538
--- /dev/null
+++ b/regression/strings-smoke-tests/java_int_to_string/test.desc
@@ -0,0 +1,7 @@
+FUTURE
+test_int.class
+--refine-strings
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION SUCCESSFUL$
+--
diff --git a/regression/strings-smoke-tests/java_int_to_string/test_int.class b/regression/strings-smoke-tests/java_int_to_string/test_int.class
new file mode 100644
index 0000000000000000000000000000000000000000..eff0e5a422e2df360086c15be326751bd69c8115
GIT binary patch
literal 859
zcmY*X+iuf96r6P~n>bE$Yf1<NC@GK&ZD<;<tq^SisUlpYASC*NoMaWbICil&NWAhH
z`2n6OQi?!=cm9Nbs1V0alQgn));=?ynLWFI{{8p`pn(S};>fGGfQwPYP>A4?ip#jd
zv8*DDd=ytvRI!3<5nSiEp`wH`M};A?qPwneq+wg`W5d<krsy)TeTMLsVHxrvL!eZC
z!w}rHyMiInG%WFA&~FRpwMQnPuNxLaye0L{`{(+h-{z<?M7BESsfOCJ2Tn&kHM~FK
zQn>P+Vac@v{iCiSi4@084Xaqwuz&=EvR)?z4K>_i$a$=qsaw6;_9W{Q$FUubbq#fF
za5OaB#vO{fTHhewi9W|&4fk-LAvx1{***{*IoE1Q$FO<~sTpg}lA<RZPt2ac+0tIQ
zIirl*n=~o$VW68XL$-7V9{X&TX_RN&Tc2Dh`jpfjP=@T7Z`ie0lt7ZA(EFsA@m=QI
z4E)d|nKbM<qthJTAth$%c1=21hNZ4>4M%jRlcQsj0|Mw&_pwZuB~CYpC3D{3=`8??
zixkx~eHCbBw1z6jU|&5VGE~EUlOc-5DfKfHdVrmz_8rQzBLs$6tfYe@gocRyMELD7
z`0wOj0-HyOR7Z%8In}f}&+&W|-zQH_WKK0qQ8<c-phB+OP?05M0m=yq97`uCQYG}<
mG*83N2&B@n5wszA@C$;0ZwSofC)@C(LQu3v-ez;Y`}zObc(Q!}

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_int_to_string/test_int.java b/regression/strings-smoke-tests/java_int_to_string/test_int.java
new file mode 100644
index 00000000000..f46411ed166
--- /dev/null
+++ b/regression/strings-smoke-tests/java_int_to_string/test_int.java
@@ -0,0 +1,11 @@
+public class test_int
+{
+   public static void main(/*String[] argv*/)
+   {
+      String s = Integer.toString(12);
+      assert(s.equals("12"));
+      String t = Integer.toString(-23);
+      System.out.println(t);
+      assert(t.equals("-23"));
+   }
+}
diff --git a/regression/strings-smoke-tests/java_intern/test.desc b/regression/strings-smoke-tests/java_intern/test.desc
new file mode 100644
index 00000000000..645e267029c
--- /dev/null
+++ b/regression/strings-smoke-tests/java_intern/test.desc
@@ -0,0 +1,7 @@
+FUTURE
+test_intern.class
+--refine-strings
+^EXIT=0$
+^SIGNAL=0$
+^\[.*assertion.1\].* line 9.* SUCCESS$
+--
diff --git a/regression/strings-smoke-tests/java_intern/test_intern.class b/regression/strings-smoke-tests/java_intern/test_intern.class
new file mode 100644
index 0000000000000000000000000000000000000000..894615c0a9ace0fcbbb8c5d1f6cf63d94ac49f49
GIT binary patch
literal 634
zcmY*VO-~y!5Ph@R#GB1hLV%D$X$ypk&vM}gs#@`JA<#omrE)>e#zKa$sk{z9hCAX6
zl|TZiz4u2I#sQL6w#J@$GjHC^pTBp%0IcFeh&;*x#zIu^IuC(yfr$`Vlm*^|n8aIw
zcZA`pOjBj7ZYSxcPGzH|nglu^<koef?I%KJZvGp=-)J`#VX&qXwbwaqD6{X9890?X
zAq>>5j8Asuk8W7tJt0_+ThAO}z1=af+Sab3XjN(tbz+rCJ|4?686m;|H<FE*3nNTn
zIzos7q2l0`mQ0RTzP#w%GNx?^g@0HCW+GHE%iR5fuZ?3B+y6p!YjkqNvpqE@jLgl~
z`V~*`8c*4eZM1kngmP1*+Nfqv1&?bx4DfaiSg_!A15~Uy-Tcdd+)!*^u{X&t@ta+^
z1zovB46@C2gT$r9Ug`-v_>5Ic-cHG@E!-fpyU1qm8vZ$oOUoB1+#~z_7P;S!$?GzW
zGZ)iy+Z-Rk5(4JTV}|7nF)|8zV8<6I^)8144EGwZcEtcgC2@n`9KyeZpZN*D-{nQG
QW6Z*fKD((#*zqv>2xe1s)c^nh

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_intern/test_intern.java b/regression/strings-smoke-tests/java_intern/test_intern.java
new file mode 100644
index 00000000000..7f9d5283597
--- /dev/null
+++ b/regression/strings-smoke-tests/java_intern/test_intern.java
@@ -0,0 +1,11 @@
+public class test_intern
+{
+   public static void main(/*String[] argv*/)
+   {
+      String s1 = "abc";
+      String s3 = "abc";
+      String x = s1.intern();
+      String y = s3.intern();
+      assert(x == y);
+   }
+}
diff --git a/regression/strings-smoke-tests/java_last_index_of/test.desc b/regression/strings-smoke-tests/java_last_index_of/test.desc
new file mode 100644
index 00000000000..77bc5b7f18f
--- /dev/null
+++ b/regression/strings-smoke-tests/java_last_index_of/test.desc
@@ -0,0 +1,7 @@
+FUTURE
+test_last_index_of.class
+--refine-strings
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION SUCCESSFUL$
+--
diff --git a/regression/strings-smoke-tests/java_last_index_of/test_last_index_of.class b/regression/strings-smoke-tests/java_last_index_of/test_last_index_of.class
new file mode 100644
index 0000000000000000000000000000000000000000..4455da4d17990ad4ba7072f2330d39bebd49531c
GIT binary patch
literal 647
zcmZWmK~K~`6#ia!+v#=-EJb!#1px(JAb|@v(P&T;;wpzFChmny+kp%$t!cZ2-@?VC
zXElLD6TSPRh;ORw#+XjtOuzZQ@4b2N*Y&p_0JhNa;GyNB?c%nFJGfhei#dUL4-Q%a
z_dG0MQDBKMvn=ymWra?Y{DsbCI8ZTx`UGcNC%Sk_sB~7}5vn_BtO!$Gov63N(@<sm
zhRheIQYVCoULm8CH}XRX3*0BT+tJ{!hu2GoS)^WRqi7W>FAfHhgHB>~evlq+9LqE5
zV*--|TZWMg36>1m#>WFJ`>4Ywv<+)>Ad{ob=QmZq%(65i1pj*qtoV3{M})>$w-+9(
zsQ3r!6`4+s2z67@t|@5mkTBcnj#Ymsk5_lO0b_KB1v#M^t6XO)9+kwMD29B&jq78H
zTkr8ysL?i$;8O+MElhHp;=g&`iFbSL3iR0!(ctKmAfblo5w#DC#lT`<y$&kfwe?F>
zpL~IRfySKk5%uqI-d{odG%i-@(uB=tn^g{fg44S^`5FR7eb6-)1ZH^gtZ-|TXRFK&
hOb6~IY8MdIPpDSD!X6vnlxK`=SpGBfh}kl4^EYGRe8vC(

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_last_index_of/test_last_index_of.java b/regression/strings-smoke-tests/java_last_index_of/test_last_index_of.java
new file mode 100644
index 00000000000..8b3a0904d5b
--- /dev/null
+++ b/regression/strings-smoke-tests/java_last_index_of/test_last_index_of.java
@@ -0,0 +1,10 @@
+public class test_last_index_of
+{
+   public static void main(/*String[] argv*/)
+   {
+      String s = "abcab";
+      String ab = "ab";
+      int i = s.lastIndexOf(ab);
+      assert(i == 3);
+   }
+}
diff --git a/regression/strings-smoke-tests/java_last_index_of_char/test.desc b/regression/strings-smoke-tests/java_last_index_of_char/test.desc
new file mode 100644
index 00000000000..3e9a3d4b547
--- /dev/null
+++ b/regression/strings-smoke-tests/java_last_index_of_char/test.desc
@@ -0,0 +1,7 @@
+FUTURE
+test_last_index_of_char.class
+--refine-strings
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION SUCCESSFUL$
+--
diff --git a/regression/strings-smoke-tests/java_last_index_of_char/test_last_index_of_char.class b/regression/strings-smoke-tests/java_last_index_of_char/test_last_index_of_char.class
new file mode 100644
index 0000000000000000000000000000000000000000..388717f4261b0458687f8c13e6e1a6735e6419c8
GIT binary patch
literal 623
zcmZ`$&rcIU6#ibjyVGtLS&Eh_6#Rh(ILL)#V>GBqgFr}$30#`l-2n#5u9@8${}wJD
zJ*x>Mn&{pCN#mOhwDDjjdGqG|_`dJG`Ss`94*(l@;-ijM4Rb!)xLb$7J%M>2E?NQ$
zJ~~(wSR%|W%RE=6&{>+l)VYj?Dk0Dz!RzW&7taXQmDRTdXERF_Vfu|u)z0WVQfA*4
zbK+d;lrYsVWPG+Q-<4s3`-ECI9$sVk{cL1n^;+AGg+k@UU?|z>G*KT0+0h_Ak>=^C
zd@ln8m?F3`ie<zw0UqFC03QuP+ZL=3WqQ2+;zso=V=_aS`wynTqX5fzOb92<yV0qN
zi+@7>!szsv(6F+4R@Lqi&$iNA?eWl))=kdmgjS+*ZB#Or!P6HbPVll0S+U^l0~EHc
zaQ3PoI~Utq{Oa&ce7kE`pwG4t(`>ymNZcBZOZQOW11vTxTWg`bM78?`&IQ7G?;{%D
z;T~MU`)M&MB}Nkt`z{lDOf8tIh8d33LBG)vX!5sUb_~B!QUWtgaf#Xmg!2hb^(&kS
T;*Bbc;-V5fx7u%)gm?Y|i7a^3

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_last_index_of_char/test_last_index_of_char.java b/regression/strings-smoke-tests/java_last_index_of_char/test_last_index_of_char.java
new file mode 100644
index 00000000000..029d59c9d68
--- /dev/null
+++ b/regression/strings-smoke-tests/java_last_index_of_char/test_last_index_of_char.java
@@ -0,0 +1,9 @@
+public class test_last_index_of_char
+{
+   public static void main(/*String[] argv*/)
+   {
+      String s = "abcab";
+      int n = s.lastIndexOf('a');
+      assert(n == 3);
+   }
+}
diff --git a/regression/strings-smoke-tests/java_length/test.desc b/regression/strings-smoke-tests/java_length/test.desc
new file mode 100644
index 00000000000..913afbf13c7
--- /dev/null
+++ b/regression/strings-smoke-tests/java_length/test.desc
@@ -0,0 +1,7 @@
+FUTURE
+test_length.class
+--refine-strings
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION SUCCESSFUL$
+--
diff --git a/regression/strings-smoke-tests/java_length/test_length.class b/regression/strings-smoke-tests/java_length/test_length.class
new file mode 100644
index 0000000000000000000000000000000000000000..9273d09869b9f51a7d8c54ecac00703acfcf3186
GIT binary patch
literal 630
zcmY*WOHUI~6#mY1I@3-E`#_*td6kE47qVezLnK8LW7S0s32ex8dQ)y0re@~WAH&9_
zYc-*XB(Uc{VK{dxEpE;|_dLGueCOQ${c{aq7j*|Ylx;lA;JE_>6>VN*k;Sr&6$iFX
zt~yx5x{WGfe$$I%5h*zg;{zFc-9YpRbWE_CGL&kMkgC-W31(~96NG$QhT_xcyepzF
zx|kE^o(u_d9p(9FAHA<hm<J$antt#P!|4o1kuTm!-BC~?Rwsc7`|9-7!29O8c!E5~
zwZ9X1VSlHiA{q9Xd%x@J?1qa?Y`JhTM<~zg_8*3S8%4v2kb4AeW81|`)cynh+#LvC
z5f*Cg8Ont1wU%j3#!6JbXSuVYR=}GgEcQe!Bhi~Ovu-uw1h45B>%8b3AA$;HJu7=D
zkXFaGz`tdFiQjZ%4Em`HQDkc+LE`4pwDgc$4bE*`!8j_V#xOrLE|G5jf^~sH#rlri
z73`xiGB+B?NPtQ(*-yh^$UGmriVWsCk_FwNYU3$i1q)M--Gmn?ma>;{E?}EKV5WY<
Unjt=nrcu%`+&5alVnVod4-^}9hyVZp

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_length/test_length.java b/regression/strings-smoke-tests/java_length/test_length.java
new file mode 100644
index 00000000000..4222414fa80
--- /dev/null
+++ b/regression/strings-smoke-tests/java_length/test_length.java
@@ -0,0 +1,9 @@
+public class test_length
+{
+   public static void main(/*String[] argv*/)
+   {
+      String s = new String("Abc");
+      int l = s.length();
+      assert(l == 3);
+   }
+}
diff --git a/regression/strings-smoke-tests/java_parseint/test.desc b/regression/strings-smoke-tests/java_parseint/test.desc
new file mode 100644
index 00000000000..9cb70f5a957
--- /dev/null
+++ b/regression/strings-smoke-tests/java_parseint/test.desc
@@ -0,0 +1,8 @@
+FUTURE
+test_parseint.class
+--refine-strings
+^EXIT=10$
+^SIGNAL=0$
+^\[.*assertion.1\].* line 7.* SUCCESS$
+^\[.*assertion.2\].* line 8.* FAILURE$
+--
diff --git a/regression/strings-smoke-tests/java_parseint/test_parseint.class b/regression/strings-smoke-tests/java_parseint/test_parseint.class
new file mode 100644
index 0000000000000000000000000000000000000000..e1ffe0c72107860cfe03ac1f697018740f58a884
GIT binary patch
literal 727
zcmZ`%U279T6g_u0o84@-=F7%dTeY@o+KNRfC|HY96$+_7M1<A{nIuD)nr_1E#2?ca
zee+obBNp`C|D<?lu~{nmGWX8?IQQH$^W)doZvZxMBSaDBear>85W>NHhy`3Mpnyw0
zE{E`KaxugeEcsX_)Rsk(NNv<GP9CX5bOy3VpnXDqQ^m?`5!~j=3qo#t*pq}(OU3f(
z_^>1Ob6d=bL!n|qz4@|rAl``efr$I-ZKGA(zh@g~+D3F=?}|}c&&&wHW_R!hJZulg
zx+|Y33sp5TF|S5KCsM`criF`e1|>rIZ)k#Z>$Xi^^>Ho2bu=SHm?1Q>%7-VLJ=S`t
znaL@5A1e`7v33glS?54@4PmzV?`0|(`c7<QUovcv66WiF+ICpAtZjS1g0oybnJ6uL
zQ;w{X8FPZw-p3-pSCQY7$_={}doIW-!DpFo3v7w4w>klRu!X4bnNNen%~jOcx1}R)
zb=lrMhO<|7C&;zdzQDWx5&0uj=F8Dr6p!KWO%Qya#@=Nyi|(Z8b$IN12zgG4KhhEc
z+~HYgIm%z{r~Og0RO4uUN^~P-1XQYp&j^p;=iVddenLKjJt1vjJUGz<yV|*QYU4K!
CK9Xes

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_parseint/test_parseint.java b/regression/strings-smoke-tests/java_parseint/test_parseint.java
new file mode 100644
index 00000000000..f278f273675
--- /dev/null
+++ b/regression/strings-smoke-tests/java_parseint/test_parseint.java
@@ -0,0 +1,10 @@
+public class test_parseint
+{
+   public static void main(String[] argv)
+   {
+      String twelve = new String("12");
+      int parsed = Integer.parseInt(twelve);
+      assert(parsed == 12);
+      assert(parsed != 12);
+   }
+}
diff --git a/regression/strings-smoke-tests/java_replace/test.desc b/regression/strings-smoke-tests/java_replace/test.desc
new file mode 100644
index 00000000000..59c7d326a0b
--- /dev/null
+++ b/regression/strings-smoke-tests/java_replace/test.desc
@@ -0,0 +1,7 @@
+FUTURE
+test_replace.class
+--refine-strings
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION SUCCESSFUL$
+--
diff --git a/regression/strings-smoke-tests/java_replace/test_replace.class b/regression/strings-smoke-tests/java_replace/test_replace.class
new file mode 100644
index 0000000000000000000000000000000000000000..d15509ee8acbde84a19d1999178860534cf874ec
GIT binary patch
literal 980
zcmZ9LT~8BH5Qg8=uib7JX_tca0~JJUDN<1sr3lnkZ!Bt3V}u)Xx;??g?G|^p68R}y
zn|LiIZ6b-@`<v7_r}WcgbN1}aduE=QIs5DH_a6XOP|}dZjDlGe*EIw%r{ac+dAYqA
zMH(3m3&=)cU{S>_X<ky0(=dh^6}MF^tGJ`!u12BmDY(xtF~>bmxW3hJyprYdsx4{^
zY?mRjZaJ2}!4OPmUNeM>jhbK>FI$dy-mF)J`$~$*QRkM!Fjn!o`F@)pbj(D^pst&C
zH-=VeG+k3Xwd9F}FFgOPD-LXKilu%2k?S~*6hmC@b2fMOauwgToIRr8Rg+h1Qm{%~
zlI=*x13Xl)rX!Da1&?%WU{%K?rh0mkY+{QcH3(SfmHEVV8!khDS1HyZ@gJIpM-2Kf
zl!Ahe$0&{<y{PUB(`T4Wmj_|bIP<bYO1C10(y*fVj=L4{p(z|w<cCg<*fT?pZpe|`
zl~0~8>NJZ+Qxcr1tw!!8b;+j#g4gpj%nsM6nYa$5$fg-Z2!q?+e<hsNmCw-3#|MQK
zZMql?Q#IjPuBi3fM`QMz<e*!ziy69TNxGOUo|5gST@XyplGY3KHBE0u@9;t!?5h;w
zBCU~*ks*pped%X98YJJ&DFQo2u#M2O1tV-kT2RU-P_r#WPoNzmnKfc9=*NhiVr-|4
zb3e1jxDhAWHpv$IvPB~?DwF90o%FL%X&;70AQMo?Mn49@tdXUF7~Vj~Wl|&%_=9By
w)AantJgp?W(kEW&R6#PsXkp?QO6Uth!Eew8nR<oFXki5OE!mE%9gu7P0HTi26#xJL

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_replace/test_replace.java b/regression/strings-smoke-tests/java_replace/test_replace.java
new file mode 100644
index 00000000000..07e7ac036b9
--- /dev/null
+++ b/regression/strings-smoke-tests/java_replace/test_replace.java
@@ -0,0 +1,13 @@
+public class test_replace
+{
+   public static void main(/*String[] argv*/)
+   {
+      String s = new String("abcabd");
+      String u = s.replace("d","z");
+      System.out.println(u);
+      assert(u.equals("abcabz"));
+      String v = u.replace("ab","w");
+      System.out.println(v);
+      assert(v.equals("wcwz"));
+   }
+}
diff --git a/regression/strings-smoke-tests/java_replace_char/test.desc b/regression/strings-smoke-tests/java_replace_char/test.desc
new file mode 100644
index 00000000000..528d4eead6c
--- /dev/null
+++ b/regression/strings-smoke-tests/java_replace_char/test.desc
@@ -0,0 +1,7 @@
+FUTURE
+test_replace_char.class
+--refine-strings
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION SUCCESSFUL$
+--
diff --git a/regression/strings-smoke-tests/java_replace_char/test_replace_char.class b/regression/strings-smoke-tests/java_replace_char/test_replace_char.class
new file mode 100644
index 0000000000000000000000000000000000000000..64626b3b09d11734a6cfa749e846d29c1d45321b
GIT binary patch
literal 730
zcmZWmO>fgc5Pj=7vEw+zaoQ3-3KaU04`?pEwL+i(7XloDklIUG+pFT%cFNk}$K(%i
z2Bbuy65RPuAZFb*5mZ{u&d$7f^JezfpYJ~a?4W0%ikk**nYe91!>TfO%BbM3iF@j?
zX5hYsvI0G@u#OD_n+%P0o~A-(;V4O;g(>$U5iqa=hSFY`gxO<;LaY6bLGO<O!B887
ziFiGZJt5yJFePFhCJfbK#{H95{4@`f5C(J4k1jZ@;b<&<@gh_eE15{MLn%%p?u$eJ
z1DD&!{1dm~pw8eZzZdc3s5i`Hm>iK5?)lsc6ky9n3vC<MP*d^P=P|`Q=rS}Hg-<VM
zdM@QiGSshhH1N>IBW(ZE?~QjX{ET6_HCS++i`Z2=FfKIH2(5m<eHBEK#K$p@(*HQl
ziFezy*4l!(AJOiKD-dZYMKBjlo6N?Ppv50xjlQr-U(B4Q8k)QUNHpqXU3#t3&FC(6
zW?)|w5Dl`WJjm$3m*&v-RH{*~dj@UaEzF?5>^PniPf;9vMQMViu4_zTPEa{Rd4C4$
zry|sHLKiyuMOZ}LfI%xau}qN)*l%<Utk9v*^?A3QTmevbD^u7L82V@Eg>NV=I4?yi
Po+32+i5jJux4iKe)@YJ<

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_replace_char/test_replace_char.java b/regression/strings-smoke-tests/java_replace_char/test_replace_char.java
new file mode 100644
index 00000000000..82a023924e2
--- /dev/null
+++ b/regression/strings-smoke-tests/java_replace_char/test_replace_char.java
@@ -0,0 +1,9 @@
+public class test_replace_char
+{
+   public static void main(/*String[] argv*/)
+   {
+      String s = new String("abcabd");
+      String t = s.replace('b','m');
+      assert(t.equals("amcamd"));
+   }
+}
diff --git a/regression/strings-smoke-tests/java_set_char_at/test.desc b/regression/strings-smoke-tests/java_set_char_at/test.desc
new file mode 100644
index 00000000000..650e7712278
--- /dev/null
+++ b/regression/strings-smoke-tests/java_set_char_at/test.desc
@@ -0,0 +1,7 @@
+FUTURE
+test_set_char_at.class
+--refine-strings
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION SUCCESSFUL$
+--
diff --git a/regression/strings-smoke-tests/java_set_char_at/test_set_char_at.class b/regression/strings-smoke-tests/java_set_char_at/test_set_char_at.class
new file mode 100644
index 0000000000000000000000000000000000000000..6e843afbe2a4b7cfb6c15ccbbbc95c7bc11bcbd0
GIT binary patch
literal 874
zcmZWnOK%cU6#gy@Gs7^*K%wBH+SXP9vG}M@h!IhfrmZfhCUirF;igWV4mvZ~|3XY$
zx>gfNB+<P;s_|S}AmZlSdmi68-+BBw`S}aLCMp_|xT0WL#fpXyR)x5#U`>N86dCJ6
zT#F)s>nifXT~JWe5Erl;8cMjSV1r>{&Gdcl1$Ni<pWD9Kc6f(@?K8+#+qHuy4B>p?
zErV3=b~r;~$9DOv-cg%-dm@+|N2cvE#2bNWz27xIjLk%i*f6M7%Q;J<HM%{|;xBCh
z$^_gGT0Re2);rT{nZd@P`N`CgMux!<|FUDc2jxcK+3o>xsI@KOE$g_2+YH(HkY_#H
z>2OcS9o*GvLico}upofP1iX(247nMmHtG3==XE`*I8R5xLmiLs_#ZN_+lSl=h<tu$
zmg<yYMT|%mz0@c`%5N3w3{mQ@erAf~x9TEB4Z4$_()q&wc_<72*fSk}uFPreN`V%W
zm=&)(v^|E!4)<-3ccyL8E`lC8Xm$Hop(9Ar*)Ss~W<tL(n3y!lMbeh&W%NdhL$Gfm
z5LuG)*hpO<Hx2zv&@lPlj1X$3!b3>gMQMOYbp*LdaAmh78OH;tr2(Sb-=X!9E~a7w
z=zYXSh&P8g_j_#46eEN)tS>XWC><J?UWH2k2*eE=P;j2~Wg@apmMUV{gHATkF^5i2
wRd9hRxR|A&OH-zsWA;EYl^DS2Ly^8h3jcsMt1@X&WQri9KNVwG8k4yE7iT-J_5c6?

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_set_char_at/test_set_char_at.java b/regression/strings-smoke-tests/java_set_char_at/test_set_char_at.java
new file mode 100644
index 00000000000..fd1d1fbf9e2
--- /dev/null
+++ b/regression/strings-smoke-tests/java_set_char_at/test_set_char_at.java
@@ -0,0 +1,13 @@
+public class test_set_char_at
+{
+   public static void main(/*String[] argv*/)
+   {
+      String s = new String("Abc");
+      char c = s.charAt(1);
+      StringBuilder sb = new StringBuilder(s);
+      sb.setCharAt(1,'w');
+      s = sb.toString();
+      assert(s.equals("Awc"));
+      assert(s.charAt(2)=='c');
+   }
+}
diff --git a/regression/strings-smoke-tests/java_set_length/test.desc b/regression/strings-smoke-tests/java_set_length/test.desc
new file mode 100644
index 00000000000..ab59e459eb1
--- /dev/null
+++ b/regression/strings-smoke-tests/java_set_length/test.desc
@@ -0,0 +1,9 @@
+FUTURE
+test_set_length.class
+--refine-strings
+^EXIT=10$
+^SIGNAL=0$
+^\[.*assertion.1\].* line 8.* SUCCESS$
+^\[.*assertion.2\].* line 9.* SUCCESS$
+^\[.*assertion.3\].* line 10.* FAILURE$
+--
diff --git a/regression/strings-smoke-tests/java_set_length/test_set_length.class b/regression/strings-smoke-tests/java_set_length/test_set_length.class
new file mode 100644
index 0000000000000000000000000000000000000000..8cb9e4161912f0698328ded166ee3784de0dbe21
GIT binary patch
literal 861
zcmZ`%TW=CU6#j+<29~AWaw}?Etybk`@q(Ac#;B-CBkBW2124@26S{S~nBBo2Lt=dN
zSxq3ZiN5=vG@e-sXpJvt&V1*5bG~!V{P^|t8-N<_=vcxU$9fDKIzl+B%sFK?<1lbu
z#|3P0T+|WAnz~%#xU8dqB1efKy=D2n@T5I({YSQMbsW)SU~Puzj_um=9)ngWzG4X1
z2R*^C+^}8oe0bOq-b<BCfkVr78InzDb>BR*-Ucw~;V3i2cDl~-GkS9{^t$4Stw<Ru
ze7WZfx#tMCFZZ_(tap}y6{Hwem0xu%w_j~a&vyF{hqlub9x1UpU6oWZa0S~2s<>)k
z877r7a1GZP@(b>RSznJmZ{QiYff~s_QJ3SUfm^uEU@n+1ItQXF|AMAM7_x=NB5w-b
zRnv)6D~+HN8c1PRK`}X)u`-3?zcdEjmzF2}*S6gM&&z5J(*Xr**rf&*<?9Zujv?0*
zzU_(LykA;`98!Sx*2X6NfhGDV%*?Avk*9&FIg?G(ZJka=XQVU%`=k<)AsY=q>I>O<
z>U*MwDAqngsFl(t2tO^E`k1I=L>r&MN63^@+8D7B5=V%)CeXhh!(${&{lf`3T_!mC
z2de6ag8Cca<VT>B5|jKaVyKXsIw372kfUf4+D}wCRyp!Hm2he<wHC++R#L_o$q{(?
aBf{Dj@I{4Lhw7yWLdJbHhtq+8Grs{vZm&WB

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_set_length/test_set_length.java b/regression/strings-smoke-tests/java_set_length/test_set_length.java
new file mode 100644
index 00000000000..5894b27beeb
--- /dev/null
+++ b/regression/strings-smoke-tests/java_set_length/test_set_length.java
@@ -0,0 +1,12 @@
+public class test_set_length
+{
+   public static void main(/*String[] argv*/)
+   {
+      StringBuilder s = new StringBuilder("abc");
+      s.setLength(10);
+      String t = s.toString();
+      assert(t.startsWith("abc"));
+      assert(t.length() == 10);
+      assert(t.length() == 3);
+   }
+}
diff --git a/regression/strings-smoke-tests/java_starts_with/test.desc b/regression/strings-smoke-tests/java_starts_with/test.desc
new file mode 100644
index 00000000000..5c5d85565c2
--- /dev/null
+++ b/regression/strings-smoke-tests/java_starts_with/test.desc
@@ -0,0 +1,8 @@
+FUTURE
+test_starts_with.class
+--refine-strings
+^EXIT=10$
+^SIGNAL=0$
+^\[.*assertion.1\].* line 8.* SUCCESS$
+^\[.*assertion.2\].* line 9.* FAILURE$
+--
diff --git a/regression/strings-smoke-tests/java_starts_with/test_starts_with.class b/regression/strings-smoke-tests/java_starts_with/test_starts_with.class
new file mode 100644
index 0000000000000000000000000000000000000000..da1decd8d358cb8c2ddd3ef2015e8bd223f0a91f
GIT binary patch
literal 719
zcmZ`$-%k@k5dQYA?Om@|+g>eJ6cxo%3d##_RAYnsVv&a$4ZM*1vBAZ1C3{<a^AG7i
z;Io?0L=t%Ck0Q=qp$#S`o7vs@X6E~5=Hl|t8GsEub5O**g?l#cJ20?d<AIHbc@*$S
z{}(Mhc97R0PaG`asf7kZb;(Z>E|nO>$!n4LL7ztqY>y$=7O_w-8O-L&M~2MSAmR+A
zu88^j;ZeZl2OUhnkuPF~Vo&+umu>$zb(0JRyB+qgYB;^YP=@@i&>1zw6SbcxU#evP
zn^2#hANpT?7iCl!%KE+D_v3^0o{}OyAcjs5MjBpbFggL5AarpHB^OPsFw|!$o$F@a
zNI8&H?O!SjEf=d;yFs)Q9P&_+ux58wYQny$dv_*UKate`1kt=ov(&9V4V7Uo;)#$v
znu?+ksUZP0(LF5EVv4jmR<7$_=w*Ubp+eT9-vZr??rdue_EQI<N;a1|87=bmH1s>A
znuNVLg|X|IV`ScW*{+w{{sn7<YHRfb_6UVj<aft#&ab>{H@%v|NGaxtgm~f5U4%uN
zY&3|lO`aMdB^Z}zSeTof8o_s_S~gOBK*cMZz#YNL{6NP14Qp2ax&>V;3&VY-8?C4G
GcmD#%SB#4Q

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_starts_with/test_starts_with.java b/regression/strings-smoke-tests/java_starts_with/test_starts_with.java
new file mode 100644
index 00000000000..aba79d846c0
--- /dev/null
+++ b/regression/strings-smoke-tests/java_starts_with/test_starts_with.java
@@ -0,0 +1,11 @@
+public class test_starts_with
+{
+   public static void main(/*String[] argv*/)
+   {
+      String s = new String("Abcd");
+      String pref = "Ab";
+      String bad_pref = "bc";
+      assert(s.startsWith(pref));
+      assert(s.startsWith(bad_pref));
+   }
+}
diff --git a/regression/strings-smoke-tests/java_string_builder_length/test.desc b/regression/strings-smoke-tests/java_string_builder_length/test.desc
new file mode 100644
index 00000000000..ba9187109ed
--- /dev/null
+++ b/regression/strings-smoke-tests/java_string_builder_length/test.desc
@@ -0,0 +1,7 @@
+FUTURE
+test_sb_length.class
+--refine-strings
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION SUCCESSFUL$
+--
diff --git a/regression/strings-smoke-tests/java_string_builder_length/test_sb_length.class b/regression/strings-smoke-tests/java_string_builder_length/test_sb_length.class
new file mode 100644
index 0000000000000000000000000000000000000000..cfc35874d26f44f91fc0291fbf4cc2eb1c058bfd
GIT binary patch
literal 722
zcmZuuO>fgc5Pjn~vEw*x;?OpH6zB&e4YaxR)(QayBt$8PAW(Cu*7hp6xK3m{{Fq)i
zat5SCq7vNsO$agTwy_Xgc4lYiy?OKY=kIUd0c@jdp^9q;uA8`FLBq0%n=0Naqk`Ki
zTQRU|p{$zLEUe>>fxCppx=0ckr@=5vo&<?-L+KN!PblpMQII|$6xtha2>Ra8mxTHK
zAd&~;6IaHsRWm=Fh#(?Vd#Ui=zZ9da%t8p}t`}Z#SiRvm_T;lbAsVSn(xb#Z3S~4%
z-)$X>55h(bb;6R$yP=2%-Ci08(ctko2z?o|3gLRHsYTFyX`_t|8*`Yq(ZM}JGY3Ap
zT<B>W4;eZ4_c#OhZERwTP|Go|++*pbgoXBgUOZQ@qqZ-J(MU$@%;x_Z{=r<R-eKVR
zj+u+k*}j~8FJ$Kli@r>PSo$;7>|;9S2e!SB75=>{e=yaWYFW+-VBx6q>F{ltBXKNt
zrl8NN5e+^|S&{g+ugqHe85C%rK|6E`Q|K=`PH}?L+b=Lq(dbNInjcX)L-}wD>xW{~
zGByXg8Uc%W>oCxQi3P5hpkHViSmbPJHfKAV4b+{=1okNm{S)-UR~R|rr94Gagl0cf
KOEj~2SN{Od36Tu|

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_string_builder_length/test_sb_length.java b/regression/strings-smoke-tests/java_string_builder_length/test_sb_length.java
new file mode 100644
index 00000000000..b616749ffb4
--- /dev/null
+++ b/regression/strings-smoke-tests/java_string_builder_length/test_sb_length.java
@@ -0,0 +1,9 @@
+public class test_sb_length
+{
+   public static void main(/*String[] argv*/)
+   {
+      StringBuilder x = new StringBuilder("abc");
+      x.append("de");
+      assert(x.length() == 5);
+   }
+}
diff --git a/regression/strings-smoke-tests/java_subsequence/test.desc b/regression/strings-smoke-tests/java_subsequence/test.desc
new file mode 100644
index 00000000000..34585a7900d
--- /dev/null
+++ b/regression/strings-smoke-tests/java_subsequence/test.desc
@@ -0,0 +1,7 @@
+FUTURE
+test_subsequence.class
+--refine-strings
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION SUCCESSFUL$
+--
diff --git a/regression/strings-smoke-tests/java_subsequence/test_subsequence.class b/regression/strings-smoke-tests/java_subsequence/test_subsequence.class
new file mode 100644
index 0000000000000000000000000000000000000000..0f8410939e1af315893c149dafa8190916146c35
GIT binary patch
literal 789
zcmZuuO>fgc5PchetmC+?<0K`Ngs+y851^L{4wQ;00V!$<hae<+fwi*~m(&4&@MC)6
z$Qde80TSH#QNY-=NvXK(?7n$3^WN;wUthliSjSBhCaMO`n^?ky0&1w|Vc;UiB@;TT
z9G6X8!BviBhSG|NA{oa1B#3%`B;2taF|Zv5eZvp@c#}bCG@ml4-N{HYEDZcWK1%jo
z89qtLl-L)3z%VzAh4*?}yvbmW6^?5R#)daOZetE7N$AOkep*zCWfVV;5;u}>6B&5&
z)}DALEX-k^CU;z~Ctp$z3#+(JjVv_Kv`~P>P)(U@V-f7Gbxx!|2*XLpV4v;E(X!CS
z4NA?b9=m(ei~oU!ap(uT42v^X_mv2T$Kn_YBz5+xHTwPL;Q!paq~D|34oy%S{brYT
zc8WQsb<>=YjQmiJrUqzvaY6~&^$z`wK|csEyP8_2n*v%e=ILCZSDhlGsI`v3KBh$2
zbm|$%kVkP!J)}~Na>B`NwKU^1ltEkh0yT$wZ8eLVZ7qwp)lbk4P^{VBdlbGwe|7}^
z<1bdXduK7HqT2Eln99gyGFC|dX`{h9x!`cf%@SeD^twZSw#d;7a^n!I4COb08b^tv
u%ow>Um5E=O8d%Rv0Y!(z=MTWu4^WjuXtRMQzSD*pa@PHHJByi~bAJGKN17A>

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_subsequence/test_subsequence.java b/regression/strings-smoke-tests/java_subsequence/test_subsequence.java
new file mode 100644
index 00000000000..4d8d79cb381
--- /dev/null
+++ b/regression/strings-smoke-tests/java_subsequence/test_subsequence.java
@@ -0,0 +1,14 @@
+public class test_subsequence
+{
+   public static void main(/*String[] argv*/)
+   {
+      String abcdef = "AbcDef";
+      CharSequence cde = abcdef.subSequence(2,5);
+      char c = cde.charAt(0);
+      char d = cde.charAt(1);
+      char e = cde.charAt(2);
+      assert(c == 'c');
+      assert(d == 'D');
+      assert(e == 'e');
+  }
+}
diff --git a/regression/strings-smoke-tests/java_substring/test.desc b/regression/strings-smoke-tests/java_substring/test.desc
new file mode 100644
index 00000000000..8a29460f529
--- /dev/null
+++ b/regression/strings-smoke-tests/java_substring/test.desc
@@ -0,0 +1,7 @@
+FUTURE
+test_substring.class
+--refine-strings
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION SUCCESSFUL$
+--
diff --git a/regression/strings-smoke-tests/java_substring/test_substring.class b/regression/strings-smoke-tests/java_substring/test_substring.class
new file mode 100644
index 0000000000000000000000000000000000000000..3ba0b60e7f2f7faf54110943d367cc5063d9aaf7
GIT binary patch
literal 740
zcmZ8eO>fgs5S$m=vE#a_^U*Xw0~AWhheU-`aiLU1Ns%G~9D<OV9+2%kic9Js+u_Ib
z!jTgPKx!qB;LeW%#x6}LlC{roc6N7W-_KuPzXRAp(}al?16323a5)KAaxk!}qh=zD
z6&+ViT*Gx8YXYTpCyHbk`;#E*`jO*~<w!sb1+v?I;Kw@xO1<$yK<!LMQedg?2lDCk
z$d%#qgv`W|;|BtZgV^!jJaOKpu#Ou7#<n;9+ru18rlBVv`AJ17mQnmNnz~UO`oY1S
zL+71iVG(%_ZM$AqzGAtBn^?DS3mX;|U<p(c+UD2^4mR88l6S*!5(?xmHq>$3LLChO
zdtUR*J(OO20UD&^1#&Yf0+o8N*XYm7&N%m}%zN#GZ8lKry+((Nm~%Q~?vSM;8Tp|c
z&D3!t@stTJaELWNfyws~b~W+CKLy+x@{CKo)p!b?TJsd*Q$mEzm`y=yL}5n#$Wo2D
z{bJ^EQ!`GW^jpda)CVn<ai^s*-cvtAJ4RvE_TFRR8?t++(0`m^HM{#iR$NwX`45-~
z$fN=`IGU<BGE4nBF#{E1HQw&h$u7MN>7z(i8Om>hnvN1bA?T-6CciwBzLnYm3PsA!
d9Ya??Kvlj#n-4s9oHW#su^uLSSx)s-{s3YPjAQ@+

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_substring/test_substring.java b/regression/strings-smoke-tests/java_substring/test_substring.java
new file mode 100644
index 00000000000..03a33fdbebd
--- /dev/null
+++ b/regression/strings-smoke-tests/java_substring/test_substring.java
@@ -0,0 +1,14 @@
+public class test_substring
+{
+   public static void main(/*String[] argv*/)
+   {
+      String abcdef = "AbcDef";
+      String cde = abcdef.substring(2,5);
+      char c = cde.charAt(0);
+      char d = cde.charAt(1);
+      char e = cde.charAt(2);
+      assert(c == 'c');
+      assert(d == 'D');
+      assert(e == 'e');
+   }
+}
diff --git a/regression/strings-smoke-tests/java_trim/test.desc b/regression/strings-smoke-tests/java_trim/test.desc
new file mode 100644
index 00000000000..c7a307c37ed
--- /dev/null
+++ b/regression/strings-smoke-tests/java_trim/test.desc
@@ -0,0 +1,8 @@
+FUTURE
+test_trim.class
+--refine-strings
+^EXIT=10$
+^SIGNAL=0$
+^\[.*assertion.1\].* line 6.* SUCCESS$
+^\[.*assertion.2\].* line 7.* FAILURE$
+--
diff --git a/regression/strings-smoke-tests/java_trim/test_trim.class b/regression/strings-smoke-tests/java_trim/test_trim.class
new file mode 100644
index 0000000000000000000000000000000000000000..33b34714ae2a5b39608f6624183a4d26028930b0
GIT binary patch
literal 641
zcmY*W(M}UV6g_u$yVEX9Tb2UVinf5#@*tY<CNUbs7ZD#yO!S3pyAv|dZprSH#9!$T
z_$(wP(FET8CPKWkN{cUdX3m^B=iEELZ+~6^*h0&LhowBK1?2I-!$Z_ec_gsx!Nrom
zV-HVI7ibXX*TOWFiB^L+eW%i}(~}W_z7pJR6)XLkU^iQz3C_+Sl7!Npisk;W-;v3I
zA@fB)R54+;t;6og$M7_R1y%_8?QZX%hSwepldgQP%!{IysXo++>OVgY&q5!wD6&nx
zUiUErpWpge#hQ<&ct)ri&So!+k2c@lMcqx3K|&}@gap=oG!4BxrGM%i%dY+pYO`y6
z#G#Elq0(&aP5FN>UlD{#cl)RMTh=>|qBP~~^mtx`#Ym<qk<la(cdv&j8a#53e}T$X
z(+clw@N7`zTH@0(uf%I^;}Z145K-ppW*|3&xd}Cbm7y;K>%%$h5f(PaaK^}uF!KxU
zmrIE23=bH;4;oo3lMUb)FV5hi27woxE?}ep>jpJ}`3eJ-iQ`u02h0WeF$yCH=Q|wx
V0`^q#E~rt-!Sdgjb`~<j#Xp==c=Z4P

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_trim/test_trim.java b/regression/strings-smoke-tests/java_trim/test_trim.java
new file mode 100644
index 00000000000..20dd7ba2796
--- /dev/null
+++ b/regression/strings-smoke-tests/java_trim/test_trim.java
@@ -0,0 +1,9 @@
+public class test_trim
+{
+   public static void main(/*String[] argv*/)
+   {
+      String empty = "   ";
+      assert(empty.trim().isEmpty());
+      assert(empty.isEmpty());
+   }
+}
diff --git a/regression/strings/RegexMatches01/test.desc b/regression/strings/RegexMatches01/test.desc
index 45cc542b352..e4259466e6b 100644
--- a/regression/strings/RegexMatches01/test.desc
+++ b/regression/strings/RegexMatches01/test.desc
@@ -1,6 +1,6 @@
 FUTURE
 RegexMatches01.class
---string-refine --unwind 100
+--refine-strings --unwind 100
 ^EXIT=0$
 ^SIGNAL=0$
 ^VERIFICATION SUCCESSFUL$
diff --git a/regression/strings/RegexMatches02/test.desc b/regression/strings/RegexMatches02/test.desc
index 86353d9a54c..006922c3d6a 100644
--- a/regression/strings/RegexMatches02/test.desc
+++ b/regression/strings/RegexMatches02/test.desc
@@ -1,6 +1,6 @@
 FUTURE
 RegexMatches02.class
---string-refine --unwind 100
+--refine-strings --unwind 100
 ^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
diff --git a/regression/strings/RegexSubstitution01/test.desc b/regression/strings/RegexSubstitution01/test.desc
index bc7ed3648f3..ccf24b2e8fa 100644
--- a/regression/strings/RegexSubstitution01/test.desc
+++ b/regression/strings/RegexSubstitution01/test.desc
@@ -1,6 +1,6 @@
 FUTURE
 RegexSubstitution01.class
---string-refine
+--refine-strings
 ^EXIT=0$
 ^SIGNAL=0$
 ^VERIFICATION SUCCESSFUL$
diff --git a/regression/strings/RegexSubstitution02/test.desc b/regression/strings/RegexSubstitution02/test.desc
index 0645c3ac9b8..7064bcc0333 100644
--- a/regression/strings/RegexSubstitution02/test.desc
+++ b/regression/strings/RegexSubstitution02/test.desc
@@ -1,6 +1,6 @@
 FUTURE
 RegexSubstitution02.class
---string-refine
+--refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
diff --git a/regression/strings/RegexSubstitution03/test.desc b/regression/strings/RegexSubstitution03/test.desc
index 20da1478b1a..4b0d5739c42 100644
--- a/regression/strings/RegexSubstitution03/test.desc
+++ b/regression/strings/RegexSubstitution03/test.desc
@@ -1,6 +1,6 @@
 FUTURE
 RegexSubstitution03.class
---string-refine
+--refine-strings
 ^EXIT=0$
 ^SIGNAL=0$
 ^VERIFICATION SUCCESSFUL$
diff --git a/regression/strings/StaticCharMethods01/test.desc b/regression/strings/StaticCharMethods01/test.desc
index 4b633e92bcf..a40f4534120 100644
--- a/regression/strings/StaticCharMethods01/test.desc
+++ b/regression/strings/StaticCharMethods01/test.desc
@@ -1,6 +1,6 @@
 FUTURE
 StaticCharMethods01.class
---string-refine
+--refine-strings
 ^EXIT=0$
 ^SIGNAL=0$
 ^VERIFICATION SUCCESSFUL$
diff --git a/regression/strings/StaticCharMethods02/test.desc b/regression/strings/StaticCharMethods02/test.desc
index 00aaaba8964..9366df6fa57 100644
--- a/regression/strings/StaticCharMethods02/test.desc
+++ b/regression/strings/StaticCharMethods02/test.desc
@@ -1,6 +1,6 @@
 FUTURE
 StaticCharMethods02.class
---string-refine
+--refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
diff --git a/regression/strings/StaticCharMethods03/test.desc b/regression/strings/StaticCharMethods03/test.desc
index 6f3d3bc5607..caba8503984 100644
--- a/regression/strings/StaticCharMethods03/test.desc
+++ b/regression/strings/StaticCharMethods03/test.desc
@@ -1,6 +1,6 @@
 FUTURE
 StaticCharMethods03.class
---string-refine
+--refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
diff --git a/regression/strings/StaticCharMethods04/test.desc b/regression/strings/StaticCharMethods04/test.desc
index 0c9484ef337..1f686c041c2 100644
--- a/regression/strings/StaticCharMethods04/test.desc
+++ b/regression/strings/StaticCharMethods04/test.desc
@@ -1,6 +1,6 @@
 FUTURE
 StaticCharMethods04.class
---string-refine
+--refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
diff --git a/regression/strings/StaticCharMethods05/test.desc b/regression/strings/StaticCharMethods05/test.desc
index 5b4a6b4b622..b21901ac84a 100644
--- a/regression/strings/StaticCharMethods05/test.desc
+++ b/regression/strings/StaticCharMethods05/test.desc
@@ -1,6 +1,6 @@
 FUTURE
 StaticCharMethods05.class
---string-refine
+--refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
diff --git a/regression/strings/StaticCharMethods06/test.desc b/regression/strings/StaticCharMethods06/test.desc
index 6f351b2c7cf..3caa6a7b878 100644
--- a/regression/strings/StaticCharMethods06/test.desc
+++ b/regression/strings/StaticCharMethods06/test.desc
@@ -1,6 +1,6 @@
 FUTURE
 StaticCharMethods06.class
---string-refine
+--refine-strings
 ^EXIT=0$
 ^SIGNAL=0$
 ^VERIFICATION SUCCESSFUL$
diff --git a/regression/strings/StringBuilderAppend01/test.desc b/regression/strings/StringBuilderAppend01/test.desc
index f1f89b629be..d0207fc9ea7 100644
--- a/regression/strings/StringBuilderAppend01/test.desc
+++ b/regression/strings/StringBuilderAppend01/test.desc
@@ -1,6 +1,6 @@
 FUTURE
 StringBuilderAppend01.class
---string-refine
+--refine-strings
 ^EXIT=0$
 ^SIGNAL=0$
 ^VERIFICATION SUCCESSFUL$
diff --git a/regression/strings/StringBuilderAppend02/test.desc b/regression/strings/StringBuilderAppend02/test.desc
index 1336c45c3d2..70357b670d8 100644
--- a/regression/strings/StringBuilderAppend02/test.desc
+++ b/regression/strings/StringBuilderAppend02/test.desc
@@ -1,6 +1,6 @@
 FUTURE
 StringBuilderAppend02.class
---string-refine
+--refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
diff --git a/regression/strings/StringBuilderCapLen01/test.desc b/regression/strings/StringBuilderCapLen01/test.desc
index 05516f08da2..4186f2534ac 100644
--- a/regression/strings/StringBuilderCapLen01/test.desc
+++ b/regression/strings/StringBuilderCapLen01/test.desc
@@ -1,6 +1,6 @@
 FUTURE
 StringBuilderCapLen01.class
---string-refine
+--refine-strings
 ^EXIT=0$
 ^SIGNAL=0$
 ^VERIFICATION SUCCESSFUL$
diff --git a/regression/strings/StringBuilderCapLen02/test.desc b/regression/strings/StringBuilderCapLen02/test.desc
index 72a0bbd72c2..f9db006ed0b 100644
--- a/regression/strings/StringBuilderCapLen02/test.desc
+++ b/regression/strings/StringBuilderCapLen02/test.desc
@@ -1,6 +1,6 @@
 FUTURE
 StringBuilderCapLen02.class
---string-refine
+--refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
diff --git a/regression/strings/StringBuilderCapLen03/test.desc b/regression/strings/StringBuilderCapLen03/test.desc
index 474bdc661ab..c35dfb33871 100644
--- a/regression/strings/StringBuilderCapLen03/test.desc
+++ b/regression/strings/StringBuilderCapLen03/test.desc
@@ -1,6 +1,6 @@
 FUTURE
 StringBuilderCapLen03.class
---string-refine
+--refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
diff --git a/regression/strings/StringBuilderCapLen04/test.desc b/regression/strings/StringBuilderCapLen04/test.desc
index fa342b79518..78930851e45 100644
--- a/regression/strings/StringBuilderCapLen04/test.desc
+++ b/regression/strings/StringBuilderCapLen04/test.desc
@@ -1,6 +1,6 @@
 FUTURE
 StringBuilderCapLen04.class
---string-refine
+--refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
diff --git a/regression/strings/StringBuilderChars01/test.desc b/regression/strings/StringBuilderChars01/test.desc
index 41dfe54abeb..48acfb25a5d 100644
--- a/regression/strings/StringBuilderChars01/test.desc
+++ b/regression/strings/StringBuilderChars01/test.desc
@@ -1,6 +1,6 @@
 FUTURE
 StringBuilderChars01.class
---string-refine --unwind 100
+--refine-strings --unwind 100
 ^EXIT=0$
 ^SIGNAL=0$
 ^VERIFICATION SUCCESSFUL$
diff --git a/regression/strings/StringBuilderChars02/test.desc b/regression/strings/StringBuilderChars02/test.desc
index 50e49d474bc..d9006ab74ba 100644
--- a/regression/strings/StringBuilderChars02/test.desc
+++ b/regression/strings/StringBuilderChars02/test.desc
@@ -1,6 +1,6 @@
 FUTURE
 StringBuilderChars02.class
---string-refine --unwind 100
+--refine-strings --unwind 100
 ^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
diff --git a/regression/strings/StringBuilderChars03/test.desc b/regression/strings/StringBuilderChars03/test.desc
index 23dda39df4e..d6f1cb4155c 100644
--- a/regression/strings/StringBuilderChars03/test.desc
+++ b/regression/strings/StringBuilderChars03/test.desc
@@ -1,6 +1,6 @@
 FUTURE
 StringBuilderChars03.class
---string-refine --unwind 100
+--refine-strings --unwind 100
 ^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
diff --git a/regression/strings/StringBuilderChars04/test.desc b/regression/strings/StringBuilderChars04/test.desc
index a68edd89395..37009795a48 100644
--- a/regression/strings/StringBuilderChars04/test.desc
+++ b/regression/strings/StringBuilderChars04/test.desc
@@ -1,6 +1,6 @@
 FUTURE
 StringBuilderChars04.class
---string-refine --unwind 100
+--refine-strings --unwind 100
 ^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
diff --git a/regression/strings/StringBuilderChars05/test.desc b/regression/strings/StringBuilderChars05/test.desc
index eeac328e02b..49aed9d48fd 100644
--- a/regression/strings/StringBuilderChars05/test.desc
+++ b/regression/strings/StringBuilderChars05/test.desc
@@ -1,6 +1,6 @@
 FUTURE
 StringBuilderChars05.class
---string-refine --unwind 100
+--refine-strings --unwind 100
 ^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
diff --git a/regression/strings/StringBuilderChars06/test.desc b/regression/strings/StringBuilderChars06/test.desc
index a3dc3712a5a..5ccf470590e 100644
--- a/regression/strings/StringBuilderChars06/test.desc
+++ b/regression/strings/StringBuilderChars06/test.desc
@@ -1,6 +1,6 @@
 FUTURE
 StringBuilderChars06.class
---string-refine --unwind 100
+--refine-strings --unwind 100
 ^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
diff --git a/regression/strings/StringBuilderConstructors01/test.desc b/regression/strings/StringBuilderConstructors01/test.desc
index 2c60f9bbbda..3e27d46c329 100644
--- a/regression/strings/StringBuilderConstructors01/test.desc
+++ b/regression/strings/StringBuilderConstructors01/test.desc
@@ -1,6 +1,6 @@
 KNOWNBUG
 StringBuilderConstructors01.class
---string-refine
+--refine-strings
 ^EXIT=0$
 ^SIGNAL=0$
 ^VERIFICATION SUCCESSFUL$
diff --git a/regression/strings/StringBuilderConstructors02/test.desc b/regression/strings/StringBuilderConstructors02/test.desc
index 5e951bc8079..f6c0cded34e 100644
--- a/regression/strings/StringBuilderConstructors02/test.desc
+++ b/regression/strings/StringBuilderConstructors02/test.desc
@@ -1,6 +1,6 @@
 KNOWNBUG
 StringBuilderConstructors02.class
---string-refine
+--refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
diff --git a/regression/strings/StringBuilderInsertDelete01/test.desc b/regression/strings/StringBuilderInsertDelete01/test.desc
index 4c3000d6a97..b2f927ad3b7 100644
--- a/regression/strings/StringBuilderInsertDelete01/test.desc
+++ b/regression/strings/StringBuilderInsertDelete01/test.desc
@@ -1,6 +1,6 @@
 FUTURE
 StringBuilderInsertDelete01.class
---string-refine
+--refine-strings
 ^EXIT=0$
 ^SIGNAL=0$
 ^VERIFICATION SUCCESSFUL$
diff --git a/regression/strings/StringBuilderInsertDelete02/test.desc b/regression/strings/StringBuilderInsertDelete02/test.desc
index ae4d0ca5b81..1e67f7eb3c0 100644
--- a/regression/strings/StringBuilderInsertDelete02/test.desc
+++ b/regression/strings/StringBuilderInsertDelete02/test.desc
@@ -1,6 +1,6 @@
 FUTURE
 StringBuilderInsertDelete02.class
---string-refine
+--refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
diff --git a/regression/strings/StringBuilderInsertDelete03/test.desc b/regression/strings/StringBuilderInsertDelete03/test.desc
index 3dfa92f0338..084038f4465 100644
--- a/regression/strings/StringBuilderInsertDelete03/test.desc
+++ b/regression/strings/StringBuilderInsertDelete03/test.desc
@@ -1,6 +1,6 @@
 FUTURE
 StringBuilderInsertDelete03.class
---string-refine
+--refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
diff --git a/regression/strings/StringCompare01/test.desc b/regression/strings/StringCompare01/test.desc
index 52b1d6d084c..007a6f798a7 100644
--- a/regression/strings/StringCompare01/test.desc
+++ b/regression/strings/StringCompare01/test.desc
@@ -1,6 +1,6 @@
 FUTURE
 StringCompare01.class
---string-refine
+--refine-strings
 ^EXIT=0$
 ^SIGNAL=0$
 ^VERIFICATION SUCCESSFUL$
diff --git a/regression/strings/StringCompare02/test.desc b/regression/strings/StringCompare02/test.desc
index eb52d1f1a58..971e6a98c81 100644
--- a/regression/strings/StringCompare02/test.desc
+++ b/regression/strings/StringCompare02/test.desc
@@ -1,6 +1,6 @@
 FUTURE
 StringCompare02.class
---string-refine
+--refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
diff --git a/regression/strings/StringCompare03/test.desc b/regression/strings/StringCompare03/test.desc
index bd0f3177acf..acc89c80c4a 100644
--- a/regression/strings/StringCompare03/test.desc
+++ b/regression/strings/StringCompare03/test.desc
@@ -1,6 +1,6 @@
 FUTURE
 StringCompare03.class
---string-refine
+--refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
diff --git a/regression/strings/StringCompare04/test.desc b/regression/strings/StringCompare04/test.desc
index 88ecddbfcf6..3ea3cbd7592 100644
--- a/regression/strings/StringCompare04/test.desc
+++ b/regression/strings/StringCompare04/test.desc
@@ -1,6 +1,6 @@
 FUTURE
 StringCompare04.class
---string-refine
+--refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
diff --git a/regression/strings/StringCompare05/test.desc b/regression/strings/StringCompare05/test.desc
index 1358a05a36b..ef6aac2b72e 100644
--- a/regression/strings/StringCompare05/test.desc
+++ b/regression/strings/StringCompare05/test.desc
@@ -1,6 +1,6 @@
 FUTURE
 StringCompare05.class
---string-refine
+--refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
diff --git a/regression/strings/StringConcatenation01/test.desc b/regression/strings/StringConcatenation01/test.desc
index a229b504571..6465f209faa 100644
--- a/regression/strings/StringConcatenation01/test.desc
+++ b/regression/strings/StringConcatenation01/test.desc
@@ -1,6 +1,6 @@
 KNOWNBUG
 StringConcatenation01.class
---string-refine
+--refine-strings
 ^EXIT=0$
 ^SIGNAL=0$
 ^VERIFICATION SUCCESSFUL$
diff --git a/regression/strings/StringConcatenation02/test.desc b/regression/strings/StringConcatenation02/test.desc
index 0e1faf53d5e..e6ea2349af8 100644
--- a/regression/strings/StringConcatenation02/test.desc
+++ b/regression/strings/StringConcatenation02/test.desc
@@ -1,6 +1,6 @@
 KNOWNBUG
 StringConcatenation02.class
---string-refine
+--refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
diff --git a/regression/strings/StringConcatenation03/test.desc b/regression/strings/StringConcatenation03/test.desc
index 3c01a4ee0a9..ecb497de375 100644
--- a/regression/strings/StringConcatenation03/test.desc
+++ b/regression/strings/StringConcatenation03/test.desc
@@ -1,6 +1,6 @@
 FUTURE
 StringConcatenation03.class
---string-refine
+--refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
diff --git a/regression/strings/StringConcatenation04/test.desc b/regression/strings/StringConcatenation04/test.desc
index 3dbecf065ba..1425e609a3a 100644
--- a/regression/strings/StringConcatenation04/test.desc
+++ b/regression/strings/StringConcatenation04/test.desc
@@ -1,6 +1,6 @@
 FUTURE
 StringConcatenation04.class
---string-refine
+--refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
diff --git a/regression/strings/StringConstructors01/test.desc b/regression/strings/StringConstructors01/test.desc
index ed57bdfdde5..b1465868c19 100644
--- a/regression/strings/StringConstructors01/test.desc
+++ b/regression/strings/StringConstructors01/test.desc
@@ -1,6 +1,6 @@
 FUTURE
 StringConstructors01.class
---string-refine
+--refine-strings
 ^EXIT=0$
 ^SIGNAL=0$
 ^VERIFICATION SUCCESSFUL$
diff --git a/regression/strings/StringConstructors02/test.desc b/regression/strings/StringConstructors02/test.desc
index e3904d1d557..37838aafbc9 100644
--- a/regression/strings/StringConstructors02/test.desc
+++ b/regression/strings/StringConstructors02/test.desc
@@ -1,6 +1,6 @@
 FUTURE
 StringConstructors02.class
---string-refine
+--refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
diff --git a/regression/strings/StringConstructors03/test.desc b/regression/strings/StringConstructors03/test.desc
index 0caf75f41ea..10193fc66c2 100644
--- a/regression/strings/StringConstructors03/test.desc
+++ b/regression/strings/StringConstructors03/test.desc
@@ -1,6 +1,6 @@
 FUTURE
 StringConstructors03.class
---string-refine
+--refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
diff --git a/regression/strings/StringConstructors04/test.desc b/regression/strings/StringConstructors04/test.desc
index 75364dcde22..2e6e88fa862 100644
--- a/regression/strings/StringConstructors04/test.desc
+++ b/regression/strings/StringConstructors04/test.desc
@@ -1,6 +1,6 @@
 FUTURE
 StringConstructors04.class
---string-refine
+--refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
diff --git a/regression/strings/StringConstructors05/test.desc b/regression/strings/StringConstructors05/test.desc
index e74dfc73f6c..a3c6a6c0437 100644
--- a/regression/strings/StringConstructors05/test.desc
+++ b/regression/strings/StringConstructors05/test.desc
@@ -1,6 +1,6 @@
 FUTURE
 StringConstructors05.class
---string-refine
+--refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
diff --git a/regression/strings/StringIndexMethods01/test.desc b/regression/strings/StringIndexMethods01/test.desc
index 005d4459f12..dc4c6f14324 100644
--- a/regression/strings/StringIndexMethods01/test.desc
+++ b/regression/strings/StringIndexMethods01/test.desc
@@ -1,6 +1,6 @@
 FUTURE
 StringIndexMethods01.class
---string-refine
+--refine-strings
 ^EXIT=0$
 ^SIGNAL=0$
 ^VERIFICATION SUCCESSFUL$
diff --git a/regression/strings/StringIndexMethods02/test.desc b/regression/strings/StringIndexMethods02/test.desc
index 28df14f0145..1114e980758 100644
--- a/regression/strings/StringIndexMethods02/test.desc
+++ b/regression/strings/StringIndexMethods02/test.desc
@@ -1,6 +1,6 @@
 FUTURE
 StringIndexMethods02.class
---string-refine
+--refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
diff --git a/regression/strings/StringIndexMethods03/test.desc b/regression/strings/StringIndexMethods03/test.desc
index 02f9934726b..69d7e5d5745 100644
--- a/regression/strings/StringIndexMethods03/test.desc
+++ b/regression/strings/StringIndexMethods03/test.desc
@@ -1,6 +1,6 @@
 FUTURE
 StringIndexMethods03.class
---string-refine
+--refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
diff --git a/regression/strings/StringIndexMethods04/test.desc b/regression/strings/StringIndexMethods04/test.desc
index cb94fecb6a6..0707dbe9105 100644
--- a/regression/strings/StringIndexMethods04/test.desc
+++ b/regression/strings/StringIndexMethods04/test.desc
@@ -1,6 +1,6 @@
 FUTURE
 StringIndexMethods04.class
---string-refine
+--refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
diff --git a/regression/strings/StringIndexMethods05/test.desc b/regression/strings/StringIndexMethods05/test.desc
index cb43b009246..bfe98a03e7c 100644
--- a/regression/strings/StringIndexMethods05/test.desc
+++ b/regression/strings/StringIndexMethods05/test.desc
@@ -1,6 +1,6 @@
 FUTURE
 StringIndexMethods05.class
---string-refine
+--refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
diff --git a/regression/strings/StringMiscellaneous01/test.desc b/regression/strings/StringMiscellaneous01/test.desc
index 050c3e99e90..624c8028cb3 100644
--- a/regression/strings/StringMiscellaneous01/test.desc
+++ b/regression/strings/StringMiscellaneous01/test.desc
@@ -1,6 +1,6 @@
 FUTURE
 StringMiscellaneous01.class
---string-refine --unwind 30
+--refine-strings --unwind 30
 ^EXIT=0$
 ^SIGNAL=0$
 ^VERIFICATION SUCCESSFUL$
diff --git a/regression/strings/StringMiscellaneous02/test.desc b/regression/strings/StringMiscellaneous02/test.desc
index 8f1a1d9475f..3fde950e418 100644
--- a/regression/strings/StringMiscellaneous02/test.desc
+++ b/regression/strings/StringMiscellaneous02/test.desc
@@ -1,6 +1,6 @@
 FUTURE
 StringMiscellaneous02.class
---string-refine --unwind 30
+--refine-strings --unwind 30
 ^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
diff --git a/regression/strings/StringMiscellaneous03/test.desc b/regression/strings/StringMiscellaneous03/test.desc
index 341867d536f..2a1a3f02739 100644
--- a/regression/strings/StringMiscellaneous03/test.desc
+++ b/regression/strings/StringMiscellaneous03/test.desc
@@ -1,6 +1,6 @@
 FUTURE
 StringMiscellaneous03.class
---string-refine --unwind 30
+--refine-strings --unwind 30
 ^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
diff --git a/regression/strings/StringMiscellaneous04/test.desc b/regression/strings/StringMiscellaneous04/test.desc
index 737ab3b0f8c..4c2c0491e5f 100644
--- a/regression/strings/StringMiscellaneous04/test.desc
+++ b/regression/strings/StringMiscellaneous04/test.desc
@@ -1,6 +1,6 @@
 FUTURE
 StringMiscellaneous04.class
---string-refine --unwind 30
+--refine-strings --unwind 30
 ^EXIT=0$
 ^SIGNAL=0$
 ^VERIFICATION SUCCESSFUL$
diff --git a/regression/strings/StringStartEnd01/test.desc b/regression/strings/StringStartEnd01/test.desc
index a5463d5b5ea..eba4f6eb2b0 100644
--- a/regression/strings/StringStartEnd01/test.desc
+++ b/regression/strings/StringStartEnd01/test.desc
@@ -1,6 +1,6 @@
 KNOWNBUG
 StringStartEnd01.class
---string-refine --unwind 30
+--refine-strings --unwind 30
 ^EXIT=0$
 ^SIGNAL=0$
 ^VERIFICATION SUCCESSFUL$
diff --git a/regression/strings/StringStartEnd02/test.desc b/regression/strings/StringStartEnd02/test.desc
index 8e623622f72..ff91ad0ce4d 100644
--- a/regression/strings/StringStartEnd02/test.desc
+++ b/regression/strings/StringStartEnd02/test.desc
@@ -1,6 +1,6 @@
 KNOWNBUG
 StringStartEnd02.class
---string-refine --unwind 30
+--refine-strings --unwind 30
 ^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
diff --git a/regression/strings/StringStartEnd03/test.desc b/regression/strings/StringStartEnd03/test.desc
index 2903ec98e3e..6b1695384ca 100644
--- a/regression/strings/StringStartEnd03/test.desc
+++ b/regression/strings/StringStartEnd03/test.desc
@@ -1,6 +1,6 @@
 KNOWNBUG
 StringStartEnd03.class
---string-refine --unwind 15
+--refine-strings --unwind 15
 ^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
diff --git a/regression/strings/StringValueOf01/test.desc b/regression/strings/StringValueOf01/test.desc
index 341f5e98975..c6098401ba0 100644
--- a/regression/strings/StringValueOf01/test.desc
+++ b/regression/strings/StringValueOf01/test.desc
@@ -1,6 +1,6 @@
 FUTURE
 StringValueOf01.class
---string-refine
+--refine-strings
 ^EXIT=0$
 ^SIGNAL=0$
 ^VERIFICATION SUCCESSFUL$
diff --git a/regression/strings/StringValueOf02/test.desc b/regression/strings/StringValueOf02/test.desc
index a10b398bf41..aa3fb97ba7c 100644
--- a/regression/strings/StringValueOf02/test.desc
+++ b/regression/strings/StringValueOf02/test.desc
@@ -1,6 +1,6 @@
 FUTURE
 StringValueOf02.class
---string-refine
+--refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
diff --git a/regression/strings/StringValueOf03/test.desc b/regression/strings/StringValueOf03/test.desc
index 4ed709a2404..4c7357c2278 100644
--- a/regression/strings/StringValueOf03/test.desc
+++ b/regression/strings/StringValueOf03/test.desc
@@ -1,6 +1,6 @@
 FUTURE
 StringValueOf03.class
---string-refine
+--refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
diff --git a/regression/strings/StringValueOf04/test.desc b/regression/strings/StringValueOf04/test.desc
index 0d8442e9de1..5cd66829b02 100644
--- a/regression/strings/StringValueOf04/test.desc
+++ b/regression/strings/StringValueOf04/test.desc
@@ -1,6 +1,6 @@
 KNOWNBUG
 StringValueOf04.class
---string-refine
+--refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
diff --git a/regression/strings/StringValueOf05/test.desc b/regression/strings/StringValueOf05/test.desc
index f77cdef0b8e..3f5b25f9ce3 100644
--- a/regression/strings/StringValueOf05/test.desc
+++ b/regression/strings/StringValueOf05/test.desc
@@ -1,6 +1,6 @@
 KNOWNBUG
 StringValueOf05.class
---string-refine
+--refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
diff --git a/regression/strings/StringValueOf06/test.desc b/regression/strings/StringValueOf06/test.desc
index 56551c4a14b..bf1c4048390 100644
--- a/regression/strings/StringValueOf06/test.desc
+++ b/regression/strings/StringValueOf06/test.desc
@@ -1,6 +1,6 @@
 KNOWNBUG
 StringValueOf06.class
---string-refine
+--refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
diff --git a/regression/strings/StringValueOf07/test.desc b/regression/strings/StringValueOf07/test.desc
index 6dde9de229d..7ba53c21fb6 100644
--- a/regression/strings/StringValueOf07/test.desc
+++ b/regression/strings/StringValueOf07/test.desc
@@ -1,6 +1,6 @@
 KNOWNBUG
 StringValueOf07.class
---string-refine
+--refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
diff --git a/regression/strings/StringValueOf08/test.desc b/regression/strings/StringValueOf08/test.desc
index 21d64075aaf..474c02ef13f 100644
--- a/regression/strings/StringValueOf08/test.desc
+++ b/regression/strings/StringValueOf08/test.desc
@@ -1,6 +1,6 @@
 FUTURE
 StringValueOf08.class
---string-refine
+--refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
diff --git a/regression/strings/StringValueOf09/test.desc b/regression/strings/StringValueOf09/test.desc
index 4ff97a7caef..a63f7bc3e0c 100644
--- a/regression/strings/StringValueOf09/test.desc
+++ b/regression/strings/StringValueOf09/test.desc
@@ -1,6 +1,6 @@
 FUTURE
 StringValueOf09.class
---string-refine
+--refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
diff --git a/regression/strings/StringValueOf10/test.desc b/regression/strings/StringValueOf10/test.desc
index 10e7f184189..3f8c5d6d60f 100644
--- a/regression/strings/StringValueOf10/test.desc
+++ b/regression/strings/StringValueOf10/test.desc
@@ -1,6 +1,6 @@
 FUTURE
 StringValueOf10.class
---string-refine
+--refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
diff --git a/regression/strings/SubString01/test.desc b/regression/strings/SubString01/test.desc
index 8eea70cf458..975e4d2e0a7 100644
--- a/regression/strings/SubString01/test.desc
+++ b/regression/strings/SubString01/test.desc
@@ -1,6 +1,6 @@
 KNOWNBUG
 SubString01.class
---string-refine
+--refine-strings
 ^EXIT=0$
 ^SIGNAL=0$
 ^VERIFICATION SUCCESSFUL$
diff --git a/regression/strings/SubString02/test.desc b/regression/strings/SubString02/test.desc
index 063ce88f0f2..bdafa21bc63 100644
--- a/regression/strings/SubString02/test.desc
+++ b/regression/strings/SubString02/test.desc
@@ -1,6 +1,6 @@
 KNOWNBUG
 SubString02.class
---string-refine
+--refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
diff --git a/regression/strings/SubString03/test.desc b/regression/strings/SubString03/test.desc
index f985329ce2d..961f1a92ce8 100644
--- a/regression/strings/SubString03/test.desc
+++ b/regression/strings/SubString03/test.desc
@@ -1,6 +1,6 @@
 KNOWNBUG
 SubString03.class
---string-refine
+--refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
diff --git a/regression/strings/TokenTest01/test.desc b/regression/strings/TokenTest01/test.desc
index 02a11e8e392..122e6a8830a 100644
--- a/regression/strings/TokenTest01/test.desc
+++ b/regression/strings/TokenTest01/test.desc
@@ -1,6 +1,6 @@
 FUTURE
 TokenTest01.class
---string-refine --unwind 30
+--refine-strings --unwind 30
 ^EXIT=0$
 ^SIGNAL=0$
 ^VERIFICATION SUCCESSFUL$
diff --git a/regression/strings/TokenTest02/test.desc b/regression/strings/TokenTest02/test.desc
index 48e6b0c1ab6..6d1dabed602 100644
--- a/regression/strings/TokenTest02/test.desc
+++ b/regression/strings/TokenTest02/test.desc
@@ -1,6 +1,6 @@
 FUTURE
 TokenTest02.class
---string-refine --unwind 15
+--refine-strings --unwind 15
 ^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
diff --git a/regression/strings/Validate01/test.desc b/regression/strings/Validate01/test.desc
index e797b2735aa..649136a2956 100644
--- a/regression/strings/Validate01/test.desc
+++ b/regression/strings/Validate01/test.desc
@@ -1,6 +1,6 @@
 FUTURE
 Validate01.class
---string-refine
+--refine-strings
 ^EXIT=0$
 ^SIGNAL=0$
 ^VERIFICATION SUCCESSFUL$
diff --git a/regression/strings/Validate02/test.desc b/regression/strings/Validate02/test.desc
index a5a3a6f1d20..22251c38a95 100644
--- a/regression/strings/Validate02/test.desc
+++ b/regression/strings/Validate02/test.desc
@@ -1,6 +1,6 @@
 FUTURE
 Validate02.class
---string-refine
+--refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
diff --git a/regression/strings/bug-test-gen-095/test.class b/regression/strings/bug-test-gen-095/test.class
new file mode 100644
index 0000000000000000000000000000000000000000..3895d218c3d8e77e3a8cabefd360d149dd58cf12
GIT binary patch
literal 822
zcmZuvO>+`K5Ph@2&a!L*Aq4OvYBVYz322O7NLgx(C!z-|t;Ev+BTn2bxF7x){(xt-
z3aU(%-u+Kn_K*<DB$t_<?$@thchB#?KYjw(#3LK?SmwB9!@zY58GYZ-$4U|oZd$ly
zV->eK?%1$3@~({%${ZDj#Z?gm(hpVN3!bY$v|ZU{VEYW_mhx2im?2gwzhQ`P_q&oI
z-Bg}@86CEz|5}47a43|=kT1P!9*EDP?h3D0Z-u_{dJUa8*9t}F<E|J?@FbI?%3y7E
z+!KDg)sOs+e4#X3GL%7B(?kvykYy;GC4Cktw<~=eUURUHnu9v-IY=YJV7%`Uy@UJM
zU?|Q~pH7?H@%_F}qIDUL2M*2eAwy<{eAPaXo$x=`aWf1{rHeZ>#b6*k8r%9sfO9z~
z4K!#7VSmb<E0xay31P}lk#K`EwU0G6%Cx2QO!>A;tE5GAWuSc7J#CrhA4U|QJ?>+L
ze#AU|8<r{RiIEip)03uikzUJmGrAL%G1ylPM2=2#;-vLp33;+L^aJ9Q4AhTc>{VhL
zW5k-(Y<z^o+v*7B?l<rua%)*@gyayZBiMUmq<(2qV?vrog6srRM4tsm0TyahqCnmh
x*dNq5iX4~7efd=2=0pjwkab3w8-mBbARhY;KI5H=)jSCp&J*3zl}XvF{{WJ7sz(3-

literal 0
HcmV?d00001

diff --git a/regression/strings/bug-test-gen-095/test.desc b/regression/strings/bug-test-gen-095/test.desc
new file mode 100644
index 00000000000..a40f9e43402
--- /dev/null
+++ b/regression/strings/bug-test-gen-095/test.desc
@@ -0,0 +1,7 @@
+KNOWNBUG
+test.class
+--refine-strings
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION SUCCESSFUL$
+--
diff --git a/regression/strings/bug-test-gen-095/test.java b/regression/strings/bug-test-gen-095/test.java
new file mode 100644
index 00000000000..a6910527551
--- /dev/null
+++ b/regression/strings/bug-test-gen-095/test.java
@@ -0,0 +1,10 @@
+public class test
+{
+   public static void main(String[] args)
+   {
+      StringBuilder sb = new StringBuilder(args[0]);
+      sb.append("Z");
+      String s = sb.toString();
+      assert(s.equals("fg"));
+   }
+}
diff --git a/regression/strings/cprover-string-hack.h b/regression/strings/cprover-string-hack.h
index 1ec17bca535..86af21533f8 100644
--- a/regression/strings/cprover-string-hack.h
+++ b/regression/strings/cprover-string-hack.h
@@ -1,18 +1,32 @@
-typedef struct __CPROVER_string { char *s; } __CPROVER_string;
-//typedef struct __CPROVER_char { char c; } __CPROVER_char;
-typedef unsigned char __CPROVER_char;
+/*******************************************************************\
+
+Module: Hack for C string tests
+
+Author: Romain Brenguier
+
+\*******************************************************************/
+
+#ifndef CPROVER_ESSION_STRINGS_CPROVER_STRING_HACK_H
+#define CPROVER_ESSION_STRINGS_CPROVER_STRING_HACK_H
+
+typedef struct __attribute__((__packed__)) __CPROVER_refined_string_type // NOLINT
+  { int length; char content[]; } __CPROVER_refined_string_type;
+typedef __CPROVER_refined_string_type __CPROVER_string;                  //NOLINT
 
 /******************************************************************************
  * CPROVER string functions
  ******************************************************************************/
 /* returns s[p] */
-#define __CPROVER_char_at(s, p) __CPROVER_uninterpreted_string_char_at_func(s, p)
+#define __CPROVER_char_at(s, p) \
+  __CPROVER_uninterpreted_string_char_at_func(s, p)
 
 /* string equality */
-#define __CPROVER_string_equal(s1, s2) __CPROVER_uninterpreted_string_equal_func(s1, s2)
+#define __CPROVER_string_equal(s1, s2) \
+  __CPROVER_uninterpreted_string_equal_func(s1, s2)
 
 /* defines a string literal, e.g. __CPROVER_string_literal("foo") */
-#define __CPROVER_string_literal(s) __CPROVER_uninterpreted_string_literal_func(s)
+#define __CPROVER_string_literal(s) \
+  __CPROVER_uninterpreted_string_literal_func(s)
 
 /* defines a char literal, e.g. __CPROVER_char_literal("c"). NOTE: you
  * *must* use a C string literal as argument (i.e. double quotes "c", not
@@ -20,30 +34,39 @@ typedef unsigned char __CPROVER_char;
 #define __CPROVER_char_literal(c) __CPROVER_uninterpreted_char_literal_func(c)
 
 /* produces the concatenation of s1 and s2 */
-#define __CPROVER_string_concat(s1, s2) __CPROVER_uninterpreted_string_concat_func(s1, s2)
+#define __CPROVER_string_concat(s1, s2) \
+  __CPROVER_uninterpreted_string_concat_func(s1, s2)
 
 /* return the length of s */
-#define __CPROVER_string_length(s) __CPROVER_uninterpreted_string_length_func(s)
+#define __CPROVER_string_length(s) \
+  __CPROVER_uninterpreted_string_length_func(s)
 
 /* extracts the substring between positions i and j (j not included) */
-#define __CPROVER_string_substring(s, i, j) __CPROVER_uninterpreted_string_substring_func(s, i, j)
+#define __CPROVER_string_substring(s, i, j) \
+  __CPROVER_uninterpreted_string_substring_func(s, i, j)
 
 /* test whether p is a prefix of s */
-#define __CPROVER_string_isprefix(p, s) __CPROVER_uninterpreted_string_is_prefix_func(p, s)
+#define __CPROVER_string_isprefix(p, s) \
+  __CPROVER_uninterpreted_string_is_prefix_func(p, s)
 
 /* test whether p is a suffix of s */
-#define __CPROVER_string_issuffix(p, s) __CPROVER_uninterpreted_string_is_suffix_func(p, s)
+#define __CPROVER_string_issuffix(p, s) \
+  __CPROVER_uninterpreted_string_is_suffix_func(p, s)
 /* test whether p contains s */
-#define __CPROVER_string_contains(p, s) __CPROVER_uninterpreted_string_contains_func(p, s)
+#define __CPROVER_string_contains(p, s) \
+  __CPROVER_uninterpreted_string_contains_func(p, s)
 
 /* first index where character c appears, -1 if not found */
-#define __CPROVER_string_index_of(s, c) __CPROVER_uninterpreted_string_index_of_func(s, c)
+#define __CPROVER_string_index_of(s, c) \
+  __CPROVER_uninterpreted_string_index_of_func(s, c)
 
 /* last index where character c appears */
-#define __CPROVER_string_last_index_of(s, c) __CPROVER_uninterpreted_string_last_index_of_func(s, c)
+#define __CPROVER_string_last_index_of(s, c) \
+  __CPROVER_uninterpreted_string_last_index_of_func(s, c)
 
 /* returns a new string obtained from s by setting s[p] = c */
-#define __CPROVER_char_set(s, p, c) __CPROVER_uninterpreted_string_char_set_func(s, p, c)
+#define __CPROVER_char_set(s, p, c) \
+  __CPROVER_uninterpreted_string_char_set_func(s, p, c)
 
 
 #define __CPROVER_string_copy(s) __CPROVER_uninterpreted_string_copy_func(s)
@@ -54,19 +77,32 @@ typedef unsigned char __CPROVER_char;
 /******************************************************************************
  * don't use these directly
  ******************************************************************************/
-extern __CPROVER_char __CPROVER_uninterpreted_string_char_at_func(__CPROVER_string str, int pos);
-extern __CPROVER_bool __CPROVER_uninterpreted_string_equal_func(__CPROVER_string str1, __CPROVER_string str2);
+extern char __CPROVER_uninterpreted_string_char_at_func(
+  __CPROVER_string str, int pos);
+extern __CPROVER_bool __CPROVER_uninterpreted_string_equal_func(
+  __CPROVER_string str1, __CPROVER_string str2);
 extern __CPROVER_string __CPROVER_uninterpreted_string_literal_func(char * str);
-extern __CPROVER_char __CPROVER_uninterpreted_char_literal_func();
-extern __CPROVER_string __CPROVER_uninterpreted_string_concat_func(__CPROVER_string str1, __CPROVER_string str2);
+extern char __CPROVER_uninterpreted_char_literal_func();
+extern __CPROVER_string __CPROVER_uninterpreted_string_concat_func(
+  __CPROVER_string str1, __CPROVER_string str2);
 extern int __CPROVER_uninterpreted_string_length_func(__CPROVER_string str);
-extern __CPROVER_string __CPROVER_uninterpreted_string_substring_func(__CPROVER_string str, int i, int j);
-extern __CPROVER_bool __CPROVER_uninterpreted_string_is_prefix_func(__CPROVER_string pref, __CPROVER_string str);
-extern __CPROVER_bool __CPROVER_uninterpreted_string_is_suffix_func(__CPROVER_string suff, __CPROVER_string str);
-extern __CPROVER_bool __CPROVER_uninterpreted_string_contains_func(__CPROVER_string str1, __CPROVER_string str2);
-extern int __CPROVER_uninterpreted_string_index_of_func(__CPROVER_string str, __CPROVER_char c);
-extern int __CPROVER_uninterpreted_string_last_index_of_func(__CPROVER_string str, __CPROVER_char c);
-extern __CPROVER_string __CPROVER_uninterpreted_string_char_set_func(__CPROVER_string str, int pos, __CPROVER_char c);
-extern __CPROVER_string __CPROVER_uninterpreted_string_copy_func(__CPROVER_string str);
+extern __CPROVER_string __CPROVER_uninterpreted_string_substring_func(
+  __CPROVER_string str, int i, int j);
+extern __CPROVER_bool __CPROVER_uninterpreted_string_is_prefix_func(
+  __CPROVER_string pref, __CPROVER_string str);
+extern __CPROVER_bool __CPROVER_uninterpreted_string_is_suffix_func(
+  __CPROVER_string suff, __CPROVER_string str);
+extern __CPROVER_bool __CPROVER_uninterpreted_string_contains_func(
+  __CPROVER_string str1, __CPROVER_string str2);
+extern int __CPROVER_uninterpreted_string_index_of_func(
+  __CPROVER_string str, char c);
+extern int __CPROVER_uninterpreted_string_last_index_of_func(
+  __CPROVER_string str, char c);
+extern __CPROVER_string __CPROVER_uninterpreted_string_char_set_func(
+  __CPROVER_string str, int pos, char c);
+extern __CPROVER_string __CPROVER_uninterpreted_string_copy_func(
+  __CPROVER_string str);
 extern int __CPROVER_uninterpreted_string_parse_int_func(__CPROVER_string str);
 extern __CPROVER_string __CPROVER_uninterpreted_string_of_int_func(int i);
+
+#endif
diff --git a/regression/strings/java_append_char/test.desc b/regression/strings/java_append_char/test.desc
new file mode 100644
index 00000000000..f38fb748736
--- /dev/null
+++ b/regression/strings/java_append_char/test.desc
@@ -0,0 +1,7 @@
+FUTURE
+test_append_char.class
+--refine-strings
+^EXIT=10$
+^SIGNAL=0$
+^\[.*assertion.1\].* line 15.* FAILURE$
+--
diff --git a/regression/strings/java_append_char/test_append_char.class b/regression/strings/java_append_char/test_append_char.class
new file mode 100644
index 0000000000000000000000000000000000000000..c0b1491423bc49272f64e59437a7ede14fa3277d
GIT binary patch
literal 999
zcmZWn+fvg|6kVrHd)hS6aw*gcD2mu}D=I2l1f*Ub1aziWr|`g}%_#=cq~_v`pCUit
zvp7>marE7fQuk?v3QW_ToOSkPt-bfJ-`{=!n8%8WBt|(dsR&_In#<CR#c>5!RgB|W
z96gwb;kt?}avYN?5;9;)#WZF(W*G*?b<Y#7Z#uU3$n^B8B@70($q-#MZPQ<32xoJz
z7?h%82!`aEX^V}ZQ5Eh>=}Z?5-Lx5cO1@ruyRJ9eFh`zvam+Eq7HihOOlrvq+?se|
z%DA*IJbznnHid0$*WT#v?5_S^*U*mvhGF@gw{&|aU-Dhk-dPPy%Mh-H8@Q?A7Unr_
zYq*2E919xm;l73x`ly;=*6UR(5L8=30gDWoZmx$%S|7Wv<1(a9bKrQOVF}B0)s1>y
z-4!*TA+%LIfp?fur#d1SMzUMQ+*&vA1oZ-u^PQuZ!R%Q_^7yZ6>4WEs2DRS_sCK%O
z)^zeOs2x6~5qg6H2HMq5!VJ7Aoh%wlI(vpsL5?#j-UYhlopR_XE#zqY$*zo|MLWVU
zWC+i6g>l?Onz$d(1ue)X#%R@&w3aNDk&~dWFqj-B*+Dvu(3{aaGI;>@Svn$3HrfUm
z;ut!1{R)MCK%IY&RKh8vTv1YHxe`g$%atgZXC1sMaZBQX#6@}S5TVKe!t2wMEhtm;
ze?8qoWMd!EnHKmyVtW{z>5sRdenjFB33AqcN-m)`mkDA)1d$<DbBJL9D(yl7t0e6y
zda*$Q1&JFbuQb>nIw%~O_H&NoJi#$sIF>QrmIn0o_q5Qv2d;dA68?f%x8jj{nK6Qp
Nwjz6Ukq#k@`~_x<)`b87

literal 0
HcmV?d00001

diff --git a/regression/strings/java_append_char/test_append_char.java b/regression/strings/java_append_char/test_append_char.java
new file mode 100644
index 00000000000..90e9ab089a2
--- /dev/null
+++ b/regression/strings/java_append_char/test_append_char.java
@@ -0,0 +1,17 @@
+public class test_append_char
+{
+   public static void main(/*String[] args*/)
+   {
+      char[] diff = {'d', 'i', 'f', 'f'};
+      char[] blue = {'b', 'l', 'u', 'e'};
+
+      StringBuilder buffer = new StringBuilder();
+
+      buffer.append(diff)
+            .append(blue);
+
+      String tmp=buffer.toString();
+      System.out.println(tmp);
+      assert(!tmp.equals("diffblue"));
+   }
+}
diff --git a/regression/strings/java_append_int/test.desc b/regression/strings/java_append_int/test.desc
new file mode 100644
index 00000000000..d65eecf13f5
--- /dev/null
+++ b/regression/strings/java_append_int/test.desc
@@ -0,0 +1,7 @@
+FUTURE
+test_append_int.class
+--refine-strings
+^EXIT=10$
+^SIGNAL=0$
+^\[.*assertion.1\].* line 9.* FAILURE$
+--
diff --git a/regression/strings/java_append_int/test_append_int.class b/regression/strings/java_append_int/test_append_int.class
new file mode 100644
index 0000000000000000000000000000000000000000..d9ee5046e7d68f976c15ed958ecd8f1ee7d75712
GIT binary patch
literal 842
zcmaJ<T~8BH5IwW~*zI=fmQtW1RZ-No2(?)Cp~R@5iLu~AjYM9^wtGVsm)*L%^}om;
z@L5etB8k5HpES<hQmT^pGIQ^IoOABX{qgJTHvmmM&|#vi;<63}Wer!Pzbeh5G}ki7
z;kt$;9XD`O#Vs9KSzggmMNP#rVS335LlH!d?}eLAXmwp-6KI!^UUxhvdPqoAs;>#j
z4c`_7v+a0ddvMql!7EwJi9^fr2)RyV_1<n-{W#2$RNN+L>pk}rM(_B8peLR=vZ)w}
zFxs>Fec{=Aju)*SSnn+Z1xyp><hkxz-hRCk1&+7>WZ<~A2w0YFU<Iqv)D7H0!$2NW
z1jTMLn}IdlC6p%ZkH=4Y8U#M~oByz?Xd1YO`-J?Y>1Fpo^rF8)BN;rBkzm3~r9EjF
zWn0yAp;O&0!b0Ww|I%9Ik12|k^MwqM7Vid@8xm&zWFARvRe4+HM9+rHD<#a@B6I>_
zpACT*6b(4R``pDM{|uA=5amm9hI~qZ<owwd`Br96>{GR4&?i}l8Mf&-NXTIJtkmb9
zrf_cU1j?IZBwo}C$stlZHFb#ePHhOa{TbR3ipzz}5c&sXPmtw8<GaLFV%&K~W-@5(
zO{g5xFwZOv=$PY77W5Mh6(toH<J4GZGZq9)6>>vdID(q|h-Bgmv<dcDv&2b3F&@d6
JU5cp}egl`Yuq^-p

literal 0
HcmV?d00001

diff --git a/regression/strings/java_append_int/test_append_int.java b/regression/strings/java_append_int/test_append_int.java
new file mode 100644
index 00000000000..cf550211ad7
--- /dev/null
+++ b/regression/strings/java_append_int/test_append_int.java
@@ -0,0 +1,11 @@
+public class test_append_int
+{
+   public static void main(/*String[] args*/)
+   {
+      StringBuilder diffblue = new StringBuilder();
+      diffblue.append("d");
+      diffblue.append(4);
+      String s = diffblue.toString();
+      assert(!s.equals("d4"));
+   }
+}
diff --git a/regression/strings/java_append_object/test.desc b/regression/strings/java_append_object/test.desc
new file mode 100644
index 00000000000..f15910bca93
--- /dev/null
+++ b/regression/strings/java_append_object/test.desc
@@ -0,0 +1,7 @@
+FUTURE
+test_append_object.class
+--refine-strings
+^EXIT=10$
+^SIGNAL=0$
+^\[.*assertion.1\].* line 15.* FAILURE$
+--
diff --git a/regression/strings/java_append_object/test_append_object.class b/regression/strings/java_append_object/test_append_object.class
new file mode 100644
index 0000000000000000000000000000000000000000..fbfec51a3f57335b721c7595809fc57a37678b94
GIT binary patch
literal 992
zcmZWn*>2N76g`uq8OL#!Cf(Rm2qkHohNY|tr3>&vTabc4^rdp*Y31VB!3z>!!882<
zo+(l)Q3>ApDBzAmnx>WQJDxjd&OLYe{pZI|0E<{tF^YnMX$4m~uBnKjAWc!4>j})@
zhKdr(31l#<U{1w6DjW+cQYdg#Rouiaj@u0RqV9RZ^-ah2o|>NCw1mOHwix1d(>DDj
zhG?n$h9S1*7=j_QZrWlqXg7uXT7v1It(!JOs^ROc_ZxaAbQ3q};<&@0)LYhnCbi)N
zZc98j<-JK?c>cED=?L4{cA9&l<uB~%A9W357$;i8+}WX}X$2B2PpXz~?^YYWYudZ3
zfoU1S)u<SEHQd8}jt3eZ;t@wpLmiJb<dCQ6l16fn77a^y!Z0=9TIuKh%yk`?A$L|2
z$FhbMtTJQ=_g;o_hg>~bRJLA543*OQ=?k^;3D-~_HB#z3eU7oxSs)=!2xxrre9@-f
zIDyYF-lH|0>MN>^Pc%Yr(}jE}VA##TI}&73&&E$m>;<pMUdP3UK)1Y8fL_wIGR;P2
zklC6=1H>?42+wqdaa>Uv2S1<#nw~98(;SY{<g)CPYzzHG!DOGwPSEZWt&G-@*+Z~z
z5{OB%@zBYTz|=AHGa@wOKs^_Ek&CV$A@=SNBOCLxUBu_;dpq9+-#ma)=^}9ebsuAu
zT(S%83zA1j5jg!zMu>zFW{8`@lAJg_3er$XR+8eSNK_g{5?(_V=Lkh&|I#MLaXx%6
ua9kv}Lco3=i=kj(G?(cjyAK}widghJ)Ir34PLgp15p7v!ewj8AT=@rV@YR?A

literal 0
HcmV?d00001

diff --git a/regression/strings/java_append_object/test_append_object.java b/regression/strings/java_append_object/test_append_object.java
new file mode 100644
index 00000000000..e139a01679a
--- /dev/null
+++ b/regression/strings/java_append_object/test_append_object.java
@@ -0,0 +1,17 @@
+public class test_append_object
+{
+   public static void main(/*String[] args*/)
+   {
+      Object diff = "diff";
+      Object blue = "blue";
+
+      StringBuilder buffer = new StringBuilder();
+
+      buffer.append(diff)
+            .append(blue);
+
+      String tmp=buffer.toString();
+      System.out.println(tmp);
+      assert(!tmp.equals("diffblue"));
+   }
+}
diff --git a/regression/strings/java_append_string/test.desc b/regression/strings/java_append_string/test.desc
new file mode 100644
index 00000000000..7b6ea8ccae7
--- /dev/null
+++ b/regression/strings/java_append_string/test.desc
@@ -0,0 +1,7 @@
+FUTURE
+test_append_string.class
+--refine-strings
+^EXIT=10$
+^SIGNAL=0$
+^\[.*assertion.1\].* line 12.* FAILURE$
+--
diff --git a/regression/strings/java_append_string/test_append_string.class b/regression/strings/java_append_string/test_append_string.class
new file mode 100644
index 0000000000000000000000000000000000000000..f2cb5cf8bea64858805fef9f4a7b85663a237736
GIT binary patch
literal 1032
zcmZ`%YfsZq7=F%f?Meru444;G5OFYIiYO|G+zkq9GNXYnq^xJ;VAsyJGx3j@$RF^t
zm~4q8`rRKzd{4(%Ci<c8dHdd;=e_(s{qYmPES_n|U_`-96{8v=xTRoBLmVSg+*XlG
zVjL41@|cvCDXC2-VW6Pmj!d|#U`9h)*0`rp!TSmxF!YU@zR$ftxQ@Rjd~@IC76aR5
zNGu3P1d9yO-1u9D*s5!BhMq0q@Rzm9KKI_pU~*JU;V`6%fmwRLZB|1w@g#l>>O#pr
zE29<Nnpff*LM9Cc+z<B5YLz?Io*#I^IhZ~)KbkrQk!46ry<nTpL7^Br86uXD&N<5c
z+qqH`w#7Xi5Alcs%Vh<Rb<ATy!4n;ec&cLw%Tk-u(T@S*Y>9GN#|l;%vh8xqtx>Fd
zp6f9f7g;J;)3J_?4vw$(4|yqI=+AAni#3VQ%h@HGjWSIAE8s%TSwHg~7{yP1z$>&3
zw<eLANy06>rr8CA#mx#O^o97HW(K7ygKXMT2g4@qkf9p5twCpU;};lF<plpwGj0Dr
zCFovy+O4nJbW{uj7Wak6t@E+ci3Bxr&_(THm~Jyer_It?xfIf(pyeV<@)G?G(aY$K
zPc*>3$v|8tnFx&xNnAM({Y<G*@;yI6WXFg$5PNZg_)Y_ft^7nC%DcRw%I6r#d>tBn
zUE8Ej)}bFGb%e~M(OpN+7j&H<O=-QqBwi%M8zUql0gaFiD1@ovI@!j^l1CS2pkos$
zT&1XPuv2U*7*cSJWEk0MXEx*w^cqGTeMeAYUlEIbN2(3gYE71kBcd<K0o<UU2!{Uv
D<SE~p

literal 0
HcmV?d00001

diff --git a/regression/strings/java_append_string/test_append_string.java b/regression/strings/java_append_string/test_append_string.java
new file mode 100644
index 00000000000..54665da29cc
--- /dev/null
+++ b/regression/strings/java_append_string/test_append_string.java
@@ -0,0 +1,14 @@
+public class test_append_string
+{
+   public static void main(/*String[] args*/)
+   {
+      String di = new String("di");
+      StringBuilder diff = new StringBuilder();
+      diff.append(di);
+      diff.append("ff");
+      System.out.println(diff);
+      String s = diff.toString();
+      System.out.println(s);
+      assert (!s.equals("diff"));
+   }
+}
diff --git a/regression/strings/java_case/test.desc b/regression/strings/java_case/test.desc
index 9f48288c694..47db60a36d9 100644
--- a/regression/strings/java_case/test.desc
+++ b/regression/strings/java_case/test.desc
@@ -1,10 +1,7 @@
 FUTURE
 test_case.class
---string-refine
+--refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
-^\[assertion.1\] assertion at file test_case.java line 11: SUCCESS$
-^\[assertion.2\] assertion at file test_case.java line 12: SUCCESS$
-^\[assertion.3\] assertion at file test_case.java line 13: SUCCESS$
-^\[assertion.4\] assertion at file test_case.java line 14: FAILURE$
+^\[.*assertion.1\].* line 8.* FAILURE$
 --
diff --git a/regression/strings/java_case/test_case.class b/regression/strings/java_case/test_case.class
index 8579881de17ec58f4ebd0d9ac2375d1e7d0ca94e..5887b496986fb7f563de13bd3e40911264f14773 100644
GIT binary patch
delta 499
zcmYL^%P(tD6vlu1^l?s4PqjU_-ilk)y)CyM^-Ksx!fhm&bR>s}a7Bd1)Xd1>N=N(y
z#z@+PgrUU1pCr~kf@J60-+F!DS~u2nc;)5o{t+lLZIh(aq|2h)#^9%hjE0^Fae6KK
zbda^^xA>*$Z<Cx&Ob_L41{gH?b5UMS#?~s{*1wW>xbAK4Z;Rr^Yko0Bqav~Aop^<P
z?_j5}Ryo=|*ijhsn+_=o4nqt(jA(HAAq7tgqZD<^f({oP#u%?Isk9rZY#&!Pw!C9e
zpKzFDs`_88R!5EV)3{s#D$$}<gauF{-zeB5QCfZ_e<)W+-RMS|1;c()5uxR)^-M+s
zQk#9iD7%3=!R1_y&|iUY=@#>fY~HnML@r4WxVBGHxl=b<!?`5-K&)J+;YphqzDWj4
zcnDkU;+V3PMOG{ek{J^|LzGtOXh6L&W778Vq|*MiRMB4)l5V_4;tDf(O)zkW`DxSn
ReT>!$VK{U8<PLw0^gDBpKt2Ef

literal 1073
zcmZuw>rN9v6#k~S-EOzEw58w$5kzgd)f);Hk+Oxvq##Mv1pHyP+ex$7cI)m|;}hsB
zzzg_WOiCh&{`VDp7vh;+p@JlvnKNg;^UZfI`|J4o4*>VEt{{zZ2@^7IC<tIuEH|UL
zh1&{p$cy7t6oZ(SF(VGM66O@B7?)9yaYwlBO1P&G*8>Uj4CzVTak%Z8R@*6?j$Ui>
zIs@Bbh%A|H(_Ll==JKx?LYh_Q42g=_=9}GCjoU8-m@Znn*=ES*URQSY_j;kJw;P43
zYn$yxQ3S@Tu5P^D&^sQUv@^&{M)NPZQnk9a!PiYeHQ;i`ePiejpA%FnvKVGao~I>k
zrJAAD*9739ibq(Gu&ClOiV~JoJQ2=iEU3s}h`@TyFzQ^zQ>-wI^w~-$nXlQlWee6-
zO)IZ?hGCQ`qJ&k3=&33Rnu;<A@sFnGwOwww3`4n#^N+b!#rnW)jnZPs<nsT+&hS+~
zIxcTf*{!Z%_0gtP*rJNMR9CLIiqtnRjk9hBsUtv5Y6rdgveP+vHNxL@^`>)9q_4b~
zr)DR8z_Ui%vbnGH!h8st=oe6H((q90>)bJIUO%lTb=>XJ1x?Nl#%UbWG`%c2BKkpA
z5EO%9T1V(KN;{)HJaq{6RRD2`)`;h%>f<u5kS(CUDKtd;=OYBRQ^7-oD$_lLHx3Y)
z=|Lh}-XwdL>;pvik(o&;J;e4AJA%4>i1<(6J)0W1$UU7(^pHG{9`#A~knzLz`fNgN
zz*9Q~h3qh`5hNf{dQnoXU;;5L(*L)GI2sthC%U~#$U%gTu_$5G|FYRJ$hdY|lX)+B
jAeF{o52<}fp)UvpzaiRx@}xk5E{s5YMU-*OQ*`|gWS!(_

diff --git a/regression/strings/java_case/test_case.java b/regression/strings/java_case/test_case.java
index ce3a51814c8..309abfc07b9 100644
--- a/regression/strings/java_case/test_case.java
+++ b/regression/strings/java_case/test_case.java
@@ -1,16 +1,12 @@
-public class test_case {
-
-    public static void main(String[] argv) {
-
-	String s = new String("AbcCdE");
-	String l = s.toLowerCase();
-	System.out.println(l);
-	
-	String u = s.toUpperCase();
-	System.out.println(u);
-	assert(l.equals("abccde"));
-	assert(u.equals("ABCCDE"));
-	assert(s.equalsIgnoreCase("ABccDe"));
-	assert(!l.equals("abccde") || !u.equals("ABCCDE"));
-    }
+public class test_case
+{
+   public static void main(/*String[] argv*/)
+   {
+      String s = new String("Ab");
+      String l = s.toLowerCase();
+      String u = s.toUpperCase();
+      assert(!l.equals("ab") ||
+             !u.equals("AB") ||
+             !s.equalsIgnoreCase("aB"));
+   }
 }
diff --git a/regression/strings/java_char_array/test.desc b/regression/strings/java_char_array/test.desc
index 8282b808b84..62cc45997ba 100644
--- a/regression/strings/java_char_array/test.desc
+++ b/regression/strings/java_char_array/test.desc
@@ -1,9 +1,7 @@
 FUTURE
 test_char_array.class
---string-refine
+--refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
-^\[assertion.1\] assertion at file test_char_array.java line 11: SUCCESS$
-^\[assertion.2\] assertion at file test_char_array.java line 12: SUCCESS$
-^\[assertion.3\] assertion at file test_char_array.java line 13: FAILURE$
+^\[.*assertion.1\].* line 9.* FAILURE$
 --
diff --git a/regression/strings/java_char_array/test_char_array.class b/regression/strings/java_char_array/test_char_array.class
index 836942da1346e6bee0164979a451b7eec1a18c9b..38a7ecf41eddf662574382383851643fa631b055 100644
GIT binary patch
delta 310
zcmXwzy-osA5QV?HuzO)yby-n<1QGEUOh|M~HTGyMv@x-{5MqMFSP&WupMlUAD+*sg
zVldGJd*8@L915p6GiPQ_^1V4PcKH4KF#$sMTwF3SvMxDRW|EH+qo7%JamZ+jE^CxD
z>;15vn!D(l=Ixoezch_bOH<Zt^hbw@vd1P{9^35nf5PmpM}?}wZ=0T}b<EvO?Yz-$
zHM@grl^Z;$r^k5|3qsJtA}akLu<DgDk<+Rj9#tY^qQ@ibXA0GcGbCN`&5&f?Zw^U(
z;#|F>zg{I~;fv;k6l@~WV`x0lfH?ay1#(HEredO+MNLX6NXy3({}7?T%qkfSrdBC6
Pi`ZD+iIV-Y7>o2D@ft1Q

delta 474
zcmZvY&rTXq6vlsdhM5ZkSR5ED#XpF)D$r8vlo;DY6IVv43yq0kH4<ZL(Kd#-aN{!&
zc5a$RU!aY#i5lIvZ_tOS9?F8$co*Nf_dDNr&OPVMI=B5_e=l!<S!Ns@GGT@sh8gL=
zXoN6X&6tBtMw4?GXF~J5<*&>ROw}s8!C_Ep1p7OswdTRc{hfEy8;bZ^GpK*624B{L
zt;V+Ig=SJSrI~KE-$y57<SE1`^0M{Eue^#;;<X~tE48|{yIpT8l8@B?PuT6LFltL3
zSZ*(<lVcaf6Pf2X23q2tYg7ssnALtYckO&AT7Ef{H{Z-#Y0JDIRJMO$ozP#rvA+_%
z!ruIezWv9!UMNw2NM^l|C(5*ECxUOd5{^!LzVGZIeG}3*FUtfAQ&tz2pY#bPi7+U9
zmMA_kmWk7lOj49Xn0G>IO-kcw1~gBV+!Um8;vE!Sce1w<JI77Z{%nk;I&KRizNjRT
ImWRQ!d$Bc9_W%F@

diff --git a/regression/strings/java_char_array/test_char_array.java b/regression/strings/java_char_array/test_char_array.java
index 3cfd4000d3a..96e250fb030 100644
--- a/regression/strings/java_char_array/test_char_array.java
+++ b/regression/strings/java_char_array/test_char_array.java
@@ -1,15 +1,13 @@
-public class test_char_array {
-
-    public static void main(String[] argv)
-    {
-        String s = "abc";
-        char [] str = s.toCharArray();
-        int[] test = new int[312];
-        char c = str[2];
-        String t = argv[0];
-        char d = t.charAt(0);
-        assert(str.length == 3);
-        assert(c == 'c');
-        assert(c == d || d < 'a' || d > 'z' );
-    }
+public class test_char_array
+{
+   public static void main(/*String[] argv*/)
+   {
+      String s = "abc";
+      char [] str = s.toCharArray();
+      char c = str[2];
+      char a = s.charAt(0);
+      assert(str.length != 3 ||
+             a != 'a' ||
+             c != 'c');
+   }
 }
diff --git a/regression/strings/java_char_array_init/test.desc b/regression/strings/java_char_array_init/test.desc
index fe5ffae7238..24437881467 100644
--- a/regression/strings/java_char_array_init/test.desc
+++ b/regression/strings/java_char_array_init/test.desc
@@ -1,11 +1,7 @@
 FUTURE
 test_init.class
---string-refine
+--refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
-^\[assertion.1\] assertion at file test_init.java line 16: SUCCESS$
-^\[assertion.2\] assertion at file test_init.java line 17: SUCCESS$
-^\[assertion.3\] assertion at file test_init.java line 18: SUCCESS$
-^\[assertion.4\] assertion at file test_init.java line 20: SUCCESS$
-^\[assertion.5\] assertion at file test_init.java line 21: FAILURE$
+^\[.*assertion.1\].* line 14.* FAILURE$
 --
diff --git a/regression/strings/java_char_array_init/test_init.class b/regression/strings/java_char_array_init/test_init.class
index be3baee56bd4f0a276d7b18454f832685f146dce..ff9c64510dad8e9bdd4cffcca053a0ed768259a6 100644
GIT binary patch
delta 528
zcmYL_OK;Oa6otR>BNIDzaNPjq5nd&wbpnAB3KBvBiAAdtu?SgIMWO~-Az&p4EVlfH
z;#Iq12U|c&fFjti;ur91DrPKEq|rHdM(3V;?tFEAmDYamfBOM+xZ!e$y5y9L!D$U=
z9DL5|>Rg$5&F9NBG%rXlxKy-!(PfE9(%jx!ulc<!e)7B<zjzQoP7_H>*=_%6-U*o%
z1kd8vaXXDigLW@_IUEf<LN02!<Pk9A(dM$iNK%h0EDP+_Bu&R2SLx*UMLl$~<W=@)
zI2vY>YaT0H&)<rcUrLkFAbTn>7nj!ZEn_~vWi;{+#_}6qZ3H5i)Ap(|5o+43!kW6(
z6${07G(~*WLJlh|6^{akBL~ti*s2*G2JUxzJu-vUeq;qnKeB_gAC)x7VBFus*idHX
zy`r#g+Ec9VC+uAoniEQa`;K}mloQH3)S96)!QG*<M`dG*_ftnOiU=$CdBtjs@2dP=
zmAyxmO|`*MrKlqI*_6ylj;TYL;|DQ2MRb@6{R!1wr1c)l{EYqI`rmfi%Es_+>pwVA
HOg{M+MhHx`

literal 1209
zcmZuxOH&g;5dJ2~W|C!rB_TXiPy{6qAPS=LP{9C#@~{e{1stp;jJUYT!tRDD|A9xZ
zaPg>Du_{<%>D{CL9gDJO!&@q;?w;;%db+>v+F$$MegNphtcqH+a<r)k;F=WIqi9D`
zMF%?NF(s|8C}QZ2phtSr95+;GXpP{eJoie`7r`x#eigTIhvP0oyv=Z3;drK9aK}v7
zShmCp16yPW51R$kyU!3zc06YYW$YEfP(5uH#B4FYESzT&Oo6;%78vT1OVew{rjfRc
z!fJZnbIii(ki1wq?-{u_Gse1)=NO<a7$U<t>ma{6Zx@}Mm@s9wDo?oHOBv~r*)-In
zfk8i;S^5X17~&Y#a1Zx69%vZBsD_8gNNY?(0(A_^q_8Yo!#E}w8jcf<9`-%%IJUzO
z5SE5VnA9+Z$8@x8hUif>98WY%W9C#XbIWTY=Mi=(L+>P)GO}MzdTL5qC#!zzdLmC;
z+C{=A%1oJd`YF-m5m~~>5799E>Q1{U;kpD_#Bm~dKE+{66jr_0{-~yCB1!*w)%6U=
zb6=P;a_&_*WwB8-EcXnc+}KbD0r;k26~){u;;!7-|0U2?9MhVyXrX8wR)lLhV&#Zs
z+5)dg0otZTw9uZ`(qc2cK@N$mAebCA$woRgk!GZo&Rww25{L^V!@iTof{VCBHbL1W
z6#4;wboIM3oeJuc*;Ggu*_5JN*;H5xuG`r?1Qt@e2+sIMNZCbbb_YsV3E{HhB}8@*
z-9~L!Of8{e8x?!d7Isnj^T1sK*VPYa-QBUO5~@$2Q(@&R^udsSE72H=)trv|{&xQn
zy4GC2zlB5O*6{<f@qpj>1Zv2ZjfSCuqZ$$7FG>WcXhsEn2{iPg3Ii0$K*u8CH;ChR
zh~qsWKM~8niRUKDQV(SxiyX}ym+4<u_t)1Ql=8~a0Q!BVfmj@|65`w7p^pd!zaV;C
U)ZsK_QU!s^5jnFKzvip|0BZvGvj6}9

diff --git a/regression/strings/java_char_array_init/test_init.java b/regression/strings/java_char_array_init/test_init.java
index 5f4e220844c..b27030b1306 100644
--- a/regression/strings/java_char_array_init/test_init.java
+++ b/regression/strings/java_char_array_init/test_init.java
@@ -1,23 +1,18 @@
 public class test_init {
 
-    public static void main(String[] argv)
-    {
-	char [] str = new char[10];
-	str[0] = 'H';
-	str[1] = 'e';
-	str[2] = 'l';
-	str[3] = 'l';
-	str[4] = 'o';
-	String s = new String(str);
-	String t = new String(str,1,2);
+  public static void main(/*String[] argv*/)
+  {
+     char [] str = new char[10];
+     str[0] = 'H';
+     str[1] = 'e';
+     str[2] = 'l';
+     str[3] = 'l';
+     str[4] = 'o';
+     String s = new String(str);
+     String t = new String(str,1,2);
 
-	System.out.println(s);
-	System.out.println(s.length());
-	assert(s.startsWith("Hello"));
-	assert(s.length() == 10);
-	assert(t.equals("el"));
-	String u = String.valueOf(str,3,2);
-	assert(u.equals("lo"));
-	assert(s.equals("Hello") || !t.equals("el") || !u.equals("lo"));
-    }
+     assert(s.length() != 10 || 
+            !t.equals("el") ||
+            !s.startsWith("Hello"));
+   }
 }
diff --git a/regression/strings/java_char_at/test.desc b/regression/strings/java_char_at/test.desc
index 6f206a0f22f..0226b19529e 100644
--- a/regression/strings/java_char_at/test.desc
+++ b/regression/strings/java_char_at/test.desc
@@ -1,9 +1,7 @@
 FUTURE
 test_char_at.class
---string-refine
+--refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
-^\[assertion.1\] assertion at file test_char_at.java line 11: SUCCESS$
-^\[assertion.2\] assertion at file test_char_at.java line 13: FAILURE$
-^\[assertion.3\] assertion at file test_char_at.java line 15: SUCCESS$
+^\[.*assertion.1\].* line 5.* FAILURE$
 --
diff --git a/regression/strings/java_char_at/test_char_at.class b/regression/strings/java_char_at/test_char_at.class
index 7d1f07fad7d5f729b218f33c4dedc06c27665e76..dc9ed32f19fd772dcb4a065ddb5847d44cf1daf7 100644
GIT binary patch
delta 394
zcmYL@OG`pg6otQYA0EA4O-;)lT4_&%gb*49%_Smi;z*7n_K=9WH0?KtG-=eVaRpvT
zsB!(Ch7p~6p_=Ty_Bnffd-?Ly+WGi?c?D{0IK;_IW}?hG7|g|pF(0Ucr05`n&jp7?
zmL#RYVLhE_c&c-@uP%;MyWiE$!TZ)`k_kcTR9&lTU!C`=4e#>gyeBYKyW^6i?BbGe
zS!QK;Ac|S9d*!t{$Lg}BJjtrd8tcPbu{+!_wr^rO5{Ohj@MvWsG-5*6l%5K@3*GIC
zk9Z6gN$VO3AB9ez`CB~<txz6gG&81;Re!?1BUiCUL{go5;$vjfC;AqEj1ZJO)-JGc
yuqkQoq@JRPFG`ZER=GcZExZZoOl*X6hqNBB%xCO>+Hb4?Vq>^_LHMcg*z^wq)HCA%

literal 951
zcmZuvT~pIQ6g}IfO-NIkwtTc&v><5OTJQ_MTIHkS$V|nDIy%J%CbT;k3=JfyKZX~4
z^I4r~XJiJSeDOyy-Yo<aeaP<S-m~YPd+z=^{(c1DE~+Y$$jg{iFr^}dYhsy}F{2_X
zexkT8mK#Gzz>rZ;5kp=<QNT(vZmK9_R>mAddfN0n?)sL~@t#?pxoPt@16yZ^R;`ZZ
zKV=9Tg*OaR&1rLnMBVD}weHR)cV7!IC3Z}!!!TyNt8beh%{klbY|S-%*XnFl#Km~S
zH(MWGn!5u$X(pKrO0{L5@~aJ}>$doFORyz<?)e+7_olmH`m=&i!w5zh^o!&S+6!*m
zPX4Xq+U-dJyQSea?l6pB#4dL&yUksVth=XS9``k*kY>o71D66DR$SL{1M+e}{s0dt
z_NO=*k2E|+<u7TkHn(}pXBaj9Z$?yfwnPBQSS{2ThCJ@qPD2r6wI&QxeCNbIh7qIi
zFAt4|?{!VvyHMt&cBMeGOPu#rvuVIIo;LR^m$%Q_q^bB_O3-xIF-h+vNiU1(8DR{a
z!l3FHrFD${CTM50M~Z#0F9L{hTBCy?b%6}BbQaK`bXB5#?+~G8D%^)uFUdVbo*W|D
zEcGF;l@-0*gF@d>y?7*j!uVIH`&iED&H<{2h&B7reiV-)LB`1Gy9byGG6VETDHZQw
zcptGKEM$cSvS#VEgG8u^Kqrw|$jC#%3`I(mTY!cY#L=X#cL{Nc(8CBHV?oAcCL@;}
rBlN^s_w$1`fm9la9`t?4(q~BFZ&1%`2382J2tx5iVc3;{q^rLH7FffW

diff --git a/regression/strings/java_char_at/test_char_at.java b/regression/strings/java_char_at/test_char_at.java
index 337c6524099..9ae02733fb8 100644
--- a/regression/strings/java_char_at/test_char_at.java
+++ b/regression/strings/java_char_at/test_char_at.java
@@ -1,17 +1,7 @@
 public class test_char_at {
 
-    public static void main(String[] argv) {
-	String s = new String("Hello World!");
-	char c = s.charAt(4);
-	StringBuilder sb = new StringBuilder(s);
-	sb.setCharAt(5,'-');
-	s = sb.toString();
-
-	if(argv.length==1)
-	    assert(c == 'o');
-	else if(argv.length==2)
-	    assert(c == 'p');
-	else
-	    assert(s.equals("Hello-World!"));
-    }
+  public static void main(/*String[] argv*/) {
+    String s = new String("abc");
+    assert(s.charAt(2)!='c');
+  }
 }
diff --git a/regression/strings/java_code_point/test.desc b/regression/strings/java_code_point/test.desc
index 35ca0cd6f4b..2b94f1fa0c0 100644
--- a/regression/strings/java_code_point/test.desc
+++ b/regression/strings/java_code_point/test.desc
@@ -1,11 +1,7 @@
 FUTURE
 test_code_point.class
---string-refine
-^EXIT=0$
+--refine-strings
+^EXIT=10$
 ^SIGNAL=0$
-^\[assertion.1\] assertion at file test_code_point.java line 5: SUCCESS$
-^\[assertion.2\] assertion at file test_code_point.java line 6: SUCCESS$
-^\[assertion.3\] assertion at file test_code_point.java line 7: SUCCESS$
-^\[assertion.4\] assertion at file test_code_point.java line 8: SUCCESS$
-^\[assertion.5\] assertion at file test_code_point.java line 11: SUCCESS$
+^\[.*assertion.1\].* line 8.* FAILURE$
 --
diff --git a/regression/strings/java_code_point/test_code_point.class b/regression/strings/java_code_point/test_code_point.class
index c257f0633ec65db2643a2b314c4f01928dc14660..f2f5fbad63a60c992bb2f3c9ef2d15fb99700de0 100644
GIT binary patch
delta 482
zcmYL_%}*0S7{-6IU$fnA`B;fIh*%L7w`c_`il9LgPnDAv1D9sS#-OAn?Z(8DG5!T)
zZzLoT51u@z$(lfdCodfRe>A>BVw}To-aPZn^S(3h{m**s_|L%+Q0IO?M8)TVW+K3*
zVxtP$R2K^jF&S`)%LZ2rrVOqc#Ksb9ssRI3G}8gsxUQ*fuQf(WPts)l^>VWHG<m++
z*4&Wr?O!WdOO370FdK4;5m7^KQV+RhFvsnXI|lRIRg_;PZ<5+((s@~X(C@c<=|;En
zsMqWE6oYBIpSIS!FWRlG?nWooEQBm_FWXg9*{C&>{Z!4YVSRXa8pRoT<VTs*l6@tz
z8i&}c-*FySBR9u;_7%OuQtagTk-NuS?Bx_pH61&CPT=k{5j$cndi#`(FRa=*r9Fy=
z3`o-8k1vvJQ5MDoLRY$Z6wz<xV|^wmP?LjskscDVELxKiqhc+he$&*P)r^UJj(-!^
mWpcBIqoJJP9klZa$Nq-?-^@F)sFNHQD_l|{jLRL1^M3)2I7$)#

delta 546
zcmZvZ%}*0S7>A$Pui0*=6c(k#q6i`sDOM=O5B$0V@qj{v16fK#5K;(kyb_~VNyy%~
zkZ|#$2Q^uvBzpIM;6EY8nTA9Xok@N(^UOQ%*L;+({l#CuzyAQLJPHWu^Xbpf&b5F6
zuG@%=lne%V^cgZ_q-11Raw8yXaF!86%4S!Vj0W7KBDuA{I6c}`TAFzgy^1QEQFE;_
z7w@b$*QSQ&1-ZF6s&C9j+fSpF&4y%5``iCEpHp;lK_3<4RFfy7m{&|tRn(YN+-5S#
zi=O^F+*RCTN|28mFXQF<)@oyUduzQJOYSQk@GyBRO38_MmV6Ln$+-1q_Y#7FF7yOj
zPuL5sna|h<TpV#yoX|ZadyMz|EAr<V_fq`-amP=|xJUokJ8nwgo#V%3wLdjm4&B|9
z+(OH5w~5zQwo~%wLVnUIS#)b1B%{^QNxBqu<Eu!f@u_RRLBNh~^E;HjgAUwNijtl}
zp>S&c<gzxrLf2WXHNBb<c2a9k={P_-?{Vxe*ni`BEhEwL=VIj^3k`bpD~qdt0MbKS
Ao&W#<

diff --git a/regression/strings/java_code_point/test_code_point.java b/regression/strings/java_code_point/test_code_point.java
index c27a56f575c..345dc1fa08b 100644
--- a/regression/strings/java_code_point/test_code_point.java
+++ b/regression/strings/java_code_point/test_code_point.java
@@ -1,13 +1,14 @@
-public class test_code_point {
-
-    public static void main(String[] argv) {
-	String s = "!𐤇𐤄𐤋𐤋𐤅"; 
-	assert(s.codePointAt(1) == 67847);
-	assert(s.codePointBefore(3) == 67847);
-	assert(s.codePointCount(1,5) >= 2);
-	assert(s.offsetByCodePoints(1,2) >= 3);
-	StringBuilder sb = new StringBuilder();
-	sb.appendCodePoint(0x10907);
-	assert(s.charAt(1) == sb.charAt(0));
-    }
+public class test_code_point
+{
+   public static void main(/*String[] argv*/)
+   {
+      String s = "!𐤇𐤄𐤋𐤋𐤅";
+      StringBuilder sb = new StringBuilder();
+      sb.appendCodePoint(0x10907);
+      assert(s.codePointAt(1) != 67847 ||
+             s.codePointBefore(3) != 67847 ||
+             s.codePointCount(1,5) < 2 ||
+             s.offsetByCodePoints(1,2) < 3  ||
+             s.charAt(1) != sb.charAt(0));
+   }
 }
diff --git a/regression/strings/java_compare/test.desc b/regression/strings/java_compare/test.desc
index 517b208c3e4..e7444831e77 100644
--- a/regression/strings/java_compare/test.desc
+++ b/regression/strings/java_compare/test.desc
@@ -1,10 +1,7 @@
 FUTURE
 test_compare.class
---string-refine
+--refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
-^\[assertion.1\] assertion at file test_compare.java line 6: SUCCESS$
-^\[assertion.2\] assertion at file test_compare.java line 8: FAILURE$
-^\[assertion.3\] assertion at file test_compare.java line 11: SUCCESS$
-^\[assertion.4\] assertion at file test_compare.java line 12: FAILURE$
+^\[.*assertion.1\].* line 7.* FAILURE$
 --
diff --git a/regression/strings/java_compare/test_compare.class b/regression/strings/java_compare/test_compare.class
index 5616013c523bf345c4c9743a55ef57608353b3f9..67f18914ea60035f71b5a2b6d3fbf28050aa44c4 100644
GIT binary patch
delta 399
zcmYL_J5K^p5QV?HEW69HsH~{?!1pT{H8Cc(T3CS<Hdf|Bh!GLYLTv4g4WXm5v$0VV
zNHo#jKjSaZI7=dCZqCe|nVfSnch;A=^ZE1o4(zh-;xgfoc9@LeFy%7Mj7`SHV!~$D
zWsZ59h1Om!nJ6@M>EcLV9qVGXY_r&U+{z~yQW&}zg7%2x$-rZYWktH8ul06S*Uq*N
z8jW($Jg?UdgP<NLyk@!4JT28PuXG?(D;}$?wKrA1eXDkE9B~C|Bpvce6+t0Fg2VF5
zNLG@g*&gaCTx3Mh>NgcJl7rO(h6K#|M$V7qpD{b6vKw8Z<~{K@tdk!0N62CHIebj1
zD^XFjB;*is6kl3#)HfNMQF+oz4HS0!s*v=ZF0l@_`G6UD!TcxvGZykhF}(fI{#ajg
F{1*XBG<g63

literal 780
zcmZuuQBTuQ6#j18wO!Y_(ZL+zL=bRn0}_oUMq)ImiOImk5fkyj+;ull=vvZt{uo~H
z&1W?kQ4@XlH>vU54k$*G_MUsscg}ae@7y21zkCC58!HwHm^N|6#7rJ}T(wZgH3PF2
zbWF>`bpvx2=5fQo0z+ki$FYbKFAU<xUd(&G=rgb#27TQNyyO9c+E{+cplyVG!BFaW
zf!G=jdLr7E#RLqv7cf*CuRHtvEno9_u)EexA}`pzFB^;9gu4fu{4lLIu*hJpyZ$M;
z)eVP{E1r6iY9bMF^2QAZhddIilFh~?lt=>axpL*M4I4!wv9W}k47KdaM`u2sL{S*o
zXkeMazQ|~xX`_WULpf`E-rE;$@>gmso*{p#WIJS-YW&CDGqSSB<Gt}{Xik(UWz-u!
z&6Xz97qJ(K{<%OJNHQdV8g?*8k5r(iW96E(MmrTux~8>Er#eMOG1oi+`ydN3L93o7
zNh2IoXfI1YQ>#YNca)B!ZhnMzgvnNWgq(Ja!dK|8PGEdb)75rUy+wfXE(088YmBXo
zV7BQ0r%3`tcM*_^lvL3?OxkOtAxG+T5^mxyEZie|FUZ;fRZUVw1==sv4NTEj`-vGD
qsI+?S_)cmKa4N`;U>(8G-a}JALCY>Xvo8sAP>K)bkS?cMYJUJ&teKbq

diff --git a/regression/strings/java_compare/test_compare.java b/regression/strings/java_compare/test_compare.java
index 8c1d4b71a0c..0a535fd0bf3 100644
--- a/regression/strings/java_compare/test_compare.java
+++ b/regression/strings/java_compare/test_compare.java
@@ -1,18 +1,9 @@
-public class test_compare {
-
-    public static void main(String[] argv) {
-	String s1 = "abc";
-	String s2 = "aac";
-	assert(s1.compareTo(s2) == 1);
-
-	assert(s2.compareTo(argv[0]) != -1);
-	
-	String s3 = "abc";
-	assert(s3.hashCode() == s1.hashCode());
-	assert(s3.hashCode() == s2.hashCode());
-			  
-	/*String x = s1.intern();
-	String y = s3.intern();
-	assert(x == y);*/
-    }
+public class test_compare
+{
+   public static void main(/*String[] argv*/)
+   {
+      String s1 = "ab";
+      String s2 = "aa";
+      assert(s1.compareTo(s2) != 1);
+   }
 }
diff --git a/regression/strings/java_concat/test.desc b/regression/strings/java_concat/test.desc
index 8ef2898e0d7..fb784efd723 100644
--- a/regression/strings/java_concat/test.desc
+++ b/regression/strings/java_concat/test.desc
@@ -1,8 +1,8 @@
 FUTURE
 test_concat.class
---string-refine
+--refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
-^\[assertion.1\] assertion at file test_concat.java line 9: SUCCESS$
-^\[assertion.2\] assertion at file test_concat.java line 10: FAILURE$
+^\[.*assertion.1\].* line 10.* SUCCESS$
+^\[.*assertion.2\].* line 11.* FAILURE$
 --
diff --git a/regression/strings/java_concat/test_concat.class b/regression/strings/java_concat/test_concat.class
index a6d4008aa268b84833bf1df2c7b8519a5ef4090a..a69c05921f673cc68295af7dbb43ccd41e10f1a8 100644
GIT binary patch
delta 373
zcmYL^yG{aO6okKBSaw-f1q2jP5WFJ@DzVW*6FS68w4q!GF+rjf#LoB(gw8^F1uY;E
zqrDGc>7%G;O$>kX&txX&OwN3I9z4a5@0T~Az_!UaF`Ze1ITMw*0||q9hm#JZyjU#g
zESi|k<dVrUD>|#4Vkt0o*0yVxWxI85SDST->AW6B)-2MjE4W&%Yl{q7iw$z!xRQ_N
zEjHOw@HgxmJJ+<YE^^1!M!nYV-YQ>rK@=wCtR5~j;nN{%CFmO9E~Wcudw<d+vYgKJ
z(T}pRKE{sw8Sg#8u-o5y#5csO4Dh{=%-+a+l2Db9U<yM}lS&>Y(20sZNZ^%jCcF4J
uk=79z38Vgqq3KL1@*P4F45s-%w;*RbFA(e|UCEHMrJ-8;iuh3xDl@-B(>Emm

delta 390
zcmYLEy-vbV7(Ms)=ay2G6s&-#;4g|;6k*ViIIw||SQo-n2q7YY#t>&;fpl{a7hk{u
z5=nIT0UX_Z3H8<({gUrHIp_Poli%dh>*v!mfE)@cX0XVxq+nSEMZyb71uGt|dST56
z4eJaWDpap>Q$-3}4BNv}Suj#{w@Qp~z#7=i%M;r<w;SCSLz+(<-dBtr4H@hb2#(X&
zU?Qtw5Bn}9Su>~M0C|F7$G*1BuH9>!)kde)91w)+m4DG1TwV0qM{b$C*9`C^zxx3K
zWRBJpw5AIah?VphQt^k%oSvpLW3WRpD#pi93eqEdx6tRLpfiGh3bi(Y|K(5YkK7v?
zvqb)&gjqg03Wfv}{-_T{uAae<dA=_K`o#sAA;J(P+&uuoyfy~?_qses&-4)751I^n
Pof2r^nDE2`Clv8-1$sVP

diff --git a/regression/strings/java_concat/test_concat.java b/regression/strings/java_concat/test_concat.java
index d714ea89538..6bbe753b2e4 100644
--- a/regression/strings/java_concat/test_concat.java
+++ b/regression/strings/java_concat/test_concat.java
@@ -1,12 +1,13 @@
-public class test_concat {
-
-    public static void main(String[] argv) {
-	String s = new String("pi");
-	int i = s.length();
-	String t = new String("ppo");
-	String u = s.concat(t);
-	char c = u.charAt(i);
-	assert(c == 'p');
-	assert(c == 'o');
-    }
+public class test_concat
+{
+   public static void main(/*String[] argv*/)
+   {
+      String s = new String("pi");
+      int i = s.length();
+      String t = new String("ppo");
+      String u = s.concat(t);
+      char c = u.charAt(i);
+      assert(c == 'p');
+      assert(c != 'p');
+   }
 }
diff --git a/regression/strings/java_contains/test.desc b/regression/strings/java_contains/test.desc
index 4e7a3bd4f7d..bb4fadba9d3 100644
--- a/regression/strings/java_contains/test.desc
+++ b/regression/strings/java_contains/test.desc
@@ -1,8 +1,7 @@
 FUTURE
 test_contains.class
---string-refine
+--refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
-^\[assertion.1\] assertion at file test_contains.java line 7: SUCCESS$
-^\[assertion.2\] assertion at file test_contains.java line 8: FAILURE$
+^\[.*assertion.1\].* line 7.* FAILURE$
 --
diff --git a/regression/strings/java_contains/test_contains.class b/regression/strings/java_contains/test_contains.class
index 855ab8283937fc861ae4056ff12dcb2427fd2d8e..9bbccb03775ac6ea7b4ea53619317d2a13ed93aa 100644
GIT binary patch
delta 392
zcmYL^OG`pw5Qd-c=(%`2rXIW4#mcms61H#^1huwSx^a1wkV-^C+O};gu5#0|bp{Fv
zweR2b1B&JoDj4Sa&O7sdnvdqu$M@?SP^ReOv23&Au<By4=8%ctvaX8_n@tx-&$BLD
z<ZSZ&<4Q7C?FG&2^PpP`8tn^N?vF}`aT1EeRd5@W+CisPs`hR!J1s@%w9)j4v#l_6
z7Gut1huuL|9awuF`xFK>b$_QH0hLH=gk&L<Y$e1erOHTD63xN{^{j#T;;mUz5h3*l
zt;?z*v-}jJ?uRCXE53O)!Wxn)6vx;PM5j3Q36XcrWXzblK4B?L(Qe5HHaQVKFP$jr
sODkUxlh)$jo$~B9Bz<>Gbch{(A{=_b`X~K;PxF`<-ia2mG`pGp0sjOq3jhEB

delta 457
zcmY*VOG^S#7(I91&Wt&Z`N*=ghnbIDM4L!*8I)}dLRw8FQVkj+EpyvegcfdEwyr=S
zq4xco7Hy^PPEiDx?{&{T=Y02G{*X)Wlb2Tj8(7!j$E=Du4GA3r<~1y6NcvzP#rs7S
zOFDcUvaDkTX%(xztvxZ4IqvVUNYG#HIH#8t=jzZoaqGm>yDOG01R1Og=h`W{PP0+0
zcG~C727|d<cimR<sMU7QQYI{97)0tR9wl2QrVuc(hHUS%pyW*CQRrvbZPy@+0JCBo
zK$Qq$N06dTU4k;BEN4exj~s{)Ma3I3vObM4)f{?5PbJEwF@%~ejv(#Za>Z5-o}dm8
z%H@a91~A6()ke_Yex}{R|1sAPJdHT1fEabiWKkhgD$>xfO{x*P2|$?eAB%pUFkQud
neQ$aO0Xqa^2y*~cdVnN8L;Vx*mWUFNv&j(rWxnf-XCVFs=fgcY

diff --git a/regression/strings/java_contains/test_contains.java b/regression/strings/java_contains/test_contains.java
index fce2ee63047..6f4c60a1a2e 100644
--- a/regression/strings/java_contains/test_contains.java
+++ b/regression/strings/java_contains/test_contains.java
@@ -1,10 +1,9 @@
-public class test_contains {
-
-    public static void main(String[] argv) {
-	String s = new String("Hello World!");
-	String u = "o W";
-	String t = "W o";
-	assert(s.contains(u));	
-	assert(s.contains(t));
-    }
+public class test_contains
+{
+   public static void main(/*String[] argv*/)
+   {
+      String s = new String("Abc");
+      String u = "bc";
+      assert(!s.contains(u));
+   }
 }
diff --git a/regression/strings/java_delete/test.desc b/regression/strings/java_delete/test.desc
index c6c608c0955..ff41e78b3df 100644
--- a/regression/strings/java_delete/test.desc
+++ b/regression/strings/java_delete/test.desc
@@ -1,8 +1,7 @@
 FUTURE
 test_delete.class
---string-refine
+--refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
-^\[assertion.1\] assertion at file test_delete.java line 11: SUCCESS$
-^\[assertion.2\] assertion at file test_delete.java line 12: FAILURE$
+^\[.*assertion.1\].* line 8.* FAILURE$
 --
diff --git a/regression/strings/java_delete/test_delete.class b/regression/strings/java_delete/test_delete.class
index 6d30024f108aeca8a2d4587aec50ce79b2f35ddf..7036ce13c9036943ef66368d595e31b8ed88ca47 100644
GIT binary patch
delta 431
zcmYL_J1<006otQY?%aFs+&P%J#``_qGsc^mM29FyP>u--3Wb{Az%7JIr$#c9kdP=<
zYCph#P!Ri0f@ZCA_E~%Fwa<rt?Jd22KRf}m%m>udY3TCl4$$<(&>KTv5=+jfKVX1C
z!%#pFD~AI{7&YY2wwAMX>&K<?!D{JfqqK9lD>jD0*;~=c5T2{fL1%HNY{@WYDKc)E
zVA9e+TA>%qBDG909qp-tH)AEtTy&vEq8Hs3eG0GXT=cHjPpu>bm2QnY<>a8mG8Al-
zTbHmBcJo!#Z7d`!=+%mfBu#(PeQDM5HvWj-4xK8A<$S`e;BMwCcq@09E3$>quaLYX
z^+>Q?CG~s~o9dcrGp?Ln`3FxD7@F~AucR=fP+t@cErwPpxBX3>ttEj>Xe-oRVG=ha
WoO{f_?{C=H$3@$Pc%}B**p46foiwBX

literal 1126
zcmaJ=T~8BH5IwhF+iowkwop((DI#tuP!;j3s6YWB0X3<yiVtS#-r(YPx9)CD{3-J2
zi_c<G5=r#k|D<tl3zV<$GIw|O%*>f{&;I%M^A~_Atf)vKt6*3~0NE(6$#X=8>oSbW
za3cl{ITd5b$B@K$6cZ{YQBZJGMYpWJrQ$ZG6x?A*kLaE!T;FtTZ^88R4NDjdY@H!8
zW7?+wm?5a;UNMA9jv*KltEMfUHEJ8eeJR28p{AQQLq>bMx}|^83zlwg7RtVB+M7jL
z*j4uR>W4MG-og`g1=9@CnX0wlUoATgw<?xQ*)8b{&wpnKOZZ|^_T%V9hN16d@A-yl
z8Ny}Y%fhmpp^D>LMwa6)?s4451CEC%a?Ie7g2x<BFsopWV;&`rG<q0f%a+wHB0?Ms
zSY+t$Oqn~7WzlsV8WTT4Ou-VzQ!EqRPQmkyEm8H4rP?ZxlzP1`Y|?c?J42&Wsr}W8
zRM-}RVNhFH$(;k_ZD8rW?#>a10qtCL)OQZ3^=PNt(%>U|l|OsFsF4kv26gUjlQ5ma
z3%X&S+6cWy1?iR$$I}c-U4ksKNAFpilRF~fV?(#R6M(js#T?l%(NVZ$kypuShVV>R
z7>74R2J;*AfsDG2ELlE9{|Za?%X_A$AgDVs6#M9HkWNNtcx)H!y9A=2Vx*NMSKuNp
z(X)hprP3gsulEpmvy0$rJ{4*rT*)iRNE4Atp5By7zKQ7C4r1d?s5^*nqh~zDo9Nm`
zd=K4Jm-u}&{iTzZ(*v#Pqcj%?A&M{(#H9}k5shIODsqTp7917&cP|r)Bk)(6d4M1p
rs<?8v+H`9NAeBb4i3{6MLf;Sy{y@Al>0nRUDU3kZtW@J_i^$M_f=T@R

diff --git a/regression/strings/java_delete/test_delete.java b/regression/strings/java_delete/test_delete.java
index c91b16c5b89..ea846cd215a 100644
--- a/regression/strings/java_delete/test_delete.java
+++ b/regression/strings/java_delete/test_delete.java
@@ -1,15 +1,10 @@
-public class test_delete {
-
-    public static void main(String[] argv) {
-	StringBuilder s = new StringBuilder();
-	s.append("Hello World!");
-	s.delete(4,6);
-	s.deleteCharAt(1);
-
-	String str = s.toString();
-	System.out.println(str);
-	assert(str.equals("HllWorld!"));
-	assert(!str.equals("HllWorld!"));
-
-    }
+public class test_delete
+{
+   public static void main(/*String[] argv*/)
+   {
+      StringBuilder s = new StringBuilder("Abc");
+      s.delete(1,2);
+      String str = s.toString();
+      assert(!str.equals("Ac"));
+   }
 }
diff --git a/regression/strings/java_delete_char_at/test.desc b/regression/strings/java_delete_char_at/test.desc
new file mode 100644
index 00000000000..0314c606e56
--- /dev/null
+++ b/regression/strings/java_delete_char_at/test.desc
@@ -0,0 +1,7 @@
+FUTURE
+test_delete_char_at.class
+--refine-strings
+^EXIT=10$
+^SIGNAL=0$
+^\[.*assertion.1\].* line 9.* FAILURE$
+--
diff --git a/regression/strings/java_delete_char_at/test_delete_char_at.class b/regression/strings/java_delete_char_at/test_delete_char_at.class
new file mode 100644
index 0000000000000000000000000000000000000000..ed3148e2f7e60738b9863b1e47c0d50650b289cc
GIT binary patch
literal 867
zcmaJ<U2hUm5IuMK*kxIS0&TGtwOSRZEmH9#p)n$AVnltw*w`0x*}bV-x4XEz_+RWF
z@L5f0ViSG$KWUu1l%lEeW#-<QbI+Waxj%k={RW_kyE?Kct2nPiL0Q8E=`TvNBF&`~
zGPtZ^RmT-vRdG#6TEZ(js;H@0V<@chAP|0Ndv5U14*0+k76aR1NN(A#9o}PzRjRKT
z;vLTt4B4*jisz&Kf$(2SFeUc6?J{I~AvfPX<HIOSl2lx0(6&tHm`3k;Bi|H{ZTYAa
ziXiM;!V#h9n{T+^=i$a4f6oo%QD9h<=eon)-Fh$dZFl#<$aXB@lbZIxG_Z~h19jXm
z(7>jF9Of95wn;S&+(eTK%m~`k1|RvpM+}93)K+oJz-`=N$ju(U80-l%{3|pOL&M?2
zp>SzZ>y_^8!6e(No(dhSZ!s8?o;%cXo2Zv7PyUD2LT_5JSUC+OzNC0J;!eOY|EG|N
z@>Z4Bn4QV%IJ9eq1xp0BFRYWf(B{GsC1}w*SfMYIrO(B3B{^0)#lYlJ$QJ2VCeO$x
zYKLH-BoOmtlTnZ%g@qHSM_*8(+~yIK*N2Ebt>xomB(`g0liRg1)b3|!2Pm%PQ)B2K
zkUm11fW~*pt3<p@#7xDYk<UV<n1&^)(twUd%A~=5qM@Rs;%t<f>TE`WfVq5Tj57yN
a;~x=^eStRPo@$mn2`I*W+1a_M^zv`0>bRr;

literal 0
HcmV?d00001

diff --git a/regression/strings/java_delete_char_at/test_delete_char_at.java b/regression/strings/java_delete_char_at/test_delete_char_at.java
new file mode 100644
index 00000000000..5f2c995b56b
--- /dev/null
+++ b/regression/strings/java_delete_char_at/test_delete_char_at.java
@@ -0,0 +1,11 @@
+public class test_delete_char_at
+{
+   public static void main(/*String[] argv*/)
+   {
+      StringBuilder s = new StringBuilder();
+      s.append("Abc");
+      s.deleteCharAt(1);
+      String str = s.toString();
+      assert(!str.equals("Ac"));
+   }
+}
diff --git a/regression/strings/java_easychair/easychair.class b/regression/strings/java_easychair/easychair.class
index e47900cc0b20ba70177dddd97c472c178867b054..e6c5f66c42df9f28db774c6eb3ab463dd03b134c 100644
GIT binary patch
delta 108
zcmeC-?B?V+^>5cc1_lO`jU3mREm;}Z7}yyE88{fE7`Pb}8F(1f82A|U7z7wB7=##{
z7(^LD7{nOj7{nQ}7^E5M7-Sgg8RQsx85Ac=u$XX}Ffam5Vqg#ynjFre!OP>o2oz8P
J3NSG!0|3Hx4oCn1

delta 109
zcmeC??BV1%^>5cc1_lP>jU3mREm;`Y7+4tufus}zCxapb7lRrD4}%^9AA<#h0D}{Q
zFhdA~2tyo$C_@%dMID1QLp_5mLob8EWC<1%Zc_$Eph*l2Lc$D_!&o$Uc^w#mB1%9J
HCI)2y$e#`}

diff --git a/regression/strings/java_easychair/easychair.java b/regression/strings/java_easychair/easychair.java
index 55ca2a31bb3..caed962fb46 100644
--- a/regression/strings/java_easychair/easychair.java
+++ b/regression/strings/java_easychair/easychair.java
@@ -1,34 +1,34 @@
-public class easychair {
+public class easychair
+{
+   public static void main(String[] argv)
+   {
+      if(argv.length > 1)
+      {
+         String str = new String(argv[1]);
+         if(str.length() < 40)
+         {
+            // containing "/" and containing "EasyChair"
+            int lastSlash = str.lastIndexOf('/');
+            if(lastSlash < 0) return ;
 
-    public static void main(String[] argv) {
-	if(argv.length > 1){
-	    String str = new String(argv[1]);
-	    if(str.length() < 40){
-
-		// containing "/" and containing "EasyChair"
-		int lastSlash = str.lastIndexOf('/');
-		if(lastSlash < 0) return ;
-		
-		String rest = str.substring(lastSlash + 1);
-		// warning: removed this because contains is not efficient at the moment
-		if(! rest.contains("EasyChair")) return ;
-		// (2) Check that str starts with "http://"
-		if(! str.startsWith("http://")) return ;
-		// (3) Take the string between "http://" and the last "/".
-		// if it starts with "www." strip the "www." off
-		String t = str.substring("http://".length(),lastSlash - "http://".length());
-		if(t.startsWith("www."))
-		    t = t.substring("www.".length());
-		
-		//
-		//(4) Check that after stripping we have either "live.com"
-		// or "google.com"
-		if(!t.equals("live.com") && !t.equals("google.com"))
-		    return ;
-		// s survived all checks
-		assert(false); //return true;
-	    }
-	}
-    }
+            String rest = str.substring(lastSlash + 1);
+            // warning: removed this because contains is not efficient at the moment
+            if(! rest.contains("EasyChair")) return ;
+            // (2) Check that str starts with "http://"
+            if(! str.startsWith("http://")) return ;
+            // (3) Take the string between "http://" and the last "/".
+            // if it starts with "www." strip the "www." off
+            String t = str.substring("http://".length(),lastSlash - "http://".length());
+            if(t.startsWith("www."))
+            t = t.substring("www.".length());
 
+            //(4) Check that after stripping we have either "live.com"
+            // or "google.com"
+            if(!t.equals("live.com") && !t.equals("google.com"))
+               return ;
+            // s survived all checks
+            assert(false); //return true;
+         }
+      }
+   }
 }
diff --git a/regression/strings/java_easychair/test.desc b/regression/strings/java_easychair/test.desc
index 8680af72c5a..14418a7798e 100644
--- a/regression/strings/java_easychair/test.desc
+++ b/regression/strings/java_easychair/test.desc
@@ -1,7 +1,7 @@
-FUTURE
+THOROUGH
 easychair.class
---string-refine
+--refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
-^\[assertion.1\] assertion at file easychair.java line 29: FAILURE$
+^\[.*assertion.1\].* line 30.* FAILURE$
 --
diff --git a/regression/strings/java_empty/test.desc b/regression/strings/java_empty/test.desc
index cab514b80b5..44e8e1346a9 100644
--- a/regression/strings/java_empty/test.desc
+++ b/regression/strings/java_empty/test.desc
@@ -1,8 +1,7 @@
 FUTURE
 test_empty.class
---string-refine
+--refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
-^\[assertion.1\] assertion at file test_empty.java line 4: SUCCESS$
-^\[assertion.2\] assertion at file test_empty.java line 5: FAILURE$
+^\[.*assertion.1\].* line 6.* FAILURE$
 --
diff --git a/regression/strings/java_empty/test_empty.class b/regression/strings/java_empty/test_empty.class
index f0ced290ee36f38aa83f6b0d1a25161f3594a364..147a2b628fe75ae1487deed1d827639b1d4b3295 100644
GIT binary patch
delta 337
zcmYL^Jxjw-6o#LhubZYxZBnhNTCG(<g5Z+T!OfvK>Ea?p(M1ObcYj0ZWWiY+RcOJ2
z?*1BofQTm-tjl}Pd3it1eQ>AF?&r_jJCL&#P^0a$SVNNrbXd|X2e`B~D*;_rHEU%)
zh@+$1;{58cxH&G)t}isb@@c0P5-A7?s0$OaPQU!hyp51e`oo^u9$u=wJ1rfcnrWqz
z$wrAM5^TuUl~+P=vkB_C5;7;~8B&S0Ig=h>8Mc#HgBR=(NjAp0r#{6!nc#g?cFWis
z(ju9H-YKbkE|%3teUoYunOd{d++;$W=rR5X?L6Yxuh{=-f5%iIE>^f-ojh;K7JdP7
CE+hE>

delta 433
zcmZXQOG^TA6vcn@a&#Qc#z&S~(_1aDs8&I=&sIhdt)>T3nM6pdpbyYW+6k>&SD=tk
zdp}Y{bY~!2#D#m$|8P0y{BK`>G}Z^-Z|}ewWebaJnDGc<CM<H~{Z=rUv<Q(knX+)1
zHkoNxcFLLJVfEa*@hT0kS+CSu*JsW8W@%p`R%?037rWloo_EwZHJNSSFXv*!6*Sj%
zZKBvh+RQO;v%q3|P!1JsN`gL%d0m7q6;j30fAt4f*}4l$N>CD6Ur3OKSQ3{$BCmo>
zMW#{ip*;JGB&3G|QX#@9j$nWF1XT)F9ku#`)*-#rMekyCi1rB`^e{gH-VuIC-U{pM
zs)4S9E?AS&<x~bM;*=C7g8D_yB$bj|ribY^f*9Z=33rKfF!d*N?G^1$@;9n4W1z;i
K{SRdV$FUzy`#n<t

diff --git a/regression/strings/java_empty/test_empty.java b/regression/strings/java_empty/test_empty.java
index 2465fb16e41..18fde4a115e 100644
--- a/regression/strings/java_empty/test_empty.java
+++ b/regression/strings/java_empty/test_empty.java
@@ -1,7 +1,8 @@
-public class test_empty {
-    public static void main(String[] argv) {
-	String empty = "   ";
-	assert(empty.trim().isEmpty());
-	assert(empty.isEmpty());
-    }
+public class test_empty
+{
+   public static void main(/*String[] argv*/)
+   {
+      String empty = "";
+      assert(!empty.isEmpty());
+   }
 }
diff --git a/regression/strings/java_endswith/test.desc b/regression/strings/java_endswith/test.desc
new file mode 100644
index 00000000000..285e6ee103c
--- /dev/null
+++ b/regression/strings/java_endswith/test.desc
@@ -0,0 +1,7 @@
+FUTURE
+test_endswith.class
+--refine-strings
+^EXIT=10$
+^SIGNAL=0$
+^\[.*assertion.1\].* line 7.* FAILURE$
+--
diff --git a/regression/strings/java_endswith/test_endswith.class b/regression/strings/java_endswith/test_endswith.class
new file mode 100644
index 0000000000000000000000000000000000000000..e3d453c444f4c7dce39962d72b8d7b7035fe7911
GIT binary patch
literal 666
zcmZ`%O;6iE5Pjn~w&NHQoC2W*T1pBbNO0j+R25NrX=o2YRN+!N_KGeIPGxV}-vWPt
zGawPENc7(S)QVXb5^+FU?at1}dv9j<&%a+c05-7d!o!S>rw*REFfi+2t^gPF`tsby
z3m1-#FSvM#MH@9jr52>ANR;fw={uPQovw%obU?5+Wh~VjLax5DPcXN8ksy?sG8P~E
z#~qRE>0}NZ2Qns%wNwy(+YP>FZq`6>HpA{6hTH1(lTf^uy24i?RbNCLr9Y+mx^@)&
z2t1TfCX}_k-VNfz^_EIxe8})yoiNhjR|G>_V;J|agk?f?l)ZJ|#7>g*5?1qo!baW0
z3K|axK6Q>ns0fqw<_PCM>ucSxqXm9ufsdr{h)Scv?Jm!eFcpbZCL$W@;i;%T2Y84F
zSm3wt_@$^^)orkq1EZkK`vl+S_#{5_jRELfC&K65%AAA(D#O$^ml_<aUBhVmxdF@%
ze!h7D>lBs7>J{u06tCg52Ppj3NJfU_!(=<pGAtHgW0C*E6ZRBAfAxo$<i)P3A<afc
h4NUm%6^f^@%`=#}OIRb!dvzKo55s$_dzj8BtGCX>fW-g+

literal 0
HcmV?d00001

diff --git a/regression/strings/java_endswith/test_endswith.java b/regression/strings/java_endswith/test_endswith.java
new file mode 100644
index 00000000000..fabf6f8dde0
--- /dev/null
+++ b/regression/strings/java_endswith/test_endswith.java
@@ -0,0 +1,9 @@
+public class test_endswith
+{
+   public static void main(/*String[] argv*/)
+   {
+      String s = new String("Abcd");
+      String suff = "cd";
+      assert(!s.endsWith(suff));
+   }
+}
diff --git a/regression/strings/java_equal/test.desc b/regression/strings/java_equal/test.desc
index d66c30b26fe..bb61dcea8ed 100644
--- a/regression/strings/java_equal/test.desc
+++ b/regression/strings/java_equal/test.desc
@@ -1,8 +1,7 @@
 FUTURE
 test_equal.class
---string-refine
+--refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
-^\[assertion.1\] assertion at file test_equal.java line 7: FAILURE$
-^\[assertion.2\] assertion at file test_equal.java line 8: SUCCESS$
+^\[.*assertion.1\].* line 8.* FAILURE$
 --
diff --git a/regression/strings/java_equal/test_equal.class b/regression/strings/java_equal/test_equal.class
index 26ee19e6cb16d81855e5204569a842332489e8e1..e0fc6db8aaf91eb799f5e02cfdd3194a232479f1 100644
GIT binary patch
delta 72
zcmcb{dX<&q)W2Q(7#J8#HgbeBiLx?qF|aX+Ft9U-GjK5IGH^0DGjL5VVN&8UVPFKR
ZVqg#yn!J!ngO|sF5hx%56kuYI1ON?o3Zwu4

delta 73
zcmcc0dX1Ii)W2Q(7#J9gH*$nCiLx+oF|aa-Ft9O*Gq5x0GH@_BGjL8WVN&8YWncuV
aVqg#wW|+KyNrRWyfe|Po0Tf|kkOTk~K?<P&

diff --git a/regression/strings/java_equal/test_equal.java b/regression/strings/java_equal/test_equal.java
index 151162a106d..e8c9ac7cb1a 100644
--- a/regression/strings/java_equal/test_equal.java
+++ b/regression/strings/java_equal/test_equal.java
@@ -1,10 +1,9 @@
-public class test_equal {
-
-    public static void main(String[] argv) {
-	String s = new String("pi");
-	String t = new String("po");
-	String u = "po";
-	assert(s.equals(t));
-	assert(t.equals(u));
-    }
+public class test_equal
+{
+   public static void main(String[] argv)
+   {
+      String s = new String("pi");
+      String t = new String("po");
+      assert(!s.equals(t));
+   }
 }
diff --git a/regression/strings/java_float/test.desc b/regression/strings/java_float/test.desc
index 955f0358eab..31404ae5e08 100644
--- a/regression/strings/java_float/test.desc
+++ b/regression/strings/java_float/test.desc
@@ -1,10 +1,7 @@
 FUTURE
 test_float.class
---string-refine
+--refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
-^\[assertion.1\] assertion at file test_float.java line 14: SUCCESS$
-^\[assertion.2\] assertion at file test_float.java line 15: SUCCESS$
-^\[assertion.3\] assertion at file test_float.java line 16: SUCCESS$
-^\[assertion.4\] assertion at file test_float.java line 17: FAILURE$
+^\[.*assertion.1\].* line 15.* FAILURE$
 --
diff --git a/regression/strings/java_float/test_float.class b/regression/strings/java_float/test_float.class
index 356d0e1787199536642df746eb1547fae54275f1..00e8622e2ac6a2341fb02487fba698f9df054765 100644
GIT binary patch
delta 261
zcmX@k@tvLH)W2Q(7#J8#CUO|@aWH6eFzB!|=yEaeGAK;+xIfv6QCw0YE3qt5KPNFS
zUEi^|IJKxGGe6I@s3^Z^b2wuUBNxLl1||k}pb-g^-!fU$Yf7>Sac*Pan#mw9$s)uJ
zW{FC&3h{th+`AcgBeyf~?cWI0z{DU9B+Y<!F)*+)Ff*_LAv*&n0|x^?kQ8O$VvuIw
zVNeFjYcudM7z0HE83Y)@fpk2BAcGW8mjnaje;|jQok5z3iHV&-hFuPb8DxM`91OBR
gBN!RPfNT>W4FZBflZ99`czGNcfdX<s0VW1{0De*@)c^nh

delta 354
zcmZvXu}T9$5Qe|qyJR<axl6oo9`V!&R&u5>2x1|YiVq;xf{-SajacLbY(lEL7l>^P
zL{QLDu=N3a0&6>UBoUkJE;GZ-|9`vtX<n>-{d#x;Is>~C8Zr-`4a>HrJve$F9;h_7
z$GwYguX}l=sI>p;$*H<go{G^JvEL3q^j<%1mZQoPufTuAKf9;;e1|QFn{E^=?3bc&
zL4Rw`$!X1<xiDth{GUCRi#3VFeL{(S7l#sM*%f(J4NELlDqq^9N=86OgeNjNr_MD?
zjA*bT))e<!2F8$TtqrTQ14)tzW=%kfWfAU5{#{Xn+LU^MaYwk$1UqK<<|ILIs6?_Z
H5>4v|(Q-S8

diff --git a/regression/strings/java_float/test_float.java b/regression/strings/java_float/test_float.java
index e59c631d91e..312f1aeaf10 100644
--- a/regression/strings/java_float/test_float.java
+++ b/regression/strings/java_float/test_float.java
@@ -1,20 +1,17 @@
-public class test_float {
-
-    public static void main(String[] arg) {
-	float inf = 100.0f / 0.0f;
-	float minus_inf = -100.0f / 0.0f;
-	float nan = 0.0f / 0.0f;
-	String inf_string = Float.toString(inf);
-	String mininf_string = Float.toString(minus_inf);
-	String nan_string = Float.toString(nan);
-	//String arg1 = arg[0];
-	System.out.println(nan_string);
-	System.out.println(inf_string);
-	System.out.println(mininf_string);
-	assert(nan_string.equals("NaN"));
-	assert(inf_string.equals("Infinity"));
-	assert(mininf_string.equals("-Infinity"));
-	assert(!nan_string.equals("NaN") || !inf_string.equals("Infinity")
-	       || !mininf_string.equals("-Infinity"));
-    }
+public class test_float
+{
+   public static void main(/*String[] arg*/)
+   {
+      float inf = 100.0f / 0.0f;
+      float minus_inf = -100.0f / 0.0f;
+      float nan = 0.0f / 0.0f;
+      String inf_string = Float.toString(inf);
+      String mininf_string = Float.toString(minus_inf);
+      String nan_string = Float.toString(nan);
+      System.out.println(nan_string);
+      System.out.println(inf_string);
+      System.out.println(mininf_string);
+      assert(!nan_string.equals("NaN") || !inf_string.equals("Infinity")
+             || !mininf_string.equals("-Infinity"));
+   }
 }
diff --git a/regression/strings/java_hash_code/test.desc b/regression/strings/java_hash_code/test.desc
new file mode 100644
index 00000000000..4f786d42f80
--- /dev/null
+++ b/regression/strings/java_hash_code/test.desc
@@ -0,0 +1,7 @@
+FUTURE
+test_hash_code.class
+--refine-strings
+^EXIT=10$
+^SIGNAL=0$
+^\[.*assertion.1\].* line 7.* FAILURE$
+--
diff --git a/regression/strings/java_hash_code/test_hash_code.class b/regression/strings/java_hash_code/test_hash_code.class
new file mode 100644
index 0000000000000000000000000000000000000000..d9b3e2b2f3de9b4d49d84348b75a7e50690e3cc1
GIT binary patch
literal 602
zcmY*W%TC)s6g}6EOmGYY2SR8|c_SVYY*?ZS#6v=*Wf5AbY|z9R!9Z}3?eH<I*s%sA
zkf;QE{t3h#1BuXhUiaQ}?m6S9m-`0*OPKc1g>oK)T@a{v7{V8UuO3{K1-^M0#&>}c
zLTOSaiHcL*jFNSo$XY|y3A9JZE$c|9KM3~B>|cVj)~qW+@3xNA@7768#k;1M6DLwf
zgzjo8!{cA_Gz$xi67tJo<DJ8+Hd}G1Hnl;NQkA6phcY?b51Dk~NS;X_KDr5(toiUz
zV7!kpj1wv*yV#J?!Q$$N(v3K7#)O{FJOUFwCNV`Qb}&1&BNe8fLe(_Z(E-ad3f^3?
z#Vz*Mfvq+8SqSC2N_4F1?apj6ZE=DDd#q3JBLh^d7|ndLLB<EKJ$xJHop^WW?m$<j
z5WT$SvLG?E*e?A8iw7_oSU&@6`x^E+%5%4H=6PPA@E`8KJLDb>i<PkiaQN(U%N!5>
zm&l`!BL&biMg#)>I8<u4SjyT0eSx?|{v5)&gk#^p?r?r6GdwOVf5qtU&sq+=0-5k{
AD*ylh

literal 0
HcmV?d00001

diff --git a/regression/strings/java_hash_code/test_hash_code.java b/regression/strings/java_hash_code/test_hash_code.java
new file mode 100644
index 00000000000..fbc15f0b4c2
--- /dev/null
+++ b/regression/strings/java_hash_code/test_hash_code.java
@@ -0,0 +1,9 @@
+public class test_hash_code
+{
+   public static void main(/*String[] argv*/)
+   {
+      String s1 = "ab";
+      String s2 = "ab";
+      assert(s1.hashCode() != s2.hashCode());
+   }
+}
diff --git a/regression/strings/java_index_of/test.desc b/regression/strings/java_index_of/test.desc
index daa6c32493b..28a0809f441 100644
--- a/regression/strings/java_index_of/test.desc
+++ b/regression/strings/java_index_of/test.desc
@@ -1,16 +1,7 @@
 FUTURE
 test_index_of.class
---string-refine
+--refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
-^\[assertion.1\] assertion at file test_index_of.java line 13: SUCCESS$
-^\[assertion.2\] assertion at file test_index_of.java line 14: FAILURE$
-^\[assertion.3\] assertion at file test_index_of.java line 17: SUCCESS$
-^\[assertion.4\] assertion at file test_index_of.java line 18: FAILURE$
-^\[assertion.5\] assertion at file test_index_of.java line 21: SUCCESS$
-^\[assertion.6\] assertion at file test_index_of.java line 22: FAILURE$
-^\[assertion.7\] assertion at file test_index_of.java line 25: SUCCESS$
-^\[assertion.8\] assertion at file test_index_of.java line 26: FAILURE$
-^\[assertion.9\] assertion at file test_index_of.java line 28: SUCCESS$
-^\[assertion.10\] assertion at file test_index_of.java line 29: SUCCESS$
+^\[.*assertion.1\].* line 8.* FAILURE$
 --
diff --git a/regression/strings/java_index_of/test_index_of.class b/regression/strings/java_index_of/test_index_of.class
index 8b3b7525f1a39da925f03e97b1803fa5b624b58a..cae397a79fb81b3543a6616e973fafdf8c8b03c6 100644
GIT binary patch
delta 387
zcmYL^OG^S#6vuye9?m$9rBnGxO?!tCLbwfTn?;M-)NW>wz$6N!Z6BbOxO3I6bp;9q
zwP+Ev?z^;;&IlRza?ZVf{*QCM?H^<NYxMF4)Y))w$lBy=@(%M9;@A`|N)9oy77Gq#
zDi({~MkAd(?)c%wp?`Ja2koZCQum`)NHV3+_kvKN1)+d0%dEI0aC<eim0xvPV_lJI
z`8R&8?O&ePj)GP*?DXzbx%a8|Z*3U?R4Nx~<fWq!SE<wTD@j+<&FT>K7!gTHjg3J?
zob-fxh9+XDcv{2L52~93jGZUUKB=N{PvVu>=@9EZa?!>v8BDIlTVydgmgL*Aa2!u4
uE^0*CVn(hKe0CC4ABRKQvj@ccSjGc}{*3wW{5M}@WTLsd(H3*#;LI=X>@Jr8

literal 1108
zcmZuwOHUI~6#i~IGj}>|X=y2s+6pLYAH1|sUr02lu?ffmqY)EvXa^h|I%Z}tCjJTC
z7{kWyT<AtkN}>tshJ`=DAK_0>&mAb0z%0(W_q*RY_nhzC`T6I|Hh>Z?Xo%ssihd0P
z7!>A&Feil>QgKT7)54qyA&MMFUPBniISLwz80HvZNDk?)YdD^1*WK%;t1nwdje#vP
zC{t$L^rjhtx%^!QX~wP@46#|WZrt8jUpAaOf=mbNx>;xF&OMl2)1T>MmR?^STkssS
zzIs^%Mi)H2`eaUj>hn29ImQ^&sj9V?Ut6#@oT_ot6xkA<;d)DEy=FXLvR6h$#t0Hf
zGDL0}mSqpzvmL88NI4=H$Jq$Z2{Vq8Sd|z8mMyjuVoN5DPKMrgUDsO8-f$e-q2dl)
z$1xc}8Rr?|?U4E9HKXd0Qb+W6fVkT;1NW<+Um<C7m3)OEZ0W975iJQ&&Q*Lgl{-Q&
zV#nH7&rqOC($);ubd1`5@uaA?K?gLMMGVqxWAq+ayjQeKs~|{6B*}KsE=!(~mkV29
z9|aL9vWgEfgwTy1S`(FhpwJNco<v|aZeJ;8ng~u8<8~8LSt@4KCgig0d!?)t6TAtv
z%zYm!tA%Z;f&3?En}}!mTZF$Ne18j(Z$7k><qiC3L4|F(ff4^8k&@zv*lz^bz^gW2
zY4hd7{KqK*8_?T)+7<o$ohju|`iq1$P-?OFc${iFSafGf{T~zJ1$^-yl4O8Ha>*p5
zf(SSXs3Jr14MD>&{bv(|UZUB|p#zU-GAlHj7c`fb#C%Oz-jnd((Tg4Q;TO{QjSLGQ
z%ev7|D9CDmDLBN@$B|~cACO3QrMvo)$s}EOY=6j;{xs<{iD(lYo8ZzrNWst0+C{e}
RE|SX#M6Zf>k@0)V{sT&*+!Fu*

diff --git a/regression/strings/java_index_of/test_index_of.java b/regression/strings/java_index_of/test_index_of.java
index bbe06d279ec..b607ba79570 100644
--- a/regression/strings/java_index_of/test_index_of.java
+++ b/regression/strings/java_index_of/test_index_of.java
@@ -1,32 +1,10 @@
-public class test_index_of {
-
-    public static void main(String[] argv) {
-	String s = "Hello World!"; 
-	char c = 'o';
-	int i = s.indexOf(c);
-	int j = s.lastIndexOf('o');
-	int k = s.indexOf(c,5);
-	int l = s.lastIndexOf(c,5);
-	int m = s.indexOf("lo");
-	int n = s.lastIndexOf("lo");
-	if(argv.length == 1){
-	    assert(i == 4);
-	    assert(i != 4);
-	}
-	else if(argv.length == 2){
-	    assert(j == 7);	
-	    assert(j != 7);
-	}
-	else if(argv.length == 3){
-	    assert(k == 7);
-	    assert(k != 7);
-	}
-	else if(argv.length == 4){
-	    assert(l == 4);
-	    assert(l != 4);
-	} else {
-	    assert(m != 2);
-	    assert(n != 2);
-	}
-    }
+public class test_index_of
+{
+   public static void main(/*String[] argv*/)
+   {
+      String s = "Abc";
+      String bc = "bc";
+      int i = s.indexOf(bc);
+      assert(i != 1);
+   }
 }
diff --git a/regression/strings/java_index_of_char/test.desc b/regression/strings/java_index_of_char/test.desc
new file mode 100644
index 00000000000..30d179cbaaa
--- /dev/null
+++ b/regression/strings/java_index_of_char/test.desc
@@ -0,0 +1,7 @@
+FUTURE
+test_index_of_char.class
+--refine-strings
+^EXIT=10$
+^SIGNAL=0$
+^\[.*assertion.1\].* line 8.* FAILURE$
+--
diff --git a/regression/strings/java_index_of_char/test_index_of_char.class b/regression/strings/java_index_of_char/test_index_of_char.class
new file mode 100644
index 0000000000000000000000000000000000000000..bf4fa6e946eca6e5f9872d09a06a2f839b17d288
GIT binary patch
literal 614
zcmZWmO;6iE5Pg%_*<egD0Yb`011&|s0WKU<1foSk{os(Q0xr?UUg$!w(b_@$7Eata
zLnV+vYVZ9~sIyi{R8=eO$IQI<=FR?odiV)o4GSIyP%UG^Lk%wnATTK~<-tW&VA{hB
zUJ29*qw_LNmC1Axr|)$t+Z`1V=zvga=vZg#gyQ1TH-fX3M2ax{Nyq9-_q46dS6j@9
zQ>kOZP&1R^$!B?%hXrN{<wn@~%i%SXt_jt)wup&LrCCeIk-BIlhpq6tG%LsQT>9`a
z#Cn_Uknuj|@Y;umK|;-@S35F3THSnZ_k%HsAyob+6L{le9&ZUjAGg~+R$=x}sF@iZ
z9}z^}%I+b1S=?FLVUvB>R)^<9s75N)Mnye!cAIrM!NWP=Mg>nBprB^^<y#SC&G7z$
zUo(6XpYHNK=*AXenD<g1B!&jP(mfOy49r#vAA_*5JavcSyIVMy2&UaD3_il$zenkp
zWhvw=RsK_^W>krnVA(S2%sIkQ5A=k(K!x}>FxpdD%awtVinv4h62iHLQ~Uv^Py5`Q
PrEyX4H>`!RTy^{pE-iAY

literal 0
HcmV?d00001

diff --git a/regression/strings/java_index_of_char/test_index_of_char.java b/regression/strings/java_index_of_char/test_index_of_char.java
new file mode 100644
index 00000000000..92d75b3b07d
--- /dev/null
+++ b/regression/strings/java_index_of_char/test_index_of_char.java
@@ -0,0 +1,10 @@
+public class test_index_of_char
+{
+   public static void main(/*String[] argv*/)
+   {
+      String s = "Abc";
+      char c = 'c';
+      int i = s.indexOf(c);
+      assert(i != 2);
+   }
+}
diff --git a/regression/strings/java_insert/test_insert.class b/regression/strings/java_insert/test_insert.class
deleted file mode 100644
index 5fa0f4250618e78cf024e8037a9213b4fe087127..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 1318
zcmah|TTc^F5dKct?J3I^N=t!?C@4ycN(BU!R^+bbt|c1q!7S|wENolcZcPl2`X}TM
z_$($%B8k5HZ~O!5oE9jzNR!UY&U|w@-<k94&-Why2C%H51>Gvy^0&hg^&zG~L5~!7
zq_``^Jt=y9h)aE6ioRO(V?e_L4AvryAs-%Uc!b9s!x}>9=16Er;t9tHL#WFr7KQDY
zg?w?+EE;Q;$TF~125-{Ln+`#0qOn&D%0wY67#ilxyjUpZ)`Yz*!4$|DW}cxr`ets^
zcyGilBflO`JGPl$Psl`n+A%U)^Tu`=&+(Lw!ZFI=OJ=OY7FxPcvNK}Zlm!EhC^~P=
zyd0}nmeg?tZ451E%a4~#D=TaUbwgNILBhs#jAKHINhzkJn5H8bYZ+-i)A1ZBju{=Z
znB$n&u^@9=5g{rz1i>7;B>MUX;`FDQG^mb6EHSiJyN?|)Hf7rdYF~F^V2&3$ULsA$
zs3t6~ZHkOT9WJ2g6tF@YLpXXdm);614DHcWDs~QYNJyd_pSUDGb4h&lfAQXE>Rk84
z{}Oyo;plKp(epqW`2=6-4@F1h=-LV;Vl7<hWESE}v{Vk25k`&@LS=$ayBYYl1X;9^
zUh%GESj97JR_-DZqYZDU-q3_a&w!RVD~hHqvd1?}yX%xFKyP3bo%EVo=rOWDtK1l}
zYQW@flDtY^?W7rLwPzpfs|1n@@RpqnwYY}sWJ~C8dZ#|pp8`9{CV0jI@gYSSQV*c4
z1l4_bhrJQ6+UA14CLLB>_@vR{qPFZ%U1-t>*16EhaN!^3d#I0a7Y%y|>>?cD!A2Ls
zUDO>Qw6c$;pQrqvtA07Dr#$Hh8pu}YSSmQpT}QH>=8VwnozT!jo_^>^z>i6a%o0A0
z0JhMGj|ifJvRmN!OAgM_$rQ#oZgAX`ZXddinHnrp0t7<{yJ+48SH3{0`G!Dsm?PR`
QQ57Els3i9meRy#D9{|H4+W-In

diff --git a/regression/strings/java_insert/test_insert.java b/regression/strings/java_insert/test_insert.java
deleted file mode 100644
index 6871a51716c..00000000000
--- a/regression/strings/java_insert/test_insert.java
+++ /dev/null
@@ -1,19 +0,0 @@
-public class test_insert {
-
-    public static void main(String[] argv) {
-	int i = 123;
-	long j = 123;
-	char c = '/';
-	boolean b = true;
-	StringBuilder sb = new StringBuilder("hello");
-	sb.insert(2,i);
-	sb.insert(2,c);
-	sb.insert(2,j);
-	sb.insert(2,b);
-	sb.insert(2,"abc");
-	String s = sb.toString();
-	System.out.println(s);
-	assert(s.equals("heabctrue123/123llo"));
-	assert(!s.equals("heabctrue123/123llo"));
-    }
-}
diff --git a/regression/strings/java_insert/test_insert1.class b/regression/strings/java_insert/test_insert1.class
deleted file mode 100644
index 80091936cea37ba88b8d3f67bddf5ea8683f7b2b..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 1035
zcmZuw+fEZv6kVsx%xR}n=!F6mQ9;xem2wf(wsMC^f|sO513s9cJ%PdL49-kV41dC#
zPd<xDNhHyCKT6%F1<Gw6_PMRI_FDVw`SbVZF94HR(UHWEN^|+`aoi4LScif;GTfEn
zUIba>bd2DB1aUkF<DrgG<T=K4bYh5OT*m|^IUX^jhE3lWUSPS7zhwF5rY))rY=c27
zS&kLVFmz;dZyA(Dw<;LA)+|T7tk*V$_eO&0pk`VQLr?bo+K&0z%-g23l`jXL<!lw@
z#aKBoD<5B&yG=aD6lvy|W(b!m_Hhcm?AE=CSg|BwA`pJ?!E&Um@lnZXAdMb|-i!PT
zb<3^_k3roQw(UyTV*^j{)Ib46j*@|AnBkZ;Fegt^=%%#WVtitf;3UGpJQf)G+QjoG
z)mZjCmza&SVmKBJEMb`;-oEi_b4OGHs^k^^&jDLCVMu4ME|k`?%rKB$UCmv>9GfkY
zgTOuE>dsyU65@=!@)ti4HF`z2P9oDSTFcG9rUwd$Mwm6akZSrlzs<mRCCH}N)x@W|
zY5Nz%x2zX))Gb}@f-Kt9Qq&Mt;ai@lo>r9lAgI#;_0t9hsWX$*!7Sb<pM_=}Aa?Xn
z?4{KJjf_Th<Phw;1fq|k*4$)>AcJc(m(Z_tHB94be6Q4v(0n{Uttiv#5tQ|$dI+tc
zWi++F0sbzdH4rZF14J^s0sR2ceWWuyX*3YqNAw7t>xbz2Ez^aX=|-T_T%iOiI3<r#
z?4)EF5-^Aa{bxyxk^bkTyPuGx{vRzk$91MK#xcNggZ9I?dFpJcX#q&45N{x{53YQJ
Z((wb)cHR@4l2b(}HYba5ixwda{s)BK*+l>V

diff --git a/regression/strings/java_insert/test_insert1.java b/regression/strings/java_insert/test_insert1.java
deleted file mode 100644
index 54e754302c5..00000000000
--- a/regression/strings/java_insert/test_insert1.java
+++ /dev/null
@@ -1,23 +0,0 @@
-public class test_insert1 {
-
-    public static void main(String[] argv) {
-	int i = 123;
-	long j = 123;
-	char c = '/';
-	boolean b = true;
-	StringBuilder sb = new StringBuilder("hello");
-	sb.insert(2,i);
-
-	/*
-	sb.insert(2,c);
-	sb.insert(2,j);
-	sb.insert(2,b);
-	sb.insert(2,"abc");
-	*/
-	String s = sb.toString();
-	System.out.println(s);
-	assert(s.equals("he123llo"));
-	//assert(s.equals("heabctrue123/123llo"));
-	//assert(!s.equals("heabctrue123/123llo"));
-    }
-}
diff --git a/regression/strings/java_insert_char/test.desc b/regression/strings/java_insert_char/test.desc
new file mode 100644
index 00000000000..f5727a3a4ab
--- /dev/null
+++ b/regression/strings/java_insert_char/test.desc
@@ -0,0 +1,7 @@
+FUTURE
+test_insert_char.class
+--refine-strings
+^EXIT=10$
+^SIGNAL=0$
+^\[.*assertion.1\].* line 8.* FAILURE$
+--
diff --git a/regression/strings/java_insert_char/test_insert_char.class b/regression/strings/java_insert_char/test_insert_char.class
new file mode 100644
index 0000000000000000000000000000000000000000..fbf4a82070b0507614103af7be1f1d5846d7a754
GIT binary patch
literal 811
zcmZWnU2hUW6g{&nyRd8vrIg|aYPIS@75u2a&=?gpG1B^g(X=nkuuR&i+eP=o|6>1u
z&uRjRP4wOWr11_EHnuN!XU{!z?z#8Q@4r8O0$9gG3-h>WqME@a3mPt~a7BfcENooO
z;F^V1TsLvUf~A-@EjXx|s530C@-P%ZBnN)@OoqJYi9Q3{VK6qNFQZ2cDW~?9L2nQG
zf+63LzSxQndm?zF$dowb(r1|KM%;bB$v=!?a${nRA+zCnCo)!d5C^V!A=Ra&NQBX@
z^i}Cycb^B11OAEISU{0sS)H36_xGCJD3Jc%(^z_a5in@nRh(NkZlhtNi90s(D3C|q
zbE%+>yST?tNd%ruyL%o415zlQE^OkyO+$P@spQt{-hptV|DcHza_)2z-UMu^`52RC
z7^=?8cI^!3q=goZBpOV$O3qm#F%0oB=3aQJ*2Gh*Mytsu4%!~=kD=Tbp$tTS)-G)$
ziYY<M+rbJwgL!%@tWZ(oqEiY?&6?sO{Z;A9=$o#Oz`iOXN)(MT$dJX-jJi)(HOe)Q
zp=}paBj~T{dZ9N&`dxhpqw@{s5lU;t%n;en$Q{Gl9wGNjiE3lfGSYNT(?c{!)Wk9}
zXi$kVp*gTWXb@(iLh!j+)%CFxV4-LaF?R%0{{lVr9cH3CHLG;e(Co*mrSs#m7ybe9
CzNfDM

literal 0
HcmV?d00001

diff --git a/regression/strings/java_insert_char/test_insert_char.java b/regression/strings/java_insert_char/test_insert_char.java
new file mode 100644
index 00000000000..3a83f03b332
--- /dev/null
+++ b/regression/strings/java_insert_char/test_insert_char.java
@@ -0,0 +1,10 @@
+public class test_insert_char
+{
+   public static void main(/*String[] argv*/)
+   {
+      StringBuilder sb = new StringBuilder("ac");
+      sb.insert(1, 'b');
+      String s = sb.toString();
+      assert(!s.equals("abc"));
+   }
+}
diff --git a/regression/strings/java_insert_char_array/test.desc b/regression/strings/java_insert_char_array/test.desc
new file mode 100644
index 00000000000..2432502ce3b
--- /dev/null
+++ b/regression/strings/java_insert_char_array/test.desc
@@ -0,0 +1,7 @@
+FUTURE
+test_insert_char_array.class
+--refine-strings
+^EXIT=10$
+^SIGNAL=0$
+^\[.*assertion.1\].* line 12.* FAILURE$
+--
diff --git a/regression/strings/java_insert_char_array/test_insert_char_array.class b/regression/strings/java_insert_char_array/test_insert_char_array.class
new file mode 100644
index 0000000000000000000000000000000000000000..bc1a23a7496b794b39b2c2e735168e23c000efc3
GIT binary patch
literal 979
zcmZuwTTc^F5dKbYr(G5(rCbyN(Tcqw^@7({gjP+Ape7X!@IX#?PjGR&i@RGBeudBS
z2YeQjl8DiFe-v>}3sl6HIcLB5X6BnYv%e3&{{%3Hs)i&cIWERAr6Gh%%3M|^lfV^B
zYq*MR0)5EEk=Ibb497JMx{8_AP{ehP8w`UP;rr4HEZ6ZLTfV5<(qv$346(B1Siw9)
zIGcOJ5UIMRWawYA9QmTzs7vp)B9o&bEQg`D76{}0ve<6Jq>JMw$1R3<*|3i?X*IX$
z8S<&6;>H5$2OE~7s&5$Ygts9)PwdQYiH}0ZAkqvY>Rz;kvstVKp5<&-nwD)!k0B&X
z#hKG_8+UZv#XXMuIv$|JQP%NLc?OUob)s&Vq(jF%9x;q|GcF$Y{lxQJN;&+0Jsb-<
z7ExhHc4J@Gx1<q}jP>d%yrYs~D7(}pcfgVwVyx3H!$kJkdNp^3bktvorWUxz$<o=g
zL}L6Ur?%q<vOzE9Hc8Y_C#~fcU(w70N+U&s0tVZXPQwg*Taj#f!I=Ee6t@45`cA8*
z9Bo8@x2LL2YeO?LrEhuCJeegeLC_=z?aUgcX#0}1tSmXI9)oUSkPM{B4$;>*os7<C
zejn_sB4U_qtPL_GFmgiuM4@5wRSytaO@;Rnc^>@{T`Gi=^_4;-X{_WUg%+Z3^DV@d
z_rPabi0>h>i}XxNYoX^edJdqk?xXjYDimrLnx+y|9U7JF11Dv1j1o3UNCrLh&*-S2
zmoSi@9iqZ<j^jMX7%?xLh?{E*1_n}nE%fh#N4_8u{)R-i)NxNLRTLq8L3KXfRx<Gi
DGwIPu

literal 0
HcmV?d00001

diff --git a/regression/strings/java_insert_char_array/test_insert_char_array.java b/regression/strings/java_insert_char_array/test_insert_char_array.java
new file mode 100644
index 00000000000..079dbd2fee6
--- /dev/null
+++ b/regression/strings/java_insert_char_array/test_insert_char_array.java
@@ -0,0 +1,14 @@
+public class test_insert_char_array
+{
+   public static void main(/*String[] argv*/)
+   {
+      StringBuilder sb = new StringBuilder("ad");
+      char[] array = new char[2];
+      array[0] = 'b';
+      array[1] = 'c';
+      sb.insert(1, array);
+      String s = sb.toString();
+      System.out.println(s);
+      assert(!s.equals("abcd"));
+   }
+}
diff --git a/regression/strings/java_insert_int/test.desc b/regression/strings/java_insert_int/test.desc
new file mode 100644
index 00000000000..2229d33b491
--- /dev/null
+++ b/regression/strings/java_insert_int/test.desc
@@ -0,0 +1,7 @@
+FUTURE
+test_insert_int.class
+--refine-strings
+^EXIT=10$
+^SIGNAL=0$
+^\[.*assertion.1\].* line 8.* FAILURE$
+--
diff --git a/regression/strings/java_insert_int/test_insert_int.class b/regression/strings/java_insert_int/test_insert_int.class
new file mode 100644
index 0000000000000000000000000000000000000000..cd355c86546c241bb051f08cde05d31a44674c53
GIT binary patch
literal 810
zcmZWnU2hUW6g_u=U0Ak-QcCdywOSRZf>!i}#;8@3Mr<E2n)byE%cM@-F1ow;U+f?7
zSxq3ZiN5=vG~R&%v3<ESbLPys=iWQN|Ni(1pn(TA=5f(NDTzxq3|!XXiViC&IJla`
zH5;qAZsCRvTQhIkD5GMbN?2SKVJL%0_5ARu3Ps10T>|Y9%njwM=pi9iuDmA1H+x-4
z$h4F%xBG`38NAYDzBm-hC(N}Y;l6(<K8#>?V_}Vu+;F`U8N1!<2d;ds^rL(v!|1K@
zb!uLs+JX2a94sJ5Sl0WxC;a_-I|`J)|D><Ht_%o<a5d+agWIS%sN;@<46^J&G}c{C
z=-@8a3B{Sh<4JYTf}qC|nNx`^+;g~x_X*kAqn*xybff>Eu@k~lxi#aB!KQAHIj)6J
zDsOF7&TvjjXmUrQ-b5>3K1*bVDL?jw7oN&B_SCHKWHK`cn;wskQ0U4~1+qJ>mWL7b
z`GRM+hZX(>^ZZpPTh#61T@0jq&2f=WC0>cwM0E)Is)@*RG)EvIg{3L=9X~bru6_(-
zHy0Zs{-PSsRtHGD;b6AD!8$^IEtec1^%?17*t<ide`!%;Bw9d%_X+-oCW~5FMiMnn
zQD8I;`hyx{7K#j?n`Ui{oB#_sXMnjQSn)52$G*dw=}ydQodgW$kuK@{DD8!RKEkHj

literal 0
HcmV?d00001

diff --git a/regression/strings/java_insert_int/test_insert_int.java b/regression/strings/java_insert_int/test_insert_int.java
new file mode 100644
index 00000000000..15a7a2d53f6
--- /dev/null
+++ b/regression/strings/java_insert_int/test_insert_int.java
@@ -0,0 +1,10 @@
+public class test_insert_int
+{
+   public static void main(/*String[] argv*/)
+   {
+      StringBuilder sb = new StringBuilder("ac");
+      sb.insert(1, 42);
+      String s = sb.toString();
+      assert(!s.equals("a42c"));
+   }
+}
diff --git a/regression/strings/java_insert_multiple/test.desc b/regression/strings/java_insert_multiple/test.desc
new file mode 100644
index 00000000000..497793cd650
--- /dev/null
+++ b/regression/strings/java_insert_multiple/test.desc
@@ -0,0 +1,7 @@
+FUTURE
+test_insert_multiple.class
+--refine-strings
+^EXIT=10$
+^SIGNAL=0$
+^\[.*assertion.1\].* line 9.* FAILURE$
+--
diff --git a/regression/strings/java_insert_multiple/test_insert_multiple.class b/regression/strings/java_insert_multiple/test_insert_multiple.class
new file mode 100644
index 0000000000000000000000000000000000000000..d6b470a1f72e41dd2bae763f8e15e9b5239bdd9f
GIT binary patch
literal 898
zcmaJ<+fEZv6kTUJ?M$ZwEkl8VRzy*!MO!ae)Dk0BO^8(=Y9#PNrZXpGa5}}g_%HGU
zKC4NaNTTollg52oXrnd0?0wF@tiAT-$FHy70IZ{~A%_bJmQ`HTAYny_ODZl4y(+|&
zG^TM?#Wf8kN(#yvbdj;9;W}<8s4&c~T4Bh8$nE;!6F0Ql9(Nen9z$x=_1)+pL&7Y*
zVUQbLhcjfGuFqe_oi-0%i(qneEZ1k4YDJd)_JwscFcT{URR(p__D*56RyPi8{>&9g
zixCf_eb*PI_dBr{xknza99r)!9ka+YEQoj2v;2c<D+*ly;BoAF4i6Y4%Mmd*b=<;j
zqS_XZJ30;Iu8tWP#K>yf4wctY!v;fP47GLE>(e0U5?20SG!)#^aUTyDa^uWb?L%%y
zf0%~680O68IBsaHi;1O%?J*S1?M7)L=Cq+YL&e;l@YesAphn%Z;(2p2kRVh1U2J*b
zU*v{O)JwG8?3i-HqZ445cX;Rq+!@V?78=Fmp#AS*g)S*aXUB2{F=TorK-Ysj$vOHJ
zNi)*Pav$uI2*f<e)WFD)#=<BxqEv}|8z+!<jYJ>v^Rk??dr0n-Wh2#tvQzFsZGJ}j
z82L3r>ml<2nG@){eN259;L-qmiQuUsG|~nXEJ4LGm8y}YK%NZPPt+7F4qfL)4Auv%
ifEi=DhwL#F`6J}S7o^A7XT$|g5|aK%w0C|`y7(LCDZnTI

literal 0
HcmV?d00001

diff --git a/regression/strings/java_insert_multiple/test_insert_multiple.java b/regression/strings/java_insert_multiple/test_insert_multiple.java
new file mode 100644
index 00000000000..c976ddd807f
--- /dev/null
+++ b/regression/strings/java_insert_multiple/test_insert_multiple.java
@@ -0,0 +1,11 @@
+public class test_insert_multiple
+{
+   public static void main(/*String[] argv*/)
+   {
+      StringBuilder sb = new StringBuilder("ad");
+      sb.insert(1, 'c');
+      sb.insert(1, "b");
+      String s = sb.toString();
+      assert(!s.equals("abcd"));
+   }
+}
diff --git a/regression/strings/java_insert_string/test.desc b/regression/strings/java_insert_string/test.desc
new file mode 100644
index 00000000000..91e13cefab1
--- /dev/null
+++ b/regression/strings/java_insert_string/test.desc
@@ -0,0 +1,7 @@
+FUTURE
+test_insert_string.class
+--refine-strings
+^EXIT=10$
+^SIGNAL=0$
+^\[.*assertion.1\].* line 8.* FAILURE$
+--
diff --git a/regression/strings/java_insert_string/test_insert_string.class b/regression/strings/java_insert_string/test_insert_string.class
new file mode 100644
index 0000000000000000000000000000000000000000..be8f7ad0f79126964af9df57d0e5500d86d69cdd
GIT binary patch
literal 841
zcmZuv+iuf95IyT$>^KfdoiquT0)+xe3JI5Rky0U`fP@I}5Cm#ps*SxWTU-Zhhkv0z
zz%w8v5|!Yce*!V<G>IU*?2gZzJ#%KpKYxGw4xo)YCh}O(aoWHc6B^DMSXK8qb)3&2
zhcyEiOkBhz9W@hKMXsA@U|q*$hT<9zLlH!B;D--o$ormf8Q3;MdPDj$y33HL)n73r
zHwUg@$akeLo)7o?B6z9Dl-TFeXUO#;?!0}*-^DN)(s6~s*l@ff8M8MS299_v)uT!z
z!e~eOs`O461=8Pb?(q-Yf{h}jRowEpzuW4?$p=H}xgucDxT`o#iu#U)7Oq;jhU*pz
zSRyaH@3>Uh!VR<;s&kq9(=Hzc!GLt^MFTo+TDXPV42Ai-7yUiqM1MgOM-0og?wmIP
zJ8DwtNm~rf+LQk<7NDcvIy9|lFcmM=>I+0-q{aIo_riaQPfT{|w6*-)(xykNWhlEM
zl!0((6QD&!LrTzIx3NlpNS^*AR;a2GQj`Eq2Sqwd^tD1aqdV0YgMC&+EYq2eL52*<
zGwK_9s!^_W2yM$wjFEiWNZP3p(ytpM=-n?c4p3URGb5NEkv&9qYYgj$64heSGEx+$
zV3NEI9Tga8Qi%$oS+HMd>Zs~CPVk9Y)pqOzSh8~?96NxX{DfrUD~!4B)U47;L9_0u
KmQKcHPyGQmzOiip

literal 0
HcmV?d00001

diff --git a/regression/strings/java_insert_string/test_insert_string.java b/regression/strings/java_insert_string/test_insert_string.java
new file mode 100644
index 00000000000..028a348122b
--- /dev/null
+++ b/regression/strings/java_insert_string/test_insert_string.java
@@ -0,0 +1,10 @@
+public class test_insert_string
+{
+   public static void main(/*String[] argv*/)
+   {
+      StringBuilder sb = new StringBuilder("ad");
+      sb.insert(1, "bc");
+      String s = sb.toString();
+      assert(!s.equals("abcd"));
+   }
+}
diff --git a/regression/strings/java_int/test.desc b/regression/strings/java_int/test.desc
deleted file mode 100644
index ae60dd78af0..00000000000
--- a/regression/strings/java_int/test.desc
+++ /dev/null
@@ -1,13 +0,0 @@
-FUTURE
-test_int.class
---string-refine
-^EXIT=10$
-^SIGNAL=0$
-^\[assertion.1\] assertion at file test_int.java line 8: SUCCESS$
-^\[assertion.2\] assertion at file test_int.java line 9: SUCCESS$
-^\[assertion.3\] assertion at file test_int.java line 12: SUCCESS$
-^\[assertion.4\] assertion at file test_int.java line 15: SUCCESS$
-^\[assertion.5\] assertion at file test_int.java line 18: SUCCESS$
-^\[assertion.6\] assertion at file test_int.java line 21: SUCCESS$
-^\[assertion.7\] assertion at file test_int.java line 23: FAILURE$
---
diff --git a/regression/strings/java_int/test_int.class b/regression/strings/java_int/test_int.class
deleted file mode 100644
index 643d7eca09cb890b7b49705679a2c8406c96efa8..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 1140
zcmZuwOHUJF6g^)%ueMV<Z7G6M9*Wvhd9?-Psel@rpe`^b;(|=uNgXUxoS7Qgx$`$j
zV!*`2g)21yqDJ>7Zru1Y+~J0(cczq9bo0ILJ?Gwg&dirz?>_;^;F2E-y8Y-uuOFvz
z#)lU4i8$*Ak8TO)oXB|z2`}*at8+<8=yx(xA};tbfI$&M4ADN-vNY4yD~5GNx72)D
zD>ATU24Pw^bbFS;n@HYa;1()HjUlwC8`{n4T3$16JINGSQ+0!(EpcygRehuml~toO
zv}BvQQJQjq!6jQQJh-8*yZIu9MT{^=(}nUOzkjJxH4EA`-C+ybnq{x(hCS$z$%vv=
zL|UeSvxJi|iZK~sL>Sr|)#mCWTs6&#NiB_}Gg%qqxX8c{WYZY}P9RGGHD4&on8Xxy
zP_HCnTE+}$Ql&w8E5E80Y|`gHQ~i}#o0K8kz~&5FD{0h+WLN6pSR$AFS07Tja9=g&
zs1Qd93j|qLO-myNhFIcXKr+V=uq)TK$8};sdstP=*0J<j`%_8sG1O>mp-g6zRYlFx
zO|5t&8#!cGDL_syqnAD;g+4K+v^zr6$qUi}t+dAI7N?!j&iC(vy>SxJMyudHGWc);
z?R2J8wgC^_fuCVtau1%x6t@HKOp2#<HYLzH#=Ql%iEyWq*+Sq0_`AChKG)vjO19}O
zBJM#N<K0j+#)r9YO~LT~ccPyZ+-O^e;3aBhpeZ5ZbI{@;S`7c#Xb$@K5SWzQV5~!m
z$U6vb9_wa2#wqD747-(IAW^Tejd;wV+eRJvtbugI@wnp5yNYrU>E{fRR8cyegoHto
zXC49MAY+AeFCl~{r213R{W&TAl4Sfyg6@-~9mJM^_?tjHp+%fxjC_b5ppzY-hwimg
u7o8@EyYtAgQP&zE5=F}nLYok|SKz$wz%@Fo+vil_;R#-LOpdz)bo~Lq)9aJ~

diff --git a/regression/strings/java_int/test_int.java b/regression/strings/java_int/test_int.java
deleted file mode 100644
index 620ae638dce..00000000000
--- a/regression/strings/java_int/test_int.java
+++ /dev/null
@@ -1,25 +0,0 @@
-public class test_int {
-
-    public static void main(String[] argv) {
-	String s = Integer.toString(2345);
-	char c = s.charAt(1);
-	char d = s.charAt(2);
-	char e = s.charAt(3);
-	assert(c == '3');
-	assert(d == '4');
-
-	int i = Integer.parseInt("1234");
-	assert(i == 1234);
-
-	String t = Integer.toString(-2345);
-	assert(t.charAt(0) == '-');
-	
-	int j = Integer.parseInt("-4231");
-	assert(j == -4231);
-
-	String u = Integer.toHexString(43981);
-	assert(u.equals("abcd"));
-
-	assert(e == '2' || i < 1234 || t.charAt(0) != '-' || j != -4231 || !u.equals("abcd"));
-    }
-}
diff --git a/regression/strings/java_prefix/test.desc b/regression/strings/java_prefix/test.desc
deleted file mode 100644
index 175f934ca1d..00000000000
--- a/regression/strings/java_prefix/test.desc
+++ /dev/null
@@ -1,10 +0,0 @@
-FUTURE
-test_prefix.class
---string-refine
-^EXIT=10$
-^SIGNAL=0$
-^\[assertion.1\] assertion at file test_prefix.java line 14: SUCCESS$
-^\[assertion.2\] assertion at file test_prefix.java line 16: FAILURE$
-^\[assertion.3\] assertion at file test_prefix.java line 18: SUCCESS$
-^\[assertion.4\] assertion at file test_prefix.java line 20: FAILURE$
---
diff --git a/regression/strings/java_prefix/test_prefix.class b/regression/strings/java_prefix/test_prefix.class
deleted file mode 100644
index 6f5f4025932b51a8fdcec8d94d4d5032d883ee5c..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 933
zcmZ`%%Wl&^6g`vJvEw*RaBwh`LIVNvC=IW60il8x5J)L30*#t3kdv6=;@Xw%ApQV;
zfvmb?4M>edrLgC7_yFLJMH)asvgY2IbMBpc&iLDpFCzfgv7{h_GZN0qm{$-(LB=^5
z=XqL`ae>E+Nu+T}LP<f2Q_Bh}s7hF1$Q8{Xu>8>W+~A%am>tLJF|am6qHeo(xWW)G
zl{XlKHLqteWE!?>J?`&zEdMDd6R>OAE<?Vw)z~p#n>ELDw`<MNx83bqyfEDi&F-sp
zb1&jcxJ;um$n~!CyT8)(`hM4XVDoO-&<eumd%pF;ezVB?snC$4^M89Ys1Gg2@#b5e
z@AL|sw#Xp1_!-3rQ&GbehM42=?5c_^jxiXMR(HqR@B6;zGo=2wUBWe$?7i{V-A_6@
zRyQQurif+GOVce-g3$ECpk;?I|3f0b^HYi+l?lj9=3R5>wTRlY0^7HGN8^*lVV?kc
zsx}Jr*ctjYSk~ZzDT{+~7im3CyE%%CqF5P%edI*wv?iiMh9vShK{=;>r_uz)cZY~=
zYVje2h9<68wZs9WmFfbm%R*I?X`5UYD<fea`X?v@wC4ucI7Di52=!}aB<>?0ov-S`
z0JkSVVhogZae(3kkj6k(7vCc_2KcnGXxf{Yp<I9hiR8*OZ3?qcQKVgkusT_=O7fqP
z0b3;ACHWz--jX_lDh&ufiIk9VQo<?v7$Z*%!=PTXM^-IGo&Z`7=>yCRAPFBJ#6Lrs
UOfvS3cNGy!-{J0_js~6k1sUzW1ONa4

diff --git a/regression/strings/java_prefix/test_prefix.java b/regression/strings/java_prefix/test_prefix.java
deleted file mode 100644
index c9b5fa72fcf..00000000000
--- a/regression/strings/java_prefix/test_prefix.java
+++ /dev/null
@@ -1,23 +0,0 @@
-public class test_prefix {
-
-    public static void main(String[] argv) {
-	String s = new String("Hello World!");
-	//String t = new String("Hello");
-	//String u = new String("Wello");
-	String u = "Wello";
-	boolean b = s.startsWith("Hello");
-	//boolean c = s.startsWith("Wello");
-	//boolean b = s.startsWith(t);
-	boolean c = s.startsWith(u);
-	boolean d = s.startsWith("lo",3);
-	if(argv.length == 1){
-	    assert(b);	
-	} else if(argv.length == 2){
-	    assert(c);
-	} else if(argv.length == 3){
-	    assert(d);
-	} else if(argv.length == 4){	
-	    assert(!d);
-	}
-    }
-}
diff --git a/regression/strings/java_replace/test.desc b/regression/strings/java_replace/test.desc
deleted file mode 100644
index 1e89ebe37b4..00000000000
--- a/regression/strings/java_replace/test.desc
+++ /dev/null
@@ -1,8 +0,0 @@
-FUTURE
-test_replace.class
---string-refine
-^EXIT=10$
-^SIGNAL=0$
-^\[assertion.1\] assertion at file test_replace.java line 6: SUCCESS$
-^\[assertion.2\] assertion at file test_replace.java line 8: FAILURE$
---
diff --git a/regression/strings/java_replace/test_replace.class b/regression/strings/java_replace/test_replace.class
deleted file mode 100644
index c795826dc15e95c6e64931bc9afb74e3617f8687..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 904
zcmZuvYi|-k6g|UhV7mx~wqg|ptqK&uTI-9(*r28+R8258tsl$+lV<C(i~BI~7x)|G
z5BS-dKw=a9?tjvFXQ72wlgYg9opaAUXMX+p{sX`&Y6=p_a$Jn!l7awoa>~aL$K@!l
z$iouHRRu9*W4MOv3JNH4loTwZ%yEMuy`(vguwC6UoyWSPwG7c=V7m;Fb=}n6hYZ0&
z@ijxJZgm7hqM@7Oxz}w8`;|<lKv&aEhK0hL#=iDJs~VcQS8cksZtm6O!+6ux+V8fs
zo}W)#8KUcLV+^h|EzfR?r@Dlib%o=;wMEa++M*)SRHTq*NS;P!P&b8PSh;P>HadBk
zR#8#KO%+MZj-y^~+Z#n!aEl=`0ogd}`H5{?Hpi-p+gRhcqv9?q^n98K$2}GI@!$lF
z7p;BKb{Xai|L>ZQyO6@v>&1VQNMP~a(+uYn#t67pBnPIu{^+=(OI}!>EINYIt?EmX
z*(I@s)~%75eupQo8F)`78RSu7qCnjs--%pDIJzx5$AXYqu15hfeHVH9ND2CAESZtA
z(k=)l9ie%SPFY$Rt>MxT?5j+~Jk1gRlF_eQz**YM)KBy@Nb9ph1a?xvAwrGiq?Pmr
z2yY!A(#Kpm#RrJ?F>{F6&JfDa1I&~MP^Y7xCsA20;FnvZf<Oog!o)0s5;#^6#U>HR
zP((%GH%c7mXk_Vr@tFUbPZUU{5g*`8A3XF0q2M<}Cg?}aNTe_V@kg@d^M3IQe*s01
Bzfk}H

diff --git a/regression/strings/java_replace/test_replace.java b/regression/strings/java_replace/test_replace.java
deleted file mode 100644
index 342bf9afddc..00000000000
--- a/regression/strings/java_replace/test_replace.java
+++ /dev/null
@@ -1,10 +0,0 @@
-public class test_replace {
-
-    public static void main(String[] argv) {
-	String s = new String("Hello World!");
-	String t = s.replace('o','u');
-	assert(t.equals("Hellu Wurld!"));
-	System.out.println(t);
-	assert(!t.equals("Hellu Wurld!"));
-    }
-}
diff --git a/regression/strings/java_set_length/test.desc b/regression/strings/java_set_length/test.desc
deleted file mode 100644
index 43f82a648fd..00000000000
--- a/regression/strings/java_set_length/test.desc
+++ /dev/null
@@ -1,9 +0,0 @@
-FUTURE
-test_set_length.class
---string-refine
-^EXIT=10$
-^SIGNAL=0$
-^\[assertion.1\] assertion at file test_set_length.java line 8: SUCCESS$
-^\[assertion.2\] assertion at file test_set_length.java line 9: SUCCESS$
-^\[assertion.3\] assertion at file test_set_length.java line 10: FAILURE$
---
diff --git a/regression/strings/java_set_length/test_set_length.class b/regression/strings/java_set_length/test_set_length.class
deleted file mode 100644
index 8836640967a8736f8ecdfc31c509c8f67e5cdc31..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 887
zcmZ`%TW=CU6#j+<29~8=xfL%|t5uhRMXmJ`8>6BoO{hL#G~h$Cz=UqyE@pS|$22iM
z`m839*hJs`Pa4l`OHtI9GiSazm+w1gzW@C46~G$q=$J!^V=;lVIwCly%#t$alQ3{W
z$1*N*T+)$5NnI{;SUSpB;ixcVm+c@BzH|m&@W=`5jw^Z$tj!SLa6CueW6-Sf3x;TY
z&=U;v4aXBthkG62KUcx@uxC3SL&190*tOr<HP`m~wWjnPuYXr1rkm34zTUFmgz-d_
zqsoxj=(<Ps_2yvccf}J&Rm({c$n8MLZC7}GxwEQj8aROr!@_L+heOBh37;t1ovsSH
zVqg_D16Og)z&uQ9W#Bs27>d)}2NS`MeShE^xPf)jHPe^lrh!|y&0tP5pLKRcSN;JV
z3T4P!|5l$QDUDDGP0HF-14+oiBr9i?|4w7j18Ms*c<IQU|5R4{IUG>9pG^`lrCE1r
zr?iot2pnJZj`h+a<d7a{p=~VD=a{1(#LS|a6nPq$nlsrf-AZ&aI%6wiu#YMbIkNE(
zWb~QxD3Gs0-%+YYXZrw=Rz@2m+NhZN2(iit@vTqb`^Z%@+6ak#qz;g5jiG-#f=5W1
z`uiC;TO~OD8>;$8!v2fk<j0^B6O;Tr5~vcJIw38jut2YAXg^TpC~}-EsDM+)s@6mL
iKqd=gg!Ddm^aG;WXYgr@i9}T@hDiFp8pP?4!I@wBcDFJB

diff --git a/regression/strings/java_set_length/test_set_length.java b/regression/strings/java_set_length/test_set_length.java
deleted file mode 100644
index 97b20f2332d..00000000000
--- a/regression/strings/java_set_length/test_set_length.java
+++ /dev/null
@@ -1,12 +0,0 @@
-public class test_set_length {
-
-    public static void main(String[] argv) {
-
-	StringBuilder s = new StringBuilder("abc");
-	s.setLength(10);
-	String t = s.toString();
-	assert(t.startsWith("abc"));
-	assert(t.length() == 10);
-	assert(t.length() == 3);
-    }
-}
diff --git a/regression/strings/java_string_builder/test.desc b/regression/strings/java_string_builder/test.desc
deleted file mode 100644
index 9712205b104..00000000000
--- a/regression/strings/java_string_builder/test.desc
+++ /dev/null
@@ -1,9 +0,0 @@
-FUTURE
-test_string_builder.class
---string-refine
-^EXIT=10$
-^SIGNAL=0$
-^\[assertion.1\] assertion at file test_string_builder.java line 11: SUCCESS$
-^\[assertion.2\] assertion at file test_string_builder.java line 12: SUCCESS$
-^\[assertion.3\] assertion at file test_string_builder.java line 13: FAILURE$
---
diff --git a/regression/strings/java_string_builder/test_string_builder.class b/regression/strings/java_string_builder/test_string_builder.class
deleted file mode 100644
index 7a61d1f02be71e77a94712f5fa7beb433a094b1b..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 1003
zcmZuwT~8B16g|^zyW3?;OIv9DKntR_%SV+Dzd%4yUnu%eBM~3SwmaZp**3ddqW%<~
zO?+09l1PH@`ip$fcxRzBNMGj8+&%Z)bI;8F{QLa~zzmjkq%o@EnvM`gHH^u4UBe9x
zH|4ev!vKmJOdaExP%){)khm#%E@`->;<k=y%&3@UNRL^b$6a4E9Pf$ntZJRx3~YlT
zx*#0kFES{F;wy&mO2g(1iL!9`^VV*ayDue}KI~e;VHhgBDeqW&R;g||+og){3TJy>
z7RD>SReQH)H3K~9Rx!t*E!65K{CcI)a%=pVkZd`hd;X>uly6pBqHc3{O7a>QLY5)>
ze~-t<7zVZJ@-6W`Z{QB@QiJ@iu<bg}lfpcAYy<aj-#`X~l#o!8Vc-Ggsb`n-QOAs@
zuG?^F_Mmb>qNr$Qiwx@_P{l(7i&$bvcBx)ecX-V|lR9>VthJg=B4(H@^ziIl>SRRH
zp!tmsN2X9b2PA~<`IhT@>%xD_FxZQpu2!SwCy+!}@JgMY0$rrdJ>hcu)C#&kzeOMD
z9c*BP9#@*)Axq|@m$XwrHOSJMqth@&MloU@fPIlbT%a`?BpG73h)cAW&|g%lQ2b~f
zMLuEg5TVxxP|D+}a2t{JaWgy}#8i}m8IgyS8f4ng*1jUPkIY0$Z=-J?eTOipIR2xP
z?r$T}Bb_{pmij`0J`+0a719|-KO!_(ltxieqWmoSuuA_>6>)q(0+$Jyfbs{cDuz{D
v8Tw80Yq)yq!CWvbkV<2qjnqEW@MnaTZ-{jpb_|hZ5rpE)(zZMuLKyi6M=96L

diff --git a/regression/strings/java_string_builder/test_string_builder.java b/regression/strings/java_string_builder/test_string_builder.java
deleted file mode 100644
index 1d76b34e9f8..00000000000
--- a/regression/strings/java_string_builder/test_string_builder.java
+++ /dev/null
@@ -1,16 +0,0 @@
-public class test_string_builder {
-    public static void main(String[] argv) {
-	if(argv.length > 2) {
-	    StringBuilder tmp = new StringBuilder(); 
-	    tmp.append("prefix ");
-	    tmp.append(argv[1]);
-	    tmp.append(" middle ").append(argv[2]).append(" end");
-	    //StringBuilder tmp1 = tmp.append(argv[2]);
-	    //tmp1.append(" end");
-	    String r = tmp.toString();
-	    assert(r.startsWith("pref"));	    
-	    assert(r.endsWith("end"));
-	    assert(r.startsWith("pr3f"));
-	}
-    }
-}
diff --git a/regression/strings/java_string_builder_insert/test.desc b/regression/strings/java_string_builder_insert/test.desc
deleted file mode 100644
index 2655f846da1..00000000000
--- a/regression/strings/java_string_builder_insert/test.desc
+++ /dev/null
@@ -1,8 +0,0 @@
-FUTURE
-test_insert.class
---string-refine
-^EXIT=10$
-^SIGNAL=0$
-^\[assertion.1\] assertion at file test_insert.java line 17: SUCCESS$
-^\[assertion.2\] assertion at file test_insert.java line 18: FAILURE$
---
diff --git a/regression/strings/java_string_builder_insert/test_insert.class b/regression/strings/java_string_builder_insert/test_insert.class
deleted file mode 100644
index 69a32d7f93fa8cbebd4e1f6c84f79c41463bb3b1..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 1049
zcmZuwT~8B16g|_Aop!sWYg<1206|e&3RFc<DI!obm;g#@HNb;e+6gXhcX4;C@u$ci
z@L5bsB1YeQ@JA8vv_Sdr<<9J#bI+V}=kDLbAHM*MV?l+EevW|%Zm0<0rVN8J+=}8h
zhE!ybjiLj?5#&^iV3cD_g(hqAD(>Je$32GBpy7GK^-ah27EI6Bv_zGGturXorfvE&
z48ctHHAATAR0Ts~$+X2vy|yXbR}xGIHN&(Sx-uI}+r~#DZyEMhzT~^6y;YEf@se*;
z-Y*+FO+3dqY38`k5Sgx6M^~sNr|wq7GgA`kzVQ6FrY&WSNlFbVq#3%;)6dsUt14WQ
z+W*OMt*XRLXqdzU4G-~%V@g8-(;SaA%*c~VNHWA0g=IOd3eutB31%63+T?S`4SDLi
z4zb5h>EW2uFpnasY!|%P+!hs|A+T{a-)aIwXXgK%QCc1u`ZCWqirEXGBYy>ImG2yr
zr85_Sgg7Oq^x5-8jo!_vlc>%Xt?A@n(v$c^Ba9jqq?-EArWyE-1X=W+iuh1BEbpB9
zmeoR*<|EN=K+&Qhq7kSH&vZrgq=EGEew_|zg4QuWv#8VPGQCGW1nq(#8Awy?q_19D
z8Li>reXws5h%SmsGszG|H+pC<p?|0}M5`J38D7c-^~G{7q>FMctXt)rA_Lc*@&N*C
z$>2Uh%Ok;D1K~F#4Ja#n;G+#h_7L4gdNipv5ZguU0NUC<;=fO)zqHd*PM|4g5^>sx
z>3W4Eaq<))4^fh)l7l#gC^Lox{h&Ig$mc3KeMgAPRFy#B5UU(lIIePB>!Q-$6Z;cQ
kpFlE&js_CD;GwSw1-~QOzWlfsk}Qlsd{%a>uc__&KWVw%^#A|>

diff --git a/regression/strings/java_string_builder_insert/test_insert.java b/regression/strings/java_string_builder_insert/test_insert.java
deleted file mode 100644
index 1fac897c5ed..00000000000
--- a/regression/strings/java_string_builder_insert/test_insert.java
+++ /dev/null
@@ -1,20 +0,0 @@
-public class test_insert {
-
-    public static void main(String[] argv)
-    {
-	char [] str = new char[5];
-	str[0] = 'H';
-	str[1] = 'e';
-	str[2] = 'l';
-	str[3] = 'l';
-	str[4] = 'o';
-
-
-	StringBuilder sb = new StringBuilder(" world");
-	sb.insert(0,str);
-	String s = sb.toString();
-	System.out.println(s);
-	assert(s.equals("Hello world"));
-	assert(!s.equals("Hello world"));
-    }
-}
diff --git a/regression/strings/java_string_builder_length/test.desc b/regression/strings/java_string_builder_length/test.desc
deleted file mode 100644
index c4720992571..00000000000
--- a/regression/strings/java_string_builder_length/test.desc
+++ /dev/null
@@ -1,8 +0,0 @@
-FUTURE
-test_sb_length.class
---string-refine
-^EXIT=10$
-^SIGNAL=0$
-\[assertion.1\] assertion at file test_sb_length.java line 6: SUCCESS$
-\[assertion.2\] assertion at file test_sb_length.java line 8: FAILURE$
---
diff --git a/regression/strings/java_string_builder_length/test_sb_length.class b/regression/strings/java_string_builder_length/test_sb_length.class
deleted file mode 100644
index 586e8f71935b9b16a50d4a4a6ad14c4069667c5c..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 791
zcmZuv&rcIk5dPkFyT7`H((<ELP(jqC6>4HUL5zx!m=rzKNWcSm?LO<nW!vm-jaUB-
zE?!JLt4W(kf_MKWW1P1FMdk8lcIKP;zM0t{zrGy<xQjau^0;hb*20_v4Oc8&RrZ>V
z9Ojj`VB)$1TY(lG+`vr}w-`!`JdQ<_$Zi-vmN9Py!e?N+491!aWpbY(<1M{l(AT@Z
zU>I-6P(1A)v_$k=fhlpoWymn?y=?6Bx4a(kuv2d)kqkSlsxaS7c>B#3@1=NB$Y8Ct
zgOlb?v)hl_VpFPCr9{NZUfkLXMA%7Quc&@53YcJ+`M39@z6^X3k<MNuUdeX~=aE<u
z`Yx7Gbuor<7d6~wD36LCo=&?FMO~^M`<v3lvWpee849DCXRUqFP8g=VizhUAuSc{D
z%NGIut2t4=O49$#nXdQ=?RG@D9?)56slJG1B>Xegw9BMV3A)KH=IOL~x;`tE)v)Ac
zK*BLWZ;`&{$TG6o>JaR+0-{8(kp>z43X_;3UqRnfsYZ752-;3DGlbr#6|(~v+h1TF
zVzM@XRj@xGcLaN92<LnCSpSI1xukn8skpS1t3qr_mV+$GGT_0a^;+1V$TVeaXg}eZ
sn3<(u`Aqq}R3cC;Avb_~2vh$AJ@XajsP*X>s!bMJ{(&0yQp#NU4b&{7CjbBd

diff --git a/regression/strings/java_string_builder_length/test_sb_length.java b/regression/strings/java_string_builder_length/test_sb_length.java
deleted file mode 100644
index 652b72cdc90..00000000000
--- a/regression/strings/java_string_builder_length/test_sb_length.java
+++ /dev/null
@@ -1,11 +0,0 @@
-public class test_sb_length {
-    public static void main(String[] argv) {
-	StringBuilder tmp = new StringBuilder("prefix"); 
-	//tmp.append("prefix");
-	tmp.append("end");
-	assert(tmp.length() == 9);	    
-	if(argv.length > 1) {
-	    assert(tmp.length() == 12);	    
-	}
-    }
-}
diff --git a/regression/strings/java_strlen/test.desc b/regression/strings/java_strlen/test.desc
deleted file mode 100644
index b98e6f76f0a..00000000000
--- a/regression/strings/java_strlen/test.desc
+++ /dev/null
@@ -1,8 +0,0 @@
-FUTURE
-test_length.class
---string-refine
-^EXIT=10$
-^SIGNAL=0$
-^\[assertion.1\] assertion at file test_length.java line 10: SUCCESS$
-^\[assertion.2\] assertion at file test_length.java line 11: FAILURE$
---
diff --git a/regression/strings/java_strlen/test_length.class b/regression/strings/java_strlen/test_length.class
deleted file mode 100644
index 7f1c10c02ca3c0b61fb85561752aa7e23c0b36f2..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 864
zcmZuvU2hUW6g{)-7t3NPNTn*;D&j)1XsbSGZEUb6O{gYfOj;kzvP@v>cGv7K{+Pb_
zV&bzJA+bq)_eWXpP$^YOcJIubIrrW<XXfXx??(Vuao0c^mo*f1TrnWwst5}rEQ)X~
zi4?ADC>cl!+6@C`+|*z(<VtoF@i2A+KYHRucH83}2DZzfuDQM&uQMd9$}0xB5p+1i
zOw;xGv;KaYhc5-0Hui1TXPC2IH}~xKcHOi6ZoL(UuHStq64R~NcHVB=??!wL6*?w^
zzUFv;>Km<~A3FT0E2?E;9>s4w?swzfvZ!YwgIU7=t<9kHxaS38ziMI$H50e6Y@&|a
zCeC4op)kqW7>nEt!ysfxooS=tj)@hl{?+7pdyhLY`7=coL*AOMRXsWQ$g?f7&<T9U
zrYhxW{QpacjGi5CP=;)6RT^aXL_))(n<Ae(JaR+cIaNgV#(mnLYud#kU38kB1j`hJ
z2Q*87bYYfamR3a?8I4MH2=-YJk)x=NKt`|QJn}Rb)Nhok(%3qLw3AH?Avdc>@<(h|
z<(2K)0Lpr8X#n+sJTDgq(C#Z=pdTQcS2Dd1NF5@%GlcQu6b#OQqOmk;T&9+Q3<C<C
zQl<79=AmPOaEs7Kq~`@Gnj=;T(lG(5h6@@B^fB=R$CM?VfW*=%f2{W2NEVRIAvJ(`
d08Rb`Iq?<x<OE~sqJsh{{a6@ukromz{RW~isdoSX

diff --git a/regression/strings/java_strlen/test_length.java b/regression/strings/java_strlen/test_length.java
deleted file mode 100644
index 9410315db38..00000000000
--- a/regression/strings/java_strlen/test_length.java
+++ /dev/null
@@ -1,14 +0,0 @@
-public class test_length {
-
-    public static void main(String[] argv) {
-	String s = new String("hello");
-	if(argv.length > 1) {
-	    String t = argv[1];
-	    int i = t.length();
-	    String u = t.concat(s);
-	    char c = u.charAt(i);
-	    assert(c == 'h');
-	    assert(c == 'o');
-	}
-    }
-}
diff --git a/regression/strings/java_substring/test.desc b/regression/strings/java_substring/test.desc
deleted file mode 100644
index bd54a8204fe..00000000000
--- a/regression/strings/java_substring/test.desc
+++ /dev/null
@@ -1,10 +0,0 @@
-FUTURE
-test_substring.class
---string-refine
-^EXIT=10$
-^SIGNAL=0$
-^\[assertion.1\] assertion at file test_substring.java line 12: SUCCESS$
-^\[assertion.2\] assertion at file test_substring.java line 13: FAILURE$
-^\[assertion.3\] assertion at file test_substring.java line 20: SUCCESS$
-^\[assertion.4\] assertion at file test_substring.java line 21: FAILURE$
---
diff --git a/regression/strings/java_substring/test_substring.class b/regression/strings/java_substring/test_substring.class
deleted file mode 100644
index e6532aca43e8ec0108d5f9108ccd271907039b70..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 1051
zcmbVK-%ry}7(I9EkI@wv%poEuD9U~yQxG(P5D+xZfSSyZfDfkI8Yqqq+fLv7BYfmV
z5{*2o$%vZZyML5;ZjlYtCzIxDd+#~tyXSoO$Iq_^048wDfQfzs1Gpf|MOg;hU|>kc
zB?H>g-sL!kF{tB;fvXtNkrqe}TfT35fm3t+MaQ>FRl6b})&#T}$8~~PfoM9jBA_hP
zDz-r9lH=MB>suw;dm_Qy*s>f~peOxwY14XX<*Syvo-YQT<E~FjVtX;L%Fmar?GUdc
zqa&*$ClH${SAVxKinY2|w(mJoFd5i>@XW85{7_^}s+#CTf<zOexMpGuc@x)h!$dne
z1bSPI=a1do^}L#AVjL4;vyRiEI&PYn#FRjy#eG!Tw95ex@DC@afJg4=xy4=Bu)L!E
zqHeooTF|PtyB=(W*%buZnr389g+k`<q{t~#VxH}lbRn}K5GSdn*#8IZWWQ;S<-|#<
zoGANLY~S(hN;43SA*geM<6OfKuZGE+BNDwbLViU-6(m@@_&30};9Je^LwuA#bhB#V
zA`KylGyEo06iC&$x0gLo-s4?X8DGjZ5J_meDCAVVf#~w6(tt9X(^#jJ9G8?S^%K+`
zbPc4Gw}^j(wz?1f`|+B3Vr>tPrCe+m_d~T9)xMxDg8$T$W+I`P2Vqrsc$I1Bv=l=h
ztqt;T1aV$66L*--3iDZIHWt&_pyh4yUJ?D85xhYPAIM5kbq?ww37U=`9cTFn!3YnD
zj2tbo@gZ)v0KH9sAb<)noNG>CGK?DNPQqv)z5`v^gA)A=wdLS=9J0HLNc)@|T3=}J
F{4e6h&lUgx

diff --git a/regression/strings/java_substring/test_substring.java b/regression/strings/java_substring/test_substring.java
deleted file mode 100644
index 8a2ac883cca..00000000000
--- a/regression/strings/java_substring/test_substring.java
+++ /dev/null
@@ -1,27 +0,0 @@
-public class test_substring {
-
-    public static void main(String[] argv) {
-	if(argv.length > 1) {
-	    String t = argv[1];
-
-	    if(t.length() == 6) {
-		String u = t.substring(2,4);
-		char c = u.charAt(1);
-		char d = t.charAt(3);
-		char e = t.charAt(4);
-		assert(c == d);
-		assert(c == e);
-	    }
-	    else if(t.length() == 5){
-		CharSequence u = t.subSequence(2,4);
-		char c = u.charAt(1);
-		char d = t.charAt(3);
-		char e = t.charAt(4);
-		assert(c == d);
-		assert(c == e);
-	    }
-		
-
-	}
-    }
-}
diff --git a/regression/strings/java_suffix/test.desc b/regression/strings/java_suffix/test.desc
deleted file mode 100644
index 2740e87d6e4..00000000000
--- a/regression/strings/java_suffix/test.desc
+++ /dev/null
@@ -1,8 +0,0 @@
-FUTURE
-test_suffix.class
---string-refine
-^EXIT=10$
-^SIGNAL=0$
-^\[assertion.1\] assertion at file test_suffix.java line 12: SUCCESS$
-^\[assertion.2\] assertion at file test_suffix.java line 13: FAILURE$
---
diff --git a/regression/strings/java_suffix/test_suffix.class b/regression/strings/java_suffix/test_suffix.class
deleted file mode 100644
index 557acd02653a0558f2ddb5117649f5cdd387e77e..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 811
zcmZ`%(M}UV6g|^!JKOD+*4APbixf}`1*#H#kq`)Kd?@-*V*@^zZFj)IW!LOZjUV9`
z^ap%alQxk=-~A}{&ZbZ_m~8IcJ#*&XbMDN~U*En1SjW1BDO5RTP28}Mz?_MiiFuta
z=&+c9jhh^|ELfU%+d>^n9Lo%)MJI|xsAS+rk7VR@J>fF2eTMXg^rhNlNY<BLG8j97
zD;V-E>5FIm<E{u_XfkaaJJM&EuD@y>Iq#jO=lF-swhE<x_)s6rwUyI*yX(A*`5X<>
z$zX2uym5W29rVMVcp`PRf)bH>9rX_m<cBp~&&DMb3IDe?gZ)%^UNF}QLeH&f+6sy8
zXso7_F}#X38%-VZC@@qeb+%89KMunnWXPUt&2h)ZUEKSt@$>GH=qZ}n1x^{t^^5(R
z!gr&NRB!%6p;23razZsG<tGYvJh~hjtt%oK3inJfO;q)1gKlOYHM-j=dIqde(H1F7
zg6W}AEYV+;Rz_=Tc?9-Z6LFbhItCdsC}Wy(P5nqmQ?zcMAhB0Wj$pKksoh2~Jp|uu
ztPEj3Fuou&K)yOa_5{}62-zPoQYaheAl)Vrx0wZ}+@N>Ik%LKC7Bi%HmHxI!_Z8YL
zBk`Mn6i0>QDt(Of7KwcA%*6dzEukgYL*xeF#wQrbugFYVojTGbQ%K~twC|Z%$@M>U
CNTL-0

diff --git a/regression/strings/java_suffix/test_suffix.java b/regression/strings/java_suffix/test_suffix.java
deleted file mode 100644
index f61b0b8ba36..00000000000
--- a/regression/strings/java_suffix/test_suffix.java
+++ /dev/null
@@ -1,15 +0,0 @@
-public class test_suffix {
-
-    public static void main(String[] argv) {
-	String s = new String("Hello World!");
-	//String t = new String("Hello");
-	//String u = new String("Wello");
-	String u = "Wello!";
-	boolean b = s.endsWith("World!");
-	//boolean c = s.startsWith("Wello");
-	//boolean b = s.startsWith(t);
-	boolean c = s.startsWith(u);
-	assert(b);	
-	assert(c);
-    }
-}
diff --git a/regression/strings/java_trim/test.desc b/regression/strings/java_trim/test.desc
deleted file mode 100644
index 7c0f1a87978..00000000000
--- a/regression/strings/java_trim/test.desc
+++ /dev/null
@@ -1,8 +0,0 @@
-FUTURE
-test_trim.class
---string-refine
-^EXIT=10$
-^SIGNAL=0$
-^\[assertion.1\] assertion at file test_trim.java line 5: SUCCESS$
-^\[assertion.2\] assertion at file test_trim.java line 6: FAILURE$
---
diff --git a/regression/strings/java_trim/test_trim.class b/regression/strings/java_trim/test_trim.class
deleted file mode 100644
index 8e6a923dcbc867d6e06db7e6b4ad880270c3084d..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 730
zcmZWn%Wl&^6g}fd#&Mk{Bxwkb5*JGA^pyny7OfDdz$z_^ASB8Hjh#{D)^Vuq@G<#;
zt^p~PK!QF01mccM5-MbC=FWYbd(WBq`TOg401wcy;ozo)TQ+WExd<C~EVR_Y<yf)7
zRq!syJsYdI&#}f(TNP<4lPny@>GLoZekA)0?1-VT7sg@sghBV(Zy1dIVP7(oyJ0L3
zM+09buT?Sy1|p0Z8s59^iTEfwk%*5wy(|gi<6Tu)>SZE0JrE!Ae2#SnYcGiYg4?~}
zC<)}tP(dwbGR@vo>0n1eIVhvTP;_14`flJ7iFF4a+73!sWH58LgAHslH0RBqO&PsN
zl3_v<3O{fOXNJzP<zO2-43&A+EB{0W*%j9%3j$ChG1R^G{}f3mc{UPJ%CO}96TXDo
zZIhDad6WH!<R-EDG7S^ipG`^{Wg`lZ)<;;Oi*x8gS*59nlBI)CP@(l2ot9~5w3{0j
zV4qYXs<akzC-FoLb+T3J88j*e9#^&Q<^=k|XBcDDx2om@g)tVsfxo?g^<(NTUUe&Q
zEeCJFBwMG?fJJtT+C8ENwM1SA+Ap*?8uT|PdVMzO!+a#5T7x~o!Wi5*hoOIgF-M+`
Qt&mJ;rKgHqGjDw356z#A+5i9m

diff --git a/regression/strings/java_trim/test_trim.java b/regression/strings/java_trim/test_trim.java
deleted file mode 100644
index 8d8d41cb29a..00000000000
--- a/regression/strings/java_trim/test_trim.java
+++ /dev/null
@@ -1,8 +0,0 @@
-public class test_trim {
-    public static void main(String[] argv) {
-	String t = "  a b c  ";
-	String x = t.trim();
-	assert(x.equals("a b c"));
-	assert(x.equals("abc "));
-    }
-}
diff --git a/regression/strings/test1/test.desc b/regression/strings/test1/test.desc
index b86ded86c18..2e0b38c3ae3 100644
--- a/regression/strings/test1/test.desc
+++ b/regression/strings/test1/test.desc
@@ -1,6 +1,6 @@
 FUTURE
 test.c
---string-refine
+--refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
 ^\[main.assertion.1\] assertion c1 == c2: SUCCESS$
diff --git a/regression/strings/test2/test.desc b/regression/strings/test2/test.desc
index b322a1d0d33..809cbcdaa29 100644
--- a/regression/strings/test2/test.desc
+++ b/regression/strings/test2/test.desc
@@ -1,6 +1,6 @@
 FUTURE
 test.c
---string-refine
+--refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
 ^\[main.assertion.1\] assertion n == 5: SUCCESS$
diff --git a/regression/strings/test3.1/test.desc b/regression/strings/test3.1/test.desc
index c88a62b6704..6fddff4c129 100644
--- a/regression/strings/test3.1/test.desc
+++ b/regression/strings/test3.1/test.desc
@@ -1,6 +1,6 @@
 FUTURE
 test.c
---string-refine
+--refine-strings
 ^EXIT=0$
 ^SIGNAL=0$
 ^VERIFICATION SUCCESSFUL$
diff --git a/regression/strings/test3.2/test.desc b/regression/strings/test3.2/test.desc
index c88a62b6704..6fddff4c129 100644
--- a/regression/strings/test3.2/test.desc
+++ b/regression/strings/test3.2/test.desc
@@ -1,6 +1,6 @@
 FUTURE
 test.c
---string-refine
+--refine-strings
 ^EXIT=0$
 ^SIGNAL=0$
 ^VERIFICATION SUCCESSFUL$
diff --git a/regression/strings/test3.3/test.desc b/regression/strings/test3.3/test.desc
index c88a62b6704..6fddff4c129 100644
--- a/regression/strings/test3.3/test.desc
+++ b/regression/strings/test3.3/test.desc
@@ -1,6 +1,6 @@
 FUTURE
 test.c
---string-refine
+--refine-strings
 ^EXIT=0$
 ^SIGNAL=0$
 ^VERIFICATION SUCCESSFUL$
diff --git a/regression/strings/test3.4/test.desc b/regression/strings/test3.4/test.desc
index d88e1c83744..fc1cde2392c 100644
--- a/regression/strings/test3.4/test.desc
+++ b/regression/strings/test3.4/test.desc
@@ -1,7 +1,7 @@
 FUTURE
-test.c
---string-refine
-^EXIT=10$
+test_init.class
+--refine-strings
+^EXIT=0$
 ^SIGNAL=0$
-^VERIFICATION FAILED$
+^VERIFICATION SUCCESSFUL$
 --
diff --git a/regression/strings/test3/test.desc b/regression/strings/test3/test.desc
index 24ed719acc2..f6f9a63520a 100644
--- a/regression/strings/test3/test.desc
+++ b/regression/strings/test3/test.desc
@@ -1,6 +1,6 @@
 FUTURE
 test.c
---string-refine
+--refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
 ^\[main.assertion.1\] assertion __CPROVER_string_length\(s\) == i \+ 5: SUCCESS$
diff --git a/regression/strings/test4/test.desc b/regression/strings/test4/test.desc
index c88a62b6704..6fddff4c129 100644
--- a/regression/strings/test4/test.desc
+++ b/regression/strings/test4/test.desc
@@ -1,6 +1,6 @@
 FUTURE
 test.c
---string-refine
+--refine-strings
 ^EXIT=0$
 ^SIGNAL=0$
 ^VERIFICATION SUCCESSFUL$
diff --git a/regression/strings/test5/test.desc b/regression/strings/test5/test.desc
index d88e1c83744..303defd9de4 100644
--- a/regression/strings/test5/test.desc
+++ b/regression/strings/test5/test.desc
@@ -1,6 +1,6 @@
 FUTURE
 test.c
---string-refine
+--refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
diff --git a/regression/strings/test_char_set/test.desc b/regression/strings/test_char_set/test.desc
index 99f3cfd81de..360759faf98 100644
--- a/regression/strings/test_char_set/test.desc
+++ b/regression/strings/test_char_set/test.desc
@@ -1,8 +1,8 @@
 FUTURE
 test.c
---string-refine
+--refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
-^\[main.assertion.1\] assertion __CPROVER_string_equal\(t, __CPROVER_string_literal\("apc"\)): SUCCESS$
-^\[main.assertion.2\] assertion __CPROVER_string_equal\(t, __CPROVER_string_literal\("abc"\)): FAILURE$
+^\[.*assertion.1\].* SUCCESS$
+^\[.*assertion.2\].* FAILURE$
 --
diff --git a/regression/strings/test_concat/test.desc b/regression/strings/test_concat/test.desc
index 8df68c18bc3..317a4d1b4dd 100644
--- a/regression/strings/test_concat/test.desc
+++ b/regression/strings/test_concat/test.desc
@@ -1,6 +1,6 @@
 FUTURE
 test.c
---string-refine
+--refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
 ^\[main.assertion.1\] assertion c == .p.: SUCCESS$
diff --git a/regression/strings/test_contains/test.desc b/regression/strings/test_contains/test.desc
index f2414880794..b0e33ce2b43 100644
--- a/regression/strings/test_contains/test.desc
+++ b/regression/strings/test_contains/test.desc
@@ -1,6 +1,6 @@
 FUTURE
 test.c
---string-refine
+--refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
 ^\[main.assertion.1\] assertion !__CPROVER_uninterpreted_string_contains_func\(t, __CPROVER_uninterpreted_string_literal_func\(\"3\"\)): SUCCESS$
diff --git a/regression/strings/test_equal/test.desc b/regression/strings/test_equal/test.desc
index 5fbe05f8fdd..34297ec50f5 100644
--- a/regression/strings/test_equal/test.desc
+++ b/regression/strings/test_equal/test.desc
@@ -1,8 +1,8 @@
 FUTURE
 test.c
---string-refine
+--refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
-^\[main.assertion.1\] assertion __CPROVER_string_equal\(s, __CPROVER_string_literal\("pippo"\)): SUCCESS$
-^\[main.assertion.2\] assertion __CPROVER_string_equal\(s, __CPROVER_string_literal\("mippo"\)): FAILURE$
+^\[.*.assertion.1\].* SUCCESS$
+^\[.*.assertion.2\].* FAILURE$
 --
diff --git a/regression/strings/test_index_of/test.desc b/regression/strings/test_index_of/test.desc
index edc8e09c4ed..a2c12c3d259 100644
--- a/regression/strings/test_index_of/test.desc
+++ b/regression/strings/test_index_of/test.desc
@@ -1,6 +1,6 @@
 FUTURE
 test.c
---string-refine
+--refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
 ^\[main.assertion.1\] assertion firstSlash == 3: SUCCESS$
diff --git a/regression/strings/test_int/test.desc b/regression/strings/test_int/test.desc
index 8d78e11e71b..fcce43ca76c 100644
--- a/regression/strings/test_int/test.desc
+++ b/regression/strings/test_int/test.desc
@@ -1,6 +1,6 @@
 FUTURE
 test.c
---string-refine
+--refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
 ^\[main.assertion.1\] assertion __CPROVER_char_at\(s,0\) == .1.: SUCCESS$
diff --git a/regression/strings/test_pass1/test.desc b/regression/strings/test_pass1/test.desc
index 9bb75eda5b6..f2f54e69921 100644
--- a/regression/strings/test_pass1/test.desc
+++ b/regression/strings/test_pass1/test.desc
@@ -1,6 +1,6 @@
 FUTURE
 test.c
---string-refine
+--refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
 ^\[main.assertion.1\] assertion __CPROVER_uninterpreted_string_equal_func\(t, __CPROVER_uninterpreted_string_literal_func\(\"a\"\)): SUCCESS
diff --git a/regression/strings/test_pass_pc3/test.desc b/regression/strings/test_pass_pc3/test.desc
index 3edb9f68f7a..f1f3d1618c8 100644
--- a/regression/strings/test_pass_pc3/test.desc
+++ b/regression/strings/test_pass_pc3/test.desc
@@ -1,6 +1,6 @@
 FUTURE
 test.c
---string-refine
+--refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
 ^\[main.assertion.1\] assertion __CPROVER_string_length\(s3\) == 0: FAILURE$
diff --git a/regression/strings/test_prefix/test.desc b/regression/strings/test_prefix/test.desc
index 6c62a2fa466..be0ed5dc69e 100644
--- a/regression/strings/test_prefix/test.desc
+++ b/regression/strings/test_prefix/test.desc
@@ -1,6 +1,6 @@
 FUTURE
 test.c
---string-refine
+--refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
 ^\[main.assertion.1\] assertion b: SUCCESS$
diff --git a/regression/strings/test_strlen/test.desc b/regression/strings/test_strlen/test.desc
index 30c3f4066ed..28ed1b7e698 100644
--- a/regression/strings/test_strlen/test.desc
+++ b/regression/strings/test_strlen/test.desc
@@ -1,6 +1,6 @@
 FUTURE
 test.c
---string-refine
+--refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
 ^\[main.assertion.1\] assertion len_s == len_t: SUCCESS$
diff --git a/regression/strings/test_substring/test.desc b/regression/strings/test_substring/test.desc
index a32376aca23..f0e4b5832b2 100644
--- a/regression/strings/test_substring/test.desc
+++ b/regression/strings/test_substring/test.desc
@@ -1,10 +1,10 @@
 FUTURE
 test.c
---string-refine
+--refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
-^\[main.assertion.1\] assertion __CPROVER_string_equal\(t,__CPROVER_string_literal\("cd"\)): SUCCESS$
-^\[main.assertion.2\] assertion __CPROVER_string_equal\(t,__CPROVER_string_literal\("cc"\)): FAILURE$
-^\[main.assertion.3\] assertion !__CPROVER_string_equal\(t,__CPROVER_string_literal\("bc"\)): SUCCESS$
-^\[main.assertion.4\] assertion !__CPROVER_string_equal\(t,__CPROVER_string_literal\("cd"\)): FAILURE$
+^\[.*assertion.1\].* SUCCESS$
+^\[.*assertion.2\].* FAILURE$
+^\[.*assertion.3\].* SUCCESS$
+^\[.*assertion.4\].* FAILURE$
 --
diff --git a/regression/strings/test_suffix/test.desc b/regression/strings/test_suffix/test.desc
index 9f425595434..e7e8c1e36be 100644
--- a/regression/strings/test_suffix/test.desc
+++ b/regression/strings/test_suffix/test.desc
@@ -1,6 +1,6 @@
 FUTURE
 test.c
---string-refine
+--refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
 ^\[main.assertion.1\] assertion __CPROVER_string_issuffix\(__CPROVER_string_literal\("po"\),s\): SUCCESS$

From 072e37412eef52f62a6ddcf62d6d7bd3541d4d8d Mon Sep 17 00:00:00 2001
From: Peter Schrammel <peter.schrammel@diffblue.com>
Date: Tue, 28 Mar 2017 17:53:51 +0100
Subject: [PATCH 145/699] Display dynamic object names as 'data' in JSON traces

Fixes diffblue/test-gen#147
---
 src/util/json_expr.cpp | 70 ++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 68 insertions(+), 2 deletions(-)

diff --git a/src/util/json_expr.cpp b/src/util/json_expr.cpp
index 77f58eb0e18..3b494ff9543 100644
--- a/src/util/json_expr.cpp
+++ b/src/util/json_expr.cpp
@@ -14,11 +14,67 @@ Author: Peter Schrammel
 #include "fixedbv.h"
 #include "std_expr.h"
 #include "config.h"
+#include "identifier.h"
 
 #include "json_expr.h"
 
 /*******************************************************************\
 
+Function: simplify_json_expr
+
+  Inputs:
+
+ Outputs:
+
+ Purpose:
+
+\*******************************************************************/
+
+static exprt simplify_json_expr(
+  const exprt &src,
+  const namespacet &ns)
+{
+  if(src.id()==ID_constant)
+  {
+    const typet &type=ns.follow(src.type());
+
+    if(type.id()==ID_pointer)
+    {
+      const irep_idt &value=to_constant_expr(src).get_value();
+
+      if(value!=ID_NULL &&
+         (value!=std::string(value.size(), '0') ||
+          !config.ansi_c.NULL_is_zero) &&
+         src.operands().size()==1 &&
+         src.op0().id()!=ID_constant)
+        // try to simplify the constant pointer
+        return simplify_json_expr(src.op0(), ns);
+    }
+  }
+  else if(src.id()==ID_address_of &&
+          src.operands().size()==1 &&
+          src.op0().id()==ID_member &&
+          id2string(to_member_expr(
+            src.op0()).get_component_name()).find("@")!=std::string::npos)
+  {
+    // simplify things of the form  &member_expr(object, @class_identifier)
+    return simplify_json_expr(src.op0(), ns);
+  }
+  else if(src.id()==ID_member &&
+          src.operands().size()==1 &&
+          id2string(
+            to_member_expr(src).get_component_name())
+              .find("@")!=std::string::npos)
+  {
+    // simplify things of the form  member_expr(object, @class_identifier)
+    return simplify_json_expr(src.op0(), ns);
+  }
+
+  return src;
+}
+
+/*******************************************************************\
+
 Function: json
 
   Inputs:
@@ -262,9 +318,19 @@ json_objectt json(
     else if(type.id()==ID_pointer)
     {
       result["name"]=json_stringt("pointer");
-      result["binary"]=json_stringt(expr.get_string(ID_value));
-      if(expr.get(ID_value)==ID_NULL)
+      exprt simpl_expr=simplify_json_expr(expr, ns);
+      if(simpl_expr.get(ID_value)==ID_NULL ||
+         // remove typecast on NULL
+         (simpl_expr.id()==ID_constant && simpl_expr.type().id()==ID_pointer &&
+          simpl_expr.op0().get(ID_value)==ID_NULL))
         result["data"]=json_stringt("NULL");
+      else if(simpl_expr.id()==ID_symbol)
+      {
+        const irep_idt &ptr_id=to_symbol_expr(simpl_expr).get_identifier();
+        identifiert identifier(id2string(ptr_id));
+        assert(!identifier.components.empty());
+        result["data"]=json_stringt(identifier.components.back());
+      }
     }
     else if(type.id()==ID_bool)
     {

From 2e62c6638312b619d464d4b4c6a6b29f24681f36 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Thu, 30 Mar 2017 09:13:33 +0100
Subject: [PATCH 146/699] New class for sparse vectors in util

Sparse vectors represent a 2^64 sized space while
allocating only space that is used.
---
 src/util/sparse_vector.h | 60 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 60 insertions(+)
 create mode 100644 src/util/sparse_vector.h

diff --git a/src/util/sparse_vector.h b/src/util/sparse_vector.h
new file mode 100644
index 00000000000..6c4e050b323
--- /dev/null
+++ b/src/util/sparse_vector.h
@@ -0,0 +1,60 @@
+/*******************************************************************\
+
+Module: Sparse Vectors
+
+Author: Romain Brenguier
+
+\*******************************************************************/
+
+#ifndef CPROVER_UTIL_SPARSE_VECTOR_H
+#define CPROVER_UTIL_SPARSE_VECTOR_H
+
+#include<cstdint>
+
+template<class T> class sparse_vectort
+{
+protected:
+  typedef std::map<uint64_t, T> underlyingt;
+  underlyingt underlying;
+  uint64_t _size;
+
+public:
+  sparse_vectort() :
+    _size(0) {}
+
+  const T &operator[](uint64_t idx) const
+  {
+    assert(idx<_size && "index out of range");
+    return underlying[idx];
+  }
+
+  T &operator[](uint64_t idx)
+  {
+    assert(idx<_size && "index out of range");
+    return underlying[idx];
+  }
+
+  uint64_t size() const
+  {
+    return _size;
+  }
+
+  void resize(uint64_t new_size)
+  {
+    assert(new_size>=_size && "sparse vector can't be shrunk (yet)");
+    _size=new_size;
+  }
+
+  typedef typename underlyingt::iterator iteratort;
+  typedef typename underlyingt::const_iterator const_iteratort;
+
+  iteratort begin() { return underlying.begin(); }
+  const_iteratort begin() const { return underlying.begin(); }
+
+  iteratort end() { return underlying.end(); }
+  const_iteratort end() const { return underlying.end(); }
+
+  const_iteratort find(uint64_t idx) { return underlying.find(idx); }
+};
+
+#endif // CPROVER_UTIL_SPARSE_VECTOR_H

From 5d2919b36e8ddcc57ddd00770491725d234d0be2 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Thu, 23 Mar 2017 10:19:41 +0000
Subject: [PATCH 147/699] Interpreter: switch to sparse vector memory map

This will allow large address reservations for unbounded-sized
objects, with actual cells allocated on demand.

Original patch:
From: Chris Smowton <chris@smowton.net>
Date: Tue, 21 Mar 2017 15:24:03 +0000
Subject: [PATCH 1/3] Interpreter: switch to sparse vector memory map
---
 src/goto-programs/interpreter.cpp          |  61 +++++--------
 src/goto-programs/interpreter_class.h      |  70 +++++++++++++--
 src/goto-programs/interpreter_evaluate.cpp | 100 ++++++++++++++++++---
 3 files changed, 176 insertions(+), 55 deletions(-)

diff --git a/src/goto-programs/interpreter.cpp b/src/goto-programs/interpreter.cpp
index 8d1565db914..555c50ff0d0 100644
--- a/src/goto-programs/interpreter.cpp
+++ b/src/goto-programs/interpreter.cpp
@@ -712,22 +712,24 @@ exprt interpretert::get_value(
     if(rhs[offset]<memory.size())
     {
       // We want the symbol pointed to
-      memory_cellt &cell=memory[integer2unsigned(rhs[offset])];
-      const typet type=get_type(cell.identifier);
+      std::size_t address=integer2size_t(rhs[offset]);
+      irep_idt identifier=address_to_identifier(address);
+      size_t offset=address_to_offset(address);
+      const typet type=get_type(identifier);
       exprt symbol_expr(ID_symbol, type);
-      symbol_expr.set(ID_identifier, cell.identifier);
+      symbol_expr.set(ID_identifier, identifier);
 
-      if(cell.offset==0)
+      if(offset==0)
         return address_of_exprt(symbol_expr);
       if(ns.follow(type).id()==ID_struct)
       {
-        irep_idt member_id=get_component_id(cell.identifier, cell.offset);
+        irep_idt member_id=get_component_id(identifier, offset);
         member_exprt member_expr(symbol_expr, member_id);
         return address_of_exprt(member_expr);
       }
       index_exprt index_expr(
         symbol_expr,
-        from_integer(cell.offset, integer_typet()));
+        from_integer(offset, integer_typet()));
       return index_expr;
     }
 
@@ -828,12 +830,13 @@ void interpretert::assign(
   {
     if((address+i)<memory.size())
     {
-      memory_cellt &cell=memory[integer2unsigned(address+i)];
+      std::size_t address_val=integer2size_t(address+i);
+      memory_cellt &cell=memory[address_val];
       if(show)
       {
         status() << total_steps << " ** assigning "
-                 << cell.identifier << "["
-                 << cell.offset << "]:=" << rhs[i]
+                 << address_to_identifier(address_val) << "["
+                 << address_to_offset(address_val) << "]:=" << rhs[i]
                  << "\n" << eom;
       }
       cell.value=rhs[i];
@@ -913,8 +916,9 @@ void interpretert::execute_function_call()
   // Retrieve the empty last trace step struct we pushed for this step
   // of the interpreter run to fill it with the corresponding data
   goto_trace_stept &trace_step=steps.get_last_step();
-  const memory_cellt &cell=memory[integer2size_t(a)];
-  const irep_idt &identifier=cell.identifier;
+  std::size_t address=integer2size_t(a);
+  const memory_cellt &cell=memory[address];
+  const irep_idt &identifier=address_to_identifier(address);
   trace_step.identifier=identifier;
 
   const goto_functionst::function_mapt::const_iterator f_it=
@@ -1020,9 +1024,7 @@ void interpretert::build_memory_map()
 {
   // put in a dummy for NULL
   memory.resize(1);
-  memory[0].offset=0;
-  memory[0].identifier="NULL-OBJECT";
-  memory[0].initialized=0;
+  inverse_memory_map[0]="NULL-OBJECT";
 
   num_dynamic_objects=0;
   dynamic_types.clear();
@@ -1062,18 +1064,10 @@ void interpretert::build_memory_map(const symbolt &symbol)
 
   if(size!=0)
   {
-    unsigned address=memory.size();
+    std::size_t address=memory.size();
     memory.resize(address+size);
     memory_map[symbol.name]=address;
-
-    for(size_t i=0; i<size; i++)
-    {
-      memory_cellt &cell=memory[address+i];
-      cell.identifier=symbol.name;
-      cell.offset=i;
-      cell.value=0;
-      cell.initialized=0;
-    }
+    inverse_memory_map[address]=symbol.name;
   }
 }
 
@@ -1136,12 +1130,10 @@ mp_integer interpretert::build_memory_map(
 
   if(it!=dynamic_types.end())
   {
-    unsigned offset=1;
-    unsigned address=memory_map[id];
-    while(memory[address+offset].offset>0) offset++;
-
+    std::size_t address=memory_map[id];
+    std::size_t current_size=base_address_to_alloc_size(address);
     // current size <= size already recorded
-    if(size<=offset)
+    if(size<=current_size)
       return memory_map[id];
   }
 
@@ -1151,19 +1143,12 @@ mp_integer interpretert::build_memory_map(
   if(size==0)
     size=1; // This is a hack to create existence
 
-  unsigned address=memory.size();
+  std::size_t address=memory.size();
   memory.resize(address+size);
   memory_map[id]=address;
+  inverse_memory_map[address]=id;
   dynamic_types.insert(std::pair<const irep_idt, typet>(id, alloc_type));
 
-  for(size_t i=0; i<size; i++)
-  {
-    memory_cellt &cell=memory[address+i];
-    cell.identifier=id;
-    cell.offset=i;
-    cell.value=0;
-    cell.initialized=0;
-  }
   return address;
 }
 
diff --git a/src/goto-programs/interpreter_class.h b/src/goto-programs/interpreter_class.h
index 83836eea072..8ea3ad620b2 100644
--- a/src/goto-programs/interpreter_class.h
+++ b/src/goto-programs/interpreter_class.h
@@ -12,6 +12,7 @@ Author: Daniel Kroening, kroening@kroening.com
 #include <stack>
 
 #include <util/arith_tools.h>
+#include <util/sparse_vector.h>
 
 #include "goto_functions.h"
 #include "goto_trace.h"
@@ -68,6 +69,9 @@ class interpretert:public messaget
   // List of dynamically allocated symbols that are not in the symbol table
   typedef std::map<irep_idt, typet> dynamic_typest;
 
+  typedef std::map<irep_idt, function_assignmentst> output_valuest;
+  output_valuest output_values;
+
   // An assignment list annotated with the calling context.
   struct function_assignments_contextt
   {
@@ -103,27 +107,78 @@ class interpretert:public messaget
 
   const goto_functionst &goto_functions;
 
-  typedef std::unordered_map<irep_idt, unsigned, irep_id_hash> memory_mapt;
+  typedef std::unordered_map<irep_idt, std::size_t, irep_id_hash> memory_mapt;
+  typedef std::map<std::size_t, irep_idt> inverse_memory_mapt;
   memory_mapt memory_map;
+  inverse_memory_mapt inverse_memory_map;
+
+  const inverse_memory_mapt::value_type &address_to_object_record(
+    std::size_t address) const
+  {
+    auto lower_bound=inverse_memory_map.lower_bound(address);
+    if(lower_bound->first!=address)
+    {
+      assert(lower_bound!=inverse_memory_map.begin());
+      --lower_bound;
+    }
+    return *lower_bound;
+  }
+
+  irep_idt address_to_identifier(std::size_t address) const
+  {
+    return address_to_object_record(address).second;
+  }
+
+  std::size_t address_to_offset(std::size_t address) const
+  {
+    return address-(address_to_object_record(address).first);
+  }
+
+  std::size_t base_address_to_alloc_size(std::size_t address) const
+  {
+    assert(address_to_offset(address)==0);
+    auto upper_bound=inverse_memory_map.upper_bound(address);
+    std::size_t next_alloc_address=
+      upper_bound==inverse_memory_map.end() ?
+      memory.size() :
+      upper_bound->first;
+    return next_alloc_address-address;
+  }
+
+  std::size_t base_address_to_actual_size(std::size_t address) const
+  {
+    auto memory_iter=memory.find(address);
+    if(memory_iter==memory.end())
+      return 0;
+    std::size_t ret=0;
+    std::size_t alloc_size=base_address_to_alloc_size(address);
+    while(memory_iter!=memory.end() && ret<alloc_size)
+    {
+      ++ret;
+      ++memory_iter;
+    }
+    return ret;
+  }
 
   class memory_cellt
   {
   public:
-    irep_idt identifier;
-    unsigned offset;
+    memory_cellt() :
+    value(0),
+    initialized(0)
+    {}
     mp_integer value;
     // Initialized is annotated even during reads
     // Set to 1 when written-before-read, -1 when read-before-written
     mutable char initialized;
   };
 
-  typedef std::vector<memory_cellt> memoryt;
+  typedef sparse_vectort<memory_cellt> memoryt;
   typedef std::map<std::string, const irep_idt &> parameter_sett;
   // mapping <structure, field> -> value
   typedef std::pair<const irep_idt, const irep_idt> struct_member_idt;
   typedef std::map<struct_member_idt, const exprt> struct_valuest;
 
-
   //  The memory is being annotated/reshaped even during reads
   //  (ie to find a read-before-write location) thus memory
   //  properties need to be mutable to avoid making all calls nonconst
@@ -135,6 +190,7 @@ class interpretert:public messaget
   void build_memory_map(const symbolt &symbol);
   mp_integer build_memory_map(const irep_idt &id, const typet &type);
   typet concretize_type(const typet &type);
+  bool unbounded_size(const typet &);
   size_t get_size(const typet &type);
 
   irep_idt get_component_id(const irep_idt &object, unsigned offset);
@@ -169,6 +225,10 @@ class interpretert:public messaget
     mp_integer address,
     mp_vectort &dest) const;
 
+  void read_unbounded(
+    mp_integer address,
+    mp_vectort &dest) const;
+
   virtual void command();
 
   class stack_framet
diff --git a/src/goto-programs/interpreter_evaluate.cpp b/src/goto-programs/interpreter_evaluate.cpp
index 712d4b9d807..f285328aedd 100644
--- a/src/goto-programs/interpreter_evaluate.cpp
+++ b/src/goto-programs/interpreter_evaluate.cpp
@@ -54,6 +54,34 @@ void interpretert::read(
   }
 }
 
+void interpretert::read_unbounded(
+  mp_integer address,
+  mp_vectort &dest) const
+{
+  // copy memory region
+  std::size_t address_val=integer2size_t(address);
+  const std::size_t offset=address_to_offset(address_val);
+  const std::size_t alloc_size=
+    base_address_to_actual_size(address_val-offset);
+  const std::size_t to_read=alloc_size-offset;
+  for(size_t i=0; i<to_read; i++)
+  {
+    mp_integer value;
+
+    if((address+i)<memory.size())
+    {
+      const memory_cellt &cell=memory[integer2size_t(address+i)];
+      value=cell.value;
+      if(cell.initialized==0)
+        cell.initialized=-1;
+    }
+    else
+      value=0;
+
+    dest.push_back(value);
+  }
+}
+
 /*******************************************************************\
 
 Function: interpretert::allocate
@@ -96,10 +124,10 @@ Function: interpretert::clear_input_flags
 
 void interpretert::clear_input_flags()
 {
-  for(const memory_cellt &cell : memory)
+  for(auto &cell : memory)
   {
-    if(cell.initialized>0)
-      cell.initialized=0;
+    if(cell.second.initialized>0)
+      cell.second.initialized=0;
   }
 }
 
@@ -441,7 +469,8 @@ void interpretert::evaluate(
   }
   else if(expr.id()==ID_struct)
   {
-    dest.reserve(get_size(expr.type()));
+    if(!unbounded_size(expr.type()))
+      dest.reserve(get_size(expr.type()));
     bool error=false;
 
     forall_operands(it, expr)
@@ -456,9 +485,9 @@ void interpretert::evaluate(
       mp_vectort tmp;
       evaluate(*it, tmp);
 
-      if(tmp.size()==sub_size)
+      if(unbounded_size(it->type()) || tmp.size()==sub_size)
       {
-        for(size_t i=0; i<sub_size; i++)
+        for(size_t i=0; i<tmp.size(); i++)
           dest.push_back(tmp[i]);
       }
       else
@@ -892,10 +921,10 @@ void interpretert::evaluate(
       mp_integer address=result[0];
       if(address>0 && address<memory.size())
       {
-        const auto &memory_record=memory[integer2unsigned(address)];
-        auto obj_type=get_type(memory_record.identifier);
+        std::size_t address_val=integer2size_t(address);
+        auto obj_type=get_type(address_to_identifier(address_val));
 
-        mp_integer offset=memory_record.offset;
+        mp_integer offset=address_to_offset(address_val);
         mp_integer byte_offset;
         if(!memory_offset_to_byte_offset(obj_type, offset, byte_offset))
           dest.push_back(byte_offset);
@@ -990,8 +1019,15 @@ void interpretert::evaluate(
     }
     else if(!address.is_zero())
     {
-      dest.resize(get_size(expr.type()));
-      read(address, dest);
+      if(!unbounded_size(expr.type()))
+      {
+        dest.resize(get_size(expr.type()));
+        read(address, dest);
+      }
+      else
+      {
+        read_unbounded(address, dest);
+      }
       return;
     }
   }
@@ -1033,7 +1069,7 @@ void interpretert::evaluate(
       }
     }
   }
-  else if((expr.id()==ID_array) || (expr.id()==ID_array_of))
+  else if(expr.id()==ID_array)
   {
     forall_operands(it, expr)
     {
@@ -1041,6 +1077,46 @@ void interpretert::evaluate(
     }
     return;
   }
+  else if(expr.id()==ID_array_of)
+  {
+    const auto &ty=to_array_type(expr.type());
+    std::vector<mp_integer> size;
+    if(ty.size().id()==ID_infinity)
+      size.push_back(0);
+    else
+      evaluate(ty.size(), size);
+    if(size.size()==1)
+    {
+      std::size_t size_int=integer2size_t(size[0]);
+      for(std::size_t i=0; i<size_int; ++i)
+        evaluate(expr.op0(), dest);
+      return;
+    }
+  }
+  else if(expr.id()==ID_with)
+  {
+    const auto &wexpr=to_with_expr(expr);
+    evaluate(wexpr.old(), dest);
+    std::vector<mp_integer> where;
+    std::vector<mp_integer> new_value;
+    evaluate(wexpr.where(), where);
+    evaluate(wexpr.new_value(), new_value);
+    const auto &subtype=expr.type().subtype();
+    if(!new_value.empty() && where.size()==1 && !unbounded_size(subtype))
+    {
+      // Ignore indices < 0, which the string solver sometimes produces
+      if(where[0]<0)
+        return;
+      std::size_t where_idx=integer2size_t(where[0]);
+      std::size_t subtype_size=get_size(subtype);
+      std::size_t need_size=(where_idx+1)*subtype_size;
+      if(dest.size()<need_size)
+        dest.resize(need_size, 0);
+      for(std::size_t i=0; i<new_value.size(); ++i)
+        dest[(where_idx*subtype_size)+i]=new_value[i];
+      return;
+    }
+  }
   else if(expr.id()==ID_nil)
   {
     dest.push_back(0);

From 1b97f3dbc9801c627e9526df47cd7e20fb9091c7 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Thu, 23 Mar 2017 11:15:30 +0000
Subject: [PATCH 148/699] Add support for unbounded-size objects

They get allocated 2^32 address space each (of a 2^64 sized space)
using the sparse-vector memory representation to keep the actual
storage requirements sensible.

Original patch:
From: Chris Smowton <chris@smowton.net>
Date: Tue, 21 Mar 2017 17:13:43 +0000
Subject: [PATCH 2/3] Add support for unbounded-size objects

Corrected linting issues

Using empty, and comments on get_size
---
 src/goto-programs/interpreter.cpp | 77 +++++++++++++++++++++++++------
 1 file changed, 62 insertions(+), 15 deletions(-)

diff --git a/src/goto-programs/interpreter.cpp b/src/goto-programs/interpreter.cpp
index 555c50ff0d0..ff61e53b615 100644
--- a/src/goto-programs/interpreter.cpp
+++ b/src/goto-programs/interpreter.cpp
@@ -597,16 +597,25 @@ exprt interpretert::get_value(
     exprt result=array_exprt(to_array_type(real_type));
     const exprt &size_expr=static_cast<const exprt &>(type.find(ID_size));
     size_t subtype_size=get_size(type.subtype());
-    mp_integer mp_count;
-    to_integer(size_expr, mp_count);
-    unsigned count=integer2unsigned(mp_count);
+    std::size_t count;
+    if(size_expr.id()!=ID_constant)
+    {
+      count=base_address_to_actual_size(offset)/subtype_size;
+    }
+    else
+    {
+      mp_integer mp_count;
+      to_integer(size_expr, mp_count);
+      count=integer2size_t(mp_count);
+    }
 
     // Retrieve the value for each member in the array
     result.reserve_operands(count);
     for(unsigned i=0; i<count; i++)
     {
-      const exprt operand=get_value(type.subtype(),
-          offset+i*subtype_size);
+      const exprt operand=get_value(
+        type.subtype(),
+        offset+i*subtype_size);
       result.copy_to_operands(operand);
     }
     return result;
@@ -663,9 +672,17 @@ exprt interpretert::get_value(
 
     // Get size of array
     size_t subtype_size=get_size(type.subtype());
-    mp_integer mp_count;
-    to_integer(size_expr, mp_count);
-    unsigned count=integer2unsigned(mp_count);
+    unsigned count;
+    if(unbounded_size(type))
+    {
+      count=base_address_to_actual_size(offset)/subtype_size;
+    }
+    else
+    {
+      mp_integer mp_count;
+      to_integer(size_expr, mp_count);
+      count=integer2unsigned(mp_count);
+    }
 
     // Retrieve the value for each member in the array
     result.reserve_operands(count);
@@ -917,7 +934,9 @@ void interpretert::execute_function_call()
   // of the interpreter run to fill it with the corresponding data
   goto_trace_stept &trace_step=steps.get_last_step();
   std::size_t address=integer2size_t(a);
+#if 0
   const memory_cellt &cell=memory[address];
+#endif
   const irep_idt &identifier=address_to_identifier(address);
   trace_step.identifier=identifier;
 
@@ -1113,7 +1132,7 @@ Function: interpretert::build_memory_map
 
   Inputs:
 
- Outputs: Updtaes the memory map to include variable id if it does
+ Outputs: Updates the memory map to include variable id if it does
           not exist
 
  Purpose: Populates dynamic entries of the memory map
@@ -1152,20 +1171,45 @@ mp_integer interpretert::build_memory_map(
   return address;
 }
 
+bool interpretert::unbounded_size(const typet &type)
+{
+  if(type.id()==ID_array)
+  {
+    const exprt &size=to_array_type(type).size();
+    if(size.id()==ID_infinity)
+      return true;
+    return unbounded_size(type.subtype());
+  }
+  else if(type.id()==ID_struct)
+  {
+    const auto &st=to_struct_type(type);
+    if(st.components().empty())
+      return false;
+    return unbounded_size(st.components().back().type());
+  }
+  return false;
+}
+
 /*******************************************************************\
 
 Function: interpretert::get_size
 
   Inputs:
+    type - a structured type
 
- Outputs:
+ Outputs: Size of the given type
 
- Purpose: Retrieves the actual size of the provided structured type
+ Purpose: Retrieves the actual size of the provided structured type.
+          Unbounded objects get allocated 2^32 address space each
+          (of a 2^64 sized space).
 
 \*******************************************************************/
 
 size_t interpretert::get_size(const typet &type)
 {
+  if(unbounded_size(type))
+    return 2ULL << 32ULL;
+
   if(type.id()==ID_struct)
   {
     const struct_typet::componentst &components=
@@ -1253,7 +1297,7 @@ exprt interpretert::get_value(const irep_idt &id)
   symbol_exprt symbol_expr(id, get_type);
   mp_integer whole_lhs_object_address=evaluate_address(symbol_expr);
 
-  return get_value(get_type, integer2unsigned(whole_lhs_object_address));
+  return get_value(get_type, integer2size_t(whole_lhs_object_address));
 }
 
 /*******************************************************************\
@@ -1295,10 +1339,13 @@ Function: interpretert::print_memory
 
 void interpretert::print_memory(bool input_flags)
 {
-  for(size_t i=0; i<memory.size(); i++)
+  for(const auto &cell_address : memory)
   {
-    memory_cellt &cell=memory[i];
-    debug() << cell.identifier << "[" << cell.offset << "]"
+    std::size_t i=cell_address.first;
+    const memory_cellt &cell=cell_address.second;
+    const auto identifier=address_to_identifier(i);
+    const auto offset=address_to_offset(i);
+    debug() << identifier << "[" << offset << "]"
             << "=" << cell.value << eom;
     if(input_flags)
       debug() << "(" << static_cast<int>(cell.initialized) << ")"

From a5f773923a7a9ae3c294e0258fada17f8c5de5a6 Mon Sep 17 00:00:00 2001
From: Lucas Cordeiro <lucasccordeiro@gmail.com>
Date: Mon, 6 Mar 2017 09:46:38 +0000
Subject: [PATCH 149/699] set internal for specific variables in the
 counterexample trace for test-gen-support

set internal for variable assignments related to dynamic_object[0-9],
dynamic_[0-9]_array, _start function-return step, and CPROVER
internal functions (e.g., __CPROVER_initialize). This PR fixes
diffblue/test-gen#20.
---
 src/goto-symex/build_goto_trace.cpp | 82 +++++++++++++++++++++++++++++
 1 file changed, 82 insertions(+)

diff --git a/src/goto-symex/build_goto_trace.cpp b/src/goto-symex/build_goto_trace.cpp
index 0e0a6f07dad..1221154d6a3 100644
--- a/src/goto-symex/build_goto_trace.cpp
+++ b/src/goto-symex/build_goto_trace.cpp
@@ -132,6 +132,85 @@ exprt adjust_lhs_object(
 
 /*******************************************************************\
 
+Function: hide_dynamic_object
+
+  Inputs:
+
+ Outputs:
+
+ Purpose: hide variable assignments related to dynamic_object[0-9]
+          and dynamic_[0-9]_array.
+
+\*******************************************************************/
+
+void hide_dynamic_object(
+  const exprt &expr,
+  goto_trace_stept &goto_trace_step,
+  const namespacet &ns)
+{
+  if(expr.id()==ID_symbol)
+  {
+    const irep_idt &id=to_ssa_expr(expr).get_original_name();
+    const symbolt *symbol;
+    if(!ns.lookup(id, symbol))
+    {
+      bool result=symbol->type.get_bool("#dynamic");
+      if(result)
+        goto_trace_step.hidden=true;
+    }
+  }
+  else
+  {
+    forall_operands(it, expr)
+      hide_dynamic_object(*it, goto_trace_step, ns);
+  }
+}
+
+/*******************************************************************\
+
+Function: update_fields_to_hidden
+
+  Inputs:
+
+ Outputs:
+
+ Purpose: hide variables assignments related to dynamic_object
+          and CPROVER internal functions (e.g., __CPROVER_initialize)
+
+\*******************************************************************/
+
+void update_fields_to_hidden(
+  const symex_target_equationt::SSA_stept &SSA_step,
+  goto_trace_stept &goto_trace_step,
+  const namespacet &ns)
+{
+  // hide dynamic_object in both lhs and rhs expressions
+  hide_dynamic_object(SSA_step.ssa_lhs, goto_trace_step, ns);
+  hide_dynamic_object(SSA_step.ssa_rhs, goto_trace_step, ns);
+
+  // hide internal CPROVER functions (e.g., __CPROVER_initialize)
+  if(SSA_step.is_function_call())
+  {
+    if(SSA_step.source.pc->source_location.as_string().empty())
+      goto_trace_step.hidden=true;
+  }
+
+  // hide input and output steps
+  if(goto_trace_step.type==goto_trace_stept::OUTPUT ||
+      goto_trace_step.type==goto_trace_stept::INPUT)
+  {
+    goto_trace_step.hidden=true;
+  }
+
+  // set internal field to _start function-return step
+  if(SSA_step.source.pc->function==goto_functionst::entry_point())
+  {
+    goto_trace_step.internal=true;
+  }
+}
+
+/*******************************************************************\
+
 Function: build_goto_trace
 
   Inputs:
@@ -237,6 +316,9 @@ void build_goto_trace(
     goto_trace_step.formatted=SSA_step.formatted;
     goto_trace_step.identifier=SSA_step.identifier;
 
+    // hide specific variables in the counterexample trace
+    update_fields_to_hidden(SSA_step, goto_trace_step, ns);
+
     goto_trace_step.assignment_type=
       (it->is_assignment()&&
        (SSA_step.assignment_type==symex_targett::VISIBLE_ACTUAL_PARAMETER ||

From 508131009310a717346ea40c1402d60e73fe8b18 Mon Sep 17 00:00:00 2001
From: Lucas Cordeiro <lucasccordeiro@gmail.com>
Date: Tue, 28 Mar 2017 16:00:35 +0100
Subject: [PATCH 150/699] added internal field to json output

Added internal field to json output so that we set it to tru
as we find some specific variable that is not supposed to be
shown in the counterexample trace.
---
 src/goto-programs/goto_trace.h        |  4 +++
 src/goto-programs/json_goto_trace.cpp |  6 +++++
 src/goto-symex/build_goto_trace.cpp   | 39 ++++++++++++++-------------
 3 files changed, 30 insertions(+), 19 deletions(-)

diff --git a/src/goto-programs/goto_trace.h b/src/goto-programs/goto_trace.h
index a669fac5e6b..dc270863894 100644
--- a/src/goto-programs/goto_trace.h
+++ b/src/goto-programs/goto_trace.h
@@ -63,6 +63,9 @@ class goto_trace_stept
   // we may choose to hide a step
   bool hidden;
 
+  // this is related to an internal expression
+  bool internal;
+
   // we categorize
   typedef enum { STATE, ACTUAL_PARAMETER } assignment_typet;
   assignment_typet assignment_type;
@@ -107,6 +110,7 @@ class goto_trace_stept
     step_nr(0),
     type(NONE),
     hidden(false),
+    internal(false),
     assignment_type(STATE),
     thread_nr(0),
     cond_value(false),
diff --git a/src/goto-programs/json_goto_trace.cpp b/src/goto-programs/json_goto_trace.cpp
index da6590fe2de..3dca95bc93b 100644
--- a/src/goto-programs/json_goto_trace.cpp
+++ b/src/goto-programs/json_goto_trace.cpp
@@ -68,6 +68,7 @@ void convert(
 
         json_failure["stepType"]=json_stringt("failure");
         json_failure["hidden"]=jsont::json_boolean(step.hidden);
+        json_failure["internal"]=jsont::json_boolean(step.internal);
         json_failure["thread"]=json_numbert(std::to_string(step.thread_nr));
         json_failure["reason"]=json_stringt(id2string(step.comment));
         json_failure["property"]=json_stringt(id2string(property_id));
@@ -118,6 +119,7 @@ void convert(
         json_assignment["value"]=full_lhs_value;
         json_assignment["lhs"]=json_stringt(full_lhs_string);
         json_assignment["hidden"]=jsont::json_boolean(step.hidden);
+        json_assignment["internal"]=jsont::json_boolean(step.internal);
         json_assignment["thread"]=json_numbert(std::to_string(step.thread_nr));
 
         json_assignment["assignmentType"]=
@@ -132,6 +134,7 @@ void convert(
 
         json_output["stepType"]=json_stringt("output");
         json_output["hidden"]=jsont::json_boolean(step.hidden);
+        json_output["internal"]=jsont::json_boolean(step.internal);
         json_output["thread"]=json_numbert(std::to_string(step.thread_nr));
         json_output["outputID"]=json_stringt(id2string(step.io_id));
 
@@ -156,6 +159,7 @@ void convert(
 
         json_input["stepType"]=json_stringt("input");
         json_input["hidden"]=jsont::json_boolean(step.hidden);
+        json_input["internal"]=jsont::json_boolean(step.internal);
         json_input["thread"]=json_numbert(std::to_string(step.thread_nr));
         json_input["inputID"]=json_stringt(id2string(step.io_id));
 
@@ -184,6 +188,7 @@ void convert(
 
         json_call_return["stepType"]=json_stringt(tag);
         json_call_return["hidden"]=jsont::json_boolean(step.hidden);
+        json_call_return["internal"]=jsont::json_boolean(step.internal);
         json_call_return["thread"]=json_numbert(std::to_string(step.thread_nr));
 
         const symbolt &symbol=ns.lookup(step.identifier);
@@ -207,6 +212,7 @@ void convert(
           json_objectt &json_location_only=dest_array.push_back().make_object();
           json_location_only["stepType"]=json_stringt("location-only");
           json_location_only["hidden"]=jsont::json_boolean(step.hidden);
+          json_location_only["internal"]=jsont::json_boolean(step.internal);
           json_location_only["thread"]=
             json_numbert(std::to_string(step.thread_nr));
           json_location_only["sourceLocation"]=json_location;
diff --git a/src/goto-symex/build_goto_trace.cpp b/src/goto-symex/build_goto_trace.cpp
index 1221154d6a3..1cbb442497a 100644
--- a/src/goto-symex/build_goto_trace.cpp
+++ b/src/goto-symex/build_goto_trace.cpp
@@ -132,18 +132,18 @@ exprt adjust_lhs_object(
 
 /*******************************************************************\
 
-Function: hide_dynamic_object
+Function: set_internal_dynamic_object
 
   Inputs:
 
  Outputs:
 
- Purpose: hide variable assignments related to dynamic_object[0-9]
-          and dynamic_[0-9]_array.
+ Purpose: set internal field for variable assignment related to
+          dynamic_object[0-9] and dynamic_[0-9]_array.
 
 \*******************************************************************/
 
-void hide_dynamic_object(
+void set_internal_dynamic_object(
   const exprt &expr,
   goto_trace_stept &goto_trace_step,
   const namespacet &ns)
@@ -156,50 +156,51 @@ void hide_dynamic_object(
     {
       bool result=symbol->type.get_bool("#dynamic");
       if(result)
-        goto_trace_step.hidden=true;
+        goto_trace_step.internal=true;
     }
   }
   else
   {
     forall_operands(it, expr)
-      hide_dynamic_object(*it, goto_trace_step, ns);
+      set_internal_dynamic_object(*it, goto_trace_step, ns);
   }
 }
 
 /*******************************************************************\
 
-Function: update_fields_to_hidden
+Function: update_internal_field
 
   Inputs:
 
  Outputs:
 
- Purpose: hide variables assignments related to dynamic_object
-          and CPROVER internal functions (e.g., __CPROVER_initialize)
+ Purpose: set internal for variables assignments related to
+          dynamic_object and CPROVER internal functions
+          (e.g., __CPROVER_initialize)
 
 \*******************************************************************/
 
-void update_fields_to_hidden(
+void update_internal_field(
   const symex_target_equationt::SSA_stept &SSA_step,
   goto_trace_stept &goto_trace_step,
   const namespacet &ns)
 {
-  // hide dynamic_object in both lhs and rhs expressions
-  hide_dynamic_object(SSA_step.ssa_lhs, goto_trace_step, ns);
-  hide_dynamic_object(SSA_step.ssa_rhs, goto_trace_step, ns);
+  // set internal for dynamic_object in both lhs and rhs expressions
+  set_internal_dynamic_object(SSA_step.ssa_lhs, goto_trace_step, ns);
+  set_internal_dynamic_object(SSA_step.ssa_rhs, goto_trace_step, ns);
 
-  // hide internal CPROVER functions (e.g., __CPROVER_initialize)
+  // set internal field to CPROVER functions (e.g., __CPROVER_initialize)
   if(SSA_step.is_function_call())
   {
     if(SSA_step.source.pc->source_location.as_string().empty())
-      goto_trace_step.hidden=true;
+      goto_trace_step.internal=true;
   }
 
-  // hide input and output steps
+  // set internal field to input and output steps
   if(goto_trace_step.type==goto_trace_stept::OUTPUT ||
       goto_trace_step.type==goto_trace_stept::INPUT)
   {
-    goto_trace_step.hidden=true;
+    goto_trace_step.internal=true;
   }
 
   // set internal field to _start function-return step
@@ -316,8 +317,8 @@ void build_goto_trace(
     goto_trace_step.formatted=SSA_step.formatted;
     goto_trace_step.identifier=SSA_step.identifier;
 
-    // hide specific variables in the counterexample trace
-    update_fields_to_hidden(SSA_step, goto_trace_step, ns);
+    // update internal field for specific variables in the counterexample
+    update_internal_field(SSA_step, goto_trace_step, ns);
 
     goto_trace_step.assignment_type=
       (it->is_assignment()&&

From 9ddfb302aa9eef8bc3597a6deefbd5d0103e5905 Mon Sep 17 00:00:00 2001
From: Joel Allred <joel.allred@diffblue.com>
Date: Fri, 31 Mar 2017 14:02:16 +0100
Subject: [PATCH 151/699] Add includes to sparse_vector.h

Fixes a build issue with testgen
---
 src/util/sparse_vector.h | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/util/sparse_vector.h b/src/util/sparse_vector.h
index 6c4e050b323..193e9a68a01 100644
--- a/src/util/sparse_vector.h
+++ b/src/util/sparse_vector.h
@@ -9,7 +9,9 @@ Author: Romain Brenguier
 #ifndef CPROVER_UTIL_SPARSE_VECTOR_H
 #define CPROVER_UTIL_SPARSE_VECTOR_H
 
-#include<cstdint>
+#include <cstdint>
+#include <map>
+#include <assert.h>
 
 template<class T> class sparse_vectort
 {

From 6c1f70074bdb7754d35ca5164c24c0469e82e5e4 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Fri, 17 Mar 2017 13:08:37 +0000
Subject: [PATCH 152/699] Adding options to cbmc for parameters of the string
 solver

We add the options string-max-length, string-non-empty, and string-printable
---
 src/cbmc/cbmc_parse_options.cpp |  8 ++++++++
 src/cbmc/cbmc_parse_options.h   |  2 +-
 src/cbmc/cbmc_solvers.cpp       | 10 ++++++++++
 3 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/src/cbmc/cbmc_parse_options.cpp b/src/cbmc/cbmc_parse_options.cpp
index 1f49653c644..5af90c00b79 100644
--- a/src/cbmc/cbmc_parse_options.cpp
+++ b/src/cbmc/cbmc_parse_options.cpp
@@ -320,6 +320,11 @@ void cbmc_parse_optionst::get_command_line_options(optionst &options)
   if(cmdline.isset("refine-strings"))
   {
     options.set_option("refine-strings", true);
+    options.set_option("string-non-empty", cmdline.isset("string-non-empty"));
+    options.set_option("string-printable", cmdline.isset("string-printable"));
+    if(cmdline.isset("string-max-length"))
+      options.set_option(
+        "string-max-length", cmdline.get_value("string-max-length"));
   }
 
   if(cmdline.isset("max-node-refinement"))
@@ -1207,6 +1212,9 @@ void cbmc_parse_optionst::help()
     " --z3                         use Z3\n"
     " --refine                     use refinement procedure (experimental)\n"
     " --refine-strings             use string refinement (experimental)\n"
+    " --string-non-empty           add constraint that strings are non empty (experimental)\n" // NOLINT(*)
+    " --string-printable           add constraint that strings are printable (experimental)\n" // NOLINT(*)
+    " --string-max-length          add constraint on the length of strings (experimental)\n" // NOLINT(*)
     " --outfile filename           output formula to given file\n"
     " --arrays-uf-never            never turn arrays into uninterpreted functions\n" // NOLINT(*)
     " --arrays-uf-always           always turn arrays into uninterpreted functions\n" // NOLINT(*)
diff --git a/src/cbmc/cbmc_parse_options.h b/src/cbmc/cbmc_parse_options.h
index b3225951b3b..4bdc07a6278 100644
--- a/src/cbmc/cbmc_parse_options.h
+++ b/src/cbmc/cbmc_parse_options.h
@@ -38,7 +38,7 @@ class optionst;
   "(no-sat-preprocessor)" \
   "(no-pretty-names)(beautify)" \
   "(dimacs)(refine)(max-node-refinement):(refine-arrays)(refine-arithmetic)"\
-  "(refine-strings)" \
+  "(refine-strings)(string-non-empty)(string-printable)(string-max-length):" \
   "(aig)(16)(32)(64)(LP64)(ILP64)(LLP64)(ILP32)(LP32)" \
   "(little-endian)(big-endian)" \
   "(show-goto-functions)(show-loops)" \
diff --git a/src/cbmc/cbmc_solvers.cpp b/src/cbmc/cbmc_solvers.cpp
index a72546a8d0c..dace046cc17 100644
--- a/src/cbmc/cbmc_solvers.cpp
+++ b/src/cbmc/cbmc_solvers.cpp
@@ -232,6 +232,16 @@ cbmc_solverst::solvert* cbmc_solverst::get_string_refinement()
   string_refinementt *string_refinement=new string_refinementt(
     ns, *prop, MAX_NB_REFINEMENT);
   string_refinement->set_ui(ui);
+
+  string_refinement->do_concretizing=options.get_bool_option("trace");
+  if(options.get_bool_option("string-max-length"))
+    string_refinement->set_max_string_length(
+      options.get_signed_int_option("string-max-length"));
+  if(options.get_bool_option("string-non-empty"))
+    string_refinement->enforce_non_empty_string();
+  if(options.get_bool_option("string-printable"))
+    string_refinement->enforce_printable_characters();
+
   return new solvert(string_refinement, prop);
 }
 

From d5c6ac636f5416bbe1a9bb8095772d6b65e6ecc1 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Fri, 17 Mar 2017 12:59:51 +0000
Subject: [PATCH 153/699] Added option to the string solver for string length
 and printability

Added field in string_refinement and string_constraint_generator to
bound size of strings in the program and enforce a range on the
characters.
---
 .../refinement/string_constraint_generator.h  |  13 +-
 .../string_constraint_generator_concat.cpp    |   3 +-
 .../string_constraint_generator_main.cpp      |  56 +++++--
 src/solvers/refinement/string_refinement.cpp  | 144 ++++++++++++++----
 src/solvers/refinement/string_refinement.h    |  14 +-
 5 files changed, 184 insertions(+), 46 deletions(-)

diff --git a/src/solvers/refinement/string_constraint_generator.h b/src/solvers/refinement/string_constraint_generator.h
index 12447e0cf04..d8f3f17326e 100644
--- a/src/solvers/refinement/string_constraint_generator.h
+++ b/src/solvers/refinement/string_constraint_generator.h
@@ -26,9 +26,17 @@ class string_constraint_generatort
   // to the axiom list.
 
   string_constraint_generatort():
-    mode(ID_unknown)
+    mode(ID_unknown),
+    max_string_length(-1),
+    force_printable_characters(false)
   { }
 
+  // Constraints on the maximal length of strings
+  int max_string_length;
+
+  // Should we add constraints on the characters
+  bool force_printable_characters;
+
   void set_mode(irep_idt _mode)
   {
     // only C and java modes supported
@@ -74,6 +82,8 @@ class string_constraint_generatort
   // Maps unresolved symbols to the string_exprt that was created for them
   std::map<irep_idt, string_exprt> unresolved_symbols;
 
+  // Set of strings that have been created by the generator
+  std::set<string_exprt> created_strings;
 
   string_exprt find_or_add_string_of_symbol(
     const symbol_exprt &sym,
@@ -100,6 +110,7 @@ class string_constraint_generatort
 
   static irep_idt extract_java_string(const symbol_exprt &s);
 
+  void add_default_axioms(const string_exprt &s);
   exprt axiom_for_is_positive_index(const exprt &x);
 
   // The following functions add axioms for the returned value
diff --git a/src/solvers/refinement/string_constraint_generator_concat.cpp b/src/solvers/refinement/string_constraint_generator_concat.cpp
index fb8e24d5320..eb841cc5b04 100644
--- a/src/solvers/refinement/string_constraint_generator_concat.cpp
+++ b/src/solvers/refinement/string_constraint_generator_concat.cpp
@@ -35,7 +35,8 @@ string_exprt string_constraint_generatort::add_axioms_for_concat(
   // a4 : forall i<|s1|. res[i]=s1[i]
   // a5 : forall i<|s2|. res[i+|s1|]=s2[i]
 
-  res.length()=plus_exprt_with_overflow_check(s1.length(), s2.length());
+  equal_exprt a1(res.length(), plus_exprt_with_overflow_check(s1.length(), s2.length()));
+  axioms.push_back(a1);
   axioms.push_back(s1.axiom_for_is_shorter_than(res));
   axioms.push_back(s2.axiom_for_is_shorter_than(res));
 
diff --git a/src/solvers/refinement/string_constraint_generator_main.cpp b/src/solvers/refinement/string_constraint_generator_main.cpp
index e4292da542b..f081ac26f47 100644
--- a/src/solvers/refinement/string_constraint_generator_main.cpp
+++ b/src/solvers/refinement/string_constraint_generator_main.cpp
@@ -173,10 +173,11 @@ Function: string_constraint_generatort::fresh_string
 string_exprt string_constraint_generatort::fresh_string(
   const refined_string_typet &type)
 {
-  symbol_exprt length=
-    fresh_symbol("string_length", type.get_index_type());
+  symbol_exprt length=fresh_symbol("string_length", type.get_index_type());
   symbol_exprt content=fresh_symbol("string_content", type.get_content_type());
-  return string_exprt(length, content, type);
+  string_exprt str(length, content, type);
+  created_strings.insert(str);
+  return str;
 }
 
 /*******************************************************************\
@@ -246,6 +247,45 @@ string_exprt string_constraint_generatort::convert_java_string_to_string_exprt(
 
 /*******************************************************************\
 
+Function: string_constraint_generatort::add_default_constraints
+
+  Inputs:
+    s - a string expression
+
+ Outputs: a string expression that is linked to the argument through
+          axioms that are added to the list
+
+ Purpose: adds standard axioms about the length of the string and
+          its content:
+          * its length should be positive
+          * it should not exceed max_string_length
+          * if force_printable_characters is true then all characters
+            should belong to the range of ASCII characters between ' ' and '~'
+
+
+\*******************************************************************/
+
+void string_constraint_generatort::add_default_axioms(
+  const string_exprt &s)
+{
+  s.axiom_for_is_longer_than(from_integer(0, s.length().type()));
+  if(max_string_length>=0)
+    axioms.push_back(s.axiom_for_is_shorter_than(max_string_length));
+
+  if(force_printable_characters)
+  {
+    symbol_exprt qvar=fresh_univ_index("printable", s.length().type());
+    exprt chr=s[qvar];
+    and_exprt printable(
+      binary_relation_exprt(chr, ID_ge, from_integer(' ', chr.type())),
+      binary_relation_exprt(chr, ID_le, from_integer('~', chr.type())));
+    string_constraintt sc(qvar, s.length(), printable);
+    axioms.push_back(sc);
+  }
+}
+
+/*******************************************************************\
+
 Function: string_constraint_generatort::add_axioms_for_refined_string
 
   Inputs: an expression of refined string type
@@ -258,7 +298,6 @@ Function: string_constraint_generatort::add_axioms_for_refined_string
 
 \*******************************************************************/
 
-
 string_exprt string_constraint_generatort::add_axioms_for_refined_string(
   const exprt &string)
 {
@@ -272,15 +311,13 @@ string_exprt string_constraint_generatort::add_axioms_for_refined_string(
   {
     const symbol_exprt &sym=to_symbol_expr(string);
     string_exprt s=find_or_add_string_of_symbol(sym, type);
-    axioms.push_back(
-      s.axiom_for_is_longer_than(from_integer(0, s.length().type())));
+    add_default_axioms(s);
     return s;
   }
   else if(string.id()==ID_nondet_symbol)
   {
     string_exprt s=fresh_string(type);
-    axioms.push_back(
-      s.axiom_for_is_longer_than(from_integer(0, s.length().type())));
+    add_default_axioms(s);
     return s;
   }
   else if(string.id()==ID_if)
@@ -290,8 +327,7 @@ string_exprt string_constraint_generatort::add_axioms_for_refined_string(
   else if(string.id()==ID_struct)
   {
     const string_exprt &s=to_string_expr(string);
-    axioms.push_back(
-      s.axiom_for_is_longer_than(from_integer(0, s.length().type())));
+    add_default_axioms(s);
     return s;
   }
   else
diff --git a/src/solvers/refinement/string_refinement.cpp b/src/solvers/refinement/string_refinement.cpp
index 1391ffd2315..9d2e5627071 100644
--- a/src/solvers/refinement/string_refinement.cpp
+++ b/src/solvers/refinement/string_refinement.cpp
@@ -43,7 +43,8 @@ string_refinementt::string_refinementt(
   supert(_ns, _prop),
   use_counter_example(false),
   do_concretizing(false),
-  initial_loop_bound(refinement_bound)
+  initial_loop_bound(refinement_bound),
+  non_empty_string(false)
 { }
 
 /*******************************************************************\
@@ -65,6 +66,52 @@ void string_refinementt::set_mode()
 
 /*******************************************************************\
 
+Function: string_refinementt::set_max_string_length
+
+  Inputs:
+    i - maximum length which is allowed for strings.
+        negative number means no limit
+
+ Purpose: Add constraints on the size of strings used in the
+          program.
+
+\*******************************************************************/
+
+void string_refinementt::set_max_string_length(int i)
+{
+  generator.max_string_length=i;
+}
+
+/*******************************************************************\
+
+Function: string_refinementt::set_max_string_length
+
+ Purpose: Add constraints on the size of nondet character arrays
+          to ensure they have length at least 1
+
+\*******************************************************************/
+
+void string_refinementt::enforce_non_empty_string()
+{
+  non_empty_string=true;
+}
+
+/*******************************************************************\
+
+Function: string_refinementt::enforce_printable_characters
+
+ Purpose: Add constraints on characters used in the program
+          to ensure they are printable
+
+\*******************************************************************/
+
+void string_refinementt::enforce_printable_characters()
+{
+  generator.force_printable_characters=true;
+}
+
+/*******************************************************************\
+
 Function: string_refinementt::display_index_set
 
  Purpose: display the current index set, for debugging
@@ -283,52 +330,71 @@ bool string_refinementt::add_axioms_for_string_assigns(const exprt &lhs,
 
 /*******************************************************************\
 
-Function: string_refinementt::concretize_results
+Function: string_refinementt::concretize_string
 
- Purpose: For each string whose length has been solved, add constants
+  Input:
+    expr - an expression
+
+ Purpose: If the expression is of type string, then adds constants
           to the index set to force the solver to pick concrete values
           for each character, and fill the map `found_length`
 
 \*******************************************************************/
 
-void string_refinementt::concretize_results()
+void string_refinementt::concretize_string(const exprt &expr)
 {
-  for(const auto& it : symbol_resolve)
+  if(refined_string_typet::is_refined_string_type(expr.type()))
   {
-    if(refined_string_typet::is_refined_string_type(it.second.type()))
+    string_exprt str=to_string_expr(expr);
+    exprt length=get(str.length());
+    add_lemma(equal_exprt(str.length(), length));
+    exprt content=str.content();
+    replace_expr(symbol_resolve, content);
+    found_length[content]=length;
+    mp_integer found_length;
+    if(!to_integer(length, found_length))
     {
-      string_exprt str=to_string_expr(it.second);
-      exprt length=current_model[str.length()];
-      exprt content=str.content();
-      replace_expr(symbol_resolve, content);
-      found_length[content]=length;
-      mp_integer found_length;
-      if(!to_integer(length, found_length))
+      assert(found_length.is_long());
+      if(found_length < 0)
       {
-        assert(found_length.is_long());
-        if(found_length < 0)
-        {
-          debug() << "concretize_results: WARNING found length is negative"
-                  << eom;
-        }
-        else
+        debug() << "concretize_results: WARNING found length is negative"
+                << eom;
+      }
+      else
+      {
+        size_t concretize_limit=found_length.to_long();
+        concretize_limit=concretize_limit>MAX_CONCRETE_STRING_SIZE?
+              MAX_CONCRETE_STRING_SIZE:concretize_limit;
+        exprt content_expr=str.content();
+        for(size_t i=0; i<concretize_limit; ++i)
         {
-          size_t concretize_limit=found_length.to_long();
-          concretize_limit=concretize_limit>MAX_CONCRETE_STRING_SIZE?
-                MAX_CONCRETE_STRING_SIZE:concretize_limit;
-          exprt content_expr=str.content();
-          replace_expr(current_model, content_expr);
-          for(size_t i=0; i<concretize_limit; ++i)
-          {
-            auto i_expr=from_integer(i, str.length().type());
-            debug() << "Concretizing " << from_expr(content_expr)
-                    << " / " << i << eom;
-            current_index_set[str.content()].insert(i_expr);
-          }
+          auto i_expr=from_integer(i, str.length().type());
+          debug() << "Concretizing " << from_expr(content_expr)
+                  << " / " << i << eom;
+          current_index_set[str.content()].insert(i_expr);
+          index_set[str.content()].insert(i_expr);
         }
       }
     }
   }
+}
+
+/*******************************************************************\
+
+Function: string_refinementt::concretize_results
+
+ Purpose: For each string whose length has been solved, add constants
+          to the index set to force the solver to pick concrete values
+          for each character, and fill the map `found_length`
+
+\*******************************************************************/
+
+void string_refinementt::concretize_results()
+{
+  for(const auto& it : symbol_resolve)
+    concretize_string(it.second);
+  for(const auto& it : generator.created_strings)
+    concretize_string(it);
   add_instantiations();
 }
 
@@ -348,7 +414,18 @@ void string_refinementt::concretize_lengths()
     if(refined_string_typet::is_refined_string_type(it.second.type()))
     {
       string_exprt str=to_string_expr(it.second);
-      exprt length=current_model[str.length()];
+      exprt length=get(str.length());
+      exprt content=str.content();
+      replace_expr(symbol_resolve, content);
+      found_length[content]=length;
+     }
+  }
+  for(const auto& it : generator.created_strings)
+  {
+    if(refined_string_typet::is_refined_string_type(it.type()))
+    {
+      string_exprt str=to_string_expr(it);
+      exprt length=get(str.length());
       exprt content=str.content();
       replace_expr(symbol_resolve, content);
       found_length[content]=length;
@@ -869,6 +946,7 @@ void string_refinementt::fill_model()
   }
 }
 
+
 /*******************************************************************\
 
 Function: string_refinementt::add_negation_of_constraint_to_solver
diff --git a/src/solvers/refinement/string_refinement.h b/src/solvers/refinement/string_refinement.h
index 0a62a6abe7d..0163936b069 100644
--- a/src/solvers/refinement/string_refinement.h
+++ b/src/solvers/refinement/string_refinement.h
@@ -2,7 +2,7 @@
 
 Module: String support via creating string constraints and progressively
         instantiating the universal constraints as needed.
-	The procedure is described in the PASS paper at HVC'13:
+        The procedure is described in the PASS paper at HVC'13:
         "PASS: String Solving with Parameterized Array and Interval Automaton"
         by Guodong Li and Indradeep Ghosh
 
@@ -38,8 +38,13 @@ class string_refinementt: public bv_refinementt
   // Should we use counter examples at each iteration?
   bool use_counter_example;
 
+  // Should we concretize strings when the solver finished
   bool do_concretizing;
 
+  void set_max_string_length(int i);
+  void enforce_non_empty_string();
+  void enforce_printable_characters();
+
   virtual std::string decision_procedure_text() const override
   {
     return "string refinement loop with "+prop.solver_text();
@@ -65,6 +70,9 @@ class string_refinementt: public bv_refinementt
 
   string_constraint_generatort generator;
 
+  bool non_empty_string;
+  expr_sett nondet_arrays;
+
   // Simple constraints that have been given to the solver
   expr_sett seen_instances;
 
@@ -98,6 +106,8 @@ class string_refinementt: public bv_refinementt
   exprt substitute_function_applications(exprt expr);
   typet substitute_java_string_types(typet type);
   exprt substitute_java_strings(exprt expr);
+  exprt substitute_array_with_expr(exprt &expr, exprt &index) const;
+  exprt substitute_array_access(exprt &expr) const;
   void add_symbol_to_symbol_map(const exprt &lhs, const exprt &rhs);
   bool is_char_array(const typet &type) const;
   bool add_axioms_for_string_assigns(const exprt &lhs, const exprt &rhs);
@@ -134,8 +144,10 @@ class string_refinementt: public bv_refinementt
 
   exprt simplify_sum(const exprt &f) const;
 
+  void concretize_string(const exprt &expr);
   void concretize_results();
   void concretize_lengths();
+
   // Length of char arrays found during concretization
   std::map<exprt, exprt> found_length;
 

From 4c4d85ca67640d33986ca8b7751add917be8ccf7 Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Fri, 3 Feb 2017 09:44:44 +0000
Subject: [PATCH 154/699] Implement function-only coverage

This adds support for this-function-only coverage instrumentation.
Some function renaming and interface improvement happens at the
same time, in particular altering how no-trivial-tests is applied.
Adapted from merge commit e7061a0208cde20ec1fe5b582594532e01ce11ab
and subsequent fixup d462a7076f2d46bcc1bcee6e70186c76de5e36a8 which
appear to have introduced this reworking as part of a merge.

Original commit message was "consolidate integration with cover",
committed by @cristina-david
---
 src/goto-instrument/cover.cpp | 247 +++++++++++++++++-----------------
 src/goto-instrument/cover.h   |  24 +++-
 2 files changed, 142 insertions(+), 129 deletions(-)

diff --git a/src/goto-instrument/cover.cpp b/src/goto-instrument/cover.cpp
index 0d6c2eb3539..ed40ce89f0b 100644
--- a/src/goto-instrument/cover.cpp
+++ b/src/goto-instrument/cover.cpp
@@ -16,6 +16,7 @@ Date: May 2016
 #include <util/prefix.h>
 #include <util/string2int.h>
 #include <util/cprover_prefix.h>
+#include <util/config.h>
 
 #include <json/json_parser.h>
 
@@ -101,23 +102,6 @@ class basic_blockst
 
 /*******************************************************************\
 
-Function: coverage_goalst::coverage_goalst
-
-  Inputs:
-
- Outputs:
-
- Purpose:
-
-\*******************************************************************/
-
-coverage_goalst::coverage_goalst()
-{
-  no_trivial_tests=false;
-}
-
-/*******************************************************************\
-
 Function: coverage_goalst::get_coverage
 
   Inputs:
@@ -134,7 +118,6 @@ coverage_goalst coverage_goalst::get_coverage_goals(const std::string &coverage,
   jsont json;
   coverage_goalst goals;
   source_locationt source_location;
-  goals.set_no_trivial_tests(false);
 
   // check coverage file
   if(parse_json(coverage, message_handler, json))
@@ -177,7 +160,7 @@ coverage_goalst coverage_goalst::get_coverage_goals(const std::string &coverage,
         // get the line of each existing goal
         line=entry["number"].value;
         source_location.set_line(line);
-        goals.set_goals(source_location);
+        goals.add_goal(source_location);
       }
     }
   }
@@ -186,7 +169,7 @@ coverage_goalst coverage_goalst::get_coverage_goals(const std::string &coverage,
 
 /*******************************************************************\
 
-Function: coverage_goalst::set_goals
+Function: coverage_goalst::add_goal
 
   Inputs:
 
@@ -196,7 +179,7 @@ Function: coverage_goalst::set_goals
 
 \*******************************************************************/
 
-void coverage_goalst::set_goals(source_locationt goal)
+void coverage_goalst::add_goal(source_locationt goal)
 {
   existing_goals.push_back(goal);
 }
@@ -213,9 +196,9 @@ Function: coverage_goalst::is_existing_goal
 
 \*******************************************************************/
 
-bool coverage_goalst::is_existing_goal(source_locationt source_location)
+bool coverage_goalst::is_existing_goal(source_locationt source_location) const
 {
-  std::vector<source_locationt>::iterator it = existing_goals.begin();
+  std::vector<source_locationt>::const_iterator it = existing_goals.begin();
   while(it!=existing_goals.end())
   {
     if(!source_location.get_file().compare(it->get_file()) &&
@@ -232,40 +215,6 @@ bool coverage_goalst::is_existing_goal(source_locationt source_location)
 
 /*******************************************************************\
 
-Function: coverage_goalst::set_no_trivial_tests
-
-  Inputs:
-
- Outputs:
-
- Purpose:
-
-\*******************************************************************/
-
-void coverage_goalst::set_no_trivial_tests(const bool trivial)
-{
-  no_trivial_tests=trivial;
-}
-
-/*******************************************************************\
-
-Function: coverage_goalst::get_no_trivial_tests
-
-  Inputs:
-
- Outputs:
-
- Purpose:
-
-\*******************************************************************/
-
-const bool coverage_goalst::get_no_trivial_tests()
-{
-  return no_trivial_tests;
-}
-
-/*******************************************************************\
-
 Function: as_string
 
   Inputs:
@@ -1277,8 +1226,74 @@ void instrument_cover_goals(
   const symbol_tablet &symbol_table,
   goto_programt &goto_program,
   coverage_criteriont criterion,
-  coverage_goalst &goals)
+  bool function_only)
+{
+  coverage_goalst goals; //empty already covered goals
+  instrument_cover_goals(symbol_table,goto_program,
+                        criterion,goals,function_only,false);
+}
+
+/*******************************************************************\
+
+Function: consider_goals
+
+  Inputs:
+
+ Outputs:
+
+ Purpose:
+
+\*******************************************************************/
+
+bool consider_goals(const goto_programt &goto_program)
+{
+  bool result;
+  unsigned long count_assignments=0, count_goto=0, count_decl=0;
+
+  forall_goto_program_instructions(i_it, goto_program)
+  {
+    if(i_it->is_goto())
+      ++count_goto;
+    else if (i_it->is_assign())
+      ++count_assignments;
+    else if (i_it->is_decl())
+      ++count_decl;
+  }
+
+  //check whether this is a constructor/destructor or a get/set (pattern)
+  if (!count_goto && !count_assignments && !count_decl)
+    result=false;
+  else
+    result = !((count_decl==0) && (count_goto<=1) &&
+               (count_assignments>0 && count_assignments<5));
+
+  return result;
+}
+
+/*******************************************************************\
+
+Function: instrument_cover_goals
+
+  Inputs:
+
+ Outputs:
+
+ Purpose:
+
+\*******************************************************************/
+
+void instrument_cover_goals(
+  const symbol_tablet &symbol_table,
+  goto_programt &goto_program,
+  coverage_criteriont criterion,
+  const coverage_goalst &goals,
+  bool function_only,
+  bool ignore_trivial)
 {
+  //exclude trivial coverage goals of a goto program
+  if(ignore_trivial && !consider_goals(goto_program))
+    return;
+
   const namespacet ns(symbol_table);
   basic_blockst basic_blocks(goto_program);
   std::set<unsigned> blocks_done;
@@ -1293,21 +1308,30 @@ void instrument_cover_goals(
 
   Forall_goto_program_instructions(i_it, goto_program)
   {
+    std::string curr_function = id2string(i_it->function);
+
+    // if the --cover-function-only flag is set, then we only add coverage
+    // instrumentation for the entry function
+    bool cover_curr_function=
+      !function_only ||
+      curr_function.find(config.main)!=std::string::npos;
+
     switch(criterion)
     {
     case coverage_criteriont::ASSERTION:
       // turn into 'assert(false)' to avoid simplification
-      if(i_it->is_assert())
+      if(i_it->is_assert() && cover_curr_function)
       {
         i_it->guard=false_exprt();
         i_it->source_location.set(ID_coverage_criterion, coverage_criterion);
         i_it->source_location.set_property_class(property_class);
+        i_it->source_location.set_function(i_it->function);
       }
       break;
 
     case coverage_criteriont::COVER:
       // turn __CPROVER_cover(x) into 'assert(!x)'
-      if(i_it->is_function_call())
+      if(i_it->is_function_call() && cover_curr_function)
       {
         const code_function_callt &code_function_call=
           to_code_function_call(i_it->code);
@@ -1324,6 +1348,7 @@ void instrument_cover_goals(
           i_it->source_location.set_comment(comment);
           i_it->source_location.set(ID_coverage_criterion, coverage_criterion);
           i_it->source_location.set_property_class(property_class);
+          i_it->source_location.set_function(i_it->function);
         }
       }
       else if(i_it->is_assert())
@@ -1346,9 +1371,11 @@ void instrument_cover_goals(
           // check whether the current goal already exists
           if(goals.is_existing_goal(source_location) &&
              !source_location.get_file().empty() &&
-             source_location.get_file()[0]!='<')
+             source_location.get_file()[0]!='<' &&
+             cover_curr_function)
           {
-            std::string comment="block "+b;
+            std::string comment="function "+id2string(i_it->function)+" block "+b;
+            const irep_idt function=i_it->function;
             goto_program.insert_before_swap(i_it);
             i_it->make_assertion(false_exprt());
             i_it->source_location=source_location;
@@ -1356,7 +1383,7 @@ void instrument_cover_goals(
             i_it->source_location.set(
               ID_coverage_criterion, coverage_criterion);
             i_it->source_location.set_property_class(property_class);
-
+            i_it->source_location.set_function(function);
             i_it++;
           }
         }
@@ -1367,7 +1394,8 @@ void instrument_cover_goals(
       if(i_it->is_assert())
         i_it->make_skip();
 
-      if(i_it==goto_program.instructions.begin())
+      if(i_it==goto_program.instructions.begin() &&
+         cover_curr_function)
       {
         // we want branch coverage to imply 'entry point of function'
         // coverage
@@ -1382,6 +1410,7 @@ void instrument_cover_goals(
         t->source_location.set_comment(comment);
         t->source_location.set(ID_coverage_criterion, coverage_criterion);
         t->source_location.set_property_class(property_class);
+        t->source_location.set_function(i_it->function);
       }
 
       if(i_it->is_goto() && !i_it->guard.is_true())
@@ -1394,6 +1423,7 @@ void instrument_cover_goals(
 
         exprt guard=i_it->guard;
         source_locationt source_location=i_it->source_location;
+        source_location.set_function(i_it->function);
 
         goto_program.insert_before_swap(i_it);
         i_it->make_assertion(not_exprt(guard));
@@ -1419,6 +1449,7 @@ void instrument_cover_goals(
         i_it->make_skip();
 
       // Conditions are all atomic predicates in the programs.
+      if(cover_curr_function)
       {
         const std::set<exprt> conditions=collect_conditions(i_it);
 
@@ -1429,12 +1460,14 @@ void instrument_cover_goals(
           const std::string c_string=from_expr(ns, "", c);
 
           const std::string comment_t="condition `"+c_string+"' true";
+          const irep_idt function=i_it->function;
           goto_program.insert_before_swap(i_it);
           i_it->make_assertion(c);
           i_it->source_location=source_location;
           i_it->source_location.set_comment(comment_t);
           i_it->source_location.set(ID_coverage_criterion, coverage_criterion);
           i_it->source_location.set_property_class(property_class);
+          i_it->source_location.set_function(function);
 
           const std::string comment_f="condition `"+c_string+"' false";
           goto_program.insert_before_swap(i_it);
@@ -1443,6 +1476,7 @@ void instrument_cover_goals(
           i_it->source_location.set_comment(comment_f);
           i_it->source_location.set(ID_coverage_criterion, coverage_criterion);
           i_it->source_location.set_property_class(property_class);
+          i_it->source_location.set_function(function);
         }
 
         for(std::size_t i=0; i<conditions.size()*2; i++)
@@ -1455,6 +1489,7 @@ void instrument_cover_goals(
         i_it->make_skip();
 
       // Decisions are maximal Boolean combinations of conditions.
+      if(cover_curr_function)
       {
         const std::set<exprt> decisions=collect_decisions(i_it);
 
@@ -1465,12 +1500,14 @@ void instrument_cover_goals(
           const std::string d_string=from_expr(ns, "", d);
 
           const std::string comment_t="decision `"+d_string+"' true";
+          const irep_idt function=i_it->function;
           goto_program.insert_before_swap(i_it);
           i_it->make_assertion(d);
           i_it->source_location=source_location;
           i_it->source_location.set_comment(comment_t);
           i_it->source_location.set(ID_coverage_criterion, coverage_criterion);
           i_it->source_location.set_property_class(property_class);
+          i_it->source_location.set_function(function);
 
           const std::string comment_f="decision `"+d_string+"' false";
           goto_program.insert_before_swap(i_it);
@@ -1479,6 +1516,7 @@ void instrument_cover_goals(
           i_it->source_location.set_comment(comment_f);
           i_it->source_location.set(ID_coverage_criterion, coverage_criterion);
           i_it->source_location.set_property_class(property_class);
+          i_it->source_location.set_function(function);
         }
 
         for(std::size_t i=0; i<decisions.size()*2; i++)
@@ -1495,6 +1533,7 @@ void instrument_cover_goals(
       // 3. Each condition in a decision takes every possible outcome
       // 4. Each condition in a decision is shown to independently
       //    affect the outcome of the decision.
+      if(cover_curr_function)
       {
         const std::set<exprt> conditions=collect_conditions(i_it);
         const std::set<exprt> decisions=collect_decisions(i_it);
@@ -1521,6 +1560,7 @@ void instrument_cover_goals(
           std::string p_string=from_expr(ns, "", p);
 
           std::string comment_t=description+" `"+p_string+"' true";
+          const irep_idt function=i_it->function;
           goto_program.insert_before_swap(i_it);
           // i_it->make_assertion(p);
           i_it->make_assertion(not_exprt(p));
@@ -1528,6 +1568,7 @@ void instrument_cover_goals(
           i_it->source_location.set_comment(comment_t);
           i_it->source_location.set(ID_coverage_criterion, coverage_criterion);
           i_it->source_location.set_property_class(property_class);
+          i_it->source_location.set_function(function);
 
           std::string comment_f=description+" `"+p_string+"' false";
           goto_program.insert_before_swap(i_it);
@@ -1537,6 +1578,7 @@ void instrument_cover_goals(
           i_it->source_location.set_comment(comment_f);
           i_it->source_location.set(ID_coverage_criterion, coverage_criterion);
           i_it->source_location.set_property_class(property_class);
+          i_it->source_location.set_function(function);
         }
 
         std::set<exprt> controlling;
@@ -1554,6 +1596,7 @@ void instrument_cover_goals(
           std::string description=
             "MC/DC independence condition `"+p_string+"'";
 
+          const irep_idt function=i_it->function;
           goto_program.insert_before_swap(i_it);
           i_it->make_assertion(not_exprt(p));
           // i_it->make_assertion(p);
@@ -1561,6 +1604,7 @@ void instrument_cover_goals(
           i_it->source_location.set_comment(description);
           i_it->source_location.set(ID_coverage_criterion, coverage_criterion);
           i_it->source_location.set_property_class(property_class);
+          i_it->source_location.set_function(function);
         }
 
         for(std::size_t i=0; i<both.size()*2+controlling.size(); i++)
@@ -1596,7 +1640,9 @@ void instrument_cover_goals(
   const symbol_tablet &symbol_table,
   goto_functionst &goto_functions,
   coverage_criteriont criterion,
-  coverage_goalst &goals)
+  const coverage_goalst &goals,
+  bool function_only,
+  bool ignore_trivial)
 {
   Forall_goto_functions(f_it, goto_functions)
   {
@@ -1608,7 +1654,9 @@ void instrument_cover_goals(
       symbol_table,
       f_it->second.body,
       criterion,
-      goals);
+      goals,
+      function_only,
+      ignore_trivial);
   }
 }
 
@@ -1627,61 +1675,16 @@ Function: instrument_cover_goals
 void instrument_cover_goals(
   const symbol_tablet &symbol_table,
   goto_functionst &goto_functions,
-  coverage_criteriont criterion)
-{
-  Forall_goto_functions(f_it, goto_functions)
-  {
-    if(f_it->first==ID__start ||
-       f_it->first=="__CPROVER_initialize")
-      continue;
-
-    // empty set of existing goals
-    coverage_goalst goals;
-    instrument_cover_goals(symbol_table, f_it->second.body,
-                           criterion, goals);
-  }
-}
-
-/*******************************************************************\
-
-Function: consider_goals
-
-  Inputs:
-
- Outputs:
-
- Purpose:
-
-\*******************************************************************/
-
-bool consider_goals(
-  const goto_programt &goto_program,
-  coverage_goalst &goals)
+  coverage_criteriont criterion,
+  bool function_only)
 {
-  // check whether we should eliminate trivial goals
-  if(!goals.get_no_trivial_tests())
-    return true;
-
-  bool result;
-  unsigned long count_assignments=0, count_goto=0, count_decl=0;
-
-  forall_goto_program_instructions(i_it, goto_program)
-  {
-    if(i_it->is_goto())
-      ++count_goto;
-    else if(i_it->is_assign())
-      ++count_assignments;
-    else if(i_it->is_decl())
-      ++count_decl;
-  }
-
-  // check whether this is a constructor/destructor or a get/set (pattern)
-  if(!count_goto && !count_assignments && !count_decl)
-    result=false;
-  else
-    result = !((count_decl==0) && (count_goto<=1) &&
-             (count_assignments>0 && count_assignments<5));
-
-  return result;
+  //empty set of existing goals
+  coverage_goalst goals;
+  instrument_cover_goals(
+    symbol_table,
+    goto_functions,
+    criterion,
+    goals,
+    function_only,
+    false);
 }
-
diff --git a/src/goto-instrument/cover.h b/src/goto-instrument/cover.h
index 07ced79178c..afe74e04a77 100644
--- a/src/goto-instrument/cover.h
+++ b/src/goto-instrument/cover.h
@@ -16,11 +16,10 @@ Date: May 2016
 class coverage_goalst
 {
 public:
-  coverage_goalst();
   static coverage_goalst get_coverage_goals(const std::string &coverage,
                                       message_handlert &message_handler);
-  void set_goals(source_locationt goal);
-  bool is_existing_goal(source_locationt source_location);
+  void add_goal(source_locationt goal);
+  bool is_existing_goal(source_locationt source_location) const;
   void set_no_trivial_tests(const bool trivial);
   const bool get_no_trivial_tests();
 
@@ -38,21 +37,32 @@ bool consider_goals(
   const goto_programt &goto_program,
   coverage_goalst &goals);
 
+void instrument_cover_goals(
+  const symbol_tablet &symbol_table,
+  goto_functionst &goto_functions,
+  coverage_criteriont,
+  bool function_only=false);
+
 void instrument_cover_goals(
   const symbol_tablet &symbol_table,
   goto_programt &goto_program,
   coverage_criteriont,
-  coverage_goalst &goals);
+  bool function_only=false);
 
 void instrument_cover_goals(
   const symbol_tablet &symbol_table,
   goto_functionst &goto_functions,
   coverage_criteriont,
-  coverage_goalst &goals);
+  const coverage_goalst &goals,
+  bool function_only=false,
+  bool ignore_trivial=false);
 
 void instrument_cover_goals(
   const symbol_tablet &symbol_table,
-  goto_functionst &goto_functions,
-  coverage_criteriont);
+  goto_programt &goto_program,
+  coverage_criteriont,
+  const coverage_goalst &goals,
+  bool function_only=false,
+  bool ignore_trivial=false);
 
 #endif // CPROVER_GOTO_INSTRUMENT_COVER_H

From da849ee28d965f28e5f87b88ae499d79aa032374 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Mon, 13 Mar 2017 15:37:51 +0000
Subject: [PATCH 155/699] Adding conversion for functions of the Java Character
 library

This processing of java method calls is meant to replace simple
methods of the Character Java by expressions on characters.
About 60% of the library is supported, but for some of this
methods are limited to ASCII characters.
This is meant to be run in conjunction with the string refinement so
it is called if the string-refine option is activated.

Rename conversion_input to conversion_inputt

Corrected linting issues
---
 src/java_bytecode/Makefile                    |    4 +-
 .../character_refine_preprocess.cpp           | 2513 +++++++++++++++++
 .../character_refine_preprocess.h             |  152 +
 3 files changed, 2668 insertions(+), 1 deletion(-)
 create mode 100644 src/java_bytecode/character_refine_preprocess.cpp
 create mode 100644 src/java_bytecode/character_refine_preprocess.h

diff --git a/src/java_bytecode/Makefile b/src/java_bytecode/Makefile
index 20958a3ede3..8a672b4e899 100644
--- a/src/java_bytecode/Makefile
+++ b/src/java_bytecode/Makefile
@@ -6,7 +6,9 @@ SRC = java_bytecode_language.cpp java_bytecode_parse_tree.cpp \
       java_root_class.cpp java_bytecode_parser.cpp bytecode_info.cpp \
       java_class_loader.cpp jar_file.cpp java_object_factory.cpp \
       java_bytecode_convert_method.cpp java_local_variable_table.cpp \
-      java_pointer_casts.cpp java_utils.cpp
+      java_pointer_casts.cpp java_utils.cpp \
+      character_refine_preprocess.cpp \
+      # Empty last line
 
 INCLUDES= -I ..
 
diff --git a/src/java_bytecode/character_refine_preprocess.cpp b/src/java_bytecode/character_refine_preprocess.cpp
new file mode 100644
index 00000000000..ea7ff1becf7
--- /dev/null
+++ b/src/java_bytecode/character_refine_preprocess.cpp
@@ -0,0 +1,2513 @@
+/*******************************************************************\
+
+Module: Preprocess a goto-programs so that calls to the java Character
+        library are replaced by simple expressions.
+
+Author: Romain Brenguier
+
+Date:   March 2017
+
+\*******************************************************************/
+
+#include <util/arith_tools.h>
+#include <util/std_expr.h>
+#include "character_refine_preprocess.h"
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::convert_char_function
+
+  Inputs:
+    expr_function - A reference to a function on expressions
+    target - A position in a goto program
+
+ Purpose: converts based on a function on expressions
+
+\*******************************************************************/
+
+codet character_refine_preprocesst::convert_char_function(
+  exprt (*expr_function)(const exprt &chr, const typet &type),
+  conversion_inputt &target)
+{
+  const code_function_callt &function_call=target;
+  assert(function_call.arguments().size()==1);
+  const exprt &arg=function_call.arguments()[0];
+  const exprt &result=function_call.lhs();
+  const typet &type=result.type();
+  return code_assignt(result, expr_function(arg, type));
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::in_interval_expr
+
+  Inputs:
+    arg - Expression we want to bound
+    lower_bound - Integer lower bound
+    upper_bound - Integer upper bound
+
+ Outputs: A Boolean expression
+
+ Purpose: The returned expression is true when the first argument is in the
+          interval defined by the lower and upper bounds (included)
+
+\*******************************************************************/
+
+exprt character_refine_preprocesst::in_interval_expr(
+  const exprt &chr,
+  const mp_integer &lower_bound,
+  const mp_integer &upper_bound)
+{
+  return and_exprt(
+    binary_relation_exprt(chr, ID_ge, from_integer(lower_bound, chr.type())),
+    binary_relation_exprt(chr, ID_le, from_integer(upper_bound, chr.type())));
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::in_list_expr
+
+  Inputs:
+    chr - An expression of type character
+    list - A list of integer representing unicode characters
+
+ Outputs: A Boolean expression
+
+ Purpose: The returned expression is true when the given character
+          is equal to one of the element in the list
+
+\*******************************************************************/
+
+exprt character_refine_preprocesst::in_list_expr(
+  const exprt &chr, const std::list<mp_integer> &list)
+{
+  exprt::operandst ops;
+  for(const auto &i : list)
+    ops.push_back(equal_exprt(chr, from_integer(i, chr.type())));
+  return disjunction(ops);
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::expr_of_char_count
+
+  Inputs:
+    expr - An expression of type character
+    type - A type for the output
+
+ Outputs: A integer expression of the given type
+
+ Purpose: Determines the number of char values needed to represent
+          the specified character (Unicode code point).
+
+\*******************************************************************/
+
+exprt character_refine_preprocesst::expr_of_char_count(
+  const exprt &chr, const typet &type)
+{
+  exprt u010000=from_integer(0x010000, type);
+  binary_relation_exprt small(chr, ID_lt, u010000);
+  return if_exprt(small, from_integer(1, type), from_integer(2, type));
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::convert_char_count
+
+  Inputs:
+    target - a position in a goto program
+
+ Purpose: Converts function call to an assignment of an expression
+          corresponding to the java method Character.charCount:(I)I
+
+\*******************************************************************/
+
+codet character_refine_preprocesst::convert_char_count(
+  conversion_inputt &target)
+{
+  return convert_char_function(
+    &character_refine_preprocesst::expr_of_char_count, target);
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::expr_of_char_value
+  Inputs:
+    expr - An expression of type character
+    type - A type for the output
+
+ Outputs: An expression of the given type
+
+ Purpose: Casts the given expression to the given type
+
+\*******************************************************************/
+
+exprt character_refine_preprocesst::expr_of_char_value(
+  const exprt &chr, const typet &type)
+{
+  return typecast_exprt(chr, type);
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::convert_char_value
+
+  Inputs:
+    target - a position in a goto program
+
+ Purpose: Converts function call to an assignment of an expression
+          corresponding to the java method Character.charValue:()C
+
+\*******************************************************************/
+
+codet character_refine_preprocesst::convert_char_value(
+  conversion_inputt &target)
+{
+  return convert_char_function(
+    &character_refine_preprocesst::expr_of_char_value, target);
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::convert_compare
+
+  Inputs:
+    target - a position in a goto program
+
+ Purpose: Converts function call to an assignment of an expression
+          corresponding to the java method Character.compare:(CC)I
+
+\*******************************************************************/
+
+codet character_refine_preprocesst::convert_compare(conversion_inputt &target)
+{
+  const code_function_callt &function_call=target;
+  assert(function_call.arguments().size()==2);
+  const exprt &char1=function_call.arguments()[0];
+  const exprt &char2=function_call.arguments()[1];
+  const exprt &result=function_call.lhs();
+  const typet &type=result.type();
+  binary_relation_exprt smaller(char1, ID_lt, char2);
+  binary_relation_exprt greater(char1, ID_gt, char2);
+  if_exprt expr(
+    smaller,
+    from_integer(-1, type),
+    if_exprt(greater, from_integer(1, type), from_integer(0, type)));
+
+  return code_assignt(result, expr);
+}
+
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::convert_digit_char
+
+  Inputs:
+    target - a position in a goto program
+
+ Purpose: Converts function call to an assignment of an expression
+          corresponding to the java method Character.digit:(CI)I
+
+\*******************************************************************/
+
+codet character_refine_preprocesst::convert_digit_char(
+  conversion_inputt &target)
+{
+  const code_function_callt &function_call=target;
+  assert(function_call.arguments().size()==2);
+  const exprt &arg=function_call.arguments()[0];
+  const exprt &radix=function_call.arguments()[1];
+  const exprt &result=function_call.lhs();
+  const typet &type=result.type();
+
+  // TODO: If the radix is not in the range MIN_RADIX <= radix <= MAX_RADIX or
+  // if the value of ch is not a valid digit in the specified radix,
+  // -1 is returned.
+
+  // Case 1: The method isDigit is true of the character and the Unicode
+  // decimal digit value of the character (or its single-character
+  // decomposition) is less than the specified radix.
+  exprt invalid=from_integer(-1, arg.type());
+  exprt c0=from_integer('0', arg.type());
+  exprt latin_digit=in_interval_expr(arg, '0', '9');
+  minus_exprt value1(arg, c0);
+  // TODO: this is only valid for latin digits
+  if_exprt case1(
+    binary_relation_exprt(value1, ID_lt, radix), value1, invalid);
+
+  // Case 2: The character is one of the uppercase Latin letters 'A'
+  // through 'Z' and its code is less than radix + 'A' - 10,
+  // then ch - 'A' + 10 is returned.
+  exprt cA=from_integer('A', arg.type());
+  exprt i10=from_integer(10, arg.type());
+  exprt upper_case=in_interval_expr(arg, 'A', 'Z');
+  plus_exprt value2(minus_exprt(arg, cA), i10);
+  if_exprt case2(
+    binary_relation_exprt(value2, ID_lt, radix), value2, invalid);
+
+  // The character is one of the lowercase Latin letters 'a' through 'z' and
+  // its code is less than radix + 'a' - 10, then ch - 'a' + 10 is returned.
+  exprt ca=from_integer('a', arg.type());
+  exprt lower_case=in_interval_expr(arg, 'a', 'z');
+  plus_exprt value3(minus_exprt(arg, ca), i10);
+  if_exprt case3(
+    binary_relation_exprt(value3, ID_lt, radix), value3, invalid);
+
+
+  // The character is one of the fullwidth uppercase Latin letters A ('\uFF21')
+  // through Z ('\uFF3A') and its code is less than radix + '\uFF21' - 10.
+  // In this case, ch - '\uFF21' + 10 is returned.
+  exprt uFF21=from_integer(0xFF21, arg.type());
+  exprt fullwidth_upper_case=in_interval_expr(arg, 0xFF21, 0xFF3A);
+  plus_exprt value4(minus_exprt(arg, uFF21), i10);
+  if_exprt case4(
+    binary_relation_exprt(value4, ID_lt, radix), value4, invalid);
+
+  // The character is one of the fullwidth lowercase Latin letters a ('\uFF41')
+  // through z ('\uFF5A') and its code is less than radix + '\uFF41' - 10.
+  // In this case, ch - '\uFF41' + 10 is returned.
+  exprt uFF41=from_integer(0xFF41, arg.type());
+  plus_exprt value5(minus_exprt(arg, uFF41), i10);
+  if_exprt case5(
+    binary_relation_exprt(value5, ID_lt, radix), value5, invalid);
+
+  if_exprt fullwidth_cases(fullwidth_upper_case, case4, case5);
+  if_exprt expr(
+    latin_digit,
+    case1,
+    if_exprt(upper_case, case2, if_exprt(lower_case, case3, fullwidth_cases)));
+  typecast_exprt tc_expr(expr, type);
+
+  return code_assignt(result, tc_expr);
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::convert_char_is_digit_int
+
+  Inputs:
+    target - a position in a goto program
+
+ Purpose: Converts function call to an assignment of an expression
+          corresponding to the java method Character.digit:(II)I
+
+\*******************************************************************/
+
+codet character_refine_preprocesst::convert_digit_int(conversion_inputt &target)
+{
+  return convert_digit_char(target);
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::convert_for_digit
+
+  Inputs:
+    target - a position in a goto program
+
+ Purpose: Converts function call to an assignment of an expression
+          corresponding to the java method Character.forDigit:(II)I
+
+    TODO: For now the radix argument is ignored
+
+\*******************************************************************/
+
+codet character_refine_preprocesst::convert_for_digit(conversion_inputt &target)
+{
+  const code_function_callt &function_call=target;
+  assert(function_call.arguments().size()==2);
+  const exprt &digit=function_call.arguments()[0];
+  const exprt &result=function_call.lhs();
+  const typet &type=result.type();
+
+  exprt d10=from_integer(10, type);
+  binary_relation_exprt small(digit, ID_le, d10);
+  plus_exprt value1(digit, from_integer('0', type));
+  minus_exprt value2(plus_exprt(digit, from_integer('a', digit.type())), d10);
+  return code_assignt(result, if_exprt(small, value1, value2));
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::convert_get_directionality_char
+
+  Inputs:
+    target - a position in a goto program
+
+ Purpose: Converts function call to an assignment of an expression
+          corresponding to the java method Character.getDirectionality:(C)I
+
+\*******************************************************************/
+
+codet character_refine_preprocesst::convert_get_directionality_char(
+  conversion_inputt &target)
+{
+  // TODO: This is unimplemented for now as it requires analyzing
+  // the UnicodeData file to find characters directionality.
+  return target;
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::convert_char_is_digit_char
+
+  Inputs:
+    target - a position in a goto program
+
+ Purpose: Converts function call to an assignment of an expression
+          corresponding to the java method Character.getDirectionality:(I)I
+
+\*******************************************************************/
+
+codet character_refine_preprocesst::convert_get_directionality_int(
+  conversion_inputt &target)
+{
+  return convert_get_directionality_char(target);
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::convert_get_numeric_value_char
+  Inputs:
+    target - a position in a goto program
+
+ Purpose: Converts function call to an assignment of an expression
+          corresponding to the java method Character.getNumericValue:(C)I
+
+    TODO: For now this is only for ASCII characters
+
+\*******************************************************************/
+
+codet character_refine_preprocesst::convert_get_numeric_value_char(
+  conversion_inputt &target)
+{
+  return convert_digit_char(target);
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::convert_get_numeric_value_int
+
+  Inputs:
+    target - a position in a goto program
+
+ Purpose: Converts function call to an assignment of an expression
+          corresponding to the java method Character.getNumericValue:(C)I
+
+    TODO: For now this is only for ASCII characters
+
+\*******************************************************************/
+
+codet character_refine_preprocesst::convert_get_numeric_value_int(
+  conversion_inputt &target)
+{
+  return convert_digit_int(target);
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::convert_get_type_char
+
+  Inputs:
+    target - a position in a goto program
+
+ Purpose: Converts function call to an assignment of an expression
+          corresponding to the java method Character.getType:(C)I
+
+\*******************************************************************/
+
+codet character_refine_preprocesst::convert_get_type_char(
+  conversion_inputt &target)
+{
+  // TODO: This is unimplemented for now as it requires analyzing
+  // the UnicodeData file to categorize characters.
+  return target;
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::convert_get_type_int
+
+  Inputs:
+    target - a position in a goto program
+
+ Purpose: Converts function call to an assignment of an expression
+          corresponding to the java method Character.getType:(I)I
+
+\*******************************************************************/
+
+codet character_refine_preprocesst::convert_get_type_int(
+  conversion_inputt &target)
+{
+  return convert_get_type_char(target);
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::convert_hash_code
+
+  Inputs:
+    target - a position in a goto program
+
+ Purpose: Converts function call to an assignment of an expression
+          corresponding to the java method Character.hashCode:()I
+
+\*******************************************************************/
+
+codet character_refine_preprocesst::convert_hash_code(conversion_inputt &target)
+{
+  return convert_char_value(target);
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::expr_of_high_surrogate
+
+  Inputs:
+    expr - An expression of type character
+    type - A type for the output
+
+ Outputs: An expression of the given type
+
+ Purpose: Returns the leading surrogate (a high surrogate code unit)
+          of the surrogate pair representing the specified
+          supplementary character (Unicode code point) in the UTF-16
+          encoding.
+
+\*******************************************************************/
+
+exprt character_refine_preprocesst::expr_of_high_surrogate(
+  const exprt &chr, const typet &type)
+{
+  exprt u10000=from_integer(0x010000, type);
+  exprt uD800=from_integer(0xD800, type);
+  exprt u400=from_integer(0x0400, type);
+
+  plus_exprt high_surrogate(uD800, div_exprt(minus_exprt(chr, u10000), u400));
+  return high_surrogate;
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::convert_high_surrogate
+  Inputs:
+    target - a position in a goto program
+
+ Purpose: Converts function call to an assignment of an expression
+          corresponding to the java method Character.highSurrogate:(C)Z
+
+\*******************************************************************/
+
+codet character_refine_preprocesst::convert_high_surrogate(
+  conversion_inputt &target)
+{
+  return convert_char_function(
+    &character_refine_preprocesst::expr_of_high_surrogate, target);
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::expr_of_is_ascii_lower_case
+
+  Inputs:
+    chr - An expression of type character
+    type - A type for the output
+
+ Outputs: A Boolean expression
+
+ Purpose: Determines if the specified character is an ASCII lowercase
+          character.
+
+\*******************************************************************/
+
+exprt character_refine_preprocesst::expr_of_is_ascii_lower_case(
+  const exprt &chr, const typet &type)
+{
+  return in_interval_expr(chr, 'a', 'z');
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::expr_of_is_ascii_upper_case
+
+  Inputs:
+    expr - An expression of type character
+    type - A type for the output
+
+ Outputs: A Boolean expression
+
+ Purpose: Determines if the specified character is an ASCII uppercase
+          character.
+
+\*******************************************************************/
+
+exprt character_refine_preprocesst::expr_of_is_ascii_upper_case(
+  const exprt &chr, const typet &type)
+{
+  return in_interval_expr(chr, 'A', 'Z');
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::expr_of_is_letter
+
+  Inputs:
+    expr - An expression of type character
+    type - A type for the output
+
+ Outputs: An expression of the given type
+
+ Purpose: Determines if the specified character is a letter.
+
+    TODO: for now this is only for ASCII characters, the
+          following unicode categories are not yet considered:
+          TITLECASE_LETTER MODIFIER_LETTER OTHER_LETTER LETTER_NUMBER
+
+\*******************************************************************/
+
+exprt character_refine_preprocesst::expr_of_is_letter(
+  const exprt &chr, const typet &type)
+{
+  return or_exprt(
+    expr_of_is_ascii_upper_case(chr, type),
+    expr_of_is_ascii_lower_case(chr, type));
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::expr_of_is_alphabetic
+
+  Inputs:
+    expr - An expression of type character
+    type - A type for the output
+
+ Outputs: An expression of the given type
+
+ Purpose: Determines if the specified character (Unicode code point)
+          is alphabetic.
+
+    TODO: for now this is only for ASCII characters, the
+          following unicode categorise are not yet considered:
+          TITLECASE_LETTER MODIFIER_LETTER OTHER_LETTER LETTER_NUMBER
+          and contributory property Other_Alphabetic as defined by the
+          Unicode Standard.
+
+\*******************************************************************/
+
+exprt character_refine_preprocesst::expr_of_is_alphabetic(
+  const exprt &chr, const typet &type)
+{
+  return expr_of_is_letter(chr, type);
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::convert_is_alphabetic
+
+  Inputs:
+    target - a position in a goto program
+
+ Purpose: Converts function call to an assignment of an expression
+          corresponding to the java method Character.isAlphabetic:(I)Z
+
+\*******************************************************************/
+
+codet character_refine_preprocesst::convert_is_alphabetic(
+  conversion_inputt &target)
+{
+  return convert_char_function(
+    &character_refine_preprocesst::expr_of_is_alphabetic, target);
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::expr_of_is_bmp_code_point
+
+  Inputs:
+    expr - An expression of type character
+    type - A type for the output
+
+ Outputs: A Boolean expression
+
+ Purpose: Determines whether the specified character (Unicode code
+          point) is in the Basic Multilingual Plane (BMP). Such code
+          points can be represented using a single char.
+
+\*******************************************************************/
+
+exprt character_refine_preprocesst::expr_of_is_bmp_code_point(
+  const exprt &chr, const typet &type)
+{
+  binary_relation_exprt is_bmp(chr, ID_le, from_integer(0xFFFF, chr.type()));
+  return is_bmp;
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::convert_is_bmp_code_point
+
+  Inputs:
+    target - a position in a goto program
+
+ Purpose: Converts function call to an assignment of an expression
+          corresponding to the java method Character.isBmpCodePoint:(I)Z
+
+\*******************************************************************/
+
+codet character_refine_preprocesst::convert_is_bmp_code_point(
+  conversion_inputt &target)
+{
+  return convert_char_function(
+    &character_refine_preprocesst::expr_of_is_bmp_code_point, target);
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::expr_for_is_defined
+
+  Inputs:
+    expr - An expression of type character
+    type - A type for the output
+
+ Outputs: An expression of the given type
+
+ Purpose: Determines if a character is defined in Unicode.
+
+\*******************************************************************/
+
+exprt character_refine_preprocesst::expr_of_is_defined(
+  const exprt &chr, const typet &type)
+{
+  // The following intervals are undefined in unicode, according to
+  // the Unicode Character Database: http://www.unicode.org/Public/UCD/latest/
+  exprt::operandst intervals;
+  intervals.push_back(in_interval_expr(chr, 0x0750, 0x077F));
+  intervals.push_back(in_interval_expr(chr, 0x07C0, 0x08FF));
+  intervals.push_back(in_interval_expr(chr, 0x1380, 0x139F));
+  intervals.push_back(in_interval_expr(chr, 0x18B0, 0x18FF));
+  intervals.push_back(in_interval_expr(chr, 0x1980, 0x19DF));
+  intervals.push_back(in_interval_expr(chr, 0x1A00, 0x1CFF));
+  intervals.push_back(in_interval_expr(chr, 0x1D80, 0x1DFF));
+  intervals.push_back(in_interval_expr(chr, 0x2C00, 0x2E7F));
+  intervals.push_back(in_interval_expr(chr, 0x2FE0, 0x2FEF));
+  intervals.push_back(in_interval_expr(chr, 0x31C0, 0x31EF));
+  intervals.push_back(in_interval_expr(chr, 0x9FB0, 0x9FFF));
+  intervals.push_back(in_interval_expr(chr, 0xA4D0, 0xABFF));
+  intervals.push_back(in_interval_expr(chr, 0xD7B0, 0xD7FF));
+  intervals.push_back(in_interval_expr(chr, 0xFE10, 0xFE1F));
+  intervals.push_back(in_interval_expr(chr, 0x10140, 0x102FF));
+  intervals.push_back(in_interval_expr(chr, 0x104B0, 0x107FF));
+  intervals.push_back(in_interval_expr(chr, 0x10840, 0x1CFFF));
+  intervals.push_back(in_interval_expr(chr, 0x1D200, 0x1D2FF));
+  intervals.push_back(in_interval_expr(chr, 0x1D360, 0x1D3FF));
+  intervals.push_back(
+    binary_relation_exprt(chr, ID_ge, from_integer(0x1D800, chr.type())));
+
+  return not_exprt(disjunction(intervals));
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::convert_is_defined_char
+
+  Inputs:
+    target - a position in a goto program
+
+ Purpose: Converts function call to an assignment of an expression
+          corresponding to the java method Character.isDefined:(C)Z
+
+\*******************************************************************/
+
+codet character_refine_preprocesst::convert_is_defined_char(
+  conversion_inputt &target)
+{
+  return convert_char_function(
+    &character_refine_preprocesst::expr_of_is_defined, target);
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::convert_char_is_digit_char
+
+  Inputs:
+    target - a position in a goto program
+
+ Purpose: Converts function call to an assignment of an expression
+          corresponding to the java method Character.isDefined:(I)Z
+
+\*******************************************************************/
+
+codet character_refine_preprocesst::convert_is_defined_int(
+  conversion_inputt &target)
+{
+  return convert_is_defined_char(target);
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::expr_of_is_digit
+
+  Inputs:
+    chr - An expression of type character
+    type - A type for the output
+
+ Outputs: An expression of the given type
+
+ Purpose: Determines if the specified character is a digit.
+          A character is a digit if its general category type,
+          provided by Character.getType(ch), is DECIMAL_DIGIT_NUMBER.
+
+   TODO: for now we only support these ranges of digits:
+         '\u0030' through '\u0039', ISO-LATIN-1 digits ('0' through '9')
+         '\u0660' through '\u0669', Arabic-Indic digits
+         '\u06F0' through '\u06F9', Extended Arabic-Indic digits
+         '\u0966' through '\u096F', Devanagari digits
+         '\uFF10' through '\uFF19', Fullwidth digits
+         Many other character ranges contain digits as well.
+
+\*******************************************************************/
+
+exprt character_refine_preprocesst::expr_of_is_digit(
+  const exprt &chr, const typet &type)
+{
+  exprt latin_digit=in_interval_expr(chr, '0', '9');
+  exprt arabic_indic_digit=in_interval_expr(chr, 0x660, 0x669);
+  exprt extended_digit=in_interval_expr(chr, 0x6F0, 0x6F9);
+  exprt devanagari_digit=in_interval_expr(chr, 0x966, 0x96F);
+  exprt fullwidth_digit=in_interval_expr(chr, 0xFF10, 0xFF19);
+  or_exprt digit(
+    or_exprt(latin_digit, or_exprt(arabic_indic_digit, extended_digit)),
+    or_exprt(devanagari_digit, fullwidth_digit));
+  return digit;
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::convert_is_digit_char
+
+  Inputs:
+    target - a position in a goto program
+
+ Purpose: Converts function call to an assignment of an expression
+          corresponding to the java method Character.isDigit:(C)Z
+
+\*******************************************************************/
+
+codet character_refine_preprocesst::convert_is_digit_char(
+  conversion_inputt &target)
+{
+  return convert_char_function(
+    &character_refine_preprocesst::expr_of_is_digit, target);
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::convert_is_digit_int
+
+  Inputs:
+    target - a position in a goto program
+
+ Purpose: Converts function call to an assignment of an expression
+          corresponding to the java method Character.digit:(I)Z
+
+\*******************************************************************/
+
+codet character_refine_preprocesst::convert_is_digit_int(
+  conversion_inputt &target)
+{
+  return convert_is_digit_char(target);
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::expr_of_is_high_surrogate
+
+  Inputs:
+    expr - An expression of type character
+    type - A type for the output
+
+ Outputs: A Boolean expression
+
+ Purpose: Determines if the given char value is a Unicode
+          high-surrogate code unit (also known as leading-surrogate
+          code unit).
+
+\*******************************************************************/
+
+exprt character_refine_preprocesst::expr_of_is_high_surrogate(
+  const exprt &chr, const typet &type)
+{
+  return in_interval_expr(chr, 0xD800, 0xDBFF);
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::convert_is_high_surrogate
+
+  Inputs:
+    target - a position in a goto program
+
+ Purpose: Converts function call to an assignment of an expression
+          corresponding to the java method Character.isHighSurrogate:(C)Z
+
+\*******************************************************************/
+
+codet character_refine_preprocesst::convert_is_high_surrogate(
+    conversion_inputt &target)
+{
+  return convert_char_function(
+    &character_refine_preprocesst::expr_of_is_high_surrogate, target);
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::expr_of_is_identifier_ignorable
+
+  Inputs:
+    expr - An expression of type character
+    type - A type for the output
+
+ Outputs: A Boolean expression
+
+ Purpose: Determines if the character is one of ignorable in a Java
+         identifier, that is, it is in one of these ranges:
+         '\u0000' through '\u0008'
+         '\u000E' through '\u001B'
+         '\u007F' through '\u009F'
+
+    TODO: For now, we ignore the FORMAT general category value
+
+\*******************************************************************/
+
+exprt character_refine_preprocesst::expr_of_is_identifier_ignorable(
+  const exprt &chr, const typet &type)
+{
+  or_exprt ignorable(
+    in_interval_expr(chr, 0x0000, 0x0008),
+     or_exprt(
+      in_interval_expr(chr, 0x000E, 0x001B),
+      in_interval_expr(chr, 0x007F, 0x009F)));
+  return ignorable;
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::convert_is_identifier_ignorable_char
+
+  Inputs:
+    target - a position in a goto program
+
+ Purpose: Converts function call to an assignment of an expression
+          corresponding to the java method
+          Character.isIdentifierIgnorable:(C)Z
+
+    TODO: For now, we ignore the FORMAT general category value
+
+\*******************************************************************/
+
+codet character_refine_preprocesst::convert_is_identifier_ignorable_char(
+  conversion_inputt &target)
+{
+  return convert_char_function(
+    &character_refine_preprocesst::expr_of_is_identifier_ignorable, target);
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::convert_is_identifier_ignorable_int
+
+  Inputs:
+    target - a position in a goto program
+
+ Purpose: Converts function call to an assignment of an expression
+          corresponding to the java method
+          Character.isIdentifierIgnorable:(I)Z
+
+    TODO: For now, we ignore the FORMAT general category value
+
+\*******************************************************************/
+
+codet character_refine_preprocesst::convert_is_identifier_ignorable_int(
+  conversion_inputt &target)
+{
+  return convert_is_identifier_ignorable_char(target);
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::convert_is_ideographic
+
+  Inputs:
+    target - a position in a goto program
+
+ Purpose: Converts function call to an assignment of an expression
+          corresponding to the java method Character.isIdeographic:(C)Z
+
+\*******************************************************************/
+
+codet character_refine_preprocesst::convert_is_ideographic(
+  conversion_inputt &target)
+{
+  const code_function_callt &function_call=target;
+  assert(function_call.arguments().size()==1);
+  const exprt &arg=function_call.arguments()[0];
+  const exprt &result=function_call.lhs();
+  exprt is_ideograph=in_interval_expr(arg, 0x4E00, 0x9FFF);
+  return code_assignt(result, is_ideograph);
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::convert_is_ISO_control_char
+
+  Inputs:
+    target - a position in a goto program
+
+ Purpose: Converts function call to an assignment of an expression
+          corresponding to the java method Character.isISOControl:(C)Z
+
+\*******************************************************************/
+
+codet character_refine_preprocesst::convert_is_ISO_control_char(
+  conversion_inputt &target)
+{
+  const code_function_callt &function_call=target;
+  assert(function_call.arguments().size()==1);
+  const exprt &arg=function_call.arguments()[0];
+  const exprt &result=function_call.lhs();
+  or_exprt iso(
+    in_interval_expr(arg, 0x00, 0x1F), in_interval_expr(arg, 0x7F, 0x9F));
+  return code_assignt(result, iso);
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::convert_is_ISO_control_int
+
+  Inputs:
+    target - a position in a goto program
+
+ Purpose: Converts function call to an assignment of an expression
+          corresponding to the java method Character.isISOControl:(I)Z
+
+\*******************************************************************/
+
+codet character_refine_preprocesst::convert_is_ISO_control_int(
+  conversion_inputt &target)
+{
+  return convert_is_ISO_control_char(target);
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::convert_is_java_identifier_part_char
+
+  Inputs:
+    target - a position in a goto program
+
+ Purpose: Converts function call to an assignment of an expression
+          corresponding to the java method Character.isJavaIdentifierPart:(C)Z
+
+    TODO: For now we do not allow currency symbol, connecting punctuation,
+          combining mark, non-spacing mark
+
+\*******************************************************************/
+
+codet character_refine_preprocesst::convert_is_java_identifier_part_char(
+  conversion_inputt &target)
+{
+  return convert_char_function(
+    &character_refine_preprocesst::expr_of_is_unicode_identifier_part, target);
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::convert_is_java_identifier_part_int
+
+  Inputs:
+    target - a position in a goto program
+
+ Purpose: Converts function call to an assignment of an expression
+          corresponding to the java method isJavaIdentifierPart:(I)Z
+
+\*******************************************************************/
+
+codet character_refine_preprocesst::convert_is_java_identifier_part_int(
+  conversion_inputt &target)
+{
+  return convert_is_unicode_identifier_part_char(target);
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::convert_is_java_identifier_start_char
+
+  Inputs:
+    target - a position in a goto program
+
+ Purpose: Converts function call to an assignment of an expression
+          corresponding to the java method isJavaIdentifierStart:(C)Z
+
+    TODO: For now we only allow letters and letter numbers.
+          The java specification for this function is not precise on the
+          other characters.
+
+\*******************************************************************/
+
+codet character_refine_preprocesst::convert_is_java_identifier_start_char(
+    conversion_inputt &target)
+{
+  return convert_char_function(
+    &character_refine_preprocesst::expr_of_is_unicode_identifier_part, target);
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::convert_char_is_digit_char
+
+  Inputs:
+    target - a position in a goto program
+
+ Purpose: Converts function call to an assignment of an expression
+          corresponding to the java method isJavaIdentifierStart:(I)Z
+
+\*******************************************************************/
+
+codet character_refine_preprocesst::convert_is_java_identifier_start_int(
+  conversion_inputt &target)
+{
+  return convert_is_java_identifier_start_char(target);
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::convert_is_java_letter
+
+  Inputs:
+    target - a position in a goto program
+
+ Purpose: Converts function call to an assignment of an expression
+          corresponding to the java method Character.isJavaLetter:(C)Z
+
+\*******************************************************************/
+
+codet character_refine_preprocesst::convert_is_java_letter(
+    conversion_inputt &target)
+{
+  return convert_is_java_identifier_start_char(target);
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::convert_is_java_letter_or_digit
+
+  Inputs:
+    target - a position in a goto program
+
+ Purpose: Converts function call to an assignment of an expression
+          corresponding to the java method isJavaLetterOrDigit:(C)Z
+
+\*******************************************************************/
+
+codet character_refine_preprocesst::convert_is_java_letter_or_digit(
+  conversion_inputt &target)
+{
+  return convert_is_java_identifier_part_char(target);
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::convert_is_letter_char
+
+  Inputs:
+    target - a position in a goto program
+
+ Purpose: Converts function call to an assignment of an expression
+          corresponding to the java method Character.isLetter:(C)Z
+
+\*******************************************************************/
+
+codet character_refine_preprocesst::convert_is_letter_char(
+  conversion_inputt &target)
+{
+  return convert_char_function(
+    &character_refine_preprocesst::expr_of_is_letter, target);
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::convert_is_letter_int
+
+  Inputs:
+    target - a position in a goto program
+
+ Purpose: Converts function call to an assignment of an expression
+          corresponding to the java method Character.isLetter:(I)Z
+
+\*******************************************************************/
+
+codet character_refine_preprocesst::convert_is_letter_int(
+  conversion_inputt &target)
+{
+  return convert_is_letter_char(target);
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::expr_of_is_letter_or_digit
+
+  Inputs:
+    chr - An expression of type character
+    type - A type for the output
+
+ Outputs: An expression of the given type
+
+ Purpose: Determines if the specified character is a letter or digit.
+
+\*******************************************************************/
+
+exprt character_refine_preprocesst::expr_of_is_letter_or_digit(
+  const exprt &chr, const typet &type)
+{
+  return or_exprt(expr_of_is_letter(chr, type), expr_of_is_digit(chr, type));
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::convert_is_letter_or_digit_char
+
+  Inputs:
+    target - a position in a goto program
+
+ Purpose: Converts function call to an assignment of an expression
+          corresponding to the java method Character.isLetterOrDigit:(C)Z
+
+\*******************************************************************/
+
+codet character_refine_preprocesst::convert_is_letter_or_digit_char(
+  conversion_inputt &target)
+{
+  return convert_char_function(
+    &character_refine_preprocesst::expr_of_is_digit, target);
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::convert_is_letter_or_digit_int
+
+  Inputs:
+    target - a position in a goto program
+
+ Purpose: Converts function call to an assignment of an expression
+          corresponding to the java method Character.isLetterOrDigit:(I)Z
+
+\*******************************************************************/
+
+codet character_refine_preprocesst::convert_is_letter_or_digit_int(
+  conversion_inputt &target)
+{
+  return convert_is_letter_or_digit_char(target);
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::convert_is_lower_case_char
+
+  Inputs:
+    target - a position in a goto program
+
+ Purpose: Converts function call to an assignment of an expression
+          corresponding to the java method Character.isLowerCase:(C)Z
+
+    TODO: For now we only consider ASCII characters
+
+\*******************************************************************/
+
+codet character_refine_preprocesst::convert_is_lower_case_char(
+  conversion_inputt &target)
+{
+  return convert_char_function(
+    &character_refine_preprocesst::expr_of_is_ascii_lower_case, target);
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::convert_is_lower_case_int()
+
+  Inputs:
+    target - a position in a goto program
+
+ Purpose: Converts function call to an assignment of an expression
+          corresponding to the java method Character.isLowerCase:(I)Z
+
+    TODO: For now we only consider ASCII characters
+
+\*******************************************************************/
+
+codet character_refine_preprocesst::convert_is_lower_case_int(
+  conversion_inputt &target)
+{
+  return convert_is_lower_case_char(target);
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::convert_is_low_surrogate
+
+  Inputs:
+    target - a position in a goto program
+
+ Purpose: Converts function call to an assignment of an expression
+          corresponding to the java method Character.isLowSurrogate:(I)Z
+
+\*******************************************************************/
+
+codet character_refine_preprocesst::convert_is_low_surrogate(
+  conversion_inputt &target)
+{
+  const code_function_callt &function_call=target;
+  assert(function_call.arguments().size()==1);
+  const exprt &arg=function_call.arguments()[0];
+  const exprt &result=function_call.lhs();
+  exprt is_low_surrogate=in_interval_expr(arg, 0xDC00, 0xDFFF);
+  return code_assignt(result, is_low_surrogate);
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::expr_of_is_mirrored
+
+  Inputs:
+    expr - An expression of type character
+    type - A type for the output
+
+ Outputs: An expression of the given type
+
+ Purpose: Determines whether the character is mirrored according to
+          the Unicode specification.
+
+    TODO: For now only ASCII characters are considered
+
+\*******************************************************************/
+
+exprt character_refine_preprocesst::expr_of_is_mirrored(
+  const exprt &chr, const typet &type)
+{
+  return in_list_expr(chr, {0x28, 0x29, 0x3C, 0x3E, 0x5B, 0x5D, 0x7B, 0x7D});
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::convert_is_mirrored_char
+
+  Inputs:
+    target - a position in a goto program
+
+ Purpose: Converts function call to an assignment of an expression
+          corresponding to the java method Character.isMirrored:(C)Z
+
+    TODO: For now only ASCII characters are considered
+
+\*******************************************************************/
+
+codet character_refine_preprocesst::convert_is_mirrored_char(
+  conversion_inputt &target)
+{
+  return convert_char_function(
+    &character_refine_preprocesst::expr_of_is_mirrored, target);
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::convert_is_mirrored_int
+
+  Inputs:
+    target - a position in a goto program
+
+ Purpose: Converts function call to an assignment of an expression
+          corresponding to the java method Character.isMirrored:(I)Z
+
+    TODO: For now only ASCII characters are considered
+
+\*******************************************************************/
+
+codet character_refine_preprocesst::convert_is_mirrored_int(
+  conversion_inputt &target)
+{
+  return convert_is_mirrored_char(target);
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::convert_is_space
+
+  Inputs:
+    target - a position in a goto program
+
+ Purpose: Converts function call to an assignment of an expression
+          corresponding to the java method Character.isSpace:(C)Z
+
+\*******************************************************************/
+
+codet character_refine_preprocesst::convert_is_space(conversion_inputt &target)
+{
+  return convert_is_whitespace_char(target);
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::expr_of_is_space_char
+
+  Inputs:
+    expr - An expression of type character
+    type - A type for the output
+
+ Outputs: A Boolean expression
+
+ Purpose: Determines if the specified character is white space
+          according to Unicode (SPACE_SEPARATOR, LINE_SEPARATOR, or
+          PARAGRAPH_SEPARATOR)
+
+\*******************************************************************/
+
+exprt character_refine_preprocesst::expr_of_is_space_char(
+  const exprt &chr, const typet &type)
+{
+  std::list<mp_integer> space_characters=
+    {0x20, 0x00A0, 0x1680, 0x202F, 0x205F, 0x3000, 0x2028, 0x2029};
+  exprt condition0=in_list_expr(chr, space_characters);
+  exprt condition1=in_interval_expr(chr, 0x2000, 0x200A);
+  return or_exprt(condition0, condition1);
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::convert_is_space_char
+
+  Inputs:
+    target - a position in a goto program
+
+ Purpose: Converts function call to an assignment of an expression
+          corresponding to the java method Character.isSpaceChar:(C)Z
+
+\*******************************************************************/
+
+codet character_refine_preprocesst::convert_is_space_char(
+  conversion_inputt &target)
+{
+  return convert_char_function(
+    &character_refine_preprocesst::expr_of_is_space_char, target);
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::convert_is_space_char_int()
+
+  Inputs:
+    target - a position in a goto program
+
+ Purpose: Converts function call to an assignment of an expression
+          corresponding to the java method Character.isSpaceChar:(I)Z
+
+\*******************************************************************/
+
+codet character_refine_preprocesst::convert_is_space_char_int(
+  conversion_inputt &target)
+{
+  return convert_is_space_char(target);
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::expr_of_is_supplementary_code_point
+
+  Inputs:
+    expr - An expression of type character
+    type - A type for the output
+
+ Outputs: A Boolean expression
+
+ Purpose: Determines whether the specified character (Unicode code
+          point) is in the supplementary character range.
+
+\*******************************************************************/
+
+exprt character_refine_preprocesst::expr_of_is_supplementary_code_point(
+  const exprt &chr, const typet &type)
+{
+  return binary_relation_exprt(chr, ID_gt, from_integer(0xFFFF, chr.type()));
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::convert_is_supplementary_code_point
+
+  Inputs:
+    target - a position in a goto program
+
+ Purpose: Converts function call to an assignment of an expression
+          corresponding to the java method
+          Character.isSupplementaryCodePoint:(I)Z
+
+\*******************************************************************/
+
+codet character_refine_preprocesst::convert_is_supplementary_code_point(
+  conversion_inputt &target)
+{
+  return convert_char_function(
+    &character_refine_preprocesst::expr_of_is_supplementary_code_point, target);
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::expr_of_is_surrogate
+
+  Inputs:
+    expr - An expression of type character
+    type - A type for the output
+
+ Outputs: A Boolean expression
+
+ Purpose: Determines if the given char value is a Unicode surrogate
+          code unit.
+
+\*******************************************************************/
+
+exprt character_refine_preprocesst::expr_of_is_surrogate(
+  const exprt &chr, const typet &type)
+{
+  return in_interval_expr(chr, 0xD800, 0xDFFF);
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::convert_is_surrogate
+
+  Inputs:
+    target - a position in a goto program
+
+ Purpose: Converts function call to an assignment of an expression
+          corresponding to the java method Character.isSurrogate:(C)Z
+
+\*******************************************************************/
+
+codet character_refine_preprocesst::convert_is_surrogate(
+  conversion_inputt &target)
+{
+  return convert_char_function(
+    &character_refine_preprocesst::expr_of_is_surrogate, target);
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::convert_is_surrogate_pair
+
+  Inputs:
+    target - a position in a goto program
+
+ Purpose: Converts function call to an assignment of an expression
+          corresponding to the java method Character.isSurrogatePair:(CC)Z
+
+\*******************************************************************/
+
+codet character_refine_preprocesst::convert_is_surrogate_pair(
+  conversion_inputt &target)
+{
+  const code_function_callt &function_call=target;
+  assert(function_call.arguments().size()==2);
+  const exprt &arg0=function_call.arguments()[0];
+  const exprt &arg1=function_call.arguments()[1];
+  const exprt &result=function_call.lhs();
+  exprt is_low_surrogate=in_interval_expr(arg1, 0xDC00, 0xDFFF);
+  exprt is_high_surrogate=in_interval_expr(arg0, 0xD800, 0xDBFF);
+  return code_assignt(result, and_exprt(is_high_surrogate, is_low_surrogate));
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::expr_of_is_title_case
+
+  Inputs:
+    expr - An expression of type character
+    type - A type for the output
+
+ Outputs: A Boolean expression
+
+ Purpose: Determines if the specified character is a titlecase character.
+
+\*******************************************************************/
+
+exprt character_refine_preprocesst::expr_of_is_title_case(
+  const exprt &chr, const typet &type)
+{
+  std::list<mp_integer>title_case_chars=
+    {0x01C5, 0x01C8, 0x01CB, 0x01F2, 0x1FBC, 0x1FCC, 0x1FFC};
+  exprt::operandst conditions;
+  conditions.push_back(in_list_expr(chr, title_case_chars));
+  conditions.push_back(in_interval_expr(chr, 0x1F88, 0x1F8F));
+  conditions.push_back(in_interval_expr(chr, 0x1F98, 0x1F9F));
+  conditions.push_back(in_interval_expr(chr, 0x1FA8, 0x1FAF));
+  return disjunction(conditions);
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::convert_is_title_case_char
+
+  Inputs:
+    target - a position in a goto program
+
+ Purpose: Converts function call to an assignment of an expression
+          corresponding to the java method Character.isTitleCase:(C)Z
+
+\*******************************************************************/
+
+codet character_refine_preprocesst::convert_is_title_case_char(
+  conversion_inputt &target)
+{
+  return convert_char_function(
+    &character_refine_preprocesst::expr_of_is_title_case, target);
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::convert_is_title_case_int
+
+  Inputs:
+    target - a position in a goto program
+
+ Purpose: Converts function call to an assignment of an expression
+          corresponding to the java method Character.isTitleCase:(I)Z
+
+\*******************************************************************/
+
+codet character_refine_preprocesst::convert_is_title_case_int(
+  conversion_inputt &target)
+{
+  return convert_is_title_case_char(target);
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::expr_of_is_letter_number
+
+  Inputs:
+    expr - An expression of type character
+    type - A type for the output
+
+ Outputs: A Boolean expression
+
+ Purpose: Determines if the specified character is in the LETTER_NUMBER
+          category of Unicode
+
+\*******************************************************************/
+
+exprt character_refine_preprocesst::expr_of_is_letter_number(
+  const exprt &chr, const typet &type)
+{
+  // The following set of characters is the general category "Nl" in the
+  // Unicode specification.
+  exprt cond0=in_interval_expr(chr, 0x16EE, 0x16F0);
+  exprt cond1=in_interval_expr(chr, 0x2160, 0x2188);
+  exprt cond2=in_interval_expr(chr, 0x3021, 0x3029);
+  exprt cond3=in_interval_expr(chr, 0x3038, 0x303A);
+  exprt cond4=in_interval_expr(chr, 0xA6E6, 0xA6EF);
+  exprt cond5=in_interval_expr(chr, 0x10140, 0x10174);
+  exprt cond6=in_interval_expr(chr, 0x103D1, 0x103D5);
+  exprt cond7=in_interval_expr(chr, 0x12400, 0x1246E);
+  exprt cond8=in_list_expr(chr, {0x3007, 0x10341, 0x1034A});
+  return or_exprt(
+    or_exprt(or_exprt(cond0, cond1), or_exprt(cond2, cond3)),
+    or_exprt(or_exprt(cond4, cond5), or_exprt(cond6, or_exprt(cond7, cond8))));
+}
+
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::expr_of_is_unicode_identifier_part
+
+  Inputs:
+    expr - An expression of type character
+    type - A type for the output
+
+ Outputs: A Boolean expression
+
+ Purpose: Determines if the character may be part of a Unicode identifier.
+
+    TODO: For now we do not allow connecting punctuation, combining mark,
+          non-spacing mark
+
+\*******************************************************************/
+
+exprt character_refine_preprocesst::expr_of_is_unicode_identifier_part(
+  const exprt &chr, const typet &type)
+{
+  exprt::operandst conditions;
+  conditions.push_back(expr_of_is_unicode_identifier_start(chr, type));
+  conditions.push_back(expr_of_is_digit(chr, type));
+  conditions.push_back(expr_of_is_identifier_ignorable(chr, type));
+  return disjunction(conditions);
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::convert_is_unicode_identifier_part_char
+
+  Inputs:
+    target - a position in a goto program
+
+ Purpose: Converts function call to an assignment of an expression
+          corresponding to the java method
+          Character.isUnicodeIdentifierPart:(C)Z
+
+\*******************************************************************/
+
+codet character_refine_preprocesst::convert_is_unicode_identifier_part_char(
+  conversion_inputt &target)
+{
+  return convert_char_function(
+    &character_refine_preprocesst::expr_of_is_unicode_identifier_part, target);
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::convert_is_unicode_identifier_part_int
+
+  Inputs:
+    target - a position in a goto program
+
+ Purpose: Converts function call to an assignment of an expression
+          corresponding to the java method
+          Character.isUnicodeIdentifierPart:(I)Z
+
+\*******************************************************************/
+
+codet character_refine_preprocesst::convert_is_unicode_identifier_part_int(
+  conversion_inputt &target)
+{
+  return convert_is_unicode_identifier_part_char(target);
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::expr_of_is_unicode_identifier_start
+
+  Inputs:
+    chr - An expression of type character
+    type - A type for the output
+
+ Outputs: A Boolean expression
+
+ Purpose: Determines if the specified character is permissible as the
+          first character in a Unicode identifier.
+
+\*******************************************************************/
+
+exprt character_refine_preprocesst::expr_of_is_unicode_identifier_start(
+  const exprt &chr, const typet &type)
+{
+  return or_exprt(
+    expr_of_is_letter(chr, type), expr_of_is_letter_number(chr, type));
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::convert_is_unicode_identifier_start_char
+
+  Inputs:
+    target - a position in a goto program
+
+ Purpose: Converts function call to an assignment of an expression
+          corresponding to the java method
+          Character.isUnicodeIdentifierStart:(C)Z
+
+\*******************************************************************/
+
+codet character_refine_preprocesst::convert_is_unicode_identifier_start_char(
+  conversion_inputt &target)
+{
+  return convert_char_function(
+    &character_refine_preprocesst::expr_of_is_unicode_identifier_start, target);
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::convert_is_unicode_identifier_start_int
+
+  Inputs:
+    target - a position in a goto program
+
+ Purpose: Converts function call to an assignment of an expression
+          corresponding to the java method
+          Character.isUnicodeIdentifierStart:(I)Z
+
+\*******************************************************************/
+
+codet character_refine_preprocesst::convert_is_unicode_identifier_start_int(
+  conversion_inputt &target)
+{
+  return convert_is_unicode_identifier_start_char(target);
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::convert_is_upper_case_char
+
+  Inputs:
+    target - a position in a goto program
+
+ Purpose: Converts function call to an assignment of an expression
+          corresponding to the java method Character.isUpperCase:(C)Z
+
+    TODO: For now we only consider ASCII characters
+
+\*******************************************************************/
+
+codet character_refine_preprocesst::convert_is_upper_case_char(
+  conversion_inputt &target)
+{
+  return convert_char_function(
+    &character_refine_preprocesst::expr_of_is_ascii_upper_case, target);
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::convert_is_upper_case_int
+
+  Inputs:
+    target - a position in a goto program
+
+ Purpose: Converts function call to an assignment of an expression
+          corresponding to the java method Character.isUpperCase:(I)Z
+
+\*******************************************************************/
+
+codet character_refine_preprocesst::convert_is_upper_case_int(
+  conversion_inputt &target)
+{
+  return convert_is_upper_case_char(target);
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::expr_of_is_valid_code_point
+
+  Inputs:
+    chr - An expression of type character
+    type - A type for the output
+
+ Outputs: A Boolean expression
+
+ Purpose: Determines whether the specified code point is a valid
+          Unicode code point value.
+          That is, in the range of integers from 0 to 0x10FFFF
+
+\*******************************************************************/
+
+exprt character_refine_preprocesst::expr_of_is_valid_code_point(
+  const exprt &chr, const typet &type)
+{
+  return binary_relation_exprt(chr, ID_le, from_integer(0x10FFFF, chr.type()));
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::convert_is_valid_code_point
+
+  Inputs:
+    target - a position in a goto program
+
+ Purpose: Converts function call to an assignment of an expression
+          corresponding to the java method Character.isValidCodePoint:(I)Z
+
+\*******************************************************************/
+
+codet character_refine_preprocesst::convert_is_valid_code_point(
+    conversion_inputt &target)
+{
+  return convert_char_function(
+    &character_refine_preprocesst::expr_of_is_valid_code_point, target);
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::expr_of_is_whitespace
+
+  Inputs:
+    expr - An expression of type character
+    type - A type for the output
+
+ Outputs: A Boolean expression
+
+ Purpose: Determines if the specified character is white space according
+          to Java. It is the case when it one of the following:
+          * a Unicode space character (SPACE_SEPARATOR, LINE_SEPARATOR, or
+            PARAGRAPH_SEPARATOR) but is not also a non-breaking space
+            ('\u00A0', '\u2007', '\u202F').
+          * it is one of these: U+0009  U+000A U+000B U+000C U+000D
+            U+001C U+001D U+001E U+001F
+
+\*******************************************************************/
+
+exprt character_refine_preprocesst::expr_of_is_whitespace(
+  const exprt &chr, const typet &type)
+{
+  exprt::operandst conditions;
+  std::list<mp_integer> space_characters=
+    {0x20, 0x1680, 0x205F, 0x3000, 0x2028, 0x2029};
+  conditions.push_back(in_list_expr(chr, space_characters));
+  conditions.push_back(in_interval_expr(chr, 0x2000, 0x2006));
+  conditions.push_back(in_interval_expr(chr, 0x2008, 0x200A));
+  conditions.push_back(in_interval_expr(chr, 0x09, 0x0D));
+  conditions.push_back(in_interval_expr(chr, 0x1C, 0x1F));
+  return disjunction(conditions);
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::convert_is_whitespace_char
+
+  Inputs:
+    target - a position in a goto program
+
+ Purpose: Converts function call to an assignment of an expression
+          corresponding to the java method Character.isWhitespace:(C)Z
+
+\*******************************************************************/
+
+codet character_refine_preprocesst::convert_is_whitespace_char(
+  conversion_inputt &target)
+{
+  return convert_char_function(
+    &character_refine_preprocesst::expr_of_is_whitespace, target);
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::convert_is_whitespace_int
+
+  Inputs:
+    target - a position in a goto program
+
+ Purpose: Converts function call to an assignment of an expression
+          corresponding to the java method Character.isWhitespace:(I)Z
+
+\*******************************************************************/
+
+codet character_refine_preprocesst::convert_is_whitespace_int(
+  conversion_inputt &target)
+{
+  return convert_is_whitespace_char(target);
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::expr_of_low_surrogate
+
+  Inputs:
+    expr - An expression of type character
+    type - A type for the output
+
+ Outputs: A integer expression of the given type
+
+ Purpose: Returns the trailing surrogate (a low surrogate code unit)
+          of the surrogate pair representing the specified
+          supplementary character (Unicode code point) in the UTF-16
+          encoding.
+
+\*******************************************************************/
+
+exprt character_refine_preprocesst::expr_of_low_surrogate(
+  const exprt &chr, const typet &type)
+{
+  exprt uDC00=from_integer(0xDC00, type);
+  exprt u0400=from_integer(0x0400, type);
+  return plus_exprt(uDC00, mod_exprt(chr, u0400));
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::convert_low_surrogate
+
+  Inputs:
+    target - a position in a goto program
+
+ Purpose: Converts function call to an assignment of an expression
+          corresponding to the java method Character.lowSurrogate:(I)Z
+
+\*******************************************************************/
+
+codet character_refine_preprocesst::convert_low_surrogate(
+  conversion_inputt &target)
+{
+  return convert_char_function(
+    &character_refine_preprocesst::expr_of_low_surrogate, target);
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::expr_of_reverse_bytes
+
+  Inputs:
+    expr - An expression of type character
+    type - A type for the output
+
+ Outputs: A character expression of the given type
+
+ Purpose: Returns the value obtained by reversing the order of the
+          bytes in the specified char value.
+
+\*******************************************************************/
+
+exprt character_refine_preprocesst::expr_of_reverse_bytes(
+  const exprt &chr, const typet &type)
+{
+  shl_exprt first_byte(chr, from_integer(8, type));
+  lshr_exprt second_byte(chr, from_integer(8, type));
+  return plus_exprt(first_byte, second_byte);
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::convert_reverse_bytes
+
+  Inputs:
+    target - a position in a goto program
+
+ Purpose: Converts function call to an assignment of an expression
+          corresponding to the java method Character.reverseBytes:(C)C
+
+\*******************************************************************/
+
+codet character_refine_preprocesst::convert_reverse_bytes(
+    conversion_inputt &target)
+{
+  return convert_char_function(
+    &character_refine_preprocesst::expr_of_reverse_bytes, target);
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::expr_of_to_chars
+
+  Inputs:
+    expr - An expression of type character
+    type - A type for the output
+
+ Outputs: A character array expression of the given type
+
+ Purpose: Converts the specified character (Unicode code point) to
+          its UTF-16 representation stored in a char array.
+          If the specified code point is a BMP (Basic Multilingual
+          Plane or Plane 0) value, the resulting char array has the
+          same value as codePoint.
+          If the specified code point is a supplementary code point,
+          the resulting char array has the corresponding surrogate pair.
+
+\*******************************************************************/
+
+exprt character_refine_preprocesst::expr_of_to_chars(
+  const exprt &chr, const typet &type)
+{
+  array_typet array_type=to_array_type(type);
+  const typet &char_type=array_type.subtype();
+  array_exprt case1(array_type);
+  array_exprt case2(array_type);
+  exprt low_surrogate=expr_of_low_surrogate(chr, char_type);
+  case1.copy_to_operands(low_surrogate);
+  case2.move_to_operands(low_surrogate);
+  exprt high_surrogate=expr_of_high_surrogate(chr, char_type);
+  case2.move_to_operands(high_surrogate);
+  return if_exprt(expr_of_is_bmp_code_point(chr, type), case1, case2);
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::convert_to_chars
+
+  Inputs:
+    target - a position in a goto program
+
+ Purpose: Converts function call to an assignment of an expression
+          corresponding to the java method Character.toChars:(I)[C
+
+\*******************************************************************/
+
+codet character_refine_preprocesst::convert_to_chars(conversion_inputt &target)
+{
+  return convert_char_function(
+    &character_refine_preprocesst::expr_of_to_chars, target);
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::convert_to_code_point
+
+  Inputs:
+    target - a position in a goto program
+
+ Purpose: Converts function call to an assignment of an expression
+          corresponding to the java method Character.toCodePoint:(CC)I
+
+\*******************************************************************/
+
+codet character_refine_preprocesst::convert_to_code_point(
+  conversion_inputt &target)
+{
+  const code_function_callt &function_call=target;
+  assert(function_call.arguments().size()==2);
+  const exprt &arg0=function_call.arguments()[0];
+  const exprt &arg1=function_call.arguments()[1];
+  const exprt &result=function_call.lhs();
+  const typet &type=result.type();
+
+  // These operations implement the decoding of a unicode symbol encoded
+  // in UTF16 for the supplementary planes (above U+10000).
+  // The low ten bits of the first character give the bits 10 to 19 of
+  // code point and the low ten bits of the second give the bits 0 to 9,
+  // then 0x10000 is added to the result. For more explenations see:
+  //   https://en.wikipedia.org/wiki/UTF-16
+
+  exprt u010000=from_integer(0x010000, type);
+  exprt mask10bit=from_integer(0x03FF, type);
+  shl_exprt m1(bitand_exprt(arg0, mask10bit), from_integer(10, type));
+  bitand_exprt m2(arg1, mask10bit);
+  bitor_exprt pair_value(u010000, bitor_exprt(m1, m2));
+  return code_assignt(result, pair_value);
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::expr_of_to_lower_case
+
+  Inputs:
+    chr - An expression of type character
+    type - A type for the output
+
+ Outputs: An expression of the given type
+
+ Purpose: Converts the character argument to lowercase.
+
+    TODO: For now we only consider ASCII characters but ultimately
+          we should use case mapping information from the
+          UnicodeData file
+
+\*******************************************************************/
+
+exprt character_refine_preprocesst::expr_of_to_lower_case(
+  const exprt &chr, const typet &type)
+{
+  minus_exprt transformed(
+    plus_exprt(chr, from_integer('a', type)), from_integer('A', type));
+
+  if_exprt res(expr_of_is_ascii_upper_case(chr, type), transformed, chr);
+  return res;
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::convert_to_lower_case_char
+
+  Inputs:
+    target - a position in a goto program
+
+ Purpose: Converts function call to an assignment of an expression
+          corresponding to the java method Character.toLowerCase:(C)C
+
+\*******************************************************************/
+
+codet character_refine_preprocesst::convert_to_lower_case_char(
+  conversion_inputt &target)
+{
+  return convert_char_function(
+    &character_refine_preprocesst::expr_of_to_lower_case, target);
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::convert_to_lower_case_int()
+
+  Inputs:
+    target - a position in a goto program
+
+ Purpose: Converts function call to an assignment of an expression
+          corresponding to the java method Character.toLowerCase:(I)I
+
+\*******************************************************************/
+
+codet character_refine_preprocesst::convert_to_lower_case_int(
+  conversion_inputt &target)
+{
+  return convert_to_lower_case_char(target);
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::expr_of_to_title_case
+
+  Inputs:
+    chr - An expression of type character
+    type - A type for the output
+
+ Outputs: An expression of the given type
+
+ Purpose: Converts the character argument to titlecase.
+
+\*******************************************************************/
+
+exprt character_refine_preprocesst::expr_of_to_title_case(
+  const exprt &chr, const typet &type)
+{
+  std::list<mp_integer> increment_list={0x01C4, 0x01C7, 0x01CA, 0x01F1};
+  std::list<mp_integer> decrement_list={0x01C6, 0x01C9, 0x01CC, 0x01F3};
+  exprt plus_8_interval1=in_interval_expr(chr, 0x1F80, 0x1F87);
+  exprt plus_8_interval2=in_interval_expr(chr, 0x1F90, 0x1F97);
+  exprt plus_8_interval3=in_interval_expr(chr, 0x1FA0, 0x1FA7);
+  std::list<mp_integer> plus_9_list={0x1FB3, 0x1FC3, 0x1FF3};
+  minus_exprt minus_1(chr, from_integer(1, type));
+  plus_exprt plus_1(chr, from_integer(1, type));
+  plus_exprt plus_8(chr, from_integer(8, type));
+  plus_exprt plus_9(chr, from_integer(9, type));
+  or_exprt plus_8_set(
+    plus_8_interval1, or_exprt(plus_8_interval2, plus_8_interval3));
+
+  if_exprt res(
+    in_list_expr(chr, increment_list),
+    plus_1,
+    if_exprt(
+      in_list_expr(chr, decrement_list),
+      minus_1,
+      if_exprt(
+        plus_8_set,
+        plus_8,
+        if_exprt(
+          in_list_expr(chr, plus_9_list),
+          plus_9,
+          chr))));
+
+  return res;
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::convert_to_title_case_char
+
+  Inputs:
+    target - a position in a goto program
+
+ Purpose: Converts function call to an assignment of an expression
+          corresponding to the java method Character.toTitleCase:(C)C
+
+\*******************************************************************/
+
+codet character_refine_preprocesst::convert_to_title_case_char(
+  conversion_inputt &target)
+{
+  return convert_char_function(
+    &character_refine_preprocesst::expr_of_to_title_case, target);
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::convert_to_title_case_int
+
+  Inputs:
+    target - a position in a goto program
+
+ Purpose: Converts function call to an assignment of an expression
+          corresponding to the java method Character.toTitleCase:(I)I
+
+\*******************************************************************/
+
+codet character_refine_preprocesst::convert_to_title_case_int(
+  conversion_inputt &target)
+{
+  return convert_to_title_case_char(target);
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::expr_of_to_upper_case
+
+  Inputs:
+    chr - An expression of type character
+    type - A type for the output
+
+ Outputs: An expression of the given type
+
+ Purpose: Converts the character argument to uppercase.
+
+    TODO: For now we only consider ASCII characters but ultimately
+          we should use case mapping information from the
+          UnicodeData file
+
+\*******************************************************************/
+
+exprt character_refine_preprocesst::expr_of_to_upper_case(
+  const exprt &chr, const typet &type)
+{
+  minus_exprt transformed(
+    plus_exprt(chr, from_integer('A', type)), from_integer('a', type));
+
+  if_exprt res(expr_of_is_ascii_lower_case(chr, type), transformed, chr);
+  return res;
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::convert_to_upper_case_char
+
+  Inputs:
+    target - a position in a goto program
+
+ Purpose: Converts function call to an assignment of an expression
+          corresponding to the java method Character.toUpperCase:(C)C
+
+\*******************************************************************/
+
+codet character_refine_preprocesst::convert_to_upper_case_char(
+  conversion_inputt &target)
+{
+  return convert_char_function(
+    &character_refine_preprocesst::expr_of_to_upper_case, target);
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::convert_to_upper_case_int
+
+  Inputs:
+    target - a position in a goto program
+
+ Purpose: Converts function call to an assignment of an expression
+          corresponding to the java method Character.toUpperCase:(I)I
+
+\*******************************************************************/
+
+codet character_refine_preprocesst::convert_to_upper_case_int(
+  conversion_inputt &target)
+{
+  return convert_to_upper_case_char(target);
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::replace_character_call
+
+  Inputs:
+    code - the code of a function call
+
+ Outputs: code where character function call get replaced by
+          an simple instruction
+
+ Purpose: replace function calls to functions of the Character by
+          an affectation if possible, returns the same code otherwise.
+          For this method to have an effect initialize_conversion_table
+          must have been called before.
+
+\*******************************************************************/
+
+codet character_refine_preprocesst::replace_character_call(
+  const code_function_callt &code) const
+{
+  if(code.function().id()==ID_symbol)
+  {
+    const irep_idt &function_id=
+      to_symbol_expr(code.function()).get_identifier();
+    auto it=conversion_table.find(function_id);
+    if(it!=conversion_table.end())
+      return (it->second)(code);
+  }
+
+  return code;
+}
+
+/*******************************************************************\
+
+Function: character_refine_preprocesst::initialize_conversion_table
+
+ Purpose: fill maps with correspondance from java method names to
+          conversion functions
+
+\*******************************************************************/
+
+void character_refine_preprocesst::initialize_conversion_table()
+{
+  // All methods are listed here in alphabetic order
+  // The ones that are not supported by this module (though they may be
+  // supported by the string solver) have no entry in the conversion
+  // table and are marked in this way:
+  // Not supported "java::java.lang.Character.<init>()"
+
+  conversion_table["java::java.lang.Character.charCount:(I)I"]=
+      &character_refine_preprocesst::convert_char_count;
+  conversion_table["java::java.lang.Character.charValue:()C"]=
+      &character_refine_preprocesst::convert_char_value;
+
+  // Not supported "java::java.lang.Character.codePointAt:([CI)I
+  // Not supported "java::java.lang.Character.codePointAt:([CII)I"
+  // Not supported "java::java.lang.Character.codePointAt:"
+  //   "(Ljava.lang.CharSequence;I)I"
+  // Not supported "java::java.lang.Character.codePointBefore:([CI)I"
+  // Not supported "java::java.lang.Character.codePointBefore:([CII)I"
+  // Not supported "java::java.lang.Character.codePointBefore:"
+  //   "(Ljava.lang.CharSequence;I)I"
+  // Not supported "java::java.lang.Character.codePointCount:([CII)I"
+  // Not supported "java::java.lang.Character.codePointCount:"
+  //   "(Ljava.lang.CharSequence;I)I"
+  // Not supported "java::java.lang.Character.compareTo:"
+  //   "(Ljava.lang.Character;)I"
+
+  conversion_table["java::java.lang.Character.compare:(CC)I"]=
+      &character_refine_preprocesst::convert_compare;
+  conversion_table["java::java.lang.Character.digit:(CI)I"]=
+      &character_refine_preprocesst::convert_digit_char;
+  conversion_table["java::java.lang.Character.digit:(II)I"]=
+      &character_refine_preprocesst::convert_digit_int;
+
+  // Not supported "java::java.lang.Character.equals:(Ljava.lang.Object;)Z"
+
+  conversion_table["java::java.lang.Character.forDigit:(II)C"]=
+      &character_refine_preprocesst::convert_for_digit;
+  conversion_table["java::java.lang.Character.getDirectionality:(C)B"]=
+      &character_refine_preprocesst::convert_get_directionality_char;
+  conversion_table["java::java.lang.Character.getDirectionality:(I)B"]=
+      &character_refine_preprocesst::convert_get_directionality_int;
+
+  // Not supported "java::java.lang.Character.getName:(I)Ljava.lang.String;"
+
+  conversion_table["java::java.lang.Character.getNumericValue:(C)I"]=
+      &character_refine_preprocesst::convert_get_numeric_value_char;
+  conversion_table["java::java.lang.Character.getNumericValue:(I)I"]=
+      &character_refine_preprocesst::convert_get_numeric_value_int;
+  conversion_table["java::java.lang.Character.getType:(C)I"]=
+      &character_refine_preprocesst::convert_get_type_char;
+  conversion_table["java::java.lang.Character.getType:(I)Z"]=
+      &character_refine_preprocesst::convert_get_type_int;
+  conversion_table["java::java.lang.Character.hashCode:()I"]=
+      &character_refine_preprocesst::convert_hash_code;
+  conversion_table["java::java.lang.Character.highSurrogate:(C)Z"]=
+      &character_refine_preprocesst::convert_high_surrogate;
+  conversion_table["java::java.lang.Character.isAlphabetic:(I)Z"]=
+      &character_refine_preprocesst::convert_is_alphabetic;
+  conversion_table["java::java.lang.Character.isBmpCodePoint:(I)Z"]=
+      &character_refine_preprocesst::convert_is_bmp_code_point;
+  conversion_table["java::java.lang.Character.isDefined:(C)Z"]=
+      &character_refine_preprocesst::convert_is_defined_char;
+  conversion_table["java::java.lang.Character.isDefined:(I)Z"]=
+      &character_refine_preprocesst::convert_is_defined_int;
+  conversion_table["java::java.lang.Character.isDigit:(C)Z"]=
+      &character_refine_preprocesst::convert_is_digit_char;
+  conversion_table["java::java.lang.Character.isDigit:(I)Z"]=
+      &character_refine_preprocesst::convert_is_digit_int;
+  conversion_table["java::java.lang.Character.isHighSurrogate:(C)Z"]=
+      &character_refine_preprocesst::convert_is_high_surrogate;
+  conversion_table["java::java.lang.Character.isIdentifierIgnorable:(C)Z"]=
+      &character_refine_preprocesst::convert_is_identifier_ignorable_char;
+  conversion_table["java::java.lang.Character.isIdentifierIgnorable:(I)Z"]=
+      &character_refine_preprocesst::convert_is_identifier_ignorable_int;
+  conversion_table["java::java.lang.Character.isIdeographic:(C)Z"]=
+      &character_refine_preprocesst::convert_is_ideographic;
+  conversion_table["java::java.lang.Character.isISOControl:(C)Z"]=
+      &character_refine_preprocesst::convert_is_ISO_control_char;
+  conversion_table["java::java.lang.Character.isISOControl:(I)Z"]=
+      &character_refine_preprocesst::convert_is_ISO_control_int;
+  conversion_table["java::java.lang.Character.isJavaIdentifierPart:(C)Z"]=
+      &character_refine_preprocesst::convert_is_java_identifier_part_char;
+  conversion_table["java::java.lang.Character.isJavaIdentifierPart:(I)Z"]=
+      &character_refine_preprocesst::convert_is_java_identifier_part_int;
+  conversion_table["java::java.lang.Character.isJavaIdentifierStart:(C)Z"]=
+      &character_refine_preprocesst::convert_is_java_identifier_start_char;
+  conversion_table["java::java.lang.Character.isJavaIdentifierStart:(I)Z"]=
+      &character_refine_preprocesst::convert_is_java_identifier_start_int;
+  conversion_table["java::java.lang.Character.isJavaLetter:(C)Z"]=
+      &character_refine_preprocesst::convert_is_java_letter;
+  conversion_table["java::java.lang.Character.isJavaLetterOrDigit:(C)Z"]=
+      &character_refine_preprocesst::convert_is_java_letter_or_digit;
+  conversion_table["java::java.lang.Character.isLetter:(C)Z"]=
+      &character_refine_preprocesst::convert_is_letter_char;
+  conversion_table["java::java.lang.Character.isLetter:(I)Z"]=
+      &character_refine_preprocesst::convert_is_letter_int;
+  conversion_table["java::java.lang.Character.isLetterOrDigit:(C)Z"]=
+      &character_refine_preprocesst::convert_is_letter_or_digit_char;
+  conversion_table["java::java.lang.Character.isLetterOrDigit:(I)Z"]=
+      &character_refine_preprocesst::convert_is_letter_or_digit_int;
+  conversion_table["java::java.lang.Character.isLowerCase:(C)Z"]=
+      &character_refine_preprocesst::convert_is_lower_case_char;
+  conversion_table["java::java.lang.Character.isLowerCase:(I)Z"]=
+      &character_refine_preprocesst::convert_is_lower_case_int;
+  conversion_table["java::java.lang.Character.isLowSurrogate:(I)Z"]=
+      &character_refine_preprocesst::convert_is_low_surrogate;
+  conversion_table["java::java.lang.Character.isMirrored:(C)Z"]=
+      &character_refine_preprocesst::convert_is_mirrored_char;
+  conversion_table["java::java.lang.Character.isMirrored:(I)Z"]=
+      &character_refine_preprocesst::convert_is_mirrored_int;
+  conversion_table["java::java.lang.Character.isSpace:(C)Z"]=
+      &character_refine_preprocesst::convert_is_space;
+  conversion_table["java::java.lang.Character.isSpaceChar:(C)Z"]=
+      &character_refine_preprocesst::convert_is_space_char;
+  conversion_table["java::java.lang.Character.isSpaceChar:(I)Z"]=
+      &character_refine_preprocesst::convert_is_space_char_int;
+  conversion_table["java::java.lang.Character.isSupplementaryCodePoint:(I)Z"]=
+      &character_refine_preprocesst::convert_is_supplementary_code_point;
+  conversion_table["java::java.lang.Character.isSurrogate:(C)Z"]=
+      &character_refine_preprocesst::convert_is_surrogate;
+  conversion_table["java::java.lang.Character.isSurrogatePair:(CC)Z"]=
+      &character_refine_preprocesst::convert_is_surrogate_pair;
+  conversion_table["java::java.lang.Character.isTitleCase:(C)Z"]=
+      &character_refine_preprocesst::convert_is_title_case_char;
+  conversion_table["java::java.lang.Character.isTitleCase:(I)Z"]=
+      &character_refine_preprocesst::convert_is_title_case_int;
+  conversion_table["java::java.lang.Character.isUnicodeIdentifierPart:(C)Z"]=
+      &character_refine_preprocesst::convert_is_unicode_identifier_part_char;
+  conversion_table["java::java.lang.Character.isUnicodeIdentifierPart:(I)Z"]=
+      &character_refine_preprocesst::convert_is_unicode_identifier_part_int;
+  conversion_table["java::java.lang.Character.isUnicodeIdentifierStart:(C)Z"]=
+      &character_refine_preprocesst::convert_is_unicode_identifier_start_char;
+  conversion_table["java::java.lang.Character.isUnicodeIdentifierStart:(I)Z"]=
+      &character_refine_preprocesst::convert_is_unicode_identifier_start_int;
+  conversion_table["java::java.lang.Character.isUpperCase:(C)Z"]=
+      &character_refine_preprocesst::convert_is_upper_case_char;
+  conversion_table["java::java.lang.Character.isUpperCase:(I)Z"]=
+      &character_refine_preprocesst::convert_is_upper_case_int;
+  conversion_table["java::java.lang.Character.isValidCodePoint:(I)Z"]=
+      &character_refine_preprocesst::convert_is_valid_code_point;
+  conversion_table["java::java.lang.Character.isWhitespace:(C)Z"]=
+      &character_refine_preprocesst::convert_is_whitespace_char;
+  conversion_table["java::java.lang.Character.isWhitespace:(I)Z"]=
+      &character_refine_preprocesst::convert_is_whitespace_int;
+  conversion_table["java::java.lang.Character.lowSurrogate:(I)Z"]=
+      &character_refine_preprocesst::convert_is_low_surrogate;
+
+  // Not supported "java::java.lang.Character.offsetByCodePoints:([CIIII)I"
+  // Not supported "java::java.lang.Character.offsetByCodePoints:"
+  //   "(Ljava.lang.CharacterSequence;II)I"
+
+  conversion_table["java::java.lang.Character.reverseBytes:(C)C"]=
+      &character_refine_preprocesst::convert_reverse_bytes;
+  conversion_table["java::java.lang.Character.toChars:(I)[C"]=
+      &character_refine_preprocesst::convert_to_chars;
+
+  // Not supported "java::java.lang.Character.toChars:(I[CI])I"
+
+  conversion_table["java::java.lang.Character.toCodePoint:(CC)I"]=
+      &character_refine_preprocesst::convert_to_code_point;
+  conversion_table["java::java.lang.Character.toLowerCase:(C)C"]=
+      &character_refine_preprocesst::convert_to_lower_case_char;
+  conversion_table["java::java.lang.Character.toLowerCase:(I)I"]=
+      &character_refine_preprocesst::convert_to_lower_case_int;
+
+  // Not supported "java::java.lang.Character.toString:()Ljava.lang.String;"
+  // Not supported "java::java.lang.Character.toString:(C)Ljava.lang.String;"
+
+  conversion_table["java::java.lang.Character.toTitleCase:(C)C"]=
+      &character_refine_preprocesst::convert_to_title_case_char;
+  conversion_table["java::java.lang.Character.toTitleCase:(I)I"]=
+      &character_refine_preprocesst::convert_to_title_case_int;
+  conversion_table["java::java.lang.Character.toUpperCase:(C)C"]=
+      &character_refine_preprocesst::convert_to_upper_case_char;
+  conversion_table["java::java.lang.Character.toUpperCase:(I)I"]=
+      &character_refine_preprocesst::convert_to_upper_case_int;
+
+  // Not supported "java::java.lang.Character.valueOf:(C)Ljava.lang.Character;"
+}
diff --git a/src/java_bytecode/character_refine_preprocess.h b/src/java_bytecode/character_refine_preprocess.h
new file mode 100644
index 00000000000..45f76a5d5b6
--- /dev/null
+++ b/src/java_bytecode/character_refine_preprocess.h
@@ -0,0 +1,152 @@
+/*******************************************************************\
+
+Module: Preprocess a goto-programs so that calls to the java Character
+        library are replaced by simple expressions.
+        For now support is limited to character in the ASCII range,
+        some methods may have incorrect specifications outside of this range.
+
+Author: Romain Brenguier
+
+Date:   March 2017
+
+\*******************************************************************/
+
+#ifndef CPROVER_JAVA_BYTECODE_CHARACTER_REFINE_PREPROCESS_H
+#define CPROVER_JAVA_BYTECODE_CHARACTER_REFINE_PREPROCESS_H
+
+#include <util/ui_message.h>
+#include <util/std_code.h>
+
+class character_refine_preprocesst:public messaget
+{
+public:
+  void initialize_conversion_table();
+  codet replace_character_call(const code_function_callt &call) const;
+
+private:
+  typedef const code_function_callt &conversion_inputt;
+  typedef codet (*conversion_functiont)(conversion_inputt &target);
+  // A table tells us what method to call for each java method signature
+  std::unordered_map<irep_idt, conversion_functiont, irep_id_hash>
+    conversion_table;
+
+  // Conversion functions
+  static exprt expr_of_char_count(const exprt &chr, const typet &type);
+  static codet convert_char_count(conversion_inputt &target);
+  static exprt expr_of_char_value(const exprt &chr, const typet &type);
+  static codet convert_char_value(conversion_inputt &target);
+  static codet convert_compare(conversion_inputt &target);
+  static codet convert_digit_char(conversion_inputt &target);
+  static codet convert_digit_int(conversion_inputt &target);
+  static codet convert_for_digit(conversion_inputt &target);
+  static codet convert_get_directionality_char(conversion_inputt &target);
+  static codet convert_get_directionality_int(conversion_inputt &target);
+  static codet convert_get_numeric_value_char(conversion_inputt &target);
+  static codet convert_get_numeric_value_int(conversion_inputt &target);
+  static codet convert_get_type_char(conversion_inputt &target);
+  static codet convert_get_type_int(conversion_inputt &target);
+  static codet convert_hash_code(conversion_inputt &target);
+  static exprt expr_of_high_surrogate(const exprt &chr, const typet &type);
+  static codet convert_high_surrogate(conversion_inputt &target);
+  static exprt expr_of_is_alphabetic(const exprt &chr, const typet &type);
+  static codet convert_is_alphabetic(conversion_inputt &target);
+  static exprt expr_of_is_bmp_code_point(const exprt &chr, const typet &type);
+  static codet convert_is_bmp_code_point(conversion_inputt &target);
+  static exprt expr_of_is_defined(const exprt &chr, const typet &type);
+  static codet convert_is_defined_char(conversion_inputt &target);
+  static codet convert_is_defined_int(conversion_inputt &target);
+  static exprt expr_of_is_digit(const exprt &chr, const typet &type);
+  static codet convert_is_digit_char(conversion_inputt &target);
+  static codet convert_is_digit_int(conversion_inputt &target);
+  static exprt expr_of_is_high_surrogate(const exprt &chr, const typet &type);
+  static codet convert_is_high_surrogate(conversion_inputt &target);
+  static exprt expr_of_is_identifier_ignorable(
+    const exprt &chr, const typet &type);
+  static codet convert_is_identifier_ignorable_char(conversion_inputt &target);
+  static codet convert_is_identifier_ignorable_int(conversion_inputt &target);
+  static codet convert_is_ideographic(conversion_inputt &target);
+  static codet convert_is_ISO_control_char(conversion_inputt &target);
+  static codet convert_is_ISO_control_int(conversion_inputt &target);
+  static codet convert_is_java_identifier_part_char(conversion_inputt &target);
+  static codet convert_is_java_identifier_part_int(conversion_inputt &target);
+  static codet convert_is_java_identifier_start_char(conversion_inputt &target);
+  static codet convert_is_java_identifier_start_int(conversion_inputt &target);
+  static codet convert_is_java_letter(conversion_inputt &target);
+  static codet convert_is_java_letter_or_digit(conversion_inputt &target);
+  static exprt expr_of_is_letter(const exprt &chr, const typet &type);
+  static codet convert_is_letter_char(conversion_inputt &target);
+  static codet convert_is_letter_int(conversion_inputt &target);
+  static exprt expr_of_is_letter_or_digit(const exprt &chr, const typet &type);
+  static codet convert_is_letter_or_digit_char(conversion_inputt &target);
+  static codet convert_is_letter_or_digit_int(conversion_inputt &target);
+  static exprt expr_of_is_ascii_lower_case(const exprt &chr, const typet &type);
+  static codet convert_is_lower_case_char(conversion_inputt &target);
+  static codet convert_is_lower_case_int(conversion_inputt &target);
+  static codet convert_is_low_surrogate(conversion_inputt &target);
+  static exprt expr_of_is_mirrored(const exprt &chr, const typet &type);
+  static codet convert_is_mirrored_char(conversion_inputt &target);
+  static codet convert_is_mirrored_int(conversion_inputt &target);
+  static codet convert_is_space(conversion_inputt &target);
+  static exprt expr_of_is_space_char(const exprt &chr, const typet &type);
+  static codet convert_is_space_char(conversion_inputt &target);
+  static codet convert_is_space_char_int(conversion_inputt &target);
+  static exprt expr_of_is_supplementary_code_point(
+    const exprt &chr, const typet &type);
+  static codet convert_is_supplementary_code_point(conversion_inputt &target);
+  static exprt expr_of_is_surrogate(const exprt &chr, const typet &type);
+  static codet convert_is_surrogate(conversion_inputt &target);
+  static codet convert_is_surrogate_pair(conversion_inputt &target);
+  static exprt expr_of_is_title_case(const exprt &chr, const typet &type);
+  static codet convert_is_title_case_char(conversion_inputt &target);
+  static codet convert_is_title_case_int(conversion_inputt &target);
+  static exprt expr_of_is_letter_number(const exprt &chr, const typet &type);
+  static exprt expr_of_is_unicode_identifier_part(
+    const exprt &chr, const typet &type);
+  static codet convert_is_unicode_identifier_part_char(
+    conversion_inputt &target);
+  static codet convert_is_unicode_identifier_part_int(
+    conversion_inputt &target);
+  static exprt expr_of_is_unicode_identifier_start(
+    const exprt &chr, const typet &type);
+  static codet convert_is_unicode_identifier_start_char(
+    conversion_inputt &target);
+  static codet convert_is_unicode_identifier_start_int(
+    conversion_inputt &target);
+  static exprt expr_of_is_ascii_upper_case(const exprt &chr, const typet &type);
+  static codet convert_is_upper_case_char(conversion_inputt &target);
+  static codet convert_is_upper_case_int(conversion_inputt &target);
+  static exprt expr_of_is_valid_code_point(const exprt &chr, const typet &type);
+  static codet convert_is_valid_code_point(conversion_inputt &target);
+  static exprt expr_of_is_whitespace(const exprt &chr, const typet &type);
+  static codet convert_is_whitespace_char(conversion_inputt &target);
+  static codet convert_is_whitespace_int(conversion_inputt &target);
+  static exprt expr_of_low_surrogate(const exprt &chr, const typet &type);
+  static codet convert_low_surrogate(conversion_inputt &target);
+  static exprt expr_of_reverse_bytes(const exprt &chr, const typet &type);
+  static codet convert_reverse_bytes(conversion_inputt &target);
+  static exprt expr_of_to_chars(const exprt &chr, const typet &type);
+  static codet convert_to_chars(conversion_inputt &target);
+  static codet convert_to_code_point(conversion_inputt &target);
+  static exprt expr_of_to_lower_case(const exprt &chr, const typet &type);
+  static codet convert_to_lower_case_char(conversion_inputt &target);
+  static codet convert_to_lower_case_int(conversion_inputt &target);
+  static exprt expr_of_to_title_case(const exprt &chr, const typet &type);
+  static codet convert_to_title_case_char(conversion_inputt &target);
+  static codet convert_to_title_case_int(conversion_inputt &target);
+  static exprt expr_of_to_upper_case(const exprt &chr, const typet &type);
+  static codet convert_to_upper_case_char(conversion_inputt &target);
+  static codet convert_to_upper_case_int(conversion_inputt &target);
+
+  // Helper functions
+  static codet convert_char_function(
+    exprt (*expr_function)(const exprt &chr, const typet &type),
+    conversion_inputt &target);
+  static exprt in_interval_expr(
+    const exprt &chr,
+    const mp_integer &lower_bound,
+    const mp_integer &upper_bound);
+  static exprt in_list_expr(
+    const exprt &chr, const std::list<mp_integer> &list);
+};
+
+#endif // CPROVER_JAVA_BYTECODE_CHARACTER_REFINE_PREPROCESS_H

From dead0224b107ebb947cb68e22e28d922822b867c Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Mon, 27 Mar 2017 13:17:06 +0100
Subject: [PATCH 156/699] Corrected type problem for the function
 Character.forDigit:(II)C

---
 src/java_bytecode/character_refine_preprocess.cpp | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/java_bytecode/character_refine_preprocess.cpp b/src/java_bytecode/character_refine_preprocess.cpp
index ea7ff1becf7..79c134670f9 100644
--- a/src/java_bytecode/character_refine_preprocess.cpp
+++ b/src/java_bytecode/character_refine_preprocess.cpp
@@ -306,7 +306,7 @@ Function: character_refine_preprocesst::convert_for_digit
     target - a position in a goto program
 
  Purpose: Converts function call to an assignment of an expression
-          corresponding to the java method Character.forDigit:(II)I
+          corresponding to the java method Character.forDigit:(II)C
 
     TODO: For now the radix argument is ignored
 
@@ -319,11 +319,12 @@ codet character_refine_preprocesst::convert_for_digit(conversion_inputt &target)
   const exprt &digit=function_call.arguments()[0];
   const exprt &result=function_call.lhs();
   const typet &type=result.type();
+  typecast_exprt casted_digit(digit, type);
 
   exprt d10=from_integer(10, type);
-  binary_relation_exprt small(digit, ID_le, d10);
-  plus_exprt value1(digit, from_integer('0', type));
-  minus_exprt value2(plus_exprt(digit, from_integer('a', digit.type())), d10);
+  binary_relation_exprt small(casted_digit, ID_le, d10);
+  plus_exprt value1(casted_digit, from_integer('0', type));
+  plus_exprt value2(minus_exprt(casted_digit, d10), from_integer('a', type));
   return code_assignt(result, if_exprt(small, value1, value2));
 }
 

From 91d07b1e114872fcbfc5fa2d5c78dc162717f5ca Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Thu, 16 Mar 2017 14:54:57 +0000
Subject: [PATCH 157/699] Bug corrections in string refinement

Case of array-of in substitute array access
making substitute_array_access do in-place substitution
Setting the type for unknown values in substitute_array_access
Unknown values could cause type problems if we do not force the type
for them.

Setting ui for temporary solver

Remove the mode option from string solver

This option is no longer requiered because the implementation is now
language independent.

Adapt add_axioms_for_insert for 5 arguments #110

Fixed linting issue in string_constraint_generator_concat.cpp

Comment on the maximal length for string

Using max_string_length as the limit for refinement

Using unsigned type for max string length

Using const ref in substitute_array_with_expr

Correcting type of max_string_length and length comparison functions

space before & sign instead of after

Correcting initial_loop_bound type

Putting each cbmc option on a  separate line for easy merging

Use size_t for string sizes

Add comment in concretize_string
---
 src/cbmc/cbmc_parse_options.h                 |   5 +-
 .../refinement/string_constraint_generator.h  |  17 +-
 .../string_constraint_generator_concat.cpp    |   3 +-
 .../string_constraint_generator_insert.cpp    |  25 ++-
 .../string_constraint_generator_main.cpp      |   4 +-
 src/solvers/refinement/string_refinement.cpp  | 169 ++++++++++++++----
 src/solvers/refinement/string_refinement.h    |  11 +-
 src/util/string_expr.h                        |   6 +-
 8 files changed, 173 insertions(+), 67 deletions(-)

diff --git a/src/cbmc/cbmc_parse_options.h b/src/cbmc/cbmc_parse_options.h
index 4bdc07a6278..2c54dfc7353 100644
--- a/src/cbmc/cbmc_parse_options.h
+++ b/src/cbmc/cbmc_parse_options.h
@@ -38,7 +38,10 @@ class optionst;
   "(no-sat-preprocessor)" \
   "(no-pretty-names)(beautify)" \
   "(dimacs)(refine)(max-node-refinement):(refine-arrays)(refine-arithmetic)"\
-  "(refine-strings)(string-non-empty)(string-printable)(string-max-length):" \
+  "(refine-strings)" \
+  "(string-non-empty)" \
+  "(string-printable)" \
+  "(string-max-length):" \
   "(aig)(16)(32)(64)(LP64)(ILP64)(LLP64)(ILP32)(LP32)" \
   "(little-endian)(big-endian)" \
   "(show-goto-functions)(show-loops)" \
diff --git a/src/solvers/refinement/string_constraint_generator.h b/src/solvers/refinement/string_constraint_generator.h
index d8f3f17326e..163adc5aab7 100644
--- a/src/solvers/refinement/string_constraint_generator.h
+++ b/src/solvers/refinement/string_constraint_generator.h
@@ -13,6 +13,7 @@ Author: Romain Brenguier, romain.brenguier@diffblue.com
 #ifndef CPROVER_SOLVERS_REFINEMENT_STRING_CONSTRAINT_GENERATOR_H
 #define CPROVER_SOLVERS_REFINEMENT_STRING_CONSTRAINT_GENERATOR_H
 
+#include <limits>
 #include <util/string_expr.h>
 #include <util/replace_expr.h>
 #include <util/refined_string_type.h>
@@ -22,30 +23,20 @@ class string_constraint_generatort
 {
 public:
   // This module keeps a list of axioms. It has methods which generate
-  // string constraints for different string funcitons and add them
+  // string constraints for different string functions and add them
   // to the axiom list.
 
   string_constraint_generatort():
-    mode(ID_unknown),
-    max_string_length(-1),
+    max_string_length(std::numeric_limits<size_t>::max()),
     force_printable_characters(false)
   { }
 
   // Constraints on the maximal length of strings
-  int max_string_length;
+  size_t max_string_length;
 
   // Should we add constraints on the characters
   bool force_printable_characters;
 
-  void set_mode(irep_idt _mode)
-  {
-    // only C and java modes supported
-    assert((_mode==ID_java) || (_mode==ID_C));
-    mode=_mode;
-  }
-
-  irep_idt &get_mode() { return mode; }
-
   // Axioms are of three kinds: universally quantified string constraint,
   // not contains string constraints and simple formulas.
   std::list<exprt> axioms;
diff --git a/src/solvers/refinement/string_constraint_generator_concat.cpp b/src/solvers/refinement/string_constraint_generator_concat.cpp
index eb841cc5b04..e6f360585bb 100644
--- a/src/solvers/refinement/string_constraint_generator_concat.cpp
+++ b/src/solvers/refinement/string_constraint_generator_concat.cpp
@@ -35,7 +35,8 @@ string_exprt string_constraint_generatort::add_axioms_for_concat(
   // a4 : forall i<|s1|. res[i]=s1[i]
   // a5 : forall i<|s2|. res[i+|s1|]=s2[i]
 
-  equal_exprt a1(res.length(), plus_exprt_with_overflow_check(s1.length(), s2.length()));
+  equal_exprt a1(
+    res.length(), plus_exprt_with_overflow_check(s1.length(), s2.length()));
   axioms.push_back(a1);
   axioms.push_back(s1.axiom_for_is_shorter_than(res));
   axioms.push_back(s2.axiom_for_is_shorter_than(res));
diff --git a/src/solvers/refinement/string_constraint_generator_insert.cpp b/src/solvers/refinement/string_constraint_generator_insert.cpp
index cd5f4376a93..7a63279699e 100644
--- a/src/solvers/refinement/string_constraint_generator_insert.cpp
+++ b/src/solvers/refinement/string_constraint_generator_insert.cpp
@@ -40,17 +40,32 @@ Function: string_constraint_generatort::add_axioms_for_insert
 
  Outputs: a new string expression
 
- Purpose: add axioms corresponding to the StringBuilder.insert(String) java
-          function
+ Purpose: add axioms corresponding to the
+          StringBuilder.insert(int, CharSequence)
+          and StringBuilder.insert(int, CharSequence, int, int)
+          java functions
 
 \*******************************************************************/
 
 string_exprt string_constraint_generatort::add_axioms_for_insert(
   const function_application_exprt &f)
 {
-  string_exprt s1=get_string_expr(args(f, 3)[0]);
-  string_exprt s2=get_string_expr(args(f, 3)[2]);
-  return add_axioms_for_insert(s1, s2, args(f, 3)[1]);
+  assert(f.arguments().size()>=3);
+  string_exprt s1=get_string_expr(f.arguments()[0]);
+  string_exprt s2=get_string_expr(f.arguments()[2]);
+  const exprt &offset=f.arguments()[1];
+  if(f.arguments().size()==5)
+  {
+    const exprt &start=f.arguments()[3];
+    const exprt &end=f.arguments()[4];
+    string_exprt substring=add_axioms_for_substring(s2, start, end);
+    return add_axioms_for_insert(s1, substring, offset);
+  }
+  else
+  {
+    assert(f.arguments().size()==3);
+    return add_axioms_for_insert(s1, s2, offset);
+  }
 }
 
 /*******************************************************************\
diff --git a/src/solvers/refinement/string_constraint_generator_main.cpp b/src/solvers/refinement/string_constraint_generator_main.cpp
index f081ac26f47..c0a6efef0c1 100644
--- a/src/solvers/refinement/string_constraint_generator_main.cpp
+++ b/src/solvers/refinement/string_constraint_generator_main.cpp
@@ -224,7 +224,6 @@ Function: string_constraint_generatort::convert_java_string_to_string_exprt
 string_exprt string_constraint_generatort::convert_java_string_to_string_exprt(
     const exprt &jls)
 {
-  assert(get_mode()==ID_java);
   assert(jls.id()==ID_struct);
 
   exprt length(to_struct_expr(jls).op1());
@@ -269,7 +268,7 @@ void string_constraint_generatort::add_default_axioms(
   const string_exprt &s)
 {
   s.axiom_for_is_longer_than(from_integer(0, s.length().type()));
-  if(max_string_length>=0)
+  if(max_string_length!=std::numeric_limits<size_t>::max())
     axioms.push_back(s.axiom_for_is_shorter_than(max_string_length));
 
   if(force_printable_characters)
@@ -433,7 +432,6 @@ exprt string_constraint_generatort::add_axioms_for_function_application(
     // TODO: This part needs some improvement.
     // Stripping the symbol name is not a very robust process.
     new_expr.function() = symbol_exprt(str_id.substr(0, pos+4));
-    assert(get_mode()==ID_java);
     new_expr.type() = refined_string_typet(java_int_type(), java_char_type());
 
     auto res_it=function_application_cache.insert(std::make_pair(new_expr,
diff --git a/src/solvers/refinement/string_refinement.cpp b/src/solvers/refinement/string_refinement.cpp
index 9d2e5627071..0ea7966ef61 100644
--- a/src/solvers/refinement/string_refinement.cpp
+++ b/src/solvers/refinement/string_refinement.cpp
@@ -49,35 +49,20 @@ string_refinementt::string_refinementt(
 
 /*******************************************************************\
 
-Function: string_refinementt::set_mode
-
- Purpose: determine which language should be used
-
-\*******************************************************************/
-
-void string_refinementt::set_mode()
-{
-  debug() << "initializing mode" << eom;
-  symbolt init=ns.lookup(irep_idt(CPROVER_PREFIX"initialize"));
-  irep_idt mode=init.mode;
-  debug() << "mode detected as " << mode << eom;
-  generator.set_mode(mode);
-}
-
-/*******************************************************************\
-
 Function: string_refinementt::set_max_string_length
 
   Inputs:
     i - maximum length which is allowed for strings.
-        negative number means no limit
+        by default the strings length has no other limit
+        than the maximal integer according to the type of their
+        length, for instance 2^31-1 for Java.
 
  Purpose: Add constraints on the size of strings used in the
           program.
 
 \*******************************************************************/
 
-void string_refinementt::set_max_string_length(int i)
+void string_refinementt::set_max_string_length(size_t i)
 {
   generator.max_string_length=i;
 }
@@ -355,16 +340,18 @@ void string_refinementt::concretize_string(const exprt &expr)
     if(!to_integer(length, found_length))
     {
       assert(found_length.is_long());
-      if(found_length < 0)
+      if(found_length<0)
       {
+        // Lengths should not be negative.
+        // TODO: Add constraints no the sign of string lengths.
         debug() << "concretize_results: WARNING found length is negative"
                 << eom;
       }
       else
       {
         size_t concretize_limit=found_length.to_long();
-        concretize_limit=concretize_limit>MAX_CONCRETE_STRING_SIZE?
-              MAX_CONCRETE_STRING_SIZE:concretize_limit;
+        concretize_limit=concretize_limit>generator.max_string_length?
+              generator.max_string_length:concretize_limit;
         exprt content_expr=str.content();
         for(size_t i=0; i<concretize_limit; ++i)
         {
@@ -391,9 +378,9 @@ Function: string_refinementt::concretize_results
 
 void string_refinementt::concretize_results()
 {
-  for(const auto& it : symbol_resolve)
+  for(const auto &it : symbol_resolve)
     concretize_string(it.second);
-  for(const auto& it : generator.created_strings)
+  for(const auto &it : generator.created_strings)
     concretize_string(it);
   add_instantiations();
 }
@@ -409,7 +396,7 @@ Function: string_refinementt::concretize_lengths
 
 void string_refinementt::concretize_lengths()
 {
-  for(const auto& it : symbol_resolve)
+  for(const auto &it : symbol_resolve)
   {
     if(refined_string_typet::is_refined_string_type(it.second.type()))
     {
@@ -420,7 +407,7 @@ void string_refinementt::concretize_lengths()
       found_length[content]=length;
      }
   }
-  for(const auto& it : generator.created_strings)
+  for(const auto &it : generator.created_strings)
   {
     if(refined_string_typet::is_refined_string_type(it.type()))
     {
@@ -448,12 +435,6 @@ void string_refinementt::set_to(const exprt &expr, bool value)
 {
   assert(equality_propagation);
 
-  // TODO: remove the mode field of generator since we should be language
-  // independent.
-  // We only set the mode once.
-  if(generator.get_mode()==ID_unknown)
-    set_mode();
-
   if(expr.id()==ID_equal)
   {
     equal_exprt eq_expr=to_equal_expr(expr);
@@ -743,7 +724,7 @@ exprt string_refinementt::get_array(const exprt &arr, const exprt &size) const
   array_typet ret_type(char_type, from_integer(n, index_type));
   array_exprt ret(ret_type);
 
-  if(n>MAX_CONCRETE_STRING_SIZE)
+  if(n>generator.max_string_length)
   {
 #if 0
     debug() << "(sr::get_array) long string (size=" << n << ")" << eom;
@@ -947,6 +928,125 @@ void string_refinementt::fill_model()
 }
 
 
+/*******************************************************************\
+
+Function: string_refinementt::substitute_array_with_expr()
+
+  Inputs:
+    expr - A (possibly nested) 'with' expression on an `array_of`
+           expression
+    index - An index with which to build the equality condition
+
+ Outputs: An expression containing no 'with' expression
+
+ Purpose: Create a new expression where 'with' expressions on arrays
+          are replaced by 'if' expressions.
+          e.g. for an array access arr[x], where:
+               `arr := array_of(12) with {0:=24} with {2:=42}`
+               the constructed expression will be:
+               `index==0 ? 24 : index==2 ? 42 : 12`
+
+\*******************************************************************/
+
+exprt string_refinementt::substitute_array_with_expr(
+  const exprt &expr, const exprt &index) const
+{
+  if(expr.id()==ID_with)
+  {
+    const with_exprt &with_expr=to_with_expr(expr);
+    const exprt &then_expr=with_expr.new_value();
+    exprt else_expr=substitute_array_with_expr(with_expr.old(), index);
+    const typet &type=then_expr.type();
+    assert(else_expr.type()==type);
+    return if_exprt(
+      equal_exprt(index, with_expr.where()), then_expr, else_expr, type);
+  }
+  else
+  {
+    // Only handle 'with' expressions on 'array_of' expressions.
+    assert(expr.id()==ID_array_of);
+    return to_array_of_expr(expr).what();
+  }
+}
+
+/*******************************************************************\
+
+Function: string_refinementt::substitute_array_access()
+
+  Inputs:
+    expr - an expression containing array accesses
+
+ Outputs: an expression containing no array access
+
+ Purpose: create an equivalent expression where array accesses and
+          'with' expressions are replaced by 'if' expressions.
+          e.g. for an array access arr[x], where:
+               `arr := {12, 24, 48}`
+               the constructed expression will be:
+               `index==0 ? 12 : index==1 ? 24 : 48`
+
+\*******************************************************************/
+
+void string_refinementt::substitute_array_access(exprt &expr) const
+{
+  for(auto &op : expr.operands())
+    substitute_array_access(op);
+
+  if(expr.id()==ID_index)
+  {
+    index_exprt &index_expr=to_index_expr(expr);
+
+    if(index_expr.array().id()==ID_symbol)
+    {
+      expr=index_expr;
+      return;
+    }
+
+    if(index_expr.array().id()==ID_with)
+    {
+      expr=substitute_array_with_expr(
+        index_expr.array(), index_expr.index());
+      return;
+    }
+
+    if(index_expr.array().id()==ID_array_of)
+    {
+      expr=to_array_of_expr(index_expr.array()).op();
+      return;
+    }
+
+    assert(index_expr.array().id()==ID_array);
+    array_exprt &array_expr=to_array_expr(index_expr.array());
+
+    assert(!array_expr.operands().empty());
+    size_t last_index=array_expr.operands().size()-1;
+
+    const typet &char_type=index_expr.array().type().subtype();
+    exprt ite=array_expr.operands().back();
+
+    if(ite.type()!=char_type)
+    {
+      // We have to manualy set the type for unknown values
+      assert(ite.id()==ID_unknown);
+      ite.type()=char_type;
+    }
+
+    auto op_it=++array_expr.operands().rbegin();
+    for(size_t i=last_index-1;
+        op_it!=array_expr.operands().rend(); ++op_it, --i)
+    {
+      equal_exprt equals(index_expr.index(), from_integer(i, java_int_type()));
+      ite=if_exprt(equals, *op_it, ite);
+      if(ite.type()!=char_type)
+      {
+        assert(ite.id()==ID_unknown);
+        ite.type()=char_type;
+      }
+    }
+    expr=ite;
+  }
+}
+
 /*******************************************************************\
 
 Function: string_refinementt::add_negation_of_constraint_to_solver
@@ -991,6 +1091,7 @@ void string_refinementt::add_negation_of_constraint_to_solver(
   and_exprt negaxiom(premise, not_exprt(axiom.body()));
 
   debug() << "(sr::check_axioms) negated axiom: " << from_expr(negaxiom) << eom;
+  substitute_array_access(negaxiom);
   solver << negaxiom;
 }
 
@@ -1031,6 +1132,7 @@ bool string_refinementt::check_axioms()
 
     satcheck_no_simplifiert sat_check;
     supert solver(ns, sat_check);
+    solver.set_ui(ui);
     add_negation_of_constraint_to_solver(axiom_in_model, solver);
 
     switch(solver())
@@ -1085,6 +1187,7 @@ bool string_refinementt::check_axioms()
         exprt premise(axiom.premise());
         exprt body(axiom.body());
         implies_exprt instance(premise, body);
+        replace_expr(symbol_resolve, instance);
         replace_expr(axiom.univ_var(), val, instance);
         debug() << "adding counter example " << from_expr(instance) << eom;
         add_lemma(instance);
diff --git a/src/solvers/refinement/string_refinement.h b/src/solvers/refinement/string_refinement.h
index 0163936b069..83f913d5ba9 100644
--- a/src/solvers/refinement/string_refinement.h
+++ b/src/solvers/refinement/string_refinement.h
@@ -18,11 +18,6 @@ Author: Alberto Griggio, alberto.griggio@gmail.com
 #include <solvers/refinement/string_constraint.h>
 #include <solvers/refinement/string_constraint_generator.h>
 
-// Defines a limit on the string witnesses we will output.
-// Longer strings are still concidered possible by the solver but
-// it will not output them.
-#define MAX_CONCRETE_STRING_SIZE 500
-
 #define MAX_NB_REFINEMENT 100
 
 class string_refinementt: public bv_refinementt
@@ -41,7 +36,7 @@ class string_refinementt: public bv_refinementt
   // Should we concretize strings when the solver finished
   bool do_concretizing;
 
-  void set_max_string_length(int i);
+  void set_max_string_length(size_t i);
   void enforce_non_empty_string();
   void enforce_printable_characters();
 
@@ -106,8 +101,8 @@ class string_refinementt: public bv_refinementt
   exprt substitute_function_applications(exprt expr);
   typet substitute_java_string_types(typet type);
   exprt substitute_java_strings(exprt expr);
-  exprt substitute_array_with_expr(exprt &expr, exprt &index) const;
-  exprt substitute_array_access(exprt &expr) const;
+  exprt substitute_array_with_expr(const exprt &expr, const exprt &index) const;
+  void substitute_array_access(exprt &expr) const;
   void add_symbol_to_symbol_map(const exprt &lhs, const exprt &rhs);
   bool is_char_array(const typet &type) const;
   bool add_axioms_for_string_assigns(const exprt &lhs, const exprt &rhs);
diff --git a/src/util/string_expr.h b/src/util/string_expr.h
index 317e3c1ee6e..ff19a8c8259 100644
--- a/src/util/string_expr.h
+++ b/src/util/string_expr.h
@@ -74,7 +74,7 @@ class string_exprt: public struct_exprt
     return binary_relation_exprt(rhs.length(), ID_lt, length());
   }
 
-  binary_relation_exprt axiom_for_is_strictly_longer_than(int i) const
+  binary_relation_exprt axiom_for_is_strictly_longer_than(mp_integer i) const
   {
     return axiom_for_is_strictly_longer_than(from_integer(i, length().type()));
   }
@@ -91,7 +91,7 @@ class string_exprt: public struct_exprt
     return binary_relation_exprt(length(), ID_le, rhs);
   }
 
-  binary_relation_exprt axiom_for_is_shorter_than(int i) const
+  binary_relation_exprt axiom_for_is_shorter_than(mp_integer i) const
   {
     return axiom_for_is_shorter_than(from_integer(i, length().type()));
   }
@@ -119,7 +119,7 @@ class string_exprt: public struct_exprt
     return equal_exprt(length(), rhs);
   }
 
-  equal_exprt axiom_for_has_length(int i) const
+  equal_exprt axiom_for_has_length(mp_integer i) const
   {
     return axiom_for_has_length(from_integer(i, length().type()));
   }

From 161aeee319846a8bb65981f1ddc451823ea01dbf Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Fri, 10 Feb 2017 16:23:10 +0000
Subject: [PATCH 158/699] Apply review comments to coverage code

Also improve function names, and make boolean functions return
the intuitive true=yes, false=no answer instead of error=true.
---
 src/goto-instrument/cover.cpp | 118 +++++++++++++++++-----------------
 src/goto-instrument/cover.h   |   9 ++-
 2 files changed, 62 insertions(+), 65 deletions(-)

diff --git a/src/goto-instrument/cover.cpp b/src/goto-instrument/cover.cpp
index ed40ce89f0b..6d8573961b9 100644
--- a/src/goto-instrument/cover.cpp
+++ b/src/goto-instrument/cover.cpp
@@ -112,59 +112,56 @@ Function: coverage_goalst::get_coverage
 
 \*******************************************************************/
 
-coverage_goalst coverage_goalst::get_coverage_goals(const std::string &coverage,
-                                   message_handlert &message_handler)
+bool coverage_goalst::get_coverage_goals(
+  const std::string &coverage_file,
+  message_handlert &message_handler,
+  coverage_goalst &goals)
 {
   jsont json;
-  coverage_goalst goals;
   source_locationt source_location;
 
   // check coverage file
-  if(parse_json(coverage, message_handler, json))
+  if(parse_json(coverage_file, message_handler, json))
   {
     messaget message(message_handler);
-    message.error() << coverage << " file is not a valid json file"
+    message.error() << coverage_file << " file is not a valid json file"
                     << messaget::eom;
-    exit(6);
+    return true;
   }
 
   // make sure that we have an array of elements
   if(!json.is_array())
   {
     messaget message(message_handler);
-    message.error() << "expecting an array in the " <<  coverage
+    message.error() << "expecting an array in the " <<  coverage_file
                     << " file, but got "
                     << json << messaget::eom;
-    exit(6);
+    return true;
   }
 
-  irep_idt file, function, line;
-  for(jsont::arrayt::const_iterator
-      it=json.array.begin();
-      it!=json.array.end();
-      it++)
+  for(const auto &goal : json.array)
   {
     // get the file of each existing goal
-    file=(*it)["file"].value;
+    irep_idt file=goal["file"].value;
     source_location.set_file(file);
 
     // get the function of each existing goal
-    function=(*it)["function"].value;
+    irep_idt function=goal["function"].value;
     source_location.set_function(function);
 
     // get the lines array
-    if((*it)["lines"].is_array())
+    if(goal["lines"].is_array())
     {
-      for(const jsont & entry : (*it)["lines"].array)
+      for(const auto &line_json : goal["lines"].array)
       {
         // get the line of each existing goal
-        line=entry["number"].value;
+        irep_idt line=line_json["number"].value;
         source_location.set_line(line);
         goals.add_goal(source_location);
       }
     }
   }
-  return goals;
+  return false;
 }
 
 /*******************************************************************\
@@ -198,19 +195,14 @@ Function: coverage_goalst::is_existing_goal
 
 bool coverage_goalst::is_existing_goal(source_locationt source_location) const
 {
-  std::vector<source_locationt>::const_iterator it = existing_goals.begin();
-  while(it!=existing_goals.end())
+  for(const auto &existing_loc : existing_goals)
   {
-    if(!source_location.get_file().compare(it->get_file()) &&
-       !source_location.get_function().compare(it->get_function()) &&
-       !source_location.get_line().compare(it->get_line()))
-         break;
-    ++it;
+    if(source_location.get_file()==existing_loc.get_file() &&
+       source_location.get_function()==existing_loc.get_function() &&
+       source_location.get_line()==existing_loc.get_line())
+      return true;
   }
-  if(it == existing_goals.end())
-    return true;
-  else
-    return false;
+  return false;
 }
 
 /*******************************************************************\
@@ -1228,46 +1220,51 @@ void instrument_cover_goals(
   coverage_criteriont criterion,
   bool function_only)
 {
-  coverage_goalst goals; //empty already covered goals
-  instrument_cover_goals(symbol_table,goto_program,
-                        criterion,goals,function_only,false);
+  coverage_goalst goals; // empty already covered goals
+  instrument_cover_goals(
+    symbol_table,
+    goto_program,
+    criterion,
+    goals,
+    function_only,
+    false);
 }
 
 /*******************************************************************\
 
-Function: consider_goals
+Function: program_is_trivial
 
-  Inputs:
+  Inputs: Program `goto_program`
 
- Outputs:
+ Outputs: Returns true if trivial
 
- Purpose:
+ Purpose: Call a goto_program trivial unless it has:
+          * Any declarations
+          * At least 2 branches
+          * At least 5 assignments
 
 \*******************************************************************/
 
-bool consider_goals(const goto_programt &goto_program)
+bool program_is_trivial(const goto_programt &goto_program)
 {
-  bool result;
-  unsigned long count_assignments=0, count_goto=0, count_decl=0;
-
+  unsigned long count_assignments=0, count_goto=0;
   forall_goto_program_instructions(i_it, goto_program)
   {
     if(i_it->is_goto())
-      ++count_goto;
-    else if (i_it->is_assign())
-      ++count_assignments;
-    else if (i_it->is_decl())
-      ++count_decl;
+    {
+      if((++count_goto)>=2)
+        return false;
+    }
+    else if(i_it->is_assign())
+    {
+      if((++count_assignments)>=5)
+        return false;
+    }
+    else if(i_it->is_decl())
+      return false;
   }
 
-  //check whether this is a constructor/destructor or a get/set (pattern)
-  if (!count_goto && !count_assignments && !count_decl)
-    result=false;
-  else
-    result = !((count_decl==0) && (count_goto<=1) &&
-               (count_assignments>0 && count_assignments<5));
-
-  return result;
+  return true;
 }
 
 /*******************************************************************\
@@ -1290,8 +1287,8 @@ void instrument_cover_goals(
   bool function_only,
   bool ignore_trivial)
 {
-  //exclude trivial coverage goals of a goto program
-  if(ignore_trivial && !consider_goals(goto_program))
+  // exclude trivial coverage goals of a goto program
+  if(ignore_trivial && program_is_trivial(goto_program))
     return;
 
   const namespacet ns(symbol_table);
@@ -1369,12 +1366,13 @@ void instrument_cover_goals(
             basic_blocks.source_location_map[block_nr];
 
           // check whether the current goal already exists
-          if(goals.is_existing_goal(source_location) &&
+          if(!goals.is_existing_goal(source_location) &&
              !source_location.get_file().empty() &&
              source_location.get_file()[0]!='<' &&
              cover_curr_function)
           {
-            std::string comment="function "+id2string(i_it->function)+" block "+b;
+            std::string comment=
+              "function "+id2string(i_it->function)+" block "+b;
             const irep_idt function=i_it->function;
             goto_program.insert_before_swap(i_it);
             i_it->make_assertion(false_exprt());
@@ -1647,7 +1645,7 @@ void instrument_cover_goals(
   Forall_goto_functions(f_it, goto_functions)
   {
     if(f_it->first==ID__start ||
-       f_it->first==CPROVER_PREFIX "initialize")
+       f_it->first==(CPROVER_PREFIX "initialize"))
       continue;
 
     instrument_cover_goals(
@@ -1678,7 +1676,7 @@ void instrument_cover_goals(
   coverage_criteriont criterion,
   bool function_only)
 {
-  //empty set of existing goals
+  // empty set of existing goals
   coverage_goalst goals;
   instrument_cover_goals(
     symbol_table,
diff --git a/src/goto-instrument/cover.h b/src/goto-instrument/cover.h
index afe74e04a77..8c2ddcaae5e 100644
--- a/src/goto-instrument/cover.h
+++ b/src/goto-instrument/cover.h
@@ -16,16 +16,15 @@ Date: May 2016
 class coverage_goalst
 {
 public:
-  static coverage_goalst get_coverage_goals(const std::string &coverage,
-                                      message_handlert &message_handler);
+  static bool get_coverage_goals(
+    const std::string &coverage,
+    message_handlert &message_handler,
+    coverage_goalst &goals);
   void add_goal(source_locationt goal);
   bool is_existing_goal(source_locationt source_location) const;
-  void set_no_trivial_tests(const bool trivial);
-  const bool get_no_trivial_tests();
 
 private:
   std::vector<source_locationt> existing_goals;
-  bool no_trivial_tests;
 };
 
 enum class coverage_criteriont

From 512d6efa36aeb62adac8f5d8f86942c2a9a55de5 Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Fri, 7 Apr 2017 14:43:16 +0100
Subject: [PATCH 159/699] Initialise array clsid fields (#770)

Not doing this prevented any cast-to-array type from succeeding, which is
common e.g. in return from java.lang.Object.clone.
---
 src/goto-programs/builtin_functions.cpp           | 15 ++++++++++++---
 src/java_bytecode/java_bytecode_convert_class.cpp |  6 ++++++
 2 files changed, 18 insertions(+), 3 deletions(-)

diff --git a/src/goto-programs/builtin_functions.cpp b/src/goto-programs/builtin_functions.cpp
index b3d6d82f650..359c25dc270 100644
--- a/src/goto-programs/builtin_functions.cpp
+++ b/src/goto-programs/builtin_functions.cpp
@@ -802,14 +802,21 @@ void goto_convertt::do_java_new_array(
   t_n->code=code_assignt(lhs, malloc_expr);
   t_n->source_location=location;
 
-  // multi-dimensional?
-
   assert(ns.follow(object_type).id()==ID_struct);
   const struct_typet &struct_type=to_struct_type(ns.follow(object_type));
   assert(struct_type.components().size()==3);
 
-  // if it's an array, we need to set the length field
+  // Init base class:
   dereference_exprt deref(lhs, object_type);
+  exprt zero_object=
+    zero_initializer(object_type, location, ns, get_message_handler());
+  set_class_identifier(
+    to_struct_expr(zero_object), ns, to_symbol_type(object_type));
+  goto_programt::targett t_i=dest.add_instruction(ASSIGN);
+  t_i->code=code_assignt(deref, zero_object);
+  t_i->source_location=location;
+
+  // if it's an array, we need to set the length field
   member_exprt length(
     deref,
     struct_type.components()[1].get_name(),
@@ -842,6 +849,8 @@ void goto_convertt::do_java_new_array(
   t_d->code=array_set;
   t_d->source_location=location;
 
+  // multi-dimensional?
+
   if(rhs.operands().size()>=2)
   {
     // produce
diff --git a/src/java_bytecode/java_bytecode_convert_class.cpp b/src/java_bytecode/java_bytecode_convert_class.cpp
index 27bc41ba151..4259309fc42 100644
--- a/src/java_bytecode/java_bytecode_convert_class.cpp
+++ b/src/java_bytecode/java_bytecode_convert_class.cpp
@@ -335,13 +335,19 @@ void java_bytecode_convert_classt::add_array_types()
     struct_type.components().reserve(3);
     struct_typet::componentt
       comp0("@java.lang.Object", symbol_typet("java::java.lang.Object"));
+    comp0.set_pretty_name("@java.lang.Object");
+    comp0.set_base_name("@java.lang.Object");
     struct_type.components().push_back(comp0);
 
     struct_typet::componentt comp1("length", java_int_type());
+    comp1.set_pretty_name("length");
+    comp1.set_base_name("length");
     struct_type.components().push_back(comp1);
 
     struct_typet::componentt
       comp2("data", pointer_typet(java_type_from_char(l)));
+    comp2.set_pretty_name("data");
+    comp2.set_base_name("data");
     struct_type.components().push_back(comp2);
 
     symbolt symbol;

From ee5d7fc79075cfe192617ab564b6e6b5d91a6a37 Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Fri, 7 Apr 2017 14:49:30 +0100
Subject: [PATCH 160/699] Run static initializers for enumeration types before
 all others (#773)

Really we should be running them in topographical order (or invoking
them at exactly the time the JVM spec says they will be, even better)
but this is much less effort and works around the common case that
enumeration types are assumed to be initialized by other static init
code, which treats them like global constants.
---
 .../java_bytecode_convert_class.cpp           |  3 ++
 src/java_bytecode/java_entry_point.cpp        | 49 +++++++++++++++++--
 2 files changed, 47 insertions(+), 5 deletions(-)

diff --git a/src/java_bytecode/java_bytecode_convert_class.cpp b/src/java_bytecode/java_bytecode_convert_class.cpp
index 4259309fc42..375e916dd3a 100644
--- a/src/java_bytecode/java_bytecode_convert_class.cpp
+++ b/src/java_bytecode/java_bytecode_convert_class.cpp
@@ -107,9 +107,12 @@ void java_bytecode_convert_classt::convert(const classt &c)
   class_type.set_tag(c.name);
   class_type.set(ID_base_name, c.name);
   if(c.is_enum)
+  {
     class_type.set(
       ID_java_enum_static_unwind,
       std::to_string(c.enum_elements+1));
+    class_type.set(ID_enumeration, true);
+  }
 
   if(!c.extends.empty())
   {
diff --git a/src/java_bytecode/java_entry_point.cpp b/src/java_bytecode/java_entry_point.cpp
index 5234a53200f..e504441bae6 100644
--- a/src/java_bytecode/java_entry_point.cpp
+++ b/src/java_bytecode/java_entry_point.cpp
@@ -98,6 +98,19 @@ Function: java_static_lifetime_init
 
 \*******************************************************************/
 
+struct static_initializer_callt
+{
+  symbol_exprt initializer_symbol;
+  bool is_enum;
+};
+
+static bool static_initializer_call_enum_lt(
+  const static_initializer_callt &a,
+  const static_initializer_callt &b)
+{
+  return a.is_enum && !b.is_enum;
+}
+
 bool java_static_lifetime_init(
   symbol_tablet &symbol_table,
   const source_locationt &source_location,
@@ -158,6 +171,8 @@ bool java_static_lifetime_init(
 
   // we now need to run all the <clinit> methods
 
+  std::vector<static_initializer_callt> clinits;
+
   for(symbol_tablet::symbolst::const_iterator
       it=symbol_table.symbols.begin();
       it!=symbol_table.symbols.end();
@@ -167,14 +182,38 @@ bool java_static_lifetime_init(
        it->second.type.id()==ID_code &&
        it->second.mode==ID_java)
     {
-      code_function_callt function_call;
-      function_call.lhs()=nil_exprt();
-      function_call.function()=it->second.symbol_expr();
-      function_call.add_source_location()=source_location;
-      code_block.add(function_call);
+      const irep_idt symbol_name=
+        it->second.symbol_expr().get_identifier();
+      const std::string &symbol_str=id2string(symbol_name);
+      const std::string suffix(".<clinit>:()V");
+      assert(has_suffix(symbol_str, suffix));
+      const std::string class_symbol_name=
+        symbol_str.substr(0, symbol_str.size()-suffix.size());
+      const symbolt &class_symbol=symbol_table.lookup(class_symbol_name);
+      clinits.push_back(
+        {
+          it->second.symbol_expr(),
+          class_symbol.type.get_bool(ID_enumeration)
+        }
+      );
     }
   }
 
+  // Call enumeration initialisers before anything else.
+  // Really we should be calling them the first time they're referenced,
+  // as acccording to the JVM spec, but this ought to do the trick for
+  // most cases with much less effort.
+  std::sort(clinits.begin(), clinits.end(), static_initializer_call_enum_lt);
+
+  for(const auto &clinit : clinits)
+  {
+    code_function_callt function_call;
+    function_call.lhs()=nil_exprt();
+    function_call.function()=clinit.initializer_symbol;
+    function_call.add_source_location()=source_location;
+    code_block.add(function_call);
+  }
+
   return false;
 }
 

From e610c081e041e8115faccaeb4570142821a6881c Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Fri, 7 Apr 2017 14:55:31 +0100
Subject: [PATCH 161/699] Implement Java array.clone (#774)

This simply duplicates the contents of an array. Regrettably it uses
a loop to do so at this point because if we use ARRAY_COPY the backend
dies when it can't conclusively establish that the actual parameters have
like type. Some sort of copy-type-from intrinsic would do this, but is
more effort than is sensible to make right now.
---
 regression/cbmc-java/enum1/test.desc          |   3 +-
 .../java_bytecode_convert_class.cpp           | 117 ++++++++++++++++++
 2 files changed, 119 insertions(+), 1 deletion(-)

diff --git a/regression/cbmc-java/enum1/test.desc b/regression/cbmc-java/enum1/test.desc
index d9ca7a162db..4c1fcafe076 100644
--- a/regression/cbmc-java/enum1/test.desc
+++ b/regression/cbmc-java/enum1/test.desc
@@ -1,7 +1,8 @@
 CORE
 enum1.class
 --java-unwind-enum-static --unwind 3
-^EXIT=10$
+^VERIFICATION SUCCESSFUL$
+^EXIT=0$
 ^SIGNAL=0$
 ^Unwinding loop java::enum1.<clinit>:\(\)V.0 iteration 5 \(6 max\) file enum1.java line 6 function java::enum1.<clinit>:\(\)V bytecode_index 78 thread 0$
 --
diff --git a/src/java_bytecode/java_bytecode_convert_class.cpp b/src/java_bytecode/java_bytecode_convert_class.cpp
index 375e916dd3a..2926da79fc3 100644
--- a/src/java_bytecode/java_bytecode_convert_class.cpp
+++ b/src/java_bytecode/java_bytecode_convert_class.cpp
@@ -16,6 +16,7 @@ Author: Daniel Kroening, kroening@kroening.com
 #include "java_bytecode_convert_method.h"
 #include "java_bytecode_language.h"
 
+#include <util/arith_tools.h>
 #include <util/namespace.h>
 #include <util/std_expr.h>
 
@@ -359,6 +360,122 @@ void java_bytecode_convert_classt::add_array_types()
     symbol.is_type=true;
     symbol.type=struct_type;
     symbol_table.add(symbol);
+
+    // Also provide a clone method:
+    // ----------------------------
+
+    const irep_idt clone_name=
+      id2string(symbol_type.get_identifier())+".clone:()Ljava/lang/Object;";
+    code_typet clone_type;
+    clone_type.return_type()=
+      pointer_typet(symbol_typet("java::java.lang.Object"));
+    code_typet::parametert this_param;
+    this_param.set_identifier(id2string(clone_name)+"::this");
+    this_param.set_base_name("this");
+    this_param.set_this();
+    this_param.type()=pointer_typet(symbol_type);
+    clone_type.parameters().push_back(this_param);
+
+    parameter_symbolt this_symbol;
+    this_symbol.name=this_param.get_identifier();
+    this_symbol.base_name=this_param.get_base_name();
+    this_symbol.pretty_name=this_symbol.base_name;
+    this_symbol.type=this_param.type();
+    this_symbol.mode=ID_java;
+    symbol_table.add(this_symbol);
+
+    const irep_idt local_name=
+      id2string(clone_name)+"::cloned_array";
+    auxiliary_symbolt local_symbol;
+    local_symbol.name=local_name;
+    local_symbol.base_name="cloned_array";
+    local_symbol.pretty_name=local_symbol.base_name;
+    local_symbol.type=pointer_typet(symbol_type);
+    local_symbol.mode=ID_java;
+    symbol_table.add(local_symbol);
+    const auto &local_symexpr=local_symbol.symbol_expr();
+
+    code_blockt clone_body;
+
+    code_declt declare_cloned(local_symexpr);
+    clone_body.move_to_operands(declare_cloned);
+
+    side_effect_exprt java_new_array(
+      ID_java_new_array,
+      pointer_typet(symbol_type));
+    dereference_exprt old_array(this_symbol.symbol_expr(), symbol_type);
+    dereference_exprt new_array(local_symexpr, symbol_type);
+    member_exprt old_length(old_array, comp1.get_name(), comp1.type());
+    java_new_array.copy_to_operands(old_length);
+    code_assignt create_blank(local_symexpr, java_new_array);
+    clone_body.move_to_operands(create_blank);
+
+
+    member_exprt old_data(old_array, comp2.get_name(), comp2.type());
+    member_exprt new_data(new_array, comp2.get_name(), comp2.type());
+
+    /*
+      // TODO use this instead of a loop.
+    codet array_copy;
+    array_copy.set_statement(ID_array_copy);
+    array_copy.move_to_operands(new_data);
+    array_copy.move_to_operands(old_data);
+    clone_body.move_to_operands(array_copy);
+    */
+
+    // Begin for-loop to replace:
+
+    const irep_idt index_name=
+      id2string(clone_name)+"::index";
+    auxiliary_symbolt index_symbol;
+    index_symbol.name=index_name;
+    index_symbol.base_name="index";
+    index_symbol.pretty_name=index_symbol.base_name;
+    index_symbol.type=comp1.type();
+    index_symbol.mode=ID_java;
+    symbol_table.add(index_symbol);
+    const auto &index_symexpr=index_symbol.symbol_expr();
+
+    code_declt declare_index(index_symexpr);
+    clone_body.move_to_operands(declare_index);
+
+    code_fort copy_loop;
+
+    copy_loop.init()=
+      code_assignt(index_symexpr, from_integer(0, index_symexpr.type()));
+    copy_loop.cond()=
+      binary_relation_exprt(index_symexpr, ID_lt, old_length);
+
+    side_effect_exprt inc(ID_assign);
+    inc.operands().resize(2);
+    inc.op0()=index_symexpr;
+    inc.op1()=plus_exprt(index_symexpr, from_integer(1, index_symexpr.type()));
+    copy_loop.iter()=inc;
+
+    dereference_exprt old_cell(
+      plus_exprt(old_data, index_symexpr), old_data.type().subtype());
+    dereference_exprt new_cell(
+      plus_exprt(new_data, index_symexpr), new_data.type().subtype());
+    code_assignt copy_cell(new_cell, old_cell);
+    copy_loop.body()=copy_cell;
+
+    // End for-loop
+    clone_body.move_to_operands(copy_loop);
+
+    member_exprt new_base_class(new_array, comp0.get_name(), comp0.type());
+    address_of_exprt retval(new_base_class);
+    code_returnt return_inst(retval);
+    clone_body.move_to_operands(return_inst);
+
+    symbolt clone_symbol;
+    clone_symbol.name=clone_name;
+    clone_symbol.pretty_name=
+      id2string(symbol_type.get_identifier())+".clone:()";
+    clone_symbol.base_name="clone";
+    clone_symbol.type=clone_type;
+    clone_symbol.value=clone_body;
+    clone_symbol.mode=ID_java;
+    symbol_table.add(clone_symbol);
   }
 }
 

From ebaad56b73a7e9957539893c2c5095d6e4455b2f Mon Sep 17 00:00:00 2001
From: Michael Tautschnig <tautschn@amazon.com>
Date: Thu, 6 Apr 2017 14:08:21 +0100
Subject: [PATCH 162/699] Remove blank lines from regression test specs

Matching blank lines fails on Windows/AppVeyor. Also, there should not be any
requirement for our output to contain blank lines.
---
 regression/acceleration/array_unsafe1/test.desc                  | 1 -
 regression/acceleration/array_unsafe2/test.desc                  | 1 -
 regression/acceleration/array_unsafe3/test.desc                  | 1 -
 regression/acceleration/array_unsafe4/test.desc                  | 1 -
 regression/acceleration/const_unsafe1/test.desc                  | 1 -
 regression/acceleration/diamond_unsafe1/test.desc                | 1 -
 regression/acceleration/diamond_unsafe2/test.desc                | 1 -
 regression/acceleration/functions_unsafe1/test.desc              | 1 -
 regression/acceleration/multivar_unsafe1/test.desc               | 1 -
 regression/acceleration/nested_unsafe1/test.desc                 | 1 -
 regression/acceleration/overflow_unsafe1/test.desc               | 1 -
 regression/acceleration/phases_unsafe1/test.desc                 | 1 -
 regression/acceleration/simple_unsafe1/test.desc                 | 1 -
 regression/acceleration/simple_unsafe2/test.desc                 | 1 -
 regression/acceleration/simple_unsafe3/test.desc                 | 1 -
 regression/acceleration/simple_unsafe4/test.desc                 | 1 -
 regression/ansi-c/static_inline1/test.desc                       | 1 -
 regression/ansi-c/static_inline2/test.desc                       | 1 -
 regression/cbmc-incr-oneloop/unwind-forever1/test.desc           | 1 -
 regression/cbmc-incr-oneloop/unwind-forever2/test.desc           | 1 -
 regression/cbmc-java/tableswitch2/test.desc                      | 1 -
 regression/cpp-linter/function-comment-header1/test.desc         | 1 -
 regression/cpp-linter/struct-inline-decl/test.desc               | 1 -
 .../goto-analyzer/approx-array-variable-const-fp/test.desc       | 1 -
 .../approx-const-fp-array-variable-cast-const-fp/test.desc       | 1 -
 .../approx-const-fp-array-variable-const-fp-with-null/test.desc  | 1 -
 .../approx-const-fp-array-variable-const-fp/test.desc            | 1 -
 .../test.desc                                                    | 1 -
 .../test.desc                                                    | 1 -
 .../test.desc                                                    | 1 -
 .../test.desc                                                    | 1 -
 .../no-match-const-fp-array-literal-const-fp-run-time/test.desc  | 1 -
 .../test.desc                                                    | 1 -
 .../no-match-const-fp-array-literal-non-const-fp/test.desc       | 1 -
 .../goto-analyzer/no-match-const-fp-array-non-const-fp/test.desc | 1 -
 .../no-match-const-fp-binary-op-const-lost/test.desc             | 1 -
 .../no-match-const-fp-const-array-index-lost/test.desc           | 1 -
 .../goto-analyzer/no-match-const-fp-const-array-lost/test.desc   | 1 -
 regression/goto-analyzer/no-match-const-fp-const-cast/test.desc  | 1 -
 regression/goto-analyzer/no-match-const-fp-const-lost/test.desc  | 1 -
 .../test.desc                                                    | 1 -
 .../test.desc                                                    | 1 -
 .../no-match-const-fp-dereference-const-pointer-null/test.desc   | 1 -
 .../test.desc                                                    | 1 -
 .../no-match-const-fp-dynamic-array-non-const-fp/test.desc       | 1 -
 .../test.desc                                                    | 1 -
 .../no-match-const-fp-non-const-struct-const-fp/test.desc        | 1 -
 .../no-match-const-fp-non-const-struct-non-const-fp/test.desc    | 1 -
 regression/goto-analyzer/no-match-const-fp-null/test.desc        | 1 -
 .../no-match-const-fp-ternerary-op-const-lost/test.desc          | 1 -
 .../test.desc                                                    | 1 -
 .../no-match-const-pointer-non-const-struct-const-fp/test.desc   | 1 -
 .../no-match-const-struct-non-const-fp-null/test.desc            | 1 -
 .../test.desc                                                    | 1 -
 .../test.desc                                                    | 1 -
 .../test.desc                                                    | 1 -
 regression/goto-analyzer/no-match-non-const-fp/test.desc         | 1 -
 regression/goto-analyzer/no-match-parameter-const-fp/test.desc   | 1 -
 regression/goto-analyzer/no-match-parameter-fp/test.desc         | 1 -
 .../test.desc                                                    | 1 -
 .../precise-const-fp-array-literal-const-fp-run-time/test.desc   | 1 -
 .../test.desc                                                    | 1 -
 .../test.desc                                                    | 1 -
 .../test.desc                                                    | 1 -
 .../test.desc                                                    | 1 -
 .../precise-const-fp-const-struct-non-const-fp/test.desc         | 1 -
 .../test.desc                                                    | 1 -
 regression/goto-analyzer/precise-const-fp/test.desc              | 1 -
 .../precise-const-pointer-const-struct-fp/test.desc              | 1 -
 .../goto-analyzer/precise-const-struct-non-const-fp/test.desc    | 1 -
 .../precise-derefence-const-pointer-const-fp/test.desc           | 1 -
 regression/goto-analyzer/precise-derefence/test.desc             | 1 -
 .../precise-dereference-address-pointer-const-fp/test.desc       | 1 -
 .../test.desc                                                    | 1 -
 .../test.desc                                                    | 1 -
 .../precise-dereference-const-struct-pointer-const-fp/test.desc  | 1 -
 .../approx-array-variable-const-fp-only-remove-const/test.desc   | 1 -
 .../approx-array-variable-const-fp-remove-all-fp/test.desc       | 1 -
 .../no-match-non-const-fp-only-remove-const/test.desc            | 1 -
 .../no-match-non-const-fp-remove-all-fp/test.desc                | 1 -
 .../goto-instrument/precise-const-fp-only-remove-const/test.desc | 1 -
 .../goto-instrument/precise-const-fp-remove-all-fp/test.desc     | 1 -
 82 files changed, 82 deletions(-)

diff --git a/regression/acceleration/array_unsafe1/test.desc b/regression/acceleration/array_unsafe1/test.desc
index 200554d997b..e6fe08aeb20 100644
--- a/regression/acceleration/array_unsafe1/test.desc
+++ b/regression/acceleration/array_unsafe1/test.desc
@@ -1,7 +1,6 @@
 CORE
 main.c
 --no-unwinding-assertions
-
 ^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
diff --git a/regression/acceleration/array_unsafe2/test.desc b/regression/acceleration/array_unsafe2/test.desc
index 200554d997b..e6fe08aeb20 100644
--- a/regression/acceleration/array_unsafe2/test.desc
+++ b/regression/acceleration/array_unsafe2/test.desc
@@ -1,7 +1,6 @@
 CORE
 main.c
 --no-unwinding-assertions
-
 ^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
diff --git a/regression/acceleration/array_unsafe3/test.desc b/regression/acceleration/array_unsafe3/test.desc
index 200554d997b..e6fe08aeb20 100644
--- a/regression/acceleration/array_unsafe3/test.desc
+++ b/regression/acceleration/array_unsafe3/test.desc
@@ -1,7 +1,6 @@
 CORE
 main.c
 --no-unwinding-assertions
-
 ^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
diff --git a/regression/acceleration/array_unsafe4/test.desc b/regression/acceleration/array_unsafe4/test.desc
index 200554d997b..e6fe08aeb20 100644
--- a/regression/acceleration/array_unsafe4/test.desc
+++ b/regression/acceleration/array_unsafe4/test.desc
@@ -1,7 +1,6 @@
 CORE
 main.c
 --no-unwinding-assertions
-
 ^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
diff --git a/regression/acceleration/const_unsafe1/test.desc b/regression/acceleration/const_unsafe1/test.desc
index 200554d997b..e6fe08aeb20 100644
--- a/regression/acceleration/const_unsafe1/test.desc
+++ b/regression/acceleration/const_unsafe1/test.desc
@@ -1,7 +1,6 @@
 CORE
 main.c
 --no-unwinding-assertions
-
 ^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
diff --git a/regression/acceleration/diamond_unsafe1/test.desc b/regression/acceleration/diamond_unsafe1/test.desc
index 200554d997b..e6fe08aeb20 100644
--- a/regression/acceleration/diamond_unsafe1/test.desc
+++ b/regression/acceleration/diamond_unsafe1/test.desc
@@ -1,7 +1,6 @@
 CORE
 main.c
 --no-unwinding-assertions
-
 ^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
diff --git a/regression/acceleration/diamond_unsafe2/test.desc b/regression/acceleration/diamond_unsafe2/test.desc
index 200554d997b..e6fe08aeb20 100644
--- a/regression/acceleration/diamond_unsafe2/test.desc
+++ b/regression/acceleration/diamond_unsafe2/test.desc
@@ -1,7 +1,6 @@
 CORE
 main.c
 --no-unwinding-assertions
-
 ^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
diff --git a/regression/acceleration/functions_unsafe1/test.desc b/regression/acceleration/functions_unsafe1/test.desc
index 200554d997b..e6fe08aeb20 100644
--- a/regression/acceleration/functions_unsafe1/test.desc
+++ b/regression/acceleration/functions_unsafe1/test.desc
@@ -1,7 +1,6 @@
 CORE
 main.c
 --no-unwinding-assertions
-
 ^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
diff --git a/regression/acceleration/multivar_unsafe1/test.desc b/regression/acceleration/multivar_unsafe1/test.desc
index 200554d997b..e6fe08aeb20 100644
--- a/regression/acceleration/multivar_unsafe1/test.desc
+++ b/regression/acceleration/multivar_unsafe1/test.desc
@@ -1,7 +1,6 @@
 CORE
 main.c
 --no-unwinding-assertions
-
 ^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
diff --git a/regression/acceleration/nested_unsafe1/test.desc b/regression/acceleration/nested_unsafe1/test.desc
index 200554d997b..e6fe08aeb20 100644
--- a/regression/acceleration/nested_unsafe1/test.desc
+++ b/regression/acceleration/nested_unsafe1/test.desc
@@ -1,7 +1,6 @@
 CORE
 main.c
 --no-unwinding-assertions
-
 ^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
diff --git a/regression/acceleration/overflow_unsafe1/test.desc b/regression/acceleration/overflow_unsafe1/test.desc
index 200554d997b..e6fe08aeb20 100644
--- a/regression/acceleration/overflow_unsafe1/test.desc
+++ b/regression/acceleration/overflow_unsafe1/test.desc
@@ -1,7 +1,6 @@
 CORE
 main.c
 --no-unwinding-assertions
-
 ^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
diff --git a/regression/acceleration/phases_unsafe1/test.desc b/regression/acceleration/phases_unsafe1/test.desc
index 200554d997b..e6fe08aeb20 100644
--- a/regression/acceleration/phases_unsafe1/test.desc
+++ b/regression/acceleration/phases_unsafe1/test.desc
@@ -1,7 +1,6 @@
 CORE
 main.c
 --no-unwinding-assertions
-
 ^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
diff --git a/regression/acceleration/simple_unsafe1/test.desc b/regression/acceleration/simple_unsafe1/test.desc
index 200554d997b..e6fe08aeb20 100644
--- a/regression/acceleration/simple_unsafe1/test.desc
+++ b/regression/acceleration/simple_unsafe1/test.desc
@@ -1,7 +1,6 @@
 CORE
 main.c
 --no-unwinding-assertions
-
 ^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
diff --git a/regression/acceleration/simple_unsafe2/test.desc b/regression/acceleration/simple_unsafe2/test.desc
index 200554d997b..e6fe08aeb20 100644
--- a/regression/acceleration/simple_unsafe2/test.desc
+++ b/regression/acceleration/simple_unsafe2/test.desc
@@ -1,7 +1,6 @@
 CORE
 main.c
 --no-unwinding-assertions
-
 ^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
diff --git a/regression/acceleration/simple_unsafe3/test.desc b/regression/acceleration/simple_unsafe3/test.desc
index 200554d997b..e6fe08aeb20 100644
--- a/regression/acceleration/simple_unsafe3/test.desc
+++ b/regression/acceleration/simple_unsafe3/test.desc
@@ -1,7 +1,6 @@
 CORE
 main.c
 --no-unwinding-assertions
-
 ^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
diff --git a/regression/acceleration/simple_unsafe4/test.desc b/regression/acceleration/simple_unsafe4/test.desc
index 200554d997b..e6fe08aeb20 100644
--- a/regression/acceleration/simple_unsafe4/test.desc
+++ b/regression/acceleration/simple_unsafe4/test.desc
@@ -1,7 +1,6 @@
 CORE
 main.c
 --no-unwinding-assertions
-
 ^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
diff --git a/regression/ansi-c/static_inline1/test.desc b/regression/ansi-c/static_inline1/test.desc
index 5717777037a..52168c7eba4 100644
--- a/regression/ansi-c/static_inline1/test.desc
+++ b/regression/ansi-c/static_inline1/test.desc
@@ -4,6 +4,5 @@ main.c
 ^EXIT=0$
 ^SIGNAL=0$
 ^VERIFICATION SUCCESSFUL$
-
 --
 ^warning: ignoring
diff --git a/regression/ansi-c/static_inline2/test.desc b/regression/ansi-c/static_inline2/test.desc
index c5c5692745d..6a006f47021 100644
--- a/regression/ansi-c/static_inline2/test.desc
+++ b/regression/ansi-c/static_inline2/test.desc
@@ -4,6 +4,5 @@ main.c
 ^EXIT=0$
 ^SIGNAL=0$
 ^VERIFICATION SUCCESSFUL$
-
 --
 ^warning: ignoring
diff --git a/regression/cbmc-incr-oneloop/unwind-forever1/test.desc b/regression/cbmc-incr-oneloop/unwind-forever1/test.desc
index 617547e56ad..5d03502707e 100644
--- a/regression/cbmc-incr-oneloop/unwind-forever1/test.desc
+++ b/regression/cbmc-incr-oneloop/unwind-forever1/test.desc
@@ -3,6 +3,5 @@ main.c
  --incremental-check main.0
 ^EXIT=142$
 ^SIGNAL=0$
-
 --
 ^warning: ignoring
diff --git a/regression/cbmc-incr-oneloop/unwind-forever2/test.desc b/regression/cbmc-incr-oneloop/unwind-forever2/test.desc
index bff68c7e0c8..920f3890da5 100644
--- a/regression/cbmc-incr-oneloop/unwind-forever2/test.desc
+++ b/regression/cbmc-incr-oneloop/unwind-forever2/test.desc
@@ -3,6 +3,5 @@ main.c
 --incremental-check main.0
 ^EXIT=142$
 ^SIGNAL=0$
-
 --
 ^warning: ignoring
diff --git a/regression/cbmc-java/tableswitch2/test.desc b/regression/cbmc-java/tableswitch2/test.desc
index b9e08d5d49b..baee77bb8e9 100644
--- a/regression/cbmc-java/tableswitch2/test.desc
+++ b/regression/cbmc-java/tableswitch2/test.desc
@@ -1,7 +1,6 @@
 CORE
 table_switch_neg_offset.class
 --function table_switch_neg_offset.f
-
 ^EXIT=0$
 ^SIGNAL=0$
 ^VERIFICATION SUCCESSFUL$
diff --git a/regression/cpp-linter/function-comment-header1/test.desc b/regression/cpp-linter/function-comment-header1/test.desc
index efaae0b7391..708eecf0783 100644
--- a/regression/cpp-linter/function-comment-header1/test.desc
+++ b/regression/cpp-linter/function-comment-header1/test.desc
@@ -3,6 +3,5 @@ main.cpp
 
 ^main\.cpp:26:  Could not find function header comment for foo  \[readability/function_comment\] \[4\]
 ^Total errors found: 1$
-
 ^SIGNAL=0$
 --
diff --git a/regression/cpp-linter/struct-inline-decl/test.desc b/regression/cpp-linter/struct-inline-decl/test.desc
index 4a53c26c870..12418d892f4 100644
--- a/regression/cpp-linter/struct-inline-decl/test.desc
+++ b/regression/cpp-linter/struct-inline-decl/test.desc
@@ -1,7 +1,6 @@
 CORE
 main.cpp
 
-
 ^Total errors found: 0$
 ^EXIT=0$
 ^SIGNAL=0$
diff --git a/regression/goto-analyzer/approx-array-variable-const-fp/test.desc b/regression/goto-analyzer/approx-array-variable-const-fp/test.desc
index 83a930d1c36..a0db9ddeaa9 100644
--- a/regression/goto-analyzer/approx-array-variable-const-fp/test.desc
+++ b/regression/goto-analyzer/approx-array-variable-const-fp/test.desc
@@ -1,7 +1,6 @@
 CORE
 main.c
 --show-goto-functions --verbosity 10 --pointer-check
-
 ^Removing function pointers and virtual functions$
 ^\s*IF fp_tbl\[\(signed long int\)i\] == f2 THEN GOTO [0-9]$
 ^\s*IF fp_tbl\[\(signed long int\)i\] == f3 THEN GOTO [0-9]$
diff --git a/regression/goto-analyzer/approx-const-fp-array-variable-cast-const-fp/test.desc b/regression/goto-analyzer/approx-const-fp-array-variable-cast-const-fp/test.desc
index a937e306d31..e6f1f4b5752 100644
--- a/regression/goto-analyzer/approx-const-fp-array-variable-cast-const-fp/test.desc
+++ b/regression/goto-analyzer/approx-const-fp-array-variable-cast-const-fp/test.desc
@@ -1,7 +1,6 @@
 CORE
 main.c
 --show-goto-functions --verbosity 10 --pointer-check
-
 ^Removing function pointers and virtual functions$
 ^\s*IF fp == f2 THEN GOTO [0-9]$
 ^\s*IF fp == f3 THEN GOTO [0-9]$
diff --git a/regression/goto-analyzer/approx-const-fp-array-variable-const-fp-with-null/test.desc b/regression/goto-analyzer/approx-const-fp-array-variable-const-fp-with-null/test.desc
index a937e306d31..e6f1f4b5752 100644
--- a/regression/goto-analyzer/approx-const-fp-array-variable-const-fp-with-null/test.desc
+++ b/regression/goto-analyzer/approx-const-fp-array-variable-const-fp-with-null/test.desc
@@ -1,7 +1,6 @@
 CORE
 main.c
 --show-goto-functions --verbosity 10 --pointer-check
-
 ^Removing function pointers and virtual functions$
 ^\s*IF fp == f2 THEN GOTO [0-9]$
 ^\s*IF fp == f3 THEN GOTO [0-9]$
diff --git a/regression/goto-analyzer/approx-const-fp-array-variable-const-fp/test.desc b/regression/goto-analyzer/approx-const-fp-array-variable-const-fp/test.desc
index a937e306d31..e6f1f4b5752 100644
--- a/regression/goto-analyzer/approx-const-fp-array-variable-const-fp/test.desc
+++ b/regression/goto-analyzer/approx-const-fp-array-variable-const-fp/test.desc
@@ -1,7 +1,6 @@
 CORE
 main.c
 --show-goto-functions --verbosity 10 --pointer-check
-
 ^Removing function pointers and virtual functions$
 ^\s*IF fp == f2 THEN GOTO [0-9]$
 ^\s*IF fp == f3 THEN GOTO [0-9]$
diff --git a/regression/goto-analyzer/approx-const-fp-array-variable-const-pointer-const-struct-non-const-fp/test.desc b/regression/goto-analyzer/approx-const-fp-array-variable-const-pointer-const-struct-non-const-fp/test.desc
index a937e306d31..e6f1f4b5752 100644
--- a/regression/goto-analyzer/approx-const-fp-array-variable-const-pointer-const-struct-non-const-fp/test.desc
+++ b/regression/goto-analyzer/approx-const-fp-array-variable-const-pointer-const-struct-non-const-fp/test.desc
@@ -1,7 +1,6 @@
 CORE
 main.c
 --show-goto-functions --verbosity 10 --pointer-check
-
 ^Removing function pointers and virtual functions$
 ^\s*IF fp == f2 THEN GOTO [0-9]$
 ^\s*IF fp == f3 THEN GOTO [0-9]$
diff --git a/regression/goto-analyzer/approx-const-fp-array-variable-const-struct-non-const-fp/test.desc b/regression/goto-analyzer/approx-const-fp-array-variable-const-struct-non-const-fp/test.desc
index a937e306d31..e6f1f4b5752 100644
--- a/regression/goto-analyzer/approx-const-fp-array-variable-const-struct-non-const-fp/test.desc
+++ b/regression/goto-analyzer/approx-const-fp-array-variable-const-struct-non-const-fp/test.desc
@@ -1,7 +1,6 @@
 CORE
 main.c
 --show-goto-functions --verbosity 10 --pointer-check
-
 ^Removing function pointers and virtual functions$
 ^\s*IF fp == f2 THEN GOTO [0-9]$
 ^\s*IF fp == f3 THEN GOTO [0-9]$
diff --git a/regression/goto-analyzer/approx-const-fp-array-variable-invalid-cast-const-fp/test.desc b/regression/goto-analyzer/approx-const-fp-array-variable-invalid-cast-const-fp/test.desc
index 6df2697851a..661ac93a14f 100644
--- a/regression/goto-analyzer/approx-const-fp-array-variable-invalid-cast-const-fp/test.desc
+++ b/regression/goto-analyzer/approx-const-fp-array-variable-invalid-cast-const-fp/test.desc
@@ -1,7 +1,6 @@
 CORE
 main.c
 --show-goto-functions --verbosity 10 --pointer-check
-
 ^Removing function pointers and virtual functions$
 ^\s*IF fp == \(const void_fp\)f2 THEN GOTO [0-9]$
 ^\s*IF fp == \(const void_fp\)f3 THEN GOTO [0-9]$
diff --git a/regression/goto-analyzer/no-match-const-array-const-pointer-const-fp-const-lost/test.desc b/regression/goto-analyzer/no-match-const-array-const-pointer-const-fp-const-lost/test.desc
index 9ac0520abde..cb389930278 100644
--- a/regression/goto-analyzer/no-match-const-array-const-pointer-const-fp-const-lost/test.desc
+++ b/regression/goto-analyzer/no-match-const-array-const-pointer-const-fp-const-lost/test.desc
@@ -1,7 +1,6 @@
 CORE
 main.c
 --show-goto-functions --verbosity 10 --pointer-check
-
 ^Removing function pointers and virtual functions$
 ^\s*IF \*fp == f1 THEN GOTO [0-9]$
 ^\s*IF \*fp == f2 THEN GOTO [0-9]$
diff --git a/regression/goto-analyzer/no-match-const-fp-array-literal-const-fp-run-time/test.desc b/regression/goto-analyzer/no-match-const-fp-array-literal-const-fp-run-time/test.desc
index 997ec886207..a73805f5730 100644
--- a/regression/goto-analyzer/no-match-const-fp-array-literal-const-fp-run-time/test.desc
+++ b/regression/goto-analyzer/no-match-const-fp-array-literal-const-fp-run-time/test.desc
@@ -1,7 +1,6 @@
 CORE
 main.c
 --show-goto-functions --verbosity 10 --pointer-check
-
 ^Removing function pointers and virtual functions$
 ^\s*IF fp == f1 THEN GOTO [0-9]$
 ^\s*IF fp == f2 THEN GOTO [0-9]$
diff --git a/regression/goto-analyzer/no-match-const-fp-array-literal-non-const-fp-run-time/test.desc b/regression/goto-analyzer/no-match-const-fp-array-literal-non-const-fp-run-time/test.desc
index 997ec886207..a73805f5730 100644
--- a/regression/goto-analyzer/no-match-const-fp-array-literal-non-const-fp-run-time/test.desc
+++ b/regression/goto-analyzer/no-match-const-fp-array-literal-non-const-fp-run-time/test.desc
@@ -1,7 +1,6 @@
 CORE
 main.c
 --show-goto-functions --verbosity 10 --pointer-check
-
 ^Removing function pointers and virtual functions$
 ^\s*IF fp == f1 THEN GOTO [0-9]$
 ^\s*IF fp == f2 THEN GOTO [0-9]$
diff --git a/regression/goto-analyzer/no-match-const-fp-array-literal-non-const-fp/test.desc b/regression/goto-analyzer/no-match-const-fp-array-literal-non-const-fp/test.desc
index 9c0926c2e7a..13d0c5353ce 100644
--- a/regression/goto-analyzer/no-match-const-fp-array-literal-non-const-fp/test.desc
+++ b/regression/goto-analyzer/no-match-const-fp-array-literal-non-const-fp/test.desc
@@ -1,7 +1,6 @@
 CORE
 main.c
 --show-goto-functions --verbosity 10 --pointer-check
-
 ^Removing function pointers and virtual functions$
 ^\s*IF fp2 == f1 THEN GOTO [0-9]$
 ^\s*IF fp2 == f2 THEN GOTO [0-9]$
diff --git a/regression/goto-analyzer/no-match-const-fp-array-non-const-fp/test.desc b/regression/goto-analyzer/no-match-const-fp-array-non-const-fp/test.desc
index 9c0926c2e7a..13d0c5353ce 100644
--- a/regression/goto-analyzer/no-match-const-fp-array-non-const-fp/test.desc
+++ b/regression/goto-analyzer/no-match-const-fp-array-non-const-fp/test.desc
@@ -1,7 +1,6 @@
 CORE
 main.c
 --show-goto-functions --verbosity 10 --pointer-check
-
 ^Removing function pointers and virtual functions$
 ^\s*IF fp2 == f1 THEN GOTO [0-9]$
 ^\s*IF fp2 == f2 THEN GOTO [0-9]$
diff --git a/regression/goto-analyzer/no-match-const-fp-binary-op-const-lost/test.desc b/regression/goto-analyzer/no-match-const-fp-binary-op-const-lost/test.desc
index e8357d911c6..b9a72f79cfe 100644
--- a/regression/goto-analyzer/no-match-const-fp-binary-op-const-lost/test.desc
+++ b/regression/goto-analyzer/no-match-const-fp-binary-op-const-lost/test.desc
@@ -1,7 +1,6 @@
 CORE
 main.c
 --show-goto-functions --verbosity 10 --pointer-check
-
 ^Removing function pointers and virtual functions$
 ^\s*IF fp == f1 THEN GOTO [0-9]$
 ^\s*IF fp == f2 THEN GOTO [0-9]$
diff --git a/regression/goto-analyzer/no-match-const-fp-const-array-index-lost/test.desc b/regression/goto-analyzer/no-match-const-fp-const-array-index-lost/test.desc
index 9ac0520abde..cb389930278 100644
--- a/regression/goto-analyzer/no-match-const-fp-const-array-index-lost/test.desc
+++ b/regression/goto-analyzer/no-match-const-fp-const-array-index-lost/test.desc
@@ -1,7 +1,6 @@
 CORE
 main.c
 --show-goto-functions --verbosity 10 --pointer-check
-
 ^Removing function pointers and virtual functions$
 ^\s*IF \*fp == f1 THEN GOTO [0-9]$
 ^\s*IF \*fp == f2 THEN GOTO [0-9]$
diff --git a/regression/goto-analyzer/no-match-const-fp-const-array-lost/test.desc b/regression/goto-analyzer/no-match-const-fp-const-array-lost/test.desc
index 9ac0520abde..cb389930278 100644
--- a/regression/goto-analyzer/no-match-const-fp-const-array-lost/test.desc
+++ b/regression/goto-analyzer/no-match-const-fp-const-array-lost/test.desc
@@ -1,7 +1,6 @@
 CORE
 main.c
 --show-goto-functions --verbosity 10 --pointer-check
-
 ^Removing function pointers and virtual functions$
 ^\s*IF \*fp == f1 THEN GOTO [0-9]$
 ^\s*IF \*fp == f2 THEN GOTO [0-9]$
diff --git a/regression/goto-analyzer/no-match-const-fp-const-cast/test.desc b/regression/goto-analyzer/no-match-const-fp-const-cast/test.desc
index e8357d911c6..b9a72f79cfe 100644
--- a/regression/goto-analyzer/no-match-const-fp-const-cast/test.desc
+++ b/regression/goto-analyzer/no-match-const-fp-const-cast/test.desc
@@ -1,7 +1,6 @@
 CORE
 main.c
 --show-goto-functions --verbosity 10 --pointer-check
-
 ^Removing function pointers and virtual functions$
 ^\s*IF fp == f1 THEN GOTO [0-9]$
 ^\s*IF fp == f2 THEN GOTO [0-9]$
diff --git a/regression/goto-analyzer/no-match-const-fp-const-lost/test.desc b/regression/goto-analyzer/no-match-const-fp-const-lost/test.desc
index e8357d911c6..b9a72f79cfe 100644
--- a/regression/goto-analyzer/no-match-const-fp-const-lost/test.desc
+++ b/regression/goto-analyzer/no-match-const-fp-const-lost/test.desc
@@ -1,7 +1,6 @@
 CORE
 main.c
 --show-goto-functions --verbosity 10 --pointer-check
-
 ^Removing function pointers and virtual functions$
 ^\s*IF fp == f1 THEN GOTO [0-9]$
 ^\s*IF fp == f2 THEN GOTO [0-9]$
diff --git a/regression/goto-analyzer/no-match-const-fp-const-pointer-const-struct-const-fp-null/test.desc b/regression/goto-analyzer/no-match-const-fp-const-pointer-const-struct-const-fp-null/test.desc
index 25b505c0a0f..4786993cade 100644
--- a/regression/goto-analyzer/no-match-const-fp-const-pointer-const-struct-const-fp-null/test.desc
+++ b/regression/goto-analyzer/no-match-const-fp-const-pointer-const-struct-const-fp-null/test.desc
@@ -1,7 +1,6 @@
 CORE
 main.c
 --show-goto-functions --verbosity 10 --pointer-check
-
 ^Removing function pointers and virtual functions$
 ^\s*ASSERT FALSE // invalid function pointer$
 ^SIGNAL=0$
diff --git a/regression/goto-analyzer/no-match-const-fp-const-pointer-non-const-struct-const-fp/test.desc b/regression/goto-analyzer/no-match-const-fp-const-pointer-non-const-struct-const-fp/test.desc
index 997ec886207..a73805f5730 100644
--- a/regression/goto-analyzer/no-match-const-fp-const-pointer-non-const-struct-const-fp/test.desc
+++ b/regression/goto-analyzer/no-match-const-fp-const-pointer-non-const-struct-const-fp/test.desc
@@ -1,7 +1,6 @@
 CORE
 main.c
 --show-goto-functions --verbosity 10 --pointer-check
-
 ^Removing function pointers and virtual functions$
 ^\s*IF fp == f1 THEN GOTO [0-9]$
 ^\s*IF fp == f2 THEN GOTO [0-9]$
diff --git a/regression/goto-analyzer/no-match-const-fp-dereference-const-pointer-null/test.desc b/regression/goto-analyzer/no-match-const-fp-dereference-const-pointer-null/test.desc
index 25b505c0a0f..4786993cade 100644
--- a/regression/goto-analyzer/no-match-const-fp-dereference-const-pointer-null/test.desc
+++ b/regression/goto-analyzer/no-match-const-fp-dereference-const-pointer-null/test.desc
@@ -1,7 +1,6 @@
 CORE
 main.c
 --show-goto-functions --verbosity 10 --pointer-check
-
 ^Removing function pointers and virtual functions$
 ^\s*ASSERT FALSE // invalid function pointer$
 ^SIGNAL=0$
diff --git a/regression/goto-analyzer/no-match-const-fp-dereference-non-const-pointer-const-fp/test.desc b/regression/goto-analyzer/no-match-const-fp-dereference-non-const-pointer-const-fp/test.desc
index 61a7ec29e6b..f7f42277bae 100644
--- a/regression/goto-analyzer/no-match-const-fp-dereference-non-const-pointer-const-fp/test.desc
+++ b/regression/goto-analyzer/no-match-const-fp-dereference-non-const-pointer-const-fp/test.desc
@@ -1,7 +1,6 @@
 CORE
 main.c
 --show-goto-functions --verbosity 10 --pointer-check
-
 ^Removing function pointers and virtual functions$
 ^\s*IF final_fp == f1 THEN GOTO [0-9]$
 ^\s*IF final_fp == f2 THEN GOTO [0-9]$
diff --git a/regression/goto-analyzer/no-match-const-fp-dynamic-array-non-const-fp/test.desc b/regression/goto-analyzer/no-match-const-fp-dynamic-array-non-const-fp/test.desc
index 997ec886207..a73805f5730 100644
--- a/regression/goto-analyzer/no-match-const-fp-dynamic-array-non-const-fp/test.desc
+++ b/regression/goto-analyzer/no-match-const-fp-dynamic-array-non-const-fp/test.desc
@@ -1,7 +1,6 @@
 CORE
 main.c
 --show-goto-functions --verbosity 10 --pointer-check
-
 ^Removing function pointers and virtual functions$
 ^\s*IF fp == f1 THEN GOTO [0-9]$
 ^\s*IF fp == f2 THEN GOTO [0-9]$
diff --git a/regression/goto-analyzer/no-match-const-fp-non-const-pointer-non-const-struct-const-fp/test.desc b/regression/goto-analyzer/no-match-const-fp-non-const-pointer-non-const-struct-const-fp/test.desc
index 997ec886207..a73805f5730 100644
--- a/regression/goto-analyzer/no-match-const-fp-non-const-pointer-non-const-struct-const-fp/test.desc
+++ b/regression/goto-analyzer/no-match-const-fp-non-const-pointer-non-const-struct-const-fp/test.desc
@@ -1,7 +1,6 @@
 CORE
 main.c
 --show-goto-functions --verbosity 10 --pointer-check
-
 ^Removing function pointers and virtual functions$
 ^\s*IF fp == f1 THEN GOTO [0-9]$
 ^\s*IF fp == f2 THEN GOTO [0-9]$
diff --git a/regression/goto-analyzer/no-match-const-fp-non-const-struct-const-fp/test.desc b/regression/goto-analyzer/no-match-const-fp-non-const-struct-const-fp/test.desc
index 997ec886207..a73805f5730 100644
--- a/regression/goto-analyzer/no-match-const-fp-non-const-struct-const-fp/test.desc
+++ b/regression/goto-analyzer/no-match-const-fp-non-const-struct-const-fp/test.desc
@@ -1,7 +1,6 @@
 CORE
 main.c
 --show-goto-functions --verbosity 10 --pointer-check
-
 ^Removing function pointers and virtual functions$
 ^\s*IF fp == f1 THEN GOTO [0-9]$
 ^\s*IF fp == f2 THEN GOTO [0-9]$
diff --git a/regression/goto-analyzer/no-match-const-fp-non-const-struct-non-const-fp/test.desc b/regression/goto-analyzer/no-match-const-fp-non-const-struct-non-const-fp/test.desc
index 997ec886207..a73805f5730 100644
--- a/regression/goto-analyzer/no-match-const-fp-non-const-struct-non-const-fp/test.desc
+++ b/regression/goto-analyzer/no-match-const-fp-non-const-struct-non-const-fp/test.desc
@@ -1,7 +1,6 @@
 CORE
 main.c
 --show-goto-functions --verbosity 10 --pointer-check
-
 ^Removing function pointers and virtual functions$
 ^\s*IF fp == f1 THEN GOTO [0-9]$
 ^\s*IF fp == f2 THEN GOTO [0-9]$
diff --git a/regression/goto-analyzer/no-match-const-fp-null/test.desc b/regression/goto-analyzer/no-match-const-fp-null/test.desc
index 267ec2284f7..d8e8d833238 100644
--- a/regression/goto-analyzer/no-match-const-fp-null/test.desc
+++ b/regression/goto-analyzer/no-match-const-fp-null/test.desc
@@ -1,7 +1,6 @@
 CORE
 main.c
 --show-goto-functions --verbosity 10 --pointer-check
-
 ^Removing function pointers and virtual functions$
 ^\s*ASSERT FALSE // invalid function pointer$
 --
diff --git a/regression/goto-analyzer/no-match-const-fp-ternerary-op-const-lost/test.desc b/regression/goto-analyzer/no-match-const-fp-ternerary-op-const-lost/test.desc
index e8357d911c6..b9a72f79cfe 100644
--- a/regression/goto-analyzer/no-match-const-fp-ternerary-op-const-lost/test.desc
+++ b/regression/goto-analyzer/no-match-const-fp-ternerary-op-const-lost/test.desc
@@ -1,7 +1,6 @@
 CORE
 main.c
 --show-goto-functions --verbosity 10 --pointer-check
-
 ^Removing function pointers and virtual functions$
 ^\s*IF fp == f1 THEN GOTO [0-9]$
 ^\s*IF fp == f2 THEN GOTO [0-9]$
diff --git a/regression/goto-analyzer/no-match-const-pointer-const-struct-const-fp-const-cast/test.desc b/regression/goto-analyzer/no-match-const-pointer-const-struct-const-fp-const-cast/test.desc
index 2f4b2832b4d..4e6fda43498 100644
--- a/regression/goto-analyzer/no-match-const-pointer-const-struct-const-fp-const-cast/test.desc
+++ b/regression/goto-analyzer/no-match-const-pointer-const-struct-const-fp-const-cast/test.desc
@@ -1,7 +1,6 @@
 CORE
 main.c
 --show-goto-functions --verbosity 10 --pointer-check
-
 ^Removing function pointers and virtual functions$
 ^\s*IF container_pointer->fp == f1 THEN GOTO [0-9]$
 ^\s*IF container_pointer->fp == f2 THEN GOTO [0-9]$
diff --git a/regression/goto-analyzer/no-match-const-pointer-non-const-struct-const-fp/test.desc b/regression/goto-analyzer/no-match-const-pointer-non-const-struct-const-fp/test.desc
index 2760fadd576..eaad08aafe0 100644
--- a/regression/goto-analyzer/no-match-const-pointer-non-const-struct-const-fp/test.desc
+++ b/regression/goto-analyzer/no-match-const-pointer-non-const-struct-const-fp/test.desc
@@ -1,7 +1,6 @@
 CORE
 main.c
 --show-goto-functions --verbosity 10 --pointer-check
-
 ^Removing function pointers and virtual functions$
 ^\s*IF pts->go == f1 THEN GOTO [0-9]$
 ^\s*IF pts->go == f2 THEN GOTO [0-9]$
diff --git a/regression/goto-analyzer/no-match-const-struct-non-const-fp-null/test.desc b/regression/goto-analyzer/no-match-const-struct-non-const-fp-null/test.desc
index 25b505c0a0f..4786993cade 100644
--- a/regression/goto-analyzer/no-match-const-struct-non-const-fp-null/test.desc
+++ b/regression/goto-analyzer/no-match-const-struct-non-const-fp-null/test.desc
@@ -1,7 +1,6 @@
 CORE
 main.c
 --show-goto-functions --verbosity 10 --pointer-check
-
 ^Removing function pointers and virtual functions$
 ^\s*ASSERT FALSE // invalid function pointer$
 ^SIGNAL=0$
diff --git a/regression/goto-analyzer/no-match-dereference-const-pointer-const-array-literal-pointer-const-fp/test.desc b/regression/goto-analyzer/no-match-dereference-const-pointer-const-array-literal-pointer-const-fp/test.desc
index 7e0aca75523..9c63fcd4c03 100644
--- a/regression/goto-analyzer/no-match-dereference-const-pointer-const-array-literal-pointer-const-fp/test.desc
+++ b/regression/goto-analyzer/no-match-dereference-const-pointer-const-array-literal-pointer-const-fp/test.desc
@@ -1,7 +1,6 @@
 CORE
 main.c
 --show-goto-functions --verbosity 10 --pointer-check
-
 ^Removing function pointers and virtual functions$
 ^\s*IF \*container_ptr->fp_tbl\[\(signed long int\)1\] == f1 THEN GOTO [0-9]$
 ^\s*IF \*container_ptr->fp_tbl\[\(signed long int\)1\] == f2 THEN GOTO [0-9]$
diff --git a/regression/goto-analyzer/no-match-dereference-non-const-struct-const-pointer-const-fp/test.desc b/regression/goto-analyzer/no-match-dereference-non-const-struct-const-pointer-const-fp/test.desc
index f55defde97b..662bd323844 100644
--- a/regression/goto-analyzer/no-match-dereference-non-const-struct-const-pointer-const-fp/test.desc
+++ b/regression/goto-analyzer/no-match-dereference-non-const-struct-const-pointer-const-fp/test.desc
@@ -1,7 +1,6 @@
 CORE
 main.c
 --show-goto-functions --verbosity 10 --pointer-check
-
 ^Removing function pointers and virtual functions$
 ^\s*IF \*container_container\.container == f1 THEN GOTO [0-9]$
 ^\s*IF \*container_container\.container == f2 THEN GOTO [0-9]$
diff --git a/regression/goto-analyzer/no-match-dereference-non-const-struct-non-const-pointer-const-fp/test.desc b/regression/goto-analyzer/no-match-dereference-non-const-struct-non-const-pointer-const-fp/test.desc
index f55defde97b..662bd323844 100644
--- a/regression/goto-analyzer/no-match-dereference-non-const-struct-non-const-pointer-const-fp/test.desc
+++ b/regression/goto-analyzer/no-match-dereference-non-const-struct-non-const-pointer-const-fp/test.desc
@@ -1,7 +1,6 @@
 CORE
 main.c
 --show-goto-functions --verbosity 10 --pointer-check
-
 ^Removing function pointers and virtual functions$
 ^\s*IF \*container_container\.container == f1 THEN GOTO [0-9]$
 ^\s*IF \*container_container\.container == f2 THEN GOTO [0-9]$
diff --git a/regression/goto-analyzer/no-match-non-const-fp/test.desc b/regression/goto-analyzer/no-match-non-const-fp/test.desc
index 997ec886207..a73805f5730 100644
--- a/regression/goto-analyzer/no-match-non-const-fp/test.desc
+++ b/regression/goto-analyzer/no-match-non-const-fp/test.desc
@@ -1,7 +1,6 @@
 CORE
 main.c
 --show-goto-functions --verbosity 10 --pointer-check
-
 ^Removing function pointers and virtual functions$
 ^\s*IF fp == f1 THEN GOTO [0-9]$
 ^\s*IF fp == f2 THEN GOTO [0-9]$
diff --git a/regression/goto-analyzer/no-match-parameter-const-fp/test.desc b/regression/goto-analyzer/no-match-parameter-const-fp/test.desc
index 997ec886207..a73805f5730 100644
--- a/regression/goto-analyzer/no-match-parameter-const-fp/test.desc
+++ b/regression/goto-analyzer/no-match-parameter-const-fp/test.desc
@@ -1,7 +1,6 @@
 CORE
 main.c
 --show-goto-functions --verbosity 10 --pointer-check
-
 ^Removing function pointers and virtual functions$
 ^\s*IF fp == f1 THEN GOTO [0-9]$
 ^\s*IF fp == f2 THEN GOTO [0-9]$
diff --git a/regression/goto-analyzer/no-match-parameter-fp/test.desc b/regression/goto-analyzer/no-match-parameter-fp/test.desc
index 997ec886207..a73805f5730 100644
--- a/regression/goto-analyzer/no-match-parameter-fp/test.desc
+++ b/regression/goto-analyzer/no-match-parameter-fp/test.desc
@@ -1,7 +1,6 @@
 CORE
 main.c
 --show-goto-functions --verbosity 10 --pointer-check
-
 ^Removing function pointers and virtual functions$
 ^\s*IF fp == f1 THEN GOTO [0-9]$
 ^\s*IF fp == f2 THEN GOTO [0-9]$
diff --git a/regression/goto-analyzer/no-match-pointer-const-struct-array-literal-non-const-fp/test.desc b/regression/goto-analyzer/no-match-pointer-const-struct-array-literal-non-const-fp/test.desc
index 83a4d98d9f4..24a5ab5ddda 100644
--- a/regression/goto-analyzer/no-match-pointer-const-struct-array-literal-non-const-fp/test.desc
+++ b/regression/goto-analyzer/no-match-pointer-const-struct-array-literal-non-const-fp/test.desc
@@ -1,7 +1,6 @@
 CORE
 main.c
 --show-goto-functions --verbosity 10 --pointer-check
-
 ^Removing function pointers and virtual functions$
 ^\s*IF container_ptr->fp_tbl\[\(signed long int\)1\] == f1 THEN GOTO [0-9]$
 ^\s*IF container_ptr->fp_tbl\[\(signed long int\)1\] == f2 THEN GOTO [0-9]$
diff --git a/regression/goto-analyzer/precise-const-fp-array-literal-const-fp-run-time/test.desc b/regression/goto-analyzer/precise-const-fp-array-literal-const-fp-run-time/test.desc
index 6c7de56a1a0..ab2a0acefba 100644
--- a/regression/goto-analyzer/precise-const-fp-array-literal-const-fp-run-time/test.desc
+++ b/regression/goto-analyzer/precise-const-fp-array-literal-const-fp-run-time/test.desc
@@ -1,7 +1,6 @@
 CORE
 main.c
 --show-goto-functions --verbosity 10 --pointer-check
-
 ^Removing function pointers and virtual functions$
 ^\s*f3\(\);$
 --
diff --git a/regression/goto-analyzer/precise-const-fp-array-literal-const-struct-non-const-fp/test.desc b/regression/goto-analyzer/precise-const-fp-array-literal-const-struct-non-const-fp/test.desc
index 2eff811f4bc..fad0e6c7a1d 100644
--- a/regression/goto-analyzer/precise-const-fp-array-literal-const-struct-non-const-fp/test.desc
+++ b/regression/goto-analyzer/precise-const-fp-array-literal-const-struct-non-const-fp/test.desc
@@ -1,7 +1,6 @@
 CORE
 main.c
 --show-goto-functions --verbosity 10 --pointer-check
-
 ^Removing function pointers and virtual functions$
 ^\s*f3\(\);$
 ^SIGNAL=0$
diff --git a/regression/goto-analyzer/precise-const-fp-array-variable-const-pointer-const-struct-non-const-fp/test.desc b/regression/goto-analyzer/precise-const-fp-array-variable-const-pointer-const-struct-non-const-fp/test.desc
index eb1e2781ef1..90cd2485ce1 100644
--- a/regression/goto-analyzer/precise-const-fp-array-variable-const-pointer-const-struct-non-const-fp/test.desc
+++ b/regression/goto-analyzer/precise-const-fp-array-variable-const-pointer-const-struct-non-const-fp/test.desc
@@ -1,7 +1,6 @@
 CORE
 main.c
 --show-goto-functions --verbosity 10 --pointer-check
-
 ^Removing function pointers and virtual functions$
 ^\s*f2\(\);
 ^SIGNAL=0$
diff --git a/regression/goto-analyzer/precise-const-fp-const-struct-const-array-literal-fp/test.desc b/regression/goto-analyzer/precise-const-fp-const-struct-const-array-literal-fp/test.desc
index 2eff811f4bc..fad0e6c7a1d 100644
--- a/regression/goto-analyzer/precise-const-fp-const-struct-const-array-literal-fp/test.desc
+++ b/regression/goto-analyzer/precise-const-fp-const-struct-const-array-literal-fp/test.desc
@@ -1,7 +1,6 @@
 CORE
 main.c
 --show-goto-functions --verbosity 10 --pointer-check
-
 ^Removing function pointers and virtual functions$
 ^\s*f3\(\);$
 ^SIGNAL=0$
diff --git a/regression/goto-analyzer/precise-const-fp-const-struct-non-const-array-literal-fp/test.desc b/regression/goto-analyzer/precise-const-fp-const-struct-non-const-array-literal-fp/test.desc
index 2eff811f4bc..fad0e6c7a1d 100644
--- a/regression/goto-analyzer/precise-const-fp-const-struct-non-const-array-literal-fp/test.desc
+++ b/regression/goto-analyzer/precise-const-fp-const-struct-non-const-array-literal-fp/test.desc
@@ -1,7 +1,6 @@
 CORE
 main.c
 --show-goto-functions --verbosity 10 --pointer-check
-
 ^Removing function pointers and virtual functions$
 ^\s*f3\(\);$
 ^SIGNAL=0$
diff --git a/regression/goto-analyzer/precise-const-fp-const-struct-non-const-fp/test.desc b/regression/goto-analyzer/precise-const-fp-const-struct-non-const-fp/test.desc
index eb1e2781ef1..90cd2485ce1 100644
--- a/regression/goto-analyzer/precise-const-fp-const-struct-non-const-fp/test.desc
+++ b/regression/goto-analyzer/precise-const-fp-const-struct-non-const-fp/test.desc
@@ -1,7 +1,6 @@
 CORE
 main.c
 --show-goto-functions --verbosity 10 --pointer-check
-
 ^Removing function pointers and virtual functions$
 ^\s*f2\(\);
 ^SIGNAL=0$
diff --git a/regression/goto-analyzer/precise-const-fp-dereference-const-pointer-const-fp/test.desc b/regression/goto-analyzer/precise-const-fp-dereference-const-pointer-const-fp/test.desc
index 2eff811f4bc..fad0e6c7a1d 100644
--- a/regression/goto-analyzer/precise-const-fp-dereference-const-pointer-const-fp/test.desc
+++ b/regression/goto-analyzer/precise-const-fp-dereference-const-pointer-const-fp/test.desc
@@ -1,7 +1,6 @@
 CORE
 main.c
 --show-goto-functions --verbosity 10 --pointer-check
-
 ^Removing function pointers and virtual functions$
 ^\s*f3\(\);$
 ^SIGNAL=0$
diff --git a/regression/goto-analyzer/precise-const-fp/test.desc b/regression/goto-analyzer/precise-const-fp/test.desc
index ef4cf690b60..4dd6e7fd098 100644
--- a/regression/goto-analyzer/precise-const-fp/test.desc
+++ b/regression/goto-analyzer/precise-const-fp/test.desc
@@ -1,7 +1,6 @@
 CORE
 main.c
 --show-goto-functions --verbosity 10 --pointer-check
-
 ^Removing function pointers and virtual functions$
 ^\s*f2\(\);
 --
diff --git a/regression/goto-analyzer/precise-const-pointer-const-struct-fp/test.desc b/regression/goto-analyzer/precise-const-pointer-const-struct-fp/test.desc
index 0de6942ba42..40361f6ccc2 100644
--- a/regression/goto-analyzer/precise-const-pointer-const-struct-fp/test.desc
+++ b/regression/goto-analyzer/precise-const-pointer-const-struct-fp/test.desc
@@ -1,7 +1,6 @@
 CORE
 main.c
 --show-goto-functions --verbosity 10 --pointer-check
-
 ^Removing function pointers and virtual functions$
 ^\s*f2\(\);$
 ^SIGNAL=0$
diff --git a/regression/goto-analyzer/precise-const-struct-non-const-fp/test.desc b/regression/goto-analyzer/precise-const-struct-non-const-fp/test.desc
index eb1e2781ef1..90cd2485ce1 100644
--- a/regression/goto-analyzer/precise-const-struct-non-const-fp/test.desc
+++ b/regression/goto-analyzer/precise-const-struct-non-const-fp/test.desc
@@ -1,7 +1,6 @@
 CORE
 main.c
 --show-goto-functions --verbosity 10 --pointer-check
-
 ^Removing function pointers and virtual functions$
 ^\s*f2\(\);
 ^SIGNAL=0$
diff --git a/regression/goto-analyzer/precise-derefence-const-pointer-const-fp/test.desc b/regression/goto-analyzer/precise-derefence-const-pointer-const-fp/test.desc
index 2eff811f4bc..fad0e6c7a1d 100644
--- a/regression/goto-analyzer/precise-derefence-const-pointer-const-fp/test.desc
+++ b/regression/goto-analyzer/precise-derefence-const-pointer-const-fp/test.desc
@@ -1,7 +1,6 @@
 CORE
 main.c
 --show-goto-functions --verbosity 10 --pointer-check
-
 ^Removing function pointers and virtual functions$
 ^\s*f3\(\);$
 ^SIGNAL=0$
diff --git a/regression/goto-analyzer/precise-derefence/test.desc b/regression/goto-analyzer/precise-derefence/test.desc
index ef4cf690b60..4dd6e7fd098 100644
--- a/regression/goto-analyzer/precise-derefence/test.desc
+++ b/regression/goto-analyzer/precise-derefence/test.desc
@@ -1,7 +1,6 @@
 CORE
 main.c
 --show-goto-functions --verbosity 10 --pointer-check
-
 ^Removing function pointers and virtual functions$
 ^\s*f2\(\);
 --
diff --git a/regression/goto-analyzer/precise-dereference-address-pointer-const-fp/test.desc b/regression/goto-analyzer/precise-dereference-address-pointer-const-fp/test.desc
index 2eff811f4bc..fad0e6c7a1d 100644
--- a/regression/goto-analyzer/precise-dereference-address-pointer-const-fp/test.desc
+++ b/regression/goto-analyzer/precise-dereference-address-pointer-const-fp/test.desc
@@ -1,7 +1,6 @@
 CORE
 main.c
 --show-goto-functions --verbosity 10 --pointer-check
-
 ^Removing function pointers and virtual functions$
 ^\s*f3\(\);$
 ^SIGNAL=0$
diff --git a/regression/goto-analyzer/precise-dereference-const-struct-const-pointer-const-fp/test.desc b/regression/goto-analyzer/precise-dereference-const-struct-const-pointer-const-fp/test.desc
index 2eff811f4bc..fad0e6c7a1d 100644
--- a/regression/goto-analyzer/precise-dereference-const-struct-const-pointer-const-fp/test.desc
+++ b/regression/goto-analyzer/precise-dereference-const-struct-const-pointer-const-fp/test.desc
@@ -1,7 +1,6 @@
 CORE
 main.c
 --show-goto-functions --verbosity 10 --pointer-check
-
 ^Removing function pointers and virtual functions$
 ^\s*f3\(\);$
 ^SIGNAL=0$
diff --git a/regression/goto-analyzer/precise-dereference-const-struct-const-pointer-const-struct-const-fp/test.desc b/regression/goto-analyzer/precise-dereference-const-struct-const-pointer-const-struct-const-fp/test.desc
index 2eff811f4bc..fad0e6c7a1d 100644
--- a/regression/goto-analyzer/precise-dereference-const-struct-const-pointer-const-struct-const-fp/test.desc
+++ b/regression/goto-analyzer/precise-dereference-const-struct-const-pointer-const-struct-const-fp/test.desc
@@ -1,7 +1,6 @@
 CORE
 main.c
 --show-goto-functions --verbosity 10 --pointer-check
-
 ^Removing function pointers and virtual functions$
 ^\s*f3\(\);$
 ^SIGNAL=0$
diff --git a/regression/goto-analyzer/precise-dereference-const-struct-pointer-const-fp/test.desc b/regression/goto-analyzer/precise-dereference-const-struct-pointer-const-fp/test.desc
index 2eff811f4bc..fad0e6c7a1d 100644
--- a/regression/goto-analyzer/precise-dereference-const-struct-pointer-const-fp/test.desc
+++ b/regression/goto-analyzer/precise-dereference-const-struct-pointer-const-fp/test.desc
@@ -1,7 +1,6 @@
 CORE
 main.c
 --show-goto-functions --verbosity 10 --pointer-check
-
 ^Removing function pointers and virtual functions$
 ^\s*f3\(\);$
 ^SIGNAL=0$
diff --git a/regression/goto-instrument/approx-array-variable-const-fp-only-remove-const/test.desc b/regression/goto-instrument/approx-array-variable-const-fp-only-remove-const/test.desc
index f58b03a58b3..83e4f545415 100644
--- a/regression/goto-instrument/approx-array-variable-const-fp-only-remove-const/test.desc
+++ b/regression/goto-instrument/approx-array-variable-const-fp-only-remove-const/test.desc
@@ -1,7 +1,6 @@
 CORE
 main.c
 --verbosity 10 --pointer-check --remove-const-function-pointers
-
 ^\s*IF fp_tbl\[\(signed long int\)i\] == f2 THEN GOTO [0-9]$
 ^\s*IF fp_tbl\[\(signed long int\)i\] == f3 THEN GOTO [0-9]$
 ^\s*IF fp_tbl\[\(signed long int\)i\] == f4 THEN GOTO [0-9]$
diff --git a/regression/goto-instrument/approx-array-variable-const-fp-remove-all-fp/test.desc b/regression/goto-instrument/approx-array-variable-const-fp-remove-all-fp/test.desc
index 3d065f1a742..35ed94ae046 100644
--- a/regression/goto-instrument/approx-array-variable-const-fp-remove-all-fp/test.desc
+++ b/regression/goto-instrument/approx-array-variable-const-fp-remove-all-fp/test.desc
@@ -1,7 +1,6 @@
 CORE
 main.c
 --verbosity 10 --pointer-check --remove-function-pointers
-
 ^\s*IF fp_tbl\[\(signed long int\)i\] == f2 THEN GOTO [0-9]$
 ^\s*IF fp_tbl\[\(signed long int\)i\] == f3 THEN GOTO [0-9]$
 ^\s*IF fp_tbl\[\(signed long int\)i\] == f4 THEN GOTO [0-9]$
diff --git a/regression/goto-instrument/no-match-non-const-fp-only-remove-const/test.desc b/regression/goto-instrument/no-match-non-const-fp-only-remove-const/test.desc
index 3b016907a44..9c23726e83c 100644
--- a/regression/goto-instrument/no-match-non-const-fp-only-remove-const/test.desc
+++ b/regression/goto-instrument/no-match-non-const-fp-only-remove-const/test.desc
@@ -1,7 +1,6 @@
 CORE
 main.c
 --verbosity 10 --pointer-check --remove-const-function-pointers
-
 ^\s*fp\(\);$
 ^SIGNAL=0$
 --
diff --git a/regression/goto-instrument/no-match-non-const-fp-remove-all-fp/test.desc b/regression/goto-instrument/no-match-non-const-fp-remove-all-fp/test.desc
index 3190d348aae..46c2f8cd2d4 100644
--- a/regression/goto-instrument/no-match-non-const-fp-remove-all-fp/test.desc
+++ b/regression/goto-instrument/no-match-non-const-fp-remove-all-fp/test.desc
@@ -1,7 +1,6 @@
 CORE
 main.c
 --verbosity 10 --pointer-check --remove-function-pointers
-
 ^\s*IF fp == f1 THEN GOTO [0-9]$
 ^\s*IF fp == f2 THEN GOTO [0-9]$
 ^\s*IF fp == f3 THEN GOTO [0-9]$
diff --git a/regression/goto-instrument/precise-const-fp-only-remove-const/test.desc b/regression/goto-instrument/precise-const-fp-only-remove-const/test.desc
index 2304d56b239..cdf49005c0b 100644
--- a/regression/goto-instrument/precise-const-fp-only-remove-const/test.desc
+++ b/regression/goto-instrument/precise-const-fp-only-remove-const/test.desc
@@ -1,7 +1,6 @@
 CORE
 main.c
 --verbosity 10 --pointer-check --remove-const-function-pointers
-
 ^\s*f2\(\);
 --
 ^warning: ignoring
diff --git a/regression/goto-instrument/precise-const-fp-remove-all-fp/test.desc b/regression/goto-instrument/precise-const-fp-remove-all-fp/test.desc
index dd072b1c232..a559b2b1747 100644
--- a/regression/goto-instrument/precise-const-fp-remove-all-fp/test.desc
+++ b/regression/goto-instrument/precise-const-fp-remove-all-fp/test.desc
@@ -1,7 +1,6 @@
 CORE
 main.c
 --verbosity 10 --pointer-check --remove-function-pointers
-
 ^\s*f2\(\);
 --
 ^warning: ignoring

From b4658eb76b31151d3d2c18648a5caf1518c649cc Mon Sep 17 00:00:00 2001
From: Vojtech Forejt <forejtv@gmail.com>
Date: Thu, 6 Apr 2017 17:19:18 +0100
Subject: [PATCH 163/699] Allow long long int instead of just long int in
 regexp of some tests.

This prevents spurious test failures on Windows. Fixes #769.
---
 .../approx-array-variable-const-fp/test.desc   | 18 +++++++++---------
 .../test.desc                                  | 18 +++++++++---------
 .../test.desc                                  | 18 +++++++++---------
 .../test.desc                                  | 18 +++++++++---------
 .../test.desc                                  | 18 +++++++++---------
 5 files changed, 45 insertions(+), 45 deletions(-)

diff --git a/regression/goto-analyzer/approx-array-variable-const-fp/test.desc b/regression/goto-analyzer/approx-array-variable-const-fp/test.desc
index a0db9ddeaa9..38027f70600 100644
--- a/regression/goto-analyzer/approx-array-variable-const-fp/test.desc
+++ b/regression/goto-analyzer/approx-array-variable-const-fp/test.desc
@@ -2,15 +2,15 @@ CORE
 main.c
 --show-goto-functions --verbosity 10 --pointer-check
 ^Removing function pointers and virtual functions$
-^\s*IF fp_tbl\[\(signed long int\)i\] == f2 THEN GOTO [0-9]$
-^\s*IF fp_tbl\[\(signed long int\)i\] == f3 THEN GOTO [0-9]$
-^\s*IF fp_tbl\[\(signed long int\)i\] == f4 THEN GOTO [0-9]$
+^\s*IF fp_tbl\[\(signed (long )*long int\)i\] == f2 THEN GOTO [0-9]$
+^\s*IF fp_tbl\[\(signed (long )*long int\)i\] == f3 THEN GOTO [0-9]$
+^\s*IF fp_tbl\[\(signed (long )*long int\)i\] == f4 THEN GOTO [0-9]$
 ^SIGNAL=0$
 --
-^\s*IF fp_tbl\[\(signed long int\)i\] == f1 THEN GOTO [0-9]$
-^\s*IF fp_tbl\[\(signed long int\)i\] == f5 THEN GOTO [0-9]$
-^\s*IF fp_tbl\[\(signed long int\)i\] == f6 THEN GOTO [0-9]$
-^\s*IF fp_tbl\[\(signed long int\)i\] == f7 THEN GOTO [0-9]$
-^\s*IF fp_tbl\[\(signed long int\)i\] == f8 THEN GOTO [0-9]$
-^\s*IF fp_tbl\[\(signed long int\)i\] == f9 THEN GOTO [0-9]$
+^\s*IF fp_tbl\[\(signed (long )*long int\)i\] == f1 THEN GOTO [0-9]$
+^\s*IF fp_tbl\[\(signed (long )*long int\)i\] == f5 THEN GOTO [0-9]$
+^\s*IF fp_tbl\[\(signed (long )*long int\)i\] == f6 THEN GOTO [0-9]$
+^\s*IF fp_tbl\[\(signed (long )*long int\)i\] == f7 THEN GOTO [0-9]$
+^\s*IF fp_tbl\[\(signed (long )*long int\)i\] == f8 THEN GOTO [0-9]$
+^\s*IF fp_tbl\[\(signed (long )*long int\)i\] == f9 THEN GOTO [0-9]$
 ^warning: ignoring
diff --git a/regression/goto-analyzer/no-match-dereference-const-pointer-const-array-literal-pointer-const-fp/test.desc b/regression/goto-analyzer/no-match-dereference-const-pointer-const-array-literal-pointer-const-fp/test.desc
index 9c63fcd4c03..ef491f67113 100644
--- a/regression/goto-analyzer/no-match-dereference-const-pointer-const-array-literal-pointer-const-fp/test.desc
+++ b/regression/goto-analyzer/no-match-dereference-const-pointer-const-array-literal-pointer-const-fp/test.desc
@@ -2,15 +2,15 @@ CORE
 main.c
 --show-goto-functions --verbosity 10 --pointer-check
 ^Removing function pointers and virtual functions$
-^\s*IF \*container_ptr->fp_tbl\[\(signed long int\)1\] == f1 THEN GOTO [0-9]$
-^\s*IF \*container_ptr->fp_tbl\[\(signed long int\)1\] == f2 THEN GOTO [0-9]$
-^\s*IF \*container_ptr->fp_tbl\[\(signed long int\)1\] == f3 THEN GOTO [0-9]$
-^\s*IF \*container_ptr->fp_tbl\[\(signed long int\)1\] == f4 THEN GOTO [0-9]$
-^\s*IF \*container_ptr->fp_tbl\[\(signed long int\)1\] == f5 THEN GOTO [0-9]$
-^\s*IF \*container_ptr->fp_tbl\[\(signed long int\)1\] == f6 THEN GOTO [0-9]$
-^\s*IF \*container_ptr->fp_tbl\[\(signed long int\)1\] == f7 THEN GOTO [0-9]$
-^\s*IF \*container_ptr->fp_tbl\[\(signed long int\)1\] == f8 THEN GOTO [0-9]$
-^\s*IF \*container_ptr->fp_tbl\[\(signed long int\)1\] == f9 THEN GOTO [0-9]$
+^\s*IF \*container_ptr->fp_tbl\[\(signed (long )*long int\)1\] == f1 THEN GOTO [0-9]$
+^\s*IF \*container_ptr->fp_tbl\[\(signed (long )*long int\)1\] == f2 THEN GOTO [0-9]$
+^\s*IF \*container_ptr->fp_tbl\[\(signed (long )*long int\)1\] == f3 THEN GOTO [0-9]$
+^\s*IF \*container_ptr->fp_tbl\[\(signed (long )*long int\)1\] == f4 THEN GOTO [0-9]$
+^\s*IF \*container_ptr->fp_tbl\[\(signed (long )*long int\)1\] == f5 THEN GOTO [0-9]$
+^\s*IF \*container_ptr->fp_tbl\[\(signed (long )*long int\)1\] == f6 THEN GOTO [0-9]$
+^\s*IF \*container_ptr->fp_tbl\[\(signed (long )*long int\)1\] == f7 THEN GOTO [0-9]$
+^\s*IF \*container_ptr->fp_tbl\[\(signed (long )*long int\)1\] == f8 THEN GOTO [0-9]$
+^\s*IF \*container_ptr->fp_tbl\[\(signed (long )*long int\)1\] == f9 THEN GOTO [0-9]$
 ^SIGNAL=0$
 --
 ^warning: ignoring
diff --git a/regression/goto-analyzer/no-match-pointer-const-struct-array-literal-non-const-fp/test.desc b/regression/goto-analyzer/no-match-pointer-const-struct-array-literal-non-const-fp/test.desc
index 24a5ab5ddda..a85714b51a1 100644
--- a/regression/goto-analyzer/no-match-pointer-const-struct-array-literal-non-const-fp/test.desc
+++ b/regression/goto-analyzer/no-match-pointer-const-struct-array-literal-non-const-fp/test.desc
@@ -2,15 +2,15 @@ CORE
 main.c
 --show-goto-functions --verbosity 10 --pointer-check
 ^Removing function pointers and virtual functions$
-^\s*IF container_ptr->fp_tbl\[\(signed long int\)1\] == f1 THEN GOTO [0-9]$
-^\s*IF container_ptr->fp_tbl\[\(signed long int\)1\] == f2 THEN GOTO [0-9]$
-^\s*IF container_ptr->fp_tbl\[\(signed long int\)1\] == f3 THEN GOTO [0-9]$
-^\s*IF container_ptr->fp_tbl\[\(signed long int\)1\] == f4 THEN GOTO [0-9]$
-^\s*IF container_ptr->fp_tbl\[\(signed long int\)1\] == f5 THEN GOTO [0-9]$
-^\s*IF container_ptr->fp_tbl\[\(signed long int\)1\] == f6 THEN GOTO [0-9]$
-^\s*IF container_ptr->fp_tbl\[\(signed long int\)1\] == f7 THEN GOTO [0-9]$
-^\s*IF container_ptr->fp_tbl\[\(signed long int\)1\] == f8 THEN GOTO [0-9]$
-^\s*IF container_ptr->fp_tbl\[\(signed long int\)1\] == f9 THEN GOTO [0-9]$
+^\s*IF container_ptr->fp_tbl\[\(signed (long )*long int\)1\] == f1 THEN GOTO [0-9]$
+^\s*IF container_ptr->fp_tbl\[\(signed (long )*long int\)1\] == f2 THEN GOTO [0-9]$
+^\s*IF container_ptr->fp_tbl\[\(signed (long )*long int\)1\] == f3 THEN GOTO [0-9]$
+^\s*IF container_ptr->fp_tbl\[\(signed (long )*long int\)1\] == f4 THEN GOTO [0-9]$
+^\s*IF container_ptr->fp_tbl\[\(signed (long )*long int\)1\] == f5 THEN GOTO [0-9]$
+^\s*IF container_ptr->fp_tbl\[\(signed (long )*long int\)1\] == f6 THEN GOTO [0-9]$
+^\s*IF container_ptr->fp_tbl\[\(signed (long )*long int\)1\] == f7 THEN GOTO [0-9]$
+^\s*IF container_ptr->fp_tbl\[\(signed (long )*long int\)1\] == f8 THEN GOTO [0-9]$
+^\s*IF container_ptr->fp_tbl\[\(signed (long )*long int\)1\] == f9 THEN GOTO [0-9]$
 ^SIGNAL=0$
 --
 ^warning: ignoring
diff --git a/regression/goto-instrument/approx-array-variable-const-fp-only-remove-const/test.desc b/regression/goto-instrument/approx-array-variable-const-fp-only-remove-const/test.desc
index 83e4f545415..bc553fa5a0f 100644
--- a/regression/goto-instrument/approx-array-variable-const-fp-only-remove-const/test.desc
+++ b/regression/goto-instrument/approx-array-variable-const-fp-only-remove-const/test.desc
@@ -1,15 +1,15 @@
 CORE
 main.c
 --verbosity 10 --pointer-check --remove-const-function-pointers
-^\s*IF fp_tbl\[\(signed long int\)i\] == f2 THEN GOTO [0-9]$
-^\s*IF fp_tbl\[\(signed long int\)i\] == f3 THEN GOTO [0-9]$
-^\s*IF fp_tbl\[\(signed long int\)i\] == f4 THEN GOTO [0-9]$
+^\s*IF fp_tbl\[\(signed (long )*long int\)i\] == f2 THEN GOTO [0-9]$
+^\s*IF fp_tbl\[\(signed (long )*long int\)i\] == f3 THEN GOTO [0-9]$
+^\s*IF fp_tbl\[\(signed (long )*long int\)i\] == f4 THEN GOTO [0-9]$
 ^SIGNAL=0$
 --
-^\s*IF fp_tbl\[\(signed long int\)i\] == f1 THEN GOTO [0-9]$
-^\s*IF fp_tbl\[\(signed long int\)i\] == f5 THEN GOTO [0-9]$
-^\s*IF fp_tbl\[\(signed long int\)i\] == f6 THEN GOTO [0-9]$
-^\s*IF fp_tbl\[\(signed long int\)i\] == f7 THEN GOTO [0-9]$
-^\s*IF fp_tbl\[\(signed long int\)i\] == f8 THEN GOTO [0-9]$
-^\s*IF fp_tbl\[\(signed long int\)i\] == f9 THEN GOTO [0-9]$
+^\s*IF fp_tbl\[\(signed (long )*long int\)i\] == f1 THEN GOTO [0-9]$
+^\s*IF fp_tbl\[\(signed (long )*long int\)i\] == f5 THEN GOTO [0-9]$
+^\s*IF fp_tbl\[\(signed (long )*long int\)i\] == f6 THEN GOTO [0-9]$
+^\s*IF fp_tbl\[\(signed (long )*long int\)i\] == f7 THEN GOTO [0-9]$
+^\s*IF fp_tbl\[\(signed (long )*long int\)i\] == f8 THEN GOTO [0-9]$
+^\s*IF fp_tbl\[\(signed (long )*long int\)i\] == f9 THEN GOTO [0-9]$
 ^warning: ignoring
diff --git a/regression/goto-instrument/approx-array-variable-const-fp-remove-all-fp/test.desc b/regression/goto-instrument/approx-array-variable-const-fp-remove-all-fp/test.desc
index 35ed94ae046..e9ede02a296 100644
--- a/regression/goto-instrument/approx-array-variable-const-fp-remove-all-fp/test.desc
+++ b/regression/goto-instrument/approx-array-variable-const-fp-remove-all-fp/test.desc
@@ -1,15 +1,15 @@
 CORE
 main.c
 --verbosity 10 --pointer-check --remove-function-pointers
-^\s*IF fp_tbl\[\(signed long int\)i\] == f2 THEN GOTO [0-9]$
-^\s*IF fp_tbl\[\(signed long int\)i\] == f3 THEN GOTO [0-9]$
-^\s*IF fp_tbl\[\(signed long int\)i\] == f4 THEN GOTO [0-9]$
+^\s*IF fp_tbl\[\(signed (long )*long int\)i\] == f2 THEN GOTO [0-9]$
+^\s*IF fp_tbl\[\(signed (long )*long int\)i\] == f3 THEN GOTO [0-9]$
+^\s*IF fp_tbl\[\(signed (long )*long int\)i\] == f4 THEN GOTO [0-9]$
 ^SIGNAL=0$
 --
-^\s*IF fp_tbl\[\(signed long int\)i\] == f1 THEN GOTO [0-9]$
-^\s*IF fp_tbl\[\(signed long int\)i\] == f5 THEN GOTO [0-9]$
-^\s*IF fp_tbl\[\(signed long int\)i\] == f6 THEN GOTO [0-9]$
-^\s*IF fp_tbl\[\(signed long int\)i\] == f7 THEN GOTO [0-9]$
-^\s*IF fp_tbl\[\(signed long int\)i\] == f8 THEN GOTO [0-9]$
-^\s*IF fp_tbl\[\(signed long int\)i\] == f9 THEN GOTO [0-9]$
+^\s*IF fp_tbl\[\(signed (long )*long int\)i\] == f1 THEN GOTO [0-9]$
+^\s*IF fp_tbl\[\(signed (long )*long int\)i\] == f5 THEN GOTO [0-9]$
+^\s*IF fp_tbl\[\(signed (long )*long int\)i\] == f6 THEN GOTO [0-9]$
+^\s*IF fp_tbl\[\(signed (long )*long int\)i\] == f7 THEN GOTO [0-9]$
+^\s*IF fp_tbl\[\(signed (long )*long int\)i\] == f8 THEN GOTO [0-9]$
+^\s*IF fp_tbl\[\(signed (long )*long int\)i\] == f9 THEN GOTO [0-9]$
 ^warning: ignoring

From a2f4ab3bfaf1a35e1674addaf6d1c0ead07b00ed Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Fri, 7 Apr 2017 15:49:55 +0100
Subject: [PATCH 164/699] Coverage (branch mode): add missing
 is-current-function test (#781)

With `--cover-function-only`, all coverage tests should be conditional on
the function containing the target matching `--function`; however this particular
case got missed out.
---
 src/goto-instrument/cover.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/goto-instrument/cover.cpp b/src/goto-instrument/cover.cpp
index 3c69cd3efef..4d599fafef3 100644
--- a/src/goto-instrument/cover.cpp
+++ b/src/goto-instrument/cover.cpp
@@ -1411,7 +1411,7 @@ void instrument_cover_goals(
         t->source_location.set_function(i_it->function);
       }
 
-      if(i_it->is_goto() && !i_it->guard.is_true())
+      if(i_it->is_goto() && !i_it->guard.is_true() && cover_curr_function)
       {
         std::string b=std::to_string(basic_blocks[i_it]);
         std::string true_comment=

From 158d950226593765e68959574b4138d2c1f544e1 Mon Sep 17 00:00:00 2001
From: Vojtech Forejt <forejtv@gmail.com>
Date: Fri, 7 Apr 2017 16:16:40 +0100
Subject: [PATCH 165/699] Speed up OSX builds on Travis.

Do not autoupdate Homebrew, and limit cache size to 1G.
---
 .travis.yml | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index 54078b93f76..a2396927dab 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -24,8 +24,9 @@ matrix:
       before_install:
           #we create symlink to non-ccache gcc, to be used in tests
         - mkdir bin ; ln -s /usr/bin/gcc bin/gcc
-        - brew install ccache
+        - HOMEBREW_NO_AUTO_UPDATE=1 brew install ccache
         - export PATH=/usr/local/opt/ccache/libexec:$PATH
+        - ccache -M 1G
       env: COMPILER=g++
 
     # OS X using clang++
@@ -34,11 +35,12 @@ matrix:
       compiler: clang
       cache: ccache
       before_install:
-        - brew install ccache
+        - HOMEBREW_NO_AUTO_UPDATE=1 brew install ccache
         - export PATH=/usr/local/opt/ccache/libexec:$PATH
       env:
         - COMPILER="ccache clang++ -Qunused-arguments -fcolor-diagnostics"
         - CCACHE_CPP2=yes
+        - ccache -M 1G
 
     # Ubuntu Linux with glibc using g++-5
     - os: linux

From 46151843eb88fba6ef5243da2d23441ff510bdae Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Mon, 10 Apr 2017 10:48:47 +0100
Subject: [PATCH 166/699] Restore array skip-initialize flag

This allows a java-new-array instruction to indicate that the array
will be completely initialized immediately afterwards, and therefore
the zero-init instruction can be omitted. The nondet object factory
currently uses this to note that it will non-det initialize the whole
array.
---
 src/goto-programs/builtin_functions.cpp | 25 ++++++++++++++-----------
 1 file changed, 14 insertions(+), 11 deletions(-)

diff --git a/src/goto-programs/builtin_functions.cpp b/src/goto-programs/builtin_functions.cpp
index 359c25dc270..d5e27615d3d 100644
--- a/src/goto-programs/builtin_functions.cpp
+++ b/src/goto-programs/builtin_functions.cpp
@@ -837,17 +837,20 @@ void goto_convertt::do_java_new_array(
   t_p->source_location=location;
 
   // zero-initialize the data
-  exprt zero_element=
-    zero_initializer(
-      data.type().subtype(),
-      location,
-      ns,
-      get_message_handler());
-  codet array_set(ID_array_set);
-  array_set.copy_to_operands(data, zero_element);
-  goto_programt::targett t_d=dest.add_instruction(OTHER);
-  t_d->code=array_set;
-  t_d->source_location=location;
+  if(!rhs.get_bool(ID_skip_initialize))
+  {
+    exprt zero_element=
+      zero_initializer(
+        data.type().subtype(),
+        location,
+        ns,
+        get_message_handler());
+    codet array_set(ID_array_set);
+    array_set.copy_to_operands(data, zero_element);
+    goto_programt::targett t_d=dest.add_instruction(OTHER);
+    t_d->code=array_set;
+    t_d->source_location=location;
+  }
 
   // multi-dimensional?
 

From 44041aeff5ca8d2e69b4167222ed6dac86f0e009 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Mon, 10 Apr 2017 11:00:02 +0100
Subject: [PATCH 167/699] Allowing some options for string refinement

We allow setting the options refine-arrays, refine-arithmetic and
max-node-refinement options in the string solver.
Not setting the refine-arrays option can greatly improve performances.
---
 src/cbmc/cbmc_solvers.cpp | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/src/cbmc/cbmc_solvers.cpp b/src/cbmc/cbmc_solvers.cpp
index dace046cc17..b647ba17f52 100644
--- a/src/cbmc/cbmc_solvers.cpp
+++ b/src/cbmc/cbmc_solvers.cpp
@@ -242,6 +242,15 @@ cbmc_solverst::solvert* cbmc_solverst::get_string_refinement()
   if(options.get_bool_option("string-printable"))
     string_refinement->enforce_printable_characters();
 
+  if(options.get_option("max-node-refinement")!="")
+    string_refinement->max_node_refinement=
+      options.get_unsigned_int_option("max-node-refinement");
+
+  string_refinement->do_array_refinement=
+    options.get_bool_option("refine-arrays");
+  string_refinement->do_arithmetic_refinement=
+    options.get_bool_option("refine-arithmetic");
+
   return new solvert(string_refinement, prop);
 }
 

From 7e1b38208db2fa3cd646c04ffb43cf2942f4b3e3 Mon Sep 17 00:00:00 2001
From: Cristina <cristina.david@gmail.com>
Date: Mon, 10 Apr 2017 13:54:35 +0100
Subject: [PATCH 168/699] Set function member for class identifier assignment

---
 src/goto-programs/remove_instanceof.cpp | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/goto-programs/remove_instanceof.cpp b/src/goto-programs/remove_instanceof.cpp
index 3fc2699ef47..8e6c9f5de20 100644
--- a/src/goto-programs/remove_instanceof.cpp
+++ b/src/goto-programs/remove_instanceof.cpp
@@ -140,6 +140,7 @@ void remove_instanceoft::lower_instanceof(
     newinst->make_assignment();
     newinst->code=code_assignt(newsym.symbol_expr(), object_clsid);
     newinst->source_location=this_inst->source_location;
+    newinst->function=this_inst->function;
 
     // Insert the check instruction after the existing one.
     // This will briefly be ill-formed (use before def of

From 3cb035e4d6e441c85d8499db87049389a74b431e Mon Sep 17 00:00:00 2001
From: Peter Schrammel <peter.schrammel@diffblue.com>
Date: Tue, 11 Apr 2017 09:54:57 +0200
Subject: [PATCH 169/699] Fix style to silence cpplint

---
 src/java_bytecode/java_entry_point.cpp | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/src/java_bytecode/java_entry_point.cpp b/src/java_bytecode/java_entry_point.cpp
index e504441bae6..3e4de0cdea5 100644
--- a/src/java_bytecode/java_entry_point.cpp
+++ b/src/java_bytecode/java_entry_point.cpp
@@ -194,8 +194,7 @@ bool java_static_lifetime_init(
         {
           it->second.symbol_expr(),
           class_symbol.type.get_bool(ID_enumeration)
-        }
-      );
+        });
     }
   }
 

From 2fc6f099d5c5dba5e502dee5fa9ba0eedf36c396 Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Fri, 29 Jul 2016 15:41:47 +0100
Subject: [PATCH 170/699] Preserve true array type in Java -> GOTO conversion.
 Fixes #184.

Previously all object array allocations became a generic void** when
a Java-new operator was lowered into a CPP-new one. Now the type is
preserved and is therefore available in the symbol table to build an
appropriate source-level type during testcase generation.
---
 src/goto-programs/builtin_functions.cpp | 37 +++++++++++++++++++++++--
 1 file changed, 34 insertions(+), 3 deletions(-)

diff --git a/src/goto-programs/builtin_functions.cpp b/src/goto-programs/builtin_functions.cpp
index d5e27615d3d..63eb18ec549 100644
--- a/src/goto-programs/builtin_functions.cpp
+++ b/src/goto-programs/builtin_functions.cpp
@@ -830,10 +830,41 @@ void goto_convertt::do_java_new_array(
     deref,
     struct_type.components()[2].get_name(),
     struct_type.components()[2].type());
-  side_effect_exprt data_cpp_new_expr(ID_cpp_new_array, data.type());
+
+  // Allocate a (struct realtype**) instead of a (void**) if possible.
+  const irept &given_element_type=object_type.find(ID_C_element_type);
+  typet allocate_data_type;
+  exprt cast_data_member;
+  if(given_element_type.is_not_nil())
+  {
+    allocate_data_type=
+      pointer_typet(static_cast<const typet &>(given_element_type));
+  }
+  else
+    allocate_data_type=data.type();
+
+  side_effect_exprt data_cpp_new_expr(ID_cpp_new_array, allocate_data_type);
   data_cpp_new_expr.set(ID_size, rhs.op0());
+
+  // Must directly assign the new array to a temporary
+  // because goto-symex will notice `x=side_effect_exprt` but not
+  // `x=typecast_exprt(side_effect_exprt(...))`
+  symbol_exprt new_array_data_symbol=
+    new_tmp_symbol(
+      data_cpp_new_expr.type(),
+      "new_array_data",
+      dest,
+      location)
+    .symbol_expr();
+  goto_programt::targett t_p2=dest.add_instruction(ASSIGN);
+  t_p2->code=code_assignt(new_array_data_symbol, data_cpp_new_expr);
+  t_p2->source_location=location;
+
   goto_programt::targett t_p=dest.add_instruction(ASSIGN);
-  t_p->code=code_assignt(data, data_cpp_new_expr);
+  exprt cast_cpp_new=new_array_data_symbol;
+  if(cast_cpp_new.type()!=data.type())
+    cast_cpp_new=typecast_exprt(cast_cpp_new, data.type());
+  t_p->code=code_assignt(data, cast_cpp_new);
   t_p->source_location=location;
 
   // zero-initialize the data
@@ -846,7 +877,7 @@ void goto_convertt::do_java_new_array(
         ns,
         get_message_handler());
     codet array_set(ID_array_set);
-    array_set.copy_to_operands(data, zero_element);
+    array_set.copy_to_operands(new_array_data_symbol, zero_element);
     goto_programt::targett t_d=dest.add_instruction(OTHER);
     t_d->code=array_set;
     t_d->source_location=location;

From 5851f63744022be7c86f4b9c235182c33d6ffb24 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Mon, 20 Mar 2017 10:09:47 +0000
Subject: [PATCH 171/699] Order string functions in alphabetical order

---
 .../string_refine_preprocess.cpp              | 287 ++++++++++--------
 1 file changed, 163 insertions(+), 124 deletions(-)

diff --git a/src/goto-programs/string_refine_preprocess.cpp b/src/goto-programs/string_refine_preprocess.cpp
index 8b491bab0ab..f616cd9124f 100644
--- a/src/goto-programs/string_refine_preprocess.cpp
+++ b/src/goto-programs/string_refine_preprocess.cpp
@@ -1116,14 +1116,54 @@ Function: string_refine_preprocesst::initialize_string_function_table
 
 void string_refine_preprocesst::initialize_string_function_table()
 {
+  // String library
+  string_function_calls
+    ["java::java.lang.String.<init>:(Ljava/lang/String;)V"]=
+    ID_cprover_string_copy_func;
+  string_function_calls
+    ["java::java.lang.String.<init>:(Ljava/lang/StringBuilder;)V"]=
+    ID_cprover_string_copy_func;
+  string_function_calls["java::java.lang.String.<init>:([C)V"]=
+    ID_cprover_string_copy_func;
+  string_function_calls["java::java.lang.String.<init>:([CII)V"]=
+    ID_cprover_string_copy_func;
+  string_function_calls["java::java.lang.String.<init>:()V"]=
+    ID_cprover_string_empty_string_func;
+  // Not supported java.lang.String.<init>:(Ljava/lang/StringBuffer;)
+
+  string_functions["java::java.lang.String.charAt:(I)C"]=
+    ID_cprover_string_char_at_func;
   string_functions["java::java.lang.String.codePointAt:(I)I"]=
     ID_cprover_string_code_point_at_func;
   string_functions["java::java.lang.String.codePointBefore:(I)I"]=
     ID_cprover_string_code_point_before_func;
   string_functions["java::java.lang.String.codePointCount:(II)I"]=
     ID_cprover_string_code_point_count_func;
-  string_functions["java::java.lang.String.offsetByCodePoints:(II)I"]=
-    ID_cprover_string_offset_by_code_point_func;
+  string_functions["java::java.lang.String.compareTo:(Ljava/lang/String;)I"]=
+    ID_cprover_string_compare_to_func;
+  // Not supported "java.lang.String.contentEquals"
+  string_functions
+    ["java::java.lang.String.concat:(Ljava/lang/String;)Ljava/lang/String;"]=
+    ID_cprover_string_concat_func;
+  string_functions
+    ["java::java.lang.String.contains:(Ljava/lang/CharSequence;)Z"]=
+    ID_cprover_string_contains_func;
+  string_functions
+    ["java::java.lang.String.copyValueOf:([CII)Ljava/lang/String;"]=
+    ID_cprover_string_copy_func;
+  string_functions
+    ["java::java.lang.String.copyValueOf:([C)Ljava/lang/String;"]=
+    ID_cprover_string_copy_func;
+  string_functions["java::java.lang.String.endsWith:(Ljava/lang/String;)Z"]=
+    ID_cprover_string_endswith_func;
+  string_functions["java::java.lang.String.equals:(Ljava/lang/Object;)Z"]=
+    ID_cprover_string_equal_func;
+  string_functions
+    ["java::java.lang.String.equalsIgnoreCase:(Ljava/lang/String;)Z"]=
+    ID_cprover_string_equals_ignore_case_func;
+  // Not supported "java.lang.String.format"
+  // Not supported "java.lang.String.getBytes"
+  // Not supported "java.lang.String.getChars"
   string_functions["java::java.lang.String.hashCode:()I"]=
     ID_cprover_string_hash_code_func;
   string_functions["java::java.lang.String.indexOf:(I)I"]=
@@ -1134,6 +1174,10 @@ void string_refine_preprocesst::initialize_string_function_table()
     ID_cprover_string_index_of_func;
   string_functions["java::java.lang.String.indexOf:(Ljava/lang/String;I)I"]=
     ID_cprover_string_index_of_func;
+  string_functions["java::java.lang.String.intern:()Ljava/lang/String;"]=
+    ID_cprover_string_intern_func;
+  string_functions["java::java.lang.String.isEmpty:()Z"]=
+    ID_cprover_string_is_empty_func;
   string_functions["java::java.lang.String.lastIndexOf:(I)I"]=
     ID_cprover_string_last_index_of_func;
   string_functions["java::java.lang.String.lastIndexOf:(II)I"]=
@@ -1144,188 +1188,182 @@ void string_refine_preprocesst::initialize_string_function_table()
   string_functions
     ["java::java.lang.String.lastIndexOf:(Ljava/lang/String;I)I"]=
     ID_cprover_string_last_index_of_func;
-  string_functions
-    ["java::java.lang.String.concat:(Ljava/lang/String;)Ljava/lang/String;"]=
-    ID_cprover_string_concat_func;
   string_functions["java::java.lang.String.length:()I"]=
     ID_cprover_string_length_func;
-  string_functions["java::java.lang.StringBuilder.length:()I"]=
-    ID_cprover_string_length_func;
-  string_functions["java::java.lang.String.equals:(Ljava/lang/Object;)Z"]=
-    ID_cprover_string_equal_func;
-  string_functions
-    ["java::java.lang.String.equalsIgnoreCase:(Ljava/lang/String;)Z"]=
-    ID_cprover_string_equals_ignore_case_func;
+  // Not supported "java.lang.String.matches"
+  string_functions["java::java.lang.String.offsetByCodePoints:(II)I"]=
+    ID_cprover_string_offset_by_code_point_func;
+  // Not supported "java.lang.String.regionMatches"
+  string_functions["java::java.lang.String.replace:(CC)Ljava/lang/String;"]=
+    ID_cprover_string_replace_func;
+  // Not supported "java.lang.String.replace:(LCharSequence;LCharSequence)"
+  // Not supported "java.lang.String.replaceAll"
+  // Not supported "java.lang.String.replaceFirst"
+  // Not supported "java.lang.String.split"
   string_functions["java::java.lang.String.startsWith:(Ljava/lang/String;)Z"]=
     ID_cprover_string_startswith_func;
   string_functions
     ["java::java.lang.String.startsWith:(Ljava/lang/String;I)Z"]=
     ID_cprover_string_startswith_func;
-  string_functions["java::java.lang.String.endsWith:(Ljava/lang/String;)Z"]=
-    ID_cprover_string_endswith_func;
-  string_functions["java::java.lang.String.substring:(II)Ljava/lang/String;"]=
-    ID_cprover_string_substring_func;
+  string_functions
+    ["java::java.lang.String.subSequence:(II)Ljava/lang/CharSequence;"]=
+   ID_cprover_string_substring_func;
   string_functions["java::java.lang.String.substring:(II)Ljava/lang/String;"]=
     ID_cprover_string_substring_func;
   string_functions["java::java.lang.String.substring:(I)Ljava/lang/String;"]=
     ID_cprover_string_substring_func;
-  string_functions
-    ["java::java.lang.StringBuilder.substring:(II)Ljava/lang/String;"]=
-    ID_cprover_string_substring_func;
-  string_functions
-    ["java::java.lang.StringBuilder.substring:(I)Ljava/lang/String;"]=
-    ID_cprover_string_substring_func;
-  string_functions
-    ["java::java.lang.String.subSequence:(II)Ljava/lang/CharSequence;"]=
-    ID_cprover_string_substring_func;
-  string_functions["java::java.lang.String.trim:()Ljava/lang/String;"]=
-    ID_cprover_string_trim_func;
+  // "java.lang.String.toCharArray has a special treatment in the
+  // replace_string_calls function
   string_functions["java::java.lang.String.toLowerCase:()Ljava/lang/String;"]=
     ID_cprover_string_to_lower_case_func;
+  // Not supported "java.lang.String.toLowerCase:(Locale)"
+  // Not supported "java.lang.String.toString:()"
   string_functions["java::java.lang.String.toUpperCase:()Ljava/lang/String;"]=
     ID_cprover_string_to_upper_case_func;
-  string_functions["java::java.lang.String.replace:(CC)Ljava/lang/String;"]=
-    ID_cprover_string_replace_func;
-  string_functions
-    ["java::java.lang.String.contains:(Ljava/lang/CharSequence;)Z"]=
-    ID_cprover_string_contains_func;
-  string_functions["java::java.lang.String.compareTo:(Ljava/lang/String;)I"]=
-    ID_cprover_string_compare_to_func;
-  string_functions["java::java.lang.String.intern:()Ljava/lang/String;"]=
-    ID_cprover_string_intern_func;
-  string_functions["java::java.lang.String.isEmpty:()Z"]=
-    ID_cprover_string_is_empty_func;
-  string_functions["java::java.lang.String.charAt:(I)C"]=
-    ID_cprover_string_char_at_func;
-  string_functions["java::java.lang.StringBuilder.charAt:(I)C"]=
-    ID_cprover_string_char_at_func;
-  string_functions["java::java.lang.CharSequence.charAt:(I)C"]=
-    ID_cprover_string_char_at_func;
-  string_functions
-    ["java::java.lang.StringBuilder.toString:()Ljava/lang/String;"]=
+  // Not supported "java.lang.String.toUpperCase:(Locale)"
+  string_functions["java::java.lang.String.trim:()Ljava/lang/String;"]=
+    ID_cprover_string_trim_func;
+  string_functions["java::java.lang.String.valueOf:(Z)Ljava/lang/String;"]=
+    ID_cprover_string_of_bool_func;
+  string_functions["java::java.lang.String.valueOf:(C)Ljava/lang/String;"]=
+    ID_cprover_string_of_char_func;
+  string_functions["java::java.lang.String.valueOf:([C)Ljava/lang/String;"]=
     ID_cprover_string_copy_func;
-
+  string_functions["java::java.lang.String.valueOf:([CII)Ljava/lang/String;"]=
+    ID_cprover_string_copy_func;
+  string_functions["java::java.lang.String.valueOf:(D)Ljava/lang/String;"]=
+    ID_cprover_string_of_double_func;
   string_functions["java::java.lang.String.valueOf:(F)Ljava/lang/String;"]=
     ID_cprover_string_of_float_func;
-  string_functions["java::java.lang.Float.toString:(F)Ljava/lang/String;"]=
-    ID_cprover_string_of_float_func;
-  string_functions["java::java.lang.Integer.toString:(I)Ljava/lang/String;"]=
-    ID_cprover_string_of_int_func;
   string_functions["java::java.lang.String.valueOf:(I)Ljava/lang/String;"]=
     ID_cprover_string_of_int_func;
-  string_functions["java::java.lang.Integer.toHexString:(I)Ljava/lang/String;"]=
-    ID_cprover_string_of_int_hex_func;
   string_functions["java::java.lang.String.valueOf:(L)Ljava/lang/String;"]=
     ID_cprover_string_of_long_func;
-  string_functions["java::java.lang.String.valueOf:(D)Ljava/lang/String;"]=
-    ID_cprover_string_of_double_func;
-  string_functions["java::java.lang.String.valueOf:(Z)Ljava/lang/String;"]=
-    ID_cprover_string_of_bool_func;
-  string_functions["java::java.lang.String.valueOf:(C)Ljava/lang/String;"]=
-    ID_cprover_string_of_char_func;
-  string_functions["java::java.lang.Integer.parseInt:(Ljava/lang/String;)I"]=
-    ID_cprover_string_parse_int_func;
+  // Not supported "java.lang.String.valueOf:(LObject;)"
+
+  // StringBuilder library
+  string_function_calls
+    ["java::java.lang.StringBuilder.<init>:(Ljava/lang/String;)V"]=
+    ID_cprover_string_copy_func;
+  string_function_calls["java::java.lang.StringBuilder.<init>:()V"]=
+    ID_cprover_string_empty_string_func;
 
-  side_effect_functions
-    ["java::java.lang.StringBuilder.append:(Ljava/lang/String;)"
-      "Ljava/lang/StringBuilder;"]=
-    ID_cprover_string_concat_func;
-  side_effect_functions["java::java.lang.StringBuilder.setCharAt:(IC)V"]=
-    ID_cprover_string_char_set_func;
-  side_effect_functions
-    ["java::java.lang.StringBuilder.append:(I)Ljava/lang/StringBuilder;"]=
-    ID_cprover_string_concat_int_func;
-  side_effect_functions
-    ["java::java.lang.StringBuilder.append:(J)Ljava/lang/StringBuilder;"]=
-    ID_cprover_string_concat_long_func;
   side_effect_functions
     ["java::java.lang.StringBuilder.append:(Z)Ljava/lang/StringBuilder;"]=
     ID_cprover_string_concat_bool_func;
   side_effect_functions
-    ["java::java.lang.StringBuilder.append:(C)Ljava/lang/StringBuilder;"]=
-    ID_cprover_string_concat_char_func;
+      ["java::java.lang.StringBuilder.append:(C)Ljava/lang/StringBuilder;"]=
+      ID_cprover_string_concat_char_func;
+  side_effect_functions
+    ["java::java.lang.StringBuilder.append:([C)"
+      "Ljava/lang/StringBuilder;"]=
+    ID_cprover_string_concat_func;
+  // Not supported: "java.lang.StringBuilder.append:([CII)"
+  // Not supported: "java.lang.StringBuilder.append:(LCharSequence;)"
   side_effect_functions
     ["java::java.lang.StringBuilder.append:(D)Ljava/lang/StringBuilder;"]=
     ID_cprover_string_concat_double_func;
   side_effect_functions
     ["java::java.lang.StringBuilder.append:(F)Ljava/lang/StringBuilder;"]=
     ID_cprover_string_concat_float_func;
+  side_effect_functions
+    ["java::java.lang.StringBuilder.append:(I)Ljava/lang/StringBuilder;"]=
+    ID_cprover_string_concat_int_func;
+  side_effect_functions
+    ["java::java.lang.StringBuilder.append:(J)Ljava/lang/StringBuilder;"]=
+    ID_cprover_string_concat_long_func;
+  // Not supported: "java.lang.StringBuilder.append:(LObject;)"
+  side_effect_functions
+    ["java::java.lang.StringBuilder.append:(Ljava/lang/String;)"
+      "Ljava/lang/StringBuilder;"]=
+    ID_cprover_string_concat_func;
   side_effect_functions
     ["java::java.lang.StringBuilder.appendCodePoint:(I)"
      "Ljava/lang/StringBuilder;"]=
     ID_cprover_string_concat_code_point_func;
+  // Not supported: "java.lang.StringBuilder.append:(Ljava/lang/StringBuffer;)"
+  // Not supported: "java.lang.StringBuilder.capacity:()"
+  string_functions["java::java.lang.StringBuilder.charAt:(I)C"]=
+    ID_cprover_string_char_at_func;
+  string_functions["java::java.lang.StringBuilder.codePointAt:(I)I"]=
+    ID_cprover_string_code_point_at_func;
+  string_functions["java::java.lang.StringBuilder.codePointBefore:(I)I"]=
+    ID_cprover_string_code_point_before_func;
+  string_functions["java::java.lang.StringBuilder.codePointCount:(II)I"]=
+    ID_cprover_string_code_point_count_func;
   side_effect_functions
     ["java::java.lang.StringBuilder.delete:(II)Ljava/lang/StringBuilder;"]=
     ID_cprover_string_delete_func;
   side_effect_functions
     ["java::java.lang.StringBuilder.deleteCharAt:(I)Ljava/lang/StringBuilder;"]=
     ID_cprover_string_delete_char_at_func;
+  // Not supported: "java.lang.StringBuilder.ensureCapacity:()"
+  // Not supported: "java.lang.StringBuilder.getChars:()"
+  // Not supported: "java.lang.StringBuilder.indexOf:()"
   side_effect_functions
-    ["java::java.lang.StringBuilder.insert:(ILjava/lang/String;)"
-     "Ljava/lang/StringBuilder;"]=
+    ["java::java.lang.StringBuilder.insert:(IZ)Ljava/lang/StringBuilder;"]=
+    ID_cprover_string_insert_bool_func;
+  side_effect_functions
+    ["java::java.lang.StringBuilder.insert:(IC)Ljava/lang/StringBuilder;"]=
+    ID_cprover_string_insert_char_func;
+  side_effect_functions
+    ["java::java.lang.StringBuilder.insert:(I[C)Ljava/lang/StringBuilder;"]=
     ID_cprover_string_insert_func;
+  side_effect_functions
+    ["java::java.lang.StringBuilder.insert:(I[CII)Ljava/lang/StringBuilder;"]=
+    ID_cprover_string_insert_func;
+  // Not supported "java.lang.StringBuilder.insert:(ILCharSequence;)"
+  // Not supported "java.lang.StringBuilder.insert:(ILCharSequence;II)"
+  // Not supported "java.lang.StringBuilder.insert:(ID)"
+  // Not supported "java.lang.StringBuilder.insert:(IF)"
   side_effect_functions
     ["java::java.lang.StringBuilder.insert:(II)Ljava/lang/StringBuilder;"]=
     ID_cprover_string_insert_int_func;
   side_effect_functions
     ["java::java.lang.StringBuilder.insert:(IJ)Ljava/lang/StringBuilder;"]=
     ID_cprover_string_insert_long_func;
+  // Not supported "java.lang.StringBuilder.insert:(ILObject;)"
   side_effect_functions
-    ["java::java.lang.StringBuilder.insert:(IC)Ljava/lang/StringBuilder;"]=
-    ID_cprover_string_insert_char_func;
-  side_effect_functions
-    ["java::java.lang.StringBuilder.insert:(IZ)Ljava/lang/StringBuilder;"]=
-    ID_cprover_string_insert_bool_func;
+    ["java::java.lang.StringBuilder.insert:(ILjava/lang/String;)"
+     "Ljava/lang/StringBuilder;"]=
+    ID_cprover_string_insert_func;
+  // Not supported "java.lang.StringBuilder.lastIndexOf"
+  string_functions["java::java.lang.StringBuilder.length:()I"]=
+    ID_cprover_string_length_func;
+  // Not supported "java.lang.StringBuilder.offsetByCodePoints"
+  // Not supported "java.lang.StringBuilder.replace"
+  // Not supported "java.lang.StringBuilder.reverse"
+  side_effect_functions["java::java.lang.StringBuilder.setCharAt:(IC)V"]=
+    ID_cprover_string_char_set_func;
   side_effect_functions
     ["java::java.lang.StringBuilder.setLength:(I)V"]=
     ID_cprover_string_set_length_func;
-
-
-
-  side_effect_functions
-    ["java::java.lang.StringBuilder.append:([C)"
-      "Ljava/lang/StringBuilder;"]=
-    ID_cprover_string_concat_func;
-  side_effect_functions
-    ["java::java.lang.StringBuilder.insert:(I[CII)Ljava/lang/StringBuilder;"]=
-    ID_cprover_string_insert_func;
-  side_effect_functions
-    ["java::java.lang.StringBuilder.insert:(I[C)Ljava/lang/StringBuilder;"]=
-    ID_cprover_string_insert_func;
-    // TODO clean irep ids from insert_char_array etc...
-
-  string_function_calls
-    ["java::java.lang.String.<init>:(Ljava/lang/String;)V"]=
-    ID_cprover_string_copy_func;
-  string_function_calls
-    ["java::java.lang.String.<init>:(Ljava/lang/StringBuilder;)V"]=
-    ID_cprover_string_copy_func;
-  string_function_calls
-    ["java::java.lang.StringBuilder.<init>:(Ljava/lang/String;)V"]=
-    ID_cprover_string_copy_func;
-  string_function_calls["java::java.lang.String.<init>:()V"]=
-    ID_cprover_string_empty_string_func;
-  string_function_calls["java::java.lang.StringBuilder.<init>:()V"]=
-    ID_cprover_string_empty_string_func;
-
-  string_function_calls["java::java.lang.String.<init>:([C)V"]=
-    ID_cprover_string_copy_func;
-  string_function_calls["java::java.lang.String.<init>:([CII)V"]=
-    ID_cprover_string_copy_func;
-
+  // Not supported "java.lang.StringBuilder.subSequence"
   string_functions
-    ["java::java.lang.String.valueOf:([CII)Ljava/lang/String;"]=
-    ID_cprover_string_copy_func;
-  string_functions
-    ["java::java.lang.String.valueOf:([C)Ljava/lang/String;"]=
-    ID_cprover_string_copy_func;
+    ["java::java.lang.StringBuilder.substring:(II)Ljava/lang/String;"]=
+    ID_cprover_string_substring_func;
   string_functions
-    ["java::java.lang.String.copyValueOf:([CII)Ljava/lang/String;"]=
-    ID_cprover_string_copy_func;
+    ["java::java.lang.StringBuilder.substring:(I)Ljava/lang/String;"]=
+    ID_cprover_string_substring_func;
   string_functions
-    ["java::java.lang.String.copyValueOf:([C)Ljava/lang/String;"]=
+    ["java::java.lang.StringBuilder.toString:()Ljava/lang/String;"]=
     ID_cprover_string_copy_func;
+  // Not supported "java.lang.StringBuilder.trimToSize"
+  // TODO clean irep ids from insert_char_array etc...
+
+  // Other libraries
+  string_functions["java::java.lang.CharSequence.charAt:(I)C"]=
+    ID_cprover_string_char_at_func;
+  string_functions["java::java.lang.Float.toString:(F)Ljava/lang/String;"]=
+    ID_cprover_string_of_float_func;
+  string_functions["java::java.lang.Integer.toHexString:(I)Ljava/lang/String;"]=
+    ID_cprover_string_of_int_hex_func;
+  string_functions["java::java.lang.Integer.parseInt:(Ljava/lang/String;)I"]=
+    ID_cprover_string_parse_int_func;
+  string_functions["java::java.lang.Integer.toString:(I)Ljava/lang/String;"]=
+    ID_cprover_string_of_int_func;
 
+  // C functions
   c_string_functions["__CPROVER_uninterpreted_string_literal_func"]=
     ID_cprover_string_literal_func;
   c_string_functions["__CPROVER_uninterpreted_string_char_at_func"]=
@@ -1357,6 +1395,7 @@ void string_refine_preprocesst::initialize_string_function_table()
   c_string_functions["__CPROVER_uninterpreted_string_of_int_func"]=
     ID_cprover_string_of_int_func;
 
+  // Signatures
   signatures["java::java.lang.String.equals:(Ljava/lang/Object;)Z"]="SSZ";
   signatures["java::java.lang.String.contains:(Ljava/lang/CharSequence;)Z"]=
     "SSZ";

From 318ab8612592da2211b62a67b97fb8d88b29d74b Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Mon, 10 Apr 2017 17:02:51 +0100
Subject: [PATCH 172/699] Improve `class_typet`'s base description

This defines an exprt subclass representing a base class instead of
using a bare exprt, and enforces proper types when returning the base
list. It's the same shape as the existing exprt so old code doesn't need
adjusting, it just makes client code neater.
---
 src/cegis/cegis-util/type_helper.cpp |  6 ++---
 src/util/std_types.h                 | 33 ++++++++++++++++++----------
 2 files changed, 24 insertions(+), 15 deletions(-)

diff --git a/src/cegis/cegis-util/type_helper.cpp b/src/cegis/cegis-util/type_helper.cpp
index b20ea9d08e6..e60b597b3a0 100644
--- a/src/cegis/cegis-util/type_helper.cpp
+++ b/src/cegis/cegis-util/type_helper.cpp
@@ -34,10 +34,10 @@ bool instanceof(const typet &lhs, const typet &rhs, const namespacet &ns)
   if (type_eq(lhs, rhs, ns)) return true;
   assert(ID_class == lhs.id());
   const class_typet &lhs_class=to_class_type(lhs);
-  const irept::subt &bases=lhs_class.bases();
-  for (const irept &base : bases)
+  const class_typet::basest &bases=lhs_class.bases();
+  for(const exprt &base : bases)
   {
-    const typet &type=static_cast<const typet &>(base.find(ID_type));
+    const typet &type=base.type();
     if (instanceof(ns.follow(type), rhs, ns)) return true;
   }
   return false;
diff --git a/src/util/std_types.h b/src/util/std_types.h
index 02f4a3981a1..4b3ec6e698e 100644
--- a/src/util/std_types.h
+++ b/src/util/std_types.h
@@ -361,31 +361,40 @@ class class_typet:public struct_typet
     return is_class()?ID_private:ID_public;
   }
 
-  const irept::subt &bases() const
+  class baset:public exprt
   {
-    return find(ID_bases).get_sub();
+  public:
+    baset():exprt(ID_base)
+    {
+    }
+
+    explicit baset(const typet &base):exprt(ID_base, base)
+    {
+    }
+  };
+
+  typedef std::vector<baset> basest;
+
+  const basest &bases() const
+  {
+    return (const basest &)find(ID_bases).get_sub();
   }
 
-  irept::subt &bases()
+  basest &bases()
   {
-    return add(ID_bases).get_sub();
+    return (basest &)add(ID_bases).get_sub();
   }
 
   void add_base(const typet &base)
   {
-    bases().push_back(exprt(ID_base, base));
+    bases().push_back(baset(base));
   }
 
   bool has_base(const irep_idt &id) const
   {
-    const irept::subt &b=bases();
-
-    forall_irep(it, b)
+    for(const auto &b : bases())
     {
-      assert(it->id()==ID_base);
-      const irept &type=it->find(ID_type);
-      assert(type.id()==ID_symbol);
-      if(type.get(ID_identifier)==id)
+      if(to_symbol_type(b.type()).get(ID_identifier)==id)
         return true;
     }
 

From 668f30f0e31a0e2e96745084d52bf670acc02cf7 Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Mon, 10 Apr 2017 17:04:36 +0100
Subject: [PATCH 173/699] Always convert methods in two phases, even in eager
 mode

Previously in lazy mode we first converted all the method prototypes,
then later populated bodies, while in eager mode bodies were populated
as we went. Now we always use the former method, so eager mode is like
lazy mode except we then populate every method regardless of reachability.

This makes the process more uniform, and as a useful side-effect means
that the symbol table is populated by the time method conversion happens,
so we can check for static initialisers' existence or otherwise.
---
 .../java_bytecode_convert_class.cpp              | 16 +---------------
 src/java_bytecode/java_bytecode_language.cpp     | 14 ++++++++++++++
 2 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/src/java_bytecode/java_bytecode_convert_class.cpp b/src/java_bytecode/java_bytecode_convert_class.cpp
index 2926da79fc3..0990027e0a0 100644
--- a/src/java_bytecode/java_bytecode_convert_class.cpp
+++ b/src/java_bytecode/java_bytecode_convert_class.cpp
@@ -171,21 +171,7 @@ void java_bytecode_convert_classt::convert(const classt &c)
       method_identifier,
       method,
       symbol_table);
-    if(lazy_methods_mode==LAZY_METHODS_MODE_EAGER)
-    {
-      // Upgrade to a fully-realized symbol now:
-      java_bytecode_convert_method(
-        *class_symbol,
-        method,
-        symbol_table,
-        get_message_handler(),
-        max_array_length);
-    }
-    else
-    {
-      // Wait for our caller to decide what needs elaborating.
-      lazy_methods[method_identifier]=std::make_pair(class_symbol, &method);
-    }
+    lazy_methods[method_identifier]=std::make_pair(class_symbol, &method);
   }
 
   // is this a root class?
diff --git a/src/java_bytecode/java_bytecode_language.cpp b/src/java_bytecode/java_bytecode_language.cpp
index 43e6fac96c0..444208f0c87 100644
--- a/src/java_bytecode/java_bytecode_language.cpp
+++ b/src/java_bytecode/java_bytecode_language.cpp
@@ -542,6 +542,20 @@ bool java_bytecode_languaget::typecheck(
     if(do_ci_lazy_method_conversion(symbol_table, lazy_methods))
       return true;
   }
+  else if(lazy_methods_mode==LAZY_METHODS_MODE_EAGER)
+  {
+    // Simply elaborate all methods symbols now.
+    for(const auto &method_sig : lazy_methods)
+    {
+      java_bytecode_convert_method(
+        *method_sig.second.first,
+        *method_sig.second.second,
+        symbol_table,
+        get_message_handler(),
+        max_user_array_length);
+    }
+  }
+  // Otherwise our caller is in charge of elaborating methods on demand.
 
   // now typecheck all
   if(java_bytecode_typecheck(

From 85b1e4f4fa066876a37fa90f271cd37594982b92 Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Mon, 10 Apr 2017 17:07:10 +0100
Subject: [PATCH 174/699] Invoke static initializers on demand

Previously these were run from CPROVER_init; now they are run on demand,
using the same rules as the JVM (in brief, when `new` is called, or
a static field accessed, or a static method called).

This means that a faulting static initializer no longer blocks all coverage,
instead blocking only paths that would necessarily call the problematic initializer,
and initializers are called in the correct order, which they sometimes depend
upon (e.g. a class initializer assuming an enumeration initializer has run before
it uses the `.values()` method)

For details, see http://docs.oracle.com/javase/specs/jls/se8/html/jls-12.html#jls-12.4

This commit also amends the covered1 test, whose precise results I think
are still correct, but are perturbed by this change.
---
 regression/cbmc-java/covered1/test.desc       |   3 +-
 .../java_bytecode_convert_method.cpp          | 206 +++++++++++++++++-
 .../java_bytecode_convert_method_class.h      |   6 +
 src/java_bytecode/java_entry_point.cpp        |  57 -----
 4 files changed, 211 insertions(+), 61 deletions(-)

diff --git a/regression/cbmc-java/covered1/test.desc b/regression/cbmc-java/covered1/test.desc
index 32af766bdb7..6f78ed37e63 100644
--- a/regression/cbmc-java/covered1/test.desc
+++ b/regression/cbmc-java/covered1/test.desc
@@ -11,9 +11,8 @@ covered1.class
 .*\"coveredLines\": \"28\",$
 .*\"coveredLines\": \"28\",$
 .*\"coveredLines\": \"29\",$
-.*\"coveredLines\": \"9,18\",$
 .*\"coveredLines\": \"18\",$
 .*\"coveredLines\": \"18\",$
-.*\"coveredLines\": \"18,35\",$
+.*\"coveredLines\": \"35\",$
 --
 ^warning: ignoring
diff --git a/src/java_bytecode/java_bytecode_convert_method.cpp b/src/java_bytecode/java_bytecode_convert_method.cpp
index 4888810bd83..8d7d63c3c71 100644
--- a/src/java_bytecode/java_bytecode_convert_method.cpp
+++ b/src/java_bytecode/java_bytecode_convert_method.cpp
@@ -911,6 +911,174 @@ void java_bytecode_convert_methodt::check_static_field_stub(
 
 /*******************************************************************\
 
+Function: java_bytecode_convert_methodt::class_needs_clinit
+
+  Inputs: classname: Class name
+
+ Outputs: Returns true if the given class or one of its parents
+          has a static initializer
+
+ Purpose: Determine whether a `new` or static access against `classname`
+          should be prefixed with a static initialization check.
+
+\*******************************************************************/
+
+bool java_bytecode_convert_methodt::class_needs_clinit(
+  const irep_idt &classname)
+{
+  auto findit_any=any_superclass_has_clinit_method.insert({classname, false});
+  if(!findit_any.second)
+    return findit_any.first->second;
+
+  auto findit_here=class_has_clinit_method.insert({classname, false});
+  if(findit_here.second)
+  {
+    const irep_idt &clinit_name=id2string(classname)+".<clinit>:()V";
+    findit_here.first->second=symbol_table.symbols.count(clinit_name);
+  }
+  if(findit_here.first->second)
+  {
+    findit_any.first->second=true;
+    return true;
+  }
+  auto findit_symbol=symbol_table.symbols.find(classname);
+  // Stub class?
+  if(findit_symbol==symbol_table.symbols.end())
+  {
+    warning() << "SKIPPED: " << classname << eom;
+    return false;
+  }
+  const symbolt &class_symbol=symbol_table.lookup(classname);
+  for(const auto &base : to_class_type(class_symbol.type).bases())
+  {
+    if(class_needs_clinit(to_symbol_type(base.type()).get_identifier()))
+    {
+      findit_any.first->second=true;
+      return true;
+    }
+  }
+  return false;
+}
+
+/*******************************************************************\
+
+Function: java_bytecode_convert_methodt::get_or_create_clinit_wrapper
+
+  Inputs: classname: Class name
+
+ Outputs: Returns a symbol_exprt pointing to the given class' clinit
+          wrapper if one is required, or nil otherwise.
+
+ Purpose: Create a ::clinit_wrapper the first time a static initializer
+          might be called. The wrapper method checks whether static init
+          has already taken place, calls the actual <clinit> method if
+          not, and initializes super-classes and interfaces.
+
+\*******************************************************************/
+
+exprt java_bytecode_convert_methodt::get_or_create_clinit_wrapper(
+  const irep_idt &classname)
+{
+  if(!class_needs_clinit(classname))
+    return static_cast<const exprt &>(get_nil_irep());
+
+  const irep_idt &clinit_wrapper_name=
+    id2string(classname)+"::clinit_wrapper";
+  auto findit=symbol_table.symbols.find(clinit_wrapper_name);
+  if(findit!=symbol_table.symbols.end())
+    return findit->second.symbol_expr();
+
+  // Create the wrapper now:
+  const irep_idt &already_run_name=
+    id2string(classname)+"::clinit_already_run";
+  symbolt already_run_symbol;
+  already_run_symbol.name=already_run_name;
+  already_run_symbol.pretty_name=already_run_name;
+  already_run_symbol.base_name="clinit_already_run";
+  already_run_symbol.type=bool_typet();
+  already_run_symbol.value=false_exprt();
+  already_run_symbol.is_lvalue=true;
+  already_run_symbol.is_state_var=true;
+  already_run_symbol.is_static_lifetime=true;
+  already_run_symbol.mode=ID_java;
+  symbol_table.add(already_run_symbol);
+
+  equal_exprt check_already_run(
+    already_run_symbol.symbol_expr(),
+    false_exprt());
+
+  code_ifthenelset wrapper_body;
+  wrapper_body.cond()=check_already_run;
+  code_blockt init_body;
+  // Note already-run is set *before* calling clinit, in order to prevent
+  // recursion in clinit methods.
+  code_assignt set_already_run(already_run_symbol.symbol_expr(), true_exprt());
+  init_body.move_to_operands(set_already_run);
+  const irep_idt &real_clinit_name=id2string(classname)+".<clinit>:()V";
+  const symbolt &class_symbol=symbol_table.lookup(classname);
+
+  auto findsymit=symbol_table.symbols.find(real_clinit_name);
+  if(findsymit!=symbol_table.symbols.end())
+  {
+    code_function_callt call_real_init;
+    call_real_init.function()=findsymit->second.symbol_expr();
+    init_body.move_to_operands(call_real_init);
+  }
+
+  for(const auto &base : to_class_type(class_symbol.type).bases())
+  {
+    const auto base_name=to_symbol_type(base.type()).get_identifier();
+    exprt base_init_routine=get_or_create_clinit_wrapper(base_name);
+    if(base_init_routine.is_nil())
+      continue;
+    code_function_callt call_base;
+    call_base.function()=base_init_routine;
+    init_body.move_to_operands(call_base);
+  }
+
+  wrapper_body.then_case()=init_body;
+
+  symbolt wrapper_method_symbol;
+  code_typet wrapper_method_type;
+  wrapper_method_type.return_type()=void_typet();
+  wrapper_method_symbol.name=clinit_wrapper_name;
+  wrapper_method_symbol.pretty_name=clinit_wrapper_name;
+  wrapper_method_symbol.base_name="clinit_wrapper";
+  wrapper_method_symbol.type=wrapper_method_type;
+  wrapper_method_symbol.value=wrapper_body;
+  wrapper_method_symbol.mode=ID_java;
+  symbol_table.add(wrapper_method_symbol);
+  return wrapper_method_symbol.symbol_expr();
+}
+
+/*******************************************************************\
+
+Function: java_bytecode_convert_methodt::get_clinit_call
+
+  Inputs: classname: Class name
+
+ Outputs: Returns a function call to the given class' static initializer
+          wrapper if one is needed, or a skip instruction otherwise.
+
+ Purpose: Each static access to classname should be prefixed with a check
+          for necessary static init; this returns a call implementing
+          that check.
+
+\*******************************************************************/
+
+codet java_bytecode_convert_methodt::get_clinit_call(
+  const irep_idt &classname)
+{
+  exprt callee=get_or_create_clinit_wrapper(classname);
+  if(callee.is_nil())
+    return code_skipt();
+  code_function_callt ret;
+  ret.function()=callee;
+  return ret;
+}
+
+/*******************************************************************\
+
 Function: java_bytecode_convert_methodt::convert_instructions
 
   Inputs:
@@ -1378,6 +1546,18 @@ codet java_bytecode_convert_methodt::convert_instructions(
 
       call.function().add_source_location()=loc;
       c=call;
+
+      if(!use_this)
+      {
+        codet clinit_call=get_clinit_call(arg0.get(ID_C_class));
+        if(clinit_call.get_statement()!=ID_skip)
+        {
+          code_blockt ret_block;
+          ret_block.move_to_operands(clinit_call);
+          ret_block.move_to_operands(c);
+          c=std::move(ret_block);
+        }
+      }
     }
     else if(statement=="return")
     {
@@ -1916,9 +2096,14 @@ codet java_bytecode_convert_methodt::convert_instructions(
       }
       results[0]=java_bytecode_promotion(symbol_expr);
 
-      // set $assertionDisabled to false
-      if(field_name.find("$assertionsDisabled")!=std::string::npos)
+      codet clinit_call=get_clinit_call(arg0.get_string(ID_class));
+      if(clinit_call.get_statement()!=ID_skip)
+        c=clinit_call;
+      else if(field_name.find("$assertionsDisabled")!=std::string::npos)
+      {
+        // set $assertionDisabled to false
         c=code_assignt(symbol_expr, false_exprt());
+      }
     }
     else if(statement=="putfield")
     {
@@ -1937,6 +2122,14 @@ codet java_bytecode_convert_methodt::convert_instructions(
           to_symbol_type(arg0.type()).get_identifier());
       }
       c=code_assignt(symbol_expr, op[0]);
+      codet clinit_call=get_clinit_call(arg0.get_string(ID_class));
+      if(clinit_call.get_statement()!=ID_skip)
+      {
+        code_blockt ret_block;
+        ret_block.move_to_operands(clinit_call);
+        ret_block.move_to_operands(c);
+        c=std::move(ret_block);
+      }
     }
     else if(statement==patternt("?2?")) // i2c etc.
     {
@@ -1955,6 +2148,15 @@ codet java_bytecode_convert_methodt::convert_instructions(
 
       const exprt tmp=tmp_variable("new", ref_type);
       c=code_assignt(tmp, java_new_expr);
+      codet clinit_call=
+        get_clinit_call(to_symbol_type(arg0.type()).get_identifier());
+      if(clinit_call.get_statement()!=ID_skip)
+      {
+        code_blockt ret_block;
+        ret_block.move_to_operands(clinit_call);
+        ret_block.move_to_operands(c);
+        c=std::move(ret_block);
+      }
       results[0]=tmp;
     }
     else if(statement=="newarray" ||
diff --git a/src/java_bytecode/java_bytecode_convert_method_class.h b/src/java_bytecode/java_bytecode_convert_method_class.h
index d260b82bbc8..75cfacd222e 100644
--- a/src/java_bytecode/java_bytecode_convert_method_class.h
+++ b/src/java_bytecode/java_bytecode_convert_method_class.h
@@ -94,6 +94,8 @@ class java_bytecode_convert_methodt:public messaget
   expanding_vectort<variablest> variables;
   std::set<symbol_exprt> used_local_names;
   bool method_has_this;
+  std::map<irep_idt, bool> class_has_clinit_method;
+  std::map<irep_idt, bool> any_superclass_has_clinit_method;
 
   typedef enum instruction_sizet
   {
@@ -221,6 +223,10 @@ class java_bytecode_convert_methodt:public messaget
   void check_static_field_stub(
     const symbol_exprt &se,
     const irep_idt &basename);
+
+  bool class_needs_clinit(const irep_idt &classname);
+  exprt get_or_create_clinit_wrapper(const irep_idt &classname);
+  codet get_clinit_call(const irep_idt &classname);
 };
 
 #endif
diff --git a/src/java_bytecode/java_entry_point.cpp b/src/java_bytecode/java_entry_point.cpp
index 3e4de0cdea5..edac8f5cbb3 100644
--- a/src/java_bytecode/java_entry_point.cpp
+++ b/src/java_bytecode/java_entry_point.cpp
@@ -98,19 +98,6 @@ Function: java_static_lifetime_init
 
 \*******************************************************************/
 
-struct static_initializer_callt
-{
-  symbol_exprt initializer_symbol;
-  bool is_enum;
-};
-
-static bool static_initializer_call_enum_lt(
-  const static_initializer_callt &a,
-  const static_initializer_callt &b)
-{
-  return a.is_enum && !b.is_enum;
-}
-
 bool java_static_lifetime_init(
   symbol_tablet &symbol_table,
   const source_locationt &source_location,
@@ -169,50 +156,6 @@ bool java_static_lifetime_init(
     }
   }
 
-  // we now need to run all the <clinit> methods
-
-  std::vector<static_initializer_callt> clinits;
-
-  for(symbol_tablet::symbolst::const_iterator
-      it=symbol_table.symbols.begin();
-      it!=symbol_table.symbols.end();
-      it++)
-  {
-    if(it->second.base_name=="<clinit>" &&
-       it->second.type.id()==ID_code &&
-       it->second.mode==ID_java)
-    {
-      const irep_idt symbol_name=
-        it->second.symbol_expr().get_identifier();
-      const std::string &symbol_str=id2string(symbol_name);
-      const std::string suffix(".<clinit>:()V");
-      assert(has_suffix(symbol_str, suffix));
-      const std::string class_symbol_name=
-        symbol_str.substr(0, symbol_str.size()-suffix.size());
-      const symbolt &class_symbol=symbol_table.lookup(class_symbol_name);
-      clinits.push_back(
-        {
-          it->second.symbol_expr(),
-          class_symbol.type.get_bool(ID_enumeration)
-        });
-    }
-  }
-
-  // Call enumeration initialisers before anything else.
-  // Really we should be calling them the first time they're referenced,
-  // as acccording to the JVM spec, but this ought to do the trick for
-  // most cases with much less effort.
-  std::sort(clinits.begin(), clinits.end(), static_initializer_call_enum_lt);
-
-  for(const auto &clinit : clinits)
-  {
-    code_function_callt function_call;
-    function_call.lhs()=nil_exprt();
-    function_call.function()=clinit.initializer_symbol;
-    function_call.add_source_location()=source_location;
-    code_block.add(function_call);
-  }
-
   return false;
 }
 

From c631419022412f5e6dc210a24037e896bbba14d2 Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Mon, 10 Apr 2017 17:44:36 +0100
Subject: [PATCH 175/699] Add tests for static initialization order

These test mutually dependent static initializers, where the order
that fields are referenced in the source program dictate the results
of initialization.
---
 regression/cbmc-java/static_init1/A.class     | Bin 0 -> 314 bytes
 regression/cbmc-java/static_init1/B.class     | Bin 0 -> 314 bytes
 .../cbmc-java/static_init1/static_init.class  | Bin 0 -> 588 bytes
 .../cbmc-java/static_init1/static_init.java   |  32 ++++++++++++++++++
 regression/cbmc-java/static_init1/test.desc   |   8 +++++
 regression/cbmc-java/static_init2/A.class     | Bin 0 -> 314 bytes
 regression/cbmc-java/static_init2/B.class     | Bin 0 -> 314 bytes
 .../cbmc-java/static_init2/static_init.class  | Bin 0 -> 587 bytes
 .../cbmc-java/static_init2/static_init.java   |  32 ++++++++++++++++++
 regression/cbmc-java/static_init2/test.desc   |   8 +++++
 10 files changed, 80 insertions(+)
 create mode 100644 regression/cbmc-java/static_init1/A.class
 create mode 100644 regression/cbmc-java/static_init1/B.class
 create mode 100644 regression/cbmc-java/static_init1/static_init.class
 create mode 100644 regression/cbmc-java/static_init1/static_init.java
 create mode 100644 regression/cbmc-java/static_init1/test.desc
 create mode 100644 regression/cbmc-java/static_init2/A.class
 create mode 100644 regression/cbmc-java/static_init2/B.class
 create mode 100644 regression/cbmc-java/static_init2/static_init.class
 create mode 100644 regression/cbmc-java/static_init2/static_init.java
 create mode 100644 regression/cbmc-java/static_init2/test.desc

diff --git a/regression/cbmc-java/static_init1/A.class b/regression/cbmc-java/static_init1/A.class
new file mode 100644
index 0000000000000000000000000000000000000000..cc4eabe977212306c26ea2916185d25d0d4bfa6c
GIT binary patch
literal 314
zcmYL@%}T>i5QWbqY5r}~+NvADr9aSaToyqEK`3=$aVt0RBDcg8YAX6z+J)f42k@c9
zbA#w&?#z61&fNL>{`drNjGY)hx)ECFMc72&R{a2j09yiiW?V8}1pe4mralq4`v*4y
z?|gBm1)Yhh^mO%*>*Y-4B}q6g%3o!Cy;v;^ePJxm9&1&b;?~ZFbM>TB#7I&E2m@@V
zh!FClQwr^HRI2KJbd}F_Q4^nGk9YaJ*rAXXR*|(d1a=byDZ5=}VQwA1Lta@3Hu(At
kOlWBTNsk%^B;Fd%8{9R#e?uECZ5cdtxxGhehrNUB2bL%*e*gdg

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/static_init1/B.class b/regression/cbmc-java/static_init1/B.class
new file mode 100644
index 0000000000000000000000000000000000000000..448af9210504502e94f0a39aa6b8e6fe4f08eec5
GIT binary patch
literal 314
zcmYL@%Sr=55JhjzWS$w5_=<uLTpERB<1z>;2!iNBaVtGzBOS&G#EF>CO0p1K_yK-Y
z$n8;dQPowq&aJNR#pf4*6Ku!uu^M3w>k+)4v=Lx4KwBX1j4Q@O;P*{o%2R=R*m)4t
zE{0E9(7ZN<z8SxydUUVSoJ!cw@?SE(8;(brzBE>Ey_Tvp*`u9x2kK2Fh*1x)l^{Tv
zAVSEG&I#IKFIUBL?=~IitfYK~10Lt|Vuv7kR*|(-3hX8b5_Wrhg|Bz?0hzK8tT6kP
l*ruWJhaOiNP@ln>!}aE<{Tmu^Y1^T3m)rM=HrYF9EdiV)Dy{$k

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/static_init1/static_init.class b/regression/cbmc-java/static_init1/static_init.class
new file mode 100644
index 0000000000000000000000000000000000000000..92cc80f9170adfd67ea86c9d2c4ced1bf3fde393
GIT binary patch
literal 588
zcmYk3PjAye5XFD%*xA@|Y0^R)paoh2ZG%KFJywWPKtke=P!STnAjh%LmefJEgW#+5
zLT{Wg5|u!LJ0A)$Yubdv%y?(sym>SJ{pb5nV2fTrlSLn&j?YCd`CR_zmh5v$vmBsV
z)LaR;$~Dc3V!j*Yd6E@ol;-zM9`%RGK%w>(^=*@y;*O%WzVTAw?v4hDV)n5~lc(du
zev-YgU@06%CRNPr6;b^5N%ZbC-Pn$Yrv$;?Xq?5#Lu28syod@DzqYm82hsZ|<Q%gh
zAv2oQkn40cH$raGRdg(1a~P#>Hh0csKFG3BrfB}hqge}CXG7Sh4bS=qNnFS-J7OQi
z9*Nx(`zTvXVY@>)fMQ{g<R(i7lQFVRF_waCzt4)?v?(`Mt&SBcUp17~ExskMWr<3n
z*E>Odu|V45>s3-o^V|gb97if}tHe2Ct)%82(<yN!v`akin4qNYeWLjT{py6qFH7iD
zghAC@rzih$Ua~IEs;0sD3H??z654bAH-aOy`x&?P6=zCvrpgj{IN@EZ{X#Wk;V+`R
BW{>~?

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/static_init1/static_init.java b/regression/cbmc-java/static_init1/static_init.java
new file mode 100644
index 00000000000..778b6926fcc
--- /dev/null
+++ b/regression/cbmc-java/static_init1/static_init.java
@@ -0,0 +1,32 @@
+public class static_init {
+
+  // A should be initialised first, then B will begin init
+  // after A.x is set.
+  public static void main() {
+    assert(A.x == 1 && B.x == 1 && B.y == 2 && A.y == 2);
+  }
+
+}
+
+class A {
+
+  public static int x;
+  public static int y;
+  static {
+    x = 1;
+    y = B.y;
+  }
+
+}
+
+class B {
+
+  public static int x;
+  public static int y;
+  static {
+    x = A.x;
+    y = 2;
+
+  }
+
+}
diff --git a/regression/cbmc-java/static_init1/test.desc b/regression/cbmc-java/static_init1/test.desc
new file mode 100644
index 00000000000..30868289dae
--- /dev/null
+++ b/regression/cbmc-java/static_init1/test.desc
@@ -0,0 +1,8 @@
+CORE
+static_init.class
+
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION SUCCESSFUL$
+--
+^warning: ignoring
diff --git a/regression/cbmc-java/static_init2/A.class b/regression/cbmc-java/static_init2/A.class
new file mode 100644
index 0000000000000000000000000000000000000000..cc4eabe977212306c26ea2916185d25d0d4bfa6c
GIT binary patch
literal 314
zcmYL@%}T>i5QWbqY5r}~+NvADr9aSaToyqEK`3=$aVt0RBDcg8YAX6z+J)f42k@c9
zbA#w&?#z61&fNL>{`drNjGY)hx)ECFMc72&R{a2j09yiiW?V8}1pe4mralq4`v*4y
z?|gBm1)Yhh^mO%*>*Y-4B}q6g%3o!Cy;v;^ePJxm9&1&b;?~ZFbM>TB#7I&E2m@@V
zh!FClQwr^HRI2KJbd}F_Q4^nGk9YaJ*rAXXR*|(d1a=byDZ5=}VQwA1Lta@3Hu(At
kOlWBTNsk%^B;Fd%8{9R#e?uECZ5cdtxxGhehrNUB2bL%*e*gdg

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/static_init2/B.class b/regression/cbmc-java/static_init2/B.class
new file mode 100644
index 0000000000000000000000000000000000000000..448af9210504502e94f0a39aa6b8e6fe4f08eec5
GIT binary patch
literal 314
zcmYL@%Sr=55JhjzWS$w5_=<uLTpERB<1z>;2!iNBaVtGzBOS&G#EF>CO0p1K_yK-Y
z$n8;dQPowq&aJNR#pf4*6Ku!uu^M3w>k+)4v=Lx4KwBX1j4Q@O;P*{o%2R=R*m)4t
zE{0E9(7ZN<z8SxydUUVSoJ!cw@?SE(8;(brzBE>Ey_Tvp*`u9x2kK2Fh*1x)l^{Tv
zAVSEG&I#IKFIUBL?=~IitfYK~10Lt|Vuv7kR*|(-3hX8b5_Wrhg|Bz?0hzK8tT6kP
l*ruWJhaOiNP@ln>!}aE<{Tmu^Y1^T3m)rM=HrYF9EdiV)Dy{$k

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/static_init2/static_init.class b/regression/cbmc-java/static_init2/static_init.class
new file mode 100644
index 0000000000000000000000000000000000000000..6a0da38e0293aaadf5d826f54768613ea7e9b6e6
GIT binary patch
literal 587
zcmYk3PjAye5XFD%IN8{7Y1%>)XbXgf(&RudJywWPKtkf5RD?t?$Z=McOX?uoLGV%N
zsW;9TiAo^BoezbWwc3Qk%<j&-dGluW&)*-vfNlCd4O$)^ZI7#5vu?#>)!tTF(X9Ds
zTAJ%VH@K<kD3-cmmYFn<$4T}u&ceaS3>E4?QQL`=IKQW;Z1!F&+`aM8DCVEWiFrOb
z9+>o%1xw;Mj1$G&ejY~eo`vtv!}XnLbWY&!k0)tl9>*5m%<?dgqqjD9_bB`j23%r3
zAYe{&D`1^&z-_vk4Mp1mwnkxcxV3vB^HG|PQ$^!H9?hMAO?tvUD|j(DGEpwGJP`XR
z_C)NH*se@5gYAuE0gC0J$>P)ur)^}Md?E>%{(z3`v>`iI&9)UPw+hPY7T=WDnw(0`
zYX1!N)dE=%Un_%3iWjHQmpGDvet~nsMnT0rrB&coPiYoZ<>eLBKGXP#esf0sx8-w6
zKEJH3(UWgnlBkQ*(bTy-W#2A4!os5W9sdOFe!;DL!<ms>h_VD#oZ!Bdex>ZO{0}{f
BW_<tv

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/static_init2/static_init.java b/regression/cbmc-java/static_init2/static_init.java
new file mode 100644
index 00000000000..b0ec59c314e
--- /dev/null
+++ b/regression/cbmc-java/static_init2/static_init.java
@@ -0,0 +1,32 @@
+public class static_init {
+
+  // B will begin init first, but then begin A init before it
+  // has set B.y, leading to the unintuitive result given here.
+  public static void main() {
+    assert(B.x == 1 && B.y == 2 && A.x == 1 && A.y == 0);
+  }
+
+}
+
+class A {
+
+  public static int x;
+  public static int y;
+  static {
+    x = 1;
+    y = B.y;
+  }
+
+}
+
+class B {
+
+  public static int x;
+  public static int y;
+  static {
+    x = A.x;
+    y = 2;
+
+  }
+
+}
diff --git a/regression/cbmc-java/static_init2/test.desc b/regression/cbmc-java/static_init2/test.desc
new file mode 100644
index 00000000000..30868289dae
--- /dev/null
+++ b/regression/cbmc-java/static_init2/test.desc
@@ -0,0 +1,8 @@
+CORE
+static_init.class
+
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION SUCCESSFUL$
+--
+^warning: ignoring

From 03667afeaeefd13e8ea53c1e6f0bb4ab9344589f Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Mon, 27 Mar 2017 14:16:14 +0100
Subject: [PATCH 176/699] Make add_axioms_from_bool add concret constraints

Adding universal constraints was not working because the index set
wasn't updated for the created constants ("true" and "false").
Adding concrete constraints avoids this problem and is more efficient
than updating the index set.

For issue diffblue/test-gen#119
---
 .../string_constraint_generator_valueof.cpp   | 39 +++++++++----------
 1 file changed, 18 insertions(+), 21 deletions(-)

diff --git a/src/solvers/refinement/string_constraint_generator_valueof.cpp b/src/solvers/refinement/string_constraint_generator_valueof.cpp
index 10fe490259a..a472a73d344 100644
--- a/src/solvers/refinement/string_constraint_generator_valueof.cpp
+++ b/src/solvers/refinement/string_constraint_generator_valueof.cpp
@@ -228,42 +228,39 @@ string_exprt string_constraint_generatort::add_axioms_from_bool(
   const exprt &b, const refined_string_typet &ref_type)
 {
   string_exprt res=fresh_string(ref_type);
-  const typet &index_type=ref_type.get_index_type();
+  const typet &char_type=ref_type.get_char_type();
 
   assert(b.type()==bool_typet() || b.type().id()==ID_c_bool);
 
   typecast_exprt eq(b, bool_typet());
 
-  string_exprt true_string=add_axioms_for_constant("true", ref_type);
-  string_exprt false_string=add_axioms_for_constant("false", ref_type);
-
   // We add axioms:
   // a1 : eq => res = |"true"|
   // a2 : forall i < |"true"|. eq => res[i]="true"[i]
   // a3 : !eq => res = |"false"|
   // a4 : forall i < |"false"|. !eq => res[i]="false"[i]
 
-  implies_exprt a1(eq, res.axiom_for_has_same_length_as(true_string));
+  std::string str_true="true";
+  implies_exprt a1(eq, res.axiom_for_has_length(str_true.length()));
   axioms.push_back(a1);
-  symbol_exprt qvar=fresh_univ_index("QA_equal_true", index_type);
-  string_constraintt a2(
-    qvar,
-    true_string.length(),
-    eq,
-    equal_exprt(res[qvar], true_string[qvar]));
-  axioms.push_back(a2);
 
-  implies_exprt a3(
-    not_exprt(eq), res.axiom_for_has_same_length_as(false_string));
+  for(std::size_t i=0; i<str_true.length(); i++)
+  {
+    exprt chr=from_integer(str_true[i], char_type);
+    implies_exprt a2(eq, equal_exprt(res[i], chr));
+    axioms.push_back(a2);
+  }
+
+  std::string str_false="false";
+  implies_exprt a3(not_exprt(eq), res.axiom_for_has_length(str_false.length()));
   axioms.push_back(a3);
 
-  symbol_exprt qvar1=fresh_univ_index("QA_equal_false", index_type);
-  string_constraintt a4(
-    qvar,
-    false_string.length(),
-    not_exprt(eq),
-    equal_exprt(res[qvar1], false_string[qvar1]));
-  axioms.push_back(a4);
+  for(std::size_t i=0; i<str_false.length(); i++)
+  {
+    exprt chr=from_integer(str_false[i], char_type);
+    implies_exprt a4(not_exprt(eq), equal_exprt(res[i], chr));
+    axioms.push_back(a4);
+  }
 
   return res;
 }

From aaa56bb2128987d23f1e511c572afd23dd8df0e5 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Mon, 27 Mar 2017 14:20:18 +0100
Subject: [PATCH 177/699] Adding tests for issue diffblue/test-gen#119

---
 .../bug-test-gen-119-2/StringValueOfLong.class    | Bin 0 -> 685 bytes
 .../bug-test-gen-119-2/StringValueOfLong.java     |   9 +++++++++
 regression/strings/bug-test-gen-119-2/test.desc   |   7 +++++++
 .../bug-test-gen-119/StringValueOfBool.class      | Bin 0 -> 668 bytes
 .../bug-test-gen-119/StringValueOfBool.java       |  10 ++++++++++
 regression/strings/bug-test-gen-119/test.desc     |   7 +++++++
 6 files changed, 33 insertions(+)
 create mode 100644 regression/strings/bug-test-gen-119-2/StringValueOfLong.class
 create mode 100644 regression/strings/bug-test-gen-119-2/StringValueOfLong.java
 create mode 100644 regression/strings/bug-test-gen-119-2/test.desc
 create mode 100644 regression/strings/bug-test-gen-119/StringValueOfBool.class
 create mode 100644 regression/strings/bug-test-gen-119/StringValueOfBool.java
 create mode 100644 regression/strings/bug-test-gen-119/test.desc

diff --git a/regression/strings/bug-test-gen-119-2/StringValueOfLong.class b/regression/strings/bug-test-gen-119-2/StringValueOfLong.class
new file mode 100644
index 0000000000000000000000000000000000000000..821230a7f7f90189a889bb177f0407c5ee516cd8
GIT binary patch
literal 685
zcmZWnT~8B16g_vl+iACp{h(k`K~T^ZiD<$b#E+mpm;w)NNaStW4$a`QtNX!^=^yY}
zO~7cP@BR+|hQ>QvX*JHnojdoQbMBox^ZnQ7uK>2N;ljg$!@kum{eX*WxL)M#MgfcF
zuq1HPMF9%}%Pv-MOW-zPc2&l)iV__L@iQIEp05T3IwItEbfA+*gj}<ANU(Rqfg+UK
zI#B!RX-`F61Lnl3)B$0plgR$-J^3aJ3#<|fJAMC;hT93#sIOjV!<g?Rkq(B3(ofaF
zaXSo#_fO=R^iW2Hi5}K)$HNS+5K0dpOqPecXc8I*yXnhdxcT(5_2*F(Muh5r!U8Q1
z>$pd#Olb$b6V*@t35|&aaW-y>FxPz9YEL<1z&4LXy-lSb8^B-bvE+7(=T@GQc6}Z$
z-*=#59jU>jT^?1Ea)Kv&#4lkU4xmcI+?l-`SOpcfRX#29PP{wo7ohhBh#K2`79<og
zJArm#F&S8?!+N~*3HIIxI3v_IYWZ`B5lUZBcy)o|HzQ+ZGBw!jJ8bhT#b1MeNSz}^
v&`&Je0&^UgpH$e&ssh!Tdydiw!hQ!k_Yuxi@v<?a;=uBrnD(z`1slHshku1G

literal 0
HcmV?d00001

diff --git a/regression/strings/bug-test-gen-119-2/StringValueOfLong.java b/regression/strings/bug-test-gen-119-2/StringValueOfLong.java
new file mode 100644
index 00000000000..21f21cec9f7
--- /dev/null
+++ b/regression/strings/bug-test-gen-119-2/StringValueOfLong.java
@@ -0,0 +1,9 @@
+public class StringValueOfLong
+{
+    public static void main()
+    {
+        long longValue = 10000000000L; // L suffix indicates long
+        String tmp=String.valueOf(longValue);
+        assert tmp.equals("10000000000");
+    }
+}
diff --git a/regression/strings/bug-test-gen-119-2/test.desc b/regression/strings/bug-test-gen-119-2/test.desc
new file mode 100644
index 00000000000..5d5571785d4
--- /dev/null
+++ b/regression/strings/bug-test-gen-119-2/test.desc
@@ -0,0 +1,7 @@
+FUTURE
+StringValueOfLong.class
+--refine-strings
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION SUCCESSFUL$
+--
diff --git a/regression/strings/bug-test-gen-119/StringValueOfBool.class b/regression/strings/bug-test-gen-119/StringValueOfBool.class
new file mode 100644
index 0000000000000000000000000000000000000000..150b1840b6402137d3b111ff83722adeb7040d7f
GIT binary patch
literal 668
zcmZWmT~8B16g{`Q?QEBYe(+UMiYRJ}iM;SuLQuq~Dv2c|_HEh@WN_Kl{ou#+5BRJm
zKrqpF{}aSJTWK+7l9{=8&N*}D%<r44p8z(o?!v{QiyH0~;b6(ZeN#LTSawmsqCnln
z3LXlq5@y$A9IGhNVGzI8vF!P3K%g$6u%!c?Y!j?T^N?Wgh66<?wRNE0rKdd=9T+el
zoJt)KraOu3e|#%HWo>~+1ZS)7|J86iVH)+-8*La1og~u1@uBonwSV*~4E+};@=SV|
z#taiZJjR-bDR_kZk@REb;R&7+Y6i98%iwt9<*n(xC<-G&<v&S*XC4}863P?We(yx}
zlYd$xB0-#u>=5P~-DZ2j839@xi29te8w0p=Jd$iRIkD1&wCi)M{L+Dnb)*JkyBt!I
z@&RYs#VY@f%U?$2nt3hnEO3yR;km@sGOxsIe*FUU)c{fExsWvpMO4Pn_sH=8R;<?2
zC35X=u!fj>UbWAWA7bhU3Lh>Yei@NmCQ^mX`#e{Ihl4uHRk>3HU87C{v)r5;>u+Xv
h0+p(Bj^Yr){sP<j4r`)#Ys;vxuD4^%&u14d`~f_LgFXNN

literal 0
HcmV?d00001

diff --git a/regression/strings/bug-test-gen-119/StringValueOfBool.java b/regression/strings/bug-test-gen-119/StringValueOfBool.java
new file mode 100644
index 00000000000..0452785fede
--- /dev/null
+++ b/regression/strings/bug-test-gen-119/StringValueOfBool.java
@@ -0,0 +1,10 @@
+public class StringValueOfBool
+{
+    public static void main()
+    {
+        boolean booleanValue = false;
+
+        String tmp=String.valueOf(booleanValue);
+        assert tmp.equals("false");
+    }
+}
diff --git a/regression/strings/bug-test-gen-119/test.desc b/regression/strings/bug-test-gen-119/test.desc
new file mode 100644
index 00000000000..d2bcd586e25
--- /dev/null
+++ b/regression/strings/bug-test-gen-119/test.desc
@@ -0,0 +1,7 @@
+FUTURE
+StringValueOfBool.class
+--refine-strings
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION SUCCESSFUL$
+--

From 621f366fff3af341ae95a8f128504f56905d86c3 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Mon, 27 Mar 2017 14:27:36 +0100
Subject: [PATCH 178/699] Correct a mistake in the signature for String.valueOf

In signature `J` is for long and not `L`.
For issur diffblue/test-gen#119
---
 src/goto-programs/string_refine_preprocess.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/goto-programs/string_refine_preprocess.cpp b/src/goto-programs/string_refine_preprocess.cpp
index f616cd9124f..f6e2b432c92 100644
--- a/src/goto-programs/string_refine_preprocess.cpp
+++ b/src/goto-programs/string_refine_preprocess.cpp
@@ -1237,7 +1237,7 @@ void string_refine_preprocesst::initialize_string_function_table()
     ID_cprover_string_of_float_func;
   string_functions["java::java.lang.String.valueOf:(I)Ljava/lang/String;"]=
     ID_cprover_string_of_int_func;
-  string_functions["java::java.lang.String.valueOf:(L)Ljava/lang/String;"]=
+  string_functions["java::java.lang.String.valueOf:(J)Ljava/lang/String;"]=
     ID_cprover_string_of_long_func;
   // Not supported "java.lang.String.valueOf:(LObject;)"
 

From 02f86978dbeaeeccda292403d0ee0ab019b7fe7e Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Wed, 5 Apr 2017 17:38:37 +0100
Subject: [PATCH 179/699] Adding overflow checks in the parsing of integer
 (#172)

This fixes diffblue/test-gen#172.

Clarifying number format check and correcting overflow checks.
This solves some issues related to the sign characters in string
representing numbers.
---
 .../string_constraint_generator_valueof.cpp   | 53 ++++++++++++++-----
 1 file changed, 41 insertions(+), 12 deletions(-)

diff --git a/src/solvers/refinement/string_constraint_generator_valueof.cpp b/src/solvers/refinement/string_constraint_generator_valueof.cpp
index 10fe490259a..769a356a540 100644
--- a/src/solvers/refinement/string_constraint_generator_valueof.cpp
+++ b/src/solvers/refinement/string_constraint_generator_valueof.cpp
@@ -642,25 +642,35 @@ exprt string_constraint_generatort::add_axioms_for_correct_number_format(
     binary_relation_exprt(chr, ID_ge, zero_char),
     binary_relation_exprt(chr, ID_le, nine_char));
 
+  // TODO: we should have implications in the other direction for correct
+  // correct => |str| > 0
+  exprt non_empty=str.axiom_for_is_longer_than(from_integer(1, index_type));
+  axioms.push_back(implies_exprt(correct, non_empty));
+
+  // correct => (str[0] = '+' or '-' || '0' <= str[0] <= '9')
   or_exprt correct_first(
     or_exprt(starts_with_minus, starts_with_plus), starts_with_digit);
-  exprt has_first=str.axiom_for_is_longer_than(from_integer(1, index_type));
-  implies_exprt a1(correct, and_exprt(has_first, correct_first));
-  axioms.push_back(a1);
+  axioms.push_back(implies_exprt(correct, correct_first));
 
-  exprt not_too_long=str.axiom_for_is_shorter_than(max_size);
-  axioms.push_back(not_too_long);
+  // correct => str[0]='+' or '-' ==> |str| > 1
+  implies_exprt contains_digit(
+    or_exprt(starts_with_minus, starts_with_plus),
+    str.axiom_for_is_longer_than(from_integer(2, index_type)));
+  axioms.push_back(implies_exprt(correct, contains_digit));
 
-  symbol_exprt qvar=fresh_univ_index("number_format", index_type);
+  // correct => |str| < max_size
+  axioms.push_back(
+    implies_exprt(correct, str.axiom_for_is_shorter_than(max_size)));
 
+  // forall 1 <= qvar < |str| . correct => '0'<= str[qvar] <= '9'
+  symbol_exprt qvar=fresh_univ_index("number_format", index_type);
   and_exprt is_digit(
     binary_relation_exprt(str[qvar], ID_ge, zero_char),
     binary_relation_exprt(str[qvar], ID_le, nine_char));
-
-  string_constraintt a2(
+  string_constraintt all_digits(
     qvar, from_integer(1, index_type), str.length(), correct, is_digit);
+  axioms.push_back(all_digits);
 
-  axioms.push_back(a2);
   return correct;
 }
 
@@ -706,10 +716,29 @@ exprt string_constraint_generatort::add_axioms_for_parse_int(
 
     for(unsigned j=1; j<size; j++)
     {
-      sum=plus_exprt(
-        mult_exprt(sum, ten),
+      mult_exprt ten_sum(sum, ten);
+      if(j>=9)
+      {
+        // We have to be careful about overflows
+        div_exprt div(sum, ten);
+        equal_exprt no_overflow(div, sum);
+        axioms.push_back(no_overflow);
+      }
+
+      sum=plus_exprt_with_overflow_check(
+        ten_sum,
         typecast_exprt(minus_exprt(str[j], zero_char), type));
-      first_value=mult_exprt(first_value, ten);
+
+      mult_exprt first(first_value, ten);
+      if(j>=9)
+      {
+        // We have to be careful about overflows
+        div_exprt div_first(first, ten);
+        implies_exprt no_overflow_first(
+          starts_with_digit, equal_exprt(div_first, first_value));
+        axioms.push_back(no_overflow_first);
+      }
+      first_value=first;
     }
 
     // If the length is `size`, we add axioms:

From f0004a5d2d825ef486bed8a6e1deb9f1ef3eda3d Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Thu, 6 Apr 2017 09:43:50 +0100
Subject: [PATCH 180/699] Corrections on generated axioms

Corrected axiom on positive length not added to axiom list

Added missing addition of default axioms in fresh string

Removing lemma that makes conditions too strong on strings

This was causing the verfication of several goal fail after the first
one is concretized.
Also added some debugging information.
---
 .../refinement/string_constraint_generator_main.cpp        | 6 ++++--
 src/solvers/refinement/string_refinement.cpp               | 7 ++++++-
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/src/solvers/refinement/string_constraint_generator_main.cpp b/src/solvers/refinement/string_constraint_generator_main.cpp
index c0a6efef0c1..85f79f8bcf6 100644
--- a/src/solvers/refinement/string_constraint_generator_main.cpp
+++ b/src/solvers/refinement/string_constraint_generator_main.cpp
@@ -177,6 +177,7 @@ string_exprt string_constraint_generatort::fresh_string(
   symbol_exprt content=fresh_symbol("string_content", type.get_content_type());
   string_exprt str(length, content, type);
   created_strings.insert(str);
+  add_default_axioms(str);
   return str;
 }
 
@@ -246,7 +247,7 @@ string_exprt string_constraint_generatort::convert_java_string_to_string_exprt(
 
 /*******************************************************************\
 
-Function: string_constraint_generatort::add_default_constraints
+Function: string_constraint_generatort::add_default_axioms
 
   Inputs:
     s - a string expression
@@ -267,7 +268,8 @@ Function: string_constraint_generatort::add_default_constraints
 void string_constraint_generatort::add_default_axioms(
   const string_exprt &s)
 {
-  s.axiom_for_is_longer_than(from_integer(0, s.length().type()));
+  axioms.push_back(
+    s.axiom_for_is_longer_than(from_integer(0, s.length().type())));
   if(max_string_length!=std::numeric_limits<size_t>::max())
     axioms.push_back(s.axiom_for_is_shorter_than(max_string_length));
 
diff --git a/src/solvers/refinement/string_refinement.cpp b/src/solvers/refinement/string_refinement.cpp
index 0ea7966ef61..bc5b2816522 100644
--- a/src/solvers/refinement/string_refinement.cpp
+++ b/src/solvers/refinement/string_refinement.cpp
@@ -332,7 +332,6 @@ void string_refinementt::concretize_string(const exprt &expr)
   {
     string_exprt str=to_string_expr(expr);
     exprt length=get(str.length());
-    add_lemma(equal_exprt(str.length(), length));
     exprt content=str.content();
     replace_expr(symbol_resolve, content);
     found_length[content]=length;
@@ -350,6 +349,7 @@ void string_refinementt::concretize_string(const exprt &expr)
       else
       {
         size_t concretize_limit=found_length.to_long();
+        assert(concretize_limit<=generator.max_string_length);
         concretize_limit=concretize_limit>generator.max_string_length?
               generator.max_string_length:concretize_limit;
         exprt content_expr=str.content();
@@ -596,7 +596,11 @@ decision_proceduret::resultt string_refinementt::dec_solve()
           do_concretizing=false;
         }
         else
+        {
+          debug() << "check_SAT: the model is correct and "
+                  << "does not need concretizing" << eom;
           return D_SATISFIABLE;
+        }
       }
 
       display_index_set();
@@ -611,6 +615,7 @@ decision_proceduret::resultt string_refinementt::dec_solve()
       }
       break;
     default:
+      debug() << "check_SAT: default return " << res << eom;
       return res;
     }
   }

From 94e9c647e222ce30f614253a4001e80102023491 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Fri, 7 Apr 2017 09:41:43 +0100
Subject: [PATCH 181/699] Various improvements in string refinement

Update documentation of the string refinement

Correct bounds in substitute_array_lists

adding debugging information

Fixing the manual setting of type in if expressions

When converting array accesses to if expressions, the check made on
the type for the case of unknown value was not done correctly and
could cause an assertion violation or a mismatch in types.
---
 src/solvers/refinement/string_refinement.cpp | 55 ++++++++++++++------
 1 file changed, 38 insertions(+), 17 deletions(-)

diff --git a/src/solvers/refinement/string_refinement.cpp b/src/solvers/refinement/string_refinement.cpp
index bc5b2816522..6cd090d4b1d 100644
--- a/src/solvers/refinement/string_refinement.cpp
+++ b/src/solvers/refinement/string_refinement.cpp
@@ -26,13 +26,12 @@ Author: Alberto Griggio, alberto.griggio@gmail.com
 
 Constructor: string_refinementt
 
-     Inputs: a namespace, a decision procedure, a bound on the number
-             of refinements and a boolean flag `concretize_result`
+     Inputs:
+       _ns - a namespace
+       _prop - a decision procedure
+       refinement_bound - a bound on the number of refinements
 
     Purpose: refinement_bound is a bound on the number of refinement allowed.
-             if `concretize_result` is set to true, at the end of the decision
-             procedure, the solver try to find a concrete value for each
-             character
 
 \*******************************************************************/
 
@@ -167,15 +166,17 @@ void string_refinementt::add_instantiations()
 
 Function: string_refinementt::add_symbol_to_symbol_map()
 
-  Inputs: a symbol and the expression to map it to
+  Inputs:
+    lhs - a symbol expression
+    rhs - an expression to map it to
 
  Purpose: keeps a map of symbols to expressions, such as none of the
           mapped values exist as a key
 
 \*******************************************************************/
 
-void string_refinementt::add_symbol_to_symbol_map
-(const exprt &lhs, const exprt &rhs)
+void string_refinementt::add_symbol_to_symbol_map(
+  const exprt &lhs, const exprt &rhs)
 {
   assert(lhs.id()==ID_symbol);
 
@@ -259,6 +260,21 @@ exprt string_refinementt::substitute_function_applications(exprt expr)
   return expr;
 }
 
+/*******************************************************************\
+
+Function: string_refinementt::is_char_array
+
+  Inputs:
+    type - a type
+
+ Outputs: true if the given type is an array of java characters
+
+ Purpose: distinguish char array from other types
+
+ TODO: this is only for java char array and does not work for other languages
+
+\*******************************************************************/
+
 bool string_refinementt::is_char_array(const typet &type) const
 {
   if(type.id()==ID_symbol)
@@ -269,9 +285,11 @@ bool string_refinementt::is_char_array(const typet &type) const
 
 /*******************************************************************\
 
-Function: string_refinementt::boolbv_set_equality_to_true
+Function: string_refinementt::add_axioms_for_string_assigns
 
-  Inputs: the lhs and rhs of an equality expression
+  Inputs:
+    lhs - left hand side of an equality expression
+    rhs - right and side of the equality
 
  Outputs: false if the lemmas were added successfully, true otherwise
 
@@ -279,8 +297,8 @@ Function: string_refinementt::boolbv_set_equality_to_true
 
 \*******************************************************************/
 
-bool string_refinementt::add_axioms_for_string_assigns(const exprt &lhs,
-                                                       const exprt &rhs)
+bool string_refinementt::add_axioms_for_string_assigns(
+  const exprt &lhs, const exprt &rhs)
 {
   if(is_char_array(rhs.type()))
   {
@@ -443,6 +461,8 @@ void string_refinementt::set_to(const exprt &expr, bool value)
     {
       debug() << "(sr::set_to) WARNING: ignoring "
               << from_expr(expr) << " [inconsistent types]" << eom;
+      debug() << "lhs has type: " << eq_expr.lhs().type().pretty(12) << eom;
+      debug() << "rhs has type: " << eq_expr.rhs().type().pretty(12) << eom;
       return;
     }
 
@@ -1037,16 +1057,17 @@ void string_refinementt::substitute_array_access(exprt &expr) const
     }
 
     auto op_it=++array_expr.operands().rbegin();
+
     for(size_t i=last_index-1;
         op_it!=array_expr.operands().rend(); ++op_it, --i)
     {
       equal_exprt equals(index_expr.index(), from_integer(i, java_int_type()));
-      ite=if_exprt(equals, *op_it, ite);
-      if(ite.type()!=char_type)
+      if(op_it->type()!=char_type)
       {
-        assert(ite.id()==ID_unknown);
-        ite.type()=char_type;
+        assert(op_it->id()==ID_unknown);
+        op_it->type()=char_type;
       }
+      ite=if_exprt(equals, *op_it, ite);
     }
     expr=ite;
   }
@@ -1752,7 +1773,7 @@ exprt string_refinementt::substitute_array_lists(exprt expr) const
                         expr.operands()[0],
                         expr.operands()[1]);
 
-    for(size_t i=2; i<expr.operands().size()/2; i++)
+    for(size_t i=1; i<expr.operands().size()/2; i++)
     {
       ret_expr=with_exprt(ret_expr,
                           expr.operands()[i*2],

From 11402daee9e1c19145f3567fd2f49a2778f3239c Mon Sep 17 00:00:00 2001
From: Owen Jones <owen.jones@diffblue.com>
Date: Wed, 12 Apr 2017 11:04:58 +0100
Subject: [PATCH 182/699] Assign variables for all parameters

The pointer code is well suited to handle all types, not just pointers,
with just a minor tweak for booleans.
---
 src/java_bytecode/java_object_factory.cpp | 71 +++++++++++------------
 1 file changed, 33 insertions(+), 38 deletions(-)

diff --git a/src/java_bytecode/java_object_factory.cpp b/src/java_bytecode/java_object_factory.cpp
index f806a6427cb..55dfc96931f 100644
--- a/src/java_bytecode/java_object_factory.cpp
+++ b/src/java_bytecode/java_object_factory.cpp
@@ -464,11 +464,20 @@ void java_object_factoryt::gen_nondet_init(
   }
   else
   {
-    side_effect_expr_nondett se=side_effect_expr_nondett(type);
+    code_assignt assign;
+    assign.lhs()=expr;
+    assign.add_source_location()=loc;
 
-    code_assignt code(expr, se);
-    code.add_source_location()=loc;
-    init_code.copy_to_operands(code);
+    if(type.id()==ID_c_bool)
+    {
+      assign.rhs()=get_nondet_bool(type);
+    }
+    else
+    {
+      assign.rhs()=side_effect_expr_nondett(type);
+    }
+
+    init_code.copy_to_operands(assign);
   }
 }
 
@@ -702,43 +711,29 @@ exprt object_factory(
   const source_locationt &loc,
   message_handlert &message_handler)
 {
-  if(type.id()==ID_pointer)
-  {
-    symbolt &aux_symbol=new_tmp_symbol(
-      symbol_table,
-      loc,
-      type);
-    aux_symbol.is_static_lifetime=true;
+  symbolt &aux_symbol=new_tmp_symbol(symbol_table, loc, type);
+  aux_symbol.is_static_lifetime=true;
 
-    exprt object=aux_symbol.symbol_expr();
+  exprt object=aux_symbol.symbol_expr();
 
-    java_object_factoryt state(
-      init_code,
-      !allow_null,
-      max_nondet_array_length,
-      symbol_table,
-      message_handler,
-      loc);
-    state.gen_nondet_init(
-      object,
-      false,
-      "",
-      false,
-      false,
-      false,
-      typet(),
-      NO_UPDATE_IN_PLACE);
+  java_object_factoryt state(
+    init_code,
+    !allow_null,
+    max_nondet_array_length,
+    symbol_table,
+    message_handler,
+    loc);
+  state.gen_nondet_init(
+    object,
+    false,
+    "",
+    false,
+    false,
+    false,
+    typet(),
+    NO_UPDATE_IN_PLACE);
 
-    return object;
-  }
-  else if(type.id()==ID_c_bool)
-  {
-    // We force this to 0 and 1 and won't consider
-    // other values.
-    return get_nondet_bool(type);
-  }
-  else
-    return side_effect_expr_nondett(type);
+  return object;
 }
 
 /*******************************************************************\

From 7755820ab7a99f8dcb3d93ca025109fcdc695777 Mon Sep 17 00:00:00 2001
From: Peter Schrammel <peter.schrammel@diffblue.com>
Date: Tue, 11 Apr 2017 22:28:14 +0200
Subject: [PATCH 183/699] Fix boolean to string conversion in expr2java

Fixes diffblue/test-gen#206.
---
 src/java_bytecode/expr2java.cpp | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/src/java_bytecode/expr2java.cpp b/src/java_bytecode/expr2java.cpp
index 3cd487e234a..aac8b17d335 100644
--- a/src/java_bytecode/expr2java.cpp
+++ b/src/java_bytecode/expr2java.cpp
@@ -195,9 +195,15 @@ std::string expr2javat::convert_constant(
   const constant_exprt &src,
   unsigned &precedence)
 {
-  if(src.type().id()==ID_bool)
+  if(src.type().id()==ID_c_bool)
+  {
+    if(!src.is_zero())
+      return "true";
+    else
+      return "false";
+  }
+  else if(src.type().id()==ID_bool)
   {
-    // Java has built-in Boolean constants, in contrast to C
     if(src.is_true())
       return "true";
     else if(src.is_false())
@@ -482,7 +488,6 @@ std::string expr2javat::convert(
   const exprt &src,
   unsigned &precedence)
 {
-  const typet &type=ns.follow(src.type());
   if(src.id()=="java-this")
     return convert_java_this(src, precedence=15);
   if(src.id()==ID_java_instanceof)
@@ -510,13 +515,8 @@ std::string expr2javat::convert(
   }
   else if(src.id()==ID_java_string_literal)
     return '"'+MetaString(src.get_string(ID_value))+'"';
-  else if(src.id()==ID_constant && (type.id()==ID_bool || type.id()==ID_c_bool))
-  {
-    if(src.is_true())
-      return "true";
-    else
-      return "false";
-  }
+  else if(src.id()==ID_constant)
+    return convert_constant(to_constant_expr(src), precedence=16);
   else
     return expr2ct::convert(src, precedence);
 }

From 396a53091a7af2b3da4c23130daaa08ef24a47ba Mon Sep 17 00:00:00 2001
From: Peter Schrammel <peter.schrammel@diffblue.com>
Date: Wed, 12 Apr 2017 09:18:37 +0200
Subject: [PATCH 184/699] Remove unused nullptr case in expr2java

Was supposedly copy and paste from expr2cpp
---
 src/java_bytecode/expr2java.cpp | 2 --
 1 file changed, 2 deletions(-)

diff --git a/src/java_bytecode/expr2java.cpp b/src/java_bytecode/expr2java.cpp
index aac8b17d335..5f07b5850fb 100644
--- a/src/java_bytecode/expr2java.cpp
+++ b/src/java_bytecode/expr2java.cpp
@@ -499,8 +499,6 @@ std::string expr2javat::convert(
   else if(src.id()==ID_side_effect &&
           src.get(ID_statement)==ID_throw)
     return convert_function(src, "throw", precedence=16);
-  else if(src.is_constant() && to_constant_expr(src).get_value()==ID_nullptr)
-    return "nullptr";
   else if(src.id()==ID_unassigned)
     return "?";
   else if(src.id()=="pod_constructor")

From 718683f6f8ac55905f8eeb6ad57de07165e330d7 Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Wed, 12 Apr 2017 12:43:13 +0100
Subject: [PATCH 185/699] Remove trace_stackt

This is only used in derivative out-of-repo classes, and therefore
should be moved there.
---
 src/goto-programs/interpreter_class.h | 10 ----------
 1 file changed, 10 deletions(-)

diff --git a/src/goto-programs/interpreter_class.h b/src/goto-programs/interpreter_class.h
index 8ea3ad620b2..d1051eeb93f 100644
--- a/src/goto-programs/interpreter_class.h
+++ b/src/goto-programs/interpreter_class.h
@@ -90,16 +90,6 @@ class interpretert:public messaget
   const dynamic_typest &get_dynamic_types() { return dynamic_types; }
 
 protected:
-  struct trace_stack_entryt
-  {
-    irep_idt func_name;
-    mp_integer this_address;
-    irep_idt capture_symbol;
-    bool is_super_call;
-    std::vector<interpretert::function_assignmentt> param_values;
-  };
-  typedef std::vector<trace_stack_entryt> trace_stackt;
-
   const symbol_tablet &symbol_table;
 
   // This is a cache so that we don't have to create it when a call needs it

From 5c289b18c7bf80d562ee60c91c0de6b5d42614c0 Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Wed, 12 Apr 2017 14:33:08 +0100
Subject: [PATCH 186/699] Support ID_C_bool in exprt::is_zero

---
 src/util/expr.cpp | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/util/expr.cpp b/src/util/expr.cpp
index 963def60b12..3b480e4bfe2 100644
--- a/src/util/expr.cpp
+++ b/src/util/expr.cpp
@@ -449,7 +449,9 @@ bool exprt::is_zero() const
         assert(false);
       return rat_value.is_zero();
     }
-    else if(type_id==ID_unsignedbv || type_id==ID_signedbv)
+    else if(type_id==ID_unsignedbv ||
+            type_id==ID_signedbv ||
+            type_id==ID_c_bool)
     {
       return constant.value_is_zero_string();
     }

From 083d8a65f9a7305d8cd55a979b84c50c9df3ab70 Mon Sep 17 00:00:00 2001
From: Cristina <cristina.david@gmail.com>
Date: Wed, 12 Apr 2017 12:36:37 +0100
Subject: [PATCH 187/699] Always report exceptinal output in __CPROVER_start

---
 src/goto-programs/remove_exceptions.cpp | 47 +++++++++++++++++++++----
 1 file changed, 41 insertions(+), 6 deletions(-)

diff --git a/src/goto-programs/remove_exceptions.cpp b/src/goto-programs/remove_exceptions.cpp
index e73eba8d2ec..5058164147c 100644
--- a/src/goto-programs/remove_exceptions.cpp
+++ b/src/goto-programs/remove_exceptions.cpp
@@ -192,6 +192,39 @@ void remove_exceptionst::instrument_exception_handler(
 
 /*******************************************************************\
 
+Function: get_exceptional_output
+
+Inputs:
+
+Outputs:
+
+Purpose: finds the instruction where the exceptional output is set
+         or the end of the function if no such output exists
+
+\*******************************************************************/
+
+static goto_programt::targett get_exceptional_output(
+  goto_programt &goto_program)
+{
+  Forall_goto_program_instructions(it, goto_program)
+  {
+    const irep_idt &statement=it->code.get_statement();
+    if(statement==ID_output)
+    {
+      assert(it->code.operands().size()>=2);
+      const exprt &expr=it->code.op1();
+      assert(expr.id()==ID_symbol);
+      const symbol_exprt &symbol=to_symbol_expr(expr);
+      if(id2string(symbol.get_identifier()).find(EXC_SUFFIX)
+         !=std::string::npos)
+        return it;
+    }
+  }
+  return goto_program.get_end_function();
+}
+
+/*******************************************************************\
+
 Function: remove_exceptionst::instrument_throw
 
 Inputs:
@@ -217,13 +250,14 @@ void remove_exceptionst::instrument_throw(
   assert(instr_it->code.operands().size()==1);
 
   // find the end of the function
-  goto_programt::targett end_function=goto_program.get_end_function();
-  if(end_function!=instr_it)
+  goto_programt::targett exceptional_output=
+    get_exceptional_output(goto_program);
+  if(exceptional_output!=instr_it)
   {
     // jump to the end of the function
     // this will appear after the GOTO-based dynamic dispatch below
     goto_programt::targett t_end=goto_program.insert_after(instr_it);
-    t_end->make_goto(end_function);
+    t_end->make_goto(exceptional_output);
     t_end->source_location=instr_it->source_location;
     t_end->function=instr_it->function;
   }
@@ -322,13 +356,14 @@ void remove_exceptionst::instrument_function_call(
     symbol_exprt callee_exc=callee_exc_symbol.symbol_expr();
 
     // find the end of the function
-    goto_programt::targett end_function=goto_program.get_end_function();
-    if(end_function!=instr_it)
+    goto_programt::targett exceptional_output=
+      get_exceptional_output(goto_program);
+    if(exceptional_output!=instr_it)
     {
       // jump to the end of the function
       // this will appear after the GOTO-based dynamic dispatch below
       goto_programt::targett t_end=goto_program.insert_after(instr_it);
-      t_end->make_goto(end_function);
+      t_end->make_goto(exceptional_output);
       t_end->source_location=instr_it->source_location;
       t_end->function=instr_it->function;
     }

From a1b6ea374f6e720ec446755fd1d7fb32efb9096a Mon Sep 17 00:00:00 2001
From: Vojtech Forejt <forejtv@gmail.com>
Date: Wed, 12 Apr 2017 14:49:26 +0100
Subject: [PATCH 188/699] Travis fix: ccache limit was in the wrong section

---
 .travis.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.travis.yml b/.travis.yml
index a2396927dab..7cebb781ff4 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -37,10 +37,10 @@ matrix:
       before_install:
         - HOMEBREW_NO_AUTO_UPDATE=1 brew install ccache
         - export PATH=/usr/local/opt/ccache/libexec:$PATH
+        - ccache -M 1G
       env:
         - COMPILER="ccache clang++ -Qunused-arguments -fcolor-diagnostics"
         - CCACHE_CPP2=yes
-        - ccache -M 1G
 
     # Ubuntu Linux with glibc using g++-5
     - os: linux

From 035ae9211b85cecdf074e3851aec1a3c27187894 Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Wed, 12 Apr 2017 18:29:30 +0100
Subject: [PATCH 189/699] Restore array-set for nondet arrays

This was removed because the array is certain to be overwritten with
nondets, and thus the zero-init was worthless-- however, for the special
case of a zero-length array the init statement was the only assignment,
making the difference between the interpreter assigning it value {}
and assigning it no value at all. Ideally we should omit this most of the
time, but its cost is probably minimal and it's much simpler to keep it
than to track down all the special cases required to deal with a symbol
that is referred to but never defined in the inputs map.
---
 src/java_bytecode/java_object_factory.cpp | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/java_bytecode/java_object_factory.cpp b/src/java_bytecode/java_object_factory.cpp
index 55dfc96931f..3846845a336 100644
--- a/src/java_bytecode/java_object_factory.cpp
+++ b/src/java_bytecode/java_object_factory.cpp
@@ -549,7 +549,10 @@ void java_object_factoryt::gen_nondet_array_init(
 
     side_effect_exprt java_new_array(ID_java_new_array, expr.type());
     java_new_array.copy_to_operands(length_sym_expr);
-    java_new_array.set(ID_skip_initialize, true);
+    // Retain the array_set instruction for the special case of a
+    // zero-length array, where this will be the only assignment against
+    // the array's identifier.
+    java_new_array.set(ID_skip_initialize, false);
     java_new_array.type().subtype().set(ID_C_element_type, element_type);
     codet assign=code_assignt(expr, java_new_array);
     assign.add_source_location()=loc;
@@ -798,4 +801,3 @@ void gen_nondet_init(
     typet(),
     update_in_place);
 }
-

From 3c5ae1a56823f65414c099c4651508431117aa4b Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Wed, 12 Apr 2017 19:18:11 +0100
Subject: [PATCH 190/699] Allow checkcast of null pointer

This used to assume checkcast required a non-null ref, but actually
checkcast (null) always passes. This may increase coverage but is quite
low priority.
---
 .../java_bytecode_convert_method.cpp           | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

diff --git a/src/java_bytecode/java_bytecode_convert_method.cpp b/src/java_bytecode/java_bytecode_convert_method.cpp
index 8d7d63c3c71..cf96e356136 100644
--- a/src/java_bytecode/java_bytecode_convert_method.cpp
+++ b/src/java_bytecode/java_bytecode_convert_method.cpp
@@ -1368,10 +1368,20 @@ codet java_bytecode_convert_methodt::convert_instructions(
       // TODO: convert assertions to exceptions.
       assert(op.size()==1 && results.size()==1);
       binary_predicate_exprt check(op[0], ID_java_instanceof, arg0);
-      c=code_assertt(check);
-      c.add_source_location().set_comment("Dynamic cast check");
-      c.add_source_location().set_property_class("bad-dynamic-cast");
-
+      code_assertt assert_class(check);
+      assert_class.add_source_location().set_comment("Dynamic cast check");
+      assert_class.add_source_location().set_property_class("bad-dynamic-cast");
+      // checkcast passes when the operand is null.
+      empty_typet voidt;
+      pointer_typet voidptr(voidt);
+      exprt null_check_op=op[0];
+      if(null_check_op.type()!=voidptr)
+        null_check_op.make_typecast(voidptr);
+      code_ifthenelset conditional_check;
+      notequal_exprt op_not_null(null_check_op, null_pointer_exprt(voidptr));
+      conditional_check.cond()=std::move(op_not_null);
+      conditional_check.then_case()=std::move(assert_class);
+      c=std::move(conditional_check);
       results[0]=op[0];
     }
     else if(statement=="invokedynamic")

From 77ac3a243d6ba86496664a0e76b93a8b09d1db85 Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Thu, 13 Apr 2017 11:14:55 +0100
Subject: [PATCH 191/699] Fix Java object factory recursion set

Previously it was vulnerable to indirect recursion (i.e. A has a B*,
B has an A*); this removes that possibility and also simplifies use of
the recursion set to only consider pointer edges rather than directly
nested struct types, which can't be used to construct an infinite object
graph by themselves. This should address some of the cases of prematurely
truncated object graphs the incorrect recursion test was trying to solve.
---
 src/java_bytecode/java_object_factory.cpp | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

diff --git a/src/java_bytecode/java_object_factory.cpp b/src/java_bytecode/java_object_factory.cpp
index 3846845a336..823c900f504 100644
--- a/src/java_bytecode/java_object_factory.cpp
+++ b/src/java_bytecode/java_object_factory.cpp
@@ -316,9 +316,8 @@ void java_object_factoryt::gen_nondet_init(
     {
       const struct_typet &struct_type=to_struct_type(subtype);
       const irep_idt struct_tag=struct_type.get_tag();
-      // set to null if found in recursion set and not a sub-type
-      if(recursion_set.find(struct_tag)!=recursion_set.end() &&
-         struct_tag==class_identifier)
+      // If this is a recursive type of some kind, set null.
+      if(!recursion_set.insert(struct_tag).second)
       {
         if(update_in_place==NO_UPDATE_IN_PLACE)
           set_null(expr, pointer_type);
@@ -403,9 +402,6 @@ void java_object_factoryt::gen_nondet_init(
     if(!is_sub)
       class_identifier=struct_tag;
 
-    recursion_set.insert(struct_tag);
-    assert(!recursion_set.empty());
-
     for(const auto &component : components)
     {
       const typet &component_type=component.type();
@@ -460,7 +456,6 @@ void java_object_factoryt::gen_nondet_init(
           substruct_in_place);
       }
     }
-    recursion_set.erase(struct_tag);
   }
   else
   {

From 241dbee1659d343d6104442695783d0567bbe0d4 Mon Sep 17 00:00:00 2001
From: reuk <reuk@users.noreply.github.com>
Date: Tue, 14 Mar 2017 16:33:45 +0000
Subject: [PATCH 192/699] Add org.cprover package and makefile

---
 src/java_bytecode/library/Makefile            |  26 ++++
 .../library/src/org/cprover/CProver.java      | 121 +++++++++++++++++-
 2 files changed, 144 insertions(+), 3 deletions(-)
 create mode 100644 src/java_bytecode/library/Makefile

diff --git a/src/java_bytecode/library/Makefile b/src/java_bytecode/library/Makefile
new file mode 100644
index 00000000000..aa51ec1694a
--- /dev/null
+++ b/src/java_bytecode/library/Makefile
@@ -0,0 +1,26 @@
+all: org.cprover.jar
+
+SOURCE_DIR := src
+BINARY_DIR := classes
+
+FIND := find
+
+JAVAC := javac
+JFLAGS := -sourcepath $(SOURCE_DIR) -d $(BINARY_DIR)
+
+CLASSPATH := SOURCE_DIR
+
+all_javas := $(shell $(FIND) $(SOURCE_DIR) -name '*.java')
+
+$(BINARY_DIR):
+	mkdir -p $(BINARY_DIR)
+
+.PHONY: compile
+compile: $(BINARY_DIR)
+	$(JAVAC) $(JFLAGS) $(all_javas)
+
+JAR := jar
+JARFLAGS := -cf
+
+org.cprover.jar: compile
+	$(JAR) $(JARFLAGS) $@ -C $(BINARY_DIR) org
diff --git a/src/java_bytecode/library/src/org/cprover/CProver.java b/src/java_bytecode/library/src/org/cprover/CProver.java
index 72c3eeb1d70..0dcae58c67e 100644
--- a/src/java_bytecode/library/src/org/cprover/CProver.java
+++ b/src/java_bytecode/library/src/org/cprover/CProver.java
@@ -3,9 +3,124 @@
 public final class CProver
 {
   public static boolean enableAssume=true;
-  public static void assume(boolean condition) 
+  public static boolean enableNondet=true;
+
+  public static boolean nondetBoolean()
+  {
+    if (enableNondet)
+    {
+      throw new RuntimeException(
+          "Cannot execute program with CProver.nondetBoolean()");
+    }
+
+    return false;
+  }
+
+  public static byte nondetByte()
+  {
+    if (enableNondet)
+    {
+      throw new RuntimeException(
+          "Cannot execute program with CProver.nondetByte()");
+    }
+
+    return 0;
+  }
+
+  public static char nondetChar()
+  {
+    if (enableNondet)
+    {
+      throw new RuntimeException(
+          "Cannot execute program with CProver.nondetChar()");
+    }
+
+    return '\0';
+  }
+
+  public static short nondetShort()
+  {
+    if (enableNondet)
+    {
+      throw new RuntimeException(
+          "Cannot execute program with CProver.nondetShort()");
+    }
+
+    return 0;
+  }
+
+  public static int nondetInt()
+  {
+    if (enableNondet)
+    {
+      throw new RuntimeException(
+          "Cannot execute program with CProver.nondetInt()");
+    }
+
+    return 0;
+  }
+
+  public static long nondetLong()
+  {
+    if (enableNondet)
+    {
+      throw new RuntimeException(
+          "Cannot execute program with CProver.nondetLong()");
+    }
+
+    return 0;
+  }
+
+  public static float nondetFloat()
+  {
+    if (enableNondet)
+    {
+      throw new RuntimeException(
+          "Cannot execute program with CProver.nondetFloat()");
+    }
+
+    return 0;
+  }
+
+  public static double nondetDouble()
+  {
+    if (enableNondet)
+    {
+      throw new RuntimeException(
+          "Cannot execute program with CProver.nondetDouble()");
+    }
+
+    return 0;
+  }
+
+  public static <T> T nondetWithNull()
+  {
+    if (enableNondet)
+    {
+      throw new RuntimeException(
+          "Cannot execute program with CProver.nondetWithNull<T>(T)");
+    }
+
+    return null;
+  }
+
+  public static <T> T nondetWithoutNull()
+  {
+    if (enableNondet)
+    {
+      throw new RuntimeException(
+          "Cannot execute program with CProver.nondetWithoutNull<T>(T)");
+    }
+
+    return null;
+  }
+
+  public static void assume(boolean condition)
   {
     if(enableAssume)
-      throw new RuntimeException("Cannot execute program with CProver.assume()");
-  }  
+    {
+      throw new RuntimeException(
+          "Cannot execute program with CProver.assume()");
+    }
+  }
 }

From 7ed66a1a0632d278706056a9395947478a9a43ef Mon Sep 17 00:00:00 2001
From: reuk <reuk@users.noreply.github.com>
Date: Tue, 14 Mar 2017 16:58:20 +0000
Subject: [PATCH 193/699] Add tests

---
 regression/cbmc-java/Makefile                 |  13 ++++++++
 .../cbmc-java/NondetArray/NondetArray.class   | Bin 0 -> 722 bytes
 .../cbmc-java/NondetArray/NondetArray.java    |  10 ++++++
 regression/cbmc-java/NondetArray/test.desc    |   6 ++++
 .../cbmc-java/NondetArray2/NondetArray2.class | Bin 0 -> 907 bytes
 .../cbmc-java/NondetArray2/NondetArray2.java  |  15 +++++++++
 regression/cbmc-java/NondetArray2/test.desc   |   6 ++++
 .../cbmc-java/NondetArray3/NondetArray3.class | Bin 0 -> 935 bytes
 .../cbmc-java/NondetArray3/NondetArray3.java  |  16 ++++++++++
 regression/cbmc-java/NondetArray3/test.desc   |   6 ++++
 .../cbmc-java/NondetArray4/NondetArray4.class | Bin 0 -> 806 bytes
 .../cbmc-java/NondetArray4/NondetArray4.java  |  14 ++++++++
 regression/cbmc-java/NondetArray4/test.desc   |   6 ++++
 .../NondetAssume1/NondetAssume1.class         | Bin 0 -> 722 bytes
 .../NondetAssume1/NondetAssume1.java          |  11 +++++++
 regression/cbmc-java/NondetAssume1/test.desc  |   6 ++++
 regression/cbmc-java/NondetAssume2/A.class    | Bin 0 -> 256 bytes
 regression/cbmc-java/NondetAssume2/B.class    | Bin 0 -> 258 bytes
 regression/cbmc-java/NondetAssume2/C.class    | Bin 0 -> 258 bytes
 .../NondetAssume2/NondetAssume2.class         | Bin 0 -> 759 bytes
 .../NondetAssume2/NondetAssume2.java          |  17 ++++++++++
 regression/cbmc-java/NondetAssume2/test.desc  |   6 ++++
 .../NondetBoolean/NondetBoolean.class         | Bin 0 -> 659 bytes
 .../NondetBoolean/NondetBoolean.java          |  10 ++++++
 regression/cbmc-java/NondetBoolean/test.desc  |   6 ++++
 .../cbmc-java/NondetByte/NondetByte.class     | Bin 0 -> 657 bytes
 .../cbmc-java/NondetByte/NondetByte.java      |  10 ++++++
 regression/cbmc-java/NondetByte/test.desc     |   6 ++++
 .../NondetCastToObject.class                  | Bin 0 -> 779 bytes
 .../NondetCastToObject.java                   |  11 +++++++
 .../cbmc-java/NondetCastToObject/test.desc    |   6 ++++
 .../cbmc-java/NondetChar/NondetChar.class     | Bin 0 -> 657 bytes
 .../cbmc-java/NondetChar/NondetChar.java      |  10 ++++++
 regression/cbmc-java/NondetChar/test.desc     |   6 ++++
 .../cbmc-java/NondetDirectFromMethod/A.class  | Bin 0 -> 265 bytes
 .../NondetDirectFromMethod.class              | Bin 0 -> 808 bytes
 .../NondetDirectFromMethod.java               |  19 +++++++++++
 .../NondetDirectFromMethod/test.desc          |   6 ++++
 .../cbmc-java/NondetDouble/NondetDouble.class | Bin 0 -> 667 bytes
 .../cbmc-java/NondetDouble/NondetDouble.java  |  10 ++++++
 regression/cbmc-java/NondetDouble/test.desc   |   6 ++++
 .../cbmc-java/NondetFloat/NondetFloat.class   | Bin 0 -> 663 bytes
 .../cbmc-java/NondetFloat/NondetFloat.java    |  10 ++++++
 regression/cbmc-java/NondetFloat/test.desc    |   6 ++++
 .../cbmc-java/NondetGenericArray/A.class      | Bin 0 -> 287 bytes
 .../cbmc-java/NondetGenericArray/B.class      | Bin 0 -> 263 bytes
 .../cbmc-java/NondetGenericArray/C.class      | Bin 0 -> 263 bytes
 .../NondetGenericArray.class                  | Bin 0 -> 953 bytes
 .../NondetGenericArray.java                   |  30 ++++++++++++++++++
 .../cbmc-java/NondetGenericArray/test.desc    |   6 ++++
 .../cbmc-java/NondetGenericRecursive/A.class  | Bin 0 -> 249 bytes
 .../cbmc-java/NondetGenericRecursive/B.class  | Bin 0 -> 267 bytes
 .../cbmc-java/NondetGenericRecursive/C.class  | Bin 0 -> 267 bytes
 .../NondetGenericRecursive.class              | Bin 0 -> 731 bytes
 .../NondetGenericRecursive.java               |  24 ++++++++++++++
 .../NondetGenericRecursive/test.desc          |   6 ++++
 .../cbmc-java/NondetGenericRecursive2/A.class | Bin 0 -> 250 bytes
 .../cbmc-java/NondetGenericRecursive2/B.class | Bin 0 -> 268 bytes
 .../cbmc-java/NondetGenericRecursive2/C.class | Bin 0 -> 268 bytes
 .../NondetGenericRecursive2.class             | Bin 0 -> 879 bytes
 .../NondetGenericRecursive2.java              |  27 ++++++++++++++++
 .../NondetGenericRecursive2/test.desc         |   6 ++++
 .../cbmc-java/NondetGenericWithNull/B.class   | Bin 0 -> 264 bytes
 .../NondetGenericWithNull.class               | Bin 0 -> 772 bytes
 .../NondetGenericWithNull.java                |  13 ++++++++
 .../cbmc-java/NondetGenericWithNull/test.desc |   6 ++++
 .../NondetGenericWithoutNull/B.class          | Bin 0 -> 267 bytes
 .../NondetGenericWithoutNull.class            | Bin 0 -> 740 bytes
 .../NondetGenericWithoutNull.java             |  12 +++++++
 .../NondetGenericWithoutNull/test.desc        |   6 ++++
 .../cbmc-java/NondetInt/NondetInt.class       | Bin 0 -> 653 bytes
 regression/cbmc-java/NondetInt/NondetInt.java |  10 ++++++
 regression/cbmc-java/NondetInt/test.desc      |   6 ++++
 .../cbmc-java/NondetLong/NondetLong.class     | Bin 0 -> 659 bytes
 .../cbmc-java/NondetLong/NondetLong.java      |  10 ++++++
 regression/cbmc-java/NondetLong/test.desc     |   6 ++++
 .../cbmc-java/NondetShort/NondetShort.class   | Bin 0 -> 661 bytes
 .../cbmc-java/NondetShort/NondetShort.java    |  10 ++++++
 regression/cbmc-java/NondetShort/test.desc    |   6 ++++
 79 files changed, 438 insertions(+)
 create mode 100644 regression/cbmc-java/NondetArray/NondetArray.class
 create mode 100644 regression/cbmc-java/NondetArray/NondetArray.java
 create mode 100644 regression/cbmc-java/NondetArray/test.desc
 create mode 100644 regression/cbmc-java/NondetArray2/NondetArray2.class
 create mode 100644 regression/cbmc-java/NondetArray2/NondetArray2.java
 create mode 100644 regression/cbmc-java/NondetArray2/test.desc
 create mode 100644 regression/cbmc-java/NondetArray3/NondetArray3.class
 create mode 100644 regression/cbmc-java/NondetArray3/NondetArray3.java
 create mode 100644 regression/cbmc-java/NondetArray3/test.desc
 create mode 100644 regression/cbmc-java/NondetArray4/NondetArray4.class
 create mode 100644 regression/cbmc-java/NondetArray4/NondetArray4.java
 create mode 100644 regression/cbmc-java/NondetArray4/test.desc
 create mode 100644 regression/cbmc-java/NondetAssume1/NondetAssume1.class
 create mode 100644 regression/cbmc-java/NondetAssume1/NondetAssume1.java
 create mode 100644 regression/cbmc-java/NondetAssume1/test.desc
 create mode 100644 regression/cbmc-java/NondetAssume2/A.class
 create mode 100644 regression/cbmc-java/NondetAssume2/B.class
 create mode 100644 regression/cbmc-java/NondetAssume2/C.class
 create mode 100644 regression/cbmc-java/NondetAssume2/NondetAssume2.class
 create mode 100644 regression/cbmc-java/NondetAssume2/NondetAssume2.java
 create mode 100644 regression/cbmc-java/NondetAssume2/test.desc
 create mode 100644 regression/cbmc-java/NondetBoolean/NondetBoolean.class
 create mode 100644 regression/cbmc-java/NondetBoolean/NondetBoolean.java
 create mode 100644 regression/cbmc-java/NondetBoolean/test.desc
 create mode 100644 regression/cbmc-java/NondetByte/NondetByte.class
 create mode 100644 regression/cbmc-java/NondetByte/NondetByte.java
 create mode 100644 regression/cbmc-java/NondetByte/test.desc
 create mode 100644 regression/cbmc-java/NondetCastToObject/NondetCastToObject.class
 create mode 100644 regression/cbmc-java/NondetCastToObject/NondetCastToObject.java
 create mode 100644 regression/cbmc-java/NondetCastToObject/test.desc
 create mode 100644 regression/cbmc-java/NondetChar/NondetChar.class
 create mode 100644 regression/cbmc-java/NondetChar/NondetChar.java
 create mode 100644 regression/cbmc-java/NondetChar/test.desc
 create mode 100644 regression/cbmc-java/NondetDirectFromMethod/A.class
 create mode 100644 regression/cbmc-java/NondetDirectFromMethod/NondetDirectFromMethod.class
 create mode 100644 regression/cbmc-java/NondetDirectFromMethod/NondetDirectFromMethod.java
 create mode 100644 regression/cbmc-java/NondetDirectFromMethod/test.desc
 create mode 100644 regression/cbmc-java/NondetDouble/NondetDouble.class
 create mode 100644 regression/cbmc-java/NondetDouble/NondetDouble.java
 create mode 100644 regression/cbmc-java/NondetDouble/test.desc
 create mode 100644 regression/cbmc-java/NondetFloat/NondetFloat.class
 create mode 100644 regression/cbmc-java/NondetFloat/NondetFloat.java
 create mode 100644 regression/cbmc-java/NondetFloat/test.desc
 create mode 100644 regression/cbmc-java/NondetGenericArray/A.class
 create mode 100644 regression/cbmc-java/NondetGenericArray/B.class
 create mode 100644 regression/cbmc-java/NondetGenericArray/C.class
 create mode 100644 regression/cbmc-java/NondetGenericArray/NondetGenericArray.class
 create mode 100644 regression/cbmc-java/NondetGenericArray/NondetGenericArray.java
 create mode 100644 regression/cbmc-java/NondetGenericArray/test.desc
 create mode 100644 regression/cbmc-java/NondetGenericRecursive/A.class
 create mode 100644 regression/cbmc-java/NondetGenericRecursive/B.class
 create mode 100644 regression/cbmc-java/NondetGenericRecursive/C.class
 create mode 100644 regression/cbmc-java/NondetGenericRecursive/NondetGenericRecursive.class
 create mode 100644 regression/cbmc-java/NondetGenericRecursive/NondetGenericRecursive.java
 create mode 100644 regression/cbmc-java/NondetGenericRecursive/test.desc
 create mode 100644 regression/cbmc-java/NondetGenericRecursive2/A.class
 create mode 100644 regression/cbmc-java/NondetGenericRecursive2/B.class
 create mode 100644 regression/cbmc-java/NondetGenericRecursive2/C.class
 create mode 100644 regression/cbmc-java/NondetGenericRecursive2/NondetGenericRecursive2.class
 create mode 100644 regression/cbmc-java/NondetGenericRecursive2/NondetGenericRecursive2.java
 create mode 100644 regression/cbmc-java/NondetGenericRecursive2/test.desc
 create mode 100644 regression/cbmc-java/NondetGenericWithNull/B.class
 create mode 100644 regression/cbmc-java/NondetGenericWithNull/NondetGenericWithNull.class
 create mode 100644 regression/cbmc-java/NondetGenericWithNull/NondetGenericWithNull.java
 create mode 100644 regression/cbmc-java/NondetGenericWithNull/test.desc
 create mode 100644 regression/cbmc-java/NondetGenericWithoutNull/B.class
 create mode 100644 regression/cbmc-java/NondetGenericWithoutNull/NondetGenericWithoutNull.class
 create mode 100644 regression/cbmc-java/NondetGenericWithoutNull/NondetGenericWithoutNull.java
 create mode 100644 regression/cbmc-java/NondetGenericWithoutNull/test.desc
 create mode 100644 regression/cbmc-java/NondetInt/NondetInt.class
 create mode 100644 regression/cbmc-java/NondetInt/NondetInt.java
 create mode 100644 regression/cbmc-java/NondetInt/test.desc
 create mode 100644 regression/cbmc-java/NondetLong/NondetLong.class
 create mode 100644 regression/cbmc-java/NondetLong/NondetLong.java
 create mode 100644 regression/cbmc-java/NondetLong/test.desc
 create mode 100644 regression/cbmc-java/NondetShort/NondetShort.class
 create mode 100644 regression/cbmc-java/NondetShort/NondetShort.java
 create mode 100644 regression/cbmc-java/NondetShort/test.desc

diff --git a/regression/cbmc-java/Makefile b/regression/cbmc-java/Makefile
index a1b44c5a948..dcdf752aea1 100644
--- a/regression/cbmc-java/Makefile
+++ b/regression/cbmc-java/Makefile
@@ -23,3 +23,16 @@ clean:
 	find -name '*.out' -execdir $(RM) '{}' \;
 	find -name '*.gb' -execdir $(RM) '{}' \;
 	$(RM) tests.log
+
+%.class: %.java ../../src/org.cprover.jar
+	javac -g -cp ../../src/org.cprover.jar:. $<
+
+nondet_java_files := $(shell find . -name "Nondet*.java")
+nondet_class_files := $(patsubst %.java, %.class, $(nondet_java_files))
+
+.PHONY: nondet-class-files
+nondet-class-files: $(nondet_class_files)
+
+.PHONY: clean-nondet-class-files
+clean-nondet-class-files:
+	-rm $(nondet_class_files)
diff --git a/regression/cbmc-java/NondetArray/NondetArray.class b/regression/cbmc-java/NondetArray/NondetArray.class
new file mode 100644
index 0000000000000000000000000000000000000000..57858ac292f69439cc0e65d1d6c7b77fb150b7f8
GIT binary patch
literal 722
zcmZvZ&2G~`6ot>kPR4bd=BI5)!ao#9K*F2us1Q|vl?g~iMU>UV9<>u(yBgb-c$K~Y
zYe1q1q?R2L&x8=yPDm=j!k&9)?)~mLGe3WSJq56VfsG~fY+S@8j<qFlT;{l9ql_NM
zRU6lEo#O_>%DPArsZ$k4$zzp>aVP@@w#!i2RFO&_G8p~A4ud(21IbYLR3t~)!C2~-
zc`-xFi+vI92(9vbwrQsODq*O3qc{p=x}~*v_kbV=LPbQ3#}gX;#+!&E;f5mGbDxhV
z(od<Rww((9?K5#WBUzh%I1^%T$C>u!Q<aZxoFm`QISw4uIBq&v$1MjostldQfUUna
zpJ*LxhU&R~j@u6Ipik6A!&DK;jP;)DAL{r>YIpdeSQ(m8VeFMk_v0)bWnsv$+8_MS
zQGLN2hIHEu?La0<%V4gFJf|5Q&{gl!({Oq_fHgX~3yKW-$Q&4!DROCLw3hFlfPJ8#
zggX5z#ioG<#m=+<O|&QjR_4tCRhMX|_XVZzFuad2k5Rw(1J!RRzdk|bEGHTTak&`G
zNsfgsNy^FXY4?oGiM)z6n%1T>3+xxVoVqMrm`~g&v;fT({|xIG+<Xty_yqG`={cl~
NlJh7x*rB9^?jKPbjkW*)

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/NondetArray/NondetArray.java b/regression/cbmc-java/NondetArray/NondetArray.java
new file mode 100644
index 00000000000..21dd4416b4e
--- /dev/null
+++ b/regression/cbmc-java/NondetArray/NondetArray.java
@@ -0,0 +1,10 @@
+import org.cprover.CProver;
+
+class NondetArray
+{
+  void main()
+  {
+    Object[] obj = CProver.nondetWithoutNull();
+    assert obj != null;
+  }
+}
diff --git a/regression/cbmc-java/NondetArray/test.desc b/regression/cbmc-java/NondetArray/test.desc
new file mode 100644
index 00000000000..63cf6d4cbc0
--- /dev/null
+++ b/regression/cbmc-java/NondetArray/test.desc
@@ -0,0 +1,6 @@
+CORE
+NondetArray.class
+--function NondetArray.main
+^VERIFICATION SUCCESSFUL$
+--
+^warning: ignoring
diff --git a/regression/cbmc-java/NondetArray2/NondetArray2.class b/regression/cbmc-java/NondetArray2/NondetArray2.class
new file mode 100644
index 0000000000000000000000000000000000000000..0ab85c2bb1d31f8d010393dbe61bc9edccdce025
GIT binary patch
literal 907
zcmZuvT~8B16g|`Zn08s91qv-zKt=hoR4c)#pb*rAq*fCQMtoY@2_4+-lIbpq@BRsS
z^o3_N0iy}{>@V>r_$1z43MJ8OX78Ol_v4&1^YhQQBLH)lvtVJ&!WCTQ$XU3C@f4D{
z&T+$ni7}1|3zL}Qm}cl7cUmo>0_l6L$Fk*Yx}wg&HW<tW>B-<BgEl#}&Y-XOb-~bE
zk)EiA%}t?RM#&6)6~E@V>yDDqz8%zqhHNqPRI0vL7s0Yp&b#sh>e6(iNBt#Du53HI
zPRVt=t<tI&h%KR_1nC7-IPm7br<xZwsd|;6do6HkZ=X3k@j#-)kX)#_ZOGP|AF7&o
zDkFfIix_63p*FhF!!cvyCW;)hHcGf<qYE}eu7hg%OqnN2`HI25*ofn{jWX^qq&pSQ
zH@8JCAa1_eD%EzBzbjN}<wa}>h!>0TN(K!-4632)64A-23rtVzNrp_PXImTMN7Af2
zZb+2qN=Sp=PST1?*T^tf7cHqo{Tw-|6ohm@1sfQnS76Z-Vd-4Nl{}3WNdf9bUWqIt
zYfK-4eIh4;H2uvus3AkXeVTwi^wSO)I4?e?Y)+A-uSooWR?!w`s>P#uU7I(uMpplb
zp<>o3-!}_+^8k8d@x8(JPkw!dv4`Hm2XuXh`T7w2IGU@)b4TKSoc<~LEQ}K939?0k
z{D|g8c&4FKJc%p@2`5c&BjdP-A>;^c3U`smFrm9d=Xq!+lwxueI5ZY5V*DG!8ESI*
moXlKI6Ug)>50Kge*Y}}oUts*JO4QXr!d{BB8=*}CqkjQF8L<8U

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/NondetArray2/NondetArray2.java b/regression/cbmc-java/NondetArray2/NondetArray2.java
new file mode 100644
index 00000000000..2f9bcedd797
--- /dev/null
+++ b/regression/cbmc-java/NondetArray2/NondetArray2.java
@@ -0,0 +1,15 @@
+import org.cprover.CProver;
+
+class NondetArray2
+{
+  void main()
+  {
+    Integer[] ints = CProver.nondetWithoutNull();
+
+    int num = 0;
+    for (Integer i : ints) {
+      num *= i.intValue();
+    }
+    assert num == 0;
+  }
+}
diff --git a/regression/cbmc-java/NondetArray2/test.desc b/regression/cbmc-java/NondetArray2/test.desc
new file mode 100644
index 00000000000..5e84e0dbf7c
--- /dev/null
+++ b/regression/cbmc-java/NondetArray2/test.desc
@@ -0,0 +1,6 @@
+CORE
+NondetArray2.class
+--function NondetArray2.main --unwind 5
+^VERIFICATION SUCCESSFUL$
+--
+^warning: ignoring
diff --git a/regression/cbmc-java/NondetArray3/NondetArray3.class b/regression/cbmc-java/NondetArray3/NondetArray3.class
new file mode 100644
index 0000000000000000000000000000000000000000..e07d736d747d1f5db68cd8c7326775ef18db25e5
GIT binary patch
literal 935
zcmZuv%T5$Q6g@TFJvB59!vF)rLqSC4A&fkNQ9&iB32_`B7>u}TW;)Q=bd#EH68HXu
zEZwkH6EK>fI}?AwAMg`g81VEkG9<dFzPE1Od+MCi_5JYE0f1>tn=sLD;v5Dfat%n~
zyu_dhBQ9RRMTtu$hA=EKBG5KyS1OJQ-N3KhaVz$!=adD+ia>JK_1*BMfHpL|ETAt0
zWk(=gaDAs3ZLT`%Y1}N(S_n$Ew`?mn-q(tHxb9X2nhV9iFFWD9QueE<8${W(U7z?a
zZ!T=u+jicw{k8m}A3AG}iW^)%<Y4=Y|DI}ow8`m3fu^O<F1>tUZ&fd(B!Sdy$*WN|
zmx4%@oO^CeFmsy2czmgaCNxWoTDXic3yrV@a&<QIe;v82RG=irE#z@Uz&Z^iF=1g6
zQvxmZ$%m^OPAR0eK&|CVTPoOgRDR)6HIj&5HRG8Zt_M+Aj69D*hlWonJ)WlxnL1|8
z8|tGq%eEI$5`PIjNY|SdJpM+3j<Qp6l~X=ZK$pUZ2OL;IKc9lhCn8#Mv1Vo(7p(xX
znB^G-qcO4%@s3FXE&L{{MGYC|)^P(`(Z(Inelq-n-IA3jACdS9t?(ZD4$`CF(D)g~
z^L-@0Xmg{*v4a_1n=!IRR)34mv8*w9J=xop+=E=7du@o_qo2ofy>IGsF%zxIWPk#|
zTO?x_rSwq71UX$}yhSFDDI;b%0-f~~vgjata;ou_xQ|ZcsG$c}iO@~XJv{G&{u^Bq
z+7UsM61_}Cyy(U+bY}>4=0xap)dC>Xn%YCd4y3*dUHbt2U&mr>0}1PP?CV)>66pH_
DFp{_m

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/NondetArray3/NondetArray3.java b/regression/cbmc-java/NondetArray3/NondetArray3.java
new file mode 100644
index 00000000000..c061aa693f2
--- /dev/null
+++ b/regression/cbmc-java/NondetArray3/NondetArray3.java
@@ -0,0 +1,16 @@
+import org.cprover.CProver;
+
+class NondetArray3
+{
+  void main()
+  {
+    Integer[] ints = CProver.nondetWithoutNull();
+    assert ints != null;
+
+    int num = 0;
+    for (Integer i : ints) {
+      num *= i.intValue();
+    }
+    assert num == 0;
+  }
+}
diff --git a/regression/cbmc-java/NondetArray3/test.desc b/regression/cbmc-java/NondetArray3/test.desc
new file mode 100644
index 00000000000..a0f68ce5a41
--- /dev/null
+++ b/regression/cbmc-java/NondetArray3/test.desc
@@ -0,0 +1,6 @@
+CORE
+NondetArray3.class
+--function NondetArray3.main --unwind 5
+^VERIFICATION SUCCESSFUL$
+--
+^warning: ignoring
diff --git a/regression/cbmc-java/NondetArray4/NondetArray4.class b/regression/cbmc-java/NondetArray4/NondetArray4.class
new file mode 100644
index 0000000000000000000000000000000000000000..dbe5532ccfb0e88fb8371545e5b337bd776ef8f7
GIT binary patch
literal 806
zcmZWmO-~b16g_V~I;9NsgNiLG2%@&AbkmhqBB`2?)MA3ch^y)Jr3?-;<js`CzrxC$
zYc&z0iMliKN2zC~g_5|q^X|KI&$;Kk`}@z=?*N)u&tVEnIb6rGh3XV6tXQ~_gNY>z
zt2x}nEep2==2o33k}CGXAbRXYPS2Np0kJ2LX?cMcZwTnM`mTV{4*OCd-|+(39Uk_i
zdXY2>lscj7_`8nslKZ%5#QR<(Fx%;dL0`t3N;z+v56E)pcmeqx#ulT;a9Q?(nC<1)
zodf6CY4}bsXlw<s97sjb%uejMZ=N|vDLLf}WLvI3mY3TJhsu>ty+lm$;=J{Q%!Z8_
z3pE>ctl7w6TA(tSvU%qIiBh2wurCr=xMSlk?g<noi0$5ibYs3;s0I!9NQK8zHQLY9
zlLCU&@Jlb=4~KDg==-!)t6%Un!qZlM!rAt@1%dg#j65a#=b~sl9`XlQu*X$e+$kUm
zmBa=!ok4ftLo;je6g<tfQ-}{tH01fsq(vPC=Ju!oMU;30=FY+I*ln`1VzkVMnT;>d
zenP)*e1vg=Le=<%>2EM!og(uiVb)XT1#*L;G-P2=T85%#Ib)fu$+YH(aXd|<fif;p
zfq_NLGt-E;ip$J&;>xI?%6|()mLUF;#<Xxn2w|m0v+O;y+Dv@_#gg?I*%MgCdl>pB
U82{T&=uBw#qvUa}@uFezA4iRp3IG5A

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/NondetArray4/NondetArray4.java b/regression/cbmc-java/NondetArray4/NondetArray4.java
new file mode 100644
index 00000000000..4b4e15aaad7
--- /dev/null
+++ b/regression/cbmc-java/NondetArray4/NondetArray4.java
@@ -0,0 +1,14 @@
+import org.cprover.CProver;
+
+class NondetArray4
+{
+  void main()
+  {
+    int a = 1;
+    int b = 2;
+    int c = 3;
+
+    Integer[] ints = CProver.nondetWithoutNull();
+    assert ints != null;
+  }
+}
diff --git a/regression/cbmc-java/NondetArray4/test.desc b/regression/cbmc-java/NondetArray4/test.desc
new file mode 100644
index 00000000000..fd419bab2d4
--- /dev/null
+++ b/regression/cbmc-java/NondetArray4/test.desc
@@ -0,0 +1,6 @@
+CORE
+NondetArray4.class
+--function NondetArray4.main
+^VERIFICATION SUCCESSFUL$
+--
+^warning: ignoring
diff --git a/regression/cbmc-java/NondetAssume1/NondetAssume1.class b/regression/cbmc-java/NondetAssume1/NondetAssume1.class
new file mode 100644
index 0000000000000000000000000000000000000000..bcdca197547fabfd5126639491b8e34bc80dbaba
GIT binary patch
literal 722
zcmZWnO>fgc5PchO;@EXan$i#&J_@9e7KDY=8xblBAXO@*Qc)#x+t{nJ#j&fkQ}J7R
zfg5K)q7{|Oo!^8IvyPRj;;^%`J2UUio88}kf1U$a$0HXGmRxjj!<d^6Y}~SO+eH~m
zHkMu7!Cf2o7#6xBO{LCM5~nXzDn^kE8Q74a(pRy{o-tUx)jbA2NJ7a_-%_#Mo{UFQ
zzctAW&8;L5(Vo!CoQq4Iy;rHp-cI6BX3x`fGL}!C63kerm<T@7+GMEhW+M3TS{xR2
z)qW5awC-*)(SdxWa*|6pj}OF=@Zh0lqw8S>_dPs7&x4COhPH|Nk%;$w;+<-Hsdb`>
z?h=fRRS#=;$k4bbc{4hYK}Lf~^u8Y)>f}gjf3TD93{ITu*^DWJ=0XZ8G(XZt%6daH
zr}_odAfgyUE0n3yGMqI-nzIQ72w;e1dK!lwjWyb)eex_?Bn=E#$n$Auw3pXTz`l}G
zLY-_SzqHUG-<u|29!)v{3$x;kvP*Qca*9&F!#~63U%;(XSl_^p(dh6`m^(xH-3cnc
z47inpH^Irb$yN!}L6<r+M6D@ULB#13UBx1iw<zYo`hyzVV2f0AZPvkh-WxFAw11#_
XTr}_<{C_D1rHqodVFb77P{Q?p2Uvu9

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/NondetAssume1/NondetAssume1.java b/regression/cbmc-java/NondetAssume1/NondetAssume1.java
new file mode 100644
index 00000000000..9177bcece6b
--- /dev/null
+++ b/regression/cbmc-java/NondetAssume1/NondetAssume1.java
@@ -0,0 +1,11 @@
+import org.cprover.CProver;
+
+class NondetAssume1
+{
+  void main()
+  {
+    int x = CProver.nondetInt();
+    CProver.assume(x == 1);
+    assert x == 1;
+  }
+}
diff --git a/regression/cbmc-java/NondetAssume1/test.desc b/regression/cbmc-java/NondetAssume1/test.desc
new file mode 100644
index 00000000000..bbff9abb9f2
--- /dev/null
+++ b/regression/cbmc-java/NondetAssume1/test.desc
@@ -0,0 +1,6 @@
+CORE
+NondetAssume1.class
+--function NondetAssume1.main
+^VERIFICATION SUCCESSFUL$
+--
+^warning: ignoring
diff --git a/regression/cbmc-java/NondetAssume2/A.class b/regression/cbmc-java/NondetAssume2/A.class
new file mode 100644
index 0000000000000000000000000000000000000000..66636e271af6e2bf9d5f74a1c6b54f950067c43a
GIT binary patch
literal 256
zcmXX=I|{;35S%qJ(fIcSmTF-@>=Ypgf)KP&>|f$TpTq?65wB$>Sa<*rC2pd{?#|54
ze%_zw3%~?j3mRG`+9o;#x^b)s#!Q7OofEYFU{BB&(LoYgt_tNkyLd9*2`^x!>qfo^
z_99j}|BHHhQVEZ`&Xiznqb&C2QWf@f6dq*iBuRFW<I!1MMI8oAKI#zKIky859_@{H
xmVSyJO8gx_96HK>!~?8UnAu$OUU~Qc-5Hcn<!lt928(h1XF!cnzNk^SnqS3wEH?lE

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/NondetAssume2/B.class b/regression/cbmc-java/NondetAssume2/B.class
new file mode 100644
index 0000000000000000000000000000000000000000..9978b0f14dea0b8db0940ea1006defeb14812dff
GIT binary patch
literal 258
zcmXYr%?`mp6ot>FTI#2G0!u735j!G5V%4x9_S2d$Qf<;7?`0*i@Bki4+@XuP^PMyI
zo;&Z)^95jnu8lGr3vCM>0trIdTTBV&Ohqc2v+NHJ1Y;E+CBgAjBsclhm&soEAv;|!
z4n%kmiPE|-jqI#aowVd6dl%<PAlK^GzKNrw%ob^yU*&jo5jW9*35!=R32m+2P(&wp
x>tAG$p@$Ox4<J4UDh2TXJ5^RL-}<dGe1Pr@CDgc@e-k!yqu@G|4r>0oT3;?EETsSd

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/NondetAssume2/C.class b/regression/cbmc-java/NondetAssume2/C.class
new file mode 100644
index 0000000000000000000000000000000000000000..bbf6b9b7eaefdf0ebb7df435b7e489815784f53e
GIT binary patch
literal 258
zcmXX=%MQU%5IsY+)Y}(WVxfuH5eZGK8WzO<wr;pmZPJJTvXWT%03Rjhmc^ZW&Y3f3
z=KXoT08G)dQAXQB$3mAtKB4TbW(0GtB9$$e4u%JU;l@WvXnQJ>oBZm_WH0=Xm7W&|
zB0PvhY5o_D?5t9q<Z_a|i}NIqYgO1cadec~GEMWVoQyBxCK@nd@oJaQ(cB3|baJ--
xMFtuADDiy&@iS2QBOYL-%FN+k_bQ_Y=+2;o8dtLrE!d13KLhHFbWpQ!wZ1VqEUN$j

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/NondetAssume2/NondetAssume2.class b/regression/cbmc-java/NondetAssume2/NondetAssume2.class
new file mode 100644
index 0000000000000000000000000000000000000000..45efb7811e21fd82b94b9efce8d00358b1fe26ac
GIT binary patch
literal 759
zcmZWm-%ry}6#nkkty|Zzu}z$ciVC<frHSE9VlY#m<|M&j+*{Y(z{Rd5w;ld3`~yC#
zi4aZHCr$jDjPYx?K+uQw{J7_Q=ljn2_2=_f02^>DSXi`h9XCweOzct-1>7=m+d>|T
zChk~R#)^qmf%>u=MN-Eq45BA0a)-Vg35bC}ep3Z1ek71>wRZ)KZa9(xm7WS@e=;6Q
z{W2*QsP#h6^><yZl6aOh;(Zk*)%`FS$@p;;O~&%UL&A(*6>xw@++LT7@=ok}Z=Sn{
zX(tH_6gEA7Hrv_>C)$(GR66Mb*!qEc<k~1>&ct0CEwl;SwXuedjS_5uW>Vq!Zm{Q&
zz*OW@twYVJ7obesvvD8m0@d@D7sCVT#oSP+_Z;s~heuL7-R;y0%mt~iS1R7`PkdjX
z(Q5bpZKk|D*GuUX-Wnupten?$eZC1SjAW#=9Gy|*LgEP@xc32;csYw_71d@Uie8o<
zMT1!M99lt}TRVYxPbY&a|M@go#5{d_T7VkrjDW^j^IKMDm{~nV<~#4v`2o{-2P1n5
z;{$TXsC0g!^ac6XCosPy=-Cv#27`VXCXwo-vBGRJX<>>so5Wk<5_1BV`Bp;qH!3EY
oTcSZtSI$Umr1XIKTHzCl$1?^Wk^5gwf|EnW-byrIWst$Ozfjqa#Q*>R

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/NondetAssume2/NondetAssume2.java b/regression/cbmc-java/NondetAssume2/NondetAssume2.java
new file mode 100644
index 00000000000..1f8f74a3464
--- /dev/null
+++ b/regression/cbmc-java/NondetAssume2/NondetAssume2.java
@@ -0,0 +1,17 @@
+import org.cprover.CProver;
+
+class A { int x; }
+
+class B { A a; }
+
+class C { B b; }
+
+class NondetAssume2
+{
+  void main()
+  {
+    C c = CProver.nondetWithNull();
+    CProver.assume(c != null);
+    assert c != null;
+  }
+}
diff --git a/regression/cbmc-java/NondetAssume2/test.desc b/regression/cbmc-java/NondetAssume2/test.desc
new file mode 100644
index 00000000000..19abaa63e8a
--- /dev/null
+++ b/regression/cbmc-java/NondetAssume2/test.desc
@@ -0,0 +1,6 @@
+CORE
+NondetAssume2.class
+--function NondetAssume2.main
+^VERIFICATION SUCCESSFUL$
+--
+^warning: ignoring
diff --git a/regression/cbmc-java/NondetBoolean/NondetBoolean.class b/regression/cbmc-java/NondetBoolean/NondetBoolean.class
new file mode 100644
index 0000000000000000000000000000000000000000..0b4ed3f79156e27d3d0dfb59472e18e7af84d0cb
GIT binary patch
literal 659
zcmZWn%TC)s6g?9=u`z~(P(sS9yaip<8+IT>N!t|#BpwpoP3#d27!MjdsJ{X~z#5PM
zQK{_vO$c$v3ZV#D<9lc3+;i@^_P?k5zW^36>%m3c!$%Btp@d-vBOYwj9gKPy!zTyh
z4E@tQO@+>+O44sK<;_?`4D1&}X-OtBTV}B4=64zFhKdA3c}*r_y>;9adfR{*s%t9b
z@h;cW?AwQSb|6!OUROyZvQ?#G!IMRzIp#7Uf!_>0TNw|Je)5xcjk^@aZAouSwR9+c
z$XwtJ$CpEX%6)XhcQD~&5>r09;4#$AMG*63Klu7$>ATiSlhPXo2h%=gFvU=LE!k)u
ziZG*jD7_zqCt95f9W*xcNCe6MHu90sgvzhwjhM#BP>Vz=wTL<mkj1Q(Vw~ph(nn#H
zx@nd&ixznRaZ?shWE6{^Z^14pDWI3$rToxBnQ{Xq04nIC=%U&w-XXNP8@xkd@e0;C
z%0p-9{sVjO7R3icXXSLgxvE3|fQuUS@j`2(pB~fI2U;Zhh#DizKu2OB7XbRIr5iZs
ZaO?}%)-|m6y&8%l3jT_5RHID+gU`tAeVhOQ

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/NondetBoolean/NondetBoolean.java b/regression/cbmc-java/NondetBoolean/NondetBoolean.java
new file mode 100644
index 00000000000..4b05ae056ea
--- /dev/null
+++ b/regression/cbmc-java/NondetBoolean/NondetBoolean.java
@@ -0,0 +1,10 @@
+import org.cprover.CProver;
+
+class NondetBoolean
+{
+  static void main()
+  {
+    boolean x = CProver.nondetBoolean();
+    assert x == false;
+  }
+}
diff --git a/regression/cbmc-java/NondetBoolean/test.desc b/regression/cbmc-java/NondetBoolean/test.desc
new file mode 100644
index 00000000000..c0bfc954449
--- /dev/null
+++ b/regression/cbmc-java/NondetBoolean/test.desc
@@ -0,0 +1,6 @@
+CORE
+NondetBoolean.class
+--function NondetBoolean.main
+^VERIFICATION FAILED$
+--
+^warning: ignoring
diff --git a/regression/cbmc-java/NondetByte/NondetByte.class b/regression/cbmc-java/NondetByte/NondetByte.class
new file mode 100644
index 0000000000000000000000000000000000000000..d066e46704c7d41c3433b6373881655baf1d6047
GIT binary patch
literal 657
zcmZWnT~E|d5IwW)ZcC|jSzuW}1qBs-urItpjI!#}iY5pNyxnbY;9_aXZI|Frfj{80
zngEdm-~CO-IJeo42hvPu?wvDdW={L(->+K$YgqN*V$Q=n7RFG+eFqOb*qC$h(8D5@
z96TaSt%y9Ax=>k~zg4;DCNd__KB2auQdPVnSgX%>33fY+B_ZgjRBrW-yHbBPU_zsl
zMIzZ1TA6eI(k>2FPVhThSsKe?^J^j3nd4Zfl-bYNHVOB(3lV+!AWr&4?nadKdwSbh
zPe<~-G97{u$;%^gDtwH?cktN9GFE(y!6URxB1}Yj5WX2K^iJzc6TDHmgC{<o;u)bn
z!hh@@$*5o{GJOz6CptToI&6O`Jy)m04N56^?qF2gPFOxdGnTp1G9I?(&59l;Si5~J
zvHC855~{b%upC)zyaQMRjzadtzWU+{^qqqWCiq<|FD(Qd8z=)%$0U0fjbZT)qfKu1
z8kO}Qur3hHpJV(6_TCk$zYU#L(oK|I9sUDcG<l8zt&J&urWrTG#!dgCNhM}5-&)xK
gm~7N8;atG6zrnVC!n!-Fp{Szbzcw4q@}Yv(f2sU=-v9sr

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/NondetByte/NondetByte.java b/regression/cbmc-java/NondetByte/NondetByte.java
new file mode 100644
index 00000000000..36b7b209014
--- /dev/null
+++ b/regression/cbmc-java/NondetByte/NondetByte.java
@@ -0,0 +1,10 @@
+import org.cprover.CProver;
+
+class NondetByte
+{
+  static void main()
+  {
+    byte x = CProver.nondetByte();
+    assert x == 0;
+  }
+}
diff --git a/regression/cbmc-java/NondetByte/test.desc b/regression/cbmc-java/NondetByte/test.desc
new file mode 100644
index 00000000000..d05a462245a
--- /dev/null
+++ b/regression/cbmc-java/NondetByte/test.desc
@@ -0,0 +1,6 @@
+CORE
+NondetByte.class
+--function NondetByte.main
+^VERIFICATION FAILED$
+--
+^warning: ignoring
diff --git a/regression/cbmc-java/NondetCastToObject/NondetCastToObject.class b/regression/cbmc-java/NondetCastToObject/NondetCastToObject.class
new file mode 100644
index 0000000000000000000000000000000000000000..65e622d872cb175aa777839458d1c99b0fb1ee14
GIT binary patch
literal 779
zcmZuv&2G~`5dPM7;>2-Dnuat`poJDl8o-y{s8CUWQwT_{ipXtaui7n+U9IgtOkaRA
zAkhjWxPinoA;hc`l0!Inc6N8>`<eBxKVQB9*ug^wWvn^4ftxzqD#OOQjSU9{tl7Bj
z;0`uzY%#2C@gxx{m2s3jlL;S%B4A)chT^V_Wcq}`Y<CVBtX>=lhH76%VvvnTLLKO0
zhI&8td3eZ`)cfh7l^)B4q0t}2Q6SPDPtt?<)#ya{>0`nga~Tm!th-P68TUdS9eK0+
zrTvuq?_ToL94*&b+V#V!9%nz!lrLUL&Az%w@JJ)NaIs|Lu8VuP@1l*43kMa3)|~I@
zKj+VtiWO;D#ImvNqKgL%wRzt}C(SNaN1lJG;xnPV-s^m2xDw@--^lcMkcA-)q22kP
z$s!Ft8<PdAJ=6oP&Ix)U-7z!+kw_(inNAu@n$ZQl$PgR!re%6<R%>Zzl$rFAYmf%Y
zJX#s8h3yNl50n_FQY_|&CTf(slL9QGPCH;_)|^tcK_{D+F#6peu&wv7%uARbVV$Ge
z{fWv~6y9E-_+3MrIdmNs<u=6<!I$YDb8?#I1ZqlSVI2)zCF&+sS782zYh!hfHK?sM
iQ?Qe31D5OdXOzyT3O>PFw4!keFx)+D_!?~tT>lG)G@1VZ

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/NondetCastToObject/NondetCastToObject.java b/regression/cbmc-java/NondetCastToObject/NondetCastToObject.java
new file mode 100644
index 00000000000..133df3f9f4e
--- /dev/null
+++ b/regression/cbmc-java/NondetCastToObject/NondetCastToObject.java
@@ -0,0 +1,11 @@
+import org.cprover.CProver;
+
+class NondetCastToObject
+{
+  void main()
+  {
+    Object o = CProver.nondetWithNull();
+    CProver.assume(o != null);
+    assert o != null;
+  }
+}
diff --git a/regression/cbmc-java/NondetCastToObject/test.desc b/regression/cbmc-java/NondetCastToObject/test.desc
new file mode 100644
index 00000000000..5d3b98bb583
--- /dev/null
+++ b/regression/cbmc-java/NondetCastToObject/test.desc
@@ -0,0 +1,6 @@
+CORE
+NondetCastToObject.class
+--function NondetCastToObject.main
+^VERIFICATION SUCCESSFUL$
+--
+^warning: ignoring
diff --git a/regression/cbmc-java/NondetChar/NondetChar.class b/regression/cbmc-java/NondetChar/NondetChar.class
new file mode 100644
index 0000000000000000000000000000000000000000..4d05d0b75dd80a169aae2e690cb7c767f0671844
GIT binary patch
literal 657
zcmZWnT~E|d5IwW)ZcC|jS#((t1r+)4!M^YYA)2aBE0~}p@OHPofs3Ujw_U<tkw4(G
znuyUv-u+F4IJeo42h&Vv?wvDdW={L}?$;jxn^^bYV$Q=n9!{Wv1qY8j*qC$h*ux^0
z94r%NRzy)qU8+1QUaLa%Qkf9wh|t(pnJRY(*80W)!H)7o5`wPE<Zl10C-nydCbYVF
zEYbs^l{pVC?eatw1i!nRXNfGM6QQ@5<4mZG*)Q25!oB@c#Gl@Y^Ffij9jAky-hSTK
zv3#pchhR+d;#6D+ACvGMJn``qD?TRR5jrLjrXo8IUkw*}qjjzc-niVsGasv1BQ(eO
zz22#eOO_(n$6<V~^9!lN=zZn6IvZ_JNx^dm<Ju@?`3UVq7D~%x)S5Rd`<!6yj<Ce)
zyZlM0*)hX%WU=uMU=275*%SNv^J~yo4r-X<ccZ$r5O8du3_ugp>|L}*#UB}Ma<e~C
z+xiCU3c>tmO#X&_c#Zmvp|dKwsj92Pe}IcN&oQL6F~iS&#yw!;rnhKQg&EGbSv3Hr
fTa6!ZuHe{TU|Zi|{XeUrsH5h;G#kzGp@z;sAX0gW

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/NondetChar/NondetChar.java b/regression/cbmc-java/NondetChar/NondetChar.java
new file mode 100644
index 00000000000..f9570d8a5d2
--- /dev/null
+++ b/regression/cbmc-java/NondetChar/NondetChar.java
@@ -0,0 +1,10 @@
+import org.cprover.CProver;
+
+class NondetChar
+{
+  static void main()
+  {
+    char x = CProver.nondetChar();
+    assert x == '\0';
+  }
+}
diff --git a/regression/cbmc-java/NondetChar/test.desc b/regression/cbmc-java/NondetChar/test.desc
new file mode 100644
index 00000000000..96ecd2f6735
--- /dev/null
+++ b/regression/cbmc-java/NondetChar/test.desc
@@ -0,0 +1,6 @@
+CORE
+NondetChar.class
+--function NondetChar.main
+^VERIFICATION FAILED$
+--
+^warning: ignoring
diff --git a/regression/cbmc-java/NondetDirectFromMethod/A.class b/regression/cbmc-java/NondetDirectFromMethod/A.class
new file mode 100644
index 0000000000000000000000000000000000000000..6d3758b230af9b1e55332b653b5f147e7ef1bce6
GIT binary patch
literal 265
zcmXX=yKcfj5S+y?;+XJgX;K0OZqfxsLLj6_4iq5zvwaGOj8D28`L9%wQse{pD8wF6
z?C#9$?BjI)`v>rXUJMWI2%QLB0tt?HLO4;ivTp=$Fx(RSnJy)vovB(bkB3~EjmRrj
zdYLXnwG~D=eiwbaQ(ruqO<xJ|S|3dz7s}cDOI?@J&XtjcT^N1%kanlb@m_q31R)~6
zJ|%P<Pb*P>rmK9<Ry?D@Zvw>OBe)|TV5P|{<?4FD=oj?Epn(U@;Z^hyGfr*>JTh{N
IT36T81-_0i*#H0l

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/NondetDirectFromMethod/NondetDirectFromMethod.class b/regression/cbmc-java/NondetDirectFromMethod/NondetDirectFromMethod.class
new file mode 100644
index 0000000000000000000000000000000000000000..6dafdc80b07ffff6f12571880630e21e02bc602f
GIT binary patch
literal 808
zcmZuuO>fgc5Ph3C+0=Dunl>R2K1y342?z_RH!4Jw(o+%;MMd<su~+F9$FA0Pe@y=X
zS3aZ`fdt%;_)&;i6Osyg@XqXb-rM(Pe*XIW6~HF$+py8FaShiwZp@*Cn>HP*9Jg!~
z(coCKv5pOn+YHMaB95g_R20VBDi*^)`V4HJp}3_&l{{w1H(PrQRyXn`!(vZ`a*&RP
zQol6K43%EwiC|A?W$u%rl^m#;q23!rp)ZqdrKOkb=xE%R$wA~lVknQZ?1fBH9jb8D
zVJI|Py$=1d#zKV*3%iN%-t@)MgtN5e1rtg3Zj@?I?kFRmaq$}u4#lx>uz*V(cO2YB
zlYDg?%)@c8f-0#q9d01Pk=yw@gr{0ZnxS?vCr8Uc8}~^54Et<&Nakpiksi6;k&cd~
zcDv8B$gmV<6L_V_cbW{+AYfP_qyOT`_u{P94QMSS!<R9Q&Y#Mokt8Yopq=bvm9}cr
z%2~N?Tv2AxM}|RMl(`fc#X|cG>^&tpl<6#H#S)e%cm6b>f@QkF%!Mij{E(sn^H0cq
zNB$k9=i$ydIG@66)3^K7ZQ!*Juuf2EpQ7*s^IuSWeFpx`h{<PSZ0ZAXRf%IJs5W7|
sob|CP8LdyLH#1@aRZ6FrI{~-e!peVy^}j`fFCgbUF<!3FC5NlO0pE6;+W-In

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/NondetDirectFromMethod/NondetDirectFromMethod.java b/regression/cbmc-java/NondetDirectFromMethod/NondetDirectFromMethod.java
new file mode 100644
index 00000000000..dbd7960c880
--- /dev/null
+++ b/regression/cbmc-java/NondetDirectFromMethod/NondetDirectFromMethod.java
@@ -0,0 +1,19 @@
+import org.cprover.CProver;
+
+class A
+{
+  int a;
+}
+
+class NondetDirectFromMethod
+{
+  A methodReturningA()
+  {
+    return CProver.nondetWithoutNull();
+  }
+
+  void main()
+  {
+    assert methodReturningA() != null;
+  }
+}
diff --git a/regression/cbmc-java/NondetDirectFromMethod/test.desc b/regression/cbmc-java/NondetDirectFromMethod/test.desc
new file mode 100644
index 00000000000..10989391e46
--- /dev/null
+++ b/regression/cbmc-java/NondetDirectFromMethod/test.desc
@@ -0,0 +1,6 @@
+CORE
+NondetDirectFromMethod.class
+--function NondetDirectFromMethod.main
+^VERIFICATION SUCCESSFUL$
+--
+^warning: ignoring
diff --git a/regression/cbmc-java/NondetDouble/NondetDouble.class b/regression/cbmc-java/NondetDouble/NondetDouble.class
new file mode 100644
index 0000000000000000000000000000000000000000..5d298bcfa63d6029cc6fea76141e021e3939c1ae
GIT binary patch
literal 667
zcmZWmOK;Oa5dOw?V%If!m6n8Ofl>+weCdq}ffC>n3Q|!Ky>0AO+2VSuwNvp=5d8z3
z0jaG(f;+znA!e;Kjl^MgX6NyJ^Z5Pu`%eJtSPK!L7veIm%%P5}KCXrE(DQLU#0@O_
zxJg)85k(<QsdQcpR3S#0ObN6@sBfrTm5&JS+P!Up*Vm~eG>0meo8$eFG_P$kp)=Hp
z$hL)1_CIlY<vUdn8pBPUr?MRAF~=S<%DzxJ<9}co5H4($B6<Hp98AiBjU=0}hFf}U
z68TJ7j`l3fgFSI5BFrQ5aVx@YtVEbYNa)%?oQZrlesVU{Q)9FtM6&=s?nGF{T|(=;
z;^k;hCM7RKo834$F#1rMxc{osT%XU(QLTi#Z=P58GhQQMDV2pXGM&=%eC3z}yu%$V
z^A!R<4Yj(qVYXZro&&rIwqn-Ax_18r^o0!v4SwsD(?yeQo5~4jq0Kr#XIlJ*PwTL+
zcM9kESGY%LuQon@!u$_-Z%<JBWdYp^uu<{)ToAx^at7>S5evA;d5bJe`v+Z@bC#wg
j>lHoF?$nRrAHnxN!*jpE{l8laQG*jbwliJgkAv<%3fFzr

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/NondetDouble/NondetDouble.java b/regression/cbmc-java/NondetDouble/NondetDouble.java
new file mode 100644
index 00000000000..451fcf4db7e
--- /dev/null
+++ b/regression/cbmc-java/NondetDouble/NondetDouble.java
@@ -0,0 +1,10 @@
+import org.cprover.CProver;
+
+class NondetDouble
+{
+  static void main()
+  {
+    double x = CProver.nondetDouble();
+    assert x == 0;
+  }
+}
diff --git a/regression/cbmc-java/NondetDouble/test.desc b/regression/cbmc-java/NondetDouble/test.desc
new file mode 100644
index 00000000000..631edbe5024
--- /dev/null
+++ b/regression/cbmc-java/NondetDouble/test.desc
@@ -0,0 +1,6 @@
+CORE
+NondetDouble.class
+--function NondetDouble.main
+^VERIFICATION FAILED$
+--
+^warning: ignoring
diff --git a/regression/cbmc-java/NondetFloat/NondetFloat.class b/regression/cbmc-java/NondetFloat/NondetFloat.class
new file mode 100644
index 0000000000000000000000000000000000000000..9b26f72c773ab21696c86a2784ef8a1711bd2201
GIT binary patch
literal 663
zcmZWnO;6iE5PfSqv2k4TL4gF?LMd%2hx)>;sG>^ADbPw(Ah>Pp6<un)Xzd{WNDt)?
za0aA;s08=^rmE_!6%wQ##xuJ!@4cB>|NeV(3t$CHK0LI1%wTp5Wjt~5)Q5wXi)TLO
zFz@0y!^9%bGNE&+((I$mcrOt#1KVRLugX;B?-}f+H`@$OTg8H*+Lfu;>>u`o{$h$5
z8eJ9fWSeVg&Vx%Q|0*+vN8L@8#v<<|is$c$<dDmh=ugNxl-|mD^lgJ54N%@{lng}u
zE!EeN=tv_`d%*JcfFJV!6$CC80=&RtfHC+CO_K-{p6-Vq?nheJT4{#L1H6lu0bb!X
zv5o+rdIuuPX&XxKhtZK%$3lng&xI#=IvS!_2en=uf!hhKkYOqonbaa4iqmj;pAxjc
zJ<QV!c=Rl+)->%>WRuYppfykwl4s;g%U59M6j&IiZ@IX%QKi_FQUPkHllRaVf_JFe
z<XYFT+83}-QD3Nh|AERcIJ;LU-5El=ARI4rUHT6^m`?7A9ZX^ZkEw2wjAZ|yX;ID8
lP-LZ$0P2nMPq?RWoijN0CG7vZH54US!J3(AnhqA4{{VHMd@uk2

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/NondetFloat/NondetFloat.java b/regression/cbmc-java/NondetFloat/NondetFloat.java
new file mode 100644
index 00000000000..e461162d0d5
--- /dev/null
+++ b/regression/cbmc-java/NondetFloat/NondetFloat.java
@@ -0,0 +1,10 @@
+import org.cprover.CProver;
+
+class NondetFloat
+{
+  static void main()
+  {
+    float x = CProver.nondetFloat();
+    assert x == 0;
+  }
+}
diff --git a/regression/cbmc-java/NondetFloat/test.desc b/regression/cbmc-java/NondetFloat/test.desc
new file mode 100644
index 00000000000..27bc33761b6
--- /dev/null
+++ b/regression/cbmc-java/NondetFloat/test.desc
@@ -0,0 +1,6 @@
+CORE
+NondetFloat.class
+--function NondetFloat.main
+^VERIFICATION FAILED$
+--
+^warning: ignoring
diff --git a/regression/cbmc-java/NondetGenericArray/A.class b/regression/cbmc-java/NondetGenericArray/A.class
new file mode 100644
index 0000000000000000000000000000000000000000..1323ce430e51f6749719dce2b36153766f3c292a
GIT binary patch
literal 287
zcmXX=%}&BV5dLOcsH{aQka+c|9OU8+L(-T)Od32$xOm!@jV`I%WL-#jEDwgn5FfyY
zGER}h%zS?{nV;XUZveOGON2;T2yh;u8=*%CjrH#Y@%%t&-WhBBm=IiDFW9=TmYUGX
zjMcOCTdv()<s~cKtSVHwP|no+D2D#k@Sz|}M+Es)tzDrfrjB3CD!bHvs;zdWNS#yL
zo0ZzA7!gilG|(haN=RyPSStH6e9Tw6@VMkpL;jq&ICez5#Y&6W2;$(i2RqOpk$d?G
c@xg|G<Su#QaH4@zM)7}`XPX(}jJrVR54@W)Gynhq

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/NondetGenericArray/B.class b/regression/cbmc-java/NondetGenericArray/B.class
new file mode 100644
index 0000000000000000000000000000000000000000..730946d3d804be1b8fc4a9b8e133a5173ff23b57
GIT binary patch
literal 263
zcmXX=F^<A85S)dOKn^ZILrV!)TpBtM5+FenK>?z7f(4Fpj${H7&!R%Q;vT@GPOO2#
z>zUcv*}eb&{s9=E?W2sqL(@ZxK!Q+?CPRWdQd$*broH}_;LP%!Bm|Mta(ViRrP+u$
zW2GJCiO9CXD9hiXQykRMCQUiXU*{*2$hori&NA0KSuCWMMkNzt#N|5`XHka>kM~ar
zP0Pbf=zX|~Q<)U#qQpl6#Lq$Hjd*~SDzlJ(+pB!tKvxDO)VR7&u?nAY{bj%hBOBCs
Gx;`J~t}e*{

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/NondetGenericArray/C.class b/regression/cbmc-java/NondetGenericArray/C.class
new file mode 100644
index 0000000000000000000000000000000000000000..27903564a63e3a08c332282492d21f5c9f1fa959
GIT binary patch
literal 263
zcmXX=yN<#z5S)dOK!D@X&{6^gY3M*mcaflppa9W3!2+Y;NG2fhSyU%o!3XeBC)PmW
z^~~(->^}bg?f^z;`zWH}q3NMTpqNmMe#QiMqO{7VOndze!3ndiBs3zW<>GvdrCEzO
zWu+ZuiAXoXD9b;hlke5ZCWV~jud=gA<V;z6XOZcx%;!=|qmpl9#C3QO7g2)?kN1a!
zrsY8@^e$M&2btvPqQFN2#Lq$LgLr_IGP8hx+ba!zK{o~kRJgh?u@0Yc?QKAnkqxT9
GTwhP>Coa+e

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/NondetGenericArray/NondetGenericArray.class b/regression/cbmc-java/NondetGenericArray/NondetGenericArray.class
new file mode 100644
index 0000000000000000000000000000000000000000..76c6f43ab08f3eaa6fce6ec960d629d4d1acbb07
GIT binary patch
literal 953
zcmZWn+fGwK6kXGnPJ4QQLb;RzqKI0mQZIM~wWVG{tZ0J4h)>hg2@D?2A=6V56a5i>
zz-N^R(L{aH#E<YxjB(Gg7D69p_GR|kv)7vW`RCIY0JFGbp&Jtxj^hN!q_HQHh+-;<
zQ#hT(8RU~lVVa|0A&Ci&vlh<bJjV<}W=b>~QU}WS8h2Gg)LdC-V5<!AdF83#HbXQ&
zy}}Ty_;tz9TUDN1YHrq~erk#t`m4Sp+!djfiCf87u&x>m1JxzptIObl^rTi!S!?lX
zj(Tkh<<Tt;HLq4E(Y+i9=j9`@6~c)GLt@@>TLW0jep5U0zB1PhcXpiF5Zl5=8hso^
z8y9eqdRJ^*!eyJ}xx#VP#x-2$xMAZa=4|w!mmzClMOS!h#qxg*?rH67;?#Kw$GnYO
zAU)CtxW}~(=>(*ruh)vsmiD)$E>@m|mZ8TB$v;!U`cl(%Nsjz<^(dIw$LR^0o5U@a
zUo}#*n$cx}PS^r1VWP5$%2cAffP{^_SfsZ&=v8s42g6WZHk6k2HXqV8Xwm__;VS)$
z6nzwcrL#r>@}jgzHV|X-iewqtuEHMJJ8~k(&>jzy{TLwM{#SrO3{jN8a2x!Kstx$f
zJ|f=`eOUMo9(#*ebRV(8F1n6{yNGvYcEJxN-y^YuL4&2@A4q*h^7$UDuVFsh$`j<!
zkr_G~4n0Z3frjKXVg^}EVuZdz4vQFtz!+X*yiJH>n<_@AK1XX1)^GH3jFwn;iKR;{
pQ)0OswHs@5oeh}+ef_DAuy<NSKOoU5n(5euh+Q($j#Ci9vA^_9x0L_@

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/NondetGenericArray/NondetGenericArray.java b/regression/cbmc-java/NondetGenericArray/NondetGenericArray.java
new file mode 100644
index 00000000000..1c7d62a5b73
--- /dev/null
+++ b/regression/cbmc-java/NondetGenericArray/NondetGenericArray.java
@@ -0,0 +1,30 @@
+import org.cprover.CProver;
+
+class A
+{
+  int[] ints = new int[10];
+}
+
+class B
+{
+  A a;
+}
+
+class C
+{
+  B b;
+}
+
+class NondetGenericArray
+{
+  static void main()
+  {
+    C c = CProver.nondetWithNull();
+    CProver.assume(c != null);
+    CProver.assume(c.b != null);
+    CProver.assume(c.b.a != null);
+    CProver.assume(c.b.a.ints != null);
+    assert c.b.a != null;
+    assert c.b.a.ints != null;
+  }
+}
diff --git a/regression/cbmc-java/NondetGenericArray/test.desc b/regression/cbmc-java/NondetGenericArray/test.desc
new file mode 100644
index 00000000000..e9ace0bad35
--- /dev/null
+++ b/regression/cbmc-java/NondetGenericArray/test.desc
@@ -0,0 +1,6 @@
+CORE
+NondetGenericArray.class
+--function NondetGenericArray.main
+^VERIFICATION SUCCESSFUL$
+--
+^warning: ignoring
diff --git a/regression/cbmc-java/NondetGenericRecursive/A.class b/regression/cbmc-java/NondetGenericRecursive/A.class
new file mode 100644
index 0000000000000000000000000000000000000000..005c8063d513f9db1756a4f3aae6fcb800c2ebe1
GIT binary patch
literal 249
zcmXYrPfNo<5XIj#X=2l8idQcltp{`QRuPI&FQI}hy>GTdyCvPg=Fj)?BzW)x_@Sh;
z)q$CL@5dXMpWm-<0FRg?2yhwWDn>?#o{Tl^Ga<N}ZV2H^y=6jH7|YA<Sh8EIvJ!G#
z)LK;=<&5|LFl_gxk<(&6BP6T3bD9^%$8VOk-E#ZNmYvb>tUK43o*xdXS1Cda2{b26
zyw59Tclld+VBO*t19{IENlQ?6Br2Ef$?*OY^dVw^SY~vF0WL(Re*uh;h$D>8sq_Sy
CYA+}N

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/NondetGenericRecursive/B.class b/regression/cbmc-java/NondetGenericRecursive/B.class
new file mode 100644
index 0000000000000000000000000000000000000000..8a18024f50bec9a3a4833f0bba7ce327a7d3c43f
GIT binary patch
literal 267
zcmXX=F;2rk5S)!28%)5#Ee$15;3i!V5{U$jWh6l9&zBXPWzN#Y&cCRTD0n~~g|Zi1
z?C#9$>}Yp?KfeHG$PxrdV@zY56G#z);$cpR?u<3vz0j-c6(L-<YbK<Hv0V0_6}vZ8
zHKJrit5vg7&UikEVfSG+K4~FI$!ps?&5y?0FUr=gxqD*E&gd7`z1x^A-_~lYCWsKr
z4-3N7^Sn{^J%6rh)*UV}l1BlO3Nap#9EfrxESKqb<C|~Lmw*wDrAG%bMk09fZ@`Hl
KA9Q+fo$UcrY%qlY

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/NondetGenericRecursive/C.class b/regression/cbmc-java/NondetGenericRecursive/C.class
new file mode 100644
index 0000000000000000000000000000000000000000..acc2b11ef63a578005ecec7f284050e17a9b088c
GIT binary patch
literal 267
zcmXX=yKcfj5S#^L2gl*nrlEusaYL6V1(u+(h(sd#^Ra?M<}4jH|CK6IihMvmD#{+A
z*xi}g+0p*|etiR&VHBf{euP1UA%O})JD)!h!e?Vm{UUTS-4KGT+A^V^8_TQaSg?Cn
zMJdWCue2&R${EkEVo>kR$tPu!6u(uC)4VX=e!r^hmg^;3c1EvRH|}K4{CH4jl^{eU
zKV*b~=V__zE`2QytZR(Xl1BlO3edSCIS}PWSSr)+IuD<q4*@N7rH2<WK`c1=H{e!~
J54yX!dVf~&FpdBK

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/NondetGenericRecursive/NondetGenericRecursive.class b/regression/cbmc-java/NondetGenericRecursive/NondetGenericRecursive.class
new file mode 100644
index 0000000000000000000000000000000000000000..c0040fb2f5ffbcf6661f9a7c59b517b8a24ecc33
GIT binary patch
literal 731
zcmZuu%Wl&^6g?9=nZ$LQN86AzJPH(=1PO1tqe39_SYQI8sEF()_NblKwX3n6kLeGv
z1|*6=qFu4zn-JpKlvIK)?E60F+_^t~efb7p19vRc(6ewES2(WLz;TUZ)j}CPj_Vd~
z;3mf!!{VAq5~))aN690Vh)E~|1~z7>Y^q45_Zf`-V4J~o<3KXhJr&7Ob}*6pb>7U-
z@?u|v+d`{6K1-VEu1Xj>-YAX&nLd?~)XIM){Y)onD(?~Aflv`K`9$Ekl$hU2g}?t?
z92O8HnxVSshi4+JtvJ)Ze4=v7-o>bQ_rz4#urbeZ%f@Z26TWN1!W>D-i%uw_9p~ZS
zjUQ_rYlim4a2$Ob0}L4&=d&*+d(uzo-D17t_=h^4O6|BW3(K$&73;oH>Fy{CLx!dP
z!25TYcCDZ1+>j1H8UmRpErXdhdW|%r0=@nit8~8_-IX;u`8MPk^wFXqPVyYGjBI&$
z4ECO!66*A?6v-wU<lBE5&_s)(Di&wMW9rU_S3aY33gg)am`A7&zhmwz%5RTRImr=?
z0&$@rUM4whba82h%n5G^%hcB{(AiIPIn}G^%y>2m7NFVUpHMvlH{ZcDKEnK8a1K&N
N$$pTp)uo_>mETmHlY#&M

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/NondetGenericRecursive/NondetGenericRecursive.java b/regression/cbmc-java/NondetGenericRecursive/NondetGenericRecursive.java
new file mode 100644
index 00000000000..33d2b8d68bc
--- /dev/null
+++ b/regression/cbmc-java/NondetGenericRecursive/NondetGenericRecursive.java
@@ -0,0 +1,24 @@
+import org.cprover.CProver;
+
+class A
+{
+}
+
+class B
+{
+  A a;
+}
+
+class C
+{
+  B b;
+}
+
+class NondetGenericRecursive
+{
+  static void main()
+  {
+    C c = CProver.nondetWithNull();
+    assert c == null;
+  }
+}
diff --git a/regression/cbmc-java/NondetGenericRecursive/test.desc b/regression/cbmc-java/NondetGenericRecursive/test.desc
new file mode 100644
index 00000000000..34af1b2e6c1
--- /dev/null
+++ b/regression/cbmc-java/NondetGenericRecursive/test.desc
@@ -0,0 +1,6 @@
+CORE
+NondetGenericRecursive.class
+--function NondetGenericRecursive.main
+^VERIFICATION FAILED$
+--
+^warning: ignoring
diff --git a/regression/cbmc-java/NondetGenericRecursive2/A.class b/regression/cbmc-java/NondetGenericRecursive2/A.class
new file mode 100644
index 0000000000000000000000000000000000000000..5628564f73de76f1351bb4a729940bdd352fce99
GIT binary patch
literal 250
zcmXYrPfNo<5XIj#|7?u5c=pg^?ZJR}Qwl}UOQ@iw_sw>&8{!7Gn|?1(LJxibKa@CI
z9hjN-e!PMC{yBUBxWza}gtH9i8AgQk-dN-3glKxTCd3cjh6$s}SYGz;HM^CnTOk)!
zr&YUF&IJDtW4|>!Ijt6Vg#5MZo#saq;+M<LZrDGuWoPsY>)!3mo^P%jwO0jVBm`Oz
z#=)1ZvTx;c-LUqUU?Bg6B54WAPDPcn14(9|pbrrPWHQqujBp~l_zPf&TpZ!_m@0k&
D)om|Z

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/NondetGenericRecursive2/B.class b/regression/cbmc-java/NondetGenericRecursive2/B.class
new file mode 100644
index 0000000000000000000000000000000000000000..606067dcdb8b8be87b1a342f717de25a96a891fc
GIT binary patch
literal 268
zcmXX=!A`<J5Pbus)e3@~J$MujHZk5HCSszO1`{>hx61^V)NQhC`(K<)Jn#X2lyMe&
zn3?z9ym^_Q-|qu}JB(9wF-$N@a6uqN=;jYILOeIt_<Nz(lNBL)tkz5z=Em}}{w&zN
ztD+QToL5?vE9Fe!tr+<avkOTJNlM?U+G&0=!G5`{?3(>ETXsgjvaa3EG<<urRgLN+
zMj}rv2&2HWQrS)RQfyg!T%jYM0wfio*CII(<wRH}GwgcPFVJ2<2dC2GqnIES-2XS=
LOi&0K99`#sl0PuG

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/NondetGenericRecursive2/C.class b/regression/cbmc-java/NondetGenericRecursive2/C.class
new file mode 100644
index 0000000000000000000000000000000000000000..fe32a4afb54ceed649eb3ae90c6c2a20c09f8eb6
GIT binary patch
literal 268
zcmXX=!A`<J5Pbusl~M&cd*G-ZY(ltcJkSI$4J2r|Z<mQKDcfXe`7ci<9{d15iZBZt
zX6C&&Z(ipA@cRc~f?<p{`Vj^ZZV6Nn+WGXE5WW~|>Q|xn4=X~DRcj{nb7OhlYzuZD
zswhPn=9O0EN;%{CMGWdMv-3%rB*pJl<228Vx8KbxyXN|hEjy!^tQ)s8dmcY+)LtbB
z5y=x7Vc>aMD*Kr(iVf=;BedjGfTRL+E=UeUxe}Jj^t;aE59nJ!3tj2qNlXw6PR<7O
L1o@!rlk4UPmB%o_

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/NondetGenericRecursive2/NondetGenericRecursive2.class b/regression/cbmc-java/NondetGenericRecursive2/NondetGenericRecursive2.class
new file mode 100644
index 0000000000000000000000000000000000000000..ed328ac8e04844934c5d2ce66417ec021e5b92e6
GIT binary patch
literal 879
zcmZ`%OHUI~6#h<IdfQ>3<y|TwB5GTeD&i{=Q>fy?f<_F+?xxclxH!y^J5zoPOE<1n
zB198)rHQ}E7|*Sx7z~Ru=W);DJKvd~zdwBeFpql{Y)o1>hbe*cMo*^^$AvUza4`)F
zmjo_bNMTZ-V4;YTz!k#Kj1z`ZM=J2chbnX$o@^4RPDm~&UqufH@j`K(kf;VtNyyZc
zFIQXJ4XIz4WWr!Aa2;>m(aQLpU?SR7Az{3>8u(2aJ(j-I%6%@~mJZdfoV(8rw;kp4
zD3>SHsvPKBiyZg$inG)1!AlTQ3$E8eVXXx%?aF0kW=@>ac6Q6zb!=pi6}W2S8fJMw
z)kYcDZQQ_|z)hREx@Dse{e+xJFME!^QC>V^;gQyXCXAgjLEyHHJGe{89v44tY)Lm_
zG6TI)c6W5JD|Na0tgQ+Cew%}rD%xCac^+Z7P^_IS=KYg=iPko6mnhT?<J2(BEb$91
zu{g$CWG{1ETlKhxFxr%%(z4lIf|-n3{J^KHV~US&^FKn_oLQT#I16(G!T?)k*2KD}
zbO3tCMht`eO}2vr7-HN0n}A`Au$RJUxA+Zbo8py2#J(Z^r1Tvk@fL~rArhs1^qg?_
zk^Cp}9%2t8CXM4i(EAywR|iOcH6Y?`5P60H9x8a`5XLZ#9N%voHRQX%1eW<F$9dx{
z0}#KE5y)4luR_@h<r(jpF5dYzT233ZKB9N81NH;N|BIV$J&4&AL(c>|F`WGaf+4FY

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/NondetGenericRecursive2/NondetGenericRecursive2.java b/regression/cbmc-java/NondetGenericRecursive2/NondetGenericRecursive2.java
new file mode 100644
index 00000000000..de5ef46c4cb
--- /dev/null
+++ b/regression/cbmc-java/NondetGenericRecursive2/NondetGenericRecursive2.java
@@ -0,0 +1,27 @@
+import org.cprover.CProver;
+
+class A
+{
+}
+
+class B
+{
+  A a;
+}
+
+class C
+{
+  B b;
+}
+
+class NondetGenericRecursive2
+{
+  static void main()
+  {
+    C c = CProver.nondetWithNull();
+    CProver.assume(c != null);
+    CProver.assume(c.b != null);
+    CProver.assume(c.b.a != null);
+    assert c.b.a != null;
+  }
+}
diff --git a/regression/cbmc-java/NondetGenericRecursive2/test.desc b/regression/cbmc-java/NondetGenericRecursive2/test.desc
new file mode 100644
index 00000000000..52558889313
--- /dev/null
+++ b/regression/cbmc-java/NondetGenericRecursive2/test.desc
@@ -0,0 +1,6 @@
+CORE
+NondetGenericRecursive2.class
+--function NondetGenericRecursive2.main
+^VERIFICATION SUCCESSFUL$
+--
+^warning: ignoring
diff --git a/regression/cbmc-java/NondetGenericWithNull/B.class b/regression/cbmc-java/NondetGenericWithNull/B.class
new file mode 100644
index 0000000000000000000000000000000000000000..80c9824e5191d58d4cea7551e4470546b0b1f6be
GIT binary patch
literal 264
zcmXX=yKcfj5S+!v4(4SjQ>6roxJd`104Y%<%M^)7eKsdJbU91roc~INM8OB-qY!(9
zVs~d|XCHr;(;2`Eh7mmUL&PBl1QHzYgkYwOvU7qr8m|fdvfM~QKUGF%^>;3-Pmya@
zhG|&{y%v>n{4V--rw%-tE~bR&qpYh!zA9&b%u2J7_DvdDsp3o7T~=%Tyca*Bg8(5P
zUl3x)6D`a(S>=0KSUjP@UjoG8qj^U>z{&%&gsbZ{Cr8jPg9cihgPZ6fV%+&Rpv}lF
I>fT(vD{ZJRegFUf

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/NondetGenericWithNull/NondetGenericWithNull.class b/regression/cbmc-java/NondetGenericWithNull/NondetGenericWithNull.class
new file mode 100644
index 0000000000000000000000000000000000000000..0b52a47bd0a58b584da059f5eddecf2f327ffbd8
GIT binary patch
literal 772
zcmZuuOK;Oa5dJoHvWe@qshhS*DNvw55+J_xMuni^A%qD?MMd<su~+RD*RIx1e@y-W
zXC9&mB;ba`Z$gN%$wPu3c6WAW=X>n@{QdbWfK9j-EUZ~Lj|&_ZD=1@~<C29U)+#V?
znd6Fu4P528#;~{{l0@oM#Zhu!C88h7fPw8Xl(tl)(mM=Bv$e}$cH=-Y%zG-5y}?mm
z>KEB#2FHti5$+1Dvim4$rUxovSn+ys6v*_EjHFinOO+n<24Q%c;Esffh^SBa-Zmv>
zcT(ZMekzW01QO0r-txnd25ToCXkR{58RP1ipq)c;B5cfJj^nzGCRzl)ZDR&DLp>|H
zp@{a~dt<*3w2rlnHf}I1oe9Zt)5a}y7^>6$XZ=Izr}T5N-go_D9iK?;cAw`b!(5ab
z9y?{IHCx`l&19DeT94^Jr?qZKqhMGLWTLbTCOYY3(g77{4trRqaauHHR;_2wC^Be~
zX%H4gE}e|dV*3>AEd>QsX)pavVu50N6gya?TN$-Ub4stXX7>{c-(fs?2Xlz|_7BW_
zLGjfoO5gH~)BXTHoF+3GBd2j-Qd|KijSbS*A+j+gr;#jSnd&R~o5C+NIO;W0(3mLL
j%=v)@r~DC>A-MSlrtu!;|5h@TA`151%<w8*3OM%%)5e)z

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/NondetGenericWithNull/NondetGenericWithNull.java b/regression/cbmc-java/NondetGenericWithNull/NondetGenericWithNull.java
new file mode 100644
index 00000000000..9c89b92b31f
--- /dev/null
+++ b/regression/cbmc-java/NondetGenericWithNull/NondetGenericWithNull.java
@@ -0,0 +1,13 @@
+import org.cprover.CProver;
+
+class B { int a; }
+
+class NondetGenericWithNull
+{
+  static void main()
+  {
+    B b = CProver.nondetWithNull();
+    assert b != null;
+    assert b.a != 0;
+  }
+}
diff --git a/regression/cbmc-java/NondetGenericWithNull/test.desc b/regression/cbmc-java/NondetGenericWithNull/test.desc
new file mode 100644
index 00000000000..c2feb23068d
--- /dev/null
+++ b/regression/cbmc-java/NondetGenericWithNull/test.desc
@@ -0,0 +1,6 @@
+CORE
+NondetGenericWithNull.class
+--function NondetGenericWithNull.main
+^VERIFICATION FAILED$
+--
+^warning: ignoring
diff --git a/regression/cbmc-java/NondetGenericWithoutNull/B.class b/regression/cbmc-java/NondetGenericWithoutNull/B.class
new file mode 100644
index 0000000000000000000000000000000000000000..c7e4fbbf83235d2c52d7557a6937d3a816d03479
GIT binary patch
literal 267
zcmXX=yH3ME5S)!28%*9k5+zW?4INR6L;@jMP60CY**=krjyuVm^IxeVrQiedQ7C&M
z#qQ3`&OVNRhhG3sm?Q`=j4_HaCXnEGBSbT0l$#TR`-g%ME^RFd!%P{Ox8J2~K18Wm
znPj#Sx)6=>{33>Kt$uhkTRanzciT3Vd{N$hn_E*$_bQESRQ0Lc+O{rlwVrOoR`d`d
z=KBl6$n#VS^Odg3jjSB*(BVe`;t0{bARb`lido9l_qvaJ(2hX|*PNrX7$9NX`#0c*
Kkzdq5y9OtR#xU6c

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/NondetGenericWithoutNull/NondetGenericWithoutNull.class b/regression/cbmc-java/NondetGenericWithoutNull/NondetGenericWithoutNull.class
new file mode 100644
index 0000000000000000000000000000000000000000..c369eae01fc067d724c1b3f4ba974f4e798d47ec
GIT binary patch
literal 740
zcmZ`%%Wl&^6g?9=nZ$LQM@vak3T-Kn1PO1tqe9T|SP(*`q9U@J*rRreYgc2tAJZRT
z4M-G$1niLbCWN?S(iDNZu;)I{xo7VD`1R=vfDPPsP{EReD_G{ZS^>v3jui(*EOD$l
zSi^OWb%yzMkt9;5DvpweDiPyQ1`KS(P})?HO7AgPo$fA!-H!vwP#vg94zt6t)Gtgi
zLt_y8BHR^P8GjPA(|wgNv<JgD3S|03Mp7&PrAqhXEFETHc$W|lg^Gx4OcaAH3e4`L
z!hiit9OWQ1HbZ&S4<}<dJ8`Cc`B)j!<%@9d9EfA#!o@7d4Hq|Yix{?CIGAB*nxq$s
zXwQ3aruvcAv8L2TfE*ncUGx}g=iSf82hvaJ_F}!~`A0fFmfGuY=O;rw%0>UBmSLgO
z9sJu*lB?&jen^{OSPW#Mv<#*L(xs#sC1?#Jtk5DWv|v_i8cAeX^pRRH%#r2M$>=Qh
zPQl)iQ9zacr9VN`$aW`o9S!ozn4dO}sM<8QKcesr*3);ePf+cB$INFGU!9`#)gW3q
z;#^K_-j#zE4RVIe32y<HsBSSwXFt*6xJ*3FDbGgE0@NG)1Ij1h_8ZvNd)WUEY(R=A
Nxc7~$7C8m9e*>CZmnr}N

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/NondetGenericWithoutNull/NondetGenericWithoutNull.java b/regression/cbmc-java/NondetGenericWithoutNull/NondetGenericWithoutNull.java
new file mode 100644
index 00000000000..6a3ef4ad6f3
--- /dev/null
+++ b/regression/cbmc-java/NondetGenericWithoutNull/NondetGenericWithoutNull.java
@@ -0,0 +1,12 @@
+import org.cprover.CProver;
+
+class B { int a; }
+
+class NondetGenericWithoutNull
+{
+  static void main()
+  {
+    B b = CProver.nondetWithoutNull();
+    assert b != null;
+  }
+}
diff --git a/regression/cbmc-java/NondetGenericWithoutNull/test.desc b/regression/cbmc-java/NondetGenericWithoutNull/test.desc
new file mode 100644
index 00000000000..e9ada8b935c
--- /dev/null
+++ b/regression/cbmc-java/NondetGenericWithoutNull/test.desc
@@ -0,0 +1,6 @@
+CORE
+NondetGenericWithoutNull.class
+--function NondetGenericWithoutNull.main
+^VERIFICATION SUCCESSFUL$
+--
+^warning: ignoring
diff --git a/regression/cbmc-java/NondetInt/NondetInt.class b/regression/cbmc-java/NondetInt/NondetInt.class
new file mode 100644
index 0000000000000000000000000000000000000000..0af2adcb60811e4da89d1fc4900955c147598059
GIT binary patch
literal 653
zcmZWmO;6iE5PcInvE!H|gf;{U<+CmAp}uefRjtxiLJA)e1qp5&dj$)|Mr#N0SKtry
z+*T@8E4BCjrmE_!m4riOjc0b}&6_u~zyE&!31A&-9$d_Ln8l+iDwuOH@4?25gU22g
zu;^fkFtsYOOzK>vN%mG{q94nMK*xm2rb<-)ieRlhKP1@QG?IiyPbG3^aM73gg8>s-
zy)+c@q0q{lhnIGKsxm^Yx05E3%(s$!gDEbAN|^kbZHq9mpNsH(TU-un+|4i^w)FPX
zfez(+Wg67S952trmGDu6?_k--3RZno;So9}5yT=n3Eqsxd8c)%3Dt46gC{<o;u)cN
z58v&d$uQ?Vr1~TXFLin)b<o`_JQpV;`NbMobmP9X8}sT2?MP-y%V^w~$I1ts;JqDV
zkvH%1b5OHmq;h1j@dV%na1^j7_T?9Mpidl>Q0IT8xU|sV*gzS8CMMatXpM^x7;SRX
z-%#544C@w+*&Eb;z&^S|`In)y3c7mH)#2B7(PkYZS{qaRJz(5JHg5U{Z7MJ$ed|R7
hV6s*D3g;G%{SmhH1=jys4MiCx|FxNDnhzy({sAPYctrpJ

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/NondetInt/NondetInt.java b/regression/cbmc-java/NondetInt/NondetInt.java
new file mode 100644
index 00000000000..f2ae6890fb0
--- /dev/null
+++ b/regression/cbmc-java/NondetInt/NondetInt.java
@@ -0,0 +1,10 @@
+import org.cprover.CProver;
+
+class NondetInt
+{
+  static void main()
+  {
+    int x = CProver.nondetInt();
+    assert x == 0;
+  }
+}
diff --git a/regression/cbmc-java/NondetInt/test.desc b/regression/cbmc-java/NondetInt/test.desc
new file mode 100644
index 00000000000..324d69b8c91
--- /dev/null
+++ b/regression/cbmc-java/NondetInt/test.desc
@@ -0,0 +1,6 @@
+CORE
+NondetInt.class
+--function NondetInt.main
+^VERIFICATION FAILED$
+--
+^warning: ignoring
diff --git a/regression/cbmc-java/NondetLong/NondetLong.class b/regression/cbmc-java/NondetLong/NondetLong.class
new file mode 100644
index 0000000000000000000000000000000000000000..27a693dee6ecb161b060f2971d1277c321b4ac0d
GIT binary patch
literal 659
zcmZWmOK;Oa5dOw?V#hVjqqHPEN`b!MfG@pK@lb#R3I(aCh~75#Ds1a|tF=?{L%7gC
zz!{Jz0txQ?CWM%^(&WHlc4lY4`M#Oi-+#aV1h9q85CM82F5^lAbzJpvErf@jkL3{8
zvEt(fVPRDig*2todGS~kVwlO4K>LLHw#rp`pWtrZ-XnN@ok~J;pmMo0J{n5%%7O`<
zflfrWCycW9NzyCds)7&=c66S~a-j3kJ?1zPDrfe0Y|jW6c1w{QJ{QN6qF_78CYs@{
z9-BlyRaT)nBe{DZPDF$`L_TgtxP{dS4TOZQeTXxWkK#w?13fWD8$viM_pugX9UFw!
z4F6(yAd`|;q0J~xj*UK%ChotiJXhz_3940a-_2QVKjZZgmQq<LBh#rgPgaikfp@o$
z72bZpUqY>}ZI&aKjb{MwfTNf_v9H}Z1AXGa!91V!D(Rxhv4t`KEwtGO=uC@W^OriD
z>wSas;4|D)w3i$2KVa?$yf<g4{j!8^ML1vS`dkpec5+VaVG#?s$hbu|mi>dS#Vk!l
kwkmm`-Kl?te+u9G2+#cj_y2A!MGa2$(9U#;FAlo@0PQ+@mH+?%

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/NondetLong/NondetLong.java b/regression/cbmc-java/NondetLong/NondetLong.java
new file mode 100644
index 00000000000..57707eb07cb
--- /dev/null
+++ b/regression/cbmc-java/NondetLong/NondetLong.java
@@ -0,0 +1,10 @@
+import org.cprover.CProver;
+
+class NondetLong
+{
+  static void main()
+  {
+    long x = CProver.nondetLong();
+    assert x == 0;
+  }
+}
diff --git a/regression/cbmc-java/NondetLong/test.desc b/regression/cbmc-java/NondetLong/test.desc
new file mode 100644
index 00000000000..f92db994e00
--- /dev/null
+++ b/regression/cbmc-java/NondetLong/test.desc
@@ -0,0 +1,6 @@
+CORE
+NondetLong.class
+--function NondetLong.main
+^VERIFICATION FAILED$
+--
+^warning: ignoring
diff --git a/regression/cbmc-java/NondetShort/NondetShort.class b/regression/cbmc-java/NondetShort/NondetShort.class
new file mode 100644
index 0000000000000000000000000000000000000000..32e0868de3ed525ffab450275ba48c87d4ef40ca
GIT binary patch
literal 661
zcmZWn%Wl&^6g?9=vFn&7O(9Lot3ZLm0&lu&g+KvTp&$h+wY!NuYNxn%HFhd~h5i6*
zK%xjF*z-*YamGrTO2``DJ9E!D_c8PP@AsboHn1MR$8vxbT%AJ$*F0Pg;9}XsjQ}^X
z>fx5a;+iZ9WlEiA#WP*VQK}LFu_w^j(wQzF3pnc!b_Cpho+yFVKxb-ud^A$#jRgyI
z26-&g9ci@PPY&JkKo<g+2HSa-sB(Can{tyPM^a~$f6p~!cv#B#-Aj2qVfkBeI!PJ~
z^RbE53vE-hFQ_~^lqWJo6QPIOA?{!;#2f;Fo()8)%=V+F)0UnalN*8N1-^&7A@1Qm
zRcC}(qeB&!oJMZ;qxjh5C(1<q*Oetbn>A65gQd4-<bKK#3Um`yXrq$z<ZP}SGr;-n
zVU;)F^IAl^XUnDMaIp(;4D=#eL0f-#2Jwkb4fFgrszV1Y`W8w6+E}3V(K#o-CECW8
zzM;1H8O|wMD<9DO0eANd^<P%bspRIXtR7#1k1p$&%DPzOcbT{=Tuk~0T~T4C^=(uM
hfQ3%uE4)*9?nk)J7dZddY9;EZg->ipOWf4Z`v>}Fd-VVS

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/NondetShort/NondetShort.java b/regression/cbmc-java/NondetShort/NondetShort.java
new file mode 100644
index 00000000000..941ee23ffd2
--- /dev/null
+++ b/regression/cbmc-java/NondetShort/NondetShort.java
@@ -0,0 +1,10 @@
+import org.cprover.CProver;
+
+class NondetShort
+{
+  static void main()
+  {
+    short x = CProver.nondetShort();
+    assert x == 0;
+  }
+}
diff --git a/regression/cbmc-java/NondetShort/test.desc b/regression/cbmc-java/NondetShort/test.desc
new file mode 100644
index 00000000000..24ac39c540b
--- /dev/null
+++ b/regression/cbmc-java/NondetShort/test.desc
@@ -0,0 +1,6 @@
+CORE
+NondetShort.class
+--function NondetShort.main
+^VERIFICATION FAILED$
+--
+^warning: ignoring

From f85494b07d4610767a55aa65ac9ad39690669de0 Mon Sep 17 00:00:00 2001
From: reuk <reuk@users.noreply.github.com>
Date: Tue, 28 Mar 2017 11:18:41 +0100
Subject: [PATCH 194/699] Add remove_java_nondet

Use specialised member functions instead of `get`

Fix indentation

Remove insert_before
---
 src/cbmc/cbmc_parse_options.cpp          |  16 ++
 src/goto-programs/Makefile               |   1 +
 src/goto-programs/remove_java_nondet.cpp | 330 +++++++++++++++++++++++
 src/goto-programs/remove_java_nondet.h   |  39 +++
 4 files changed, 386 insertions(+)
 create mode 100644 src/goto-programs/remove_java_nondet.cpp
 create mode 100644 src/goto-programs/remove_java_nondet.h

diff --git a/src/cbmc/cbmc_parse_options.cpp b/src/cbmc/cbmc_parse_options.cpp
index 1619143ce6c..9d36e749cf9 100644
--- a/src/cbmc/cbmc_parse_options.cpp
+++ b/src/cbmc/cbmc_parse_options.cpp
@@ -41,6 +41,7 @@ Author: Daniel Kroening, kroening@kroening.com
 #include <goto-programs/link_to_library.h>
 #include <goto-programs/remove_skip.h>
 #include <goto-programs/show_goto_functions.h>
+#include <goto-programs/remove_java_nondet.h>
 
 #include <goto-symex/rewrite_union.h>
 #include <goto-symex/adjust_float_expressions.h>
@@ -53,6 +54,8 @@ Author: Daniel Kroening, kroening@kroening.com
 
 #include <langapi/mode.h>
 
+#include "java_bytecode/java_bytecode_language.h"
+
 #include "cbmc_solvers.h"
 #include "cbmc_parse_options.h"
 #include "bmc.h"
@@ -921,6 +924,19 @@ bool cbmc_parse_optionst::process_goto_program(
     remove_complex(symbol_table, goto_functions);
     rewrite_union(goto_functions, ns);
 
+    // Similar removal of java nondet statements:
+    // TODO Should really get this from java_bytecode_language somehow, but we
+    // don't have an instance of that here.
+    const auto max_nondet_array_length=
+      cmdline.isset("java-max-input-array-length")
+        ? std::stoi(cmdline.get_value("java-max-input-array-length"))
+        : MAX_NONDET_ARRAY_LENGTH_DEFAULT;
+    remove_java_nondet(
+      ui_message_handler,
+      symbol_table,
+      max_nondet_array_length,
+      goto_functions);
+
     // add generic checks
     status() << "Generic Property Instrumentation" << eom;
     goto_check(ns, options, goto_functions);
diff --git a/src/goto-programs/Makefile b/src/goto-programs/Makefile
index 6b2832e3481..da3e3e63628 100644
--- a/src/goto-programs/Makefile
+++ b/src/goto-programs/Makefile
@@ -25,6 +25,7 @@ SRC = goto_convert.cpp goto_convert_function_call.cpp \
       remove_const_function_pointers.cpp \
       system_library_symbols.cpp \
       string_refine_preprocess.cpp \
+      remove_java_nondet.cpp \
       # Empty last line
 
 INCLUDES= -I ..
diff --git a/src/goto-programs/remove_java_nondet.cpp b/src/goto-programs/remove_java_nondet.cpp
new file mode 100644
index 00000000000..86962fddc64
--- /dev/null
+++ b/src/goto-programs/remove_java_nondet.cpp
@@ -0,0 +1,330 @@
+/*******************************************************************\
+
+Module: Remove Java Nondet expressions
+
+Author: Reuben Thomas, reuben.thomas@diffblue.com
+
+\*******************************************************************/
+
+#include "goto-programs/remove_java_nondet.h"
+#include "goto-programs/goto_convert.h"
+#include "goto-programs/goto_model.h"
+
+#include "java_bytecode/java_object_factory.h"
+
+#include "util/irep_ids.h"
+
+#include <algorithm>
+#include <regex>
+
+/*******************************************************************\
+
+  Struct: nondet_instruction_infot
+
+ Purpose: Hold information about a nondet instruction invocation.
+
+\*******************************************************************/
+
+struct nondet_instruction_infot final
+{
+  bool is_nondet_instruction;
+  bool is_never_null;
+};
+
+/*******************************************************************\
+
+Function: is_nondet_returning_object
+
+  Inputs:
+    function_call: A function call expression.
+
+ Outputs: Whether the function has a nondet signature, and whether the nondet
+          item may be null.
+
+
+ Purpose: Find whether the supplied function call has a recognised 'nondet'
+          library signature.  If so, specify whether the function call is
+          expected to return non-null.
+
+\*******************************************************************/
+
+static nondet_instruction_infot is_nondet_returning_object(
+  const code_function_callt &function_call)
+{
+  const auto &function_symbol=to_symbol_expr(function_call.function());
+  const auto function_name=id2string(function_symbol.get_identifier());
+  std::smatch match_results;
+  if(!std::regex_match(
+       function_name,
+       match_results,
+       std::regex(".*org\\.cprover\\.CProver\\.nondetWith(out)?Null.*")))
+  {
+    return {false, false};
+  }
+
+  return {true, match_results[1].matched};
+}
+
+/*******************************************************************\
+
+Function: get_nondet_instruction_info
+
+  Inputs:
+    instr: A goto program instruction.
+
+ Outputs: Whether the instruction is a function with a nondet signature, and
+          whether the nondet item may be null.
+
+ Purpose: Return whether the instruction has a recognised 'nondet' library
+          signature.
+
+\*******************************************************************/
+
+static nondet_instruction_infot get_nondet_instruction_info(
+  const goto_programt::targett &instr)
+{
+  if(!(instr->is_function_call() && instr->code.id()==ID_code))
+  {
+    return {false, false};
+  }
+  const auto &code=to_code(instr->code);
+  if(code.get_statement()!=ID_function_call)
+  {
+    return {false, false};
+  }
+  const auto &function_call=to_code_function_call(code);
+  return is_nondet_returning_object(function_call);
+}
+
+/*******************************************************************\
+
+Function: is_symbol_with_id
+
+  Inputs:
+    expr: The expression which may be a symbol.
+    identifier: Some identifier.
+
+ Outputs: True if the expression is a symbol with the specified identifier.
+
+ Purpose: Return whether the expression is a symbol with the specified
+          identifier.
+
+\*******************************************************************/
+
+static bool is_symbol_with_id(const exprt& expr, const dstringt& identifier)
+{
+  return expr.id()==ID_symbol &&
+         to_symbol_expr(expr).get_identifier()==identifier;
+}
+
+/*******************************************************************\
+
+Function: is_typecast_with_id
+
+  Inputs:
+    expr: The expression which may be a typecast.
+    identifier: Some identifier.
+
+ Outputs: True if the expression is a typecast with one operand, and the
+          typecast's identifier matches the specified identifier.
+
+ Purpose: Return whether the expression is a typecast with the specified
+          identifier.
+
+\*******************************************************************/
+
+static bool is_typecast_with_id(const exprt& expr, const dstringt& identifier)
+{
+  if(!(expr.id()==ID_typecast && expr.operands().size()==1))
+  {
+    return false;
+  }
+  const auto &typecast=to_typecast_expr(expr);
+  if(!(typecast.op().id()==ID_symbol && !typecast.op().has_operands()))
+  {
+    return false;
+  }
+  const auto &op_symbol=to_symbol_expr(typecast.op());
+  // Return whether the typecast has the expected operand
+  return op_symbol.get_identifier()==identifier;
+}
+
+/*******************************************************************\
+
+Function: is_assignment_from
+
+  Inputs:
+    instr: A goto program instruction.
+    identifier: Some identifier.
+
+ Outputs: True if the expression is a typecast with one operand, and the
+          typecast's identifier matches the specified identifier.
+
+ Purpose: Return whether the instruction is an assignment, and the rhs is a
+          symbol or typecast expression with the specified identifier.
+
+\*******************************************************************/
+
+static bool is_assignment_from(
+  const goto_programt::instructiont &instr,
+  const dstringt &identifier)
+{
+  // If not an assignment, return false
+  if(!instr.is_assign())
+  {
+    return false;
+  }
+  const auto &rhs=to_code_assign(instr.code).rhs();
+  return is_symbol_with_id(rhs, identifier) ||
+         is_typecast_with_id(rhs, identifier);
+}
+
+/*******************************************************************\
+
+Function: process_target
+
+  Inputs:
+    message_handler: Handles logging.
+    symbol_table: The table of known symbols.
+    max_nondet_array_length: Max length of arrays in new nondet objects.
+    instructions: The list of all instructions.
+    instr: The instruction to check.
+
+ Outputs: The next instruction to process, probably with this function.
+
+ Purpose: Given an iterator into a list of instructions, modify the list to
+          replace 'nondet' library functions with CBMC-native nondet
+          expressions, and return an iterator to the next instruction to check.
+
+\*******************************************************************/
+
+static goto_programt::targett process_target(
+  message_handlert &message_handler,
+  symbol_tablet &symbol_table,
+  const size_t max_nondet_array_length,
+  goto_programt &prog,
+  const goto_programt::targett &instr)
+{
+  // Check whether this is our nondet library method, and return if not
+  const auto instr_info=get_nondet_instruction_info(instr);
+  const auto next_instr=std::next(instr);
+  if(!instr_info.is_nondet_instruction)
+  {
+    return next_instr;
+  }
+
+  // Look at the next instruction, ensure that it is an assignment
+  assert(next_instr->is_assign());
+  // Get the name of the LHS of the assignment
+  const auto &next_instr_assign_lhs=to_code_assign(next_instr->code).lhs();
+  if(!(next_instr_assign_lhs.id()==ID_symbol &&
+       !next_instr_assign_lhs.has_operands()))
+  {
+    return next_instr;
+  }
+  const auto return_identifier=
+    to_symbol_expr(next_instr_assign_lhs).get_identifier();
+
+  auto &instructions=prog.instructions;
+  const auto end=std::end(instructions);
+
+  // Look for an instruction where this name is on the RHS of an assignment
+  const auto matching_assignment=std::find_if(
+    next_instr,
+    end,
+    [&return_identifier](const goto_programt::instructiont &instr)
+    {
+      return is_assignment_from(instr, return_identifier);
+    });
+
+  assert(matching_assignment!=end);
+
+  // Assume that the LHS of *this* assignment is the actual nondet variable
+  const auto &code_assign=to_code_assign(matching_assignment->code);
+  const auto nondet_var=code_assign.lhs();
+  const auto source_loc=instr->source_location;
+
+  // Erase from the nondet function call to the assignment
+  const auto after_matching_assignment=std::next(matching_assignment);
+  assert(after_matching_assignment!=end);
+  const auto after_erased=
+    instructions.erase(instr, after_matching_assignment);
+
+  // Generate nondet init code
+  code_blockt init_code;
+  gen_nondet_init(
+    nondet_var,
+    init_code,
+    symbol_table,
+    source_loc,
+    false,
+    true,
+    instr_info.is_never_null,
+    message_handler,
+    max_nondet_array_length);
+
+  // Convert this code into goto instructions
+  goto_programt new_instructions;
+  goto_convert(init_code, symbol_table, new_instructions, message_handler);
+
+  // Insert the new instructions into the instruction list
+  prog.destructive_insert(after_erased, new_instructions);
+  prog.update();
+
+  return after_erased;
+}
+
+/*******************************************************************\
+
+Function: remove_java_nondet
+
+  Inputs:
+    message_handler: Object which prints messages.
+    symbol_table: The list of known symbols.
+    max_nondet_array_length: The maximum length of new nondet arrays.
+    goto_program: The program to modify.
+
+ Purpose: Modify a goto_programt to replace 'nondet' library functions with
+          CBMC-native nondet expressions.
+
+\*******************************************************************/
+
+static void remove_java_nondet(
+  message_handlert &message_handler,
+  symbol_tablet &symbol_table,
+  const size_t max_nondet_array_length,
+  goto_programt &goto_program)
+{
+  // Check each instruction.
+  // `process_target` may modify the list in place, and returns the next
+  // iterator to look at.
+  for(auto instruction_iterator=std::begin(goto_program.instructions),
+        end=std::end(goto_program.instructions);
+      instruction_iterator!=end;
+      instruction_iterator=process_target(
+        message_handler,
+        symbol_table,
+        max_nondet_array_length,
+        goto_program,
+        instruction_iterator))
+  {
+    // Loop body deliberately empty.
+  }
+}
+
+void remove_java_nondet(
+  message_handlert &message_handler,
+  symbol_tablet &symbol_table,
+  const size_t max_nondet_array_length,
+  goto_functionst &goto_functions)
+{
+  for(auto &f : goto_functions.function_map)
+  {
+    remove_java_nondet(
+      message_handler,
+      symbol_table,
+      max_nondet_array_length,
+      f.second.body);
+  }
+  goto_functions.compute_location_numbers();
+}
diff --git a/src/goto-programs/remove_java_nondet.h b/src/goto-programs/remove_java_nondet.h
new file mode 100644
index 00000000000..0af514b5b11
--- /dev/null
+++ b/src/goto-programs/remove_java_nondet.h
@@ -0,0 +1,39 @@
+/*******************************************************************\
+
+Module: Remove Java Nondet expressions
+
+Author: Reuben Thomas, reuben.thomas@diffblue.com
+
+\*******************************************************************/
+
+#ifndef CPROVER_GOTO_PROGRAMS_REMOVE_JAVA_NONDET_H
+#define CPROVER_GOTO_PROGRAMS_REMOVE_JAVA_NONDET_H
+
+#include <cstddef> // size_t
+
+class message_handlert;
+class symbol_tablet;
+class goto_functionst;
+
+/*******************************************************************\
+
+Function: remove_java_nondet
+
+  Inputs:
+    message_handler: Object which prints instructions.
+    symbol_table: The list of known symbols.
+    max_nondet_array_length: The maximum length of new nondet arrays.
+    goto_functions: The set of goto programs to modify.
+
+ Purpose: Modify a goto_functionst to replace 'nondet' library functions with
+          CBMC-native nondet expressions.
+
+\*******************************************************************/
+
+void remove_java_nondet(
+  message_handlert &message_handler,
+  symbol_tablet &symbol_table,
+  size_t max_nondet_array_length,
+  goto_functionst &goto_functions);
+
+#endif

From 19c8d8d7c85cad8689772f6c87ac49ff96cfe713 Mon Sep 17 00:00:00 2001
From: reuk <reuk@users.noreply.github.com>
Date: Tue, 28 Mar 2017 11:04:21 +0100
Subject: [PATCH 195/699] Suppress loading methods with nondet signatures

---
 .../java_bytecode_convert_method.cpp          | 24 +++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/src/java_bytecode/java_bytecode_convert_method.cpp b/src/java_bytecode/java_bytecode_convert_method.cpp
index 4888810bd83..65696e7877a 100644
--- a/src/java_bytecode/java_bytecode_convert_method.cpp
+++ b/src/java_bytecode/java_bytecode_convert_method.cpp
@@ -31,6 +31,7 @@ Author: Daniel Kroening, kroening@kroening.com
 #include <algorithm>
 #include <functional>
 #include <unordered_set>
+#include <regex>
 
 class patternt
 {
@@ -2531,6 +2532,29 @@ void java_bytecode_convert_method(
   safe_pointer<std::vector<irep_idt> > needed_methods,
   safe_pointer<std::set<irep_idt> > needed_classes)
 {
+  static const std::unordered_set<std::string> methods_to_ignore
+  {
+    "nondetBoolean",
+    "nondetByte",
+    "nondetChar",
+    "nondetShort",
+    "nondetInt",
+    "nondetLong",
+    "nondetFloat",
+    "nondetDouble",
+    "nondetWithNull",
+    "nondetWithoutNull",
+  };
+
+  if(std::regex_match(
+       id2string(class_symbol.name),
+       std::regex(".*org\\.cprover\\.CProver.*")) &&
+     methods_to_ignore.find(id2string(method.name))!=methods_to_ignore.end())
+  {
+    // Ignore these methods, rely on default stubbing behaviour.
+    return;
+  }
+
   java_bytecode_convert_methodt java_bytecode_convert_method(
     symbol_table,
     message_handler,

From dc94557d87a310d4bdf1e848f8eafc8f0ac61cca Mon Sep 17 00:00:00 2001
From: reuk <reuk@users.noreply.github.com>
Date: Tue, 4 Apr 2017 17:00:52 +0100
Subject: [PATCH 196/699] Rearrange loop in remove_java_nondet

---
 src/goto-programs/remove_java_nondet.cpp | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/src/goto-programs/remove_java_nondet.cpp b/src/goto-programs/remove_java_nondet.cpp
index 86962fddc64..ce1543ab7f3 100644
--- a/src/goto-programs/remove_java_nondet.cpp
+++ b/src/goto-programs/remove_java_nondet.cpp
@@ -298,17 +298,18 @@ static void remove_java_nondet(
   // Check each instruction.
   // `process_target` may modify the list in place, and returns the next
   // iterator to look at.
+  // Can't use forall_goto_program_instructions because we don't want to
+  // increment the iterator by one after every iteration.
   for(auto instruction_iterator=std::begin(goto_program.instructions),
         end=std::end(goto_program.instructions);
-      instruction_iterator!=end;
-      instruction_iterator=process_target(
-        message_handler,
-        symbol_table,
-        max_nondet_array_length,
-        goto_program,
-        instruction_iterator))
+      instruction_iterator!=end;)
   {
-    // Loop body deliberately empty.
+    instruction_iterator=process_target(
+      message_handler,
+      symbol_table,
+      max_nondet_array_length,
+      goto_program,
+      instruction_iterator);
   }
 }
 

From 17db86df0814e6a24b1e7fbc749041d676246a28 Mon Sep 17 00:00:00 2001
From: Owen Jones <owen.jones@diffblue.com>
Date: Thu, 13 Apr 2017 15:33:06 +0100
Subject: [PATCH 197/699] Refactor java object factory

Functionally equivalent, but uses RAII. Also more concise. Makes code
match master, which will make merging easier.
---
 src/java_bytecode/java_object_factory.cpp | 15 ++++-----------
 1 file changed, 4 insertions(+), 11 deletions(-)

diff --git a/src/java_bytecode/java_object_factory.cpp b/src/java_bytecode/java_object_factory.cpp
index 55dfc96931f..36fa819c979 100644
--- a/src/java_bytecode/java_object_factory.cpp
+++ b/src/java_bytecode/java_object_factory.cpp
@@ -464,19 +464,12 @@ void java_object_factoryt::gen_nondet_init(
   }
   else
   {
-    code_assignt assign;
-    assign.lhs()=expr;
+    exprt rhs=type.id()==ID_c_bool?
+      get_nondet_bool(type):
+      side_effect_expr_nondett(type);
+    code_assignt assign(expr, rhs);
     assign.add_source_location()=loc;
 
-    if(type.id()==ID_c_bool)
-    {
-      assign.rhs()=get_nondet_bool(type);
-    }
-    else
-    {
-      assign.rhs()=side_effect_expr_nondett(type);
-    }
-
     init_code.copy_to_operands(assign);
   }
 }

From df1caca1e96fd3c2144e94da27a14206f06e4eda Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Mon, 10 Apr 2017 13:38:49 +0100
Subject: [PATCH 198/699] Adding namespace to arguments of from_expr in debug
 diffblue/test-gen#201

Not finding a symbol in from_expr can cause some exception to be thrown.
This was happening while outputing debug information in some examples
when --refine-strings was activated.
---
 src/solvers/refinement/string_refinement.cpp | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/solvers/refinement/string_refinement.cpp b/src/solvers/refinement/string_refinement.cpp
index 6cd090d4b1d..eeb8788bceb 100644
--- a/src/solvers/refinement/string_refinement.cpp
+++ b/src/solvers/refinement/string_refinement.cpp
@@ -475,8 +475,8 @@ void string_refinementt::set_to(const exprt &expr, bool value)
 
     // Preprocessing to remove function applications.
     const exprt &lhs=eq_expr.lhs();
-    debug() << "(sr::set_to) " << from_expr(lhs)
-            << " = " << from_expr(eq_expr.rhs()) << eom;
+    debug() << "(sr::set_to) " << from_expr(ns, "", lhs)
+            << " = " << from_expr(ns, "", eq_expr.rhs()) << eom;
 
     // TODO: See if this happens at all.
     if(lhs.id()!=ID_symbol)
@@ -545,7 +545,7 @@ decision_proceduret::resultt string_refinementt::dec_solve()
   for(std::pair<exprt, bool> &pair : non_string_axioms)
   {
     replace_expr(symbol_resolve, pair.first);
-    debug() << "super::set_to " << from_expr(pair.first) << eom;
+    debug() << "super::set_to " << from_expr(ns, "", pair.first) << eom;
     supert::set_to(pair.first, pair.second);
   }
 

From f4a47f9e1d64b013d054f0ae0529200c222b2bd7 Mon Sep 17 00:00:00 2001
From: reuk <reuk@users.noreply.github.com>
Date: Wed, 5 Apr 2017 12:01:39 +0100
Subject: [PATCH 199/699] Split java nondet pass in two

---
 src/cbmc/cbmc_parse_options.cpp               |  12 +-
 src/goto-programs/Makefile                    |   3 +-
 src/goto-programs/convert_nondet.cpp          | 164 ++++++++++++++
 ...{remove_java_nondet.h => convert_nondet.h} |  30 +--
 ...ava_nondet.cpp => replace_java_nondet.cpp} | 206 +++++++++---------
 src/goto-programs/replace_java_nondet.h       |  28 +++
 src/util/irep_ids.txt                         |   3 +-
 src/util/std_code.h                           |  27 +++
 8 files changed, 342 insertions(+), 131 deletions(-)
 create mode 100644 src/goto-programs/convert_nondet.cpp
 rename src/goto-programs/{remove_java_nondet.h => convert_nondet.h} (51%)
 rename src/goto-programs/{remove_java_nondet.cpp => replace_java_nondet.cpp} (58%)
 create mode 100644 src/goto-programs/replace_java_nondet.h

diff --git a/src/cbmc/cbmc_parse_options.cpp b/src/cbmc/cbmc_parse_options.cpp
index 9d36e749cf9..2c5806ed868 100644
--- a/src/cbmc/cbmc_parse_options.cpp
+++ b/src/cbmc/cbmc_parse_options.cpp
@@ -41,7 +41,8 @@ Author: Daniel Kroening, kroening@kroening.com
 #include <goto-programs/link_to_library.h>
 #include <goto-programs/remove_skip.h>
 #include <goto-programs/show_goto_functions.h>
-#include <goto-programs/remove_java_nondet.h>
+#include <goto-programs/replace_java_nondet.h>
+#include <goto-programs/convert_nondet.h>
 
 #include <goto-symex/rewrite_union.h>
 #include <goto-symex/adjust_float_expressions.h>
@@ -931,11 +932,12 @@ bool cbmc_parse_optionst::process_goto_program(
       cmdline.isset("java-max-input-array-length")
         ? std::stoi(cmdline.get_value("java-max-input-array-length"))
         : MAX_NONDET_ARRAY_LENGTH_DEFAULT;
-    remove_java_nondet(
-      ui_message_handler,
+    replace_java_nondet(goto_functions);
+    convert_nondet(
+      goto_functions,
       symbol_table,
-      max_nondet_array_length,
-      goto_functions);
+      ui_message_handler,
+      max_nondet_array_length);
 
     // add generic checks
     status() << "Generic Property Instrumentation" << eom;
diff --git a/src/goto-programs/Makefile b/src/goto-programs/Makefile
index da3e3e63628..e873310b0c7 100644
--- a/src/goto-programs/Makefile
+++ b/src/goto-programs/Makefile
@@ -25,7 +25,8 @@ SRC = goto_convert.cpp goto_convert_function_call.cpp \
       remove_const_function_pointers.cpp \
       system_library_symbols.cpp \
       string_refine_preprocess.cpp \
-      remove_java_nondet.cpp \
+      replace_java_nondet.cpp \
+      convert_nondet.cpp \
       # Empty last line
 
 INCLUDES= -I ..
diff --git a/src/goto-programs/convert_nondet.cpp b/src/goto-programs/convert_nondet.cpp
new file mode 100644
index 00000000000..148323c1d67
--- /dev/null
+++ b/src/goto-programs/convert_nondet.cpp
@@ -0,0 +1,164 @@
+/*******************************************************************\
+
+Module: Convert side_effect_expr_nondett expressions
+
+Author: Reuben Thomas, reuben.thomas@diffblue.com
+
+\*******************************************************************/
+
+#include "goto-programs/convert_nondet.h"
+#include "goto-programs/goto_convert.h"
+#include "goto-programs/goto_model.h"
+
+#include "java_bytecode/java_object_factory.h" // gen_nondet_init
+
+#include "util/irep_ids.h"
+
+/*******************************************************************\
+
+Function: insert_nondet_init_code
+
+  Inputs:
+    goto_program: The goto program to modify.
+    target: One of the steps in that goto program.
+    symbol_table: The global symbol table.
+    message_handler: Handles logging.
+    max_nondet_array_length: Maximum size of new nondet arrays.
+
+  Outputs: The next instruction to process with this function.
+
+ Purpose: Checks an instruction to see whether it contains an assignment
+          from side_effect_expr_nondet.  If so, replaces the instruction
+          with a range of instructions to properly nondet-initialize
+          the lhs.
+
+\*******************************************************************/
+
+static goto_programt::const_targett insert_nondet_init_code(
+  goto_programt &goto_program,
+  const goto_programt::const_targett &target,
+  symbol_tablet &symbol_table,
+  message_handlert &message_handler,
+  size_t max_nondet_array_length)
+{
+  // Return if the instruction isn't an assignment
+  const auto next_instr=std::next(target);
+  if(!target->is_assign())
+  {
+    return next_instr;
+  }
+
+  // Return if the rhs of the assignment isn't a side effect expression
+  const auto &assign=to_code_assign(target->code);
+  if(assign.rhs().id()!=ID_side_effect)
+  {
+    return next_instr;
+  }
+
+  // Return if the rhs isn't nondet
+  const auto &side_effect=to_side_effect_expr(assign.rhs());
+  if(side_effect.get_statement()!=ID_nondet)
+  {
+    return next_instr;
+  }
+
+  const auto lhs=assign.lhs();
+  // If the lhs type doesn't have a subtype then I guess it's primitive and
+  // we want to bail out now
+  if(!lhs.type().has_subtype())
+  {
+    return next_instr;
+  }
+
+  // Although, if the type is a ptr-to-void then we also want to bail
+  if(lhs.type().subtype().id()==ID_empty)
+  {
+    return next_instr;
+  }
+
+  // Check whether the nondet object may be null
+  const auto nullable=to_side_effect_expr_nondet(side_effect).get_nullable();
+  // Get the symbol to nondet-init
+  const auto source_loc=target->source_location;
+
+  // Erase the nondet assignment
+  const auto after_erased=goto_program.instructions.erase(target);
+
+  // Generate nondet init code
+  code_blockt init_code;
+  gen_nondet_init(
+    lhs,
+    init_code,
+    symbol_table,
+    source_loc,
+    false,
+    true,
+    !nullable,
+    message_handler,
+    max_nondet_array_length);
+
+  // Convert this code into goto instructions
+  goto_programt new_instructions;
+  goto_convert(init_code, symbol_table, new_instructions, message_handler);
+
+  // Insert the new instructions into the instruction list
+  goto_program.destructive_insert(after_erased, new_instructions);
+  goto_program.update();
+
+  return after_erased;
+}
+
+/*******************************************************************\
+
+Function: convert_nondet
+
+  Inputs:
+    goto_program: The goto program to modify.
+    symbol_table: The global symbol table.
+    message_handler: Handles logging.
+    max_nondet_array_length: Maximum size of new nondet arrays.
+
+ Purpose: For each instruction in the goto program, checks if it is
+          an assignment from nondet and replaces it with the appropriate
+          composite initialization code if so.
+
+\*******************************************************************/
+
+static void convert_nondet(
+  goto_programt &goto_program,
+  symbol_tablet &symbol_table,
+  message_handlert &message_handler,
+  size_t max_nondet_array_length)
+{
+  for(auto instruction_iterator=goto_program.instructions.cbegin(),
+        end=goto_program.instructions.cend();
+        instruction_iterator!=end;)
+  {
+    instruction_iterator=insert_nondet_init_code(
+      goto_program,
+      instruction_iterator,
+      symbol_table,
+      message_handler,
+      max_nondet_array_length);
+  }
+}
+
+
+
+void convert_nondet(
+  goto_functionst &goto_functions,
+  symbol_tablet &symbol_table,
+  message_handlert &message_handler,
+  size_t max_nondet_array_length)
+{
+  for(auto &goto_program : goto_functions.function_map)
+  {
+    convert_nondet(
+      goto_program.second.body,
+      symbol_table,
+      message_handler,
+      max_nondet_array_length);
+  }
+
+  goto_functions.compute_location_numbers();
+}
diff --git a/src/goto-programs/remove_java_nondet.h b/src/goto-programs/convert_nondet.h
similarity index 51%
rename from src/goto-programs/remove_java_nondet.h
rename to src/goto-programs/convert_nondet.h
index 0af514b5b11..919d977a94e 100644
--- a/src/goto-programs/remove_java_nondet.h
+++ b/src/goto-programs/convert_nondet.h
@@ -1,39 +1,39 @@
 /*******************************************************************\
 
-Module: Remove Java Nondet expressions
+Module: Convert side_effect_expr_nondett expressions
 
 Author: Reuben Thomas, reuben.thomas@diffblue.com
 
 \*******************************************************************/
 
-#ifndef CPROVER_GOTO_PROGRAMS_REMOVE_JAVA_NONDET_H
-#define CPROVER_GOTO_PROGRAMS_REMOVE_JAVA_NONDET_H
+#ifndef CPROVER_GOTO_PROGRAMS_CONVERT_NONDET_H
+#define CPROVER_GOTO_PROGRAMS_CONVERT_NONDET_H
 
 #include <cstddef> // size_t
 
-class message_handlert;
-class symbol_tablet;
 class goto_functionst;
+class symbol_tablet;
+class message_handlert;
 
 /*******************************************************************\
 
-Function: remove_java_nondet
+Function: convert_nondet
 
   Inputs:
-    message_handler: Object which prints instructions.
-    symbol_table: The list of known symbols.
-    max_nondet_array_length: The maximum length of new nondet arrays.
     goto_functions: The set of goto programs to modify.
+    symbol_table: The symbol table to query/update.
+    message_handler: For error logging.
+    max_nondet_array_length: The maximum length of any new arrays.
 
- Purpose: Modify a goto_functionst to replace 'nondet' library functions with
-          CBMC-native nondet expressions.
+ Purpose: Replace calls to nondet library functions with an internal
+          nondet representation.
 
 \*******************************************************************/
 
-void remove_java_nondet(
-  message_handlert &message_handler,
+void convert_nondet(
+  goto_functionst &goto_functions,
   symbol_tablet &symbol_table,
-  size_t max_nondet_array_length,
-  goto_functionst &goto_functions);
+  message_handlert &message_handler,
+  size_t max_nondet_array_length);
 
 #endif
diff --git a/src/goto-programs/remove_java_nondet.cpp b/src/goto-programs/replace_java_nondet.cpp
similarity index 58%
rename from src/goto-programs/remove_java_nondet.cpp
rename to src/goto-programs/replace_java_nondet.cpp
index ce1543ab7f3..b78a0819cac 100644
--- a/src/goto-programs/remove_java_nondet.cpp
+++ b/src/goto-programs/replace_java_nondet.cpp
@@ -1,17 +1,15 @@
 /*******************************************************************\
 
-Module: Remove Java Nondet expressions
+Module: Replace Java Nondet expressions
 
 Author: Reuben Thomas, reuben.thomas@diffblue.com
 
 \*******************************************************************/
 
-#include "goto-programs/remove_java_nondet.h"
+#include "goto-programs/replace_java_nondet.h"
 #include "goto-programs/goto_convert.h"
 #include "goto-programs/goto_model.h"
 
-#include "java_bytecode/java_object_factory.h"
-
 #include "util/irep_ids.h"
 
 #include <algorithm>
@@ -19,16 +17,37 @@ Author: Reuben Thomas, reuben.thomas@diffblue.com
 
 /*******************************************************************\
 
-  Struct: nondet_instruction_infot
+   Class: nondet_instruction_infot
 
- Purpose: Hold information about a nondet instruction invocation.
+ Purpose: Holds information about any discovered nondet methods,
+          with extreme type-safety.
 
 \*******************************************************************/
 
-struct nondet_instruction_infot final
+class nondet_instruction_infot final
 {
-  bool is_nondet_instruction;
-  bool is_never_null;
+public:
+  enum class is_nondett:bool { FALSE, TRUE };
+  enum class is_nullablet:bool { FALSE, TRUE };
+
+  nondet_instruction_infot():
+    is_nondet(is_nondett::FALSE),
+    is_nullable(is_nullablet::FALSE)
+  {
+  }
+
+  explicit nondet_instruction_infot(is_nullablet is_nullable):
+    is_nondet(is_nondett::TRUE),
+    is_nullable(is_nullable)
+  {
+  }
+
+  is_nondett get_instruction_type() const { return is_nondet; }
+  is_nullablet get_nullable_type() const { return is_nullable; }
+
+private:
+  is_nondett is_nondet;
+  is_nullablet is_nullable;
 };
 
 /*******************************************************************\
@@ -36,15 +55,14 @@ struct nondet_instruction_infot final
 Function: is_nondet_returning_object
 
   Inputs:
-    function_call: A function call expression.
-
- Outputs: Whether the function has a nondet signature, and whether the nondet
-          item may be null.
+    function_call: The function call declaration to check.
 
+  Outputs: A structure detailing whether the function call appears to
+           be one of our nondet library methods, and if so, whether
+           or not it allows null results.
 
- Purpose: Find whether the supplied function call has a recognised 'nondet'
-          library signature.  If so, specify whether the function call is
-          expected to return non-null.
+ Purpose: Checks whether the function call is one of our nondet
+          library functions.
 
 \*******************************************************************/
 
@@ -53,16 +71,17 @@ static nondet_instruction_infot is_nondet_returning_object(
 {
   const auto &function_symbol=to_symbol_expr(function_call.function());
   const auto function_name=id2string(function_symbol.get_identifier());
+  const std::regex reg(
+    R"(.*org\.cprover\.CProver\.nondet)"
+    R"((?:Boolean|Byte|Char|Short|Int|Long|Float|Double|With(out)?Null.*))");
   std::smatch match_results;
-  if(!std::regex_match(
-       function_name,
-       match_results,
-       std::regex(".*org\\.cprover\\.CProver\\.nondetWith(out)?Null.*")))
+  if(!std::regex_match(function_name, match_results, reg))
   {
-    return {false, false};
+    return nondet_instruction_infot();
   }
 
-  return {true, match_results[1].matched};
+  return nondet_instruction_infot(
+    nondet_instruction_infot::is_nullablet(!match_results[1].matched));
 }
 
 /*******************************************************************\
@@ -70,27 +89,27 @@ static nondet_instruction_infot is_nondet_returning_object(
 Function: get_nondet_instruction_info
 
   Inputs:
-    instr: A goto program instruction.
+    instr: A goto-program instruction to check.
 
- Outputs: Whether the instruction is a function with a nondet signature, and
-          whether the nondet item may be null.
+  Outputs: A structure detailing the properties of the nondet method.
 
- Purpose: Return whether the instruction has a recognised 'nondet' library
-          signature.
+ Purpose: Check whether the instruction is a function call which
+          matches one of the recognised nondet library methods, and
+          return some information about it.
 
 \*******************************************************************/
 
 static nondet_instruction_infot get_nondet_instruction_info(
-  const goto_programt::targett &instr)
+  const goto_programt::const_targett &instr)
 {
   if(!(instr->is_function_call() && instr->code.id()==ID_code))
   {
-    return {false, false};
+    return nondet_instruction_infot();
   }
   const auto &code=to_code(instr->code);
   if(code.get_statement()!=ID_function_call)
   {
-    return {false, false};
+    return nondet_instruction_infot();
   }
   const auto &function_call=to_code_function_call(code);
   return is_nondet_returning_object(function_call);
@@ -111,7 +130,7 @@ Function: is_symbol_with_id
 
 \*******************************************************************/
 
-static bool is_symbol_with_id(const exprt& expr, const dstringt& identifier)
+static bool is_symbol_with_id(const exprt& expr, const irep_idt& identifier)
 {
   return expr.id()==ID_symbol &&
          to_symbol_expr(expr).get_identifier()==identifier;
@@ -133,7 +152,7 @@ Function: is_typecast_with_id
 
 \*******************************************************************/
 
-static bool is_typecast_with_id(const exprt& expr, const dstringt& identifier)
+static bool is_typecast_with_id(const exprt& expr, const irep_idt& identifier)
 {
   if(!(expr.id()==ID_typecast && expr.operands().size()==1))
   {
@@ -167,7 +186,7 @@ Function: is_assignment_from
 
 static bool is_assignment_from(
   const goto_programt::instructiont &instr,
-  const dstringt &identifier)
+  const irep_idt &identifier)
 {
   // If not an assignment, return false
   if(!instr.is_assign())
@@ -181,14 +200,12 @@ static bool is_assignment_from(
 
 /*******************************************************************\
 
-Function: process_target
+Function: check_and_replace_target
 
   Inputs:
-    message_handler: Handles logging.
-    symbol_table: The table of known symbols.
-    max_nondet_array_length: Max length of arrays in new nondet objects.
-    instructions: The list of all instructions.
-    instr: The instruction to check.
+    goto_program: The goto program to modify.
+    target: A single step of the goto program which may be erased and
+            replaced.
 
  Outputs: The next instruction to process, probably with this function.
 
@@ -198,17 +215,15 @@ Function: process_target
 
 \*******************************************************************/
 
-static goto_programt::targett process_target(
-  message_handlert &message_handler,
-  symbol_tablet &symbol_table,
-  const size_t max_nondet_array_length,
-  goto_programt &prog,
-  const goto_programt::targett &instr)
+static goto_programt::const_targett check_and_replace_target(
+  goto_programt &goto_program,
+  const goto_programt::const_targett &target)
 {
-  // Check whether this is our nondet library method, and return if not
-  const auto instr_info=get_nondet_instruction_info(instr);
-  const auto next_instr=std::next(instr);
-  if(!instr_info.is_nondet_instruction)
+  // Check whether this is a nondet library method, and return if not
+  const auto instr_info=get_nondet_instruction_info(target);
+  const auto next_instr=std::next(target);
+  if(instr_info.get_instruction_type()==
+     nondet_instruction_infot::is_nondett::FALSE)
   {
     return next_instr;
   }
@@ -225,8 +240,8 @@ static goto_programt::targett process_target(
   const auto return_identifier=
     to_symbol_expr(next_instr_assign_lhs).get_identifier();
 
-  auto &instructions=prog.instructions;
-  const auto end=std::end(instructions);
+  auto &instructions=goto_program.instructions;
+  const auto end=instructions.cend();
 
   // Look for an instruction where this name is on the RHS of an assignment
   const auto matching_assignment=std::find_if(
@@ -242,90 +257,63 @@ static goto_programt::targett process_target(
   // Assume that the LHS of *this* assignment is the actual nondet variable
   const auto &code_assign=to_code_assign(matching_assignment->code);
   const auto nondet_var=code_assign.lhs();
-  const auto source_loc=instr->source_location;
+  const auto source_loc=target->source_location;
 
   // Erase from the nondet function call to the assignment
   const auto after_matching_assignment=std::next(matching_assignment);
   assert(after_matching_assignment!=end);
-  const auto after_erased=
-    instructions.erase(instr, after_matching_assignment);
-
-  // Generate nondet init code
-  code_blockt init_code;
-  gen_nondet_init(
-    nondet_var,
-    init_code,
-    symbol_table,
-    source_loc,
-    false,
-    true,
-    instr_info.is_never_null,
-    message_handler,
-    max_nondet_array_length);
-
-  // Convert this code into goto instructions
-  goto_programt new_instructions;
-  goto_convert(init_code, symbol_table, new_instructions, message_handler);
-
-  // Insert the new instructions into the instruction list
-  prog.destructive_insert(after_erased, new_instructions);
-  prog.update();
+
+  const auto after_erased=goto_program.instructions.erase(
+    target, after_matching_assignment);
+
+  const auto inserted=goto_program.insert_before(after_erased);
+  inserted->make_assignment();
+  side_effect_expr_nondett inserted_expr(nondet_var.type());
+  inserted_expr.set_nullable(
+    instr_info.get_nullable_type()==
+    nondet_instruction_infot::is_nullablet::TRUE);
+  inserted->code=code_assignt(nondet_var, inserted_expr);
+  inserted->code.add_source_location()=source_loc;
+  inserted->source_location=source_loc;
+
+  goto_program.update();
 
   return after_erased;
 }
 
 /*******************************************************************\
 
-Function: remove_java_nondet
+Function: replace_java_nondet
 
   Inputs:
-    message_handler: Object which prints messages.
-    symbol_table: The list of known symbols.
-    max_nondet_array_length: The maximum length of new nondet arrays.
-    goto_program: The program to modify.
+    goto_program: The goto program to modify.
 
- Purpose: Modify a goto_programt to replace 'nondet' library functions with
-          CBMC-native nondet expressions.
+ Purpose: Checks each instruction in the goto program to see whether
+          it is a method returning nondet.  If it is, replaces the
+          function call with an irep representing a nondet side
+          effect with an appropriate type.
 
 \*******************************************************************/
 
-static void remove_java_nondet(
-  message_handlert &message_handler,
-  symbol_tablet &symbol_table,
-  const size_t max_nondet_array_length,
-  goto_programt &goto_program)
+static void replace_java_nondet(goto_programt &goto_program)
 {
-  // Check each instruction.
-  // `process_target` may modify the list in place, and returns the next
-  // iterator to look at.
-  // Can't use forall_goto_program_instructions because we don't want to
-  // increment the iterator by one after every iteration.
-  for(auto instruction_iterator=std::begin(goto_program.instructions),
-        end=std::end(goto_program.instructions);
+  for(auto instruction_iterator=goto_program.instructions.cbegin(),
+        end=goto_program.instructions.cend();
       instruction_iterator!=end;)
   {
-    instruction_iterator=process_target(
-      message_handler,
-      symbol_table,
-      max_nondet_array_length,
+    instruction_iterator=check_and_replace_target(
       goto_program,
       instruction_iterator);
   }
 }
 
-void remove_java_nondet(
-  message_handlert &message_handler,
-  symbol_tablet &symbol_table,
-  const size_t max_nondet_array_length,
-  goto_functionst &goto_functions)
+
+
+void replace_java_nondet(goto_functionst &goto_functions)
 {
-  for(auto &f : goto_functions.function_map)
+  for(auto &goto_program : goto_functions.function_map)
   {
-    remove_java_nondet(
-      message_handler,
-      symbol_table,
-      max_nondet_array_length,
-      f.second.body);
+    replace_java_nondet(goto_program.second.body);
   }
   goto_functions.compute_location_numbers();
 }
diff --git a/src/goto-programs/replace_java_nondet.h b/src/goto-programs/replace_java_nondet.h
new file mode 100644
index 00000000000..077f95ab84c
--- /dev/null
+++ b/src/goto-programs/replace_java_nondet.h
@@ -0,0 +1,28 @@
+/*******************************************************************\
+
+Module: Replace Java Nondet expressions
+
+Author: Reuben Thomas, reuben.thomas@diffblue.com
+
+\*******************************************************************/
+
+#ifndef CPROVER_GOTO_PROGRAMS_REPLACE_JAVA_NONDET_H
+#define CPROVER_GOTO_PROGRAMS_REPLACE_JAVA_NONDET_H
+
+class goto_functionst;
+
+/*******************************************************************\
+
+Function: replace_java_nondet
+
+  Inputs:
+    goto_functions: The set of goto programs to modify.
+
+ Purpose: Replace calls to nondet library functions with an internal
+          nondet representation.
+
+\*******************************************************************/
+
+void replace_java_nondet(goto_functionst &goto_functions);
+
+#endif
diff --git a/src/util/irep_ids.txt b/src/util/irep_ids.txt
index 5e364d97ea0..a9672b2cec7 100644
--- a/src/util/irep_ids.txt
+++ b/src/util/irep_ids.txt
@@ -804,4 +804,5 @@ cprover_string_to_lower_case_func
 cprover_string_to_upper_case_func
 cprover_string_trim_func
 cprover_string_value_of_func
-basic_block_covered_lines
\ No newline at end of file
+basic_block_covered_lines
+is_nondet_nullable
diff --git a/src/util/std_code.h b/src/util/std_code.h
index 17d038274a3..85a35252dfb 100644
--- a/src/util/std_code.h
+++ b/src/util/std_code.h
@@ -1036,14 +1036,41 @@ class side_effect_expr_nondett:public side_effect_exprt
 public:
   side_effect_expr_nondett():side_effect_exprt(ID_nondet)
   {
+    set_nullable(true);
   }
 
   explicit side_effect_expr_nondett(const typet &_type):
     side_effect_exprt(ID_nondet, _type)
   {
+    set_nullable(true);
+  }
+
+  void set_nullable(bool nullable)
+  {
+    set(ID_is_nondet_nullable, nullable);
+  }
+
+  bool get_nullable() const
+  {
+    return get_bool(ID_is_nondet_nullable);
   }
 };
 
+inline side_effect_expr_nondett &to_side_effect_expr_nondet(exprt &expr)
+{
+  auto &side_effect_expr_nondet=to_side_effect_expr(expr);
+  assert(side_effect_expr_nondet.get_statement()==ID_nondet);
+  return static_cast<side_effect_expr_nondett &>(side_effect_expr_nondet);
+}
+
+inline const side_effect_expr_nondett &to_side_effect_expr_nondet(
+  const exprt &expr)
+{
+  const auto &side_effect_expr_nondet=to_side_effect_expr(expr);
+  assert(side_effect_expr_nondet.get_statement()==ID_nondet);
+  return static_cast<const side_effect_expr_nondett &>(side_effect_expr_nondet);
+}
+
 /*! \brief A function call side effect
 */
 class side_effect_expr_function_callt:public side_effect_exprt

From ff72ddc8c5693331cf2c6141193aaf614dc6f08a Mon Sep 17 00:00:00 2001
From: reuk <reuk@users.noreply.github.com>
Date: Tue, 18 Apr 2017 16:18:09 +0100
Subject: [PATCH 200/699] Ensure assume only throws upon predicate failure

---
 src/java_bytecode/library/src/org/cprover/CProver.java | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/src/java_bytecode/library/src/org/cprover/CProver.java b/src/java_bytecode/library/src/org/cprover/CProver.java
index 0dcae58c67e..6aadd228e9e 100644
--- a/src/java_bytecode/library/src/org/cprover/CProver.java
+++ b/src/java_bytecode/library/src/org/cprover/CProver.java
@@ -117,10 +117,9 @@ public static <T> T nondetWithoutNull()
 
   public static void assume(boolean condition)
   {
-    if(enableAssume)
+    if(enableAssume && !condition)
     {
-      throw new RuntimeException(
-          "Cannot execute program with CProver.assume()");
+      throw new RuntimeException("CProver.assume() predicate is false");
     }
   }
 }

From 520cf38ce751913d48b7a8f0a01b509590bcc105 Mon Sep 17 00:00:00 2001
From: Cristina <cristina.david@gmail.com>
Date: Thu, 20 Apr 2017 16:33:32 +0100
Subject: [PATCH 201/699] Handle typecast when evaluating addresses in the
 interpreter

---
 src/goto-programs/interpreter_evaluate.cpp | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/src/goto-programs/interpreter_evaluate.cpp b/src/goto-programs/interpreter_evaluate.cpp
index f285328aedd..b711be84ba2 100644
--- a/src/goto-programs/interpreter_evaluate.cpp
+++ b/src/goto-programs/interpreter_evaluate.cpp
@@ -1256,6 +1256,15 @@ mp_integer interpretert::evaluate_address(
     if(result.size()==1)
       return result[0];
   }
+  else if(expr.id()==ID_typecast)
+  {
+    if(expr.operands().size()!=1)
+      throw "typecast expects one operand";
+
+    assert(expr.type().id()==ID_pointer);
+
+    return evaluate_address(expr.op0(), fail_quietly);
+  }
   if(!fail_quietly)
   {
     error() << "!! failed to evaluate address: "

From b8586a6e3327cff94bc43cb6ef21ada8128eb556 Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Fri, 21 Apr 2017 15:30:08 +0100
Subject: [PATCH 202/699] Move coverage arg-parsing into cover.cpp

This unifies test-generator's version of coverage instrumentation with
cbmc's base version, which should make future changes to the two easier
to keep in sync.

An upcoming changeset will update the test-generator tool to use this.
---
 src/goto-instrument/cover.cpp | 25 ++++++++++++++++++++++++-
 1 file changed, 24 insertions(+), 1 deletion(-)

diff --git a/src/goto-instrument/cover.cpp b/src/goto-instrument/cover.cpp
index f84fe3d5f3d..33ce83bc2f7 100644
--- a/src/goto-instrument/cover.cpp
+++ b/src/goto-instrument/cover.cpp
@@ -1769,10 +1769,33 @@ bool instrument_cover_goals(
     }
   }
 
+  // check existing test goals
+  coverage_goalst existing_goals;
+  if(cmdline.isset("existing-coverage"))
+  {
+    msg.status() << "Check existing coverage goals" << messaget::eom;
+    // get file with covered test goals
+    const std::string coverage=cmdline.get_value("existing-coverage");
+    // get a coverage_goalst object
+    if(coverage_goalst::get_coverage_goals(coverage, msgh, existing_goals))
+    {
+      msg.error() << "get_coverage_goals failed" << messaget::eom;
+      return true;
+    }
+  }
+
   msg.status() << "Instrumenting coverage goals" << messaget::eom;
 
   for(const auto &criterion : criteria)
-    instrument_cover_goals(symbol_table, goto_functions, criterion);
+  {
+    instrument_cover_goals(
+      symbol_table,
+      goto_functions,
+      criterion,
+      existing_goals,
+      cmdline.isset("cover-function-only"),
+      cmdline.isset("no-trivial-tests"));
+  }
 
   goto_functions.update();
   return false;

From c195e63c34dcc4cadb4c92fa19cee842b6a82060 Mon Sep 17 00:00:00 2001
From: reuk <reuk@users.noreply.github.com>
Date: Mon, 24 Apr 2017 11:40:33 +0100
Subject: [PATCH 203/699] Remove 'erase' in replace_java_nondet.cpp

Erasing a range of instructions from a goto program can cause memory
bugs when `goto_program::update` is called. Specifically, if any of the
remaining nodes in the program have elements of `targets` which point
into the erased range, then the program may attempt an invalid read
during the `update` call.

To avoid this, I thought of two options:

- check through the goto-program for instructions with `target`s that
  point into the removed range, and remove those `target`s, or
- just replace the existing instructions with no-ops.

Although I think the first solution is better, I can't think of a good
way of doing it with acceptable complexity, so this patch implements the
second option.
---
 src/goto-programs/replace_java_nondet.cpp | 23 ++++++++++++++---------
 1 file changed, 14 insertions(+), 9 deletions(-)

diff --git a/src/goto-programs/replace_java_nondet.cpp b/src/goto-programs/replace_java_nondet.cpp
index b78a0819cac..1faddf24491 100644
--- a/src/goto-programs/replace_java_nondet.cpp
+++ b/src/goto-programs/replace_java_nondet.cpp
@@ -215,9 +215,9 @@ Function: check_and_replace_target
 
 \*******************************************************************/
 
-static goto_programt::const_targett check_and_replace_target(
+static goto_programt::targett check_and_replace_target(
   goto_programt &goto_program,
-  const goto_programt::const_targett &target)
+  const goto_programt::targett &target)
 {
   // Check whether this is a nondet library method, and return if not
   const auto instr_info=get_nondet_instruction_info(target);
@@ -241,7 +241,7 @@ static goto_programt::const_targett check_and_replace_target(
     to_symbol_expr(next_instr_assign_lhs).get_identifier();
 
   auto &instructions=goto_program.instructions;
-  const auto end=instructions.cend();
+  const auto end=instructions.end();
 
   // Look for an instruction where this name is on the RHS of an assignment
   const auto matching_assignment=std::find_if(
@@ -263,10 +263,15 @@ static goto_programt::const_targett check_and_replace_target(
   const auto after_matching_assignment=std::next(matching_assignment);
   assert(after_matching_assignment!=end);
 
-  const auto after_erased=goto_program.instructions.erase(
-    target, after_matching_assignment);
+  std::for_each(
+    target,
+    after_matching_assignment,
+    [](goto_programt::instructiont &instr)
+    {
+      instr.make_skip();
+    });
 
-  const auto inserted=goto_program.insert_before(after_erased);
+  const auto inserted=goto_program.insert_before(after_matching_assignment);
   inserted->make_assignment();
   side_effect_expr_nondett inserted_expr(nondet_var.type());
   inserted_expr.set_nullable(
@@ -278,7 +283,7 @@ static goto_programt::const_targett check_and_replace_target(
 
   goto_program.update();
 
-  return after_erased;
+  return after_matching_assignment;
 }
 
 /*******************************************************************\
@@ -297,8 +302,8 @@ Function: replace_java_nondet
 
 static void replace_java_nondet(goto_programt &goto_program)
 {
-  for(auto instruction_iterator=goto_program.instructions.cbegin(),
-        end=goto_program.instructions.cend();
+  for(auto instruction_iterator=goto_program.instructions.begin(),
+        end=goto_program.instructions.end();
       instruction_iterator!=end;)
   {
     instruction_iterator=check_and_replace_target(

From 8ad72a70de790c8e1c21a1c7df3484c6b7e6daba Mon Sep 17 00:00:00 2001
From: reuk <reuk@users.noreply.github.com>
Date: Tue, 25 Apr 2017 09:38:20 +0100
Subject: [PATCH 204/699] Fix linter complaint

---
 src/cegis/cegis-util/type_helper.cpp | 62 ++++++++++++++++++----------
 1 file changed, 40 insertions(+), 22 deletions(-)

diff --git a/src/cegis/cegis-util/type_helper.cpp b/src/cegis/cegis-util/type_helper.cpp
index 68e4dc8439d..a4ea0e84cf1 100644
--- a/src/cegis/cegis-util/type_helper.cpp
+++ b/src/cegis/cegis-util/type_helper.cpp
@@ -16,12 +16,16 @@ Author: Daniel Kroening, kroening@kroening.com
 
 #include <cegis/cegis-util/type_helper.h>
 
-const typet &replace_struct_by_symbol_type(const symbol_tablet &st,
-    const typet &type)
+const typet &replace_struct_by_symbol_type(
+  const symbol_tablet &st,
+  const typet &type)
 {
   const irep_idt &type_id=type.id();
-  if(ID_struct != type_id && ID_incomplete_struct != type_id
-      && ID_union != type_id && ID_incomplete_union != type_id) return type;
+  if(type_id!=ID_struct && type_id!=ID_incomplete_struct &&
+     type_id!=ID_union  && type_id!=ID_incomplete_union)
+  {
+    return type;
+  }
   std::string tag(TAG_PREFIX);
   tag+=id2string(to_struct_union_type(type).get_tag());
   return st.lookup(tag).type;
@@ -31,16 +35,20 @@ namespace
 {
 bool instanceof(const typet &lhs, const typet &rhs, const namespacet &ns)
 {
-  if(type_eq(lhs, rhs, ns)) return true;
-  assert(ID_class == lhs.id());
-  const class_typet &lhs_class=to_class_type(lhs);
-  const class_typet::basest &bases=lhs_class.bases();
-  for(const exprt &base : bases)
+  if(type_eq(lhs, rhs, ns))
   {
-    const typet &type=base.type();
-    if (instanceof(ns.follow(type), rhs, ns)) return true;
+    return true;
   }
-  return false;
+  assert(ID_class==lhs.id());
+  const class_typet &lhs_class=to_class_type(lhs);
+  const class_typet::basest &bases=lhs_class.bases();
+  return std::any_of(
+    std::begin(bases),
+    std::end(bases),
+    [&](const exprt &base)
+    {
+      return instanceof(ns.follow(base.type()), rhs, ns);
+    });
 }
 }
 
@@ -49,22 +57,32 @@ bool instanceof(const symbol_tablet &st, const typet &lhs, const typet &rhs)
   const namespacet ns(st);
   const typet &resolved_lhs=ns.follow(lhs);
   const typet &resolved_rhs=ns.follow(rhs);
-  if(ID_class != resolved_lhs.id() || ID_class != resolved_rhs.id())
+  if(ID_class!=resolved_lhs.id() || ID_class!=resolved_rhs.id())
+  {
     return type_eq(resolved_lhs, resolved_rhs, ns);
+  }
   return instanceof(resolved_lhs, resolved_rhs, ns);
 }
 
-instanceof_anyt::instanceof_anyt(const symbol_tablet &st,
-    const std::set<typet> &types) :
-    st(st), types(types)
+instanceof_anyt::instanceof_anyt(
+  const symbol_tablet &st,
+  const std::set<typet> &types):
+    st(st),
+    types(types)
 {
 }
 
-bool instanceof_anyt::operator ()(const typet &type) const
+bool instanceof_anyt::operator()(const typet &type) const
 {
-  if(types.empty()) return true;
-  return types.end()
-      != std::find_if(types.begin(), types.end(),
-          [this, &type](const typet &rhs)
-          { return instanceof(st, type, rhs);});
+  if(types.empty())
+  {
+    return true;
+  }
+  return types.end()!=std::find_if(
+    types.begin(),
+    types.end(),
+    [this, &type](const typet &rhs)
+    {
+      return instanceof(st, type, rhs);
+    });
 }

From 6deaa3b899df6f64088bcc789c5fdb19ece07b01 Mon Sep 17 00:00:00 2001
From: reuk <reuk@users.noreply.github.com>
Date: Thu, 27 Apr 2017 10:27:37 +0100
Subject: [PATCH 205/699] Remove skip in replace_java_nondet.cpp

The changes in replace_java_nondet uncovered a similar 'erase' issue in
convert_nondet, which this patch also fixes.
---
 src/goto-programs/convert_nondet.cpp      | 17 ++++++++++-------
 src/goto-programs/replace_java_nondet.cpp |  4 ++++
 2 files changed, 14 insertions(+), 7 deletions(-)

diff --git a/src/goto-programs/convert_nondet.cpp b/src/goto-programs/convert_nondet.cpp
index 9e54d70d893..55c52fe8f4b 100644
--- a/src/goto-programs/convert_nondet.cpp
+++ b/src/goto-programs/convert_nondet.cpp
@@ -9,6 +9,7 @@ Author: Reuben Thomas, reuben.thomas@diffblue.com
 #include "goto-programs/convert_nondet.h"
 #include "goto-programs/goto_convert.h"
 #include "goto-programs/goto_model.h"
+#include "goto-programs/remove_skip.h"
 
 #include "java_bytecode/java_object_factory.h" // gen_nondet_init
 
@@ -34,9 +35,9 @@ Function: insert_nondet_init_code
 
 \*******************************************************************/
 
-static goto_programt::const_targett insert_nondet_init_code(
+static goto_programt::targett insert_nondet_init_code(
   goto_programt &goto_program,
-  const goto_programt::const_targett &target,
+  const goto_programt::targett &target,
   symbol_tablet &symbol_table,
   message_handlert &message_handler,
   size_t max_nondet_array_length)
@@ -82,7 +83,7 @@ static goto_programt::const_targett insert_nondet_init_code(
   const auto source_loc=target->source_location;
 
   // Erase the nondet assignment
-  const auto after_erased=goto_program.instructions.erase(target);
+  target->make_skip();
 
   // Generate nondet init code
   code_blockt init_code;
@@ -101,10 +102,10 @@ static goto_programt::const_targett insert_nondet_init_code(
   goto_convert(init_code, symbol_table, new_instructions, message_handler);
 
   // Insert the new instructions into the instruction list
-  goto_program.destructive_insert(after_erased, new_instructions);
+  goto_program.destructive_insert(next_instr, new_instructions);
   goto_program.update();
 
-  return after_erased;
+  return next_instr;
 }
 
 /*******************************************************************\
@@ -129,8 +130,8 @@ static void convert_nondet(
   message_handlert &message_handler,
   size_t max_nondet_array_length)
 {
-  for(auto instruction_iterator=goto_program.instructions.cbegin(),
-        end=goto_program.instructions.cend();
+  for(auto instruction_iterator=goto_program.instructions.begin(),
+        end=goto_program.instructions.end();
         instruction_iterator!=end;)
   {
     instruction_iterator=insert_nondet_init_code(
@@ -160,4 +161,6 @@ void convert_nondet(
   }
 
   goto_functions.compute_location_numbers();
+
+  remove_skip(goto_functions);
 }
diff --git a/src/goto-programs/replace_java_nondet.cpp b/src/goto-programs/replace_java_nondet.cpp
index 1faddf24491..b0514d60a7b 100644
--- a/src/goto-programs/replace_java_nondet.cpp
+++ b/src/goto-programs/replace_java_nondet.cpp
@@ -9,6 +9,7 @@ Author: Reuben Thomas, reuben.thomas@diffblue.com
 #include "goto-programs/replace_java_nondet.h"
 #include "goto-programs/goto_convert.h"
 #include "goto-programs/goto_model.h"
+#include "goto-programs/remove_skip.h"
 
 #include "util/irep_ids.h"
 
@@ -320,5 +321,8 @@ void replace_java_nondet(goto_functionst &goto_functions)
   {
     replace_java_nondet(goto_program.second.body);
   }
+
   goto_functions.compute_location_numbers();
+
+  remove_skip(goto_functions);
 }

From d15d84238d4977bcad5995713acda18a90ba5113 Mon Sep 17 00:00:00 2001
From: reuk <reuk@users.noreply.github.com>
Date: Thu, 27 Apr 2017 10:39:23 +0100
Subject: [PATCH 206/699] Fix indentation in convert_nondet

---
 src/goto-programs/convert_nondet.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/goto-programs/convert_nondet.cpp b/src/goto-programs/convert_nondet.cpp
index 55c52fe8f4b..e4655716d9b 100644
--- a/src/goto-programs/convert_nondet.cpp
+++ b/src/goto-programs/convert_nondet.cpp
@@ -132,7 +132,7 @@ static void convert_nondet(
 {
   for(auto instruction_iterator=goto_program.instructions.begin(),
         end=goto_program.instructions.end();
-        instruction_iterator!=end;)
+      instruction_iterator!=end;)
   {
     instruction_iterator=insert_nondet_init_code(
       goto_program,

From 1e9123f0ac7b56378fb8485d50a2f6be2a4cae30 Mon Sep 17 00:00:00 2001
From: Cristina <cristina.david@gmail.com>
Date: Fri, 21 Apr 2017 14:34:26 +0100
Subject: [PATCH 207/699] Always initialise the exceptional return variable of
 the entry function

---
 src/goto-programs/remove_exceptions.cpp | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/src/goto-programs/remove_exceptions.cpp b/src/goto-programs/remove_exceptions.cpp
index 5058164147c..5726831804f 100644
--- a/src/goto-programs/remove_exceptions.cpp
+++ b/src/goto-programs/remove_exceptions.cpp
@@ -90,6 +90,26 @@ void remove_exceptionst::add_exceptional_returns(
   if(goto_program.empty())
     return;
 
+  // the entry function has already been added to the symbol table
+  // if you find it, initialise it
+  if(symbol_table.has_symbol(id2string(function_id)+EXC_SUFFIX))
+  {
+    const symbolt &symbol=
+      symbol_table.lookup(id2string(function_id)+EXC_SUFFIX);
+    symbol_exprt lhs_expr_null=symbol.symbol_expr();
+    null_pointer_exprt rhs_expr_null((pointer_typet(empty_typet())));
+    goto_programt::targett t_null=
+      goto_program.insert_before(goto_program.instructions.begin());
+    t_null->make_assignment();
+    t_null->source_location=
+      goto_program.instructions.begin()->source_location;
+    t_null->code=code_assignt(
+      lhs_expr_null,
+      rhs_expr_null);
+    t_null->function=function_id;
+    return;
+  }
+
   // We generate an exceptional return value for any function that has
   // a throw or a function call. This can be improved by only considering
   // function calls that may escape exceptions. However, this will

From 6d1feea66f519254515ade1c2b6fbce31a4af4d5 Mon Sep 17 00:00:00 2001
From: Cristina <cristina.david@gmail.com>
Date: Thu, 20 Apr 2017 11:00:46 +0100
Subject: [PATCH 208/699] Set the bytecode index for the instrumentation in
 goto_check.cpp

---
 src/analyses/goto_check.cpp | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/analyses/goto_check.cpp b/src/analyses/goto_check.cpp
index cc418d6aed9..635e0eb8f9a 100644
--- a/src/analyses/goto_check.cpp
+++ b/src/analyses/goto_check.cpp
@@ -1820,6 +1820,11 @@ void goto_checkt::goto_check(
 
         if(it->source_location.get_column()!=irep_idt())
           i_it->source_location.set_column(it->source_location.get_column());
+
+        if(mode==ID_java &&
+           it->source_location.get_java_bytecode_index()!=irep_idt())
+          i_it->source_location.set_java_bytecode_index(
+            it->source_location.get_java_bytecode_index());
       }
 
       if(i_it->function==irep_idt())

From 67961355a52e7193dcf99611884b5dcb8d5038ae Mon Sep 17 00:00:00 2001
From: Cristina <cristina.david@gmail.com>
Date: Thu, 20 Apr 2017 13:44:58 +0100
Subject: [PATCH 209/699] Added the bytecode index to the expected result of
 the regression tests

---
 regression/cbmc-java/NullPointer1/test.desc | 2 +-
 regression/cbmc-java/NullPointer4/test.desc | 2 +-
 src/analyses/goto_check.cpp                 | 3 +--
 3 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/regression/cbmc-java/NullPointer1/test.desc b/regression/cbmc-java/NullPointer1/test.desc
index d479356875a..b11a57a56fd 100644
--- a/regression/cbmc-java/NullPointer1/test.desc
+++ b/regression/cbmc-java/NullPointer1/test.desc
@@ -3,7 +3,7 @@ NullPointer1.class
 --pointer-check --stop-on-fail
 ^EXIT=10$
 ^SIGNAL=0$
-^  file NullPointer1.java line 16 function java::NullPointer1.main:\(\[Ljava/lang/String;\)V$
+^  file NullPointer1.java line 16 function java::NullPointer1.main:\(\[Ljava/lang/String;\)V bytecode_index 9$
 ^VERIFICATION FAILED$
 --
 ^warning: ignoring
diff --git a/regression/cbmc-java/NullPointer4/test.desc b/regression/cbmc-java/NullPointer4/test.desc
index 2e1b728c1fc..28c9e6f47fd 100644
--- a/regression/cbmc-java/NullPointer4/test.desc
+++ b/regression/cbmc-java/NullPointer4/test.desc
@@ -3,7 +3,7 @@ NullPointer4.class
 --pointer-check --stop-on-fail
 ^EXIT=10$
 ^SIGNAL=0$
-^  file NullPointer4.java line 6 function java::NullPointer4.main:\(\[Ljava/lang/String;\)V$
+^  file NullPointer4.java line 6 function java::NullPointer4.main:\(\[Ljava/lang/String;\)V bytecode_index 4$
 ^VERIFICATION FAILED$
 --
 ^warning: ignoring
diff --git a/src/analyses/goto_check.cpp b/src/analyses/goto_check.cpp
index 635e0eb8f9a..a6871b94d23 100644
--- a/src/analyses/goto_check.cpp
+++ b/src/analyses/goto_check.cpp
@@ -1821,8 +1821,7 @@ void goto_checkt::goto_check(
         if(it->source_location.get_column()!=irep_idt())
           i_it->source_location.set_column(it->source_location.get_column());
 
-        if(mode==ID_java &&
-           it->source_location.get_java_bytecode_index()!=irep_idt())
+        if(it->source_location.get_java_bytecode_index()!=irep_idt())
           i_it->source_location.set_java_bytecode_index(
             it->source_location.get_java_bytecode_index());
       }

From 21eeb297950fc06e830c293e015e0302fa590bbe Mon Sep 17 00:00:00 2001
From: Joel Allred <joel.allred@diffblue.com>
Date: Thu, 20 Apr 2017 09:46:20 +0100
Subject: [PATCH 210/699] Enable working smoke tests

Set the currently working some tests as CORE and link the others to
GitHub issues.
---
 regression/strings-smoke-tests/java_append_char/test.desc     | 2 +-
 regression/strings-smoke-tests/java_append_int/test.desc      | 2 +-
 regression/strings-smoke-tests/java_append_object/test.desc   | 1 +
 regression/strings-smoke-tests/java_append_string/test.desc   | 2 +-
 regression/strings-smoke-tests/java_case/test.desc            | 2 +-
 regression/strings-smoke-tests/java_char_array/test.desc      | 2 +-
 regression/strings-smoke-tests/java_char_array_init/test.desc | 1 +
 regression/strings-smoke-tests/java_char_at/test.desc         | 2 +-
 regression/strings-smoke-tests/java_code_point/test.desc      | 2 +-
 regression/strings-smoke-tests/java_compare/test.desc         | 2 +-
 regression/strings-smoke-tests/java_concat/test.desc          | 2 +-
 regression/strings-smoke-tests/java_contains/test.desc        | 3 ++-
 regression/strings-smoke-tests/java_delete/test.desc          | 2 +-
 regression/strings-smoke-tests/java_delete_char_at/test.desc  | 2 +-
 regression/strings-smoke-tests/java_empty/test.desc           | 2 +-
 regression/strings-smoke-tests/java_endswith/test.desc        | 2 +-
 regression/strings-smoke-tests/java_equal/test.desc           | 4 ++--
 regression/strings-smoke-tests/java_float/test.desc           | 2 +-
 regression/strings-smoke-tests/java_hash_code/test.desc       | 2 +-
 regression/strings-smoke-tests/java_index_of/test.desc        | 3 ++-
 regression/strings-smoke-tests/java_index_of_char/test.desc   | 3 ++-
 regression/strings-smoke-tests/java_insert_char/test.desc     | 2 +-
 .../strings-smoke-tests/java_insert_char_array/test.desc      | 2 +-
 regression/strings-smoke-tests/java_insert_int/test.desc      | 2 +-
 regression/strings-smoke-tests/java_insert_multiple/test.desc | 2 +-
 regression/strings-smoke-tests/java_insert_string/test.desc   | 2 +-
 regression/strings-smoke-tests/java_int_to_string/test.desc   | 2 +-
 regression/strings-smoke-tests/java_intern/test.desc          | 2 +-
 regression/strings-smoke-tests/java_last_index_of/test.desc   | 3 ++-
 .../strings-smoke-tests/java_last_index_of_char/test.desc     | 2 +-
 regression/strings-smoke-tests/java_length/test.desc          | 2 +-
 regression/strings-smoke-tests/java_parseint/test.desc        | 2 +-
 regression/strings-smoke-tests/java_replace/test.desc         | 3 ++-
 regression/strings-smoke-tests/java_replace_char/test.desc    | 2 +-
 regression/strings-smoke-tests/java_set_char_at/test.desc     | 2 +-
 regression/strings-smoke-tests/java_set_length/test.desc      | 4 ++--
 regression/strings-smoke-tests/java_starts_with/test.desc     | 2 +-
 .../strings-smoke-tests/java_string_builder_length/test.desc  | 2 +-
 regression/strings-smoke-tests/java_subsequence/test.desc     | 2 +-
 regression/strings-smoke-tests/java_substring/test.desc       | 2 +-
 regression/strings-smoke-tests/java_trim/test.desc            | 4 ++--
 41 files changed, 49 insertions(+), 42 deletions(-)

diff --git a/regression/strings-smoke-tests/java_append_char/test.desc b/regression/strings-smoke-tests/java_append_char/test.desc
index 0f1b3ae243f..88d1cbf2114 100644
--- a/regression/strings-smoke-tests/java_append_char/test.desc
+++ b/regression/strings-smoke-tests/java_append_char/test.desc
@@ -1,4 +1,4 @@
-FUTURE
+CORE
 test_append_char.class
 --refine-strings
 ^EXIT=0$
diff --git a/regression/strings-smoke-tests/java_append_int/test.desc b/regression/strings-smoke-tests/java_append_int/test.desc
index e1455859470..e0b30e7827d 100644
--- a/regression/strings-smoke-tests/java_append_int/test.desc
+++ b/regression/strings-smoke-tests/java_append_int/test.desc
@@ -1,4 +1,4 @@
-FUTURE
+CORE
 test_append_int.class
 --refine-strings
 ^EXIT=0$
diff --git a/regression/strings-smoke-tests/java_append_object/test.desc b/regression/strings-smoke-tests/java_append_object/test.desc
index 5db2ac1db73..787852963ed 100644
--- a/regression/strings-smoke-tests/java_append_object/test.desc
+++ b/regression/strings-smoke-tests/java_append_object/test.desc
@@ -5,3 +5,4 @@ test_append_object.class
 ^SIGNAL=0$
 ^VERIFICATION SUCCESSFUL$
 --
+Issue: diffblue/test-gen#82
diff --git a/regression/strings-smoke-tests/java_append_string/test.desc b/regression/strings-smoke-tests/java_append_string/test.desc
index 18035539d58..943ca820bcc 100644
--- a/regression/strings-smoke-tests/java_append_string/test.desc
+++ b/regression/strings-smoke-tests/java_append_string/test.desc
@@ -1,4 +1,4 @@
-FUTURE
+CORE
 test_append_string.class
 --refine-strings
 ^EXIT=0$
diff --git a/regression/strings-smoke-tests/java_case/test.desc b/regression/strings-smoke-tests/java_case/test.desc
index e01a5054419..9a254ae3484 100644
--- a/regression/strings-smoke-tests/java_case/test.desc
+++ b/regression/strings-smoke-tests/java_case/test.desc
@@ -1,4 +1,4 @@
-FUTURE
+CORE
 test_case.class
 --refine-strings
 ^EXIT=0$
diff --git a/regression/strings-smoke-tests/java_char_array/test.desc b/regression/strings-smoke-tests/java_char_array/test.desc
index ecce56c1ab8..efb6ad4c5d7 100644
--- a/regression/strings-smoke-tests/java_char_array/test.desc
+++ b/regression/strings-smoke-tests/java_char_array/test.desc
@@ -1,4 +1,4 @@
-FUTURE
+CORE
 test_char_array.class
 --refine-strings
 ^EXIT=0$
diff --git a/regression/strings-smoke-tests/java_char_array_init/test.desc b/regression/strings-smoke-tests/java_char_array_init/test.desc
index fc1cde2392c..04096a8a984 100644
--- a/regression/strings-smoke-tests/java_char_array_init/test.desc
+++ b/regression/strings-smoke-tests/java_char_array_init/test.desc
@@ -5,3 +5,4 @@ test_init.class
 ^SIGNAL=0$
 ^VERIFICATION SUCCESSFUL$
 --
+cbmc/test-gen#259
diff --git a/regression/strings-smoke-tests/java_char_at/test.desc b/regression/strings-smoke-tests/java_char_at/test.desc
index 5bf29fc7a4d..f2d5ecad6c7 100644
--- a/regression/strings-smoke-tests/java_char_at/test.desc
+++ b/regression/strings-smoke-tests/java_char_at/test.desc
@@ -1,4 +1,4 @@
-FUTURE
+CORE
 test_char_at.class
 --refine-strings
 ^EXIT=0$
diff --git a/regression/strings-smoke-tests/java_code_point/test.desc b/regression/strings-smoke-tests/java_code_point/test.desc
index 012c7c3501b..e3be9616fa5 100644
--- a/regression/strings-smoke-tests/java_code_point/test.desc
+++ b/regression/strings-smoke-tests/java_code_point/test.desc
@@ -1,4 +1,4 @@
-FUTURE
+CORE
 test_code_point.class
 --refine-strings
 ^EXIT=0$
diff --git a/regression/strings-smoke-tests/java_compare/test.desc b/regression/strings-smoke-tests/java_compare/test.desc
index 38aa025f416..9e6810476b9 100644
--- a/regression/strings-smoke-tests/java_compare/test.desc
+++ b/regression/strings-smoke-tests/java_compare/test.desc
@@ -1,4 +1,4 @@
-FUTURE
+CORE
 test_compare.class
 --refine-strings
 ^EXIT=0$
diff --git a/regression/strings-smoke-tests/java_concat/test.desc b/regression/strings-smoke-tests/java_concat/test.desc
index fb784efd723..2dcca464779 100644
--- a/regression/strings-smoke-tests/java_concat/test.desc
+++ b/regression/strings-smoke-tests/java_concat/test.desc
@@ -1,4 +1,4 @@
-FUTURE
+CORE
 test_concat.class
 --refine-strings
 ^EXIT=10$
diff --git a/regression/strings-smoke-tests/java_contains/test.desc b/regression/strings-smoke-tests/java_contains/test.desc
index 2b96346d718..e40d51aa473 100644
--- a/regression/strings-smoke-tests/java_contains/test.desc
+++ b/regression/strings-smoke-tests/java_contains/test.desc
@@ -1,4 +1,4 @@
-FUTURE
+KNOWNBUG
 test_contains.class
 --refine-strings
 ^EXIT=10$
@@ -6,3 +6,4 @@ test_contains.class
 ^\[.*assertion.1\].* line 8.* SUCCESS$
 ^\[.*assertion.2\].* line 9.* FAILURE$
 --
+Issue: diffblue/test-gen#201
diff --git a/regression/strings-smoke-tests/java_delete/test.desc b/regression/strings-smoke-tests/java_delete/test.desc
index 27a1406cdb7..f0c0aedda91 100644
--- a/regression/strings-smoke-tests/java_delete/test.desc
+++ b/regression/strings-smoke-tests/java_delete/test.desc
@@ -1,4 +1,4 @@
-FUTURE
+CORE
 test_delete.class
 --refine-strings
 ^EXIT=0$
diff --git a/regression/strings-smoke-tests/java_delete_char_at/test.desc b/regression/strings-smoke-tests/java_delete_char_at/test.desc
index 94ba56a2c54..d415d16e9b6 100644
--- a/regression/strings-smoke-tests/java_delete_char_at/test.desc
+++ b/regression/strings-smoke-tests/java_delete_char_at/test.desc
@@ -1,4 +1,4 @@
-FUTURE
+CORE
 test_delete_char_at.class
 --refine-strings
 ^EXIT=0$
diff --git a/regression/strings-smoke-tests/java_empty/test.desc b/regression/strings-smoke-tests/java_empty/test.desc
index 9951c8a13ee..181ff4ee5fd 100644
--- a/regression/strings-smoke-tests/java_empty/test.desc
+++ b/regression/strings-smoke-tests/java_empty/test.desc
@@ -1,4 +1,4 @@
-FUTURE
+CORE
 test_empty.class
 --refine-strings
 ^EXIT=0$
diff --git a/regression/strings-smoke-tests/java_endswith/test.desc b/regression/strings-smoke-tests/java_endswith/test.desc
index 0461a3e50e6..8b058f48d78 100644
--- a/regression/strings-smoke-tests/java_endswith/test.desc
+++ b/regression/strings-smoke-tests/java_endswith/test.desc
@@ -1,4 +1,4 @@
-FUTURE
+CORE
 test_endswith.class
 --refine-strings
 ^EXIT=10$
diff --git a/regression/strings-smoke-tests/java_equal/test.desc b/regression/strings-smoke-tests/java_equal/test.desc
index 05f0f383230..964c3b72bae 100644
--- a/regression/strings-smoke-tests/java_equal/test.desc
+++ b/regression/strings-smoke-tests/java_equal/test.desc
@@ -1,6 +1,6 @@
-FUTURE
+CORE
 test_equal.class
---refine-strings
+--refine-strings --string-max-length 100 --string-max-length 100
 ^EXIT=10$
 ^SIGNAL=0$
 ^\[.*assertion.1\].* line 8.* FAILURE$
diff --git a/regression/strings-smoke-tests/java_float/test.desc b/regression/strings-smoke-tests/java_float/test.desc
index 427d1fca836..e81b6b4feba 100644
--- a/regression/strings-smoke-tests/java_float/test.desc
+++ b/regression/strings-smoke-tests/java_float/test.desc
@@ -1,4 +1,4 @@
-FUTURE
+CORE
 test_float.class
 --refine-strings
 ^EXIT=0$
diff --git a/regression/strings-smoke-tests/java_hash_code/test.desc b/regression/strings-smoke-tests/java_hash_code/test.desc
index 2db8d7116f9..fc628393186 100644
--- a/regression/strings-smoke-tests/java_hash_code/test.desc
+++ b/regression/strings-smoke-tests/java_hash_code/test.desc
@@ -1,4 +1,4 @@
-FUTURE
+CORE
 test_hash_code.class
 --refine-strings
 ^EXIT=10$
diff --git a/regression/strings-smoke-tests/java_index_of/test.desc b/regression/strings-smoke-tests/java_index_of/test.desc
index f2fa825597d..6033af25d1b 100644
--- a/regression/strings-smoke-tests/java_index_of/test.desc
+++ b/regression/strings-smoke-tests/java_index_of/test.desc
@@ -1,7 +1,8 @@
-FUTURE
+KNOWNBUG
 test_index_of.class
 --refine-strings
 ^EXIT=0$
 ^SIGNAL=0$
 ^VERIFICATION SUCCESSFUL$
 --
+Issue: cbmc/test-gen#77
diff --git a/regression/strings-smoke-tests/java_index_of_char/test.desc b/regression/strings-smoke-tests/java_index_of_char/test.desc
index 63382a455f3..a95467b52e4 100644
--- a/regression/strings-smoke-tests/java_index_of_char/test.desc
+++ b/regression/strings-smoke-tests/java_index_of_char/test.desc
@@ -1,7 +1,8 @@
-FUTURE
+CORE
 test_index_of_char.class
 --refine-strings
 ^EXIT=0$
 ^SIGNAL=0$
 ^VERIFICATION SUCCESSFUL$
 --
+Issue: cbmc/test-gen#77
diff --git a/regression/strings-smoke-tests/java_insert_char/test.desc b/regression/strings-smoke-tests/java_insert_char/test.desc
index 77d3ce2ebd9..0e9a06d5afb 100644
--- a/regression/strings-smoke-tests/java_insert_char/test.desc
+++ b/regression/strings-smoke-tests/java_insert_char/test.desc
@@ -1,4 +1,4 @@
-FUTURE
+CORE
 test_insert_char.class
 --refine-strings
 ^EXIT=0$
diff --git a/regression/strings-smoke-tests/java_insert_char_array/test.desc b/regression/strings-smoke-tests/java_insert_char_array/test.desc
index d48c601b61b..082771dd2db 100644
--- a/regression/strings-smoke-tests/java_insert_char_array/test.desc
+++ b/regression/strings-smoke-tests/java_insert_char_array/test.desc
@@ -1,4 +1,4 @@
-FUTURE
+CORE
 test_insert_char_array.class
 --refine-strings
 ^EXIT=0$
diff --git a/regression/strings-smoke-tests/java_insert_int/test.desc b/regression/strings-smoke-tests/java_insert_int/test.desc
index dc039fedbea..df87a5f5728 100644
--- a/regression/strings-smoke-tests/java_insert_int/test.desc
+++ b/regression/strings-smoke-tests/java_insert_int/test.desc
@@ -1,4 +1,4 @@
-FUTURE
+CORE
 test_insert_int.class
 --refine-strings
 ^EXIT=0$
diff --git a/regression/strings-smoke-tests/java_insert_multiple/test.desc b/regression/strings-smoke-tests/java_insert_multiple/test.desc
index 983d416dd3b..bb9a23f1b5c 100644
--- a/regression/strings-smoke-tests/java_insert_multiple/test.desc
+++ b/regression/strings-smoke-tests/java_insert_multiple/test.desc
@@ -1,4 +1,4 @@
-FUTURE
+CORE
 test_insert_multiple.class
 --refine-strings
 ^EXIT=0$
diff --git a/regression/strings-smoke-tests/java_insert_string/test.desc b/regression/strings-smoke-tests/java_insert_string/test.desc
index b438d32d6d9..44bf9f268d9 100644
--- a/regression/strings-smoke-tests/java_insert_string/test.desc
+++ b/regression/strings-smoke-tests/java_insert_string/test.desc
@@ -1,4 +1,4 @@
-FUTURE
+CORE
 test_insert_string.class
 --refine-strings
 ^EXIT=0$
diff --git a/regression/strings-smoke-tests/java_int_to_string/test.desc b/regression/strings-smoke-tests/java_int_to_string/test.desc
index a615a10f538..38fa5289bd2 100644
--- a/regression/strings-smoke-tests/java_int_to_string/test.desc
+++ b/regression/strings-smoke-tests/java_int_to_string/test.desc
@@ -1,4 +1,4 @@
-FUTURE
+CORE
 test_int.class
 --refine-strings
 ^EXIT=0$
diff --git a/regression/strings-smoke-tests/java_intern/test.desc b/regression/strings-smoke-tests/java_intern/test.desc
index 645e267029c..c8d0eea43bd 100644
--- a/regression/strings-smoke-tests/java_intern/test.desc
+++ b/regression/strings-smoke-tests/java_intern/test.desc
@@ -1,4 +1,4 @@
-FUTURE
+CORE
 test_intern.class
 --refine-strings
 ^EXIT=0$
diff --git a/regression/strings-smoke-tests/java_last_index_of/test.desc b/regression/strings-smoke-tests/java_last_index_of/test.desc
index 77bc5b7f18f..5ee1604e846 100644
--- a/regression/strings-smoke-tests/java_last_index_of/test.desc
+++ b/regression/strings-smoke-tests/java_last_index_of/test.desc
@@ -1,7 +1,8 @@
-FUTURE
+KNOWNBUG
 test_last_index_of.class
 --refine-strings
 ^EXIT=0$
 ^SIGNAL=0$
 ^VERIFICATION SUCCESSFUL$
 --
+Issue: diffblue/test-gen#77
diff --git a/regression/strings-smoke-tests/java_last_index_of_char/test.desc b/regression/strings-smoke-tests/java_last_index_of_char/test.desc
index 3e9a3d4b547..aa88fc5f6ef 100644
--- a/regression/strings-smoke-tests/java_last_index_of_char/test.desc
+++ b/regression/strings-smoke-tests/java_last_index_of_char/test.desc
@@ -1,4 +1,4 @@
-FUTURE
+CORE
 test_last_index_of_char.class
 --refine-strings
 ^EXIT=0$
diff --git a/regression/strings-smoke-tests/java_length/test.desc b/regression/strings-smoke-tests/java_length/test.desc
index 913afbf13c7..d7f0e02feca 100644
--- a/regression/strings-smoke-tests/java_length/test.desc
+++ b/regression/strings-smoke-tests/java_length/test.desc
@@ -1,4 +1,4 @@
-FUTURE
+CORE
 test_length.class
 --refine-strings
 ^EXIT=0$
diff --git a/regression/strings-smoke-tests/java_parseint/test.desc b/regression/strings-smoke-tests/java_parseint/test.desc
index 9cb70f5a957..6a513e61deb 100644
--- a/regression/strings-smoke-tests/java_parseint/test.desc
+++ b/regression/strings-smoke-tests/java_parseint/test.desc
@@ -1,4 +1,4 @@
-FUTURE
+CORE
 test_parseint.class
 --refine-strings
 ^EXIT=10$
diff --git a/regression/strings-smoke-tests/java_replace/test.desc b/regression/strings-smoke-tests/java_replace/test.desc
index 59c7d326a0b..d86aae6b5a9 100644
--- a/regression/strings-smoke-tests/java_replace/test.desc
+++ b/regression/strings-smoke-tests/java_replace/test.desc
@@ -1,7 +1,8 @@
 FUTURE
 test_replace.class
---refine-strings
+--refine-strings --string-max-length 100
 ^EXIT=0$
 ^SIGNAL=0$
 ^VERIFICATION SUCCESSFUL$
 --
+diffblue/test-gen#256
diff --git a/regression/strings-smoke-tests/java_replace_char/test.desc b/regression/strings-smoke-tests/java_replace_char/test.desc
index 528d4eead6c..5c336326e5d 100644
--- a/regression/strings-smoke-tests/java_replace_char/test.desc
+++ b/regression/strings-smoke-tests/java_replace_char/test.desc
@@ -1,4 +1,4 @@
-FUTURE
+CORE
 test_replace_char.class
 --refine-strings
 ^EXIT=0$
diff --git a/regression/strings-smoke-tests/java_set_char_at/test.desc b/regression/strings-smoke-tests/java_set_char_at/test.desc
index 650e7712278..1c471d0194a 100644
--- a/regression/strings-smoke-tests/java_set_char_at/test.desc
+++ b/regression/strings-smoke-tests/java_set_char_at/test.desc
@@ -1,4 +1,4 @@
-FUTURE
+CORE
 test_set_char_at.class
 --refine-strings
 ^EXIT=0$
diff --git a/regression/strings-smoke-tests/java_set_length/test.desc b/regression/strings-smoke-tests/java_set_length/test.desc
index ab59e459eb1..d19eb265fa4 100644
--- a/regression/strings-smoke-tests/java_set_length/test.desc
+++ b/regression/strings-smoke-tests/java_set_length/test.desc
@@ -1,6 +1,6 @@
-FUTURE
+CORE
 test_set_length.class
---refine-strings
+--refine-strings --string-max-length 100
 ^EXIT=10$
 ^SIGNAL=0$
 ^\[.*assertion.1\].* line 8.* SUCCESS$
diff --git a/regression/strings-smoke-tests/java_starts_with/test.desc b/regression/strings-smoke-tests/java_starts_with/test.desc
index 5c5d85565c2..ec6b84102f2 100644
--- a/regression/strings-smoke-tests/java_starts_with/test.desc
+++ b/regression/strings-smoke-tests/java_starts_with/test.desc
@@ -1,4 +1,4 @@
-FUTURE
+CORE
 test_starts_with.class
 --refine-strings
 ^EXIT=10$
diff --git a/regression/strings-smoke-tests/java_string_builder_length/test.desc b/regression/strings-smoke-tests/java_string_builder_length/test.desc
index ba9187109ed..2a37e02a36c 100644
--- a/regression/strings-smoke-tests/java_string_builder_length/test.desc
+++ b/regression/strings-smoke-tests/java_string_builder_length/test.desc
@@ -1,4 +1,4 @@
-FUTURE
+CORE
 test_sb_length.class
 --refine-strings
 ^EXIT=0$
diff --git a/regression/strings-smoke-tests/java_subsequence/test.desc b/regression/strings-smoke-tests/java_subsequence/test.desc
index 34585a7900d..df3cc28619f 100644
--- a/regression/strings-smoke-tests/java_subsequence/test.desc
+++ b/regression/strings-smoke-tests/java_subsequence/test.desc
@@ -1,4 +1,4 @@
-FUTURE
+CORE
 test_subsequence.class
 --refine-strings
 ^EXIT=0$
diff --git a/regression/strings-smoke-tests/java_substring/test.desc b/regression/strings-smoke-tests/java_substring/test.desc
index 8a29460f529..26ec800cfac 100644
--- a/regression/strings-smoke-tests/java_substring/test.desc
+++ b/regression/strings-smoke-tests/java_substring/test.desc
@@ -1,4 +1,4 @@
-FUTURE
+CORE
 test_substring.class
 --refine-strings
 ^EXIT=0$
diff --git a/regression/strings-smoke-tests/java_trim/test.desc b/regression/strings-smoke-tests/java_trim/test.desc
index c7a307c37ed..171ada28356 100644
--- a/regression/strings-smoke-tests/java_trim/test.desc
+++ b/regression/strings-smoke-tests/java_trim/test.desc
@@ -1,6 +1,6 @@
-FUTURE
+CORE
 test_trim.class
---refine-strings
+--refine-strings --string-max-length 100
 ^EXIT=10$
 ^SIGNAL=0$
 ^\[.*assertion.1\].* line 6.* SUCCESS$

From 95844654fcfb0e7754a77e789eeb4ef9b9780fff Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Thu, 13 Apr 2017 15:55:07 +0100
Subject: [PATCH 211/699] Correction in add_axioms_for_set_length

This corrects issue diffblue/test-gen#244

There was a an error in add_axioms_for_set_length: |s1| was compared
to idx instead of comparing k to idx.
The second assertion was splitted into two to make constraints clearer.

Applied changes requested by Matthias
---
 ...ng_constraint_generator_transformation.cpp | 23 ++++++++++++-------
 1 file changed, 15 insertions(+), 8 deletions(-)

diff --git a/src/solvers/refinement/string_constraint_generator_transformation.cpp b/src/solvers/refinement/string_constraint_generator_transformation.cpp
index f27fe5d4317..c110f636c43 100644
--- a/src/solvers/refinement/string_constraint_generator_transformation.cpp
+++ b/src/solvers/refinement/string_constraint_generator_transformation.cpp
@@ -36,22 +36,29 @@ string_exprt string_constraint_generatort::add_axioms_for_set_length(
 
   // We add axioms:
   // a1 : |res|=k
-  // a2 : forall i<k. (i<k ==> s[i]=s1[i]) &&(i >= k ==> s[i]=0)
+  // a2 : forall i<|s1|. i < |res|  ==> res[i] = s1[i]
+  // a3 : forall i<|s1|. i >= |res| ==> res[i] = 0
 
   axioms.push_back(res.axiom_for_has_length(k));
 
   symbol_exprt idx=fresh_univ_index(
     "QA_index_set_length", ref_type.get_index_type());
   string_constraintt a2(
-    idx, k, and_exprt(
-      implies_exprt(
-        s1.axiom_for_is_strictly_longer_than(idx),
-        equal_exprt(s1[idx], res[idx])),
-      implies_exprt(
-        s1.axiom_for_is_shorter_than(idx),
-        equal_exprt(s1[idx], constant_char(0, ref_type.get_char_type())))));
+    idx,
+    s1.length(),
+    res.axiom_for_is_strictly_longer_than(idx),
+    equal_exprt(s1[idx], res[idx]));
   axioms.push_back(a2);
 
+  symbol_exprt idx2=fresh_univ_index(
+    "QA_index_set_length2", ref_type.get_index_type());
+  string_constraintt a3(
+    idx2,
+    s1.length(),
+    res.axiom_for_is_shorter_than(idx2),
+    equal_exprt(res[idx2], constant_char(0, ref_type.get_char_type())));
+  axioms.push_back(a3);
+
   return res;
 }
 

From 7cf1c92d44a81dcaf506a171e5ed01d6632933c9 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Fri, 7 Apr 2017 16:56:04 +0100
Subject: [PATCH 212/699] Fixes in pre-processing for issue #170

Do not force return type of StringBuilder functions

This was causing some type problems because the return types and the
lhs do not match.
As a consequence some equalities were ignored by the string solver.

Get rid of typecasts

These are not needed and may result in incorrect type later.
---
 .../string_refine_preprocess.cpp              | 28 ++++++++-----------
 1 file changed, 11 insertions(+), 17 deletions(-)

diff --git a/src/goto-programs/string_refine_preprocess.cpp b/src/goto-programs/string_refine_preprocess.cpp
index f6e2b432c92..8e220d234d5 100644
--- a/src/goto-programs/string_refine_preprocess.cpp
+++ b/src/goto-programs/string_refine_preprocess.cpp
@@ -648,19 +648,15 @@ void string_refine_preprocesst::make_string_function(
   {
     if(signature.back()=='S')
     {
-      code_typet ft=function_type;
-      ft.return_type()=jls_ptr;
-      typecast_exprt lhs2(lhs, jls_ptr);
-
       make_string_assign(
         goto_program,
         target,
-        lhs2,
-        ft,
+        lhs,
+        function_type,
         function_name,
         arguments,
         location,
-         signature);
+        signature);
     }
     else
       make_normal_assign(
@@ -746,6 +742,7 @@ void string_refine_preprocesst::make_string_function(
 
   std::string new_sig=signature;
   exprt lhs;
+
   if(assign_first_arg)
   {
     assert(!function_call.arguments().empty());
@@ -759,9 +756,6 @@ void string_refine_preprocesst::make_string_function(
   else
     lhs=function_call.lhs();
 
-  if(lhs.id()==ID_typecast)
-    lhs=to_typecast_expr(lhs).op();
-
   new_type.return_type()=lhs.type();
 
   make_string_function(
@@ -1400,19 +1394,19 @@ void string_refine_preprocesst::initialize_string_function_table()
   signatures["java::java.lang.String.contains:(Ljava/lang/CharSequence;)Z"]=
     "SSZ";
   signatures["java::java.lang.StringBuilder.insert:(IZ)"
-             "Ljava/lang/StringBuilder;"]="SIZS";
+             "Ljava/lang/StringBuilder;"]="SIZ_";
   signatures["java::java.lang.StringBuilder.insert:(IJ)"
-             "Ljava/lang/StringBuilder;"]="SIJS";
+             "Ljava/lang/StringBuilder;"]="SIJ_";
   signatures["java::java.lang.StringBuilder.insert:(II)"
-             "Ljava/lang/StringBuilder;"]="SIIS";
+             "Ljava/lang/StringBuilder;"]="SII_";
   signatures["java::java.lang.StringBuilder.insert:(IC)"
-             "Ljava/lang/StringBuilder;"]="SICS";
+             "Ljava/lang/StringBuilder;"]="SIC_";
   signatures["java::java.lang.StringBuilder.insert:(ILjava/lang/String;)"
-             "Ljava/lang/StringBuilder;"]="SISS";
+             "Ljava/lang/StringBuilder;"]="SIS_";
   signatures["java::java.lang.StringBuilder.insert:(ILjava/lang/String;)"
-             "Ljava/lang/StringBuilder;"]="SISS";
+             "Ljava/lang/StringBuilder;"]="SIS_";
   signatures["java::java.lang.StringBuilder.insert:(I[C)"
-             "Ljava/lang/StringBuilder;"]="SI[S";
+             "Ljava/lang/StringBuilder;"]="SI[_";
   signatures["java::java.lang.String.intern:()Ljava/lang/String;"]="SV";
 }
 

From 6b24ec76dbf83dc64f282ac20d82739f13958c21 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Thu, 13 Apr 2017 17:44:11 +0100
Subject: [PATCH 213/699] Implement StringBuffer methods

Addresses issue diffblue/test-gen#245.

This adds preprocessing for StringBuffer methods
---
 .../string_refine_preprocess.cpp              | 151 +++++++++++++++++-
 src/goto-programs/string_refine_preprocess.h  |   5 +
 2 files changed, 153 insertions(+), 3 deletions(-)

diff --git a/src/goto-programs/string_refine_preprocess.cpp b/src/goto-programs/string_refine_preprocess.cpp
index f6e2b432c92..26abe8d2dc6 100644
--- a/src/goto-programs/string_refine_preprocess.cpp
+++ b/src/goto-programs/string_refine_preprocess.cpp
@@ -123,6 +123,44 @@ bool string_refine_preprocesst::is_java_string_builder_pointer_type(
 
 /*******************************************************************\
 
+Function: string_refine_preprocesst::is_java_string_buffer_type
+
+  Inputs: a type
+
+ Outputs: Boolean telling whether the type is that of java string buffer
+
+\*******************************************************************/
+
+bool string_refine_preprocesst::is_java_string_buffer_type(const typet &type)
+{
+  return check_java_type(type, "java.lang.StringBuffer");
+}
+
+/*******************************************************************\
+
+Function: string_refine_preprocesst::is_java_string_buffer_pointer_type
+
+  Inputs: a type
+
+ Outputs: Boolean telling whether the type is that of java StringBuffer
+          pointers
+
+\*******************************************************************/
+
+bool string_refine_preprocesst::is_java_string_buffer_pointer_type(
+  const typet &type)
+{
+  if(type.id()==ID_pointer)
+  {
+    const pointer_typet &pt=to_pointer_type(type);
+    const typet &subtype=pt.subtype();
+    return is_java_string_buffer_type(subtype);
+  }
+  return false;
+}
+
+/*******************************************************************\
+
 Function: string_refine_preprocesst::is_java_char_sequence_type
 
   Inputs: a type
@@ -315,9 +353,7 @@ Function: string_refine_preprocesst::get_data_and_length_type_of_string
 void string_refine_preprocesst::get_data_and_length_type_of_string(
   const exprt &expr, typet &data_type, typet &length_type)
 {
-  assert(is_java_string_type(expr.type()) ||
-         is_java_string_builder_type(expr.type()) ||
-         is_java_char_sequence_type(expr.type()));
+  assert(implements_java_char_sequence(pointer_typet(expr.type())));
   typet object_type=ns.follow(expr.type());
   const struct_typet &struct_type=to_struct_type(object_type);
   for(const auto &component : struct_type.components())
@@ -1351,6 +1387,115 @@ void string_refine_preprocesst::initialize_string_function_table()
   // Not supported "java.lang.StringBuilder.trimToSize"
   // TODO clean irep ids from insert_char_array etc...
 
+  // StringBuffer library
+  string_function_calls
+    ["java::java.lang.StringBuffer.<init>:(Ljava/lang/String;)V"]=
+    ID_cprover_string_copy_func;
+  string_function_calls["java::java.lang.StringBuffer.<init>:()V"]=
+    ID_cprover_string_empty_string_func;
+
+  side_effect_functions
+    ["java::java.lang.StringBuffer.append:(Z)Ljava/lang/StringBuffer;"]=
+    ID_cprover_string_concat_bool_func;
+  side_effect_functions
+    ["java::java.lang.StringBuffer.append:(C)Ljava/lang/StringBuffer;"]=
+    ID_cprover_string_concat_char_func;
+  side_effect_functions
+    ["java::java.lang.StringBuffer.append:([C)"
+      "Ljava/lang/StringBuffer;"]=
+    ID_cprover_string_concat_func;
+  // Not supported: "java.lang.StringBuffer.append:([CII)"
+  // Not supported: "java.lang.StringBuffer.append:(LCharSequence;)"
+  side_effect_functions
+    ["java::java.lang.StringBuffer.append:(D)Ljava/lang/StringBuffer;"]=
+    ID_cprover_string_concat_double_func;
+  side_effect_functions
+    ["java::java.lang.StringBuffer.append:(F)Ljava/lang/StringBuffer;"]=
+    ID_cprover_string_concat_float_func;
+  side_effect_functions
+    ["java::java.lang.StringBuffer.append:(I)Ljava/lang/StringBuffer;"]=
+    ID_cprover_string_concat_int_func;
+  side_effect_functions
+    ["java::java.lang.StringBuffer.append:(J)Ljava/lang/StringBuffer;"]=
+    ID_cprover_string_concat_long_func;
+  // Not supported: "java.lang.StringBuffer.append:(LObject;)"
+  side_effect_functions
+    ["java::java.lang.StringBuffer.append:(Ljava/lang/String;)"
+      "Ljava/lang/StringBuffer;"]=
+    ID_cprover_string_concat_func;
+  side_effect_functions
+    ["java::java.lang.StringBuffer.appendCodePoint:(I)"
+     "Ljava/lang/StringBuffer;"]=
+    ID_cprover_string_concat_code_point_func;
+  // Not supported: "java.lang.StringBuffer.append:(Ljava/lang/StringBuffer;)"
+  // Not supported: "java.lang.StringBuffer.capacity:()"
+  string_functions["java::java.lang.StringBuffer.charAt:(I)C"]=
+    ID_cprover_string_char_at_func;
+  string_functions["java::java.lang.StringBuffer.codePointAt:(I)I"]=
+    ID_cprover_string_code_point_at_func;
+  string_functions["java::java.lang.StringBuffer.codePointBefore:(I)I"]=
+    ID_cprover_string_code_point_before_func;
+  string_functions["java::java.lang.StringBuffer.codePointCount:(II)I"]=
+    ID_cprover_string_code_point_count_func;
+  side_effect_functions
+    ["java::java.lang.StringBuffer.delete:(II)Ljava/lang/StringBuffer;"]=
+    ID_cprover_string_delete_func;
+  side_effect_functions
+    ["java::java.lang.StringBuffer.deleteCharAt:(I)Ljava/lang/StringBuffer;"]=
+    ID_cprover_string_delete_char_at_func;
+  // Not supported: "java.lang.StringBuffer.ensureCapacity:()"
+  // Not supported: "java.lang.StringBuffer.getChars:()"
+  // Not supported: "java.lang.StringBuffer.indexOf:()"
+  side_effect_functions
+    ["java::java.lang.StringBuffer.insert:(IZ)Ljava/lang/StringBuffer;"]=
+    ID_cprover_string_insert_bool_func;
+  side_effect_functions
+    ["java::java.lang.StringBuffer.insert:(IC)Ljava/lang/StringBuffer;"]=
+    ID_cprover_string_insert_char_func;
+  side_effect_functions
+    ["java::java.lang.StringBuffer.insert:(I[C)Ljava/lang/StringBuffer;"]=
+    ID_cprover_string_insert_func;
+  side_effect_functions
+    ["java::java.lang.StringBuffer.insert:(I[CII)Ljava/lang/StringBuffer;"]=
+    ID_cprover_string_insert_func;
+  // Not supported "java.lang.StringBuffer.insert:(ILCharSequence;)"
+  // Not supported "java.lang.StringBuffer.insert:(ILCharSequence;II)"
+  // Not supported "java.lang.StringBuffer.insert:(ID)"
+  // Not supported "java.lang.StringBuffer.insert:(IF)"
+  side_effect_functions
+    ["java::java.lang.StringBuffer.insert:(II)Ljava/lang/StringBuffer;"]=
+    ID_cprover_string_insert_int_func;
+  side_effect_functions
+    ["java::java.lang.StringBuffer.insert:(IJ)Ljava/lang/StringBuffer;"]=
+    ID_cprover_string_insert_long_func;
+  // Not supported "java.lang.StringBuffer.insert:(ILObject;)"
+  side_effect_functions
+    ["java::java.lang.StringBuffer.insert:(ILjava/lang/String;)"
+     "Ljava/lang/StringBuffer;"]=
+    ID_cprover_string_insert_func;
+  // Not supported "java.lang.StringBuffer.lastIndexOf"
+  string_functions["java::java.lang.StringBuffer.length:()I"]=
+    ID_cprover_string_length_func;
+  // Not supported "java.lang.StringBuffer.offsetByCodePoints"
+  // Not supported "java.lang.StringBuffer.replace"
+  // Not supported "java.lang.StringBuffer.reverse"
+  side_effect_functions["java::java.lang.StringBuffer.setCharAt:(IC)V"]=
+    ID_cprover_string_char_set_func;
+  side_effect_functions
+    ["java::java.lang.StringBuffer.setLength:(I)V"]=
+    ID_cprover_string_set_length_func;
+  // Not supported "java.lang.StringBuffer.subSequence"
+  string_functions
+    ["java::java.lang.StringBuffer.substring:(II)Ljava/lang/String;"]=
+    ID_cprover_string_substring_func;
+  string_functions
+    ["java::java.lang.StringBuffer.substring:(I)Ljava/lang/String;"]=
+    ID_cprover_string_substring_func;
+  string_functions
+    ["java::java.lang.StringBuffer.toString:()Ljava/lang/String;"]=
+    ID_cprover_string_copy_func;
+  // Not supported "java.lang.StringBuffer.trimToSize"
+
   // Other libraries
   string_functions["java::java.lang.CharSequence.charAt:(I)C"]=
     ID_cprover_string_char_at_func;
diff --git a/src/goto-programs/string_refine_preprocess.h b/src/goto-programs/string_refine_preprocess.h
index 5ae398b757a..df419c73750 100644
--- a/src/goto-programs/string_refine_preprocess.h
+++ b/src/goto-programs/string_refine_preprocess.h
@@ -53,6 +53,10 @@ class string_refine_preprocesst:public messaget
 
   static bool is_java_string_builder_pointer_type(const typet &type);
 
+  static bool is_java_string_buffer_type(const typet &type);
+
+  static bool is_java_string_buffer_pointer_type(const typet &type);
+
   static bool is_java_char_sequence_type(const typet &type);
 
   static bool is_java_char_sequence_pointer_type(const typet &type);
@@ -66,6 +70,7 @@ class string_refine_preprocesst:public messaget
       return
         is_java_char_sequence_pointer_type(type) ||
         is_java_string_builder_pointer_type(type) ||
+        is_java_string_buffer_pointer_type(type) ||
         is_java_string_pointer_type(type);
   }
 

From 2c78d4648103085d59348db07d3a1d5c7bcd55e7 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Thu, 13 Apr 2017 13:34:42 +0100
Subject: [PATCH 214/699] Correcting constraints for conversion from int
 diffblue/test-gen#241

The first two constraints that were previously added in
add_axioms_from_int were not enough to ensure correctness.
They are replaced here by:
 *  a1 : i < 0 => 1 <|res|<=max_size && res[0]='-'
 *  a2 : i >= 0 => 0 <|res|<=max_size-1 && '0'<=res[0]<='9'

Clarifications in add_axioms_from_int diffblue/test-gen#241
We make the code clearer and add overflow checks.

Corrections after Peter's review.
---
 .../string_constraint_generator_valueof.cpp   | 155 +++++++-----------
 1 file changed, 63 insertions(+), 92 deletions(-)

diff --git a/src/solvers/refinement/string_constraint_generator_valueof.cpp b/src/solvers/refinement/string_constraint_generator_valueof.cpp
index edff2d726e7..d967e5bb820 100644
--- a/src/solvers/refinement/string_constraint_generator_valueof.cpp
+++ b/src/solvers/refinement/string_constraint_generator_valueof.cpp
@@ -267,23 +267,6 @@ string_exprt string_constraint_generatort::add_axioms_from_bool(
 
 /*******************************************************************\
 
-Function: smallest_by_digit
-
-  Inputs: number of digit
-
- Outputs: an integer with the right number of digit
-
- Purpose: gives the smallest integer with the specified number of digits
-
-\*******************************************************************/
-
-static mp_integer smallest_by_digit(int nb)
-{
-  return power(10, nb-1);
-}
-
-/*******************************************************************\
-
 Function: string_constraint_generatort::add_axioms_from_int
 
   Inputs: a signed integer expression, and a maximal size for the string
@@ -313,102 +296,90 @@ string_exprt string_constraint_generatort::add_axioms_from_int(
   exprt max=from_integer(max_size, index_type);
 
   // We add axioms:
-  // a1 : 0 <|res|<=max_size
-  // a2 : (res[0]='-')||('0'<=res[0]<='9')
-
-  and_exprt a1(res.axiom_for_is_strictly_longer_than(zero),
-               res.axiom_for_is_shorter_than(max));
+  // a1 : i < 0 => 1 <|res|<=max_size && res[0]='-'
+  // a2 : i >= 0 => 0 <|res|<=max_size-1 && '0'<=res[0]<='9'
+  // a3 : |res|>1 && '0'<=res[0]<='9' => res[0]!='0'
+  // a4 : |res|>1 && res[0]='-' => res[1]!='0'
+
+  binary_relation_exprt is_negative(i, ID_lt, zero);
+  and_exprt correct_length1(
+    res.axiom_for_is_strictly_longer_than(1),
+    res.axiom_for_is_shorter_than(max));
+  equal_exprt starts_with_minus(res[0], minus_char);
+  implies_exprt a1(is_negative, and_exprt(correct_length1, starts_with_minus));
   axioms.push_back(a1);
 
-  exprt chr=res[0];
-  equal_exprt starts_with_minus(chr, minus_char);
+  not_exprt is_positive(is_negative);
   and_exprt starts_with_digit(
-    binary_relation_exprt(chr, ID_ge, zero_char),
-    binary_relation_exprt(chr, ID_le, nine_char));
-  or_exprt a2(starts_with_digit, starts_with_minus);
+    binary_relation_exprt(res[0], ID_ge, zero_char),
+    binary_relation_exprt(res[0], ID_le, nine_char));
+  and_exprt correct_length2(
+    res.axiom_for_is_strictly_longer_than(0),
+    res.axiom_for_is_strictly_shorter_than(max));
+  implies_exprt a2(is_positive, and_exprt(correct_length2, starts_with_digit));
   axioms.push_back(a2);
 
-  // These are constraints to detect number that requiere the maximum number
-  // of digits
-  exprt smallest_with_max_digits=
-    from_integer(smallest_by_digit(max_size-1), type);
-  binary_relation_exprt big_negative(
-    i, ID_le, unary_minus_exprt(smallest_with_max_digits));
-  binary_relation_exprt big_positive(i, ID_ge, smallest_with_max_digits);
-  or_exprt requieres_max_digits(big_negative, big_positive);
+  implies_exprt a3(
+    and_exprt(res.axiom_for_is_strictly_longer_than(1), starts_with_digit),
+    not_exprt(equal_exprt(res[0], zero_char)));
+  axioms.push_back(a3);
+
+  implies_exprt a4(
+    and_exprt(res.axiom_for_is_strictly_longer_than(1), starts_with_minus),
+    not_exprt(equal_exprt(res[1], zero_char)));
+  axioms.push_back(a4);
+
+  assert(max_size<std::numeric_limits<size_t>::max());
 
   for(size_t size=1; size<=max_size; size++)
   {
     // For each possible size, we add axioms:
-    // all_numbers: forall 1<=i<=size. '0'<=res[i]<='9'
-    // a3 : |res|=size&&'0'<=res[0]<='9' =>
-    //      i=sum+str[0]-'0' &&all_numbers
-    // a4 : |res|=size&&res[0]='-' => i=-sum
-    // a5 : size>1 => |res|=size&&'0'<=res[0]<='9' => res[0]!='0'
-    // a6 : size>1 => |res|=size&&res[0]'-' => res[1]!='0'
-    // a7 : size==max_size => i>1000000000
-    exprt sum=from_integer(0, type);
-    exprt all_numbers=true_exprt();
-    chr=res[0];
-    exprt first_value=typecast_exprt(minus_exprt(chr, zero_char), type);
+    // a5 : forall 1 <= j < size. '0' <= res[j] <= '9' && sum == 10 * (sum/10)
+    // a6 : |res| == size && '0' <= res[0] <= '9' => i == sum
+    // a7 : |res| == size && res[0] == '-' => i == -sum
+
+    exprt::operandst digit_constraints;
+    exprt sum=if_exprt(
+      starts_with_digit,
+      typecast_exprt(minus_exprt(res[0], zero_char), type),
+      from_integer(0, type));
 
     for(size_t j=1; j<size; j++)
     {
-      chr=res[j];
-      sum=plus_exprt(
-        mult_exprt(sum, ten),
-        typecast_exprt(minus_exprt(chr, zero_char), type));
-      first_value=mult_exprt(first_value, ten);
+      mult_exprt ten_sum(sum, ten);
+      // sum = 10 * sum + (res[j] - '0')
+      exprt new_sum=plus_exprt(
+        ten_sum, typecast_exprt(minus_exprt(res[j], zero_char), type));
       and_exprt is_number(
-        binary_relation_exprt(chr, ID_ge, zero_char),
-        binary_relation_exprt(chr, ID_le, nine_char));
-      all_numbers=and_exprt(all_numbers, is_number);
+        binary_relation_exprt(res[j], ID_ge, zero_char),
+        binary_relation_exprt(res[j], ID_le, nine_char));
+      digit_constraints.push_back(is_number);
+
+      if(j>=max_size-1)
+      {
+        // check for overflows if the size is big
+        and_exprt no_overflow(
+          equal_exprt(sum, div_exprt(ten_sum, ten)),
+          binary_relation_exprt(new_sum, ID_ge, ten_sum));
+        digit_constraints.push_back(no_overflow);
+      }
+      sum=new_sum;
     }
 
-    axioms.push_back(all_numbers);
+    exprt a5=conjunction(digit_constraints);
+    axioms.push_back(a5);
 
     equal_exprt premise=res.axiom_for_has_length(size);
-    equal_exprt constr3(i, plus_exprt(sum, first_value));
-    implies_exprt a3(and_exprt(premise, starts_with_digit), constr3);
-    axioms.push_back(a3);
+    implies_exprt a6(
+      and_exprt(premise, starts_with_digit), equal_exprt(i, sum));
+    axioms.push_back(a6);
 
-    implies_exprt a4(
+    implies_exprt a7(
       and_exprt(premise, starts_with_minus),
       equal_exprt(i, unary_minus_exprt(sum)));
-    axioms.push_back(a4);
-
-    // disallow 0s at the beginning
-    if(size>1)
-    {
-      equal_exprt r0_zero(res[zero], zero_char);
-      implies_exprt a5(
-        and_exprt(premise, starts_with_digit),
-        not_exprt(r0_zero));
-      axioms.push_back(a5);
-
-      exprt one=from_integer(1, index_type);
-      equal_exprt r1_zero(res[one], zero_char);
-      implies_exprt a6(
-        and_exprt(premise, starts_with_minus),
-        not_exprt(r1_zero));
-      axioms.push_back(a6);
-    }
-
-    // when the size is close to the maximum, either the number is very big
-    // or it is negative
-    if(size==max_size-1)
-    {
-      implies_exprt a7(premise, or_exprt(requieres_max_digits,
-                                         starts_with_minus));
-      axioms.push_back(a7);
-    }
-    // when we reach the maximal size the number is very big in the negative
-    if(size==max_size)
-    {
-      implies_exprt a7(premise, and_exprt(starts_with_minus, big_negative));
-      axioms.push_back(a7);
-    }
+    axioms.push_back(a7);
   }
+
   return res;
 }
 

From 43e324f39d103c56d0668dd9723ad437c1bd4bbb Mon Sep 17 00:00:00 2001
From: Dario Cattaruzza <dario.cattaruzza@hotmail.com>
Date: Wed, 10 May 2017 09:47:28 +0100
Subject: [PATCH 215/699] Added new friend to bmc to handle refactoring

There are two versions of bmc_cover (one in the private, one in the public repo). This new class will minimize duplicate code by using a templated version instead
---
 src/cbmc/bmc.h | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/cbmc/bmc.h b/src/cbmc/bmc.h
index b81b2d94c38..e923711a47e 100644
--- a/src/cbmc/bmc.h
+++ b/src/cbmc/bmc.h
@@ -110,6 +110,8 @@ class bmct:public safety_checkert
 
   friend class bmc_all_propertiest;
   friend class bmc_covert;
+  template <template <class goalt> class covert>
+  friend class bmc_goal_covert;
   friend class fault_localizationt;
 };
 

From 072ed0f8b10c22512651f0fbd260c238efb453e7 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Thu, 6 Apr 2017 15:25:39 +0100
Subject: [PATCH 216/699] Overhaul of string concretization

This fixes diffblue/test-gen#158

Change the concretization process to avoid calling the solver

We do this by looking at the indexes for which we have concrete value
because they are in the index set and assigning to the others the
value of the next concrete value.
This is more efficient than calling the solver an extra step and avoid
problems because lemmas gets added.

Changing the way arrays are concretized in get_array

This is to be coherent with the way this is done in the concretize
function.

Updating comments and assertion of concretize_string

Refactor concretize_string

Improve the loop in concretize_string and factor out into a pad_vector
function.

Modifications requested by Peter Schrammel
---
 src/solvers/refinement/string_refinement.cpp | 90 +++++++++++++++-----
 src/solvers/refinement/string_refinement.h   | 55 +++++++++++-
 2 files changed, 121 insertions(+), 24 deletions(-)

diff --git a/src/solvers/refinement/string_refinement.cpp b/src/solvers/refinement/string_refinement.cpp
index 6cd090d4b1d..23c7ab7f24a 100644
--- a/src/solvers/refinement/string_refinement.cpp
+++ b/src/solvers/refinement/string_refinement.cpp
@@ -340,7 +340,16 @@ Function: string_refinementt::concretize_string
 
  Purpose: If the expression is of type string, then adds constants
           to the index set to force the solver to pick concrete values
-          for each character, and fill the map `found_length`
+          for each character, and fill the maps `found_length` and
+          `found_content`.
+
+          The way this is done is by looking for the length of the string,
+          then for each `i` in the index set, look at the value found by
+          the solver and put it in the `result` table.
+          For indexes that are not present in the index set, we put the
+          same value as the next index that is present in the index set.
+          We do so by traversing the array backward, remembering the
+          last value that has been initialized.
 
 \*******************************************************************/
 
@@ -357,29 +366,55 @@ void string_refinementt::concretize_string(const exprt &expr)
     if(!to_integer(length, found_length))
     {
       assert(found_length.is_long());
-      if(found_length<0)
-      {
-        // Lengths should not be negative.
-        // TODO: Add constraints no the sign of string lengths.
-        debug() << "concretize_results: WARNING found length is negative"
-                << eom;
-      }
-      else
+      assert(found_length>=0);
+      assert(found_length.to_long()<=generator.max_string_length);
+      size_t concretize_limit=found_length.to_long();
+      exprt content_expr=str.content();
+      std::vector<exprt> result;
+
+      if(index_set[str.content()].empty())
+        return;
+
+      // Use the last index as the default character value
+      exprt last_concretized=simplify_expr(
+        get(str[minus_exprt(length, from_integer(1, length.type()))]), ns);
+      result.resize(concretize_limit, last_concretized);
+
+      // Keep track of the indexes for which we have actual values
+      std::set<size_t> initialized;
+
+      for(const auto &i : index_set[str.content()])
       {
-        size_t concretize_limit=found_length.to_long();
-        assert(concretize_limit<=generator.max_string_length);
-        concretize_limit=concretize_limit>generator.max_string_length?
-              generator.max_string_length:concretize_limit;
-        exprt content_expr=str.content();
-        for(size_t i=0; i<concretize_limit; ++i)
+        mp_integer mp_index;
+        exprt simple_i=simplify_expr(get(i), ns);
+        if(to_integer(simple_i, mp_index) ||
+           mp_index<0 ||
+           mp_index>=concretize_limit)
         {
-          auto i_expr=from_integer(i, str.length().type());
-          debug() << "Concretizing " << from_expr(content_expr)
-                  << " / " << i << eom;
-          current_index_set[str.content()].insert(i_expr);
-          index_set[str.content()].insert(i_expr);
+          debug() << "concretize_string: ignoring out of bound index: "
+                  << from_expr(simple_i) << eom;
+        }
+        else
+        {
+          // Add an entry in the result vector
+          size_t index=mp_index.to_long();
+          exprt str_i=simplify_expr(str[simple_i], ns);
+          exprt value=simplify_expr(get(str_i), ns);
+          result[index]=value;
+          initialized.insert(index);
         }
       }
+
+      // Pad the concretized values to the left to assign the uninitialized
+      // values of result. The indices greater than concretize_limit are
+      // already assigned to last_concretized.
+      pad_vector(result, initialized, last_concretized);
+
+      array_exprt arr(to_array_type(content.type()));
+      arr.operands()=result;
+      debug() << "Concretized " << from_expr(content_expr)
+              << " = " << from_expr(arr) << eom;
+      found_content[content]=arr;
     }
   }
 }
@@ -574,6 +609,9 @@ decision_proceduret::resultt string_refinementt::dec_solve()
     }
   }
 
+  found_length.clear();
+  found_content.clear();
+
   initial_index_set(universal_axioms);
   update_index_set(cur);
   cur.clear();
@@ -613,7 +651,7 @@ decision_proceduret::resultt string_refinementt::dec_solve()
         if(do_concretizing)
         {
           concretize_results();
-          do_concretizing=false;
+          return D_SATISFIABLE;
         }
         else
         {
@@ -769,6 +807,7 @@ exprt string_refinementt::get_array(const exprt &arr, const exprt &size) const
 
   if(arr_val.id()=="array-list")
   {
+    std::set<unsigned> initialized;
     for(size_t i=0; i<arr_val.operands().size()/2; i++)
     {
       exprt index=arr_val.operands()[i*2];
@@ -779,9 +818,14 @@ exprt string_refinementt::get_array(const exprt &arr, const exprt &size) const
         {
           exprt value=arr_val.operands()[i*2+1];
           to_unsigned_integer(to_constant_expr(value), concrete_array[idx]);
+          initialized.insert(idx);
         }
       }
     }
+
+    // Pad the concretized values to the left to assign the uninitialized
+    // values of result.
+    pad_vector(concrete_array, initialized, concrete_array[n-1]);
   }
   else if(arr_val.id()==ID_array)
   {
@@ -1803,6 +1847,10 @@ exprt string_refinementt::get(const exprt &expr) const
   replace_expr(symbol_resolve, ecopy);
   if(is_char_array(ecopy.type()))
   {
+    auto it_content=found_content.find(ecopy);
+    if(it_content!=found_content.end())
+      return it_content->second;
+
     auto it=found_length.find(ecopy);
     if(it!=found_length.end())
       return get_array(ecopy, it->second);
diff --git a/src/solvers/refinement/string_refinement.h b/src/solvers/refinement/string_refinement.h
index 83f913d5ba9..c88675c95d8 100644
--- a/src/solvers/refinement/string_refinement.h
+++ b/src/solvers/refinement/string_refinement.h
@@ -90,6 +90,11 @@ class string_refinementt: public bv_refinementt
   // by the solver
   replace_mapt current_model;
 
+  // Length of char arrays found during concretization
+  std::map<exprt, exprt> found_length;
+  // Content of char arrays found during concretization
+  std::map<exprt, array_exprt> found_content;
+
   void add_equivalence(const irep_idt & lhs, const exprt & rhs);
 
   void display_index_set();
@@ -138,18 +143,62 @@ class string_refinementt: public bv_refinementt
     std::map<exprt, int> &m, const typet &type, bool negated=false) const;
 
   exprt simplify_sum(const exprt &f) const;
+  template <typename T1, typename T2>
+  void pad_vector(
+    std::vector<T1> &result,
+    std::set<T2> &initialized,
+    T1 last_concretized) const;
 
   void concretize_string(const exprt &expr);
   void concretize_results();
   void concretize_lengths();
 
-  // Length of char arrays found during concretization
-  std::map<exprt, exprt> found_length;
-
   exprt get_array(const exprt &arr, const exprt &size) const;
   exprt get_array(const exprt &arr) const;
 
   std::string string_of_array(const array_exprt &arr);
 };
 
+/*******************************************************************\
+
+Function: string_refinementt::pad_vector
+
+  Inputs:
+    concrete_array - the vector to populate
+    initialized - the vector containing the indices of the
+                  concretized values
+    last_concretized - initial value of the last concretized index
+
+ Purpose: Utility function for concretization of strings. Copies
+          concretized values to the left to initialize the
+          unconcretized indices of concrete_array.
+
+\*******************************************************************/
+
+template <typename T1, typename T2>
+void string_refinementt::pad_vector(
+  std::vector<T1> &concrete_array,
+  std::set<T2> &initialized,
+  T1 last_concretized) const
+{
+  // Pad the concretized values to the left to assign the uninitialized
+  // values of result. The indices greater than concretize_limit are
+  // already assigned to last_concretized.
+  for(auto j=initialized.rbegin(); j!=initialized.rend();)
+  {
+    size_t i=*j;
+    // The leftmost index to pad is the value + 1 of the next element in
+    // 'initialized'. Since we cannot use the binary '+' operator on set
+    // iterators, we must increment the iterator here instead of in the
+    // for loop.
+    j++;
+    size_t leftmost_index_to_pad=(j!=initialized.rend()?*(j)+1:0);
+    // pad until we reach the next initialized index (right to left)
+    while(i>leftmost_index_to_pad)
+      concrete_array[(i--)-1]=last_concretized;
+    assert(i==leftmost_index_to_pad);
+    if(i>0)
+      last_concretized=concrete_array[i-1];
+  }
+}
 #endif

From 0e5a54e972332ec60e0b6936f3d55495e186dbf4 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Mon, 10 Apr 2017 11:03:45 +0100
Subject: [PATCH 217/699] Avoid initializing the index set if not needed
 diffblue/test-gen#199

This can improve performances when strings are not important
---
 src/solvers/refinement/string_refinement.cpp | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/src/solvers/refinement/string_refinement.cpp b/src/solvers/refinement/string_refinement.cpp
index 23c7ab7f24a..cdd36175296 100644
--- a/src/solvers/refinement/string_refinement.cpp
+++ b/src/solvers/refinement/string_refinement.cpp
@@ -612,6 +612,22 @@ decision_proceduret::resultt string_refinementt::dec_solve()
   found_length.clear();
   found_content.clear();
 
+  // Initial try without index set
+  decision_proceduret::resultt res=supert::dec_solve();
+  if(res==D_SATISFIABLE)
+  {
+    if(!check_axioms())
+    {
+      debug() << "check_SAT: got SAT but the model is not correct" << eom;
+    }
+    else
+    {
+      debug() << "check_SAT: the model is correct" << eom;
+      concretize_lengths();
+      return D_SATISFIABLE;
+    }
+  }
+
   initial_index_set(universal_axioms);
   update_index_set(cur);
   cur.clear();

From 1162377691a8ad00590a8aa5f3080606445798e5 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Fri, 7 Apr 2017 13:38:45 +0100
Subject: [PATCH 218/699] Specification for contains in the case of a constant
 argument diffblue/test-gen#159

We now have a special way of dealing with contains in the case the
argument is a constant, which seems to be much more efficient.
---
 .../refinement/string_constraint_generator.h  |   3 +
 .../string_constraint_generator_testing.cpp   | 125 ++++++++++++++----
 2 files changed, 102 insertions(+), 26 deletions(-)

diff --git a/src/solvers/refinement/string_constraint_generator.h b/src/solvers/refinement/string_constraint_generator.h
index 163adc5aab7..525f0fee3d7 100644
--- a/src/solvers/refinement/string_constraint_generator.h
+++ b/src/solvers/refinement/string_constraint_generator.h
@@ -305,11 +305,14 @@ class string_constraint_generatort
     return args;
   }
 
+private:
+  // Helper functions
   exprt int_of_hex_char(const exprt &chr) const;
   exprt is_high_surrogate(const exprt &chr) const;
   exprt is_low_surrogate(const exprt &chr) const;
   exprt character_equals_ignore_case(
     exprt char1, exprt char2, exprt char_a, exprt char_A, exprt char_Z);
+  bool is_constant_string(const string_exprt &expr) const;
 };
 
 #endif
diff --git a/src/solvers/refinement/string_constraint_generator_testing.cpp b/src/solvers/refinement/string_constraint_generator_testing.cpp
index 2a08b021070..55a6f45f4f7 100644
--- a/src/solvers/refinement/string_constraint_generator_testing.cpp
+++ b/src/solvers/refinement/string_constraint_generator_testing.cpp
@@ -192,6 +192,35 @@ exprt string_constraint_generatort::add_axioms_for_is_suffix(
 
 /*******************************************************************\
 
+Function: string_constraint_generatort::is_constant_string
+
+  Inputs:
+    expr - a string expression
+
+ Outputs: a Boolean
+
+ Purpose: tells whether the given string is a constant
+
+\*******************************************************************/
+
+bool string_constraint_generatort::is_constant_string(
+  const string_exprt &expr) const
+{
+  if(expr.id()!=ID_struct ||
+     expr.operands().size()!=2 ||
+     expr.length().id()!=ID_constant ||
+     expr.content().id()!=ID_array)
+    return false;
+  for(const auto &element : expr.content().operands())
+  {
+    if(element.id()!=ID_constant)
+      return false;
+  }
+  return true;
+}
+
+/*******************************************************************\
+
 Function: string_constraint_generatort::add_axioms_for_contains
 
   Inputs: function application with two string arguments
@@ -206,46 +235,90 @@ exprt string_constraint_generatort::add_axioms_for_contains(
   const function_application_exprt &f)
 {
   assert(f.type()==bool_typet() || f.type().id()==ID_c_bool);
-  symbol_exprt contains=fresh_boolean("contains");
-  typecast_exprt tc_contains(contains, f.type());
   string_exprt s0=get_string_expr(args(f, 2)[0]);
   string_exprt s1=get_string_expr(args(f, 2)[1]);
+  bool constant=is_constant_string(s1);
+
+  symbol_exprt contains=fresh_boolean("contains");
   const refined_string_typet ref_type=to_refined_string_type(s0.type());
   const typet &index_type=ref_type.get_index_type();
 
   // We add axioms:
-  // a1 : contains => s0.length >= s1.length
-  // a2 : 0 <= startpos <= s0.length-s1.length
-  // a3 : forall qvar<s1.length. contains => s1[qvar]=s0[startpos + qvar]
-  // a4 : !contains => s1.length > s0.length
-  //       || (forall startpos <= s0.length-s1.length.
-  //             exists witness<s1.length &&s1[witness]!=s0[witness + startpos]
+  // a1 : contains ==> |s0| >= |s1|
+  // a2 : 0 <= startpos <= |s0|-|s1|
+  // a3 : forall qvar < |s1|. contains ==> s1[qvar] = s0[startpos + qvar]
+  // a4 : !contains ==> |s1| > |s0| ||
+  //      (forall startpos <= |s0| - |s1|.
+  //         exists witness < |s1|. s1[witness] != s0[witness + startpos])
 
   implies_exprt a1(contains, s0.axiom_for_is_longer_than(s1));
   axioms.push_back(a1);
 
   symbol_exprt startpos=fresh_exist_index("startpos_contains", index_type);
   minus_exprt length_diff(s0.length(), s1.length());
-  and_exprt a2(
+  and_exprt bounds(
     axiom_for_is_positive_index(startpos),
     binary_relation_exprt(startpos, ID_le, length_diff));
+  implies_exprt a2(contains, bounds);
   axioms.push_back(a2);
 
-  symbol_exprt qvar=fresh_univ_index("QA_contains", index_type);
-  exprt qvar_shifted=plus_exprt(qvar, startpos);
-  string_constraintt a3(
-    qvar, s1.length(), contains, equal_exprt(s1[qvar], s0[qvar_shifted]));
-  axioms.push_back(a3);
-
-  // We rewrite the axiom for !contains as:
-  // forall startpos <= |s0|-|s1|.  (!contains &&|s0| >= |s1| )
-  //      ==> exists witness<|s1|. s1[witness]!=s0[startpos+witness]
-  string_not_contains_constraintt a4(
-    from_integer(0, index_type),
-    plus_exprt(from_integer(1, index_type), length_diff),
-    and_exprt(not_exprt(contains), s0.axiom_for_is_longer_than(s1)),
-    from_integer(0, index_type), s1.length(), s0, s1);
-  axioms.push_back(a4);
-
-  return tc_contains;
+  if(constant)
+  {
+    // If the string is constant, we can use a more efficient axiom for a3:
+    // contains ==> AND_{i < |s1|} s1[i] = s0[startpos + i]
+    mp_integer s1_length;
+    assert(!to_integer(s1.length(), s1_length));
+    exprt::operandst conjuncts;
+    for(mp_integer i=0; i<s1_length; ++i)
+    {
+      exprt expr_i=from_integer(i, index_type);
+      plus_exprt shifted_i(expr_i, startpos);
+      conjuncts.push_back(equal_exprt(s1[expr_i], s0[shifted_i]));
+    }
+    implies_exprt a3(contains, conjunction(conjuncts));
+    axioms.push_back(a3);
+
+    // The a4 constraint for constant strings translates to:
+    // !contains ==> |s1| > |s0| ||
+    //               (forall qvar <= |s0| - |s1|.
+    //                 !(AND_{i < |s1|} s1[i] == s0[i + qvar])
+    //
+    // which we implement as:
+    // forall qvar <= |s0| - |s1|.  (!contains && |s0| >= |s1|)
+    //     ==> !(AND_{i < |s1|} (s1[i] == s0[qvar+i]))
+    symbol_exprt qvar=fresh_univ_index("QA_contains_constant", index_type);
+    exprt::operandst conjuncts1;
+    for(mp_integer i=0; i<s1_length; ++i)
+    {
+      exprt expr_i=from_integer(i, index_type);
+      plus_exprt shifted_i(expr_i, qvar);
+      conjuncts1.push_back(equal_exprt(s1[expr_i], s0[shifted_i]));
+    }
+
+    string_constraintt a4(
+      qvar,
+      plus_exprt(from_integer(1, index_type), length_diff),
+      and_exprt(not_exprt(contains), s0.axiom_for_is_longer_than(s1)),
+      not_exprt(conjunction(conjuncts1)));
+    axioms.push_back(a4);
+  }
+  else
+  {
+    symbol_exprt qvar=fresh_univ_index("QA_contains", index_type);
+    exprt qvar_shifted=plus_exprt(qvar, startpos);
+    string_constraintt a3(
+      qvar, s1.length(), contains, equal_exprt(s1[qvar], s0[qvar_shifted]));
+    axioms.push_back(a3);
+
+    // We rewrite axiom a4 as:
+    // forall startpos <= |s0|-|s1|.  (!contains && |s0| >= |s1|)
+    //     ==> exists witness < |s1|. s1[witness] != s0[startpos+witness]
+    string_not_contains_constraintt a4(
+      from_integer(0, index_type),
+      plus_exprt(from_integer(1, index_type), length_diff),
+      and_exprt(not_exprt(contains), s0.axiom_for_is_longer_than(s1)),
+      from_integer(0, index_type), s1.length(), s0, s1);
+    axioms.push_back(a4);
+  }
+  return typecast_exprt(contains, f.type());
 }

From 44c96ebda35d3e9a526705421b964b2c313e3a2c Mon Sep 17 00:00:00 2001
From: reuk <reuk@users.noreply.github.com>
Date: Wed, 26 Apr 2017 12:50:01 +0100
Subject: [PATCH 219/699] Build cleanly without globally disabling warnings

Disabling warnings globally by setting 'Wno-deprecated-register' and
'Wno-sign-compare' in CXXFLAGS will silence these errors, even in new
code. It's better to use `pragma`-based warning suppression, so that
warnings are only disabled in locations that won't or can't be fixed.
Likewise, rather than filtering 'Wpedantic' from CXXFLAGS when building
some of the solvers, it's better to disable warnings just on the
problematic headers.
---
 scripts/minisat-2.2.1-patch           | 101 +++++++++++++++-----------
 src/ansi-c/expr2c.cpp                 |   6 ++
 src/ansi-c/library/jsa.h              |  15 ++++
 src/ansi-c/scanner.l                  |   4 +
 src/assembler/scanner.l               |   4 +
 src/jsil/scanner.l                    |   4 +
 src/json/scanner.l                    |   5 ++
 src/memory-models/scanner.l           |   4 +
 src/path-symex/locs.h                 |   6 ++
 src/solvers/Makefile                  |   2 -
 src/util/pragma_pop                   |   7 ++
 src/util/pragma_push                  |   7 ++
 src/util/pragma_wdeprecated_register  |   5 ++
 src/util/pragma_wnull_conversion      |   5 ++
 src/util/pragma_wpedantic             |   6 ++
 src/util/pragma_wsign_compare         |   7 ++
 src/util/pragma_wtautological_compare |   5 ++
 src/util/pragma_wzero_length_array    |   6 ++
 src/xmllang/scanner.l                 |   4 +
 19 files changed, 160 insertions(+), 43 deletions(-)
 create mode 100644 src/util/pragma_pop
 create mode 100644 src/util/pragma_push
 create mode 100644 src/util/pragma_wdeprecated_register
 create mode 100644 src/util/pragma_wnull_conversion
 create mode 100644 src/util/pragma_wpedantic
 create mode 100644 src/util/pragma_wsign_compare
 create mode 100644 src/util/pragma_wtautological_compare
 create mode 100644 src/util/pragma_wzero_length_array

diff --git a/scripts/minisat-2.2.1-patch b/scripts/minisat-2.2.1-patch
index f00ea308d59..fcbdbb818a1 100644
--- a/scripts/minisat-2.2.1-patch
+++ b/scripts/minisat-2.2.1-patch
@@ -1,7 +1,8 @@
-diff -urN minisat-2.2.1/minisat/core/Solver.cc minisat-2.2.1.patched/minisat/core/Solver.cc
---- minisat-2.2.1/minisat/core/Solver.cc	2011-02-21 13:31:17.000000000 +0000
-+++ minisat-2.2.1.patched/minisat/core/Solver.cc	2016-03-05 16:21:17.000000000 +0000
-@@ -210,7 +210,7 @@
+diff --git a/minisat/core/Solver.cc b/minisat/core/Solver.cc
+index 501393d..b450b73 100644
+--- a/minisat/core/Solver.cc
++++ b/minisat/core/Solver.cc
+@@ -210,7 +210,7 @@ void Solver::cancelUntil(int level) {
          for (int c = trail.size()-1; c >= trail_lim[level]; c--){
              Var      x  = var(trail[c]);
              assigns [x] = l_Undef;
@@ -10,7 +11,7 @@ diff -urN minisat-2.2.1/minisat/core/Solver.cc minisat-2.2.1.patched/minisat/cor
                  polarity[x] = sign(trail[c]);
              insertVarOrder(x); }
          qhead = trail_lim[level];
-@@ -666,7 +666,7 @@
+@@ -666,7 +666,7 @@ lbool Solver::search(int nof_conflicts)
  
          }else{
              // NO CONFLICT
@@ -19,10 +20,11 @@ diff -urN minisat-2.2.1/minisat/core/Solver.cc minisat-2.2.1.patched/minisat/cor
                  // Reached bound on number of conflicts:
                  progress_estimate = progressEstimate();
                  cancelUntil(0);
-diff -urN minisat-2.2.1/minisat/core/SolverTypes.h minisat-2.2.1.patched/minisat/core/SolverTypes.h
---- minisat-2.2.1/minisat/core/SolverTypes.h	2011-02-21 13:31:17.000000000 +0000
-+++ minisat-2.2.1.patched/minisat/core/SolverTypes.h	2016-03-05 16:29:42.000000000 +0000
-@@ -47,7 +47,7 @@
+diff --git a/minisat/core/SolverTypes.h b/minisat/core/SolverTypes.h
+index 4757b20..c3fae2b 100644
+--- a/minisat/core/SolverTypes.h
++++ b/minisat/core/SolverTypes.h
+@@ -47,7 +47,7 @@ struct Lit {
      int     x;
  
      // Use this as a constructor:
@@ -31,7 +33,7 @@ diff -urN minisat-2.2.1/minisat/core/SolverTypes.h minisat-2.2.1.patched/minisat
  
      bool operator == (Lit p) const { return x == p.x; }
      bool operator != (Lit p) const { return x != p.x; }
-@@ -55,7 +55,7 @@
+@@ -55,7 +55,7 @@ struct Lit {
  };
  
  
@@ -40,7 +42,18 @@ diff -urN minisat-2.2.1/minisat/core/SolverTypes.h minisat-2.2.1.patched/minisat
  inline  Lit  operator ~(Lit p)              { Lit q; q.x = p.x ^ 1; return q; }
  inline  Lit  operator ^(Lit p, bool b)      { Lit q; q.x = p.x ^ (unsigned int)b; return q; }
  inline  bool sign      (Lit p)              { return p.x & 1; }
-@@ -142,11 +142,12 @@
+@@ -127,7 +127,10 @@ class Clause {
+         unsigned has_extra : 1;
+         unsigned reloced   : 1;
+         unsigned size      : 27; }                        header;
++#include <util/pragma_push>
++#include <util/pragma_wzero_length_array>
+     union { Lit lit; float act; uint32_t abs; CRef rel; } data[0];
++#include <util/pragma_pop>
+ 
+     friend class ClauseAllocator;
+ 
+@@ -142,11 +145,12 @@ class Clause {
          for (int i = 0; i < ps.size(); i++) 
              data[i].lit = ps[i];
  
@@ -54,7 +67,7 @@ diff -urN minisat-2.2.1/minisat/core/SolverTypes.h minisat-2.2.1.patched/minisat
      }
  
      // NOTE: This constructor cannot be used directly (doesn't allocate enough memory).
-@@ -157,11 +158,12 @@
+@@ -157,11 +161,12 @@ class Clause {
          for (int i = 0; i < from.size(); i++)
              data[i].lit = from[i];
  
@@ -68,10 +81,11 @@ diff -urN minisat-2.2.1/minisat/core/SolverTypes.h minisat-2.2.1.patched/minisat
      }
  
  public:
-diff -urN minisat-2.2.1/minisat/mtl/IntTypes.h minisat-2.2.1.patched/minisat/mtl/IntTypes.h
---- minisat-2.2.1/minisat/mtl/IntTypes.h	2011-02-21 13:31:17.000000000 +0000
-+++ minisat-2.2.1.patched/minisat/mtl/IntTypes.h	2016-03-05 16:21:17.000000000 +0000
-@@ -31,7 +31,9 @@
+diff --git a/minisat/mtl/IntTypes.h b/minisat/mtl/IntTypes.h
+index c488162..e8e24bd 100644
+--- a/minisat/mtl/IntTypes.h
++++ b/minisat/mtl/IntTypes.h
+@@ -31,7 +31,9 @@ OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWA
  #else
  
  #   include <stdint.h>
@@ -81,10 +95,11 @@ diff -urN minisat-2.2.1/minisat/mtl/IntTypes.h minisat-2.2.1.patched/minisat/mtl
  
  #endif
  
-diff -urN minisat-2.2.1/minisat/mtl/Vec.h minisat-2.2.1.patched/minisat/mtl/Vec.h
---- minisat-2.2.1/minisat/mtl/Vec.h	2011-02-21 13:31:17.000000000 +0000
-+++ minisat-2.2.1.patched/minisat/mtl/Vec.h	2016-03-05 16:21:17.000000000 +0000
-@@ -96,7 +96,7 @@
+diff --git a/minisat/mtl/Vec.h b/minisat/mtl/Vec.h
+index b225911..d46e169 100644
+--- a/minisat/mtl/Vec.h
++++ b/minisat/mtl/Vec.h
+@@ -96,7 +96,7 @@ template<class T>
  void vec<T>::capacity(int min_cap) {
      if (cap >= min_cap) return;
      int add = imax((min_cap - cap + 1) & ~1, ((cap >> 1) + 2) & ~1);   // NOTE: grow by approximately 3/2
@@ -93,10 +108,11 @@ diff -urN minisat-2.2.1/minisat/mtl/Vec.h minisat-2.2.1.patched/minisat/mtl/Vec.
          throw OutOfMemoryException();
   }
  
-diff -urN minisat-2.2.1/minisat/simp/SimpSolver.cc minisat-2.2.1.patched/minisat/simp/SimpSolver.cc
---- minisat-2.2.1/minisat/simp/SimpSolver.cc	2011-02-21 13:31:17.000000000 +0000
-+++ minisat-2.2.1.patched/minisat/simp/SimpSolver.cc	2016-03-05 16:21:17.000000000 +0000
-@@ -130,8 +130,6 @@
+diff --git a/minisat/simp/SimpSolver.cc b/minisat/simp/SimpSolver.cc
+index 1d219a3..5ccdb67 100644
+--- a/minisat/simp/SimpSolver.cc
++++ b/minisat/simp/SimpSolver.cc
+@@ -130,8 +130,6 @@ lbool SimpSolver::solve_(bool do_simp, bool turn_off_simp)
      return result;
  }
  
@@ -105,7 +121,7 @@ diff -urN minisat-2.2.1/minisat/simp/SimpSolver.cc minisat-2.2.1.patched/minisat
  bool SimpSolver::addClause_(vec<Lit>& ps)
  {
  #ifndef NDEBUG
-@@ -227,10 +225,12 @@
+@@ -227,10 +225,12 @@ bool SimpSolver::merge(const Clause& _ps, const Clause& _qs, Var v, vec<Lit>& ou
          if (var(qs[i]) != v){
              for (int j = 0; j < ps.size(); j++)
                  if (var(ps[j]) == var(qs[i]))
@@ -118,7 +134,7 @@ diff -urN minisat-2.2.1/minisat/simp/SimpSolver.cc minisat-2.2.1.patched/minisat
              out_clause.push(qs[i]);
          }
          next:;
-@@ -261,10 +261,12 @@
+@@ -261,10 +261,12 @@ bool SimpSolver::merge(const Clause& _ps, const Clause& _qs, Var v, int& size)
          if (var(__qs[i]) != v){
              for (int j = 0; j < ps.size(); j++)
                  if (var(__ps[j]) == var(__qs[i]))
@@ -131,10 +147,11 @@ diff -urN minisat-2.2.1/minisat/simp/SimpSolver.cc minisat-2.2.1.patched/minisat
              size++;
          }
          next:;
-diff -urN minisat-2.2.1/minisat/utils/Options.h minisat-2.2.1.patched/minisat/utils/Options.h
---- minisat-2.2.1/minisat/utils/Options.h	2011-02-21 13:31:17.000000000 +0000
-+++ minisat-2.2.1.patched/minisat/utils/Options.h	2016-03-05 16:21:17.000000000 +0000
-@@ -60,7 +60,7 @@
+diff --git a/minisat/utils/Options.h b/minisat/utils/Options.h
+index 2dba10f..7d2e83a 100644
+--- a/minisat/utils/Options.h
++++ b/minisat/utils/Options.h
+@@ -60,7 +60,7 @@ class Option
      struct OptionLt {
          bool operator()(const Option* x, const Option* y) {
              int test1 = strcmp(x->category, y->category);
@@ -143,7 +160,7 @@ diff -urN minisat-2.2.1/minisat/utils/Options.h minisat-2.2.1.patched/minisat/ut
          }
      };
  
-@@ -282,15 +282,15 @@
+@@ -282,15 +282,15 @@ class Int64Option : public Option
          if (range.begin == INT64_MIN)
              fprintf(stderr, "imin");
          else
@@ -162,10 +179,11 @@ diff -urN minisat-2.2.1/minisat/utils/Options.h minisat-2.2.1.patched/minisat/ut
          if (verbose){
              fprintf(stderr, "\n        %s\n", description);
              fprintf(stderr, "\n");
-diff -urN minisat-2.2.1/minisat/utils/ParseUtils.h minisat-2.2.1.patched/minisat/utils/ParseUtils.h
---- minisat-2.2.1/minisat/utils/ParseUtils.h	2011-02-21 13:31:17.000000000 +0000
-+++ minisat-2.2.1.patched/minisat/utils/ParseUtils.h	2016-03-05 16:21:17.000000000 +0000
-@@ -24,7 +24,7 @@
+diff --git a/minisat/utils/ParseUtils.h b/minisat/utils/ParseUtils.h
+index d307164..7b46f09 100644
+--- a/minisat/utils/ParseUtils.h
++++ b/minisat/utils/ParseUtils.h
+@@ -24,7 +24,7 @@ OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWA
  #include <stdlib.h>
  #include <stdio.h>
  
@@ -174,7 +192,7 @@ diff -urN minisat-2.2.1/minisat/utils/ParseUtils.h minisat-2.2.1.patched/minisat
  
  namespace Minisat {
  
-@@ -35,7 +35,7 @@
+@@ -35,7 +35,7 @@ static const int buffer_size = 1048576;
  
  
  class StreamBuffer {
@@ -183,7 +201,7 @@ diff -urN minisat-2.2.1/minisat/utils/ParseUtils.h minisat-2.2.1.patched/minisat
      unsigned char buf[buffer_size];
      int           pos;
      int           size;
-@@ -43,10 +43,10 @@
+@@ -43,10 +43,10 @@ class StreamBuffer {
      void assureLookahead() {
          if (pos >= size) {
              pos  = 0;
@@ -196,10 +214,11 @@ diff -urN minisat-2.2.1/minisat/utils/ParseUtils.h minisat-2.2.1.patched/minisat
  
      int  operator *  () const { return (pos >= size) ? EOF : buf[pos]; }
      void operator ++ ()       { pos++; assureLookahead(); }
-diff -urN minisat-2.2.1/minisat/utils/System.h minisat-2.2.1.patched/minisat/utils/System.h
---- minisat-2.2.1/minisat/utils/System.h	2017-02-21 18:23:22.727464369 +0000
-+++ minisat-2.2.1.patched/minisat/utils/System.h	2017-02-21 18:23:14.451343361 +0000
-@@ -21,7 +21,7 @@
+diff --git a/minisat/utils/System.h b/minisat/utils/System.h
+index 9cbbc51..27b9700 100644
+--- a/minisat/utils/System.h
++++ b/minisat/utils/System.h
+@@ -21,7 +21,7 @@ OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWA
  #ifndef Minisat_System_h
  #define Minisat_System_h
  
diff --git a/src/ansi-c/expr2c.cpp b/src/ansi-c/expr2c.cpp
index b35b5010608..f2b20bc2ded 100644
--- a/src/ansi-c/expr2c.cpp
+++ b/src/ansi-c/expr2c.cpp
@@ -3630,7 +3630,10 @@ std::string expr2ct::convert_code_block(
   const code_blockt &src,
   unsigned indent)
 {
+#include <util/pragma_push>
+#include <util/pragma_wtautological_compare>
   assert(indent>=0);
+#include <util/pragma_pop>
   std::string dest=indent_str(indent);
   dest+="{\n";
 
@@ -3666,7 +3669,10 @@ std::string expr2ct::convert_code_decl_block(
   const codet &src,
   unsigned indent)
 {
+#include <util/pragma_push> // NOLINT(build/include)
+#include <util/pragma_wtautological_compare> // NOLINT(build/include)
   assert(indent>=0);
+#include <util/pragma_pop> // NOLINT(build/include)
   std::string dest;
 
   forall_operands(it, src)
diff --git a/src/ansi-c/library/jsa.h b/src/ansi-c/library/jsa.h
index c7b7400426e..51aa196c5c9 100644
--- a/src/ansi-c/library/jsa.h
+++ b/src/ansi-c/library/jsa.h
@@ -188,7 +188,10 @@ __CPROVER_jsa_inline _Bool __CPROVER_jsa__internal_are_heaps_equal(
   const __CPROVER_jsa_abstract_heapt *const rhs)
 {
   __CPROVER_jsa__internal_index_t i;
+#include <util/pragma_push>
+#include <util/pragma_wtautological_compare>
   for(i=0; i < __CPROVER_JSA_MAX_ABSTRACT_NODES; ++i)
+#include <util/pragma_pop>
   {
     const __CPROVER_jsa_abstract_nodet lhs_node=lhs->abstract_nodes[i];
     const __CPROVER_jsa_abstract_nodet rhs_node=rhs->abstract_nodes[i];
@@ -198,7 +201,10 @@ __CPROVER_jsa_inline _Bool __CPROVER_jsa__internal_are_heaps_equal(
        lhs_node.value_ref!=rhs_node.value_ref)
       return false;
   }
+#include <util/pragma_push> // NOLINT(build/include)
+#include <util/pragma_wtautological_compare> // NOLINT(build/include)
   for(i=0; i < __CPROVER_JSA_MAX_ABSTRACT_RANGES; ++i)
+#include <util/pragma_pop> // NOLINT(build/include)
   {
     const __CPROVER_jsa_abstract_ranget lhs_range=lhs->abstract_ranges[i];
     const __CPROVER_jsa_abstract_ranget rhs_range=rhs->abstract_ranges[i];
@@ -592,9 +598,12 @@ __CPROVER_jsa_inline void __CPROVER_jsa_assume_valid_heap(
       __CPROVER_jsa__internal_assume_linking_correct(h, cnode, prev, nxt);
     }
   }
+#include <util/pragma_push> // NOLINT(build/include)
+#include <util/pragma_wtautological_compare> // NOLINT(build/include)
   for(__CPROVER_jsa__internal_index_t anode=0;
       anode<__CPROVER_JSA_MAX_ABSTRACT_NODES;
       ++anode)
+#include <util/pragma_pop> // NOLINT(build/include)
   {
     const __CPROVER_jsa_id_t nxt=h->abstract_nodes[anode].next;
     __CPROVER_jsa_assume(__CPROVER_jsa__internal_is_valid_node_id(nxt));
@@ -604,9 +613,12 @@ __CPROVER_jsa_inline void __CPROVER_jsa_assume_valid_heap(
       __CPROVER_jsa__internal_get_abstract_node_id(anode);
     __CPROVER_jsa__internal_assume_linking_correct(h, nid, prev, nxt);
   }
+#include <util/pragma_push> // NOLINT(build/include)
+#include <util/pragma_wtautological_compare> // NOLINT(build/include)
   for(__CPROVER_jsa__internal_index_t range=0;
       range<__CPROVER_JSA_MAX_ABSTRACT_RANGES;
       ++range)
+#include <util/pragma_pop> // NOLINT(build/include)
   {
     const __CPROVER_jsa_abstract_ranget r=h->abstract_ranges[range];
     __CPROVER_jsa_assume(r.size >= 1);
@@ -653,9 +665,12 @@ __CPROVER_jsa_inline void __CPROVER_jsa_assume_valid_heap(
         ++cnodec)
       if(h->concrete_nodes[cnodec].list == listc)
         ++count;
+#include <util/pragma_push> // NOLINT(build/include)
+#include <util/pragma_wtautological_compare> // NOLINT(build/include)
     for(__CPROVER_jsa__internal_index_t anodec=0;
         anodec<__CPROVER_JSA_MAX_ABSTRACT_NODES;
         ++anodec)
+#include <util/pragma_pop> // NOLINT(build/include)
       if(h->abstract_nodes[anodec].list==listc)
         ++count;
     __CPROVER_jsa_assume(count<=__CPROVER_JSA_MAX_NODES_PER_CE_LIST);
diff --git a/src/ansi-c/scanner.l b/src/ansi-c/scanner.l
index f1a4adeef56..0c0a86ce97e 100644
--- a/src/ansi-c/scanner.l
+++ b/src/ansi-c/scanner.l
@@ -164,6 +164,10 @@ int cpp_operator(int token)
   }
 }
 
+#include <util/pragma_wsign_compare>
+#include <util/pragma_wnull_conversion>
+#include <util/pragma_wdeprecated_register>
+
 /*** macros for easier rule definition **********************************/
 %}
 
diff --git a/src/assembler/scanner.l b/src/assembler/scanner.l
index 1ae46542e02..0130f46ae3a 100644
--- a/src/assembler/scanner.l
+++ b/src/assembler/scanner.l
@@ -15,6 +15,10 @@ static int isatty(int) { return 0; }
 
 #include "assembler_parser.h"
 
+#include <util/pragma_wsign_compare>
+#include <util/pragma_wnull_conversion>
+#include <util/pragma_wdeprecated_register>
+
 /*** macros for easier rule definition **********************************/
 %}
 
diff --git a/src/jsil/scanner.l b/src/jsil/scanner.l
index 4a7adb29b15..f2dafc1ee48 100644
--- a/src/jsil/scanner.l
+++ b/src/jsil/scanner.l
@@ -36,6 +36,10 @@ static int make_identifier()
   return TOK_IDENTIFIER;
 }
 
+#include <util/pragma_wsign_compare>
+#include <util/pragma_wnull_conversion>
+#include <util/pragma_wdeprecated_register>
+
 %}
 
 delimiter       [ \t\b\r]
diff --git a/src/json/scanner.l b/src/json/scanner.l
index ee2435559e4..1eacf6ab55d 100644
--- a/src/json/scanner.l
+++ b/src/json/scanner.l
@@ -18,6 +18,11 @@ static int isatty(int) { return 0; }
 
 #include "json_parser.h"
 #include "json_y.tab.h"
+
+#include <util/pragma_wsign_compare>
+#include <util/pragma_wnull_conversion>
+#include <util/pragma_wdeprecated_register>
+
 %}
 
 string  \"\"|\"{chars}\"
diff --git a/src/memory-models/scanner.l b/src/memory-models/scanner.l
index fcacfdcb14f..b222a813bff 100644
--- a/src/memory-models/scanner.l
+++ b/src/memory-models/scanner.l
@@ -19,6 +19,10 @@ static int isatty(int) { return 0; }
 
 unsigned comment_nesting;
 
+#include <util/pragma_wsign_compare>
+#include <util/pragma_wnull_conversion>
+#include <util/pragma_wdeprecated_register>
+
 %}
 
 %x GRAMMAR
diff --git a/src/path-symex/locs.h b/src/path-symex/locs.h
index 43ff5474f88..a542866581e 100644
--- a/src/path-symex/locs.h
+++ b/src/path-symex/locs.h
@@ -56,13 +56,19 @@ class locst
 
   loct &operator[] (loc_reft l)
   {
+#include <util/pragma_push>
+#include <util/pragma_wtautological_compare>
     assert(l.loc_number>=0 && l.loc_number<loc_vector.size());
+#include <util/pragma_pop>
     return loc_vector[l.loc_number];
   }
 
   const loct &operator[] (loc_reft l) const
   {
+#include <util/pragma_push> // NOLINT(build/include)
+#include <util/pragma_wtautological_compare> // NOLINT(build/include)
     assert(l.loc_number>=0 && l.loc_number<loc_vector.size());
+#include <util/pragma_pop> // NOLINT(build/include)
     return loc_vector[l.loc_number];
   }
 
diff --git a/src/solvers/Makefile b/src/solvers/Makefile
index fc249c2faf9..3f3465277a3 100644
--- a/src/solvers/Makefile
+++ b/src/solvers/Makefile
@@ -19,7 +19,6 @@ ifneq ($(MINISAT2),)
   MINISAT2_INCLUDE=-I $(MINISAT2)
   MINISAT2_LIB=$(MINISAT2)/minisat/simp/SimpSolver$(OBJEXT) $(MINISAT2)/minisat/core/Solver$(OBJEXT)
   CP_CXXFLAGS += -DHAVE_MINISAT2 -D__STDC_FORMAT_MACROS -D__STDC_LIMIT_MACROS
-  override CXXFLAGS := $(filter-out -pedantic, $(CXXFLAGS))
 endif
 
 ifneq ($(GLUCOSE),)
@@ -27,7 +26,6 @@ ifneq ($(GLUCOSE),)
   GLUCOSE_INCLUDE=-I $(GLUCOSE)
   GLUCOSE_LIB=$(GLUCOSE)/simp/SimpSolver$(OBJEXT) $(GLUCOSE)/core/Solver$(OBJEXT)
   CP_CXXFLAGS += -DHAVE_GLUCOSE -D__STDC_FORMAT_MACROS -D__STDC_LIMIT_MACROS
-  override CXXFLAGS := $(filter-out -pedantic, $(CXXFLAGS))
 endif
 
 ifneq ($(SMVSAT),)
diff --git a/src/util/pragma_pop b/src/util/pragma_pop
new file mode 100644
index 00000000000..cd64eab35cd
--- /dev/null
+++ b/src/util/pragma_pop
@@ -0,0 +1,7 @@
+#if defined __clang__
+  #pragma clang diagnostic pop
+#elif defined __GNUC__
+  #pragma GCC diagnostic pop
+#elif defined _MSC_VER
+  #pragma warning(pop)
+#endif
diff --git a/src/util/pragma_push b/src/util/pragma_push
new file mode 100644
index 00000000000..4362218091b
--- /dev/null
+++ b/src/util/pragma_push
@@ -0,0 +1,7 @@
+#if defined __clang__
+  #pragma clang diagnostic push
+#elif defined __GNUC__
+  #pragma GCC diagnostic push
+#elif defined _MSC_VER
+  #pragma warning(push)
+#endif
diff --git a/src/util/pragma_wdeprecated_register b/src/util/pragma_wdeprecated_register
new file mode 100644
index 00000000000..78fb0d18d62
--- /dev/null
+++ b/src/util/pragma_wdeprecated_register
@@ -0,0 +1,5 @@
+#if defined __clang__
+  #pragma clang diagnostic ignored "-Wdeprecated-register"
+#elif defined __GNUC__
+#elif defined _MSC_VER
+#endif
diff --git a/src/util/pragma_wnull_conversion b/src/util/pragma_wnull_conversion
new file mode 100644
index 00000000000..a951342f1a1
--- /dev/null
+++ b/src/util/pragma_wnull_conversion
@@ -0,0 +1,5 @@
+#if defined __clang__
+  #pragma clang diagnostic ignored "-Wnull-conversion"
+#elif defined __GNUC__
+#elif defined _MSC_VER
+#endif
diff --git a/src/util/pragma_wpedantic b/src/util/pragma_wpedantic
new file mode 100644
index 00000000000..2487cb8a138
--- /dev/null
+++ b/src/util/pragma_wpedantic
@@ -0,0 +1,6 @@
+#if defined __clang__
+  #pragma clang diagnostic ignored "-Wpedantic"
+#elif defined __GNUC__
+  #pragma GCC diagnostic ignored "-Wpedantic"
+#elif defined _MSC_VER
+#endif
diff --git a/src/util/pragma_wsign_compare b/src/util/pragma_wsign_compare
new file mode 100644
index 00000000000..f98f224339c
--- /dev/null
+++ b/src/util/pragma_wsign_compare
@@ -0,0 +1,7 @@
+#if defined __clang__
+  #pragma clang diagnostic ignored "-Wsign-compare"
+#elif defined __GNUC__
+  #pragma GCC diagnostic ignored "-Wsign-compare"
+#elif defined _MSC_VER
+  #pragma warning(disable:4018)
+#endif
diff --git a/src/util/pragma_wtautological_compare b/src/util/pragma_wtautological_compare
new file mode 100644
index 00000000000..7af23144f47
--- /dev/null
+++ b/src/util/pragma_wtautological_compare
@@ -0,0 +1,5 @@
+#if defined __clang__
+  #pragma clang diagnostic ignored "-Wtautological-compare"
+#elif defined __GNUC__
+#elif defined _MSC_VER
+#endif
diff --git a/src/util/pragma_wzero_length_array b/src/util/pragma_wzero_length_array
new file mode 100644
index 00000000000..2e68ac30dc5
--- /dev/null
+++ b/src/util/pragma_wzero_length_array
@@ -0,0 +1,6 @@
+#if defined __clang__
+  #pragma clang diagnostic ignored "-Wzero-length-array"
+#elif defined __GNUC__
+  #pragma GCC diagnostic ignored "-Wpedantic" // no specific ZLA warning in GCC
+#elif defined _MSC_VER
+#endif
diff --git a/src/xmllang/scanner.l b/src/xmllang/scanner.l
index 00ece467e83..db6fef483f3 100644
--- a/src/xmllang/scanner.l
+++ b/src/xmllang/scanner.l
@@ -31,6 +31,10 @@ static char *word(char *s)
   return buf;
 }
 
+#include <util/pragma_wsign_compare>
+#include <util/pragma_wnull_conversion>
+#include <util/pragma_wdeprecated_register>
+
 %}
 
 

From c21e64c93d75e2af3580a705c2b24c623f072bf1 Mon Sep 17 00:00:00 2001
From: reuk <reuk@users.noreply.github.com>
Date: Wed, 26 Apr 2017 13:00:18 +0100
Subject: [PATCH 220/699] Remove unnecessary flags from travis.yml

---
 .travis.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.travis.yml b/.travis.yml
index 7cebb781ff4..ca8c2381b4c 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -143,7 +143,7 @@ matrix:
 install:
   - COMMAND="make -C src minisat2-download" &&
     eval ${PRE_COMMAND} ${COMMAND}
-  - COMMAND="make -C src CXX=\"$COMPILER\" CXXFLAGS=\"-Wall -O2 -g -Werror -Wno-deprecated-register -pedantic -Wno-sign-compare $EXTRA_CXXFLAGS\" -j2" &&
+  - COMMAND="make -C src CXX=\"$COMPILER\" CXXFLAGS=\"-Wall -Werror -pedantic -O2 -g $EXTRA_CXXFLAGS\" -j2" &&
     eval ${PRE_COMMAND} ${COMMAND}
   - COMMAND="make -C src CXX=\"$COMPILER\" CXXFLAGS=\"$FLAGS $EXTRA_CXXFLAGS\" -j2 cegis.dir clobber.dir memory-models.dir musketeer.dir" &&
     eval ${PRE_COMMAND} ${COMMAND}

From 76dda349ca371d1698251bbc79e22b3ccb3d98ca Mon Sep 17 00:00:00 2001
From: reuk <reuk@users.noreply.github.com>
Date: Wed, 26 Apr 2017 20:51:08 +0100
Subject: [PATCH 221/699] Remove unnecessary asserts

---
 src/ansi-c/expr2c.cpp    |  8 --------
 src/ansi-c/library/jsa.h | 25 ++++++++++---------------
 src/path-symex/locs.h    | 10 ++--------
 3 files changed, 12 insertions(+), 31 deletions(-)

diff --git a/src/ansi-c/expr2c.cpp b/src/ansi-c/expr2c.cpp
index f2b20bc2ded..a68f960b852 100644
--- a/src/ansi-c/expr2c.cpp
+++ b/src/ansi-c/expr2c.cpp
@@ -3630,10 +3630,6 @@ std::string expr2ct::convert_code_block(
   const code_blockt &src,
   unsigned indent)
 {
-#include <util/pragma_push>
-#include <util/pragma_wtautological_compare>
-  assert(indent>=0);
-#include <util/pragma_pop>
   std::string dest=indent_str(indent);
   dest+="{\n";
 
@@ -3669,10 +3665,6 @@ std::string expr2ct::convert_code_decl_block(
   const codet &src,
   unsigned indent)
 {
-#include <util/pragma_push> // NOLINT(build/include)
-#include <util/pragma_wtautological_compare> // NOLINT(build/include)
-  assert(indent>=0);
-#include <util/pragma_pop> // NOLINT(build/include)
   std::string dest;
 
   forall_operands(it, src)
diff --git a/src/ansi-c/library/jsa.h b/src/ansi-c/library/jsa.h
index 51aa196c5c9..20f68ad371d 100644
--- a/src/ansi-c/library/jsa.h
+++ b/src/ansi-c/library/jsa.h
@@ -188,10 +188,8 @@ __CPROVER_jsa_inline _Bool __CPROVER_jsa__internal_are_heaps_equal(
   const __CPROVER_jsa_abstract_heapt *const rhs)
 {
   __CPROVER_jsa__internal_index_t i;
-#include <util/pragma_push>
-#include <util/pragma_wtautological_compare>
+#if 0 < __CPROVER_JSA_MAX_ABSTRACT_NODES
   for(i=0; i < __CPROVER_JSA_MAX_ABSTRACT_NODES; ++i)
-#include <util/pragma_pop>
   {
     const __CPROVER_jsa_abstract_nodet lhs_node=lhs->abstract_nodes[i];
     const __CPROVER_jsa_abstract_nodet rhs_node=rhs->abstract_nodes[i];
@@ -201,10 +199,9 @@ __CPROVER_jsa_inline _Bool __CPROVER_jsa__internal_are_heaps_equal(
        lhs_node.value_ref!=rhs_node.value_ref)
       return false;
   }
-#include <util/pragma_push> // NOLINT(build/include)
-#include <util/pragma_wtautological_compare> // NOLINT(build/include)
+#endif
+#if 0 < __CPROVER_JSA_MAX_ABSTRACT_RANGES
   for(i=0; i < __CPROVER_JSA_MAX_ABSTRACT_RANGES; ++i)
-#include <util/pragma_pop> // NOLINT(build/include)
   {
     const __CPROVER_jsa_abstract_ranget lhs_range=lhs->abstract_ranges[i];
     const __CPROVER_jsa_abstract_ranget rhs_range=rhs->abstract_ranges[i];
@@ -213,6 +210,7 @@ __CPROVER_jsa_inline _Bool __CPROVER_jsa__internal_are_heaps_equal(
        lhs_range.size!=rhs_range.size)
       return false;
   }
+#endif
   for(i=0; i < __CPROVER_JSA_MAX_CONCRETE_NODES; ++i)
   {
     const __CPROVER_jsa_concrete_nodet lhs_node=lhs->concrete_nodes[i];
@@ -598,12 +596,10 @@ __CPROVER_jsa_inline void __CPROVER_jsa_assume_valid_heap(
       __CPROVER_jsa__internal_assume_linking_correct(h, cnode, prev, nxt);
     }
   }
-#include <util/pragma_push> // NOLINT(build/include)
-#include <util/pragma_wtautological_compare> // NOLINT(build/include)
+#if 0 < __CPROVER_JSA_MAX_ABSTRACT_NODES
   for(__CPROVER_jsa__internal_index_t anode=0;
       anode<__CPROVER_JSA_MAX_ABSTRACT_NODES;
       ++anode)
-#include <util/pragma_pop> // NOLINT(build/include)
   {
     const __CPROVER_jsa_id_t nxt=h->abstract_nodes[anode].next;
     __CPROVER_jsa_assume(__CPROVER_jsa__internal_is_valid_node_id(nxt));
@@ -613,17 +609,17 @@ __CPROVER_jsa_inline void __CPROVER_jsa_assume_valid_heap(
       __CPROVER_jsa__internal_get_abstract_node_id(anode);
     __CPROVER_jsa__internal_assume_linking_correct(h, nid, prev, nxt);
   }
-#include <util/pragma_push> // NOLINT(build/include)
-#include <util/pragma_wtautological_compare> // NOLINT(build/include)
+#endif
+#if 0 < __CPROVER_JSA_MAX_ABSTRACT_RANGES
   for(__CPROVER_jsa__internal_index_t range=0;
       range<__CPROVER_JSA_MAX_ABSTRACT_RANGES;
       ++range)
-#include <util/pragma_pop> // NOLINT(build/include)
   {
     const __CPROVER_jsa_abstract_ranget r=h->abstract_ranges[range];
     __CPROVER_jsa_assume(r.size >= 1);
     __CPROVER_jsa_assume(r.min <= r.max);
   }
+#endif
   // Iterators point to valid nodes
   __CPROVER_jsa_assume(h->iterator_count <= __CPROVER_JSA_MAX_ITERATORS);
   for(__CPROVER_jsa_iterator_id_t it=0; it < __CPROVER_JSA_MAX_ITERATORS; ++it)
@@ -665,14 +661,13 @@ __CPROVER_jsa_inline void __CPROVER_jsa_assume_valid_heap(
         ++cnodec)
       if(h->concrete_nodes[cnodec].list == listc)
         ++count;
-#include <util/pragma_push> // NOLINT(build/include)
-#include <util/pragma_wtautological_compare> // NOLINT(build/include)
+#if 0 < __CPROVER_JSA_MAX_ABSTRACT_NODES
     for(__CPROVER_jsa__internal_index_t anodec=0;
         anodec<__CPROVER_JSA_MAX_ABSTRACT_NODES;
         ++anodec)
-#include <util/pragma_pop> // NOLINT(build/include)
       if(h->abstract_nodes[anodec].list==listc)
         ++count;
+#endif
     __CPROVER_jsa_assume(count<=__CPROVER_JSA_MAX_NODES_PER_CE_LIST);
   }
 }
diff --git a/src/path-symex/locs.h b/src/path-symex/locs.h
index a542866581e..7f626a1d2bf 100644
--- a/src/path-symex/locs.h
+++ b/src/path-symex/locs.h
@@ -56,19 +56,13 @@ class locst
 
   loct &operator[] (loc_reft l)
   {
-#include <util/pragma_push>
-#include <util/pragma_wtautological_compare>
-    assert(l.loc_number>=0 && l.loc_number<loc_vector.size());
-#include <util/pragma_pop>
+    assert(l.loc_number<loc_vector.size());
     return loc_vector[l.loc_number];
   }
 
   const loct &operator[] (loc_reft l) const
   {
-#include <util/pragma_push> // NOLINT(build/include)
-#include <util/pragma_wtautological_compare> // NOLINT(build/include)
-    assert(l.loc_number>=0 && l.loc_number<loc_vector.size());
-#include <util/pragma_pop> // NOLINT(build/include)
+    assert(l.loc_number<loc_vector.size());
     return loc_vector[l.loc_number];
   }
 

From 72da3fb3c49ace19cab226de7627b71d2a8801e9 Mon Sep 17 00:00:00 2001
From: reuk <reuk@users.noreply.github.com>
Date: Wed, 26 Apr 2017 20:57:48 +0100
Subject: [PATCH 222/699] Give pragma files a '.def' suffix

---
 scripts/minisat-2.2.1-patch                                 | 6 +++---
 src/ansi-c/scanner.l                                        | 6 +++---
 src/assembler/scanner.l                                     | 6 +++---
 src/jsil/scanner.l                                          | 6 +++---
 src/json/scanner.l                                          | 6 +++---
 src/memory-models/scanner.l                                 | 6 +++---
 src/util/{pragma_pop => pragma_pop.def}                     | 0
 src/util/{pragma_push => pragma_push.def}                   | 0
 ...wdeprecated_register => pragma_wdeprecated_register.def} | 0
 ...{pragma_wnull_conversion => pragma_wnull_conversion.def} | 0
 src/util/{pragma_wpedantic => pragma_wpedantic.def}         | 0
 src/util/{pragma_wsign_compare => pragma_wsign_compare.def} | 0
 ...autological_compare => pragma_wtautological_compare.def} | 0
 ...gma_wzero_length_array => pragma_wzero_length_array.def} | 0
 src/xmllang/scanner.l                                       | 6 +++---
 15 files changed, 21 insertions(+), 21 deletions(-)
 rename src/util/{pragma_pop => pragma_pop.def} (100%)
 rename src/util/{pragma_push => pragma_push.def} (100%)
 rename src/util/{pragma_wdeprecated_register => pragma_wdeprecated_register.def} (100%)
 rename src/util/{pragma_wnull_conversion => pragma_wnull_conversion.def} (100%)
 rename src/util/{pragma_wpedantic => pragma_wpedantic.def} (100%)
 rename src/util/{pragma_wsign_compare => pragma_wsign_compare.def} (100%)
 rename src/util/{pragma_wtautological_compare => pragma_wtautological_compare.def} (100%)
 rename src/util/{pragma_wzero_length_array => pragma_wzero_length_array.def} (100%)

diff --git a/scripts/minisat-2.2.1-patch b/scripts/minisat-2.2.1-patch
index fcbdbb818a1..d8129ec8e32 100644
--- a/scripts/minisat-2.2.1-patch
+++ b/scripts/minisat-2.2.1-patch
@@ -46,10 +46,10 @@ index 4757b20..c3fae2b 100644
          unsigned has_extra : 1;
          unsigned reloced   : 1;
          unsigned size      : 27; }                        header;
-+#include <util/pragma_push>
-+#include <util/pragma_wzero_length_array>
++#include <util/pragma_push.def>
++#include <util/pragma_wzero_length_array.def>
      union { Lit lit; float act; uint32_t abs; CRef rel; } data[0];
-+#include <util/pragma_pop>
++#include <util/pragma_pop.def>
  
      friend class ClauseAllocator;
  
diff --git a/src/ansi-c/scanner.l b/src/ansi-c/scanner.l
index 0c0a86ce97e..f5b3d7ec6c8 100644
--- a/src/ansi-c/scanner.l
+++ b/src/ansi-c/scanner.l
@@ -164,9 +164,9 @@ int cpp_operator(int token)
   }
 }
 
-#include <util/pragma_wsign_compare>
-#include <util/pragma_wnull_conversion>
-#include <util/pragma_wdeprecated_register>
+#include <util/pragma_wsign_compare.def>
+#include <util/pragma_wnull_conversion.def>
+#include <util/pragma_wdeprecated_register.def>
 
 /*** macros for easier rule definition **********************************/
 %}
diff --git a/src/assembler/scanner.l b/src/assembler/scanner.l
index 0130f46ae3a..fce0d352b40 100644
--- a/src/assembler/scanner.l
+++ b/src/assembler/scanner.l
@@ -15,9 +15,9 @@ static int isatty(int) { return 0; }
 
 #include "assembler_parser.h"
 
-#include <util/pragma_wsign_compare>
-#include <util/pragma_wnull_conversion>
-#include <util/pragma_wdeprecated_register>
+#include <util/pragma_wsign_compare.def>
+#include <util/pragma_wnull_conversion.def>
+#include <util/pragma_wdeprecated_register.def>
 
 /*** macros for easier rule definition **********************************/
 %}
diff --git a/src/jsil/scanner.l b/src/jsil/scanner.l
index f2dafc1ee48..f31ab0f8ad1 100644
--- a/src/jsil/scanner.l
+++ b/src/jsil/scanner.l
@@ -36,9 +36,9 @@ static int make_identifier()
   return TOK_IDENTIFIER;
 }
 
-#include <util/pragma_wsign_compare>
-#include <util/pragma_wnull_conversion>
-#include <util/pragma_wdeprecated_register>
+#include <util/pragma_wsign_compare.def>
+#include <util/pragma_wnull_conversion.def>
+#include <util/pragma_wdeprecated_register.def>
 
 %}
 
diff --git a/src/json/scanner.l b/src/json/scanner.l
index 1eacf6ab55d..7bda01fd033 100644
--- a/src/json/scanner.l
+++ b/src/json/scanner.l
@@ -19,9 +19,9 @@ static int isatty(int) { return 0; }
 #include "json_parser.h"
 #include "json_y.tab.h"
 
-#include <util/pragma_wsign_compare>
-#include <util/pragma_wnull_conversion>
-#include <util/pragma_wdeprecated_register>
+#include <util/pragma_wsign_compare.def>
+#include <util/pragma_wnull_conversion.def>
+#include <util/pragma_wdeprecated_register.def>
 
 %}
 
diff --git a/src/memory-models/scanner.l b/src/memory-models/scanner.l
index b222a813bff..9ae9bfea51f 100644
--- a/src/memory-models/scanner.l
+++ b/src/memory-models/scanner.l
@@ -19,9 +19,9 @@ static int isatty(int) { return 0; }
 
 unsigned comment_nesting;
 
-#include <util/pragma_wsign_compare>
-#include <util/pragma_wnull_conversion>
-#include <util/pragma_wdeprecated_register>
+#include <util/pragma_wsign_compare.def>
+#include <util/pragma_wnull_conversion.def>
+#include <util/pragma_wdeprecated_register.def>
 
 %}
 
diff --git a/src/util/pragma_pop b/src/util/pragma_pop.def
similarity index 100%
rename from src/util/pragma_pop
rename to src/util/pragma_pop.def
diff --git a/src/util/pragma_push b/src/util/pragma_push.def
similarity index 100%
rename from src/util/pragma_push
rename to src/util/pragma_push.def
diff --git a/src/util/pragma_wdeprecated_register b/src/util/pragma_wdeprecated_register.def
similarity index 100%
rename from src/util/pragma_wdeprecated_register
rename to src/util/pragma_wdeprecated_register.def
diff --git a/src/util/pragma_wnull_conversion b/src/util/pragma_wnull_conversion.def
similarity index 100%
rename from src/util/pragma_wnull_conversion
rename to src/util/pragma_wnull_conversion.def
diff --git a/src/util/pragma_wpedantic b/src/util/pragma_wpedantic.def
similarity index 100%
rename from src/util/pragma_wpedantic
rename to src/util/pragma_wpedantic.def
diff --git a/src/util/pragma_wsign_compare b/src/util/pragma_wsign_compare.def
similarity index 100%
rename from src/util/pragma_wsign_compare
rename to src/util/pragma_wsign_compare.def
diff --git a/src/util/pragma_wtautological_compare b/src/util/pragma_wtautological_compare.def
similarity index 100%
rename from src/util/pragma_wtautological_compare
rename to src/util/pragma_wtautological_compare.def
diff --git a/src/util/pragma_wzero_length_array b/src/util/pragma_wzero_length_array.def
similarity index 100%
rename from src/util/pragma_wzero_length_array
rename to src/util/pragma_wzero_length_array.def
diff --git a/src/xmllang/scanner.l b/src/xmllang/scanner.l
index db6fef483f3..e262b927112 100644
--- a/src/xmllang/scanner.l
+++ b/src/xmllang/scanner.l
@@ -31,9 +31,9 @@ static char *word(char *s)
   return buf;
 }
 
-#include <util/pragma_wsign_compare>
-#include <util/pragma_wnull_conversion>
-#include <util/pragma_wdeprecated_register>
+#include <util/pragma_wsign_compare.def>
+#include <util/pragma_wnull_conversion.def>
+#include <util/pragma_wdeprecated_register.def>
 
 %}
 

From 539db2549f8aa9c50681423e2ebce40b7b79ce9f Mon Sep 17 00:00:00 2001
From: reuk <reuk@users.noreply.github.com>
Date: Thu, 11 May 2017 11:57:01 +0100
Subject: [PATCH 223/699] Fix use-after-free bugs

---
 src/goto-programs/string_refine_preprocess.cpp | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/goto-programs/string_refine_preprocess.cpp b/src/goto-programs/string_refine_preprocess.cpp
index 6a908f281f8..bbba1b8d49a 100644
--- a/src/goto-programs/string_refine_preprocess.cpp
+++ b/src/goto-programs/string_refine_preprocess.cpp
@@ -755,7 +755,7 @@ void string_refine_preprocesst::make_string_function(
   code_function_callt &function_call=to_code_function_call(target->code);
   code_typet function_type=to_code_type(function_call.function().type());
   code_typet new_type;
-  const source_locationt &loc=function_call.source_location();
+  const source_locationt loc=function_call.source_location();
   declare_function(function_name, function_type);
   function_application_exprt rhs;
   std::vector<exprt> args;
@@ -1074,7 +1074,8 @@ void string_refine_preprocesst::replace_string_calls(
   {
     if(target->is_function_call())
     {
-      code_function_callt &function_call=to_code_function_call(target->code);
+      const code_function_callt function_call=
+        to_code_function_call(target->code);
 
       if(function_call.function().id()==ID_symbol)
       {

From f4ba652cc424f04cb99591b491a0337c141c782d Mon Sep 17 00:00:00 2001
From: reuk <reuk@users.noreply.github.com>
Date: Thu, 18 May 2017 12:43:20 +0100
Subject: [PATCH 224/699] Fix signed/unsigned comparison warning

---
 src/solvers/refinement/string_refinement.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/solvers/refinement/string_refinement.cpp b/src/solvers/refinement/string_refinement.cpp
index 498ecfecf70..c205e710266 100644
--- a/src/solvers/refinement/string_refinement.cpp
+++ b/src/solvers/refinement/string_refinement.cpp
@@ -367,8 +367,8 @@ void string_refinementt::concretize_string(const exprt &expr)
     {
       assert(found_length.is_long());
       assert(found_length>=0);
-      assert(found_length.to_long()<=generator.max_string_length);
       size_t concretize_limit=found_length.to_long();
+      assert(concretize_limit<=generator.max_string_length);
       exprt content_expr=str.content();
       std::vector<exprt> result;
 

From 013f442fc1a65e92d047abca7038583e632e9a3a Mon Sep 17 00:00:00 2001
From: Pascal Kesseli <pascal_kesseli@hotmail.com>
Date: Sat, 20 May 2017 14:24:28 +0100
Subject: [PATCH 225/699] Add missing swap instruction

Fixes issue https://github.com/diffblue/test-gen/issues/103. Swap
instruction was not handled in convert_instructions. Includes the
original Groovy regression test which sparked the issue ("swap2") and a
simpler unit test ("swap1") which was created using ASM.
---
 regression/cbmc-java/swap1/Swap.class         | Bin 0 -> 678 bytes
 regression/cbmc-java/swap1/Swap.java          |   7 +
 regression/cbmc-java/swap1/SwapDump.java      | 108 +++++++++++
 regression/cbmc-java/swap1/test.desc          |   8 +
 ...Plugin$1$_execute_closure1$_closure2.class | Bin 0 -> 2949 bytes
 .../build/gradle/MergePlugin.groovy           | 177 ++++++++++++++++++
 regression/cbmc-java/swap2/test.desc          |   8 +
 .../java_bytecode_convert_method.cpp          |   6 +
 8 files changed, 314 insertions(+)
 create mode 100644 regression/cbmc-java/swap1/Swap.class
 create mode 100644 regression/cbmc-java/swap1/Swap.java
 create mode 100644 regression/cbmc-java/swap1/SwapDump.java
 create mode 100644 regression/cbmc-java/swap1/test.desc
 create mode 100644 regression/cbmc-java/swap2/org/springframework/build/gradle/MergePlugin$1$_execute_closure1$_closure2.class
 create mode 100644 regression/cbmc-java/swap2/org/springframework/build/gradle/MergePlugin.groovy
 create mode 100644 regression/cbmc-java/swap2/test.desc

diff --git a/regression/cbmc-java/swap1/Swap.class b/regression/cbmc-java/swap1/Swap.class
new file mode 100644
index 0000000000000000000000000000000000000000..9b070cbb7adc094a41e1ba974faf18cd91b2b623
GIT binary patch
literal 678
zcmZuv%Wl&^6g}fdoTM(z14?KD6k1SWK{o6f5U7BJ6kriliLyWwdz4Ob?P}}*-_i|B
z)__DMkYLY06>-K1gaxvEeIIkrJ?D;p{`&eIz-?R?@J4UtQ2-&(IFN5-KauIA|7?7q
zq9TARP_y-0wj|KrlzFa9p|do9pmRA+R4gF&1ge85(Wx%(3b<Q0b_G@zU^@xB0@MXo
zW0h;8;`@J4MujY<dD*iUBE)hXOE?pvf}jQm4S~v_gbmR`tqu=uGA{Ntdn!ZAY@6|+
z)G5KYUJe&SM}^VpWZP2dEV6$GKQtyY0WQ?BRzgZMA!PeM2-NqE?_&-$DxW3=2kvCC
zqQs$2)zj(WSefT`6#~oD6TN;SkLGb}m_;(#l}6k8JXs%QQxmC2I#IYnksfbCG&)u@
zJr`9zH3-)14GCJH*>b*M<rsnY0iOFA&5ukvxJp|oj|gng_u+*1NY*Zk)*|%zwHW@*
z6P%rOZ88jJNu0wfqknN~IFHV}Ip++Q^<H(*^<TwzKB0MxX0LJj9!uY__TmKH9~RSv
w#ay4AMGqGlIo#|eTqaV$DeLrRd|RbpmyySck1iEh?)(K$(G`~MwX)s+4c$k3(EtDd

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/swap1/Swap.java b/regression/cbmc-java/swap1/Swap.java
new file mode 100644
index 00000000000..3b6c100e15e
--- /dev/null
+++ b/regression/cbmc-java/swap1/Swap.java
@@ -0,0 +1,7 @@
+public class Swap {
+  public static void main(String[] args) {
+    int x = 5;
+    int result = x - 2;
+    assert result == -3;
+  }
+}
diff --git a/regression/cbmc-java/swap1/SwapDump.java b/regression/cbmc-java/swap1/SwapDump.java
new file mode 100644
index 00000000000..52503eaec99
--- /dev/null
+++ b/regression/cbmc-java/swap1/SwapDump.java
@@ -0,0 +1,108 @@
+import java.nio.file.Files;
+import java.nio.file.Paths;
+
+import org.objectweb.asm.*;
+public class SwapDump implements Opcodes {
+
+public static byte[] dump () throws Exception {
+
+ClassWriter cw = new ClassWriter(0);
+FieldVisitor fv;
+MethodVisitor mv;
+
+cw.visit(52, ACC_PUBLIC + ACC_SUPER, "Swap", null, "java/lang/Object", null);
+
+cw.visitSource("Swap.java", null);
+
+{
+fv = cw.visitField(ACC_FINAL + ACC_STATIC + ACC_SYNTHETIC, "$assertionsDisabled", "Z", null, null);
+fv.visitEnd();
+}
+{
+mv = cw.visitMethod(ACC_STATIC, "<clinit>", "()V", null, null);
+mv.visitCode();
+Label l0 = new Label();
+mv.visitLabel(l0);
+mv.visitLineNumber(1, l0);
+mv.visitLdcInsn(Type.getType("LSwap;"));
+mv.visitMethodInsn(INVOKEVIRTUAL, "java/lang/Class", "desiredAssertionStatus", "()Z", false);
+Label l1 = new Label();
+mv.visitJumpInsn(IFNE, l1);
+mv.visitInsn(ICONST_1);
+Label l2 = new Label();
+mv.visitJumpInsn(GOTO, l2);
+mv.visitLabel(l1);
+mv.visitFrame(Opcodes.F_SAME, 0, null, 0, null);
+mv.visitInsn(ICONST_0);
+mv.visitLabel(l2);
+mv.visitFrame(Opcodes.F_SAME1, 0, null, 1, new Object[] {Opcodes.INTEGER});
+mv.visitFieldInsn(PUTSTATIC, "Swap", "$assertionsDisabled", "Z");
+mv.visitInsn(RETURN);
+mv.visitMaxs(1, 0);
+mv.visitEnd();
+}
+{
+mv = cw.visitMethod(ACC_PUBLIC, "<init>", "()V", null, null);
+mv.visitCode();
+Label l0 = new Label();
+mv.visitLabel(l0);
+mv.visitLineNumber(1, l0);
+mv.visitVarInsn(ALOAD, 0);
+mv.visitMethodInsn(INVOKESPECIAL, "java/lang/Object", "<init>", "()V", false);
+mv.visitInsn(RETURN);
+Label l1 = new Label();
+mv.visitLabel(l1);
+mv.visitLocalVariable("this", "LSwap;", null, l0, l1, 0);
+mv.visitMaxs(1, 1);
+mv.visitEnd();
+}
+{
+mv = cw.visitMethod(ACC_PUBLIC + ACC_STATIC, "main", "([Ljava/lang/String;)V", null, null);
+mv.visitCode();
+Label l0 = new Label();
+mv.visitLabel(l0);
+mv.visitLineNumber(3, l0);
+mv.visitInsn(ICONST_5);
+mv.visitVarInsn(ISTORE, 1);
+Label l1 = new Label();
+mv.visitLabel(l1);
+mv.visitLineNumber(4, l1);
+mv.visitVarInsn(ILOAD, 1);
+mv.visitInsn(ICONST_2);
+mv.visitInsn(SWAP); // Manually added
+mv.visitInsn(ISUB);
+mv.visitVarInsn(ISTORE, 2);
+Label l2 = new Label();
+mv.visitLabel(l2);
+mv.visitLineNumber(5, l2);
+mv.visitFieldInsn(GETSTATIC, "Swap", "$assertionsDisabled", "Z");
+Label l3 = new Label();
+mv.visitJumpInsn(IFNE, l3);
+mv.visitVarInsn(ILOAD, 2);
+mv.visitIntInsn(BIPUSH, -3);
+mv.visitJumpInsn(IF_ICMPEQ, l3);
+mv.visitTypeInsn(NEW, "java/lang/AssertionError");
+mv.visitInsn(DUP);
+mv.visitMethodInsn(INVOKESPECIAL, "java/lang/AssertionError", "<init>", "()V", false);
+mv.visitInsn(ATHROW);
+mv.visitLabel(l3);
+mv.visitLineNumber(6, l3);
+mv.visitFrame(Opcodes.F_APPEND,2, new Object[] {Opcodes.INTEGER, Opcodes.INTEGER}, 0, null);
+mv.visitInsn(RETURN);
+Label l4 = new Label();
+mv.visitLabel(l4);
+mv.visitLocalVariable("args", "[Ljava/lang/String;", null, l0, l4, 0);
+mv.visitLocalVariable("x", "I", null, l1, l4, 1);
+mv.visitLocalVariable("result", "I", null, l2, l4, 2);
+mv.visitMaxs(2, 3);
+mv.visitEnd();
+}
+cw.visitEnd();
+
+return cw.toByteArray();
+}
+
+public static void main(String[] args) throws Exception {
+  Files.write(Paths.get("Swap.class"), dump());
+}
+}
diff --git a/regression/cbmc-java/swap1/test.desc b/regression/cbmc-java/swap1/test.desc
new file mode 100644
index 00000000000..8f803004f29
--- /dev/null
+++ b/regression/cbmc-java/swap1/test.desc
@@ -0,0 +1,8 @@
+CORE
+Swap.class
+
+^EXIT=0
+^SIGNAL=0$
+^VERIFICATION SUCCESSFUL$
+--
+^warning: ignoring
diff --git a/regression/cbmc-java/swap2/org/springframework/build/gradle/MergePlugin$1$_execute_closure1$_closure2.class b/regression/cbmc-java/swap2/org/springframework/build/gradle/MergePlugin$1$_execute_closure1$_closure2.class
new file mode 100644
index 0000000000000000000000000000000000000000..a31f9a0bba462920933e0e5a7f46e29baa6b9549
GIT binary patch
literal 2949
zcmb_eTXz#x7~LmHnKTWhOiQ64A`&4@1ECQ?DIgF5OH*zsU_p)3<Rl$PXX0c6)cf7#
zzwpI(1T96D%9E_+Z(^zYOr{}Sow9K0%UsTU=iA?9fBVdzfBo_sfPMH@;I!>jGmW}q
zTGfhU%*mU!b3HTDG;8Hd)iKI7nVFPMRi3LgtEQD0O%&xVS!%knSgP5LrX#uHKV>xt
zf&Qvv+c)MjHN&cAaxEJTVS%&)D%oW@Ycw15?O8cZ%Qfd@=9ILgW4N;1-q9tXcOdU+
zZ4fy6U*pvf6<AZYb4INuurryzX527Z;hvqjCQI(v@XDn)V(1aj>W-~U1UBY7^SmG{
z(ven4jtTT78m{4*rCiNuG{&upEs)9w<}NEW`Z8^cb@FYwUn>^rVKOHmt}xI;re(TE
z1dap*x-!mHq8h#=us%_hu1dOKy7HLg81n+z<nYzt*!;efXy2fHW@+PC92+ngLkJrM
zc0E%}!<XXd$50FrY>s0sdb_#%Ie~~fYc>S(UI70O16jV_qD^)>;}*NXhLA-ot0d4<
zRN$?ChdByR7qWLlU{^J~BoJo#1O}3U?AV253_CF_usg8TtCds3h`>5k<x|o<=h$`W
zxbt!BMo$mY*dq}4C&U|tDE6v2L#&<J!r^_U2COVVU=A;1p8|b_sg`A(ll){bre+=c
zrZH2K8eSEMu@a26H3*wo5S6ko7DnC7_}|!!!Qd|%4hf7ttx$!MW7gf{^R85iajb0A
z*;5UigILLExKsAje4V{L@bvt>u?imNqc|4B>p0Fd)m#+3k)4#T;q4I^Vp^SCXn#@@
z{-iK125C4c5TzS`bN@1uw4#XPO^nBI3a16us+n$k6c`CeV>S3V@|aYipNV4~`qV6)
z6G#RYGeBT8Tp+2ILT$;@;ZFFanmwyS3c?gF#!vt?MmcWh6~|jRp*~D=DieyZ9m=z{
zgOrY}WD0i0?NrghM9Gmn5SDbu6RhGWDV4n1v9;i;gKJFbTi7U<qbM>6vR7JV%CRXM
zQ5clI_R74^%_vHo<sb}!{XU~tJF8SC%QVr8ZA?ujkGT$Vw1U$x8^=3%S83)oN^W3b
zSJMa2wFZv*GOcYjDX<VqYpodOV8?M4Z!3PhFR<kaWmi;NLn8(k!*NJdRFpTUgPoLE
zIu<=0zol$>baWZ5BV_NtKR`ajN8JqYV}b7WzXK&L$4OUmZL`3a498S@Go>z6$h>LE
zGtIdf>G&&aIkBbdlSbWtj}`2uQ<5i5&-{d?{z=FTl5y59lM~|>e=xkV$p*GF$q0D3
zBGMO9Clb&XQ`5xzcUTYIduR37QvTGiq655s#<z<+DAw>kw1`ayBdL+}J#5*1uxqF*
zRs0!Shq^BR$d3Y_^O_<AunEs&8}I7r1p*82=|wLDwWh$sT;=bD58<H8JB`wWm`v+C
zvS~e$P5p$e3rO8ZCIo#nt!J|%-t&FzkKi_br`NEDI>^)%_7Z9e2Rzg-xVnZ25qys?
z`5cG%n`R7F!)shWh%q1kBt0k}gT&AKxccEm<R0R13n}Cw(F3gpe5AI|0pDj|1aIJk
z@AJ6tb608s6ME<eL{p16d;1Q~=SLo4omySQ<>~xgoF7@hmD|dP7bfZ3`xyNi3TzOE
z$oIF+s~OOr(s$_Z6;gUapW!vDmkX)^s+;7pZ@k^>HLyXi{t9z~$k!iWZdwne?xC)r
zlsSKDeDj>|J9!7rA6U=p0-6uGVd4?=MckZt0C$>OKe!8r<@sb;umg|LtC8Dbd_}(@
Wvgd2wBj{$qzu{AiAgZ{ZLi_`dlq8h^

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/swap2/org/springframework/build/gradle/MergePlugin.groovy b/regression/cbmc-java/swap2/org/springframework/build/gradle/MergePlugin.groovy
new file mode 100644
index 00000000000..6af1cf3b80c
--- /dev/null
+++ b/regression/cbmc-java/swap2/org/springframework/build/gradle/MergePlugin.groovy
@@ -0,0 +1,177 @@
+/*
+ * Copyright 2002-2015 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.build.gradle
+
+import org.gradle.api.*
+import org.gradle.api.artifacts.Configuration
+import org.gradle.api.artifacts.ProjectDependency;
+import org.gradle.api.artifacts.maven.Conf2ScopeMapping
+import org.gradle.api.plugins.MavenPlugin
+import org.gradle.plugins.ide.eclipse.EclipsePlugin
+import org.gradle.plugins.ide.idea.IdeaPlugin
+import org.gradle.api.invocation.*
+
+/**
+ * Gradle plugin that allows projects to merged together. Primarily developed to
+ * allow Spring to support multiple incompatible versions of third-party
+ * dependencies (for example Hibernate v3 and v4).
+ * <p>
+ * The 'merge' extension should be used to define how projects are merged, for example:
+ * <pre class="code">
+ * configure(subprojects) {
+ *     apply plugin: MergePlugin
+ * }
+ *
+ * project("myproject") {
+ * }
+ *
+ * project("myproject-extra") {
+ *     merge.into = project("myproject")
+ * }
+ * </pre>
+ * <p>
+ * This plugin adds two new configurations:
+ * <ul>
+ * <li>merging - Contains the projects being merged into this project<li>
+ * <li>runtimeMerge - Contains all dependencies that are merge projects. These are used
+ * to allow an IDE to reference merge projects.</li>
+ * <ul>
+ *
+ * @author Rob Winch
+ * @author Phillip Webb
+ */
+class MergePlugin implements Plugin<Project> {
+
+	private static boolean attachedProjectsEvaluated;
+
+	public void apply(Project project) {
+		project.plugins.apply(MavenPlugin)
+		project.plugins.apply(EclipsePlugin)
+		project.plugins.apply(IdeaPlugin)
+
+		MergeModel model = project.extensions.create("merge", MergeModel)
+		model.project = project
+		project.configurations.create("merging")
+		Configuration runtimeMerge = project.configurations.create("runtimeMerge")
+
+		// Ensure the IDE can reference merged projects
+		project.eclipse.classpath.plusConfigurations += [ runtimeMerge ]
+		project.idea.module.scopes.PROVIDED.plus += [ runtimeMerge ]
+
+		// Hook to perform the actual merge logic
+		project.afterEvaluate{
+			if (it.merge.into != null) {
+				setup(it)
+			}
+			setupIdeDependencies(it)
+		}
+
+		// Hook to build runtimeMerge dependencies
+		if (!attachedProjectsEvaluated) {
+			project.gradle.projectsEvaluated{
+				postProcessProjects(it)
+			}
+			attachedProjectsEvaluated  = true;
+		}
+	}
+
+	private void setup(Project project) {
+		project.merge.into.dependencies.add("merging", project)
+		project.dependencies.add("provided", project.merge.into.sourceSets.main.output)
+		project.dependencies.add("runtimeMerge", project.merge.into)
+		setupTaskDependencies(project)
+		setupMaven(project)
+	}
+
+	private void setupTaskDependencies(Project project) {
+		// invoking a task will invoke the task with the same name on 'into' project
+		["sourcesJar", "jar", "javadocJar", "javadoc", "install", "artifactoryPublish"].each {
+			def task = project.tasks.findByPath(it)
+			if (task) {
+				task.enabled = false
+				task.dependsOn(project.merge.into.tasks.findByPath(it))
+			}
+		}
+
+		// update 'into' project artifacts to contain the source artifact contents
+		project.merge.into.sourcesJar.from(project.sourcesJar.source)
+		project.merge.into.jar.from(project.sourceSets.main.output)
+		project.merge.into.javadoc {
+			source += project.javadoc.source
+			classpath += project.javadoc.classpath
+		}
+	}
+
+	private void setupIdeDependencies(Project project) {
+		project.configurations.each { c ->
+			c.dependencies.findAll( { it instanceof org.gradle.api.artifacts.ProjectDependency } ).each { d ->
+				d.dependencyProject.merge.from.each { from ->
+					project.dependencies.add("runtimeMerge", from)
+				}
+			}
+		}
+	}
+
+	private void setupMaven(Project project) {
+		project.configurations.each { configuration ->
+			Conf2ScopeMapping mapping = project.conf2ScopeMappings.getMapping([configuration])
+			if (mapping.scope) {
+				Configuration intoConfiguration = project.merge.into.configurations.create(
+					project.name + "-" + configuration.name)
+				configuration.excludeRules.each {
+					configuration.exclude([
+						(ExcludeRule.GROUP_KEY) : it.group,
+						(ExcludeRule.MODULE_KEY) : it.module])
+				}
+				configuration.dependencies.each {
+					def intoCompile = project.merge.into.configurations.getByName("compile")
+					// Protect against changing a compile scope dependency (SPR-10218)
+					if (!intoCompile.dependencies.contains(it)) {
+						intoConfiguration.dependencies.add(it)
+					}
+				}
+				def index = project.parent.childProjects.findIndexOf {p -> p.getValue() == project}
+				project.merge.into.install.repositories.mavenInstaller.pom.scopeMappings.addMapping(
+					mapping.priority + 100 + index, intoConfiguration, mapping.scope)
+			}
+		}
+	}
+
+	private postProcessProjects(Gradle gradle) {
+		gradle.allprojects(new Action<Project>() {
+			public void execute(Project project) {
+				project.configurations.getByName("runtime").allDependencies.withType(ProjectDependency).each{
+					Configuration dependsOnMergedFrom = it.dependencyProject.configurations.getByName("merging");
+					dependsOnMergedFrom.dependencies.each{ dep ->
+						project.dependencies.add("runtimeMerge", dep.dependencyProject)
+					}
+				}
+			}
+		});
+	}
+}
+
+class MergeModel {
+	Project project;
+	Project into;
+	List<Project> from = [];
+	
+	public void setInto(Project into) {
+		this.into = into;
+		into.merge.from.add(project);
+	}
+}
\ No newline at end of file
diff --git a/regression/cbmc-java/swap2/test.desc b/regression/cbmc-java/swap2/test.desc
new file mode 100644
index 00000000000..a7953d29a8b
--- /dev/null
+++ b/regression/cbmc-java/swap2/test.desc
@@ -0,0 +1,8 @@
+CORE
+org/springframework/build/gradle/MergePlugin$1$_execute_closure1$_closure2.class
+--function "org.springframework.build.gradle.MergePlugin\$1\$_execute_closure1\$_closure2.\$getCallSiteArray:()[Lorg/codehaus/groovy/runtime/callsite/CallSite;"
+^EXIT=0
+^SIGNAL=0$
+^VERIFICATION SUCCESSFUL$
+--
+^warning: ignoring
diff --git a/src/java_bytecode/java_bytecode_convert_method.cpp b/src/java_bytecode/java_bytecode_convert_method.cpp
index f658cbabc6f..82f4424db0f 100644
--- a/src/java_bytecode/java_bytecode_convert_method.cpp
+++ b/src/java_bytecode/java_bytecode_convert_method.cpp
@@ -2381,6 +2381,12 @@ codet java_bytecode_convert_methodt::convert_instructions(
       call.add_source_location()=i_it->source_location;
       c=call;
     }
+    else if(statement=="swap")
+    {
+      assert(op.size()==2 && results.size()==2);
+      results[1]=op[0];
+      results[0]=op[1];
+    }
     else
     {
       c=codet(statement);

From befb6e2614c8be3c4f922cfdd86628353fabf7bb Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Tue, 21 Mar 2017 17:03:17 +0000
Subject: [PATCH 226/699] Fix a mistake in java_identifier_start

The wrong function was previously called: part instead of start.
This is related to diffblue/test-gen#118
---
 src/java_bytecode/character_refine_preprocess.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/java_bytecode/character_refine_preprocess.cpp b/src/java_bytecode/character_refine_preprocess.cpp
index 79c134670f9..f4e896eea11 100644
--- a/src/java_bytecode/character_refine_preprocess.cpp
+++ b/src/java_bytecode/character_refine_preprocess.cpp
@@ -1059,7 +1059,7 @@ codet character_refine_preprocesst::convert_is_java_identifier_start_char(
     conversion_inputt &target)
 {
   return convert_char_function(
-    &character_refine_preprocesst::expr_of_is_unicode_identifier_part, target);
+    &character_refine_preprocesst::expr_of_is_unicode_identifier_start, target);
 }
 
 /*******************************************************************\

From eff658a978dd618155f8c3f0549d6d075fdffd4d Mon Sep 17 00:00:00 2001
From: thk123 <thomas@diffblue.com>
Date: Mon, 22 May 2017 14:40:30 +0100
Subject: [PATCH 227/699] Add hanlded for constant strings

The data that was missing from the trace was for the storing of the
class identifier. This was a constant string assignment step. At some
point the handling for filling in the value structure got lost. This
reintrodues that change.
---
 src/util/json_expr.cpp | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/util/json_expr.cpp b/src/util/json_expr.cpp
index 3b494ff9543..965dd53c94c 100644
--- a/src/util/json_expr.cpp
+++ b/src/util/json_expr.cpp
@@ -347,6 +347,11 @@ json_objectt json(
       to_integer(to_constant_expr(expr), b);
       result["data"]=json_stringt(integer2string(b));
     }
+    else if(type.id()==ID_string)
+    {
+      result["name"]=json_stringt("string");
+      result["data"]=json_stringt(expr.get_string(ID_value));
+    }
     else
     {
       result["name"]=json_stringt("unknown");

From 06837c8bf7463543ddec49ea7177413c94e578e7 Mon Sep 17 00:00:00 2001
From: thk123 <thomas@diffblue.com>
Date: Mon, 22 May 2017 14:48:17 +0100
Subject: [PATCH 228/699] Use the member functions to make code more robust

---
 src/util/json_expr.cpp | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/src/util/json_expr.cpp b/src/util/json_expr.cpp
index 965dd53c94c..e66a73ae804 100644
--- a/src/util/json_expr.cpp
+++ b/src/util/json_expr.cpp
@@ -243,6 +243,7 @@ json_objectt json(
 
   if(expr.id()==ID_constant)
   {
+    const constant_exprt &constant_expr=to_constant_expr(expr);
     if(type.id()==ID_unsignedbv ||
        type.id()==ID_signedbv ||
        type.id()==ID_c_bit_field)
@@ -250,7 +251,7 @@ json_objectt json(
       std::size_t width=to_bitvector_type(type).get_width();
 
       result["name"]=json_stringt("integer");
-      result["binary"]=json_stringt(expr.get_string(ID_value));
+      result["binary"]=json_stringt(id2string(constant_expr.get_value()));
       result["width"]=json_numbert(std::to_string(width));
 
       const typet &underlying_type=
@@ -279,7 +280,7 @@ json_objectt json(
     else if(type.id()==ID_c_enum)
     {
       result["name"]=json_stringt("integer");
-      result["binary"]=json_stringt(expr.get_string(ID_value));
+      result["binary"]=json_stringt(id2string(constant_expr.get_value()));
       result["width"]=json_numbert(type.subtype().get_string(ID_width));
       result["c_type"]=json_stringt("enum");
 
@@ -291,19 +292,19 @@ json_objectt json(
     {
       constant_exprt tmp;
       tmp.type()=ns.follow_tag(to_c_enum_tag_type(type));
-      tmp.set_value(to_constant_expr(expr).get_value());
+      tmp.set_value(constant_expr.get_value());
       return json(tmp, ns);
     }
     else if(type.id()==ID_bv)
     {
       result["name"]=json_stringt("bitvector");
-      result["binary"]=json_stringt(expr.get_string(ID_value));
+      result["binary"]=json_stringt(id2string(constant_expr.get_value()));
     }
     else if(type.id()==ID_fixedbv)
     {
       result["name"]=json_stringt("fixed");
       result["width"]=json_numbert(type.get_string(ID_width));
-      result["binary"]=json_stringt(expr.get_string(ID_value));
+      result["binary"]=json_stringt(id2string(constant_expr.get_value()));
       result["data"]=
         json_stringt(fixedbvt(to_constant_expr(expr)).to_ansi_c_string());
     }
@@ -311,7 +312,7 @@ json_objectt json(
     {
       result["name"]=json_stringt("float");
       result["width"]=json_numbert(type.get_string(ID_width));
-      result["binary"]=json_stringt(expr.get_string(ID_value));
+      result["binary"]=json_stringt(id2string(constant_expr.get_value()));
       result["data"]=
         json_stringt(ieee_floatt(to_constant_expr(expr)).to_ansi_c_string());
     }
@@ -350,7 +351,7 @@ json_objectt json(
     else if(type.id()==ID_string)
     {
       result["name"]=json_stringt("string");
-      result["data"]=json_stringt(expr.get_string(ID_value));
+      result["data"]=json_stringt(id2string(constant_expr.get_value()));
     }
     else
     {

From 8510374598519a4defebb532d02e7a262b14cb6d Mon Sep 17 00:00:00 2001
From: thk123 <thomas@diffblue.com>
Date: Tue, 23 May 2017 16:36:18 +0100
Subject: [PATCH 229/699] Revert "Remove variable that is always false"

This reverts commit 4c4ccc032919a94753e824c892155a8ca9d55f4a.

Reinistates the skip_classid parameter as it is used in test-gen to
exclude incorrect setting of the class identifier in the constructor.
---
 src/java_bytecode/java_object_factory.cpp | 12 ++++++++++++
 src/java_bytecode/java_object_factory.h   |  1 +
 2 files changed, 13 insertions(+)

diff --git a/src/java_bytecode/java_object_factory.cpp b/src/java_bytecode/java_object_factory.cpp
index ecbfb093d8b..011f2ad2be3 100644
--- a/src/java_bytecode/java_object_factory.cpp
+++ b/src/java_bytecode/java_object_factory.cpp
@@ -123,6 +123,7 @@ class java_object_factoryt
     const exprt &expr,
     bool is_sub,
     irep_idt class_identifier,
+    bool skip_classid,
     bool create_dynamic_objects,
     bool override,
     const typet &override_type,
@@ -309,6 +310,7 @@ void java_object_factoryt::gen_pointer_target_init(
       init_expr,
       false,
       "",
+      false,
       create_dynamic_objects,
       false,
       typet(),
@@ -355,6 +357,7 @@ void java_object_factoryt::gen_nondet_init(
   const exprt &expr,
   bool is_sub,
   irep_idt class_identifier,
+  bool skip_classid,
   bool create_dynamic_objects,
   bool override,
   const typet &override_type,
@@ -483,6 +486,9 @@ void java_object_factoryt::gen_nondet_init(
         if(update_in_place==MUST_UPDATE_IN_PLACE)
           continue;
 
+        if(skip_classid)
+          continue;
+
         irep_idt qualified_clsid="java::"+as_string(class_identifier);
         constant_exprt ci(qualified_clsid, string_typet());
         code_assignt code(me, ci);
@@ -519,6 +525,7 @@ void java_object_factoryt::gen_nondet_init(
           me,
           _is_sub,
           class_identifier,
+          false,
           create_dynamic_objects,
           false,
           typet(),
@@ -578,6 +585,7 @@ void java_object_factoryt::allocate_nondet_length_array(
     irep_idt(),
     false,
     false,
+    false,
     typet(),
     NO_UPDATE_IN_PLACE);
 
@@ -718,6 +726,7 @@ void java_object_factoryt::gen_nondet_array_init(
     arraycellref,
     false,
     irep_idt(),
+    false,
     true,
     true,
     element_type,
@@ -799,6 +808,7 @@ exprt object_factory(
     "",
     false,
     false,
+    false,
     typet(),
     NO_UPDATE_IN_PLACE);
 
@@ -853,6 +863,7 @@ void gen_nondet_init(
   code_blockt &init_code,
   symbol_tablet &symbol_table,
   const source_locationt &loc,
+  bool skip_classid,
   bool create_dyn_objs,
   bool assume_non_null,
   size_t max_nondet_array_length,
@@ -872,6 +883,7 @@ void gen_nondet_init(
     expr,
     false,
     "",
+    skip_classid,
     create_dyn_objs,
     false,
     typet(),
diff --git a/src/java_bytecode/java_object_factory.h b/src/java_bytecode/java_object_factory.h
index ca96a95e7d3..d2d2d0d937f 100644
--- a/src/java_bytecode/java_object_factory.h
+++ b/src/java_bytecode/java_object_factory.h
@@ -34,6 +34,7 @@ void gen_nondet_init(
   code_blockt &init_code,
   symbol_tablet &symbol_table,
   const source_locationt &loc,
+  bool skip_classid,
   bool create_dyn_objs,
   bool assume_non_null,
   size_t max_nondet_array_length,

From 575b34331665599b4acc1f4f634afd35e6a4ab0e Mon Sep 17 00:00:00 2001
From: thk123 <thomas@diffblue.com>
Date: Tue, 23 May 2017 13:57:26 +0100
Subject: [PATCH 230/699] Adding simple test for trace correctness

Checks that the trace now includes the class as part of the trace. Note
this check doesn't precisly validate the trace - but would have caught
the original bug.
---
 .../cbmc/trace_class_identifier/TestGenTest.class | Bin 0 -> 245 bytes
 .../cbmc/trace_class_identifier/TestGenTest.java  |   7 +++++++
 regression/cbmc/trace_class_identifier/test.desc  |   8 ++++++++
 3 files changed, 15 insertions(+)
 create mode 100644 regression/cbmc/trace_class_identifier/TestGenTest.class
 create mode 100644 regression/cbmc/trace_class_identifier/TestGenTest.java
 create mode 100644 regression/cbmc/trace_class_identifier/test.desc

diff --git a/regression/cbmc/trace_class_identifier/TestGenTest.class b/regression/cbmc/trace_class_identifier/TestGenTest.class
new file mode 100644
index 0000000000000000000000000000000000000000..4238fc097d67b30d995df670ca8fa4d5af465a15
GIT binary patch
literal 245
zcmYj~y$*sv5QJxe0|oqf0b}gcLK;hAW1@}GLShei8VEvy;Coq_Soi=wlyT2Oy<+C}
zo7wF1b$<YuqHRNmW5Ko1BA9-XC)JFg4@WzKF)#L#&{-w9T-T>amO&V0Oz1$cw?$pX
za*-&|4dl66%3Rqb4KJY!1A^fEac-%^%fkHVZK71h6$a4wzIqz?9t5k&Q;(h4#rOug
g@`qrtnjfg5#<$w%N#jhn{9n=jAi=6unjCAe-&fTplmGw#

literal 0
HcmV?d00001

diff --git a/regression/cbmc/trace_class_identifier/TestGenTest.java b/regression/cbmc/trace_class_identifier/TestGenTest.java
new file mode 100644
index 00000000000..bfb5cdfeccc
--- /dev/null
+++ b/regression/cbmc/trace_class_identifier/TestGenTest.java
@@ -0,0 +1,7 @@
+public class TestGenTest
+{
+  public void f()
+  {
+    int a = 4;
+  }
+}
diff --git a/regression/cbmc/trace_class_identifier/test.desc b/regression/cbmc/trace_class_identifier/test.desc
new file mode 100644
index 00000000000..5514cd02ba0
--- /dev/null
+++ b/regression/cbmc/trace_class_identifier/test.desc
@@ -0,0 +1,8 @@
+CORE
+TestGenTest.class
+--function TestGenTest.f --trace --cover location --json-ui
+"data": "java::TestGenTest",$
+^EXIT=0$
+^SIGNAL=0$
+--
+^warning: ignoring

From d4378331ef051c99df42afc7622e36ab659f97d7 Mon Sep 17 00:00:00 2001
From: Cristina <cristina.david@gmail.com>
Date: Tue, 14 Mar 2017 11:07:07 +0000
Subject: [PATCH 231/699] Added an uncaught exceptions analysis

This analysis computes an overapproximation of the set of exceptions thrown by each method and it is used to prune some of the exception handling instrumentation introduced by remove_exceptions.cpp
---
 src/analyses/uncaught_exceptions_analysis.cpp | 352 ++++++++++++++++++
 src/analyses/uncaught_exceptions_analysis.h   |  89 +++++
 src/goto-programs/remove_exceptions.cpp       |  34 +-
 3 files changed, 470 insertions(+), 5 deletions(-)
 create mode 100644 src/analyses/uncaught_exceptions_analysis.cpp
 create mode 100644 src/analyses/uncaught_exceptions_analysis.h

diff --git a/src/analyses/uncaught_exceptions_analysis.cpp b/src/analyses/uncaught_exceptions_analysis.cpp
new file mode 100644
index 00000000000..75b18923c6a
--- /dev/null
+++ b/src/analyses/uncaught_exceptions_analysis.cpp
@@ -0,0 +1,352 @@
+/*******************************************************************\
+
+Module: Over-approximating uncaught exceptions analysis
+
+Author: Cristina David
+
+\*******************************************************************/
+
+#ifdef DEBUG
+#include <iostream>
+#endif
+#include "uncaught_exceptions_analysis.h"
+
+/*******************************************************************\
+
+Function: get_subtypes
+
+  Inputs:
+
+ Outputs:
+
+ Purpose: computes the set of subtypes of "type" by iterating over
+          the symbol table
+\*******************************************************************/
+
+static void get_subtypes(
+  const irep_idt &type,
+  std::set<irep_idt> &subtypes,
+  const namespacet &ns)
+{
+  irep_idt candidate;
+  bool new_subtype=true;
+  const symbol_tablet &symbol_table=ns.get_symbol_table();
+
+  // as we don't know the order types have been recorded,
+  // we need to iterate over the symbol table until there are no more
+  // new subtypes found
+  while(new_subtype)
+  {
+    new_subtype=false;
+    // iterate over the symbol_table in order to find subtypes of type
+    forall_symbols(it, symbol_table.symbols)
+    {
+      // we only look at type entries
+      if(it->second.is_type)
+      {
+        // every type is a potential candidate
+        candidate=it->second.name;
+        // current candidate is already in subtypes
+        if(find(subtypes.begin(),
+                subtypes.end(),
+                candidate)!=subtypes.end())
+          continue;
+        // get its base class
+        const irept::subt &bases=to_class_type((it->second).type).bases();
+        if(bases.size()>0)
+        {
+          const irept &base = bases[0];
+          const irept &base_type=base.find(ID_type);
+          assert(base_type.id()==ID_symbol);
+
+          // is it derived from type?
+          // i.e. does it have type or one of its subtypes as a base?
+          if(base_type.get(ID_identifier)==type ||
+             find(subtypes.begin(), subtypes.end(),
+                  base_type.get(ID_identifier))!=subtypes.end())
+          {
+            subtypes.insert(candidate);
+            new_subtype=true;
+          }
+        }
+      }
+    }
+  }
+}
+
+/*******************************************************************\
+
+Function: get_static_type
+
+  Inputs:
+
+ Outputs:
+
+ Purpose: 
+
+\*******************************************************************/
+
+static irep_idt get_static_type(const typet &type)
+{
+  if(type.id()==ID_pointer)
+  {
+    return get_static_type(type.subtype());
+  }
+  else if(type.id()==ID_symbol)
+  {
+     return to_symbol_type(type).get_identifier();
+  }
+  return ID_empty;
+}
+
+/*******************************************************************\
+
+Function: uncaught_exceptions_domaint::join
+
+  Inputs:
+
+ Outputs:
+
+ Purpose: 
+
+\*******************************************************************/
+
+void uncaught_exceptions_domaint::join(
+  const irep_idt &element)
+{
+  thrown.insert(element);
+}
+
+void uncaught_exceptions_domaint::join(
+  const std::set<irep_idt> &elements)
+{
+  thrown.insert(elements.begin(), elements.end());
+}
+
+
+/*******************************************************************\
+
+Function: uncaught_exceptions_domaint::transform
+
+  Inputs:
+
+ Outputs:
+
+ Purpose: 
+
+\*******************************************************************/
+
+void uncaught_exceptions_domaint::transform(
+  const goto_programt::const_targett from,
+  uncaught_exceptions_analysist &uea,
+  const namespacet &ns)
+{
+  const goto_programt::instructiont &instruction=*from;
+
+  switch(instruction.type)
+  {
+  case THROW:
+  {
+    const exprt &exc_symbol=instruction.code;
+
+    // retrieve the static type of the thrown exception
+    const irep_idt &type_id=get_static_type(exc_symbol.type());
+    join(type_id);
+    // we must consider all the subtypes given that
+    // the runtime type is a subtype of the static type
+    std::set<irep_idt> subtypes;
+    get_subtypes(type_id, subtypes, ns);
+    join(subtypes);
+    break;
+  }
+  case CATCH:
+  {
+    if(!instruction.code.has_operands())
+    {
+      if(!instruction.targets.empty()) // push
+      {
+        std::set<irep_idt> caught;
+        stack_caught.push_back(caught);
+        std::set<irep_idt> &last_caught=stack_caught.back();
+        const irept::subt &exception_list=
+          instruction.code.find(ID_exception_list).get_sub();
+
+        for(const auto &exc : exception_list)
+        {
+          last_caught.insert(exc.id());
+          std::set<irep_idt> subtypes;
+          get_subtypes(exc.id(), subtypes, ns);
+          last_caught.insert(subtypes.begin(), subtypes.end());
+        }
+      }
+      else // pop
+      {
+        if(!stack_caught.empty())
+        {
+          const std::set<irep_idt> &caught=stack_caught.back();
+          join(caught);
+          // remove the caught exceptions
+          for(const auto &exc_id : caught)
+          {
+            const std::set<irep_idt>::iterator it=
+              std::find(thrown.begin(), thrown.end(), exc_id);
+            if(it!=thrown.end())
+              thrown.erase(it);
+          }
+          stack_caught.pop_back();
+        }
+      }
+    }
+    break;
+  }
+  case FUNCTION_CALL:
+  {
+    const exprt &function_expr=
+      to_code_function_call(instruction.code).function();
+    assert(function_expr.id()==ID_symbol);
+    const irep_idt &function_name=
+      to_symbol_expr(function_expr).get_identifier();
+    // use the current information about the callee
+    join(uea.exceptions_map[function_name]);
+    break;
+  }
+  default:
+  {}
+  }
+}
+
+/*******************************************************************\
+
+Function: uncaught_exceptions_domaint::get_elements
+
+  Inputs:
+
+ Outputs:
+
+ Purpose: 
+
+\*******************************************************************/
+
+void uncaught_exceptions_domaint::get_elements(
+  std::set<irep_idt> &elements)
+{
+  elements=thrown;
+}
+
+/*******************************************************************\
+
+Function: uncaught_exceptions_analysist::collect_uncaught_exceptions
+
+  Inputs:
+
+ Outputs:
+
+ Purpose: 
+
+\*******************************************************************/
+
+void uncaught_exceptions_analysist::collect_uncaught_exceptions(
+  const goto_functionst &goto_functions,
+  const namespacet &ns)
+{
+  bool change=true;
+
+  while(change)
+  {
+    change=false;
+    // add all the functions to the worklist
+    forall_goto_functions(current_function, goto_functions)
+    {
+      domain.make_top();
+      const goto_programt &goto_program=current_function->second.body;
+
+      if(goto_program.empty())
+        continue;
+
+      forall_goto_program_instructions(instr_it, goto_program)
+      {
+        domain.transform(instr_it, *this, ns);
+      }
+      // did our estimation for the current function improve?
+      std::set<irep_idt> elements;
+      domain.get_elements(elements);
+      change=change||
+        exceptions_map[current_function->first].size()!=elements.size();
+      exceptions_map[current_function->first]=elements;
+    }
+  }
+}
+
+/*******************************************************************\
+
+Function: uncaught_exceptions_analysist::output
+
+  Inputs:
+
+ Outputs:
+
+ Purpose: 
+
+\*******************************************************************/
+
+void uncaught_exceptions_analysist::output(
+  const goto_functionst &goto_functions)
+{
+#ifdef DEBUG
+  forall_goto_functions(it, goto_functions)
+  {
+    if(exceptions_map[it->first].size()>0)
+    {
+      std::cout << "Uncaught exceptions in function " <<
+        it->first << ": " << std::endl;
+      assert(exceptions_map.find(it->first)!=exceptions_map.end());
+      for(auto exc_id : exceptions_map[it->first])
+        std::cout << id2string(exc_id) << " ";
+      std::cout << std::endl;
+    }
+  }
+#endif
+}
+
+/*******************************************************************\
+
+Function: uncaught_exceptions_analysist::operator()
+
+  Inputs:
+
+ Outputs:
+
+ Purpose: 
+
+\*******************************************************************/
+
+void uncaught_exceptions_analysist::operator()(
+  const goto_functionst &goto_functions,
+  const namespacet &ns,
+  exceptions_mapt &exceptions)
+{
+  collect_uncaught_exceptions(goto_functions, ns);
+  exceptions=exceptions_map;
+  output(goto_functions);
+}
+
+/*******************************************************************\
+
+Function: uncaught_exceptions
+
+  Inputs:
+
+ Outputs:
+
+ Purpose: 
+
+\*******************************************************************/
+
+void uncaught_exceptions(
+  const goto_functionst &goto_functions,
+  const namespacet &ns,
+  std::map<irep_idt, std::set<irep_idt>> &exceptions_map)
+{
+  uncaught_exceptions_analysist exceptions;
+  exceptions(goto_functions, ns, exceptions_map);
+}
diff --git a/src/analyses/uncaught_exceptions_analysis.h b/src/analyses/uncaught_exceptions_analysis.h
new file mode 100644
index 00000000000..ff9df50fdaf
--- /dev/null
+++ b/src/analyses/uncaught_exceptions_analysis.h
@@ -0,0 +1,89 @@
+/*******************************************************************\
+
+Module: Over-approximative uncaught exceptions analysis
+
+Author: Cristina David
+
+\*******************************************************************/
+
+#ifndef CPROVER_ANALYSES_UNCAUGHT_EXCEPTIONS_ANALYSIS_H
+#define CPROVER_ANALYSES_UNCAUGHT_EXCEPTIONS_ANALYSIS_H
+
+#include <algorithm>
+#include <map>
+#include <set>
+#include <goto-programs/goto_functions.h>
+
+/*******************************************************************\
+
+ Class: uncaught_exceptions_domaint
+
+ Purpose: defines the domain used by the uncaught 
+          exceptions analysis
+
+\*******************************************************************/
+
+class uncaught_exceptions_analysist;
+
+class uncaught_exceptions_domaint
+{
+ public:
+  void transform(const goto_programt::const_targett,
+                 uncaught_exceptions_analysist &,
+                 const namespacet &);
+
+  void join(const irep_idt &);
+  void join(const std::set<irep_idt> &);
+
+  void make_top()
+  {
+    thrown.clear();
+    stack_caught.clear();
+  }
+
+  void get_elements(std::set<irep_idt> &elements);
+
+ private:
+  typedef std::vector<std::set<irep_idt>> stack_caughtt;
+  stack_caughtt stack_caught;
+  std::set<irep_idt> thrown;
+};
+
+/*******************************************************************\
+
+ Class: uncaught_exceptions_analysist
+
+ Purpose: computes in exceptions_map an overapproximation of the 
+          exceptions thrown by each method
+
+\*******************************************************************/
+
+class uncaught_exceptions_analysist
+{
+public:
+  typedef std::map<irep_idt, std::set<irep_idt>> exceptions_mapt;
+
+  void collect_uncaught_exceptions(
+    const goto_functionst &,
+    const namespacet &);
+
+  void output(const goto_functionst &);
+
+  void operator()(
+    const goto_functionst &,
+    const namespacet &,
+    exceptions_mapt &);
+
+  friend class uncaught_exceptions_domaint;
+
+ private:
+  uncaught_exceptions_domaint domain;
+  exceptions_mapt exceptions_map;
+};
+
+void uncaught_exceptions(
+  const goto_functionst &,
+  const namespacet &,
+  std::map<irep_idt, std::set<irep_idt>> &);
+
+#endif
diff --git a/src/goto-programs/remove_exceptions.cpp b/src/goto-programs/remove_exceptions.cpp
index 5726831804f..9ed00e661c1 100644
--- a/src/goto-programs/remove_exceptions.cpp
+++ b/src/goto-programs/remove_exceptions.cpp
@@ -19,6 +19,7 @@ Date:   December 2016
 #include <util/symbol_table.h>
 
 #include "remove_exceptions.h"
+#include <analyses/uncaught_exceptions_analysis.h>
 
 class remove_exceptionst
 {
@@ -27,8 +28,11 @@ class remove_exceptionst
   typedef std::vector<catch_handlerst> stack_catcht;
 
 public:
-  explicit remove_exceptionst(symbol_tablet &_symbol_table):
-    symbol_table(_symbol_table)
+  explicit remove_exceptionst(
+    symbol_tablet &_symbol_table,
+    std::map<irep_idt, std::set<irep_idt>> &_exceptions_map):
+    symbol_table(_symbol_table),
+    exceptions_map(_exceptions_map)
   {
   }
 
@@ -37,6 +41,7 @@ class remove_exceptionst
 
 protected:
   symbol_tablet &symbol_table;
+  std::map<irep_idt, std::set<irep_idt>> &exceptions_map;
 
   void add_exceptional_returns(
     const goto_functionst::function_mapt::iterator &);
@@ -115,12 +120,25 @@ void remove_exceptionst::add_exceptional_returns(
   // function calls that may escape exceptions. However, this will
   // require multiple passes.
   bool add_exceptional_var=false;
+  bool has_uncaught_exceptions=false;
   forall_goto_program_instructions(instr_it, goto_program)
-    if(instr_it->is_throw() || instr_it->is_function_call())
+  {
+    if(instr_it->is_function_call())
+    {
+      const exprt &function_expr=
+        to_code_function_call(instr_it->code).function();
+      assert(function_expr.id()==ID_symbol);
+      const irep_idt &function_name=
+        to_symbol_expr(function_expr).get_identifier();
+      has_uncaught_exceptions=!exceptions_map[function_name].empty();
+    }
+
+    if(instr_it->is_throw() || has_uncaught_exceptions)
     {
       add_exceptional_var=true;
       break;
     }
+  }
 
   if(add_exceptional_var)
   {
@@ -575,7 +593,10 @@ void remove_exceptions(
   symbol_tablet &symbol_table,
   goto_functionst &goto_functions)
 {
-  remove_exceptionst remove_exceptions(symbol_table);
+  const namespacet ns(symbol_table);
+  std::map<irep_idt, std::set<irep_idt>> exceptions_map;
+  uncaught_exceptions(goto_functions, ns, exceptions_map);
+  remove_exceptionst remove_exceptions(symbol_table, exceptions_map);
   remove_exceptions(goto_functions);
 }
 
@@ -593,6 +614,9 @@ Purpose: removes throws/CATCH-POP/CATCH-PUSH
 
 void remove_exceptions(goto_modelt &goto_model)
 {
-  remove_exceptionst remove_exceptions(goto_model.symbol_table);
+  std::map<irep_idt, std::set<irep_idt>> exceptions_map;
+  remove_exceptionst remove_exceptions(
+    goto_model.symbol_table,
+    exceptions_map);
   remove_exceptions(goto_model.goto_functions);
 }

From 047671b09dce9079fc73af1930772587a57a0bbe Mon Sep 17 00:00:00 2001
From: Cristina <cristina.david@gmail.com>
Date: Fri, 19 May 2017 09:57:54 +0100
Subject: [PATCH 232/699] add the uncaught exceptions analysis to the Makefile

---
 src/analyses/Makefile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/analyses/Makefile b/src/analyses/Makefile
index 690b119e83c..77c7d7f92d0 100644
--- a/src/analyses/Makefile
+++ b/src/analyses/Makefile
@@ -24,6 +24,7 @@ SRC = ai.cpp \
       reaching_definitions.cpp \
       replace_symbol_ext.cpp \
       static_analysis.cpp \
+      uncaught_exceptions_analysis.cpp \
       uninitialized_domain.cpp \
       # Empty last line
 

From ca693b4de41ede4cf6019431cf3dcfd38fb71996 Mon Sep 17 00:00:00 2001
From: Cristina <cristina.david@gmail.com>
Date: Thu, 16 Mar 2017 14:17:08 +0000
Subject: [PATCH 233/699] Make sure that both the caller and callee have
 exceptional return vars before instrumenting function calls

---
 src/analyses/uncaught_exceptions_analysis.cpp | 5 +++--
 src/goto-programs/remove_exceptions.cpp       | 3 ++-
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/analyses/uncaught_exceptions_analysis.cpp b/src/analyses/uncaught_exceptions_analysis.cpp
index 75b18923c6a..6b89cfa3499 100644
--- a/src/analyses/uncaught_exceptions_analysis.cpp
+++ b/src/analyses/uncaught_exceptions_analysis.cpp
@@ -52,10 +52,11 @@ static void get_subtypes(
                 candidate)!=subtypes.end())
           continue;
         // get its base class
-        const irept::subt &bases=to_class_type((it->second).type).bases();
+        const class_typet::basest &bases=
+          to_class_type((it->second).type).bases();
         if(bases.size()>0)
         {
-          const irept &base = bases[0];
+          const class_typet::baset &base = bases[0];
           const irept &base_type=base.find(ID_type);
           assert(base_type.id()==ID_symbol);
 
diff --git a/src/goto-programs/remove_exceptions.cpp b/src/goto-programs/remove_exceptions.cpp
index 9ed00e661c1..22ace26d82d 100644
--- a/src/goto-programs/remove_exceptions.cpp
+++ b/src/goto-programs/remove_exceptions.cpp
@@ -386,7 +386,8 @@ void remove_exceptionst::instrument_function_call(
   const irep_idt &callee_id=
     to_symbol_expr(function_call.function()).get_identifier();
 
-  if(symbol_table.has_symbol(id2string(callee_id)+EXC_SUFFIX))
+  if(symbol_table.has_symbol(id2string(callee_id)+EXC_SUFFIX) &&
+     symbol_table.has_symbol(id2string(function_id)+EXC_SUFFIX))
   {
     // we may have an escaping exception
     const symbolt &callee_exc_symbol=

From f59ec9a7414969ae969ac4eb55c9290fb30f7f62 Mon Sep 17 00:00:00 2001
From: Cristina <cristina.david@gmail.com>
Date: Tue, 14 Mar 2017 10:54:08 +0000
Subject: [PATCH 234/699] Modified the expected goto-program for
 cbmc-java/virtual7

The uncaught exceptions analysis is used to reduce the exception handling instrumentation and consequently the number of new labels and GOTOs
---
 regression/cbmc-java/virtual7/test.desc | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/regression/cbmc-java/virtual7/test.desc b/regression/cbmc-java/virtual7/test.desc
index 2e196d82e8c..b35404ac657 100644
--- a/regression/cbmc-java/virtual7/test.desc
+++ b/regression/cbmc-java/virtual7/test.desc
@@ -3,9 +3,9 @@ test.class
 --show-goto-functions
 ^EXIT=0$
 ^SIGNAL=0$
-IF "java::E".*THEN GOTO [67]
-IF "java::B".*THEN GOTO [67]
-IF "java::D".*THEN GOTO [67]
-IF "java::C".*THEN GOTO [67]
+IF "java::E".*THEN GOTO [12]
+IF "java::B".*THEN GOTO [12]
+IF "java::D".*THEN GOTO [12]
+IF "java::C".*THEN GOTO [12]
 --
 IF "java::A".*THEN GOTO

From 47cd9273e799563cbf66a7ede15a7ae2c71adfca Mon Sep 17 00:00:00 2001
From: Cristina <cristina.david@gmail.com>
Date: Wed, 24 May 2017 14:32:04 +0100
Subject: [PATCH 235/699] Ignore AssertionError This is ignored when we comoute
 the set of escaped exceptions as well as when replacing throws.

---
 src/analyses/uncaught_exceptions_analysis.cpp | 44 ++++++++++++++-----
 src/analyses/uncaught_exceptions_analysis.h   |  4 ++
 src/goto-programs/remove_exceptions.cpp       | 36 +++++++++++----
 3 files changed, 66 insertions(+), 18 deletions(-)

diff --git a/src/analyses/uncaught_exceptions_analysis.cpp b/src/analyses/uncaught_exceptions_analysis.cpp
index 6b89cfa3499..01824f10d27 100644
--- a/src/analyses/uncaught_exceptions_analysis.cpp
+++ b/src/analyses/uncaught_exceptions_analysis.cpp
@@ -83,11 +83,11 @@ Function: get_static_type
 
  Outputs:
 
- Purpose: 
+ Purpose: Returns the compile type of an exception
 
 \*******************************************************************/
 
-static irep_idt get_static_type(const typet &type)
+irep_idt uncaught_exceptions_domaint::get_static_type(const typet &type)
 {
   if(type.id()==ID_pointer)
   {
@@ -102,6 +102,26 @@ static irep_idt get_static_type(const typet &type)
 
 /*******************************************************************\
 
+Function: get_exception_symbol
+
+  Inputs:
+
+ Outputs:
+
+ Purpose: Returns the symbol corresponding to an exception
+
+\*******************************************************************/
+
+exprt uncaught_exceptions_domaint::get_exception_symbol(const exprt &expr)
+{
+  if(expr.id()!=ID_symbol && expr.has_operands())
+    return get_exception_symbol(expr.op0());
+
+  return expr;
+}
+
+/*******************************************************************\
+
 Function: uncaught_exceptions_domaint::join
 
   Inputs:
@@ -148,16 +168,20 @@ void uncaught_exceptions_domaint::transform(
   {
   case THROW:
   {
-    const exprt &exc_symbol=instruction.code;
-
+    const exprt &exc_symbol=get_exception_symbol(instruction.code);
     // retrieve the static type of the thrown exception
     const irep_idt &type_id=get_static_type(exc_symbol.type());
-    join(type_id);
-    // we must consider all the subtypes given that
-    // the runtime type is a subtype of the static type
-    std::set<irep_idt> subtypes;
-    get_subtypes(type_id, subtypes, ns);
-    join(subtypes);
+    bool assertion_error=
+      id2string(type_id).find("java.lang.AssertionError")!=std::string::npos;
+    if(!assertion_error)
+    {
+      join(type_id);
+      // we must consider all the subtypes given that
+      // the runtime type is a subtype of the static type
+      std::set<irep_idt> subtypes;
+      get_subtypes(type_id, subtypes, ns);
+      join(subtypes);
+    }
     break;
   }
   case CATCH:
diff --git a/src/analyses/uncaught_exceptions_analysis.h b/src/analyses/uncaught_exceptions_analysis.h
index ff9df50fdaf..78deaaa8f3f 100644
--- a/src/analyses/uncaught_exceptions_analysis.h
+++ b/src/analyses/uncaught_exceptions_analysis.h
@@ -41,6 +41,10 @@ class uncaught_exceptions_domaint
     stack_caught.clear();
   }
 
+  static irep_idt get_static_type(const typet &type);
+
+  static exprt get_exception_symbol(const exprt &exor);
+
   void get_elements(std::set<irep_idt> &elements);
 
  private:
diff --git a/src/goto-programs/remove_exceptions.cpp b/src/goto-programs/remove_exceptions.cpp
index 22ace26d82d..14fae24a906 100644
--- a/src/goto-programs/remove_exceptions.cpp
+++ b/src/goto-programs/remove_exceptions.cpp
@@ -115,10 +115,8 @@ void remove_exceptionst::add_exceptional_returns(
     return;
   }
 
-  // We generate an exceptional return value for any function that has
-  // a throw or a function call. This can be improved by only considering
-  // function calls that may escape exceptions. However, this will
-  // require multiple passes.
+  // We generate an exceptional return value for any function that
+  // contains a throw or a function call that may escape exceptions.
   bool add_exceptional_var=false;
   bool has_uncaught_exceptions=false;
   forall_goto_program_instructions(instr_it, goto_program)
@@ -133,7 +131,17 @@ void remove_exceptionst::add_exceptional_returns(
       has_uncaught_exceptions=!exceptions_map[function_name].empty();
     }
 
-    if(instr_it->is_throw() || has_uncaught_exceptions)
+    const exprt &exc =
+      uncaught_exceptions_domaint::get_exception_symbol(instr_it->code);
+    bool assertion_error =
+      id2string(uncaught_exceptions_domaint::get_static_type(exc.type())).
+      find("java.lang.AssertionError")!=std::string::npos;
+
+    // if we find a throw that is not AssertionError of a function call
+    // that may escape exceptions, then we add an exceptional return
+    // variable
+    if((instr_it->is_throw() && !assertion_error)
+       || has_uncaught_exceptions)
     {
       add_exceptional_var=true;
       break;
@@ -282,6 +290,18 @@ void remove_exceptionst::instrument_throw(
 {
   assert(instr_it->type==THROW);
 
+  const exprt &exc_expr=
+    uncaught_exceptions_domaint::get_exception_symbol(instr_it->code);
+  bool assertion_error=id2string(
+    uncaught_exceptions_domaint::get_static_type(exc_expr.type())).
+    find("java.lang.AssertionError")!=std::string::npos;
+
+  // we don't count AssertionError (we couldn't catch it anyway
+  // and this may reduce the instrumentation considerably if the programmer
+  // used assertions)
+  if(assertion_error)
+    return;
+
   goto_programt &goto_program=func_it->second.body;
   const irep_idt &function_id=func_it->first;
 
@@ -341,9 +361,9 @@ void remove_exceptionst::instrument_throw(
   }
 
   // replace "throw x;" by "f#exception_value=x;"
-  exprt exc_expr=instr_it->code;
-  while(exc_expr.id()!=ID_symbol && exc_expr.has_operands())
-    exc_expr=exc_expr.op0();
+  // exprt exc_expr=instr_it->code;
+  // while(exc_expr.id()!=ID_symbol && exc_expr.has_operands())
+  //   exc_expr=exc_expr.op0();
 
   // add the assignment with the appropriate cast
   code_assignt assignment(typecast_exprt(exc_thrown, exc_expr.type()),

From 37c0a366a7d7123015c0235d924fa249cf58477f Mon Sep 17 00:00:00 2001
From: Pascal Kesseli <pascal_kesseli@hotmail.com>
Date: Thu, 25 May 2017 11:56:47 +0100
Subject: [PATCH 236/699] Avoid marking main function call / arguments as
 internal

Fixes issue https://github.com/diffblue/test-gen/issues/334. The patch
avoids marking any steps in _start whose source is a
code_function_callt, which includes the main function call and its
argument assignments. Internal function calls in _start (e.g.
__CPROVER_initialize) are marked by previous checks. Includes a minimal
test case from https://github.com/DiffBlue-benchmarks/java-test which
sparked the issue.
---
 .../nestedobjects/subpackage/Item.class       | Bin 0 -> 350 bytes
 .../nestedobjects/subpackage/Item.java        |   5 ++++
 .../nestedobjects/subpackage/Order.class      | Bin 0 -> 719 bytes
 .../nestedobjects/subpackage/Order.java       |  25 ++++++++++++++++++
 .../nestedobjects/subpackage/readme.txt       |   2 ++
 regression/cbmc-java/internal1/test.desc      |  13 +++++++++
 src/goto-symex/build_goto_trace.cpp           |   6 ++++-
 7 files changed, 50 insertions(+), 1 deletion(-)
 create mode 100644 regression/cbmc-java/internal1/com/diffblue/javatest/nestedobjects/subpackage/Item.class
 create mode 100644 regression/cbmc-java/internal1/com/diffblue/javatest/nestedobjects/subpackage/Item.java
 create mode 100644 regression/cbmc-java/internal1/com/diffblue/javatest/nestedobjects/subpackage/Order.class
 create mode 100644 regression/cbmc-java/internal1/com/diffblue/javatest/nestedobjects/subpackage/Order.java
 create mode 100644 regression/cbmc-java/internal1/com/diffblue/javatest/nestedobjects/subpackage/readme.txt
 create mode 100644 regression/cbmc-java/internal1/test.desc

diff --git a/regression/cbmc-java/internal1/com/diffblue/javatest/nestedobjects/subpackage/Item.class b/regression/cbmc-java/internal1/com/diffblue/javatest/nestedobjects/subpackage/Item.class
new file mode 100644
index 0000000000000000000000000000000000000000..bf9694b3f360ac53622c0a0dea19714768811eb8
GIT binary patch
literal 350
zcmbVHJ5Iwu6rAVyLrfr_8_)p-TL2Y^1_>#W1w~N$-SsAHu)WA$b1y0+3J$=b5O1xV
zfMzr^Pj5!^^ZWG;;0lWzBTO^QGRz6FcAY2Cl91lo#`-(L==5yOmwQ(l!nClBdF*Rt
z+GnXMb{2)xvRcd52E8|9|6)7Bb)j7?O1s&psyAXM-=#O57Y&0co!S}gJJI#(P3l*<
zHDc*aeM87su5Yz@u%Tca%!}|lL5hrU`HxV-EF_3ZHe2yD6ypRDZwGiUVkCRU6|4_f
hiQxhy=bxYtHX@7}Q?|j6IpbvD2@aWspd-cz$A3YDQJeq(

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/internal1/com/diffblue/javatest/nestedobjects/subpackage/Item.java b/regression/cbmc-java/internal1/com/diffblue/javatest/nestedobjects/subpackage/Item.java
new file mode 100644
index 00000000000..6e04c6f345a
--- /dev/null
+++ b/regression/cbmc-java/internal1/com/diffblue/javatest/nestedobjects/subpackage/Item.java
@@ -0,0 +1,5 @@
+package com.diffblue.javatest.nestedobjects.subpackage;
+
+public class Item {
+  public int cost;
+}
diff --git a/regression/cbmc-java/internal1/com/diffblue/javatest/nestedobjects/subpackage/Order.class b/regression/cbmc-java/internal1/com/diffblue/javatest/nestedobjects/subpackage/Order.class
new file mode 100644
index 0000000000000000000000000000000000000000..9c810453dec2363c6c121eec0729834933080b60
GIT binary patch
literal 719
zcmb7>!Al!K6vn^FX0y#^HK}cCwGs5D5xSSO6x3b{fkIkAC5PT-H)9-4vSD{p`bT*Y
zYzrQG75YaNznLuboXeYeZ{GX8@4fl^@8J)C9(F?bcwI*oTOrMMfHwg;0#$9)RN&np
z&8G24UtT7Yg^I7`cWG2%;u(z^Wy!TlO%WH1WG>SiIacv!mK_Pyj`d8Nj{@HQ!H~31
z*+>aA2YRNyE~bgfFJv-dWMhz}ax#>;wtg9`nk!uhykE8VX+Bapn+I32usU4#Zvt!Q
zhU&h^dC3n7WtQ(B_E+uU<~ty?rhe$cP^O?0o@a|ZRefz|3Z0I(c2^Oep&p@zAVL!@
zf!>PibSQzAg~by&8^@<^=h)+C`TRllw|L$>-q?*cq!+sv!0-NsxMQG#25pUDn;OwZ
z?(Sm^>-6|LXwll@K2Mw1=-#992;aM{-qQ6PVx1?L7SOA+_&=&qqMo~4VWn)~Maev)
x0$Uh$f5AKH9{xn7W1&l3OK6)Ty&`(kL3fw=CDiJ*g9_#Zc!@SE1+y(-^9j2;l&Sy#

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/internal1/com/diffblue/javatest/nestedobjects/subpackage/Order.java b/regression/cbmc-java/internal1/com/diffblue/javatest/nestedobjects/subpackage/Order.java
new file mode 100644
index 00000000000..012c3c7a355
--- /dev/null
+++ b/regression/cbmc-java/internal1/com/diffblue/javatest/nestedobjects/subpackage/Order.java
@@ -0,0 +1,25 @@
+package com.diffblue.javatest.nestedobjects.subpackage;
+
+public class Order {
+  public Item item;
+
+  /**
+   * Checks if this order has an item.
+   */
+  public boolean hasItem() {
+    if (item == null) {
+      return false;
+    } else {
+      return true;
+    }
+  }
+
+  /**
+   * Sets the item for this order.
+   */
+  public boolean setItem(Item item) {
+    boolean exists = hasItem();
+    this.item = item;
+    return exists;
+  }
+}
diff --git a/regression/cbmc-java/internal1/com/diffblue/javatest/nestedobjects/subpackage/readme.txt b/regression/cbmc-java/internal1/com/diffblue/javatest/nestedobjects/subpackage/readme.txt
new file mode 100644
index 00000000000..2a237709812
--- /dev/null
+++ b/regression/cbmc-java/internal1/com/diffblue/javatest/nestedobjects/subpackage/readme.txt
@@ -0,0 +1,2 @@
+Source of benchmark:
+https://github.com/DiffBlue-benchmarks/java-test
\ No newline at end of file
diff --git a/regression/cbmc-java/internal1/test.desc b/regression/cbmc-java/internal1/test.desc
new file mode 100644
index 00000000000..09047367ca9
--- /dev/null
+++ b/regression/cbmc-java/internal1/test.desc
@@ -0,0 +1,13 @@
+CORE
+com/diffblue/javatest/nestedobjects/subpackage/Order.class
+--json-ui --function 'com.diffblue.javatest.nestedobjects.subpackage.Order.setItem:(Lcom/diffblue/javatest/nestedobjects/subpackage/Item;)Z' --cover location --trace
+activate-multi-line-match
+EXIT=0
+SIGNAL=0
+"identifier": "__CPROVER_initialize",\n *"sourceLocation": [{][}]\n *[}],\n *"hidden": false,\n *"internal": true,\n *"stepType": "function-call",
+"internal": true,\n *"lhs": "tmp_object_factory[$][0-9]+",
+"internal": false,\n *"sourceLocation": [{]\n *"file": "com/diffblue/javatest/nestedobjects/subpackage/Order.java",\n *"function": "java::com.diffblue.javatest.nestedobjects.subpackage.Order.setItem:[(]Lcom/diffblue/javatest/nestedobjects/subpackage/Item;[)]Z",\n *"line": "21"\n *[}],\n *"stepType": "function-call",
+"internal": false,\n *"lhs": "this",\n *"mode": "java",\n *"sourceLocation": [{]\n *"file": "com/diffblue/javatest/nestedobjects/subpackage/Order.java",\n *"function": "java::com.diffblue.javatest.nestedobjects.subpackage.Order.setItem:[(]Lcom/diffblue/javatest/nestedobjects/subpackage/Item;[)]Z",
+"internal": false,\n *"lhs": "item",\n *"mode": "java",\n *"sourceLocation": [{]\n *"file": "com/diffblue/javatest/nestedobjects/subpackage/Order.java",\n *"function": "java::com.diffblue.javatest.nestedobjects.subpackage.Order.setItem:[(]Lcom/diffblue/javatest/nestedobjects/subpackage/Item;[)]Z",
+--
+^warning: ignoring
diff --git a/src/goto-symex/build_goto_trace.cpp b/src/goto-symex/build_goto_trace.cpp
index 29ba8e30236..d5c7b62c60a 100644
--- a/src/goto-symex/build_goto_trace.cpp
+++ b/src/goto-symex/build_goto_trace.cpp
@@ -206,7 +206,11 @@ void update_internal_field(
   // set internal field to _start function-return step
   if(SSA_step.source.pc->function==goto_functionst::entry_point())
   {
-    goto_trace_step.internal=true;
+    // "__CPROVER_*" function calls in __CPROVER_start are already marked as
+    // internal. Don't mark any other function calls (i.e. "main"), function
+    // arguments or any other parts of a code_function_callt as internal.
+    if(SSA_step.source.pc->code.get_statement()!=ID_function_call)
+      goto_trace_step.internal=true;
   }
 }
 

From 229817d23ce340a17046ac311d27e2387cf7625b Mon Sep 17 00:00:00 2001
From: Cristina <cristina.david@gmail.com>
Date: Thu, 25 May 2017 14:22:22 +0100
Subject: [PATCH 237/699] Remove duplicate version of
 class_hierarchyt::get_children_trans_rec

---
 src/analyses/uncaught_exceptions_analysis.cpp | 98 ++++++-------------
 src/analyses/uncaught_exceptions_analysis.h   |  5 +
 2 files changed, 34 insertions(+), 69 deletions(-)

diff --git a/src/analyses/uncaught_exceptions_analysis.cpp b/src/analyses/uncaught_exceptions_analysis.cpp
index 01824f10d27..a541d6632d1 100644
--- a/src/analyses/uncaught_exceptions_analysis.cpp
+++ b/src/analyses/uncaught_exceptions_analysis.cpp
@@ -5,7 +5,6 @@ Module: Over-approximating uncaught exceptions analysis
 Author: Cristina David
 
 \*******************************************************************/
-
 #ifdef DEBUG
 #include <iostream>
 #endif
@@ -13,70 +12,6 @@ Author: Cristina David
 
 /*******************************************************************\
 
-Function: get_subtypes
-
-  Inputs:
-
- Outputs:
-
- Purpose: computes the set of subtypes of "type" by iterating over
-          the symbol table
-\*******************************************************************/
-
-static void get_subtypes(
-  const irep_idt &type,
-  std::set<irep_idt> &subtypes,
-  const namespacet &ns)
-{
-  irep_idt candidate;
-  bool new_subtype=true;
-  const symbol_tablet &symbol_table=ns.get_symbol_table();
-
-  // as we don't know the order types have been recorded,
-  // we need to iterate over the symbol table until there are no more
-  // new subtypes found
-  while(new_subtype)
-  {
-    new_subtype=false;
-    // iterate over the symbol_table in order to find subtypes of type
-    forall_symbols(it, symbol_table.symbols)
-    {
-      // we only look at type entries
-      if(it->second.is_type)
-      {
-        // every type is a potential candidate
-        candidate=it->second.name;
-        // current candidate is already in subtypes
-        if(find(subtypes.begin(),
-                subtypes.end(),
-                candidate)!=subtypes.end())
-          continue;
-        // get its base class
-        const class_typet::basest &bases=
-          to_class_type((it->second).type).bases();
-        if(bases.size()>0)
-        {
-          const class_typet::baset &base = bases[0];
-          const irept &base_type=base.find(ID_type);
-          assert(base_type.id()==ID_symbol);
-
-          // is it derived from type?
-          // i.e. does it have type or one of its subtypes as a base?
-          if(base_type.get(ID_identifier)==type ||
-             find(subtypes.begin(), subtypes.end(),
-                  base_type.get(ID_identifier))!=subtypes.end())
-          {
-            subtypes.insert(candidate);
-            new_subtype=true;
-          }
-        }
-      }
-    }
-  }
-}
-
-/*******************************************************************\
-
 Function: get_static_type
 
   Inputs:
@@ -144,6 +79,12 @@ void uncaught_exceptions_domaint::join(
   thrown.insert(elements.begin(), elements.end());
 }
 
+void uncaught_exceptions_domaint::join(
+  const std::vector<irep_idt> &elements)
+{
+  thrown.insert(elements.begin(), elements.end());
+}
+
 
 /*******************************************************************\
 
@@ -178,8 +119,8 @@ void uncaught_exceptions_domaint::transform(
       join(type_id);
       // we must consider all the subtypes given that
       // the runtime type is a subtype of the static type
-      std::set<irep_idt> subtypes;
-      get_subtypes(type_id, subtypes, ns);
+      std::vector<irep_idt> subtypes=
+        class_hierarchy.get_children_trans(type_id);
       join(subtypes);
     }
     break;
@@ -199,8 +140,8 @@ void uncaught_exceptions_domaint::transform(
         for(const auto &exc : exception_list)
         {
           last_caught.insert(exc.id());
-          std::set<irep_idt> subtypes;
-          get_subtypes(exc.id(), subtypes, ns);
+          std::vector<irep_idt> subtypes=
+            class_hierarchy.get_children_trans(exc.id());
           last_caught.insert(subtypes.begin(), subtypes.end());
         }
       }
@@ -260,6 +201,24 @@ void uncaught_exceptions_domaint::get_elements(
 
 /*******************************************************************\
 
+Function: uncaught_exceptions_domaint::operator()
+
+  Inputs:
+
+ Outputs:
+
+ Purpose: 
+
+\*******************************************************************/
+
+void uncaught_exceptions_domaint::operator()(
+  const namespacet &ns)
+{
+  class_hierarchy(ns.get_symbol_table());
+}
+
+/*******************************************************************\
+
 Function: uncaught_exceptions_analysist::collect_uncaught_exceptions
 
   Inputs:
@@ -350,6 +309,7 @@ void uncaught_exceptions_analysist::operator()(
   const namespacet &ns,
   exceptions_mapt &exceptions)
 {
+  domain(ns);
   collect_uncaught_exceptions(goto_functions, ns);
   exceptions=exceptions_map;
   output(goto_functions);
diff --git a/src/analyses/uncaught_exceptions_analysis.h b/src/analyses/uncaught_exceptions_analysis.h
index 78deaaa8f3f..b7691fc8150 100644
--- a/src/analyses/uncaught_exceptions_analysis.h
+++ b/src/analyses/uncaught_exceptions_analysis.h
@@ -13,6 +13,7 @@ Author: Cristina David
 #include <map>
 #include <set>
 #include <goto-programs/goto_functions.h>
+#include <goto-programs/class_hierarchy.h>
 
 /*******************************************************************\
 
@@ -34,6 +35,7 @@ class uncaught_exceptions_domaint
 
   void join(const irep_idt &);
   void join(const std::set<irep_idt> &);
+  void join(const std::vector<irep_idt> &);
 
   void make_top()
   {
@@ -47,10 +49,13 @@ class uncaught_exceptions_domaint
 
   void get_elements(std::set<irep_idt> &elements);
 
+  void operator()(const namespacet &ns);
+
  private:
   typedef std::vector<std::set<irep_idt>> stack_caughtt;
   stack_caughtt stack_caught;
   std::set<irep_idt> thrown;
+  class_hierarchyt class_hierarchy;
 };
 
 /*******************************************************************\

From b6e193ea3801aa5e8e2518278316275773d13d10 Mon Sep 17 00:00:00 2001
From: thk123 <thomas@diffblue.com>
Date: Fri, 26 May 2017 17:17:13 +0100
Subject: [PATCH 238/699] Adding accessors for the access properties

---
 src/util/std_types.h | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/src/util/std_types.h b/src/util/std_types.h
index 4b3ec6e698e..28d8b9fe69a 100644
--- a/src/util/std_types.h
+++ b/src/util/std_types.h
@@ -866,6 +866,16 @@ class code_typet:public typet
     set(ID_C_inlined, value);
   }
 
+  const irep_idt &get_access() const
+  {
+    return get(ID_access);
+  }
+
+  void set_access(const irep_idt &access)
+  {
+    return set(ID_access, access);
+  }
+
   // this produces the list of parameter identifiers
   std::vector<irep_idt> parameter_identifiers() const
   {

From f42cc33e42b472c7825a5edf95d92c5b140985de Mon Sep 17 00:00:00 2001
From: Cristina <cristina.david@gmail.com>
Date: Thu, 25 May 2017 14:36:21 +0100
Subject: [PATCH 239/699] Addressed reviewers comments

---
 src/analyses/uncaught_exceptions_analysis.cpp | 60 +++++++------
 src/analyses/uncaught_exceptions_analysis.h   |  4 +-
 src/goto-programs/remove_exceptions.cpp       | 86 +++++++++----------
 3 files changed, 71 insertions(+), 79 deletions(-)

diff --git a/src/analyses/uncaught_exceptions_analysis.cpp b/src/analyses/uncaught_exceptions_analysis.cpp
index a541d6632d1..814fcaf3730 100644
--- a/src/analyses/uncaught_exceptions_analysis.cpp
+++ b/src/analyses/uncaught_exceptions_analysis.cpp
@@ -5,6 +5,7 @@ Module: Over-approximating uncaught exceptions analysis
 Author: Cristina David
 
 \*******************************************************************/
+
 #ifdef DEBUG
 #include <iostream>
 #endif
@@ -12,7 +13,7 @@ Author: Cristina David
 
 /*******************************************************************\
 
-Function: get_static_type
+Function: get_exception_type
 
   Inputs:
 
@@ -22,15 +23,13 @@ Function: get_static_type
 
 \*******************************************************************/
 
-irep_idt uncaught_exceptions_domaint::get_static_type(const typet &type)
+irep_idt uncaught_exceptions_domaint::get_exception_type(const typet &type)
 {
-  if(type.id()==ID_pointer)
-  {
-    return get_static_type(type.subtype());
-  }
-  else if(type.id()==ID_symbol)
+  assert(type.id()==ID_pointer);
+
+  if(type.subtype().id()==ID_symbol)
   {
-     return to_symbol_type(type).get_identifier();
+    return to_symbol_type(type.subtype()).get_identifier();
   }
   return ID_empty;
 }
@@ -63,7 +62,7 @@ Function: uncaught_exceptions_domaint::join
 
  Outputs:
 
- Purpose: 
+ Purpose: The join operator for the uncaught exceptions domain
 
 \*******************************************************************/
 
@@ -94,7 +93,7 @@ Function: uncaught_exceptions_domaint::transform
 
  Outputs:
 
- Purpose: 
+ Purpose: The transformer for the uncaught exceptions domain
 
 \*******************************************************************/
 
@@ -111,7 +110,7 @@ void uncaught_exceptions_domaint::transform(
   {
     const exprt &exc_symbol=get_exception_symbol(instruction.code);
     // retrieve the static type of the thrown exception
-    const irep_idt &type_id=get_static_type(exc_symbol.type());
+    const irep_idt &type_id=get_exception_type(exc_symbol.type());
     bool assertion_error=
       id2string(type_id).find("java.lang.AssertionError")!=std::string::npos;
     if(!assertion_error)
@@ -153,12 +152,7 @@ void uncaught_exceptions_domaint::transform(
           join(caught);
           // remove the caught exceptions
           for(const auto &exc_id : caught)
-          {
-            const std::set<irep_idt>::iterator it=
-              std::find(thrown.begin(), thrown.end(), exc_id);
-            if(it!=thrown.end())
-              thrown.erase(it);
-          }
+            thrown.erase(exc_id);
           stack_caught.pop_back();
         }
       }
@@ -189,14 +183,13 @@ Function: uncaught_exceptions_domaint::get_elements
 
  Outputs:
 
- Purpose: 
+ Purpose: Returns the value of the private member thrown
 
 \*******************************************************************/
 
-void uncaught_exceptions_domaint::get_elements(
-  std::set<irep_idt> &elements)
+const std::set<irep_idt> &uncaught_exceptions_domaint::get_elements() const
 {
-  elements=thrown;
+  return thrown;
 }
 
 /*******************************************************************\
@@ -207,7 +200,7 @@ Function: uncaught_exceptions_domaint::operator()
 
  Outputs:
 
- Purpose: 
+ Purpose: Constructs the class hierarchy
 
 \*******************************************************************/
 
@@ -225,7 +218,8 @@ Function: uncaught_exceptions_analysist::collect_uncaught_exceptions
 
  Outputs:
 
- Purpose: 
+ Purpose: Runs the uncaught exceptions analysis, which 
+          populates the exceptions map
 
 \*******************************************************************/
 
@@ -252,11 +246,12 @@ void uncaught_exceptions_analysist::collect_uncaught_exceptions(
         domain.transform(instr_it, *this, ns);
       }
       // did our estimation for the current function improve?
-      std::set<irep_idt> elements;
-      domain.get_elements(elements);
-      change=change||
-        exceptions_map[current_function->first].size()!=elements.size();
-      exceptions_map[current_function->first]=elements;
+      const std::set<irep_idt> &elements=domain.get_elements();
+      if(exceptions_map[current_function->first].size()<elements.size())
+      {
+        change=true;
+        exceptions_map[current_function->first]=elements;
+      }
     }
   }
 }
@@ -269,7 +264,8 @@ Function: uncaught_exceptions_analysist::output
 
  Outputs:
 
- Purpose: 
+ Purpose: Prints the exceptions map that maps each method to the 
+          set of exceptions that may escape it
 
 \*******************************************************************/
 
@@ -300,7 +296,8 @@ Function: uncaught_exceptions_analysist::operator()
 
  Outputs:
 
- Purpose: 
+ Purpose: Applies the uncaught exceptions analysis and 
+          outputs the result
 
 \*******************************************************************/
 
@@ -323,7 +320,8 @@ Function: uncaught_exceptions
 
  Outputs:
 
- Purpose: 
+ Purpose: Applies the uncaught exceptions analysis and 
+          outputs the result
 
 \*******************************************************************/
 
diff --git a/src/analyses/uncaught_exceptions_analysis.h b/src/analyses/uncaught_exceptions_analysis.h
index b7691fc8150..50ed75b202c 100644
--- a/src/analyses/uncaught_exceptions_analysis.h
+++ b/src/analyses/uncaught_exceptions_analysis.h
@@ -43,11 +43,11 @@ class uncaught_exceptions_domaint
     stack_caught.clear();
   }
 
-  static irep_idt get_static_type(const typet &type);
+  static irep_idt get_exception_type(const typet &type);
 
   static exprt get_exception_symbol(const exprt &exor);
 
-  void get_elements(std::set<irep_idt> &elements);
+  const std::set<irep_idt>  &get_elements() const;
 
   void operator()(const namespacet &ns);
 
diff --git a/src/goto-programs/remove_exceptions.cpp b/src/goto-programs/remove_exceptions.cpp
index 14fae24a906..de2ab742c07 100644
--- a/src/goto-programs/remove_exceptions.cpp
+++ b/src/goto-programs/remove_exceptions.cpp
@@ -117,10 +117,9 @@ void remove_exceptionst::add_exceptional_returns(
 
   // We generate an exceptional return value for any function that
   // contains a throw or a function call that may escape exceptions.
-  bool add_exceptional_var=false;
-  bool has_uncaught_exceptions=false;
   forall_goto_program_instructions(instr_it, goto_program)
   {
+    bool has_uncaught_exceptions=false;
     if(instr_it->is_function_call())
     {
       const exprt &function_expr=
@@ -131,53 +130,53 @@ void remove_exceptionst::add_exceptional_returns(
       has_uncaught_exceptions=!exceptions_map[function_name].empty();
     }
 
-    const exprt &exc =
-      uncaught_exceptions_domaint::get_exception_symbol(instr_it->code);
-    bool assertion_error =
-      id2string(uncaught_exceptions_domaint::get_static_type(exc.type())).
-      find("java.lang.AssertionError")!=std::string::npos;
+    bool assertion_error=false;
+    if(instr_it->is_throw())
+    {
+      const exprt &exc =
+        uncaught_exceptions_domaint::get_exception_symbol(instr_it->code);
+      assertion_error =
+        id2string(uncaught_exceptions_domaint::get_exception_type(exc.type())).
+        find("java.lang.AssertionError")!=std::string::npos;
+    }
 
-    // if we find a throw that is not AssertionError of a function call
+    // if we find a throw different from AssertionError or a function call
     // that may escape exceptions, then we add an exceptional return
     // variable
     if((instr_it->is_throw() && !assertion_error)
        || has_uncaught_exceptions)
     {
-      add_exceptional_var=true;
+      // look up the function symbol
+      symbol_tablet::symbolst::iterator s_it=
+        symbol_table.symbols.find(function_id);
+
+      assert(s_it!=symbol_table.symbols.end());
+
+      auxiliary_symbolt new_symbol;
+      new_symbol.is_static_lifetime=true;
+      new_symbol.module=function_symbol.module;
+      new_symbol.base_name=id2string(function_symbol.base_name)+EXC_SUFFIX;
+      new_symbol.name=id2string(function_symbol.name)+EXC_SUFFIX;
+      new_symbol.mode=function_symbol.mode;
+      new_symbol.type=typet(ID_pointer, empty_typet());
+      symbol_table.add(new_symbol);
+
+      // initialize the exceptional return with NULL
+      symbol_exprt lhs_expr_null=new_symbol.symbol_expr();
+      null_pointer_exprt rhs_expr_null((pointer_typet(empty_typet())));
+      goto_programt::targett t_null=
+        goto_program.insert_before(goto_program.instructions.begin());
+      t_null->make_assignment();
+      t_null->source_location=
+        goto_program.instructions.begin()->source_location;
+      t_null->code=code_assignt(
+        lhs_expr_null,
+        rhs_expr_null);
+      t_null->function=function_id;
+
       break;
     }
   }
-
-  if(add_exceptional_var)
-  {
-    // look up the function symbol
-    symbol_tablet::symbolst::iterator s_it=
-      symbol_table.symbols.find(function_id);
-
-    assert(s_it!=symbol_table.symbols.end());
-
-    auxiliary_symbolt new_symbol;
-    new_symbol.is_static_lifetime=true;
-    new_symbol.module=function_symbol.module;
-    new_symbol.base_name=id2string(function_symbol.base_name)+EXC_SUFFIX;
-    new_symbol.name=id2string(function_symbol.name)+EXC_SUFFIX;
-    new_symbol.mode=function_symbol.mode;
-    new_symbol.type=typet(ID_pointer, empty_typet());
-    symbol_table.add(new_symbol);
-
-    // initialize the exceptional return with NULL
-    symbol_exprt lhs_expr_null=new_symbol.symbol_expr();
-    null_pointer_exprt rhs_expr_null((pointer_typet(empty_typet())));
-    goto_programt::targett t_null=
-      goto_program.insert_before(goto_program.instructions.begin());
-    t_null->make_assignment();
-    t_null->source_location=
-      goto_program.instructions.begin()->source_location;
-    t_null->code=code_assignt(
-      lhs_expr_null,
-      rhs_expr_null);
-    t_null->function=function_id;
-  }
 }
 
 /*******************************************************************\
@@ -293,7 +292,7 @@ void remove_exceptionst::instrument_throw(
   const exprt &exc_expr=
     uncaught_exceptions_domaint::get_exception_symbol(instr_it->code);
   bool assertion_error=id2string(
-    uncaught_exceptions_domaint::get_static_type(exc_expr.type())).
+    uncaught_exceptions_domaint::get_exception_type(exc_expr.type())).
     find("java.lang.AssertionError")!=std::string::npos;
 
   // we don't count AssertionError (we couldn't catch it anyway
@@ -360,11 +359,6 @@ void remove_exceptionst::instrument_throw(
     t_dead->function=instr_it->function;
   }
 
-  // replace "throw x;" by "f#exception_value=x;"
-  // exprt exc_expr=instr_it->code;
-  // while(exc_expr.id()!=ID_symbol && exc_expr.has_operands())
-  //   exc_expr=exc_expr.op0();
-
   // add the assignment with the appropriate cast
   code_assignt assignment(typecast_exprt(exc_thrown, exc_expr.type()),
                           exc_expr);

From b2dd3a21b3b4e967be3d91a237836bd43509a9d7 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Wed, 10 May 2017 09:06:35 +0100
Subject: [PATCH 240/699] Disallow null pointer in data field of String

We assume the array field of Strings to be non-null.
This is related to issue diffblue/test-gen#317
---
 src/java_bytecode/java_object_factory.cpp | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/src/java_bytecode/java_object_factory.cpp b/src/java_bytecode/java_object_factory.cpp
index 011f2ad2be3..3e62626e3f4 100644
--- a/src/java_bytecode/java_object_factory.cpp
+++ b/src/java_bytecode/java_object_factory.cpp
@@ -418,7 +418,17 @@ void java_object_factoryt::gen_nondet_init(
       create_dynamic_objects,
       NO_UPDATE_IN_PLACE);
 
-    if(assume_non_null)
+    // Determine whether the pointer can be null.
+    // In particular the array field of a String should not be null.
+    bool not_null=
+      assume_non_null ||
+      ((class_identifier=="java.lang.String" ||
+        class_identifier=="java.lang.StringBuilder" ||
+        class_identifier=="java.lang.StringBuffer" ||
+        class_identifier=="java.lang.CharSequence") &&
+       subtype.id()==ID_array);
+
+    if(not_null)
     {
       // Add the following code to assignments:
       // <expr> = <aoe>;

From a9d96f6617b7c72231398b82293834483cc078d8 Mon Sep 17 00:00:00 2001
From: Owen Jones <owen.jones@diffblue.com>
Date: Fri, 2 Jun 2017 13:42:23 +0100
Subject: [PATCH 241/699] Remove SSA ids from goto trace

When building the goto trace we remove the SSA ids from most variable
names, but they were still in address-of expressions in the right hand
sides of assignments.
---
 .../cbmc/pointer-function-parameters-2/test.desc    |  6 +++---
 .../cbmc/pointer-function-parameters/test.desc      |  4 ++--
 src/goto-symex/build_goto_trace.cpp                 | 13 +++++++++++--
 3 files changed, 16 insertions(+), 7 deletions(-)

diff --git a/regression/cbmc/pointer-function-parameters-2/test.desc b/regression/cbmc/pointer-function-parameters-2/test.desc
index c67211d7387..1db7d3c4f37 100644
--- a/regression/cbmc/pointer-function-parameters-2/test.desc
+++ b/regression/cbmc/pointer-function-parameters-2/test.desc
@@ -5,8 +5,8 @@ main.c
 ^\*\* Used 4 iterations$
 ^Test suite:$
 ^a=\(\(signed int \*\*\)NULL\), tmp\$1=[^,]*, tmp\$2=[^,]*$
-^a=&tmp\$1!0, tmp\$1=\(\(signed int \*\)NULL\), tmp\$2=[^,]*$
-^a=&tmp\$1!0, tmp\$1=&tmp\$2!0, tmp\$2=([012356789][0-9]*|4[0-9]+)$
-^a=&tmp\$1!0, tmp\$1=&tmp\$2!0, tmp\$2=4$
+^a=&tmp\$1, tmp\$1=\(\(signed int \*\)NULL\), tmp\$2=[^,]*$
+^a=&tmp\$1, tmp\$1=&tmp\$2, tmp\$2=([012356789][0-9]*|4[0-9]+)$
+^a=&tmp\$1, tmp\$1=&tmp\$2, tmp\$2=4$
 --
 ^warning: ignoring
diff --git a/regression/cbmc/pointer-function-parameters/test.desc b/regression/cbmc/pointer-function-parameters/test.desc
index b9aa6240dea..ee8efd932ad 100644
--- a/regression/cbmc/pointer-function-parameters/test.desc
+++ b/regression/cbmc/pointer-function-parameters/test.desc
@@ -5,7 +5,7 @@ main.c
 ^\*\* Used 3 iterations$
 ^Test suite:$
 ^a=\(\(signed int \*\)NULL\), tmp\$1=[^,]*$
-^a=&tmp\$1!0, tmp\$1=4$
-^a=&tmp\$1!0, tmp\$1=([012356789][0-9]*|4[0-9]+)$
+^a=&tmp\$1, tmp\$1=4$
+^a=&tmp\$1, tmp\$1=([012356789][0-9]*|4[0-9]+)$
 --
 ^warning: ignoring
diff --git a/src/goto-symex/build_goto_trace.cpp b/src/goto-symex/build_goto_trace.cpp
index d5c7b62c60a..2a009d86fb5 100644
--- a/src/goto-symex/build_goto_trace.cpp
+++ b/src/goto-symex/build_goto_trace.cpp
@@ -364,8 +364,17 @@ void build_goto_trace(
         goto_trace_step.io_args.push_back(j);
       else
       {
-        exprt tmp=prop_conv.get(j);
-        goto_trace_step.io_args.push_back(tmp);
+        // we only expect constants here
+        exprt expr=to_constant_expr(prop_conv.get(j));
+        if(expr.has_operands() && expr.op0().id()==ID_address_of)
+        {
+          exprt *op=&(to_address_of_expr(expr.op0()).object());
+          while(op->id()==ID_member || op->id()==ID_index)
+            op=&(op->op0());
+          *op=to_ssa_expr(*op).get_original_expr();
+        }
+        // use expr in the output
+        goto_trace_step.io_args.push_back(expr);
       }
     }
 

From 8f120bd7a7dd111e45869d6b996d01a86440eb00 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Mon, 24 Apr 2017 12:27:44 +0100
Subject: [PATCH 242/699] Declaring auxiliary function for allocation of
 dynamic objects

---
 src/java_bytecode/java_object_factory.cpp | 173 +++++++++++++++++-----
 src/java_bytecode/java_object_factory.h   |  17 +++
 2 files changed, 149 insertions(+), 41 deletions(-)

diff --git a/src/java_bytecode/java_object_factory.cpp b/src/java_bytecode/java_object_factory.cpp
index 011f2ad2be3..c2c032eecc7 100644
--- a/src/java_bytecode/java_object_factory.cpp
+++ b/src/java_bytecode/java_object_factory.cpp
@@ -132,6 +132,130 @@ class java_object_factoryt
 
 /*******************************************************************\
 
+Function: allocate_dynamic_object
+
+  Inputs:
+    target_expr - expression to which the necessary memory will be allocated
+    allocate_type - type of the object allocated
+    symbol_table - symbol table
+    loc - location in the source
+    output_code - code block to which the necessary code is added
+    symbols_created - created symbols to be declared by the caller
+    cast_needed - Boolean flags saying where we need to cast the malloc site
+
+  Outputs: Expression representing the malloc site allocated.
+
+  Purpose: Generates code for allocating a dynamic object.
+           This is used in allocate_object and for allocating strings
+           in the library preprocessing.
+
+\*******************************************************************/
+
+exprt allocate_dynamic_object(
+  const exprt &target_expr,
+  const typet &allocate_type,
+  symbol_tablet &symbol_table,
+  const source_locationt &loc,
+  code_blockt &output_code,
+  std::vector<const symbolt *> &symbols_created,
+  bool cast_needed)
+{
+  // build size expression
+  exprt object_size=size_of_expr(allocate_type, namespacet(symbol_table));
+
+  if(allocate_type.id()!=ID_empty)
+  {
+    assert(!object_size.is_nil() && "size of Java objects should be known");
+    // malloc expression
+    exprt malloc_expr=side_effect_exprt(ID_malloc);
+    malloc_expr.copy_to_operands(object_size);
+    typet result_type=pointer_typet(allocate_type);
+    malloc_expr.type()=result_type;
+    // Create a symbol for the malloc expression so we can initialize
+    // without having to do it potentially through a double-deref, which
+    // breaks the to-SSA phase.
+    symbolt &malloc_sym=new_tmp_symbol(
+      symbol_table,
+      loc,
+      pointer_typet(allocate_type),
+      "malloc_site");
+    symbols_created.push_back(&malloc_sym);
+    code_assignt assign=code_assignt(malloc_sym.symbol_expr(), malloc_expr);
+    assign.add_source_location()=loc;
+    output_code.copy_to_operands(assign);
+    malloc_expr=malloc_sym.symbol_expr();
+    if(cast_needed)
+      malloc_expr=typecast_exprt(malloc_expr, target_expr.type());
+    code_assignt code(target_expr, malloc_expr);
+    code.add_source_location()=loc;
+    output_code.copy_to_operands(code);
+    return malloc_sym.symbol_expr();
+  }
+  else
+  {
+    // make null
+    null_pointer_exprt null_pointer_expr(to_pointer_type(target_expr.type()));
+    code_assignt code(target_expr, null_pointer_expr);
+    code.add_source_location()=loc;
+    output_code.copy_to_operands(code);
+    return exprt();
+  }
+}
+
+/*******************************************************************\
+
+Function: allocate_dynamic_object_with_decl
+
+  Inputs:
+    target_expr - expression to which the necessary memory will be allocated
+    allocate_type - type of the object allocated
+    symbol_table - symbol table
+    loc - location in the source
+    output_code - code block to which the necessary code is added
+    cast_needed - Boolean flags saying where we need to cast the malloc site
+
+  Outputs: Expression representing the malloc site allocated.
+
+  Purpose: Generates code for allocating a dynamic object.
+           This is a static version of allocate_dynamic_object that can
+           be called from outside java_object_factory and which takes care
+           of creating the associated declarations.
+
+\*******************************************************************/
+
+exprt allocate_dynamic_object_with_decl(
+  const exprt &target_expr,
+  const typet &allocate_type,
+  symbol_tablet &symbol_table,
+  const source_locationt &loc,
+  code_blockt &output_code,
+  bool cast_needed)
+{
+  std::vector<const symbolt *> symbols_created;
+
+  exprt result=allocate_dynamic_object(
+    target_expr,
+    allocate_type,
+    symbol_table,
+    loc,
+    output_code,
+    symbols_created,
+    cast_needed);
+
+  // Add the following code to output_code for each symbol that's been created:
+  //   <type> <identifier>;
+  for(const symbolt * const symbol_ptr : symbols_created)
+  {
+    code_declt decl(symbol_ptr->symbol_expr());
+    decl.add_source_location()=loc;
+    output_code.add(decl);
+  }
+
+  return result;
+}
+
+/*******************************************************************\
+
 Function: java_object_factoryt::allocate_object
 
  Inputs:
@@ -174,47 +298,14 @@ exprt java_object_factoryt::allocate_object(
   }
   else
   {
-    // build size expression
-    exprt object_size=size_of_expr(allocate_type, namespacet(symbol_table));
-
-    if(allocate_type.id()!=ID_empty)
-    {
-      assert(!object_size.is_nil() && "size of Java objects should be known");
-      // malloc expression
-      exprt malloc_expr=side_effect_exprt(ID_malloc);
-      malloc_expr.copy_to_operands(object_size);
-      typet result_type=pointer_typet(allocate_type);
-      malloc_expr.type()=result_type;
-      // Create a symbol for the malloc expression so we can initialize
-      // without having to do it potentially through a double-deref, which
-      // breaks the to-SSA phase.
-      symbolt &malloc_sym=new_tmp_symbol(
-        symbol_table,
-        loc,
-        pointer_typet(allocate_type),
-        "malloc_site");
-      symbols_created.push_back(&malloc_sym);
-      code_assignt assign=code_assignt(malloc_sym.symbol_expr(), malloc_expr);
-      code_assignt &malloc_assign=assign;
-      malloc_assign.add_source_location()=loc;
-      assignments.copy_to_operands(malloc_assign);
-      malloc_expr=malloc_sym.symbol_expr();
-      if(cast_needed)
-        malloc_expr=typecast_exprt(malloc_expr, target_expr.type());
-      code_assignt code(target_expr, malloc_expr);
-      code.add_source_location()=loc;
-      assignments.copy_to_operands(code);
-      return malloc_sym.symbol_expr();
-    }
-    else
-    {
-      // make null
-      null_pointer_exprt null_pointer_expr(to_pointer_type(target_expr.type()));
-      code_assignt code(target_expr, null_pointer_expr);
-      code.add_source_location()=loc;
-      assignments.copy_to_operands(code);
-      return exprt();
-    }
+    return allocate_dynamic_object(
+      target_expr,
+      allocate_type,
+      symbol_table,
+      loc,
+      assignments,
+      symbols_created,
+      cast_needed);
   }
 }
 
diff --git a/src/java_bytecode/java_object_factory.h b/src/java_bytecode/java_object_factory.h
index d2d2d0d937f..69ab7250ca7 100644
--- a/src/java_bytecode/java_object_factory.h
+++ b/src/java_bytecode/java_object_factory.h
@@ -40,4 +40,21 @@ void gen_nondet_init(
   size_t max_nondet_array_length,
   update_in_placet update_in_place=NO_UPDATE_IN_PLACE);
 
+exprt allocate_dynamic_object(
+  const exprt &target_expr,
+  const typet &allocate_type,
+  symbol_tablet &symbol_table,
+  const source_locationt &loc,
+  code_blockt &output_code,
+  std::vector<const symbolt *> &symbols_created,
+  bool cast_needed=false);
+
+exprt allocate_dynamic_object_with_decl(
+  const exprt &target_expr,
+  const typet &allocate_type,
+  symbol_tablet &symbol_table,
+  const source_locationt &loc,
+  code_blockt &output_code,
+  bool cast_needed=false);
+
 #endif // CPROVER_JAVA_BYTECODE_JAVA_OBJECT_FACTORY_H

From af2fd46c75f8ab98b06eb076ac6bb2ff34a33a48 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Mon, 24 Apr 2017 12:41:16 +0100
Subject: [PATCH 243/699] Replacement of string preprocessing for Java

This is a new implementation of the string preprocessing for Java
functions. Which now takes place during java bytecode processing
instead of being a step in the goto-program treatment.

Rename code_of_function to code_for_function

Update documentation

Minor corrections on the code

Make all methods non-static

This is to allow using class variables in them.
The conversion_functiont map had to be adapted.

Use class variable for refined string type

Instead of recreating a new refined string type each time it is
requested, we add a field to hold it in java_string_library_preprocess.

Squash in Replacement

Replace code.copy_to_operands() with code.add()

Correct implementation and usage of string_length_type()
---
 .../java_bytecode_convert_method.cpp          |   17 +-
 .../java_string_library_preprocess.cpp        | 2304 +++++++++++++++++
 .../java_string_library_preprocess.h          |  302 +++
 3 files changed, 2620 insertions(+), 3 deletions(-)
 create mode 100644 src/java_bytecode/java_string_library_preprocess.cpp
 create mode 100644 src/java_bytecode/java_string_library_preprocess.h

diff --git a/src/java_bytecode/java_bytecode_convert_method.cpp b/src/java_bytecode/java_bytecode_convert_method.cpp
index 9e295f2dcc6..14a6d7a501c 100644
--- a/src/java_bytecode/java_bytecode_convert_method.cpp
+++ b/src/java_bytecode/java_bytecode_convert_method.cpp
@@ -26,6 +26,7 @@ Author: Daniel Kroening, kroening@kroening.com
 #include "java_bytecode_convert_method_class.h"
 #include "bytecode_info.h"
 #include "java_types.h"
+#include "java_string_library_preprocess.h"
 
 #include <limits>
 #include <algorithm>
@@ -1555,6 +1556,11 @@ codet java_bytecode_convert_methodt::convert_instructions(
           symbol.name,
           symbol_table);
 
+        // functions of the String libraries can have code
+        // generated for them
+        symbol.value=string_preprocess.code_for_function(
+          id, to_code_type(symbol.type), loc, symbol_table);
+
         symbol_table.add(symbol);
       }
 
@@ -1576,7 +1582,10 @@ codet java_bytecode_convert_methodt::convert_instructions(
       }
 
       call.function().add_source_location()=loc;
-      c=call;
+
+      // Replacing call if it is a function of the Character library,
+      // returning the same call otherwise
+      c=string_preprocess.replace_character_call(call);
 
       if(!use_this)
       {
@@ -2767,7 +2776,8 @@ void java_bytecode_convert_method(
   symbol_tablet &symbol_table,
   message_handlert &message_handler,
   size_t max_array_length,
-  safe_pointer<ci_lazy_methodst> lazy_methods)
+  safe_pointer<ci_lazy_methodst> lazy_methods,
+  const java_string_library_preprocesst &string_preprocess)
 {
   static const std::unordered_set<std::string> methods_to_ignore
   {
@@ -2796,7 +2806,8 @@ void java_bytecode_convert_method(
     symbol_table,
     message_handler,
     max_array_length,
-    lazy_methods);
+    lazy_methods,
+    string_preprocess);
 
   java_bytecode_convert_method(class_symbol, method);
 }
diff --git a/src/java_bytecode/java_string_library_preprocess.cpp b/src/java_bytecode/java_string_library_preprocess.cpp
new file mode 100644
index 00000000000..34e5f84bfd7
--- /dev/null
+++ b/src/java_bytecode/java_string_library_preprocess.cpp
@@ -0,0 +1,2304 @@
+/*******************************************************************\
+
+Module: Java_string_libraries_preprocess, gives code for methods on
+        strings of the java standard library. In particular methods
+        from java.lang.String, java.lang.StringBuilder,
+        java.lang.StringBuffer.
+
+Author: Romain Brenguier
+
+Date:   April 2017
+
+\*******************************************************************/
+
+#include <util/arith_tools.h>
+#include <util/std_expr.h>
+#include <util/std_code.h>
+#include <util/fresh_symbol.h>
+#include <util/refined_string_type.h>
+#include <util/string_expr.h>
+#include "java_types.h"
+#include "java_object_factory.h"
+
+#include "java_string_library_preprocess.h"
+
+/*******************************************************************\
+
+Function: java_string_library_preprocesst::java_type_matches_tag
+
+  Inputs:
+    type - a type
+    tag - a string
+
+  Output: Boolean telling whether the type is a struct with the given
+          tag or a symbolic type with the tag prefixed by "java::"
+
+\*******************************************************************/
+
+bool java_string_library_preprocesst::java_type_matches_tag(
+  const typet &type, const std::string &tag)
+{
+  if(type.id()==ID_symbol)
+  {
+    irep_idt tag_id=to_symbol_type(type).get_identifier();
+    return tag_id=="java::"+tag;
+  }
+  else if(type.id()==ID_struct)
+  {
+    irep_idt tag_id=to_struct_type(type).get_tag();
+    return tag_id==tag;
+  }
+  return false;
+}
+
+/*******************************************************************\
+
+Function: java_string_library_preprocesst::is_java_string_pointer_type
+
+  Inputs: a type
+
+  Output: Boolean telling whether the type is that of java string pointer
+
+\*******************************************************************/
+
+bool java_string_library_preprocesst::is_java_string_pointer_type(
+  const typet &type)
+{
+  if(type.id()==ID_pointer)
+  {
+    const pointer_typet &pt=to_pointer_type(type);
+    const typet &subtype=pt.subtype();
+    return is_java_string_type(subtype);
+  }
+  return false;
+}
+
+/*******************************************************************\
+
+Function: java_string_library_preprocesst::is_java_string_type
+
+  Inputs: a type
+
+  Output: Boolean telling whether the type is that of java string
+
+\*******************************************************************/
+
+bool java_string_library_preprocesst::is_java_string_type(
+  const typet &type)
+{
+  return java_type_matches_tag(type, "java.lang.String");
+}
+
+/*******************************************************************\
+
+Function: java_string_library_preprocesst::is_java_string_builder_type
+
+  Inputs: a type
+
+  Output: Boolean telling whether the type is that of java StringBuilder
+
+\*******************************************************************/
+
+bool java_string_library_preprocesst::is_java_string_builder_type(
+  const typet &type)
+{
+  return java_type_matches_tag(type, "java.lang.StringBuilder");
+}
+
+/*******************************************************************\
+
+Function: java_string_library_preprocesst::is_java_string_builder_pointer_type
+
+  Inputs: a type
+
+  Output: Boolean telling whether the type is that of java StringBuilder
+          pointers
+
+\*******************************************************************/
+
+bool java_string_library_preprocesst::is_java_string_builder_pointer_type(
+  const typet &type)
+{
+  if(type.id()==ID_pointer)
+  {
+    const pointer_typet &pt=to_pointer_type(type);
+    const typet &subtype=pt.subtype();
+    return is_java_string_builder_type(subtype);
+  }
+  return false;
+}
+
+/*******************************************************************\
+
+Function: java_string_library_preprocesst::is_java_string_buffer_type
+
+  Inputs: a type
+
+  Output: Boolean telling whether the type is that of java StringBuffer
+
+\*******************************************************************/
+
+bool java_string_library_preprocesst::is_java_string_buffer_type(
+  const typet &type)
+{
+  return java_type_matches_tag(type, "java.lang.StringBuffer");
+}
+
+/*******************************************************************\
+
+Function: java_string_library_preprocesst::is_java_string_buffer_pointer_type
+
+  Inputs: a type
+
+  Output: Boolean telling whether the type is that of java StringBuffer
+          pointers
+
+\*******************************************************************/
+
+bool java_string_library_preprocesst::is_java_string_buffer_pointer_type(
+  const typet &type)
+{
+  if(type.id()==ID_pointer)
+  {
+    const pointer_typet &pt=to_pointer_type(type);
+    const typet &subtype=pt.subtype();
+    return is_java_string_buffer_type(subtype);
+  }
+  return false;
+}
+
+/*******************************************************************\
+
+Function: java_string_library_preprocesst::is_java_char_sequence_type
+
+  Inputs: a type
+
+  Output: Boolean telling whether the type is that of java char sequence
+
+\*******************************************************************/
+
+bool java_string_library_preprocesst::is_java_char_sequence_type(
+  const typet &type)
+{
+  return java_type_matches_tag(type, "java.lang.CharSequence");
+}
+
+/*******************************************************************\
+
+Function: java_string_library_preprocesst::is_java_char_sequence_pointer_type
+
+  Inputs: a type
+
+  Output: Boolean telling whether the type is that of a pointer
+          to a java char sequence
+
+\*******************************************************************/
+
+bool java_string_library_preprocesst::is_java_char_sequence_pointer_type(
+  const typet &type)
+{
+  if(type.id()==ID_pointer)
+  {
+    const pointer_typet &pt=to_pointer_type(type);
+    const typet &subtype=pt.subtype();
+    return is_java_char_sequence_type(subtype);
+  }
+  return false;
+}
+
+/*******************************************************************\
+
+Function: java_string_library_preprocesst::is_java_char_array_type
+
+  Inputs: a type
+
+  Output: Boolean telling whether the type is that of java char array
+
+\*******************************************************************/
+
+bool java_string_library_preprocesst::is_java_char_array_type(
+  const typet &type)
+{
+  return java_type_matches_tag(type, "array[char]");
+}
+
+/*******************************************************************\
+
+Function: java_string_library_preprocesst::is_java_char_array_pointer_type
+
+  Inputs: a type
+
+ Outputs: Boolean telling whether the type is that of a pointer
+          to a java char array
+
+\*******************************************************************/
+
+bool java_string_library_preprocesst::is_java_char_array_pointer_type(
+  const typet &type)
+{
+  if(type.id()==ID_pointer)
+  {
+    const pointer_typet &pt=to_pointer_type(type);
+    const typet &subtype=pt.subtype();
+    return is_java_char_array_type(subtype);
+  }
+  return false;
+}
+
+/*******************************************************************\
+
+Function: java_string_library_preprocesst::string_data_type
+
+  Inputs:
+    symbol_table - a symbol_table containing an entry for java Strings
+
+  Output: the type of data fields in java Strings.
+
+\*******************************************************************/
+
+typet string_data_type(symbol_tablet symbol_table)
+{
+  symbolt sym=symbol_table.lookup("java::java.lang.String");
+  typet concrete_type=sym.type;
+  // TODO: Check that this is indeed the 'length' field.
+  typet data_type=to_struct_type(concrete_type).components()[2].type();
+  return data_type;
+}
+
+/*******************************************************************\
+
+Function: java_string_library_preprocesst::string_length_type
+
+ Outputs: the type of the length field in java Strings.
+
+\*******************************************************************/
+
+typet string_length_type()
+{
+  return java_int_type();
+}
+
+/*******************************************************************\
+
+Function: java_string_library_preprocesst::add_string_type
+
+  Inputs:
+    class_name - a name for the class such as "java.lang.String"
+    symbol_table - symbol table to which the class will be added
+
+ Purpose: Add to the symbol table type declaration for a String-like
+          Java class.
+
+\*******************************************************************/
+
+void java_string_library_preprocesst::add_string_type(
+  const irep_idt &class_name, symbol_tablet &symbol_table)
+{
+  class_typet string_type;
+  string_type.set_tag(class_name);
+  string_type.components().resize(3);
+  string_type.components()[0].set_name("@java.lang.Object");
+  string_type.components()[0].set_pretty_name("@java.lang.Object");
+  string_type.components()[0].type()=symbol_typet("java::java.lang.Object");
+  string_type.components()[1].set_name("length");
+  string_type.components()[1].set_pretty_name("length");
+  string_type.components()[1].type()=string_length_type();
+  string_type.components()[2].set_name("data");
+  string_type.components()[2].set_pretty_name("data");
+  // Use a pointer-to-unbounded-array instead of a pointer-to-char.
+  // Saves some casting in the string refinement algorithm but may
+  // be unnecessary.
+  string_type.components()[2].type()=pointer_typet(
+    array_typet(java_char_type(), infinity_exprt(string_length_type())));
+  string_type.add_base(symbol_typet("java::java.lang.Object"));
+
+  symbolt string_symbol;
+  string_symbol.name="java::"+id2string(class_name);
+  string_symbol.base_name=id2string(class_name);
+  string_symbol.pretty_name=id2string(class_name);
+  string_symbol.type=string_type;
+  string_symbol.is_type=true;
+
+  symbol_table.add(string_symbol);
+}
+
+/*******************************************************************\
+
+Function: fresh_array
+
+  Inputs:
+    type - an array type
+    location - a location in the program
+    symbol_table - symbol table
+
+  Output: a new symbol
+
+ Purpose: add a symbol in the table with static lifetime and name
+          containing `cprover_string_array` and given type
+
+\*******************************************************************/
+
+symbol_exprt java_string_library_preprocesst::fresh_array(
+  const typet &type,
+  const source_locationt &location,
+  symbol_tablet &symbol_table)
+{
+  symbolt array_symbol=get_fresh_aux_symbol(
+    type,
+    "cprover_string_array",
+    "cprover_string_array",
+    location,
+    ID_java,
+    symbol_table);
+  array_symbol.is_static_lifetime=true;
+  return array_symbol.symbol_expr();
+}
+
+/*******************************************************************\
+
+Function: java_string_library_preprocesst::declare_function
+
+  Inputs:
+    function_name - a name
+    type - a type
+    symbol_table - symbol table
+
+ Purpose: declare a function with the given name and type
+
+\*******************************************************************/
+
+void java_string_library_preprocesst::declare_function(
+  irep_idt function_name, const typet &type, symbol_tablet &symbol_table)
+{
+  auxiliary_symbolt func_symbol;
+  func_symbol.base_name=function_name;
+  func_symbol.pretty_name=function_name;
+  func_symbol.is_static_lifetime=false;
+  func_symbol.mode=ID_java;
+  func_symbol.name=function_name;
+  func_symbol.type=type;
+  symbol_table.add(func_symbol);
+}
+
+/*******************************************************************\
+
+Function: string_refine_preprocesst::process_arguments
+
+  Inputs:
+    params - a list of function parameters
+    loc - location in the source
+    symbol_table - symbol table
+    init_code - code block, in which declaration of some arguments
+                may be added
+
+  Output: a list of expressions
+
+ Purpose: calls string_refine_preprocesst::process_operands with a
+          list of parameters.
+
+\*******************************************************************/
+
+exprt::operandst java_string_library_preprocesst::process_parameters(
+  const code_typet::parameterst &params,
+  const source_locationt &loc,
+  symbol_tablet &symbol_table,
+  code_blockt &init_code)
+{
+  exprt::operandst ops;
+  for(const auto &p : params)
+  {
+    symbol_exprt sym(p.get_identifier(), p.type());
+    ops.push_back(sym);
+  }
+  return process_operands(ops, loc, symbol_table, init_code);
+}
+
+/*******************************************************************\
+
+Function: java_string_library_preprocesst::process_single_operand
+
+  Inputs:
+    processed_ops - the list of processed operands to populate
+    op_to_process - a list of expressions
+    loc - location in the source
+    symbol_table - symbol table
+    init_code - code block, in which declaration of some arguments
+                may be added
+
+ Purpose: Creates a string_exprt from the input exprt and adds it to
+          processed_ops
+
+\*******************************************************************/
+
+void java_string_library_preprocesst::process_single_operand(
+  exprt::operandst &processed_ops,
+  const exprt &op_to_process,
+  const source_locationt &loc,
+  symbol_tablet &symbol_table,
+  code_blockt &init_code)
+{
+  member_exprt length(
+    op_to_process, "length", string_length_type());
+  member_exprt data(op_to_process, "data", string_data_type(symbol_table));
+  dereference_exprt deref_data(data, data.type().subtype());
+  string_exprt string_expr=fresh_string_expr(loc, symbol_table, init_code);
+  exprt string_expr_sym=fresh_string_expr_symbol(loc, symbol_table, init_code);
+  init_code.add(code_declt(string_expr_sym));
+  init_code.add(code_assignt(string_expr.length(), length));
+  init_code.add(
+    code_assignt(string_expr.content(), deref_data));
+  init_code.add(code_assignt(string_expr_sym, string_expr));
+  processed_ops.push_back(string_expr);
+}
+
+/*******************************************************************\
+
+Function: java_string_library_preprocesst::process_operands
+
+  Inputs:
+    operands - a list of expressions
+    loc - location in the source
+    symbol_table - symbol table
+    init_code - code block, in which declaration of some arguments
+                may be added
+
+  Output: a list of expressions
+
+ Purpose: for each expression that is of a type implementing strings,
+          we declare a new `cprover_string` whose contents is deduced
+          from the expression and replace the
+          expression by this cprover_string in the output list;
+          in the other case the expression is kept as is for the output list.
+          Also does the same thing for char array references.
+
+\*******************************************************************/
+
+exprt::operandst java_string_library_preprocesst::process_operands(
+  const exprt::operandst &operands,
+  const source_locationt &loc,
+  symbol_tablet &symbol_table,
+  code_blockt &init_code)
+{
+  exprt::operandst ops;
+  for(const auto &p : operands)
+  {
+    if(implements_java_char_sequence(p.type()))
+    {
+      dereference_exprt deref(p, to_pointer_type(p.type()).subtype());
+      process_single_operand(ops, deref, loc, symbol_table, init_code);
+    }
+    else if(is_java_char_array_pointer_type(p.type()))
+    {
+      ops.push_back(replace_char_array(p, loc, symbol_table, init_code));
+    }
+    else
+    {
+      ops.push_back(p);
+    }
+  }
+  return ops;
+}
+
+/*******************************************************************\
+
+Function: java_string_library_preprocesst::process_equals_function_operands
+
+  Inputs:
+    operands - a list of expressions
+    loc - location in the source
+    symbol_table - symbol table
+    init_code - code block, in which declaration of some arguments
+                may be added
+
+  Output: a list of expressions
+
+ Purpose: Converts the operands of the equals function to string
+          expressions and outputs these conversions. As a side effect
+          of the conversions it adds some code to init_code.
+
+\*******************************************************************/
+
+exprt::operandst
+  java_string_library_preprocesst::process_equals_function_operands(
+  const exprt::operandst &operands,
+  const source_locationt &loc,
+  symbol_tablet &symbol_table,
+  code_blockt &init_code)
+{
+  assert(operands.size()==2);
+  exprt::operandst ops;
+  exprt op0=operands[0];
+  exprt op1=operands[1];
+
+  assert(implements_java_char_sequence(op0.type()));
+  dereference_exprt deref0(op0, to_pointer_type(op0.type()).subtype());
+  process_single_operand(ops, deref0, loc, symbol_table, init_code);
+
+  // TODO: Manage the case where we have a non-String Object (this should
+  // probably be handled upstream. At any rate, the following code should be
+  // protected with assertions on the type of op1.
+  typecast_exprt tcast(op1, to_pointer_type(op0.type()));
+  dereference_exprt deref1(tcast, to_pointer_type(op0.type()).subtype());
+  process_single_operand(ops, deref1, loc, symbol_table, init_code);
+  return ops;
+}
+
+/*******************************************************************\
+
+Function: java_string_library_preprocesst::get_data_type
+
+  Inputs:
+    type - a type containing a "data" component
+    symbol_table - symbol table
+
+  Output: type of the "data" component
+
+ Purpose: Finds the type of the data component
+
+\*******************************************************************/
+
+typet java_string_library_preprocesst::get_data_type(
+  const typet &type, const symbol_tablet &symbol_table)
+{
+  if(type.id()==ID_symbol)
+  {
+    symbolt sym=symbol_table.lookup(to_symbol_type(type).get_identifier());
+    assert(sym.type.id()!=ID_symbol);
+    return get_data_type(sym.type, symbol_table);
+  }
+  else
+  {
+    assert(type.id()==ID_struct);
+    const struct_typet &struct_type=to_struct_type(type);
+    for(auto component : struct_type.components())
+      if(component.get_name()=="data")
+        return component.type();
+    assert(false && "type does not contain data component");
+  }
+}
+
+/*******************************************************************\
+
+Function: java_string_library_preprocesst::get_length_type
+
+  Inputs:
+    type - a type containing a "length" component
+    symbol_table - symbol table
+
+  Output: type of the "length" component
+
+ Purpose: Finds the type of the length component
+
+\*******************************************************************/
+
+typet java_string_library_preprocesst::get_length_type(
+  const typet &type, const symbol_tablet &symbol_table)
+{
+  if(type.id()==ID_symbol)
+  {
+    symbolt sym=symbol_table.lookup(to_symbol_type(type).get_identifier());
+    assert(sym.type.id()!=ID_symbol);
+    return get_length_type(sym.type, symbol_table);
+  }
+  else
+  {
+    assert(type.id()==ID_struct);
+    const struct_typet &struct_type=to_struct_type(type);
+    for(auto component : struct_type.components())
+      if(component.get_name()=="length")
+        return component.type();
+    assert(false && "type does not contain length component");
+  }
+}
+
+/*******************************************************************\
+
+Function: java_string_library_preprocesst::get_length
+
+  Inputs:
+    expr - an expression of structured type with length component
+    symbol_table - symbol table
+
+  Output: expression representing the "length" member
+
+ Purpose: access length member
+
+\*******************************************************************/
+
+exprt java_string_library_preprocesst::get_length(
+  const exprt &expr, const symbol_tablet &symbol_table)
+{
+  return member_exprt(
+    expr, "length", get_length_type(expr.type(), symbol_table));
+}
+
+/*******************************************************************\
+
+Function: java_string_library_preprocesst::get_data
+
+  Inputs:
+    expr - an expression of structured type with length component
+    symbol_table - symbol table
+
+  Output: expression representing the "data" member
+
+ Purpose: access data member
+
+\*******************************************************************/
+
+exprt java_string_library_preprocesst::get_data(
+  const exprt &expr, const symbol_tablet &symbol_table)
+{
+  return member_exprt(expr, "data", get_data_type(expr.type(), symbol_table));
+}
+
+/*******************************************************************\
+
+Function: string_refine_preprocesst::replace_char_array
+
+  Inputs:
+    array_pointer - an expression of type char array pointer
+    loc - location in the source
+    symbol_table - symbol table
+    code - code block, in which some assignments will be added
+
+  Output: a string expression
+
+ Purpose: we declare a new `cprover_string` whose contents is deduced
+          from the char array.
+
+\*******************************************************************/
+
+string_exprt java_string_library_preprocesst::replace_char_array(
+  const exprt &array_pointer,
+  const source_locationt &loc,
+  symbol_tablet &symbol_table,
+  code_blockt &code)
+{
+  refined_string_typet ref_type=refined_string_type;
+  dereference_exprt array(array_pointer, array_pointer.type().subtype());
+  exprt array_data=get_data(array, symbol_table);
+  // `deref_array` is *(array_pointer->data)`
+  const typet &content_type=ref_type.get_content_type();
+  dereference_exprt deref_array(array_data, array_data.type().subtype());
+
+  // lhs_deref <- convert_pointer_to_char_array(*(array_pointer->data))
+  symbolt sym_char_array=get_fresh_aux_symbol(
+    content_type, "char_array", "char_array", loc, ID_java, symbol_table);
+  symbol_exprt char_array=sym_char_array.symbol_expr();
+  code.add(code_assign_function_application(
+    char_array,
+    ID_cprover_string_array_of_char_pointer_func,
+    {deref_array},
+    symbol_table));
+
+  // string_expr is `{ rhs->length; string_array }`
+  string_exprt string_expr(
+    get_length(array, symbol_table), char_array, refined_string_type);
+  // string_expr_sym <- { rhs->length; string_array }
+  symbol_exprt string_expr_sym=
+    fresh_string(refined_string_type, loc, symbol_table);
+  code.add(code_assignt(string_expr_sym, string_expr));
+
+  return string_expr;
+}
+
+/*******************************************************************\
+
+Function: java_string_library_preprocesst::fresh_string
+
+  Inputs:
+    type - a type for refined strings
+    loc - a location in the program
+    symbol_table - symbol table
+
+  Output: a new symbol
+
+ Purpose: add a symbol with static lifetime and name containing
+          `cprover_string` and given type
+
+\*******************************************************************/
+
+symbol_exprt java_string_library_preprocesst::fresh_string(
+  const typet &type, const source_locationt &loc, symbol_tablet &symbol_table)
+{
+  symbolt string_symbol=get_fresh_aux_symbol(
+    type, "cprover_string", "cprover_string", loc, ID_java, symbol_table);
+  string_symbol.is_static_lifetime=true;
+  return string_symbol.symbol_expr();
+}
+
+/*******************************************************************\
+
+Function: java_string_library_preprocesst::fresh_string_expr
+
+  Inputs:
+    loc - a location in the program
+    symbol_table - symbol table
+    code - code block to which allocation instruction will be added
+
+  Output: a new string_expr
+
+ Purpose: add symbols with prefix cprover_string_length and
+          cprover_string_data and construct a string_expr from them.
+
+\*******************************************************************/
+
+string_exprt java_string_library_preprocesst::fresh_string_expr(
+  const source_locationt &loc, symbol_tablet &symbol_table, code_blockt &code)
+{
+  refined_string_typet type=refined_string_type;
+  symbolt sym_length=get_fresh_aux_symbol(
+    type.get_index_type(),
+    "cprover_string_length",
+    "cprover_string_length",
+    loc,
+    ID_java,
+    symbol_table);
+  symbol_exprt length_field=sym_length.symbol_expr();
+  symbol_exprt content_field=fresh_array(
+    type.get_content_type(), loc, symbol_table);
+  string_exprt str(length_field, content_field, type);
+  code.add(code_declt(length_field));
+  code.add(code_declt(content_field));
+  return str;
+}
+
+/*******************************************************************\
+
+Function: java_string_library_preprocesst::fresh_string_expr_symbol
+
+  Inputs:
+    loc - a location in the program
+    symbol_table - symbol table
+    code - code block to which allocation instruction will be added
+
+  Output: a new expression of refined string type
+
+ Purpose: add symbols with prefix cprover_string_length and
+          cprover_string_data and construct a string_expr from them.
+
+\*******************************************************************/
+
+exprt java_string_library_preprocesst::fresh_string_expr_symbol(
+  const source_locationt &loc, symbol_tablet &symbol_table, code_blockt &code)
+{
+  symbolt sym=get_fresh_aux_symbol(
+    refined_string_type,
+    "cprover_string",
+    "cprover_string",
+    loc,
+    ID_java,
+    symbol_table);
+  code.add(code_declt(sym.symbol_expr()));
+  return sym.symbol_expr();
+}
+
+/*******************************************************************\
+
+Function: java_string_library_preprocesst::allocate_fresh_string
+
+  Inputs:
+    type - a type for string
+    loc - a location in the program
+    symbol_table - symbol table
+    code - code block to which allocation instruction will be added
+
+  Output: a new string
+
+ Purpose: declare a new String and allocate it
+
+\*******************************************************************/
+
+exprt java_string_library_preprocesst::allocate_fresh_string(
+  const typet &type,
+  const source_locationt &loc,
+  symbol_tablet &symbol_table,
+  code_blockt &code)
+{
+  exprt str=fresh_string(type, loc, symbol_table);
+  code.add(code_declt(str));
+  (void) allocate_dynamic_object_with_decl(
+    str, str.type().subtype(), symbol_table, loc, code, false);
+  return str;
+}
+
+/*******************************************************************\
+
+Function: java_string_library_preprocesst::allocate_fresh_array
+
+  Inputs:
+    type - a type for string
+    loc - a location in the program
+    symbol_table - symbol table
+    code - code block to which allocation instruction will be added
+
+  Output: a new array
+
+ Purpose: declare a new character array and allocate it
+
+\*******************************************************************/
+
+exprt java_string_library_preprocesst::allocate_fresh_array(
+  const typet &type,
+  const source_locationt &loc,
+  symbol_tablet &symbol_table,
+  code_blockt &code)
+{
+  exprt array=fresh_array(type, loc, symbol_table);
+  code.add(code_declt(array));
+  (void) allocate_dynamic_object_with_decl(
+    array, array.type().subtype(), symbol_table, loc, code, false);
+  return array;
+}
+
+/*******************************************************************\
+
+Function: java_string_library_preprocesst::make_function_application
+
+  Inputs:
+    function_name - the name of the function
+    arguments - a list of arguments
+    type - return type of the function
+    symbol_table - a symbol table
+
+  Output: a function application representing: function_name(arguments)
+
+\*******************************************************************/
+
+exprt java_string_library_preprocesst::make_function_application(
+  const irep_idt &function_name,
+  const exprt::operandst &arguments,
+  const typet &type,
+  symbol_tablet &symbol_table)
+{
+  // Names of function to call
+  std::string fun_name=id2string(function_name);
+
+  // Declaring the function
+  declare_function(fun_name, type, symbol_table);
+
+  // Function application
+  function_application_exprt call(symbol_exprt(fun_name), type);
+  call.arguments()=arguments;
+  return call;
+}
+
+/*******************************************************************\
+
+Function: java_string_library_preprocesst::code_assign_function_application
+
+  Inputs:
+    lhs - an expression
+    function_name - the name of the function
+    arguments - a list of arguments
+    symbol_table - a symbol table
+
+  Output: the following code:
+          > lhs=function_name_length(arguments)
+
+  Purpose: assign the result of a function call
+
+\*******************************************************************/
+
+codet java_string_library_preprocesst::code_assign_function_application(
+  const exprt &lhs,
+  const irep_idt &function_name,
+  const exprt::operandst &arguments,
+  symbol_tablet &symbol_table)
+{
+  exprt fun_app=make_function_application(
+    function_name, arguments, lhs.type(), symbol_table);
+  return code_assignt(lhs, fun_app);
+}
+
+/*******************************************************************\
+
+Function: java_string_library_preprocesst::code_return_function_application
+
+  Inputs:
+    function_name - the name of the function
+    arguments - a list of arguments
+    type - the return type
+    symbol_table - a symbol table
+
+  Output: the following code:
+          > return function_name_length(arguments)
+
+  Purpose: return the result of a function call
+
+\*******************************************************************/
+
+codet java_string_library_preprocesst::code_return_function_application(
+  const irep_idt &function_name,
+  const exprt::operandst &arguments,
+  const typet &type,
+  symbol_tablet &symbol_table)
+{
+  exprt fun_app=make_function_application(
+    function_name, arguments, type, symbol_table);
+  return code_returnt(fun_app);
+}
+
+/*******************************************************************\
+
+Function: java_string_library_preprocesst::code_assign_function_to_string_expr
+
+  Inputs:
+    string_expr - a string expression
+    function_name - the name of the function
+    arguments - arguments of the function
+    symbol_table - symbol table
+
+  Output: return the following code:
+          > str.length <- function_name_length(arguments)
+          > str.data <- function_name_data(arguments)
+
+\*******************************************************************/
+
+codet java_string_library_preprocesst::code_assign_function_to_string_expr(
+  const string_exprt &string_expr,
+  const irep_idt &function_name,
+  const exprt::operandst &arguments,
+  symbol_tablet &symbol_table)
+{
+  // Names of function to call
+  std::string fun_name_length=id2string(function_name)+"_length";
+  std::string fun_name_data=id2string(function_name)+"_data";
+
+  // Assignments
+  codet assign_fun_length=code_assign_function_application(
+    string_expr.length(), fun_name_length, arguments, symbol_table);
+  codet assign_fun_data=code_assign_function_application(
+    string_expr.content(), fun_name_data, arguments, symbol_table);
+
+  return code_blockt({assign_fun_length, assign_fun_data});
+}
+
+/*******************************************************************\
+
+Function: java_string_library_preprocesst::string_expr_of_function_application
+
+  Inputs:
+    function_name - the name of the function
+    arguments - arguments of the function
+    loc - a location in the program
+    symbol_table - symbol table
+    code - code block in which we add instructions
+
+  Output: return a string expr str and add the following code:
+          > array str.data
+          > str.length <- function_name_length(arguments)
+          > str.data <- function_name_data(arguments)
+
+\*******************************************************************/
+
+string_exprt java_string_library_preprocesst::
+  string_expr_of_function_application(
+    const irep_idt &function_name,
+    const exprt::operandst &arguments,
+    const source_locationt &loc,
+    symbol_tablet &symbol_table,
+    code_blockt &code)
+{
+  string_exprt string_expr=fresh_string_expr(loc, symbol_table, code);
+  code.add(code_assign_function_to_string_expr(
+    string_expr, function_name, arguments, symbol_table));
+  return string_expr;
+}
+
+/*******************************************************************\
+
+Function: java_string_library_preprocesst::
+            code_assign_string_expr_to_java_string
+
+  Inputs:
+    lhs - an expression representing a java string
+    rhs - a string expression
+    symbol_table - symbol table
+
+  Output: return the following code:
+          > lhs->length=rhs.length
+          > lhs->data=&rhs.data
+
+\*******************************************************************/
+
+codet java_string_library_preprocesst::code_assign_string_expr_to_java_string(
+  const exprt &lhs,
+  const string_exprt &rhs,
+  symbol_tablet &symbol_table)
+{
+  assert(implements_java_char_sequence(lhs.type()));
+  dereference_exprt deref(lhs, lhs.type().subtype());
+
+  // Fields of the string object
+  exprt lhs_length=get_length(deref, symbol_table);
+  exprt lhs_data=get_data(deref, symbol_table);
+
+  // Assignments
+  code_blockt code;
+  code.add(code_assignt(lhs_length, rhs.length()));
+  code.add(
+    code_assignt(lhs_data, address_of_exprt(rhs.content())));
+  return code;
+}
+
+/*******************************************************************\
+
+Function: java_string_library_preprocesst::
+            code_assign_string_expr_to_new_java_string
+
+  Inputs:
+    lhs - an expression representing a java string
+    rhs - a string expression
+    loc - a location in the program
+    symbol_table - symbol table
+
+  Output: return the following code:
+          > lhs->length=rhs.length
+          > lhs->data=&rhs.data
+
+\*******************************************************************/
+
+codet java_string_library_preprocesst::
+  code_assign_string_expr_to_new_java_string(
+    const exprt &lhs,
+    const string_exprt &rhs,
+    const source_locationt &loc,
+    symbol_tablet &symbol_table)
+{
+  assert(implements_java_char_sequence(lhs.type()));
+  dereference_exprt deref(lhs, lhs.type().subtype());
+
+  // Fields of the string object
+  exprt lhs_length=get_length(deref, symbol_table);
+  exprt lhs_data=get_data(deref, symbol_table);
+
+  // Assignments
+  code_blockt code;
+  // new array <- malloc(char[])
+  exprt new_array=allocate_fresh_array(
+    get_data_type(deref.type(), symbol_table), loc, symbol_table, code);
+  code.add(code_assignt(
+    dereference_exprt(new_array, new_array.type().subtype()), rhs.content()));
+  code.add(code_assignt(lhs_length, rhs.length()));
+  code.add(code_assignt(lhs_data, new_array));
+  return code;
+}
+
+/*******************************************************************\
+
+Function: java_string_library_preprocesst::
+            code_assign_java_string_to_string_expr
+
+  Inputs:
+    lhs - a string expression
+    rhs - an expression representing a java string
+    symbol_table - symbol table
+
+  Output: return the following code:
+          > lhs.length=rhs->length
+          > lhs.data=*(rhs->data)
+
+\*******************************************************************/
+
+codet java_string_library_preprocesst::code_assign_java_string_to_string_expr(
+  const string_exprt &lhs, const exprt &rhs, symbol_tablet &symbol_table)
+{
+  assert(implements_java_char_sequence(rhs.type()));
+
+  typet deref_type;
+  if(rhs.type().subtype().id()==ID_symbol)
+    deref_type=symbol_table.lookup(
+      to_symbol_type(rhs.type().subtype()).get_identifier()).type;
+  else
+    deref_type=rhs.type().subtype();
+
+  dereference_exprt deref(rhs, deref_type);
+
+  // Fields of the string object
+  exprt rhs_length=get_length(deref, symbol_table);
+  exprt member_data=get_data(deref, symbol_table);
+  dereference_exprt rhs_data(member_data, member_data.type().subtype());
+
+  // Assignments
+  code_blockt code;
+  code.add(code_assignt(lhs.length(), rhs_length));
+  code.add(code_assignt(lhs.content(), rhs_data));
+  return code;
+}
+
+/*******************************************************************\
+
+Function: java_string_library_preprocesst::
+            code_assign_string_literal_to_string_expr
+
+  Inputs:
+    lhs - an expression representing a java string
+    tmp_string - a temporary string to hold the literal
+    s - the literal to be assigned
+    symbol_table - symbol table
+
+  Output: return the following code:
+          > tmp_string = "s"
+          > lhs = (string_expr) tmp_string
+
+\*******************************************************************/
+
+codet java_string_library_preprocesst::
+  code_assign_string_literal_to_string_expr(
+    const string_exprt &lhs,
+    const exprt &tmp_string,
+    const std::string &s,
+    symbol_tablet &symbol_table)
+{
+  code_blockt code;
+  code.add(code_assignt(tmp_string, string_literal(s)));
+  code.add(code_assign_java_string_to_string_expr(
+    lhs, tmp_string, symbol_table));
+  return code;
+}
+
+/*******************************************************************\
+
+Function: java_string_library_preprocesst::
+    make_string_builder_append_object_code
+
+  Inputs:
+    type - type of the function called
+    loc - location in the program
+    symbol_table - symbol table
+
+ Outputs: code for the StringBuilder.append(Object) function:
+          > string1 = arguments[1].toString()
+          > string_expr1 = string_to_string_expr(string1)
+          > string_expr2 = concat(this, string_expr1)
+          > this = string_expr_to_string(string_expr2)
+          > return this
+
+\*******************************************************************/
+
+codet java_string_library_preprocesst::make_string_builder_append_object_code(
+  const code_typet &type,
+  const source_locationt &loc,
+  symbol_tablet &symbol_table)
+{
+  code_typet::parameterst params=type.parameters();
+  assert(params.size()==1);
+  exprt this_obj=symbol_exprt(params[0].get_identifier(), params[0].type());
+
+  // Code to be returned
+  code_blockt code;
+
+  // String expression that will hold the result
+  string_exprt string_expr1=fresh_string_expr(loc, symbol_table, code);
+
+  exprt::operandst arguments=process_parameters(
+    type.parameters(), loc, symbol_table, code);
+  assert(arguments.size()==2);
+
+  // > string1 = arguments[1].toString()
+  exprt string1=fresh_string(this_obj.type(), loc, symbol_table);
+  code_function_callt fun_call;
+  fun_call.lhs()=string1;
+  // TODO: we should look in the symbol table for such a symbol
+  fun_call.function()=symbol_exprt(
+    "java::java.lang.Object.toString:()Ljava/lang/String;");
+  fun_call.arguments().push_back(arguments[1]);
+  code_typet fun_type;
+  fun_type.return_type()=string1.type();
+  fun_call.function().type()=fun_type;
+  code.add(fun_call);
+
+  // > string_expr1 = string_to_string_expr(string1)
+  code.add(code_assign_java_string_to_string_expr(
+    string_expr1, string1, symbol_table));
+
+  // > string_expr2 = concat(this, string1)
+  exprt::operandst concat_arguments(arguments);
+  concat_arguments[1]=string_expr1;
+  string_exprt string_expr2=string_expr_of_function_application(
+    ID_cprover_string_concat_func, concat_arguments, loc, symbol_table, code);
+
+  // > this = string_expr
+  code.add(code_assign_string_expr_to_java_string(
+    this_obj, string_expr2, symbol_table));
+
+  // > return this
+  code.add(code_returnt(this_obj));
+
+  return code;
+}
+
+/*******************************************************************\
+
+Function: java_string_library_preprocesst::make_equals_code
+
+  Inputs:
+    type - type of the function call
+    loc - location in the program_invocation_name
+    symbol_table - symbol table
+
+  Outputs: Code corresponding to:
+    > string_expr1 = {this->length; *this->data}
+    > string_expr2 = {arg->length; *arg->data}
+    > return cprover_string_equal(string_expr1, string_expr2)
+
+  Purpose: Used to provide code for the Java String.equals(Object) function.
+
+\*******************************************************************/
+
+codet java_string_library_preprocesst::make_equals_function_code(
+  const code_typet &type,
+  const source_locationt &loc,
+  symbol_tablet &symbol_table)
+{
+  // TODO: Code should return false if Object is not String.
+  code_blockt code;
+  exprt::operandst ops;
+  for(const auto &p : type.parameters())
+  {
+    symbol_exprt sym(p.get_identifier(), p.type());
+    ops.push_back(sym);
+  }
+  exprt::operandst args=process_equals_function_operands(
+    ops, loc, symbol_table, code);
+  code.add(code_return_function_application(
+    ID_cprover_string_equal_func, args, type.return_type(), symbol_table));
+  return code;
+}
+
+/*******************************************************************\
+
+Function: java_string_library_preprocesst::
+    make_string_builder_append_float_code
+
+  Inputs:
+    type - type of the function call
+    loc - location in the program_invocation_name
+    symbol_table - symbol table
+
+  Outputs: Code corresponding to:
+          > string1 = arguments[1].toString()
+          > string_expr1 = string_to_string_expr(string1)
+          > string_expr2 = concat(this, string_expr1)
+          > this = string_expr_to_string(string_expr2)
+          > return this
+
+  Purpose: Used to provide code for the Java StringBuilder.append(F)
+           function.
+
+\*******************************************************************/
+
+codet java_string_library_preprocesst::make_string_builder_append_float_code(
+  const code_typet &type,
+  const source_locationt &loc,
+  symbol_tablet &symbol_table)
+{
+  code_typet::parameterst params=type.parameters();
+  assert(params.size()==1);
+  exprt this_obj=symbol_exprt(params[0].get_identifier(), params[0].type());
+
+  // Getting types
+  typet length_type=string_length_type();
+
+  // Code to be returned
+  code_blockt code;
+
+  // String expression that will hold the result
+  refined_string_typet ref_type(length_type, java_char_type());
+  string_exprt string_expr1=fresh_string_expr(loc, symbol_table, code);
+
+  exprt::operandst arguments=process_parameters(
+    type.parameters(), loc, symbol_table, code);
+  assert(arguments.size()==2);
+
+  // > string1 = arguments[1].toString()
+  exprt string1=fresh_string(this_obj.type(), loc, symbol_table);
+  code_function_callt fun_call;
+  fun_call.lhs()=string1;
+  // TODO: we should look in the symbol table for such a symbol
+  fun_call.function()=symbol_exprt(
+    "java::java.lang.Float.toString:()Ljava/lang/String;");
+  fun_call.arguments().push_back(arguments[1]);
+  code_typet fun_type;
+  fun_type.return_type()=string1.type();
+  fun_call.function().type()=fun_type;
+  code.add(fun_call);
+
+  // > string_expr1 = string_to_string_expr(string1)
+  code.add(code_assign_java_string_to_string_expr(
+    string_expr1, string1, symbol_table));
+
+  // > string_expr2 = concat(this, string1)
+  exprt::operandst concat_arguments(arguments);
+  concat_arguments[1]=string_expr1;
+
+  string_exprt string_expr2=string_expr_of_function_application(
+    ID_cprover_string_concat_func, concat_arguments, loc, symbol_table, code);
+
+  // > this = string_expr
+  code.add(code_assign_string_expr_to_java_string(
+    this_obj, string_expr2, symbol_table));
+
+  // > return this
+  code.add(code_returnt(this_obj));
+
+  return code;
+}
+
+/*******************************************************************\
+
+Function: java_string_library_preprocesst::string_literal
+
+  Inputs:
+    s - a string
+
+ Outputs: an expression representing a Java string literal with the
+          given content.
+
+ Purpose: construct a Java string literal from a constant string value
+
+\*******************************************************************/
+
+exprt java_string_library_preprocesst::string_literal(const std::string &s)
+{
+  exprt string_literal(ID_java_string_literal);
+  string_literal.set(ID_value, s);
+  return string_literal;
+}
+
+/*******************************************************************\
+
+Function: java_string_library_preprocesst::make_float_to_string_code
+
+  Inputs:
+    type - type of the function call
+    loc - location in the program_invocation_name
+    symbol_table - symbol table
+
+  Outputs: Code corresponding to:
+          > String * str;
+          > str = MALLOC(String);
+          > String * tmp_string;
+          > int string_expr_length;
+          > char[] string_expr_content;
+          > CPROVER_string string_expr_sym;
+          > if arguments[1]==NaN
+          > then {tmp_string="NaN"; string_expr=(string_expr)tmp_string}
+          > if arguments[1]==Infinity
+          > then {tmp_string="Infinity"; string_expr=(string_expr)tmp_string}
+          > if 1e-3<arguments[1]<1e6
+          > then string_expr=cprover_float_to_string(arguments[1])
+          > else string_expr=cprover_float_to_scientific_notation_string(arg[1])
+          > string_expr_sym=string_expr;
+          > str=(String*) string_expr;
+          > return str;
+
+  Purpose: Provide code for the Float.toString(F) function.
+
+\*******************************************************************/
+
+codet java_string_library_preprocesst::make_float_to_string_code(
+  const code_typet &type,
+  const source_locationt &loc,
+  symbol_tablet &symbol_table)
+{
+  // Getting the argument
+  code_typet::parameterst params=type.parameters();
+  assert(params.size()==1 && "wrong number of parameters in Float.toString");
+  exprt arg=symbol_exprt(params[0].get_identifier(), params[0].type());
+
+  // Holder for output code
+  code_blockt code;
+
+  // Declaring and allocating String * str
+  exprt str=allocate_fresh_string(type.return_type(), loc, symbol_table, code);
+  exprt tmp_string=fresh_string(type.return_type(), loc, symbol_table);
+
+  // Declaring CPROVER_string string_expr
+  string_exprt string_expr=fresh_string_expr(loc, symbol_table, code);
+  exprt string_expr_sym=fresh_string_expr_symbol(loc, symbol_table, code);
+
+  // List of the different cases
+  std::vector<code_ifthenelset> case_list;
+
+  // First case in the list is the default
+  code_ifthenelset case_sci_notation;
+  ieee_float_spect float_spec=ieee_float_spect::single_precision();
+  // Subcase of 0.0
+  // TODO: case of -0.0
+  ieee_floatt zero_float(float_spec);
+  zero_float.from_float(0.0);
+  constant_exprt zero=zero_float.to_expr();
+  case_sci_notation.cond()=ieee_float_equal_exprt(arg, zero);
+  case_sci_notation.then_case()=code_assign_string_literal_to_string_expr(
+    string_expr, tmp_string, "0.0", symbol_table);
+
+  // Subcase of computerized scientific notation
+  case_sci_notation.else_case()=code_assign_function_to_string_expr(
+    string_expr, ID_cprover_string_of_float_func, {arg}, symbol_table);
+  case_list.push_back(case_sci_notation);
+
+  // Case of NaN
+  code_ifthenelset case_nan;
+  case_nan.cond()=isnan_exprt(arg);
+  case_nan.then_case()=code_assign_string_literal_to_string_expr(
+    string_expr, tmp_string, "NaN", symbol_table);
+  case_list.push_back(case_nan);
+
+  // Case of Infinity
+  code_ifthenelset case_infinity;
+  code_ifthenelset case_minus_infinity;
+
+  case_infinity.cond()=isinf_exprt(arg);
+  // Case -Infinity
+  exprt isneg=extractbit_exprt(arg, float_spec.width()-1);
+  case_minus_infinity.cond()=isneg;
+  case_minus_infinity.then_case()=code_assign_string_literal_to_string_expr(
+    string_expr, tmp_string, "-Infinity", symbol_table);
+  case_minus_infinity.else_case()=code_assign_string_literal_to_string_expr(
+    string_expr, tmp_string, "Infinity", symbol_table);
+  case_infinity.then_case()=case_minus_infinity;
+  case_list.push_back(case_infinity);
+
+  // Case of simple notation
+  code_ifthenelset case_simple_notation;
+
+  ieee_floatt bound_inf_float(float_spec);
+  ieee_floatt bound_sup_float(float_spec);
+  bound_inf_float.from_float(1e-3);
+  bound_sup_float.from_float(1e7);
+  constant_exprt bound_inf=bound_inf_float.to_expr();
+  constant_exprt bound_sup=bound_sup_float.to_expr();
+
+  and_exprt is_simple_float(
+    binary_relation_exprt(arg, ID_ge, bound_inf),
+    binary_relation_exprt(arg, ID_lt, bound_sup));
+  case_simple_notation.cond()=is_simple_float;
+  case_simple_notation.then_case()=code_assign_function_to_string_expr(
+    string_expr, ID_cprover_string_of_float_func, {arg}, symbol_table);
+  case_list.push_back(case_simple_notation);
+
+  // Combining all cases
+  for(std::size_t i=1; i<case_list.size(); i++)
+    case_list[i].else_case()=case_list[i-1];
+  code.add(case_list[case_list.size()-1]);
+
+  // str = string_expr
+  code.add(code_assign_string_expr_to_java_string(
+    str, string_expr, symbol_table));
+
+  // Assign string_expr_sym = { string_expr_length, string_expr_content }
+  code.add(code_assignt(string_expr_sym, string_expr));
+
+  // Return str
+  code.add(code_returnt(str));
+  return code;
+}
+
+/*******************************************************************\
+
+Function: java_string_library_preprocesst::make_init_function_from_call
+
+  Inputs:
+    function_name - name of the function to be called
+    type - the type of the function call
+    loc - location in program
+    symbol_table - the symbol table to populate
+    ignore_first_arg - boolean flag telling that the first argument
+                       should not be part of the arguments of the call
+                       (but only used to be assigned the result)
+
+ Outputs: code for the String.<init>(args) function:
+          > cprover_string_length = fun(arg).length;
+          > cprover_string_array = fun(arg).data;
+          > this->length = cprover_string_length;
+          > this->data = cprover_string_array;
+          > cprover_string = {.=cprover_string_length, .=cprover_string_array};
+
+  Purpose: Generate the goto code for string initialization.
+
+\*******************************************************************/
+
+codet java_string_library_preprocesst::make_init_function_from_call(
+  const irep_idt &function_name,
+  const code_typet &type,
+  const source_locationt &loc,
+  symbol_tablet &symbol_table,
+  bool ignore_first_arg)
+{
+  code_typet::parameterst params=type.parameters();
+
+  // The first parameter is the object to be initialized
+  assert(!params.empty());
+  exprt arg_this=symbol_exprt(params[0].get_identifier(), params[0].type());
+  if(ignore_first_arg)
+    params.erase(params.begin());
+
+  // Holder for output code
+  code_blockt code;
+
+  // Processing parameters
+  exprt::operandst args=process_parameters(params, loc, symbol_table, code);
+
+  // string_expr <- function(arg1)
+  string_exprt string_expr=string_expr_of_function_application(
+    function_name, args, loc, symbol_table, code);
+
+  // arg_this <- string_expr
+  code.add(code_assign_string_expr_to_new_java_string(
+    arg_this, string_expr, loc, symbol_table));
+
+  // string_expr_sym <- {string_expr.length, string_expr.content}
+  exprt string_expr_sym=fresh_string_expr_symbol(loc, symbol_table, code);
+  code.add(code_assignt(string_expr_sym, string_expr));
+
+  return code;
+}
+
+/*******************************************************************\
+
+Function: java_string_library_preprocesst::
+            make_assign_and_return_function_from_call
+
+  Inputs:
+    function_name - name of the function to be called
+    type - the type of the function call
+    loc - location in program
+    symbol_table - the symbol table to populate
+
+  Outputs: Code calling function with the given function name.
+
+  Purpose: Call a cprover internal function, assign the result to
+           object `this` and return it.
+
+\*******************************************************************/
+
+codet java_string_library_preprocesst::
+  make_assign_and_return_function_from_call(
+    const irep_idt &function_name,
+    const code_typet &type,
+    const source_locationt &loc,
+    symbol_tablet &symbol_table)
+{
+  // This is similar to assign functions except we return a pointer to `this`
+  code_blockt code;
+  code.add(make_assign_function_from_call(
+    function_name, type, loc, symbol_table));
+  code_typet::parameterst params=type.parameters();
+  assert(!params.empty());
+  exprt arg_this=symbol_exprt(params[0].get_identifier(), params[0].type());
+  code.add(code_returnt(arg_this));
+  return code;
+}
+
+/*******************************************************************\
+
+Function: java_string_library_preprocesst::make_assign_function_from_call
+
+  Inputs:
+    function_name - name of the function to be called
+    type - the type of the function call
+    loc - location in program
+    symbol_table - the symbol table to populate
+
+  Outputs: Code assigning result of a call to the function with given
+           function name.
+
+  Purpose: Call a cprover internal function and assign the result to
+           object `this`.
+
+\*******************************************************************/
+
+codet java_string_library_preprocesst::make_assign_function_from_call(
+    const irep_idt &function_name,
+    const code_typet &type,
+    const source_locationt &loc,
+    symbol_tablet &symbol_table)
+{
+  // This is similar to initialization function except we do not ignore
+  // the first argument
+  codet code=make_init_function_from_call(
+    function_name, type, loc, symbol_table, false);
+  return code;
+}
+
+/*******************************************************************\
+
+Function: java_string_library_preprocesst::make_string_to_char_array_code
+
+  Inputs:
+    type - type of the function called
+    loc - location in the source
+    symbol_table - the symbol table
+
+  Outputs: Code corresponding to
+          > return_tmp0 = malloc(array[char]);
+          > return_tmp0->data=&((s->data)[0])
+          > return_tmp0->length=s->length
+
+  Purpose: Used to provide our own implementation of the
+           java.lang.String.toCharArray:()[C function.
+
+\*******************************************************************/
+
+codet java_string_library_preprocesst::make_string_to_char_array_code(
+    const code_typet &type,
+    const source_locationt &loc,
+    symbol_tablet &symbol_table)
+{
+  code_blockt code;
+  assert(!type.parameters().empty());
+  const code_typet::parametert &p=type.parameters()[0];
+  symbol_exprt string_argument(p.get_identifier(), p.type());
+  assert(implements_java_char_sequence(string_argument.type()));
+  dereference_exprt deref(string_argument, string_argument.type().subtype());
+
+  // lhs <- malloc(array[char])
+  exprt lhs=fresh_array(type.return_type(), loc, symbol_table);
+  allocate_dynamic_object_with_decl(
+    lhs, lhs.type().subtype(), symbol_table, loc, code);
+
+  // first_element_address is `&((string_argument->data)[0])`
+  exprt data=get_data(deref, symbol_table);
+  dereference_exprt deref_data(data, data.type().subtype());
+  exprt first_index=from_integer(0, string_length_type());
+  index_exprt first_element(deref_data, first_index, java_char_type());
+  address_of_exprt first_element_address(first_element);
+
+  // lhs->data <- &((string_argument->data)[0])
+  dereference_exprt deref_lhs(lhs, lhs.type().subtype());
+  exprt lhs_data=get_data(deref_lhs, symbol_table);
+  code.add(code_assignt(lhs_data, first_element_address));
+
+  // lhs->length <- s->length
+  exprt rhs_length=get_length(deref, symbol_table);
+  exprt lhs_length=get_length(deref_lhs, symbol_table);
+  code.add(code_assignt(lhs_length, rhs_length));
+
+  // return lhs
+  code.add(code_returnt(lhs));
+  return code;
+}
+
+/*******************************************************************\
+
+Function: java_string_library_preprocesst::make_function_from_call
+
+  Inputs:
+    function_name - name of the function to be called
+    type - type of the function
+    loc - location in the source
+    symbol_table - symbol table
+
+  Outputs: Code corresponding to:
+           > return function_name(args);
+
+  Purpose: Provide code for a function that calls a function from the
+           solver and simply returns it.
+
+\*******************************************************************/
+
+codet java_string_library_preprocesst::make_function_from_call(
+  const irep_idt &function_name,
+  const code_typet &type,
+  const source_locationt &loc,
+  symbol_tablet &symbol_table)
+{
+  code_blockt code;
+  exprt::operandst args=process_parameters(
+    type.parameters(), loc, symbol_table, code);
+  code.add(code_return_function_application(
+    function_name, args, type.return_type(), symbol_table));
+  return code;
+}
+
+/*******************************************************************\
+
+Function:
+    java_string_library_preprocesst::make_string_returning_function_from_call
+
+  Inputs:
+    function_name - name of the function to be called
+    type - type of the function
+    loc - location in the source
+    symbol_table - symbol table
+
+  Outputs: Code corresponding to:
+          > string_expr = function_name(args)
+          > string = string_expr_to_string(string)
+          > return string
+
+  Purpose: Provide code for a function that calls a function from the
+           solver and return the string_expr result as a Java string.
+
+\*******************************************************************/
+
+codet java_string_library_preprocesst::
+  make_string_returning_function_from_call(
+    const irep_idt &function_name,
+    const code_typet &type,
+    const source_locationt &loc,
+    symbol_tablet &symbol_table)
+{
+  // Code for the output
+  code_blockt code;
+
+  // Calling the function
+  exprt::operandst arguments=process_parameters(
+    type.parameters(), loc, symbol_table, code);
+
+  // String expression that will hold the result
+  string_exprt string_expr=string_expr_of_function_application(
+    function_name, arguments, loc, symbol_table, code);
+
+  // Assigning string_expr to symbol for keeping track of it
+  exprt string_expr_sym=fresh_string_expr_symbol(loc, symbol_table, code);
+  code.add(code_assignt(string_expr_sym, string_expr));
+
+  // Assigning to string
+  exprt str=allocate_fresh_string(type.return_type(), loc, symbol_table, code);
+  code.add(code_assign_string_expr_to_new_java_string(
+    str, string_expr, loc, symbol_table));
+
+  // Return value
+  code.add(code_returnt(str));
+  return code;
+}
+
+/*******************************************************************\
+
+Function: java_string_library_preprocesst::code_for_function
+
+  Inputs:
+    function_id - name of the function
+    type - its type
+    loc - location in the program
+    symbol_table - a symbol table
+
+  Outputs: Code for the body of the String functions if they are part
+           of the supported String functions, nil_exprt otherwise.
+
+  Purpose: Should be called to provide code for string functions that
+           are used in the code but for which no implementation is
+           provided.
+
+\*******************************************************************/
+
+exprt java_string_library_preprocesst::code_for_function(
+  const irep_idt &function_id,
+  const code_typet &type,
+  const source_locationt &loc,
+  symbol_tablet &symbol_table)
+{
+  auto it_id=cprover_equivalent_to_java_function.find(function_id);
+  if(it_id!=cprover_equivalent_to_java_function.end())
+    return make_function_from_call(it_id->second, type, loc, symbol_table);
+
+  it_id=cprover_equivalent_to_java_string_returning_function.find(function_id);
+  if(it_id!=cprover_equivalent_to_java_string_returning_function.end())
+    return make_string_returning_function_from_call(
+      it_id->second, type, loc, symbol_table);
+
+  it_id=cprover_equivalent_to_java_constructor.find(function_id);
+  if(it_id!=cprover_equivalent_to_java_constructor.end())
+    return make_init_function_from_call(
+      it_id->second, type, loc, symbol_table);
+
+  it_id=cprover_equivalent_to_java_assign_and_return_function.find(function_id);
+  if(it_id!=cprover_equivalent_to_java_assign_and_return_function.end())
+    return make_assign_and_return_function_from_call(
+      it_id->second, type, loc, symbol_table);
+
+  it_id=cprover_equivalent_to_java_assign_function.find(function_id);
+  if(it_id!=cprover_equivalent_to_java_assign_function.end())
+    return make_assign_function_from_call(
+      it_id->second, type, loc, symbol_table);
+
+  auto it=conversion_table.find(function_id);
+  if(it!=conversion_table.end())
+    return it->second(type, loc, symbol_table);
+
+  return nil_exprt();
+}
+
+/*******************************************************************\
+
+Function: java_string_library_preprocesst::is_known_string_type
+
+  Inputs:
+    class_name - name of the class
+
+ Outputs: True if the type is one that is known to our preprocessing,
+          false otherwise
+
+ Purpose: Check whether a class name is known as a string type.
+
+\*******************************************************************/
+
+bool java_string_library_preprocesst::is_known_string_type(
+  irep_idt class_name)
+{
+  return string_types.find(class_name)!=string_types.end();
+}
+
+/*******************************************************************\
+
+Function: java_string_library_preprocesst::initialize_conversion_table
+
+ Purpose: fill maps with correspondence from java method names to
+          conversion functions
+
+\*******************************************************************/
+
+void java_string_library_preprocesst::initialize_conversion_table()
+{
+  character_preprocess.initialize_conversion_table();
+
+  string_types=
+    std::unordered_set<irep_idt, irep_id_hash>{"java.lang.String",
+                                               "java.lang.StringBuilder",
+                                               "java.lang.CharSequence",
+                                               "java.lang.StringBuffer"};
+
+  // String library
+  cprover_equivalent_to_java_constructor
+    ["java::java.lang.String.<init>:(Ljava/lang/String;)V"]=
+      ID_cprover_string_copy_func;
+  cprover_equivalent_to_java_constructor
+    ["java::java.lang.String.<init>:(Ljava/lang/StringBuilder;)V"]=
+      ID_cprover_string_copy_func;
+  cprover_equivalent_to_java_constructor
+    ["java::java.lang.String.<init>:([C)V"]=
+      ID_cprover_string_copy_func;
+  cprover_equivalent_to_java_constructor
+    ["java::java.lang.String.<init>:([CII)V"]=
+      ID_cprover_string_copy_func;
+  cprover_equivalent_to_java_constructor
+    ["java::java.lang.String.<init>:()V"]=
+      ID_cprover_string_empty_string_func;
+  // Not supported java.lang.String.<init>:(Ljava/lang/StringBuffer;)
+
+  cprover_equivalent_to_java_function
+    ["java::java.lang.String.charAt:(I)C"]=
+      ID_cprover_string_char_at_func;
+  cprover_equivalent_to_java_function
+    ["java::java.lang.String.codePointAt:(I)I"]=
+      ID_cprover_string_code_point_at_func;
+  cprover_equivalent_to_java_function
+    ["java::java.lang.String.codePointBefore:(I)I"]=
+      ID_cprover_string_code_point_before_func;
+  cprover_equivalent_to_java_function
+    ["java::java.lang.String.codePointCount:(II)I"]=
+      ID_cprover_string_code_point_count_func;
+  cprover_equivalent_to_java_function
+    ["java::java.lang.String.compareTo:(Ljava/lang/String;)I"]=
+      ID_cprover_string_compare_to_func;
+  // Not supported "java.lang.String.contentEquals"
+  cprover_equivalent_to_java_string_returning_function
+    ["java::java.lang.String.concat:(Ljava/lang/String;)Ljava/lang/String;"]=
+      ID_cprover_string_concat_func;
+  cprover_equivalent_to_java_function
+    ["java::java.lang.String.contains:(Ljava/lang/CharSequence;)Z"]=
+    ID_cprover_string_contains_func;
+  cprover_equivalent_to_java_string_returning_function
+    ["java::java.lang.String.copyValueOf:([CII)Ljava/lang/String;"]=
+    ID_cprover_string_copy_func;
+  cprover_equivalent_to_java_string_returning_function
+    ["java::java.lang.String.copyValueOf:([C)Ljava/lang/String;"]=
+    ID_cprover_string_copy_func;
+  cprover_equivalent_to_java_function
+    ["java::java.lang.String.endsWith:(Ljava/lang/String;)Z"]=
+      ID_cprover_string_endswith_func;
+
+  conversion_table["java::java.lang.String.equals:(Ljava/lang/Object;)Z"]=
+    std::bind(
+      &java_string_library_preprocesst::make_equals_function_code,
+      this,
+      std::placeholders::_1,
+      std::placeholders::_2,
+      std::placeholders::_3);
+  cprover_equivalent_to_java_function
+    ["java::java.lang.String.equalsIgnoreCase:(Ljava/lang/String;)Z"]=
+      ID_cprover_string_equals_ignore_case_func;
+  // Not supported "java.lang.String.format"
+  // Not supported "java.lang.String.getBytes"
+  // Not supported "java.lang.String.getChars"
+  cprover_equivalent_to_java_function
+    ["java::java.lang.String.hashCode:()I"]=
+      ID_cprover_string_hash_code_func;
+  cprover_equivalent_to_java_function
+    ["java::java.lang.String.indexOf:(I)I"]=
+      ID_cprover_string_index_of_func;
+  cprover_equivalent_to_java_function
+    ["java::java.lang.String.indexOf:(II)I"]=
+      ID_cprover_string_index_of_func;
+  cprover_equivalent_to_java_function
+    ["java::java.lang.String.indexOf:(Ljava/lang/String;)I"]=
+      ID_cprover_string_index_of_func;
+  cprover_equivalent_to_java_function
+    ["java::java.lang.String.indexOf:(Ljava/lang/String;I)I"]=
+      ID_cprover_string_index_of_func;
+  cprover_equivalent_to_java_function
+    ["java::java.lang.String.intern:()Ljava/lang/String;"]=
+      ID_cprover_string_intern_func;
+  cprover_equivalent_to_java_function
+    ["java::java.lang.String.isEmpty:()Z"]=
+      ID_cprover_string_is_empty_func;
+  cprover_equivalent_to_java_function
+    ["java::java.lang.String.lastIndexOf:(I)I"]=
+      ID_cprover_string_last_index_of_func;
+  cprover_equivalent_to_java_function
+    ["java::java.lang.String.lastIndexOf:(II)I"]=
+      ID_cprover_string_last_index_of_func;
+  cprover_equivalent_to_java_function
+    ["java::java.lang.String.lastIndexOf:(Ljava/lang/String;)I"]=
+      ID_cprover_string_last_index_of_func;
+  cprover_equivalent_to_java_function
+    ["java::java.lang.String.lastIndexOf:(Ljava/lang/String;I)I"]=
+      ID_cprover_string_last_index_of_func;
+  cprover_equivalent_to_java_function
+    ["java::java.lang.String.length:()I"]=
+      ID_cprover_string_length_func;
+  // Not supported "java.lang.String.matches"
+  cprover_equivalent_to_java_function
+    ["java::java.lang.String.offsetByCodePoints:(II)I"]=
+      ID_cprover_string_offset_by_code_point_func;
+  // Not supported "java.lang.String.regionMatches"
+  cprover_equivalent_to_java_string_returning_function
+    ["java::java.lang.String.replace:(CC)Ljava/lang/String;"]=
+      ID_cprover_string_replace_func;
+  // Not supported "java.lang.String.replace:(LCharSequence;LCharSequence)"
+  // Not supported "java.lang.String.replaceAll"
+  // Not supported "java.lang.String.replaceFirst"
+  // Not supported "java.lang.String.split"
+  cprover_equivalent_to_java_function
+    ["java::java.lang.String.startsWith:(Ljava/lang/String;)Z"]=
+      ID_cprover_string_startswith_func;
+  cprover_equivalent_to_java_function
+    ["java::java.lang.String.startsWith:(Ljava/lang/String;I)Z"]=
+      ID_cprover_string_startswith_func;
+  cprover_equivalent_to_java_string_returning_function
+    ["java::java.lang.String.subSequence:(II)Ljava/lang/CharSequence;"]=
+      ID_cprover_string_substring_func;
+  cprover_equivalent_to_java_string_returning_function
+    ["java::java.lang.String.substring:(II)Ljava/lang/String;"]=
+      ID_cprover_string_substring_func;
+  cprover_equivalent_to_java_string_returning_function
+    ["java::java.lang.String.substring:(I)Ljava/lang/String;"]=
+      ID_cprover_string_substring_func;
+  conversion_table
+    ["java::java.lang.String.toCharArray:()[C"]=
+      std::bind(
+        &java_string_library_preprocesst::make_string_to_char_array_code,
+        this,
+        std::placeholders::_1,
+        std::placeholders::_2,
+        std::placeholders::_3);
+  cprover_equivalent_to_java_string_returning_function
+    ["java::java.lang.String.toLowerCase:()Ljava/lang/String;"]=
+      ID_cprover_string_to_lower_case_func;
+  // Not supported "java.lang.String.toLowerCase:(Locale)"
+  // Not supported "java.lang.String.toString:()"
+  cprover_equivalent_to_java_string_returning_function
+    ["java::java.lang.String.toUpperCase:()Ljava/lang/String;"]=
+      ID_cprover_string_to_upper_case_func;
+  // Not supported "java.lang.String.toUpperCase:(Locale)"
+  cprover_equivalent_to_java_string_returning_function
+    ["java::java.lang.String.trim:()Ljava/lang/String;"]=
+      ID_cprover_string_trim_func;
+  cprover_equivalent_to_java_string_returning_function
+    ["java::java.lang.String.valueOf:(Z)Ljava/lang/String;"]=
+      ID_cprover_string_of_bool_func;
+  cprover_equivalent_to_java_string_returning_function
+    ["java::java.lang.String.valueOf:(C)Ljava/lang/String;"]=
+      ID_cprover_string_of_char_func;
+  cprover_equivalent_to_java_string_returning_function
+    ["java::java.lang.String.valueOf:([C)Ljava/lang/String;"]=
+      ID_cprover_string_copy_func;
+  cprover_equivalent_to_java_string_returning_function
+    ["java::java.lang.String.valueOf:([CII)Ljava/lang/String;"]=
+      ID_cprover_string_copy_func;
+  cprover_equivalent_to_java_string_returning_function
+    ["java::java.lang.String.valueOf:(D)Ljava/lang/String;"]=
+      ID_cprover_string_of_double_func;
+  cprover_equivalent_to_java_string_returning_function
+    ["java::java.lang.String.valueOf:(F)Ljava/lang/String;"]=
+      ID_cprover_string_of_float_func;
+  cprover_equivalent_to_java_string_returning_function
+    ["java::java.lang.String.valueOf:(I)Ljava/lang/String;"]=
+      ID_cprover_string_of_int_func;
+  cprover_equivalent_to_java_string_returning_function
+    ["java::java.lang.String.valueOf:(J)Ljava/lang/String;"]=
+      ID_cprover_string_of_long_func;
+  // Not supported "java.lang.String.valueOf:(LObject;)"
+
+  // StringBuilder library
+  cprover_equivalent_to_java_constructor
+    ["java::java.lang.StringBuilder.<init>:(Ljava/lang/String;)V"]=
+      ID_cprover_string_copy_func;
+  cprover_equivalent_to_java_constructor
+    ["java::java.lang.StringBuilder.<init>:()V"]=
+      ID_cprover_string_empty_string_func;
+
+  cprover_equivalent_to_java_assign_and_return_function
+    ["java::java.lang.StringBuilder.append:(Z)Ljava/lang/StringBuilder;"]=
+      ID_cprover_string_concat_bool_func;
+  cprover_equivalent_to_java_assign_and_return_function
+    ["java::java.lang.StringBuilder.append:(C)Ljava/lang/StringBuilder;"]=
+      ID_cprover_string_concat_char_func;
+  cprover_equivalent_to_java_assign_and_return_function
+    ["java::java.lang.StringBuilder.append:([C)"
+      "Ljava/lang/StringBuilder;"]=
+      ID_cprover_string_concat_func;
+  // Not supported: "java.lang.StringBuilder.append:([CII)"
+  // Not supported: "java.lang.StringBuilder.append:(LCharSequence;)"
+  cprover_equivalent_to_java_assign_and_return_function
+    ["java::java.lang.StringBuilder.append:(D)Ljava/lang/StringBuilder;"]=
+      ID_cprover_string_concat_double_func;
+  conversion_table["java::java.lang.StringBuilder.append:"
+                   "(F)Ljava/lang/StringBuilder;"]=
+    std::bind(
+      &java_string_library_preprocesst::make_string_builder_append_float_code,
+      this,
+      std::placeholders::_1,
+      std::placeholders::_2,
+      std::placeholders::_3);
+  cprover_equivalent_to_java_assign_and_return_function
+    ["java::java.lang.StringBuilder.append:(I)Ljava/lang/StringBuilder;"]=
+      ID_cprover_string_concat_int_func;
+  cprover_equivalent_to_java_assign_and_return_function
+    ["java::java.lang.StringBuilder.append:(J)Ljava/lang/StringBuilder;"]=
+      ID_cprover_string_concat_long_func;
+
+  conversion_table["java::java.lang.StringBuilder.append:"
+                   "(Ljava/lang/Object;)Ljava/lang/StringBuilder;"]=
+    std::bind(
+      &java_string_library_preprocesst::make_string_builder_append_object_code,
+      this,
+      std::placeholders::_1,
+      std::placeholders::_2,
+      std::placeholders::_3);
+  cprover_equivalent_to_java_assign_and_return_function
+    ["java::java.lang.StringBuilder.append:(Ljava/lang/String;)"
+      "Ljava/lang/StringBuilder;"]=
+      ID_cprover_string_concat_func;
+  cprover_equivalent_to_java_assign_and_return_function
+    ["java::java.lang.StringBuilder.appendCodePoint:(I)"
+     "Ljava/lang/StringBuilder;"]=
+      ID_cprover_string_concat_code_point_func;
+  // Not supported: "java.lang.StringBuilder.append:(Ljava/lang/StringBuffer;)"
+  // Not supported: "java.lang.StringBuilder.capacity:()"
+  cprover_equivalent_to_java_function
+    ["java::java.lang.StringBuilder.charAt:(I)C"]=
+      ID_cprover_string_char_at_func;
+  cprover_equivalent_to_java_function
+    ["java::java.lang.StringBuilder.codePointAt:(I)I"]=
+      ID_cprover_string_code_point_at_func;
+  cprover_equivalent_to_java_function
+    ["java::java.lang.StringBuilder.codePointBefore:(I)I"]=
+      ID_cprover_string_code_point_before_func;
+  cprover_equivalent_to_java_function
+    ["java::java.lang.StringBuilder.codePointCount:(II)I"]=
+      ID_cprover_string_code_point_count_func;
+  cprover_equivalent_to_java_assign_and_return_function
+    ["java::java.lang.StringBuilder.delete:(II)Ljava/lang/StringBuilder;"]=
+      ID_cprover_string_delete_func;
+  cprover_equivalent_to_java_assign_and_return_function
+    ["java::java.lang.StringBuilder.deleteCharAt:(I)Ljava/lang/StringBuilder;"]=
+    ID_cprover_string_delete_char_at_func;
+  // Not supported: "java.lang.StringBuilder.ensureCapacity:()"
+  // Not supported: "java.lang.StringBuilder.getChars:()"
+  // Not supported: "java.lang.StringBuilder.indexOf:()"
+  cprover_equivalent_to_java_assign_and_return_function
+    ["java::java.lang.StringBuilder.insert:(IZ)Ljava/lang/StringBuilder;"]=
+      ID_cprover_string_insert_bool_func;
+  cprover_equivalent_to_java_assign_and_return_function
+    ["java::java.lang.StringBuilder.insert:(IC)Ljava/lang/StringBuilder;"]=
+      ID_cprover_string_insert_char_func;
+  cprover_equivalent_to_java_assign_and_return_function
+    ["java::java.lang.StringBuilder.insert:(I[C)Ljava/lang/StringBuilder;"]=
+      ID_cprover_string_insert_func;
+  cprover_equivalent_to_java_assign_and_return_function
+    ["java::java.lang.StringBuilder.insert:(I[CII)Ljava/lang/StringBuilder;"]=
+      ID_cprover_string_insert_func;
+  // Not supported "java.lang.StringBuilder.insert:(ILCharSequence;)"
+  // Not supported "java.lang.StringBuilder.insert:(ILCharSequence;II)"
+  // Not supported "java.lang.StringBuilder.insert:(ID)"
+  // Not supported "java.lang.StringBuilder.insert:(IF)"
+  cprover_equivalent_to_java_assign_and_return_function
+    ["java::java.lang.StringBuilder.insert:(II)Ljava/lang/StringBuilder;"]=
+      ID_cprover_string_insert_int_func;
+  cprover_equivalent_to_java_assign_and_return_function
+    ["java::java.lang.StringBuilder.insert:(IJ)Ljava/lang/StringBuilder;"]=
+      ID_cprover_string_insert_long_func;
+  // Not supported "java.lang.StringBuilder.insert:(ILObject;)"
+  cprover_equivalent_to_java_assign_and_return_function
+    ["java::java.lang.StringBuilder.insert:(ILjava/lang/String;)"
+     "Ljava/lang/StringBuilder;"]=
+      ID_cprover_string_insert_func;
+  // Not supported "java.lang.StringBuilder.lastIndexOf"
+  cprover_equivalent_to_java_function
+    ["java::java.lang.StringBuilder.length:()I"]=
+      ID_cprover_string_length_func;
+  // Not supported "java.lang.StringBuilder.offsetByCodePoints"
+  // Not supported "java.lang.StringBuilder.replace"
+  // Not supported "java.lang.StringBuilder.reverse"
+  cprover_equivalent_to_java_assign_function
+    ["java::java.lang.StringBuilder.setCharAt:(IC)V"]=
+      ID_cprover_string_char_set_func;
+  cprover_equivalent_to_java_assign_function
+    ["java::java.lang.StringBuilder.setLength:(I)V"]=
+      ID_cprover_string_set_length_func;
+  // Not supported "java.lang.StringBuilder.subSequence"
+  cprover_equivalent_to_java_string_returning_function
+    ["java::java.lang.StringBuilder.substring:(II)Ljava/lang/String;"]=
+      ID_cprover_string_substring_func;
+  cprover_equivalent_to_java_string_returning_function
+    ["java::java.lang.StringBuilder.substring:(I)Ljava/lang/String;"]=
+      ID_cprover_string_substring_func;
+  cprover_equivalent_to_java_string_returning_function
+    ["java::java.lang.StringBuilder.toString:()Ljava/lang/String;"]=
+      ID_cprover_string_copy_func;
+  // Not supported "java.lang.StringBuilder.trimToSize"
+  // TODO clean irep ids from insert_char_array etc...
+
+  // StringBuffer library
+  cprover_equivalent_to_java_constructor
+    ["java::java.lang.StringBuffer.<init>:(Ljava/lang/String;)V"]=
+      ID_cprover_string_copy_func;
+  cprover_equivalent_to_java_constructor
+    ["java::java.lang.StringBuffer.<init>:()V"]=
+      ID_cprover_string_empty_string_func;
+
+  cprover_equivalent_to_java_assign_and_return_function
+    ["java::java.lang.StringBuffer.append:(Z)Ljava/lang/StringBuffer;"]=
+      ID_cprover_string_concat_bool_func;
+  cprover_equivalent_to_java_assign_and_return_function
+    ["java::java.lang.StringBuffer.append:(C)Ljava/lang/StringBuffer;"]=
+      ID_cprover_string_concat_char_func;
+  cprover_equivalent_to_java_assign_and_return_function
+    ["java::java.lang.StringBuffer.append:([C)"
+      "Ljava/lang/StringBuffer;"]=
+      ID_cprover_string_concat_func;
+  // Not supported: "java.lang.StringBuffer.append:([CII)"
+  // Not supported: "java.lang.StringBuffer.append:(LCharSequence;)"
+  cprover_equivalent_to_java_assign_and_return_function
+    ["java::java.lang.StringBuffer.append:(D)Ljava/lang/StringBuffer;"]=
+      ID_cprover_string_concat_double_func;
+  cprover_equivalent_to_java_assign_and_return_function
+    ["java::java.lang.StringBuffer.append:(F)Ljava/lang/StringBuffer;"]=
+      ID_cprover_string_concat_float_func;
+  cprover_equivalent_to_java_assign_and_return_function
+    ["java::java.lang.StringBuffer.append:(I)Ljava/lang/StringBuffer;"]=
+      ID_cprover_string_concat_int_func;
+  cprover_equivalent_to_java_assign_and_return_function
+    ["java::java.lang.StringBuffer.append:(J)Ljava/lang/StringBuffer;"]=
+      ID_cprover_string_concat_long_func;
+  // Not supported: "java.lang.StringBuffer.append:(LObject;)"
+  cprover_equivalent_to_java_assign_and_return_function
+    ["java::java.lang.StringBuffer.append:(Ljava/lang/String;)"
+      "Ljava/lang/StringBuffer;"]=
+      ID_cprover_string_concat_func;
+  cprover_equivalent_to_java_assign_and_return_function
+    ["java::java.lang.StringBuffer.appendCodePoint:(I)"
+     "Ljava/lang/StringBuffer;"]=
+      ID_cprover_string_concat_code_point_func;
+  // Not supported: "java.lang.StringBuffer.append:(Ljava/lang/StringBuffer;)"
+  // Not supported: "java.lang.StringBuffer.capacity:()"
+  cprover_equivalent_to_java_function
+    ["java::java.lang.StringBuffer.charAt:(I)C"]=
+      ID_cprover_string_char_at_func;
+  cprover_equivalent_to_java_function
+    ["java::java.lang.StringBuffer.codePointAt:(I)I"]=
+      ID_cprover_string_code_point_at_func;
+  cprover_equivalent_to_java_function
+    ["java::java.lang.StringBuffer.codePointBefore:(I)I"]=
+      ID_cprover_string_code_point_before_func;
+  cprover_equivalent_to_java_function
+    ["java::java.lang.StringBuffer.codePointCount:(II)I"]=
+      ID_cprover_string_code_point_count_func;
+  cprover_equivalent_to_java_assign_and_return_function
+    ["java::java.lang.StringBuffer.delete:(II)Ljava/lang/StringBuffer;"]=
+      ID_cprover_string_delete_func;
+  cprover_equivalent_to_java_assign_and_return_function
+    ["java::java.lang.StringBuffer.deleteCharAt:(I)Ljava/lang/StringBuffer;"]=
+      ID_cprover_string_delete_char_at_func;
+  // Not supported: "java.lang.StringBuffer.ensureCapacity:()"
+  // Not supported: "java.lang.StringBuffer.getChars:()"
+  // Not supported: "java.lang.StringBuffer.indexOf:()"
+  cprover_equivalent_to_java_assign_and_return_function
+    ["java::java.lang.StringBuffer.insert:(IZ)Ljava/lang/StringBuffer;"]=
+      ID_cprover_string_insert_bool_func;
+  cprover_equivalent_to_java_assign_and_return_function
+    ["java::java.lang.StringBuffer.insert:(IC)Ljava/lang/StringBuffer;"]=
+      ID_cprover_string_insert_char_func;
+  cprover_equivalent_to_java_assign_and_return_function
+    ["java::java.lang.StringBuffer.insert:(I[C)Ljava/lang/StringBuffer;"]=
+      ID_cprover_string_insert_func;
+  cprover_equivalent_to_java_assign_and_return_function
+    ["java::java.lang.StringBuffer.insert:(I[CII)Ljava/lang/StringBuffer;"]=
+      ID_cprover_string_insert_func;
+  // Not supported "java.lang.StringBuffer.insert:(ILCharSequence;)"
+  // Not supported "java.lang.StringBuffer.insert:(ILCharSequence;II)"
+  // Not supported "java.lang.StringBuffer.insert:(ID)"
+  // Not supported "java.lang.StringBuffer.insert:(IF)"
+  cprover_equivalent_to_java_assign_and_return_function
+    ["java::java.lang.StringBuffer.insert:(II)Ljava/lang/StringBuffer;"]=
+      ID_cprover_string_insert_int_func;
+  cprover_equivalent_to_java_assign_and_return_function
+    ["java::java.lang.StringBuffer.insert:(IJ)Ljava/lang/StringBuffer;"]=
+      ID_cprover_string_insert_long_func;
+  // Not supported "java.lang.StringBuffer.insert:(ILObject;)"
+  cprover_equivalent_to_java_assign_and_return_function
+    ["java::java.lang.StringBuffer.insert:(ILjava/lang/String;)"
+     "Ljava/lang/StringBuffer;"]=
+      ID_cprover_string_insert_func;
+  // Not supported "java.lang.StringBuffer.lastIndexOf"
+  cprover_equivalent_to_java_function
+    ["java::java.lang.StringBuffer.length:()I"]=
+      ID_cprover_string_length_func;
+  // Not supported "java.lang.StringBuffer.offsetByCodePoints"
+  // Not supported "java.lang.StringBuffer.replace"
+  // Not supported "java.lang.StringBuffer.reverse"
+  cprover_equivalent_to_java_assign_function
+    ["java::java.lang.StringBuffer.setCharAt:(IC)V"]=
+      ID_cprover_string_char_set_func;
+  cprover_equivalent_to_java_assign_function
+    ["java::java.lang.StringBuffer.setLength:(I)V"]=
+    ID_cprover_string_set_length_func;
+  // Not supported "java.lang.StringBuffer.subSequence"
+  cprover_equivalent_to_java_string_returning_function
+    ["java::java.lang.StringBuffer.substring:(II)Ljava/lang/String;"]=
+      ID_cprover_string_substring_func;
+  cprover_equivalent_to_java_string_returning_function
+    ["java::java.lang.StringBuffer.substring:(I)Ljava/lang/String;"]=
+      ID_cprover_string_substring_func;
+  cprover_equivalent_to_java_string_returning_function
+    ["java::java.lang.StringBuffer.toString:()Ljava/lang/String;"]=
+      ID_cprover_string_copy_func;
+  // Not supported "java.lang.StringBuffer.trimToSize"
+
+  // Other libraries
+  cprover_equivalent_to_java_function
+    ["java::java.lang.CharSequence.charAt:(I)C"]=
+      ID_cprover_string_char_at_func;
+  conversion_table
+    ["java::java.lang.Float.toString:(F)Ljava/lang/String;"]=
+      std::bind(
+        &java_string_library_preprocesst::make_float_to_string_code,
+        this,
+        std::placeholders::_1,
+        std::placeholders::_2,
+        std::placeholders::_3);
+  cprover_equivalent_to_java_string_returning_function
+    ["java::java.lang.Integer.toHexString:(I)Ljava/lang/String;"]=
+      ID_cprover_string_of_int_hex_func;
+  cprover_equivalent_to_java_function
+    ["java::java.lang.Integer.parseInt:(Ljava/lang/String;)I"]=
+      ID_cprover_string_parse_int_func;
+  cprover_equivalent_to_java_string_returning_function
+    ["java::java.lang.Integer.toString:(I)Ljava/lang/String;"]=
+      ID_cprover_string_of_int_func;
+}
diff --git a/src/java_bytecode/java_string_library_preprocess.h b/src/java_bytecode/java_string_library_preprocess.h
new file mode 100644
index 00000000000..beeed0145ff
--- /dev/null
+++ b/src/java_bytecode/java_string_library_preprocess.h
@@ -0,0 +1,302 @@
+/*******************************************************************\
+
+Module: Produce code for simple implementation of String Java libraries
+
+Author: Romain Brenguier
+
+Date:   March 2017
+
+\*******************************************************************/
+
+#ifndef CPROVER_JAVA_BYTECODE_JAVA_STRING_LIBRARY_PREPROCESS_H
+#define CPROVER_JAVA_BYTECODE_JAVA_STRING_LIBRARY_PREPROCESS_H
+
+#include <util/ui_message.h>
+#include <util/std_code.h>
+#include <util/symbol_table.h>
+#include <util/refined_string_type.h>
+#include <util/string_expr.h>
+
+#include <util/ieee_float.h> // should get rid of this
+
+#include <unordered_set>
+#include <functional>
+#include "character_refine_preprocess.h"
+#include "java_types.h"
+
+class java_string_library_preprocesst:public messaget
+{
+public:
+  java_string_library_preprocesst():
+    refined_string_type(java_int_type(), java_char_type()) {}
+
+  void initialize_conversion_table();
+  void initialize_refined_string_type();
+
+  exprt code_for_function(
+    const irep_idt &function_id,
+    const code_typet &type,
+    const source_locationt &loc,
+    symbol_tablet &symbol_table);
+
+  codet replace_character_call(code_function_callt call)
+  {
+    return character_preprocess.replace_character_call(call);
+  }
+  void add_string_type(const irep_idt &class_name, symbol_tablet &symbol_table);
+  bool is_known_string_type(irep_idt class_name);
+
+private:
+  static bool java_type_matches_tag(const typet &type, const std::string &tag);
+  static bool is_java_string_pointer_type(const typet &type);
+  static bool is_java_string_type(const typet &type);
+  static bool is_java_string_builder_type(const typet &type);
+  static bool is_java_string_builder_pointer_type(const typet &type);
+  static bool is_java_string_buffer_type(const typet &type);
+  static bool is_java_string_buffer_pointer_type(const typet &type);
+  static bool is_java_char_sequence_type(const typet &type);
+  static bool is_java_char_sequence_pointer_type(const typet &type);
+  static bool is_java_char_array_type(const typet &type);
+  static bool is_java_char_array_pointer_type(const typet &type);
+  static bool implements_java_char_sequence(const typet &type)
+  {
+    return
+      is_java_char_sequence_pointer_type(type) ||
+      is_java_string_builder_pointer_type(type) ||
+      is_java_string_buffer_pointer_type(type) ||
+      is_java_string_pointer_type(type);
+  }
+
+  character_refine_preprocesst character_preprocess;
+
+  const refined_string_typet refined_string_type;
+
+  typedef
+    std::function<codet(
+      const code_typet &, const source_locationt &, symbol_tablet &)>
+    conversion_functiont;
+
+  typedef std::unordered_map<irep_idt, irep_idt, irep_id_hash> id_mapt;
+
+  // Table mapping each java method signature to the code generating function
+  std::unordered_map<irep_idt, conversion_functiont, irep_id_hash>
+    conversion_table;
+
+  // Some Java functions have an equivalent in the solver that we will
+  // call with the same argument and will return the same result
+  id_mapt cprover_equivalent_to_java_function;
+
+  // Some Java functions have an equivalent except that they should
+  // return Java Strings instead of string_exprt
+  id_mapt cprover_equivalent_to_java_string_returning_function;
+
+  // Some Java initialization function initialize strings with the
+  // same result as some function of the solver
+  id_mapt cprover_equivalent_to_java_constructor;
+
+  // Some Java functions have an equivalent in the solver except that
+  // in addition they assign the result to the object on which it is called
+  id_mapt cprover_equivalent_to_java_assign_and_return_function;
+
+  // Some Java functions have an equivalent in the solver except that
+  // they assign the result to the object on which it is called instead
+  // of returning it
+  id_mapt cprover_equivalent_to_java_assign_function;
+
+  // A set tells us what java types should be considered as string objects
+  std::unordered_set<irep_idt, irep_id_hash> string_types;
+
+  // Conversion functions
+  codet make_string_builder_append_object_code(
+    const code_typet &type,
+    const source_locationt &loc,
+    symbol_tablet &symbol_table);
+
+  codet make_equals_function_code(
+    const code_typet &type,
+    const source_locationt &loc,
+    symbol_tablet &symbol_table);
+
+  codet make_string_builder_append_float_code(
+    const code_typet &type,
+    const source_locationt &loc,
+    symbol_tablet &symbol_table);
+
+  codet make_float_to_string_code(
+    const code_typet &type,
+    const source_locationt &loc,
+    symbol_tablet &symbol_table);
+
+  codet make_string_to_char_array_code(
+    const code_typet &type,
+    const source_locationt &loc,
+    symbol_tablet &symbol_table);
+
+  // Auxiliary functions
+  codet code_for_scientific_notation(
+    const exprt &arg,
+    const ieee_float_spect &float_spec,
+    const string_exprt &string_expr,
+    const exprt &tmp_string,
+    const refined_string_typet &refined_string_type,
+    const source_locationt &loc,
+    symbol_tablet &symbol_table);
+
+  // Helper functions
+  exprt::operandst process_parameters(
+    const code_typet::parameterst &params,
+    const source_locationt &loc,
+    symbol_tablet &symbol_table,
+    code_blockt &init_code);
+
+  void process_single_operand(
+    exprt::operandst &processed_ops,
+    const exprt &deref,
+    const source_locationt &loc,
+    symbol_tablet &symbol_table,
+    code_blockt &init_code);
+
+  exprt::operandst process_operands(
+    const exprt::operandst &operands,
+    const source_locationt &loc,
+    symbol_tablet &symbol_table,
+    code_blockt &init_code);
+
+  exprt::operandst process_equals_function_operands(
+    const exprt::operandst &operands,
+    const source_locationt &loc,
+    symbol_tablet &symbol_table,
+    code_blockt &init_code);
+
+  string_exprt replace_char_array(
+    const exprt &array_pointer,
+    const source_locationt &loc,
+    symbol_tablet &symbol_table,
+    code_blockt &code);
+
+  void declare_function(
+    irep_idt function_name, const typet &type, symbol_tablet &symbol_table);
+
+  typet get_data_type(
+    const typet &type, const symbol_tablet &symbol_table);
+  typet get_length_type(
+    const typet &type, const symbol_tablet &symbol_table);
+  exprt get_data(const exprt &expr, const symbol_tablet &symbol_table);
+  exprt get_length(const exprt &expr, const symbol_tablet &symbol_table);
+
+  symbol_exprt fresh_string(
+    const typet &type,
+    const source_locationt &loc,
+    symbol_tablet &symbol_table);
+
+  symbol_exprt fresh_array(
+    const typet &type,
+    const source_locationt &loc,
+    symbol_tablet &symbol_table);
+
+  string_exprt fresh_string_expr(
+    const source_locationt &loc,
+    symbol_tablet &symbol_table,
+    code_blockt &code);
+
+  exprt fresh_string_expr_symbol(
+    const source_locationt &loc,
+    symbol_tablet &symbol_table,
+    code_blockt &code);
+
+  exprt allocate_fresh_string(
+    const typet &type,
+    const source_locationt &loc,
+    symbol_tablet &symbol_table,
+    code_blockt &code);
+
+  exprt allocate_fresh_array(
+    const typet &type,
+    const source_locationt &loc,
+    symbol_tablet &symbol_table,
+    code_blockt &code);
+
+  exprt make_function_application(
+    const irep_idt &function_name,
+    const exprt::operandst &arguments,
+    const typet &type,
+    symbol_tablet &symbol_table);
+
+  codet code_assign_function_application(
+    const exprt &lhs,
+    const irep_idt &function_name,
+    const exprt::operandst &arguments,
+    symbol_tablet &symbol_table);
+
+  codet code_return_function_application(
+    const irep_idt &function_name,
+    const exprt::operandst &arguments,
+    const typet &type,
+    symbol_tablet &symbol_table);
+
+  codet code_assign_function_to_string_expr(
+    const string_exprt &string_expr,
+    const irep_idt &function_name,
+    const exprt::operandst &arguments,
+    symbol_tablet &symbol_table);
+
+  string_exprt string_expr_of_function_application(
+    const irep_idt &function_name,
+    const exprt::operandst &arguments,
+    const source_locationt &loc,
+    symbol_tablet &symbol_table,
+    code_blockt &code);
+
+  codet code_assign_string_expr_to_java_string(
+    const exprt &lhs, const string_exprt &rhs, symbol_tablet &symbol_table);
+
+  codet code_assign_string_expr_to_new_java_string(
+    const exprt &lhs,
+    const string_exprt &rhs,
+    const source_locationt &loc,
+    symbol_tablet &symbol_table);
+
+  codet code_assign_java_string_to_string_expr(
+    const string_exprt &lhs, const exprt &rhs, symbol_tablet &symbol_table);
+
+  codet code_assign_string_literal_to_string_expr(
+    const string_exprt &lhs,
+    const exprt &tmp_string,
+    const std::string &s,
+    symbol_tablet &symbol_table);
+
+  exprt string_literal(const std::string &s);
+
+  codet make_function_from_call(
+    const irep_idt &function_name,
+    const code_typet &type,
+    const source_locationt &loc,
+    symbol_tablet &symbol_table);
+
+  codet make_init_function_from_call(
+    const irep_idt &function_name,
+    const code_typet &type,
+    const source_locationt &loc,
+    symbol_tablet &symbol_table,
+    bool ignore_first_arg=true);
+
+  codet make_assign_and_return_function_from_call(
+    const irep_idt &function_name,
+    const code_typet &type,
+    const source_locationt &loc,
+    symbol_tablet &symbol_table);
+
+  codet make_assign_function_from_call(
+    const irep_idt &function_name,
+    const code_typet &type,
+    const source_locationt &loc,
+    symbol_tablet &symbol_table);
+
+  codet make_string_returning_function_from_call(
+    const irep_idt &function_name,
+    const code_typet &type,
+    const source_locationt &loc,
+    symbol_tablet &symbol_table);
+};
+
+#endif // CPROVER_JAVA_BYTECODE_JAVA_STRING_LIBRARY_PREPROCESS_H

From 45a026040602a501374d58902807c79445fed4c3 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Thu, 20 Apr 2017 13:10:38 +0100
Subject: [PATCH 244/699] Merging string and character preprocess as one
 argument of bytecode conversion

Removing add_string_type declaration, not used anymore
---
 src/java_bytecode/Makefile                    |  1 +
 .../java_bytecode_convert_class.cpp           | 90 ++-----------------
 .../java_bytecode_convert_class.h             |  2 +-
 .../java_bytecode_convert_method.cpp          |  4 +-
 .../java_bytecode_convert_method.h            | 10 ++-
 .../java_bytecode_convert_method_class.h      |  7 +-
 src/java_bytecode/java_bytecode_language.cpp  | 14 ++-
 src/java_bytecode/java_bytecode_language.h    |  2 +
 8 files changed, 37 insertions(+), 93 deletions(-)

diff --git a/src/java_bytecode/Makefile b/src/java_bytecode/Makefile
index 677987cfc9b..0334b20595f 100644
--- a/src/java_bytecode/Makefile
+++ b/src/java_bytecode/Makefile
@@ -20,6 +20,7 @@ SRC = bytecode_info.cpp \
       java_object_factory.cpp \
       java_pointer_casts.cpp \
       java_root_class.cpp \
+      java_string_library_preprocess.cpp \
       java_types.cpp \
       java_utils.cpp \
       # Empty last line
diff --git a/src/java_bytecode/java_bytecode_convert_class.cpp b/src/java_bytecode/java_bytecode_convert_class.cpp
index ef905eebad2..29be4f70617 100644
--- a/src/java_bytecode/java_bytecode_convert_class.cpp
+++ b/src/java_bytecode/java_bytecode_convert_class.cpp
@@ -31,13 +31,13 @@ class java_bytecode_convert_classt:public messaget
     size_t _max_array_length,
     lazy_methodst& _lazy_methods,
     lazy_methods_modet _lazy_methods_mode,
-    bool _string_refinement_enabled):
+    const java_string_library_preprocesst &_string_preprocess):
     messaget(_message_handler),
     symbol_table(_symbol_table),
     max_array_length(_max_array_length),
     lazy_methods(_lazy_methods),
     lazy_methods_mode(_lazy_methods_mode),
-    string_refinement_enabled(_string_refinement_enabled)
+    string_preprocess(_string_preprocess)
   {
   }
 
@@ -47,18 +47,10 @@ class java_bytecode_convert_classt:public messaget
 
     if(parse_tree.loading_successful)
       convert(parse_tree.parsed_class);
-    else if(string_refinement_enabled &&
-            parse_tree.parsed_class.name=="java.lang.String")
-      add_string_type("java.lang.String");
-    else if(string_refinement_enabled &&
-            parse_tree.parsed_class.name=="java.lang.StringBuilder")
-      add_string_type("java.lang.StringBuilder");
-    else if(string_refinement_enabled &&
-            parse_tree.parsed_class.name=="java.lang.CharSequence")
-      add_string_type("java.lang.CharSequence");
-    else if(string_refinement_enabled &&
-            parse_tree.parsed_class.name=="java.lang.StringBuffer")
-      add_string_type("java.lang.StringBuffer");
+    else if(string_preprocess.is_known_string_type(
+              parse_tree.parsed_class.name))
+      string_preprocess.add_string_type(
+        parse_tree.parsed_class.name, symbol_table);
     else
       generate_class_stub(parse_tree.parsed_class.name);
   }
@@ -71,7 +63,7 @@ class java_bytecode_convert_classt:public messaget
   const size_t max_array_length;
   lazy_methodst &lazy_methods;
   lazy_methods_modet lazy_methods_mode;
-  bool string_refinement_enabled;
+  java_string_library_preprocesst string_preprocess;
 
   // conversion
   void convert(const classt &c);
@@ -79,7 +71,6 @@ class java_bytecode_convert_classt:public messaget
 
   void generate_class_stub(const irep_idt &class_name);
   void add_array_types();
-  void add_string_type(const irep_idt &class_name);
 };
 
 /*******************************************************************\
@@ -486,7 +477,7 @@ bool java_bytecode_convert_class(
   size_t max_array_length,
   lazy_methodst &lazy_methods,
   lazy_methods_modet lazy_methods_mode,
-  bool string_refinement_enabled)
+  const java_string_library_preprocesst &string_preprocess)
 {
   java_bytecode_convert_classt java_bytecode_convert_class(
     symbol_table,
@@ -494,7 +485,7 @@ bool java_bytecode_convert_class(
     max_array_length,
     lazy_methods,
     lazy_methods_mode,
-    string_refinement_enabled);
+    string_preprocess);
 
   try
   {
@@ -518,66 +509,3 @@ bool java_bytecode_convert_class(
 
   return true;
 }
-
-/*******************************************************************\
-
-Function: java_bytecode_convert_classt::add_string_type
-
-  Inputs: a name for the class such as "java.lang.String"
-
- Purpose: Implements the java.lang.String type in the case that
-          we provide an internal implementation.
-
-\*******************************************************************/
-
-void java_bytecode_convert_classt::add_string_type(const irep_idt &class_name)
-{
-  class_typet string_type;
-  string_type.set_tag(class_name);
-  string_type.components().resize(3);
-  string_type.components()[0].set_name("@java.lang.Object");
-  string_type.components()[0].set_pretty_name("@java.lang.Object");
-  string_type.components()[0].type()=symbol_typet("java::java.lang.Object");
-  string_type.components()[1].set_name("length");
-  string_type.components()[1].set_pretty_name("length");
-  string_type.components()[1].type()=java_int_type();
-  string_type.components()[2].set_name("data");
-  string_type.components()[2].set_pretty_name("data");
-  // Use a pointer-to-unbounded-array instead of a pointer-to-char.
-  // Saves some casting in the string refinement algorithm but may
-  // be unnecessary.
-  string_type.components()[2].type()=pointer_typet(
-    array_typet(java_char_type(), infinity_exprt(java_int_type())));
-  string_type.add_base(symbol_typet("java::java.lang.Object"));
-
-  symbolt string_symbol;
-  string_symbol.name="java::"+id2string(class_name);
-  string_symbol.base_name=id2string(class_name);
-  string_symbol.type=string_type;
-  string_symbol.is_type=true;
-
-  symbol_table.add(string_symbol);
-
-  // Also add a stub of `String.equals` so that remove-virtual-functions
-  // generates a check for Object.equals vs. String.equals.
-  // No need to fill it in, as pass_preprocess will replace the calls again.
-  symbolt string_equals_symbol;
-  string_equals_symbol.name=
-    "java::java.lang.String.equals:(Ljava/lang/Object;)Z";
-  string_equals_symbol.base_name=id2string(class_name)+".equals";
-  string_equals_symbol.pretty_name=id2string(class_name)+".equals";
-  string_equals_symbol.mode=ID_java;
-
-  code_typet string_equals_type;
-  string_equals_type.return_type()=java_boolean_type();
-  code_typet::parametert thisparam;
-  thisparam.set_this();
-  thisparam.type()=pointer_typet(symbol_typet(string_symbol.name));
-  code_typet::parametert otherparam;
-  otherparam.type()=pointer_typet(symbol_typet("java::java.lang.Object"));
-  string_equals_type.parameters().push_back(thisparam);
-  string_equals_type.parameters().push_back(otherparam);
-  string_equals_symbol.type=std::move(string_equals_type);
-
-  symbol_table.add(string_equals_symbol);
-}
diff --git a/src/java_bytecode/java_bytecode_convert_class.h b/src/java_bytecode/java_bytecode_convert_class.h
index 9ce5cc8c7cc..3bf4e59c85f 100644
--- a/src/java_bytecode/java_bytecode_convert_class.h
+++ b/src/java_bytecode/java_bytecode_convert_class.h
@@ -22,6 +22,6 @@ bool java_bytecode_convert_class(
   size_t max_array_length,
   lazy_methodst &,
   lazy_methods_modet,
-  bool string_refinement_enabled);
+  const java_string_library_preprocesst &string_preprocess);
 
 #endif // CPROVER_JAVA_BYTECODE_JAVA_BYTECODE_CONVERT_CLASS_H
diff --git a/src/java_bytecode/java_bytecode_convert_method.cpp b/src/java_bytecode/java_bytecode_convert_method.cpp
index 14a6d7a501c..63cfb1a9cd5 100644
--- a/src/java_bytecode/java_bytecode_convert_method.cpp
+++ b/src/java_bytecode/java_bytecode_convert_method.cpp
@@ -1556,8 +1556,8 @@ codet java_bytecode_convert_methodt::convert_instructions(
           symbol.name,
           symbol_table);
 
-        // functions of the String libraries can have code
-        // generated for them
+        // The string refinement module may provide a definition for this
+        // function.
         symbol.value=string_preprocess.code_for_function(
           id, to_code_type(symbol.type), loc, symbol_table);
 
diff --git a/src/java_bytecode/java_bytecode_convert_method.h b/src/java_bytecode/java_bytecode_convert_method.h
index db6fcc729e1..78dd9226f76 100644
--- a/src/java_bytecode/java_bytecode_convert_method.h
+++ b/src/java_bytecode/java_bytecode_convert_method.h
@@ -12,6 +12,7 @@ Author: Daniel Kroening, kroening@kroening.com
 #include <util/symbol_table.h>
 #include <util/message.h>
 #include <util/safe_pointer.h>
+#include "java_string_library_preprocess.h"
 
 #include "java_bytecode_parse_tree.h"
 #include "ci_lazy_methods.h"
@@ -24,14 +25,16 @@ void java_bytecode_convert_method(
   symbol_tablet &symbol_table,
   message_handlert &message_handler,
   size_t max_array_length,
-  safe_pointer<ci_lazy_methodst> lazy_methods);
+  safe_pointer<ci_lazy_methodst> lazy_methods,
+  const java_string_library_preprocesst &string_preprocess);
 
 inline void java_bytecode_convert_method(
   const symbolt &class_symbol,
   const java_bytecode_parse_treet::methodt &method,
   symbol_tablet &symbol_table,
   message_handlert &message_handler,
-  size_t max_array_length)
+  size_t max_array_length,
+  const java_string_library_preprocesst &string_preprocess)
 {
   java_bytecode_convert_method(
     class_symbol,
@@ -39,7 +42,8 @@ inline void java_bytecode_convert_method(
     symbol_table,
     message_handler,
     max_array_length,
-    safe_pointer<ci_lazy_methodst>::create_null());
+    safe_pointer<ci_lazy_methodst>::create_null(),
+    string_preprocess);
 }
 
 void java_bytecode_convert_method_lazy(
diff --git a/src/java_bytecode/java_bytecode_convert_method_class.h b/src/java_bytecode/java_bytecode_convert_method_class.h
index da9196e6a67..cf3c66b8661 100644
--- a/src/java_bytecode/java_bytecode_convert_method_class.h
+++ b/src/java_bytecode/java_bytecode_convert_method_class.h
@@ -32,11 +32,13 @@ class java_bytecode_convert_methodt:public messaget
     symbol_tablet &_symbol_table,
     message_handlert &_message_handler,
     size_t _max_array_length,
-    safe_pointer<ci_lazy_methodst> _lazy_methods):
+    safe_pointer<ci_lazy_methodst> _lazy_methods,
+    const java_string_library_preprocesst &_string_preprocess):
     messaget(_message_handler),
     symbol_table(_symbol_table),
     max_array_length(_max_array_length),
-    lazy_methods(_lazy_methods)
+    lazy_methods(_lazy_methods),
+    string_preprocess(_string_preprocess)
   {
   }
 
@@ -59,6 +61,7 @@ class java_bytecode_convert_methodt:public messaget
   irep_idt method_id;
   irep_idt current_method;
   typet method_return_type;
+  java_string_library_preprocesst string_preprocess;
 
 public:
   struct holet
diff --git a/src/java_bytecode/java_bytecode_language.cpp b/src/java_bytecode/java_bytecode_language.cpp
index 69f9f3eb2a4..404ffc95c69 100644
--- a/src/java_bytecode/java_bytecode_language.cpp
+++ b/src/java_bytecode/java_bytecode_language.cpp
@@ -511,6 +511,9 @@ bool java_bytecode_languaget::typecheck(
   symbol_tablet &symbol_table,
   const std::string &module)
 {
+  if(string_refinement_enabled)
+    string_preprocess.initialize_conversion_table();
+
   // first convert all
   for(java_class_loadert::class_mapt::const_iterator
       c_it=java_class_loader.class_map.begin();
@@ -529,7 +532,7 @@ bool java_bytecode_languaget::typecheck(
          max_user_array_length,
          lazy_methods,
          lazy_methods_mode,
-         string_refinement_enabled))
+         string_preprocess))
       return true;
   }
 
@@ -551,7 +554,8 @@ bool java_bytecode_languaget::typecheck(
         *method_sig.second.second,
         symbol_table,
         get_message_handler(),
-        max_user_array_length);
+        max_user_array_length,
+        string_preprocess);
     }
   }
   // Otherwise our caller is in charge of elaborating methods on demand.
@@ -678,7 +682,8 @@ bool java_bytecode_languaget::do_ci_lazy_method_conversion(
           symbol_table,
           get_message_handler(),
           max_user_array_length,
-          safe_pointer<ci_lazy_methodst>::create_non_null(&lazy_methods));
+          safe_pointer<ci_lazy_methodst>::create_non_null(&lazy_methods),
+          string_preprocess);
         gather_virtual_callsites(
           symbol_table.lookup(mname).value,
           virtual_callsites);
@@ -788,7 +793,8 @@ void java_bytecode_languaget::convert_lazy_method(
     *lazy_method_entry.second,
     symtab,
     get_message_handler(),
-    max_user_array_length);
+    max_user_array_length,
+    string_preprocess);
 }
 
 /*******************************************************************\
diff --git a/src/java_bytecode/java_bytecode_language.h b/src/java_bytecode/java_bytecode_language.h
index 2da26b71ad6..929cc354518 100644
--- a/src/java_bytecode/java_bytecode_language.h
+++ b/src/java_bytecode/java_bytecode_language.h
@@ -13,6 +13,7 @@ Author: Daniel Kroening, kroening@kroening.com
 #include <util/cmdline.h>
 
 #include "java_class_loader.h"
+#include "java_string_library_preprocess.h"
 
 #define MAX_NONDET_ARRAY_LENGTH_DEFAULT 5
 
@@ -99,6 +100,7 @@ class java_bytecode_languaget:public languaget
   lazy_methodst lazy_methods;
   lazy_methods_modet lazy_methods_mode;
   bool string_refinement_enabled;
+  java_string_library_preprocesst string_preprocess;
   std::string java_cp_include_files;
 };
 

From 7653a764b4dced98481e75286815b6f424a0ce68 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Fri, 21 Apr 2017 14:51:49 +0100
Subject: [PATCH 245/699] Removing and deactivating the old preprocessing

Removing string_refine_preprocess from Makefile

Removing include of string_refine_preprocess
---
 src/cbmc/cbmc_parse_options.cpp               |    9 -
 src/goto-programs/Makefile                    |    1 -
 .../string_refine_preprocess.cpp              | 1583 -----------------
 src/goto-programs/string_refine_preprocess.h  |  203 ---
 4 files changed, 1796 deletions(-)
 delete mode 100644 src/goto-programs/string_refine_preprocess.cpp
 delete mode 100644 src/goto-programs/string_refine_preprocess.h

diff --git a/src/cbmc/cbmc_parse_options.cpp b/src/cbmc/cbmc_parse_options.cpp
index aaf0aad6b90..b9230c6b4e6 100644
--- a/src/cbmc/cbmc_parse_options.cpp
+++ b/src/cbmc/cbmc_parse_options.cpp
@@ -20,7 +20,6 @@ Author: Daniel Kroening, kroening@kroening.com
 #include <ansi-c/c_preprocess.h>
 
 #include <goto-programs/goto_convert_functions.h>
-#include <goto-programs/string_refine_preprocess.h>
 #include <goto-programs/remove_function_pointers.h>
 #include <goto-programs/remove_virtual_functions.h>
 #include <goto-programs/remove_instanceof.h>
@@ -905,14 +904,6 @@ bool cbmc_parse_optionst::process_goto_program(
     status() << "Partial Inlining" << eom;
     goto_partial_inline(goto_functions, ns, ui_message_handler);
 
-
-    if(cmdline.isset("refine-strings"))
-    {
-      status() << "Preprocessing for string refinement" << eom;
-      string_refine_preprocesst(
-        symbol_table, goto_functions, ui_message_handler);
-    }
-
     // remove returns, gcc vectors, complex
     remove_returns(symbol_table, goto_functions);
     remove_vector(symbol_table, goto_functions);
diff --git a/src/goto-programs/Makefile b/src/goto-programs/Makefile
index 1a3583bff53..60bfc304801 100644
--- a/src/goto-programs/Makefile
+++ b/src/goto-programs/Makefile
@@ -58,7 +58,6 @@ SRC = basic_blocks.cpp \
       slice_global_inits.cpp \
       string_abstraction.cpp \
       string_instrumentation.cpp \
-      string_refine_preprocess.cpp \
       system_library_symbols.cpp \
       vcd_goto_trace.cpp \
       wp.cpp \
diff --git a/src/goto-programs/string_refine_preprocess.cpp b/src/goto-programs/string_refine_preprocess.cpp
deleted file mode 100644
index bbba1b8d49a..00000000000
--- a/src/goto-programs/string_refine_preprocess.cpp
+++ /dev/null
@@ -1,1583 +0,0 @@
-/*******************************************************************\
-
-Module: Preprocess a goto-programs so that calls to the java String
-        library are recognized by the string solver
-
-Author: Romain Brenguier
-
-Date:   September 2016
-
-\*******************************************************************/
-
-#include <util/std_expr.h>
-#include <util/symbol_table.h>
-#include <util/pointer_offset_size.h>
-#include <util/prefix.h>
-#include <util/string_expr.h>
-#include <util/refined_string_type.h>
-#include <util/fresh_symbol.h>
-#include <goto-programs/class_identifier.h>
-#include <java_bytecode/java_types.h>
-
-#include "string_refine_preprocess.h"
-
-/*******************************************************************\
-
-Function: string_refine_preprocesst::check_java_type
-
-  Inputs: a type and a string
-
- Outputs: Boolean telling whether the type is a struct with the given
-          tag or a symbolic type with the tag prefixed by "java::"
-
-\*******************************************************************/
-
-bool string_refine_preprocesst::check_java_type(
-  const typet &type, const std::string &tag)
-{
-  if(type.id()==ID_symbol)
-  {
-    irep_idt tag_id=to_symbol_type(type).get_identifier();
-    return tag_id=="java::"+tag;
-  }
-  else if(type.id()==ID_struct)
-  {
-    irep_idt tag_id=to_struct_type(type).get_tag();
-    return tag_id==tag;
-  }
-  return false;
-}
-/*******************************************************************\
-
-Function: string_refine_preprocesst::is_java_string_pointer_type
-
-  Inputs: a type
-
- Outputs: Boolean telling whether the type is that of java string pointers
-
-\*******************************************************************/
-
-bool string_refine_preprocesst::is_java_string_pointer_type(const typet &type)
-{
-  if(type.id()==ID_pointer)
-  {
-    const pointer_typet &pt=to_pointer_type(type);
-    const typet &subtype=pt.subtype();
-    return is_java_string_type(subtype);
-  }
-  return false;
-}
-
-/*******************************************************************\
-
-Function: string_refine_preprocesst::is_java_string_type
-
-  Inputs: a type
-
- Outputs: Boolean telling whether the type is that of java string
-
-\*******************************************************************/
-
-bool string_refine_preprocesst::is_java_string_type(const typet &type)
-{
-  return check_java_type(type, "java.lang.String");
-}
-
-/*******************************************************************\
-
-Function: string_refine_preprocesst::is_java_string_builder_type
-
-  Inputs: a type
-
- Outputs: Boolean telling whether the type is that of java string builder
-
-\*******************************************************************/
-
-bool string_refine_preprocesst::is_java_string_builder_type(const typet &type)
-{
-  return check_java_type(type, "java.lang.StringBuilder");
-}
-
-/*******************************************************************\
-
-Function: string_refine_preprocesst::is_java_string_builder_pointer_type
-
-  Inputs: a type
-
- Outputs: Boolean telling whether the type is that of java StringBuilder
-          pointers
-
-\*******************************************************************/
-
-bool string_refine_preprocesst::is_java_string_builder_pointer_type(
-  const typet &type)
-{
-  if(type.id()==ID_pointer)
-  {
-    const pointer_typet &pt=to_pointer_type(type);
-    const typet &subtype=pt.subtype();
-    return is_java_string_builder_type(subtype);
-  }
-  return false;
-}
-
-/*******************************************************************\
-
-Function: string_refine_preprocesst::is_java_string_buffer_type
-
-  Inputs: a type
-
- Outputs: Boolean telling whether the type is that of java string buffer
-
-\*******************************************************************/
-
-bool string_refine_preprocesst::is_java_string_buffer_type(const typet &type)
-{
-  return check_java_type(type, "java.lang.StringBuffer");
-}
-
-/*******************************************************************\
-
-Function: string_refine_preprocesst::is_java_string_buffer_pointer_type
-
-  Inputs: a type
-
- Outputs: Boolean telling whether the type is that of java StringBuffer
-          pointers
-
-\*******************************************************************/
-
-bool string_refine_preprocesst::is_java_string_buffer_pointer_type(
-  const typet &type)
-{
-  if(type.id()==ID_pointer)
-  {
-    const pointer_typet &pt=to_pointer_type(type);
-    const typet &subtype=pt.subtype();
-    return is_java_string_buffer_type(subtype);
-  }
-  return false;
-}
-
-/*******************************************************************\
-
-Function: string_refine_preprocesst::is_java_char_sequence_type
-
-  Inputs: a type
-
- Outputs: Boolean telling whether the type is that of java char sequence
-
-\*******************************************************************/
-
-bool string_refine_preprocesst::is_java_char_sequence_type(const typet &type)
-{
-  return check_java_type(type, "java.lang.CharSequence");
-}
-
-/*******************************************************************\
-
-Function: string_refine_preprocesst::is_java_char_sequence_pointer_type
-
-  Inputs: a type
-
- Outputs: Boolean telling whether the type is that of a pointer
-          to a java char sequence
-
-\*******************************************************************/
-
-bool string_refine_preprocesst::is_java_char_sequence_pointer_type(
-  const typet &type)
-{
-  if(type.id()==ID_pointer)
-  {
-    const pointer_typet &pt=to_pointer_type(type);
-    const typet &subtype=pt.subtype();
-    return is_java_char_sequence_type(subtype);
-  }
-  return false;
-}
-
-/*******************************************************************\
-
-Function: string_refine_preprocesst::is_java_char_array_type
-
-  Inputs: a type
-
- Outputs: Boolean telling whether the type is that of java char array
-
-\*******************************************************************/
-
-bool string_refine_preprocesst::is_java_char_array_type(const typet &type)
-{
-  return check_java_type(type, "array[char]");
-}
-
-/*******************************************************************\
-
-Function: string_refine_preprocesst::is_java_char_array_pointer_type
-
-  Inputs: a type
-
- Outputs: Boolean telling whether the type is that of a pointer
-          to a java char array
-
-\*******************************************************************/
-
-bool string_refine_preprocesst::is_java_char_array_pointer_type(
-  const typet &type)
-{
-  if(type.id()==ID_pointer)
-  {
-    const pointer_typet &pt=to_pointer_type(type);
-    const typet &subtype=pt.subtype();
-    return is_java_char_array_type(subtype);
-  }
-  return false;
-}
-
-/*******************************************************************\
-
-Function: string_refine_preprocesst::fresh_array
-
-  Inputs:
-    type - an array type
-    location - a location in the program
-
- Outputs: a new symbol
-
- Purpose: add a symbol with static lifetime and name containing
-          `cprover_string_array` and given type
-
-\*******************************************************************/
-
-symbol_exprt string_refine_preprocesst::fresh_array(
-  const typet &type, const source_locationt &location)
-{
-  symbolt array_symbol=get_fresh_aux_symbol(
-    type,
-    "cprover_string_array",
-    "cprover_string_array",
-    location,
-    ID_java,
-    symbol_table);
-  array_symbol.is_static_lifetime=true;
-  return array_symbol.symbol_expr();
-}
-
-/*******************************************************************\
-
-Function: string_refine_preprocesst::fresh_string
-
-  Inputs:
-    type - a type for refined strings
-    location - a location in the program
-
- Outputs: a new symbol
-
- Purpose: add a symbol with static lifetime and name containing
-          `cprover_string` and given type
-
-\*******************************************************************/
-
-symbol_exprt string_refine_preprocesst::fresh_string(
-  const typet &type, const source_locationt &location)
-{
-  symbolt array_symbol=get_fresh_aux_symbol(
-    type, "cprover_string", "cprover_string", location, ID_java, symbol_table);
-  array_symbol.is_static_lifetime=true;
-  return array_symbol.symbol_expr();
-}
-
-/*******************************************************************\
-
-Function: string_refine_preprocesst::declare_function
-
-  Inputs: a name and a type
-
- Purpose: declare a function with the given name and type
-
-\*******************************************************************/
-
-void string_refine_preprocesst::declare_function(
-  irep_idt function_name, const typet &type)
-{
-  auxiliary_symbolt func_symbol;
-  func_symbol.base_name=function_name;
-  func_symbol.is_static_lifetime=false;
-  func_symbol.mode=ID_java;
-  func_symbol.name=function_name;
-  func_symbol.type=type;
-  symbol_table.add(func_symbol);
-  goto_functions.function_map[function_name];
-}
-
-/*******************************************************************\
-
-Function: string_refine_preprocesst::get_data_and_length_type_of_char_array
-
-  Inputs: an expression, a reference to a data type and a reference to a
-          length type
-
- Purpose: assuming the expression is a char array, figure out what
-          the types for length and data are and put them into the references
-          given as argument
-
-\*******************************************************************/
-
-void string_refine_preprocesst::get_data_and_length_type_of_char_array(
-  const exprt &expr, typet &data_type, typet &length_type)
-{
-  typet object_type=ns.follow(expr.type());
-  assert(object_type.id()==ID_struct);
-  const struct_typet &struct_type=to_struct_type(object_type);
-  for(auto component : struct_type.components())
-    if(component.get_name()=="length")
-      length_type=component.type();
-    else if(component.get_name()=="data")
-      data_type=component.type();
-}
-
-/*******************************************************************\
-
-Function: string_refine_preprocesst::get_data_and_length_type_of_string
-
-  Inputs: an expression, a reference to a data type and a reference to a
-          length type
-
- Purpose: assuming the expression is a java string, figure out what
-          the types for length and data are and put them into the references
-          given as argument
-
-\*******************************************************************/
-
-void string_refine_preprocesst::get_data_and_length_type_of_string(
-  const exprt &expr, typet &data_type, typet &length_type)
-{
-  assert(implements_java_char_sequence(pointer_typet(expr.type())));
-  typet object_type=ns.follow(expr.type());
-  const struct_typet &struct_type=to_struct_type(object_type);
-  for(const auto &component : struct_type.components())
-    if(component.get_name()=="length")
-      length_type=component.type();
-    else if(component.get_name()=="data")
-      data_type=component.type();
-}
-
-/*******************************************************************\
-
-Function: string_refine_preprocesst::make_cprover_string_assign
-
-  Inputs: a goto_program, a position in this program, an expression and a
-          location
-
- Outputs: an expression
-
- Purpose: Introduce a temporary variable for cprover strings;
-          returns the cprover_string corresponding to rhs if it is a string
-          pointer and the original rhs otherwise.
-
-\*******************************************************************/
-
-exprt string_refine_preprocesst::make_cprover_string_assign(
-  goto_programt &goto_program,
-  goto_programt::targett &target,
-  const exprt &rhs,
-  const source_locationt &location)
-{
-  if(implements_java_char_sequence(rhs.type()))
-  {
-    // We do the following assignments:
-    // 1 length= *(rhs->length)
-    // 2 cprover_string_array = *(rhs->data)
-    // 3 cprover_string = { length; cprover_string_array }
-
-    dereference_exprt deref(rhs, rhs.type().subtype());
-    typet data_type, length_type;
-    get_data_and_length_type_of_string(deref, data_type, length_type);
-    std::list<code_assignt> assignments;
-
-    // 1) cprover_string_length= *(rhs->length)
-    symbolt sym_length=get_fresh_aux_symbol(
-      length_type,
-      "cprover_string_length",
-      "cprover_string_length",
-      location,
-      ID_java,
-      symbol_table);
-    symbol_exprt cprover_length=sym_length.symbol_expr();
-    member_exprt length(deref, "length", length_type);
-    assignments.emplace_back(cprover_length, length);
-
-    // 2) cprover_string_array = *(rhs->data)
-    symbol_exprt array_lhs=fresh_array(data_type.subtype(), location);
-    member_exprt data(deref, "data", data_type);
-    dereference_exprt deref_data(data, data_type.subtype());
-    assignments.emplace_back(array_lhs, deref_data);
-
-    // 3) cprover_string = { cprover_string_length; cprover_string_array }
-    // This assignment is useful for finding witnessing strings for counter
-    // examples
-    refined_string_typet ref_type(length_type, java_char_type());
-    string_exprt new_rhs(cprover_length, array_lhs, ref_type);
-
-    symbol_exprt lhs=fresh_string(new_rhs.type(), location);
-    assignments.emplace_back(lhs, new_rhs);
-
-    insert_assignments(
-      goto_program, target, target->function, location, assignments);
-    target=goto_program.insert_after(target);
-    return new_rhs;
-  }
-  else if(rhs.id()==ID_typecast &&
-          implements_java_char_sequence(rhs.op0().type()))
-  {
-    exprt new_rhs=make_cprover_string_assign(
-      goto_program, target, rhs.op0(), location);
-    return typecast_exprt(new_rhs, rhs.type());
-  }
-  else
-    return rhs;
-}
-
-/*******************************************************************\
-
-Function: string_refine_preprocesst::make_cprover_char_array_assign
-
-  Inputs: a goto_program, a position in this program, an expression of
-          type char array pointer and a location
-
- Outputs: a string expression
-
- Purpose: Introduce a temporary variable for cprover strings;
-          returns the cprover_string corresponding to rhs
-
-\*******************************************************************/
-
-string_exprt string_refine_preprocesst::make_cprover_char_array_assign(
-  goto_programt &goto_program,
-  goto_programt::targett &target,
-  const exprt &rhs,
-  const source_locationt &location)
-{
-  assert(is_java_char_array_pointer_type(rhs.type()));
-
-  // We do the following assignments:
-  // deref=*(rhs->data)
-  // array= typecast(&deref);
-  // string={ rhs->length; array }
-
-  dereference_exprt deref(rhs, rhs.type().subtype());
-  typet length_type, data_type;
-  get_data_and_length_type_of_char_array(deref, data_type, length_type);
-  assert(data_type.id()==ID_pointer);
-  typet char_type=to_pointer_type(data_type).subtype();
-
-  refined_string_typet ref_type(length_type, java_char_type());
-  typet content_type=ref_type.get_content_type();
-  std::list<code_assignt> assignments;
-
-  // deref=*(rhs->data)
-  member_exprt array_rhs(deref, "data", data_type);
-  dereference_exprt deref_array(array_rhs, data_type.subtype());
-  symbolt sym_lhs_deref=get_fresh_aux_symbol(
-    data_type.subtype(),
-    "char_array_assign$deref",
-    "char_array_assign$deref",
-    location,
-    ID_java,
-    symbol_table);
-  symbol_exprt lhs_deref=sym_lhs_deref.symbol_expr();
-  assignments.emplace_back(lhs_deref, deref_array);
-
-  // array=convert_pointer_to_char_array(*rhs->data)
-  declare_function(ID_cprover_string_array_of_char_pointer_func, content_type);
-  function_application_exprt fun_app(symbol_exprt(
-    ID_cprover_string_array_of_char_pointer_func), content_type);
-  fun_app.arguments().push_back(deref_array);
-  symbol_exprt array=fresh_array(content_type, location);
-  assignments.emplace_back(array, fun_app);
-
-  // string={ rhs->length; string_array }
-  string_exprt new_rhs(get_length(deref, length_type), array, ref_type);
-  symbol_exprt lhs=fresh_string(ref_type, location);
-  assignments.emplace_back(lhs, new_rhs);
-
-  insert_assignments(
-    goto_program, target, target->function, location, assignments);
-  target=goto_program.insert_after(target);
-  return new_rhs;
-}
-
-/*******************************************************************\
-
-Function: string_refine_preprocesst::make_normal_assign
-
-  Inputs: a goto_program, a position in this program, an expression lhs,
-          a function type, a function name, a vector of arguments, a location
-          and a signature
-
- Purpose: replace the current instruction by:
-          > lhs=function_name(arguments) : return_type @ location
-          If given, signature can force String conversion of given arguments.
-          The convention for signature is one character by argument
-          and 'S' denotes string.
-
-\*******************************************************************/
-
-void string_refine_preprocesst::make_normal_assign(
-  goto_programt &goto_program,
-  goto_programt::targett target,
-  const exprt &lhs,
-  const code_typet &function_type,
-  const irep_idt &function_name,
-  const exprt::operandst &arguments,
-  const source_locationt &location,
-  const std::string &signature)
-{
-  function_application_exprt rhs(
-    symbol_exprt(function_name), function_type.return_type());
-  rhs.add_source_location()=location;
-  declare_function(function_name, function_type);
-
-  exprt::operandst processed_arguments=process_arguments(
-    goto_program, target, arguments, location, signature);
-  rhs.arguments()=processed_arguments;
-
-  code_assignt assignment(lhs, rhs);
-  assignment.add_source_location()=location;
-  target->make_assignment();
-  target->code=assignment;
-}
-
-/*******************************************************************\
-
-Function: string_refine_preprocesst::insert_assignments
-
-  Inputs: a goto_program, a position in this program, a list of assignments
-
- Purpose: add the assignments to the program in the order they are given
-
-\*******************************************************************/
-
-void string_refine_preprocesst::insert_assignments(
-  goto_programt &goto_program,
-  goto_programt::targett &target,
-  irep_idt function,
-  source_locationt location,
-  const std::list<code_assignt> &va)
-{
-  if(va.empty())
-    return;
-
-  auto i=va.begin();
-  target->make_assignment();
-  target->code=*i;
-  target->function=function;
-  target->source_location=location;
-  for(i++; i!=va.end(); i++)
-  {
-    target=goto_program.insert_after(target);
-    target->make_assignment();
-    target->code=*i;
-    target->function=function;
-    target->source_location=location;
-  }
-}
-
-/*******************************************************************\
-
-Function: string_refine_preprocesst::make_string_assign
-
-  Inputs: a goto_program, a position in this program, an expression lhs,
-          a function type, a function name, a vector of arguments, a location
-          and a signature
-
- Purpose: replace the current instruction by:
-          > lhs=malloc(String *)
-          > lhs->length=function_name_length(arguments)
-          > tmp_data=function_name_data(arguments)
-          > lhs->data=&tmp_data
-
-\*******************************************************************/
-
-void string_refine_preprocesst::make_string_assign(
-  goto_programt &goto_program,
-  goto_programt::targett &target,
-  const exprt &lhs,
-  const code_typet &function_type,
-  const irep_idt &function_name,
-  const exprt::operandst &arguments,
-  const source_locationt &location,
-  const std::string &signature)
-{
-  assert(implements_java_char_sequence(function_type.return_type()));
-  dereference_exprt deref(lhs, lhs.type().subtype());
-  typet object_type=ns.follow(deref.type());
-  exprt object_size=size_of_expr(object_type, ns);
-  typet length_type, data_type;
-  get_data_and_length_type_of_string(deref, data_type, length_type);
-
-  std::string fnamel=id2string(function_name)+"_length";
-  std::string fnamed=id2string(function_name)+"_data";
-  declare_function(fnamel, length_type);
-  declare_function(fnamed, data_type);
-  function_application_exprt rhs_length(symbol_exprt(fnamel), length_type);
-  function_application_exprt rhs_data(
-    symbol_exprt(fnamed), data_type.subtype());
-
-  exprt::operandst processed_arguments=process_arguments(
-    goto_program, target, arguments, location, signature);
-  rhs_length.arguments()=processed_arguments;
-  rhs_data.arguments()=processed_arguments;
-
-  symbolt sym_length=get_fresh_aux_symbol(
-    length_type, "length", "length", location, ID_java, symbol_table);
-  symbol_exprt tmp_length=sym_length.symbol_expr();
-  symbol_exprt tmp_array=fresh_array(data_type.subtype(), location);
-  member_exprt lhs_length(deref, "length", length_type);
-  member_exprt lhs_data(deref, "data", tmp_array.type());
-
-  // lhs=malloc(String *)
-  assert(object_size.is_not_nil()); // got nil object_size
-  side_effect_exprt malloc_expr(ID_malloc);
-  malloc_expr.copy_to_operands(object_size);
-  malloc_expr.type()=pointer_typet(object_type);
-  malloc_expr.add_source_location()=location;
-
-  refined_string_typet ref_type(length_type, data_type.subtype().subtype());
-  string_exprt str(tmp_length, tmp_array, ref_type);
-  symbol_exprt cprover_string_sym=fresh_string(ref_type, location);
-
-  std::list<code_assignt> assigns;
-  assigns.emplace_back(lhs, malloc_expr);
-  assigns.emplace_back(tmp_length, rhs_length);
-  assigns.emplace_back(lhs_length, tmp_length);
-  assigns.emplace_back(tmp_array, rhs_data);
-  assigns.emplace_back(cprover_string_sym, str);
-  assigns.emplace_back(lhs_data, address_of_exprt(tmp_array));
-  insert_assignments(goto_program, target, target->function, location, assigns);
-}
-
-/*******************************************************************\
-
-Function: string_refine_preprocesst::make_string_function
-
-  Inputs: a position in a goto program, a function name, an expression lhs,
-          a function type, name, arguments, a location and a signature string
-
- Purpose: at the current position replace `lhs=s.some_function(x,...)`
-          by `lhs=function_name(s,x,...)`;
-
-\*******************************************************************/
-
-void string_refine_preprocesst::make_string_function(
-  goto_programt &goto_program,
-  goto_programt::targett &target,
-  const exprt &lhs,
-  const code_typet &function_type,
-  const irep_idt &function_name,
-  const exprt::operandst &arguments,
-  const source_locationt &location,
-  const std::string &signature)
-{
-  if(signature.length()>0)
-  {
-    if(signature.back()=='S')
-    {
-      make_string_assign(
-        goto_program,
-        target,
-        lhs,
-        function_type,
-        function_name,
-        arguments,
-        location,
-        signature);
-    }
-    else
-      make_normal_assign(
-      goto_program,
-      target,
-      lhs,
-      function_type,
-      function_name,
-      arguments,
-      location,
-      signature);
-  }
-  else if(implements_java_char_sequence(function_type.return_type()))
-    make_string_assign(
-      goto_program,
-      target,
-      lhs,
-      function_type,
-      function_name,
-      arguments,
-      location,
-      signature);
-  else
-    make_normal_assign(
-      goto_program,
-      target,
-      lhs,
-      function_type,
-      function_name,
-      arguments,
-      location,
-      signature);
-}
-
-/*******************************************************************\
-
-Function: string_refine_preprocesst::make_string_function
-
-  Inputs: a position in a goto program, a function name and two Boolean options
-
- Purpose: at the current position replace `lhs=s.some_function(x,...)`
-          by `lhs=function_name(s,x,...)`;
-          option `assign_first_arg` uses `s` instead of `lhs` in the resulting
-          expression, Warning : it assumes that `s` is string-like
-          option `skip_first_arg`, removes `s` from the arguments, ie `x` is
-          the first one;
-          arguments that are string (TODO: and char array) are replaced
-          by string_exprt
-
-\*******************************************************************/
-
-void string_refine_preprocesst::make_string_function(
-  goto_programt &goto_program,
-  goto_programt::targett &target,
-  const irep_idt &function_name,
-  const std::string &signature,
-  bool assign_first_arg,
-  bool skip_first_arg)
-{
-  code_function_callt &function_call=to_code_function_call(target->code);
-  code_typet function_type=to_code_type(function_call.function().type());
-  code_typet new_type;
-  const source_locationt loc=function_call.source_location();
-  declare_function(function_name, function_type);
-  function_application_exprt rhs;
-  std::vector<exprt> args;
-  if(assign_first_arg)
-  {
-    assert(!function_call.arguments().empty());
-    rhs.type()=function_call.arguments()[0].type();
-  }
-  else
-    rhs.type()=function_type.return_type();
-  rhs.add_source_location()=function_call.source_location();
-  rhs.function()=symbol_exprt(function_name);
-
-  std::size_t start_index=skip_first_arg?1:0;
-  for(std::size_t i=start_index; i<function_call.arguments().size(); i++)
-  {
-    args.push_back(function_call.arguments()[i]);
-    new_type.parameters().push_back(function_type.parameters()[i]);
-  }
-
-  std::string new_sig=signature;
-  exprt lhs;
-
-  if(assign_first_arg)
-  {
-    assert(!function_call.arguments().empty());
-    lhs=function_call.arguments()[0];
-    std::size_t size=function_call.arguments().size();
-    if(signature.length()<=size)
-      new_sig.resize(size+1, '_');
-
-    new_sig.replace(size, 1, "S");
-  }
-  else
-    lhs=function_call.lhs();
-
-  new_type.return_type()=lhs.type();
-
-  make_string_function(
-    goto_program, target, lhs, new_type, function_name, args, loc, new_sig);
-}
-
-/*******************************************************************\
-
-Function: string_refine_preprocesst::make_string_function_call
-
-  Inputs: a position in a goto program and a function name
-
- Purpose: at the current position, replace `s.some_function(x,...)` by
-          `s=function_name(x,...)`
-
-\*******************************************************************/
-
-void string_refine_preprocesst::make_string_function_call(
-  goto_programt &goto_program,
-  goto_programt::targett &target,
-  const irep_idt &function_name,
-  const std::string &signature)
-{
-  make_string_function(
-    goto_program, target, function_name, signature, true, true);
-}
-
-/*******************************************************************\
-
-Function: string_refine_preprocesst::make_string_function_side_effect
-
-  Inputs: a position in a goto program and a function name
-
- Purpose: at the current position, replace `r=s.some_function(x,...)` by
-          > tmp=function_name(x,...)
-          > s->data=tmp.data
-          > s->length=tmp.length
-          > r=s
-
-\*******************************************************************/
-
-void string_refine_preprocesst::make_string_function_side_effect(
-  goto_programt &goto_program,
-  goto_programt::targett &target,
-  const irep_idt &function_name,
-  const std::string &signature)
-{
-  // Cannot use const & here
-  code_function_callt function_call=to_code_function_call(target->code);
-  source_locationt loc=function_call.source_location();
-  std::list<code_assignt> assignments;
-  const exprt &lhs=function_call.lhs();
-  assert(!function_call.arguments().empty());
-  const exprt &s=function_call.arguments()[0];
-  code_typet function_type=to_code_type(function_call.type());
-
-  function_type.return_type()=s.type();
-
-  if(lhs.is_not_nil())
-  {
-    symbol_exprt tmp_string=fresh_string(lhs.type(), loc);
-
-    make_string_assign(
-      goto_program,
-      target,
-      tmp_string,
-      function_type,
-      function_name,
-      function_call.arguments(),
-      loc,
-      signature);
-    dereference_exprt deref_lhs(s, s.type().subtype());
-    typet data_type, length_type;
-    get_data_and_length_type_of_string(deref_lhs, data_type, length_type);
-    member_exprt lhs_data(deref_lhs, "data", data_type);
-    member_exprt lhs_length(deref_lhs, "length", length_type);
-    dereference_exprt deref_rhs(tmp_string, s.type().subtype());
-    member_exprt rhs_data(deref_rhs, "data", data_type);
-    member_exprt rhs_length(deref_rhs, "length", length_type);
-    assignments.emplace_back(lhs_length, rhs_length);
-    assignments.emplace_back(lhs_data, rhs_data);
-    assignments.emplace_back(lhs, s);
-    target=goto_program.insert_after(target);
-    insert_assignments(
-      goto_program, target, target->function, loc, assignments);
-  }
-  else
-  {
-    make_string_function(
-      goto_program, target, function_name, signature, true, false);
-  }
-}
-
-/*******************************************************************\
-
-Function: string_refine_preprocesst::build_function_application
-
-  Inputs: a function name, a type, a location and a vector of arguments
-
- Outputs: a function application expression
-
- Purpose: declare a function and construct an function application expression
-          with the given function name, type, location and arguments
-
-\*******************************************************************/
-
-function_application_exprt
-  string_refine_preprocesst::build_function_application(
-    const irep_idt &function_name,
-    const typet &type,
-    const source_locationt &location,
-    const exprt::operandst &arguments)
-{
-  declare_function(function_name, type);
-  function_application_exprt function_app(symbol_exprt(function_name), type);
-  function_app.add_source_location()=location;
-  for(const auto &arg : arguments)
-    function_app.arguments().push_back(arg);
-
-  return function_app;
-}
-
-/*******************************************************************\
-
-Function: string_refine_preprocesst::make_to_char_array_function
-
-  Inputs: a goto program and a position in that goto program
-
- Purpose: at the given position replace `return_tmp0=s.toCharArray()` with:
-          > return_tmp0 = malloc(array[char]);
-          > return_tmp0->data=&((s->data)[0])
-          > return_tmp0->length=s->length
-
-\*******************************************************************/
-
-void string_refine_preprocesst::make_to_char_array_function(
-  goto_programt &goto_program, goto_programt::targett &target)
-{
-  const code_function_callt &function_call=to_code_function_call(target->code);
-  source_locationt location=function_call.source_location();
-
-  assert(!function_call.arguments().empty());
-  const exprt &string_argument=function_call.arguments()[0];
-  assert(is_java_string_pointer_type(string_argument.type()));
-
-  typet deref_type=function_call.lhs().type().subtype();
-  const exprt &lhs=function_call.lhs();
-  dereference_exprt deref_lhs(lhs, deref_type);
-
-  dereference_exprt deref(string_argument, string_argument.type().subtype());
-  typet length_type, data_type;
-  get_data_and_length_type_of_string(deref, data_type, length_type);
-  std::list<code_assignt> assignments;
-
-  // lhs=malloc(array[char])
-  typet object_type=ns.follow(deref_type);
-  exprt object_size=size_of_expr(object_type, ns);
-
-  if(object_size.is_nil())
-    debug() << "string_refine_preprocesst::make_to_char_array_function "
-            << "got nil object_size" << eom;
-
-  side_effect_exprt malloc_expr(ID_malloc);
-  malloc_expr.copy_to_operands(object_size);
-  malloc_expr.type()=pointer_typet(object_type);
-  malloc_expr.add_source_location()=location;
-  assignments.emplace_back(lhs, malloc_expr);
-
-
-  // &((s->data)[0])
-  exprt rhs_data=get_data(deref, data_type);
-  dereference_exprt rhs_array(rhs_data, data_type.subtype());
-  exprt first_index=from_integer(0, java_int_type());
-  index_exprt first_element(rhs_array, first_index, java_char_type());
-  address_of_exprt rhs_pointer(first_element);
-
-  // return_tmp0->data=&((s->data)[0])
-  exprt lhs_data=get_data(deref_lhs, data_type);
-  assignments.emplace_back(lhs_data, rhs_pointer);
-
-  // return_tmp0->length=s->length
-  exprt rhs_length=get_length(deref, length_type);
-  exprt lhs_length=get_length(deref_lhs, length_type);
-  assignments.emplace_back(lhs_length, rhs_length);
-  insert_assignments(
-    goto_program, target, target->function, location, assignments);
-}
-
-/*******************************************************************\
-
-Function: string_refine_preprocesst::process_arguments
-
-  Inputs: a goto program, a position, a list of expressions, a location and a
-          signature
-
- Outputs: a list of expressions
-
- Purpose: for each expression that is a string or that is at a position with
-          an 'S' character in the signature, we declare a new `cprover_string`
-          whose contents is deduced from the expression and replace the
-          expression by this cprover_string in the output list;
-          in the other case the expression is kept as is for the output list.
-
-\*******************************************************************/
-
-exprt::operandst string_refine_preprocesst::process_arguments(
-  goto_programt &goto_program,
-  goto_programt::targett &target,
-  const exprt::operandst &arguments,
-  const source_locationt &location,
-  const std::string &signature)
-{
-  exprt::operandst new_arguments;
-
-  for(std::size_t i=0; i<arguments.size(); i++)
-  {
-    exprt arg=arguments[i];
-    if(i<signature.length() && signature[i]=='S')
-    {
-      while(arg.id()==ID_typecast)
-        arg=arg.op0();
-      if(!implements_java_char_sequence(arg.type()))
-        arg=typecast_exprt(arg, jls_ptr);
-    }
-    arg=make_cprover_string_assign(goto_program, target, arg, location);
-    const typet &type=ns.follow(arg.type());
-    if(is_java_char_array_pointer_type(type))
-    {
-      arg=make_cprover_char_array_assign(goto_program, target, arg, location);
-    }
-    new_arguments.push_back(arg);
-  }
-  return new_arguments;
-}
-
-/*******************************************************************\
-
-Function: string_refine_preprocesst::function_signature
-
-  Inputs: the name of a cprover string function
-
- Outputs: a signature string
-
- Purpose: if the signature of the given function is defined, return it
-          otherwise return an empty string
-
-\*******************************************************************/
-
-std::string string_refine_preprocesst::function_signature(
-  const irep_idt &function_id)
-{
-  auto it=signatures.find(function_id);
-  if(it!=signatures.end())
-    return it->second;
-  else
-    return "";
-}
-
-/*******************************************************************\
-
-Function: string_refine_preprocesst::replace_string_calls
-
-  Inputs: a function in a goto_program
-
- Purpose: goes through the instructions, replace function calls to string
-          function by equivalent instructions using functions defined
-          for the string solver, replace string literals by string
-          expressions of the type used by the string solver
-          TODO: the current implementation is only for java functions,
-          we should add support for other languages
-
-\*******************************************************************/
-
-void string_refine_preprocesst::replace_string_calls(
-  goto_functionst::function_mapt::iterator f_it)
-{
-  goto_programt &goto_program=f_it->second.body;
-
-  Forall_goto_program_instructions(target, goto_program)
-  {
-    if(target->is_function_call())
-    {
-      const code_function_callt function_call=
-        to_code_function_call(target->code);
-
-      if(function_call.function().id()==ID_symbol)
-      {
-        const irep_idt &function_id=
-          to_symbol_expr(function_call.function()).get_identifier();
-        std::string signature=function_signature(function_id);
-
-        auto it=string_functions.find(function_id);
-        if(it!=string_functions.end())
-          make_string_function(
-            goto_program, target, it->second, signature, false, false);
-
-        it=side_effect_functions.find(function_id);
-        if(it!=side_effect_functions.end())
-          make_string_function_side_effect(
-            goto_program, target, it->second, signature);
-
-        it=string_function_calls.find(function_id);
-        if(it!=string_function_calls.end())
-          make_string_function_call(
-            goto_program, target, it->second, signature);
-
-        if(function_id==irep_idt("java::java.lang.String.toCharArray:()[C"))
-          make_to_char_array_function(goto_program, target);
-      }
-    }
-    else
-    {
-      if(target->is_assign())
-      {
-        // In assignments we replace string literals and C string functions
-        code_assignt assignment=to_code_assign(target->code);
-
-        exprt new_rhs=assignment.rhs();
-        code_assignt new_assignment(assignment.lhs(), new_rhs);
-
-        if(new_rhs.id()==ID_function_application)
-        {
-          function_application_exprt f=to_function_application_expr(new_rhs);
-          const exprt &name=f.function();
-          assert(name.id()==ID_symbol);
-          const irep_idt &id=to_symbol_expr(name).get_identifier();
-          auto it=c_string_functions.find(id);
-          if(it!=c_string_functions.end())
-          {
-            declare_function(it->second, f.type());
-            f.function()=symbol_exprt(it->second);
-            new_assignment=code_assignt(assignment.lhs(), f);
-          }
-        }
-
-        new_assignment.add_source_location()=assignment.source_location();
-        target->make_assignment();
-        target->code=new_assignment;
-      }
-    }
-  }
-  return;
-}
-
-/*******************************************************************\
-
-Function: string_refine_preprocesst::initialize_string_function_table
-
- Purpose: fill maps with correspondance from java method names to cprover
-          functions
-
-\*******************************************************************/
-
-void string_refine_preprocesst::initialize_string_function_table()
-{
-  // String library
-  string_function_calls
-    ["java::java.lang.String.<init>:(Ljava/lang/String;)V"]=
-    ID_cprover_string_copy_func;
-  string_function_calls
-    ["java::java.lang.String.<init>:(Ljava/lang/StringBuilder;)V"]=
-    ID_cprover_string_copy_func;
-  string_function_calls["java::java.lang.String.<init>:([C)V"]=
-    ID_cprover_string_copy_func;
-  string_function_calls["java::java.lang.String.<init>:([CII)V"]=
-    ID_cprover_string_copy_func;
-  string_function_calls["java::java.lang.String.<init>:()V"]=
-    ID_cprover_string_empty_string_func;
-  // Not supported java.lang.String.<init>:(Ljava/lang/StringBuffer;)
-
-  string_functions["java::java.lang.String.charAt:(I)C"]=
-    ID_cprover_string_char_at_func;
-  string_functions["java::java.lang.String.codePointAt:(I)I"]=
-    ID_cprover_string_code_point_at_func;
-  string_functions["java::java.lang.String.codePointBefore:(I)I"]=
-    ID_cprover_string_code_point_before_func;
-  string_functions["java::java.lang.String.codePointCount:(II)I"]=
-    ID_cprover_string_code_point_count_func;
-  string_functions["java::java.lang.String.compareTo:(Ljava/lang/String;)I"]=
-    ID_cprover_string_compare_to_func;
-  // Not supported "java.lang.String.contentEquals"
-  string_functions
-    ["java::java.lang.String.concat:(Ljava/lang/String;)Ljava/lang/String;"]=
-    ID_cprover_string_concat_func;
-  string_functions
-    ["java::java.lang.String.contains:(Ljava/lang/CharSequence;)Z"]=
-    ID_cprover_string_contains_func;
-  string_functions
-    ["java::java.lang.String.copyValueOf:([CII)Ljava/lang/String;"]=
-    ID_cprover_string_copy_func;
-  string_functions
-    ["java::java.lang.String.copyValueOf:([C)Ljava/lang/String;"]=
-    ID_cprover_string_copy_func;
-  string_functions["java::java.lang.String.endsWith:(Ljava/lang/String;)Z"]=
-    ID_cprover_string_endswith_func;
-  string_functions["java::java.lang.String.equals:(Ljava/lang/Object;)Z"]=
-    ID_cprover_string_equal_func;
-  string_functions
-    ["java::java.lang.String.equalsIgnoreCase:(Ljava/lang/String;)Z"]=
-    ID_cprover_string_equals_ignore_case_func;
-  // Not supported "java.lang.String.format"
-  // Not supported "java.lang.String.getBytes"
-  // Not supported "java.lang.String.getChars"
-  string_functions["java::java.lang.String.hashCode:()I"]=
-    ID_cprover_string_hash_code_func;
-  string_functions["java::java.lang.String.indexOf:(I)I"]=
-    ID_cprover_string_index_of_func;
-  string_functions["java::java.lang.String.indexOf:(II)I"]=
-    ID_cprover_string_index_of_func;
-  string_functions["java::java.lang.String.indexOf:(Ljava/lang/String;)I"]=
-    ID_cprover_string_index_of_func;
-  string_functions["java::java.lang.String.indexOf:(Ljava/lang/String;I)I"]=
-    ID_cprover_string_index_of_func;
-  string_functions["java::java.lang.String.intern:()Ljava/lang/String;"]=
-    ID_cprover_string_intern_func;
-  string_functions["java::java.lang.String.isEmpty:()Z"]=
-    ID_cprover_string_is_empty_func;
-  string_functions["java::java.lang.String.lastIndexOf:(I)I"]=
-    ID_cprover_string_last_index_of_func;
-  string_functions["java::java.lang.String.lastIndexOf:(II)I"]=
-    ID_cprover_string_last_index_of_func;
-  string_functions
-    ["java::java.lang.String.lastIndexOf:(Ljava/lang/String;)I"]=
-    ID_cprover_string_last_index_of_func;
-  string_functions
-    ["java::java.lang.String.lastIndexOf:(Ljava/lang/String;I)I"]=
-    ID_cprover_string_last_index_of_func;
-  string_functions["java::java.lang.String.length:()I"]=
-    ID_cprover_string_length_func;
-  // Not supported "java.lang.String.matches"
-  string_functions["java::java.lang.String.offsetByCodePoints:(II)I"]=
-    ID_cprover_string_offset_by_code_point_func;
-  // Not supported "java.lang.String.regionMatches"
-  string_functions["java::java.lang.String.replace:(CC)Ljava/lang/String;"]=
-    ID_cprover_string_replace_func;
-  // Not supported "java.lang.String.replace:(LCharSequence;LCharSequence)"
-  // Not supported "java.lang.String.replaceAll"
-  // Not supported "java.lang.String.replaceFirst"
-  // Not supported "java.lang.String.split"
-  string_functions["java::java.lang.String.startsWith:(Ljava/lang/String;)Z"]=
-    ID_cprover_string_startswith_func;
-  string_functions
-    ["java::java.lang.String.startsWith:(Ljava/lang/String;I)Z"]=
-    ID_cprover_string_startswith_func;
-  string_functions
-    ["java::java.lang.String.subSequence:(II)Ljava/lang/CharSequence;"]=
-   ID_cprover_string_substring_func;
-  string_functions["java::java.lang.String.substring:(II)Ljava/lang/String;"]=
-    ID_cprover_string_substring_func;
-  string_functions["java::java.lang.String.substring:(I)Ljava/lang/String;"]=
-    ID_cprover_string_substring_func;
-  // "java.lang.String.toCharArray has a special treatment in the
-  // replace_string_calls function
-  string_functions["java::java.lang.String.toLowerCase:()Ljava/lang/String;"]=
-    ID_cprover_string_to_lower_case_func;
-  // Not supported "java.lang.String.toLowerCase:(Locale)"
-  // Not supported "java.lang.String.toString:()"
-  string_functions["java::java.lang.String.toUpperCase:()Ljava/lang/String;"]=
-    ID_cprover_string_to_upper_case_func;
-  // Not supported "java.lang.String.toUpperCase:(Locale)"
-  string_functions["java::java.lang.String.trim:()Ljava/lang/String;"]=
-    ID_cprover_string_trim_func;
-  string_functions["java::java.lang.String.valueOf:(Z)Ljava/lang/String;"]=
-    ID_cprover_string_of_bool_func;
-  string_functions["java::java.lang.String.valueOf:(C)Ljava/lang/String;"]=
-    ID_cprover_string_of_char_func;
-  string_functions["java::java.lang.String.valueOf:([C)Ljava/lang/String;"]=
-    ID_cprover_string_copy_func;
-  string_functions["java::java.lang.String.valueOf:([CII)Ljava/lang/String;"]=
-    ID_cprover_string_copy_func;
-  string_functions["java::java.lang.String.valueOf:(D)Ljava/lang/String;"]=
-    ID_cprover_string_of_double_func;
-  string_functions["java::java.lang.String.valueOf:(F)Ljava/lang/String;"]=
-    ID_cprover_string_of_float_func;
-  string_functions["java::java.lang.String.valueOf:(I)Ljava/lang/String;"]=
-    ID_cprover_string_of_int_func;
-  string_functions["java::java.lang.String.valueOf:(J)Ljava/lang/String;"]=
-    ID_cprover_string_of_long_func;
-  // Not supported "java.lang.String.valueOf:(LObject;)"
-
-  // StringBuilder library
-  string_function_calls
-    ["java::java.lang.StringBuilder.<init>:(Ljava/lang/String;)V"]=
-    ID_cprover_string_copy_func;
-  string_function_calls["java::java.lang.StringBuilder.<init>:()V"]=
-    ID_cprover_string_empty_string_func;
-
-  side_effect_functions
-    ["java::java.lang.StringBuilder.append:(Z)Ljava/lang/StringBuilder;"]=
-    ID_cprover_string_concat_bool_func;
-  side_effect_functions
-      ["java::java.lang.StringBuilder.append:(C)Ljava/lang/StringBuilder;"]=
-      ID_cprover_string_concat_char_func;
-  side_effect_functions
-    ["java::java.lang.StringBuilder.append:([C)"
-      "Ljava/lang/StringBuilder;"]=
-    ID_cprover_string_concat_func;
-  // Not supported: "java.lang.StringBuilder.append:([CII)"
-  // Not supported: "java.lang.StringBuilder.append:(LCharSequence;)"
-  side_effect_functions
-    ["java::java.lang.StringBuilder.append:(D)Ljava/lang/StringBuilder;"]=
-    ID_cprover_string_concat_double_func;
-  side_effect_functions
-    ["java::java.lang.StringBuilder.append:(F)Ljava/lang/StringBuilder;"]=
-    ID_cprover_string_concat_float_func;
-  side_effect_functions
-    ["java::java.lang.StringBuilder.append:(I)Ljava/lang/StringBuilder;"]=
-    ID_cprover_string_concat_int_func;
-  side_effect_functions
-    ["java::java.lang.StringBuilder.append:(J)Ljava/lang/StringBuilder;"]=
-    ID_cprover_string_concat_long_func;
-  // Not supported: "java.lang.StringBuilder.append:(LObject;)"
-  side_effect_functions
-    ["java::java.lang.StringBuilder.append:(Ljava/lang/String;)"
-      "Ljava/lang/StringBuilder;"]=
-    ID_cprover_string_concat_func;
-  side_effect_functions
-    ["java::java.lang.StringBuilder.appendCodePoint:(I)"
-     "Ljava/lang/StringBuilder;"]=
-    ID_cprover_string_concat_code_point_func;
-  // Not supported: "java.lang.StringBuilder.append:(Ljava/lang/StringBuffer;)"
-  // Not supported: "java.lang.StringBuilder.capacity:()"
-  string_functions["java::java.lang.StringBuilder.charAt:(I)C"]=
-    ID_cprover_string_char_at_func;
-  string_functions["java::java.lang.StringBuilder.codePointAt:(I)I"]=
-    ID_cprover_string_code_point_at_func;
-  string_functions["java::java.lang.StringBuilder.codePointBefore:(I)I"]=
-    ID_cprover_string_code_point_before_func;
-  string_functions["java::java.lang.StringBuilder.codePointCount:(II)I"]=
-    ID_cprover_string_code_point_count_func;
-  side_effect_functions
-    ["java::java.lang.StringBuilder.delete:(II)Ljava/lang/StringBuilder;"]=
-    ID_cprover_string_delete_func;
-  side_effect_functions
-    ["java::java.lang.StringBuilder.deleteCharAt:(I)Ljava/lang/StringBuilder;"]=
-    ID_cprover_string_delete_char_at_func;
-  // Not supported: "java.lang.StringBuilder.ensureCapacity:()"
-  // Not supported: "java.lang.StringBuilder.getChars:()"
-  // Not supported: "java.lang.StringBuilder.indexOf:()"
-  side_effect_functions
-    ["java::java.lang.StringBuilder.insert:(IZ)Ljava/lang/StringBuilder;"]=
-    ID_cprover_string_insert_bool_func;
-  side_effect_functions
-    ["java::java.lang.StringBuilder.insert:(IC)Ljava/lang/StringBuilder;"]=
-    ID_cprover_string_insert_char_func;
-  side_effect_functions
-    ["java::java.lang.StringBuilder.insert:(I[C)Ljava/lang/StringBuilder;"]=
-    ID_cprover_string_insert_func;
-  side_effect_functions
-    ["java::java.lang.StringBuilder.insert:(I[CII)Ljava/lang/StringBuilder;"]=
-    ID_cprover_string_insert_func;
-  // Not supported "java.lang.StringBuilder.insert:(ILCharSequence;)"
-  // Not supported "java.lang.StringBuilder.insert:(ILCharSequence;II)"
-  // Not supported "java.lang.StringBuilder.insert:(ID)"
-  // Not supported "java.lang.StringBuilder.insert:(IF)"
-  side_effect_functions
-    ["java::java.lang.StringBuilder.insert:(II)Ljava/lang/StringBuilder;"]=
-    ID_cprover_string_insert_int_func;
-  side_effect_functions
-    ["java::java.lang.StringBuilder.insert:(IJ)Ljava/lang/StringBuilder;"]=
-    ID_cprover_string_insert_long_func;
-  // Not supported "java.lang.StringBuilder.insert:(ILObject;)"
-  side_effect_functions
-    ["java::java.lang.StringBuilder.insert:(ILjava/lang/String;)"
-     "Ljava/lang/StringBuilder;"]=
-    ID_cprover_string_insert_func;
-  // Not supported "java.lang.StringBuilder.lastIndexOf"
-  string_functions["java::java.lang.StringBuilder.length:()I"]=
-    ID_cprover_string_length_func;
-  // Not supported "java.lang.StringBuilder.offsetByCodePoints"
-  // Not supported "java.lang.StringBuilder.replace"
-  // Not supported "java.lang.StringBuilder.reverse"
-  side_effect_functions["java::java.lang.StringBuilder.setCharAt:(IC)V"]=
-    ID_cprover_string_char_set_func;
-  side_effect_functions
-    ["java::java.lang.StringBuilder.setLength:(I)V"]=
-    ID_cprover_string_set_length_func;
-  // Not supported "java.lang.StringBuilder.subSequence"
-  string_functions
-    ["java::java.lang.StringBuilder.substring:(II)Ljava/lang/String;"]=
-    ID_cprover_string_substring_func;
-  string_functions
-    ["java::java.lang.StringBuilder.substring:(I)Ljava/lang/String;"]=
-    ID_cprover_string_substring_func;
-  string_functions
-    ["java::java.lang.StringBuilder.toString:()Ljava/lang/String;"]=
-    ID_cprover_string_copy_func;
-  // Not supported "java.lang.StringBuilder.trimToSize"
-  // TODO clean irep ids from insert_char_array etc...
-
-  // StringBuffer library
-  string_function_calls
-    ["java::java.lang.StringBuffer.<init>:(Ljava/lang/String;)V"]=
-    ID_cprover_string_copy_func;
-  string_function_calls["java::java.lang.StringBuffer.<init>:()V"]=
-    ID_cprover_string_empty_string_func;
-
-  side_effect_functions
-    ["java::java.lang.StringBuffer.append:(Z)Ljava/lang/StringBuffer;"]=
-    ID_cprover_string_concat_bool_func;
-  side_effect_functions
-    ["java::java.lang.StringBuffer.append:(C)Ljava/lang/StringBuffer;"]=
-    ID_cprover_string_concat_char_func;
-  side_effect_functions
-    ["java::java.lang.StringBuffer.append:([C)"
-      "Ljava/lang/StringBuffer;"]=
-    ID_cprover_string_concat_func;
-  // Not supported: "java.lang.StringBuffer.append:([CII)"
-  // Not supported: "java.lang.StringBuffer.append:(LCharSequence;)"
-  side_effect_functions
-    ["java::java.lang.StringBuffer.append:(D)Ljava/lang/StringBuffer;"]=
-    ID_cprover_string_concat_double_func;
-  side_effect_functions
-    ["java::java.lang.StringBuffer.append:(F)Ljava/lang/StringBuffer;"]=
-    ID_cprover_string_concat_float_func;
-  side_effect_functions
-    ["java::java.lang.StringBuffer.append:(I)Ljava/lang/StringBuffer;"]=
-    ID_cprover_string_concat_int_func;
-  side_effect_functions
-    ["java::java.lang.StringBuffer.append:(J)Ljava/lang/StringBuffer;"]=
-    ID_cprover_string_concat_long_func;
-  // Not supported: "java.lang.StringBuffer.append:(LObject;)"
-  side_effect_functions
-    ["java::java.lang.StringBuffer.append:(Ljava/lang/String;)"
-      "Ljava/lang/StringBuffer;"]=
-    ID_cprover_string_concat_func;
-  side_effect_functions
-    ["java::java.lang.StringBuffer.appendCodePoint:(I)"
-     "Ljava/lang/StringBuffer;"]=
-    ID_cprover_string_concat_code_point_func;
-  // Not supported: "java.lang.StringBuffer.append:(Ljava/lang/StringBuffer;)"
-  // Not supported: "java.lang.StringBuffer.capacity:()"
-  string_functions["java::java.lang.StringBuffer.charAt:(I)C"]=
-    ID_cprover_string_char_at_func;
-  string_functions["java::java.lang.StringBuffer.codePointAt:(I)I"]=
-    ID_cprover_string_code_point_at_func;
-  string_functions["java::java.lang.StringBuffer.codePointBefore:(I)I"]=
-    ID_cprover_string_code_point_before_func;
-  string_functions["java::java.lang.StringBuffer.codePointCount:(II)I"]=
-    ID_cprover_string_code_point_count_func;
-  side_effect_functions
-    ["java::java.lang.StringBuffer.delete:(II)Ljava/lang/StringBuffer;"]=
-    ID_cprover_string_delete_func;
-  side_effect_functions
-    ["java::java.lang.StringBuffer.deleteCharAt:(I)Ljava/lang/StringBuffer;"]=
-    ID_cprover_string_delete_char_at_func;
-  // Not supported: "java.lang.StringBuffer.ensureCapacity:()"
-  // Not supported: "java.lang.StringBuffer.getChars:()"
-  // Not supported: "java.lang.StringBuffer.indexOf:()"
-  side_effect_functions
-    ["java::java.lang.StringBuffer.insert:(IZ)Ljava/lang/StringBuffer;"]=
-    ID_cprover_string_insert_bool_func;
-  side_effect_functions
-    ["java::java.lang.StringBuffer.insert:(IC)Ljava/lang/StringBuffer;"]=
-    ID_cprover_string_insert_char_func;
-  side_effect_functions
-    ["java::java.lang.StringBuffer.insert:(I[C)Ljava/lang/StringBuffer;"]=
-    ID_cprover_string_insert_func;
-  side_effect_functions
-    ["java::java.lang.StringBuffer.insert:(I[CII)Ljava/lang/StringBuffer;"]=
-    ID_cprover_string_insert_func;
-  // Not supported "java.lang.StringBuffer.insert:(ILCharSequence;)"
-  // Not supported "java.lang.StringBuffer.insert:(ILCharSequence;II)"
-  // Not supported "java.lang.StringBuffer.insert:(ID)"
-  // Not supported "java.lang.StringBuffer.insert:(IF)"
-  side_effect_functions
-    ["java::java.lang.StringBuffer.insert:(II)Ljava/lang/StringBuffer;"]=
-    ID_cprover_string_insert_int_func;
-  side_effect_functions
-    ["java::java.lang.StringBuffer.insert:(IJ)Ljava/lang/StringBuffer;"]=
-    ID_cprover_string_insert_long_func;
-  // Not supported "java.lang.StringBuffer.insert:(ILObject;)"
-  side_effect_functions
-    ["java::java.lang.StringBuffer.insert:(ILjava/lang/String;)"
-     "Ljava/lang/StringBuffer;"]=
-    ID_cprover_string_insert_func;
-  // Not supported "java.lang.StringBuffer.lastIndexOf"
-  string_functions["java::java.lang.StringBuffer.length:()I"]=
-    ID_cprover_string_length_func;
-  // Not supported "java.lang.StringBuffer.offsetByCodePoints"
-  // Not supported "java.lang.StringBuffer.replace"
-  // Not supported "java.lang.StringBuffer.reverse"
-  side_effect_functions["java::java.lang.StringBuffer.setCharAt:(IC)V"]=
-    ID_cprover_string_char_set_func;
-  side_effect_functions
-    ["java::java.lang.StringBuffer.setLength:(I)V"]=
-    ID_cprover_string_set_length_func;
-  // Not supported "java.lang.StringBuffer.subSequence"
-  string_functions
-    ["java::java.lang.StringBuffer.substring:(II)Ljava/lang/String;"]=
-    ID_cprover_string_substring_func;
-  string_functions
-    ["java::java.lang.StringBuffer.substring:(I)Ljava/lang/String;"]=
-    ID_cprover_string_substring_func;
-  string_functions
-    ["java::java.lang.StringBuffer.toString:()Ljava/lang/String;"]=
-    ID_cprover_string_copy_func;
-  // Not supported "java.lang.StringBuffer.trimToSize"
-
-  // Other libraries
-  string_functions["java::java.lang.CharSequence.charAt:(I)C"]=
-    ID_cprover_string_char_at_func;
-  string_functions["java::java.lang.Float.toString:(F)Ljava/lang/String;"]=
-    ID_cprover_string_of_float_func;
-  string_functions["java::java.lang.Integer.toHexString:(I)Ljava/lang/String;"]=
-    ID_cprover_string_of_int_hex_func;
-  string_functions["java::java.lang.Integer.parseInt:(Ljava/lang/String;)I"]=
-    ID_cprover_string_parse_int_func;
-  string_functions["java::java.lang.Integer.toString:(I)Ljava/lang/String;"]=
-    ID_cprover_string_of_int_func;
-
-  // C functions
-  c_string_functions["__CPROVER_uninterpreted_string_literal_func"]=
-    ID_cprover_string_literal_func;
-  c_string_functions["__CPROVER_uninterpreted_string_char_at_func"]=
-    ID_cprover_string_char_at_func;
-  c_string_functions["__CPROVER_uninterpreted_string_equal_func"]=
-    ID_cprover_string_equal_func;
-  c_string_functions["__CPROVER_uninterpreted_string_concat_func"]=
-    ID_cprover_string_concat_func;
-  c_string_functions["__CPROVER_uninterpreted_string_length_func"]=
-    ID_cprover_string_length_func;
-  c_string_functions["__CPROVER_uninterpreted_string_substring_func"]=
-    ID_cprover_string_substring_func;
-  c_string_functions["__CPROVER_uninterpreted_string_is_prefix_func"]=
-    ID_cprover_string_is_prefix_func;
-  c_string_functions["__CPROVER_uninterpreted_string_is_suffix_func"]=
-    ID_cprover_string_is_suffix_func;
-  c_string_functions["__CPROVER_uninterpreted_string_contains_func"]=
-    ID_cprover_string_contains_func;
-  c_string_functions["__CPROVER_uninterpreted_string_index_of_func"]=
-    ID_cprover_string_index_of_func;
-  c_string_functions["__CPROVER_uninterpreted_string_last_index_of_func"]=
-    ID_cprover_string_last_index_of_func;
-  c_string_functions["__CPROVER_uninterpreted_string_char_set_func"]=
-    ID_cprover_string_char_set_func;
-  c_string_functions["__CPROVER_uninterpreted_string_copy_func"]=
-    ID_cprover_string_copy_func;
-  c_string_functions["__CPROVER_uninterpreted_string_parse_int_func"]=
-    ID_cprover_string_parse_int_func;
-  c_string_functions["__CPROVER_uninterpreted_string_of_int_func"]=
-    ID_cprover_string_of_int_func;
-
-  // Signatures
-  signatures["java::java.lang.String.equals:(Ljava/lang/Object;)Z"]="SSZ";
-  signatures["java::java.lang.String.contains:(Ljava/lang/CharSequence;)Z"]=
-    "SSZ";
-  signatures["java::java.lang.StringBuilder.insert:(IZ)"
-             "Ljava/lang/StringBuilder;"]="SIZ_";
-  signatures["java::java.lang.StringBuilder.insert:(IJ)"
-             "Ljava/lang/StringBuilder;"]="SIJ_";
-  signatures["java::java.lang.StringBuilder.insert:(II)"
-             "Ljava/lang/StringBuilder;"]="SII_";
-  signatures["java::java.lang.StringBuilder.insert:(IC)"
-             "Ljava/lang/StringBuilder;"]="SIC_";
-  signatures["java::java.lang.StringBuilder.insert:(ILjava/lang/String;)"
-             "Ljava/lang/StringBuilder;"]="SIS_";
-  signatures["java::java.lang.StringBuilder.insert:(ILjava/lang/String;)"
-             "Ljava/lang/StringBuilder;"]="SIS_";
-  signatures["java::java.lang.StringBuilder.insert:(I[C)"
-             "Ljava/lang/StringBuilder;"]="SI[_";
-  signatures["java::java.lang.String.intern:()Ljava/lang/String;"]="SV";
-}
-
-/*******************************************************************\
-
-Constructor: string_refine_preprocesst::string_refine_preprocesst
-
-     Inputs: a symbol table, goto functions, a message handler
-
-    Purpose: process the goto function by replacing calls to string functions
-
-\*******************************************************************/
-
-string_refine_preprocesst::string_refine_preprocesst(
-  symbol_tablet &_symbol_table,
-  goto_functionst &_goto_functions,
-  message_handlert &_message_handler):
-    messaget(_message_handler),
-    ns(_symbol_table),
-    symbol_table(_symbol_table),
-    goto_functions(_goto_functions),
-    next_symbol_id(0),
-    jls_ptr(symbol_typet("java::java.lang.String"))
-{
-  initialize_string_function_table();
-  Forall_goto_functions(it, goto_functions)
-    replace_string_calls(it);
-}
diff --git a/src/goto-programs/string_refine_preprocess.h b/src/goto-programs/string_refine_preprocess.h
deleted file mode 100644
index df419c73750..00000000000
--- a/src/goto-programs/string_refine_preprocess.h
+++ /dev/null
@@ -1,203 +0,0 @@
-/*******************************************************************\
-
-Module: Preprocess a goto-programs so that calls to the java String
-        library are recognized by the PASS algorithm
-
-Author: Romain Brenguier
-
-Date:   September 2016
-
-\*******************************************************************/
-
-#ifndef CPROVER_GOTO_PROGRAMS_STRING_REFINE_PREPROCESS_H
-#define CPROVER_GOTO_PROGRAMS_STRING_REFINE_PREPROCESS_H
-
-#include <goto-programs/goto_model.h>
-#include <util/ui_message.h>
-#include <util/string_expr.h>
-
-class string_refine_preprocesst:public messaget
-{
- public:
-  string_refine_preprocesst(
-    symbol_tablet &, goto_functionst &, message_handlert &);
-
- private:
-  namespacet ns;
-  symbol_tablet & symbol_table;
-  goto_functionst & goto_functions;
-
-  typedef std::unordered_map<irep_idt, irep_idt, irep_id_hash> id_mapt;
-  typedef std::unordered_map<exprt, exprt, irep_hash> expr_mapt;
-
-  // Map name of Java string functions to there equivalent in the solver
-  id_mapt side_effect_functions;
-  id_mapt string_functions;
-  id_mapt c_string_functions;
-  id_mapt string_function_calls;
-
-  std::unordered_map<irep_idt, std::string, irep_id_hash> signatures;
-
-  // unique id for each newly created symbols
-  int next_symbol_id;
-
-  void initialize_string_function_table();
-
-  static bool check_java_type(const typet &type, const std::string &tag);
-
-  static bool is_java_string_pointer_type(const typet &type);
-
-  static bool is_java_string_type(const typet &type);
-
-  static bool is_java_string_builder_type(const typet &type);
-
-  static bool is_java_string_builder_pointer_type(const typet &type);
-
-  static bool is_java_string_buffer_type(const typet &type);
-
-  static bool is_java_string_buffer_pointer_type(const typet &type);
-
-  static bool is_java_char_sequence_type(const typet &type);
-
-  static bool is_java_char_sequence_pointer_type(const typet &type);
-
-  static bool is_java_char_array_type(const typet &type);
-
-  static bool is_java_char_array_pointer_type(const typet &type);
-
-  static bool implements_java_char_sequence(const typet &type)
-  {
-      return
-        is_java_char_sequence_pointer_type(type) ||
-        is_java_string_builder_pointer_type(type) ||
-        is_java_string_buffer_pointer_type(type) ||
-        is_java_string_pointer_type(type);
-  }
-
-  symbol_exprt fresh_array(
-    const typet &type, const source_locationt &location);
-  symbol_exprt fresh_string(
-    const typet &type, const source_locationt &location);
-
-  // get the data member of a java string
-  static exprt get_data(const exprt &string, const typet &data_type)
-  {
-    return member_exprt(string, "data", data_type);
-  }
-
-  // get the length member of a java string
-  exprt get_length(const exprt &string, const typet &length_type)
-  {
-    return member_exprt(string, "length", length_type);
-  }
-
-  // type of pointers to string
-  pointer_typet jls_ptr;
-  exprt replace_string(const exprt &in);
-  exprt replace_string_in_assign(const exprt &in);
-
-  void insert_assignments(
-    goto_programt &goto_program,
-    goto_programt::targett &target,
-    irep_idt function,
-    source_locationt location,
-    const std::list<code_assignt> &va);
-
-  exprt replace_string_pointer(const exprt &in);
-
-  // Replace string builders by expression of the mapping and make
-  // assignments for strings as string_exprt
-  exprt::operandst process_arguments(
-    goto_programt &goto_program,
-    goto_programt::targett &target,
-    const exprt::operandst &arguments,
-    const source_locationt &location,
-    const std::string &signature="");
-
-  // Signature of the named function if it is defined in the signature map,
-  // empty string otherwise
-  std::string function_signature(const irep_idt &function_id);
-
-  void declare_function(irep_idt function_name, const typet &type);
-
-  void get_data_and_length_type_of_string(
-    const exprt &expr, typet &data_type, typet &length_type);
-
-  void get_data_and_length_type_of_char_array(
-    const exprt &expr, typet &data_type, typet &length_type);
-
-  function_application_exprt build_function_application(
-    const irep_idt &function_name,
-    const typet &type,
-    const source_locationt &location,
-    const exprt::operandst &arguments);
-
-  void make_normal_assign(
-    goto_programt &goto_program,
-    goto_programt::targett target,
-    const exprt &lhs,
-    const code_typet &function_type,
-    const irep_idt &function_name,
-    const exprt::operandst &arguments,
-    const source_locationt &location,
-    const std::string &signature="");
-
-  void make_string_assign(
-    goto_programt &goto_program,
-    goto_programt::targett &target,
-    const exprt &lhs,
-    const code_typet &function_type,
-    const irep_idt &function_name,
-    const exprt::operandst &arguments,
-    const source_locationt &location,
-    const std::string &signature);
-
-  exprt make_cprover_string_assign(
-    goto_programt &goto_program,
-    goto_programt::targett &target,
-    const exprt &rhs,
-    const source_locationt &location);
-
-  string_exprt make_cprover_char_array_assign(
-    goto_programt &goto_program,
-    goto_programt::targett &target,
-    const exprt &rhs,
-    const source_locationt &location);
-
-  void make_string_function(
-    goto_programt &goto_program,
-    goto_programt::targett &target,
-    const irep_idt &function_name,
-    const std::string &signature,
-    bool assign_first_arg=false,
-    bool skip_first_arg=false);
-
-  void make_string_function(
-    goto_programt &goto_program,
-    goto_programt::targett &target,
-    const exprt &lhs,
-    const code_typet &function_type,
-    const irep_idt &function_name,
-    const exprt::operandst &arguments,
-    const source_locationt &location,
-    const std::string &signature);
-
-  void make_string_function_call(
-    goto_programt &goto_program,
-    goto_programt::targett &target,
-    const irep_idt &function_name,
-    const std::string &signature);
-
-  void make_string_function_side_effect(
-    goto_programt &goto_program,
-    goto_programt::targett &target,
-    const irep_idt &function_name,
-    const std::string &signature);
-
-  void make_to_char_array_function(
-    goto_programt &goto_program, goto_programt::targett &);
-
-  void replace_string_calls(goto_functionst::function_mapt::iterator f_it);
-};
-
-#endif

From e3b44c7009d19d3b8e5da235881a2d4668799fd2 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Wed, 31 May 2017 17:46:57 +0100
Subject: [PATCH 246/699] Avoid copies of string preprocess objects

Only one instance of this class should exist for a program.
---
 src/java_bytecode/java_bytecode_convert_class.cpp      | 6 +++---
 src/java_bytecode/java_bytecode_convert_class.h        | 2 +-
 src/java_bytecode/java_bytecode_convert_method.cpp     | 2 +-
 src/java_bytecode/java_bytecode_convert_method.h       | 4 ++--
 src/java_bytecode/java_bytecode_convert_method_class.h | 4 ++--
 src/java_bytecode/java_string_library_preprocess.h     | 3 +++
 6 files changed, 12 insertions(+), 9 deletions(-)

diff --git a/src/java_bytecode/java_bytecode_convert_class.cpp b/src/java_bytecode/java_bytecode_convert_class.cpp
index 29be4f70617..b16e3a74f87 100644
--- a/src/java_bytecode/java_bytecode_convert_class.cpp
+++ b/src/java_bytecode/java_bytecode_convert_class.cpp
@@ -31,7 +31,7 @@ class java_bytecode_convert_classt:public messaget
     size_t _max_array_length,
     lazy_methodst& _lazy_methods,
     lazy_methods_modet _lazy_methods_mode,
-    const java_string_library_preprocesst &_string_preprocess):
+    java_string_library_preprocesst &_string_preprocess):
     messaget(_message_handler),
     symbol_table(_symbol_table),
     max_array_length(_max_array_length),
@@ -63,7 +63,7 @@ class java_bytecode_convert_classt:public messaget
   const size_t max_array_length;
   lazy_methodst &lazy_methods;
   lazy_methods_modet lazy_methods_mode;
-  java_string_library_preprocesst string_preprocess;
+  java_string_library_preprocesst &string_preprocess;
 
   // conversion
   void convert(const classt &c);
@@ -477,7 +477,7 @@ bool java_bytecode_convert_class(
   size_t max_array_length,
   lazy_methodst &lazy_methods,
   lazy_methods_modet lazy_methods_mode,
-  const java_string_library_preprocesst &string_preprocess)
+  java_string_library_preprocesst &string_preprocess)
 {
   java_bytecode_convert_classt java_bytecode_convert_class(
     symbol_table,
diff --git a/src/java_bytecode/java_bytecode_convert_class.h b/src/java_bytecode/java_bytecode_convert_class.h
index 3bf4e59c85f..b3b71426b1d 100644
--- a/src/java_bytecode/java_bytecode_convert_class.h
+++ b/src/java_bytecode/java_bytecode_convert_class.h
@@ -22,6 +22,6 @@ bool java_bytecode_convert_class(
   size_t max_array_length,
   lazy_methodst &,
   lazy_methods_modet,
-  const java_string_library_preprocesst &string_preprocess);
+  java_string_library_preprocesst &string_preprocess);
 
 #endif // CPROVER_JAVA_BYTECODE_JAVA_BYTECODE_CONVERT_CLASS_H
diff --git a/src/java_bytecode/java_bytecode_convert_method.cpp b/src/java_bytecode/java_bytecode_convert_method.cpp
index 63cfb1a9cd5..e72ed43078a 100644
--- a/src/java_bytecode/java_bytecode_convert_method.cpp
+++ b/src/java_bytecode/java_bytecode_convert_method.cpp
@@ -2777,7 +2777,7 @@ void java_bytecode_convert_method(
   message_handlert &message_handler,
   size_t max_array_length,
   safe_pointer<ci_lazy_methodst> lazy_methods,
-  const java_string_library_preprocesst &string_preprocess)
+  java_string_library_preprocesst &string_preprocess)
 {
   static const std::unordered_set<std::string> methods_to_ignore
   {
diff --git a/src/java_bytecode/java_bytecode_convert_method.h b/src/java_bytecode/java_bytecode_convert_method.h
index 78dd9226f76..43c1cdec380 100644
--- a/src/java_bytecode/java_bytecode_convert_method.h
+++ b/src/java_bytecode/java_bytecode_convert_method.h
@@ -26,7 +26,7 @@ void java_bytecode_convert_method(
   message_handlert &message_handler,
   size_t max_array_length,
   safe_pointer<ci_lazy_methodst> lazy_methods,
-  const java_string_library_preprocesst &string_preprocess);
+  java_string_library_preprocesst &string_preprocess);
 
 inline void java_bytecode_convert_method(
   const symbolt &class_symbol,
@@ -34,7 +34,7 @@ inline void java_bytecode_convert_method(
   symbol_tablet &symbol_table,
   message_handlert &message_handler,
   size_t max_array_length,
-  const java_string_library_preprocesst &string_preprocess)
+  java_string_library_preprocesst &string_preprocess)
 {
   java_bytecode_convert_method(
     class_symbol,
diff --git a/src/java_bytecode/java_bytecode_convert_method_class.h b/src/java_bytecode/java_bytecode_convert_method_class.h
index cf3c66b8661..67cc175c184 100644
--- a/src/java_bytecode/java_bytecode_convert_method_class.h
+++ b/src/java_bytecode/java_bytecode_convert_method_class.h
@@ -33,7 +33,7 @@ class java_bytecode_convert_methodt:public messaget
     message_handlert &_message_handler,
     size_t _max_array_length,
     safe_pointer<ci_lazy_methodst> _lazy_methods,
-    const java_string_library_preprocesst &_string_preprocess):
+    java_string_library_preprocesst &_string_preprocess):
     messaget(_message_handler),
     symbol_table(_symbol_table),
     max_array_length(_max_array_length),
@@ -61,7 +61,7 @@ class java_bytecode_convert_methodt:public messaget
   irep_idt method_id;
   irep_idt current_method;
   typet method_return_type;
-  java_string_library_preprocesst string_preprocess;
+  java_string_library_preprocesst &string_preprocess;
 
 public:
   struct holet
diff --git a/src/java_bytecode/java_string_library_preprocess.h b/src/java_bytecode/java_string_library_preprocess.h
index beeed0145ff..6c0ad1a5da8 100644
--- a/src/java_bytecode/java_string_library_preprocess.h
+++ b/src/java_bytecode/java_string_library_preprocess.h
@@ -47,6 +47,9 @@ class java_string_library_preprocesst:public messaget
   bool is_known_string_type(irep_idt class_name);
 
 private:
+  // We forbid copies of the object by making the copy operator private.
+  java_string_library_preprocesst(const java_string_library_preprocesst &);
+
   static bool java_type_matches_tag(const typet &type, const std::string &tag);
   static bool is_java_string_pointer_type(const typet &type);
   static bool is_java_string_type(const typet &type);

From 0cc5ae662e2a4394bc71d771ea31c3e7bd4e3fe4 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Mon, 5 Jun 2017 11:59:21 +0100
Subject: [PATCH 247/699] Using delete to forbid copies of objects

---
 src/java_bytecode/java_string_library_preprocess.h | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/java_bytecode/java_string_library_preprocess.h b/src/java_bytecode/java_string_library_preprocess.h
index 6c0ad1a5da8..f9bfb8cffc6 100644
--- a/src/java_bytecode/java_string_library_preprocess.h
+++ b/src/java_bytecode/java_string_library_preprocess.h
@@ -47,8 +47,9 @@ class java_string_library_preprocesst:public messaget
   bool is_known_string_type(irep_idt class_name);
 
 private:
-  // We forbid copies of the object by making the copy operator private.
-  java_string_library_preprocesst(const java_string_library_preprocesst &);
+  // We forbid copies of the object
+  java_string_library_preprocesst(
+    const java_string_library_preprocesst &)=delete;
 
   static bool java_type_matches_tag(const typet &type, const std::string &tag);
   static bool is_java_string_pointer_type(const typet &type);

From 86de08fbc00966dce50a54141593b7a610875716 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Tue, 7 Mar 2017 20:51:24 +0000
Subject: [PATCH 248/699] Update strings-smoke-test

Script to gather performances on string tests
Draw graphs in a png file.
The file name contains the date and commit.
---
 regression/strings-smoke-tests/Makefile       |  35 ++++++++++++++++--
 .../java_append_int/test.desc                 |   2 +-
 .../java_contains/test.desc                   |   5 +--
 .../java_contains/test_contains.class         | Bin 716 -> 689 bytes
 .../java_contains/test_contains.java          |   3 +-
 .../java_endswith/test.desc                   |   2 +-
 .../strings-smoke-tests/java_float/test.desc  |   2 +-
 .../java_insert_int/test.desc                 |   2 +-
 regression/strings-smoke-tests/performance.py |  34 +++++++++++++++++
 .../strings-smoke-tests/performance_draw.gp   |   7 ++++
 regression/strings/StringValueOf08/test.desc  |   2 +-
 11 files changed, 82 insertions(+), 12 deletions(-)
 create mode 100755 regression/strings-smoke-tests/performance.py
 create mode 100644 regression/strings-smoke-tests/performance_draw.gp

diff --git a/regression/strings-smoke-tests/Makefile b/regression/strings-smoke-tests/Makefile
index c41ab1c5be8..47653a6bb95 100644
--- a/regression/strings-smoke-tests/Makefile
+++ b/regression/strings-smoke-tests/Makefile
@@ -1,9 +1,38 @@
+default: tests.log
 
 test:
-	@../test.pl -c ../../../src/cbmc/cbmc
+	@if ! ../test.pl -c ../../../src/cbmc/cbmc ; then \
+		../failed-tests-printer.pl ; \
+		exit 1 ; \
+	fi
 
 testfuture:
-	@../test.pl -c ../../../src/cbmc/cbmc -CF
+	@if ! ../test.pl -c ../../../src/cbmc/cbmc -CF ; then \
+		../failed-tests-printer.pl ; \
+		exit 1 ; \
+	fi
 
 testall:
-	@../test.pl -c ../../../src/cbmc/cbmc -CFTK
+	@if ! ../test.pl -c ../../../src/cbmc/cbmc -CFTK ; then \
+		../failed-tests-printer.pl ; \
+		exit 1 ; \
+	fi
+
+tests.log: ../test.pl
+	@if ! ../test.pl -c ../../../src/cbmc/cbmc ; then \
+		../failed-tests-printer.pl ; \
+		exit 1 ; \
+	fi
+
+show:
+	@for dir in *; do \
+		if [ -d "$$dir" ]; then \
+			vim -o "$$dir/*.c" "$$dir/*.out"; \
+		fi; \
+	done;
+
+clean:
+	find -name '*.out' -execdir $(RM) '{}' \;
+	find -name '*.gb' -execdir $(RM) '{}' \;
+	$(RM) tests.log
+
diff --git a/regression/strings-smoke-tests/java_append_int/test.desc b/regression/strings-smoke-tests/java_append_int/test.desc
index e0b30e7827d..e1455859470 100644
--- a/regression/strings-smoke-tests/java_append_int/test.desc
+++ b/regression/strings-smoke-tests/java_append_int/test.desc
@@ -1,4 +1,4 @@
-CORE
+FUTURE
 test_append_int.class
 --refine-strings
 ^EXIT=0$
diff --git a/regression/strings-smoke-tests/java_contains/test.desc b/regression/strings-smoke-tests/java_contains/test.desc
index e40d51aa473..0c10fd4de93 100644
--- a/regression/strings-smoke-tests/java_contains/test.desc
+++ b/regression/strings-smoke-tests/java_contains/test.desc
@@ -1,9 +1,8 @@
-KNOWNBUG
+CORE
 test_contains.class
 --refine-strings
-^EXIT=10$
+^EXIT=0$
 ^SIGNAL=0$
 ^\[.*assertion.1\].* line 8.* SUCCESS$
-^\[.*assertion.2\].* line 9.* FAILURE$
 --
 Issue: diffblue/test-gen#201
diff --git a/regression/strings-smoke-tests/java_contains/test_contains.class b/regression/strings-smoke-tests/java_contains/test_contains.class
index adf0ece000a23e9f4fd98803c8c74cbbf0aec72e..989f5f04279074c7c827f6aec6cb3100ff201b36 100644
GIT binary patch
delta 79
zcmX@Zx{-AQBNJyb12YgZFsM)FVp22R2xKua2m?tm238=+%D~0I#=y(K&LF_R!Jx*#
X%^(UC<zry{$Dqc}AO=B`8<>0mYNiMw

delta 106
zcmdnUdWLlaBNJyG12YgZFxXD!Vp0p(#K1m_L0C&?8w1BI2JYPqoRQlZxb|-Z$}=$t
x14$_cHXzB$zy+jv8Q2*F7&sWz7&sYhfFhzm8GZ()e++8u3}O%@Iysfe2LPWt4sHMd

diff --git a/regression/strings-smoke-tests/java_contains/test_contains.java b/regression/strings-smoke-tests/java_contains/test_contains.java
index 5112c344c09..fb585a2f0eb 100644
--- a/regression/strings-smoke-tests/java_contains/test_contains.java
+++ b/regression/strings-smoke-tests/java_contains/test_contains.java
@@ -6,6 +6,7 @@ public static void main(/*String[] argv*/)
       String u = "bc";
       String t = "ab";
       assert(s.contains(u));
-      assert(s.contains(t));
+      // Long version:
+      // assert(s.contains(t));
    }
 }
diff --git a/regression/strings-smoke-tests/java_endswith/test.desc b/regression/strings-smoke-tests/java_endswith/test.desc
index 8b058f48d78..002bd3015da 100644
--- a/regression/strings-smoke-tests/java_endswith/test.desc
+++ b/regression/strings-smoke-tests/java_endswith/test.desc
@@ -1,6 +1,6 @@
 CORE
 test_endswith.class
---refine-strings
+--refine-strings --string-max-length 100
 ^EXIT=10$
 ^SIGNAL=0$
 ^\[.*assertion.1\].* line 9.* SUCCESS$
diff --git a/regression/strings-smoke-tests/java_float/test.desc b/regression/strings-smoke-tests/java_float/test.desc
index e81b6b4feba..427d1fca836 100644
--- a/regression/strings-smoke-tests/java_float/test.desc
+++ b/regression/strings-smoke-tests/java_float/test.desc
@@ -1,4 +1,4 @@
-CORE
+FUTURE
 test_float.class
 --refine-strings
 ^EXIT=0$
diff --git a/regression/strings-smoke-tests/java_insert_int/test.desc b/regression/strings-smoke-tests/java_insert_int/test.desc
index df87a5f5728..dc039fedbea 100644
--- a/regression/strings-smoke-tests/java_insert_int/test.desc
+++ b/regression/strings-smoke-tests/java_insert_int/test.desc
@@ -1,4 +1,4 @@
-CORE
+FUTURE
 test_insert_int.class
 --refine-strings
 ^EXIT=0$
diff --git a/regression/strings-smoke-tests/performance.py b/regression/strings-smoke-tests/performance.py
new file mode 100755
index 00000000000..9e7b5a93279
--- /dev/null
+++ b/regression/strings-smoke-tests/performance.py
@@ -0,0 +1,34 @@
+#!/usr/bin/python
+
+'''
+This script collects the running times of the tests present in the current
+directory.
+
+It does not run the tests but reads the already present output files.
+
+Usage:
+    python performance.py
+
+Dependencies:
+    gnuplot http://www.gnuplot.info/
+'''
+
+import time
+from subprocess import check_output
+from subprocess import check_call
+
+git_output = check_output(['git', 'show', 'HEAD'])
+commit = git_output.split('\n')[0]
+commit_id = time.strftime('%Y_%m_%d__%H_%M_%S')+'__'+commit[7:]
+
+process = check_output(['grep', '^Runtime decision procedure', '-R'])
+file_name = 'performance_'+commit_id+'.out'
+
+print 'writing to file', file_name
+
+with open(file_name, 'w') as f:
+    f.write(process)
+
+print('drawing to file', file_name+'.png')
+check_call(['gnuplot', '-e', 'file="'+file_name+'"', '-e',
+            'outputfile="'+file_name+'.png"', 'performance_draw.gp'])
diff --git a/regression/strings-smoke-tests/performance_draw.gp b/regression/strings-smoke-tests/performance_draw.gp
new file mode 100644
index 00000000000..9f57ad24742
--- /dev/null
+++ b/regression/strings-smoke-tests/performance_draw.gp
@@ -0,0 +1,7 @@
+set datafile separator ":"
+set term png
+set output outputfile
+set logscale y 10
+set yrange  [0.01:100]
+
+plot file using 3 with lines
diff --git a/regression/strings/StringValueOf08/test.desc b/regression/strings/StringValueOf08/test.desc
index 474c02ef13f..70994423c68 100644
--- a/regression/strings/StringValueOf08/test.desc
+++ b/regression/strings/StringValueOf08/test.desc
@@ -1,6 +1,6 @@
 FUTURE
 StringValueOf08.class
---refine-strings
+--refine-strings --string-max-length 100
 ^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$

From 56800d52eca33b06978f8863f333ef43fbabc6c3 Mon Sep 17 00:00:00 2001
From: Joel Allred <joel.allred@diffblue.com>
Date: Thu, 20 Apr 2017 10:51:08 +0100
Subject: [PATCH 249/699] Add strings-smoke-tests to regression Makefile

---
 regression/Makefile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/regression/Makefile b/regression/Makefile
index 296f583cc5e..1079463d977 100644
--- a/regression/Makefile
+++ b/regression/Makefile
@@ -6,6 +6,7 @@ DIRS = ansi-c \
        goto-analyzer \
        goto-instrument \
        goto-instrument-typedef \
+       strings-smoke-tests \
        test-script \
        # Empty last line
 

From f9199a097a2c7d889b8ea95115e957294e8da450 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Fri, 26 May 2017 18:01:26 +0100
Subject: [PATCH 250/699] Make index_of precise diffblue/test-gen#77

Adding constraints to make sure the index_of primitive of the string
solver is precise.
Also add specific constraints for constant argument in indexOf to
improve performances in that case.
---
 .../string_constraint_generator_indexof.cpp   | 100 ++++++++++++++++--
 1 file changed, 89 insertions(+), 11 deletions(-)

diff --git a/src/solvers/refinement/string_constraint_generator_indexof.cpp b/src/solvers/refinement/string_constraint_generator_indexof.cpp
index d799091a573..407bab2c5ba 100644
--- a/src/solvers/refinement/string_constraint_generator_indexof.cpp
+++ b/src/solvers/refinement/string_constraint_generator_indexof.cpp
@@ -73,12 +73,17 @@ exprt string_constraint_generatort::add_axioms_for_index_of(
 
 Function: string_constraint_generatort::add_axioms_for_index_of_string
 
-  Inputs: two string expressions and an integer expression
+  Inputs:
+    str - a string expression
+    substring - a string expression
+    from_index - an expression representing an index in strings
 
  Outputs: a integer expression
 
- Purpose: add axioms stating that the returned value is either -1 or greater
-          than from_index and the string beggining there has prefix substring
+ Purpose: add axioms stating that the returned value is an index greater than
+          from_index such that str at that index starts with substring and is
+          the first occurence of substring in str, or -1 if str does not contain
+          substring.
 
 \*******************************************************************/
 
@@ -92,20 +97,24 @@ exprt string_constraint_generatort::add_axioms_for_index_of_string(
   symbol_exprt contains=fresh_boolean("contains_substring");
 
   // We add axioms:
-  // a1 : contains => |str|-|substring|>=offset>=from_index
-  // a2 : !contains => offset=-1
-  // a3 : forall 0<=witness<|substring|.
-  //        contains => str[witness+offset]=substring[witness]
+  // a1 : contains => from_index <= offset <= |str|-|substring|
+  // a2 : !contains <=> offset=-1
+  // a3 : forall n:[0,|substring|[.
+  //        contains => str[n+offset]=substring[n]
+  // a4 : forall n:[from_index,offset[.
+  //        contains => (exists m:[0,|substring|[. str[m+n]!=substring[m]])
+  // a5:  forall n:[from_index,|str|-|substring|[.
+  //        !contains => (exists m:[0,|substring|[. str[m+n]!=substring[m])
 
   implies_exprt a1(
     contains,
     and_exprt(
-      str.axiom_for_is_longer_than(plus_exprt_with_overflow_check(
-        substring.length(), offset)),
-      binary_relation_exprt(offset, ID_ge, from_index)));
+      binary_relation_exprt(from_index, ID_le, offset),
+      binary_relation_exprt(
+        offset, ID_le, minus_exprt(str.length(), substring.length()))));
   axioms.push_back(a1);
 
-  implies_exprt a2(
+  equal_exprt a2(
     not_exprt(contains),
     equal_exprt(offset, from_integer(-1, index_type)));
   axioms.push_back(a2);
@@ -118,9 +127,78 @@ exprt string_constraint_generatort::add_axioms_for_index_of_string(
     equal_exprt(str[plus_exprt(qvar, offset)], substring[qvar]));
   axioms.push_back(a3);
 
+  if(!is_constant_string(substring))
+  {
+    // string_not contains_constraintt are formula of the form:
+    // forall x in [lb,ub[. p(x) => exists y in [lb,ub[. s1[x+y] != s2[y]
+    string_not_contains_constraintt a4(
+      from_index,
+      offset,
+      contains,
+      from_integer(0, index_type),
+      substring.length(),
+      str,
+      substring);
+    axioms.push_back(a4);
+
+    string_not_contains_constraintt a5(
+      from_index,
+      minus_exprt(str.length(), substring.length()),
+      not_exprt(contains),
+      from_integer(0, index_type),
+      substring.length(),
+      str,
+      substring);
+    axioms.push_back(a5);
+  }
+  else
+  {
+    // Unfold the existential quantifier as a disjunction in case of a constant
+    // a4 && a5 <=> a6:
+    //  forall n:[from_index,|str|-|substring|].
+    //    !contains || n < offset =>
+    //       str[n]!=substring[0] || ... ||
+    //       str[n+|substring|-1]!=substring[|substring|-1]
+    symbol_exprt qvar2=fresh_univ_index("QA_index_of_string_2", index_type);
+    mp_integer sub_length;
+    assert(!to_integer(substring.length(), sub_length));
+    exprt::operandst disjuncts;
+    for(mp_integer offset=0; offset<sub_length; ++offset)
+    {
+      exprt expr_offset=from_integer(offset, index_type);
+      plus_exprt shifted(expr_offset, qvar2);
+      disjuncts.push_back(
+        not_exprt(equal_exprt(str[shifted], substring[expr_offset])));
+    }
+
+    or_exprt premise(
+      not_exprt(contains), binary_relation_exprt(qvar, ID_lt, offset));
+    minus_exprt length_diff(str.length(), substring.length());
+    string_constraintt a6(
+      qvar2,
+      from_index,
+      plus_exprt(from_integer(1, index_type), length_diff),
+      premise,
+      disjunction(disjuncts));
+    axioms.push_back(a6);
+  }
+
   return offset;
 }
 
+/*******************************************************************\
+
+Function: string_constraint_generatort::add_axioms_for_last_index_of_string
+
+  Inputs: two string expressions and an integer expression
+
+ Outputs: a integer expression
+
+ Purpose: add axioms stating that the returned value is either -1 or less
+          than from_index and the string beggining there has prefix substring
+
+\*******************************************************************/
+
 exprt string_constraint_generatort::add_axioms_for_last_index_of_string(
   const string_exprt &str,
   const string_exprt &substring,

From bc59d0c6acbd3e918f52741bac80398ab40bd7d6 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Wed, 31 May 2017 11:18:21 +0100
Subject: [PATCH 251/699] Making lastIndexOf precise diffblue/test-gen#77

---
 .../string_constraint_generator_indexof.cpp   | 57 +++++++++++++++----
 1 file changed, 47 insertions(+), 10 deletions(-)

diff --git a/src/solvers/refinement/string_constraint_generator_indexof.cpp b/src/solvers/refinement/string_constraint_generator_indexof.cpp
index 407bab2c5ba..c4400de5471 100644
--- a/src/solvers/refinement/string_constraint_generator_indexof.cpp
+++ b/src/solvers/refinement/string_constraint_generator_indexof.cpp
@@ -82,8 +82,8 @@ Function: string_constraint_generatort::add_axioms_for_index_of_string
 
  Purpose: add axioms stating that the returned value is an index greater than
           from_index such that str at that index starts with substring and is
-          the first occurence of substring in str, or -1 if str does not contain
-          substring.
+          the first occurence of substring in str after from_index,
+          or returned value is -1 if str does not contain substring.
 
 \*******************************************************************/
 
@@ -190,12 +190,17 @@ exprt string_constraint_generatort::add_axioms_for_index_of_string(
 
 Function: string_constraint_generatort::add_axioms_for_last_index_of_string
 
-  Inputs: two string expressions and an integer expression
+  Inputs:
+    str - a string expression
+    substring - a string expression
+    from_index - an expression representing an index in strings
 
  Outputs: a integer expression
 
- Purpose: add axioms stating that the returned value is either -1 or less
-          than from_index and the string beggining there has prefix substring
+ Purpose: add axioms stating that the returned value is an index less than
+          from_index such that str at that index starts with substring and is
+          the last occurence of substring in str before from_index,
+          or the returned value is -1 if str does not contain substring.
 
 \*******************************************************************/
 
@@ -209,10 +214,16 @@ exprt string_constraint_generatort::add_axioms_for_last_index_of_string(
   symbol_exprt contains=fresh_boolean("contains_substring");
 
   // We add axioms:
-  // a1 : contains => |substring| >= length &&offset <= from_index
-  // a2 : !contains => offset=-1
-  // a3 : forall 0 <= witness<substring.length,
-  //        contains => str[witness+offset]=substring[witness]
+  // a1 : contains => |substring| >= length && offset <= from_index
+  // a2 : !contains <=> offset=-1
+  // a3 : forall n:[0, substring.length[,
+  //        contains => str[n+offset]=substring[n]
+  // a4 : forall n:[offset+1, min(from_index, |str| - |substring|)].
+  //        contains =>
+  //          (exists m:[0,|substring|[. str[m+n]!=substring[m]])
+  // a5:  forall n:[0, min(from_index, |str| - |substring|)].
+  //        !contains =>
+  //          (exists m:[0,|substring|[. str[m+n]!=substring[m])
 
   implies_exprt a1(
     contains,
@@ -222,7 +233,7 @@ exprt string_constraint_generatort::add_axioms_for_last_index_of_string(
       binary_relation_exprt(offset, ID_le, from_index)));
   axioms.push_back(a1);
 
-  implies_exprt a2(
+  equal_exprt a2(
     not_exprt(contains),
     equal_exprt(offset, from_integer(-1, index_type)));
   axioms.push_back(a2);
@@ -232,6 +243,32 @@ exprt string_constraint_generatort::add_axioms_for_last_index_of_string(
   string_constraintt a3(qvar, substring.length(), contains, constr3);
   axioms.push_back(a3);
 
+  // end_index is min(from_index, |str| - |substring|)
+  minus_exprt length_diff(str.length(), substring.length());
+  if_exprt end_index(
+    binary_relation_exprt(from_index, ID_le, length_diff),
+    from_index,
+    length_diff);
+  string_not_contains_constraintt a4(
+    plus_exprt(offset, from_integer(1, index_type)),
+    from_index,
+    end_index,
+    from_integer(0, index_type),
+    substring.length(),
+    str,
+    substring);
+  axioms.push_back(a4);
+
+  string_not_contains_constraintt a5(
+    from_integer(0, index_type),
+    end_index,
+    not_exprt(contains),
+    from_integer(0, index_type),
+    substring.length(),
+    str,
+    substring);
+  axioms.push_back(a5);
+
   return offset;
 }
 

From 4f4df8e1a9d329dbfab02e5e20f97a7f029f58a8 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Wed, 31 May 2017 11:31:19 +0100
Subject: [PATCH 252/699] Optimize last_index_of for constant argument

---
 .../string_constraint_generator_indexof.cpp   | 70 ++++++++++++++-----
 1 file changed, 52 insertions(+), 18 deletions(-)

diff --git a/src/solvers/refinement/string_constraint_generator_indexof.cpp b/src/solvers/refinement/string_constraint_generator_indexof.cpp
index c4400de5471..e0bb2ea1001 100644
--- a/src/solvers/refinement/string_constraint_generator_indexof.cpp
+++ b/src/solvers/refinement/string_constraint_generator_indexof.cpp
@@ -249,25 +249,59 @@ exprt string_constraint_generatort::add_axioms_for_last_index_of_string(
     binary_relation_exprt(from_index, ID_le, length_diff),
     from_index,
     length_diff);
-  string_not_contains_constraintt a4(
-    plus_exprt(offset, from_integer(1, index_type)),
-    from_index,
-    end_index,
-    from_integer(0, index_type),
-    substring.length(),
-    str,
-    substring);
-  axioms.push_back(a4);
 
-  string_not_contains_constraintt a5(
-    from_integer(0, index_type),
-    end_index,
-    not_exprt(contains),
-    from_integer(0, index_type),
-    substring.length(),
-    str,
-    substring);
-  axioms.push_back(a5);
+  if(!is_constant_string(substring))
+  {
+    string_not_contains_constraintt a4(
+      plus_exprt(offset, from_integer(1, index_type)),
+      from_index,
+      plus_exprt(end_index, from_integer(1, index_type)),
+      from_integer(0, index_type),
+      substring.length(),
+      str,
+      substring);
+    axioms.push_back(a4);
+
+    string_not_contains_constraintt a5(
+      from_integer(0, index_type),
+      plus_exprt(end_index, from_integer(1, index_type)),
+      not_exprt(contains),
+      from_integer(0, index_type),
+      substring.length(),
+      str,
+      substring);
+    axioms.push_back(a5);
+  }
+  else
+  {
+    // Unfold the existential quantifier as a disjunction in case of a constant
+    // a4 && a5 <=> a6:
+    //  forall n:[0, min(from_index,|str|-|substring|)].
+    //    !contains || n > offset =>
+    //       str[n]!=substring[0] || ... ||
+    //       str[n+|substring|-1]!=substring[|substring|-1]
+    symbol_exprt qvar2=fresh_univ_index("QA_index_of_string_2", index_type);
+    mp_integer sub_length;
+    assert(!to_integer(substring.length(), sub_length));
+    exprt::operandst disjuncts;
+    for(mp_integer offset=0; offset<sub_length; ++offset)
+    {
+      exprt expr_offset=from_integer(offset, index_type);
+      plus_exprt shifted(expr_offset, qvar2);
+      disjuncts.push_back(
+        not_exprt(equal_exprt(str[shifted], substring[expr_offset])));
+    }
+
+    or_exprt premise(
+      not_exprt(contains), binary_relation_exprt(qvar, ID_gt, offset));
+    string_constraintt a6(
+      qvar2,
+      from_index,
+      plus_exprt(from_integer(1, index_type), end_index),
+      premise,
+      disjunction(disjuncts));
+    axioms.push_back(a6);
+  }
 
   return offset;
 }

From 9b11653a8d431b3fbe2ff692ee5d0713aa164391 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Wed, 31 May 2017 11:22:07 +0100
Subject: [PATCH 253/699] Updating comments for index_of and last_index_of on
 characters

---
 .../string_constraint_generator_indexof.cpp   | 29 +++++++++++++++++--
 1 file changed, 26 insertions(+), 3 deletions(-)

diff --git a/src/solvers/refinement/string_constraint_generator_indexof.cpp b/src/solvers/refinement/string_constraint_generator_indexof.cpp
index e0bb2ea1001..6d2bd8e6bd5 100644
--- a/src/solvers/refinement/string_constraint_generator_indexof.cpp
+++ b/src/solvers/refinement/string_constraint_generator_indexof.cpp
@@ -13,12 +13,17 @@ Author: Romain Brenguier, romain.brenguier@diffblue.com
 
 Function: string_constraint_generatort::add_axioms_for_index_of
 
-  Inputs: a string expression, a character expression and an integer expression
+  Inputs:
+    str - a string expression
+    c - an expression representing a character
+    from_index - an expression representing an index in the string
 
  Outputs: a integer expression
 
- Purpose: add axioms that the returned value is either -1 or greater than
-          from_index and the character at that position equals to c
+ Purpose: add axioms stating that the returned value is either:
+          -1 if the string does not contain c
+          an index greater than from_index such that the character of str at
+          that position equals c and is the first occurence after from_index.
 
 \*******************************************************************/
 
@@ -350,6 +355,24 @@ exprt string_constraint_generatort::add_axioms_for_index_of(
   }
 }
 
+/*******************************************************************\
+
+Function: string_constraint_generatort::add_axioms_for_last_index_of
+
+  Inputs:
+    str - a string expression
+    c - an expression representing a character
+    from_index - an expression representing an index in the string
+
+ Outputs: a integer expression
+
+ Purpose: add axioms stating that the returned value is either:
+          -1 if the string does not contain c
+          an index less than from_index such that the character of str at
+          that position equals c and is the last occurence before from_index.
+
+\*******************************************************************/
+
 exprt string_constraint_generatort::add_axioms_for_last_index_of(
   const string_exprt &str, const exprt &c, const exprt &from_index)
 {

From bc3eedc52d9c82f5aab40937a91a18d5793f1cd7 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Mon, 5 Jun 2017 19:24:04 +0100
Subject: [PATCH 254/699] Replacing str and substring by haystack and needle

For clarity about the role of the arguments.
---
 .../refinement/string_constraint_generator.h  |  4 +-
 .../string_constraint_generator_indexof.cpp   | 42 +++++++++----------
 2 files changed, 23 insertions(+), 23 deletions(-)

diff --git a/src/solvers/refinement/string_constraint_generator.h b/src/solvers/refinement/string_constraint_generator.h
index 525f0fee3d7..c37b801e87e 100644
--- a/src/solvers/refinement/string_constraint_generator.h
+++ b/src/solvers/refinement/string_constraint_generator.h
@@ -198,8 +198,8 @@ class string_constraint_generatort
   // we add axioms stating that the returned value is either -1 or greater than
   // from_index and the string beggining there has prefix substring
   exprt add_axioms_for_index_of_string(
-    const string_exprt &str,
-    const string_exprt &substring,
+    const string_exprt &haystack,
+    const string_exprt &needle,
     const exprt &from_index);
 
   // Add axioms corresponding to the String.indexOf java functions
diff --git a/src/solvers/refinement/string_constraint_generator_indexof.cpp b/src/solvers/refinement/string_constraint_generator_indexof.cpp
index 6d2bd8e6bd5..f3f03db455a 100644
--- a/src/solvers/refinement/string_constraint_generator_indexof.cpp
+++ b/src/solvers/refinement/string_constraint_generator_indexof.cpp
@@ -79,25 +79,25 @@ exprt string_constraint_generatort::add_axioms_for_index_of(
 Function: string_constraint_generatort::add_axioms_for_index_of_string
 
   Inputs:
-    str - a string expression
+    haystack - a string expression
     substring - a string expression
     from_index - an expression representing an index in strings
 
  Outputs: a integer expression
 
  Purpose: add axioms stating that the returned value is an index greater than
-          from_index such that str at that index starts with substring and is
-          the first occurence of substring in str after from_index,
-          or returned value is -1 if str does not contain substring.
+          from_index such that haystack at that index starts with needle and
+          is the first occurence of needle in haystack after from_index,
+          or returned value is -1 if haystack does not contain needle.
 
 \*******************************************************************/
 
 exprt string_constraint_generatort::add_axioms_for_index_of_string(
-  const string_exprt &str,
-  const string_exprt &substring,
+  const string_exprt &haystack,
+  const string_exprt &needle,
   const exprt &from_index)
 {
-  const typet &index_type=str.length().type();
+  const typet &index_type=haystack.length().type();
   symbol_exprt offset=fresh_exist_index("index_of", index_type);
   symbol_exprt contains=fresh_boolean("contains_substring");
 
@@ -116,7 +116,7 @@ exprt string_constraint_generatort::add_axioms_for_index_of_string(
     and_exprt(
       binary_relation_exprt(from_index, ID_le, offset),
       binary_relation_exprt(
-        offset, ID_le, minus_exprt(str.length(), substring.length()))));
+        offset, ID_le, minus_exprt(haystack.length(), needle.length()))));
   axioms.push_back(a1);
 
   equal_exprt a2(
@@ -127,12 +127,12 @@ exprt string_constraint_generatort::add_axioms_for_index_of_string(
   symbol_exprt qvar=fresh_univ_index("QA_index_of_string", index_type);
   string_constraintt a3(
     qvar,
-    substring.length(),
+    needle.length(),
     contains,
-    equal_exprt(str[plus_exprt(qvar, offset)], substring[qvar]));
+    equal_exprt(haystack[plus_exprt(qvar, offset)], needle[qvar]));
   axioms.push_back(a3);
 
-  if(!is_constant_string(substring))
+  if(!is_constant_string(needle))
   {
     // string_not contains_constraintt are formula of the form:
     // forall x in [lb,ub[. p(x) => exists y in [lb,ub[. s1[x+y] != s2[y]
@@ -141,19 +141,19 @@ exprt string_constraint_generatort::add_axioms_for_index_of_string(
       offset,
       contains,
       from_integer(0, index_type),
-      substring.length(),
-      str,
-      substring);
+      needle.length(),
+      haystack,
+      needle);
     axioms.push_back(a4);
 
     string_not_contains_constraintt a5(
       from_index,
-      minus_exprt(str.length(), substring.length()),
+      minus_exprt(haystack.length(), needle.length()),
       not_exprt(contains),
       from_integer(0, index_type),
-      substring.length(),
-      str,
-      substring);
+      needle.length(),
+      haystack,
+      needle);
     axioms.push_back(a5);
   }
   else
@@ -166,19 +166,19 @@ exprt string_constraint_generatort::add_axioms_for_index_of_string(
     //       str[n+|substring|-1]!=substring[|substring|-1]
     symbol_exprt qvar2=fresh_univ_index("QA_index_of_string_2", index_type);
     mp_integer sub_length;
-    assert(!to_integer(substring.length(), sub_length));
+    assert(!to_integer(needle.length(), sub_length));
     exprt::operandst disjuncts;
     for(mp_integer offset=0; offset<sub_length; ++offset)
     {
       exprt expr_offset=from_integer(offset, index_type);
       plus_exprt shifted(expr_offset, qvar2);
       disjuncts.push_back(
-        not_exprt(equal_exprt(str[shifted], substring[expr_offset])));
+        not_exprt(equal_exprt(haystack[shifted], needle[expr_offset])));
     }
 
     or_exprt premise(
       not_exprt(contains), binary_relation_exprt(qvar, ID_lt, offset));
-    minus_exprt length_diff(str.length(), substring.length());
+    minus_exprt length_diff(haystack.length(), needle.length());
     string_constraintt a6(
       qvar2,
       from_index,

From 666bec08852e8d87d00571d592f66cc3fef611c6 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Mon, 5 Jun 2017 19:25:05 +0100
Subject: [PATCH 255/699] Removing comments about lastIndexOf being imprecise

The previous commits now make these functions precise.
---
 src/solvers/refinement/string_constraint_generator.h | 7 -------
 1 file changed, 7 deletions(-)

diff --git a/src/solvers/refinement/string_constraint_generator.h b/src/solvers/refinement/string_constraint_generator.h
index c37b801e87e..fd19ee1452f 100644
--- a/src/solvers/refinement/string_constraint_generator.h
+++ b/src/solvers/refinement/string_constraint_generator.h
@@ -194,21 +194,15 @@ class string_constraint_generatort
     const exprt &from_index);
 
   // Add axioms corresponding to the String.indexOf:(String;I) java function
-  // TODO: the specifications are only partial:
-  // we add axioms stating that the returned value is either -1 or greater than
-  // from_index and the string beggining there has prefix substring
   exprt add_axioms_for_index_of_string(
     const string_exprt &haystack,
     const string_exprt &needle,
     const exprt &from_index);
 
   // Add axioms corresponding to the String.indexOf java functions
-  // TODO: the specifications are only partial for the ones that look for
-  // strings
   exprt add_axioms_for_index_of(const function_application_exprt &f);
 
   // Add axioms corresponding to the String.lastIndexOf:(String;I) java function
-  // TODO: the specifications are only partial
   exprt add_axioms_for_last_index_of_string(
     const string_exprt &str,
     const string_exprt &substring,
@@ -221,7 +215,6 @@ class string_constraint_generatort
     const exprt &from_index);
 
   // Add axioms corresponding to the String.lastIndexOf java functions
-  // TODO: the specifications is only partial
   exprt add_axioms_for_last_index_of(const function_application_exprt &f);
 
   // TODO: the specifications of these functions is only partial

From 1eb3263f1b24f540eb7b28c504381e5bfc1c1e43 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Mon, 5 Jun 2017 19:27:43 +0100
Subject: [PATCH 256/699] Making comments about the output more precise

---
 .../refinement/string_constraint_generator_indexof.cpp      | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/solvers/refinement/string_constraint_generator_indexof.cpp b/src/solvers/refinement/string_constraint_generator_indexof.cpp
index f3f03db455a..799f15a3af5 100644
--- a/src/solvers/refinement/string_constraint_generator_indexof.cpp
+++ b/src/solvers/refinement/string_constraint_generator_indexof.cpp
@@ -83,7 +83,8 @@ Function: string_constraint_generatort::add_axioms_for_index_of_string
     substring - a string expression
     from_index - an expression representing an index in strings
 
- Outputs: a integer expression
+ Outputs: an integer expression representing the first index of needle in
+          haystack after from_index, or -1 if there is none
 
  Purpose: add axioms stating that the returned value is an index greater than
           from_index such that haystack at that index starts with needle and
@@ -200,7 +201,8 @@ Function: string_constraint_generatort::add_axioms_for_last_index_of_string
     substring - a string expression
     from_index - an expression representing an index in strings
 
- Outputs: a integer expression
+ Outputs: an integer expression representing the last index of needle in
+          haystack after from_index, or -1 if there is none
 
  Purpose: add axioms stating that the returned value is an index less than
           from_index such that str at that index starts with substring and is

From 68cdc6fd117f06467190dbba63dde6bba4cd4cb1 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Mon, 5 Jun 2017 19:29:38 +0100
Subject: [PATCH 257/699] Renaming str and substring to haystack and needle

---
 .../refinement/string_constraint_generator.h  |  4 +--
 .../string_constraint_generator_indexof.cpp   | 34 +++++++++----------
 2 files changed, 19 insertions(+), 19 deletions(-)

diff --git a/src/solvers/refinement/string_constraint_generator.h b/src/solvers/refinement/string_constraint_generator.h
index fd19ee1452f..94234b810de 100644
--- a/src/solvers/refinement/string_constraint_generator.h
+++ b/src/solvers/refinement/string_constraint_generator.h
@@ -204,8 +204,8 @@ class string_constraint_generatort
 
   // Add axioms corresponding to the String.lastIndexOf:(String;I) java function
   exprt add_axioms_for_last_index_of_string(
-    const string_exprt &str,
-    const string_exprt &substring,
+    const string_exprt &haystack,
+    const string_exprt &needle,
     const exprt &from_index);
 
   // Add axioms corresponding to the String.lastIndexOf:(CI) java function
diff --git a/src/solvers/refinement/string_constraint_generator_indexof.cpp b/src/solvers/refinement/string_constraint_generator_indexof.cpp
index 799f15a3af5..053f11f60a6 100644
--- a/src/solvers/refinement/string_constraint_generator_indexof.cpp
+++ b/src/solvers/refinement/string_constraint_generator_indexof.cpp
@@ -212,11 +212,11 @@ Function: string_constraint_generatort::add_axioms_for_last_index_of_string
 \*******************************************************************/
 
 exprt string_constraint_generatort::add_axioms_for_last_index_of_string(
-  const string_exprt &str,
-  const string_exprt &substring,
+  const string_exprt &haystack,
+  const string_exprt &needle,
   const exprt &from_index)
 {
-  const typet &index_type=str.length().type();
+  const typet &index_type=haystack.length().type();
   symbol_exprt offset=fresh_exist_index("index_of", index_type);
   symbol_exprt contains=fresh_boolean("contains_substring");
 
@@ -235,8 +235,8 @@ exprt string_constraint_generatort::add_axioms_for_last_index_of_string(
   implies_exprt a1(
     contains,
     and_exprt(
-      str.axiom_for_is_longer_than(
-        plus_exprt_with_overflow_check(substring.length(), offset)),
+      haystack.axiom_for_is_longer_than(
+        plus_exprt_with_overflow_check(needle.length(), offset)),
       binary_relation_exprt(offset, ID_le, from_index)));
   axioms.push_back(a1);
 
@@ -246,27 +246,27 @@ exprt string_constraint_generatort::add_axioms_for_last_index_of_string(
   axioms.push_back(a2);
 
   symbol_exprt qvar=fresh_univ_index("QA_index_of_string", index_type);
-  equal_exprt constr3(str[plus_exprt(qvar, offset)], substring[qvar]);
-  string_constraintt a3(qvar, substring.length(), contains, constr3);
+  equal_exprt constr3(haystack[plus_exprt(qvar, offset)], needle[qvar]);
+  string_constraintt a3(qvar, needle.length(), contains, constr3);
   axioms.push_back(a3);
 
   // end_index is min(from_index, |str| - |substring|)
-  minus_exprt length_diff(str.length(), substring.length());
+  minus_exprt length_diff(haystack.length(), needle.length());
   if_exprt end_index(
     binary_relation_exprt(from_index, ID_le, length_diff),
     from_index,
     length_diff);
 
-  if(!is_constant_string(substring))
+  if(!is_constant_string(needle))
   {
     string_not_contains_constraintt a4(
       plus_exprt(offset, from_integer(1, index_type)),
       from_index,
       plus_exprt(end_index, from_integer(1, index_type)),
       from_integer(0, index_type),
-      substring.length(),
-      str,
-      substring);
+      needle.length(),
+      haystack,
+      needle);
     axioms.push_back(a4);
 
     string_not_contains_constraintt a5(
@@ -274,9 +274,9 @@ exprt string_constraint_generatort::add_axioms_for_last_index_of_string(
       plus_exprt(end_index, from_integer(1, index_type)),
       not_exprt(contains),
       from_integer(0, index_type),
-      substring.length(),
-      str,
-      substring);
+      needle.length(),
+      haystack,
+      needle);
     axioms.push_back(a5);
   }
   else
@@ -289,14 +289,14 @@ exprt string_constraint_generatort::add_axioms_for_last_index_of_string(
     //       str[n+|substring|-1]!=substring[|substring|-1]
     symbol_exprt qvar2=fresh_univ_index("QA_index_of_string_2", index_type);
     mp_integer sub_length;
-    assert(!to_integer(substring.length(), sub_length));
+    assert(!to_integer(needle.length(), sub_length));
     exprt::operandst disjuncts;
     for(mp_integer offset=0; offset<sub_length; ++offset)
     {
       exprt expr_offset=from_integer(offset, index_type);
       plus_exprt shifted(expr_offset, qvar2);
       disjuncts.push_back(
-        not_exprt(equal_exprt(str[shifted], substring[expr_offset])));
+        not_exprt(equal_exprt(haystack[shifted], needle[expr_offset])));
     }
 
     or_exprt premise(

From 2d16c2cf96e916c34397b0b64eca72a037acfaca Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Mon, 5 Jun 2017 19:33:12 +0100
Subject: [PATCH 258/699] Correct comments and axioms in lastIndexOf

This new version should be clearer and the added axioms match the
comments.
---
 .../refinement/string_constraint_generator_indexof.cpp      | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/solvers/refinement/string_constraint_generator_indexof.cpp b/src/solvers/refinement/string_constraint_generator_indexof.cpp
index 053f11f60a6..4e2914c003f 100644
--- a/src/solvers/refinement/string_constraint_generator_indexof.cpp
+++ b/src/solvers/refinement/string_constraint_generator_indexof.cpp
@@ -221,7 +221,7 @@ exprt string_constraint_generatort::add_axioms_for_last_index_of_string(
   symbol_exprt contains=fresh_boolean("contains_substring");
 
   // We add axioms:
-  // a1 : contains => |substring| >= length && offset <= from_index
+  // a1 : contains => offset <= from_index && offset <= |haystack| - |needle|
   // a2 : !contains <=> offset=-1
   // a3 : forall n:[0, substring.length[,
   //        contains => str[n+offset]=substring[n]
@@ -235,8 +235,8 @@ exprt string_constraint_generatort::add_axioms_for_last_index_of_string(
   implies_exprt a1(
     contains,
     and_exprt(
-      haystack.axiom_for_is_longer_than(
-        plus_exprt_with_overflow_check(needle.length(), offset)),
+      binary_relation_exprt(
+        offset, ID_le, minus_exprt(haystack.length(), needle.length())),
       binary_relation_exprt(offset, ID_le, from_index)));
   axioms.push_back(a1);
 

From f3f5a19b225eec8ee9bd7a50291bca83a5176f98 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Mon, 5 Jun 2017 19:37:48 +0100
Subject: [PATCH 259/699] Replacing str and substring by haystack and needle in
 the comments

This is to match the names of the variables.
---
 .../string_constraint_generator_indexof.cpp   | 34 +++++++++----------
 1 file changed, 17 insertions(+), 17 deletions(-)

diff --git a/src/solvers/refinement/string_constraint_generator_indexof.cpp b/src/solvers/refinement/string_constraint_generator_indexof.cpp
index 4e2914c003f..4449f7cafc6 100644
--- a/src/solvers/refinement/string_constraint_generator_indexof.cpp
+++ b/src/solvers/refinement/string_constraint_generator_indexof.cpp
@@ -103,14 +103,14 @@ exprt string_constraint_generatort::add_axioms_for_index_of_string(
   symbol_exprt contains=fresh_boolean("contains_substring");
 
   // We add axioms:
-  // a1 : contains => from_index <= offset <= |str|-|substring|
+  // a1 : contains => from_index <= offset <= |haystack|-|needle|
   // a2 : !contains <=> offset=-1
   // a3 : forall n:[0,|substring|[.
-  //        contains => str[n+offset]=substring[n]
+  //        contains => haystack[n+offset]=needle[n]
   // a4 : forall n:[from_index,offset[.
-  //        contains => (exists m:[0,|substring|[. str[m+n]!=substring[m]])
-  // a5:  forall n:[from_index,|str|-|substring|[.
-  //        !contains => (exists m:[0,|substring|[. str[m+n]!=substring[m])
+  //        contains => (exists m:[0,|needle|[. haystack[m+n]!=needle[m]])
+  // a5:  forall n:[from_index,|haystack|-|needle|[.
+  //        !contains => (exists m:[0,|needle|[. haystack[m+n]!=needle[m])
 
   implies_exprt a1(
     contains,
@@ -161,10 +161,10 @@ exprt string_constraint_generatort::add_axioms_for_index_of_string(
   {
     // Unfold the existential quantifier as a disjunction in case of a constant
     // a4 && a5 <=> a6:
-    //  forall n:[from_index,|str|-|substring|].
+    //  forall n:[from_index,|haystack|-|needle|].
     //    !contains || n < offset =>
-    //       str[n]!=substring[0] || ... ||
-    //       str[n+|substring|-1]!=substring[|substring|-1]
+    //       haystack[n]!=needle[0] || ... ||
+    //       haystack[n+|needle|-1]!=needle[|needle|-1]
     symbol_exprt qvar2=fresh_univ_index("QA_index_of_string_2", index_type);
     mp_integer sub_length;
     assert(!to_integer(needle.length(), sub_length));
@@ -223,14 +223,14 @@ exprt string_constraint_generatort::add_axioms_for_last_index_of_string(
   // We add axioms:
   // a1 : contains => offset <= from_index && offset <= |haystack| - |needle|
   // a2 : !contains <=> offset=-1
-  // a3 : forall n:[0, substring.length[,
-  //        contains => str[n+offset]=substring[n]
-  // a4 : forall n:[offset+1, min(from_index, |str| - |substring|)].
+  // a3 : forall n:[0, needle.length[,
+  //        contains => haystack[n+offset]=needle[n]
+  // a4 : forall n:[offset+1, min(from_index, |haystack| - |needle|)].
   //        contains =>
-  //          (exists m:[0,|substring|[. str[m+n]!=substring[m]])
-  // a5:  forall n:[0, min(from_index, |str| - |substring|)].
+  //          (exists m:[0,|substring|[. haystack[m+n]!=needle[m]])
+  // a5:  forall n:[0, min(from_index, |haystack| - |needle|)].
   //        !contains =>
-  //          (exists m:[0,|substring|[. str[m+n]!=substring[m])
+  //          (exists m:[0,|substring|[. haystack[m+n]!=needle[m])
 
   implies_exprt a1(
     contains,
@@ -283,10 +283,10 @@ exprt string_constraint_generatort::add_axioms_for_last_index_of_string(
   {
     // Unfold the existential quantifier as a disjunction in case of a constant
     // a4 && a5 <=> a6:
-    //  forall n:[0, min(from_index,|str|-|substring|)].
+    //  forall n:[0, min(from_index,|haystack|-|needle|)].
     //    !contains || n > offset =>
-    //       str[n]!=substring[0] || ... ||
-    //       str[n+|substring|-1]!=substring[|substring|-1]
+    //       haystack[n]!=needle[0] || ... ||
+    //       haystack[n+|substring|-1]!=needle[|substring|-1]
     symbol_exprt qvar2=fresh_univ_index("QA_index_of_string_2", index_type);
     mp_integer sub_length;
     assert(!to_integer(needle.length(), sub_length));

From eb9a7897479147e63035ddf9ebe962e1b931ef2f Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Wed, 12 Apr 2017 16:32:20 +0100
Subject: [PATCH 260/699] Correcting addition of symbol to symbol map

There was a mistake that could cause looping over symbols in the map
that don't actually need to be modified and could greatly slow down
the analysis.

Correction after review from Peter Schrammel:
Use const reference for symbols_to_update_wit_new_rhs
---
 src/solvers/refinement/string_refinement.cpp | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/solvers/refinement/string_refinement.cpp b/src/solvers/refinement/string_refinement.cpp
index 7adc902070d..3c28e6f8fa3 100644
--- a/src/solvers/refinement/string_refinement.cpp
+++ b/src/solvers/refinement/string_refinement.cpp
@@ -187,7 +187,8 @@ void string_refinementt::add_symbol_to_symbol_map(
   symbol_resolve[lhs]=new_rhs;
   reverse_symbol_resolve[new_rhs].push_back(lhs);
 
-  std::list<exprt> symbols_to_update_with_new_rhs(reverse_symbol_resolve[rhs]);
+  const std::list<exprt> &symbols_to_update_with_new_rhs(
+    reverse_symbol_resolve[lhs]);
   for(exprt item : symbols_to_update_with_new_rhs)
   {
     symbol_resolve[item]=new_rhs;

From a4ab7db7b09b0b498731fd7a4577a892993f8a67 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Tue, 6 Jun 2017 09:37:18 +0100
Subject: [PATCH 261/699] Updating comments for functions adding axioms for
 index_of

---
 .../string_constraint_generator_indexof.cpp   | 37 +++++++++----------
 1 file changed, 18 insertions(+), 19 deletions(-)

diff --git a/src/solvers/refinement/string_constraint_generator_indexof.cpp b/src/solvers/refinement/string_constraint_generator_indexof.cpp
index 4449f7cafc6..1676699086a 100644
--- a/src/solvers/refinement/string_constraint_generator_indexof.cpp
+++ b/src/solvers/refinement/string_constraint_generator_indexof.cpp
@@ -20,10 +20,9 @@ Function: string_constraint_generatort::add_axioms_for_index_of
 
  Outputs: a integer expression
 
- Purpose: add axioms stating that the returned value is either:
-          -1 if the string does not contain c
-          an index greater than from_index such that the character of str at
-          that position equals c and is the first occurence after from_index.
+ Purpose: Add axioms stating that the returned value is the index within
+          str of the first occurence of c starting the search at from_index,
+          or -1 if no such character occurs at or after position from_index.
 
 \*******************************************************************/
 
@@ -80,16 +79,16 @@ Function: string_constraint_generatort::add_axioms_for_index_of_string
 
   Inputs:
     haystack - a string expression
-    substring - a string expression
+    needle - a string expression
     from_index - an expression representing an index in strings
 
  Outputs: an integer expression representing the first index of needle in
           haystack after from_index, or -1 if there is none
 
- Purpose: add axioms stating that the returned value is an index greater than
-          from_index such that haystack at that index starts with needle and
-          is the first occurence of needle in haystack after from_index,
-          or returned value is -1 if haystack does not contain needle.
+ Purpose: Add axioms stating that the returned value is the index within
+          haystack of the first occurence of needle starting the search at
+          from_index, or -1 if needle does not occur at or after position
+          from_index.
 
 \*******************************************************************/
 
@@ -197,17 +196,17 @@ exprt string_constraint_generatort::add_axioms_for_index_of_string(
 Function: string_constraint_generatort::add_axioms_for_last_index_of_string
 
   Inputs:
-    str - a string expression
-    substring - a string expression
+    haystack - a string expression
+    needle - a string expression
     from_index - an expression representing an index in strings
 
  Outputs: an integer expression representing the last index of needle in
           haystack after from_index, or -1 if there is none
 
- Purpose: add axioms stating that the returned value is an index less than
-          from_index such that str at that index starts with substring and is
-          the last occurence of substring in str before from_index,
-          or the returned value is -1 if str does not contain substring.
+ Purpose: Add axioms stating that the returned value is the index within
+          haystack of the last occurence of needle starting the search
+          backward at from_index (ie the index is smaller or equal to
+          from_index), or -1 if needle does not occur before from_index.
 
 \*******************************************************************/
 
@@ -368,10 +367,10 @@ Function: string_constraint_generatort::add_axioms_for_last_index_of
 
  Outputs: a integer expression
 
- Purpose: add axioms stating that the returned value is either:
-          -1 if the string does not contain c
-          an index less than from_index such that the character of str at
-          that position equals c and is the last occurence before from_index.
+ Purpose: Add axioms stating that the returned value is the index within
+          str of the last occurence of c starting the search backward at
+          from_index, or -1 if no such character occurs at or before
+          position from_index.
 
 \*******************************************************************/
 

From 0dcb773413f26521f89f59117e414531f77947f4 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Thu, 1 Jun 2017 10:31:46 +0100
Subject: [PATCH 262/699] Change the step at which we replace String methods
 code

We now do this at the end of the bytecode conversion, in function
java_bytecode_languaget::final instead of the middle of the
conversion.
---
 src/java_bytecode/java_bytecode_language.cpp | 33 ++++++++++++++++++++
 src/java_bytecode/java_bytecode_language.h   |  2 ++
 2 files changed, 35 insertions(+)

diff --git a/src/java_bytecode/java_bytecode_language.cpp b/src/java_bytecode/java_bytecode_language.cpp
index 404ffc95c69..12c59e9d938 100644
--- a/src/java_bytecode/java_bytecode_language.cpp
+++ b/src/java_bytecode/java_bytecode_language.cpp
@@ -799,6 +799,36 @@ void java_bytecode_languaget::convert_lazy_method(
 
 /*******************************************************************\
 
+Function: java_bytecode_languaget::replace_string_methods
+
+  Inputs:
+    context - a symbol table
+
+ Purpose: Replace methods of the String library that are in the symbol table
+          by code generated by string_preprocess.
+
+\*******************************************************************/
+
+void java_bytecode_languaget::replace_string_methods(
+  symbol_tablet &context)
+{
+  for(auto &id_symbol_pair : context.symbols)
+  {
+    const irep_idt &id=id_symbol_pair.first;
+    symbolt &symbol=id_symbol_pair.second;
+    if(symbol.type.id()==ID_code)
+    {
+      exprt generated_code=string_preprocess.code_for_function(
+         id, to_code_type(symbol.type), symbol.location, context);
+      if(generated_code.is_not_nil())
+        // Replace body of the function by code generated by string preprocess
+        symbol.value=generated_code;
+    }
+  }
+}
+
+/*******************************************************************\
+
 Function: java_bytecode_languaget::final
 
   Inputs:
@@ -816,6 +846,9 @@ bool java_bytecode_languaget::final(symbol_tablet &symbol_table)
   */
   java_internal_additions(symbol_table);
 
+  // Replace code of String methods calls by code we generate
+  replace_string_methods(symbol_table);
+
   main_function_resultt res=
     get_main_symbol(symbol_table, main_class, get_message_handler());
   if(res.stop_convert)
diff --git a/src/java_bytecode/java_bytecode_language.h b/src/java_bytecode/java_bytecode_language.h
index 929cc354518..8fbf96b06e5 100644
--- a/src/java_bytecode/java_bytecode_language.h
+++ b/src/java_bytecode/java_bytecode_language.h
@@ -49,6 +49,8 @@ class java_bytecode_languaget:public languaget
     symbol_tablet &context,
     const std::string &module) override;
 
+  void replace_string_methods(symbol_tablet &context);
+
   virtual bool final(
     symbol_tablet &context) override;
 

From ca32a0a1d1045c9d344d7e4f4ef1353d62ee9052 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Thu, 1 Jun 2017 15:23:41 +0100
Subject: [PATCH 263/699] Removing string conversion from method conversion

---
 src/java_bytecode/java_bytecode_convert_method.cpp | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/src/java_bytecode/java_bytecode_convert_method.cpp b/src/java_bytecode/java_bytecode_convert_method.cpp
index e72ed43078a..2f9de7497ad 100644
--- a/src/java_bytecode/java_bytecode_convert_method.cpp
+++ b/src/java_bytecode/java_bytecode_convert_method.cpp
@@ -1550,17 +1550,11 @@ codet java_bytecode_convert_methodt::convert_instructions(
         symbol.type=arg0.type();
         symbol.value.make_nil();
         symbol.mode=ID_java;
-
         assign_parameter_names(
           to_code_type(symbol.type),
           symbol.name,
           symbol_table);
 
-        // The string refinement module may provide a definition for this
-        // function.
-        symbol.value=string_preprocess.code_for_function(
-          id, to_code_type(symbol.type), loc, symbol_table);
-
         symbol_table.add(symbol);
       }
 

From 1eb7d748e6de2145e65f5674ef3a2c349b5d53b7 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Tue, 6 Jun 2017 09:59:00 +0100
Subject: [PATCH 264/699] Uniformising mathematical notations in comments

Use spaces around comparison operators (=, <=, != etc...)
Use ==> to denote implication.
n:[lb, ub[ for interval between lb (inclusive) and ub (exclusive).
|str| for length of string str.
---
 .../string_constraint_generator_indexof.cpp   | 50 +++++++++----------
 1 file changed, 25 insertions(+), 25 deletions(-)

diff --git a/src/solvers/refinement/string_constraint_generator_indexof.cpp b/src/solvers/refinement/string_constraint_generator_indexof.cpp
index 1676699086a..3d8b1660451 100644
--- a/src/solvers/refinement/string_constraint_generator_indexof.cpp
+++ b/src/solvers/refinement/string_constraint_generator_indexof.cpp
@@ -34,11 +34,11 @@ exprt string_constraint_generatort::add_axioms_for_index_of(
   symbol_exprt contains=fresh_boolean("contains_in_index_of");
 
   // We add axioms:
-  // a1 : -1 <= index<|str|
+  // a1 : -1 <= index < |str|
   // a2 : !contains <=> index=-1
-  // a3 : contains => from_index<=index&&str[index]=c
-  // a4 : forall n, from_index<=n<index. contains => str[n]!=c
-  // a5 : forall m, from_index<=n<|str|. !contains => str[m]!=c
+  // a3 : contains ==> from_index <= index && str[index] = c
+  // a4 : forall n, n:[from_index,index[. contains ==> str[n] != c
+  // a5 : forall m, n:[from_index,|str|[. !contains ==> str[m] != c
 
   exprt minus1=from_integer(-1, index_type);
   and_exprt a1(
@@ -102,14 +102,14 @@ exprt string_constraint_generatort::add_axioms_for_index_of_string(
   symbol_exprt contains=fresh_boolean("contains_substring");
 
   // We add axioms:
-  // a1 : contains => from_index <= offset <= |haystack|-|needle|
+  // a1 : contains ==> from_index <= offset <= |haystack|-|needle|
   // a2 : !contains <=> offset=-1
   // a3 : forall n:[0,|substring|[.
-  //        contains => haystack[n+offset]=needle[n]
+  //        contains ==> haystack[n+offset]=needle[n]
   // a4 : forall n:[from_index,offset[.
-  //        contains => (exists m:[0,|needle|[. haystack[m+n]!=needle[m]])
+  //        contains ==> (exists m:[0,|needle|[. haystack[m+n] != needle[m]])
   // a5:  forall n:[from_index,|haystack|-|needle|[.
-  //        !contains => (exists m:[0,|needle|[. haystack[m+n]!=needle[m])
+  //        !contains ==> (exists m:[0,|needle|[. haystack[m+n] != needle[m])
 
   implies_exprt a1(
     contains,
@@ -161,9 +161,9 @@ exprt string_constraint_generatort::add_axioms_for_index_of_string(
     // Unfold the existential quantifier as a disjunction in case of a constant
     // a4 && a5 <=> a6:
     //  forall n:[from_index,|haystack|-|needle|].
-    //    !contains || n < offset =>
-    //       haystack[n]!=needle[0] || ... ||
-    //       haystack[n+|needle|-1]!=needle[|needle|-1]
+    //    !contains || n < offset ==>
+    //       haystack[n] != needle[0] || ... ||
+    //       haystack[n+|needle|-1] != needle[|needle|-1]
     symbol_exprt qvar2=fresh_univ_index("QA_index_of_string_2", index_type);
     mp_integer sub_length;
     assert(!to_integer(needle.length(), sub_length));
@@ -220,16 +220,16 @@ exprt string_constraint_generatort::add_axioms_for_last_index_of_string(
   symbol_exprt contains=fresh_boolean("contains_substring");
 
   // We add axioms:
-  // a1 : contains => offset <= from_index && offset <= |haystack| - |needle|
-  // a2 : !contains <=> offset=-1
+  // a1 : contains ==> offset <= from_index && offset <= |haystack| - |needle|
+  // a2 : !contains <=> offset = -1
   // a3 : forall n:[0, needle.length[,
-  //        contains => haystack[n+offset]=needle[n]
+  //        contains ==> haystack[n+offset] = needle[n]
   // a4 : forall n:[offset+1, min(from_index, |haystack| - |needle|)].
-  //        contains =>
-  //          (exists m:[0,|substring|[. haystack[m+n]!=needle[m]])
+  //        contains ==>
+  //          (exists m:[0,|substring|[. haystack[m+n] != needle[m]])
   // a5:  forall n:[0, min(from_index, |haystack| - |needle|)].
-  //        !contains =>
-  //          (exists m:[0,|substring|[. haystack[m+n]!=needle[m])
+  //        !contains ==>
+  //          (exists m:[0,|substring|[. haystack[m+n] != needle[m])
 
   implies_exprt a1(
     contains,
@@ -283,9 +283,9 @@ exprt string_constraint_generatort::add_axioms_for_last_index_of_string(
     // Unfold the existential quantifier as a disjunction in case of a constant
     // a4 && a5 <=> a6:
     //  forall n:[0, min(from_index,|haystack|-|needle|)].
-    //    !contains || n > offset =>
-    //       haystack[n]!=needle[0] || ... ||
-    //       haystack[n+|substring|-1]!=needle[|substring|-1]
+    //    !contains || n > offset ==>
+    //       haystack[n] != needle[0] || ... ||
+    //       haystack[n+|substring|-1] != needle[|substring|-1]
     symbol_exprt qvar2=fresh_univ_index("QA_index_of_string_2", index_type);
     mp_integer sub_length;
     assert(!to_integer(needle.length(), sub_length));
@@ -384,10 +384,10 @@ exprt string_constraint_generatort::add_axioms_for_last_index_of(
 
   // We add axioms:
   // a1 : -1 <= i <= from_index
-  // a2 : (i=-1 <=> !contains)
-  // a3 : (contains => i <= from_index &&s[i]=c)
-  // a4 : forall n. i+1 <= n < from_index +1 &&contains => s[n]!=c
-  // a5 : forall m. 0 <= m < from_index +1 &&!contains => s[m]!=c
+  // a2 : i = -1 <=> !contains
+  // a3 : contains ==> (i <= from_index && s[i] = c)
+  // a4 : forall n:[i+1, from_index+1[ && contains ==> s[n] != c
+  // a5 : forall m:[0, from_index+1[ && !contains ==> s[m] != c
 
   exprt index1=from_integer(1, index_type);
   exprt minus1=from_integer(-1, index_type);

From 069da51617bb5192891d99c5969aeca48e2ba963 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Tue, 6 Jun 2017 10:10:18 +0100
Subject: [PATCH 265/699] Typo in comment

---
 src/solvers/refinement/string_constraint_generator_indexof.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/solvers/refinement/string_constraint_generator_indexof.cpp b/src/solvers/refinement/string_constraint_generator_indexof.cpp
index 3d8b1660451..7e9622b1aec 100644
--- a/src/solvers/refinement/string_constraint_generator_indexof.cpp
+++ b/src/solvers/refinement/string_constraint_generator_indexof.cpp
@@ -134,7 +134,7 @@ exprt string_constraint_generatort::add_axioms_for_index_of_string(
 
   if(!is_constant_string(needle))
   {
-    // string_not contains_constraintt are formula of the form:
+    // string_not contains_constraintt are formulas of the form:
     // forall x in [lb,ub[. p(x) => exists y in [lb,ub[. s1[x+y] != s2[y]
     string_not_contains_constraintt a4(
       from_index,

From 7edfe0d2d756bacab5d3365d6c61a42ed355c709 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Tue, 6 Jun 2017 10:29:57 +0100
Subject: [PATCH 266/699] Typo in comment

---
 src/solvers/refinement/string_constraint_generator_indexof.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/solvers/refinement/string_constraint_generator_indexof.cpp b/src/solvers/refinement/string_constraint_generator_indexof.cpp
index 7e9622b1aec..3e952de588b 100644
--- a/src/solvers/refinement/string_constraint_generator_indexof.cpp
+++ b/src/solvers/refinement/string_constraint_generator_indexof.cpp
@@ -104,7 +104,7 @@ exprt string_constraint_generatort::add_axioms_for_index_of_string(
   // We add axioms:
   // a1 : contains ==> from_index <= offset <= |haystack|-|needle|
   // a2 : !contains <=> offset=-1
-  // a3 : forall n:[0,|substring|[.
+  // a3 : forall n:[0,|needle|[.
   //        contains ==> haystack[n+offset]=needle[n]
   // a4 : forall n:[from_index,offset[.
   //        contains ==> (exists m:[0,|needle|[. haystack[m+n] != needle[m]])

From 3e9668a71e5e9a3ddd1043b6a9346df7146c2f64 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Tue, 6 Jun 2017 10:35:50 +0100
Subject: [PATCH 267/699] Correcting a mistake, universal variable was used in
 non-quantified formula

---
 src/solvers/refinement/string_constraint_generator_indexof.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/solvers/refinement/string_constraint_generator_indexof.cpp b/src/solvers/refinement/string_constraint_generator_indexof.cpp
index 3e952de588b..e70a96f9a4d 100644
--- a/src/solvers/refinement/string_constraint_generator_indexof.cpp
+++ b/src/solvers/refinement/string_constraint_generator_indexof.cpp
@@ -177,7 +177,7 @@ exprt string_constraint_generatort::add_axioms_for_index_of_string(
     }
 
     or_exprt premise(
-      not_exprt(contains), binary_relation_exprt(qvar, ID_lt, offset));
+      not_exprt(contains), binary_relation_exprt(qvar2, ID_lt, offset));
     minus_exprt length_diff(haystack.length(), needle.length());
     string_constraintt a6(
       qvar2,

From b06476c47e5e521ef706883d808f5185758f7bb4 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Tue, 6 Jun 2017 10:39:59 +0100
Subject: [PATCH 268/699] Correcting indentation in the comments

---
 .../refinement/string_constraint_generator_indexof.cpp    | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/solvers/refinement/string_constraint_generator_indexof.cpp b/src/solvers/refinement/string_constraint_generator_indexof.cpp
index e70a96f9a4d..5ae9d2c66b6 100644
--- a/src/solvers/refinement/string_constraint_generator_indexof.cpp
+++ b/src/solvers/refinement/string_constraint_generator_indexof.cpp
@@ -162,8 +162,8 @@ exprt string_constraint_generatort::add_axioms_for_index_of_string(
     // a4 && a5 <=> a6:
     //  forall n:[from_index,|haystack|-|needle|].
     //    !contains || n < offset ==>
-    //       haystack[n] != needle[0] || ... ||
-    //       haystack[n+|needle|-1] != needle[|needle|-1]
+    //      haystack[n] != needle[0] || ... ||
+    //      haystack[n+|needle|-1] != needle[|needle|-1]
     symbol_exprt qvar2=fresh_univ_index("QA_index_of_string_2", index_type);
     mp_integer sub_length;
     assert(!to_integer(needle.length(), sub_length));
@@ -284,8 +284,8 @@ exprt string_constraint_generatort::add_axioms_for_last_index_of_string(
     // a4 && a5 <=> a6:
     //  forall n:[0, min(from_index,|haystack|-|needle|)].
     //    !contains || n > offset ==>
-    //       haystack[n] != needle[0] || ... ||
-    //       haystack[n+|substring|-1] != needle[|substring|-1]
+    //      haystack[n] != needle[0] || ... ||
+    //      haystack[n+|substring|-1] != needle[|substring|-1]
     symbol_exprt qvar2=fresh_univ_index("QA_index_of_string_2", index_type);
     mp_integer sub_length;
     assert(!to_integer(needle.length(), sub_length));

From af98378f845ab196b4a02c62c9cda4827ce8638e Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Tue, 6 Jun 2017 12:34:52 +0100
Subject: [PATCH 269/699] Correcting misuse of univ variable qvar instead of
 qvar2

---
 src/solvers/refinement/string_constraint_generator_indexof.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/solvers/refinement/string_constraint_generator_indexof.cpp b/src/solvers/refinement/string_constraint_generator_indexof.cpp
index 5ae9d2c66b6..11bc7176451 100644
--- a/src/solvers/refinement/string_constraint_generator_indexof.cpp
+++ b/src/solvers/refinement/string_constraint_generator_indexof.cpp
@@ -299,7 +299,7 @@ exprt string_constraint_generatort::add_axioms_for_last_index_of_string(
     }
 
     or_exprt premise(
-      not_exprt(contains), binary_relation_exprt(qvar, ID_gt, offset));
+      not_exprt(contains), binary_relation_exprt(qvar2, ID_gt, offset));
     string_constraintt a6(
       qvar2,
       from_index,

From 80dff96f90934cdf48a2163a80c9f3a290328f91 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Tue, 6 Jun 2017 12:40:37 +0100
Subject: [PATCH 270/699] Correcting lower bound in axiom added for
 last_index_of

---
 .../refinement/string_constraint_generator_indexof.cpp        | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/solvers/refinement/string_constraint_generator_indexof.cpp b/src/solvers/refinement/string_constraint_generator_indexof.cpp
index 11bc7176451..8da9d0b557e 100644
--- a/src/solvers/refinement/string_constraint_generator_indexof.cpp
+++ b/src/solvers/refinement/string_constraint_generator_indexof.cpp
@@ -285,7 +285,7 @@ exprt string_constraint_generatort::add_axioms_for_last_index_of_string(
     //  forall n:[0, min(from_index,|haystack|-|needle|)].
     //    !contains || n > offset ==>
     //      haystack[n] != needle[0] || ... ||
-    //      haystack[n+|substring|-1] != needle[|substring|-1]
+    //      haystack[n+|needle|-1] != needle[|needle|-1]
     symbol_exprt qvar2=fresh_univ_index("QA_index_of_string_2", index_type);
     mp_integer sub_length;
     assert(!to_integer(needle.length(), sub_length));
@@ -302,7 +302,7 @@ exprt string_constraint_generatort::add_axioms_for_last_index_of_string(
       not_exprt(contains), binary_relation_exprt(qvar2, ID_gt, offset));
     string_constraintt a6(
       qvar2,
-      from_index,
+      from_integer(0, index_type),
       plus_exprt(from_integer(1, index_type), end_index),
       premise,
       disjunction(disjuncts));

From d4a9b2a5b8b5ed8195b03f720c30b6b5439b8093 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Tue, 6 Jun 2017 12:45:06 +0100
Subject: [PATCH 271/699] More comments on the output of last_index_of
 functions

---
 .../refinement/string_constraint_generator_indexof.cpp       | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/solvers/refinement/string_constraint_generator_indexof.cpp b/src/solvers/refinement/string_constraint_generator_indexof.cpp
index 8da9d0b557e..26060383558 100644
--- a/src/solvers/refinement/string_constraint_generator_indexof.cpp
+++ b/src/solvers/refinement/string_constraint_generator_indexof.cpp
@@ -201,7 +201,7 @@ Function: string_constraint_generatort::add_axioms_for_last_index_of_string
     from_index - an expression representing an index in strings
 
  Outputs: an integer expression representing the last index of needle in
-          haystack after from_index, or -1 if there is none
+          haystack before or at from_index, or -1 if there is none
 
  Purpose: Add axioms stating that the returned value is the index within
           haystack of the last occurence of needle starting the search
@@ -365,7 +365,8 @@ Function: string_constraint_generatort::add_axioms_for_last_index_of
     c - an expression representing a character
     from_index - an expression representing an index in the string
 
- Outputs: a integer expression
+ Outputs: an integer expression representing the last index of c in
+          str before or at from_index, or -1 if there is none
 
  Purpose: Add axioms stating that the returned value is the index within
           str of the last occurence of c starting the search backward at

From 94f99b5d54d37e3cd680f72d245bb13d23882f07 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Tue, 6 Jun 2017 12:56:49 +0100
Subject: [PATCH 272/699] Adding forgotten precondition in not_contains
 constraint

---
 src/solvers/refinement/string_constraint_generator_indexof.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/solvers/refinement/string_constraint_generator_indexof.cpp b/src/solvers/refinement/string_constraint_generator_indexof.cpp
index 26060383558..9386639e594 100644
--- a/src/solvers/refinement/string_constraint_generator_indexof.cpp
+++ b/src/solvers/refinement/string_constraint_generator_indexof.cpp
@@ -260,8 +260,8 @@ exprt string_constraint_generatort::add_axioms_for_last_index_of_string(
   {
     string_not_contains_constraintt a4(
       plus_exprt(offset, from_integer(1, index_type)),
-      from_index,
       plus_exprt(end_index, from_integer(1, index_type)),
+      contains,
       from_integer(0, index_type),
       needle.length(),
       haystack,

From dcf7614d4684b09ec63a9a76c638e56060e1d6d4 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Tue, 6 Jun 2017 14:54:10 +0100
Subject: [PATCH 273/699] Correcting replace_string_methods to not overwrite
 the map we iterate on

The previous implementation was writing in the map while iterating on
it which could cause some bugs. The new implementation does this in
two steps to avoid the problem.
---
 src/java_bytecode/java_bytecode_language.cpp | 25 +++++++++++++-------
 1 file changed, 16 insertions(+), 9 deletions(-)

diff --git a/src/java_bytecode/java_bytecode_language.cpp b/src/java_bytecode/java_bytecode_language.cpp
index 12c59e9d938..c38b8d735fa 100644
--- a/src/java_bytecode/java_bytecode_language.cpp
+++ b/src/java_bytecode/java_bytecode_language.cpp
@@ -812,17 +812,24 @@ Function: java_bytecode_languaget::replace_string_methods
 void java_bytecode_languaget::replace_string_methods(
   symbol_tablet &context)
 {
-  for(auto &id_symbol_pair : context.symbols)
+  // Symbols that have code type are potentialy to be replaced
+  std::list<symbolt> code_symbols;
+  forall_symbols(symbol, context.symbols)
   {
-    const irep_idt &id=id_symbol_pair.first;
-    symbolt &symbol=id_symbol_pair.second;
-    if(symbol.type.id()==ID_code)
+    if(symbol->second.type.id()==ID_code)
+      code_symbols.push_back(symbol->second);
+  }
+
+  for(const auto &symbol : code_symbols)
+  {
+    const irep_idt &id=symbol.name;
+    exprt generated_code=string_preprocess.code_for_function(
+      id, to_code_type(symbol.type), symbol.location, context);
+    if(generated_code.is_not_nil())
     {
-      exprt generated_code=string_preprocess.code_for_function(
-         id, to_code_type(symbol.type), symbol.location, context);
-      if(generated_code.is_not_nil())
-        // Replace body of the function by code generated by string preprocess
-        symbol.value=generated_code;
+      // Replace body of the function by code generated by string preprocess
+      symbolt &symbol=context.lookup(id);
+      symbol.value=generated_code;
     }
   }
 }

From 65f2e36965e310f6e8adbe0b8c7bfa700a740113 Mon Sep 17 00:00:00 2001
From: Joel Allred <joel.allred@diffblue.com>
Date: Wed, 24 May 2017 18:05:54 +0100
Subject: [PATCH 274/699] Overwrite String type

String classes that are present in a loaded model will generate a type
that may be different from the internal type constructed for Java
strings in cbmc. Thus we now create a String type and write it in the
table, possibly overwriting a pre-existing Java string type.
---
 src/java_bytecode/java_bytecode_convert_class.cpp    | 9 +++++----
 src/java_bytecode/java_string_library_preprocess.cpp | 5 ++++-
 2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/src/java_bytecode/java_bytecode_convert_class.cpp b/src/java_bytecode/java_bytecode_convert_class.cpp
index b16e3a74f87..c92c016bd02 100644
--- a/src/java_bytecode/java_bytecode_convert_class.cpp
+++ b/src/java_bytecode/java_bytecode_convert_class.cpp
@@ -45,13 +45,14 @@ class java_bytecode_convert_classt:public messaget
   {
     add_array_types();
 
-    if(parse_tree.loading_successful)
+    bool loading_success=parse_tree.loading_successful;
+    if(loading_success)
       convert(parse_tree.parsed_class);
-    else if(string_preprocess.is_known_string_type(
-              parse_tree.parsed_class.name))
+
+    if(string_preprocess.is_known_string_type(parse_tree.parsed_class.name))
       string_preprocess.add_string_type(
         parse_tree.parsed_class.name, symbol_table);
-    else
+    else if(!loading_success)
       generate_class_stub(parse_tree.parsed_class.name);
   }
 
diff --git a/src/java_bytecode/java_string_library_preprocess.cpp b/src/java_bytecode/java_string_library_preprocess.cpp
index 34e5f84bfd7..199d472ea0e 100644
--- a/src/java_bytecode/java_string_library_preprocess.cpp
+++ b/src/java_bytecode/java_string_library_preprocess.cpp
@@ -319,7 +319,10 @@ void java_string_library_preprocesst::add_string_type(
   string_symbol.type=string_type;
   string_symbol.is_type=true;
 
-  symbol_table.add(string_symbol);
+  // Overwrite any pre-existing symbol in the table, e.g. created by
+  // a loaded model.
+  symbol_table.remove(string_symbol.name);
+  assert(!symbol_table.add(string_symbol));
 }
 
 /*******************************************************************\

From cf5b5d3747a5f790e9a0fb75ea9a995a21d8a77d Mon Sep 17 00:00:00 2001
From: Joel Allred <joel.allred@diffblue.com>
Date: Tue, 6 Jun 2017 17:33:05 +0100
Subject: [PATCH 275/699] Update regressions tests for indexOf and lastIndexOf

---
 .../java_index_of/test.desc                    |   3 +--
 .../java_index_of/test_index_of.class          | Bin 631 -> 690 bytes
 .../java_index_of/test_index_of.java           |  17 ++++++++++-------
 .../java_last_index_of/test.desc               |   8 ++++----
 .../test_last_index_of.class                   | Bin 647 -> 671 bytes
 .../java_last_index_of/test_last_index_of.java |  15 ++++++++-------
 6 files changed, 23 insertions(+), 20 deletions(-)

diff --git a/regression/strings-smoke-tests/java_index_of/test.desc b/regression/strings-smoke-tests/java_index_of/test.desc
index 6033af25d1b..e0e7de66561 100644
--- a/regression/strings-smoke-tests/java_index_of/test.desc
+++ b/regression/strings-smoke-tests/java_index_of/test.desc
@@ -1,8 +1,7 @@
-KNOWNBUG
+CORE
 test_index_of.class
 --refine-strings
 ^EXIT=0$
 ^SIGNAL=0$
 ^VERIFICATION SUCCESSFUL$
 --
-Issue: cbmc/test-gen#77
diff --git a/regression/strings-smoke-tests/java_index_of/test_index_of.class b/regression/strings-smoke-tests/java_index_of/test_index_of.class
index 1acb3335d57d4664c88fb229efaf15666076d900..8a989bdc95c15947a16aef455041837610fc8abd 100644
GIT binary patch
delta 407
zcmYk1&n^Q|6vlt|&fK{((?L7csz0TwMF){c*=bng0mKTgA?Xv4G<MxsTDOumAz|+c
zyonvojA-QEeCOQnd^z8DKi#3(fB$-Z1==JbIVwK$J_|mJAxl&P0+uZ+A(o1z7P3m+
zvew(XP>tT*Zf%+wg>!s$t<V`<URfFuP1YkKrg|Sc-bTbGt^1t1=>}o}Dql%w(m5z(
zg<xJ@RjEp<Nyex_Dx@IjWu%fQ@kDxy#>lJ_>yy|yjoq_kYlP_}+kyw~5U)?Z>OPQr
z!Jd!t-%_eeq2%g+WNM-_lRCciMiO~)teE*?7EmUnC8-Z3aZwZ{^tTYkGW&a#Brb}$
mG|AS^@<JgFMudH=`-tm2;SHJ-yT3oBD-Ak2N`GF?#&bXYvMS~P

delta 347
zcmYL^OHRWu5QaY|aqOf9(iGZ4Tl(OsB7}s>5((CD0btjjfISjth}d<*k~OW=N+7|W
zQ*aA*6_ZF5*_yG(|9rn^qJM(Zuf^L3FyJsIre>*IHe<GEL|B@JR!m6EupQH;W9VjQ
zcdD0VCyf<W75?RLr0|9#L(j3puA_v@zK_E_$36#774`6F1q~{x=WlZIQAoGMHMzAU
zE6KV)N4@4k5{Y3^R78}Q(px-fhED2TrT%sQXhv{8L61qA!84_I!kanfGpBe3rHbZW
z*wPltGU9J#kcd<y4z-|dsK{1QUtbyx3Uer@c1ASD1TO^s6#Y;B`(F;yc<v&fVxusw
F{sR4tA?g4C

diff --git a/regression/strings-smoke-tests/java_index_of/test_index_of.java b/regression/strings-smoke-tests/java_index_of/test_index_of.java
index 270267196c5..3568dab9696 100644
--- a/regression/strings-smoke-tests/java_index_of/test_index_of.java
+++ b/regression/strings-smoke-tests/java_index_of/test_index_of.java
@@ -1,10 +1,13 @@
 public class test_index_of
 {
-   public static void main(/*String[] argv*/)
-   {
-      String s = "Abc";
-      String bc = "bc";
-      int i = s.indexOf(bc);
-      assert(i == 1);
-   }
+    public static void main(/*String[] argv*/)
+    {
+        String s = "Abc";
+        String bc = "bc";
+        String ab = "ab";
+        int i = s.indexOf(bc);
+        int j = s.indexOf(ab);
+        assert(i == 1);
+        assert(j == -1);
+    }
 }
diff --git a/regression/strings-smoke-tests/java_last_index_of/test.desc b/regression/strings-smoke-tests/java_last_index_of/test.desc
index 5ee1604e846..381078254cd 100644
--- a/regression/strings-smoke-tests/java_last_index_of/test.desc
+++ b/regression/strings-smoke-tests/java_last_index_of/test.desc
@@ -1,8 +1,8 @@
-KNOWNBUG
+CORE
 test_last_index_of.class
 --refine-strings
-^EXIT=0$
+^EXIT=10$
 ^SIGNAL=0$
-^VERIFICATION SUCCESSFUL$
+^\[.*assertion.1\].* line 8.* SUCCESS$
+^\[.*assertion.2\].* line 9.* FAILURE$
 --
-Issue: diffblue/test-gen#77
diff --git a/regression/strings-smoke-tests/java_last_index_of/test_last_index_of.class b/regression/strings-smoke-tests/java_last_index_of/test_last_index_of.class
index 4455da4d17990ad4ba7072f2330d39bebd49531c..26f5ec3a7c3c8bf37de19628b3e62341f18bc2e4 100644
GIT binary patch
delta 101
zcmZo?ozJ@A0V8J-0}}%?0|SHc<d=-{-kTU$XE6xKu*_%R-p#-kxt)Q1|3;uB6N3Pd
wlwx25lB_`GY(U7)z{9}7AkV<bV8p=1AOw`*WnlWpAkWSq3`C4VldYM20Fo*WH2?qr

delta 71
zcmbQw+RnP+0V8J=0}}%?0|SG?<d=-{lckxsG{qQLfqYh=C>s#6Gw?8QFvv4-G6(@h
Uc^DY~G03ws2m=x0<X|Qr0D@)+-~a#s

diff --git a/regression/strings-smoke-tests/java_last_index_of/test_last_index_of.java b/regression/strings-smoke-tests/java_last_index_of/test_last_index_of.java
index 8b3a0904d5b..59b9f5ab36d 100644
--- a/regression/strings-smoke-tests/java_last_index_of/test_last_index_of.java
+++ b/regression/strings-smoke-tests/java_last_index_of/test_last_index_of.java
@@ -1,10 +1,11 @@
 public class test_last_index_of
 {
-   public static void main(/*String[] argv*/)
-   {
-      String s = "abcab";
-      String ab = "ab";
-      int i = s.lastIndexOf(ab);
-      assert(i == 3);
-   }
+    public static void main(/*String[] argv*/)
+    {
+        String s = "abcab";
+        String ab = "ab";
+        int i = s.lastIndexOf(ab);
+        assert(i == 3);
+        assert(i == 1);
+    }
 }

From 7dc5efa6f219ff198b4442db2230761d5d1fed5c Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Fri, 5 May 2017 16:11:11 +0100
Subject: [PATCH 276/699] Adding a mode option to json output
 diffblue/test-gen#294

This mode determines how types are reported in json.
For now ID_C and ID_java are supported.
The json traces no longer have a c_type field, it is replaced by a
type field which is adapted to the given mode.
---
 src/goto-programs/json_goto_trace.cpp | 15 +++--
 src/util/json_expr.cpp                | 93 ++++++++++++++++++---------
 src/util/json_expr.h                  |  7 +-
 3 files changed, 78 insertions(+), 37 deletions(-)

diff --git a/src/goto-programs/json_goto_trace.cpp b/src/goto-programs/json_goto_trace.cpp
index 20bd46bc7d7..460379bc0f0 100644
--- a/src/goto-programs/json_goto_trace.cpp
+++ b/src/goto-programs/json_goto_trace.cpp
@@ -100,9 +100,6 @@ void convert(
           full_lhs_value_string=from_expr(ns, identifier, it.full_lhs_value);
 #endif
 
-        if(step.full_lhs_value.is_not_nil())
-          full_lhs_value = json(step.full_lhs_value, ns);
-
         const symbolt *symbol;
         irep_idt base_name, display_name;
 
@@ -114,6 +111,13 @@ void convert(
             type_string=from_type(ns, identifier, symbol->type);
 
           json_assignment["mode"]=json_stringt(id2string(symbol->mode));
+          if(step.full_lhs_value.is_not_nil())
+            full_lhs_value=json(step.full_lhs_value, ns, symbol->mode);
+        }
+        else
+        {
+          if(step.full_lhs_value.is_not_nil())
+            full_lhs_value=json(step.full_lhs_value, ns);
         }
 
         json_assignment["value"]=full_lhs_value;
@@ -141,6 +145,9 @@ void convert(
         json_output["thread"]=json_numbert(std::to_string(step.thread_nr));
         json_output["outputID"]=json_stringt(id2string(step.io_id));
 
+        // Recovering the mode from the function
+        symbolt function_name=ns.lookup(source_location.get_function());
+        irep_idt mode=function_name.mode;
         json_arrayt &json_values=json_output["values"].make_array();
 
         for(const auto &arg : step.io_args)
@@ -148,7 +155,7 @@ void convert(
           if(arg.is_nil())
             json_values.push_back(json_stringt(""));
           else
-            json_values.push_back(json(arg, ns));
+            json_values.push_back(json(arg, ns, mode));
         }
 
         if(!json_location.is_null())
diff --git a/src/util/json_expr.cpp b/src/util/json_expr.cpp
index e66a73ae804..404b247565d 100644
--- a/src/util/json_expr.cpp
+++ b/src/util/json_expr.cpp
@@ -113,19 +113,26 @@ json_objectt json(const source_locationt &location)
 Function: json
 
   Inputs:
+    type - a type
+    ns - a namespace
+    mode - language in which the code was written;
+           for now ID_C and ID_java are supported
 
- Outputs:
+ Outputs: a json object
 
  Purpose:
+    Output a CBMC type in json.
+    The `mode` argument is used to correctly report types.
 
 \*******************************************************************/
 
 json_objectt json(
   const typet &type,
-  const namespacet &ns)
+  const namespacet &ns,
+  const irep_idt &mode)
 {
   if(type.id()==ID_symbol)
-    return json(ns.follow(type), ns);
+    return json(ns.follow(type), ns, mode);
 
   json_objectt result;
 
@@ -161,7 +168,7 @@ json_objectt json(
   else if(type.id()==ID_c_enum_tag)
   {
     // we return the base type
-    return json(ns.follow_tag(to_c_enum_tag_type(type)).subtype(), ns);
+    return json(ns.follow_tag(to_c_enum_tag_type(type)).subtype(), ns, mode);
   }
   else if(type.id()==ID_fixedbv)
   {
@@ -172,7 +179,7 @@ json_objectt json(
   else if(type.id()==ID_pointer)
   {
     result["name"]=json_stringt("pointer");
-    result["subtype"]=json(type.subtype(), ns);
+    result["subtype"]=json(type.subtype(), ns, mode);
   }
   else if(type.id()==ID_bool)
   {
@@ -181,13 +188,13 @@ json_objectt json(
   else if(type.id()==ID_array)
   {
     result["name"]=json_stringt("array");
-    result["subtype"]=json(type.subtype(), ns);
+    result["subtype"]=json(type.subtype(), ns, mode);
   }
   else if(type.id()==ID_vector)
   {
     result["name"]=json_stringt("vector");
-    result["subtype"]=json(type.subtype(), ns);
-    result["size"]=json(to_vector_type(type).size(), ns);
+    result["subtype"]=json(type.subtype(), ns, mode);
+    result["size"]=json(to_vector_type(type).size(), ns, mode);
   }
   else if(type.id()==ID_struct)
   {
@@ -199,7 +206,7 @@ json_objectt json(
     {
       json_objectt &e=members.push_back().make_object();
       e["name"]=json_stringt(id2string(component.get_name()));
-      e["type"]=json(component.type(), ns);
+      e["type"]=json(component.type(), ns, mode);
     }
   }
   else if(type.id()==ID_union)
@@ -212,7 +219,7 @@ json_objectt json(
     {
       json_objectt &e=members.push_back().make_object();
       e["name"]=json_stringt(id2string(component.get_name()));
-      e["type"]=json(component.type(), ns);
+      e["type"]=json(component.type(), ns, mode);
     }
   }
   else
@@ -226,16 +233,23 @@ json_objectt json(
 Function: json
 
   Inputs:
+    expr - an expression
+    ns - a namespace
+    mode - language in which the code was written;
+           for now ID_C and ID_java are supported
 
- Outputs:
+ Outputs: a json object
 
  Purpose:
+    Output a CBMC expression in json.
+    The mode is used to correctly report types.
 
 \*******************************************************************/
 
 json_objectt json(
   const exprt &expr,
-  const namespacet &ns)
+  const namespacet &ns,
+  const irep_idt &mode)
 {
   json_objectt result;
 
@@ -260,18 +274,35 @@ json_objectt json(
 
       bool is_signed=underlying_type.id()==ID_signedbv;
 
-      std::string sig=is_signed?"":"unsigned ";
-
-      if(width==config.ansi_c.char_width)
-        result["c_type"]=json_stringt(sig+"char");
-      else if(width==config.ansi_c.int_width)
-        result["c_type"]=json_stringt(sig+"int");
-      else if(width==config.ansi_c.short_int_width)
-        result["c_type"]=json_stringt(sig+"short int");
-      else if(width==config.ansi_c.long_int_width)
-        result["c_type"]=json_stringt(sig+"long int");
-      else if(width==config.ansi_c.long_long_int_width)
-        result["c_type"]=json_stringt(sig+"long long int");
+      if(mode==ID_C)
+      {
+        std::string sig=is_signed?"":"unsigned ";
+        if(width==config.ansi_c.char_width)
+          result["type"]=json_stringt(sig+"char");
+        else if(width==config.ansi_c.int_width)
+          result["type"]=json_stringt(sig+"int");
+        else if(width==config.ansi_c.short_int_width)
+          result["type"]=json_stringt(sig+"short int");
+        else if(width==config.ansi_c.long_int_width)
+          result["type"]=json_stringt(sig+"long int");
+        else if(width==config.ansi_c.long_long_int_width)
+          result["type"]=json_stringt(sig+"long long int");
+        else
+          assert(false && "unknown C type");
+      }
+      else if(mode==ID_java)
+      {
+        if(width==8 && is_signed)
+          result["type"]=json_stringt("byte");
+        else if(width==16 && is_signed)
+          result["type"]=json_stringt("short");
+        else if(width==16 && !is_signed)
+          result["type"]=json_stringt("char");
+        else if(width==32 && is_signed)
+          result["type"]=json_stringt("int");
+        else if(width==64 && is_signed)
+          result["type"]=json_stringt("long");
+      }
 
       mp_integer i;
       if(!to_integer(expr, i))
@@ -282,7 +313,7 @@ json_objectt json(
       result["name"]=json_stringt("integer");
       result["binary"]=json_stringt(id2string(constant_expr.get_value()));
       result["width"]=json_numbert(type.subtype().get_string(ID_width));
-      result["c_type"]=json_stringt("enum");
+      result["type"]=json_stringt("enum");
 
       mp_integer i;
       if(!to_integer(expr, i))
@@ -292,8 +323,8 @@ json_objectt json(
     {
       constant_exprt tmp;
       tmp.type()=ns.follow_tag(to_c_enum_tag_type(type));
-      tmp.set_value(constant_expr.get_value());
-      return json(tmp, ns);
+      tmp.set_value(to_constant_expr(expr).get_value());
+      return json(tmp, ns, mode);
     }
     else if(type.id()==ID_bv)
     {
@@ -342,7 +373,7 @@ json_objectt json(
     else if(type.id()==ID_c_bool)
     {
       result["name"]=json_stringt("integer");
-      result["c_type"]=json_stringt("_Bool");
+      result["type"]=json_stringt("_Bool");
       result["binary"]=json_stringt(expr.get_string(ID_value));
       mp_integer b;
       to_integer(to_constant_expr(expr), b);
@@ -369,7 +400,7 @@ json_objectt json(
     {
       json_objectt &e=elements.push_back().make_object();
       e["index"]=json_numbert(std::to_string(index));
-      e["value"]=json(*it, ns);
+      e["value"]=json(*it, ns, mode);
       index++;
     }
   }
@@ -388,7 +419,7 @@ json_objectt json(
       for(unsigned m=0; m<expr.operands().size(); m++)
       {
         json_objectt &e=members.push_back().make_object();
-        e["value"]=json(expr.operands()[m], ns);
+        e["value"]=json(expr.operands()[m], ns, mode);
         e["name"]=json_stringt(id2string(components[m].get_name()));
       }
     }
@@ -400,7 +431,7 @@ json_objectt json(
     assert(expr.operands().size()==1);
 
     json_objectt &e=result["member"].make_object();
-    e["value"]=json(expr.op0(), ns);
+    e["value"]=json(expr.op0(), ns, mode);
     e["name"]=json_stringt(id2string(to_union_expr(expr).get_component_name()));
   }
   else
diff --git a/src/util/json_expr.h b/src/util/json_expr.h
index 702ad74ac59..61f6977a1ff 100644
--- a/src/util/json_expr.h
+++ b/src/util/json_expr.h
@@ -10,6 +10,7 @@ Author: Peter Schrammel
 #define CPROVER_UTIL_JSON_EXPR_H
 
 #include "json.h"
+#include "irep.h"
 
 class source_locationt;
 class typet;
@@ -18,11 +19,13 @@ class namespacet;
 
 json_objectt json(
   const exprt &,
-  const namespacet &);
+  const namespacet &,
+  const irep_idt &mode=ID_unknown);
 
 json_objectt json(
   const typet &,
-  const namespacet &);
+  const namespacet &,
+  const irep_idt &mode=ID_unknown);
 
 json_objectt json(const source_locationt &);
 

From d41448fb172be7d2c3897fde5139fa02b365e251 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Mon, 5 Jun 2017 12:39:02 +0100
Subject: [PATCH 277/699] Call to lookup that does not throw when symbol is not
 found

---
 src/goto-programs/json_goto_trace.cpp | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/src/goto-programs/json_goto_trace.cpp b/src/goto-programs/json_goto_trace.cpp
index 460379bc0f0..0103cd799e0 100644
--- a/src/goto-programs/json_goto_trace.cpp
+++ b/src/goto-programs/json_goto_trace.cpp
@@ -146,8 +146,13 @@ void convert(
         json_output["outputID"]=json_stringt(id2string(step.io_id));
 
         // Recovering the mode from the function
-        symbolt function_name=ns.lookup(source_location.get_function());
-        irep_idt mode=function_name.mode;
+        irep_idt mode;
+        const symbolt *function_name;
+        if(ns.lookup(source_location.get_function(), function_name))
+          // Failed to find symbol
+          mode=ID_unknown;
+        else
+          mode=function_name->mode;
         json_arrayt &json_values=json_output["values"].make_array();
 
         for(const auto &arg : step.io_args)

From c61d0951a32c5fa09d7452b83529a6c96535004f Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Fri, 26 May 2017 18:03:12 +0100
Subject: [PATCH 278/699] Improve constructor and copy of strings

We now assign strings in one step instead of field by field.
This makes constant propagation work better in later step of the
analysis.

This is necessary for the implementation of String.replace().
---
 .../java_string_library_preprocess.cpp        | 284 +++++++++++++++---
 .../java_string_library_preprocess.h          |  16 +
 2 files changed, 252 insertions(+), 48 deletions(-)

diff --git a/src/java_bytecode/java_string_library_preprocess.cpp b/src/java_bytecode/java_string_library_preprocess.cpp
index 199d472ea0e..067812974e0 100644
--- a/src/java_bytecode/java_string_library_preprocess.cpp
+++ b/src/java_bytecode/java_string_library_preprocess.cpp
@@ -1013,41 +1013,80 @@ string_exprt java_string_library_preprocesst::
 /*******************************************************************\
 
 Function: java_string_library_preprocesst::
-            code_assign_string_expr_to_java_string
+            code_assign_components_to_java_string
 
   Inputs:
-    lhs - an expression representing a java string
-    rhs - a string expression
+    lhs - expression representing the java string to assign to
+    rhs_array - pointer to the array to assign
+    rhs_length - length of the array to assign
     symbol_table - symbol table
 
   Output: return the following code:
-          > lhs->length=rhs.length
-          > lhs->data=&rhs.data
+          > lhs = { {Object}, length=rhs_length, data=rhs_array }
+
+ Purpose: Produce code for an assignemnrt of a string expr to a
+          Java string, component-wise.
 
 \*******************************************************************/
 
-codet java_string_library_preprocesst::code_assign_string_expr_to_java_string(
+codet java_string_library_preprocesst::code_assign_components_to_java_string(
   const exprt &lhs,
-  const string_exprt &rhs,
+  const exprt &rhs_array,
+  const exprt &rhs_length,
   symbol_tablet &symbol_table)
 {
   assert(implements_java_char_sequence(lhs.type()));
   dereference_exprt deref(lhs, lhs.type().subtype());
 
-  // Fields of the string object
-  exprt lhs_length=get_length(deref, symbol_table);
-  exprt lhs_data=get_data(deref, symbol_table);
-
-  // Assignments
   code_blockt code;
-  code.add(code_assignt(lhs_length, rhs.length()));
-  code.add(
-    code_assignt(lhs_data, address_of_exprt(rhs.content())));
+
+  // A String has a field Object with @clsid = String and @lock = false:
+  const symbolt &jlo_symbol=symbol_table.lookup("java::java.lang.Object");
+  const struct_typet &jlo_struct=to_struct_type(jlo_symbol.type);
+  struct_exprt jlo_init(jlo_struct);
+  jlo_init.copy_to_operands(constant_exprt(
+    "java::java.lang.String", jlo_struct.components()[0].type()));
+  jlo_init.copy_to_operands(from_integer(0, jlo_struct.components()[1].type()));
+
+  struct_exprt struct_rhs(deref.type());
+  struct_rhs.copy_to_operands(jlo_init);
+  struct_rhs.copy_to_operands(rhs_length);
+  struct_rhs.copy_to_operands(rhs_array);
+  code.add(code_assignt(
+    dereference_exprt(lhs, lhs.type().subtype()), struct_rhs));
+
   return code;
 }
 
 /*******************************************************************\
 
+Function: java_string_library_preprocesst::
+            code_assign_string_expr_to_java_string
+
+  Inputs:
+    lhs - an expression representing a java string
+    rhs - a string expression
+    symbol_table - symbol table
+
+  Output: return the following code:
+          > lhs = { {Object}, length=rhs.length, data=rhs.data }
+
+ Purpose: Produce code for an assignemnt of a string expr to a Java
+          string.
+
+\*******************************************************************/
+
+codet java_string_library_preprocesst::code_assign_string_expr_to_java_string(
+  const exprt &lhs,
+  const string_exprt &rhs,
+  symbol_tablet &symbol_table)
+{
+  return code_assign_components_to_java_string(
+    lhs, address_of_exprt(rhs.content()), rhs.length(), symbol_table);
+}
+
+/*******************************************************************\
+
 Function: java_string_library_preprocesst::
             code_assign_string_expr_to_new_java_string
 
@@ -1058,8 +1097,11 @@ Function: java_string_library_preprocesst::
     symbol_table - symbol table
 
   Output: return the following code:
-          > lhs->length=rhs.length
-          > lhs->data=&rhs.data
+          > data = new array[];
+          > *data = rhs.data;
+          > lhs = { {Object} , length=rhs.length, data=data}
+
+ Purpose: Produce code for an assignment of a string from a string expr.
 
 \*******************************************************************/
 
@@ -1073,19 +1115,15 @@ codet java_string_library_preprocesst::
   assert(implements_java_char_sequence(lhs.type()));
   dereference_exprt deref(lhs, lhs.type().subtype());
 
-  // Fields of the string object
-  exprt lhs_length=get_length(deref, symbol_table);
-  exprt lhs_data=get_data(deref, symbol_table);
-
-  // Assignments
   code_blockt code;
-  // new array <- malloc(char[])
   exprt new_array=allocate_fresh_array(
     get_data_type(deref.type(), symbol_table), loc, symbol_table, code);
   code.add(code_assignt(
     dereference_exprt(new_array, new_array.type().subtype()), rhs.content()));
-  code.add(code_assignt(lhs_length, rhs.length()));
-  code.add(code_assignt(lhs_data, new_array));
+
+  code.add(code_assign_components_to_java_string(
+    lhs, new_array, rhs.length(), symbol_table));
+
   return code;
 }
 
@@ -1730,6 +1768,7 @@ codet java_string_library_preprocesst::make_function_from_call(
 
   Outputs: Code corresponding to:
           > string_expr = function_name(args)
+          > string = new String
           > string = string_expr_to_string(string)
           > return string
 
@@ -1756,11 +1795,11 @@ codet java_string_library_preprocesst::
   string_exprt string_expr=string_expr_of_function_application(
     function_name, arguments, loc, symbol_table, code);
 
-  // Assigning string_expr to symbol for keeping track of it
+  // Assign string_expr to symbol to keep track of it
   exprt string_expr_sym=fresh_string_expr_symbol(loc, symbol_table, code);
   code.add(code_assignt(string_expr_sym, string_expr));
 
-  // Assigning to string
+  // Assign to string
   exprt str=allocate_fresh_string(type.return_type(), loc, symbol_table, code);
   code.add(code_assign_string_expr_to_new_java_string(
     str, string_expr, loc, symbol_table));
@@ -1772,6 +1811,108 @@ codet java_string_library_preprocesst::
 
 /*******************************************************************\
 
+Function:
+    java_string_library_preprocesst::make_copy_string_code
+
+  Inputs:
+    type - type of the function
+    loc - location in the source
+    symbol_table - symbol table
+
+ Outputs: Code corresponding to:
+          > string_expr = string_to_string_expr(arg0)
+          > string_expr_sym = { string_expr.length; string_expr.content }
+          > str = new String
+          > str = string_expr_to_string(string_expr)
+          > return str
+
+ Purpose: Generates code for a function which copies a string object to a new
+          string object.
+
+\*******************************************************************/
+
+codet java_string_library_preprocesst::make_copy_string_code(
+  const code_typet &type,
+  const source_locationt &loc,
+  symbol_tablet &symbol_table)
+{
+  // Code for the output
+  code_blockt code;
+
+  // String expression that will hold the result
+  string_exprt string_expr=fresh_string_expr(loc, symbol_table, code);
+
+  // Assign the argument to string_expr
+  code_typet::parametert op=type.parameters()[0];
+  symbol_exprt arg0(op.get_identifier(), op.type());
+  code.add(code_assign_java_string_to_string_expr(
+    string_expr, arg0, symbol_table));
+
+  // Assign string_expr to string_expr_sym
+  exprt string_expr_sym=fresh_string_expr_symbol(loc, symbol_table, code);
+  code.add(code_assignt(string_expr_sym, string_expr));
+
+  // Allocate and assign the string
+  exprt str=allocate_fresh_string(type.return_type(), loc, symbol_table, code);
+  code.add(code_assign_string_expr_to_new_java_string(
+    str, string_expr, loc, symbol_table));
+
+  // Return value
+  code.add(code_returnt(str));
+  return code;
+}
+
+/*******************************************************************\
+
+Function:
+    java_string_library_preprocesst::make_copy_constructor_code
+
+  Inputs:
+    type - type of the function
+    loc - location in the source
+    symbol_table - symbol table
+
+ Outputs: Code corresponding to:
+           > string_expr = java_string_to_string_expr(arg1)
+           > string_expr_sym = { string_expr.length; string_expr.content }
+           > this = string_expr_to_java_string(string_expr)
+
+ Purpose: Generates code for a constructor of a string object from another
+          string object.
+
+\*******************************************************************/
+
+codet java_string_library_preprocesst::make_copy_constructor_code(
+  const code_typet &type,
+  const source_locationt &loc,
+  symbol_tablet &symbol_table)
+{
+  // Code for the output
+  code_blockt code;
+
+  // String expression that will hold the result
+  string_exprt string_expr=fresh_string_expr(loc, symbol_table, code);
+
+  // Assign argument to a string_expr
+  code_typet::parameterst params=type.parameters();
+  symbol_exprt arg1(params[1].get_identifier(), params[1].type());
+  code.add(code_assign_java_string_to_string_expr(
+    string_expr, arg1, symbol_table));
+
+  // Assign string_expr to symbol to keep track of it
+  exprt string_expr_sym=fresh_string_expr_symbol(loc, symbol_table, code);
+  code.add(code_assignt(string_expr_sym, string_expr));
+
+  // Assign string_expr to `this` object
+  symbol_exprt arg_this(params[0].get_identifier(), params[0].type());
+  code.add(code_assign_string_expr_to_new_java_string(
+    arg_this, string_expr, loc, symbol_table));
+
+  return code;
+}
+
+/*******************************************************************\
+
 Function: java_string_library_preprocesst::code_for_function
 
   Inputs:
@@ -1866,12 +2007,22 @@ void java_string_library_preprocesst::initialize_conversion_table()
                                                "java.lang.StringBuffer"};
 
   // String library
-  cprover_equivalent_to_java_constructor
+  conversion_table
     ["java::java.lang.String.<init>:(Ljava/lang/String;)V"]=
-      ID_cprover_string_copy_func;
-  cprover_equivalent_to_java_constructor
+      std::bind(
+        &java_string_library_preprocesst::make_copy_constructor_code,
+        this,
+        std::placeholders::_1,
+        std::placeholders::_2,
+        std::placeholders::_3);
+  conversion_table
     ["java::java.lang.String.<init>:(Ljava/lang/StringBuilder;)V"]=
-      ID_cprover_string_copy_func;
+      std::bind(
+        &java_string_library_preprocesst::make_copy_constructor_code,
+        this,
+        std::placeholders::_1,
+        std::placeholders::_2,
+        std::placeholders::_3);
   cprover_equivalent_to_java_constructor
     ["java::java.lang.String.<init>:([C)V"]=
       ID_cprover_string_copy_func;
@@ -2038,9 +2189,14 @@ void java_string_library_preprocesst::initialize_conversion_table()
   // Not supported "java.lang.String.valueOf:(LObject;)"
 
   // StringBuilder library
-  cprover_equivalent_to_java_constructor
+  conversion_table
     ["java::java.lang.StringBuilder.<init>:(Ljava/lang/String;)V"]=
-      ID_cprover_string_copy_func;
+      std::bind(
+        &java_string_library_preprocesst::make_copy_constructor_code,
+        this,
+        std::placeholders::_1,
+        std::placeholders::_2,
+        std::placeholders::_3);
   cprover_equivalent_to_java_constructor
     ["java::java.lang.StringBuilder.<init>:()V"]=
       ID_cprover_string_empty_string_func;
@@ -2056,18 +2212,27 @@ void java_string_library_preprocesst::initialize_conversion_table()
       "Ljava/lang/StringBuilder;"]=
       ID_cprover_string_concat_func;
   // Not supported: "java.lang.StringBuilder.append:([CII)"
-  // Not supported: "java.lang.StringBuilder.append:(LCharSequence;)"
+
+  cprover_equivalent_to_java_assign_and_return_function
+    ["java::java.lang.StringBuilder.append:(Ljava/lang/CharSequence;II)"
+      "Ljava/lang/StringBuilder;"]=
+      ID_cprover_string_concat_func;
+  cprover_equivalent_to_java_assign_and_return_function
+    ["java::java.lang.StringBuilder.append:(Ljava/lang/CharSequence;)"
+      "Ljava/lang/StringBuilder;"]=
+      ID_cprover_string_concat_func;
+
   cprover_equivalent_to_java_assign_and_return_function
     ["java::java.lang.StringBuilder.append:(D)Ljava/lang/StringBuilder;"]=
       ID_cprover_string_concat_double_func;
-  conversion_table["java::java.lang.StringBuilder.append:"
-                   "(F)Ljava/lang/StringBuilder;"]=
-    std::bind(
-      &java_string_library_preprocesst::make_string_builder_append_float_code,
-      this,
-      std::placeholders::_1,
-      std::placeholders::_2,
-      std::placeholders::_3);
+  conversion_table
+    ["java::java.lang.StringBuilder.append:(F)Ljava/lang/StringBuilder;"]=
+      std::bind(
+        &java_string_library_preprocesst::make_string_builder_append_float_code,
+        this,
+        std::placeholders::_1,
+        std::placeholders::_2,
+        std::placeholders::_3);
   cprover_equivalent_to_java_assign_and_return_function
     ["java::java.lang.StringBuilder.append:(I)Ljava/lang/StringBuilder;"]=
       ID_cprover_string_concat_int_func;
@@ -2161,16 +2326,26 @@ void java_string_library_preprocesst::initialize_conversion_table()
   cprover_equivalent_to_java_string_returning_function
     ["java::java.lang.StringBuilder.substring:(I)Ljava/lang/String;"]=
       ID_cprover_string_substring_func;
-  cprover_equivalent_to_java_string_returning_function
+  conversion_table
     ["java::java.lang.StringBuilder.toString:()Ljava/lang/String;"]=
-      ID_cprover_string_copy_func;
+      std::bind(
+        &java_string_library_preprocesst::make_copy_string_code,
+        this,
+        std::placeholders::_1,
+        std::placeholders::_2,
+        std::placeholders::_3);
   // Not supported "java.lang.StringBuilder.trimToSize"
   // TODO clean irep ids from insert_char_array etc...
 
   // StringBuffer library
-  cprover_equivalent_to_java_constructor
+  conversion_table
     ["java::java.lang.StringBuffer.<init>:(Ljava/lang/String;)V"]=
-      ID_cprover_string_copy_func;
+      std::bind(
+        &java_string_library_preprocesst::make_copy_constructor_code,
+        this,
+        std::placeholders::_1,
+        std::placeholders::_2,
+        std::placeholders::_3);
   cprover_equivalent_to_java_constructor
     ["java::java.lang.StringBuffer.<init>:()V"]=
       ID_cprover_string_empty_string_func;
@@ -2278,15 +2453,28 @@ void java_string_library_preprocesst::initialize_conversion_table()
   cprover_equivalent_to_java_string_returning_function
     ["java::java.lang.StringBuffer.substring:(I)Ljava/lang/String;"]=
       ID_cprover_string_substring_func;
-  cprover_equivalent_to_java_string_returning_function
+  conversion_table
     ["java::java.lang.StringBuffer.toString:()Ljava/lang/String;"]=
-      ID_cprover_string_copy_func;
+      std::bind(
+        &java_string_library_preprocesst::make_copy_string_code,
+        this,
+        std::placeholders::_1,
+        std::placeholders::_2,
+        std::placeholders::_3);
   // Not supported "java.lang.StringBuffer.trimToSize"
 
   // Other libraries
   cprover_equivalent_to_java_function
     ["java::java.lang.CharSequence.charAt:(I)C"]=
       ID_cprover_string_char_at_func;
+  conversion_table
+    ["java::java.lang.CharSequence.toString:()Ljava/lang/String;"]=
+      std::bind(
+        &java_string_library_preprocesst::make_copy_string_code,
+        this,
+        std::placeholders::_1,
+        std::placeholders::_2,
+        std::placeholders::_3);
   conversion_table
     ["java::java.lang.Float.toString:(F)Ljava/lang/String;"]=
       std::bind(
diff --git a/src/java_bytecode/java_string_library_preprocess.h b/src/java_bytecode/java_string_library_preprocess.h
index f9bfb8cffc6..16ab5cfc6a9 100644
--- a/src/java_bytecode/java_string_library_preprocess.h
+++ b/src/java_bytecode/java_string_library_preprocess.h
@@ -136,6 +136,16 @@ class java_string_library_preprocesst:public messaget
     const source_locationt &loc,
     symbol_tablet &symbol_table);
 
+  codet make_copy_string_code(
+    const code_typet &type,
+    const source_locationt &loc,
+    symbol_tablet &symbol_table);
+
+  codet make_copy_constructor_code(
+    const code_typet &type,
+    const source_locationt &loc,
+    symbol_tablet &symbol_table);
+
   // Auxiliary functions
   codet code_for_scientific_notation(
     const exprt &arg,
@@ -251,6 +261,12 @@ class java_string_library_preprocesst:public messaget
     symbol_tablet &symbol_table,
     code_blockt &code);
 
+  codet code_assign_components_to_java_string(
+    const exprt &lhs,
+    const exprt &rhs_array,
+    const exprt &rhs_length,
+    symbol_tablet &symbol_table);
+
   codet code_assign_string_expr_to_java_string(
     const exprt &lhs, const string_exprt &rhs, symbol_tablet &symbol_table);
 

From 985baf18ae92682cb80c958ed461005f22e6e36a Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Thu, 8 Jun 2017 17:21:31 +0100
Subject: [PATCH 279/699] Take care of cases where the symbol exists in table
 diffblue/test-gen#480

In add_string_type, instead of deleting the symbol from the symbol
table and then adding one with the same name, we use symbol.move to
get a pointer to the existing symbol if it exist or create a new one.
---
 .../java_string_library_preprocess.cpp        | 25 +++++++++----------
 1 file changed, 12 insertions(+), 13 deletions(-)

diff --git a/src/java_bytecode/java_string_library_preprocess.cpp b/src/java_bytecode/java_string_library_preprocess.cpp
index 199d472ea0e..b7fdc52b18d 100644
--- a/src/java_bytecode/java_string_library_preprocess.cpp
+++ b/src/java_bytecode/java_string_library_preprocess.cpp
@@ -260,8 +260,9 @@ typet string_data_type(symbol_tablet symbol_table)
 {
   symbolt sym=symbol_table.lookup("java::java.lang.String");
   typet concrete_type=sym.type;
-  // TODO: Check that this is indeed the 'length' field.
-  typet data_type=to_struct_type(concrete_type).components()[2].type();
+  struct_typet struct_type=to_struct_type(concrete_type);
+  std::size_t index=struct_type.component_number("data");
+  typet data_type=struct_type.components()[index].type();
   return data_type;
 }
 
@@ -312,17 +313,15 @@ void java_string_library_preprocesst::add_string_type(
     array_typet(java_char_type(), infinity_exprt(string_length_type())));
   string_type.add_base(symbol_typet("java::java.lang.Object"));
 
-  symbolt string_symbol;
-  string_symbol.name="java::"+id2string(class_name);
-  string_symbol.base_name=id2string(class_name);
-  string_symbol.pretty_name=id2string(class_name);
-  string_symbol.type=string_type;
-  string_symbol.is_type=true;
-
-  // Overwrite any pre-existing symbol in the table, e.g. created by
-  // a loaded model.
-  symbol_table.remove(string_symbol.name);
-  assert(!symbol_table.add(string_symbol));
+  std::string name="java::"+id2string(class_name);
+  symbolt tmp_string_symbol;
+  tmp_string_symbol.name=name;
+  symbolt *string_symbol;
+  symbol_table.move(tmp_string_symbol, string_symbol);
+  string_symbol->base_name=id2string(class_name);
+  string_symbol->pretty_name=id2string(class_name);
+  string_symbol->type=string_type;
+  string_symbol->is_type=true;
 }
 
 /*******************************************************************\

From 9936ddbdbc659f340bd0c1d7ced8982c5d2f43d0 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Fri, 9 Jun 2017 09:25:03 +0100
Subject: [PATCH 280/699] Improvements following review on PR#995

Avoid declaration of name used only once.

Initialize pointer with nullptr
---
 src/java_bytecode/java_string_library_preprocess.cpp | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/src/java_bytecode/java_string_library_preprocess.cpp b/src/java_bytecode/java_string_library_preprocess.cpp
index b7fdc52b18d..c965db52ac3 100644
--- a/src/java_bytecode/java_string_library_preprocess.cpp
+++ b/src/java_bytecode/java_string_library_preprocess.cpp
@@ -313,10 +313,9 @@ void java_string_library_preprocesst::add_string_type(
     array_typet(java_char_type(), infinity_exprt(string_length_type())));
   string_type.add_base(symbol_typet("java::java.lang.Object"));
 
-  std::string name="java::"+id2string(class_name);
   symbolt tmp_string_symbol;
-  tmp_string_symbol.name=name;
-  symbolt *string_symbol;
+  tmp_string_symbol.name="java::"+id2string(class_name);
+  symbolt *string_symbol=nullptr;
   symbol_table.move(tmp_string_symbol, string_symbol);
   string_symbol->base_name=id2string(class_name);
   string_symbol->pretty_name=id2string(class_name);

From 62d355cc7622883c2b6f27bca69fdf4e4a4a735c Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Mon, 5 Jun 2017 13:05:18 +0100
Subject: [PATCH 281/699] Use the from_type function to get string for the type

---
 src/util/json_expr.cpp | 42 +++++++++++++-----------------------------
 1 file changed, 13 insertions(+), 29 deletions(-)

diff --git a/src/util/json_expr.cpp b/src/util/json_expr.cpp
index 404b247565d..c992a51c561 100644
--- a/src/util/json_expr.cpp
+++ b/src/util/json_expr.cpp
@@ -15,6 +15,8 @@ Author: Peter Schrammel
 #include "std_expr.h"
 #include "config.h"
 #include "identifier.h"
+#include "language.h"
+#include <langapi/mode.h>
 
 #include "json_expr.h"
 
@@ -272,38 +274,20 @@ json_objectt json(
         type.id()==ID_c_bit_field?type.subtype():
         type;
 
-      bool is_signed=underlying_type.id()==ID_signedbv;
-
-      if(mode==ID_C)
-      {
-        std::string sig=is_signed?"":"unsigned ";
-        if(width==config.ansi_c.char_width)
-          result["type"]=json_stringt(sig+"char");
-        else if(width==config.ansi_c.int_width)
-          result["type"]=json_stringt(sig+"int");
-        else if(width==config.ansi_c.short_int_width)
-          result["type"]=json_stringt(sig+"short int");
-        else if(width==config.ansi_c.long_int_width)
-          result["type"]=json_stringt(sig+"long int");
-        else if(width==config.ansi_c.long_long_int_width)
-          result["type"]=json_stringt(sig+"long long int");
-        else
-          assert(false && "unknown C type");
-      }
-      else if(mode==ID_java)
+      languaget *lang;
+      if(mode==ID_unknown)
+        lang=get_default_language();
+      else
       {
-        if(width==8 && is_signed)
-          result["type"]=json_stringt("byte");
-        else if(width==16 && is_signed)
-          result["type"]=json_stringt("short");
-        else if(width==16 && !is_signed)
-          result["type"]=json_stringt("char");
-        else if(width==32 && is_signed)
-          result["type"]=json_stringt("int");
-        else if(width==64 && is_signed)
-          result["type"]=json_stringt("long");
+        lang=get_language_from_mode(mode);
+        if(!lang)
+          lang=get_default_language();
       }
 
+      std::string type_string;
+      if(!lang->from_type(underlying_type, type_string, ns))
+        result["type"]=json_stringt(type_string);
+
       mp_integer i;
       if(!to_integer(expr, i))
         result["data"]=json_stringt(integer2string(i));

From fd80fe6be634a429981ab9b9ee576c284e484ce5 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Wed, 7 Jun 2017 09:17:57 +0100
Subject: [PATCH 282/699] Adding assertion to make sure "type" field is always
 set

---
 src/util/json_expr.cpp | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/util/json_expr.cpp b/src/util/json_expr.cpp
index c992a51c561..097fa943ac1 100644
--- a/src/util/json_expr.cpp
+++ b/src/util/json_expr.cpp
@@ -287,6 +287,8 @@ json_objectt json(
       std::string type_string;
       if(!lang->from_type(underlying_type, type_string, ns))
         result["type"]=json_stringt(type_string);
+      else
+        assert(false && "unknown type");
 
       mp_integer i;
       if(!to_integer(expr, i))

From b0b8bbccc2817d4cd671b94a4509ee1672d39cb4 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Wed, 7 Jun 2017 09:48:28 +0100
Subject: [PATCH 283/699] Adding assertions to prevent the "data" field from
 not being set

---
 src/util/json_expr.cpp | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/util/json_expr.cpp b/src/util/json_expr.cpp
index 097fa943ac1..d2d3550e6ff 100644
--- a/src/util/json_expr.cpp
+++ b/src/util/json_expr.cpp
@@ -293,6 +293,8 @@ json_objectt json(
       mp_integer i;
       if(!to_integer(expr, i))
         result["data"]=json_stringt(integer2string(i));
+      else
+        assert(false && "could not convert data to integer");
     }
     else if(type.id()==ID_c_enum)
     {
@@ -304,6 +306,8 @@ json_objectt json(
       mp_integer i;
       if(!to_integer(expr, i))
         result["data"]=json_stringt(integer2string(i));
+      else
+        assert(false && "could not convert data to integer");
     }
     else if(type.id()==ID_c_enum_tag)
     {

From 2c27b416b74383e7d7bac21cd6e3459ee47bd1b3 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Thu, 8 Jun 2017 09:54:49 +0100
Subject: [PATCH 284/699] Assertion to forbid calling json() with nil values

json() does not deal with nil expression and would just give "name" :
"unknown". On the other hand nil expression should not make it to that
stage so it would probably denotes an error.
---
 src/goto-programs/json_goto_trace.cpp | 17 ++++++-----------
 1 file changed, 6 insertions(+), 11 deletions(-)

diff --git a/src/goto-programs/json_goto_trace.cpp b/src/goto-programs/json_goto_trace.cpp
index 0103cd799e0..694466aec2b 100644
--- a/src/goto-programs/json_goto_trace.cpp
+++ b/src/goto-programs/json_goto_trace.cpp
@@ -92,13 +92,8 @@ void convert(
         std::string value_string, binary_string, type_string, full_lhs_string;
         json_objectt full_lhs_value;
 
-        if(step.full_lhs.is_not_nil())
-          full_lhs_string=from_expr(ns, identifier, step.full_lhs);
-
-#if 0
-        if(it.full_lhs_value.is_not_nil())
-          full_lhs_value_string=from_expr(ns, identifier, it.full_lhs_value);
-#endif
+        assert(step.full_lhs.is_not_nil());
+        full_lhs_string=from_expr(ns, identifier, step.full_lhs);
 
         const symbolt *symbol;
         irep_idt base_name, display_name;
@@ -111,13 +106,13 @@ void convert(
             type_string=from_type(ns, identifier, symbol->type);
 
           json_assignment["mode"]=json_stringt(id2string(symbol->mode));
-          if(step.full_lhs_value.is_not_nil())
-            full_lhs_value=json(step.full_lhs_value, ns, symbol->mode);
+          assert(step.full_lhs_value.is_not_nil());
+          full_lhs_value=json(step.full_lhs_value, ns, symbol->mode);
         }
         else
         {
-          if(step.full_lhs_value.is_not_nil())
-            full_lhs_value=json(step.full_lhs_value, ns);
+          assert(step.full_lhs_value.is_not_nil());
+          full_lhs_value=json(step.full_lhs_value, ns);
         }
 
         json_assignment["value"]=full_lhs_value;

From 770728742fa094fef3bbe8e84b94d9d4150436e6 Mon Sep 17 00:00:00 2001
From: Cristina <cristina.david@gmail.com>
Date: Thu, 8 Jun 2017 15:05:21 +0100
Subject: [PATCH 285/699] Always push the current exceptional return variable
 on the stack before converting an exception handler

---
 src/goto-programs/remove_exceptions.cpp       |  4 +-
 .../java_bytecode_convert_method.cpp          | 67 ++++++++-----------
 src/java_bytecode/java_entry_point.cpp        | 19 +++---
 3 files changed, 42 insertions(+), 48 deletions(-)

diff --git a/src/goto-programs/remove_exceptions.cpp b/src/goto-programs/remove_exceptions.cpp
index 5726831804f..3cac66456d0 100644
--- a/src/goto-programs/remove_exceptions.cpp
+++ b/src/goto-programs/remove_exceptions.cpp
@@ -90,8 +90,8 @@ void remove_exceptionst::add_exceptional_returns(
   if(goto_program.empty())
     return;
 
-  // the entry function has already been added to the symbol table
-  // if you find it, initialise it
+  // some methods (e.g. the entry method) have already been added to
+  // the symbol table; if you find it, initialise it
   if(symbol_table.has_symbol(id2string(function_id)+EXC_SUFFIX))
   {
     const symbolt &symbol=
diff --git a/src/java_bytecode/java_bytecode_convert_method.cpp b/src/java_bytecode/java_bytecode_convert_method.cpp
index 9e295f2dcc6..1c469b01ffb 100644
--- a/src/java_bytecode/java_bytecode_convert_method.cpp
+++ b/src/java_bytecode/java_bytecode_convert_method.cpp
@@ -20,6 +20,7 @@ Author: Daniel Kroening, kroening@kroening.com
 #include <linking/zero_initializer.h>
 
 #include <goto-programs/cfg.h>
+#include <goto-programs/remove_exceptions.h>
 #include <analyses/cfg_dominators.h>
 
 #include "java_bytecode_convert_method.h"
@@ -1305,48 +1306,37 @@ codet java_bytecode_convert_methodt::convert_instructions(
       statement=std::string(id2string(statement), 0, statement.size()-2);
     }
 
-    // we throw away the first statement in an exception handler
-    // as we don't know if a function call had a normal or exceptional return
     auto it=method.exception_table.begin();
     for(; it!=method.exception_table.end(); ++it)
     {
       if(cur_pc==it->handler_pc)
       {
-        exprt exc_var=variable(
-          arg0, statement[0],
-          i_it->address,
-          NO_CAST);
-
-        // throw away the operands
-        pop_residue(bytecode_info.pop);
-
-        // add a CATCH-PUSH signaling a handler
-        side_effect_expr_catcht catch_handler_expr;
-        // pack the exception variable so that it can be used
-        // later for instrumentation
-        catch_handler_expr.get_sub().resize(1);
-        catch_handler_expr.get_sub()[0]=exc_var;
-
-        code_expressiont catch_handler(catch_handler_expr);
-        code_labelt newlabel(label(std::to_string(cur_pc)),
-                             code_blockt());
-
-        code_blockt label_block=to_code_block(newlabel.code());
-        code_blockt handler_block;
-        handler_block.move_to_operands(c);
-        handler_block.move_to_operands(catch_handler);
-        handler_block.move_to_operands(label_block);
-        c=handler_block;
-        break;
+        // at the beginning of a handler, clear the stack and
+        // push the corresponding exceptional return variable
+        stack.clear();
+        auxiliary_symbolt new_symbol;
+        new_symbol.is_static_lifetime=true;
+        int file_name_length=
+          id2string(method.source_location.get_file()).size();
+        // remove the file extension
+        const std::string &file_name=
+          id2string(method.source_location.get_file()).
+             substr(0, file_name_length-5);
+        // generate the name of the exceptional return variable
+        const std::string &exceptional_var_name=
+          "java::"+file_name+"."+
+          id2string(method.name)+":"+
+          id2string(method.signature)+
+          EXC_SUFFIX;
+        new_symbol.base_name=exceptional_var_name;
+        new_symbol.name=exceptional_var_name;
+        new_symbol.type=typet(ID_pointer, empty_typet());
+        new_symbol.mode=ID_java;
+        symbol_table.add(new_symbol);
+        stack.push_back(new_symbol.symbol_expr());
       }
     }
 
-    if(it!=method.exception_table.end())
-    {
-      // go straight to the next statement
-      continue;
-    }
-
     exprt::operandst op=pop(bytecode_info.pop);
     exprt::operandst results;
     results.resize(bytecode_info.push, nil_exprt());
@@ -2407,6 +2397,10 @@ codet java_bytecode_convert_methodt::convert_instructions(
       results[1]=op[0];
       results[0]=op[1];
     }
+    else if(statement=="nop")
+    {
+      c=code_skipt();
+    }
     else
     {
       c=codet(statement);
@@ -2533,9 +2527,7 @@ codet java_bytecode_convert_methodt::convert_instructions(
       address_mapt::iterator a_it2=address_map.find(address);
       assert(a_it2!=address_map.end());
 
-      // we don't worry about exception handlers as we don't load the
-      // operands from the stack anyway -- we keep explicit global
-      // exception variables
+      // clear the stack if this is an exception handler
       for(const auto &exception_row : method.exception_table)
       {
         if(address==exception_row.handler_pc)
@@ -2604,7 +2596,6 @@ codet java_bytecode_convert_methodt::convert_instructions(
               c.copy_to_operands(*o_it);
         }
       }
-
       a_it2->second.stack=stack;
     }
   }
diff --git a/src/java_bytecode/java_entry_point.cpp b/src/java_bytecode/java_entry_point.cpp
index a16959b96da..0e7c0c14b51 100644
--- a/src/java_bytecode/java_entry_point.cpp
+++ b/src/java_bytecode/java_entry_point.cpp
@@ -589,14 +589,17 @@ bool java_entry_point(
     call_main.lhs()=return_symbol.symbol_expr();
   }
 
-  // add the exceptional return value
-  auxiliary_symbolt exc_symbol;
-  exc_symbol.mode=ID_C;
-  exc_symbol.is_static_lifetime=false;
-  exc_symbol.name=id2string(symbol.name)+EXC_SUFFIX;
-  exc_symbol.base_name=id2string(symbol.name)+EXC_SUFFIX;
-  exc_symbol.type=typet(ID_pointer, empty_typet());
-  symbol_table.add(exc_symbol);
+  if(!symbol_table.has_symbol(id2string(symbol.name)+EXC_SUFFIX))
+  {
+    // add the exceptional return value
+    auxiliary_symbolt exc_symbol;
+    exc_symbol.mode=ID_C;
+    exc_symbol.is_static_lifetime=false;
+    exc_symbol.name=id2string(symbol.name)+EXC_SUFFIX;
+    exc_symbol.base_name=id2string(symbol.name)+EXC_SUFFIX;
+    exc_symbol.type=typet(ID_pointer, empty_typet());
+    symbol_table.add(exc_symbol);
+  }
 
   exprt::operandst main_arguments=
     java_build_arguments(

From bb9c28ac6768c2d3bcb37a158139489c5df9b80a Mon Sep 17 00:00:00 2001
From: Cristina <cristina.david@gmail.com>
Date: Thu, 8 Jun 2017 17:32:35 +0100
Subject: [PATCH 286/699] Added regression test capturing an exception handler
 that does not start with astore

---
 .../exceptions19/exception_handler.class      | Bin 0 -> 254 bytes
 .../exceptions19/exception_handler.j          |  25 ++++++++++++++++++
 regression/cbmc-java/exceptions19/test.desc   |   8 ++++++
 3 files changed, 33 insertions(+)
 create mode 100644 regression/cbmc-java/exceptions19/exception_handler.class
 create mode 100644 regression/cbmc-java/exceptions19/exception_handler.j
 create mode 100644 regression/cbmc-java/exceptions19/test.desc

diff --git a/regression/cbmc-java/exceptions19/exception_handler.class b/regression/cbmc-java/exceptions19/exception_handler.class
new file mode 100644
index 0000000000000000000000000000000000000000..a274bf56dfb91f308560f74850f522fe47989d8e
GIT binary patch
literal 254
zcmZWj%?`m}5S*>*AEk{4;D|%LfVc=JiGxJqBvl{UG_5oxUaJ=p67C*KYzYqbu#?%D
z+06ZMz5;My8K^=bSb@8DJE0q`JL5$lyp&)};$7m2p&tr@()A-h?HSOZlp(`Zp{pnp
zY;o|!Hud9ZzHy^vC=!C)kC&XG6`}U~JNOt0g=TBY+F#TOR7hw*<x=@b;Ab#-8_aA*
mVl1|gpe)y!mcDYGtuo(A7ihB+iZ_h1mtW`7Z*ze`LgfkD^)D9y

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/exceptions19/exception_handler.j b/regression/cbmc-java/exceptions19/exception_handler.j
new file mode 100644
index 00000000000..60ecf0461b8
--- /dev/null
+++ b/regression/cbmc-java/exceptions19/exception_handler.j
@@ -0,0 +1,25 @@
+.class exception_handler
+.super java/lang/Object
+
+.method public <init>()V
+        aload_0
+        invokevirtual java/lang/Object/<init>()V
+        return
+.end method
+
+.method public f()V
+        .limit stack 4
+        .limit locals 4
+
+      begin:
+        new java/lang/Exception
+        dup
+        invokespecial java/lang/Exception.<init>()V
+        athrow
+      start:
+        nop
+      end:
+        astore_1
+        return
+.catch all from begin to end using start
+.end method
diff --git a/regression/cbmc-java/exceptions19/test.desc b/regression/cbmc-java/exceptions19/test.desc
new file mode 100644
index 00000000000..ed4bf5a2715
--- /dev/null
+++ b/regression/cbmc-java/exceptions19/test.desc
@@ -0,0 +1,8 @@
+CORE
+exception_handler.class
+--function exception_handler.f
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION SUCCESSFUL$
+--
+^warning: ignoring

From 8f629b6a0ea49f064cd883945fae9efbee8706c7 Mon Sep 17 00:00:00 2001
From: Cristina <cristina.david@gmail.com>
Date: Mon, 12 Jun 2017 08:53:32 +0100
Subject: [PATCH 287/699] Addressed reviewers comments

---
 .../exceptions19/exception_handler.class      | Bin 254 -> 254 bytes
 .../exceptions19/exception_handler.j          |   2 +-
 .../java_bytecode_convert_method.cpp          |  20 +++++-------------
 .../java_bytecode_convert_method_class.h      |   3 ++-
 src/java_bytecode/java_entry_point.cpp        |   2 +-
 5 files changed, 9 insertions(+), 18 deletions(-)

diff --git a/regression/cbmc-java/exceptions19/exception_handler.class b/regression/cbmc-java/exceptions19/exception_handler.class
index a274bf56dfb91f308560f74850f522fe47989d8e..39457a939710f4a25765957805c6fb57bb965544 100644
GIT binary patch
delta 32
jcmeyz_>XbIQ^`o5jSP$o3=EtM96*u*$YutTObmPgiD3l^

delta 32
jcmeyz_>XbIQ%MG&jSP$o3=EtM96*u*$YutTObmPgfUpFx

diff --git a/regression/cbmc-java/exceptions19/exception_handler.j b/regression/cbmc-java/exceptions19/exception_handler.j
index 60ecf0461b8..04b3c177689 100644
--- a/regression/cbmc-java/exceptions19/exception_handler.j
+++ b/regression/cbmc-java/exceptions19/exception_handler.j
@@ -17,7 +17,7 @@
         invokespecial java/lang/Exception.<init>()V
         athrow
       start:
-        nop
+        dup
       end:
         astore_1
         return
diff --git a/src/java_bytecode/java_bytecode_convert_method.cpp b/src/java_bytecode/java_bytecode_convert_method.cpp
index 1c469b01ffb..5b7f71d9554 100644
--- a/src/java_bytecode/java_bytecode_convert_method.cpp
+++ b/src/java_bytecode/java_bytecode_convert_method.cpp
@@ -473,7 +473,8 @@ void java_bytecode_convert_methodt::convert(
 
   tmp_vars.clear();
   if((!m.is_abstract) && (!m.is_native))
-    method_symbol.value=convert_instructions(m, code_type);
+    method_symbol.value=convert_instructions(
+      m, code_type, method_symbol.name);
 
   // Replace the existing stub symbol with the real deal:
   const auto s_it=symbol_table.symbols.find(method.get_name());
@@ -1120,7 +1121,8 @@ Function: java_bytecode_convert_methodt::convert_instructions
 
 codet java_bytecode_convert_methodt::convert_instructions(
   const methodt &method,
-  const code_typet &method_type)
+  const code_typet &method_type,
+  const irep_idt &method_name)
 {
   const instructionst &instructions=method.instructions;
 
@@ -1316,17 +1318,9 @@ codet java_bytecode_convert_methodt::convert_instructions(
         stack.clear();
         auxiliary_symbolt new_symbol;
         new_symbol.is_static_lifetime=true;
-        int file_name_length=
-          id2string(method.source_location.get_file()).size();
-        // remove the file extension
-        const std::string &file_name=
-          id2string(method.source_location.get_file()).
-             substr(0, file_name_length-5);
         // generate the name of the exceptional return variable
         const std::string &exceptional_var_name=
-          "java::"+file_name+"."+
-          id2string(method.name)+":"+
-          id2string(method.signature)+
+          id2string(method_name)+
           EXC_SUFFIX;
         new_symbol.base_name=exceptional_var_name;
         new_symbol.name=exceptional_var_name;
@@ -2397,10 +2391,6 @@ codet java_bytecode_convert_methodt::convert_instructions(
       results[1]=op[0];
       results[0]=op[1];
     }
-    else if(statement=="nop")
-    {
-      c=code_skipt();
-    }
     else
     {
       c=codet(statement);
diff --git a/src/java_bytecode/java_bytecode_convert_method_class.h b/src/java_bytecode/java_bytecode_convert_method_class.h
index da9196e6a67..c4c1e1a8788 100644
--- a/src/java_bytecode/java_bytecode_convert_method_class.h
+++ b/src/java_bytecode/java_bytecode_convert_method_class.h
@@ -214,7 +214,8 @@ class java_bytecode_convert_methodt:public messaget
 
   codet convert_instructions(
     const methodt &,
-    const code_typet &);
+    const code_typet &,
+    const irep_idt &);
 
   const bytecode_infot &get_bytecode_info(const irep_idt &statement);
 
diff --git a/src/java_bytecode/java_entry_point.cpp b/src/java_bytecode/java_entry_point.cpp
index 0e7c0c14b51..8d7b479ff60 100644
--- a/src/java_bytecode/java_entry_point.cpp
+++ b/src/java_bytecode/java_entry_point.cpp
@@ -594,7 +594,7 @@ bool java_entry_point(
     // add the exceptional return value
     auxiliary_symbolt exc_symbol;
     exc_symbol.mode=ID_C;
-    exc_symbol.is_static_lifetime=false;
+    exc_symbol.is_static_lifetime=true;
     exc_symbol.name=id2string(symbol.name)+EXC_SUFFIX;
     exc_symbol.base_name=id2string(symbol.name)+EXC_SUFFIX;
     exc_symbol.type=typet(ID_pointer, empty_typet());

From 72b611a1b4625cc3119b073dc044c8ef4bf4cd4a Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Tue, 30 May 2017 11:04:04 +0100
Subject: [PATCH 288/699] Improvements on lengths

Add CharSequence.length method

More direct conversion of length methods
---
 .../java_string_library_preprocess.cpp        | 77 ++++++++++++++++---
 .../java_string_library_preprocess.h          |  5 ++
 2 files changed, 71 insertions(+), 11 deletions(-)

diff --git a/src/java_bytecode/java_string_library_preprocess.cpp b/src/java_bytecode/java_string_library_preprocess.cpp
index 067812974e0..82d55d13688 100644
--- a/src/java_bytecode/java_string_library_preprocess.cpp
+++ b/src/java_bytecode/java_string_library_preprocess.cpp
@@ -1024,8 +1024,8 @@ Function: java_string_library_preprocesst::
   Output: return the following code:
           > lhs = { {Object}, length=rhs_length, data=rhs_array }
 
- Purpose: Produce code for an assignemnrt of a string expr to a
-          Java string, component-wise.
+ Purpose: Produce code for an assignment of a string expr to a
+          Java string.
 
 \*******************************************************************/
 
@@ -1864,8 +1864,7 @@ codet java_string_library_preprocesst::make_copy_string_code(
 
 /*******************************************************************\
 
-Function:
-    java_string_library_preprocesst::make_copy_constructor_code
+Function: java_string_library_preprocesst::make_copy_constructor_code
 
   Inputs:
     type - type of the function
@@ -1913,6 +1912,52 @@ codet java_string_library_preprocesst::make_copy_constructor_code(
 
 /*******************************************************************\
 
+Function: java_string_library_preprocesst::make_string_length_code
+
+  Inputs:
+    type - type of the function
+    loc - location in the source
+    symbol_table - symbol table
+
+ Outputs: Code corresponding to:
+          > str_expr = java_string_to_string_expr(this)
+          > str_expr_sym = str_expr
+          > return this->length
+
+ Purpose: Generates code for the String.length method
+
+\*******************************************************************/
+
+codet java_string_library_preprocesst::make_string_length_code(
+  const code_typet &type,
+  const source_locationt &loc,
+  symbol_tablet &symbol_table)
+{
+  // Code for the output
+  code_blockt code;
+
+  code_typet::parameterst params=type.parameters();
+  symbol_exprt arg_this(params[0].get_identifier(), params[0].type());
+  dereference_exprt deref(arg_this, arg_this.type().subtype());
+
+  // Create a new string_exprt to be picked up by the solver
+  string_exprt str_expr=fresh_string_expr(loc, symbol_table, code);
+
+  // Assign this to str_expr
+  code.add(
+    code_assign_java_string_to_string_expr(str_expr, arg_this, symbol_table));
+
+  // Assign str_expr to str_expr_sym for that expression to be present in the
+  // symbol table in order to be processed by the string solver
+  exprt str_expr_sym=fresh_string_expr_symbol(loc, symbol_table, code);
+  code.add(code_assignt(str_expr_sym, str_expr));
+  code.add(code_returnt(get_length(deref, symbol_table)));
+
+  return code;
+}
+
+/*******************************************************************\
+
 Function: java_string_library_preprocesst::code_for_function
 
   Inputs:
@@ -2112,9 +2157,14 @@ void java_string_library_preprocesst::initialize_conversion_table()
   cprover_equivalent_to_java_function
     ["java::java.lang.String.lastIndexOf:(Ljava/lang/String;I)I"]=
       ID_cprover_string_last_index_of_func;
-  cprover_equivalent_to_java_function
+  conversion_table
     ["java::java.lang.String.length:()I"]=
-      ID_cprover_string_length_func;
+      std::bind(
+        &java_string_library_preprocesst::make_string_length_code,
+        this,
+        std::placeholders::_1,
+        std::placeholders::_2,
+        std::placeholders::_3);
   // Not supported "java.lang.String.matches"
   cprover_equivalent_to_java_function
     ["java::java.lang.String.offsetByCodePoints:(II)I"]=
@@ -2307,9 +2357,9 @@ void java_string_library_preprocesst::initialize_conversion_table()
      "Ljava/lang/StringBuilder;"]=
       ID_cprover_string_insert_func;
   // Not supported "java.lang.StringBuilder.lastIndexOf"
-  cprover_equivalent_to_java_function
+  conversion_table
     ["java::java.lang.StringBuilder.length:()I"]=
-      ID_cprover_string_length_func;
+      conversion_table["java::java.lang.String.length:()I"];
   // Not supported "java.lang.StringBuilder.offsetByCodePoints"
   // Not supported "java.lang.StringBuilder.replace"
   // Not supported "java.lang.StringBuilder.reverse"
@@ -2434,9 +2484,9 @@ void java_string_library_preprocesst::initialize_conversion_table()
      "Ljava/lang/StringBuffer;"]=
       ID_cprover_string_insert_func;
   // Not supported "java.lang.StringBuffer.lastIndexOf"
-  cprover_equivalent_to_java_function
+  conversion_table
     ["java::java.lang.StringBuffer.length:()I"]=
-      ID_cprover_string_length_func;
+      conversion_table["java::java.lang.String.length:()I"];
   // Not supported "java.lang.StringBuffer.offsetByCodePoints"
   // Not supported "java.lang.StringBuffer.replace"
   // Not supported "java.lang.StringBuffer.reverse"
@@ -2463,7 +2513,7 @@ void java_string_library_preprocesst::initialize_conversion_table()
         std::placeholders::_3);
   // Not supported "java.lang.StringBuffer.trimToSize"
 
-  // Other libraries
+  // CharSequence library
   cprover_equivalent_to_java_function
     ["java::java.lang.CharSequence.charAt:(I)C"]=
       ID_cprover_string_char_at_func;
@@ -2475,6 +2525,11 @@ void java_string_library_preprocesst::initialize_conversion_table()
         std::placeholders::_1,
         std::placeholders::_2,
         std::placeholders::_3);
+  conversion_table
+    ["java::java.lang.CharSequence.length:()I"]=
+      conversion_table["java::java.lang.String.length:()I"];
+
+  // Other libraries
   conversion_table
     ["java::java.lang.Float.toString:(F)Ljava/lang/String;"]=
       std::bind(
diff --git a/src/java_bytecode/java_string_library_preprocess.h b/src/java_bytecode/java_string_library_preprocess.h
index 16ab5cfc6a9..79507b1bb36 100644
--- a/src/java_bytecode/java_string_library_preprocess.h
+++ b/src/java_bytecode/java_string_library_preprocess.h
@@ -146,6 +146,11 @@ class java_string_library_preprocesst:public messaget
     const source_locationt &loc,
     symbol_tablet &symbol_table);
 
+  codet make_string_length_code(
+    const code_typet &type,
+    const source_locationt &loc,
+    symbol_tablet &symbol_table);
+
   // Auxiliary functions
   codet code_for_scientific_notation(
     const exprt &arg,

From 1613290045631895c560642dfddc3e959745d77b Mon Sep 17 00:00:00 2001
From: Joel Allred <joel.allred@diffblue.com>
Date: Fri, 9 Jun 2017 15:54:01 +0100
Subject: [PATCH 289/699] Update smoke tests for String.length

Update test description of java_length smoke test
Now detected if the assertion is missing from the verification.

Add new smoke test java_length2
---
 .../strings-smoke-tests/java_length/test.desc   |   6 ++++--
 .../java_length/test_length.class               | Bin 630 -> 654 bytes
 .../java_length/test_length.java                |   1 +
 .../strings-smoke-tests/java_length2/test.class | Bin 0 -> 642 bytes
 .../strings-smoke-tests/java_length2/test.desc  |  10 ++++++++++
 .../strings-smoke-tests/java_length2/test.java  |  12 ++++++++++++
 6 files changed, 27 insertions(+), 2 deletions(-)
 create mode 100644 regression/strings-smoke-tests/java_length2/test.class
 create mode 100644 regression/strings-smoke-tests/java_length2/test.desc
 create mode 100644 regression/strings-smoke-tests/java_length2/test.java

diff --git a/regression/strings-smoke-tests/java_length/test.desc b/regression/strings-smoke-tests/java_length/test.desc
index d7f0e02feca..487700d01fb 100644
--- a/regression/strings-smoke-tests/java_length/test.desc
+++ b/regression/strings-smoke-tests/java_length/test.desc
@@ -1,7 +1,9 @@
 CORE
 test_length.class
 --refine-strings
-^EXIT=0$
+^EXIT=10$
 ^SIGNAL=0$
-^VERIFICATION SUCCESSFUL$
+^VERIFICATION FAILED$
+[.*assertion.1] .* line 7 .*: SUCCESS
+[.*assertion.2] .* line 8 .*: FAILURE
 --
diff --git a/regression/strings-smoke-tests/java_length/test_length.class b/regression/strings-smoke-tests/java_length/test_length.class
index 9273d09869b9f51a7d8c54ecac00703acfcf3186..9a1bd2977610d20c55be18a8b140d525fcee4c5f 100644
GIT binary patch
delta 94
zcmeyy(#N{tG9zam12Y2?0|SHE<U5Q?E}IzGW-$mzvn^oY-p#-sxt)Py|3;uB6N4a-
t6k}iolB^6|3~UVi4D1X_3>*xm44e$YKv6CRroRkI><l7|LX)+ad;nJi4oUz3

delta 70
zcmeBU{l>E4G9zag12Y2?0|SHd<U5Q?Ivas3CI&$uDa616Bv~1_7}yy28Q2+=7&sV&
Vfg+p?jDH!F*cn6^Cp$6u004>92>}2A

diff --git a/regression/strings-smoke-tests/java_length/test_length.java b/regression/strings-smoke-tests/java_length/test_length.java
index 4222414fa80..620bdc448e9 100644
--- a/regression/strings-smoke-tests/java_length/test_length.java
+++ b/regression/strings-smoke-tests/java_length/test_length.java
@@ -5,5 +5,6 @@ public static void main(/*String[] argv*/)
       String s = new String("Abc");
       int l = s.length();
       assert(l == 3);
+      assert(l != 3);
    }
 }
diff --git a/regression/strings-smoke-tests/java_length2/test.class b/regression/strings-smoke-tests/java_length2/test.class
new file mode 100644
index 0000000000000000000000000000000000000000..8e9d3161fb5b854424e20d3aabd35502b75128d9
GIT binary patch
literal 642
zcmZ8e%T60X5Uk#(y)4++JRAt&4Ym((;RcF`AV`r&qR3ICa2u~jW?@;w?wEgp3r8+o
z5+oxLDY^4e5j|_bN-i@!JvB8|)enE~e*@S+-Ghh894a1OVJeRtrgin&#f%3BlP=zP
zn8lonc|v(fq^V3)*oo8KFcr;6wg_}UaJIrYRBs7pwf2o*?Q~j_P}mP+`Kf!-l*v~O
zCfLED42}uo)%_!JF4iLvx7Qmg3FG!=?E_)Bp+s=}QJg;Eb6Y|5#OyUX-6W8Eq2|de
znW{BS;bRyh{I6&RE*5+&V#&u4d>_kLAyfw6ynELEK1n(Wi_{!0R((`aBNPY7&&?wl
zsDE00jcin&bw!l^=b-;!v!;`XWZYJVSrTlhFksz@I6cBdOQvBWTQ73hvg+~$M|XgE
zo`A=bp<+e5;K~HYf)QQ|e462%c(?0!pdT8DBCk%?<XkX{64x5~1xD6gte1=)%nMBa
zgmsB>y$9R5!q6``-|yi5F>kCJh8r1C2^QBj6FEF~o;p`$?pQEpiM5TrDA~x!fzeW~
fhx{d6>l&7M3rnl&lRc}_1U3wRTWcTBt|uM=qP%#&

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_length2/test.desc b/regression/strings-smoke-tests/java_length2/test.desc
new file mode 100644
index 00000000000..e473b51d950
--- /dev/null
+++ b/regression/strings-smoke-tests/java_length2/test.desc
@@ -0,0 +1,10 @@
+FUTURE
+test.class
+--refine-strings --function test.check
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION SUCCESSFUL$
+--
+This test currently fails because we do not handle the case where the argument
+'s' is null. This should be handled in the String model.
+The issue number for that is: diffblue/test-gen#500
diff --git a/regression/strings-smoke-tests/java_length2/test.java b/regression/strings-smoke-tests/java_length2/test.java
new file mode 100644
index 00000000000..e88464536e0
--- /dev/null
+++ b/regression/strings-smoke-tests/java_length2/test.java
@@ -0,0 +1,12 @@
+public class test
+{
+    public static int check(String s)
+    {
+        if(s.equals("abc")){
+            assert s.length() == 3;
+            return 0;
+        }
+        return 1;
+    }
+}
+

From e1aadeb4431a6fba31553bc394eebfbd252db2ae Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Thu, 8 Jun 2017 15:39:06 +0100
Subject: [PATCH 290/699] Write traces to status() not cout

---
 src/cbmc/bmc.cpp | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/cbmc/bmc.cpp b/src/cbmc/bmc.cpp
index 0a8fd5053c8..0b797e77406 100644
--- a/src/cbmc/bmc.cpp
+++ b/src/cbmc/bmc.cpp
@@ -78,15 +78,16 @@ void bmct::error_trace()
   switch(ui)
   {
   case ui_message_handlert::uit::PLAIN:
-    std::cout << "\n" << "Counterexample:" << "\n";
-    show_goto_trace(std::cout, ns, goto_trace);
+    status() << "Counterexample:" << eom;
+    show_goto_trace(status(), ns, goto_trace);
+    status() << eom;
     break;
 
   case ui_message_handlert::uit::XML_UI:
     {
       xmlt xml;
       convert(ns, goto_trace, xml);
-      std::cout << xml << "\n";
+      status() << xml << eom;
     }
     break;
 
@@ -103,7 +104,7 @@ void bmct::error_trace()
       result["status"]=json_stringt("failed");
       jsont &json_trace=result["trace"];
       convert(ns, goto_trace, json_trace);
-      std::cout << ",\n" << json_result;
+      status() << ",\n" << json_result << eom;
     }
     break;
   }

From 01e9e67917609684e5053a765e316843248fcd89 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Tue, 13 Jun 2017 13:31:16 +0100
Subject: [PATCH 291/699] Using unique pointers to avoid memory leak in json
 for expressions

This will delete language pointer created by get_language_from_mode
when the object goes out of scope.
This prevents memory leaks when using json output.
---
 src/util/json_expr.cpp | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/src/util/json_expr.cpp b/src/util/json_expr.cpp
index d2d3550e6ff..d8e44bb58f8 100644
--- a/src/util/json_expr.cpp
+++ b/src/util/json_expr.cpp
@@ -6,6 +6,8 @@ Author: Peter Schrammel
 
 \*******************************************************************/
 
+#include <memory>
+
 #include "namespace.h"
 #include "expr.h"
 #include "json.h"
@@ -274,14 +276,14 @@ json_objectt json(
         type.id()==ID_c_bit_field?type.subtype():
         type;
 
-      languaget *lang;
+      std::unique_ptr<languaget> lang;
       if(mode==ID_unknown)
-        lang=get_default_language();
+        lang=std::unique_ptr<languaget>(get_default_language());
       else
       {
-        lang=get_language_from_mode(mode);
+        lang=std::unique_ptr<languaget>(get_language_from_mode(mode));
         if(!lang)
-          lang=get_default_language();
+          lang=std::unique_ptr<languaget>(get_default_language());
       }
 
       std::string type_string;

From e9e3989bf08d735b5c79567ab7e4bf4c9d483554 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Sat, 13 May 2017 13:35:11 +0100
Subject: [PATCH 292/699] Providing code for Object.getClass() in bytecode
 conversion

This is done by a call to Class.forName for which we assume there is a
model provided.
---
 .../java_string_library_preprocess.cpp        | 95 +++++++++++++++++++
 .../java_string_library_preprocess.h          |  5 +
 2 files changed, 100 insertions(+)

diff --git a/src/java_bytecode/java_string_library_preprocess.cpp b/src/java_bytecode/java_string_library_preprocess.cpp
index 4d5f6bd723f..e70a368e145 100644
--- a/src/java_bytecode/java_string_library_preprocess.cpp
+++ b/src/java_bytecode/java_string_library_preprocess.cpp
@@ -1723,6 +1723,93 @@ codet java_string_library_preprocesst::make_string_to_char_array_code(
 
 /*******************************************************************\
 
+Function: java_string_library_preprocesst::make_object_get_class_code
+
+  Inputs:
+    type - type of the function called
+    loc - location in the source
+    symbol_table - the symbol table
+
+  Outputs: Code corresponding to
+          > Class class1;
+          > string_expr1 = substr(this->@class_identifier, 6)
+          > class1=Class.forName(string_expr1)
+          > return class1
+
+  Purpose: Used to provide our own implementation of the
+           java.lang.Object.getClass() function.
+
+\*******************************************************************/
+
+codet java_string_library_preprocesst::make_object_get_class_code(
+    const code_typet &type,
+    const source_locationt &loc,
+    symbol_tablet &symbol_table)
+{
+  code_typet::parameterst params=type.parameters();
+  exprt this_obj=symbol_exprt(params[0].get_identifier(), params[0].type());
+
+  // Code to be returned
+  code_blockt code;
+
+  // > Class class1;
+  pointer_typet class_type(symbol_table.lookup("java::java.lang.Class").type);
+  symbolt class1_sym=get_fresh_aux_symbol(
+    class_type, "class_symbol", "class_symbol", loc, ID_java, symbol_table);
+  symbol_exprt class1=class1_sym.symbol_expr();
+  code.add(code_declt(class1));
+
+  // class_identifier is this->@class_identifier
+  member_exprt class_identifier(
+    dereference_exprt(this_obj, this_obj.type().subtype()),
+    "@class_identifier",
+    string_typet());
+
+  // string_expr = cprover_string_literal(this->@class_identifier)
+  string_exprt string_expr=fresh_string_expr(loc, symbol_table, code);
+  code.add(
+    code_assign_function_to_string_expr(
+      string_expr,
+      ID_cprover_string_literal_func,
+      {class_identifier},
+      symbol_table));
+
+  // string_expr1 = substr(string_expr, 6)
+  // We do this to remove the "java::" prefix
+  string_exprt string_expr1=fresh_string_expr(loc, symbol_table, code);
+  code.add(
+    code_assign_function_to_string_expr(
+      string_expr1,
+      ID_cprover_string_substring_func,
+      {string_expr, from_integer(6, java_int_type())},
+      symbol_table));
+
+  // string1 = (String*) string_expr
+  pointer_typet string_ptr_type(
+    symbol_table.lookup("java::java.lang.String").type);
+  exprt string1=allocate_fresh_string(string_ptr_type, loc, symbol_table, code);
+  code.add(
+    code_assign_string_expr_to_new_java_string(
+      string1, string_expr1, loc, symbol_table));
+
+  // > class1 = Class.forName(string1)
+  code_function_callt fun_call;
+  fun_call.function()=symbol_exprt(
+    "java::java.lang.Class.forName:(Ljava/lang/String;)Ljava/lang/Class;");
+  fun_call.lhs()=class1;
+  fun_call.arguments().push_back(string1);
+  code_typet fun_type;
+  fun_type.return_type()=string1.type();
+  fun_call.function().type()=fun_type;
+  code.add(fun_call);
+
+  // > return class1;
+  code.add(code_returnt(class1));
+  return code;
+}
+
+/*******************************************************************\
+
 Function: java_string_library_preprocesst::make_function_from_call
 
   Inputs:
@@ -2545,4 +2632,12 @@ void java_string_library_preprocesst::initialize_conversion_table()
   cprover_equivalent_to_java_string_returning_function
     ["java::java.lang.Integer.toString:(I)Ljava/lang/String;"]=
       ID_cprover_string_of_int_func;
+  conversion_table
+    ["java::java.lang.Object.getClass:()Ljava/lang/Class;"]=
+      std::bind(
+        &java_string_library_preprocesst::make_object_get_class_code,
+        this,
+        std::placeholders::_1,
+        std::placeholders::_2,
+        std::placeholders::_3);
 }
diff --git a/src/java_bytecode/java_string_library_preprocess.h b/src/java_bytecode/java_string_library_preprocess.h
index 79507b1bb36..f89732300ef 100644
--- a/src/java_bytecode/java_string_library_preprocess.h
+++ b/src/java_bytecode/java_string_library_preprocess.h
@@ -151,6 +151,11 @@ class java_string_library_preprocesst:public messaget
     const source_locationt &loc,
     symbol_tablet &symbol_table);
 
+  codet make_object_get_class_code(
+    const code_typet &type,
+    const source_locationt &loc,
+    symbol_tablet &symbol_table);
+
   // Auxiliary functions
   codet code_for_scientific_notation(
     const exprt &arg,

From db1cd5f347373f0f09988e203f2d80ac46fa33ba Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Sat, 13 May 2017 13:36:40 +0100
Subject: [PATCH 293/699] Cleaning the initialization of string expressions
 from constants

---
 .../string_constraint_generator_constants.cpp | 50 ++-----------------
 1 file changed, 4 insertions(+), 46 deletions(-)

diff --git a/src/solvers/refinement/string_constraint_generator_constants.cpp b/src/solvers/refinement/string_constraint_generator_constants.cpp
index 2905c6a5f21..b423b4adc0c 100644
--- a/src/solvers/refinement/string_constraint_generator_constants.cpp
+++ b/src/solvers/refinement/string_constraint_generator_constants.cpp
@@ -13,29 +13,6 @@ Author: Romain Brenguier, romain.brenguier@diffblue.com
 
 /*******************************************************************\
 
-Function: string_constraint_generatort::extract_java_string
-
-  Inputs: a symbol expression representing a java literal
-
- Outputs: a string constant
-
- Purpose: extract java string from symbol expression when they are encoded
-          inside the symbol name
-
-\*******************************************************************/
-
-irep_idt string_constraint_generatort::extract_java_string(
-  const symbol_exprt &s)
-{
-  std::string tmp=id2string(s.get_identifier());
-  std::string prefix("java::java.lang.String.Literal.");
-  assert(has_prefix(tmp, prefix));
-  std::string value=tmp.substr(prefix.length());
-  return irep_idt(value);
-}
-
-/*******************************************************************\
-
 Function: string_constraint_generatort::add_axioms_for_constant
 
   Inputs: a string constant
@@ -107,7 +84,9 @@ string_exprt string_constraint_generatort::add_axioms_for_empty_string(
 
 Function: string_constraint_generatort::add_axioms_from_literal
 
-  Inputs: function application with an argument which is a string literal
+  Inputs:
+    f - function application with an argument which is a string literal
+        that is a constant with a string value.
 
  Outputs: string expression
 
@@ -123,28 +102,7 @@ string_exprt string_constraint_generatort::add_axioms_from_literal(
   assert(args.size()==1); // Bad args to string literal?
 
   const exprt &arg=args[0];
-  irep_idt sval;
-
-  assert(arg.operands().size()==1);
-  if(arg.op0().operands().size()==2 &&
-     arg.op0().op0().id()==ID_string_constant)
-  {
-    // C string constant
-    const exprt &s=arg.op0().op0();
-    sval=to_string_constant(s).get_value();
-  }
-  else
-  {
-    // Java string constant
-    assert(false); // TODO: Check if used. On the contrary, discard else.
-    assert(arg.id()==ID_symbol);
-    const exprt &s=arg.op0();
-
-    // It seems the value of the string is lost,
-    // we need to recover it from the identifier
-    sval=extract_java_string(to_symbol_expr(s));
-  }
-
+  irep_idt sval=to_constant_expr(arg).get_value();
   const refined_string_typet &ref_type=to_refined_string_type(f.type());
   return add_axioms_for_constant(sval, ref_type);
 }

From 4324bbd96325918428e58bf0e8b12bb0704bb6d7 Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Wed, 14 Jun 2017 13:31:29 +0100
Subject: [PATCH 294/699] Disable warnings that result from array-of with zero
 length

---
 regression/cbmc-java/NondetArray2/test.desc       | 2 ++
 regression/cbmc-java/NondetArray3/test.desc       | 2 ++
 regression/cbmc-java/NondetGenericArray/test.desc | 2 ++
 3 files changed, 6 insertions(+)

diff --git a/regression/cbmc-java/NondetArray2/test.desc b/regression/cbmc-java/NondetArray2/test.desc
index 5e84e0dbf7c..2a274211c6c 100644
--- a/regression/cbmc-java/NondetArray2/test.desc
+++ b/regression/cbmc-java/NondetArray2/test.desc
@@ -3,4 +3,6 @@ NondetArray2.class
 --function NondetArray2.main --unwind 5
 ^VERIFICATION SUCCESSFUL$
 --
+--
+Disabled pending fixing warnings for array-of with zero length:
 ^warning: ignoring
diff --git a/regression/cbmc-java/NondetArray3/test.desc b/regression/cbmc-java/NondetArray3/test.desc
index a0f68ce5a41..de192436903 100644
--- a/regression/cbmc-java/NondetArray3/test.desc
+++ b/regression/cbmc-java/NondetArray3/test.desc
@@ -3,4 +3,6 @@ NondetArray3.class
 --function NondetArray3.main --unwind 5
 ^VERIFICATION SUCCESSFUL$
 --
+--
+Disabled pending fixing warnings for array-of with zero length:
 ^warning: ignoring
diff --git a/regression/cbmc-java/NondetGenericArray/test.desc b/regression/cbmc-java/NondetGenericArray/test.desc
index e9ace0bad35..9abfffc4b9f 100644
--- a/regression/cbmc-java/NondetGenericArray/test.desc
+++ b/regression/cbmc-java/NondetGenericArray/test.desc
@@ -3,4 +3,6 @@ NondetGenericArray.class
 --function NondetGenericArray.main
 ^VERIFICATION SUCCESSFUL$
 --
+--
+Disabled pending fixing warnings for array-of with zero length:
 ^warning: ignoring

From f88f46177f71344320405be0f1e20d03086a0c07 Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Wed, 14 Jun 2017 16:49:54 +0100
Subject: [PATCH 295/699] Remove stray include accidentally merged from master

---
 src/java_bytecode/java_bytecode_convert_class.h | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/java_bytecode/java_bytecode_convert_class.h b/src/java_bytecode/java_bytecode_convert_class.h
index 2f4b9f387f8..60fd9ad4fdd 100644
--- a/src/java_bytecode/java_bytecode_convert_class.h
+++ b/src/java_bytecode/java_bytecode_convert_class.h
@@ -17,7 +17,6 @@ Author: Daniel Kroening, kroening@kroening.com
 
 #include "java_bytecode_parse_tree.h"
 #include "java_bytecode_language.h"
-#include "character_refine_preprocess.h"
 
 bool java_bytecode_convert_class(
   const java_bytecode_parse_treet &parse_tree,

From 7cf8d5f5837e95bbad4937d98445af58cf4c2998 Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Fri, 9 Jun 2017 12:35:10 +0100
Subject: [PATCH 296/699] Add support for recording and propagating class
 access flags

These are Java public, protected and private class flags, in similar
style to the existing field flags.
---
 .../java_bytecode_convert_class.cpp           | 11 +++++++-
 .../java_bytecode_parse_tree.cpp              |  3 +++
 src/java_bytecode/java_bytecode_parse_tree.h  |  1 +
 src/java_bytecode/java_bytecode_parser.cpp    |  3 +++
 src/java_bytecode/java_types.h                | 26 +++++++++++++++++++
 5 files changed, 43 insertions(+), 1 deletion(-)

diff --git a/src/java_bytecode/java_bytecode_convert_class.cpp b/src/java_bytecode/java_bytecode_convert_class.cpp
index e68409c1d49..ada2468e924 100644
--- a/src/java_bytecode/java_bytecode_convert_class.cpp
+++ b/src/java_bytecode/java_bytecode_convert_class.cpp
@@ -86,7 +86,7 @@ void java_bytecode_convert_classt::convert(const classt &c)
     return;
   }
 
-  class_typet class_type;
+  java_class_typet class_type;
 
   class_type.set_tag(c.name);
   class_type.set(ID_base_name, c.name);
@@ -98,6 +98,15 @@ void java_bytecode_convert_classt::convert(const classt &c)
     class_type.set(ID_enumeration, true);
   }
 
+  if(c.is_public)
+    class_type.set_access(ID_public);
+  else if(c.is_protected)
+    class_type.set_access(ID_protected);
+  else if(c.is_private)
+    class_type.set_access(ID_private);
+  else
+    class_type.set_access(ID_default);
+
   if(!c.extends.empty())
   {
     symbol_typet base("java::"+id2string(c.extends));
diff --git a/src/java_bytecode/java_bytecode_parse_tree.cpp b/src/java_bytecode/java_bytecode_parse_tree.cpp
index 6da1a7f1872..5946c066d1f 100644
--- a/src/java_bytecode/java_bytecode_parse_tree.cpp
+++ b/src/java_bytecode/java_bytecode_parse_tree.cpp
@@ -26,6 +26,9 @@ void java_bytecode_parse_treet::classt::swap(
   std::swap(other.is_enum, is_enum);
   std::swap(other.enum_elements, enum_elements);
   std::swap(other.is_abstract, is_abstract);
+  std::swap(other.is_public, is_public);
+  std::swap(other.is_protected, is_protected);
+  std::swap(other.is_private, is_private);
   other.implements.swap(implements);
   other.fields.swap(fields);
   other.methods.swap(methods);
diff --git a/src/java_bytecode/java_bytecode_parse_tree.h b/src/java_bytecode/java_bytecode_parse_tree.h
index 06b2ca5632f..d982a62cd39 100644
--- a/src/java_bytecode/java_bytecode_parse_tree.h
+++ b/src/java_bytecode/java_bytecode_parse_tree.h
@@ -169,6 +169,7 @@ class java_bytecode_parse_treet
     irep_idt name, extends;
     bool is_abstract=false;
     bool is_enum=false;
+    bool is_public=false, is_protected=false, is_private=false;
     size_t enum_elements=0;
 
     typedef std::list<irep_idt> implementst;
diff --git a/src/java_bytecode/java_bytecode_parser.cpp b/src/java_bytecode/java_bytecode_parser.cpp
index 4235f6faab7..f4492c3fabe 100644
--- a/src/java_bytecode/java_bytecode_parser.cpp
+++ b/src/java_bytecode/java_bytecode_parser.cpp
@@ -279,6 +279,9 @@ void java_bytecode_parsert::rClassFile()
 
   parsed_class.is_abstract=(access_flags&ACC_ABSTRACT)!=0;
   parsed_class.is_enum=(access_flags&ACC_ENUM)!=0;
+  parsed_class.is_public=(access_flags&ACC_PUBLIC)!=0;
+  parsed_class.is_protected=(access_flags&ACC_PROTECTED)!=0;
+  parsed_class.is_private=(access_flags&ACC_PRIVATE)!=0;
   parsed_class.name=
     constant(this_class).type().get(ID_C_base_name);
 
diff --git a/src/java_bytecode/java_types.h b/src/java_bytecode/java_types.h
index 3d71114d545..d8309cfeb7e 100644
--- a/src/java_bytecode/java_types.h
+++ b/src/java_bytecode/java_types.h
@@ -13,6 +13,32 @@ Author: Daniel Kroening, kroening@kroening.com
 #include <util/type.h>
 #include <util/std_types.h>
 
+class java_class_typet:public class_typet
+{
+ public:
+  const irep_idt &get_access() const
+  {
+    return get(ID_access);
+  }
+
+  void set_access(const irep_idt &access)
+  {
+    return set(ID_access, access);
+  }
+};
+
+inline const java_class_typet &to_java_class_type(const typet &type)
+{
+  assert(type.id()==ID_struct);
+  return static_cast<const java_class_typet &>(type);
+}
+
+inline java_class_typet &to_java_class_type(typet &type)
+{
+  assert(type.id()==ID_struct);
+  return static_cast<java_class_typet &>(type);
+}
+
 typet java_int_type();
 typet java_long_type();
 typet java_short_type();

From 0ee493340580e61b045fe7a1d0f228607fe1379f Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Thu, 8 Jun 2017 15:42:43 +0100
Subject: [PATCH 297/699] Add simple time limiting to prop_conv and propt

Currently only minisat2 supports this.
---
 src/solvers/prop/prop.h               |  6 ++++
 src/solvers/prop/prop_conv.h          |  8 +++++
 src/solvers/sat/satcheck_minisat2.cpp | 45 +++++++++++++++++++++++++--
 src/solvers/sat/satcheck_minisat2.h   |  6 ++++
 4 files changed, 62 insertions(+), 3 deletions(-)

diff --git a/src/solvers/prop/prop.h b/src/solvers/prop/prop.h
index e48674d5c57..a6ee4371f2a 100644
--- a/src/solvers/prop/prop.h
+++ b/src/solvers/prop/prop.h
@@ -108,6 +108,12 @@ class propt:public messaget, public prop_assignmentt
   // an incremental solver may remove any variables that aren't frozen
   virtual void set_frozen(literalt a) { }
 
+  // Resource limits:
+  virtual void set_time_limit_seconds(uint32_t lim)
+  {
+    warning() << "CPU limit ignored (not implemented)" << eom;
+  }
+
 protected:
   // to avoid a temporary for lcnf(...)
   bvt lcnf_bv;
diff --git a/src/solvers/prop/prop_conv.h b/src/solvers/prop/prop_conv.h
index 9d59fb06cf5..816b7481a0e 100644
--- a/src/solvers/prop/prop_conv.h
+++ b/src/solvers/prop/prop_conv.h
@@ -55,6 +55,9 @@ class prop_convt:public decision_proceduret
   // returns true if an assumption is in the final conflict
   virtual bool is_in_conflict(literalt l) const;
   virtual bool has_is_in_conflict() const { return false; }
+
+  // Resource limits:
+  virtual void set_time_limit_seconds(uint32_t) {}
 };
 
 //
@@ -115,6 +118,11 @@ class prop_conv_solvert:public prop_convt
   const cachet &get_cache() const { return cache; }
   const symbolst &get_symbols() const { return symbols; }
 
+  void set_time_limit_seconds(uint32_t lim) override
+  {
+    prop.set_time_limit_seconds(lim);
+  }
+
 protected:
   virtual void post_process();
 
diff --git a/src/solvers/sat/satcheck_minisat2.cpp b/src/solvers/sat/satcheck_minisat2.cpp
index cab952930f6..6c8a6b45f3a 100644
--- a/src/solvers/sat/satcheck_minisat2.cpp
+++ b/src/solvers/sat/satcheck_minisat2.cpp
@@ -11,6 +11,9 @@ Author: Daniel Kroening, kroening@kroening.com
 #include <inttypes.h>
 #endif
 
+#include <signal.h>
+#include <unistd.h>
+
 #include <cassert>
 #include <stack>
 
@@ -112,6 +115,13 @@ void satcheck_minisat2_baset<T>::lcnf(const bvt &bv)
   clause_counter++;
 }
 
+static Minisat::Solver *solver_to_interrupt=nullptr;
+
+static void interrupt_solver(int signum)
+{
+  solver_to_interrupt->interrupt();
+}
+
 template<typename T>
 propt::resultt satcheck_minisat2_baset<T>::prop_solve()
 {
@@ -151,7 +161,29 @@ propt::resultt satcheck_minisat2_baset<T>::prop_solve()
         Minisat::vec<Minisat::Lit> solver_assumptions;
         convert(assumptions, solver_assumptions);
 
-        if(solver->solve(solver_assumptions))
+        void (*old_handler)(int)=SIG_ERR;
+
+        if(time_limit_seconds!=0)
+        {
+          solver_to_interrupt=solver;
+          old_handler=signal(SIGALRM, interrupt_solver);
+          if(old_handler==SIG_ERR)
+            warning() << "Failed to set solver time limit" << eom;
+          else
+            alarm(time_limit_seconds);
+        }
+
+        using Minisat::lbool;
+        lbool solver_result=solver->solveLimited(solver_assumptions);
+
+        if(old_handler!=SIG_ERR)
+        {
+          alarm(0);
+          signal(SIGALRM, old_handler);
+          solver_to_interrupt=solver;
+        }
+
+        if(solver_result==l_True)
         {
           messaget::status() <<
             "SAT checker: instance is SATISFIABLE" << eom;
@@ -159,11 +191,18 @@ propt::resultt satcheck_minisat2_baset<T>::prop_solve()
           status=statust::SAT;
           return resultt::P_SATISFIABLE;
         }
-        else
+        else if(solver_result==l_False)
         {
           messaget::status() <<
             "SAT checker: instance is UNSATISFIABLE" << eom;
         }
+        else
+        {
+          messaget::status() <<
+            "SAT checker: timed out or other error" << eom;
+          status=statust::ERROR;
+          return resultt::P_ERROR;
+        }
       }
     }
 
@@ -195,7 +234,7 @@ void satcheck_minisat2_baset<T>::set_assignment(literalt a, bool value)
 
 template<typename T>
 satcheck_minisat2_baset<T>::satcheck_minisat2_baset(T *_solver):
-  solver(_solver)
+  solver(_solver), time_limit_seconds(0)
 {
 }
 
diff --git a/src/solvers/sat/satcheck_minisat2.h b/src/solvers/sat/satcheck_minisat2.h
index 22026e27d85..cda5ab21bac 100644
--- a/src/solvers/sat/satcheck_minisat2.h
+++ b/src/solvers/sat/satcheck_minisat2.h
@@ -46,8 +46,14 @@ class satcheck_minisat2_baset:public cnf_solvert
   virtual bool has_set_assumptions() const final { return true; }
   virtual bool has_is_in_conflict() const final { return true; }
 
+  void set_time_limit_seconds(uint32_t lim) override
+  {
+    time_limit_seconds=lim;
+  }
+
 protected:
   T *solver;
+  uint32_t time_limit_seconds;
 
   void add_variables();
   bvt assumptions;

From 6a156a9f6258302a6deea52e8a3bcf5d0bb30756 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Mon, 19 Jun 2017 14:17:27 +0100
Subject: [PATCH 298/699] Making toLowerCase more precise

We extend add_axioms_for_to_lower_case by taking into account latin
characters up to u00FF and adding in the lemmas the property that the
characters should not exceed u00FF, making the axioms correct (we will
not generate wrong assertion violation) but incomplete (we may miss
cases involving characters beyond u00FF).
---
 ...ng_constraint_generator_transformation.cpp | 46 ++++++++++++-------
 1 file changed, 30 insertions(+), 16 deletions(-)

diff --git a/src/solvers/refinement/string_constraint_generator_transformation.cpp b/src/solvers/refinement/string_constraint_generator_transformation.cpp
index 599ae3af9dd..55eb79bbdb9 100644
--- a/src/solvers/refinement/string_constraint_generator_transformation.cpp
+++ b/src/solvers/refinement/string_constraint_generator_transformation.cpp
@@ -216,34 +216,48 @@ string_exprt string_constraint_generatort::add_axioms_for_to_lower_case(
   string_exprt res=fresh_string(ref_type);
   exprt char_a=constant_char('a', char_type);
   exprt char_A=constant_char('A', char_type);
-  exprt char_z=constant_char('z', char_type);
-  exprt char_Z=constant_char('Z', char_type);
 
-  // TODO: add support for locales using case mapping information
-  // from the UnicodeData file.
+  // TODO: for now, only characters in Basic Latin and Latin-1 supplement
+  // are supported (up to 0x100), we should add others using case mapping
+  // information from the UnicodeData file.
 
   // We add axioms:
   // a1 : |res| = |str|
-  // a2 : forall idx<str.length, 'A'<=str[idx]<='Z' => res[idx]=str[idx]+'a'-'A'
-  // a3 : forall idx<str.length, !('a'<=str[idx]<='z') => res[idx]=str[idx]
-  // forall idx<str.length,
-  // this[idx]='A'<=str[idx]<='Z' ? str[idx]+'a'-'A' : str[idx]
+  // a2 : forall idx<str.length,
+  //   is_upper_case(str[idx])?
+  //      res[idx]=str[idx]+'a'-'A' : res[idx]=str[idx]<0x100
 
   exprt a1=res.axiom_for_has_same_length_as(str);
   axioms.push_back(a1);
 
   symbol_exprt idx=fresh_univ_index("QA_lower_case", index_type);
-  exprt is_upper_case=and_exprt(
+  exprt::operandst upper_case;
+  upper_case.push_back(and_exprt(
     binary_relation_exprt(char_A, ID_le, str[idx]),
-    binary_relation_exprt(str[idx], ID_le, char_Z));
-  minus_exprt diff(char_a, char_A);
-  equal_exprt convert(res[idx], plus_exprt(str[idx], diff));
-  string_constraintt a2(idx, res.length(), is_upper_case, convert);
+    binary_relation_exprt(str[idx], ID_le, from_integer('Z', char_type))));
+
+  upper_case.push_back(and_exprt(
+    binary_relation_exprt(from_integer(0xc0, char_type), ID_le, str[idx]),
+    binary_relation_exprt(str[idx], ID_le, from_integer(0xd6, char_type))));
+
+  upper_case.push_back(and_exprt(
+    binary_relation_exprt(from_integer(0xd8, char_type), ID_le, str[idx]),
+    binary_relation_exprt(str[idx], ID_le, from_integer(0xde, char_type))));
+
+  exprt is_upper_case=disjunction(upper_case);
+
+  // The difference between upper-case and lower-case for the basic latin and
+  // latin-1 supplement is 0x20.
+  exprt diff=from_integer(0x20, char_type);
+  equal_exprt converted(res[idx], plus_exprt(str[idx], diff));
+  and_exprt non_converted(
+    equal_exprt(res[idx], str[idx]),
+    binary_relation_exprt(str[idx], ID_lt, from_integer(0x100, char_type)));
+  if_exprt conditional_convert(is_upper_case, converted, non_converted);
+
+  string_constraintt a2(idx, res.length(), conditional_convert);
   axioms.push_back(a2);
 
-  equal_exprt eq(res[idx], str[idx]);
-  string_constraintt a3(idx, res.length(), not_exprt(is_upper_case), eq);
-  axioms.push_back(a3);
   return res;
 }
 

From 5553652efd7c1ddc4213e733d198ea39b3649e0f Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Mon, 19 Jun 2017 14:22:59 +0100
Subject: [PATCH 299/699] Improving the test for Java case functions

We make it more precise by having some assertion that should hold and
some that should fail.
We also test some non ascii (but in latin-1 supplement) characters.
---
 .../strings-smoke-tests/java_case/test.desc   |   9 +++--
 .../java_case/test_case.class                 | Bin 865 -> 1019 bytes
 .../java_case/test_case.java                  |  33 +++++++++++++-----
 3 files changed, 31 insertions(+), 11 deletions(-)

diff --git a/regression/strings-smoke-tests/java_case/test.desc b/regression/strings-smoke-tests/java_case/test.desc
index 9a254ae3484..d2508fa3489 100644
--- a/regression/strings-smoke-tests/java_case/test.desc
+++ b/regression/strings-smoke-tests/java_case/test.desc
@@ -1,7 +1,12 @@
 CORE
 test_case.class
 --refine-strings
-^EXIT=0$
+^EXIT=10$
 ^SIGNAL=0$
-^VERIFICATION SUCCESSFUL$
+assertion.* file test_case.java line 10 .* SUCCESS$
+assertion.* file test_case.java line 11 .* SUCCESS$
+assertion.* file test_case.java line 12 .* SUCCESS$
+assertion.* file test_case.java line 16 .* FAILURE$
+assertion.* file test_case.java line 20 .* SUCCESS$
+assertion.* file test_case.java line 24 .* FAILURE$
 --
diff --git a/regression/strings-smoke-tests/java_case/test_case.class b/regression/strings-smoke-tests/java_case/test_case.class
index 9f7eaab446cd3578f404528b7c77e09fc18c5ab9..863da75113c20863de00fa0169902a184502cd74 100644
GIT binary patch
delta 645
zcmYL`O-~b16o#KWZD*#_DQyR6YY`AX_$swkDvDp|#*b)afts+<OdCQJLX0#n+|-?J
zNfQ&g>JAeZMvc=%j4o#9k1+9fm=Mp50?FjP=icX@_uO;lxBka?@N@6$cc99GML%N(
z$4yRHXq*h>R3PJVGEA6E2Ae5^X$y-nlcLE?a8xomZBjO<Se)Uk!R*%JoqTli_S8c~
za;fPy)@tsv`)+-GMeMiU7w5C&6zQk#3%9)PZmgD<n$MqXtSYqYb(<_zn{&+BoDXDx
zK>@CS3(U7uYNB+JOA6C}<-hjd_-})->+ksQd`}T?u530RH{4CBblK(#SKBr9tCf+~
zK&A76n?w<ml*x(aWj8FVk~KEnLwyV`azs=Q55<!LLlVnXm6Oz{FmD%a*@^Us-Yt5>
zY9ji*LbS`RPZ%8rW*pNa-XXDzwcKle)8eYs{-6!E){0Kjqpw3fBqV+mVqFSh)?&%A
zC2N}-2TboW60%t*C3T#1=sLd7LzF*6+y4uSZP14n_Ay6N;+Xt1omL7%W?%}isF2_$
zHjn6|L7JC1w1jq~)i2WYQAz7Z-=ktM{O`+VheivMK5{U;YB(jxI2jM8gAv^!8u^TI
W_<;REieE<Fq1o4hd5?w<JoXnFn`tZn

delta 493
zcmYk2O-~w86o#KW1KeR41V%*K3e~n&WmNp2A9mHcwZ?_*0yoV_h_QZz2yyFgFzi^l
zbFC)Oltf+kM>Og0XkvOUrnbq=d+$B(Iq!MT`K^D&Hh$cFzXmG2bIDNDJarg%v6wLM
z%)s+FDPA~Cn$Jtkl#5HzVcKEFgi4ygWtKV3{ORYlOmedo*7nxJ#;0(5zb=ZW--4Aa
zBZ~Cb@Hi~*hle}m&DPQG;f})ku<enh?6JV2$C3e`VIe{xmZ`MI)YRxJUMu3Qdb9PV
z7B)rmjmKM7+70#dASJ#*rSqmvUN%YuM+9^7E6A<nj+T0;3zNvGU~CW+P4W+^XHsel
zx7Ek0`gV`VTB%F)qd;u^65Syiv~R84$*k{niFZi!ajQKNH}_=8Pj(slFKpUbgLXx<
zyrZ(WnCw!EKZih?uS%p!f=9xpvF`{pkMB<|Cpk|Z%vA=4A>*eiUD6$N<eZ3oh5py&
S?@&f9isijGqmK<t6#f9b#6n5{

diff --git a/regression/strings-smoke-tests/java_case/test_case.java b/regression/strings-smoke-tests/java_case/test_case.java
index b3437a6f83e..088ee70803e 100644
--- a/regression/strings-smoke-tests/java_case/test_case.java
+++ b/regression/strings-smoke-tests/java_case/test_case.java
@@ -1,12 +1,27 @@
 public class test_case
 {
-   public static void main(/*String[] argv*/)
-   {
-      String s = new String("Ab");
-      String l = s.toLowerCase();
-      String u = s.toUpperCase();
-      assert(l.equals("ab"));
-      assert(u.equals("AB"));
-      assert(s.equalsIgnoreCase("aB"));
-   }
+    public static void main(int i)
+    {
+        String s = new String("Ab");
+        String l = s.toLowerCase();
+        String u = s.toUpperCase();
+        if(i==1)
+        {
+            assert(l.equals("ab"));
+            assert(u.equals("AB"));
+            assert(s.equalsIgnoreCase("aB"));
+        }
+        else if(i==2)
+        {
+            assert(!u.equals("AB"));
+        }
+        else if(i==3)
+        {
+            assert("ÖÇ".toLowerCase().equals("öç"));
+        }
+        else
+        {
+            assert(!"ÖÇ".toLowerCase().equals("öç"));
+        }
+    }
 }

From 4701c0b32077f072e1aa24a26b4acc750a52fdd9 Mon Sep 17 00:00:00 2001
From: Owen Jones <owen.jones@diffblue.com>
Date: Tue, 20 Jun 2017 09:18:05 +0100
Subject: [PATCH 300/699] Change two errors to warnings

Make "Infinite size arrays not supported" and "Failed to concretize
variable array" warnings rather than errors.
---
 src/goto-programs/interpreter.cpp          | 3 +--
 src/goto-programs/interpreter_evaluate.cpp | 2 +-
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/src/goto-programs/interpreter.cpp b/src/goto-programs/interpreter.cpp
index 7e0c74a0b6b..7adb966ad64 100644
--- a/src/goto-programs/interpreter.cpp
+++ b/src/goto-programs/interpreter.cpp
@@ -894,8 +894,7 @@ typet interpretert::concretize_type(const typet &type)
     }
     else
     {
-      error() << "Failed to concretize variable array"
-              << eom;
+      warning() << "Failed to concretize variable array" << eom;
     }
   }
   return type;
diff --git a/src/goto-programs/interpreter_evaluate.cpp b/src/goto-programs/interpreter_evaluate.cpp
index 12aca4b57b5..096066e368c 100644
--- a/src/goto-programs/interpreter_evaluate.cpp
+++ b/src/goto-programs/interpreter_evaluate.cpp
@@ -1054,7 +1054,7 @@ void interpretert::evaluate(
   {
     if(expr.type().id()==ID_signedbv)
     {
-      error() << "Infinite size arrays not supported" << eom;
+      warning() << "Infinite size arrays not supported" << eom;
       return;
     }
   }

From 092f8e224c7dcd0e65294232ef3b9ecb7a701ea5 Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Tue, 20 Jun 2017 13:31:33 +0100
Subject: [PATCH 301/699] Lazy methods: fault in static initializer if a static
 method is called

Static method calls already cause clinit calls, but didn't previously cause
the clinit method to be loaded.
---
 regression/cbmc-java/lazyloading5/other.class | Bin 0 -> 322 bytes
 regression/cbmc-java/lazyloading5/test.class  | Bin 0 -> 530 bytes
 regression/cbmc-java/lazyloading5/test.desc   |   6 +++++
 regression/cbmc-java/lazyloading5/test.java   |  21 ++++++++++++++++++
 .../java_bytecode_convert_method.cpp          |   4 ++++
 5 files changed, 31 insertions(+)
 create mode 100644 regression/cbmc-java/lazyloading5/other.class
 create mode 100644 regression/cbmc-java/lazyloading5/test.class
 create mode 100644 regression/cbmc-java/lazyloading5/test.desc
 create mode 100644 regression/cbmc-java/lazyloading5/test.java

diff --git a/regression/cbmc-java/lazyloading5/other.class b/regression/cbmc-java/lazyloading5/other.class
new file mode 100644
index 0000000000000000000000000000000000000000..88dbb5d67c28ed82885fc889ccf8a7ad4cfc3f23
GIT binary patch
literal 322
zcmZ9Gu}Z^G6o&tk+$3!pO>G?&?ACT@7suiv6a>*haZlo<rlbj^x8g%}sT~9dAHau_
z{s}?B;hcN;@An<f_s{1SfJ>bEQ0TT{<HSSHLth|otQ&zlOY_uR3GCtMNuaKaXDtYC
z(_G(eR<SN0qc~%t7TQoDMX5DQvPSbCicOj5d0Ihjqt|A#j9#Mv9$En$xB{mzFS-<T
ztB+|G<%{Wkywr)o1us&(kY<H)vRO3i1UTm_Oq}rtWLJYeyIY3=r4E7yJ*zW7y~Eo6
eBSS7c`dvC`NJs5q{VnxjQS0%ZK7nJ-7QzE9GAeNZ

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/lazyloading5/test.class b/regression/cbmc-java/lazyloading5/test.class
new file mode 100644
index 0000000000000000000000000000000000000000..b2f426a182a6d6414592116274164f11324d75b5
GIT binary patch
literal 530
zcmYLGNl(H+6#k}^7D|y-#0B?*dXNh@iP4}YCN2kziQEcIuvl8t4#wZY#iM665u=IT
z{ZYm@4a;TT%zNK9GrxbI-vBDuFc3pN4h^#g3YgPTG@v4{W8T057IiE!<TkA!;J&au
zH#o8btLgAI18Xp7Rok`2K0{<{`<g+md2P;+I<sAV(eE|6e<i^*=vlVQkgN-<b$4#v
zkJ_<n%NYq6b+7NY_=zpyalr$z+qE7n6A73m;xKfSOe|xCp(qDs$8tO6!*Q---}ij-
zkwhJ<Cf2adke(thn_b=#3{g+qa*6D4@fhYlrNC2M&7r$86xuwnecqlJP;$|y0bR5~
z;u<|0z|ut-jdl?*nUvNfok~<0)#%O;>_q}GL#q}x6{4gj&^;(L0Sd2B2FQLOqCO$<
z1@&f#=#S(oA=e0T^i5=(rY;%EZDt}=3B`d-R(pp&fUZ76jl4mbYK;9QKMKV>kSVjF
GMeZNsR9y1_

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/lazyloading5/test.desc b/regression/cbmc-java/lazyloading5/test.desc
new file mode 100644
index 00000000000..a3226adccaa
--- /dev/null
+++ b/regression/cbmc-java/lazyloading5/test.desc
@@ -0,0 +1,6 @@
+CORE
+test.class
+--lazy-methods --function test.main
+^EXIT=0$
+^SIGNAL=0$
+VERIFICATION SUCCESSFUL
diff --git a/regression/cbmc-java/lazyloading5/test.java b/regression/cbmc-java/lazyloading5/test.java
new file mode 100644
index 00000000000..351f844655b
--- /dev/null
+++ b/regression/cbmc-java/lazyloading5/test.java
@@ -0,0 +1,21 @@
+
+public class test {
+
+  public static void main() {
+
+    assert(other.getx()==1);
+
+  }
+
+}
+
+class other {
+
+  public static int x;
+  public static int getx() { return x; }
+
+  static {
+    x=1;
+  }
+
+}
diff --git a/src/java_bytecode/java_bytecode_convert_method.cpp b/src/java_bytecode/java_bytecode_convert_method.cpp
index ad70b5cd041..6137931617f 100644
--- a/src/java_bytecode/java_bytecode_convert_method.cpp
+++ b/src/java_bytecode/java_bytecode_convert_method.cpp
@@ -1418,7 +1418,11 @@ codet java_bytecode_convert_methodt::convert_instructions(
         // static binding
         call.function()=symbol_exprt(arg0.get(ID_identifier), arg0.type());
         if(lazy_methods)
+        {
           lazy_methods->add_needed_method(arg0.get(ID_identifier));
+          // Calling a static method causes static initialization:
+          lazy_methods->add_needed_class(arg0.get(ID_C_class));
+        }
       }
 
       call.function().add_source_location()=loc;

From 471254ce39c18db990200bc2355add4c12383f79 Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Tue, 20 Jun 2017 14:08:40 +0100
Subject: [PATCH 302/699] Fix win32 compilation

---
 src/solvers/prop/prop.h               |  2 ++
 src/solvers/sat/satcheck_minisat2.cpp | 22 +++++++++++++++++++++-
 2 files changed, 23 insertions(+), 1 deletion(-)

diff --git a/src/solvers/prop/prop.h b/src/solvers/prop/prop.h
index a6ee4371f2a..fc43f6683ea 100644
--- a/src/solvers/prop/prop.h
+++ b/src/solvers/prop/prop.h
@@ -12,6 +12,8 @@ Author: Daniel Kroening, kroening@kroening.com
 
 // decision procedure wrapper for boolean propositional logics
 
+#include <stdint.h>
+
 #include <util/message.h>
 #include <util/threeval.h>
 
diff --git a/src/solvers/sat/satcheck_minisat2.cpp b/src/solvers/sat/satcheck_minisat2.cpp
index 6c8a6b45f3a..bc298ca53ed 100644
--- a/src/solvers/sat/satcheck_minisat2.cpp
+++ b/src/solvers/sat/satcheck_minisat2.cpp
@@ -115,6 +115,8 @@ void satcheck_minisat2_baset<T>::lcnf(const bvt &bv)
   clause_counter++;
 }
 
+#ifndef _WIN32
+
 static Minisat::Solver *solver_to_interrupt=nullptr;
 
 static void interrupt_solver(int signum)
@@ -122,6 +124,8 @@ static void interrupt_solver(int signum)
   solver_to_interrupt->interrupt();
 }
 
+#endif
+
 template<typename T>
 propt::resultt satcheck_minisat2_baset<T>::prop_solve()
 {
@@ -161,6 +165,10 @@ propt::resultt satcheck_minisat2_baset<T>::prop_solve()
         Minisat::vec<Minisat::Lit> solver_assumptions;
         convert(assumptions, solver_assumptions);
 
+        using Minisat::lbool;
+
+#ifndef _WIN32
+
         void (*old_handler)(int)=SIG_ERR;
 
         if(time_limit_seconds!=0)
@@ -173,7 +181,6 @@ propt::resultt satcheck_minisat2_baset<T>::prop_solve()
             alarm(time_limit_seconds);
         }
 
-        using Minisat::lbool;
         lbool solver_result=solver->solveLimited(solver_assumptions);
 
         if(old_handler!=SIG_ERR)
@@ -183,6 +190,19 @@ propt::resultt satcheck_minisat2_baset<T>::prop_solve()
           solver_to_interrupt=solver;
         }
 
+#else // _WIN32
+
+        if(time_limit_seconds!=0)
+        {
+          messaget::warning() <<
+            "Time limit ignored (not supported on Win32 yet)" << messaget::eom;
+        }
+
+        lbool solver_result=
+          solver->solve(solver_assumptions) ? l_True : l_False;
+
+#endif
+
         if(solver_result==l_True)
         {
           messaget::status() <<

From 2534b8000c6b537630af30a4ab5485c9b0c98d59 Mon Sep 17 00:00:00 2001
From: Kurt Degiorgio <degiorgiokurt@outlook.com>
Date: Thu, 15 Jun 2017 12:10:58 +0100
Subject: [PATCH 303/699] Handling incomplete traces.

Code to instrument 'special' assert at the end of CPROVER_START. This will
be used externally in-order to handle incomplete-traces.
---
 src/goto-instrument/cover.cpp | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/src/goto-instrument/cover.cpp b/src/goto-instrument/cover.cpp
index a7c37f959ae..a48e6659f9a 100644
--- a/src/goto-instrument/cover.cpp
+++ b/src/goto-instrument/cover.cpp
@@ -1461,6 +1461,33 @@ bool instrument_cover_goals(
       cmdline.isset("no-trivial-tests"));
   }
 
+  if(cmdline.isset("cover-traces-must-terminate"))
+  {
+    // instrument an additional goal in CPROVER_START. This will rephrase
+    // the reachability problem  by asking BMC to provide a solution that
+    // satisfies a goal while getting to the end of the program-under-test.
+    const auto sf_it=
+      goto_functions.function_map.find(goto_functions.entry_point());
+    if(sf_it==goto_functions.function_map.end())
+    {
+      msg.error() << "cover-traces-must-terminate: invalid entry point ["
+        << goto_functions.entry_point() << "]"
+        << messaget::eom;
+      return true;
+    }
+    auto if_it=sf_it->second.body.instructions.end();
+    while(!if_it->is_function_call())
+      if_it--;
+    if_it++;
+    const std::string &comment=
+      "additional goal to ensure complete trace coverage.";
+    sf_it->second.body.insert_before_swap(if_it);
+    if_it->make_assertion(false_exprt());
+    if_it->source_location.set_comment(comment);
+    if_it->source_location.set_property_class("reachability_constraint");
+    if_it->source_location.set_function(if_it->function);
+  }
+
   goto_functions.update();
   return false;
 }

From 695b3ce4aadcbfee2de145f0b5618b0e4ea66458 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Tue, 20 Jun 2017 17:19:19 +0100
Subject: [PATCH 304/699] Add comments about characters transformed by
 toLowerCase

---
 ...tring_constraint_generator_transformation.cpp | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/src/solvers/refinement/string_constraint_generator_transformation.cpp b/src/solvers/refinement/string_constraint_generator_transformation.cpp
index 55eb79bbdb9..bde386d3eda 100644
--- a/src/solvers/refinement/string_constraint_generator_transformation.cpp
+++ b/src/solvers/refinement/string_constraint_generator_transformation.cpp
@@ -214,8 +214,9 @@ string_exprt string_constraint_generatort::add_axioms_for_to_lower_case(
   const typet &char_type=ref_type.get_char_type();
   const typet &index_type=ref_type.get_index_type();
   string_exprt res=fresh_string(ref_type);
-  exprt char_a=constant_char('a', char_type);
-  exprt char_A=constant_char('A', char_type);
+  const exprt char_A=constant_char('A', char_type);
+  const exprt char_Z=constant_char('Z', char_type);
+
 
   // TODO: for now, only characters in Basic Latin and Latin-1 supplement
   // are supported (up to 0x100), we should add others using case mapping
@@ -225,21 +226,28 @@ string_exprt string_constraint_generatort::add_axioms_for_to_lower_case(
   // a1 : |res| = |str|
   // a2 : forall idx<str.length,
   //   is_upper_case(str[idx])?
-  //      res[idx]=str[idx]+'a'-'A' : res[idx]=str[idx]<0x100
+  //      res[idx]=str[idx]+diff : res[idx]=str[idx]<0x100
+  // where diff is the difference between lower case and upper case characters:
+  // diff = 'a'-'A' = 0x20
 
   exprt a1=res.axiom_for_has_same_length_as(str);
   axioms.push_back(a1);
 
   symbol_exprt idx=fresh_univ_index("QA_lower_case", index_type);
   exprt::operandst upper_case;
+  // Characters between 'A' and 'Z' are upper-case
   upper_case.push_back(and_exprt(
     binary_relation_exprt(char_A, ID_le, str[idx]),
-    binary_relation_exprt(str[idx], ID_le, from_integer('Z', char_type))));
+    binary_relation_exprt(str[idx], ID_le, char_Z)));
 
+  // Characters between 0xc0 (latin capital A with grave)
+  // and 0xd6 (latin capital O with diaeresis) are upper-case
   upper_case.push_back(and_exprt(
     binary_relation_exprt(from_integer(0xc0, char_type), ID_le, str[idx]),
     binary_relation_exprt(str[idx], ID_le, from_integer(0xd6, char_type))));
 
+  // Characters between 0xd8 (latin capital O with stroke)
+  // and 0xde (latin capital thorn) are upper-case
   upper_case.push_back(and_exprt(
     binary_relation_exprt(from_integer(0xd8, char_type), ID_le, str[idx]),
     binary_relation_exprt(str[idx], ID_le, from_integer(0xde, char_type))));

From 1e567fbe4c87db82b2864f5cb24a1a4d18763714 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Tue, 30 May 2017 11:56:49 +0100
Subject: [PATCH 305/699] Add an add_axioms_for_concat_substr function

Implements the concatenation of a substring of the second argument.
This will make the encoding of StringBuilder.append(CharSequence s,
int start, int end) more efficient.

Part of test-gen/#256
---
 .../refinement/string_constraint_generator.h  |  5 ++
 .../string_constraint_generator_concat.cpp    | 78 +++++++++++++------
 2 files changed, 60 insertions(+), 23 deletions(-)

diff --git a/src/solvers/refinement/string_constraint_generator.h b/src/solvers/refinement/string_constraint_generator.h
index 533e41a4212..447bfd5f6f0 100644
--- a/src/solvers/refinement/string_constraint_generator.h
+++ b/src/solvers/refinement/string_constraint_generator.h
@@ -145,6 +145,11 @@ class string_constraint_generatort
   string_exprt add_axioms_for_copy(const function_application_exprt &f);
   string_exprt add_axioms_for_concat(
     const string_exprt &s1, const string_exprt &s2);
+  string_exprt add_axioms_for_concat_substr(
+    const string_exprt &s1,
+    const string_exprt &s2,
+    const exprt &start_index,
+    const exprt &end_index);
   string_exprt add_axioms_for_concat(const function_application_exprt &f);
   string_exprt add_axioms_for_concat_int(const function_application_exprt &f);
   string_exprt add_axioms_for_concat_long(const function_application_exprt &f);
diff --git a/src/solvers/refinement/string_constraint_generator_concat.cpp b/src/solvers/refinement/string_constraint_generator_concat.cpp
index 311427ec771..e14cbcc58ad 100644
--- a/src/solvers/refinement/string_constraint_generator_concat.cpp
+++ b/src/solvers/refinement/string_constraint_generator_concat.cpp
@@ -14,53 +14,85 @@ Author: Romain Brenguier, romain.brenguier@diffblue.com
 #include <solvers/refinement/string_constraint_generator.h>
 
 /// add axioms to say that the returned string expression is equal to the
-/// concatenation of the two string expressions given as input
-/// \par parameters: two string expressions
+/// concatenation of s1 with the substring of s2 starting at index start_index
+/// and ending at index end_index. If start_index >= end_index, the value
+/// returned is s1. If end_index > |s2| and/or start_index < 0, the appended
+/// string will be of length end_index - start_index and padded with non-
+/// deterministic values.
+/// \param s1: string expression
+/// \param s2: string expression
+/// \param start_index: expression representing an integer
+/// \param end_index: expression representing an integer
 /// \return a new string expression
-string_exprt string_constraint_generatort::add_axioms_for_concat(
-  const string_exprt &s1, const string_exprt &s2)
+string_exprt string_constraint_generatort::add_axioms_for_concat_substr(
+  const string_exprt &s1,
+  const string_exprt &s2,
+  const exprt &start_index,
+  const exprt &end_index)
 {
   const refined_string_typet &ref_type=to_refined_string_type(s1.type());
   string_exprt res=fresh_string(ref_type);
 
   // We add axioms:
-  // a1 : |res|=|s1|+|s2|
-  // a2 : |s1| <= |res| (to avoid overflow with very long strings)
-  // a3 : |s2| <= |res| (to avoid overflow with very long strings)
-  // a4 : forall i<|s1|. res[i]=s1[i]
-  // a5 : forall i<|s2|. res[i+|s1|]=s2[i]
-
-  equal_exprt a1(
-    res.length(), plus_exprt_with_overflow_check(s1.length(), s2.length()));
+  // a1 : end_index > start_index => |res|=|s1|+ end_index - start_index
+  // a2 : end_index <= start_index => res = s1
+  // a3 : forall i<|s1|. res[i]=s1[i]
+  // a4 : forall i< end_index - start_index. res[i+|s1|]=s2[start_index+i]
+
+  binary_relation_exprt prem(end_index, ID_gt, start_index);
+
+  exprt res_length=plus_exprt_with_overflow_check(
+    s1.length(), minus_exprt(end_index, start_index));
+  implies_exprt a1(prem, equal_exprt(res.length(), res_length));
   axioms.push_back(a1);
-  axioms.push_back(s1.axiom_for_is_shorter_than(res));
-  axioms.push_back(s2.axiom_for_is_shorter_than(res));
+
+  implies_exprt a2(not_exprt(prem), equal_exprt(res.length(), s1.length()));
+  axioms.push_back(a2);
 
   symbol_exprt idx=fresh_univ_index("QA_index_concat", res.length().type());
-  string_constraintt a4(idx, s1.length(), equal_exprt(s1[idx], res[idx]));
-  axioms.push_back(a4);
+  string_constraintt a3(idx, s1.length(), equal_exprt(s1[idx], res[idx]));
+  axioms.push_back(a3);
 
   symbol_exprt idx2=fresh_univ_index("QA_index_concat2", res.length().type());
-  equal_exprt res_eq(s2[idx2], res[plus_exprt(idx2, s1.length())]);
-  string_constraintt a5(idx2, s2.length(), res_eq);
-  axioms.push_back(a5);
+  equal_exprt res_eq(
+    res[plus_exprt(idx2, s1.length())], s2[plus_exprt(start_index, idx2)]);
+  string_constraintt a4(idx2, minus_exprt(end_index, start_index), res_eq);
+  axioms.push_back(a4);
 
   return res;
 }
 
 /// add axioms to say that the returned string expression is equal to the
-/// concatenation of the two string arguments of the function application
+/// concatenation of the two string expressions given as input
+/// \par parameters: two string expressions
+/// \return a new string expression
+string_exprt string_constraint_generatort::add_axioms_for_concat(
+  const string_exprt &s1, const string_exprt &s2)
+{
+  exprt index_zero=from_integer(0, s2.length().type());
+  return add_axioms_for_concat_substr(s1, s2, index_zero, s2.length());
+}
+
+/// add axioms to say that the returned string expression is equal to the
+/// concatenation of the two string arguments of the function application. In
+/// case 4 arguments instead of 2 are given the last two arguments are
+/// intepreted as a start index and last index from which we extract a substring
+/// of the second argument: this is similar to the Java
+/// StringBuiledr.append(CharSequence s, int start, int end) method.
 /// \par parameters: function application with two arguments which are strings
 /// \return a new string expression
 string_exprt string_constraint_generatort::add_axioms_for_concat(
   const function_application_exprt &f)
 {
   const function_application_exprt::argumentst &args=f.arguments();
-  assert(args.size()==2);
-
+  assert(args.size()>=2);
   string_exprt s1=get_string_expr(args[0]);
   string_exprt s2=get_string_expr(args[1]);
-
+  if(args.size()!=2)
+  {
+    assert(args.size()==4);
+    return add_axioms_for_concat_substr(s1, s2, args[2], args[3]);
+  }
   return add_axioms_for_concat(s1, s2);
 }
 

From 334ab00b9b2276b9020810fdf565d8ee300bd08a Mon Sep 17 00:00:00 2001
From: Joel Allred <joel.allred@diffblue.com>
Date: Fri, 9 Jun 2017 15:01:31 +0100
Subject: [PATCH 306/699] Comment in description of test for String.replace()

---
 regression/strings-smoke-tests/java_replace/test.desc | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/regression/strings-smoke-tests/java_replace/test.desc b/regression/strings-smoke-tests/java_replace/test.desc
index d86aae6b5a9..542ed1630b5 100644
--- a/regression/strings-smoke-tests/java_replace/test.desc
+++ b/regression/strings-smoke-tests/java_replace/test.desc
@@ -6,3 +6,5 @@ test_replace.class
 ^VERIFICATION SUCCESSFUL$
 --
 diffblue/test-gen#256
+This test is only effective with a model of
+java.lang.String.replace(LCharSequence; LCharSequence).

From ef5bd4dbf4fdf41b09c8c939c21346f3534215b3 Mon Sep 17 00:00:00 2001
From: Joel Allred <joel.allred@diffblue.com>
Date: Thu, 15 Jun 2017 11:40:56 +0100
Subject: [PATCH 307/699] Modifications to doxygen

---
 .../string_constraint_generator_concat.cpp    | 64 ++++++++++---------
 1 file changed, 33 insertions(+), 31 deletions(-)

diff --git a/src/solvers/refinement/string_constraint_generator_concat.cpp b/src/solvers/refinement/string_constraint_generator_concat.cpp
index e14cbcc58ad..f3ffa7c9394 100644
--- a/src/solvers/refinement/string_constraint_generator_concat.cpp
+++ b/src/solvers/refinement/string_constraint_generator_concat.cpp
@@ -13,12 +13,14 @@ Author: Romain Brenguier, romain.brenguier@diffblue.com
 
 #include <solvers/refinement/string_constraint_generator.h>
 
-/// add axioms to say that the returned string expression is equal to the
+/// Add axioms to say that the returned string expression is equal to the
 /// concatenation of s1 with the substring of s2 starting at index start_index
-/// and ending at index end_index. If start_index >= end_index, the value
-/// returned is s1. If end_index > |s2| and/or start_index < 0, the appended
-/// string will be of length end_index - start_index and padded with non-
-/// deterministic values.
+/// and ending at index end_index.
+///
+/// If start_index >= end_index, the value returned is s1.
+/// If end_index > |s2| and/or start_index < 0, the appended string will be of
+/// length end_index - start_index and padded with non-deterministic values.
+///
 /// \param s1: string expression
 /// \param s2: string expression
 /// \param start_index: expression representing an integer
@@ -62,9 +64,11 @@ string_exprt string_constraint_generatort::add_axioms_for_concat_substr(
   return res;
 }
 
-/// add axioms to say that the returned string expression is equal to the
-/// concatenation of the two string expressions given as input
-/// \par parameters: two string expressions
+/// Add axioms to say that the returned string expression is equal to the
+/// concatenation of the two string expressions given as input.
+///
+/// \param s1: the string expression to append to
+/// \param s2: the string expression to append to the first one
 /// \return a new string expression
 string_exprt string_constraint_generatort::add_axioms_for_concat(
   const string_exprt &s1, const string_exprt &s2)
@@ -73,13 +77,15 @@ string_exprt string_constraint_generatort::add_axioms_for_concat(
   return add_axioms_for_concat_substr(s1, s2, index_zero, s2.length());
 }
 
-/// add axioms to say that the returned string expression is equal to the
-/// concatenation of the two string arguments of the function application. In
-/// case 4 arguments instead of 2 are given the last two arguments are
+/// Add axioms to say that the returned string expression is equal to the
+/// concatenation of the two string arguments of the function application.
+///
+/// In case 4 arguments instead of 2 are given the last two arguments are
 /// intepreted as a start index and last index from which we extract a substring
 /// of the second argument: this is similar to the Java
-/// StringBuiledr.append(CharSequence s, int start, int end) method.
-/// \par parameters: function application with two arguments which are strings
+/// StringBuilder.append(CharSequence s, int start, int end) method.
+///
+/// \param f: function application with two arguments which are strings
 /// \return a new string expression
 string_exprt string_constraint_generatort::add_axioms_for_concat(
   const function_application_exprt &f)
@@ -96,9 +102,9 @@ string_exprt string_constraint_generatort::add_axioms_for_concat(
   return add_axioms_for_concat(s1, s2);
 }
 
-/// add axioms corresponding to the StringBuilder.append(I) java function
-/// \par parameters: function application with two arguments: a string and an
-///   integer
+/// Add axioms corresponding to the StringBuilder.append(I) java function
+/// \param f: function application with two arguments: a string and an
+///           integer
 /// \return a new string expression
 string_exprt string_constraint_generatort::add_axioms_for_concat_int(
   const function_application_exprt &f)
@@ -111,8 +117,8 @@ string_exprt string_constraint_generatort::add_axioms_for_concat_int(
 }
 
 /// Add axioms corresponding to the StringBuilder.append(J) java function
-/// \par parameters: function application with two arguments: a string and a
-/// integer of type long
+/// \param f: function application with two arguments: a string and an
+///           integer of type long
 /// \return a new string expression
 string_exprt string_constraint_generatort::add_axioms_for_concat_long(
   const function_application_exprt &f)
@@ -123,8 +129,8 @@ string_exprt string_constraint_generatort::add_axioms_for_concat_long(
   return add_axioms_for_concat(s1, s2);
 }
 
-/// add axioms corresponding to the StringBuilder.append(Z) java function
-/// \par parameters: function application two arguments: a string and a bool
+/// Add axioms corresponding to the StringBuilder.append(Z) java function
+/// \param f: function application two arguments: a string and a bool
 /// \return a new string expression
 string_exprt string_constraint_generatort::add_axioms_for_concat_bool(
   const function_application_exprt &f)
@@ -135,9 +141,8 @@ string_exprt string_constraint_generatort::add_axioms_for_concat_bool(
   return add_axioms_for_concat(s1, s2);
 }
 
-/// add axioms corresponding to the StringBuilder.append(C) java function
-/// \par parameters: function application with two arguments: a string and a
-///   char
+/// Add axioms corresponding to the StringBuilder.append(C) java function
+/// \param f: function application with two arguments: a string and a char
 /// \return a new string expression
 string_exprt string_constraint_generatort::add_axioms_for_concat_char(
   const function_application_exprt &f)
@@ -148,9 +153,8 @@ string_exprt string_constraint_generatort::add_axioms_for_concat_char(
   return add_axioms_for_concat(s1, s2);
 }
 
-/// add axioms corresponding to the StringBuilder.append(D) java function
-/// \par parameters: function application with two arguments: a string and a
-///   double
+/// Add axioms corresponding to the StringBuilder.append(D) java function
+/// \param f: function application with two arguments: a string and a double
 /// \return a new string expression
 string_exprt string_constraint_generatort::add_axioms_for_concat_double(
   const function_application_exprt &f)
@@ -162,9 +166,8 @@ string_exprt string_constraint_generatort::add_axioms_for_concat_double(
   return add_axioms_for_concat(s1, s2);
 }
 
-/// add axioms corresponding to the StringBuilder.append(F) java function
-/// \par parameters: function application with two arguments: a string and a
-///   float
+/// Add axioms corresponding to the StringBuilder.append(F) java function
+/// \param f: function application with two arguments: a string and a float
 /// \return a new string expression
 string_exprt string_constraint_generatort::add_axioms_for_concat_float(
   const function_application_exprt &f)
@@ -177,8 +180,7 @@ string_exprt string_constraint_generatort::add_axioms_for_concat_float(
 }
 
 /// Add axioms corresponding to the StringBuilder.appendCodePoint(I) function
-/// \par parameters: function application with two arguments: a string and a
-///   code point
+/// \param f: function application with two arguments: a string and a code point
 /// \return a new string expression
 string_exprt string_constraint_generatort::add_axioms_for_concat_code_point(
   const function_application_exprt &f)

From cf39c2994254fe1f83462d6ca409b724bbdea2d7 Mon Sep 17 00:00:00 2001
From: Joel Allred <joel.allred@diffblue.com>
Date: Wed, 21 Jun 2017 09:17:28 +0100
Subject: [PATCH 308/699] Replace asserts

asserts are to be replaced by INVARIANT, PRECONDITION, CHECK_RETURN,
etc.
---
 .../refinement/string_constraint_generator_concat.cpp     | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/solvers/refinement/string_constraint_generator_concat.cpp b/src/solvers/refinement/string_constraint_generator_concat.cpp
index f3ffa7c9394..b2c9a418055 100644
--- a/src/solvers/refinement/string_constraint_generator_concat.cpp
+++ b/src/solvers/refinement/string_constraint_generator_concat.cpp
@@ -91,12 +91,12 @@ string_exprt string_constraint_generatort::add_axioms_for_concat(
   const function_application_exprt &f)
 {
   const function_application_exprt::argumentst &args=f.arguments();
-  assert(args.size()>=2);
+  PRECONDITION(args.size()>=2);
   string_exprt s1=get_string_expr(args[0]);
   string_exprt s2=get_string_expr(args[1]);
   if(args.size()!=2)
   {
-    assert(args.size()==4);
+    PRECONDITION(args.size()==4);
     return add_axioms_for_concat_substr(s1, s2, args[2], args[3]);
   }
   return add_axioms_for_concat(s1, s2);
@@ -160,7 +160,7 @@ string_exprt string_constraint_generatort::add_axioms_for_concat_double(
   const function_application_exprt &f)
 {
   string_exprt s1=get_string_expr(args(f, 2)[0]);
-  assert(refined_string_typet::is_refined_string_type(f.type()));
+  PRECONDITION(refined_string_typet::is_refined_string_type(f.type()));
   refined_string_typet ref_type=to_refined_string_type(f.type());
   string_exprt s2=add_axioms_from_float(args(f, 2)[1], ref_type, true);
   return add_axioms_for_concat(s1, s2);
@@ -173,7 +173,7 @@ string_exprt string_constraint_generatort::add_axioms_for_concat_float(
   const function_application_exprt &f)
 {
   string_exprt s1=get_string_expr(args(f, 2)[0]);
-  assert(refined_string_typet::is_refined_string_type(f.type()));
+  PRECONDITION(refined_string_typet::is_refined_string_type(f.type()));
   refined_string_typet ref_type=to_refined_string_type(f.type());
   string_exprt s2=add_axioms_from_float(args(f, 2)[1], ref_type, false);
   return add_axioms_for_concat(s1, s2);

From ce8303968142a4814035c992090b805a85f9d2e9 Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Wed, 21 Jun 2017 10:11:02 +0100
Subject: [PATCH 309/699] Replace std::cout for errors with messaget::error()

Also replace assert(false) with throw while I'm there.
---
 src/solvers/flattening/arrays.cpp | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/src/solvers/flattening/arrays.cpp b/src/solvers/flattening/arrays.cpp
index 10c29c2ae76..16330ebcb4c 100644
--- a/src/solvers/flattening/arrays.cpp
+++ b/src/solvers/flattening/arrays.cpp
@@ -84,7 +84,7 @@ literalt arrayst::record_array_equality(
   // check types
   if(!base_type_eq(op0.type(), op1.type(), ns))
   {
-    std::cout << equality.pretty() << std::endl;
+    prop.error() << equality.pretty() << messaget::eom;
     throw "record_array_equality got equality without matching types";
   }
 
@@ -174,7 +174,7 @@ void arrayst::collect_arrays(const exprt &a)
     // check types
     if(!base_type_eq(array_type, a.op0().type(), ns))
     {
-      std::cout << a.pretty() << std::endl;
+      prop.error() << a.pretty() << messaget::eom;
       throw "collect_arrays got 'with' without matching types";
     }
 
@@ -196,7 +196,7 @@ void arrayst::collect_arrays(const exprt &a)
     // check types
     if(!base_type_eq(array_type, a.op0().type(), ns))
     {
-      std::cout << a.pretty() << std::endl;
+      prop.error() << a.pretty() << messaget::eom;
       throw "collect_arrays got 'update' without matching types";
     }
 
@@ -220,14 +220,14 @@ void arrayst::collect_arrays(const exprt &a)
     // check types
     if(!base_type_eq(array_type, a.op1().type(), ns))
     {
-      std::cout << a.pretty() << std::endl;
+      prop.error() << a.pretty() << messaget::eom;
       throw "collect_arrays got if without matching types";
     }
 
     // check types
     if(!base_type_eq(array_type, a.op2().type(), ns))
     {
-      std::cout << a.pretty() << std::endl;
+      prop.error() << a.pretty() << messaget::eom;
       throw "collect_arrays got if without matching types";
     }
 
@@ -678,8 +678,8 @@ void arrayst::add_array_constraints_with(
 
     if(index_expr.type()!=value.type())
     {
-      std::cout << expr.pretty() << std::endl;
-      assert(false);
+      prop.error() << expr.pretty() << messaget::eom;
+      throw "index_expr and value types should match";
     }
 
     lazy_constraintt lazy(
@@ -774,8 +774,8 @@ void arrayst::add_array_constraints_update(
 
     if(index_expr.type()!=value.type())
     {
-      std::cout << expr.pretty() << std::endl;
-      assert(false);
+      prop.error() << expr.pretty() << messaget::eom;
+      throw "index_expr and value types should match";
     }
 
     set_to_true(equal_exprt(index_expr, value));

From fc47fe31c2dbd34bf8710c5610d1a8cc198a328d Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Wed, 21 Jun 2017 11:21:23 +0100
Subject: [PATCH 310/699] flattening/arrays.cpp: replace throw and assert with
 invariants

---
 src/solvers/flattening/arrays.cpp | 119 ++++++++++++++++++++----------
 1 file changed, 78 insertions(+), 41 deletions(-)

diff --git a/src/solvers/flattening/arrays.cpp b/src/solvers/flattening/arrays.cpp
index f9d23f2b566..d9fc22be67b 100644
--- a/src/solvers/flattening/arrays.cpp
+++ b/src/solvers/flattening/arrays.cpp
@@ -7,7 +7,6 @@ Author: Daniel Kroening, kroening@kroening.com
 \*******************************************************************/
 
 
-#include <cassert>
 #include <iostream>
 
 #include <langapi/language_util.h>
@@ -50,10 +49,12 @@ literalt arrayst::record_array_equality(
   if(!base_type_eq(op0.type(), op1.type(), ns))
   {
     prop.error() << equality.pretty() << messaget::eom;
-    throw "record_array_equality got equality without matching types";
+    DATA_INVARIANT(false, "record_array_equality got equality without matching types");
   }
 
-  assert(ns.follow(op0.type()).id()==ID_array);
+  DATA_INVARIANT(
+    ns.follow(op0.type()).id()==ID_array,
+    "record_array_equality parameter should be array-typed");
 
   array_equalities.push_back(array_equalityt());
 
@@ -109,14 +110,15 @@ void arrayst::collect_arrays(const exprt &a)
 
   if(a.id()==ID_with)
   {
-    if(a.operands().size()!=3)
-      throw "with expected to have three operands";
+    DATA_INVARIANT(
+      a.operands().size()==3,
+      "with expected to have three operands");
 
     // check types
     if(!base_type_eq(array_type, a.op0().type(), ns))
     {
       prop.error() << a.pretty() << messaget::eom;
-      throw "collect_arrays got 'with' without matching types";
+      DATA_INVARIANT(false, "collect_arrays got 'with' without matching types");
     }
 
     arrays.make_union(a, a.op0());
@@ -131,14 +133,15 @@ void arrayst::collect_arrays(const exprt &a)
   }
   else if(a.id()==ID_update) // TODO: is this obsolete?
   {
-    if(a.operands().size()!=3)
-      throw "update expected to have three operands";
+    DATA_INVARIANT(
+      a.operands().size()==3,
+      "update expected to have three operands");
 
     // check types
     if(!base_type_eq(array_type, a.op0().type(), ns))
     {
       prop.error() << a.pretty() << messaget::eom;
-      throw "collect_arrays got 'update' without matching types";
+      DATA_INVARIANT(false, "collect_arrays got 'update' without matching types");
     }
 
     arrays.make_union(a, a.op0());
@@ -155,21 +158,22 @@ void arrayst::collect_arrays(const exprt &a)
   }
   else if(a.id()==ID_if)
   {
-    if(a.operands().size()!=3)
-      throw "if expected to have three operands";
+    DATA_INVARIANT(
+      a.operands().size()==3,
+      "if expected to have three operands");
 
     // check types
     if(!base_type_eq(array_type, a.op1().type(), ns))
     {
       prop.error() << a.pretty() << messaget::eom;
-      throw "collect_arrays got if without matching types";
+      DATA_INVARIANT(false, "collect_arrays got if without matching types");
     }
 
     // check types
     if(!base_type_eq(array_type, a.op2().type(), ns))
     {
       prop.error() << a.pretty() << messaget::eom;
-      throw "collect_arrays got if without matching types";
+      DATA_INVARIANT(false, "collect_arrays got if without matching types");
     }
 
     arrays.make_union(a, a.op1());
@@ -185,9 +189,10 @@ void arrayst::collect_arrays(const exprt &a)
   }
   else if(a.id()==ID_member)
   {
-    if(to_member_expr(a).struct_op().id()!=ID_symbol)
-      throw
-        "unexpected array expression: member with `"+a.op0().id_string()+"'";
+    DATA_INVARIANT(
+      to_member_expr(a).struct_op().id()==ID_symbol,
+      ("unexpected array expression: member with `"+
+       a.op0().id_string()+"'").c_str());
   }
   else if(a.id()==ID_constant ||
           a.id()==ID_array ||
@@ -200,20 +205,24 @@ void arrayst::collect_arrays(const exprt &a)
   else if(a.id()==ID_byte_update_little_endian ||
           a.id()==ID_byte_update_big_endian)
   {
-    assert(0);
+    DATA_INVARIANT(
+      false,
+      "byte_update should be removed before collect_arrays");
   }
   else if(a.id()==ID_typecast)
   {
     // cast between array types?
-    assert(a.operands().size()==1);
+    DATA_INVARIANT(
+      a.operands().size()==1,
+      "typecast must have one operand");
 
-    if(a.op0().type().id()==ID_array)
-    {
-      arrays.make_union(a, a.op0());
-      collect_arrays(a.op0());
-    }
-    else
-      throw "unexpected array type cast from "+a.op0().type().id_string();
+    DATA_INVARIANT(
+      a.op0().type().id()==ID_array,
+      ("unexpected array type cast from "+
+       a.op0().type().id_string()).c_str());
+
+    arrays.make_union(a, a.op0());
+    collect_arrays(a.op0());
   }
   else if(a.id()==ID_index)
   {
@@ -222,7 +231,12 @@ void arrayst::collect_arrays(const exprt &a)
     collect_arrays(a.op0());
   }
   else
-    throw "unexpected array expression (collect_arrays): `"+a.id_string()+"'";
+  {
+    DATA_INVARIANT(
+      false,
+      ("unexpected array expression (collect_arrays): `"+
+       a.id_string()+"'").c_str());
+  }
 }
 
 /// adds array constraints (refine=true...lazily for the refinement loop)
@@ -364,7 +378,7 @@ void arrayst::update_index_map(std::size_t i)
     return;
 
   std::size_t root_number=arrays.find_number(i);
-  assert(root_number!=i);
+  INVARIANT(root_number!=i, "is_root_number incorrect?");
 
   index_sett &root_index_set=index_map[root_number];
   index_sett &index_set=index_map[i];
@@ -435,7 +449,9 @@ void arrayst::add_array_constraints(
     index_expr2.array()=array_equality.f2;
     index_expr2.index()=*it;
 
-    assert(index_expr1.type()==index_expr2.type());
+    DATA_INVARIANT(
+      index_expr1.type()==index_expr2.type(),
+      "array elements should all have same type");
 
     array_equalityt equal;
     equal.f1 = index_expr1;
@@ -477,12 +493,14 @@ void arrayst::add_array_constraints(
   else if(expr.id()==ID_byte_update_little_endian ||
           expr.id()==ID_byte_update_big_endian)
   {
-    assert(0);
+    INVARIANT(false, "byte_update should be removed before arrayst");
   }
   else if(expr.id()==ID_typecast)
   {
     // we got a=(type[])b
-    assert(expr.operands().size()==1);
+    DATA_INVARIANT(
+      expr.operands().size()==1,
+      "typecast should have one operand");
 
     // add a[i]=b[i]
     for(index_sett::const_iterator
@@ -500,7 +518,9 @@ void arrayst::add_array_constraints(
       index_expr2.array()=expr.op0();
       index_expr2.index()=*it;
 
-      assert(index_expr1.type()==index_expr2.type());
+      DATA_INVARIANT(
+        index_expr1.type()==index_expr2.type(),
+        "array elements should all have same type");
 
       // add constraint
       lazy_constraintt lazy(lazy_typet::ARRAY_TYPECAST,
@@ -512,9 +532,12 @@ void arrayst::add_array_constraints(
   {
   }
   else
-    throw
-      "unexpected array expression (add_array_constraints): `"+
-        expr.id_string()+"'";
+  {
+    DATA_INVARIANT(
+      false,
+      ("unexpected array expression (add_array_constraints): `"+
+       expr.id_string()+"'").c_str());
+  }
 }
 
 void arrayst::add_array_constraints_with(
@@ -536,7 +559,9 @@ void arrayst::add_array_constraints_with(
     if(index_expr.type()!=value.type())
     {
       prop.error() << expr.pretty() << messaget::eom;
-      throw "index_expr and value types should match";
+      DATA_INVARIANT(
+        false,
+        "with-expression operand should match array element type");
     }
 
     lazy_constraintt lazy(
@@ -575,7 +600,9 @@ void arrayst::add_array_constraints_with(
         index_expr2.array()=expr.op0();
         index_expr2.index()=other_index;
 
-        assert(index_expr1.type()==index_expr2.type());
+        DATA_INVARIANT(
+          index_expr1.type()==index_expr2.type(),
+          "array elements should all have same type");
 
         equal_exprt equality_expr(index_expr1, index_expr2);
 
@@ -620,7 +647,9 @@ void arrayst::add_array_constraints_update(
     if(index_expr.type()!=value.type())
     {
       prop.error() << expr.pretty() << messaget::eom;
-      throw "index_expr and value types should match";
+      DATA_INVARIANT(
+        false,
+        "update operand should match array element type");
     }
 
     set_to_true(equal_exprt(index_expr, value));
@@ -657,7 +686,9 @@ void arrayst::add_array_constraints_update(
         index_expr2.array()=expr.op0();
         index_expr2.index()=other_index;
 
-        assert(index_expr1.type()==index_expr2.type());
+        DATA_INVARIANT(
+          index_expr1.type()==index_expr2.type(),
+          "array elements should all have same type");
 
         equal_exprt equality_expr(index_expr1, index_expr2);
 
@@ -693,7 +724,9 @@ void arrayst::add_array_constraints_array_of(
     index_expr.array()=expr;
     index_expr.index()=*it;
 
-    assert(base_type_eq(index_expr.type(), expr.op0().type(), ns));
+    DATA_INVARIANT(
+      base_type_eq(index_expr.type(), expr.op0().type(), ns),
+      "array_of operand type should match array element type");
 
     // add constraint
     lazy_constraintt lazy(
@@ -730,7 +763,9 @@ void arrayst::add_array_constraints_if(
     index_expr2.array()=expr.true_case();
     index_expr2.index()=*it;
 
-    assert(index_expr1.type()==index_expr2.type());
+    DATA_INVARIANT(
+      index_expr1.type()==index_expr2.type(),
+      "array elements should all have same type");
 
     // add implication
     lazy_constraintt lazy(lazy_typet::ARRAY_IF,
@@ -759,7 +794,9 @@ void arrayst::add_array_constraints_if(
     index_expr2.array()=expr.false_case();
     index_expr2.index()=*it;
 
-    assert(index_expr1.type()==index_expr2.type());
+    DATA_INVARIANT(
+      index_expr1.type()==index_expr2.type(),
+      "array elements should all have same type");
 
     // add implication
     lazy_constraintt lazy(

From 53237027b03ee846d7ad7e1c61a552c36bbeeb28 Mon Sep 17 00:00:00 2001
From: Joel Allred <joel.allred@diffblue.com>
Date: Wed, 21 Jun 2017 15:06:41 +0100
Subject: [PATCH 311/699] Fix bad return type of char pointer func

We cast the return type of ID_cprover_string_array_of_char_pointer_func
so that it matches its expected return type.

This addresses: diffblue/platform#975
---
 .../refinement/string_constraint_generator_main.cpp        | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/solvers/refinement/string_constraint_generator_main.cpp b/src/solvers/refinement/string_constraint_generator_main.cpp
index 796b0554696..516c3a8cd11 100644
--- a/src/solvers/refinement/string_constraint_generator_main.cpp
+++ b/src/solvers/refinement/string_constraint_generator_main.cpp
@@ -684,7 +684,12 @@ exprt string_constraint_generatort::add_axioms_for_char_pointer(
 {
   exprt char_pointer=args(fun, 1)[0];
   if(char_pointer.id()==ID_index)
-    return char_pointer.op0();
+    return typecast_exprt(char_pointer.op0(), fun.type());
+  // TODO: It seems reasonable that the result of the function application
+  //       should match the return type of the function. However it is not
+  //       clear whether this typecast is properly handled in the string
+  //       refinement. We need regression tests that use that function.
+
   // TODO: we do not know what to do in the other cases
   assert(false);
   return exprt();

From 02b7942906044164f1b5d8ddeeb3287ec4e2d84b Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Fri, 5 May 2017 09:38:02 +0100
Subject: [PATCH 312/699] Simplifying expressions of the form &array[0] in json

We simplifying these expression so that these pointers appear correctly
in the trace in json.
This is related to issue diffblue/test-gen#21

Includes improvements in json_expr.cpp following review of PR#922
---
 src/util/json_expr.cpp | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/src/util/json_expr.cpp b/src/util/json_expr.cpp
index a9135f9f5ce..fd8be8bff71 100644
--- a/src/util/json_expr.cpp
+++ b/src/util/json_expr.cpp
@@ -52,16 +52,26 @@ static exprt simplify_json_expr(
           id2string(to_member_expr(
             src.op0()).get_component_name()).find("@")!=std::string::npos)
   {
-    // simplify things of the form  &member_expr(object, @class_identifier)
+    // simplify expressions of the form &member_expr(object, @class_identifier)
     return simplify_json_expr(src.op0(), ns);
   }
+  else if(src.id()==ID_address_of &&
+          src.operands().size()==1 &&
+          src.op0().id()==ID_index &&
+          to_index_expr(src.op0()).index().id()==ID_constant &&
+          to_constant_expr(
+            to_index_expr(src.op0()).index()).value_is_zero_string())
+  {
+    // simplify expressions of the form  &array[0]
+    return simplify_json_expr(to_index_expr(src.op0()).array(), ns);
+  }
   else if(src.id()==ID_member &&
           src.operands().size()==1 &&
           id2string(
             to_member_expr(src).get_component_name())
               .find("@")!=std::string::npos)
   {
-    // simplify things of the form  member_expr(object, @class_identifier)
+    // simplify expressions of the form  member_expr(object, @class_identifier)
     return simplify_json_expr(src.op0(), ns);
   }
 

From f4fa77802f43a7bd959fd56d28ae8d9affc9e650 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Thu, 11 May 2017 14:59:50 +0100
Subject: [PATCH 313/699] Simplifying array access and expressions with pointer
 offsets

We simplify expressions containing array accesses before producing a
json representation of the trace.
This commit also adds comments on the functions in the cpp files

Includes improvements in json_goto_trace.cpp following review of PR#922
---
 src/goto-programs/json_goto_trace.cpp | 157 +++++++++++++++++++++++++-
 1 file changed, 155 insertions(+), 2 deletions(-)

diff --git a/src/goto-programs/json_goto_trace.cpp b/src/goto-programs/json_goto_trace.cpp
index eaa84f6654b..edf6147ddcb 100644
--- a/src/goto-programs/json_goto_trace.cpp
+++ b/src/goto-programs/json_goto_trace.cpp
@@ -14,11 +14,162 @@ Author: Daniel Kroening
 #include <cassert>
 
 #include <util/json_expr.h>
+#include <util/arith_tools.h>
 
 #include <langapi/language_util.h>
 
 #include "json_goto_trace.h"
 
+/*******************************************************************\
+
+Function: remove_pointer_offsets
+
+  Inputs:
+    src - an expression
+
+ Purpose: Replaces in src, expressions of the form pointer_offset(constant)
+          by that constant.
+
+\*******************************************************************/
+
+void remove_pointer_offsets(exprt &src)
+{
+  if(src.id()==ID_pointer_offset && src.op0().id()==ID_constant)
+    src=src.op0();
+  else
+    for(auto &op : src.operands())
+      remove_pointer_offsets(op);
+}
+
+/*******************************************************************\
+
+Function: remove_pointer_offsets
+
+  Inputs:
+    src - an expression
+    array_symbol - a symbol expression representing an array
+
+ Purpose: Replaces in src, expressions of the form
+          pointer_offset(array_symbol) by a constant value of 0.
+          This is meant to simplify array expressions.
+
+\*******************************************************************/
+
+void remove_pointer_offsets(exprt &src, const symbol_exprt &array_symbol)
+{
+  if(src.id()==ID_pointer_offset &&
+     src.op0().id()==ID_constant &&
+     src.op0().op0().id()==ID_address_of &&
+     src.op0().op0().op0().id()==ID_index)
+  {
+    const index_exprt &idx=to_index_expr(src.op0().op0().op0());
+    const irep_idt &array_id=to_symbol_expr(idx.array()).get_identifier();
+    if(idx.array().id()==ID_symbol &&
+       array_id==array_symbol.get_identifier() &&
+       to_constant_expr(idx.index()).value_is_zero_string())
+      src=from_integer(0, src.type());
+  }
+  else
+    for(auto &op : src.operands())
+      remove_pointer_offsets(op, array_symbol);
+}
+
+/*******************************************************************\
+
+Function: simplify_index
+
+  Inputs:
+    idx - an expression representing an index in an array
+    out - a reference to an unsigned value of type size_t, which will
+          hold the result of the simplification if it is successful
+
+ Outputs: Boolean flag that is true if the `idx` expression could not be
+          simplified into a unsigned constant value.
+
+ Purpose: Simplify the expression in index as much as possible to try
+          to get an unsigned constant.
+
+\*******************************************************************/
+
+bool simplify_index(const exprt &idx, std::size_t &out)
+{
+  if(idx.id()==ID_constant)
+  {
+    std::string value_str(id2string(to_constant_expr(idx).get_value()));
+    mp_integer int_value=binary2integer(value_str, false);
+    if(int_value>std::numeric_limits<std::size_t>::max())
+      return true;
+    out=int_value.to_long();
+    return false;
+  }
+  else if(idx.id()==ID_plus)
+  {
+    std::size_t l, r;
+    if(!simplify_index(idx.op0(), l) && !simplify_index(idx.op1(), r))
+    {
+      out=l+r;
+      return false;
+    }
+  }
+
+  return true;
+}
+
+/*******************************************************************\
+
+Function: simplify_array_access
+
+  Inputs:
+    src - an expression potentialy containing array accesses (index_expr)
+
+ Outputs: an expression similar in meaning to src but where array accesses
+          have been simplified
+
+ Purpose: Simplify an expression before putting it in the json format
+
+\*******************************************************************/
+
+exprt simplify_array_access(const exprt &src)
+{
+  if(src.id()==ID_index && to_index_expr(src).array().id()==ID_symbol)
+  {
+    // Case where the array is a symbol.
+    const symbol_exprt &array_symbol=to_symbol_expr(to_index_expr(src).array());
+    exprt simplified_index=to_index_expr(src).index();
+    // We remove potential appearances of `pointer_offset(array_symbol)`
+    remove_pointer_offsets(simplified_index, array_symbol);
+    return index_exprt(array_symbol, simplified_index);
+  }
+  else if(src.id()==ID_index && to_index_expr(src).array().id()==ID_array)
+  {
+    // Case where the array is given by an array of expressions
+    exprt index=to_index_expr(src).index();
+    remove_pointer_offsets(index);
+
+    // We look for an actual integer value for the index
+    std::size_t i;
+    if(!simplify_index(index, i))
+      return to_index_expr(src).array().operands()[i];
+  }
+  return src;
+}
+
+/*******************************************************************\
+
+Function: convert
+
+  Inputs:
+    ns - a namespace
+    goto_trace - a trace in a goto program
+    dest - referecence to a json object in which the goto trace will
+           be added
+
+ Outputs: none
+
+ Purpose: Produce a json representation of a trace.
+
+\*******************************************************************/
+
 void convert(
   const namespacet &ns,
   const goto_tracet &goto_trace,
@@ -84,7 +235,8 @@ void convert(
         json_objectt full_lhs_value;
 
         assert(step.full_lhs.is_not_nil());
-        full_lhs_string=from_expr(ns, identifier, step.full_lhs);
+        exprt simplified=simplify_array_access(step.full_lhs);
+        full_lhs_string=from_expr(ns, identifier, simplified);
 
         const symbolt *symbol;
         irep_idt base_name, display_name;
@@ -98,7 +250,8 @@ void convert(
 
           json_assignment["mode"]=json_stringt(id2string(symbol->mode));
           assert(step.full_lhs_value.is_not_nil());
-          full_lhs_value=json(step.full_lhs_value, ns, symbol->mode);
+          exprt simplified=simplify_array_access(step.full_lhs_value);
+          full_lhs_value=json(simplified, ns, symbol->mode);
         }
         else
         {

From 5cfa413099cf7dafb3b7c03e8a6a9b18d46286a4 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Tue, 13 Jun 2017 17:18:14 +0100
Subject: [PATCH 314/699] Adding test to check that data field of strings are
 set in json

---
 .../strings-smoke-tests/jsonArrays/test.class     | Bin 0 -> 307 bytes
 .../strings-smoke-tests/jsonArrays/test.desc      |  10 ++++++++++
 .../strings-smoke-tests/jsonArrays/test.java      |   8 ++++++++
 3 files changed, 18 insertions(+)
 create mode 100644 regression/strings-smoke-tests/jsonArrays/test.class
 create mode 100644 regression/strings-smoke-tests/jsonArrays/test.desc
 create mode 100644 regression/strings-smoke-tests/jsonArrays/test.java

diff --git a/regression/strings-smoke-tests/jsonArrays/test.class b/regression/strings-smoke-tests/jsonArrays/test.class
new file mode 100644
index 0000000000000000000000000000000000000000..e1e896095a32175841e2349ce504b181232f425f
GIT binary patch
literal 307
zcmYLDJx>Bb5PfrSx3He_p;pGi*Z_qzb`l#C6B2?2#(wXdoQt@aW${<pP-!gu0sbiC
zEHPmwnK$$1&CC4!etiSD#F0iF`x*ymDYO+jgluG;4cCNPum3=(-z*=Q(3)7s)AdWi
z{@xS|Vbb!6%V)xIZ!$M;X1Fk}8qR{ZuDa@v33|3%`;u>M6gLB}!bQ~ONRcUYa~wj8
zeOwUQJBzzw&ZSVD9W{1=EB1uOtMMzA5of5$=P?q<FUX`SnN9^sFdck=HqywE)VPj)
gQ&I~?>A7Gcs0N=%MknuEK@{sPo&LM-36miI1Mu-RqW}N^

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/jsonArrays/test.desc b/regression/strings-smoke-tests/jsonArrays/test.desc
new file mode 100644
index 00000000000..e59f08d44b4
--- /dev/null
+++ b/regression/strings-smoke-tests/jsonArrays/test.desc
@@ -0,0 +1,10 @@
+CORE
+test.class
+--refine-strings --function test.check --json-ui --trace --string-max-length 100 --cover location
+^EXIT=0$
+^SIGNAL=0$
+\"data\".*\"tmp_object_factory\$6.*\"
+--
+This checks that tmp_object_factory$6 gets affected to the data field
+of some strings, which was not the case in previous versions of cbmc,
+as it was just ignored by the json output.
\ No newline at end of file
diff --git a/regression/strings-smoke-tests/jsonArrays/test.java b/regression/strings-smoke-tests/jsonArrays/test.java
new file mode 100644
index 00000000000..c7b07e0fdec
--- /dev/null
+++ b/regression/strings-smoke-tests/jsonArrays/test.java
@@ -0,0 +1,8 @@
+public class test
+{
+    public static int check(String s)
+    {
+        int i=Integer.parseInt(s);
+        return i;
+    }
+}

From f950ffc748f44c22fa4588a4cb085572bf5fc37b Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Thu, 15 Jun 2017 12:54:44 +0100
Subject: [PATCH 315/699] Documentation for json_goto_trace in doxygen format

---
 src/goto-programs/json_goto_trace.cpp | 96 +++++++--------------------
 1 file changed, 23 insertions(+), 73 deletions(-)

diff --git a/src/goto-programs/json_goto_trace.cpp b/src/goto-programs/json_goto_trace.cpp
index edf6147ddcb..538bad49eff 100644
--- a/src/goto-programs/json_goto_trace.cpp
+++ b/src/goto-programs/json_goto_trace.cpp
@@ -20,18 +20,9 @@ Author: Daniel Kroening
 
 #include "json_goto_trace.h"
 
-/*******************************************************************\
-
-Function: remove_pointer_offsets
-
-  Inputs:
-    src - an expression
-
- Purpose: Replaces in src, expressions of the form pointer_offset(constant)
-          by that constant.
-
-\*******************************************************************/
-
+/// Replaces in src, expressions of the form pointer_offset(constant) by that
+/// constant.
+/// \param src: an expression
 void remove_pointer_offsets(exprt &src)
 {
   if(src.id()==ID_pointer_offset && src.op0().id()==ID_constant)
@@ -41,20 +32,10 @@ void remove_pointer_offsets(exprt &src)
       remove_pointer_offsets(op);
 }
 
-/*******************************************************************\
-
-Function: remove_pointer_offsets
-
-  Inputs:
-    src - an expression
-    array_symbol - a symbol expression representing an array
-
- Purpose: Replaces in src, expressions of the form
-          pointer_offset(array_symbol) by a constant value of 0.
-          This is meant to simplify array expressions.
-
-\*******************************************************************/
-
+/// Replaces in src, expressions of the form pointer_offset(array_symbol) by a
+/// constant value of 0. This is meant to simplify array expressions.
+/// \param src: an expression
+/// \param array_symbol: a symbol expression representing an array
 void remove_pointer_offsets(exprt &src, const symbol_exprt &array_symbol)
 {
   if(src.id()==ID_pointer_offset &&
@@ -74,23 +55,13 @@ void remove_pointer_offsets(exprt &src, const symbol_exprt &array_symbol)
       remove_pointer_offsets(op, array_symbol);
 }
 
-/*******************************************************************\
-
-Function: simplify_index
-
-  Inputs:
-    idx - an expression representing an index in an array
-    out - a reference to an unsigned value of type size_t, which will
-          hold the result of the simplification if it is successful
-
- Outputs: Boolean flag that is true if the `idx` expression could not be
-          simplified into a unsigned constant value.
-
- Purpose: Simplify the expression in index as much as possible to try
-          to get an unsigned constant.
-
-\*******************************************************************/
-
+/// Simplify the expression in index as much as possible to try to get an
+/// unsigned constant.
+/// \param idx: an expression representing an index in an array
+/// \param out: a reference to an unsigned value of type size_t, which will hold
+///   the result of the simplification if it is successful
+/// \return Boolean flag that is true if the `idx` expression could not be
+///   simplified into a unsigned constant value.
 bool simplify_index(const exprt &idx, std::size_t &out)
 {
   if(idx.id()==ID_constant)
@@ -115,20 +86,10 @@ bool simplify_index(const exprt &idx, std::size_t &out)
   return true;
 }
 
-/*******************************************************************\
-
-Function: simplify_array_access
-
-  Inputs:
-    src - an expression potentialy containing array accesses (index_expr)
-
- Outputs: an expression similar in meaning to src but where array accesses
-          have been simplified
-
- Purpose: Simplify an expression before putting it in the json format
-
-\*******************************************************************/
-
+/// Simplify an expression before putting it in the json format
+/// \param src: an expression potentialy containing array accesses (index_expr)
+/// \return an expression similar in meaning to src but where array accesses
+///   have been simplified
 exprt simplify_array_access(const exprt &src)
 {
   if(src.id()==ID_index && to_index_expr(src).array().id()==ID_symbol)
@@ -154,22 +115,11 @@ exprt simplify_array_access(const exprt &src)
   return src;
 }
 
-/*******************************************************************\
-
-Function: convert
-
-  Inputs:
-    ns - a namespace
-    goto_trace - a trace in a goto program
-    dest - referecence to a json object in which the goto trace will
-           be added
-
- Outputs: none
-
- Purpose: Produce a json representation of a trace.
-
-\*******************************************************************/
-
+/// Produce a json representation of a trace.
+/// \param ns: a namespace
+/// \param goto_trace: a trace in a goto program
+/// \param dest: referecence to a json object in which the goto trace will be
+///   added
 void convert(
   const namespacet &ns,
   const goto_tracet &goto_trace,

From fbb5724dbc4ec0b9c295712ab8c07cd9b00bae2b Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Thu, 15 Jun 2017 16:38:04 +0100
Subject: [PATCH 316/699] Declaring string expression symbol for each
 string_exprt

These are used in the string solver. So each string_exprt used in the
code should have a symbol of the same type which corresponds to it.
---
 src/java_bytecode/java_string_library_preprocess.cpp | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/java_bytecode/java_string_library_preprocess.cpp b/src/java_bytecode/java_string_library_preprocess.cpp
index 0a3ef95be8f..c1bede44772 100644
--- a/src/java_bytecode/java_string_library_preprocess.cpp
+++ b/src/java_bytecode/java_string_library_preprocess.cpp
@@ -1223,6 +1223,8 @@ codet java_string_library_preprocesst::make_object_get_class_code(
       ID_cprover_string_literal_func,
       {class_identifier},
       symbol_table));
+  exprt string_expr_sym=fresh_string_expr_symbol(loc, symbol_table, code);
+  code.add(code_assignt(string_expr_sym, string_expr));
 
   // string_expr1 = substr(string_expr, 6)
   // We do this to remove the "java::" prefix
@@ -1233,6 +1235,8 @@ codet java_string_library_preprocesst::make_object_get_class_code(
       ID_cprover_string_substring_func,
       {string_expr, from_integer(6, java_int_type())},
       symbol_table));
+  exprt string_expr_sym1=fresh_string_expr_symbol(loc, symbol_table, code);
+  code.add(code_assignt(string_expr_sym1, string_expr1));
 
   // string1 = (String*) string_expr
   pointer_typet string_ptr_type(

From 50be5302d84bdeff40d5d6c79cee3f6965468047 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Thu, 15 Jun 2017 16:39:29 +0100
Subject: [PATCH 317/699] Removing overflow check in quantified formula

The overflow assertion do not make sense when used with variables that
are universally quantified.
---
 .../refinement/string_constraint_generator_transformation.cpp   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/solvers/refinement/string_constraint_generator_transformation.cpp b/src/solvers/refinement/string_constraint_generator_transformation.cpp
index 599ae3af9dd..a4e8cf51564 100644
--- a/src/solvers/refinement/string_constraint_generator_transformation.cpp
+++ b/src/solvers/refinement/string_constraint_generator_transformation.cpp
@@ -122,7 +122,7 @@ string_exprt string_constraint_generatort::add_axioms_for_substring(
   string_constraintt a4(idx,
                         res.length(),
                         equal_exprt(res[idx],
-                        str[plus_exprt_with_overflow_check(start, idx)]));
+                        str[plus_exprt(start, idx)]));
   axioms.push_back(a4);
   return res;
 }

From c745aa79deb6eafea660f7d6011efe91b474ac5a Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Fri, 16 Jun 2017 12:00:52 +0100
Subject: [PATCH 318/699] Improvements in the code for String.toCharArray in
 preprocessing

We now use an intermediary string_expression for argument of
String.toCharArray.
This is necessary for the string solver to keep trace of the strings
in the case the argument was not produced by another string function
(for instance a string literal).

This also cleans up the code generated for String.toCharArray.
There were some issues because some arrays where not allocated
correctly in the generated code, this should be fixed now.
---
 .../java_string_library_preprocess.cpp        | 52 ++++++++++++-------
 1 file changed, 34 insertions(+), 18 deletions(-)

diff --git a/src/java_bytecode/java_string_library_preprocess.cpp b/src/java_bytecode/java_string_library_preprocess.cpp
index 0a3ef95be8f..7ffc92de188 100644
--- a/src/java_bytecode/java_string_library_preprocess.cpp
+++ b/src/java_bytecode/java_string_library_preprocess.cpp
@@ -1138,12 +1138,20 @@ codet java_string_library_preprocesst::make_assign_function_from_call(
 }
 
 /// Used to provide our own implementation of the
-/// java.lang.String.toCharArray:()[C function.
+/// `java.lang.String.toCharArray:()[C` function.
 /// \param type: type of the function called
 /// \param loc: location in the source
 /// \param symbol_table: the symbol table
-/// \return Code corresponding to > return_tmp0 = malloc(array[char]); >
-///   return_tmp0->data=&((s->data)[0]) > return_tmp0->length=s->length
+/// \return Code corresponding to
+/// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+/// lhs = new java::array[char]
+/// string_expr = {length=this->length, content=*(this->data)}
+/// data = new char[]
+/// *data = string_expr.content
+/// lhs->data = &data[0]
+/// lhs->length = string_expr.length
+/// return lhs
+/// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 codet java_string_library_preprocesst::make_string_to_char_array_code(
     const code_typet &type,
     const source_locationt &loc,
@@ -1154,29 +1162,37 @@ codet java_string_library_preprocesst::make_string_to_char_array_code(
   const code_typet::parametert &p=type.parameters()[0];
   symbol_exprt string_argument(p.get_identifier(), p.type());
   assert(implements_java_char_sequence(string_argument.type()));
-  dereference_exprt deref(string_argument, string_argument.type().subtype());
 
-  // lhs <- malloc(array[char])
-  exprt lhs=fresh_array(type.return_type(), loc, symbol_table);
-  allocate_dynamic_object_with_decl(
-    lhs, lhs.type().subtype(), symbol_table, loc, code);
+  // lhs = new java::array[char]
+  exprt lhs=allocate_fresh_array(
+    type.return_type(), loc, symbol_table, code);
 
-  // first_element_address is `&((string_argument->data)[0])`
-  exprt data=get_data(deref, symbol_table);
+  // string_expr = {this->length, this->data}
+  string_exprt string_expr=fresh_string_expr(loc, symbol_table, code);
+  code.add(code_assign_java_string_to_string_expr(
+    string_expr, string_argument, symbol_table));
+  exprt string_expr_sym=fresh_string_expr_symbol(
+    loc, symbol_table, code);
+  code.add(code_assignt(string_expr_sym, string_expr));
+
+  // data = new char[]
+  exprt data=allocate_fresh_array(
+    pointer_typet(string_expr.content().type()), loc, symbol_table, code);
+
+  // *data = string_expr.content
   dereference_exprt deref_data(data, data.type().subtype());
-  exprt first_index=from_integer(0, string_length_type());
-  index_exprt first_element(deref_data, first_index, java_char_type());
-  address_of_exprt first_element_address(first_element);
+  code.add(code_assignt(deref_data, string_expr.content()));
 
-  // lhs->data <- &((string_argument->data)[0])
+  // lhs->data = &data[0]
   dereference_exprt deref_lhs(lhs, lhs.type().subtype());
   exprt lhs_data=get_data(deref_lhs, symbol_table);
-  code.add(code_assignt(lhs_data, first_element_address));
+  index_exprt first_elt(
+    deref_data, from_integer(0, java_int_type()), java_char_type());
+  code.add(code_assignt(lhs_data, address_of_exprt(first_elt)));
 
-  // lhs->length <- s->length
-  exprt rhs_length=get_length(deref, symbol_table);
+  // lhs->length = string_expr.length
   exprt lhs_length=get_length(deref_lhs, symbol_table);
-  code.add(code_assignt(lhs_length, rhs_length));
+  code.add(code_assignt(lhs_length, string_expr.length()));
 
   // return lhs
   code.add(code_returnt(lhs));

From 0619f0587577cdb6214f4307ff2a3b0a228828eb Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Fri, 16 Jun 2017 15:11:26 +0100
Subject: [PATCH 319/699] Better test for String.toCharArray

We now have in the test both assertions that should pass and
assertions that should fail. This is to make sure our tests do not
pass just because CBMC would be biased in one direction.
---
 .../java_char_array/test.desc                   |  10 ++++++++--
 .../java_char_array/test_char_array.class       | Bin 714 -> 826 bytes
 .../java_char_array/test_char_array.java        |   8 +++++++-
 3 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/regression/strings-smoke-tests/java_char_array/test.desc b/regression/strings-smoke-tests/java_char_array/test.desc
index efb6ad4c5d7..d00a921a8c1 100644
--- a/regression/strings-smoke-tests/java_char_array/test.desc
+++ b/regression/strings-smoke-tests/java_char_array/test.desc
@@ -1,7 +1,13 @@
 CORE
 test_char_array.class
 --refine-strings
-^EXIT=0$
+^EXIT=10$
 ^SIGNAL=0$
-^VERIFICATION SUCCESSFUL$
+.*assertion.* test_char_array.java line 9 .* SUCCESS$
+.*assertion.* test_char_array.java line 10 .* SUCCESS$
+.*assertion.* test_char_array.java line 11 .* SUCCESS$
+.*assertion.* test_char_array.java line 13 .* FAILURE$
+.*assertion.* test_char_array.java line 15 .* FAILURE$
+.*assertion.* test_char_array.java line 17 .* FAILURE$
+^VERIFICATION FAILED$
 --
diff --git a/regression/strings-smoke-tests/java_char_array/test_char_array.class b/regression/strings-smoke-tests/java_char_array/test_char_array.class
index 0d2056042ca2ef3063d717972cfe8bf0f7b0d053..e509fe289d393b7817688e2d36381d0a0150d0ad 100644
GIT binary patch
delta 419
zcmZ9IO-lk%7=@o1ow+)WrQ?`i*{7wZ?S>X1(Kbp5lAxtY5LD2jz2K&`xU(StLM{vp
zY}Lk}(2uEJg-Y5SxaU3ZbMHN4V`zHg&*2F0*tW1p1xQ<DSe!^UNPs29vV}=Xv0|~x
znqs}}9cKK6gW{=1_~fqMxT@A~YxVQ%3q?+`(e6}2Ih#%LHU*0956|4PDN*jY+I!PM
zV;(dE9Ybz@bo8Ur0AICiczY$^0RN7^kI^Ms9+^*sUNO&JP;XPuiTfk<|7J8BY0P-(
zE{R`2?+=hRdL;YJ33`f|9htqK9bwH3p5=i$5z$@dL=Ak>MF52@8Y4(vTB{J^SezPR
zE+uy(A8g6iJy9NTBnJu1F9{p2rf?N;O#?TUNF{}{&}r$OJ4s0?_P!<!CFG!!{03*;
BMZN$4

delta 306
zcmZXPJ5Iw;5Jiu_&#?^{+dv=*p9BKfl&?a7=)<RghSEe-P*Bjb1}j~J#2TOoQjkJL
zlU=X{7642{gG6&jb96Ox@6a7Pdi*sU0h%2jpQ^{A&l0tX)GK&26w5v?RmF<WDr<^n
zsXOV^*<I1SJ}z$0i_4oUMN6?>_V<ET$Oi3@O}5Gp?QVx;<h`2lem{-DjJ$fl#Flv)
zo1JWcb(A}LKeGnd2hTWtX7iEzNbrh#@q&8$WsRu#$Ldk{4||f6CXr}UVuOPvu{{)_
vXiQe2Ee&@GI1v<!CBga@Xe$y$Y8XNi@y_)=O`T2*4rX|0NbY%AOcs6s?3ga`

diff --git a/regression/strings-smoke-tests/java_char_array/test_char_array.java b/regression/strings-smoke-tests/java_char_array/test_char_array.java
index 017fe704124..e0efe1777e7 100644
--- a/regression/strings-smoke-tests/java_char_array/test_char_array.java
+++ b/regression/strings-smoke-tests/java_char_array/test_char_array.java
@@ -1,6 +1,6 @@
 public class test_char_array
 {
-   public static void main(/*String[] argv*/)
+   public static void main(int i)
    {
       String s = "abc";
       char [] str = s.toCharArray();
@@ -9,5 +9,11 @@ public static void main(/*String[] argv*/)
       assert(str.length == 3);
       assert(a == 'a');
       assert(c == 'c');
+      if(i==0)
+          assert(str.length != 3);
+      if(i==2)
+          assert(a != 'a');
+      if(i==3)
+          assert(c != 'c');
    }
 }

From bc968b0f749fdedf52803f1009011d28bf37e259 Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Thu, 22 Jun 2017 16:12:07 +0100
Subject: [PATCH 320/699] Always pass namespace to from_expr

Otherwise it can't find symbol identifiers and can crash when trying
to e.g. pretty-print structure names.
---
 src/solvers/refinement/string_refinement.cpp | 61 ++++++++++----------
 1 file changed, 31 insertions(+), 30 deletions(-)

diff --git a/src/solvers/refinement/string_refinement.cpp b/src/solvers/refinement/string_refinement.cpp
index 257fbf51e48..86b36a94790 100644
--- a/src/solvers/refinement/string_refinement.cpp
+++ b/src/solvers/refinement/string_refinement.cpp
@@ -72,7 +72,7 @@ void string_refinementt::display_index_set()
   for(const auto &i : index_set)
   {
     const exprt &s=i.first;
-    debug() << "IS(" << from_expr(s) << ")=={" << eom;
+    debug() << "IS(" << from_expr(ns, "", s) << ")=={" << eom;
 
     for(auto j : i.second)
     {
@@ -81,7 +81,7 @@ void string_refinementt::display_index_set()
         count_current++;
         debug() << "**";
       }
-      debug() << "  " << from_expr(j) << ";" << eom;
+      debug() << "  " << from_expr(ns, "", j) << ";" << eom;
       count++;
     }
     debug() << "}"  << eom;
@@ -99,10 +99,10 @@ void string_refinementt::add_instantiations()
   for(const auto &i : current_index_set)
   {
     const exprt &s=i.first;
-    debug() << "IS(" << from_expr(s) << ")=={";
+    debug() << "IS(" << from_expr(ns, "", s) << ")=={";
 
     for(const auto &j : i.second)
-      debug() << from_expr(j) << "; ";
+      debug() << from_expr(ns, "", j) << "; ";
     debug() << "}"  << eom;
 
     for(const auto &j : i.second)
@@ -227,7 +227,7 @@ bool string_refinementt::add_axioms_for_string_assigns(
     else
     {
       debug() << "string_refinement warning: not handling char_array: "
-              << from_expr(rhs) << eom;
+              << from_expr(ns, "", rhs) << eom;
       return true;
     }
   }
@@ -291,7 +291,7 @@ void string_refinementt::concretize_string(const exprt &expr)
            mp_index>=concretize_limit)
         {
           debug() << "concretize_string: ignoring out of bound index: "
-                  << from_expr(simple_i) << eom;
+                  << from_expr(ns, "", simple_i) << eom;
         }
         else
         {
@@ -311,8 +311,8 @@ void string_refinementt::concretize_string(const exprt &expr)
 
       array_exprt arr(to_array_type(content.type()));
       arr.operands()=result;
-      debug() << "Concretized " << from_expr(content_expr)
-              << " = " << from_expr(arr) << eom;
+      debug() << "Concretized " << from_expr(ns, "", content_expr)
+              << " = " << from_expr(ns, "", arr) << eom;
       found_content[content]=arr;
     }
   }
@@ -371,7 +371,7 @@ void string_refinementt::set_to(const exprt &expr, bool value)
     if(eq_expr.lhs().type()!=eq_expr.rhs().type())
     {
       debug() << "(sr::set_to) WARNING: ignoring "
-              << from_expr(expr) << " [inconsistent types]" << eom;
+              << from_expr(ns, "", expr) << " [inconsistent types]" << eom;
       debug() << "lhs has type: " << eq_expr.lhs().type().pretty(12) << eom;
       debug() << "rhs has type: " << eq_expr.rhs().type().pretty(12) << eom;
       return;
@@ -393,7 +393,7 @@ void string_refinementt::set_to(const exprt &expr, bool value)
     if(lhs.id()!=ID_symbol)
     {
       debug() << "(sr::set_to) WARNING: ignoring "
-              << from_expr(expr) << eom;
+              << from_expr(ns, "", expr) << eom;
       return;
     }
 
@@ -405,7 +405,7 @@ void string_refinementt::set_to(const exprt &expr, bool value)
          eq_expr.lhs().type().subtype() != subst_rhs.type().subtype())
       {
         debug() << "(sr::set_to) WARNING: ignoring "
-                << from_expr(expr) << " [inconsistent types after substitution]"
+                << from_expr(ns, "", expr) << " [inconsistent types after substitution]"
                 << eom;
         return;
       }
@@ -602,7 +602,7 @@ void string_refinementt::add_lemma(
     return;
   }
 
-  debug() << "adding lemma " << from_expr(simple_lemma) << eom;
+  debug() << "adding lemma " << from_expr(ns, "", simple_lemma) << eom;
 
   prop.l_set_to_true(convert(simple_lemma));
 }
@@ -626,7 +626,7 @@ exprt string_refinementt::get_array(const exprt &arr, const exprt &size) const
   {
 #if 0
     debug() << "(sr::get_array) string of unknown size: "
-            << from_expr(size_val) << eom;
+            << from_expr(ns, "", size_val) << eom;
 #endif
     return empty_ret;
   }
@@ -699,7 +699,7 @@ exprt string_refinementt::get_array(const exprt &arr, const exprt &size) const
   else
   {
 #if 0
-    debug() << "unable to get array-list value of " << from_expr(arr)
+    debug() << "unable to get array-list value of " << from_expr(ns, "", arr)
             << " of size " << n << eom;
 #endif
     return array_of_exprt(from_integer(0, char_type), ret_type);
@@ -787,14 +787,14 @@ void string_refinementt::fill_model()
 
       current_model[elength]=len;
       current_model[econtent]=arr;
-      debug() << from_expr(to_symbol_expr(it.first)) << "="
-              << from_expr(refined);
+      debug() << from_expr(ns, "", to_symbol_expr(it.first)) << "="
+              << from_expr(ns, "", refined);
 
       if(arr.id()==ID_array)
         debug() << " = \"" << string_of_array(to_array_expr(arr))
-                << "\" (size:" << from_expr(len) << ")"<< eom;
+                << "\" (size:" << from_expr(ns, "", len) << ")"<< eom;
       else
-        debug() << " = " << from_expr(arr) << " (size:" << from_expr(len)
+        debug() << " = " << from_expr(ns, "", arr) << " (size:" << from_expr(ns, "", len)
                 << ")" << eom;
     }
     else
@@ -806,22 +806,22 @@ void string_refinementt::fill_model()
       exprt arr_model=get_array(arr);
       current_model[it.first]=arr_model;
 
-      debug() << from_expr(to_symbol_expr(it.first)) << "="
-              << from_expr(arr) << " = " << from_expr(arr_model) << "" << eom;
+      debug() << from_expr(ns, "", to_symbol_expr(it.first)) << "="
+              << from_expr(ns, "", arr) << " = " << from_expr(ns, "", arr_model) << "" << eom;
     }
   }
 
   for(auto it : generator.boolean_symbols)
   {
       debug() << "" << it.get_identifier() << " := "
-              << from_expr(supert::get(it)) << eom;
+              << from_expr(ns, "", supert::get(it)) << eom;
       current_model[it]=supert::get(it);
   }
 
   for(auto it : generator.index_symbols)
   {
      debug() << "" << it.get_identifier() << " := "
-              << from_expr(supert::get(it)) << eom;
+              << from_expr(ns, "", supert::get(it)) << eom;
      current_model[it]=supert::get(it);
   }
 }
@@ -956,7 +956,7 @@ void string_refinementt::add_negation_of_constraint_to_solver(
   and_exprt premise(axiom.premise(), axiom.univ_within_bounds());
   and_exprt negaxiom(premise, not_exprt(axiom.body()));
 
-  debug() << "(sr::check_axioms) negated axiom: " << from_expr(negaxiom) << eom;
+  debug() << "(sr::check_axioms) negated axiom: " << from_expr(ns, "", negaxiom) << eom;
   substitute_array_access(negaxiom);
   solver << negaxiom;
 }
@@ -1000,7 +1000,7 @@ bool string_refinementt::check_axioms()
         exprt val=solver.get(axiom_in_model.univ_var());
         debug() << "string constraint can be violated for "
                 << axiom_in_model.univ_var().get_identifier()
-                << " = " << from_expr(val) << eom;
+                << " = " << from_expr(ns, "", val) << eom;
         violated[i]=val;
       }
       break;
@@ -1047,7 +1047,7 @@ bool string_refinementt::check_axioms()
         implies_exprt instance(premise, body);
         replace_expr(symbol_resolve, instance);
         replace_expr(axiom.univ_var(), val, instance);
-        debug() << "adding counter example " << from_expr(instance) << eom;
+        debug() << "adding counter example " << from_expr(ns, "", instance) << eom;
         add_lemma(instance);
       }
     }
@@ -1282,8 +1282,8 @@ void string_refinementt::add_to_index_set(const exprt &s, exprt i)
   }
   if(index_set[s].insert(i).second)
   {
-    debug() << "adding to index set of " << from_expr(s)
-            << ": " << from_expr(i) << eom;
+    debug() << "adding to index set of " << from_expr(ns, "", s)
+            << ": " << from_expr(ns, "", i) << eom;
     current_index_set[s].insert(i);
   }
 }
@@ -1429,15 +1429,16 @@ void string_refinementt::instantiate_not_contains(
   exprt s0=axiom.s0();
   exprt s1=axiom.s1();
 
-  debug() << "instantiate not contains " << from_expr(s0) << " : "
-          << from_expr(s1) << eom;
+  debug() << "instantiate not contains " << from_expr(ns, "", s0) << " : "
+          << from_expr(ns, "", s1) << eom;
   expr_sett index_set0=index_set[to_string_expr(s0).content()];
   expr_sett index_set1=index_set[to_string_expr(s1).content()];
 
   for(auto it0 : index_set0)
     for(auto it1 : index_set1)
     {
-      debug() << from_expr(it0) << " : " << from_expr(it1) << eom;
+      debug() << from_expr(ns, "", it0) << " : " << from_expr(ns, "", it1)
+              << eom;
       exprt val=minus_exprt(it0, it1);
       exprt witness=generator.get_witness_of(axiom, val);
       and_exprt prem_and_is_witness(

From b0b21bbb57b2849c7472109200c9b60dcc7bceab Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Thu, 8 Jun 2017 15:32:58 +0100
Subject: [PATCH 321/699] Remove functions that are destined to be modelled in
 Java

Remove:
  - StringBuilder.append(Object)
  - StringBuilder.append(Float)
  - StringBuilder.append(Int)
  - StringBuilder.append(Long)

This functions should have java models for them provided instead of
having special treatments for them in the solver.
To be easier to maintain, the solver should only make atomic
operations available, such as concatenation of two strings and
conversion from primitive types to string.
---
 .../java_string_library_preprocess.cpp        | 155 +-----------------
 .../java_string_library_preprocess.h          |  11 --
 2 files changed, 8 insertions(+), 158 deletions(-)

diff --git a/src/java_bytecode/java_string_library_preprocess.cpp b/src/java_bytecode/java_string_library_preprocess.cpp
index 32a4fc73722..37650fb7ec4 100644
--- a/src/java_bytecode/java_string_library_preprocess.cpp
+++ b/src/java_bytecode/java_string_library_preprocess.cpp
@@ -770,65 +770,6 @@ codet java_string_library_preprocesst::
   return code;
 }
 
-/// \param type: type of the function called
-/// \param loc: location in the program
-/// \param symbol_table: symbol table
-/// \return code for the StringBuilder.append(Object) function: > string1 =
-///   arguments[1].toString() > string_expr1 = string_to_string_expr(string1) >
-///   string_expr2 = concat(this, string_expr1) > this =
-///   string_expr_to_string(string_expr2) > return this
-codet java_string_library_preprocesst::make_string_builder_append_object_code(
-  const code_typet &type,
-  const source_locationt &loc,
-  symbol_tablet &symbol_table)
-{
-  code_typet::parameterst params=type.parameters();
-  assert(params.size()==1);
-  exprt this_obj=symbol_exprt(params[0].get_identifier(), params[0].type());
-
-  // Code to be returned
-  code_blockt code;
-
-  // String expression that will hold the result
-  string_exprt string_expr1=fresh_string_expr(loc, symbol_table, code);
-
-  exprt::operandst arguments=process_parameters(
-    type.parameters(), loc, symbol_table, code);
-  assert(arguments.size()==2);
-
-  // > string1 = arguments[1].toString()
-  exprt string1=fresh_string(this_obj.type(), loc, symbol_table);
-  code_function_callt fun_call;
-  fun_call.lhs()=string1;
-  // TODO: we should look in the symbol table for such a symbol
-  fun_call.function()=symbol_exprt(
-    "java::java.lang.Object.toString:()Ljava/lang/String;");
-  fun_call.arguments().push_back(arguments[1]);
-  code_typet fun_type;
-  fun_type.return_type()=string1.type();
-  fun_call.function().type()=fun_type;
-  code.add(fun_call);
-
-  // > string_expr1 = string_to_string_expr(string1)
-  code.add(code_assign_java_string_to_string_expr(
-    string_expr1, string1, symbol_table));
-
-  // > string_expr2 = concat(this, string1)
-  exprt::operandst concat_arguments(arguments);
-  concat_arguments[1]=string_expr1;
-  string_exprt string_expr2=string_expr_of_function_application(
-    ID_cprover_string_concat_func, concat_arguments, loc, symbol_table, code);
-
-  // > this = string_expr
-  code.add(code_assign_string_expr_to_java_string(
-    this_obj, string_expr2, symbol_table));
-
-  // > return this
-  code.add(code_returnt(this_obj));
-
-  return code;
-}
-
 /// Used to provide code for the Java String.equals(Object) function.
 /// \param type: type of the function call
 /// \param loc: location in the program_invocation_name
@@ -856,71 +797,6 @@ codet java_string_library_preprocesst::make_equals_function_code(
   return code;
 }
 
-/// Used to provide code for the Java StringBuilder.append(F) function.
-/// \param type: type of the function call
-/// \param loc: location in the program_invocation_name
-/// \param symbol_table: symbol table
-/// \return Code corresponding to: > string1 = arguments[1].toString() >
-///   string_expr1 = string_to_string_expr(string1) > string_expr2 =
-///   concat(this, string_expr1) > this = string_expr_to_string(string_expr2) >
-///   return this
-codet java_string_library_preprocesst::make_string_builder_append_float_code(
-  const code_typet &type,
-  const source_locationt &loc,
-  symbol_tablet &symbol_table)
-{
-  code_typet::parameterst params=type.parameters();
-  assert(params.size()==1);
-  exprt this_obj=symbol_exprt(params[0].get_identifier(), params[0].type());
-
-  // Getting types
-  typet length_type=string_length_type();
-
-  // Code to be returned
-  code_blockt code;
-
-  // String expression that will hold the result
-  refined_string_typet ref_type(length_type, java_char_type());
-  string_exprt string_expr1=fresh_string_expr(loc, symbol_table, code);
-
-  exprt::operandst arguments=process_parameters(
-    type.parameters(), loc, symbol_table, code);
-  assert(arguments.size()==2);
-
-  // > string1 = arguments[1].toString()
-  exprt string1=fresh_string(this_obj.type(), loc, symbol_table);
-  code_function_callt fun_call;
-  fun_call.lhs()=string1;
-  // TODO: we should look in the symbol table for such a symbol
-  fun_call.function()=symbol_exprt(
-    "java::java.lang.Float.toString:()Ljava/lang/String;");
-  fun_call.arguments().push_back(arguments[1]);
-  code_typet fun_type;
-  fun_type.return_type()=string1.type();
-  fun_call.function().type()=fun_type;
-  code.add(fun_call);
-
-  // > string_expr1 = string_to_string_expr(string1)
-  code.add(code_assign_java_string_to_string_expr(
-    string_expr1, string1, symbol_table));
-
-  // > string_expr2 = concat(this, string1)
-  exprt::operandst concat_arguments(arguments);
-  concat_arguments[1]=string_expr1;
-
-  string_exprt string_expr2=string_expr_of_function_application(
-    ID_cprover_string_concat_func, concat_arguments, loc, symbol_table, code);
-
-  // > this = string_expr
-  code.add(code_assign_string_expr_to_java_string(
-    this_obj, string_expr2, symbol_table));
-
-  // > return this
-  code.add(code_returnt(this_obj));
-
-  return code;
-}
-
 /// construct a Java string literal from a constant string value
 /// \param s: a string
 /// \return an expression representing a Java string literal with the given
@@ -1739,29 +1615,14 @@ void java_string_library_preprocesst::initialize_conversion_table()
   cprover_equivalent_to_java_assign_and_return_function
     ["java::java.lang.StringBuilder.append:(D)Ljava/lang/StringBuilder;"]=
       ID_cprover_string_concat_double_func;
-  conversion_table
-    ["java::java.lang.StringBuilder.append:(F)Ljava/lang/StringBuilder;"]=
-      std::bind(
-        &java_string_library_preprocesst::make_string_builder_append_float_code,
-        this,
-        std::placeholders::_1,
-        std::placeholders::_2,
-        std::placeholders::_3);
-  cprover_equivalent_to_java_assign_and_return_function
-    ["java::java.lang.StringBuilder.append:(I)Ljava/lang/StringBuilder;"]=
-      ID_cprover_string_concat_int_func;
-  cprover_equivalent_to_java_assign_and_return_function
-    ["java::java.lang.StringBuilder.append:(J)Ljava/lang/StringBuilder;"]=
-      ID_cprover_string_concat_long_func;
-
-  conversion_table["java::java.lang.StringBuilder.append:"
-                   "(Ljava/lang/Object;)Ljava/lang/StringBuilder;"]=
-    std::bind(
-      &java_string_library_preprocesst::make_string_builder_append_object_code,
-      this,
-      std::placeholders::_1,
-      std::placeholders::_2,
-      std::placeholders::_3);
+  // Not supported: "java.lang.StringBuilder.append:"
+  //   "(F)Ljava/lang/StringBuilder;"
+  // Not supported: "java.lang.StringBuilder.append:(I)"
+  //   "Ljava/lang/StringBuilder;"
+  // Not supported: "java.lang.StringBuilder.append:(J)"
+  //   "Ljava/lang/StringBuilder;"
+  // Not supported: "java.lang.StringBuilder.append:"
+  //   "(Ljava/lang/Object;)Ljava/lang/StringBuilder;"
   cprover_equivalent_to_java_assign_and_return_function
     ["java::java.lang.StringBuilder.append:(Ljava/lang/String;)"
       "Ljava/lang/StringBuilder;"]=
diff --git a/src/java_bytecode/java_string_library_preprocess.h b/src/java_bytecode/java_string_library_preprocess.h
index e2297b8726a..81c98614fbd 100644
--- a/src/java_bytecode/java_string_library_preprocess.h
+++ b/src/java_bytecode/java_string_library_preprocess.h
@@ -113,22 +113,11 @@ class java_string_library_preprocesst:public messaget
   // A set tells us what java types should be considered as string objects
   std::unordered_set<irep_idt, irep_id_hash> string_types;
 
-  // Conversion functions
-  codet make_string_builder_append_object_code(
-    const code_typet &type,
-    const source_locationt &loc,
-    symbol_tablet &symbol_table);
-
   codet make_equals_function_code(
     const code_typet &type,
     const source_locationt &loc,
     symbol_tablet &symbol_table);
 
-  codet make_string_builder_append_float_code(
-    const code_typet &type,
-    const source_locationt &loc,
-    symbol_tablet &symbol_table);
-
   codet make_float_to_string_code(
     const code_typet &type,
     const source_locationt &loc,

From a95e8dc33021f2aa265bc2ff206714c9c481e54d Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Mon, 12 Jun 2017 11:00:01 +0100
Subject: [PATCH 322/699] Removing comments on non-supported functions in
 string preprocessing

We remove comments about non-supported method as models may be
provided for the ones that are not supported internally.
Ultimately all the methods that are not supported internally should
have models provided for them.
---
 .../java_string_library_preprocess.cpp        | 61 -------------------
 1 file changed, 61 deletions(-)

diff --git a/src/java_bytecode/java_string_library_preprocess.cpp b/src/java_bytecode/java_string_library_preprocess.cpp
index 37650fb7ec4..925135398fc 100644
--- a/src/java_bytecode/java_string_library_preprocess.cpp
+++ b/src/java_bytecode/java_string_library_preprocess.cpp
@@ -1417,7 +1417,6 @@ void java_string_library_preprocesst::initialize_conversion_table()
   cprover_equivalent_to_java_constructor
     ["java::java.lang.String.<init>:()V"]=
       ID_cprover_string_empty_string_func;
-  // Not supported java.lang.String.<init>:(Ljava/lang/StringBuffer;)
 
   cprover_equivalent_to_java_function
     ["java::java.lang.String.charAt:(I)C"]=
@@ -1434,7 +1433,6 @@ void java_string_library_preprocesst::initialize_conversion_table()
   cprover_equivalent_to_java_function
     ["java::java.lang.String.compareTo:(Ljava/lang/String;)I"]=
       ID_cprover_string_compare_to_func;
-  // Not supported "java.lang.String.contentEquals"
   cprover_equivalent_to_java_string_returning_function
     ["java::java.lang.String.concat:(Ljava/lang/String;)Ljava/lang/String;"]=
       ID_cprover_string_concat_func;
@@ -1461,9 +1459,6 @@ void java_string_library_preprocesst::initialize_conversion_table()
   cprover_equivalent_to_java_function
     ["java::java.lang.String.equalsIgnoreCase:(Ljava/lang/String;)Z"]=
       ID_cprover_string_equals_ignore_case_func;
-  // Not supported "java.lang.String.format"
-  // Not supported "java.lang.String.getBytes"
-  // Not supported "java.lang.String.getChars"
   cprover_equivalent_to_java_function
     ["java::java.lang.String.hashCode:()I"]=
       ID_cprover_string_hash_code_func;
@@ -1505,18 +1500,12 @@ void java_string_library_preprocesst::initialize_conversion_table()
         std::placeholders::_1,
         std::placeholders::_2,
         std::placeholders::_3);
-  // Not supported "java.lang.String.matches"
   cprover_equivalent_to_java_function
     ["java::java.lang.String.offsetByCodePoints:(II)I"]=
       ID_cprover_string_offset_by_code_point_func;
-  // Not supported "java.lang.String.regionMatches"
   cprover_equivalent_to_java_string_returning_function
     ["java::java.lang.String.replace:(CC)Ljava/lang/String;"]=
       ID_cprover_string_replace_func;
-  // Not supported "java.lang.String.replace:(LCharSequence;LCharSequence)"
-  // Not supported "java.lang.String.replaceAll"
-  // Not supported "java.lang.String.replaceFirst"
-  // Not supported "java.lang.String.split"
   cprover_equivalent_to_java_function
     ["java::java.lang.String.startsWith:(Ljava/lang/String;)Z"]=
       ID_cprover_string_startswith_func;
@@ -1543,12 +1532,9 @@ void java_string_library_preprocesst::initialize_conversion_table()
   cprover_equivalent_to_java_string_returning_function
     ["java::java.lang.String.toLowerCase:()Ljava/lang/String;"]=
       ID_cprover_string_to_lower_case_func;
-  // Not supported "java.lang.String.toLowerCase:(Locale)"
-  // Not supported "java.lang.String.toString:()"
   cprover_equivalent_to_java_string_returning_function
     ["java::java.lang.String.toUpperCase:()Ljava/lang/String;"]=
       ID_cprover_string_to_upper_case_func;
-  // Not supported "java.lang.String.toUpperCase:(Locale)"
   cprover_equivalent_to_java_string_returning_function
     ["java::java.lang.String.trim:()Ljava/lang/String;"]=
       ID_cprover_string_trim_func;
@@ -1576,7 +1562,6 @@ void java_string_library_preprocesst::initialize_conversion_table()
   cprover_equivalent_to_java_string_returning_function
     ["java::java.lang.String.valueOf:(J)Ljava/lang/String;"]=
       ID_cprover_string_of_long_func;
-  // Not supported "java.lang.String.valueOf:(LObject;)"
 
   // StringBuilder library
   conversion_table
@@ -1601,8 +1586,6 @@ void java_string_library_preprocesst::initialize_conversion_table()
     ["java::java.lang.StringBuilder.append:([C)"
       "Ljava/lang/StringBuilder;"]=
       ID_cprover_string_concat_func;
-  // Not supported: "java.lang.StringBuilder.append:([CII)"
-
   cprover_equivalent_to_java_assign_and_return_function
     ["java::java.lang.StringBuilder.append:(Ljava/lang/CharSequence;II)"
       "Ljava/lang/StringBuilder;"]=
@@ -1615,14 +1598,6 @@ void java_string_library_preprocesst::initialize_conversion_table()
   cprover_equivalent_to_java_assign_and_return_function
     ["java::java.lang.StringBuilder.append:(D)Ljava/lang/StringBuilder;"]=
       ID_cprover_string_concat_double_func;
-  // Not supported: "java.lang.StringBuilder.append:"
-  //   "(F)Ljava/lang/StringBuilder;"
-  // Not supported: "java.lang.StringBuilder.append:(I)"
-  //   "Ljava/lang/StringBuilder;"
-  // Not supported: "java.lang.StringBuilder.append:(J)"
-  //   "Ljava/lang/StringBuilder;"
-  // Not supported: "java.lang.StringBuilder.append:"
-  //   "(Ljava/lang/Object;)Ljava/lang/StringBuilder;"
   cprover_equivalent_to_java_assign_and_return_function
     ["java::java.lang.StringBuilder.append:(Ljava/lang/String;)"
       "Ljava/lang/StringBuilder;"]=
@@ -1631,8 +1606,6 @@ void java_string_library_preprocesst::initialize_conversion_table()
     ["java::java.lang.StringBuilder.appendCodePoint:(I)"
      "Ljava/lang/StringBuilder;"]=
       ID_cprover_string_concat_code_point_func;
-  // Not supported: "java.lang.StringBuilder.append:(Ljava/lang/StringBuffer;)"
-  // Not supported: "java.lang.StringBuilder.capacity:()"
   cprover_equivalent_to_java_function
     ["java::java.lang.StringBuilder.charAt:(I)C"]=
       ID_cprover_string_char_at_func;
@@ -1651,9 +1624,6 @@ void java_string_library_preprocesst::initialize_conversion_table()
   cprover_equivalent_to_java_assign_and_return_function
     ["java::java.lang.StringBuilder.deleteCharAt:(I)Ljava/lang/StringBuilder;"]=
     ID_cprover_string_delete_char_at_func;
-  // Not supported: "java.lang.StringBuilder.ensureCapacity:()"
-  // Not supported: "java.lang.StringBuilder.getChars:()"
-  // Not supported: "java.lang.StringBuilder.indexOf:()"
   cprover_equivalent_to_java_assign_and_return_function
     ["java::java.lang.StringBuilder.insert:(IZ)Ljava/lang/StringBuilder;"]=
       ID_cprover_string_insert_bool_func;
@@ -1666,35 +1636,25 @@ void java_string_library_preprocesst::initialize_conversion_table()
   cprover_equivalent_to_java_assign_and_return_function
     ["java::java.lang.StringBuilder.insert:(I[CII)Ljava/lang/StringBuilder;"]=
       ID_cprover_string_insert_func;
-  // Not supported "java.lang.StringBuilder.insert:(ILCharSequence;)"
-  // Not supported "java.lang.StringBuilder.insert:(ILCharSequence;II)"
-  // Not supported "java.lang.StringBuilder.insert:(ID)"
-  // Not supported "java.lang.StringBuilder.insert:(IF)"
   cprover_equivalent_to_java_assign_and_return_function
     ["java::java.lang.StringBuilder.insert:(II)Ljava/lang/StringBuilder;"]=
       ID_cprover_string_insert_int_func;
   cprover_equivalent_to_java_assign_and_return_function
     ["java::java.lang.StringBuilder.insert:(IJ)Ljava/lang/StringBuilder;"]=
       ID_cprover_string_insert_long_func;
-  // Not supported "java.lang.StringBuilder.insert:(ILObject;)"
   cprover_equivalent_to_java_assign_and_return_function
     ["java::java.lang.StringBuilder.insert:(ILjava/lang/String;)"
      "Ljava/lang/StringBuilder;"]=
       ID_cprover_string_insert_func;
-  // Not supported "java.lang.StringBuilder.lastIndexOf"
   conversion_table
     ["java::java.lang.StringBuilder.length:()I"]=
       conversion_table["java::java.lang.String.length:()I"];
-  // Not supported "java.lang.StringBuilder.offsetByCodePoints"
-  // Not supported "java.lang.StringBuilder.replace"
-  // Not supported "java.lang.StringBuilder.reverse"
   cprover_equivalent_to_java_assign_function
     ["java::java.lang.StringBuilder.setCharAt:(IC)V"]=
       ID_cprover_string_char_set_func;
   cprover_equivalent_to_java_assign_function
     ["java::java.lang.StringBuilder.setLength:(I)V"]=
       ID_cprover_string_set_length_func;
-  // Not supported "java.lang.StringBuilder.subSequence"
   cprover_equivalent_to_java_string_returning_function
     ["java::java.lang.StringBuilder.substring:(II)Ljava/lang/String;"]=
       ID_cprover_string_substring_func;
@@ -1709,8 +1669,6 @@ void java_string_library_preprocesst::initialize_conversion_table()
         std::placeholders::_1,
         std::placeholders::_2,
         std::placeholders::_3);
-  // Not supported "java.lang.StringBuilder.trimToSize"
-  // TODO clean irep ids from insert_char_array etc...
 
   // StringBuffer library
   conversion_table
@@ -1735,8 +1693,6 @@ void java_string_library_preprocesst::initialize_conversion_table()
     ["java::java.lang.StringBuffer.append:([C)"
       "Ljava/lang/StringBuffer;"]=
       ID_cprover_string_concat_func;
-  // Not supported: "java.lang.StringBuffer.append:([CII)"
-  // Not supported: "java.lang.StringBuffer.append:(LCharSequence;)"
   cprover_equivalent_to_java_assign_and_return_function
     ["java::java.lang.StringBuffer.append:(D)Ljava/lang/StringBuffer;"]=
       ID_cprover_string_concat_double_func;
@@ -1749,7 +1705,6 @@ void java_string_library_preprocesst::initialize_conversion_table()
   cprover_equivalent_to_java_assign_and_return_function
     ["java::java.lang.StringBuffer.append:(J)Ljava/lang/StringBuffer;"]=
       ID_cprover_string_concat_long_func;
-  // Not supported: "java.lang.StringBuffer.append:(LObject;)"
   cprover_equivalent_to_java_assign_and_return_function
     ["java::java.lang.StringBuffer.append:(Ljava/lang/String;)"
       "Ljava/lang/StringBuffer;"]=
@@ -1758,8 +1713,6 @@ void java_string_library_preprocesst::initialize_conversion_table()
     ["java::java.lang.StringBuffer.appendCodePoint:(I)"
      "Ljava/lang/StringBuffer;"]=
       ID_cprover_string_concat_code_point_func;
-  // Not supported: "java.lang.StringBuffer.append:(Ljava/lang/StringBuffer;)"
-  // Not supported: "java.lang.StringBuffer.capacity:()"
   cprover_equivalent_to_java_function
     ["java::java.lang.StringBuffer.charAt:(I)C"]=
       ID_cprover_string_char_at_func;
@@ -1778,9 +1731,6 @@ void java_string_library_preprocesst::initialize_conversion_table()
   cprover_equivalent_to_java_assign_and_return_function
     ["java::java.lang.StringBuffer.deleteCharAt:(I)Ljava/lang/StringBuffer;"]=
       ID_cprover_string_delete_char_at_func;
-  // Not supported: "java.lang.StringBuffer.ensureCapacity:()"
-  // Not supported: "java.lang.StringBuffer.getChars:()"
-  // Not supported: "java.lang.StringBuffer.indexOf:()"
   cprover_equivalent_to_java_assign_and_return_function
     ["java::java.lang.StringBuffer.insert:(IZ)Ljava/lang/StringBuffer;"]=
       ID_cprover_string_insert_bool_func;
@@ -1793,35 +1743,25 @@ void java_string_library_preprocesst::initialize_conversion_table()
   cprover_equivalent_to_java_assign_and_return_function
     ["java::java.lang.StringBuffer.insert:(I[CII)Ljava/lang/StringBuffer;"]=
       ID_cprover_string_insert_func;
-  // Not supported "java.lang.StringBuffer.insert:(ILCharSequence;)"
-  // Not supported "java.lang.StringBuffer.insert:(ILCharSequence;II)"
-  // Not supported "java.lang.StringBuffer.insert:(ID)"
-  // Not supported "java.lang.StringBuffer.insert:(IF)"
   cprover_equivalent_to_java_assign_and_return_function
     ["java::java.lang.StringBuffer.insert:(II)Ljava/lang/StringBuffer;"]=
       ID_cprover_string_insert_int_func;
   cprover_equivalent_to_java_assign_and_return_function
     ["java::java.lang.StringBuffer.insert:(IJ)Ljava/lang/StringBuffer;"]=
       ID_cprover_string_insert_long_func;
-  // Not supported "java.lang.StringBuffer.insert:(ILObject;)"
   cprover_equivalent_to_java_assign_and_return_function
     ["java::java.lang.StringBuffer.insert:(ILjava/lang/String;)"
      "Ljava/lang/StringBuffer;"]=
       ID_cprover_string_insert_func;
-  // Not supported "java.lang.StringBuffer.lastIndexOf"
   conversion_table
     ["java::java.lang.StringBuffer.length:()I"]=
       conversion_table["java::java.lang.String.length:()I"];
-  // Not supported "java.lang.StringBuffer.offsetByCodePoints"
-  // Not supported "java.lang.StringBuffer.replace"
-  // Not supported "java.lang.StringBuffer.reverse"
   cprover_equivalent_to_java_assign_function
     ["java::java.lang.StringBuffer.setCharAt:(IC)V"]=
       ID_cprover_string_char_set_func;
   cprover_equivalent_to_java_assign_function
     ["java::java.lang.StringBuffer.setLength:(I)V"]=
     ID_cprover_string_set_length_func;
-  // Not supported "java.lang.StringBuffer.subSequence"
   cprover_equivalent_to_java_string_returning_function
     ["java::java.lang.StringBuffer.substring:(II)Ljava/lang/String;"]=
       ID_cprover_string_substring_func;
@@ -1836,7 +1776,6 @@ void java_string_library_preprocesst::initialize_conversion_table()
         std::placeholders::_1,
         std::placeholders::_2,
         std::placeholders::_3);
-  // Not supported "java.lang.StringBuffer.trimToSize"
 
   // CharSequence library
   cprover_equivalent_to_java_function

From fdb6f2e5ceef3940a9d03cdd4ae3eade2ad464c5 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Mon, 12 Jun 2017 17:11:01 +0100
Subject: [PATCH 323/699] Ordering functions in alphabetic order in initialize
 conversion table

---
 .../java_string_library_preprocess.cpp        | 73 +++++++++++--------
 1 file changed, 41 insertions(+), 32 deletions(-)

diff --git a/src/java_bytecode/java_string_library_preprocess.cpp b/src/java_bytecode/java_string_library_preprocess.cpp
index 925135398fc..d19b649908a 100644
--- a/src/java_bytecode/java_string_library_preprocess.cpp
+++ b/src/java_bytecode/java_string_library_preprocess.cpp
@@ -1391,6 +1391,11 @@ void java_string_library_preprocesst::initialize_conversion_table()
                                                "java.lang.CharSequence",
                                                "java.lang.StringBuffer"};
 
+  // The following list of function is organized by libraries, with
+  // constructors first and then methods in alphabetic order.
+  // Methods that are not supported here should ultimately have Java models
+  // provided for them in the class-path.
+
   // String library
   conversion_table
     ["java::java.lang.String.<init>:(Ljava/lang/String;)V"]=
@@ -1576,9 +1581,6 @@ void java_string_library_preprocesst::initialize_conversion_table()
     ["java::java.lang.StringBuilder.<init>:()V"]=
       ID_cprover_string_empty_string_func;
 
-  cprover_equivalent_to_java_assign_and_return_function
-    ["java::java.lang.StringBuilder.append:(Z)Ljava/lang/StringBuilder;"]=
-      ID_cprover_string_concat_bool_func;
   cprover_equivalent_to_java_assign_and_return_function
     ["java::java.lang.StringBuilder.append:(C)Ljava/lang/StringBuilder;"]=
       ID_cprover_string_concat_char_func;
@@ -1586,22 +1588,24 @@ void java_string_library_preprocesst::initialize_conversion_table()
     ["java::java.lang.StringBuilder.append:([C)"
       "Ljava/lang/StringBuilder;"]=
       ID_cprover_string_concat_func;
-  cprover_equivalent_to_java_assign_and_return_function
-    ["java::java.lang.StringBuilder.append:(Ljava/lang/CharSequence;II)"
-      "Ljava/lang/StringBuilder;"]=
-      ID_cprover_string_concat_func;
-  cprover_equivalent_to_java_assign_and_return_function
-    ["java::java.lang.StringBuilder.append:(Ljava/lang/CharSequence;)"
-      "Ljava/lang/StringBuilder;"]=
-      ID_cprover_string_concat_func;
-
   cprover_equivalent_to_java_assign_and_return_function
     ["java::java.lang.StringBuilder.append:(D)Ljava/lang/StringBuilder;"]=
       ID_cprover_string_concat_double_func;
   cprover_equivalent_to_java_assign_and_return_function
-    ["java::java.lang.StringBuilder.append:(Ljava/lang/String;)"
-      "Ljava/lang/StringBuilder;"]=
-      ID_cprover_string_concat_func;
+      ["java::java.lang.StringBuilder.append:(Ljava/lang/CharSequence;II)"
+        "Ljava/lang/StringBuilder;"]=
+        ID_cprover_string_concat_func;
+    cprover_equivalent_to_java_assign_and_return_function
+      ["java::java.lang.StringBuilder.append:(Ljava/lang/CharSequence;)"
+        "Ljava/lang/StringBuilder;"]=
+        ID_cprover_string_concat_func;
+    cprover_equivalent_to_java_assign_and_return_function
+      ["java::java.lang.StringBuilder.append:(Ljava/lang/String;)"
+        "Ljava/lang/StringBuilder;"]=
+        ID_cprover_string_concat_func;
+  cprover_equivalent_to_java_assign_and_return_function
+    ["java::java.lang.StringBuilder.append:(Z)Ljava/lang/StringBuilder;"]=
+      ID_cprover_string_concat_bool_func;
   cprover_equivalent_to_java_assign_and_return_function
     ["java::java.lang.StringBuilder.appendCodePoint:(I)"
      "Ljava/lang/StringBuilder;"]=
@@ -1625,17 +1629,17 @@ void java_string_library_preprocesst::initialize_conversion_table()
     ["java::java.lang.StringBuilder.deleteCharAt:(I)Ljava/lang/StringBuilder;"]=
     ID_cprover_string_delete_char_at_func;
   cprover_equivalent_to_java_assign_and_return_function
-    ["java::java.lang.StringBuilder.insert:(IZ)Ljava/lang/StringBuilder;"]=
-      ID_cprover_string_insert_bool_func;
-  cprover_equivalent_to_java_assign_and_return_function
-    ["java::java.lang.StringBuilder.insert:(IC)Ljava/lang/StringBuilder;"]=
-      ID_cprover_string_insert_char_func;
+      ["java::java.lang.StringBuilder.insert:(IC)Ljava/lang/StringBuilder;"]=
+        ID_cprover_string_insert_char_func;
   cprover_equivalent_to_java_assign_and_return_function
     ["java::java.lang.StringBuilder.insert:(I[C)Ljava/lang/StringBuilder;"]=
       ID_cprover_string_insert_func;
   cprover_equivalent_to_java_assign_and_return_function
     ["java::java.lang.StringBuilder.insert:(I[CII)Ljava/lang/StringBuilder;"]=
       ID_cprover_string_insert_func;
+  cprover_equivalent_to_java_assign_and_return_function
+    ["java::java.lang.StringBuilder.insert:(IZ)Ljava/lang/StringBuilder;"]=
+      ID_cprover_string_insert_bool_func;
   cprover_equivalent_to_java_assign_and_return_function
     ["java::java.lang.StringBuilder.insert:(II)Ljava/lang/StringBuilder;"]=
       ID_cprover_string_insert_int_func;
@@ -1648,7 +1652,12 @@ void java_string_library_preprocesst::initialize_conversion_table()
       ID_cprover_string_insert_func;
   conversion_table
     ["java::java.lang.StringBuilder.length:()I"]=
-      conversion_table["java::java.lang.String.length:()I"];
+      std::bind(
+        &java_string_library_preprocesst::make_string_length_code,
+        this,
+        std::placeholders::_1,
+        std::placeholders::_2,
+        std::placeholders::_3);
   cprover_equivalent_to_java_assign_function
     ["java::java.lang.StringBuilder.setCharAt:(IC)V"]=
       ID_cprover_string_char_set_func;
@@ -1683,9 +1692,6 @@ void java_string_library_preprocesst::initialize_conversion_table()
     ["java::java.lang.StringBuffer.<init>:()V"]=
       ID_cprover_string_empty_string_func;
 
-  cprover_equivalent_to_java_assign_and_return_function
-    ["java::java.lang.StringBuffer.append:(Z)Ljava/lang/StringBuffer;"]=
-      ID_cprover_string_concat_bool_func;
   cprover_equivalent_to_java_assign_and_return_function
     ["java::java.lang.StringBuffer.append:(C)Ljava/lang/StringBuffer;"]=
       ID_cprover_string_concat_char_func;
@@ -1709,6 +1715,9 @@ void java_string_library_preprocesst::initialize_conversion_table()
     ["java::java.lang.StringBuffer.append:(Ljava/lang/String;)"
       "Ljava/lang/StringBuffer;"]=
       ID_cprover_string_concat_func;
+  cprover_equivalent_to_java_assign_and_return_function
+    ["java::java.lang.StringBuffer.append:(Z)Ljava/lang/StringBuffer;"]=
+      ID_cprover_string_concat_bool_func;
   cprover_equivalent_to_java_assign_and_return_function
     ["java::java.lang.StringBuffer.appendCodePoint:(I)"
      "Ljava/lang/StringBuffer;"]=
@@ -1731,9 +1740,6 @@ void java_string_library_preprocesst::initialize_conversion_table()
   cprover_equivalent_to_java_assign_and_return_function
     ["java::java.lang.StringBuffer.deleteCharAt:(I)Ljava/lang/StringBuffer;"]=
       ID_cprover_string_delete_char_at_func;
-  cprover_equivalent_to_java_assign_and_return_function
-    ["java::java.lang.StringBuffer.insert:(IZ)Ljava/lang/StringBuffer;"]=
-      ID_cprover_string_insert_bool_func;
   cprover_equivalent_to_java_assign_and_return_function
     ["java::java.lang.StringBuffer.insert:(IC)Ljava/lang/StringBuffer;"]=
       ID_cprover_string_insert_char_func;
@@ -1753,6 +1759,9 @@ void java_string_library_preprocesst::initialize_conversion_table()
     ["java::java.lang.StringBuffer.insert:(ILjava/lang/String;)"
      "Ljava/lang/StringBuffer;"]=
       ID_cprover_string_insert_func;
+  cprover_equivalent_to_java_assign_and_return_function
+    ["java::java.lang.StringBuffer.insert:(IZ)Ljava/lang/StringBuffer;"]=
+      ID_cprover_string_insert_bool_func;
   conversion_table
     ["java::java.lang.StringBuffer.length:()I"]=
       conversion_table["java::java.lang.String.length:()I"];
@@ -1763,10 +1772,10 @@ void java_string_library_preprocesst::initialize_conversion_table()
     ["java::java.lang.StringBuffer.setLength:(I)V"]=
     ID_cprover_string_set_length_func;
   cprover_equivalent_to_java_string_returning_function
-    ["java::java.lang.StringBuffer.substring:(II)Ljava/lang/String;"]=
+    ["java::java.lang.StringBuffer.substring:(I)Ljava/lang/String;"]=
       ID_cprover_string_substring_func;
   cprover_equivalent_to_java_string_returning_function
-    ["java::java.lang.StringBuffer.substring:(I)Ljava/lang/String;"]=
+    ["java::java.lang.StringBuffer.substring:(II)Ljava/lang/String;"]=
       ID_cprover_string_substring_func;
   conversion_table
     ["java::java.lang.StringBuffer.toString:()Ljava/lang/String;"]=
@@ -1802,12 +1811,12 @@ void java_string_library_preprocesst::initialize_conversion_table()
         std::placeholders::_1,
         std::placeholders::_2,
         std::placeholders::_3);
-  cprover_equivalent_to_java_string_returning_function
-    ["java::java.lang.Integer.toHexString:(I)Ljava/lang/String;"]=
-      ID_cprover_string_of_int_hex_func;
   cprover_equivalent_to_java_function
     ["java::java.lang.Integer.parseInt:(Ljava/lang/String;)I"]=
       ID_cprover_string_parse_int_func;
+  cprover_equivalent_to_java_string_returning_function
+    ["java::java.lang.Integer.toHexString:(I)Ljava/lang/String;"]=
+      ID_cprover_string_of_int_hex_func;
   cprover_equivalent_to_java_string_returning_function
     ["java::java.lang.Integer.toString:(I)Ljava/lang/String;"]=
       ID_cprover_string_of_int_func;

From 20e4def6a37040900006ae384e8b6975495d3897 Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Mon, 26 Jun 2017 10:23:06 +0100
Subject: [PATCH 324/699] Add preformatted message flag

This allows users of a message handler to note they have already formatted
a particular message according to its output conventions (currently XML or
JSON) and so output something more complicated than it can synthesise on its own.
---
 src/cbmc/bmc.cpp          |  4 ++--
 src/util/cout_message.cpp | 15 +++++++------
 src/util/cout_message.h   |  9 +++++---
 src/util/message.cpp      |  8 ++++---
 src/util/message.h        | 44 +++++++++++++++++++++++++++++----------
 src/util/ui_message.cpp   | 43 +++++++++++++++++++++++++++-----------
 src/util/ui_message.h     | 15 ++++++++-----
 7 files changed, 96 insertions(+), 42 deletions(-)

diff --git a/src/cbmc/bmc.cpp b/src/cbmc/bmc.cpp
index ae7741f423c..908a7931a69 100644
--- a/src/cbmc/bmc.cpp
+++ b/src/cbmc/bmc.cpp
@@ -66,7 +66,7 @@ void bmct::error_trace()
     {
       xmlt xml;
       convert(ns, goto_trace, xml);
-      status() << xml << eom;
+      status() << preformatted_output << xml << eom;
     }
     break;
 
@@ -83,7 +83,7 @@ void bmct::error_trace()
       result["status"]=json_stringt("failed");
       jsont &json_trace=result["trace"];
       convert(ns, goto_trace, json_trace);
-      status() << ",\n" << json_result << eom;
+      status() << preformatted_output << json_result << eom;
     }
     break;
   }
diff --git a/src/util/cout_message.cpp b/src/util/cout_message.cpp
index 357453bd20e..eb793e4f31c 100644
--- a/src/util/cout_message.cpp
+++ b/src/util/cout_message.cpp
@@ -31,9 +31,10 @@ cerr_message_handlert::cerr_message_handlert():
 
 void console_message_handlert::print(
   unsigned level,
-  const std::string &message)
+  const std::string &message,
+  bool preformatted)
 {
-  message_handlert::print(level, message);
+  message_handlert::print(level, message, preformatted);
 
   if(verbosity<level)
     return;
@@ -101,7 +102,8 @@ void gcc_message_handlert::print(
   unsigned level,
   const std::string &message,
   int sequence_number,
-  const source_locationt &location)
+  const source_locationt &location,
+  bool preformatted)
 {
   const irep_idt file=location.get_file();
   const irep_idt line=location.get_line();
@@ -139,14 +141,15 @@ void gcc_message_handlert::print(
 
   dest+=message;
 
-  print(level, dest);
+  print(level, dest, preformatted);
 }
 
 void gcc_message_handlert::print(
   unsigned level,
-  const std::string &message)
+  const std::string &message,
+  bool preformatted)
 {
-  message_handlert::print(level, message);
+  message_handlert::print(level, message, preformatted);
 
   // gcc appears to send everything to cerr
   if(verbosity>=level)
diff --git a/src/util/cout_message.h b/src/util/cout_message.h
index 39d4bddd349..df3fd535dd6 100644
--- a/src/util/cout_message.h
+++ b/src/util/cout_message.h
@@ -32,7 +32,8 @@ class console_message_handlert:public ui_message_handlert
   // level 4 and upwards go to cout, level 1-3 to cerr
   virtual void print(
     unsigned level,
-    const std::string &message) override;
+    const std::string &message,
+    bool preformatted) override;
 
   virtual void flush(unsigned level) override;
 };
@@ -43,13 +44,15 @@ class gcc_message_handlert:public ui_message_handlert
   // aims to imitate the messages gcc prints
   virtual void print(
     unsigned level,
-    const std::string &message) override;
+    const std::string &message,
+    bool preformatted) override;
 
   virtual void print(
     unsigned level,
     const std::string &message,
     int sequence_number,
-    const source_locationt &location) override;
+    const source_locationt &location,
+    bool preformatted) override;
 };
 
 #endif // CPROVER_UTIL_COUT_MESSAGE_H
diff --git a/src/util/message.cpp b/src/util/message.cpp
index ad0448adf28..522c9cd7b25 100644
--- a/src/util/message.cpp
+++ b/src/util/message.cpp
@@ -13,7 +13,8 @@ void message_handlert::print(
   unsigned level,
   const std::string &message,
   int sequence_number,
-  const source_locationt &location)
+  const source_locationt &location,
+  bool preformatted)
 {
   std::string dest;
 
@@ -51,12 +52,13 @@ void message_handlert::print(
     dest+=": ";
   dest+=message;
 
-  print(level, dest);
+  print(level, dest, preformatted);
 }
 
 void message_handlert::print(
   unsigned level,
-  const std::string &message)
+  const std::string &message,
+  bool preformatted)
 {
   if(level>=message_count.size())
     message_count.resize(level+1, 0);
diff --git a/src/util/message.h b/src/util/message.h
index 1d4b3d54e40..1f612b7082b 100644
--- a/src/util/message.h
+++ b/src/util/message.h
@@ -23,13 +23,17 @@ class message_handlert
   {
   }
 
-  virtual void print(unsigned level, const std::string &message) = 0;
+  virtual void print(
+    unsigned level,
+    const std::string &message,
+    bool preformatted) = 0;
 
   virtual void print(
     unsigned level,
     const std::string &message,
     int sequence_number,
-    const source_locationt &location);
+    const source_locationt &location,
+    bool preformatted);
 
   virtual void flush(unsigned level)
   {
@@ -59,18 +63,22 @@ class message_handlert
 class null_message_handlert:public message_handlert
 {
 public:
-  virtual void print(unsigned level, const std::string &message)
+  virtual void print(
+    unsigned level,
+    const std::string &message,
+    bool preformatted)
   {
-    message_handlert::print(level, message);
+    message_handlert::print(level, message, preformatted);
   }
 
   virtual void print(
     unsigned level,
     const std::string &message,
     int sequence_number,
-    const source_locationt &location)
+    const source_locationt &location,
+    bool preformatted)
   {
-    print(level, message);
+    print(level, message, preformatted);
   }
 };
 
@@ -81,9 +89,12 @@ class stream_message_handlert:public message_handlert
   {
   }
 
-  virtual void print(unsigned level, const std::string &message)
+  virtual void print(
+    unsigned level,
+    const std::string &message,
+    bool preformatted)
   {
-    message_handlert::print(level, message);
+    message_handlert::print(level, message, preformatted);
 
     if(verbosity>=level)
       out << message << '\n';
@@ -157,20 +168,23 @@ class messaget
       unsigned _message_level,
       messaget &_message):
       message_level(_message_level),
-      message(_message)
+      message(_message),
+      preformatted(false)
     {
     }
 
     mstreamt(const mstreamt &other):
       message_level(other.message_level),
       message(other.message),
-      source_location(other.source_location)
+      source_location(other.source_location),
+      preformatted(false)
     {
     }
 
     unsigned message_level;
     messaget &message;
     source_locationt source_location;
+    bool preformatted;
 
     template <class T>
     mstreamt &operator << (const T &x)
@@ -196,15 +210,23 @@ class messaget
         m.message_level,
         m.str(),
         -1,
-        m.source_location);
+        m.source_location,
+        m.preformatted);
       m.message.message_handler->flush(m.message_level);
     }
+    m.preformatted=false;
     m.clear(); // clears error bits
     m.str(std::string()); // clears the string
     m.source_location.clear();
     return m;
   }
 
+  static mstreamt &preformatted_output(mstreamt &m)
+  {
+    m.preformatted=true;
+    return m;
+  }
+
   // in lieu of std::endl
   static mstreamt &endl(mstreamt &m)
   {
diff --git a/src/util/ui_message.cpp b/src/util/ui_message.cpp
index e750c60e3bb..3a36e792edd 100644
--- a/src/util/ui_message.cpp
+++ b/src/util/ui_message.cpp
@@ -89,7 +89,8 @@ const char *ui_message_handlert::level_string(unsigned level)
 
 void ui_message_handlert::print(
   unsigned level,
-  const std::string &message)
+  const std::string &message,
+  bool preformatted)
 {
   if(verbosity>=level)
   {
@@ -98,7 +99,7 @@ void ui_message_handlert::print(
     case uit::PLAIN:
     {
       console_message_handlert console_message_handler;
-      console_message_handler.print(level, message);
+      console_message_handler.print(level, message, preformatted);
     }
     break;
 
@@ -107,7 +108,7 @@ void ui_message_handlert::print(
     {
       source_locationt location;
       location.make_nil();
-      print(level, message, -1, location);
+      print(level, message, -1, location, preformatted);
     }
     break;
     }
@@ -118,9 +119,10 @@ void ui_message_handlert::print(
   unsigned level,
   const std::string &message,
   int sequence_number,
-  const source_locationt &location)
+  const source_locationt &location,
+  bool preformatted)
 {
-  message_handlert::print(level, message);
+  message_handlert::print(level, message, preformatted);
 
   if(verbosity>=level)
   {
@@ -128,7 +130,7 @@ void ui_message_handlert::print(
     {
     case uit::PLAIN:
       message_handlert::print(
-        level, message, sequence_number, location);
+        level, message, sequence_number, location, preformatted);
       break;
 
     case uit::XML_UI:
@@ -144,7 +146,7 @@ void ui_message_handlert::print(
       std::string sequence_number_str=
         sequence_number>=0?std::to_string(sequence_number):"";
 
-      ui_msg(type, tmp_message, sequence_number_str, location);
+      ui_msg(type, tmp_message, sequence_number_str, location, preformatted);
     }
     break;
     }
@@ -155,7 +157,8 @@ void ui_message_handlert::ui_msg(
   const std::string &type,
   const std::string &msg1,
   const std::string &msg2,
-  const source_locationt &location)
+  const source_locationt &location,
+  bool preformatted)
 {
   switch(get_ui())
   {
@@ -163,11 +166,11 @@ void ui_message_handlert::ui_msg(
     break;
 
   case uit::XML_UI:
-    xml_ui_msg(type, msg1, msg2, location);
+    xml_ui_msg(type, msg1, msg2, location, preformatted);
     break;
 
   case uit::JSON_UI:
-    json_ui_msg(type, msg1, msg2, location);
+    json_ui_msg(type, msg1, msg2, location, preformatted);
     break;
   }
 }
@@ -176,8 +179,16 @@ void ui_message_handlert::xml_ui_msg(
   const std::string &type,
   const std::string &msg1,
   const std::string &msg2,
-  const source_locationt &location)
+  const source_locationt &location,
+  bool preformatted)
 {
+  if(preformatted)
+  {
+    // Expect the message is already an XML fragment.
+    std::cout << msg1 << '\n';
+    return;
+  }
+
   xmlt result;
   result.name="message";
 
@@ -196,8 +207,16 @@ void ui_message_handlert::json_ui_msg(
   const std::string &type,
   const std::string &msg1,
   const std::string &msg2,
-  const source_locationt &location)
+  const source_locationt &location,
+  bool preformatted)
 {
+  if(preformatted)
+  {
+    // Expect the message is already a JSON fragment.
+    std::cout << ",\n" << msg1;
+    return;
+  }
+
   json_objectt result;
 
   #if 0
diff --git a/src/util/ui_message.h b/src/util/ui_message.h
index 757108483f1..646c96d1ea4 100644
--- a/src/util/ui_message.h
+++ b/src/util/ui_message.h
@@ -44,32 +44,37 @@ class ui_message_handlert:public message_handlert
   // overloading
   virtual void print(
     unsigned level,
-    const std::string &message);
+    const std::string &message,
+    bool preformatted);
 
   // overloading
   virtual void print(
     unsigned level,
     const std::string &message,
     int sequence_number,
-    const source_locationt &location);
+    const source_locationt &location,
+    bool preformatted);
 
   virtual void xml_ui_msg(
     const std::string &type,
     const std::string &msg1,
     const std::string &msg2,
-    const source_locationt &location);
+    const source_locationt &location,
+    bool preformatted);
 
   virtual void json_ui_msg(
     const std::string &type,
     const std::string &msg1,
     const std::string &msg2,
-    const source_locationt &location);
+    const source_locationt &location,
+    bool preformatted);
 
   virtual void ui_msg(
     const std::string &type,
     const std::string &msg1,
     const std::string &msg2,
-    const source_locationt &location);
+    const source_locationt &location,
+    bool preformatted);
 
   const char *level_string(unsigned level);
 };

From 70d0cb0e0081ec5cf48d29668e3ebaeb63813717 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Mon, 19 Jun 2017 09:59:46 +0100
Subject: [PATCH 325/699] Forgotten premise in add_axioms_from_int

---
 .../refinement/string_constraint_generator_valueof.cpp | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/solvers/refinement/string_constraint_generator_valueof.cpp b/src/solvers/refinement/string_constraint_generator_valueof.cpp
index 9ad1845c9d0..7b060c1e27b 100644
--- a/src/solvers/refinement/string_constraint_generator_valueof.cpp
+++ b/src/solvers/refinement/string_constraint_generator_valueof.cpp
@@ -209,9 +209,9 @@ string_exprt string_constraint_generatort::add_axioms_from_bool(
 
 /// add axioms to say the string corresponds to the result of String.valueOf(I)
 /// or String.valueOf(J) java functions applied on the integer expression
-/// \par parameters: a signed integer expression, and a maximal size for the
-///   string
-/// representation
+/// \param i: a signed integer expression
+/// \param max_size: a maximal size for the string representation
+/// \param ref_type: type for refined strings
 /// \return a string expression
 string_exprt string_constraint_generatort::add_axioms_from_int(
   const exprt &i, size_t max_size, const refined_string_typet &ref_type)
@@ -299,10 +299,10 @@ string_exprt string_constraint_generatort::add_axioms_from_int(
       sum=new_sum;
     }
 
+    equal_exprt premise=res.axiom_for_has_length(size);
     exprt a5=conjunction(digit_constraints);
-    axioms.push_back(a5);
+    axioms.push_back(implies_exprt(premise, a5));
 
-    equal_exprt premise=res.axiom_for_has_length(size);
     implies_exprt a6(
       and_exprt(premise, starts_with_digit), equal_exprt(i, sum));
     axioms.push_back(a6);

From 8a803100e9a37d2b0aab7bc81b6113002d0e6c71 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Tue, 20 Jun 2017 09:36:27 +0100
Subject: [PATCH 326/699] Correcting when to do overflow check in
 add_axioms_from_int

When the number is positive we have to check for overflow even when
the index we look at is max_size-2.
---
 src/solvers/refinement/string_constraint_generator_valueof.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/solvers/refinement/string_constraint_generator_valueof.cpp b/src/solvers/refinement/string_constraint_generator_valueof.cpp
index 7b060c1e27b..92eea0392ae 100644
--- a/src/solvers/refinement/string_constraint_generator_valueof.cpp
+++ b/src/solvers/refinement/string_constraint_generator_valueof.cpp
@@ -288,7 +288,7 @@ string_exprt string_constraint_generatort::add_axioms_from_int(
         binary_relation_exprt(res[j], ID_le, nine_char));
       digit_constraints.push_back(is_number);
 
-      if(j>=max_size-1)
+      if(j>=max_size-2)
       {
         // check for overflows if the size is big
         and_exprt no_overflow(

From 15e88e7367d9c1c35537eac7b7fcbc8d5acf0cfe Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Tue, 20 Jun 2017 09:40:48 +0100
Subject: [PATCH 327/699] Making tests for int to string conversion more
 precise

We include both assertion that should hold and some that should fail.
---
 .../java_int_to_string/test.desc               |   7 +++++--
 .../java_int_to_string/test_int.class          | Bin 859 -> 1074 bytes
 .../java_int_to_string/test_int.java           |   6 +++++-
 3 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/regression/strings-smoke-tests/java_int_to_string/test.desc b/regression/strings-smoke-tests/java_int_to_string/test.desc
index 38fa5289bd2..e8d4260b1e0 100644
--- a/regression/strings-smoke-tests/java_int_to_string/test.desc
+++ b/regression/strings-smoke-tests/java_int_to_string/test.desc
@@ -1,7 +1,10 @@
 CORE
 test_int.class
 --refine-strings
-^EXIT=0$
+^EXIT=10$
 ^SIGNAL=0$
-^VERIFICATION SUCCESSFUL$
+assertion.* file test_int.java line 6 .* SUCCESS$
+assertion.* file test_int.java line 9 .* SUCCESS$
+assertion.* file test_int.java line 11 .* FAILURE$
+assertion.* file test_int.java line 13 .* FAILURE$
 --
diff --git a/regression/strings-smoke-tests/java_int_to_string/test_int.class b/regression/strings-smoke-tests/java_int_to_string/test_int.class
index eff0e5a422e2df360086c15be326751bd69c8115..ca4e3be5dc4cbe057e18e8f43a9813c6d11e4e1c 100644
GIT binary patch
delta 638
zcmYL{&rTCj6vltI?fmI5Xj7_UOBJn3DaG=qq6i{YFd-?c8jOj?3{8Whb!w)giER1|
z#1*W317l6VXrg;x!6$I*ni$WtsVwff=X~e8U%qo@e(7Da^7HT4??9RR7Q^H$u5dNZ
z5Z6p5Eb>em6fAUdai%C*Omp3&WH4hf%bdadUS+M5thVY-bIb8vXS>;W7zRZwc<#0p
zRyAm}gJ-T6ED83?aXq>68<SfK<;vNRBeZ1oh4a=aH63rKR1199+Y!176vMT^slVKG
zUiV}T$_jJ2-gG@TSP}JF>y5wnG5h3(%>p-VPH|chnH6Vcn_Da@Mo)w*?RLWt+?KcQ
z`z_z#w#^dD26t>$xT}ax&&`Ycz_7upO@(`(^J-CbN{As@l~y=HeUc=?h(x^yDpHc$
zeFA4VD^;9xj0%#J{Ex7sa_=VWFGQ+cq6eg=lCeXy1BSk#KR&|vk@zjm%`Rr~ka(X{
zOj><TXFy8FK9KG;XZiyBO#JU@gI=otaQ{R+v>feOE?`NniFKVU202U$Vz(mr1Nrt(
zWsq(88{Ww_!?DIg>kI61p0t!Y0U5?*vK)^@U`%GaAb5h<F<FC)$K)htG9o+vek58>
Rg<Xw^y&7)tk`xgx{{yz8ZT|oO

delta 380
zcmY+8%`O9B6o#K~+RitfPN^!YjK88xRrSYDtyJu=Vq+ykx@gcy%vL1spy{r6p^{ce
z*t-Q+z|y)AUuz{Nd2{l<Z_aaC#)n>h|9O4|ifo&NNtjG986<>lFl92$jAYhCClO?h
zq{%!B28)uE$r8&Fr(WKR`>)(;O%Oiv-1Cb=_xjj9yR1mk_3vza#UjJ1#Q=i>Etgle
zMV7TjN!Y2JMV^ABXtB<Qz?aDv1cq0+@lLBXPqJyTMd|TYl*FBlPy+#{gLqJjU|6Z%
zHw8gr45>Y;yn8e?up6<S(DqySn#7!_zfGV?=mq_xgM5p8s_>wNk!}<G>!hRR|4xsi
z^*M!vLMggZ9UDm!14m)Yn2e}o0IiEH8SRo(s?xE>m#-M>WdSs6r}uume{cL3uXr~U

diff --git a/regression/strings-smoke-tests/java_int_to_string/test_int.java b/regression/strings-smoke-tests/java_int_to_string/test_int.java
index f46411ed166..9ddbc332b6f 100644
--- a/regression/strings-smoke-tests/java_int_to_string/test_int.java
+++ b/regression/strings-smoke-tests/java_int_to_string/test_int.java
@@ -1,11 +1,15 @@
 public class test_int
 {
-   public static void main(/*String[] argv*/)
+   public static void main(int i)
    {
       String s = Integer.toString(12);
       assert(s.equals("12"));
       String t = Integer.toString(-23);
       System.out.println(t);
       assert(t.equals("-23"));
+      if(i==1)
+          assert(!s.equals("12"));
+      else if(i==2)
+          assert(!t.equals("-23"));
    }
 }

From 7fa229b3d7e5cee995928e7f9f9fd847667f6e71 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Fri, 23 Jun 2017 12:59:41 +0100
Subject: [PATCH 328/699] Update comments in add_axioms_from_int to reflect
 changes in the code

---
 .../string_constraint_generator_valueof.cpp    | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

diff --git a/src/solvers/refinement/string_constraint_generator_valueof.cpp b/src/solvers/refinement/string_constraint_generator_valueof.cpp
index 92eea0392ae..dfbe32ea8a0 100644
--- a/src/solvers/refinement/string_constraint_generator_valueof.cpp
+++ b/src/solvers/refinement/string_constraint_generator_valueof.cpp
@@ -266,8 +266,18 @@ string_exprt string_constraint_generatort::add_axioms_from_int(
 
   for(size_t size=1; size<=max_size; size++)
   {
-    // For each possible size, we add axioms:
-    // a5 : forall 1 <= j < size. '0' <= res[j] <= '9' && sum == 10 * (sum/10)
+    // For each possible size, we have:
+    // sum_0 = starts_with_digit ? res[0]-'0' : 0
+    // sum_j = 10 * sum_{j-1} + res[i] - '0'
+    // and add axioms:
+    // a5 : |res| == size =>
+    //        forall 1 <= j < size.
+    //          is_number && (j >= max_size-2 => no_overflow)
+    //     where is_number := '0' <= res[j] <= '9'
+    //     and no_overflow := sum_{j-1} = (10 * sum_{j-1} / 10)
+    //                        && sum_j >= sum_{j - 1}
+    //         (the first part avoid overflows in multiplication and
+    //          the second one in additions)
     // a6 : |res| == size && '0' <= res[0] <= '9' => i == sum
     // a7 : |res| == size && res[0] == '-' => i == -sum
 
@@ -300,8 +310,8 @@ string_exprt string_constraint_generatort::add_axioms_from_int(
     }
 
     equal_exprt premise=res.axiom_for_has_length(size);
-    exprt a5=conjunction(digit_constraints);
-    axioms.push_back(implies_exprt(premise, a5));
+    implies_exprt a5(premise, conjunction(digit_constraints));
+    axioms.push_back(a5);
 
     implies_exprt a6(
       and_exprt(premise, starts_with_digit), equal_exprt(i, sum));

From fb3ab81c0e071e09dc5b8aad9561436f1f230150 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Fri, 23 Jun 2017 13:01:58 +0100
Subject: [PATCH 329/699] Using PRECONDITION instead of assert

---
 .../refinement/string_constraint_generator_valueof.cpp       | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/src/solvers/refinement/string_constraint_generator_valueof.cpp b/src/solvers/refinement/string_constraint_generator_valueof.cpp
index dfbe32ea8a0..8b15bf6cbdc 100644
--- a/src/solvers/refinement/string_constraint_generator_valueof.cpp
+++ b/src/solvers/refinement/string_constraint_generator_valueof.cpp
@@ -216,9 +216,10 @@ string_exprt string_constraint_generatort::add_axioms_from_bool(
 string_exprt string_constraint_generatort::add_axioms_from_int(
   const exprt &i, size_t max_size, const refined_string_typet &ref_type)
 {
+  PRECONDITION(i.type().id()==ID_signedbv);
+  PRECONDITION(max_size<std::numeric_limits<size_t>::max());
   string_exprt res=fresh_string(ref_type);
   const typet &type=i.type();
-  assert(type.id()==ID_signedbv);
   exprt ten=from_integer(10, type);
   const typet &char_type=ref_type.get_char_type();
   const typet &index_type=ref_type.get_index_type();
@@ -262,8 +263,6 @@ string_exprt string_constraint_generatort::add_axioms_from_int(
     not_exprt(equal_exprt(res[1], zero_char)));
   axioms.push_back(a4);
 
-  assert(max_size<std::numeric_limits<size_t>::max());
-
   for(size_t size=1; size<=max_size; size++)
   {
     // For each possible size, we have:

From eaad10007287ca7e56c4387ae2e52810af647596 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Mon, 26 Jun 2017 10:09:21 +0100
Subject: [PATCH 330/699] Comment on the bound for overflow in int to string
 conversion

An overflow can happen when reaching the last index of a string of
maximal size which is max_size for negative numbers and
max_size - 1 for positive numbers because of the
abscence of a `-` (minus) sign
---
 .../refinement/string_constraint_generator_valueof.cpp        | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/solvers/refinement/string_constraint_generator_valueof.cpp b/src/solvers/refinement/string_constraint_generator_valueof.cpp
index 8b15bf6cbdc..7416bc1a341 100644
--- a/src/solvers/refinement/string_constraint_generator_valueof.cpp
+++ b/src/solvers/refinement/string_constraint_generator_valueof.cpp
@@ -297,6 +297,10 @@ string_exprt string_constraint_generatort::add_axioms_from_int(
         binary_relation_exprt(res[j], ID_le, nine_char));
       digit_constraints.push_back(is_number);
 
+      // An overflow can happen when reaching the last index of a string of
+      // maximal size which is `max_size` for negative numbers and
+      // `max_size - 1` for positive numbers because of the abscence of a `-`
+      // sign.
       if(j>=max_size-2)
       {
         // check for overflows if the size is big

From 4440343e17fde94eee7cb13b05850d86f13b9e1b Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Mon, 26 Jun 2017 11:22:34 +0100
Subject: [PATCH 331/699] Adding tests for String.valueOf(long)

---
 .../java_value_of_long/test.class              | Bin 0 -> 738 bytes
 .../java_value_of_long/test.desc               |   8 ++++++++
 .../java_value_of_long/test.java               |  17 +++++++++++++++++
 3 files changed, 25 insertions(+)
 create mode 100644 regression/strings-smoke-tests/java_value_of_long/test.class
 create mode 100644 regression/strings-smoke-tests/java_value_of_long/test.desc
 create mode 100644 regression/strings-smoke-tests/java_value_of_long/test.java

diff --git a/regression/strings-smoke-tests/java_value_of_long/test.class b/regression/strings-smoke-tests/java_value_of_long/test.class
new file mode 100644
index 0000000000000000000000000000000000000000..b559af818fb5ca1292d999a58f411fb5ee2a4f8a
GIT binary patch
literal 738
zcmY*X+foxj5IwWm&2Bauav@-hU?4_K&=4>23S~h7R%szT#Ij1>Cdo(*E*sqozu-5R
zAK+Q70!yp(-3LF$XUnoDTozuYd*+<(KHWXP{(buappAJO8I%nm{W$pD`eWk~rcy{_
z+QMaZshF6tVWDhc)<o6D71T^zWf-sVAP{~i2VSr$1KxE-pMh;LBp0P8!zT=hdgB#?
zzB1?whU~iZ#74B+75+;_CSaFKk4*iUqGdWE@4bD&-yNgYV$VI!V|NCT-xE)zib{nd
z2<LbB9(RyK-o!Nr*HL#chAhL_?K^kd_wGM<_~@4M95gV;P*U`k%f0Q^@`>m*-yirS
zt9d?x^r!+RZaBD!CPOZc-R$m&UU=@Q6Z+EIW-#}-8;Q*~3={R|jrBO@h_FCY5$_}J
z28wV7K1#XJps{7+pcR*9%P`p&f%HZHR5Ohzj0m8?Zef<Tl%XB6TuJp#UIL^Ic{&Sp
zn<mT18gqwWpA-?}bS6iSG)ELMLB67XfCioHS`pe(d5CJ|EA)-eFoq~L3&{hRL!`gM
zdVPr0&wb2PqO-V7_{SJmrL<A0D*YR(PpOmSS)?|F8f;ou22IkuN@^#GVIlDsHC>w`
o@4~76_DCp@FQgCP3}Nc~&=X%^#05@zQArGF&XVf5G^&5`Kbaqk(*OVf

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_value_of_long/test.desc b/regression/strings-smoke-tests/java_value_of_long/test.desc
new file mode 100644
index 00000000000..74c93ab1311
--- /dev/null
+++ b/regression/strings-smoke-tests/java_value_of_long/test.desc
@@ -0,0 +1,8 @@
+CORE
+test.class
+--refine-strings
+^EXIT=10$
+^SIGNAL=0$
+assertion.* file test.java line 11 .* SUCCESS$
+assertion.* file test.java line 16 .* FAILURE$
+--
diff --git a/regression/strings-smoke-tests/java_value_of_long/test.java b/regression/strings-smoke-tests/java_value_of_long/test.java
new file mode 100644
index 00000000000..a9ceaa964a7
--- /dev/null
+++ b/regression/strings-smoke-tests/java_value_of_long/test.java
@@ -0,0 +1,17 @@
+public class test
+{
+   public static void main(int i)
+   {
+      long l1=12345678901234L;
+      if(i == 0)
+      {
+          String s = String.valueOf(l1);
+          assert(s.equals("12345678901234"));
+      }
+      else
+      {
+          String s = String.valueOf(-l1);
+          assert(!s.equals("-12345678901234"));
+      }
+   }
+}

From 6b6f6cb45a2603b617194b1a211ce76044cab25c Mon Sep 17 00:00:00 2001
From: Joel Allred <joel.allred@diffblue.com>
Date: Thu, 11 May 2017 11:53:45 +0100
Subject: [PATCH 332/699] Add message for unknown cbmc option

During command line parsing, if an unknown option is read, store it and
output an error message at parse_options_baset::main

Add regression tests to check the feature.
---
 regression/cbmc/bad_option/main.c             | 3 +++
 regression/cbmc/bad_option/test.desc          | 7 +++++++
 regression/cbmc/bad_option/test_multiple.desc | 7 +++++++
 src/util/cmdline.cpp                          | 3 +++
 src/util/cmdline.h                            | 1 +
 src/util/parse_options.cpp                    | 9 +++++++++
 src/util/parse_options.h                      | 1 +
 7 files changed, 31 insertions(+)
 create mode 100644 regression/cbmc/bad_option/main.c
 create mode 100644 regression/cbmc/bad_option/test.desc
 create mode 100644 regression/cbmc/bad_option/test_multiple.desc

diff --git a/regression/cbmc/bad_option/main.c b/regression/cbmc/bad_option/main.c
new file mode 100644
index 00000000000..4cce7f667ff
--- /dev/null
+++ b/regression/cbmc/bad_option/main.c
@@ -0,0 +1,3 @@
+int main() {
+  return 0;
+}
diff --git a/regression/cbmc/bad_option/test.desc b/regression/cbmc/bad_option/test.desc
new file mode 100644
index 00000000000..c7f22f5b873
--- /dev/null
+++ b/regression/cbmc/bad_option/test.desc
@@ -0,0 +1,7 @@
+CORE
+main.c
+-foo
+^EXIT=(64|1)$
+^SIGNAL=0$
+Unknown option: -foo
+--
diff --git a/regression/cbmc/bad_option/test_multiple.desc b/regression/cbmc/bad_option/test_multiple.desc
new file mode 100644
index 00000000000..30697b2267d
--- /dev/null
+++ b/regression/cbmc/bad_option/test_multiple.desc
@@ -0,0 +1,7 @@
+CORE
+main.c
+--trace --foo --refine-strings
+^EXIT=(64|1)$
+^SIGNAL=0$
+Unknown option: --foo
+--
diff --git a/src/util/cmdline.cpp b/src/util/cmdline.cpp
index 10ca6ac97c8..ab62a9b63a5 100644
--- a/src/util/cmdline.cpp
+++ b/src/util/cmdline.cpp
@@ -185,7 +185,10 @@ bool cmdlinet::parse(int argc, const char **argv, const char *optstring)
       }
 
       if(optnr<0)
+      {
+        unknown_arg=argv[i];
         return true;
+      }
       options[optnr].isset=true;
       if(options[optnr].hasval)
       {
diff --git a/src/util/cmdline.h b/src/util/cmdline.h
index 94ac1db5c6f..2d58daa8d44 100644
--- a/src/util/cmdline.h
+++ b/src/util/cmdline.h
@@ -33,6 +33,7 @@ class cmdlinet
 
   typedef std::vector<std::string> argst;
   argst args;
+  std::string unknown_arg;
 
   cmdlinet();
   virtual ~cmdlinet();
diff --git a/src/util/parse_options.cpp b/src/util/parse_options.cpp
index 2e4d91e75e9..75235cc9cf5 100644
--- a/src/util/parse_options.cpp
+++ b/src/util/parse_options.cpp
@@ -37,11 +37,20 @@ void parse_options_baset::usage_error()
   help();
 }
 
+/// Print an error message mentioning the option that was not recognized when
+/// parsing the command line.
+void parse_options_baset::unknown_option_msg()
+{
+  if(!cmdline.unknown_arg.empty())
+    std::cerr << "Unknown option: " << cmdline.unknown_arg << "\n";
+}
+
 int parse_options_baset::main()
 {
   if(parse_result)
   {
     usage_error();
+    unknown_option_msg();
     return EX_USAGE;
   }
 
diff --git a/src/util/parse_options.h b/src/util/parse_options.h
index 73f436cf331..b2e64722e85 100644
--- a/src/util/parse_options.h
+++ b/src/util/parse_options.h
@@ -31,6 +31,7 @@ class parse_options_baset
   virtual ~parse_options_baset() { }
 
 private:
+  void unknown_option_msg();
   bool parse_result;
 };
 

From 0e5b254cfae97d195665a21af4c04567e1f8bd00 Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Fri, 23 Jun 2017 16:27:47 +0100
Subject: [PATCH 333/699] Java frontend: Set source locations on instructions
 in code_blocks

This could lead to coverage goals not being assigned when the only instructions
in a function were putstatic or other Java instructions that compile to a
composite block.
---
 .../putstatic_source_location/test.class      | Bin 0 -> 320 bytes
 .../putstatic_source_location/test.desc       |   6 ++++++
 .../putstatic_source_location/test.java       |  11 ++++++++++
 .../java_bytecode_convert_method.cpp          |  20 +++++++++++++++++-
 src/util/source_location.cpp                  |   9 ++++++++
 src/util/source_location.h                    |   4 ++++
 6 files changed, 49 insertions(+), 1 deletion(-)
 create mode 100644 regression/cbmc-java/putstatic_source_location/test.class
 create mode 100644 regression/cbmc-java/putstatic_source_location/test.desc
 create mode 100644 regression/cbmc-java/putstatic_source_location/test.java

diff --git a/regression/cbmc-java/putstatic_source_location/test.class b/regression/cbmc-java/putstatic_source_location/test.class
new file mode 100644
index 0000000000000000000000000000000000000000..5507bc508cd2e1479445c5428e780ecf30ac8108
GIT binary patch
literal 320
zcmZvWyG{Z@7)HN;ci0;%pw<+0Kp~AKp&>CbAy8oKXV(cCvMdQM#@8|yCKNt^4`uvj
zW1xUyE;)0~%>4Wwz5(3hHi1GrhL28&>ku~rdFOZ(1Y=v;Y9jFagJ*%7ZeNU`J+q~m
z?>Cv*J?X3<Q5$VbK{U>b{~%dz_q*IYSa%#(=C!(8>o=VuM3ka|fRUquj^m?3m#fht
zTbsN>k6%&z8bfDt=X1}nCP0^~kT!;2kdInSI0rR!QS+$wYDQIk!aJ!6JlFG;fNFZK
Q`xo?xdd&N-n0jda0e)sFNB{r;

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/putstatic_source_location/test.desc b/regression/cbmc-java/putstatic_source_location/test.desc
new file mode 100644
index 00000000000..131860ef72d
--- /dev/null
+++ b/regression/cbmc-java/putstatic_source_location/test.desc
@@ -0,0 +1,6 @@
+CORE
+test.class
+--show-goto-functions
+^EXIT=0$
+^SIGNAL=0$
+test\.java line 5 function java::test.main:\(\)V bytecode_index 1
diff --git a/regression/cbmc-java/putstatic_source_location/test.java b/regression/cbmc-java/putstatic_source_location/test.java
new file mode 100644
index 00000000000..9f1b4f1ba06
--- /dev/null
+++ b/regression/cbmc-java/putstatic_source_location/test.java
@@ -0,0 +1,11 @@
+public class test {
+
+  public static int x;
+  public static void main() {
+    x = 1;
+  }
+  static {
+    x = 0;
+  }
+
+}
diff --git a/src/java_bytecode/java_bytecode_convert_method.cpp b/src/java_bytecode/java_bytecode_convert_method.cpp
index 6137931617f..69fb187aa7b 100644
--- a/src/java_bytecode/java_bytecode_convert_method.cpp
+++ b/src/java_bytecode/java_bytecode_convert_method.cpp
@@ -982,6 +982,24 @@ static unsigned get_bytecode_type_width(const typet &ty)
   return ty.get_unsigned_int(ID_width);
 }
 
+/// Merge code's source location with source_location, and recursively
+/// do the same to operand code. Typically this is used for a code_blockt
+/// as is generated for some Java operations such as "putstatic", but will
+/// also work if they generate conditionals, loops, etc.
+/// Merge means that any fields already set in code.add_source_location()
+/// remain so; any new ones from source_location are added.
+static void merge_source_location_rec(
+  codet &code,
+  const source_locationt &source_location)
+{
+  code.add_source_location().merge(source_location);
+  for(exprt &op : code.operands())
+  {
+    if(op.id()==ID_code)
+      merge_source_location_rec(to_code(op), source_location);
+  }
+}
+
 codet java_bytecode_convert_methodt::convert_instructions(
   const methodt &method,
   const code_typet &method_type,
@@ -2376,7 +2394,7 @@ codet java_bytecode_convert_methodt::convert_instructions(
     }
 
     if(!i_it->source_location.get_line().empty())
-      c.add_source_location()=i_it->source_location;
+      merge_source_location_rec(c, i_it->source_location);
 
     push(results);
 
diff --git a/src/util/source_location.cpp b/src/util/source_location.cpp
index 6ec49d530f3..e8a644448ba 100644
--- a/src/util/source_location.cpp
+++ b/src/util/source_location.cpp
@@ -62,6 +62,15 @@ std::string source_locationt::as_string(bool print_cwd) const
   return dest;
 }
 
+void source_locationt::merge(const source_locationt &from)
+{
+  forall_named_irep(it, from.get_named_sub())
+  {
+    if(get(it->first).empty())
+      set(it->first, it->second);
+  }
+}
+
 std::ostream &operator << (
   std::ostream &out,
   const source_locationt &source_location)
diff --git a/src/util/source_location.h b/src/util/source_location.h
index 95bef820ae9..2485113a0b6 100644
--- a/src/util/source_location.h
+++ b/src/util/source_location.h
@@ -162,6 +162,10 @@ class source_locationt:public irept
     return is_built_in(id2string(get_file()));
   }
 
+  /// Set all unset source-location fields in this object to their values in
+  /// 'from'. Leave set fields in this object alone.
+  void merge(const source_locationt &from);
+
   static const source_locationt &nil()
   {
     return static_cast<const source_locationt &>(get_nil_irep());

From 33fc907df07d64780940c199b4628f25c338c9a0 Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Fri, 23 Jun 2017 16:58:37 +0100
Subject: [PATCH 334/699] Call remove-skip before coverage instrumentation

This prevents creating a spurious extra goal due to a trivial GOTO
(one which targets the natural successor instruction, e.g. goto x; x: ...)
In the Java frontend case these were usually due to a return instruction
at the end of the function, which gets lowered to GOTO end when end is the
successor in any case.

This may cause number of tests to harmlessly decrease by up to one per
function. The actual coverage achieved should not change as the GOTO is
already part of a basic block.

The advantage of doing this is (a) our behaviour is not brittle in the face
of a GOTO program processing step that (may) call remove_skip, and (b)
the GOTO program being instrumented is closer to the one shown by
--show-goto-functions, making debugging easier and the existence of goals
more logical.
---
 src/cbmc/cbmc_parse_options.cpp   | 6 +++++-
 src/symex/symex_parse_options.cpp | 5 +++++
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/src/cbmc/cbmc_parse_options.cpp b/src/cbmc/cbmc_parse_options.cpp
index 772b62d9b74..eac3893130d 100644
--- a/src/cbmc/cbmc_parse_options.cpp
+++ b/src/cbmc/cbmc_parse_options.cpp
@@ -887,6 +887,10 @@ bool cbmc_parse_optionst::process_goto_program(
       remove_unused_functions(goto_functions, ui_message_handler);
     }
 
+    // remove skips such that trivial GOTOs are deleted and not considered
+    // for coverage annotation:
+    remove_skip(goto_functions);
+
     // instrument cover goals
     if(cmdline.isset("cover"))
     {
@@ -915,7 +919,7 @@ bool cbmc_parse_optionst::process_goto_program(
         full_slicer(goto_functions, ns);
     }
 
-    // remove skips
+    // remove any skips introduced since coverage instrumentation
     remove_skip(goto_functions);
     goto_functions.update();
   }
diff --git a/src/symex/symex_parse_options.cpp b/src/symex/symex_parse_options.cpp
index 72f5b559a5f..44aff6e4596 100644
--- a/src/symex/symex_parse_options.cpp
+++ b/src/symex/symex_parse_options.cpp
@@ -34,6 +34,7 @@ Author: Daniel Kroening, kroening@kroening.com
 #include <goto-programs/goto_inline.h>
 #include <goto-programs/xml_goto_trace.h>
 #include <goto-programs/remove_complex.h>
+#include <goto-programs/remove_skip.h>
 #include <goto-programs/remove_vector.h>
 #include <goto-programs/remove_virtual_functions.h>
 #include <goto-programs/remove_exceptions.h>
@@ -321,6 +322,10 @@ bool symex_parse_optionst::process_goto_program(const optionst &options)
       remove_unused_functions(goto_model.goto_functions, ui_message_handler);
     }
 
+    // remove skips such that trivial GOTOs are deleted and not considered
+    // for coverage annotation:
+    remove_skip(goto_model.goto_functions);
+
     if(cmdline.isset("cover"))
     {
       std::string criterion=cmdline.get_value("cover");

From 20f3951729940a97b9bac5dfe7cb054c36faa54b Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Mon, 26 Jun 2017 15:00:02 +0100
Subject: [PATCH 335/699] Correction of line numbers in valueOf(long) test

---
 regression/strings-smoke-tests/java_value_of_long/test.desc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/regression/strings-smoke-tests/java_value_of_long/test.desc b/regression/strings-smoke-tests/java_value_of_long/test.desc
index 74c93ab1311..f96a114f708 100644
--- a/regression/strings-smoke-tests/java_value_of_long/test.desc
+++ b/regression/strings-smoke-tests/java_value_of_long/test.desc
@@ -3,6 +3,6 @@ test.class
 --refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
-assertion.* file test.java line 11 .* SUCCESS$
-assertion.* file test.java line 16 .* FAILURE$
+assertion.* file test.java line 9 .* SUCCESS$
+assertion.* file test.java line 14 .* FAILURE$
 --

From 913de981ba3237418e5a3b91c3cc29863b1b7994 Mon Sep 17 00:00:00 2001
From: Lucas Cordeiro <lucasccordeiro@gmail.com>
Date: Thu, 6 Apr 2017 17:03:44 +0100
Subject: [PATCH 336/699] check for java bytecode index in the existing
 coverage

check whether the java bytecode index matches for the
existing coverage goals.
---
 src/goto-instrument/cover.cpp | 16 +++++++++++-----
 src/goto-instrument/cover.h   |  2 +-
 2 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/src/goto-instrument/cover.cpp b/src/goto-instrument/cover.cpp
index a48e6659f9a..73813fe776c 100644
--- a/src/goto-instrument/cover.cpp
+++ b/src/goto-instrument/cover.cpp
@@ -161,14 +161,20 @@ void coverage_goalst::add_goal(source_locationt goal)
   existing_goals.push_back(goal);
 }
 
-bool coverage_goalst::is_existing_goal(source_locationt source_location) const
+/// compare the value of the current goal to the existing ones
+/// \param source_loc: source location of the current goal
+/// \return true : if the current goal exists false : otherwise
+bool coverage_goalst::is_existing_goal(source_locationt source_loc) const
 {
   for(const auto &existing_loc : existing_goals)
   {
-    if(source_location.get_file()==existing_loc.get_file() &&
-       source_location.get_function()==existing_loc.get_function() &&
-       source_location.get_line()==existing_loc.get_line())
-      return true;
+    if((source_loc.get_file()==existing_loc.get_file()) &&
+       (source_loc.get_function()==existing_loc.get_function()) &&
+       (source_loc.get_line()==existing_loc.get_line()) &&
+       (source_loc.get_java_bytecode_index().empty() ||
+         (source_loc.get_java_bytecode_index()==
+           existing_loc.get_java_bytecode_index())))
+        return true;
   }
   return false;
 }
diff --git a/src/goto-instrument/cover.h b/src/goto-instrument/cover.h
index 06fc0ede321..20c67b32ee1 100644
--- a/src/goto-instrument/cover.h
+++ b/src/goto-instrument/cover.h
@@ -25,7 +25,7 @@ class coverage_goalst
     message_handlert &message_handler,
     coverage_goalst &goals);
   void add_goal(source_locationt goal);
-  bool is_existing_goal(source_locationt source_location) const;
+  bool is_existing_goal(source_locationt source_loc) const;
 
 private:
   std::vector<source_locationt> existing_goals;

From a63f2bbd067f83e3b845b9e9af2baa4573ac94bc Mon Sep 17 00:00:00 2001
From: Lucas Cordeiro <lucasccordeiro@gmail.com>
Date: Tue, 27 Jun 2017 09:21:10 +0100
Subject: [PATCH 337/699] replaced assertion by invariant in cover.cpp

---
 src/goto-instrument/cover.cpp | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/goto-instrument/cover.cpp b/src/goto-instrument/cover.cpp
index 73813fe776c..a8ba1febf86 100644
--- a/src/goto-instrument/cover.cpp
+++ b/src/goto-instrument/cover.cpp
@@ -64,7 +64,8 @@ class basic_blockst
     format_number_ranget format_lines;
     for(const auto &cover_set : block_line_cover_map)
     {
-      assert(!cover_set.second.empty());
+      INVARIANT(!cover_set.second.empty(),
+        "covered lines set must not be empty");
       std::vector<unsigned>
         line_list{cover_set.second.begin(), cover_set.second.end()};
 

From edd7b0a5d61a5ff42a5a78b1dd3322731319a51c Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Tue, 27 Jun 2017 16:28:41 +0100
Subject: [PATCH 338/699] Fix remove_pointer_offsets

This previously stripped pointer_offset_exprt, which wasn't correct--
it should mask the pointer expression within it to give the offset
between the operand address and the base of its allocation.
---
 regression/cbmc-java/json_trace1/Test.class | Bin 0 -> 382 bytes
 regression/cbmc-java/json_trace1/Test.java  |  21 ++++++++++++++++++++
 regression/cbmc-java/json_trace1/test.desc  |   7 +++++++
 src/goto-programs/json_goto_trace.cpp       |  13 ++++++++++--
 4 files changed, 39 insertions(+), 2 deletions(-)
 create mode 100644 regression/cbmc-java/json_trace1/Test.class
 create mode 100644 regression/cbmc-java/json_trace1/Test.java
 create mode 100644 regression/cbmc-java/json_trace1/test.desc

diff --git a/regression/cbmc-java/json_trace1/Test.class b/regression/cbmc-java/json_trace1/Test.class
new file mode 100644
index 0000000000000000000000000000000000000000..2f57ffa3c577a4f58a983c12d2892cb3b872e48a
GIT binary patch
literal 382
zcmXX=J4?e*6#j0Kn>2kTpi?n}POSw?RS>}zY{ALL(Bk6aZ5t%DO{J#(4@YrOT)K2|
z5*+#iT>L+RkM9QWaL)HS=iHB<_a%T`_*s}JI4C;s1nh$-j*_N;S+1N5SnbIm6!4Ct
zI6R$=d*QUJdLt^<SVggbEMK%LErCKOQT^)^b@Oj$JCoV8A09<I>vqH2WNWDIR2~*2
zhqWN!YpFI;@m1}tHw^m;)?x57`WavhlGP>)*af@Xe1mu;5O7%SRMbWWF0qb2a@1mP
zSC_u~1ZgbHhS>~!_XYK8uwy+Vw`N`5H|8jj%9IW?&5=Ind_cQ7|NS%;Tw|n%wvi{c
th$RnYkYimz7A2w$dKDB<M-hAQuutzWbwR~;zhMfoT6DfREtuCk^M8>{JzW3*

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/json_trace1/Test.java b/regression/cbmc-java/json_trace1/Test.java
new file mode 100644
index 00000000000..79cb55bfdf9
--- /dev/null
+++ b/regression/cbmc-java/json_trace1/Test.java
@@ -0,0 +1,21 @@
+public class Test {
+
+  byte main(byte[] a) {
+    if (a.length != 9) {
+      return -1;
+    }
+
+    byte diff = 0;
+    for (byte i = 0; i < 9; i++) {
+      if (a[i] == 1) {
+        diff++;
+      } else if (a[i] == 2) {
+        diff--;
+      } else if (a[i] != 0) {
+        return -1;
+      }
+    }
+
+    return -1;
+  }
+}
diff --git a/regression/cbmc-java/json_trace1/test.desc b/regression/cbmc-java/json_trace1/test.desc
new file mode 100644
index 00000000000..c7596faa19d
--- /dev/null
+++ b/regression/cbmc-java/json_trace1/test.desc
@@ -0,0 +1,7 @@
+CORE
+Test.class
+--cover location --trace --json-ui
+^EXIT=0$
+^SIGNAL=0$
+--
+^warning: ignoring
diff --git a/src/goto-programs/json_goto_trace.cpp b/src/goto-programs/json_goto_trace.cpp
index 538bad49eff..316b83b41f7 100644
--- a/src/goto-programs/json_goto_trace.cpp
+++ b/src/goto-programs/json_goto_trace.cpp
@@ -17,6 +17,7 @@ Author: Daniel Kroening
 #include <util/arith_tools.h>
 
 #include <langapi/language_util.h>
+#include <solvers/flattening/pointer_logic.h>
 
 #include "json_goto_trace.h"
 
@@ -25,8 +26,16 @@ Author: Daniel Kroening
 /// \param src: an expression
 void remove_pointer_offsets(exprt &src)
 {
-  if(src.id()==ID_pointer_offset && src.op0().id()==ID_constant)
-    src=src.op0();
+  if(src.id()==ID_pointer_offset &&
+     src.op0().id()==ID_constant &&
+     src.op0().type().id()==ID_pointer)
+  {
+    std::string binary_str=id2string(to_constant_expr(src.op0()).get_value());
+    // The constant address consists of OBJECT-ID || OFFSET.
+    // Shift out the object-identifier bits, leaving only the offset:
+    mp_integer offset=binary2integer(binary_str.substr(BV_ADDR_BITS), false);
+    src=from_integer(offset, src.type());
+  }
   else
     for(auto &op : src.operands())
       remove_pointer_offsets(op);

From 9ccdd32348867b91cc5c5ed73260fe0c2c468c6e Mon Sep 17 00:00:00 2001
From: thk123 <thomas@diffblue.com>
Date: Tue, 6 Jun 2017 13:45:30 +0100
Subject: [PATCH 339/699] Split up gen_nondet_init function

Broke up the code handling initilising a pointer into a standalone
funciton.
---
 src/java_bytecode/java_object_factory.cpp | 239 +++++++++++++---------
 1 file changed, 140 insertions(+), 99 deletions(-)

diff --git a/src/java_bytecode/java_object_factory.cpp b/src/java_bytecode/java_object_factory.cpp
index ff00c5b1ef7..bb982e05168 100644
--- a/src/java_bytecode/java_object_factory.cpp
+++ b/src/java_bytecode/java_object_factory.cpp
@@ -117,6 +117,15 @@ class java_object_factoryt
     bool override,
     const typet &override_type,
     update_in_placet);
+
+private:
+  void gen_nondet_pointer_init(
+    code_blockt &assignments,
+    const exprt &expr,
+    const irep_idt &class_identifier,
+    bool create_dynamic_objects,
+    const pointer_typet &pointer_type,
+    const update_in_placet &update_in_place);
 };
 
 /// Generates code for allocating a dynamic object. This is used in
@@ -347,6 +356,132 @@ void java_object_factoryt::gen_pointer_target_init(
   }
 }
 
+/// Initialises a primitive or object tree rooted at `expr`, of type pointer. It
+/// allocates child objects as necessary and nondet-initialising their members,
+/// or if MUST_UPDATE_IN_PLACE is set, re-initialising already-allocated
+/// objects.
+/// \param assignemnts - the code block we are building with
+///   initilisation code
+/// \param expr: lvalue expression to initialise
+/// \param class_identifier - the name of the class so we can identify
+/// special cases where a null pointer is not applicable.
+/// \param create_dynamic_objects: if true, use malloc to allocate objects;
+///   otherwise generate fresh static symbols.
+/// \param pointer_type - The type of the pointer we are initalising
+/// `update_in_place`: NO_UPDATE_IN_PLACE: initialise `expr` from scratch
+///   MUST_UPDATE_IN_PLACE: reinitialise an existing object MAY_UPDATE_IN_PLACE:
+///   generate a runtime nondet branch between the NO_ and MUST_ cases.
+void java_object_factoryt::gen_nondet_pointer_init(
+  code_blockt &assignments,
+  const exprt &expr,
+  const irep_idt &class_identifier,
+  bool create_dynamic_objects,
+  const pointer_typet &pointer_type,
+  const update_in_placet &update_in_place)
+{
+  const typet &subtype=ns.follow(pointer_type.subtype());
+  if(subtype.id()==ID_struct)
+  {
+    const struct_typet &struct_type=to_struct_type(subtype);
+    const irep_idt &struct_tag=struct_type.get_tag();
+    // If this is a recursive type of some kind, set null.
+    if(!recursion_set.insert(struct_tag).second)
+    {
+      if(update_in_place==NO_UPDATE_IN_PLACE)
+      {
+        assignments.copy_to_operands(
+          get_null_assignment(expr, pointer_type));
+      }
+      // Otherwise leave it as it is.
+      return;
+    }
+  }
+
+  code_blockt new_object_assignments;
+  code_blockt update_in_place_assignments;
+
+  if(update_in_place!=NO_UPDATE_IN_PLACE)
+  {
+    gen_pointer_target_init(
+      update_in_place_assignments,
+      expr,
+      subtype,
+      create_dynamic_objects,
+      MUST_UPDATE_IN_PLACE);
+  }
+
+  if(update_in_place==MUST_UPDATE_IN_PLACE)
+  {
+    assignments.append(update_in_place_assignments);
+    return;
+  }
+
+  // Otherwise we need code for the allocate-new-object case:
+
+  code_blockt non_null_inst;
+  gen_pointer_target_init(
+    non_null_inst,
+    expr,
+    subtype,
+    create_dynamic_objects,
+    NO_UPDATE_IN_PLACE);
+
+  // Determine whether the pointer can be null.
+  // In particular the array field of a String should not be null.
+  bool not_null=
+    assume_non_null ||
+    ((class_identifier=="java.lang.String" ||
+      class_identifier=="java.lang.StringBuilder" ||
+      class_identifier=="java.lang.StringBuffer" ||
+      class_identifier=="java.lang.CharSequence") &&
+     subtype.id()==ID_array);
+
+  if(not_null)
+  {
+    // Add the following code to assignments:
+    // <expr> = <aoe>;
+    new_object_assignments.append(non_null_inst);
+  }
+  else
+  {
+    // if(NONDET(_Bool)
+    // {
+    //    <expr> = <null pointer>
+    // }
+    // else
+    // {
+    //    <code from recursive call to gen_nondet_init() with
+    //             tmp$<temporary_counter>>
+    // }
+    auto set_null_inst=get_null_assignment(expr, pointer_type);
+
+    code_ifthenelset null_check;
+    null_check.cond()=side_effect_expr_nondett(bool_typet());
+    null_check.then_case()=set_null_inst;
+    null_check.else_case()=non_null_inst;
+
+    new_object_assignments.add(null_check);
+  }
+
+  // Similarly to above, maybe use a conditional if both the
+  // allocate-fresh and update-in-place cases are allowed:
+  if(update_in_place==NO_UPDATE_IN_PLACE)
+  {
+    assignments.append(new_object_assignments);
+  }
+  else
+  {
+    assert(update_in_place==MAY_UPDATE_IN_PLACE);
+
+    code_ifthenelset update_check;
+    update_check.cond()=side_effect_expr_nondett(bool_typet());
+    update_check.then_case()=update_in_place_assignments;
+    update_check.else_case()=new_object_assignments;
+
+    assignments.add(update_check);
+  }
+}
+
 /// Initialises a primitive or object tree rooted at `expr`, allocating child
 /// objects as necessary and nondet-initialising their members, or if
 /// MUST_UPDATE_IN_PLACE is set, re-initialising already-allocated objects.
@@ -384,107 +519,13 @@ void java_object_factoryt::gen_nondet_init(
   {
     // dereferenced type
     const pointer_typet &pointer_type=to_pointer_type(type);
-    const typet &subtype=ns.follow(pointer_type.subtype());
-
-    if(subtype.id()==ID_struct)
-    {
-      const struct_typet &struct_type=to_struct_type(subtype);
-      const irep_idt struct_tag=struct_type.get_tag();
-      // If this is a recursive type of some kind, set null.
-      if(!recursion_set.insert(struct_tag).second)
-      {
-        if(update_in_place==NO_UPDATE_IN_PLACE)
-        {
-          assignments.copy_to_operands(
-            get_null_assignment(expr, pointer_type));
-        }
-        // Otherwise leave it as it is.
-        return;
-      }
-    }
-
-    code_blockt new_object_assignments;
-    code_blockt update_in_place_assignments;
-
-    if(update_in_place!=NO_UPDATE_IN_PLACE)
-    {
-      gen_pointer_target_init(
-        update_in_place_assignments,
-        expr,
-        subtype,
-        create_dynamic_objects,
-        MUST_UPDATE_IN_PLACE);
-    }
-
-    if(update_in_place==MUST_UPDATE_IN_PLACE)
-    {
-      assignments.append(update_in_place_assignments);
-      return;
-    }
-
-    // Otherwise we need code for the allocate-new-object case:
-
-    code_blockt non_null_inst;
-    gen_pointer_target_init(
-      non_null_inst,
+    gen_nondet_pointer_init(
+      assignments,
       expr,
-      subtype,
+      class_identifier,
       create_dynamic_objects,
-      NO_UPDATE_IN_PLACE);
-
-    // Determine whether the pointer can be null.
-    // In particular the array field of a String should not be null.
-    bool not_null=
-      assume_non_null ||
-      ((class_identifier=="java.lang.String" ||
-        class_identifier=="java.lang.StringBuilder" ||
-        class_identifier=="java.lang.StringBuffer" ||
-        class_identifier=="java.lang.CharSequence") &&
-       subtype.id()==ID_array);
-
-    if(not_null)
-    {
-      // Add the following code to assignments:
-      // <expr> = <aoe>;
-      new_object_assignments.append(non_null_inst);
-    }
-    else
-    {
-      // Add the following code to assignments:
-      //           IF !NONDET(_Bool) THEN GOTO <label1>
-      //           <expr> = <null pointer>
-      //           GOTO <label2>
-      // <label1>: <expr> = &tmp$<temporary_counter>;
-      //           <code from recursive call to gen_nondet_init() with
-      //             tmp$<temporary_counter>>
-      // And the next line is labelled label2
-      auto set_null_inst=get_null_assignment(expr, pointer_type);
-
-      code_ifthenelset null_check;
-      null_check.cond()=side_effect_expr_nondett(bool_typet());
-      null_check.then_case()=set_null_inst;
-      null_check.else_case()=non_null_inst;
-
-      new_object_assignments.add(null_check);
-    }
-
-    // Similarly to above, maybe use a conditional if both the
-    // allocate-fresh and update-in-place cases are allowed:
-    if(update_in_place==NO_UPDATE_IN_PLACE)
-    {
-      assignments.append(new_object_assignments);
-    }
-    else
-    {
-      assert(update_in_place==MAY_UPDATE_IN_PLACE);
-
-      code_ifthenelset update_check;
-      update_check.cond()=side_effect_expr_nondett(bool_typet());
-      update_check.then_case()=update_in_place_assignments;
-      update_check.else_case()=new_object_assignments;
-
-      assignments.add(update_check);
-    }
+      pointer_type,
+      update_in_place);
   }
   else if(type.id()==ID_struct)
   {

From 6770e74f86b519fa1a54339acd78815125638479 Mon Sep 17 00:00:00 2001
From: thk123 <thomas@diffblue.com>
Date: Wed, 7 Jun 2017 14:17:50 +0100
Subject: [PATCH 340/699] Split up gen_nondet_init for structs

Split out the logic for initilising a struct into a standalone method
---
 src/java_bytecode/java_object_factory.cpp | 180 ++++++++++++++--------
 1 file changed, 112 insertions(+), 68 deletions(-)

diff --git a/src/java_bytecode/java_object_factory.cpp b/src/java_bytecode/java_object_factory.cpp
index bb982e05168..6af5ba30a32 100644
--- a/src/java_bytecode/java_object_factory.cpp
+++ b/src/java_bytecode/java_object_factory.cpp
@@ -126,6 +126,16 @@ class java_object_factoryt
     bool create_dynamic_objects,
     const pointer_typet &pointer_type,
     const update_in_placet &update_in_place);
+
+  void gen_nondet_struct_init(
+    code_blockt &assignments,
+    const exprt &expr,
+    bool is_sub,
+    irep_idt class_identifier,
+    bool skip_classid,
+    bool create_dynamic_objects,
+    const struct_typet &struct_type,
+    const update_in_placet &update_in_place);
 };
 
 /// Generates code for allocating a dynamic object. This is used in
@@ -482,6 +492,98 @@ void java_object_factoryt::gen_nondet_pointer_init(
   }
 }
 
+/// Initialises an object tree rooted at `expr`, allocating child objects as
+/// necessary and nondet-initialising their members, or if MUST_UPDATE_IN_PLACE
+/// is set, re-initialising already-allocated objects.
+/// \param assignments: The code block to append the new
+///   instructions to
+/// \param expr: pointer-typed lvalue expression to initialise
+/// \param is_sub: If true, `expr` is a substructure of a larger object, which
+///   in Java necessarily means a base class. not match *expr (for example, expr
+///   might be void*)
+/// \param class_identifier: clsid to initialise @java.lang.Object.
+///   @class_identifier
+/// \param skip_classid: if true, skip initialising @class_identifier
+/// \param create_dynamic_objects: if true, use malloc to allocate objects;
+///   otherwise generate fresh static symbols.
+/// \param struct_type - The type of the struct we are initalising
+/// \param update_in_place: NO_UPDATE_IN_PLACE: initialise `expr` from scratch
+///   MUST_UPDATE_IN_PLACE: reinitialise an existing object MAY_UPDATE_IN_PLACE:
+///   invalid input
+void java_object_factoryt::gen_nondet_struct_init(
+  code_blockt &assignments,
+  const exprt &expr,
+  bool is_sub,
+  irep_idt class_identifier,
+  bool skip_classid,
+  bool create_dynamic_objects,
+  const struct_typet &struct_type,
+  const update_in_placet &update_in_place)
+{
+  typedef struct_typet::componentst componentst;
+  const irep_idt &struct_tag=struct_type.get_tag();
+
+  const componentst &components=struct_type.components();
+
+  if(!is_sub)
+    class_identifier=struct_tag;
+
+  for(const auto &component : components)
+  {
+    const typet &component_type=component.type();
+    irep_idt name=component.get_name();
+
+    member_exprt me(expr, name, component_type);
+
+    if(name=="@class_identifier")
+    {
+      if(update_in_place==MUST_UPDATE_IN_PLACE)
+        continue;
+
+      if(skip_classid)
+        continue;
+
+      irep_idt qualified_clsid="java::"+as_string(class_identifier);
+      constant_exprt ci(qualified_clsid, string_typet());
+      code_assignt code(me, ci);
+      code.add_source_location()=loc;
+      assignments.copy_to_operands(code);
+    }
+    else if(name=="@lock")
+    {
+      if(update_in_place==MUST_UPDATE_IN_PLACE)
+        continue;
+      code_assignt code(me, from_integer(0, me.type()));
+      code.add_source_location()=loc;
+      assignments.copy_to_operands(code);
+    }
+    else
+    {
+      assert(!name.empty());
+
+      bool _is_sub=name[0]=='@';
+
+      // MUST_UPDATE_IN_PLACE only applies to this object.
+      // If this is a pointer to another object, offer the chance
+      // to leave it alone by setting MAY_UPDATE_IN_PLACE instead.
+      update_in_placet substruct_in_place=
+        update_in_place==MUST_UPDATE_IN_PLACE && !_is_sub ?
+        MAY_UPDATE_IN_PLACE :
+        update_in_place;
+      gen_nondet_init(
+        assignments,
+        me,
+        _is_sub,
+        class_identifier,
+        false,
+        create_dynamic_objects,
+        false,
+        typet(),
+        substruct_in_place);
+    }
+  }
+}
+
 /// Initialises a primitive or object tree rooted at `expr`, allocating child
 /// objects as necessary and nondet-initialising their members, or if
 /// MUST_UPDATE_IN_PLACE is set, re-initialising already-allocated objects.
@@ -529,74 +631,16 @@ void java_object_factoryt::gen_nondet_init(
   }
   else if(type.id()==ID_struct)
   {
-    typedef struct_typet::componentst componentst;
-
-    const struct_typet &struct_type=to_struct_type(type);
-    const irep_idt struct_tag=struct_type.get_tag();
-
-    const componentst &components=struct_type.components();
-
-    if(!is_sub)
-      class_identifier=struct_tag;
-
-    for(const auto &component : components)
-    {
-      const typet &component_type=component.type();
-      irep_idt name=component.get_name();
-
-      member_exprt me(expr, name, component_type);
-
-      if(name=="@class_identifier")
-      {
-        if(update_in_place==MUST_UPDATE_IN_PLACE)
-          continue;
-
-        if(skip_classid)
-          continue;
-
-        irep_idt qualified_clsid="java::"+as_string(class_identifier);
-        constant_exprt ci(qualified_clsid, string_typet());
-        code_assignt code(me, ci);
-        code.add_source_location()=loc;
-        assignments.copy_to_operands(code);
-      }
-      else if(name=="@lock")
-      {
-        if(update_in_place==MUST_UPDATE_IN_PLACE)
-          continue;
-        code_assignt code(me, from_integer(0, me.type()));
-        code.add_source_location()=loc;
-        assignments.copy_to_operands(code);
-      }
-      else
-      {
-        assert(!name.empty());
-
-        bool _is_sub=name[0]=='@';
-#if 0
-        irep_idt _class_identifier=
-          _is_sub?(class_identifier.empty()?struct_tag:class_identifier):"";
-#endif
-
-        // MUST_UPDATE_IN_PLACE only applies to this object.
-        // If this is a pointer to another object, offer the chance
-        // to leave it alone by setting MAY_UPDATE_IN_PLACE instead.
-        update_in_placet substruct_in_place=
-          update_in_place==MUST_UPDATE_IN_PLACE && !_is_sub ?
-          MAY_UPDATE_IN_PLACE :
-          update_in_place;
-        gen_nondet_init(
-          assignments,
-          me,
-          _is_sub,
-          class_identifier,
-          false,
-          create_dynamic_objects,
-          false,
-          typet(),
-          substruct_in_place);
-      }
-    }
+    const struct_typet struct_type=to_struct_type(type);
+    gen_nondet_struct_init(
+      assignments,
+      expr,
+      is_sub,
+      class_identifier,
+      skip_classid,
+      create_dynamic_objects,
+      struct_type,
+      update_in_place);
   }
   else
   {

From 90c8198fca0678e3bb1d706eefd14bc9b4a42302 Mon Sep 17 00:00:00 2001
From: thk123 <thomas@diffblue.com>
Date: Mon, 5 Jun 2017 11:07:37 +0100
Subject: [PATCH 341/699] Added missing comment to class_hieracrchyt

---
 src/goto-programs/class_hierarchy.cpp | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/goto-programs/class_hierarchy.cpp b/src/goto-programs/class_hierarchy.cpp
index 10a16760b98..77323aa83e4 100644
--- a/src/goto-programs/class_hierarchy.cpp
+++ b/src/goto-programs/class_hierarchy.cpp
@@ -18,6 +18,10 @@ Date: April 2016
 
 #include "class_hierarchy.h"
 
+/// Looks for all the struct types in the symbol table and construct a map from
+/// class names to a data structure that contains lists of parent and child
+/// classes for each struct type (ie class).
+/// \param symbol_table: The symbol table to analyze
 void class_hierarchyt::operator()(const symbol_tablet &symbol_table)
 {
   forall_symbols(it, symbol_table.symbols)

From fde9c7659c1b0c6c2d6288d093ba6ce24bdb0b9f Mon Sep 17 00:00:00 2001
From: thk123 <thomas@diffblue.com>
Date: Mon, 19 Jun 2017 10:51:09 +0100
Subject: [PATCH 342/699] Correcting assertions.

Changed assert to invariant that all components on a struct have a name.

Changed assert to invariant that must and no update in places cases have
been correctly dealt with.
---
 src/java_bytecode/java_object_factory.cpp | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/java_bytecode/java_object_factory.cpp b/src/java_bytecode/java_object_factory.cpp
index 6af5ba30a32..efcd97f335e 100644
--- a/src/java_bytecode/java_object_factory.cpp
+++ b/src/java_bytecode/java_object_factory.cpp
@@ -20,6 +20,7 @@ Author: Daniel Kroening, kroening@kroening.com
 #include <util/nondet_ifthenelse.h>
 #include <util/pointer_offset_size.h>
 #include <util/prefix.h>
+#include <util/invariant.h>
 
 #include <linking/zero_initializer.h>
 
@@ -481,7 +482,8 @@ void java_object_factoryt::gen_nondet_pointer_init(
   }
   else
   {
-    assert(update_in_place==MAY_UPDATE_IN_PLACE);
+    INVARIANT(update_in_place==MAY_UPDATE_IN_PLACE,
+      "No update and must update should have already been resolved");
 
     code_ifthenelset update_check;
     update_check.cond()=side_effect_expr_nondett(bool_typet());
@@ -559,7 +561,7 @@ void java_object_factoryt::gen_nondet_struct_init(
     }
     else
     {
-      assert(!name.empty());
+      INVARIANT(!name.empty(), "Each component of a struct must have a name");
 
       bool _is_sub=name[0]=='@';
 

From 9bb474dc08c162a253bab51bd97fc490ef89c59c Mon Sep 17 00:00:00 2001
From: Cesar Rodriguez <cesar.rodriguez@diffblue.com>
Date: Mon, 26 Jun 2017 17:26:00 +0100
Subject: [PATCH 343/699] Fixes parameter detection on bytecode->goto
 translation

The JVM spec document (Sec. 3.6) mandates that Java method arguments occupy the
lowest local variables. The only sound way to detect which variable slots are
function parameters is by counting the number and type of arguments in the
method descriptor.

This commit adds a new function `java_method_parameter_slots` which can
determine the number of variable slots used by a method's parameters. It also
fixes `setup_local_variables` (which were previously checking whether
`v.start_pc=0` to determine if an LVT entry is a parameter).
---
 .../java_bytecode_convert_method.cpp          | 84 +++++++++----------
 .../java_bytecode_convert_method_class.h      | 17 +++-
 .../java_local_variable_table.cpp             | 46 ++++++----
 src/java_bytecode/java_utils.cpp              | 31 +++++++
 src/java_bytecode/java_utils.h                | 10 +++
 5 files changed, 125 insertions(+), 63 deletions(-)

diff --git a/src/java_bytecode/java_bytecode_convert_method.cpp b/src/java_bytecode/java_bytecode_convert_method.cpp
index 69fb187aa7b..b20dcaab4b6 100644
--- a/src/java_bytecode/java_bytecode_convert_method.cpp
+++ b/src/java_bytecode/java_bytecode_convert_method.cpp
@@ -30,6 +30,7 @@ Author: Daniel Kroening, kroening@kroening.com
 #include "java_bytecode_convert_method_class.h"
 #include "bytecode_info.h"
 #include "java_types.h"
+#include "java_utils.h"
 #include "java_string_library_preprocess.h"
 
 #include <limits>
@@ -106,25 +107,10 @@ static bool operator==(const irep_idt &what, const patternt &pattern)
   return pattern==what;
 }
 
-const size_t SLOTS_PER_INTEGER(1u);
-const size_t INTEGER_WIDTH(64u);
-static size_t count_slots(
-  const size_t value,
-  const code_typet::parametert &param)
-{
-  const std::size_t width(param.type().get_unsigned_int(ID_width));
-  return value+SLOTS_PER_INTEGER+width/INTEGER_WIDTH;
-}
-
-static size_t get_variable_slots(const code_typet::parametert &param)
-{
-  return count_slots(0, param);
-}
-
 static irep_idt strip_java_namespace_prefix(const irep_idt to_strip)
 {
   const auto to_strip_str=id2string(to_strip);
-  assert(has_prefix(to_strip_str, "java::"));
+  PRECONDITION(has_prefix(to_strip_str, "java::"));
   return to_strip_str.substr(6, std::string::npos);
 }
 
@@ -308,12 +294,22 @@ void java_bytecode_convert_methodt::convert(
   method_return_type=code_type.return_type();
   code_typet::parameterst &parameters=code_type.parameters();
 
+  // Determine the number of local variable slots used by the JVM to maintan the
+  // formal parameters
+  slots_for_parameters = java_method_parameter_slots(code_type);
+
+  debug() << "Generating codet: class "
+             << class_symbol.name << ", method "
+             << m.name << eom;
+
+  // We now set up the local variables for the method parameters
   variables.clear();
 
-  // find parameter names in the local variable table:
+  // Find parameter names in the local variable table:
   for(const auto &v : m.local_variable_table)
   {
-    if(v.start_pc!=0) // Local?
+    // Skip this variable if it is not a method parameter
+    if(!is_parameter(v))
       continue;
 
     typet t=java_type_from_string(v.signature);
@@ -335,8 +331,10 @@ void java_bytecode_convert_methodt::convert(
   for(const auto &param : parameters)
   {
     variables[param_index].resize(1);
-    param_index+=get_variable_slots(param);
+    param_index+=java_local_variable_slots(param.type());
   }
+  INVARIANT(param_index==slots_for_parameters,
+    "java_parameter_count and local computation must agree");
 
   // assign names to parameters
   param_index=0;
@@ -348,8 +346,6 @@ void java_bytecode_convert_methodt::convert(
     {
       base_name="this";
       identifier=id2string(method_identifier)+"::"+id2string(base_name);
-      param.set_base_name(base_name);
-      param.set_identifier(identifier);
     }
     else
     {
@@ -364,10 +360,9 @@ void java_bytecode_convert_methodt::convert(
         base_name="arg"+std::to_string(param_index)+suffix;
         identifier=id2string(method_identifier)+"::"+id2string(base_name);
       }
-
-      param.set_base_name(base_name);
-      param.set_identifier(identifier);
     }
+    param.set_base_name(base_name);
+    param.set_identifier(identifier);
 
     // add to symbol table
     parameter_symbolt parameter_symbol;
@@ -377,41 +372,34 @@ void java_bytecode_convert_methodt::convert(
     parameter_symbol.type=param.type();
     symbol_table.add(parameter_symbol);
 
-    // add as a JVM variable
-    std::size_t slots=get_variable_slots(param);
+    // Add as a JVM local variable
     variables[param_index][0].symbol_expr=parameter_symbol.symbol_expr();
     variables[param_index][0].is_parameter=true;
     variables[param_index][0].start_pc=0;
     variables[param_index][0].length=std::numeric_limits<size_t>::max();
-    variables[param_index][0].is_parameter=true;
-    param_index+=slots;
-    assert(param_index>0);
+    param_index+=java_local_variable_slots(param.type());
   }
 
+  // The parameter slots detected in this function should agree with what
+  // java_parameter_count() thinks about this method
+  INVARIANT(param_index==slots_for_parameters,
+    "java_parameter_count and local computation must agree");
+
   const bool is_virtual=!m.is_static && !m.is_final;
 
-  #if 0
-  class_type.methods().push_back(class_typet::methodt());
-  class_typet::methodt &method=class_type.methods().back();
-  #else
+  // Construct a methodt, which lives within the class type; this object is
+  // never used for anything useful and could be removed
   class_typet::methodt method;
-  #endif
-
   method.set_base_name(m.base_name);
   method.set_name(method_identifier);
-
   method.set(ID_abstract, m.is_abstract);
   method.set(ID_is_virtual, is_virtual);
-
+  method.type()=member_type;
   if(is_constructor(method))
     method.set(ID_constructor, true);
 
-  method.type()=member_type;
-
   // we add the symbol for the method
-
   symbolt method_symbol;
-
   method_symbol.name=method.get_name();
   method_symbol.base_name=method.get_base_name();
   method_symbol.mode=ID_java;
@@ -430,15 +418,13 @@ void java_bytecode_convert_methodt::convert(
     method_symbol.type.set(ID_constructor, true);
   current_method=method_symbol.name;
   method_has_this=code_type.has_this();
-
-  tmp_vars.clear();
   if((!m.is_abstract) && (!m.is_native))
-    method_symbol.value=convert_instructions(
-      m, code_type, method_symbol.name);
+    method_symbol.value=convert_instructions(m, code_type, method_symbol.name);
 
   // Replace the existing stub symbol with the real deal:
   const auto s_it=symbol_table.symbols.find(method.get_name());
-  assert(s_it!=symbol_table.symbols.end());
+  INVARIANT(s_it!=symbol_table.symbols.end(),
+    "the symbol was there earlier on this function; it must be there now");
   symbol_table.symbols.erase(s_it);
 
   symbol_table.add(method_symbol);
@@ -1138,6 +1124,12 @@ codet java_bytecode_convert_methodt::convert_instructions(
     }
   }
 
+  // Clean the list of temporary variables created by a call to `tmp_variable`.
+  // These are local variables in the goto function used to represent temporary
+  // values of the JVM operand stack, newly allocated objects before the
+  // constructor is called, ...
+  tmp_vars.clear();
+
   // Now that the control flow graph is built, set up our local variables
   // (these require the graph to determine live ranges)
   setup_local_variables(method, address_map);
diff --git a/src/java_bytecode/java_bytecode_convert_method_class.h b/src/java_bytecode/java_bytecode_convert_method_class.h
index 17393900c64..ac635f329cd 100644
--- a/src/java_bytecode/java_bytecode_convert_method_class.h
+++ b/src/java_bytecode/java_bytecode_convert_method_class.h
@@ -41,7 +41,8 @@ class java_bytecode_convert_methodt:public messaget
     symbol_table(_symbol_table),
     max_array_length(_max_array_length),
     lazy_methods(_lazy_methods),
-    string_preprocess(_string_preprocess)
+    string_preprocess(_string_preprocess),
+    slots_for_parameters(0)
   {
   }
 
@@ -66,6 +67,11 @@ class java_bytecode_convert_methodt:public messaget
   typet method_return_type;
   java_string_library_preprocesst &string_preprocess;
 
+  /// Number of local variable slots used by the JVM to pass parameters upon
+  /// invocation of the method under translation.
+  /// Initialized in `convert`.
+  unsigned slots_for_parameters;
+
 public:
   struct holet
   {
@@ -76,6 +82,7 @@ class java_bytecode_convert_methodt:public messaget
   struct local_variable_with_holest
   {
     local_variablet var;
+    bool is_parameter;
     std::vector<holet> holes;
   };
 
@@ -149,6 +156,14 @@ class java_bytecode_convert_methodt:public messaget
 
   bool is_constructor(const class_typet::methodt &method);
 
+  /// Returns true iff the slot index of the local variable of a method (coming
+  /// from the LVT) is a parameter of that method. Assumes that
+  /// `slots_for_parameters` is initialized upon call.
+  bool is_parameter(const local_variablet &v)
+  {
+    return v.index < slots_for_parameters;
+  }
+
   struct converted_instructiont
   {
     converted_instructiont(
diff --git a/src/java_bytecode/java_local_variable_table.cpp b/src/java_bytecode/java_local_variable_table.cpp
index ee7d061f9d6..397ad463316 100644
--- a/src/java_bytecode/java_local_variable_table.cpp
+++ b/src/java_bytecode/java_local_variable_table.cpp
@@ -11,6 +11,7 @@ Author: Chris Smowton, chris.smowton@diffblue.com
 
 #include "java_bytecode_convert_method_class.h"
 #include "java_types.h"
+#include "java_utils.h"
 
 #include <util/string2int.h>
 
@@ -55,7 +56,7 @@ struct procedure_local_cfg_baset<
     for(const auto &table_entry : method.exception_table)
     {
       auto findit=amap.find(table_entry.start_pc);
-      assert(findit!=amap.end() &&
+      INVARIANT(findit!=amap.end(),
              "Exception table entry doesn't point to an instruction?");
       for(; findit->first<table_entry.end_pc; ++findit)
       {
@@ -186,9 +187,11 @@ static bool is_store_to_slot(
   else
   {
     // Store shorthands, like "store_0", "store_1"
-    assert(prevstatement[6]=='_' && prevstatement.size()==8);
+    INVARIANT(prevstatement[6]=='_' && prevstatement.size()==8,
+      "expected store instruction looks like store_0, store_1...");
     storeslot=prevstatement[7];
-    assert(isdigit(storeslot[0]));
+    INVARIANT(isdigit(storeslot[0]),
+      "store_? instructions should end in a digit");
   }
   auto storeslotidx=safe_string2unsigned(storeslot);
   return storeslotidx==slotidx;
@@ -203,7 +206,7 @@ static void maybe_add_hole(
   unsigned from,
   unsigned to)
 {
-  assert(to>=from);
+  PRECONDITION(to>=from);
   if(to!=from)
     var.holes.push_back({from, to-from});
 }
@@ -230,7 +233,7 @@ static void populate_variable_address_map(
         idx!=idxlim;
         ++idx)
     {
-      assert((!live_variable_at_address[idx]) && "Local variable table clash?");
+      INVARIANT(!live_variable_at_address[idx], "Local variable table clash?");
       live_variable_at_address[idx]=&*it;
     }
   }
@@ -261,20 +264,28 @@ static void populate_predecessor_map(
   messaget msg(msg_handler);
   for(auto it=firstvar, itend=varlimit; it!=itend; ++it)
   {
-    // Parameters are irrelevant to us and shouldn't be changed:
-    if(it->var.start_pc==0)
+    // All entries of the "local_variable_table_with_holest" processed in this
+    // function concern the same Java Local Variable Table slot/register. This
+    // is because "find_initialisers()" has already sorted them.
+    INVARIANT(it->var.index==firstvar->var.index,
+      "all entries are for the same local variable slot");
+
+    // Parameters are irrelevant to us and shouldn't be changed. This is because
+    // they cannot have live predecessor ranges: they are initialized by the JVM
+    // and no other live variable range can flow into them.
+    if(it->is_parameter)
       continue;
 
     // Find the last instruction within the live range:
     unsigned end_pc=it->var.start_pc+it->var.length;
     auto amapit=amap.find(end_pc);
-    assert(amapit!=amap.begin());
+    INVARIANT(amapit!=amap.begin(),
+      "current bytecode shall not be the first");
     auto old_amapit=amapit;
     --amapit;
     if(old_amapit==amap.end())
     {
-      assert(
-        end_pc>amapit->first &&
+      INVARIANT(end_pc>amapit->first,
         "Instruction live range doesn't align to instruction boundary?");
     }
 
@@ -287,7 +298,8 @@ static void populate_predecessor_map(
         auto pred_var=
           (pred<live_variable_at_address.size() ?
            live_variable_at_address[pred] :
-           0);
+           nullptr);
+
         if(pred_var==&*it)
         {
           // Flow from within same live range?
@@ -299,7 +311,8 @@ static void populate_predecessor_map(
           // Check if this is an initialiser, and if so expand the live range
           // to include it, but don't check its predecessors:
           auto inst_before_this=amapit;
-          assert(inst_before_this!=amap.begin());
+          INVARIANT(inst_before_this!=amap.begin(),
+            "we shall not be on the first bytecode of the method");
           --inst_before_this;
           if(amapit->first!=it->var.start_pc || inst_before_this->first!=pred)
           {
@@ -360,7 +373,7 @@ static unsigned get_common_dominator(
   const std::set<local_variable_with_holest*> &merge_vars,
   const java_cfg_dominatorst &dominator_analysis)
 {
-  assert(!merge_vars.empty());
+  PRECONDITION(!merge_vars.empty());
 
   unsigned first_pc=UINT_MAX;
   for(auto v : merge_vars)
@@ -652,10 +665,11 @@ void java_bytecode_convert_methodt::setup_local_variables(
   dominator_analysis(dominator_args);
 
   // Find out which local variable table entries should be merged:
-  // Wrap each entry so we have somewhere to record live ranges with holes:
+  // Wrap each entry so we have a data structure to work during function calls,
+  // where we record live ranges with holes:
   std::vector<local_variable_with_holest> vars_with_holes;
   for(const auto &v : m.local_variable_table)
-    vars_with_holes.push_back({v, {}});
+    vars_with_holes.push_back({v, is_parameter(v), {}});
 
   // Merge variable records:
   find_initialisers(vars_with_holes, amap, dominator_analysis);
@@ -673,7 +687,7 @@ void java_bytecode_convert_methodt::setup_local_variables(
   // length values in the local variable table
   for(const auto &v : vars_with_holes)
   {
-    if(v.var.start_pc==0) // Parameter?
+    if(v.is_parameter)
       continue;
 
     typet t=java_type_from_string(v.var.signature);
diff --git a/src/java_bytecode/java_utils.cpp b/src/java_bytecode/java_utils.cpp
index 0754eae13a3..d8e6c2b39ca 100644
--- a/src/java_bytecode/java_utils.cpp
+++ b/src/java_bytecode/java_utils.cpp
@@ -9,8 +9,10 @@ Author: Daniel Kroening, kroening@kroening.com
 
 #include <util/prefix.h>
 #include <util/std_types.h>
+#include <util/invariant.h>
 
 #include "java_utils.h"
+#include "java_types.h"
 
 bool java_is_array_type(const typet &type)
 {
@@ -20,3 +22,32 @@ bool java_is_array_type(const typet &type)
     to_struct_type(type).get_tag()),
                     "java::array[");
 }
+
+unsigned java_local_variable_slots(const typet &t)
+{
+  unsigned bitwidth;
+
+  bitwidth=t.get_unsigned_int(ID_width);
+  INVARIANT(
+    bitwidth==0 ||
+    bitwidth==8 ||
+    bitwidth==16 ||
+    bitwidth==32 ||
+    bitwidth==64,
+    "all types constructed in java_types.cpp encode JVM types "
+    "with these bit widths");
+  INVARIANT(bitwidth!=0 || t.id()==ID_pointer,
+    "if bitwidth is 0, then this a reference to a class, which is 1 slot");
+
+  return bitwidth==64 ? 2 : 1;
+}
+
+unsigned java_method_parameter_slots(const code_typet &t)
+{
+  unsigned slots = 0;
+
+  for(const auto &p : t.parameters())
+    slots+=java_local_variable_slots(p.type());
+
+  return slots;
+}
diff --git a/src/java_bytecode/java_utils.h b/src/java_bytecode/java_utils.h
index af69bdad4b9..bd88cb71bb8 100644
--- a/src/java_bytecode/java_utils.h
+++ b/src/java_bytecode/java_utils.h
@@ -9,9 +9,19 @@ Author: Daniel Kroening, kroening@kroening.com
 
 #include <util/type.h>
 
+#include "java_bytecode_parse_tree.h"
+
 #ifndef CPROVER_JAVA_BYTECODE_JAVA_UTILS_H
 #define CPROVER_JAVA_BYTECODE_JAVA_UTILS_H
 
 bool java_is_array_type(const typet &type);
 
+/// Returns the number of JVM local variables (slots) taken by a local variable
+/// that, when translated to goto, has type \p t.
+unsigned java_local_variable_slots(const typet &t);
+
+/// Returns the the number of JVM local variables (slots) used by the JVM to
+/// pass, upon call, the arguments of a Java method whose type is \p t.
+unsigned java_method_parameter_slots(const code_typet &t);
+
 #endif // CPROVER_JAVA_BYTECODE_JAVA_UTILS_H

From 0968e936839ff8959c8b69bc63bf8403005782cd Mon Sep 17 00:00:00 2001
From: Cesar Rodriguez <cesar.rodriguez@diffblue.com>
Date: Mon, 26 Jun 2017 17:45:24 +0100
Subject: [PATCH 344/699] Regression tests: java method parameter detection

---
 regression/cbmc-java/lvt-unexpected/Makefile  |   7 +
 regression/cbmc-java/lvt-unexpected/test.desc |  12 ++
 .../cbmc-java/lvt-unexpected/unexpected.class | Bin 0 -> 410 bytes
 .../cbmc-java/lvt-unexpected/unexpected.j     |  34 +++++
 .../method_parmeters1/method_parameters.class | Bin 0 -> 2150 bytes
 .../method_parmeters1/method_parameters.java  | 129 ++++++++++++++++++
 .../cbmc-java/method_parmeters1/test.desc     |   9 ++
 .../method_parmeters2/method_parameters.class | Bin 0 -> 3320 bytes
 .../method_parmeters2/method_parameters.java  | 129 ++++++++++++++++++
 .../cbmc-java/method_parmeters2/test.desc     |  10 ++
 10 files changed, 330 insertions(+)
 create mode 100644 regression/cbmc-java/lvt-unexpected/Makefile
 create mode 100644 regression/cbmc-java/lvt-unexpected/test.desc
 create mode 100644 regression/cbmc-java/lvt-unexpected/unexpected.class
 create mode 100644 regression/cbmc-java/lvt-unexpected/unexpected.j
 create mode 100644 regression/cbmc-java/method_parmeters1/method_parameters.class
 create mode 100644 regression/cbmc-java/method_parmeters1/method_parameters.java
 create mode 100644 regression/cbmc-java/method_parmeters1/test.desc
 create mode 100644 regression/cbmc-java/method_parmeters2/method_parameters.class
 create mode 100644 regression/cbmc-java/method_parmeters2/method_parameters.java
 create mode 100644 regression/cbmc-java/method_parmeters2/test.desc

diff --git a/regression/cbmc-java/lvt-unexpected/Makefile b/regression/cbmc-java/lvt-unexpected/Makefile
new file mode 100644
index 00000000000..8fb160582c0
--- /dev/null
+++ b/regression/cbmc-java/lvt-unexpected/Makefile
@@ -0,0 +1,7 @@
+
+T=unexpected
+
+all : $T.class
+
+%.class : %.j
+	jasmin $<
diff --git a/regression/cbmc-java/lvt-unexpected/test.desc b/regression/cbmc-java/lvt-unexpected/test.desc
new file mode 100644
index 00000000000..a7efd74bb7e
--- /dev/null
+++ b/regression/cbmc-java/lvt-unexpected/test.desc
@@ -0,0 +1,12 @@
+KNOWNBUG
+unexpected.class
+--verbosity 10 --show-symbol-table
+^EXIT=0$
+^SIGNAL=0$
+--
+--
+The LVT in the only method in unexpected.class does not satisfy the constraints
+expected by the bytecode to goto conversion algorithms. Namely, the live range
+of parameter x in that method is not preceeded by a store_i instruction, which
+is perfectly possibly as per the JVM specs but currently additionally required
+in CBMC.
diff --git a/regression/cbmc-java/lvt-unexpected/unexpected.class b/regression/cbmc-java/lvt-unexpected/unexpected.class
new file mode 100644
index 0000000000000000000000000000000000000000..b7078721f9949b9be29a5d41fec4b6a5fe1f0e34
GIT binary patch
literal 410
zcmY*VO;5r=5PefVTCf6^4;9qF4K6gEF<wkenviI$;p_q{X;WIVYz_V=PaZsY@CW##
zj8lw354-c;&YOKR^ZE7u0bqzT8*Q8t>@=2}m7HlgABKclD4v8HiFo1OOhbOQV4297
za0um{l+e7BI#qEHFS?H^S$4Ht>+>EVC)C13laRkk=CXt`h%5ahRWo@VM3O)oKAs8F
zMjahOeQOyc?yU-9?Q12)l3=bf7R7|BuZ7Z?(XYp!CjIBNmMkx9a~2wG-1i1v8ATj$
zH%Y3w*Zz1n78~$iqrrsWjFXv&CPD>b8p-?YV)2jme?KGiP(y(?2M|hV;fUiNvrC?^
r!LjuU+c|v0al80%k>Nb!&dXMRlI3B*LWOIq%raDA#GAlAa|6aVCevDS

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/lvt-unexpected/unexpected.j b/regression/cbmc-java/lvt-unexpected/unexpected.j
new file mode 100644
index 00000000000..91258c12ae5
--- /dev/null
+++ b/regression/cbmc-java/lvt-unexpected/unexpected.j
@@ -0,0 +1,34 @@
+.class public unexpected
+.super java/lang/Object
+
+.method public static test1(I)I
+  .limit stack 10
+  .limit locals 20
+
+  ; unexpected in previous code, as arg is the argument of the method and its
+  ; start_pc is != 0
+  .var 0 is arg I from Label1 to Label2
+  .var 1 is x   I from Label1 to Label2
+
+  ; say hello
+  getstatic      java/lang/System/out Ljava/io/PrintStream;
+  ldc            "Starting test1!"
+  invokevirtual  java/io/PrintStream/println(Ljava/lang/String;)V
+
+Label1:
+  ; x = arg + 3
+  iload_0
+  iconst_3
+  iadd
+  istore_1
+
+  ; say bye
+  getstatic      java/lang/System/out Ljava/io/PrintStream;
+  ldc            "Returning from test1!"
+  invokevirtual  java/io/PrintStream/println(Ljava/lang/String;)V
+
+  ; return x
+  iload_1
+  ireturn
+Label2:
+.end method
diff --git a/regression/cbmc-java/method_parmeters1/method_parameters.class b/regression/cbmc-java/method_parmeters1/method_parameters.class
new file mode 100644
index 0000000000000000000000000000000000000000..866f9b1c2da348aaf2934edccc2510af09f8a694
GIT binary patch
literal 2150
zcma)++fEZv6o%LIFs+qC5vYQoR0XC*C~Y|k0>T7S0%}r2A{cdAMl3>0%AgmR_%6Nx
z@yf&tZcTg%-^BQ@J;QXy?pT{Nvku?vwbxpI`}6nr3nH4LM==W1lDhKh$FGIGoxun#
zM`%SMb+J;dSW5~8wbZskp|#qcsZi%;rD{GoJt~>?=SJxek+5Z+SXt+p1E}pVFT#0t
zSJ_pW${Xyjx#=l(3$8oO?z-#FDAcQM9vB~t%%M@;&lIhCrMkc1=4Tn-aNRj}b=RH8
z6|{m#i`v;qg%X-BKhGx6gsScCiVN8hv=c!@*HgMe?M2Hdzuz*BoyH@g@f>=(0%lh)
zh~iGPgg5PcS)r)Ni?n?%<`U8L!m1dBYB>|M4b-#^hD3_TW`{5^+rX%714FV6Ov5%X
z2iw2|?Dx5K$3lyag)&jQFn4fi;@X!c?(LwsNUT^pt(VR93U54dWLocPd#{g;x&hOy
zpG@$U+DN5{LS0Q+h2o7ZJ}n)XWs8O=1l959F1~n?P#M-Bo(i7f^fywz!oYL|z(M}T
zT(r-LG+`kmu2LItK9R8iqko?kL9m@VT46C@ofL0{wFB#-Ypt+2ux{#Ug>?h#r9>+%
z0qi>6@L)kinmXkX^ih8+Yyj9z8gQ^Ap1h%O{A?!Fm|aW^lh>C-a*%HQ4?YZh1o&+l
z@?1i?l@zcf-ElA-FY-G3$1Xx&DBN*A7R))81~Zr~pCcO(8tEWzejH1mz#cL}SRo2T
zSwHt^*i)F>Y8p}=!4bFc01oBCp&klw39k%i;g6E$IgrVw0~ZlYQQCv4GHe+a9`lJB
zRP$*%u=_qyi(f=zF)9iXJq9-J6SWlE5L5DsT8eD}%lJes#hwA1^od%E6@g`aqLyOY
zz;ZrOONH_RSl%aUDfSZBlq>2X3`wjtezw#YovrCN(2oIn+ST;GXcP2X&@;r;<sXf-
zp$gKouCiFtEY$wABjmIz=~0*xNgv_;Dz;GbNIFV$K1oXzc!C$_-NGzsE-aJuN01ME
Yl9v9Fd;+%MleF}w^cfRj^#|zTA2z}1Jpcdz

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/method_parmeters1/method_parameters.java b/regression/cbmc-java/method_parmeters1/method_parameters.java
new file mode 100644
index 00000000000..10dfba1bbea
--- /dev/null
+++ b/regression/cbmc-java/method_parmeters1/method_parameters.java
@@ -0,0 +1,129 @@
+class method_parameters
+{
+  void test1()
+  {}
+
+  void test2(boolean b)
+  {}
+
+  void test3(byte b)
+  {}
+
+  void test3a(char c)
+  {}
+
+  void test4(int i)
+  {}
+
+  void test5(float f)
+  {}
+
+  void test6(String s)
+  {}
+
+  void test7(long l)
+  {}
+
+  void test8(double l)
+  {}
+
+  void test9(int i, long l)
+  {
+    int local = 123;
+  }
+
+  void test10(double i, String s)
+  {
+    int local = 123;
+  }
+
+  void test11(int a[][])
+  {}
+
+  double test12(double a[][], double d)
+  {
+    if (a.length < 1) return 0;
+    if (a[0].length < 1) return 0;
+    return d + a[0][0];
+  }
+
+  void test12a(double a[][][], int i, double d)
+  {}
+
+  double test12b(double a[][], double d)
+  {
+    return 123.123;
+  }
+
+  void test12c(double a[][][], double d)
+  {
+  }
+
+  void test13(double d, int i, byte b, char c)
+  {}
+
+  // Same as above but now static
+
+  static void ttest1()
+  {}
+
+  static void ttest2(boolean b)
+  {}
+
+  static void ttest3(byte b)
+  {}
+
+  static void ttest3a(char c)
+  {}
+
+  static void ttest4(int i)
+  {}
+
+  static void ttest5(float f)
+  {}
+
+  static void ttest6(String s)
+  {}
+
+  static void ttest7(long l)
+  {}
+
+  static void ttest8(double l)
+  {}
+
+  static void ttest9(int i, long l)
+  {
+    int local = 123;
+  }
+
+  static void ttest10(double i, String s)
+  {
+    int local = 123;
+  }
+
+  static void ttest11(int a[][])
+  {}
+
+  static double ttest12(double a[][], double d)
+  {
+    if (a.length < 1) return 0;
+    if (a[0].length < 1) return 0;
+    return d + a[0][0];
+  }
+
+  static void ttest12a(double a[][][], int i, double d)
+  {}
+
+  static double ttest12b(double a[][], double d)
+  {
+    return 123.123;
+  }
+
+  static void ttest12c(double a[][][], double d)
+  {
+  }
+
+  static void ttest13(double d, int i, byte b, char c)
+  {}
+
+}
diff --git a/regression/cbmc-java/method_parmeters1/test.desc b/regression/cbmc-java/method_parmeters1/test.desc
new file mode 100644
index 00000000000..909aa8ab6b4
--- /dev/null
+++ b/regression/cbmc-java/method_parmeters1/test.desc
@@ -0,0 +1,9 @@
+CORE
+method_parameters.class
+--verbosity 10 --show-symbol-table
+^EXIT=0$
+^SIGNAL=0$
+--
+--
+The purpose of the test is ensuring that the bytecode -> symbol table AST
+generation happens correctly. The generated .class file does not contain LVTs.
diff --git a/regression/cbmc-java/method_parmeters2/method_parameters.class b/regression/cbmc-java/method_parmeters2/method_parameters.class
new file mode 100644
index 0000000000000000000000000000000000000000..5f065c68585b0f487732db59b62c90a7748679ed
GIT binary patch
literal 3320
zcma)8ZF5>x5Z(j#0*y_YCMg<h?R!f=n-cO?6O&3Pl}P$V8#QsXH-xrC0v$s2L!I%z
z_y;<Ea>ft++8O_Z|D@xydrl6Qmn$+u?y_f}=j`q|``rBf{;#)0G*91-kV{V@w|{u|
z&&vMJxhQQ%=^I6n)mo$0UQ-lK&TK1kHk$iYMW;%&M)lsS!@X+jvA0);XQI@sc=c_s
zRpZ~r>9k+ejucIn4y)}K&HW!=dMyuTwRN<j$Zc1T+8Ohl19ftTcTjuy?ihEL-8pgR
zkP9QS9{V=LS3&5837uzmQQS4Si^jdc?t-|V!Cf%!MMY<lr33G0Z?^6=p3j!sty<&x
zio_w~iT))6Tw=aWiK~Ne)3}$}ofmiBxNhN@EJ~<b=jNCKGB*{)lllG~7%e4c(3MDX
zcUM<~dc&}f*U+gb*7EroY=i~;Rr`uY%Wbdn)0X$rv_2}`odfs;qIdH}NzP#t1bPvj
zHWnHglQ4<WNuc-9WWJb_R!7?Aw6uXFw825L#K)ptI0$W^_1ZwQwSneo1MSiVnxygE
z6=R`#V_}<^-k1wHHj(zRiM&lH5*aBsU$rXLLXGcZyzk20;L|=y5sE50-M6Y}ymK4w
z?;TVtZMr}XW`aML@dc2uGpt!W6`pSDPf~xt2+;`%U?=jx-;+9kK7hraQ43Dvm&Ek~
z9Uo9x;251kIPbcEZ-~LYz^DM@deH(=5S^BtCTMaP#YiB<lu(?Z_%Mpm0E!RkBcYh4
z#4w8S0E&<4tWcbzPli!U22h;GVRF|m(xqV(@c@d;bVVqx(lsANc+iPV2T)w6q)^OI
zY8b`YK#H_bd`h1giiddeEp^9VFFKvOF(UVYukb~oO2I;qy&o<ex78)iD};4LH_&R1
zo28rohyE&puLaWUOkGUR6$*FJXK2pQ2j1$LfCgmouHutiphZJ*0BX)Tk$&s^PVU&7
zba>8KNtoeG<qcNDGNWU75?U8Sr4y)<XZ3>k61Fo5%F>eTk)UNtqcgV<<xnWbQ~o)v
zn0<@*#f|S9$gHm;ok>=pT@_j-t(RGr4LGGQY&khO3T!w<Ax_*cE=#_I9h<OY6Lw6(
zL~FEe(p(1zx2G@7RUg^lG<Eevx9LkmRt8aI5ZStr&FhBP%#`HA$E9nQX@M|J>5PcQ
z!Np<ZtUOL5mOqj$US2RG(zHCnHmn#1s_0$GL(8w0KmsstB`^@U*#n%y&M~@Ug)b1e
z)dl2=7+A1!7YKaN1>|XD;9V<nfxvPXkfn`*Us-7j1a5Z$c`O-Nw1URKfv=eFx_~Sf
z4BWIb76|;l2grdj`r3+D0cXpX(;0ug)~j7lF_)g;^@KVyHV6hnD`^;LR;(~MOIES|
zi?fQ@XFZ&p6LWGuLRjx`ZdsY)7`eusB=xndbrs0s#0B27)BF^~eCrb_BS|SMPS;@$
z5T`@n8xW_aFzeU4mL$;NR`F0OpCrZTzLliFSwHgCtc8fl^ib;Y)UzI=2R8L(=>|G8
zK!|?vC8y<w`Lz7-zbg-|{II~w*!OnsS09BxC0$>P9$C=|6x!c}LciIx)NmGld1a~5
PqQis9Z#Y)45Iz1E9<VHr

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/method_parmeters2/method_parameters.java b/regression/cbmc-java/method_parmeters2/method_parameters.java
new file mode 100644
index 00000000000..10dfba1bbea
--- /dev/null
+++ b/regression/cbmc-java/method_parmeters2/method_parameters.java
@@ -0,0 +1,129 @@
+class method_parameters
+{
+  void test1()
+  {}
+
+  void test2(boolean b)
+  {}
+
+  void test3(byte b)
+  {}
+
+  void test3a(char c)
+  {}
+
+  void test4(int i)
+  {}
+
+  void test5(float f)
+  {}
+
+  void test6(String s)
+  {}
+
+  void test7(long l)
+  {}
+
+  void test8(double l)
+  {}
+
+  void test9(int i, long l)
+  {
+    int local = 123;
+  }
+
+  void test10(double i, String s)
+  {
+    int local = 123;
+  }
+
+  void test11(int a[][])
+  {}
+
+  double test12(double a[][], double d)
+  {
+    if (a.length < 1) return 0;
+    if (a[0].length < 1) return 0;
+    return d + a[0][0];
+  }
+
+  void test12a(double a[][][], int i, double d)
+  {}
+
+  double test12b(double a[][], double d)
+  {
+    return 123.123;
+  }
+
+  void test12c(double a[][][], double d)
+  {
+  }
+
+  void test13(double d, int i, byte b, char c)
+  {}
+
+  // Same as above but now static
+
+  static void ttest1()
+  {}
+
+  static void ttest2(boolean b)
+  {}
+
+  static void ttest3(byte b)
+  {}
+
+  static void ttest3a(char c)
+  {}
+
+  static void ttest4(int i)
+  {}
+
+  static void ttest5(float f)
+  {}
+
+  static void ttest6(String s)
+  {}
+
+  static void ttest7(long l)
+  {}
+
+  static void ttest8(double l)
+  {}
+
+  static void ttest9(int i, long l)
+  {
+    int local = 123;
+  }
+
+  static void ttest10(double i, String s)
+  {
+    int local = 123;
+  }
+
+  static void ttest11(int a[][])
+  {}
+
+  static double ttest12(double a[][], double d)
+  {
+    if (a.length < 1) return 0;
+    if (a[0].length < 1) return 0;
+    return d + a[0][0];
+  }
+
+  static void ttest12a(double a[][][], int i, double d)
+  {}
+
+  static double ttest12b(double a[][], double d)
+  {
+    return 123.123;
+  }
+
+  static void ttest12c(double a[][][], double d)
+  {
+  }
+
+  static void ttest13(double d, int i, byte b, char c)
+  {}
+
+}
diff --git a/regression/cbmc-java/method_parmeters2/test.desc b/regression/cbmc-java/method_parmeters2/test.desc
new file mode 100644
index 00000000000..507e8d4ef11
--- /dev/null
+++ b/regression/cbmc-java/method_parmeters2/test.desc
@@ -0,0 +1,10 @@
+CORE
+method_parameters.class
+--verbosity 10 --show-symbol-table
+^EXIT=0$
+^SIGNAL=0$
+--
+--
+The purpose of the test is ensuring that the bytecode -> symbol table AST
+generation happens correctly. The generated .class file DOES contain LVTs, i.e.,
+it has been compiled with with "javac -g".

From 1e68ad2736bd758d11cf1a53970d14191c72c9f4 Mon Sep 17 00:00:00 2001
From: Cesar Rodriguez <cesar.rodriguez@diffblue.com>
Date: Mon, 26 Jun 2017 17:56:44 +0100
Subject: [PATCH 345/699] Documentation: functionality around
 `setup_local_variables`

- The commit also contains some lightweight code style changes and a function
  has been renamed
---
 .../java_bytecode_convert_method.cpp          |  59 ++++++--
 .../java_bytecode_convert_method_class.h      |  19 ++-
 src/java_bytecode/java_bytecode_language.cpp  |   2 +-
 .../java_local_variable_table.cpp             | 134 +++++++++++++-----
 src/java_bytecode/java_utils.cpp              |   5 +-
 5 files changed, 163 insertions(+), 56 deletions(-)

diff --git a/src/java_bytecode/java_bytecode_convert_method.cpp b/src/java_bytecode/java_bytecode_convert_method.cpp
index b20dcaab4b6..b9a3cf00063 100644
--- a/src/java_bytecode/java_bytecode_convert_method.cpp
+++ b/src/java_bytecode/java_bytecode_convert_method.cpp
@@ -109,9 +109,11 @@ static bool operator==(const irep_idt &what, const patternt &pattern)
 
 static irep_idt strip_java_namespace_prefix(const irep_idt to_strip)
 {
-  const auto to_strip_str=id2string(to_strip);
-  PRECONDITION(has_prefix(to_strip_str, "java::"));
-  return to_strip_str.substr(6, std::string::npos);
+  const std::string to_strip_str=id2string(to_strip);
+  const std::string prefix="java::";
+
+  PRECONDITION(has_prefix(to_strip_str, prefix));
+  return to_strip_str.substr(prefix.size(), std::string::npos);
 }
 
 // name contains <init> or <clinit>
@@ -283,12 +285,18 @@ void java_bytecode_convert_methodt::convert(
   const symbolt &class_symbol,
   const methodt &m)
 {
+  // Construct the fully qualified method name
+  // (e.g. "my.package.ClassName.myMethodName:(II)I") and query the symbol table
+  // to retrieve the symbol (constructed by java_bytecode_convert_method_lazy)
+  // associated to the method
   const irep_idt method_identifier=
     id2string(class_symbol.name)+"."+id2string(m.name)+":"+m.signature;
   method_id=method_identifier;
 
   const auto &old_sym=symbol_table.lookup(method_identifier);
 
+  // Obtain a std::vector of code_typet::parametert objects from the
+  // (function) type of the symbol
   typet member_type=old_sym.type;
   code_typet &code_type=to_code_type(member_type);
   method_return_type=code_type.return_type();
@@ -296,7 +304,7 @@ void java_bytecode_convert_methodt::convert(
 
   // Determine the number of local variable slots used by the JVM to maintan the
   // formal parameters
-  slots_for_parameters = java_method_parameter_slots(code_type);
+  slots_for_parameters=java_method_parameter_slots(code_type);
 
   debug() << "Generating codet: class "
              << class_symbol.name << ", method "
@@ -312,6 +320,9 @@ void java_bytecode_convert_methodt::convert(
     if(!is_parameter(v))
       continue;
 
+    // Construct a fully qualified name for the parameter v,
+    // e.g. my.package.ClassName.myMethodName:(II)I::anIntParam, and then a
+    // symbol_exprt with the parameter and its type
     typet t=java_type_from_string(v.signature);
     std::ostringstream id_oss;
     id_oss << method_id << "::" << v.name;
@@ -319,6 +330,10 @@ void java_bytecode_convert_methodt::convert(
     symbol_exprt result(identifier, t);
     result.set(ID_C_base_name, v.name);
 
+    // Create a new variablet in the variables vector; in fact this entry will
+    // be rewritten below in the loop that iterates through the method
+    // parameters; the only field that seem to be useful to write here is the
+    // symbol_expr, others will be rewritten
     variables[v.index].push_back(variablet());
     auto &newv=variables[v.index].back();
     newv.symbol_expr=result;
@@ -326,35 +341,49 @@ void java_bytecode_convert_methodt::convert(
     newv.length=v.length;
   }
 
-  // set up variables array
+  // The variables is a expanding_vectort, and the loop above may have expanded
+  // the vector introducing gaps where the entries are empty vectors. We now
+  // make sure that the vector of each LV slot contains exactly one variablet,
+  // possibly default-initialized
   std::size_t param_index=0;
   for(const auto &param : parameters)
   {
     variables[param_index].resize(1);
     param_index+=java_local_variable_slots(param.type());
   }
-  INVARIANT(param_index==slots_for_parameters,
+  INVARIANT(
+    param_index==slots_for_parameters,
     "java_parameter_count and local computation must agree");
 
-  // assign names to parameters
+  // Assign names to parameters
   param_index=0;
   for(auto &param : parameters)
   {
     irep_idt base_name, identifier;
 
+    // Construct a sensible base name (base_name) and a fully qualified name
+    // (identifier) for every parameter of the method under translation,
+    // regardless of whether we have an LVT or not; and assign it to the
+    // parameter object (which is stored in the type of the symbol, not in the
+    // symbol table)
     if(param_index==0 && param.get_this())
     {
+      // my.package.ClassName.myMethodName:(II)I::this
       base_name="this";
       identifier=id2string(method_identifier)+"::"+id2string(base_name);
     }
     else
     {
-      // in the variable table?
+      // if already present in the LVT ...
       base_name=variables[param_index][0].symbol_expr.get(ID_C_base_name);
       identifier=variables[param_index][0].symbol_expr.get(ID_identifier);
 
+      // ... then base_name will not be empty
       if(base_name.empty())
       {
+        // my.package.ClassName.myMethodName:(II)I::argNT, where N is the local
+        // variable slot where the parameter is stored and T is a character
+        // indicating the type
         const typet &type=param.type();
         char suffix=java_char_from_type(type);
         base_name="arg"+std::to_string(param_index)+suffix;
@@ -364,7 +393,7 @@ void java_bytecode_convert_methodt::convert(
     param.set_base_name(base_name);
     param.set_identifier(identifier);
 
-    // add to symbol table
+    // Build a new symbol for the parameter and add it to the symbol table
     parameter_symbolt parameter_symbol;
     parameter_symbol.base_name=base_name;
     parameter_symbol.mode=ID_java;
@@ -382,7 +411,8 @@ void java_bytecode_convert_methodt::convert(
 
   // The parameter slots detected in this function should agree with what
   // java_parameter_count() thinks about this method
-  INVARIANT(param_index==slots_for_parameters,
+  INVARIANT(
+    param_index==slots_for_parameters,
     "java_parameter_count and local computation must agree");
 
   const bool is_virtual=!m.is_static && !m.is_final;
@@ -406,6 +436,10 @@ void java_bytecode_convert_methodt::convert(
   method_symbol.location=m.source_location;
   method_symbol.location.set_function(method_identifier);
 
+  // Set up the pretty name for the method entry in the symbol table.
+  // The pretty name of a constructor includes the base name of the class
+  // instead of the internal method name "<init>". For regular methods, it's
+  // just the base name of the method.
   if(method.get_base_name()=="<init>")
     method_symbol.pretty_name=id2string(class_symbol.pretty_name)+"."+
                               id2string(class_symbol.base_name)+"()";
@@ -416,6 +450,7 @@ void java_bytecode_convert_methodt::convert(
   method_symbol.type=member_type;
   if(is_constructor(method))
     method_symbol.type.set(ID_constructor, true);
+
   current_method=method_symbol.name;
   method_has_this=code_type.has_this();
   if((!m.is_abstract) && (!m.is_native))
@@ -423,10 +458,12 @@ void java_bytecode_convert_methodt::convert(
 
   // Replace the existing stub symbol with the real deal:
   const auto s_it=symbol_table.symbols.find(method.get_name());
-  INVARIANT(s_it!=symbol_table.symbols.end(),
+  INVARIANT(
+    s_it!=symbol_table.symbols.end(),
     "the symbol was there earlier on this function; it must be there now");
   symbol_table.symbols.erase(s_it);
 
+  // Insert the method symbol in the symbol table
   symbol_table.add(method_symbol);
 }
 
diff --git a/src/java_bytecode/java_bytecode_convert_method_class.h b/src/java_bytecode/java_bytecode_convert_method_class.h
index ac635f329cd..8eba408ddff 100644
--- a/src/java_bytecode/java_bytecode_convert_method_class.h
+++ b/src/java_bytecode/java_bytecode_convert_method_class.h
@@ -62,9 +62,18 @@ class java_bytecode_convert_methodt:public messaget
   const size_t max_array_length;
   safe_pointer<ci_lazy_methodst> lazy_methods;
 
+  /// Fully qualified name of the method under translation.
+  /// Initialized by `convert`.
+  /// Example: "my.package.ClassName.myMethodName:(II)I"
   irep_idt method_id;
+
+  /// A copy of `method_id` :/
   irep_idt current_method;
+
+  /// Return type of the method under conversion.
+  /// Initialized by `convert`.
   typet method_return_type;
+
   java_string_library_preprocesst &string_preprocess;
 
   /// Number of local variable slots used by the JVM to pass parameters upon
@@ -100,7 +109,7 @@ class java_bytecode_convert_methodt:public messaget
     variablet() : symbol_expr(), start_pc(0), length(0), is_parameter(false) {}
   };
 
- protected:
+protected:
   typedef std::vector<variablet> variablest;
   expanding_vectort<variablest> variables;
   std::set<symbol_exprt> used_local_names;
@@ -154,6 +163,8 @@ class java_bytecode_convert_methodt:public messaget
   void pop_residue(std::size_t n);
   void push(const exprt::operandst &o);
 
+  /// Determines whether the `method` is a constructor or a static initializer,
+  /// by checking whether its name equals either <init> or <clinit>
   bool is_constructor(const class_typet::methodt &method);
 
   /// Returns true iff the slot index of the local variable of a method (coming
@@ -161,7 +172,7 @@ class java_bytecode_convert_methodt:public messaget
   /// `slots_for_parameters` is initialized upon call.
   bool is_parameter(const local_variablet &v)
   {
-    return v.index < slots_for_parameters;
+    return v.index<slots_for_parameters;
   }
 
   struct converted_instructiont
@@ -186,12 +197,12 @@ class java_bytecode_convert_methodt:public messaget
     java_cfg_dominatorst;
 
 protected:
-  void find_initialisers(
+  void find_initializers(
     local_variable_table_with_holest &vars,
     const address_mapt &amap,
     const java_cfg_dominatorst &doms);
 
-  void find_initialisers_for_slot(
+  void find_initializers_for_slot(
     local_variable_table_with_holest::iterator firstvar,
     local_variable_table_with_holest::iterator varlimit,
     const address_mapt &amap,
diff --git a/src/java_bytecode/java_bytecode_language.cpp b/src/java_bytecode/java_bytecode_language.cpp
index 1d37e8382df..e024653bef7 100644
--- a/src/java_bytecode/java_bytecode_language.cpp
+++ b/src/java_bytecode/java_bytecode_language.cpp
@@ -401,7 +401,7 @@ bool java_bytecode_languaget::typecheck(
     if(c_it->second.parsed_class.name.empty())
       continue;
 
-    debug() << "Converting class " << c_it->first << eom;
+    debug() << "Generating class/member symbols: " << c_it->first << eom;
 
     if(java_bytecode_convert_class(
          c_it->second,
diff --git a/src/java_bytecode/java_local_variable_table.cpp b/src/java_bytecode/java_local_variable_table.cpp
index 397ad463316..508ae02891c 100644
--- a/src/java_bytecode/java_local_variable_table.cpp
+++ b/src/java_bytecode/java_local_variable_table.cpp
@@ -56,8 +56,9 @@ struct procedure_local_cfg_baset<
     for(const auto &table_entry : method.exception_table)
     {
       auto findit=amap.find(table_entry.start_pc);
-      INVARIANT(findit!=amap.end(),
-             "Exception table entry doesn't point to an instruction?");
+      INVARIANT(
+        findit!=amap.end(),
+        "Exception table entry doesn't point to an instruction?");
       for(; findit->first<table_entry.end_pc; ++findit)
       {
         // For now just assume any non-branch
@@ -143,7 +144,7 @@ struct is_predecessor_oft
   }
 };
 
-// Helper routines for the find-initialisers code below:
+// Helper routines for the find-initializers code below:
 
 /// See above
 /// `start`: Variable to find the predecessors of `predecessor_map`: Map from
@@ -187,10 +188,12 @@ static bool is_store_to_slot(
   else
   {
     // Store shorthands, like "store_0", "store_1"
-    INVARIANT(prevstatement[6]=='_' && prevstatement.size()==8,
+    INVARIANT(
+      prevstatement[6]=='_' && prevstatement.size()==8,
       "expected store instruction looks like store_0, store_1...");
     storeslot=prevstatement[7];
-    INVARIANT(isdigit(storeslot[0]),
+    INVARIANT(
+      isdigit(storeslot[0]),
       "store_? instructions should end in a digit");
   }
   auto storeslotidx=safe_string2unsigned(storeslot);
@@ -239,20 +242,29 @@ static void populate_variable_address_map(
   }
 }
 
-/// Usually a live variable range begins with a store instruction initialising
+/// Populates the `predecessor_map` with a graph from local variable table
+/// entries to their predecessors (table entries which may flow together and
+/// thus may be considered the same live range).
+///
+/// Usually a live variable range begins with a store instruction initializing
 /// the relevant local variable slot, but instead of or in addition to this,
 /// control flow edges may exist from bytecode addresses that fall under a table
-/// entry which differs, but which has the same variable name and type
-/// descriptor. This indicates a split live range, and will be recorded in the
-/// predecessor map.
-/// \par parameters: `firstvar`-`varlimit`: range of local variable table
-///   entries to consider
-/// `live_variable_at_address`: map from bytecode address to table entry (drawn
-///   from firstvar-varlimit) live at that address
-/// `amap`: map from bytecode address to instructions
-/// \return Populates `predecessor_map` with a graph from local variable table
-///   entries to their predecessors (table entries which may flow together and
-///   thus may be considered the same live range).
+/// entry which differs (or which fall under no table entry at all), but which
+/// has the same variable name and type descriptor. This indicates a split live
+/// range, and will be recorded in the predecessor map.
+///
+/// \param firstvar:
+///   range of local variable table entries to consider
+/// \param varlimit:
+///   range of local variable table entries to consider
+/// \param live_variable_at_address:
+///   map from bytecode address to table entry (drawn from firstvar-varlimit)
+//    live at that address
+/// \param amap:
+///   map from bytecode address to instructions, this is the CFG of the java
+///   method
+/// \param [out] predecessor_map:
+///   the output of the function, populated as described above
 static void populate_predecessor_map(
   local_variable_table_with_holest::iterator firstvar,
   local_variable_table_with_holest::iterator varlimit,
@@ -266,8 +278,9 @@ static void populate_predecessor_map(
   {
     // All entries of the "local_variable_table_with_holest" processed in this
     // function concern the same Java Local Variable Table slot/register. This
-    // is because "find_initialisers()" has already sorted them.
-    INVARIANT(it->var.index==firstvar->var.index,
+    // is because "find_initializers()" has already sorted them.
+    INVARIANT(
+      it->var.index==firstvar->var.index,
       "all entries are for the same local variable slot");
 
     // Parameters are irrelevant to us and shouldn't be changed. This is because
@@ -276,42 +289,62 @@ static void populate_predecessor_map(
     if(it->is_parameter)
       continue;
 
+    msg.debug() << "ppm: processing var idx " << it->var.index
+                << " name '" << it->var.name << "' start-pc "
+                << it->var.start_pc << " len " << it->var.length
+                << "; holes " << it->holes.size() << messaget::eom;
+
     // Find the last instruction within the live range:
     unsigned end_pc=it->var.start_pc+it->var.length;
     auto amapit=amap.find(end_pc);
-    INVARIANT(amapit!=amap.begin(),
+    INVARIANT(
+      amapit!=amap.begin(),
       "current bytecode shall not be the first");
     auto old_amapit=amapit;
     --amapit;
     if(old_amapit==amap.end())
     {
-      INVARIANT(end_pc>amapit->first,
+      INVARIANT(
+        end_pc>amapit->first,
         "Instruction live range doesn't align to instruction boundary?");
     }
 
-    // Find vartable entries that flow into this one:
+    // Find vartable entries that flow into this one. For unknown reasons this
+    // loop iterates backwards, walking back from the last bytecode in the live
+    // range of variable it to the first one. For each value of the iterator
+    // "amapit" we search for instructions that jump into amapit's address
+    // (predecessors)
     unsigned new_start_pc=it->var.start_pc;
     for(; amapit->first>=it->var.start_pc; --amapit)
     {
       for(auto pred : amapit->second.predecessors)
       {
+        // pred is the address (byecode offset) of a instruction that jumps into
+        // amapit. Compute now a pointer to the variable-with-holes whose index
+        // equals that of amapit and which was alive on instruction pred, or a
+        // null pointer if no such variable exists (e.g., because no live range
+        // covers that instruction)
         auto pred_var=
           (pred<live_variable_at_address.size() ?
            live_variable_at_address[pred] :
            nullptr);
 
+        // Three cases are now possible:
+        // 1. The predecessor instruction is in the same live range: nothing to
+        // do.
         if(pred_var==&*it)
         {
-          // Flow from within same live range?
           continue;
         }
+        // 2. The predecessor instruction is in no live range among those for
+        // variable slot it->var.index
         else if(!pred_var)
         {
-          // Flow from out of range?
-          // Check if this is an initialiser, and if so expand the live range
+          // Check if this is an initializer, and if so expand the live range
           // to include it, but don't check its predecessors:
           auto inst_before_this=amapit;
-          INVARIANT(inst_before_this!=amap.begin(),
+          INVARIANT(
+            inst_before_this!=amap.begin(),
             "we shall not be on the first bytecode of the method");
           --inst_before_this;
           if(amapit->first!=it->var.start_pc || inst_before_this->first!=pred)
@@ -329,10 +362,17 @@ static void populate_predecessor_map(
                *(inst_before_this->second.source),
                it->var.index))
           {
-            throw "local variable table: didn't find initialising store";
+            msg.error() << "Local variable table: didn't find initializing "
+                        << "store for predecessor of bytecode at address "
+                        << amapit->first << " ("
+                        << amapit->second.predecessors.size()
+                        << " predecessors)" << msg.eom;
+            throw "local variable table: unexpected live ranges";
           }
           new_start_pc=pred;
         }
+        // 3. Predecessor instruction is a different range associated to the
+        // same variable slot
         else
         {
           if(pred_var->var.name!=it->var.name ||
@@ -354,7 +394,7 @@ static void populate_predecessor_map(
       }
     }
 
-    // If a simple pre-block initialiser was found,
+    // If a simple pre-block initializer was found,
     // add it to the live range now:
     it->var.length+=(it->var.start_pc-new_start_pc);
     it->var.start_pc=new_start_pc;
@@ -365,7 +405,7 @@ static void populate_predecessor_map(
 /// variable live ranges.
 /// \par parameters: `merge_vars`: Set of variables we want the common dominator
 ///   for.
-/// `dominator_analysis`: Already-initialised dominator tree
+/// `dominator_analysis`: Already-initialized dominator tree
 /// \return Returns the bytecode address of the closest common dominator of all
 ///   given variable table entries. In the worst case the function entry point
 ///   should always satisfy this criterion.
@@ -508,8 +548,8 @@ static void merge_variable_table_entries(
 /// `amap`: Map from bytecode address to instruction
 /// \return Side-effect: merges variable table entries which flow into one
 ///   another (e.g. there are branches from one live range to another without
-///   re-initialising the local slot).
-void java_bytecode_convert_methodt::find_initialisers_for_slot(
+///   re-initializing the local slot).
+void java_bytecode_convert_methodt::find_initializers_for_slot(
   local_variable_table_with_holest::iterator firstvar,
   local_variable_table_with_holest::iterator varlimit,
   const address_mapt &amap,
@@ -522,7 +562,7 @@ void java_bytecode_convert_methodt::find_initialisers_for_slot(
   populate_variable_address_map(firstvar, varlimit, live_variable_at_address);
 
   // Now find variables that flow together by
-  // walking backwards to find initialisers
+  // walking backwards to find initializers
   // or branches from other live ranges:
   predecessor_mapt predecessor_map;
   populate_predecessor_map(
@@ -565,7 +605,7 @@ void java_bytecode_convert_methodt::find_initialisers_for_slot(
       continue;
 
     const auto &merge_vars=findit->second;
-    assert(merge_vars.size()>=2);
+    INVARIANT(merge_vars.size()>=2, "merging requires at least 2 variables");
 
     merge_variable_table_entries(
       *merge_into,
@@ -600,13 +640,13 @@ static void walk_to_next_index(
   it1=old_it2;
 }
 
-/// See `find_initialisers_for_slot` above for more detail.
+/// See `find_initializers_for_slot` above for more detail.
 /// \par parameters: `vars`: Local variable table
 /// `amap`: Map from bytecode index to instruction
 /// `dominator_analysis`: Already computed dominator tree for the Java function
 ///   described by `amap`
 /// \return Combines entries in `vars` which flow together
-void java_bytecode_convert_methodt::find_initialisers(
+void java_bytecode_convert_methodt::find_initializers(
   local_variable_table_with_holest &vars,
   const address_mapt &amap,
   const java_cfg_dominatorst &dominator_analysis)
@@ -621,7 +661,7 @@ void java_bytecode_convert_methodt::find_initialisers(
   auto itend=vars.end();
   walk_to_next_index(it1, it2, itend);
   for(; it1!=itend; walk_to_next_index(it1, it2, itend))
-    find_initialisers_for_slot(it1, it2, amap, dominator_analysis);
+    find_initializers_for_slot(it1, it2, amap, dominator_analysis);
 }
 
 /// See above
@@ -649,7 +689,7 @@ static void cleanup_var_table(
   vars_with_holes.resize(vars_with_holes.size()-toremove);
 }
 
-/// See `find_initialisers_for_slot` above for more detail.
+/// See `find_initializers_for_slot` above for more detail.
 /// \par parameters: `m`: Java method
 /// `amap`: Map from bytecode indices to instructions in `m`
 /// \return Populates `this->vars_with_holes` equal to
@@ -664,6 +704,15 @@ void java_bytecode_convert_methodt::setup_local_variables(
   method_with_amapt dominator_args(m, amap);
   dominator_analysis(dominator_args);
 
+#ifdef DEBUG
+  debug() << "jcm: setup-local-vars: m.is_static "
+          << m.is_static << " m.signature " << m.signature << eom;
+  debug() << "jcm: setup-local-vars: lv arg slots "
+          << slots_for_parameters << eom;
+  debug() << "jcm: setup-local-vars: lvt size "
+          << m.local_variable_table.size() << eom;
+#endif
+
   // Find out which local variable table entries should be merged:
   // Wrap each entry so we have a data structure to work during function calls,
   // where we record live ranges with holes:
@@ -672,7 +721,7 @@ void java_bytecode_convert_methodt::setup_local_variables(
     vars_with_holes.push_back({v, is_parameter(v), {}});
 
   // Merge variable records:
-  find_initialisers(vars_with_holes, amap, dominator_analysis);
+  find_initializers(vars_with_holes, amap, dominator_analysis);
 
   // Clean up removed records from the variable table:
   cleanup_var_table(vars_with_holes);
@@ -690,6 +739,11 @@ void java_bytecode_convert_methodt::setup_local_variables(
     if(v.is_parameter)
       continue;
 
+#ifdef DEBUG
+    debug() << "jcm: setup-local-vars: merged variable: idx " << v.var.index
+            << " name " << v.var.name << " v.var.signature '"
+            << v.var.signature << "' holes " << v.holes.size() << eom;
+#endif
     typet t=java_type_from_string(v.var.signature);
     std::ostringstream id_oss;
     id_oss << method_id << "::" << v.var.start_pc << "::" << v.var.name;
@@ -697,6 +751,9 @@ void java_bytecode_convert_methodt::setup_local_variables(
     symbol_exprt result(identifier, t);
     result.set(ID_C_base_name, v.var.name);
 
+    // Create a new local variable in the variables[] array, the result of
+    // merging multiple local variables with equal name (parameters excluded)
+    // into a single local variable with holes
     variables[v.var.index].push_back(variablet());
     auto &newv=variables[v.var.index].back();
     newv.symbol_expr=result;
@@ -704,6 +761,7 @@ void java_bytecode_convert_methodt::setup_local_variables(
     newv.length=v.var.length;
     newv.holes=std::move(v.holes);
 
+    // Register the local variable in the symbol table
     symbolt new_symbol;
     new_symbol.name=identifier;
     new_symbol.type=t;
diff --git a/src/java_bytecode/java_utils.cpp b/src/java_bytecode/java_utils.cpp
index d8e6c2b39ca..656bfe1d7b2 100644
--- a/src/java_bytecode/java_utils.cpp
+++ b/src/java_bytecode/java_utils.cpp
@@ -36,7 +36,8 @@ unsigned java_local_variable_slots(const typet &t)
     bitwidth==64,
     "all types constructed in java_types.cpp encode JVM types "
     "with these bit widths");
-  INVARIANT(bitwidth!=0 || t.id()==ID_pointer,
+  INVARIANT(
+    bitwidth!=0 || t.id()==ID_pointer,
     "if bitwidth is 0, then this a reference to a class, which is 1 slot");
 
   return bitwidth==64 ? 2 : 1;
@@ -44,7 +45,7 @@ unsigned java_local_variable_slots(const typet &t)
 
 unsigned java_method_parameter_slots(const code_typet &t)
 {
-  unsigned slots = 0;
+  unsigned slots=0;
 
   for(const auto &p : t.parameters())
     slots+=java_local_variable_slots(p.type());

From d299ea29e0a51c4f78d62ea35f4f8cfd957894e5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Matthias=20G=C3=BCdemann?= <matthias.guedemann@diffblue.com>
Date: Wed, 21 Jun 2017 17:55:54 +0200
Subject: [PATCH 346/699] Allow "unknown" value assignments in JSON trace

With the exception_value support, there is the possibility to have `nil` values
assigned in the trace. These values are returned from `prop_conv.get(expr)`.
---
 src/goto-programs/json_goto_trace.cpp | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/goto-programs/json_goto_trace.cpp b/src/goto-programs/json_goto_trace.cpp
index 316b83b41f7..3f4397f3c8e 100644
--- a/src/goto-programs/json_goto_trace.cpp
+++ b/src/goto-programs/json_goto_trace.cpp
@@ -208,7 +208,6 @@ void convert(
             type_string=from_type(ns, identifier, symbol->type);
 
           json_assignment["mode"]=json_stringt(id2string(symbol->mode));
-          assert(step.full_lhs_value.is_not_nil());
           exprt simplified=simplify_array_access(step.full_lhs_value);
           full_lhs_value=json(simplified, ns, symbol->mode);
         }

From 82642b9599592b25d41c61f25a642fa9889a422b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Matthias=20G=C3=BCdemann?= <matthias.guedemann@diffblue.com>
Date: Wed, 21 Jun 2017 19:11:45 +0200
Subject: [PATCH 347/699] Add regression test for nil assigns in JSON trace

---
 regression/cbmc-java/exceptions20/A.class    | Bin 0 -> 234 bytes
 regression/cbmc-java/exceptions20/B.class    | Bin 0 -> 216 bytes
 regression/cbmc-java/exceptions20/C.class    | Bin 0 -> 216 bytes
 regression/cbmc-java/exceptions20/D.class    | Bin 0 -> 216 bytes
 regression/cbmc-java/exceptions20/test.class | Bin 0 -> 1025 bytes
 regression/cbmc-java/exceptions20/test.desc  |  11 +++++++
 regression/cbmc-java/exceptions20/test.java  |  30 +++++++++++++++++++
 7 files changed, 41 insertions(+)
 create mode 100644 regression/cbmc-java/exceptions20/A.class
 create mode 100644 regression/cbmc-java/exceptions20/B.class
 create mode 100644 regression/cbmc-java/exceptions20/C.class
 create mode 100644 regression/cbmc-java/exceptions20/D.class
 create mode 100644 regression/cbmc-java/exceptions20/test.class
 create mode 100644 regression/cbmc-java/exceptions20/test.desc
 create mode 100644 regression/cbmc-java/exceptions20/test.java

diff --git a/regression/cbmc-java/exceptions20/A.class b/regression/cbmc-java/exceptions20/A.class
new file mode 100644
index 0000000000000000000000000000000000000000..eb19ef6be2b4b0dc315cdfd2ae091ecc67882efd
GIT binary patch
literal 234
zcmXX=%MQU%5IsX5TBX7dSYn|YJ0fW$R*em@zv_l7)h5;QT~-ncAK;_J+%n0`dF0Gw
z-k;|Szyuu^b+l}>ZTJLhrczbR3H8BnOE4DMUK0FBrE*oCcQW6IUBXT`%3_ghMXt2|
zn?`X|7ha9RDZyQ5Wgg3=(s8GdmtuSpSK+~cNuZF>(>h2*dI&bhJiF;j=%dE}=pt^;
iGFr?6M(voR2k6eE2Aii<nS=&&?-zgrmldH|rMxfZ(<w^;

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/exceptions20/B.class b/regression/cbmc-java/exceptions20/B.class
new file mode 100644
index 0000000000000000000000000000000000000000..47ae8f218e49b4ac942425d72a88b21c2772b518
GIT binary patch
literal 216
zcmXX<I|{;35S-1|#Aw75SgM6Kc8XvGt6-y~e~Ax#5);VBdszt<9>7D1o9M#q%+AiT
z@6YoEV1a=P9X%U;8$Q8WsZ3RCf<B%^1Y?_@B*70=CinF<mc>!TDLcb3PedAtLN)W>
zG^(>I`7{ic1ox2FMIv{qi93}ntJy`|ga-pAfda+`BWV1+DPr)3*<v+kZX9#^0Nq(=
Wu(?~UsiDK#`vu^@<%!U3Q{ERCG9oho

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/exceptions20/C.class b/regression/cbmc-java/exceptions20/C.class
new file mode 100644
index 0000000000000000000000000000000000000000..0c9779a4c2b0d3631b1a6b0ea46fd00e04361efa
GIT binary patch
literal 216
zcmXX<I}U<S5S-;Jh+;f}rCMlXr?HU4ir8rAANUfVK}g`?y{t?uJb;HXF6t(;Gdnw*
zeZ3z~01FI!nCQ9ay9f!+N)<}43Fdf`5Ui*?N<tW`LhhPNDyxG?b9RPtnTb3Rm1^g|
zY3Y-y`81A}1b<&PRVKHpjeA<wdUh695x{~?pop=-2nK&|ix|9Nc391sTgRT>K{pl#
WT<*@-G|^!l`~vXc^F-)=Q^5xrb|N<b

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/exceptions20/D.class b/regression/cbmc-java/exceptions20/D.class
new file mode 100644
index 0000000000000000000000000000000000000000..12179e84294d669f8f9f06e51f5400f5cc8f5db6
GIT binary patch
literal 216
zcmXX<I}U<S5S-;Jh+;f}rCMlXr?G)p5gQHt17G4Z2niqWWo2UF0X&p(Q8t;K+1c6b
z`}2GOSYhNs$H2zWhEK3IDp&QEpigHp!3c_zB>0ia<-WNlvOJ0;V`m%{smNkcs&?*7
zqdu#OPor>6a1TXOrgEp+xKqojUR=aYcraiRC}aefK;!Ri5ra3(7ON$5>zMNg=*~ie
V&E4u^J=Weo00%Blg#It(eE}M}B0B&8

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/exceptions20/test.class b/regression/cbmc-java/exceptions20/test.class
new file mode 100644
index 0000000000000000000000000000000000000000..c76687b1bc7a0547086d763afd30f531210e3b7a
GIT binary patch
literal 1025
zcmZuvZBNr+6g|({ty|ZPF%&@&5kWUp<_m&uXoR7Oro#^y5+Q+fTZQ82Ok0e<g+IV&
zG?Bz5^4%Y0JhvhwVwUH*=ic47bDsYE_5BBc89X)7hl+uFCK6)ro6yBRFp(1b&_o)Q
z404z;@W@0~g0m*(@Yui;g@Fkt4Ba5|x_-Fig-)~MwiVQxLTcXgz37>ORw}P5==E;f
zRp_%l-(B9@ZMwl*NmeM@-Imi?bplWPlb{}Ldm($+ksC%eR_{8VuP|6zw|AURPNn1c
zTa}e4@cgZsbXOdz*-Ok+EkSibO+kx-96<|$I8bvxOO6w4asB`FQ^>7EPU}O%`513Q
zai|L=p&AP5`BvwIn7Pv33tH|=PiSOh(`i}GLJ<QTwZv2BS>#!;P(Z)J(AoA2e|38i
z1l@oXrGbH}g&O7+3TK&bnmcYQqIPGYdWW)8kG30nf!jXq#l@pN{z1*xaGkH#$5&Q`
zA(>93fqG+r_XT<tT1A_jI)XYRNZ=yxR2)oUkl6Z@fJ+#nm%%VDGs0pOFgwMV-$UZv
z5#{Ycr%g6`NYNV0J)~(fRee~mCWn*9_7|A@$o7zB*g8JI?77Iqxk&M!$RWQ@pu}Gy
zw$&5gj&~_xgI}u_vv^ISvT+(F$!EF06$>(nJgW;RQ;<1aL6vgU$mkWZP0kH+T_@fk
z*G;nB#Yn8gd-h3VjQ@;Kfdczo#VEHBX|FM^vAe-D&W$GN-5^SGN*)t&MJ-07tZl?-
zjA%1P<3!YvRX1sG@eCrpZJ?B2G*FgnO0L^^&cAc|cr$So&|l1bLw+BIegIwj3iJF!
RO3Ne?)^mC8yL1wm{teh!r=|b^

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/exceptions20/test.desc b/regression/cbmc-java/exceptions20/test.desc
new file mode 100644
index 00000000000..72829197eb8
--- /dev/null
+++ b/regression/cbmc-java/exceptions20/test.desc
@@ -0,0 +1,11 @@
+CORE
+test.class
+--json-ui --trace
+^EXIT=10$
+^SIGNAL=0$
+.*VERIFICATION FAILED.*
+--
+^warning: ignoring
+--
+this fails with assertion error if nil values are not allowed in assignments in
+the JSON trace
diff --git a/regression/cbmc-java/exceptions20/test.java b/regression/cbmc-java/exceptions20/test.java
new file mode 100644
index 00000000000..bc925b32d65
--- /dev/null
+++ b/regression/cbmc-java/exceptions20/test.java
@@ -0,0 +1,30 @@
+class A extends Throwable {}
+class B extends A {}
+class C extends B {}
+class D extends C {}
+
+public class test {
+ public static void main (String arg[]) {
+   try {
+     D d = new D();
+     C c = new C();
+     B b = new B();
+     A a = new A();
+     A e = a;
+     throw e;
+   }
+   catch(D exc) {
+     assert false;
+   }
+   catch(C exc) {
+     assert false;
+   }
+   catch(B exc) {
+     assert false;
+   }
+   catch(A exc) {
+     assert false;
+   }  
+ }
+}
+

From 9c94cb30bfdf207ccbc686dd96e7793a01481a07 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Tue, 2 May 2017 16:50:38 +0100
Subject: [PATCH 348/699] Correcting initialization of floatbv_typecast_exprt

This was calling initializer of binary_exprt that resize the operators
to size 2 without filling them up, which resulted in 4 operands
instead of 2 for floatbv_typecast_exprt, with two of them being empty.
---
 src/util/std_expr.h | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/src/util/std_expr.h b/src/util/std_expr.h
index 69a03bdfa9c..0d64ede33c6 100644
--- a/src/util/std_expr.h
+++ b/src/util/std_expr.h
@@ -1790,9 +1790,8 @@ class floatbv_typecast_exprt:public binary_exprt
   floatbv_typecast_exprt(
     const exprt &op,
     const exprt &rounding,
-    const typet &_type):binary_exprt(ID_floatbv_typecast, _type)
+    const typet &_type):binary_exprt(op, ID_floatbv_typecast, rounding, _type)
   {
-    copy_to_operands(op, rounding);
   }
 
   exprt &op()

From d8af6b64887e3ae50ab408187456807d06f25925 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Wed, 10 May 2017 14:04:45 +0100
Subject: [PATCH 349/699] Adding id for scientific notation of floats

---
 src/util/irep_ids.def | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/util/irep_ids.def b/src/util/irep_ids.def
index 38b8783ee8e..8a22f226fc0 100644
--- a/src/util/irep_ids.def
+++ b/src/util/irep_ids.def
@@ -797,6 +797,7 @@ IREP_ID_ONE(cprover_string_of_int_hex_func)
 IREP_ID_ONE(cprover_string_of_long_func)
 IREP_ID_ONE(cprover_string_of_bool_func)
 IREP_ID_ONE(cprover_string_of_float_func)
+IREP_ID_ONE(cprover_string_of_float_scientific_notation_func)
 IREP_ID_ONE(cprover_string_of_double_func)
 IREP_ID_ONE(cprover_string_of_char_func)
 IREP_ID_ONE(cprover_string_of_char_array_func)

From 5f28dc66d1d099cfbd2bbffe5c99c3bd59073fe8 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Wed, 10 May 2017 14:24:13 +0100
Subject: [PATCH 350/699] New file for conversion between floats and strings

This add a new file for functions of the solver responsible for adding
axioms for the conversion between floating point values and strings.
---
 .../string_constraint_generator_float.cpp     | 445 ++++++++++++++++++
 1 file changed, 445 insertions(+)
 create mode 100644 src/solvers/refinement/string_constraint_generator_float.cpp

diff --git a/src/solvers/refinement/string_constraint_generator_float.cpp b/src/solvers/refinement/string_constraint_generator_float.cpp
new file mode 100644
index 00000000000..569b44cb4c0
--- /dev/null
+++ b/src/solvers/refinement/string_constraint_generator_float.cpp
@@ -0,0 +1,445 @@
+/*******************************************************************\
+
+Module: Generates string constraints for functions generating strings
+        from other types, in particular int, long, float, double, char, bool
+
+Author: Romain Brenguier, romain.brenguier@diffblue.com
+
+\*******************************************************************/
+
+/// \file
+/// Generates string constraints for functions generating strings from other
+/// types, in particular int, long, float, double, char, bool
+
+#include <solvers/floatbv/float_bv.h>
+
+#include "string_constraint_generator.h"
+
+
+/// Gets the unbiased exponent in a floating-point bit-vector
+///
+/// TODO: factorize with float_bv.cpp float_utils.h
+/// \param src: a floating point expression
+/// \param spec: specification for floating points
+/// \return A 32 bit integer representing the exponent. Note that 32 bits are
+///   sufficient for the exponent even in octuple precision.
+exprt get_exponent(
+  const exprt &src, const ieee_float_spect &spec)
+{
+  exprt exp_bits=extractbits_exprt(
+    src, spec.f+spec.e-1, spec.f, unsignedbv_typet(spec.e));
+
+  // Exponent is in biased from (numbers form -128 to 127 are encoded with
+  // integer from 0 to 255) we have to remove the bias.
+  return minus_exprt(
+    typecast_exprt(exp_bits, signedbv_typet(32)),
+    from_integer(spec.bias(), signedbv_typet(32)));
+}
+
+/// Gets the magnitude without hidden bit
+/// \param src: a floating point expression
+/// \param spec: specification for floating points
+/// \return An unsigned value representing the magnitude.
+exprt get_magnitude(const exprt &src, const ieee_float_spect &spec)
+{
+  return extractbits_exprt(src, spec.f-1, 0, unsignedbv_typet(spec.f));
+}
+
+/// Gets the significand as a java integer, looking for the hidden bit
+/// \param src: a floating point expression
+/// \param spec: specification for floating points
+/// \param type: type of the output, should be unsigned with width greater than
+///   the width of the significand in the given spec
+/// \return An integer expression of the given type representing the
+///   significand.
+exprt get_significand(
+  const exprt &src, const ieee_float_spect &spec, const typet &type)
+{
+  assert(type.id()==ID_unsignedbv);
+  assert(to_unsignedbv_type(type).get_width()>spec.f);
+  typecast_exprt magnitude(get_magnitude(src, spec), type);
+  exprt exponent=get_exponent(src, spec);
+  equal_exprt all_zeros(exponent, from_integer(0, exponent.type()));
+  exprt hidden_bit=from_integer((1 << spec.f), type);
+  plus_exprt with_hidden_bit(magnitude, hidden_bit);
+  return if_exprt(all_zeros, magnitude, with_hidden_bit);
+}
+
+/// \param f: a floating point value in double precision
+/// \return an expression representing this floating point
+exprt constant_float(const double f, const ieee_float_spect &float_spec)
+{
+  ieee_floatt fl(float_spec);
+  if(float_spec==ieee_float_spect::single_precision())
+  {
+    fl.from_float(f);
+  }
+  else
+  {
+    assert(float_spec==ieee_float_spect::double_precision());
+    fl.from_double(f);
+  }
+  return fl.to_expr();
+}
+
+/// Round a float expression to an integer closer to 0
+/// \param f: expression representing a float
+/// \return expression representing a 32 bit integer
+exprt round_expr_to_zero(const exprt &f)
+{
+  exprt rounding=from_integer(ieee_floatt::ROUND_TO_ZERO, unsignedbv_typet(32));
+  return floatbv_typecast_exprt(f, rounding, signedbv_typet(32));
+}
+
+/// Multiplication of expressions representing floating points.
+/// Note that the rounding mode is set to ROUND_TO_EVEN.
+/// \param f: a floating point expression
+/// \param g: a floating point expression
+/// \param rounding: rounding mode
+/// \return An expression representing floating point multiplication.
+exprt floatbv_mult(const exprt &f, const exprt &g)
+{
+  ieee_floatt::rounding_modet rounding=ieee_floatt::ROUND_TO_EVEN;
+  assert(f.type()==g.type());
+  exprt mult(ID_floatbv_mult, f.type());
+  mult.copy_to_operands(f);
+  mult.copy_to_operands(g);
+  mult.copy_to_operands(from_integer(rounding, unsignedbv_typet(32)));
+  return mult;
+}
+
+/// Convert integers to floating point to be used in operations with
+/// other values that are in floating point representation.
+/// \param i: an expression representing an integer
+/// \param spec: specification for floating point numbers
+/// \return An expression representing representing the value of the input
+///   integer as a float.
+exprt floatbv_of_int_expr(const exprt &i, const ieee_float_spect &spec)
+{
+  exprt rounding=from_integer(ieee_floatt::ROUND_TO_ZERO, unsignedbv_typet(32));
+  return floatbv_typecast_exprt(i, rounding, spec.to_type());
+}
+
+/// Estimate the decimal exponent that should be used to represent a given
+/// floating point value in decimal.
+/// We are looking for d such that n * 10^d = m * 10^e, so:
+/// d = log_10(m) + log_10(2) * e - log_10(n)
+/// m -- the magnitude -- should be between 1 and 2 so log_10(m)
+/// in [0,log_10(2)].
+/// n -- the magnitude in base 10 -- should be between 1 and 10 so
+/// log_10(n) in [0, 1].
+/// So the estimate is given by:
+/// d ~=~  floor( log_10(2) * e)
+/// \param f: a floating point expression
+/// \param spec: specification for floating point
+exprt estimate_decimal_exponent(const exprt &f, const ieee_float_spect &spec)
+{
+  exprt log_10_of_2=constant_float(0.30102999566398119521373889472449302, spec);
+  exprt bin_exp=get_exponent(f, spec);
+  exprt float_bin_exp=floatbv_of_int_expr(bin_exp, spec);
+  exprt dec_exp=floatbv_mult(float_bin_exp, log_10_of_2);
+  binary_relation_exprt negative_exp(dec_exp, ID_lt, constant_float(0.0, spec));
+  // Rounding to zero is not correct for negative number, so we remove 1.
+  minus_exprt dec_minus_one(dec_exp, constant_float(1.0, spec));
+  if_exprt adjust_for_neg(negative_exp, dec_minus_one, dec_exp);
+  return round_expr_to_zero(adjust_for_neg);
+}
+
+/// add axioms corresponding to the String.valueOf(F) java function
+/// \param f: function application with one float argument
+/// \return a new string expression
+string_exprt string_constraint_generatort::add_axioms_from_float(
+  const function_application_exprt &f)
+{
+  const refined_string_typet &ref_type=to_refined_string_type(f.type());
+  return add_axioms_from_float(args(f, 1)[0], ref_type);
+}
+
+/// add axioms corresponding to the String.valueOf(D) java function
+/// \param f: function application with one double argument
+/// \return a new string expression
+string_exprt string_constraint_generatort::add_axioms_from_double(
+  const function_application_exprt &f)
+{
+  const refined_string_typet &ref_type=to_refined_string_type(f.type());
+  return add_axioms_from_float(args(f, 1)[0], ref_type);
+}
+
+/// add axioms corresponding to the integer part of m, in decimal form with no
+/// leading zeroes, followed by '.' ('\u002E'), followed by one or more decimal
+/// digits representing the fractional part of m.
+///
+/// TODO: this specification is not correct for negative numbers and
+/// double precision and floating point value that exceed 100000
+/// \param f: expression representing a float
+/// \param ref_type: refined type for strings
+/// \return a new string expression
+string_exprt string_constraint_generatort::add_axioms_from_float(
+  const exprt &f, const refined_string_typet &ref_type)
+{
+  const floatbv_typet &type=to_floatbv_type(f.type());
+  ieee_float_spect float_spec(type);
+
+  // We will look at the first 5 digits of the fractional part.
+  // shifted is floor(f * 1e5)
+  exprt shifting=constant_float(1e5, float_spec);
+  exprt shifted=round_expr_to_zero(floatbv_mult(f, shifting));
+  // fractional_part is floor(f * 100000) % 100000
+  mod_exprt fractional_part(shifted, from_integer(100000, shifted.type()));
+  string_exprt fractional_part_str=
+    add_axioms_for_fractional_part(fractional_part, 6, ref_type);
+
+  // The axiom added to convert to integer should always been satisfiable even
+  // when the precondition are not satisfied.
+  mod_exprt integer_part(
+    round_expr_to_zero(f), from_integer(1000000, shifted.type()));
+  // We should not need more than 8 characters to represent the integer
+  // part of the float.
+  string_exprt integer_part_str=add_axioms_from_int(integer_part, 8, ref_type);
+
+  return add_axioms_for_concat(integer_part_str, fractional_part_str);
+}
+
+/// add axioms for representing the fractional part of a floating point starting
+/// with a dot
+/// \param i: an integer expression
+/// \param max_size: a maximal size for the string
+/// \param ref_type: a type for refined strings
+/// \return a string expression
+string_exprt string_constraint_generatort::add_axioms_for_fractional_part(
+    const exprt &i, size_t max_size, const refined_string_typet &ref_type)
+{
+  string_exprt res=fresh_string(ref_type);
+  const typet &type=i.type();
+  assert(type.id()==ID_signedbv);
+  exprt ten=from_integer(10, type);
+  const typet &char_type=ref_type.get_char_type();
+  const typet &index_type=ref_type.get_index_type();
+  exprt zero_char=constant_char('0', char_type);
+  exprt nine_char=constant_char('9', char_type);
+  exprt max=from_integer(max_size, index_type);
+
+  // We add axioms:
+  // a1 : 2 <= |res| <= max_size
+  // a2 : forall 1 <= i < size '0' < res[i] < '9'
+  // res[0] = '.'
+  // a3 : i = sum_j 10^j res[j] - '0'
+  // for all j : !(|res| = j+1 && res[j]='0')
+  // for all j : |res| <= j => res[j]='0'
+
+  and_exprt a1(res.axiom_for_is_strictly_longer_than(1),
+               res.axiom_for_is_shorter_than(max));
+  axioms.push_back(a1);
+
+  equal_exprt starts_with_dot(res[0], from_integer('.', char_type));
+
+  exprt::operandst digit_constraints;
+  digit_constraints.push_back(starts_with_dot);
+  exprt sum=from_integer(0, type);
+
+  for(size_t j=1; j<max_size; j++)
+  {
+    binary_relation_exprt after_end(
+      res.length(), ID_le, from_integer(j, res.length().type()));
+    mult_exprt ten_sum(sum, ten);
+
+    // sum = 10 * sum + (res[j]-'0')
+    if_exprt to_add(
+      after_end,
+      from_integer(0, type),
+      typecast_exprt(minus_exprt(res[j], zero_char), type));
+    sum=plus_exprt(ten_sum, to_add);
+
+    and_exprt is_number(
+          binary_relation_exprt(res[j], ID_ge, zero_char),
+          binary_relation_exprt(res[j], ID_le, nine_char));
+    digit_constraints.push_back(is_number);
+
+    // There are no trailing zeros except for ".0" (i.e j=2)
+    if(j>1)
+    {
+      not_exprt no_trailing_zero(and_exprt(
+        equal_exprt(res.length(), from_integer(j+1, res.length().type())),
+      equal_exprt(res[j], zero_char)));
+      axioms.push_back(no_trailing_zero);
+    }
+  }
+
+  exprt a2=conjunction(digit_constraints);
+  axioms.push_back(a2);
+
+  equal_exprt a3(i, sum);
+  axioms.push_back(a3);
+
+  return res;
+}
+
+/// Add axioms to write the float in scientific notation.
+///
+/// A float is represented as $f = m * 2^e$ where $0 <= m < 2$ is the
+/// significand and $-126 <= e <= 127$ is the exponent.
+/// We want an alternate representation by finding $n$ and
+/// $d$ such that $f=n*10^d$. We can estimate $d$ the following way:
+/// $d ~= log_10(f/n) ~= log_10(m) + log_10(2) * e - log_10(n)$
+/// $d = floor(log_10(2) * e)$
+/// Then $n$ can be expressed by the equation:
+/// $log_10(n) = log_10(m) + log_10(2) * e - d$
+/// $n = f /10^d = m * 2^e / 10^d = m * 2^e / 10^(floor(log_10(2) * e))$
+///
+/// TODO: For now we only consider single precision.
+/// \param f: a float expression, which is positive
+/// \param max_size: a maximal size for the string
+/// \param ref_type: a type for refined strings
+/// \return a string expression
+string_exprt string_constraint_generatort::
+  add_axioms_from_float_scientific_notation(
+    const exprt &f, const refined_string_typet &ref_type)
+{
+  ieee_float_spect float_spec=ieee_float_spect::single_precision();
+  typet float_type=float_spec.to_type();
+  signedbv_typet int_type(32);
+
+  // This is used for rounding float to integers.
+  exprt round_to_zero_expr=from_integer(ieee_floatt::ROUND_TO_ZERO, int_type);
+
+  // `bin_exponent` is $e$ in the formulas
+  exprt bin_exponent=get_exponent(f, float_spec);
+
+  // $m$ from the formula is a value between 0.0 and 2.0 represented
+  // with values in the range 0x000000 0x0FFFFFF so 1 corresponds to 0x0800000.
+  // `bin_significand_int` represents $m * 0x800000$
+  exprt bin_significand_int=
+    get_significand(f, float_spec, unsignedbv_typet(32));
+  // `bin_significand` represents $m$ it is obtained
+  // by multiplying `binary_significand_as_int` by 1/0x800000=1.192092896e-7.
+  exprt bin_significand=floatbv_mult(
+    floatbv_typecast_exprt(bin_significand_int, round_to_zero_expr, float_type),
+    constant_float(1.192092896e-7, float_spec));
+
+  // This is a first approximation of the exponent that will adjust
+  // if the magnitude we get is greater than 10
+  exprt dec_exponent_estimate=estimate_decimal_exponent(f, float_spec);
+
+  // Table for values of $2^x / 10^(floor(log_10(2)*x))$ where x=Range[0,128]
+  std::vector<double> two_power_e_over_ten_power_d_table(
+  {1, 2, 4, 8, 1.6, 3.2, 6.4, 1.28, 2.56,
+   5.12, 1.024, 2.048, 4.096, 8.192, 1.6384, 3.2768, 6.5536,
+   1.31072, 2.62144, 5.24288, 1.04858, 2.09715, 4.19430, 8.38861, 1.67772,
+   3.35544, 6.71089, 1.34218, 2.68435, 5.36871, 1.07374, 2.14748, 4.29497,
+   8.58993, 1.71799, 3.43597, 6.87195, 1.37439, 2.74878, 5.49756, 1.09951,
+   2.19902, 4.39805, 8.79609, 1.75922, 3.51844, 7.03687, 1.40737, 2.81475,
+   5.62950, 1.12590, 2.25180, 4.50360, 9.00720, 1.80144, 3.60288, 7.20576,
+   1.44115, 2.88230, 5.76461, 1.15292, 2.30584, 4.61169, 9.22337, 1.84467,
+   3.68935, 7.37870, 1.47574, 2.95148, 5.90296, 1.18059, 2.36118, 4.72237,
+   9.44473, 1.88895, 3.77789, 7.55579, 1.51116, 3.02231, 6.04463, 1.20893,
+   2.41785, 4.83570, 9.67141, 1.93428, 3.86856, 7.73713, 1.54743, 3.09485,
+   6.18970, 1.23794, 2.47588, 4.95176, 9.90352, 1.98070, 3.96141, 7.92282,
+   1.58456, 3.16913, 6.33825, 1.26765, 2.53530, 5.07060, 1.01412, 2.02824,
+   4.05648, 8.11296, 1.62259, 3.24519, 6.49037, 1.29807, 2.59615, 5.1923,
+   1.03846, 2.07692, 4.15384, 8.30767, 1.66153, 3.32307, 6.64614, 1.32923,
+   2.65846, 5.31691, 1.06338, 2.12676, 4.25353, 8.50706, 1.70141});
+
+  // Table for values of $2^x / 10^(floor(log_10(2)*x))$ where x=Range[-128,-1]
+  std::vector<double> two_power_e_over_ten_power_d_table_negatives(
+  { 2.93874, 5.87747, 1.17549, 2.35099, 4.70198, 9.40395, 1.88079, 3.76158,
+    7.52316, 1.50463, 3.00927, 6.01853, 1.20371, 2.40741, 4.81482, 9.62965,
+    1.92593, 3.85186, 7.70372, 1.54074, 3.08149, 6.16298, 1.23260, 2.46519,
+    4.93038, 9.86076, 1.97215, 3.94430, 7.88861, 1.57772, 3.15544, 6.31089,
+    1.26218, 2.52435, 5.04871, 1.00974, 2.01948, 4.03897, 8.07794, 1.61559,
+    3.23117, 6.46235, 1.29247, 2.58494, 5.16988, 1.03398, 2.06795, 4.13590,
+    8.27181, 1.65436, 3.30872, 6.61744, 1.32349, 2.64698, 5.29396, 1.05879,
+    2.11758, 4.23516, 8.47033, 1.69407, 3.38813, 6.77626, 1.35525, 2.71051,
+    5.42101, 1.08420, 2.16840, 4.33681, 8.67362, 1.73472, 3.46945, 6.93889,
+    1.38778, 2.77556, 5.55112, 1.11022, 2.22045, 4.44089, 8.88178, 1.77636,
+    3.55271, 7.10543, 1.42109, 2.84217, 5.68434, 1.13687, 2.27374, 4.54747,
+    9.09495, 1.81899, 3.63798, 7.27596, 1.45519, 2.91038, 5.82077, 1.16415,
+    2.32831, 4.65661, 9.31323, 1.86265, 3.72529, 7.45058, 1.49012, 2.98023,
+    5.96046, 1.19209, 2.38419, 4.76837, 9.53674, 1.90735, 3.81470, 7.62939,
+    1.52588, 3.05176, 6.10352, 1.22070, 2.44141, 4.88281, 9.76563, 1.95313,
+    3.90625, 7.81250, 1.56250, 3.12500, 6.25000, 1.25000, 2.50000, 5});
+
+  // bias_table used to find the bias factor
+  exprt conversion_factor_table_size=from_integer(
+    two_power_e_over_ten_power_d_table_negatives.size()+
+      two_power_e_over_ten_power_d_table.size(),
+    int_type);
+  array_exprt conversion_factor_table(
+    array_typet(float_type, conversion_factor_table_size));
+  for(const auto &f : two_power_e_over_ten_power_d_table_negatives)
+    conversion_factor_table.copy_to_operands(constant_float(f, float_spec));
+  for(const auto &f : two_power_e_over_ten_power_d_table)
+    conversion_factor_table.copy_to_operands(constant_float(f, float_spec));
+
+  // The index in the table, corresponding to exponent e is e+128
+  plus_exprt shifted_index(bin_exponent, from_integer(128, int_type));
+
+  // bias_factor is $2^e / 10^(floor(log_10(2)*e))$ that is $2^e/10^d$
+  index_exprt conversion_factor(
+    conversion_factor_table, shifted_index, float_type);
+
+  // `dec_significand` is $n = m * bias_factor$
+  exprt dec_significand=floatbv_mult(conversion_factor, bin_significand);
+  exprt dec_significand_int=round_expr_to_zero(dec_significand);
+
+  // `dec_exponent` is $d$ in the formulas
+  // it is obtained from the approximation, checking whether it is not too small
+  binary_relation_exprt estimate_too_small(
+    dec_significand_int, ID_ge, from_integer(10, int_type));
+  if_exprt decimal_exponent(
+    estimate_too_small,
+    plus_exprt(dec_exponent_estimate, from_integer(1, int_type)),
+    dec_exponent_estimate);
+
+  // `dec_significand` is divided by 10 if it exeeds 10
+  dec_significand=if_exprt(
+    estimate_too_small,
+    floatbv_mult(dec_significand, constant_float(0.1, float_spec)),
+    dec_significand);
+  dec_significand_int=round_expr_to_zero(dec_significand);
+
+  string_exprt string_expr_integer_part=
+    add_axioms_from_int(dec_significand_int, 3, ref_type);
+  minus_exprt fractional_part(
+    dec_significand, floatbv_of_int_expr(dec_significand_int, float_spec));
+
+  // shifted_float is floor(f * 1e5)
+  exprt shifting=constant_float(1e5, float_spec);
+  exprt shifted_float=
+    round_expr_to_zero(floatbv_mult(fractional_part, shifting));
+
+  // fractional_part_shifted is floor(f * 100000) % 100000
+  mod_exprt fractional_part_shifted(
+    shifted_float, from_integer(100000, shifted_float.type()));
+
+  string_exprt string_fractional_part=add_axioms_for_fractional_part(
+    fractional_part_shifted, 6, ref_type);
+
+  // string_expr_with_fractional_part =
+  //   concat(string_with_do, string_fractional_part)
+  string_exprt string_expr_with_fractional_part=add_axioms_for_concat(
+    string_expr_integer_part, string_fractional_part);
+
+  // string_expr_with_E = concat(string_magnitude, string_lit_E)
+  string_exprt string_expr_with_E=add_axioms_for_concat_char(
+    string_expr_with_fractional_part,
+    from_integer('E', ref_type.get_char_type()));
+
+  // exponent_string = string_of_int(decimal_exponent)
+  string_exprt exponent_string=add_axioms_from_int(
+    decimal_exponent, 3, ref_type);
+
+  // string_expr = concat(string_expr_with_E, exponent_string)
+  return add_axioms_for_concat(string_expr_with_E, exponent_string);
+}
+
+/// add axioms corresponding to the scientific representation of floating point
+/// values
+/// \param f: a function application expression
+/// \return a new string expression
+string_exprt string_constraint_generatort::
+  add_axioms_from_float_scientific_notation(
+    const function_application_exprt &f)
+{
+  const refined_string_typet &ref_type=to_refined_string_type(f.type());
+  return add_axioms_from_float_scientific_notation(args(f, 1)[0], ref_type);
+}

From 518efa49785a82d93c0c1a8cd40b9c8d13f4ca6b Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Wed, 10 May 2017 14:23:06 +0100
Subject: [PATCH 351/699] Conversion between string and float moved into a new
 file

We remove the add_axioms_from_float that was defined in
string_constraint_generator_valueof.cpp and use the new one from
string_constraint_generator_float.cpp instead.

We add string_constraint_generator_float.cpp to Makefile

We also define an helper method for concatenation of char which can be
used in float conversion.

Improved documentation in string_constraint_generator_valueof
and in string_constraint_generator_concat.
---
 src/solvers/Makefile                          |   1 +
 .../refinement/string_constraint_generator.h  |  13 +-
 .../string_constraint_generator_concat.cpp    |  19 +-
 .../string_constraint_generator_insert.cpp    |   4 +-
 .../string_constraint_generator_main.cpp      |   2 +
 .../string_constraint_generator_valueof.cpp   | 176 +++---------------
 6 files changed, 61 insertions(+), 154 deletions(-)

diff --git a/src/solvers/Makefile b/src/solvers/Makefile
index 3f3465277a3..5c994aefc14 100644
--- a/src/solvers/Makefile
+++ b/src/solvers/Makefile
@@ -165,6 +165,7 @@ SRC = $(BOOLEFORCE_SRC) \
       refinement/string_constraint_generator_constants.cpp \
       refinement/string_constraint_generator_indexof.cpp \
       refinement/string_constraint_generator_insert.cpp \
+      refinement/string_constraint_generator_float.cpp \
       refinement/string_constraint_generator_main.cpp \
       refinement/string_constraint_generator_testing.cpp \
       refinement/string_constraint_generator_transformation.cpp \
diff --git a/src/solvers/refinement/string_constraint_generator.h b/src/solvers/refinement/string_constraint_generator.h
index 447bfd5f6f0..6812a28cf0d 100644
--- a/src/solvers/refinement/string_constraint_generator.h
+++ b/src/solvers/refinement/string_constraint_generator.h
@@ -155,6 +155,8 @@ class string_constraint_generatort
   string_exprt add_axioms_for_concat_long(const function_application_exprt &f);
   string_exprt add_axioms_for_concat_bool(const function_application_exprt &f);
   string_exprt add_axioms_for_concat_char(const function_application_exprt &f);
+  string_exprt add_axioms_for_concat_char(
+    const string_exprt &string_expr, const exprt &char_expr);
   string_exprt add_axioms_for_concat_double(
     const function_application_exprt &f);
   string_exprt add_axioms_for_concat_float(const function_application_exprt &f);
@@ -236,9 +238,14 @@ class string_constraint_generatort
   // the start for negative number
   string_exprt add_axioms_from_float(const function_application_exprt &f);
   string_exprt add_axioms_from_float(
-    const exprt &f,
-    const refined_string_typet &ref_type,
-    bool double_precision);
+    const exprt &f, const refined_string_typet &ref_type);
+
+  string_exprt add_axioms_for_fractional_part(
+    const exprt &i, size_t max_size, const refined_string_typet &ref_type);
+  string_exprt add_axioms_from_float_scientific_notation(
+    const exprt &f, const refined_string_typet &ref_type);
+  string_exprt add_axioms_from_float_scientific_notation(
+    const function_application_exprt &f);
 
   // Add axioms corresponding to the String.valueOf(D) java function
   // TODO: the specifications is only partial
diff --git a/src/solvers/refinement/string_constraint_generator_concat.cpp b/src/solvers/refinement/string_constraint_generator_concat.cpp
index b2c9a418055..a1b73940af2 100644
--- a/src/solvers/refinement/string_constraint_generator_concat.cpp
+++ b/src/solvers/refinement/string_constraint_generator_concat.cpp
@@ -148,9 +148,22 @@ string_exprt string_constraint_generatort::add_axioms_for_concat_char(
   const function_application_exprt &f)
 {
   string_exprt s1=get_string_expr(args(f, 2)[0]);
-  const refined_string_typet &ref_type=to_refined_string_type(s1.type());
-  string_exprt s2=add_axioms_from_char(args(f, 2)[1], ref_type);
-  return add_axioms_for_concat(s1, s2);
+  return add_axioms_for_concat_char(s1, args(f, 2)[1]);
+}
+
+/// Add axioms corresponding adding the character char at the end of
+/// string_expr.
+/// \param string_expr: a string expression
+/// \param char' a character expression
+/// \return a new string expression
+
+string_exprt string_constraint_generatort::add_axioms_for_concat_char(
+  const string_exprt &string_expr, const exprt &char_expr)
+{
+  const refined_string_typet &ref_type=
+    to_refined_string_type(string_expr.type());
+  string_exprt s2=add_axioms_from_char(char_expr, ref_type);
+  return add_axioms_for_concat(string_expr, s2);
 }
 
 /// Add axioms corresponding to the StringBuilder.append(D) java function
diff --git a/src/solvers/refinement/string_constraint_generator_insert.cpp b/src/solvers/refinement/string_constraint_generator_insert.cpp
index 0fb39e8a658..b0424fd6f87 100644
--- a/src/solvers/refinement/string_constraint_generator_insert.cpp
+++ b/src/solvers/refinement/string_constraint_generator_insert.cpp
@@ -119,7 +119,7 @@ string_exprt string_constraint_generatort::add_axioms_for_insert_double(
 {
   string_exprt s1=get_string_expr(args(f, 3)[0]);
   const refined_string_typet &ref_type=to_refined_string_type(s1.type());
-  string_exprt s2=add_axioms_from_float(args(f, 3)[2], ref_type, true);
+  string_exprt s2=add_axioms_from_float(args(f, 3)[2], ref_type);
   return add_axioms_for_insert(s1, s2, args(f, 3)[1]);
 }
 
@@ -133,7 +133,7 @@ string_exprt string_constraint_generatort::add_axioms_for_insert_float(
 {
   string_exprt s1=get_string_expr(args(f, 3)[0]);
   const refined_string_typet &ref_type=to_refined_string_type(s1.type());
-  string_exprt s2=add_axioms_from_float(args(f, 3)[2], ref_type, false);
+  string_exprt s2=add_axioms_from_float(args(f, 3)[2], ref_type);
   return add_axioms_for_insert(s1, s2, args(f, 3)[1]);
 }
 
diff --git a/src/solvers/refinement/string_constraint_generator_main.cpp b/src/solvers/refinement/string_constraint_generator_main.cpp
index df7589529be..11b1a0aa893 100644
--- a/src/solvers/refinement/string_constraint_generator_main.cpp
+++ b/src/solvers/refinement/string_constraint_generator_main.cpp
@@ -454,6 +454,8 @@ exprt string_constraint_generatort::add_axioms_for_function_application(
     res=add_axioms_from_int_hex(expr);
   else if(id==ID_cprover_string_of_float_func)
     res=add_axioms_from_float(expr);
+  else if(id==ID_cprover_string_of_float_scientific_notation_func)
+    res=add_axioms_from_float_scientific_notation(expr);
   else if(id==ID_cprover_string_of_double_func)
     res=add_axioms_from_double(expr);
   else if(id==ID_cprover_string_of_long_func)
diff --git a/src/solvers/refinement/string_constraint_generator_valueof.cpp b/src/solvers/refinement/string_constraint_generator_valueof.cpp
index 7416bc1a341..914df80ee03 100644
--- a/src/solvers/refinement/string_constraint_generator_valueof.cpp
+++ b/src/solvers/refinement/string_constraint_generator_valueof.cpp
@@ -12,10 +12,9 @@ Author: Romain Brenguier, romain.brenguier@diffblue.com
 ///   types, in particular int, long, float, double, char, bool
 
 #include <solvers/refinement/string_constraint_generator.h>
-#include <solvers/floatbv/float_bv.h>
 
-/// add axioms corresponding to the String.valueOf(I) java function
-/// \par parameters: function application with one integer argument
+/// Add axioms corresponding to the String.valueOf(I) java function.
+/// \param expr: function application with one integer argument
 /// \return a new string expression
 string_exprt string_constraint_generatort::add_axioms_from_int(
   const function_application_exprt &expr)
@@ -24,8 +23,8 @@ string_exprt string_constraint_generatort::add_axioms_from_int(
   return add_axioms_from_int(args(expr, 1)[0], MAX_INTEGER_LENGTH, ref_type);
 }
 
-/// add axioms corresponding to the String.valueOf(J) java function
-/// \par parameters: function application with one long argument
+/// Add axioms corresponding to the String.valueOf(J) java function.
+/// \param expr: function application with one long argument
 /// \return a new string expression
 string_exprt string_constraint_generatort::add_axioms_from_long(
   const function_application_exprt &expr)
@@ -34,125 +33,8 @@ string_exprt string_constraint_generatort::add_axioms_from_long(
   return add_axioms_from_int(args(expr, 1)[0], MAX_LONG_LENGTH, ref_type);
 }
 
-/// add axioms corresponding to the String.valueOf(F) java function
-/// \par parameters: function application with one float argument
-/// \return a new string expression
-string_exprt string_constraint_generatort::add_axioms_from_float(
-  const function_application_exprt &f)
-{
-  const refined_string_typet &ref_type=to_refined_string_type(f.type());
-  return add_axioms_from_float(args(f, 1)[0], ref_type, false);
-}
-
-/// add axioms corresponding to the String.valueOf(D) java function
-/// \par parameters: function application with one double argument
-/// \return a new string expression
-string_exprt string_constraint_generatort::add_axioms_from_double(
-  const function_application_exprt &f)
-{
-  const refined_string_typet &ref_type=to_refined_string_type(f.type());
-  return add_axioms_from_float(args(f, 1)[0], ref_type, true);
-}
-
-/// add axioms corresponding to the String.valueOf(F) java function Warning: we
-/// currently only have partial specification
-/// \par parameters: float expression and Boolean signaling that the argument
-///   has
-/// double precision
-/// \return a new string expression
-string_exprt string_constraint_generatort::add_axioms_from_float(
-  const exprt &f, const refined_string_typet &ref_type, bool double_precision)
-{
-  string_exprt res=fresh_string(ref_type);
-  const typet &index_type=ref_type.get_index_type();
-  const typet &char_type=ref_type.get_char_type();
-  const exprt &index24=from_integer(24, index_type);
-  axioms.push_back(res.axiom_for_is_shorter_than(index24));
-
-  string_exprt magnitude=fresh_string(ref_type);
-  string_exprt sign_string=fresh_string(ref_type);
-  string_exprt nan_string=add_axioms_for_constant("NaN", ref_type);
-
-  // We add the axioms:
-  // a1 : If the argument is NaN, the result length is that of "NaN".
-  // a2 : If the argument is NaN, the result content is the string "NaN".
-  // a3 : f<0 => |sign_string|=1
-  // a4 : f>=0 => |sign_string|=0
-  // a5 : f<0 => sign_string[0]='-'
-  // a6 : f infinite => |magnitude|=|"Infinity"|
-  // a7 : forall i<|"Infinity"|, f infinite => magnitude[i]="Infinity"[i]
-  // a8 : f=0 => |magnitude|=|"0.0"|
-  // a9 : forall i<|"0.0"|, f=0 => f[i]="0.0"[i]
-
-  ieee_float_spect fspec=
-    double_precision?ieee_float_spect::double_precision()
-    :ieee_float_spect::single_precision();
-
-  exprt isnan=float_bvt().isnan(f, fspec);
-  implies_exprt a1(isnan, magnitude.axiom_for_has_same_length_as(nan_string));
-  axioms.push_back(a1);
-
-  symbol_exprt qvar=fresh_univ_index("QA_equal_nan", index_type);
-  string_constraintt a2(
-    qvar,
-    nan_string.length(),
-    isnan,
-    equal_exprt(magnitude[qvar], nan_string[qvar]));
-  axioms.push_back(a2);
-
-  // If the argument is not NaN, the result is a string that represents
-  // the sign and magnitude (absolute value) of the argument.
-  // If the sign is negative, the first character of the result is '-';
-  // if the sign is positive, no sign character appears in the result.
-
-  bitvector_typet bv_type=to_bitvector_type(f.type());
-  unsigned width=bv_type.get_width();
-  exprt isneg=extractbit_exprt(f, width-1);
-
-  implies_exprt a3(isneg, sign_string.axiom_for_has_length(1));
-  axioms.push_back(a3);
-
-  implies_exprt a4(not_exprt(isneg), sign_string.axiom_for_has_length(0));
-  axioms.push_back(a4);
-
-  implies_exprt a5(
-    isneg, equal_exprt(sign_string[0], constant_char('-', char_type)));
-  axioms.push_back(a5);
-
-  // If m is infinity, it is represented by the characters "Infinity";
-  // thus, positive infinity produces the result "Infinity" and negative
-  // infinity produces the result "-Infinity".
-
-  string_exprt infinity_string=add_axioms_for_constant("Infinity", ref_type);
-  exprt isinf=float_bvt().isinf(f, fspec);
-  implies_exprt a6(
-    isinf, magnitude.axiom_for_has_same_length_as(infinity_string));
-  axioms.push_back(a6);
-
-  symbol_exprt qvar_inf=fresh_univ_index("QA_equal_infinity", index_type);
-  equal_exprt meq(magnitude[qvar_inf], infinity_string[qvar_inf]);
-  string_constraintt a7(qvar_inf, infinity_string.length(), isinf, meq);
-  axioms.push_back(a7);
-
-  // If m is zero, it is represented by the characters "0.0"; thus, negative
-  // zero produces the result "-0.0" and positive zero produces "0.0".
-
-  string_exprt zero_string=add_axioms_for_constant("0.0", ref_type);
-  exprt iszero=float_bvt().is_zero(f, fspec);
-  implies_exprt a8(iszero, magnitude.axiom_for_has_same_length_as(zero_string));
-  axioms.push_back(a8);
-
-  symbol_exprt qvar_zero=fresh_univ_index("QA_equal_zero", index_type);
-  equal_exprt eq_zero(magnitude[qvar_zero], zero_string[qvar_zero]);
-  string_constraintt a9(qvar_zero, zero_string.length(), iszero, eq_zero);
-  axioms.push_back(a9);
-
-  return add_axioms_for_concat(sign_string, magnitude);
-}
-
-
-/// add axioms corresponding to the String.valueOf(Z) java function
-/// \par parameters: function application with on Boolean argument
+/// Add axioms corresponding to the String.valueOf(Z) java function.
+/// \param f: function application with a Boolean argument
 /// \return a new string expression
 string_exprt string_constraint_generatort::add_axioms_from_bool(
   const function_application_exprt &f)
@@ -161,10 +43,10 @@ string_exprt string_constraint_generatort::add_axioms_from_bool(
   return add_axioms_from_bool(args(f, 1)[0], ref_type);
 }
 
-
-/// add axioms stating that the returned string equals "true" when the Boolean
-/// expression is true and "false" when it is false
-/// \par parameters: Boolean expression
+/// Add axioms stating that the returned string equals "true" when the Boolean
+/// expression is true and "false" when it is false.
+/// \param b: Boolean expression
+/// \param ref_type: type of refined string expressions
 /// \return a new string expression
 string_exprt string_constraint_generatort::add_axioms_from_bool(
   const exprt &b, const refined_string_typet &ref_type)
@@ -329,8 +211,8 @@ string_exprt string_constraint_generatort::add_axioms_from_int(
   return res;
 }
 
-/// returns the value represented by the character
-/// \par parameters: a character expression in the following set:
+/// Returns the integer value represented by the character.
+/// \param chr: a character expression in the following set:
 ///   0123456789abcdef
 /// \return an integer expression
 exprt string_constraint_generatort::int_of_hex_char(const exprt &chr) const
@@ -344,9 +226,10 @@ exprt string_constraint_generatort::int_of_hex_char(const exprt &chr) const
     minus_exprt(chr, zero_char));
 }
 
-/// add axioms stating that the returned string corresponds to the integer
-/// argument written in hexadecimal
-/// \par parameters: one integer argument
+/// Add axioms stating that the returned string corresponds to the integer
+/// argument written in hexadecimal.
+/// \param i: an integer argument
+/// \param ref_type: type of refined string expressions
 /// \return a new string expression
 string_exprt string_constraint_generatort::add_axioms_from_int_hex(
   const exprt &i, const refined_string_typet &ref_type)
@@ -402,7 +285,7 @@ string_exprt string_constraint_generatort::add_axioms_from_int_hex(
 }
 
 /// add axioms corresponding to the Integer.toHexString(I) java function
-/// \par parameters: function application with integer argument
+/// \param f: function application with an integer argument
 /// \return a new string expression
 string_exprt string_constraint_generatort::add_axioms_from_int_hex(
   const function_application_exprt &f)
@@ -411,8 +294,8 @@ string_exprt string_constraint_generatort::add_axioms_from_int_hex(
   return add_axioms_from_int_hex(args(f, 1)[0], ref_type);
 }
 
-/// add axioms corresponding to the String.valueOf(C) java function
-/// \par parameters: function application one char argument
+/// Add axioms corresponding to the String.valueOf(C) java function.
+/// \param f: function application one char argument
 /// \return a new string expression
 string_exprt string_constraint_generatort::add_axioms_from_char(
   const function_application_exprt &f)
@@ -421,9 +304,10 @@ string_exprt string_constraint_generatort::add_axioms_from_char(
   return add_axioms_from_char(args(f, 1)[0], ref_type);
 }
 
-/// add axioms stating that the returned string has length 1 and the character
-/// it contains correspond to the input expression
-/// \par parameters: one expression of type char
+/// Add axioms stating that the returned string has length 1 and the character
+/// it contains correspond to the input expression.
+/// \param c: one expression of type char
+/// \param ref_type: type of refined string expressions
 /// \return a new string expression
 string_exprt string_constraint_generatort::add_axioms_from_char(
   const exprt &c, const refined_string_typet &ref_type)
@@ -434,9 +318,9 @@ string_exprt string_constraint_generatort::add_axioms_from_char(
   return res;
 }
 
-/// add axioms corresponding to the String.valueOf([C) and String.valueOf([CII)
-/// functions
-/// \par parameters: function application with one or three arguments
+/// Add axioms corresponding to the String.valueOf([C) and String.valueOf([CII)
+/// functions.
+/// \param f: function application with one or three arguments
 /// \return a new string expression
 string_exprt string_constraint_generatort::add_axioms_for_value_of(
   const function_application_exprt &f)
@@ -471,9 +355,9 @@ string_exprt string_constraint_generatort::add_axioms_for_value_of(
   }
 }
 
-/// add axioms making the return value true if the given string is a correct
-/// number
-/// \par parameters: function application with one string expression
+/// Add axioms making the return value true if the given string is a correct
+/// number.
+/// \param f: function application with one string expression
 /// \return an boolean expression
 exprt string_constraint_generatort::add_axioms_for_correct_number_format(
   const string_exprt &str, std::size_t max_size)
@@ -527,7 +411,7 @@ exprt string_constraint_generatort::add_axioms_for_correct_number_format(
 }
 
 /// add axioms corresponding to the Integer.parseInt java function
-/// \par parameters: function application with one string expression
+/// \param f: function application with one string expression
 /// \return an integer expression
 exprt string_constraint_generatort::add_axioms_for_parse_int(
   const function_application_exprt &f)

From 685a105e25c6957064ce30d1699b4d600cfe7b59 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Thu, 15 Jun 2017 09:37:20 +0100
Subject: [PATCH 352/699] Improving the float to string conversion in the
 preprocessing

Also improves the string preprocessing documentation
---
 .../java_string_library_preprocess.cpp        | 251 ++++++++++++------
 .../java_string_library_preprocess.h          |   3 +-
 2 files changed, 173 insertions(+), 81 deletions(-)

diff --git a/src/java_bytecode/java_string_library_preprocess.cpp b/src/java_bytecode/java_string_library_preprocess.cpp
index d19b649908a..7839f6724d4 100644
--- a/src/java_bytecode/java_string_library_preprocess.cpp
+++ b/src/java_bytecode/java_string_library_preprocess.cpp
@@ -29,6 +29,8 @@ Date:   April 2017
 
 /// \param type: a type
 /// \param tag: a string
+/// \return Boolean telling whether the type is a struct with the given tag or a
+///   symbolic type with the tag prefixed by "java::"
 bool java_string_library_preprocesst::java_type_matches_tag(
   const typet &type, const std::string &tag)
 {
@@ -45,7 +47,8 @@ bool java_string_library_preprocesst::java_type_matches_tag(
   return false;
 }
 
-/// \par parameters: a type
+/// \param type: a type
+/// \return Boolean telling whether the type is that of java string pointer
 bool java_string_library_preprocesst::is_java_string_pointer_type(
   const typet &type)
 {
@@ -58,21 +61,25 @@ bool java_string_library_preprocesst::is_java_string_pointer_type(
   return false;
 }
 
-/// \par parameters: a type
+/// \param type: a type
+/// \return Boolean telling whether the type is that of java string
 bool java_string_library_preprocesst::is_java_string_type(
   const typet &type)
 {
   return java_type_matches_tag(type, "java.lang.String");
 }
 
-/// \par parameters: a type
+/// \param type: a type
+/// \return Boolean telling whether the type is that of java StringBuilder
 bool java_string_library_preprocesst::is_java_string_builder_type(
   const typet &type)
 {
   return java_type_matches_tag(type, "java.lang.StringBuilder");
 }
 
-/// \par parameters: a type
+/// \param type: a type
+/// \return Boolean telling whether the type is that of java StringBuilder
+///   pointers
 bool java_string_library_preprocesst::is_java_string_builder_pointer_type(
   const typet &type)
 {
@@ -85,14 +92,17 @@ bool java_string_library_preprocesst::is_java_string_builder_pointer_type(
   return false;
 }
 
-/// \par parameters: a type
+/// \param type: a type
+/// \return Boolean telling whether the type is that of java StringBuffer
 bool java_string_library_preprocesst::is_java_string_buffer_type(
   const typet &type)
 {
   return java_type_matches_tag(type, "java.lang.StringBuffer");
 }
 
-/// \par parameters: a type
+/// \param type: a type
+/// \return Boolean telling whether the type is that of java StringBuffer
+///   pointers
 bool java_string_library_preprocesst::is_java_string_buffer_pointer_type(
   const typet &type)
 {
@@ -105,14 +115,17 @@ bool java_string_library_preprocesst::is_java_string_buffer_pointer_type(
   return false;
 }
 
-/// \par parameters: a type
+/// \param type: a type
+/// \return Boolean telling whether the type is that of java char sequence
 bool java_string_library_preprocesst::is_java_char_sequence_type(
   const typet &type)
 {
   return java_type_matches_tag(type, "java.lang.CharSequence");
 }
 
-/// \par parameters: a type
+/// \param type: a type
+/// \return Boolean telling whether the type is that of a pointer to a java char
+///   sequence
 bool java_string_library_preprocesst::is_java_char_sequence_pointer_type(
   const typet &type)
 {
@@ -125,7 +138,8 @@ bool java_string_library_preprocesst::is_java_char_sequence_pointer_type(
   return false;
 }
 
-/// \par parameters: a type
+/// \param type: a type
+/// \return Boolean telling whether the type is that of java char array
 bool java_string_library_preprocesst::is_java_char_array_type(
   const typet &type)
 {
@@ -148,6 +162,7 @@ bool java_string_library_preprocesst::is_java_char_array_pointer_type(
 }
 
 /// \param symbol_table: a symbol_table containing an entry for java Strings
+/// \return the type of data fields in java Strings.
 typet string_data_type(symbol_tablet symbol_table)
 {
   symbolt sym=symbol_table.lookup("java::java.lang.String");
@@ -242,6 +257,7 @@ void java_string_library_preprocesst::declare_function(
 /// \param symbol_table: symbol table
 /// \param init_code: code block, in which declaration of some arguments may be
 ///   added
+/// \return a list of expressions
 exprt::operandst java_string_library_preprocesst::process_parameters(
   const code_typet::parameterst &params,
   const source_locationt &loc,
@@ -295,6 +311,7 @@ void java_string_library_preprocesst::process_single_operand(
 /// \param symbol_table: symbol table
 /// \param init_code: code block, in which declaration of some arguments may be
 ///   added
+/// \return a list of expressions
 exprt::operandst java_string_library_preprocesst::process_operands(
   const exprt::operandst &operands,
   const source_locationt &loc,
@@ -329,6 +346,7 @@ exprt::operandst java_string_library_preprocesst::process_operands(
 /// \param symbol_table: symbol table
 /// \param init_code: code block, in which declaration of some arguments may be
 ///   added
+/// \return a list of expressions
 exprt::operandst
   java_string_library_preprocesst::process_equals_function_operands(
   const exprt::operandst &operands,
@@ -357,6 +375,7 @@ exprt::operandst
 /// Finds the type of the data component
 /// \param type: a type containing a "data" component
 /// \param symbol_table: symbol table
+/// \return type of the "data" component
 typet java_string_library_preprocesst::get_data_type(
   const typet &type, const symbol_tablet &symbol_table)
 {
@@ -380,6 +399,7 @@ typet java_string_library_preprocesst::get_data_type(
 /// Finds the type of the length component
 /// \param type: a type containing a "length" component
 /// \param symbol_table: symbol table
+/// \return type of the "length" component
 typet java_string_library_preprocesst::get_length_type(
   const typet &type, const symbol_tablet &symbol_table)
 {
@@ -403,6 +423,7 @@ typet java_string_library_preprocesst::get_length_type(
 /// access length member
 /// \param expr: an expression of structured type with length component
 /// \param symbol_table: symbol table
+/// \return expression representing the "length" member
 exprt java_string_library_preprocesst::get_length(
   const exprt &expr, const symbol_tablet &symbol_table)
 {
@@ -413,6 +434,7 @@ exprt java_string_library_preprocesst::get_length(
 /// access data member
 /// \param expr: an expression of structured type with length component
 /// \param symbol_table: symbol table
+/// \return expression representing the "data" member
 exprt java_string_library_preprocesst::get_data(
   const exprt &expr, const symbol_tablet &symbol_table)
 {
@@ -425,6 +447,7 @@ exprt java_string_library_preprocesst::get_data(
 /// \param loc: location in the source
 /// \param symbol_table: symbol table
 /// \param code: code block, in which some assignments will be added
+/// \return a string expression
 string_exprt java_string_library_preprocesst::replace_char_array(
   const exprt &array_pointer,
   const source_locationt &loc,
@@ -464,6 +487,7 @@ string_exprt java_string_library_preprocesst::replace_char_array(
 /// \param type: a type for refined strings
 /// \param loc: a location in the program
 /// \param symbol_table: symbol table
+/// \return a new symbol
 symbol_exprt java_string_library_preprocesst::fresh_string(
   const typet &type, const source_locationt &loc, symbol_tablet &symbol_table)
 {
@@ -478,6 +502,7 @@ symbol_exprt java_string_library_preprocesst::fresh_string(
 /// \param loc: a location in the program
 /// \param symbol_table: symbol table
 /// \param code: code block to which allocation instruction will be added
+/// \return a new string_expr
 string_exprt java_string_library_preprocesst::fresh_string_expr(
   const source_locationt &loc, symbol_tablet &symbol_table, code_blockt &code)
 {
@@ -503,6 +528,7 @@ string_exprt java_string_library_preprocesst::fresh_string_expr(
 /// \param loc: a location in the program
 /// \param symbol_table: symbol table
 /// \param code: code block to which allocation instruction will be added
+/// \return a new expression of refined string type
 exprt java_string_library_preprocesst::fresh_string_expr_symbol(
   const source_locationt &loc, symbol_tablet &symbol_table, code_blockt &code)
 {
@@ -522,6 +548,7 @@ exprt java_string_library_preprocesst::fresh_string_expr_symbol(
 /// \param loc: a location in the program
 /// \param symbol_table: symbol table
 /// \param code: code block to which allocation instruction will be added
+/// \return a new string
 exprt java_string_library_preprocesst::allocate_fresh_string(
   const typet &type,
   const source_locationt &loc,
@@ -540,6 +567,7 @@ exprt java_string_library_preprocesst::allocate_fresh_string(
 /// \param loc: a location in the program
 /// \param symbol_table: symbol table
 /// \param code: code block to which allocation instruction will be added
+/// \return a new array
 exprt java_string_library_preprocesst::allocate_fresh_array(
   const typet &type,
   const source_locationt &loc,
@@ -557,6 +585,7 @@ exprt java_string_library_preprocesst::allocate_fresh_array(
 /// \param arguments: a list of arguments
 /// \param type: return type of the function
 /// \param symbol_table: a symbol table
+/// \return a function application representing: function_name(arguments)
 exprt java_string_library_preprocesst::make_function_application(
   const irep_idt &function_name,
   const exprt::operandst &arguments,
@@ -580,6 +609,7 @@ exprt java_string_library_preprocesst::make_function_application(
 /// \param function_name: the name of the function
 /// \param arguments: a list of arguments
 /// \param symbol_table: a symbol table
+/// \return the following code: > lhs=function_name_length(arguments)
 codet java_string_library_preprocesst::code_assign_function_application(
   const exprt &lhs,
   const irep_idt &function_name,
@@ -596,6 +626,7 @@ codet java_string_library_preprocesst::code_assign_function_application(
 /// \param arguments: a list of arguments
 /// \param type: the return type
 /// \param symbol_table: a symbol table
+/// \return the following code: > return function_name_length(arguments)
 codet java_string_library_preprocesst::code_return_function_application(
   const irep_idt &function_name,
   const exprt::operandst &arguments,
@@ -611,6 +642,9 @@ codet java_string_library_preprocesst::code_return_function_application(
 /// \param function_name: the name of the function
 /// \param arguments: arguments of the function
 /// \param symbol_table: symbol table
+/// \return return the following code: > str.length <-
+///   function_name_length(arguments) > str.data <-
+///   function_name_data(arguments)
 codet java_string_library_preprocesst::code_assign_function_to_string_expr(
   const string_exprt &string_expr,
   const irep_idt &function_name,
@@ -635,6 +669,9 @@ codet java_string_library_preprocesst::code_assign_function_to_string_expr(
 /// \param loc: a location in the program
 /// \param symbol_table: symbol table
 /// \param code: code block in which we add instructions
+/// \return return a string expr str and add the following code: > array
+///   str.data > str.length <- function_name_length(arguments) > str.data <-
+///   function_name_data(arguments)
 string_exprt java_string_library_preprocesst::
   string_expr_of_function_application(
     const irep_idt &function_name,
@@ -654,6 +691,8 @@ string_exprt java_string_library_preprocesst::
 /// \param rhs_array: pointer to the array to assign
 /// \param rhs_length: length of the array to assign
 /// \param symbol_table: symbol table
+/// \return return the following code: > lhs = { {Object}, length=rhs_length,
+///   data=rhs_array }
 codet java_string_library_preprocesst::code_assign_components_to_java_string(
   const exprt &lhs,
   const exprt &rhs_array,
@@ -687,6 +726,8 @@ codet java_string_library_preprocesst::code_assign_components_to_java_string(
 /// \param lhs: an expression representing a java string
 /// \param rhs: a string expression
 /// \param symbol_table: symbol table
+/// \return return the following code: > lhs = { {Object}, length=rhs.length,
+///   data=rhs.data }
 codet java_string_library_preprocesst::code_assign_string_expr_to_java_string(
   const exprt &lhs,
   const string_exprt &rhs,
@@ -701,6 +742,8 @@ codet java_string_library_preprocesst::code_assign_string_expr_to_java_string(
 /// \param rhs: a string expression
 /// \param loc: a location in the program
 /// \param symbol_table: symbol table
+/// \return return the following code: > data = new array[]; > *data = rhs.data;
+///   > lhs = { {Object} , length=rhs.length, data=data}
 codet java_string_library_preprocesst::
   code_assign_string_expr_to_new_java_string(
     const exprt &lhs,
@@ -726,6 +769,8 @@ codet java_string_library_preprocesst::
 /// \param lhs: a string expression
 /// \param rhs: an expression representing a java string
 /// \param symbol_table: symbol table
+/// \return return the following code: > lhs.length=rhs->length >
+///   lhs.data=*(rhs->data)
 codet java_string_library_preprocesst::code_assign_java_string_to_string_expr(
   const string_exprt &lhs, const exprt &rhs, symbol_tablet &symbol_table)
 {
@@ -753,21 +798,19 @@ codet java_string_library_preprocesst::code_assign_java_string_to_string_expr(
 }
 
 /// \param lhs: an expression representing a java string
-/// \param tmp_string: a temporary string to hold the literal
 /// \param s: the literal to be assigned
 /// \param symbol_table: symbol table
+/// \return return the following code: > tmp_string = "s" > lhs = (string_expr)
+///   tmp_string
 codet java_string_library_preprocesst::
   code_assign_string_literal_to_string_expr(
     const string_exprt &lhs,
-    const exprt &tmp_string,
     const std::string &s,
     symbol_tablet &symbol_table)
 {
-  code_blockt code;
-  code.add(code_assignt(tmp_string, string_literal(s)));
-  code.add(code_assign_java_string_to_string_expr(
-    lhs, tmp_string, symbol_table));
-  return code;
+  constant_exprt expr(s, string_typet());
+  return code_assign_function_to_string_expr(
+    lhs, ID_cprover_string_literal_func, {expr}, symbol_table);
 }
 
 /// Used to provide code for the Java String.equals(Object) function.
@@ -797,15 +840,16 @@ codet java_string_library_preprocesst::make_equals_function_code(
   return code;
 }
 
-/// construct a Java string literal from a constant string value
+/// construct a string_exprt from a constant string value
 /// \param s: a string
-/// \return an expression representing a Java string literal with the given
-///   content.
-exprt java_string_library_preprocesst::string_literal(const std::string &s)
+/// \param symbol_table: a symbol table
+/// \return an expression representing a string expr with the given content
+exprt java_string_library_preprocesst::string_literal(
+  const std::string &s, symbol_tablet &symbol_table)
 {
-  exprt string_literal(ID_java_string_literal);
-  string_literal.set(ID_value, s);
-  return string_literal;
+  constant_exprt expr(s, string_typet());
+  return make_function_application(
+    ID_cprover_string_literal_func, {expr}, refined_string_type, symbol_table);
 }
 
 /// Provide code for the Float.toString(F) function.
@@ -837,83 +881,122 @@ codet java_string_library_preprocesst::make_float_to_string_code(
 
   // Declaring and allocating String * str
   exprt str=allocate_fresh_string(type.return_type(), loc, symbol_table, code);
-  exprt tmp_string=fresh_string(type.return_type(), loc, symbol_table);
 
-  // Declaring CPROVER_string string_expr
-  string_exprt string_expr=fresh_string_expr(loc, symbol_table, code);
-  exprt string_expr_sym=fresh_string_expr_symbol(loc, symbol_table, code);
-
-  // List of the different cases
-  std::vector<code_ifthenelset> case_list;
-
-  // First case in the list is the default
-  code_ifthenelset case_sci_notation;
+  // Expression representing 0.0
   ieee_float_spect float_spec=ieee_float_spect::single_precision();
-  // Subcase of 0.0
-  // TODO: case of -0.0
   ieee_floatt zero_float(float_spec);
   zero_float.from_float(0.0);
   constant_exprt zero=zero_float.to_expr();
-  case_sci_notation.cond()=ieee_float_equal_exprt(arg, zero);
-  case_sci_notation.then_case()=code_assign_string_literal_to_string_expr(
-    string_expr, tmp_string, "0.0", symbol_table);
 
-  // Subcase of computerized scientific notation
-  case_sci_notation.else_case()=code_assign_function_to_string_expr(
-    string_expr, ID_cprover_string_of_float_func, {arg}, symbol_table);
-  case_list.push_back(case_sci_notation);
+  // For each possible case with have a condition and a string_exprt
+  std::vector<exprt> condition_list;
+  std::vector<string_exprt> string_expr_list;
+
+  // Case of computerized scientific notation
+  condition_list.push_back(binary_relation_exprt(arg, ID_ge, zero));
+  string_exprt sci_notation=fresh_string_expr(loc, symbol_table, code);
+  exprt sci_notation_sym=fresh_string_expr_symbol(loc, symbol_table, code);
+  code.add(code_assign_function_to_string_expr(
+    sci_notation,
+    ID_cprover_string_of_float_scientific_notation_func,
+    {arg},
+    symbol_table));
+  // Assign string_expr_sym = { string_expr_length, string_expr_content }
+  code.add(code_assignt(sci_notation_sym, sci_notation));
+  string_expr_list.push_back(sci_notation);
+
+  // Subcase of negative scientific notation
+  condition_list.push_back(binary_relation_exprt(arg, ID_lt, zero));
+  string_exprt neg_sci_notation=fresh_string_expr(loc, symbol_table, code);
+  exprt neg_sci_notation_sym=fresh_string_expr_symbol(loc, symbol_table, code);
+  string_exprt minus_sign=fresh_string_expr(loc, symbol_table, code);
+  code.add(code_assign_string_literal_to_string_expr(
+    minus_sign, "-", symbol_table));
+  code.add(code_assign_function_to_string_expr(
+    neg_sci_notation,
+    ID_cprover_string_concat_func,
+    {minus_sign, sci_notation},
+    symbol_table));
+  code.add(code_assignt(neg_sci_notation_sym, neg_sci_notation));
+  string_expr_list.push_back(neg_sci_notation);
 
   // Case of NaN
-  code_ifthenelset case_nan;
-  case_nan.cond()=isnan_exprt(arg);
-  case_nan.then_case()=code_assign_string_literal_to_string_expr(
-    string_expr, tmp_string, "NaN", symbol_table);
-  case_list.push_back(case_nan);
+  condition_list.push_back(isnan_exprt(arg));
+  string_exprt nan=fresh_string_expr(loc, symbol_table, code);
+  code.add(code_assign_string_literal_to_string_expr(
+    nan, "NaN", symbol_table));
+  string_expr_list.push_back(nan);
 
   // Case of Infinity
-  code_ifthenelset case_infinity;
-  code_ifthenelset case_minus_infinity;
+  extractbit_exprt is_neg(arg, float_spec.width()-1);
+  condition_list.push_back(and_exprt(isinf_exprt(arg), not_exprt(is_neg)));
+  string_exprt infinity=fresh_string_expr(loc, symbol_table, code);
+  code.add(code_assign_string_literal_to_string_expr(
+    infinity, "Infinity", symbol_table));
+  string_expr_list.push_back(infinity);
 
-  case_infinity.cond()=isinf_exprt(arg);
   // Case -Infinity
-  exprt isneg=extractbit_exprt(arg, float_spec.width()-1);
-  case_minus_infinity.cond()=isneg;
-  case_minus_infinity.then_case()=code_assign_string_literal_to_string_expr(
-    string_expr, tmp_string, "-Infinity", symbol_table);
-  case_minus_infinity.else_case()=code_assign_string_literal_to_string_expr(
-    string_expr, tmp_string, "Infinity", symbol_table);
-  case_infinity.then_case()=case_minus_infinity;
-  case_list.push_back(case_infinity);
+  string_exprt minus_infinity=fresh_string_expr(loc, symbol_table, code);
+  condition_list.push_back(and_exprt(isinf_exprt(arg), is_neg));
+  code.add(code_assign_string_literal_to_string_expr(
+    minus_infinity, "-Infinity", symbol_table));
+  string_expr_list.push_back(minus_infinity);
 
   // Case of simple notation
-  code_ifthenelset case_simple_notation;
-
   ieee_floatt bound_inf_float(float_spec);
   ieee_floatt bound_sup_float(float_spec);
   bound_inf_float.from_float(1e-3);
   bound_sup_float.from_float(1e7);
+  bound_inf_float.change_spec(float_spec);
+  bound_sup_float.change_spec(float_spec);
   constant_exprt bound_inf=bound_inf_float.to_expr();
   constant_exprt bound_sup=bound_sup_float.to_expr();
 
   and_exprt is_simple_float(
     binary_relation_exprt(arg, ID_ge, bound_inf),
     binary_relation_exprt(arg, ID_lt, bound_sup));
-  case_simple_notation.cond()=is_simple_float;
-  case_simple_notation.then_case()=code_assign_function_to_string_expr(
-    string_expr, ID_cprover_string_of_float_func, {arg}, symbol_table);
-  case_list.push_back(case_simple_notation);
+  condition_list.push_back(is_simple_float);
 
-  // Combining all cases
-  for(std::size_t i=1; i<case_list.size(); i++)
-    case_list[i].else_case()=case_list[i-1];
-  code.add(case_list[case_list.size()-1]);
-
-  // str = string_expr
-  code.add(code_assign_string_expr_to_java_string(
-    str, string_expr, symbol_table));
+  string_exprt simple_notation=fresh_string_expr(loc, symbol_table, code);
+  exprt simple_notation_sym=fresh_string_expr_symbol(loc, symbol_table, code);
+  code.add(code_assign_function_to_string_expr(
+    simple_notation, ID_cprover_string_of_float_func, {arg}, symbol_table));
+  code.add(code_assignt(simple_notation_sym, simple_notation));
+  string_expr_list.push_back(simple_notation);
+
+  // Case of a negative number in simple notation
+  and_exprt is_neg_simple_float(
+    binary_relation_exprt(arg, ID_le, unary_minus_exprt(bound_inf)),
+    binary_relation_exprt(arg, ID_gt, unary_minus_exprt(bound_sup)));
+  condition_list.push_back(is_neg_simple_float);
+
+  string_exprt neg_simple_notation=fresh_string_expr(loc, symbol_table, code);
+  exprt neg_simple_notation_sym=
+    fresh_string_expr_symbol(loc, symbol_table, code);
+  code.add(code_assign_function_to_string_expr(
+    neg_simple_notation,
+    ID_cprover_string_concat_func,
+    {minus_sign, simple_notation},
+    symbol_table));
+  code.add(code_assignt(neg_simple_notation_sym, simple_notation));
+  string_expr_list.push_back(neg_simple_notation);
 
-  // Assign string_expr_sym = { string_expr_length, string_expr_content }
-  code.add(code_assignt(string_expr_sym, string_expr));
+  // Combining all cases
+  assert(string_expr_list.size()==condition_list.size());
+  // We do not check the condition of the first element in the list as it
+  // will be reached only if all other conditions are not satisfied.
+  codet tmp_code=code_assign_string_expr_to_java_string(
+    str, string_expr_list[0], symbol_table);
+  for(std::size_t i=1; i<condition_list.size(); i++)
+  {
+    code_ifthenelset ife;
+    ife.cond()=condition_list[i];
+    ife.then_case()=code_assign_string_expr_to_java_string(
+      str, string_expr_list[i], symbol_table);
+    ife.else_case()=tmp_code;
+    tmp_code=ife;
+  }
+  code.add(tmp_code);
 
   // Return str
   code.add(code_returnt(str));
@@ -1555,12 +1638,22 @@ void java_string_library_preprocesst::initialize_conversion_table()
   cprover_equivalent_to_java_string_returning_function
     ["java::java.lang.String.valueOf:([CII)Ljava/lang/String;"]=
       ID_cprover_string_copy_func;
-  cprover_equivalent_to_java_string_returning_function
+  conversion_table
     ["java::java.lang.String.valueOf:(D)Ljava/lang/String;"]=
-      ID_cprover_string_of_double_func;
-  cprover_equivalent_to_java_string_returning_function
+      std::bind(
+        &java_string_library_preprocesst::make_float_to_string_code,
+        this,
+        std::placeholders::_1,
+        std::placeholders::_2,
+        std::placeholders::_3);
+  conversion_table
     ["java::java.lang.String.valueOf:(F)Ljava/lang/String;"]=
-      ID_cprover_string_of_float_func;
+      std::bind(
+        &java_string_library_preprocesst::make_float_to_string_code,
+        this,
+        std::placeholders::_1,
+        std::placeholders::_2,
+        std::placeholders::_3);
   cprover_equivalent_to_java_string_returning_function
     ["java::java.lang.String.valueOf:(I)Ljava/lang/String;"]=
       ID_cprover_string_of_int_func;
@@ -1786,7 +1879,7 @@ void java_string_library_preprocesst::initialize_conversion_table()
         std::placeholders::_2,
         std::placeholders::_3);
 
-  // CharSequence library
+ // CharSequence library
   cprover_equivalent_to_java_function
     ["java::java.lang.CharSequence.charAt:(I)C"]=
       ID_cprover_string_char_at_func;
diff --git a/src/java_bytecode/java_string_library_preprocess.h b/src/java_bytecode/java_string_library_preprocess.h
index 81c98614fbd..ff3a7142fbc 100644
--- a/src/java_bytecode/java_string_library_preprocess.h
+++ b/src/java_bytecode/java_string_library_preprocess.h
@@ -283,11 +283,10 @@ class java_string_library_preprocesst:public messaget
 
   codet code_assign_string_literal_to_string_expr(
     const string_exprt &lhs,
-    const exprt &tmp_string,
     const std::string &s,
     symbol_tablet &symbol_table);
 
-  exprt string_literal(const std::string &s);
+  exprt string_literal(const std::string &s, symbol_tablet &symbol_table);
 
   codet make_function_from_call(
     const irep_idt &function_name,

From 4ecec1ab16c937f6ed5ae34ce81bdb0e83265d88 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Thu, 15 Jun 2017 09:52:58 +0100
Subject: [PATCH 353/699] Improve the documentation of the string preprocessing

Improves the formatting of the code in comments which add been changed
when switching to doxygen.
---
 .../java_string_library_preprocess.cpp        | 149 ++++++++++++------
 1 file changed, 98 insertions(+), 51 deletions(-)

diff --git a/src/java_bytecode/java_string_library_preprocess.cpp b/src/java_bytecode/java_string_library_preprocess.cpp
index 7839f6724d4..5de3f45d364 100644
--- a/src/java_bytecode/java_string_library_preprocess.cpp
+++ b/src/java_bytecode/java_string_library_preprocess.cpp
@@ -585,7 +585,7 @@ exprt java_string_library_preprocesst::allocate_fresh_array(
 /// \param arguments: a list of arguments
 /// \param type: return type of the function
 /// \param symbol_table: a symbol table
-/// \return a function application representing: function_name(arguments)
+/// \return a function application representing: `function_name(arguments)`
 exprt java_string_library_preprocesst::make_function_application(
   const irep_idt &function_name,
   const exprt::operandst &arguments,
@@ -609,7 +609,10 @@ exprt java_string_library_preprocesst::make_function_application(
 /// \param function_name: the name of the function
 /// \param arguments: a list of arguments
 /// \param symbol_table: a symbol table
-/// \return the following code: > lhs=function_name_length(arguments)
+/// \return the following code:
+/// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+/// lhs = <function_name>(arguments)
+/// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 codet java_string_library_preprocesst::code_assign_function_application(
   const exprt &lhs,
   const irep_idt &function_name,
@@ -626,7 +629,10 @@ codet java_string_library_preprocesst::code_assign_function_application(
 /// \param arguments: a list of arguments
 /// \param type: the return type
 /// \param symbol_table: a symbol table
-/// \return the following code: > return function_name_length(arguments)
+/// \return the following code:
+/// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+/// return <function_name>(arguments)
+/// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 codet java_string_library_preprocesst::code_return_function_application(
   const irep_idt &function_name,
   const exprt::operandst &arguments,
@@ -642,9 +648,11 @@ codet java_string_library_preprocesst::code_return_function_application(
 /// \param function_name: the name of the function
 /// \param arguments: arguments of the function
 /// \param symbol_table: symbol table
-/// \return return the following code: > str.length <-
-///   function_name_length(arguments) > str.data <-
-///   function_name_data(arguments)
+/// \return return the following code:
+/// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+/// str.length = <function_name>_length(arguments)
+/// str.data = <function_name>_data(arguments)
+/// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 codet java_string_library_preprocesst::code_assign_function_to_string_expr(
   const string_exprt &string_expr,
   const irep_idt &function_name,
@@ -669,9 +677,12 @@ codet java_string_library_preprocesst::code_assign_function_to_string_expr(
 /// \param loc: a location in the program
 /// \param symbol_table: symbol table
 /// \param code: code block in which we add instructions
-/// \return return a string expr str and add the following code: > array
-///   str.data > str.length <- function_name_length(arguments) > str.data <-
-///   function_name_data(arguments)
+/// \return return a string expr str and add the following code:
+/// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+/// array = str.data
+/// str.length = <function_name>_length(arguments)
+/// str.data = <function_name>_data(arguments)
+/// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 string_exprt java_string_library_preprocesst::
   string_expr_of_function_application(
     const irep_idt &function_name,
@@ -691,8 +702,10 @@ string_exprt java_string_library_preprocesst::
 /// \param rhs_array: pointer to the array to assign
 /// \param rhs_length: length of the array to assign
 /// \param symbol_table: symbol table
-/// \return return the following code: > lhs = { {Object}, length=rhs_length,
-///   data=rhs_array }
+/// \return return the following code:
+/// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+/// lhs = { {Object}, length=rhs_length, data=rhs_array }
+/// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 codet java_string_library_preprocesst::code_assign_components_to_java_string(
   const exprt &lhs,
   const exprt &rhs_array,
@@ -726,8 +739,10 @@ codet java_string_library_preprocesst::code_assign_components_to_java_string(
 /// \param lhs: an expression representing a java string
 /// \param rhs: a string expression
 /// \param symbol_table: symbol table
-/// \return return the following code: > lhs = { {Object}, length=rhs.length,
-///   data=rhs.data }
+/// \return return the following code:
+/// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+/// lhs = { {Object}, length=rhs.length, data=rhs.data }
+/// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 codet java_string_library_preprocesst::code_assign_string_expr_to_java_string(
   const exprt &lhs,
   const string_exprt &rhs,
@@ -742,8 +757,12 @@ codet java_string_library_preprocesst::code_assign_string_expr_to_java_string(
 /// \param rhs: a string expression
 /// \param loc: a location in the program
 /// \param symbol_table: symbol table
-/// \return return the following code: > data = new array[]; > *data = rhs.data;
-///   > lhs = { {Object} , length=rhs.length, data=data}
+/// \return return the following code:
+/// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+/// data = new array[];
+/// *data = rhs.data;
+/// lhs = { {Object} , length=rhs.length, data=data}
+/// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 codet java_string_library_preprocesst::
   code_assign_string_expr_to_new_java_string(
     const exprt &lhs,
@@ -769,8 +788,11 @@ codet java_string_library_preprocesst::
 /// \param lhs: a string expression
 /// \param rhs: an expression representing a java string
 /// \param symbol_table: symbol table
-/// \return return the following code: > lhs.length=rhs->length >
-///   lhs.data=*(rhs->data)
+/// \return return the following code:
+/// ~~~~~~~~~~~~~~~~~~~~~~
+/// lhs.length=rhs->length
+/// lhs.data=*(rhs->data)
+/// ~~~~~~~~~~~~~~~~~~~~~~
 codet java_string_library_preprocesst::code_assign_java_string_to_string_expr(
   const string_exprt &lhs, const exprt &rhs, symbol_tablet &symbol_table)
 {
@@ -800,8 +822,11 @@ codet java_string_library_preprocesst::code_assign_java_string_to_string_expr(
 /// \param lhs: an expression representing a java string
 /// \param s: the literal to be assigned
 /// \param symbol_table: symbol table
-/// \return return the following code: > tmp_string = "s" > lhs = (string_expr)
-///   tmp_string
+/// \return return the following code:
+/// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+/// tmp_string = "<s>"
+/// lhs = (string_expr) tmp_string
+/// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 codet java_string_library_preprocesst::
   code_assign_string_literal_to_string_expr(
     const string_exprt &lhs,
@@ -817,9 +842,12 @@ codet java_string_library_preprocesst::
 /// \param type: type of the function call
 /// \param loc: location in the program_invocation_name
 /// \param symbol_table: symbol table
-/// \return Code corresponding to: > string_expr1 = {this->length; *this->data}
-///   > string_expr2 = {arg->length; *arg->data} > return
-///   cprover_string_equal(string_expr1, string_expr2)
+/// \return Code corresponding to:
+/// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+/// string_expr1 = {this->length; *this->data}
+/// string_expr2 = {arg->length; *arg->data}
+/// return cprover_string_equal(string_expr1, string_expr2)
+/// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 codet java_string_library_preprocesst::make_equals_function_code(
   const code_typet &type,
   const source_locationt &loc,
@@ -852,20 +880,11 @@ exprt java_string_library_preprocesst::string_literal(
     ID_cprover_string_literal_func, {expr}, refined_string_type, symbol_table);
 }
 
-/// Provide code for the Float.toString(F) function.
+/// Provide code for the String.valueOf(F) function.
 /// \param type: type of the function call
 /// \param loc: location in the program_invocation_name
 /// \param symbol_table: symbol table
-/// \return Code corresponding to: > String * str; > str = MALLOC(String); >
-///   String * tmp_string; > int string_expr_length; > char[]
-///   string_expr_content; > CPROVER_string string_expr_sym; > if
-///   arguments[1]==NaN > then {tmp_string="NaN";
-///   string_expr=(string_expr)tmp_string} > if arguments[1]==Infinity > then
-///   {tmp_string="Infinity"; string_expr=(string_expr)tmp_string} > if
-///   1e-3<arguments[1]<1e6 > then
-///   string_expr=cprover_float_to_string(arguments[1]) > else
-///   string_expr=cprover_float_to_scientific_notation_string(arg[1]) >
-///   string_expr_sym=string_expr; > str=(String*) string_expr; > return str;
+/// \return Code corresponding to the Java conversion of floats to strings.
 codet java_string_library_preprocesst::make_float_to_string_code(
   const code_typet &type,
   const source_locationt &loc,
@@ -1011,10 +1030,14 @@ codet java_string_library_preprocesst::make_float_to_string_code(
 /// \param ignore_first_arg: boolean flag telling that the first argument should
 ///   not be part of the arguments of the call (but only used to be assigned the
 ///   result)
-/// \return code for the String.<init>(args) function: > cprover_string_length =
-///   fun(arg).length; > cprover_string_array = fun(arg).data; > this->length =
-///   cprover_string_length; > this->data = cprover_string_array; >
-///   cprover_string = {.=cprover_string_length, .=cprover_string_array};
+/// \return code for the String.<init>(args) function:
+/// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+/// cprover_string_length = fun(arg).length;
+/// cprover_string_array = fun(arg).data;
+/// this->length = cprover_string_length;
+/// this->data = cprover_string_array;
+/// cprover_string = {.=cprover_string_length, .=cprover_string_array};
+/// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 codet java_string_library_preprocesst::make_init_function_from_call(
   const irep_idt &function_name,
   const code_typet &type,
@@ -1163,9 +1186,13 @@ codet java_string_library_preprocesst::make_string_to_char_array_code(
 /// \param type: type of the function called
 /// \param loc: location in the source
 /// \param symbol_table: the symbol table
-/// \return Code corresponding to > Class class1; > string_expr1 =
-///   substr(this->@class_identifier, 6) > class1=Class.forName(string_expr1) >
-///   return class1
+/// \return Code corresponding to
+/// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+/// Class class1;
+/// string_expr1 = substr(this->@class_identifier, 6)
+/// class1=Class.forName(string_expr1)
+/// return class1
+/// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 codet java_string_library_preprocesst::make_object_get_class_code(
     const code_typet &type,
     const source_locationt &loc,
@@ -1243,7 +1270,10 @@ codet java_string_library_preprocesst::make_object_get_class_code(
 /// \param type: type of the function
 /// \param loc: location in the source
 /// \param symbol_table: symbol table
-/// \return Code corresponding to: > return function_name(args);
+/// \return Code corresponding to:
+/// ~~~~~~~~~~~~~~~~~~~~~~~~~~
+/// return function_name(args)
+/// ~~~~~~~~~~~~~~~~~~~~~~~~~~
 codet java_string_library_preprocesst::make_function_from_call(
   const irep_idt &function_name,
   const code_typet &type,
@@ -1264,8 +1294,13 @@ codet java_string_library_preprocesst::make_function_from_call(
 /// \param type: type of the function
 /// \param loc: location in the source
 /// \param symbol_table: symbol table
-/// \return Code corresponding to: > string_expr = function_name(args) > string
-///   = new String > string = string_expr_to_string(string) > return string
+/// \return Code corresponding to:
+/// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+/// string_expr = function_name(args)
+/// string = new String
+/// string = string_expr_to_string(string)
+/// return string
+/// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 codet java_string_library_preprocesst::
   make_string_returning_function_from_call(
     const irep_idt &function_name,
@@ -1303,9 +1338,14 @@ codet java_string_library_preprocesst::
 /// \param type: type of the function
 /// \param loc: location in the source
 /// \param symbol_table: symbol table
-/// \return Code corresponding to: > string_expr = string_to_string_expr(arg0) >
-///   string_expr_sym = { string_expr.length; string_expr.content } > str = new
-///   String > str = string_expr_to_string(string_expr) > return str
+/// \return Code corresponding to:
+/// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+/// string_expr = string_to_string_expr(arg0)
+/// string_expr_sym = { string_expr.length; string_expr.content }
+/// str = new String
+/// str = string_expr_to_string(string_expr)
+/// return str
+/// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 codet java_string_library_preprocesst::make_copy_string_code(
   const code_typet &type,
   const source_locationt &loc,
@@ -1342,9 +1382,12 @@ codet java_string_library_preprocesst::make_copy_string_code(
 /// \param type: type of the function
 /// \param loc: location in the source
 /// \param symbol_table: symbol table
-/// \return Code corresponding to: > string_expr =
-///   java_string_to_string_expr(arg1) > string_expr_sym = { string_expr.length;
-///   string_expr.content } > this = string_expr_to_java_string(string_expr)
+/// \return Code corresponding to:
+/// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+/// string_expr = java_string_to_string_expr(arg1)
+/// string_expr_sym = { string_expr.length; string_expr.content }
+/// this = string_expr_to_java_string(string_expr)
+/// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 codet java_string_library_preprocesst::make_copy_constructor_code(
   const code_typet &type,
   const source_locationt &loc,
@@ -1378,8 +1421,12 @@ codet java_string_library_preprocesst::make_copy_constructor_code(
 /// \param type: type of the function
 /// \param loc: location in the source
 /// \param symbol_table: symbol table
-/// \return Code corresponding to: > str_expr = java_string_to_string_expr(this)
-///   > str_expr_sym = str_expr > return this->length
+/// \return Code corresponding to:
+/// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+/// str_expr = java_string_to_string_expr(this)
+/// str_expr_sym = str_expr
+/// return this->length
+/// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 codet java_string_library_preprocesst::make_string_length_code(
   const code_typet &type,
   const source_locationt &loc,

From 8367ff52291320194498bfcaa0d8a0a6a65e25ae Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Mon, 19 Jun 2017 16:08:09 +0100
Subject: [PATCH 354/699] Allocate array in String result of String.valueOf(F)

This could otherwise lead to problems in the generation of the
verification condition.
---
 src/java_bytecode/java_string_library_preprocess.cpp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/java_bytecode/java_string_library_preprocess.cpp b/src/java_bytecode/java_string_library_preprocess.cpp
index 5de3f45d364..5a1fedf65a9 100644
--- a/src/java_bytecode/java_string_library_preprocess.cpp
+++ b/src/java_bytecode/java_string_library_preprocess.cpp
@@ -1010,8 +1010,8 @@ codet java_string_library_preprocesst::make_float_to_string_code(
   {
     code_ifthenelset ife;
     ife.cond()=condition_list[i];
-    ife.then_case()=code_assign_string_expr_to_java_string(
-      str, string_expr_list[i], symbol_table);
+    ife.then_case()=code_assign_string_expr_to_new_java_string(
+      str, string_expr_list[i], loc, symbol_table);
     ife.else_case()=tmp_code;
     tmp_code=ife;
   }

From 6518369962c522651a6de2a86780ca721ca4ef48 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Mon, 19 Jun 2017 16:11:40 +0100
Subject: [PATCH 355/699] Adding test for the String.valueOf(F) function

Add and enable a test for a float to string conversion.
---
 .../java_value_of_float/test.class                | Bin 0 -> 688 bytes
 .../java_value_of_float/test.desc                 |   8 ++++++++
 .../java_value_of_float/test.java                 |  11 +++++++++++
 3 files changed, 19 insertions(+)
 create mode 100644 regression/strings-smoke-tests/java_value_of_float/test.class
 create mode 100644 regression/strings-smoke-tests/java_value_of_float/test.desc
 create mode 100644 regression/strings-smoke-tests/java_value_of_float/test.java

diff --git a/regression/strings-smoke-tests/java_value_of_float/test.class b/regression/strings-smoke-tests/java_value_of_float/test.class
new file mode 100644
index 0000000000000000000000000000000000000000..ddb0cfbdc0be0b1dfccc7d96614a2f70fe4426fe
GIT binary patch
literal 688
zcmY*XT~8B16g_vl+vzTgEd^?+qEb;?Y9MMQQHW6y5|auKH74@5-Hy1hZe>46{3-Uy
zH=or6h$Q&#Kk*OvWQ=#VmTEScxpU{-bI(0H-+zBS1<=Gz3uBnkAOHOE&O!wjOqjTs
z!>l@761Z$ZU`F7Ig*j9Ot`a8aohXuF?Dc}^i5EE?Uv>$!O~|f#ffqj@WNP&n1bwa7
zm4tlD3*=_<rX$1W3QREE*V5f%K<%l*jkjaR-FxP|O|J#!3At6*|I1~ydr9cZ4Np~?
zv5exyUFX2DaSnOL+PH@6Hf)R&#I4(R7MpjMZQMYOP*%7l-wAe>9t{<*hhZ<|&WcB%
zZesxrLScm5>g-B4{x8*zLoe82`UA&L<kl;~bZw*F8r2K{D{O$=PaHo|fPbzBlq+?1
zC_gG%^Vvp1sVgHdl-)ChY(|{$1$(&7o}2u804kK#h#X}=YI0r+e46E*csCY~K%W#4
z6TD{AB-@1|COKBneQ5jv_lw#wGOddK0hQ0t`)D+Z#v!tOR8JsY9wGNFO-~Kd?=dz^
zD}F8IFTvp0;67QFCs5^1_h4a)vnI4(>ZMGVkVENAX)~1sOcc#SSbYfnBlOG{=p)vl
RYQ<tevmdJ2&ZkYwe*mNFgU|o~

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_value_of_float/test.desc b/regression/strings-smoke-tests/java_value_of_float/test.desc
new file mode 100644
index 00000000000..d1cc84bd13a
--- /dev/null
+++ b/regression/strings-smoke-tests/java_value_of_float/test.desc
@@ -0,0 +1,8 @@
+CORE
+test.class
+--refine-strings --function test.check
+^EXIT=10$
+^SIGNAL=0$
+assertion.* file test.java line 7 .* SUCCESS$
+assertion.* file test.java line 9 .* FAILURE$
+--
diff --git a/regression/strings-smoke-tests/java_value_of_float/test.java b/regression/strings-smoke-tests/java_value_of_float/test.java
new file mode 100644
index 00000000000..ff05337b112
--- /dev/null
+++ b/regression/strings-smoke-tests/java_value_of_float/test.java
@@ -0,0 +1,11 @@
+public class test
+{
+    public static void check(int i)
+    {
+        String s = String.valueOf(123.456f);
+        if(i == 1)
+            assert(s.equals("123.456"));
+        else
+            assert(!s.equals("123.456"));
+    }
+}
\ No newline at end of file

From 5c71733f95a713299ab9c64a1857a340cbc434c4 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Wed, 21 Jun 2017 15:36:03 +0100
Subject: [PATCH 356/699] Comment corrections in
 string_constraint_generator_concat

---
 .../refinement/string_constraint_generator_concat.cpp    | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/src/solvers/refinement/string_constraint_generator_concat.cpp b/src/solvers/refinement/string_constraint_generator_concat.cpp
index a1b73940af2..72dd10b2ae5 100644
--- a/src/solvers/refinement/string_constraint_generator_concat.cpp
+++ b/src/solvers/refinement/string_constraint_generator_concat.cpp
@@ -13,7 +13,7 @@ Author: Romain Brenguier, romain.brenguier@diffblue.com
 
 #include <solvers/refinement/string_constraint_generator.h>
 
-/// Add axioms to say that the returned string expression is equal to the
+/// Add axioms enforcing that the returned string expression is equal to the
 /// concatenation of s1 with the substring of s2 starting at index start_index
 /// and ending at index end_index.
 ///
@@ -77,7 +77,7 @@ string_exprt string_constraint_generatort::add_axioms_for_concat(
   return add_axioms_for_concat_substr(s1, s2, index_zero, s2.length());
 }
 
-/// Add axioms to say that the returned string expression is equal to the
+/// Add axioms enforcing that the returned string expression is equal to the
 /// concatenation of the two string arguments of the function application.
 ///
 /// In case 4 arguments instead of 2 are given the last two arguments are
@@ -85,7 +85,7 @@ string_exprt string_constraint_generatort::add_axioms_for_concat(
 /// of the second argument: this is similar to the Java
 /// StringBuilder.append(CharSequence s, int start, int end) method.
 ///
-/// \param f: function application with two arguments which are strings
+/// \param f: function application with two string arguments
 /// \return a new string expression
 string_exprt string_constraint_generatort::add_axioms_for_concat(
   const function_application_exprt &f)
@@ -151,12 +151,11 @@ string_exprt string_constraint_generatort::add_axioms_for_concat_char(
   return add_axioms_for_concat_char(s1, args(f, 2)[1]);
 }
 
-/// Add axioms corresponding adding the character char at the end of
+/// Add axioms corresponding to adding the character char at the end of
 /// string_expr.
 /// \param string_expr: a string expression
 /// \param char' a character expression
 /// \return a new string expression
-
 string_exprt string_constraint_generatort::add_axioms_for_concat_char(
   const string_exprt &string_expr, const exprt &char_expr)
 {

From a8b1e8ec63801919b68625a688bec0f36f0c8a7a Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Wed, 21 Jun 2017 15:41:14 +0100
Subject: [PATCH 357/699] Changing assert for PRECONDITION and UNREACHABLE in
 float to string conversion

---
 .../string_constraint_generator_float.cpp     | 19 ++++++++-----------
 1 file changed, 8 insertions(+), 11 deletions(-)

diff --git a/src/solvers/refinement/string_constraint_generator_float.cpp b/src/solvers/refinement/string_constraint_generator_float.cpp
index 569b44cb4c0..7d3b9a404b0 100644
--- a/src/solvers/refinement/string_constraint_generator_float.cpp
+++ b/src/solvers/refinement/string_constraint_generator_float.cpp
@@ -55,8 +55,8 @@ exprt get_magnitude(const exprt &src, const ieee_float_spect &spec)
 exprt get_significand(
   const exprt &src, const ieee_float_spect &spec, const typet &type)
 {
-  assert(type.id()==ID_unsignedbv);
-  assert(to_unsignedbv_type(type).get_width()>spec.f);
+  PRECONDITION(type.id()==ID_unsignedbv);
+  PRECONDITION(to_unsignedbv_type(type).get_width()>spec.f);
   typecast_exprt magnitude(get_magnitude(src, spec), type);
   exprt exponent=get_exponent(src, spec);
   equal_exprt all_zeros(exponent, from_integer(0, exponent.type()));
@@ -71,14 +71,11 @@ exprt constant_float(const double f, const ieee_float_spect &float_spec)
 {
   ieee_floatt fl(float_spec);
   if(float_spec==ieee_float_spect::single_precision())
-  {
     fl.from_float(f);
-  }
-  else
-  {
-    assert(float_spec==ieee_float_spect::double_precision());
+  else if(float_spec==ieee_float_spect::double_precision())
     fl.from_double(f);
-  }
+  else
+    UNREACHABLE;
   return fl.to_expr();
 }
 
@@ -99,8 +96,8 @@ exprt round_expr_to_zero(const exprt &f)
 /// \return An expression representing floating point multiplication.
 exprt floatbv_mult(const exprt &f, const exprt &g)
 {
+  PRECONDITION(f.type()==g.type());
   ieee_floatt::rounding_modet rounding=ieee_floatt::ROUND_TO_EVEN;
-  assert(f.type()==g.type());
   exprt mult(ID_floatbv_mult, f.type());
   mult.copy_to_operands(f);
   mult.copy_to_operands(g);
@@ -209,9 +206,9 @@ string_exprt string_constraint_generatort::add_axioms_from_float(
 string_exprt string_constraint_generatort::add_axioms_for_fractional_part(
     const exprt &i, size_t max_size, const refined_string_typet &ref_type)
 {
-  string_exprt res=fresh_string(ref_type);
+  PRECONDITION(i.type().id()==ID_signedbv);
   const typet &type=i.type();
-  assert(type.id()==ID_signedbv);
+  string_exprt res=fresh_string(ref_type);
   exprt ten=from_integer(10, type);
   const typet &char_type=ref_type.get_char_type();
   const typet &index_type=ref_type.get_index_type();

From 105925ac45fc005070d0d5acfe1031a048d483ca Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Wed, 21 Jun 2017 15:37:23 +0100
Subject: [PATCH 358/699] Comment corrections in
 string_constraint_generator_float

---
 .../string_constraint_generator_float.cpp     | 27 +++++++++++--------
 1 file changed, 16 insertions(+), 11 deletions(-)

diff --git a/src/solvers/refinement/string_constraint_generator_float.cpp b/src/solvers/refinement/string_constraint_generator_float.cpp
index 7d3b9a404b0..7b79d1072ad 100644
--- a/src/solvers/refinement/string_constraint_generator_float.cpp
+++ b/src/solvers/refinement/string_constraint_generator_float.cpp
@@ -21,15 +21,16 @@ Author: Romain Brenguier, romain.brenguier@diffblue.com
 /// TODO: factorize with float_bv.cpp float_utils.h
 /// \param src: a floating point expression
 /// \param spec: specification for floating points
-/// \return A 32 bit integer representing the exponent. Note that 32 bits are
-///   sufficient for the exponent even in octuple precision.
+/// \return A new 32 bit integer expression representing the exponent.
+///   Note that 32 bits are sufficient for the exponent even
+///   in octuple precision.
 exprt get_exponent(
   const exprt &src, const ieee_float_spect &spec)
 {
   exprt exp_bits=extractbits_exprt(
     src, spec.f+spec.e-1, spec.f, unsignedbv_typet(spec.e));
 
-  // Exponent is in biased from (numbers form -128 to 127 are encoded with
+  // Exponent is in biased from (numbers from -128 to 127 are encoded with
   // integer from 0 to 255) we have to remove the bias.
   return minus_exprt(
     typecast_exprt(exp_bits, signedbv_typet(32)),
@@ -45,7 +46,10 @@ exprt get_magnitude(const exprt &src, const ieee_float_spect &spec)
   return extractbits_exprt(src, spec.f-1, 0, unsignedbv_typet(spec.f));
 }
 
-/// Gets the significand as a java integer, looking for the hidden bit
+/// Gets the significand as a java integer, looking for the hidden bit.
+/// Since the most significant bit is 1 for normalized number, it is not part
+/// of the encoding of the significand and is 0 only if all the bits of the
+/// exponent are 0, that is why it is called the hidden bit.
 /// \param src: a floating point expression
 /// \param spec: specification for floating points
 /// \param type: type of the output, should be unsigned with width greater than
@@ -65,6 +69,7 @@ exprt get_significand(
   return if_exprt(all_zeros, magnitude, with_hidden_bit);
 }
 
+/// Create an expression to represent a float or double value.
 /// \param f: a floating point value in double precision
 /// \return an expression representing this floating point
 exprt constant_float(const double f, const ieee_float_spect &float_spec)
@@ -109,7 +114,7 @@ exprt floatbv_mult(const exprt &f, const exprt &g)
 /// other values that are in floating point representation.
 /// \param i: an expression representing an integer
 /// \param spec: specification for floating point numbers
-/// \return An expression representing representing the value of the input
+/// \return An expression representing the value of the input
 ///   integer as a float.
 exprt floatbv_of_int_expr(const exprt &i, const ieee_float_spect &spec)
 {
@@ -119,14 +124,14 @@ exprt floatbv_of_int_expr(const exprt &i, const ieee_float_spect &spec)
 
 /// Estimate the decimal exponent that should be used to represent a given
 /// floating point value in decimal.
-/// We are looking for d such that n * 10^d = m * 10^e, so:
+/// We are looking for d such that n * 10^d = m * 2^e, so:
 /// d = log_10(m) + log_10(2) * e - log_10(n)
 /// m -- the magnitude -- should be between 1 and 2 so log_10(m)
 /// in [0,log_10(2)].
 /// n -- the magnitude in base 10 -- should be between 1 and 10 so
 /// log_10(n) in [0, 1].
 /// So the estimate is given by:
-/// d ~=~  floor( log_10(2) * e)
+/// d ~=~  floor(log_10(2) * e)
 /// \param f: a floating point expression
 /// \param spec: specification for floating point
 exprt estimate_decimal_exponent(const exprt &f, const ieee_float_spect &spec)
@@ -136,13 +141,13 @@ exprt estimate_decimal_exponent(const exprt &f, const ieee_float_spect &spec)
   exprt float_bin_exp=floatbv_of_int_expr(bin_exp, spec);
   exprt dec_exp=floatbv_mult(float_bin_exp, log_10_of_2);
   binary_relation_exprt negative_exp(dec_exp, ID_lt, constant_float(0.0, spec));
-  // Rounding to zero is not correct for negative number, so we remove 1.
+  // Rounding to zero is not correct for negative numbers, so we substract 1.
   minus_exprt dec_minus_one(dec_exp, constant_float(1.0, spec));
   if_exprt adjust_for_neg(negative_exp, dec_minus_one, dec_exp);
   return round_expr_to_zero(adjust_for_neg);
 }
 
-/// add axioms corresponding to the String.valueOf(F) java function
+/// Add axioms corresponding to the String.valueOf(F) java function
 /// \param f: function application with one float argument
 /// \return a new string expression
 string_exprt string_constraint_generatort::add_axioms_from_float(
@@ -152,7 +157,7 @@ string_exprt string_constraint_generatort::add_axioms_from_float(
   return add_axioms_from_float(args(f, 1)[0], ref_type);
 }
 
-/// add axioms corresponding to the String.valueOf(D) java function
+/// Add axioms corresponding to the String.valueOf(D) java function
 /// \param f: function application with one double argument
 /// \return a new string expression
 string_exprt string_constraint_generatort::add_axioms_from_double(
@@ -162,7 +167,7 @@ string_exprt string_constraint_generatort::add_axioms_from_double(
   return add_axioms_from_float(args(f, 1)[0], ref_type);
 }
 
-/// add axioms corresponding to the integer part of m, in decimal form with no
+/// Add axioms corresponding to the integer part of m, in decimal form with no
 /// leading zeroes, followed by '.' ('\u002E'), followed by one or more decimal
 /// digits representing the fractional part of m.
 ///

From 4eacbd359f37dfed5958fcac85f71cf5fca8ba9f Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Wed, 21 Jun 2017 15:51:01 +0100
Subject: [PATCH 359/699] Renaming add_axioms_from_float to
 add_axioms_for_string_of_float

This function name is more explicit about what the function does
---
 src/solvers/refinement/string_constraint_generator.h |  5 +++--
 .../string_constraint_generator_concat.cpp           |  4 ++--
 .../refinement/string_constraint_generator_float.cpp | 12 ++++++------
 .../string_constraint_generator_insert.cpp           |  4 ++--
 .../refinement/string_constraint_generator_main.cpp  |  2 +-
 5 files changed, 14 insertions(+), 13 deletions(-)

diff --git a/src/solvers/refinement/string_constraint_generator.h b/src/solvers/refinement/string_constraint_generator.h
index 6812a28cf0d..ca8bf17b5f0 100644
--- a/src/solvers/refinement/string_constraint_generator.h
+++ b/src/solvers/refinement/string_constraint_generator.h
@@ -236,8 +236,9 @@ class string_constraint_generatort
   // and minus infinity the string are "Infinity" and "-Infinity respectively
   // otherwise the string contains only characters in [0123456789.] and '-' at
   // the start for negative number
-  string_exprt add_axioms_from_float(const function_application_exprt &f);
-  string_exprt add_axioms_from_float(
+  string_exprt add_axioms_for_string_of_float(
+    const function_application_exprt &f);
+  string_exprt add_axioms_for_string_of_float(
     const exprt &f, const refined_string_typet &ref_type);
 
   string_exprt add_axioms_for_fractional_part(
diff --git a/src/solvers/refinement/string_constraint_generator_concat.cpp b/src/solvers/refinement/string_constraint_generator_concat.cpp
index 72dd10b2ae5..1a157bbd859 100644
--- a/src/solvers/refinement/string_constraint_generator_concat.cpp
+++ b/src/solvers/refinement/string_constraint_generator_concat.cpp
@@ -174,7 +174,7 @@ string_exprt string_constraint_generatort::add_axioms_for_concat_double(
   string_exprt s1=get_string_expr(args(f, 2)[0]);
   PRECONDITION(refined_string_typet::is_refined_string_type(f.type()));
   refined_string_typet ref_type=to_refined_string_type(f.type());
-  string_exprt s2=add_axioms_from_float(args(f, 2)[1], ref_type, true);
+  string_exprt s2=add_axioms_for_string_of_float(args(f, 2)[1], ref_type);
   return add_axioms_for_concat(s1, s2);
 }
 
@@ -187,7 +187,7 @@ string_exprt string_constraint_generatort::add_axioms_for_concat_float(
   string_exprt s1=get_string_expr(args(f, 2)[0]);
   PRECONDITION(refined_string_typet::is_refined_string_type(f.type()));
   refined_string_typet ref_type=to_refined_string_type(f.type());
-  string_exprt s2=add_axioms_from_float(args(f, 2)[1], ref_type, false);
+  string_exprt s2=add_axioms_for_string_of_float(args(f, 2)[1], ref_type);
   return add_axioms_for_concat(s1, s2);
 }
 
diff --git a/src/solvers/refinement/string_constraint_generator_float.cpp b/src/solvers/refinement/string_constraint_generator_float.cpp
index 7b79d1072ad..b85abd49ae7 100644
--- a/src/solvers/refinement/string_constraint_generator_float.cpp
+++ b/src/solvers/refinement/string_constraint_generator_float.cpp
@@ -150,11 +150,11 @@ exprt estimate_decimal_exponent(const exprt &f, const ieee_float_spect &spec)
 /// Add axioms corresponding to the String.valueOf(F) java function
 /// \param f: function application with one float argument
 /// \return a new string expression
-string_exprt string_constraint_generatort::add_axioms_from_float(
+string_exprt string_constraint_generatort::add_axioms_for_string_of_float(
   const function_application_exprt &f)
 {
-  const refined_string_typet &ref_type=to_refined_string_type(f.type());
-  return add_axioms_from_float(args(f, 1)[0], ref_type);
+  return add_axioms_for_string_of_float(
+    args(f, 1)[0], to_refined_string_type(f.type()));
 }
 
 /// Add axioms corresponding to the String.valueOf(D) java function
@@ -163,8 +163,8 @@ string_exprt string_constraint_generatort::add_axioms_from_float(
 string_exprt string_constraint_generatort::add_axioms_from_double(
   const function_application_exprt &f)
 {
-  const refined_string_typet &ref_type=to_refined_string_type(f.type());
-  return add_axioms_from_float(args(f, 1)[0], ref_type);
+  return add_axioms_for_string_of_float(
+    args(f, 1)[0], to_refined_string_type(f.type()));
 }
 
 /// Add axioms corresponding to the integer part of m, in decimal form with no
@@ -176,7 +176,7 @@ string_exprt string_constraint_generatort::add_axioms_from_double(
 /// \param f: expression representing a float
 /// \param ref_type: refined type for strings
 /// \return a new string expression
-string_exprt string_constraint_generatort::add_axioms_from_float(
+string_exprt string_constraint_generatort::add_axioms_for_string_of_float(
   const exprt &f, const refined_string_typet &ref_type)
 {
   const floatbv_typet &type=to_floatbv_type(f.type());
diff --git a/src/solvers/refinement/string_constraint_generator_insert.cpp b/src/solvers/refinement/string_constraint_generator_insert.cpp
index b0424fd6f87..b7a0a381bad 100644
--- a/src/solvers/refinement/string_constraint_generator_insert.cpp
+++ b/src/solvers/refinement/string_constraint_generator_insert.cpp
@@ -119,7 +119,7 @@ string_exprt string_constraint_generatort::add_axioms_for_insert_double(
 {
   string_exprt s1=get_string_expr(args(f, 3)[0]);
   const refined_string_typet &ref_type=to_refined_string_type(s1.type());
-  string_exprt s2=add_axioms_from_float(args(f, 3)[2], ref_type);
+  string_exprt s2=add_axioms_for_string_of_float(args(f, 3)[2], ref_type);
   return add_axioms_for_insert(s1, s2, args(f, 3)[1]);
 }
 
@@ -133,7 +133,7 @@ string_exprt string_constraint_generatort::add_axioms_for_insert_float(
 {
   string_exprt s1=get_string_expr(args(f, 3)[0]);
   const refined_string_typet &ref_type=to_refined_string_type(s1.type());
-  string_exprt s2=add_axioms_from_float(args(f, 3)[2], ref_type);
+  string_exprt s2=add_axioms_for_string_of_float(args(f, 3)[2], ref_type);
   return add_axioms_for_insert(s1, s2, args(f, 3)[1]);
 }
 
diff --git a/src/solvers/refinement/string_constraint_generator_main.cpp b/src/solvers/refinement/string_constraint_generator_main.cpp
index 11b1a0aa893..8ac4f30f26c 100644
--- a/src/solvers/refinement/string_constraint_generator_main.cpp
+++ b/src/solvers/refinement/string_constraint_generator_main.cpp
@@ -453,7 +453,7 @@ exprt string_constraint_generatort::add_axioms_for_function_application(
   else if(id==ID_cprover_string_of_int_hex_func)
     res=add_axioms_from_int_hex(expr);
   else if(id==ID_cprover_string_of_float_func)
-    res=add_axioms_from_float(expr);
+    res=add_axioms_for_string_of_float(expr);
   else if(id==ID_cprover_string_of_float_scientific_notation_func)
     res=add_axioms_from_float_scientific_notation(expr);
   else if(id==ID_cprover_string_of_double_func)

From cae6d279b5522ca9e36c5b09163e0f41b7668f2b Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Wed, 21 Jun 2017 15:57:19 +0100
Subject: [PATCH 360/699] Style improvements in
 string_constraint_generator_float.cpp

Defining a constant for the maximal value not using scientific notation

Adding precondition on the max_size given to fractional part

Renaming i argument to int_expr

Making comments correspond to added axioms in float to string conversion

Replacing magnitude by fraction and improving comments

Replacing hexadecimal float number by decimal

Hexadecimals are not supported by all compilers

Editing TODO in string of float which should be part of specifications

Typo in comment (from -> form)
---
 .../string_constraint_generator_float.cpp     | 164 ++++++++++--------
 1 file changed, 87 insertions(+), 77 deletions(-)

diff --git a/src/solvers/refinement/string_constraint_generator_float.cpp b/src/solvers/refinement/string_constraint_generator_float.cpp
index b85abd49ae7..0bbb9ae6efa 100644
--- a/src/solvers/refinement/string_constraint_generator_float.cpp
+++ b/src/solvers/refinement/string_constraint_generator_float.cpp
@@ -30,18 +30,18 @@ exprt get_exponent(
   exprt exp_bits=extractbits_exprt(
     src, spec.f+spec.e-1, spec.f, unsignedbv_typet(spec.e));
 
-  // Exponent is in biased from (numbers from -128 to 127 are encoded with
+  // Exponent is in biased form (numbers from -128 to 127 are encoded with
   // integer from 0 to 255) we have to remove the bias.
   return minus_exprt(
     typecast_exprt(exp_bits, signedbv_typet(32)),
     from_integer(spec.bias(), signedbv_typet(32)));
 }
 
-/// Gets the magnitude without hidden bit
+/// Gets the fraction without hidden bit
 /// \param src: a floating point expression
 /// \param spec: specification for floating points
-/// \return An unsigned value representing the magnitude.
-exprt get_magnitude(const exprt &src, const ieee_float_spect &spec)
+/// \return An unsigned value representing the fractional part.
+exprt get_fraction(const exprt &src, const ieee_float_spect &spec)
 {
   return extractbits_exprt(src, spec.f-1, 0, unsignedbv_typet(spec.f));
 }
@@ -61,12 +61,12 @@ exprt get_significand(
 {
   PRECONDITION(type.id()==ID_unsignedbv);
   PRECONDITION(to_unsignedbv_type(type).get_width()>spec.f);
-  typecast_exprt magnitude(get_magnitude(src, spec), type);
+  typecast_exprt fraction(get_fraction(src, spec), type);
   exprt exponent=get_exponent(src, spec);
   equal_exprt all_zeros(exponent, from_integer(0, exponent.type()));
   exprt hidden_bit=from_integer((1 << spec.f), type);
-  plus_exprt with_hidden_bit(magnitude, hidden_bit);
-  return if_exprt(all_zeros, magnitude, with_hidden_bit);
+  bitor_exprt with_hidden_bit(fraction, hidden_bit);
+  return if_exprt(all_zeros, fraction, with_hidden_bit);
 }
 
 /// Create an expression to represent a float or double value.
@@ -126,9 +126,9 @@ exprt floatbv_of_int_expr(const exprt &i, const ieee_float_spect &spec)
 /// floating point value in decimal.
 /// We are looking for d such that n * 10^d = m * 2^e, so:
 /// d = log_10(m) + log_10(2) * e - log_10(n)
-/// m -- the magnitude -- should be between 1 and 2 so log_10(m)
+/// m -- the fraction -- should be between 1 and 2 so log_10(m)
 /// in [0,log_10(2)].
-/// n -- the magnitude in base 10 -- should be between 1 and 10 so
+/// n -- the fraction in base 10 -- should be between 1 and 10 so
 /// log_10(n) in [0, 1].
 /// So the estimate is given by:
 /// d ~=~  floor(log_10(2) * e)
@@ -169,10 +169,12 @@ string_exprt string_constraint_generatort::add_axioms_from_double(
 
 /// Add axioms corresponding to the integer part of m, in decimal form with no
 /// leading zeroes, followed by '.' ('\u002E'), followed by one or more decimal
-/// digits representing the fractional part of m.
+/// digits representing the fractional part of m. This specification is correct
+/// for inputs that do not exceed 100000 and the function is unspecified for
+/// other values.
 ///
 /// TODO: this specification is not correct for negative numbers and
-/// double precision and floating point value that exceed 100000
+/// double precision
 /// \param f: expression representing a float
 /// \param ref_type: refined type for strings
 /// \return a new string expression
@@ -186,15 +188,17 @@ string_exprt string_constraint_generatort::add_axioms_for_string_of_float(
   // shifted is floor(f * 1e5)
   exprt shifting=constant_float(1e5, float_spec);
   exprt shifted=round_expr_to_zero(floatbv_mult(f, shifting));
+  // Numbers with greater or equal value to the following, should use
+  // the exponent notation.
+  exprt max_non_exponent_notation=from_integer(100000, shifted.type());
   // fractional_part is floor(f * 100000) % 100000
-  mod_exprt fractional_part(shifted, from_integer(100000, shifted.type()));
+  mod_exprt fractional_part(shifted, max_non_exponent_notation);
   string_exprt fractional_part_str=
     add_axioms_for_fractional_part(fractional_part, 6, ref_type);
 
-  // The axiom added to convert to integer should always been satisfiable even
-  // when the precondition are not satisfied.
-  mod_exprt integer_part(
-    round_expr_to_zero(f), from_integer(1000000, shifted.type()));
+  // The axiom added to convert to integer should always be satisfiable even
+  // when the preconditions are not satisfied.
+  mod_exprt integer_part(round_expr_to_zero(f), max_non_exponent_notation);
   // We should not need more than 8 characters to represent the integer
   // part of the float.
   string_exprt integer_part_str=add_axioms_from_int(integer_part, 8, ref_type);
@@ -202,17 +206,19 @@ string_exprt string_constraint_generatort::add_axioms_for_string_of_float(
   return add_axioms_for_concat(integer_part_str, fractional_part_str);
 }
 
-/// add axioms for representing the fractional part of a floating point starting
+/// Add axioms for representing the fractional part of a floating point starting
 /// with a dot
-/// \param i: an integer expression
-/// \param max_size: a maximal size for the string
+/// \param int_expr: an integer expression
+/// \param max_size: a maximal size for the string, this includes the
+///   potential minus sign and therefore should be greater than 2
 /// \param ref_type: a type for refined strings
 /// \return a string expression
 string_exprt string_constraint_generatort::add_axioms_for_fractional_part(
-    const exprt &i, size_t max_size, const refined_string_typet &ref_type)
+  const exprt &int_expr, size_t max_size, const refined_string_typet &ref_type)
 {
-  PRECONDITION(i.type().id()==ID_signedbv);
-  const typet &type=i.type();
+  PRECONDITION(int_expr.type().id()==ID_signedbv);
+  PRECONDITION(max_size>=2);
+  const typet &type=int_expr.type();
   string_exprt res=fresh_string(ref_type);
   exprt ten=from_integer(10, type);
   const typet &char_type=ref_type.get_char_type();
@@ -223,11 +229,11 @@ string_exprt string_constraint_generatort::add_axioms_for_fractional_part(
 
   // We add axioms:
   // a1 : 2 <= |res| <= max_size
-  // a2 : forall 1 <= i < size '0' < res[i] < '9'
-  // res[0] = '.'
-  // a3 : i = sum_j 10^j res[j] - '0'
-  // for all j : !(|res| = j+1 && res[j]='0')
-  // for all j : |res| <= j => res[j]='0'
+  // a2 : starts_with_dot && no_trailing_zero && is_number
+  // starts_with_dot: res[0] = '.'
+  // is_number: forall i:[1, max_size[. '0' < res[i] < '9'
+  // no_trailing_zero: forall j:[2, max_size[. !(|res| = j+1 && res[j] = '0')
+  // a3 : int_expr = sum_j 10^j (j < |res| ? res[j] - '0' : 0)
 
   and_exprt a1(res.axiom_for_is_strictly_longer_than(1),
                res.axiom_for_is_shorter_than(max));
@@ -241,11 +247,12 @@ string_exprt string_constraint_generatort::add_axioms_for_fractional_part(
 
   for(size_t j=1; j<max_size; j++)
   {
+    // after_end is |res| <= j
     binary_relation_exprt after_end(
       res.length(), ID_le, from_integer(j, res.length().type()));
     mult_exprt ten_sum(sum, ten);
 
-    // sum = 10 * sum + (res[j]-'0')
+    // sum = 10 * sum + after_end ? 0 : (res[j]-'0')
     if_exprt to_add(
       after_end,
       from_integer(0, type),
@@ -253,8 +260,8 @@ string_exprt string_constraint_generatort::add_axioms_for_fractional_part(
     sum=plus_exprt(ten_sum, to_add);
 
     and_exprt is_number(
-          binary_relation_exprt(res[j], ID_ge, zero_char),
-          binary_relation_exprt(res[j], ID_le, nine_char));
+      binary_relation_exprt(res[j], ID_ge, zero_char),
+      binary_relation_exprt(res[j], ID_le, nine_char));
     digit_constraints.push_back(is_number);
 
     // There are no trailing zeros except for ".0" (i.e j=2)
@@ -263,14 +270,14 @@ string_exprt string_constraint_generatort::add_axioms_for_fractional_part(
       not_exprt no_trailing_zero(and_exprt(
         equal_exprt(res.length(), from_integer(j+1, res.length().type())),
       equal_exprt(res[j], zero_char)));
-      axioms.push_back(no_trailing_zero);
+      digit_constraints.push_back(no_trailing_zero);
     }
   }
 
   exprt a2=conjunction(digit_constraints);
   axioms.push_back(a2);
 
-  equal_exprt a3(i, sum);
+  equal_exprt a3(int_expr, sum);
   axioms.push_back(a3);
 
   return res;
@@ -286,13 +293,12 @@ string_exprt string_constraint_generatort::add_axioms_for_fractional_part(
 /// $d = floor(log_10(2) * e)$
 /// Then $n$ can be expressed by the equation:
 /// $log_10(n) = log_10(m) + log_10(2) * e - d$
-/// $n = f /10^d = m * 2^e / 10^d = m * 2^e / 10^(floor(log_10(2) * e))$
-///
+/// $n = f / 10^d = m * 2^e / 10^d = m * 2^e / 10^(floor(log_10(2) * e))$
 /// TODO: For now we only consider single precision.
 /// \param f: a float expression, which is positive
 /// \param max_size: a maximal size for the string
 /// \param ref_type: a type for refined strings
-/// \return a string expression
+/// \return a string expression representing the float in scientific notation
 string_exprt string_constraint_generatort::
   add_axioms_from_float_scientific_notation(
     const exprt &f, const refined_string_typet &ref_type)
@@ -308,57 +314,58 @@ string_exprt string_constraint_generatort::
   exprt bin_exponent=get_exponent(f, float_spec);
 
   // $m$ from the formula is a value between 0.0 and 2.0 represented
-  // with values in the range 0x000000 0x0FFFFFF so 1 corresponds to 0x0800000.
+  // with values in the range 0x000000 0xFFFFFF so 1 corresponds to 0x800000.
   // `bin_significand_int` represents $m * 0x800000$
   exprt bin_significand_int=
     get_significand(f, float_spec, unsignedbv_typet(32));
-  // `bin_significand` represents $m$ it is obtained
-  // by multiplying `binary_significand_as_int` by 1/0x800000=1.192092896e-7.
+  // `bin_significand` represents $m$ and is obtained
+  // by multiplying `binary_significand_as_int` by
+  // 1/0x800000 = 2^-23 = 1.1920928955078125 * 10^-7
   exprt bin_significand=floatbv_mult(
     floatbv_typecast_exprt(bin_significand_int, round_to_zero_expr, float_type),
-    constant_float(1.192092896e-7, float_spec));
+    constant_float(1.1920928955078125e-7, float_spec));
 
   // This is a first approximation of the exponent that will adjust
-  // if the magnitude we get is greater than 10
+  // if the fraction we get is greater than 10
   exprt dec_exponent_estimate=estimate_decimal_exponent(f, float_spec);
 
   // Table for values of $2^x / 10^(floor(log_10(2)*x))$ where x=Range[0,128]
   std::vector<double> two_power_e_over_ten_power_d_table(
-  {1, 2, 4, 8, 1.6, 3.2, 6.4, 1.28, 2.56,
-   5.12, 1.024, 2.048, 4.096, 8.192, 1.6384, 3.2768, 6.5536,
-   1.31072, 2.62144, 5.24288, 1.04858, 2.09715, 4.19430, 8.38861, 1.67772,
-   3.35544, 6.71089, 1.34218, 2.68435, 5.36871, 1.07374, 2.14748, 4.29497,
-   8.58993, 1.71799, 3.43597, 6.87195, 1.37439, 2.74878, 5.49756, 1.09951,
-   2.19902, 4.39805, 8.79609, 1.75922, 3.51844, 7.03687, 1.40737, 2.81475,
-   5.62950, 1.12590, 2.25180, 4.50360, 9.00720, 1.80144, 3.60288, 7.20576,
-   1.44115, 2.88230, 5.76461, 1.15292, 2.30584, 4.61169, 9.22337, 1.84467,
-   3.68935, 7.37870, 1.47574, 2.95148, 5.90296, 1.18059, 2.36118, 4.72237,
-   9.44473, 1.88895, 3.77789, 7.55579, 1.51116, 3.02231, 6.04463, 1.20893,
-   2.41785, 4.83570, 9.67141, 1.93428, 3.86856, 7.73713, 1.54743, 3.09485,
-   6.18970, 1.23794, 2.47588, 4.95176, 9.90352, 1.98070, 3.96141, 7.92282,
-   1.58456, 3.16913, 6.33825, 1.26765, 2.53530, 5.07060, 1.01412, 2.02824,
-   4.05648, 8.11296, 1.62259, 3.24519, 6.49037, 1.29807, 2.59615, 5.1923,
-   1.03846, 2.07692, 4.15384, 8.30767, 1.66153, 3.32307, 6.64614, 1.32923,
-   2.65846, 5.31691, 1.06338, 2.12676, 4.25353, 8.50706, 1.70141});
+    { 1, 2, 4, 8, 1.6, 3.2, 6.4, 1.28, 2.56,
+      5.12, 1.024, 2.048, 4.096, 8.192, 1.6384, 3.2768, 6.5536,
+      1.31072, 2.62144, 5.24288, 1.04858, 2.09715, 4.19430, 8.38861, 1.67772,
+      3.35544, 6.71089, 1.34218, 2.68435, 5.36871, 1.07374, 2.14748, 4.29497,
+      8.58993, 1.71799, 3.43597, 6.87195, 1.37439, 2.74878, 5.49756, 1.09951,
+      2.19902, 4.39805, 8.79609, 1.75922, 3.51844, 7.03687, 1.40737, 2.81475,
+      5.62950, 1.12590, 2.25180, 4.50360, 9.00720, 1.80144, 3.60288, 7.20576,
+      1.44115, 2.88230, 5.76461, 1.15292, 2.30584, 4.61169, 9.22337, 1.84467,
+      3.68935, 7.37870, 1.47574, 2.95148, 5.90296, 1.18059, 2.36118, 4.72237,
+      9.44473, 1.88895, 3.77789, 7.55579, 1.51116, 3.02231, 6.04463, 1.20893,
+      2.41785, 4.83570, 9.67141, 1.93428, 3.86856, 7.73713, 1.54743, 3.09485,
+      6.18970, 1.23794, 2.47588, 4.95176, 9.90352, 1.98070, 3.96141, 7.92282,
+      1.58456, 3.16913, 6.33825, 1.26765, 2.53530, 5.07060, 1.01412, 2.02824,
+      4.05648, 8.11296, 1.62259, 3.24519, 6.49037, 1.29807, 2.59615, 5.1923,
+      1.03846, 2.07692, 4.15384, 8.30767, 1.66153, 3.32307, 6.64614, 1.32923,
+      2.65846, 5.31691, 1.06338, 2.12676, 4.25353, 8.50706, 1.70141});
 
   // Table for values of $2^x / 10^(floor(log_10(2)*x))$ where x=Range[-128,-1]
   std::vector<double> two_power_e_over_ten_power_d_table_negatives(
-  { 2.93874, 5.87747, 1.17549, 2.35099, 4.70198, 9.40395, 1.88079, 3.76158,
-    7.52316, 1.50463, 3.00927, 6.01853, 1.20371, 2.40741, 4.81482, 9.62965,
-    1.92593, 3.85186, 7.70372, 1.54074, 3.08149, 6.16298, 1.23260, 2.46519,
-    4.93038, 9.86076, 1.97215, 3.94430, 7.88861, 1.57772, 3.15544, 6.31089,
-    1.26218, 2.52435, 5.04871, 1.00974, 2.01948, 4.03897, 8.07794, 1.61559,
-    3.23117, 6.46235, 1.29247, 2.58494, 5.16988, 1.03398, 2.06795, 4.13590,
-    8.27181, 1.65436, 3.30872, 6.61744, 1.32349, 2.64698, 5.29396, 1.05879,
-    2.11758, 4.23516, 8.47033, 1.69407, 3.38813, 6.77626, 1.35525, 2.71051,
-    5.42101, 1.08420, 2.16840, 4.33681, 8.67362, 1.73472, 3.46945, 6.93889,
-    1.38778, 2.77556, 5.55112, 1.11022, 2.22045, 4.44089, 8.88178, 1.77636,
-    3.55271, 7.10543, 1.42109, 2.84217, 5.68434, 1.13687, 2.27374, 4.54747,
-    9.09495, 1.81899, 3.63798, 7.27596, 1.45519, 2.91038, 5.82077, 1.16415,
-    2.32831, 4.65661, 9.31323, 1.86265, 3.72529, 7.45058, 1.49012, 2.98023,
-    5.96046, 1.19209, 2.38419, 4.76837, 9.53674, 1.90735, 3.81470, 7.62939,
-    1.52588, 3.05176, 6.10352, 1.22070, 2.44141, 4.88281, 9.76563, 1.95313,
-    3.90625, 7.81250, 1.56250, 3.12500, 6.25000, 1.25000, 2.50000, 5});
+    { 2.93874, 5.87747, 1.17549, 2.35099, 4.70198, 9.40395, 1.88079, 3.76158,
+      7.52316, 1.50463, 3.00927, 6.01853, 1.20371, 2.40741, 4.81482, 9.62965,
+      1.92593, 3.85186, 7.70372, 1.54074, 3.08149, 6.16298, 1.23260, 2.46519,
+      4.93038, 9.86076, 1.97215, 3.94430, 7.88861, 1.57772, 3.15544, 6.31089,
+      1.26218, 2.52435, 5.04871, 1.00974, 2.01948, 4.03897, 8.07794, 1.61559,
+      3.23117, 6.46235, 1.29247, 2.58494, 5.16988, 1.03398, 2.06795, 4.13590,
+      8.27181, 1.65436, 3.30872, 6.61744, 1.32349, 2.64698, 5.29396, 1.05879,
+      2.11758, 4.23516, 8.47033, 1.69407, 3.38813, 6.77626, 1.35525, 2.71051,
+      5.42101, 1.08420, 2.16840, 4.33681, 8.67362, 1.73472, 3.46945, 6.93889,
+      1.38778, 2.77556, 5.55112, 1.11022, 2.22045, 4.44089, 8.88178, 1.77636,
+      3.55271, 7.10543, 1.42109, 2.84217, 5.68434, 1.13687, 2.27374, 4.54747,
+      9.09495, 1.81899, 3.63798, 7.27596, 1.45519, 2.91038, 5.82077, 1.16415,
+      2.32831, 4.65661, 9.31323, 1.86265, 3.72529, 7.45058, 1.49012, 2.98023,
+      5.96046, 1.19209, 2.38419, 4.76837, 9.53674, 1.90735, 3.81470, 7.62939,
+      1.52588, 3.05176, 6.10352, 1.22070, 2.44141, 4.88281, 9.76563, 1.95313,
+      3.90625, 7.81250, 1.56250, 3.12500, 6.25000, 1.25000, 2.50000, 5});
 
   // bias_table used to find the bias factor
   exprt conversion_factor_table_size=from_integer(
@@ -392,7 +399,7 @@ string_exprt string_constraint_generatort::
     plus_exprt(dec_exponent_estimate, from_integer(1, int_type)),
     dec_exponent_estimate);
 
-  // `dec_significand` is divided by 10 if it exeeds 10
+  // `dec_significand` is divided by 10 if it exceeds 10
   dec_significand=if_exprt(
     estimate_too_small,
     floatbv_mult(dec_significand, constant_float(0.1, float_spec)),
@@ -409,9 +416,12 @@ string_exprt string_constraint_generatort::
   exprt shifted_float=
     round_expr_to_zero(floatbv_mult(fractional_part, shifting));
 
+  // Numbers with greater or equal value to the following, should use
+  // the exponent notation.
+  exprt max_non_exponent_notation=from_integer(100000, shifted_float.type());
+
   // fractional_part_shifted is floor(f * 100000) % 100000
-  mod_exprt fractional_part_shifted(
-    shifted_float, from_integer(100000, shifted_float.type()));
+  mod_exprt fractional_part_shifted(shifted_float, max_non_exponent_notation);
 
   string_exprt string_fractional_part=add_axioms_for_fractional_part(
     fractional_part_shifted, 6, ref_type);
@@ -421,7 +431,7 @@ string_exprt string_constraint_generatort::
   string_exprt string_expr_with_fractional_part=add_axioms_for_concat(
     string_expr_integer_part, string_fractional_part);
 
-  // string_expr_with_E = concat(string_magnitude, string_lit_E)
+  // string_expr_with_E = concat(string_fraction, string_lit_E)
   string_exprt string_expr_with_E=add_axioms_for_concat_char(
     string_expr_with_fractional_part,
     from_integer('E', ref_type.get_char_type()));
@@ -434,7 +444,7 @@ string_exprt string_constraint_generatort::
   return add_axioms_for_concat(string_expr_with_E, exponent_string);
 }
 
-/// add axioms corresponding to the scientific representation of floating point
+/// Add axioms corresponding to the scientific representation of floating point
 /// values
 /// \param f: a function application expression
 /// \return a new string expression

From 64558ca161dc9d6e9e188f761c41533cdfa45130 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Wed, 21 Jun 2017 16:37:23 +0100
Subject: [PATCH 361/699] Update comments in
 string_constraint_generator_valueof.cpp

---
 .../refinement/string_constraint_generator_valueof.cpp     | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/solvers/refinement/string_constraint_generator_valueof.cpp b/src/solvers/refinement/string_constraint_generator_valueof.cpp
index 914df80ee03..c009dd6e412 100644
--- a/src/solvers/refinement/string_constraint_generator_valueof.cpp
+++ b/src/solvers/refinement/string_constraint_generator_valueof.cpp
@@ -89,8 +89,9 @@ string_exprt string_constraint_generatort::add_axioms_from_bool(
   return res;
 }
 
-/// add axioms to say the string corresponds to the result of String.valueOf(I)
-/// or String.valueOf(J) java functions applied on the integer expression
+/// Add axioms enforcing that the string corresponds to the result
+/// of String.valueOf(I) or String.valueOf(J) Java functions applied
+/// on the integer expression.
 /// \param i: a signed integer expression
 /// \param max_size: a maximal size for the string representation
 /// \param ref_type: type for refined strings
@@ -305,7 +306,7 @@ string_exprt string_constraint_generatort::add_axioms_from_char(
 }
 
 /// Add axioms stating that the returned string has length 1 and the character
-/// it contains correspond to the input expression.
+/// it contains corresponds to the input expression.
 /// \param c: one expression of type char
 /// \param ref_type: type of refined string expressions
 /// \return a new string expression

From e1f2d77faf9a78415d326f36cf3047145395d1d9 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Thu, 29 Jun 2017 15:40:18 +0100
Subject: [PATCH 362/699] Adding tests for String.valueOf float

Add several tests, some take long and are marked as THOROUGH, fail
probably due to some problem in CBMC and are marked as KNOWNBUG.
---
 .../java_value_of_float_2/test.class              | Bin 0 -> 672 bytes
 .../java_value_of_float_2/test.desc               |   8 ++++++++
 .../java_value_of_float_2/test.java               |   9 +++++++++
 .../java_value_of_float_3/test.class              | Bin 0 -> 721 bytes
 .../java_value_of_float_3/test.desc               |   9 +++++++++
 .../java_value_of_float_3/test.java               |  10 ++++++++++
 .../java_value_of_float_4/test.class              | Bin 0 -> 828 bytes
 .../java_value_of_float_4/test.desc               |  10 ++++++++++
 .../java_value_of_float_4/test.java               |  13 +++++++++++++
 .../java_value_of_float_5/test.class              | Bin 0 -> 673 bytes
 .../java_value_of_float_5/test.desc               |   8 ++++++++
 .../java_value_of_float_5/test.java               |   9 +++++++++
 12 files changed, 76 insertions(+)
 create mode 100644 regression/strings-smoke-tests/java_value_of_float_2/test.class
 create mode 100644 regression/strings-smoke-tests/java_value_of_float_2/test.desc
 create mode 100644 regression/strings-smoke-tests/java_value_of_float_2/test.java
 create mode 100644 regression/strings-smoke-tests/java_value_of_float_3/test.class
 create mode 100644 regression/strings-smoke-tests/java_value_of_float_3/test.desc
 create mode 100644 regression/strings-smoke-tests/java_value_of_float_3/test.java
 create mode 100644 regression/strings-smoke-tests/java_value_of_float_4/test.class
 create mode 100644 regression/strings-smoke-tests/java_value_of_float_4/test.desc
 create mode 100644 regression/strings-smoke-tests/java_value_of_float_4/test.java
 create mode 100644 regression/strings-smoke-tests/java_value_of_float_5/test.class
 create mode 100644 regression/strings-smoke-tests/java_value_of_float_5/test.desc
 create mode 100644 regression/strings-smoke-tests/java_value_of_float_5/test.java

diff --git a/regression/strings-smoke-tests/java_value_of_float_2/test.class b/regression/strings-smoke-tests/java_value_of_float_2/test.class
new file mode 100644
index 0000000000000000000000000000000000000000..7e8016e0b84e19a2ee91146383acbd9fe81932f1
GIT binary patch
literal 672
zcmY*XT~8B16g_vl?R2+`Eeoyn1C<Y<tqDYfQ3Ej=gcngBN=)Q!x*cI*-RgeuU+kMt
zKC1~BP2`>b;lD7(JBxJjWoGV~bI-Z=&Yb@F{u975?%1fHX>R}eShsNnS1nk$R>pN5
zObOhuA<z`KY2y~A1!f2nb25%ql=y=%e&)xr7pOjgb_k_aKlGEwghH$RieRn{`ifB9
z^h5PBecMyfwk8vb-k$Of2xHwudIvA$y9^hYC6rga;Gc-y9i)+`Hhi68B`Qu9_vN8<
za0ylBI+(+42M)#v;=$s>N9%X*Ihe-+p{aRGfed$-o}QPw9z}zQYtlLbEeCCM2(_HK
z)!SEI@*mVqB0t<^`9m3`YU>T5-r8ty<~e7C74BTUPh}8m!iDQI$(1&brkW?M1w21O
zqpxB=QvFedJd7me3m)DMrui8v{6JJ|>K6G_0O`(ot#LHPJMmuZ9D_b<BF1?wWgw3W
z?ufbvBSY`I#y1q6e}Or~WXCNYp)^G02gK`Rlus_gA97er8=15VQ~R++iQNT%oiZjE
vv0(hxKV`DPKz-!8oOuG{u5|=^2w{GLS@;SwS3ECPs}x~4PjpL-%<%GGFD!uQ

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_value_of_float_2/test.desc b/regression/strings-smoke-tests/java_value_of_float_2/test.desc
new file mode 100644
index 00000000000..8a2a2bc6207
--- /dev/null
+++ b/regression/strings-smoke-tests/java_value_of_float_2/test.desc
@@ -0,0 +1,8 @@
+KNOWNBUG
+test.class
+--refine-strings --function test.check
+^EXIT=10$
+^SIGNAL=0$
+assertion.* file test.java line 6 .* SUCCESS$
+assertion.* file test.java line 7 .* FAILURE$
+--
diff --git a/regression/strings-smoke-tests/java_value_of_float_2/test.java b/regression/strings-smoke-tests/java_value_of_float_2/test.java
new file mode 100644
index 00000000000..7967e6f3668
--- /dev/null
+++ b/regression/strings-smoke-tests/java_value_of_float_2/test.java
@@ -0,0 +1,9 @@
+public class test
+{
+    public static void check()
+    {
+        String s3=String.valueOf(7.89e12f);
+        assert(s3.equals("7.89E12"));
+        assert(!s3.equals("7.89E12"));
+    }
+}
diff --git a/regression/strings-smoke-tests/java_value_of_float_3/test.class b/regression/strings-smoke-tests/java_value_of_float_3/test.class
new file mode 100644
index 0000000000000000000000000000000000000000..3572c20abb1923ae93579403be612e1a72fe1ce7
GIT binary patch
literal 721
zcmZWnO>fgc5PcgvS;uim;(ibcX(^O82{ZwzAR#IQDh&q;Jp_U1&9S$wTh~GMrWbxm
z^9MKsQi?zVi6b|T{1=3nb=z1Kmz~)+Z|A+8-JgHId;_q8+a`*b(eM2D_1nZ{T*;$=
znt@rhnKN)z#d(fvCi0l!xNc$rH#im<CKjAH7LoM(Vf@68on9b32DZhJTlGU<K4j49
zjaLl%THg~4r42t6F9rua5xrDohOE0Q+<k^(S32(gbLVY>b1X3!t8Q@G#O(G5kt;gB
zI+B+nmaRSK(6LZPg}4^#Xjr&_66xJ--LufdO-k37?_0Q~(yF4j11H>RKR$E39!33#
ztf_V!%NAN_Gn7;2W^Yfp@*LEakst0b@IxmUh|O(=sd}fek)AmrJYX<m=|nPq?aN(7
z`k&IEDH$U4PAR3d$67#BWtjFv>_@^I8>SJ-0TpPZTbQRuD$?_@a#dZNG7V%E6<TfD
z)hIHG+2%3W2SvmLt+@oGA!2e&eTPhfKD9HSp*{NueTZ7q&W?~fg4MM72*wbFugJeS
zhWY(`ee$G!l-8A4CK0otD+eS>zXb+5Bs)cj3GEMNIi~p>p%=$SRuUUP#V(9s4Z-#I
Y(6vv{)0SucRhuj_)+2SxYNB}QAHD61q5uE@

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_value_of_float_3/test.desc b/regression/strings-smoke-tests/java_value_of_float_3/test.desc
new file mode 100644
index 00000000000..771fdebe7cc
--- /dev/null
+++ b/regression/strings-smoke-tests/java_value_of_float_3/test.desc
@@ -0,0 +1,9 @@
+KNOWNBUG
+test.class
+--refine-strings --function test.check
+^EXIT=10$
+^SIGNAL=0$
+assertion.* file test.java line 7 .* SUCCESS$
+assertion.* file test.java line 8 .* FAILURE$
+
+--
diff --git a/regression/strings-smoke-tests/java_value_of_float_3/test.java b/regression/strings-smoke-tests/java_value_of_float_3/test.java
new file mode 100644
index 00000000000..47bfa2b43cf
--- /dev/null
+++ b/regression/strings-smoke-tests/java_value_of_float_3/test.java
@@ -0,0 +1,10 @@
+public class test
+{
+    public static void check()
+    {
+        String s5=String.valueOf(5.67e-9f);
+        // The result may not be exactly 5.67E-9 as 5.66999...E-9 is also valid
+        assert(s5.startsWith("5.6") && s5.endsWith("E-9"));
+        assert(!s5.startsWith("5.6") || !s5.endsWith("E-9"));
+    }
+ }
diff --git a/regression/strings-smoke-tests/java_value_of_float_4/test.class b/regression/strings-smoke-tests/java_value_of_float_4/test.class
new file mode 100644
index 0000000000000000000000000000000000000000..b9330858ee9274276f68939beff183e05dd57a8a
GIT binary patch
literal 828
zcmZuvT~8B16g|^!JKOC7Whu3OR0R>+@=-r{gBT3j#8ApZjYi(4+W{BWt?q6~d;)()
z`v-hh6EK>n&&J<`-s##F6OzrHyJyZlbMBq_b@uf;fE7G2kU@dtx^{F77`TC(+8@fa
zqn|(u<CxJgtKeH4a|RI#I&SNj=eT2_h!RJcVQNkUf%HSC?FEmWKr~(1VqiNA$u-Aw
z!iNm;V(B@9w$W}$hKZWv$$IB?Q~J*onIU1nlJ)_^SR)kn!IpT_$2k@l^flZ4Ct@_(
z9p9E!N0p>P8HCIG;!v2FLY7ojUU7xDSE;&f5mL2@MJ$<^ghe_}y<MgA&cre*4EYiL
z(ZKx^-*5XQy)@vG@w%v!adjBST@&|kpCL1<-EQtnJNyr7gudhLG4Mm-cI5Uh!*sD)
zs*P$Q!YYkNzU>G%P=s^ak>qNL=69~A4VQ+@kZZ}n@nvi1nI;x?XoDuagBiN93|%bC
z<W<*{#X<LjEX8U1E6~blO_Wc;J}M$|6q9|B8pov}^*3Tv47|7EU!ZMT35qo<Npb5F
zcn{gKrJo?xL;4$xm#0Yoh~Ndwya-;j#x8*8Bato&QCSz+h}a#;Dx0ys%~|M_C&+FR
zCOGw{qeQ0H>0Q1+8pnj@i7^T7Og+uZ(U;2=iFjq$*-F1#qFLi7nCO9PAE3oQgO5%c
S3`D6V5Hr`+*sk`CT>A@*mZVYu

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_value_of_float_4/test.desc b/regression/strings-smoke-tests/java_value_of_float_4/test.desc
new file mode 100644
index 00000000000..7f1e0f8819a
--- /dev/null
+++ b/regression/strings-smoke-tests/java_value_of_float_4/test.desc
@@ -0,0 +1,10 @@
+THOROUGH
+test.class
+--refine-strings --function test.check
+^EXIT=10$
+^SIGNAL=0$
+assertion.* test.java line 8 .* SUCCESS$
+assertion.* test.java line 9 .* SUCCESS$
+assertion.* test.java line 10 .* SUCCESS$
+assertion.* test.java line 11 .* FAILURE$
+--
diff --git a/regression/strings-smoke-tests/java_value_of_float_4/test.java b/regression/strings-smoke-tests/java_value_of_float_4/test.java
new file mode 100644
index 00000000000..13c1151eb7b
--- /dev/null
+++ b/regression/strings-smoke-tests/java_value_of_float_4/test.java
@@ -0,0 +1,13 @@
+public class test
+{
+    public static void check()
+    {
+        String s7=String.valueOf(java.lang.Float.POSITIVE_INFINITY);
+        String s8=String.valueOf(java.lang.Float.NEGATIVE_INFINITY);
+        String s9=String.valueOf(java.lang.Float.NaN);
+        assert(s7.equals("Infinity"));
+        assert(s8.equals("-Infinity"));
+        assert(s9.equals("NaN"));
+        assert(!s7.equals("Infinity") || !s8.equals("-Infinity") || !s9.equals("NaN"));
+    }
+}
diff --git a/regression/strings-smoke-tests/java_value_of_float_5/test.class b/regression/strings-smoke-tests/java_value_of_float_5/test.class
new file mode 100644
index 0000000000000000000000000000000000000000..576229eef2628e90fc4db16494a34de85f61ce5b
GIT binary patch
literal 673
zcmY*XT~8B16g_vl?R2+`Eeq88fr6s8HA2+l3&d#ncoF2G#6;ev+YuJlt?mbjKgIq5
zpVb76CYt!@Kk*OvWQ=zf>Eg@G+%xB%bMKw`@#phb03F=6Q9;A}{_E!(8y9fVf`v<E
zT-L#~z!e(;4S}mRW-u#ojW97M<5)$BKM3PhKbE~f^$D~?C@uS;pFAWKnyqI9b7jz1
zgzAPLs;BA8o{F|LnNalhly^WF>n74W*p#m_T;MvPyzB-4MC|S$jXbsP>l7<daWcOz
z52b^1s4~~V9Bw#pFveMT?%umU-&uU%;3jSn8k)Ee$Z&Vz@oBAVQ8b9SC@mz=bkIVZ
zP|KNHy?x~+|3Td(^21$%IFv!Ewq6jXn(M8NJm-Y4#I38>sSILGICFg>xzys>RP&^j
zfCosZ_f_misz0ibr;((5!PDEpEWbmAUx;cA-6Nk0Al*8zHIAlvC*F(gW6*m|#5k{|
z4CHyi9Z~mSWay%6d_v*L2be=lw%y_pN<&n>Ks-N2`P*6eZ4PT`Ba?PvYCpCpvAf{E
zQ^o`%7L4Eet4!7zm>RiuGEZRKwT@s9A<TC$3m;+Til@bDl_Cu1k#4D;8J_<Od^dt7

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_value_of_float_5/test.desc b/regression/strings-smoke-tests/java_value_of_float_5/test.desc
new file mode 100644
index 00000000000..7a279ade453
--- /dev/null
+++ b/regression/strings-smoke-tests/java_value_of_float_5/test.desc
@@ -0,0 +1,8 @@
+THOROUGH
+test.class
+--refine-strings --function test.check
+^EXIT=10$
+^SIGNAL=0$
+assertion.* file test.java line 6 .* SUCCESS$
+assertion.* file test.java line 7 .* FAILURE$
+--
diff --git a/regression/strings-smoke-tests/java_value_of_float_5/test.java b/regression/strings-smoke-tests/java_value_of_float_5/test.java
new file mode 100644
index 00000000000..d64f033c86c
--- /dev/null
+++ b/regression/strings-smoke-tests/java_value_of_float_5/test.java
@@ -0,0 +1,9 @@
+public class test
+{
+    public static void check()
+    {
+        String s1=String.valueOf(-123.456f);
+        assert(s1.equals("-123.456"));
+        assert(!s1.equals("-123.456"));
+    }
+}

From cf260082902faff0733ee914818f14d2d52a53f0 Mon Sep 17 00:00:00 2001
From: Cesar Rodriguez <cesar.rodriguez@diffblue.com>
Date: Tue, 27 Jun 2017 16:41:04 +0100
Subject: [PATCH 363/699] Discard LVT if bytecode > codet translation cannot
 make sense of it

---
 .../java_local_variable_table.cpp             | 34 ++++++++++++++-----
 1 file changed, 26 insertions(+), 8 deletions(-)

diff --git a/src/java_bytecode/java_local_variable_table.cpp b/src/java_bytecode/java_local_variable_table.cpp
index 508ae02891c..10c5c34cc38 100644
--- a/src/java_bytecode/java_local_variable_table.cpp
+++ b/src/java_bytecode/java_local_variable_table.cpp
@@ -289,10 +289,12 @@ static void populate_predecessor_map(
     if(it->is_parameter)
       continue;
 
-    msg.debug() << "ppm: processing var idx " << it->var.index
+#ifdef DEBUG
+    msg.debug() << "jcm: ppm: processing var idx " << it->var.index
                 << " name '" << it->var.name << "' start-pc "
                 << it->var.start_pc << " len " << it->var.length
                 << "; holes " << it->holes.size() << messaget::eom;
+#endif
 
     // Find the last instruction within the live range:
     unsigned end_pc=it->var.start_pc+it->var.length;
@@ -362,11 +364,11 @@ static void populate_predecessor_map(
                *(inst_before_this->second.source),
                it->var.index))
           {
-            msg.error() << "Local variable table: didn't find initializing "
-                        << "store for predecessor of bytecode at address "
-                        << amapit->first << " ("
-                        << amapit->second.predecessors.size()
-                        << " predecessors)" << msg.eom;
+            msg.warning() << "Local variable table: didn't find initializing "
+                          << "store for predecessor of bytecode at address "
+                          << amapit->first << " ("
+                          << amapit->second.predecessors.size()
+                          << " predecessors)" << msg.eom;
             throw "local variable table: unexpected live ranges";
           }
           new_start_pc=pred;
@@ -720,8 +722,24 @@ void java_bytecode_convert_methodt::setup_local_variables(
   for(const auto &v : m.local_variable_table)
     vars_with_holes.push_back({v, is_parameter(v), {}});
 
-  // Merge variable records:
-  find_initializers(vars_with_holes, amap, dominator_analysis);
+  // Merge variable records. See documentation of in
+  // `find_initializers_for_slot` for more details. If the strategy employed
+  // there fails with an exception, we just ignore the LVT for this method, no
+  // variable is generated in `this->variables[]` (because we return here and
+  // dont let the for loop below to execute), and as a result the method
+  // this->variable() will be forced to create new `anonlocal::` variables, as
+  // the only source of variable names for that method is `this->variables[]`.
+  try
+  {
+    find_initializers(vars_with_holes, amap, dominator_analysis);
+  }
+  catch(const char *message)
+  {
+    warning() << "Bytecode -> codet translation error: " << message << eom
+              << "This is probably due to an unexpected LVT, "
+              << "falling back to translation without LVT" << eom;
+    return;
+  }
 
   // Clean up removed records from the variable table:
   cleanup_var_table(vars_with_holes);

From 5330536f594d437008180de8626728377874251e Mon Sep 17 00:00:00 2001
From: Cesar Rodriguez <cesar.rodriguez@diffblue.com>
Date: Tue, 27 Jun 2017 16:42:18 +0100
Subject: [PATCH 364/699] Documentation for
 java_bytecode_convert_methodt::variable

---
 .../java_bytecode_convert_method.cpp              | 15 +++++++++++++++
 src/java_bytecode/java_local_variable_table.cpp   |  2 +-
 2 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/src/java_bytecode/java_bytecode_convert_method.cpp b/src/java_bytecode/java_bytecode_convert_method.cpp
index b9a3cf00063..bd1e860775f 100644
--- a/src/java_bytecode/java_bytecode_convert_method.cpp
+++ b/src/java_bytecode/java_bytecode_convert_method.cpp
@@ -186,6 +186,21 @@ symbol_exprt java_bytecode_convert_methodt::tmp_variable(
   return result;
 }
 
+/// Returns a symbol_exprt indicating a local variable suitable to load/store
+/// from a bytecode at address `address` a value of type `type_char` stored in
+/// the JVM's slot `arg`.
+///
+/// \param arg
+///   The local variable slot
+/// \param type_char
+///   The type of the value stored in the slot pointed by `arg`.
+/// \param address
+///   Bytecode address used to find a variable that the LVT declares to be live
+///   and living in the slot pointed by `arg` for this bytecode.
+/// \param do_cast
+///   Indicates whether we should return the original symbol_exprt or a
+///   typecast_exprt if the type of the symbol_exprt does not equal that
+///   represented by `type_char`.
 const exprt java_bytecode_convert_methodt::variable(
   const exprt &arg,
   char type_char,
diff --git a/src/java_bytecode/java_local_variable_table.cpp b/src/java_bytecode/java_local_variable_table.cpp
index 10c5c34cc38..67c6ead30b1 100644
--- a/src/java_bytecode/java_local_variable_table.cpp
+++ b/src/java_bytecode/java_local_variable_table.cpp
@@ -543,7 +543,7 @@ static void merge_variable_table_entries(
 /// Given a sequence of users of the same local variable slot, this figures out
 /// which ones are related by control flow, and combines them into a single
 /// entry with holes, such that after combination we can create a single
-/// declaration per variable table entry, placed at the live range's start
+/// GOTO variable per variable table entry, placed at the live range's start
 /// address, which may be moved back so that the declaration dominates all uses.
 /// \par parameters: `firstvar`-`varlimit`: sequence of variable table entries,
 ///   all of which should concern the same slot index.

From a1af44f102abd2951c5ca4eccc23c44e2587b6a4 Mon Sep 17 00:00:00 2001
From: Cesar Rodriguez <cesar.rodriguez@diffblue.com>
Date: Tue, 27 Jun 2017 19:07:27 +0100
Subject: [PATCH 365/699] Regression tests: groovyc lvts

---
 .../lvt-groovy/DetectSplitPackagesTask.class    | Bin 0 -> 10817 bytes
 regression/cbmc-java/lvt-groovy/test.desc       |   7 +++++++
 regression/cbmc-java/lvt-unexpected/test.desc   |   2 +-
 3 files changed, 8 insertions(+), 1 deletion(-)
 create mode 100644 regression/cbmc-java/lvt-groovy/DetectSplitPackagesTask.class
 create mode 100644 regression/cbmc-java/lvt-groovy/test.desc

diff --git a/regression/cbmc-java/lvt-groovy/DetectSplitPackagesTask.class b/regression/cbmc-java/lvt-groovy/DetectSplitPackagesTask.class
new file mode 100644
index 0000000000000000000000000000000000000000..a5ed80f3654f442af969fc3c51362408f5626c6e
GIT binary patch
literal 10817
zcmcIq3t&{`l|E-?k~^79LNb#HxgZ!6N|;Fqj2JN>C4`5O5Rin#_!=jZn`B@z6J{nL
z)@rNuZGBX&LaY09X}5NZU`dd*vThfveb~pg`+jt7?b_XS*WK;9s|fp@|K6L-kV%TR
z73cr&{r~fy|D5xmbN+MA&8w%M{~8gk;HQ{YrqY9rnUQonIXIAx4jX$@>0OO|qwz$4
z<6t`4pD-HN8(AZk?HozOv)iJvUC}`!(-qC^(ukSn$Z88NIuZx$Ky);bHRqj7HG}C?
zYR|sLL^L_rxJf;4?b``-8Wl0s7C^l%F*+DeE;ZLNRb0{1-4fZ@*1jRqxntwTwyT(Y
z?K`7;q9)4DtPsA6sc5MTy2-;-xviyjbIT?y*s!f-drQ~W?M$;TZ(F~9Lq}wN+x88u
z80n2{+rB|zD<4UxgrH1UsxuZ%GR-p4k7nbE#!e#(+)MIDR=1zU^fnX2sx^Q;@9fDe
zM3rf5OOA{Rs)~h~Y&08>wI-sOOj~jw#S~O4VyS*(C_0*fFqOd4#y|p8#Z$?~30SPx
zA`xKN(#phFGnEV**{GTZhwZtd-eON+P4Vh@GM-(-<g8oL?WG#hJ>;S}5Y)m!BikBH
zBs$|+qa~e=?qdqqExD#JL8HlReAsA=0X_rxMtk8ZFP%s8JmjGHPAC;g1I=g<Ax+_G
zIwTrhz%*BI=PJo2BMaG%80jo1`$%2RxtmI~$~qaPUDlA77Sf_px{yACqf`hdk$9=j
zoLj<Frj*D&WsO2i%V#3FGnS5zWY_J3E#RnH`lBORBdt*blP4C<WV=#b`$i0=OA1h#
zL$^At!elqnG7l}K<z6bMStStXMNED<p-!bS6DP`~*Daamu)TCKHOWz2;-zYuEm$sP
z@^%~P_&_`c#Y-jK1eGX)u8fYj=`v{K*~X;NN1;s_Bb$2?lgF_ATo}wFFBi|M99dYl
zD>~Ui>x6fxb(855GPNU?tEtV1<Ef3t(y2_QHoG@fn@ZOXr_x4kX0*??-KB2Yz*O3A
zWYj4sHa9W3vP1C<Q?pX&598w?Du4e}_s6uLu$hbBYf)AUtEi%Y9KaT)r86m(tx|1C
zDAYhSW~|g`D-O9oo{9D)jD8${vOk*c&rtvv^3`6tlD2zj8+D4oIl#Rrd+TUAZ6veU
zvTph_C}=g^)FV~{{~G8|74XY&7f`!NquCN20gqSHHKK0U3Jq}gE}_9o5!1?UU|Kg5
z=UG_H5SUBAg-_fZ80$($lbL~3dRQr}MtxA>zEmn<M3Xy`eW@EkVgV%-k@S<{p%@J?
zUDP#X)DEN)iPT<Tx0J}zsk+RP+M(zkqqfg5lC|df8vV^4Hw^(bOk?84+HMROkY~)$
zXy-J$Dvz4*&@LJlA-I^jh35~WZ3`m>bS)A~q%xyvW4T5nOlt}-o?}v$56nCI2_9CN
z-aqZ3-2|&xc}}Pb>Pm!0MOXF+!??!h3&S}<z$O(pY`8IIjEKk42;SQXN5)iTt5Ckj
z{utdX0{pn;v0GEgOg23l%cjy^y4Bq46R^ZdPt`S)PVE)z(C9X}a^)iI*d#wduq1+;
zbJ)ma5WAdxQ%;J9Y1s$8`ZT&b&x4w~X>>2{=2+T@W(}AL)55xIrXJE%W4fO{Ene^e
z5o<Bn7>Flf_31&Q--<9YUV7LxxX%cT27wMoM{LH|?X$qV^q2|tS%Gp(Qz8vwqmp=L
zYdSs%U*o0Enf~MRkc~MC1A59F`z=`eq_o8|4a#NrI{@7iO^g~_VPVyEZMn)}0l_Ey
z9{s+DewUt>ElcG{Q^O<Cw9yXvcfs757N48uft)YU7eyj}D5$(l?szgglLu(?(wFIv
z!~=XqR+LFoF3l`yDr~0IrGI%eGlcL?qp!+br8GWi{L)lO6PTpEBbD8-do&8y_Qxhg
zF9<-jG_#qm`V|bmkgK&#KCIE7FeT1OTGN>P2OBmW#GiWTCHlJXRwIor%^YdwN^_nx
z^Q2MX-ud!WE6oCFE|BIzX%<SeC@;=}Eok)TOy$FQN{wT&FZ&4<##!5UJCrtQ>p#NY
zIDT#T!5<fmq<2Q}u6n!|kL()E$bk8<Qz$?b*z@6!r;v5or*n};|Ky?9DI?n~mZnac
zB}_X${DxCa-rjD7M*n=yrlT&UpL^&{`j_7jITvg6ZytK<H-^7SqyO;G+j3EPMJTqD
zlME#%3XufOe2u3XH^vi2!2navB?v^yrCER){SVU>=Vn`zuF$$pavh&FBsbOn%B}c+
zvKz9At-qQU*bLj}e~Ct?JoLT@+?UG-m{y6%8K`|UBT0xC*_WgejG(a6yoI)<cBXpL
z(GjFlOr0|`ZKo(g{&e}<UK3ZQ(L%b)%PuaGJ#lZ%vMxLOL^M`cP`${dL7Jt~G)l8f
zn&rQCS*_H#!o!s!t6%deT&l6(!&UTkaZpx<g5ah<4!M@+D<UFt3u0R|i@;LLpuDhN
z088ZjL|LKSZb`wV7=ZXDFE}!f!OQ0{a_jqeK0K+U@i|#QsK7Z+n;3E}FOc)Oz)L>z
zBQN2FOmzj%xIpDWWB5_8O{!V9xGZ=38I`60LMTifFY)kV7P|!E3BJ5sj}#UY$gJ~X
z@d*fx8?gon>cj}@Q2FW3#0+9yz{Zn%Qo9Tc4yF3f3Vf|3)I7S}sI-8IBhwM8eu>lg
zAQ-)T5jU0cGQI@b0x960D^%^UGv%pNp2dyji*n$mU+U#cd6n$F8d|tIh9pcCiFm1-
zKkB72DiI}V@sihkLT+AZQkYjQ%TEf$9Rm($W8c_zRn2E<i(PP02UEUK^2MC$)4UwY
zQ2}f0Obujn1N7>Jrax=VT^4}@sm_bAZKiSdr8!jsHzOC<thmC>Tit{j8e-oK!z0;!
zZbq5VWkh2`Ztj8;TfHzgnT9M}<K}KRJ?y5(up*mM#WJ^);EHz{`@prEuf=o1NDgMP
z{(8hD!|~*3#?8oqT_Xv3LKa&D0k#0P-%THb8%U!_7f-e%5^f#@Skkx=a|mBFx$xBR
zE<h#XnXGaaZXSlKiT3xq8D+z&LZU$Z1Wu%&RZmxWQ>?5KKOFY*W^NZHN2V73;7Byy
zb5?+2dWGEFXX0c~hvXYQyqEWR5zbv9x(1QVoxEwM9KXgN_wX(BaWC&?<ggC@guFr|
zMNuhTdii#`y95Y7#WZimM4IXRNWl_^ebt7M(ne+s{ZQwP%n+*0Jbm%Z(@oH3g?vf`
zFx|w;=_XM7D^tmIG@0#|ybbEq86QkWvnVK_#I)U1itczOj$FDWnM_Hk5o!-@Y(<q*
zQt1>-v^$!POSau54Q!)5o-{f}hx?4QHByEmRcsgHd+U9xeU&M5$N1_T!?tw598m!6
zQ1Kb6>QYzln2J#}G^grdc^oSMwEawhjn}9`ee1a+oMs~-YvWmNt>AVhr*=3rRT6SX
zh4RRON0~t$O!ZT?ot8#H?&(a8relV95!{At$)u51rfFno0jhT{g6|?X&B3n(wfhI*
z3>;L7cldrh&ym|ejiE9P!+S_QSMbB=i?Oy6xwS{a3iS6#*%SS3Qh%0lv2MUs0uEmu
zfc-OgdkA|Lqwfoj(cE!5zdhuu4TpRS!og#-*g?lAh`MRLuYR1uC#XIc`6{ib?+G5I
zl^qT8(%jJFTixu^T|P(9x8?+`9jEoWtH-yoxkxXPvCFNoqMm25i-R9Q>jecax{lfi
z^zfq?k;>(zw1KwJM$Bynbq+<{Dbf^mcM4^^<uG*|An!PJ9iZZa6bSit2${VO>S)-~
z&~uO~bQ+`Ugq$rPBILV1Tz`zB4jQMy1EjeQlFPZDR{P?|Y1h?}F-i)N0854IkJIkn
zU{Eg_qwF!->m-cc81~(y7agTrj?pKbbb@YwQ8;ia4r<l6l{-uhK;f<QDY^qZTty9Z
zC*6fooNzS<GsWO$F@7tk9sjn_HPnHk-<A9r=I2xK`xMaVo}$V#5Q<YH2VOL~54DfA
zylUc9+X3s40<S5R;wPX3b3w{;A{FNgbl*5VXtT7XzK1*V<x~^$J!HvAMAHG$SfYAF
z1keE)aC33~8a?ED)Lx_MT63|kVNs>X_wi=8?#6%{GI|24vOlaBD=Dj{xkN9)#DTD0
zqI9R(qkDSB>B;?6Gfuy~pL}`y@cquF(m-iXpmd!6Amlq3);%sfsUsMtFYV`e$oEWG
z&E||BYVroWJpm{J);v39O?Ak37~88=3X?6H<}$quv>lO2S)4yvu9su-xv=kO$TtR_
z^fGn!PzI#{&9n4bm>-v!a(kw^La)H!v9LZ%udo&8dAv<ky9FWN@o>W=QiWukzP5it
zF#+)+ASRG2*gS}NA>RogKTa<}S?l$3y=;vB%-lBM?QN<I`A&u-iZLjC?>IqFJ%P%e
zgQtHKDD7?Xg?ulcH4Vx8Fn#+$zSh~~5BPfmekIgzOcCnpfZugPQ&pg<Cs3t8UYP>o
z4*6ac(F%%u(FXJYr1VXhl*Rdz)p|81zoq2<ZIN!kmaZxH+4^kEe@AAj?V08py#|A?
zh4tBbjV<@@;;o?EzXz#KAXP~6qzbuz9}pAB6>J^^<o*L7x8+`~2PWlS)!U@IZs=`-
zV04J`CjozN(;OLqFy~<4P(6tD{ZRSOA0DC?Cw$0J_-S$;wtPsH^C|d{yI|)v&I9x#
zcoQeJI|t}5@Kj8XIp@(|;;96++%ozrJbCCO!mPihzrpSBE-$0M#gmtpW909ErHni1
z1^RnDm2;Awq<_GQSrV4fKjNvvv6Z{kTE8RB7pS#WjxSnk1CEo{+G@ue*4o*Q_pG%w
z%Cp@|7r=ve;~wdu)%dl;^X<m(R(Po=;HSO-@BTVn&$B7QE9eHk5?_vXQ;hGVeyktB
zZ&3ALM*kYV^}J1SM>}2TNYM3;2PxushHh}YLVb=mDdsp${Z20p;5VrHMd&xtkTXtk
z=hOHS15XOP=bxs<%6aZ8suE}FvYjdZIs*Rmv|Novfit*2wfq@1eTG`8w7@tf)%+=V
z^i%i@e1^V6mD9p8YlQ7&N407#*Q)=|I|El=Hp4QacWM5+<Tyh`R5dLeG)Mi%M5pkP
zUTD#OIq>u}Rmk0A-Z(-szG7I7>aD%7*%_*sQ8*%QoPkESoAC&L7Fvw&9@ZUxAMi?2
zb6MfrD&+fdIQSf`I8LvNQyZh7nD#uK*;E5L(JI?)XfaIWE^H+iZaFq`Q5FHuD85zP
zqApnk8)pEXN8sbYfzLM<fnPzeB?LyNBk-rV<=(*WXBMGvg3vMgSIdpPrQZJCdVAYs
z;y=%YiO2*Kn_=<!Oi0vrJ8j4JD~S{o6Onu-o`4VdFZyqj3CBG621JJ37qoA?j*$J-
z>_U8FM?7E>mv^!67h&H!x(mMP1ihoeoD;P67`^MFX59BZ0C+E~YscyRUZ2C~7^BmE
zrg3(jKygeSG{v8vOT@2niG&2x-}2O^yIDEZ`FgRRJz?FgVgo1cf;>N~rc1*OimLia
zsw5ygNE`F8cxT2^Rv3%yUyiH9&$EO*t~A+WUm^C6bCsIbiyCy-7zfNVos0svLva{&
zg=(CgC=lam7Wz`|hUdErswmI1xdt(9H8Oe~V?`LN#*_R#LMv*CbKs9P+Dkv@x$Gvl
zQsem;Sws&Y7JiU!qDSD3ABA^+gq`##&!@+gMl_K742-Nqqk4_r(P*vhdSJ>DLTU_c
zxNt4cb4X(u=Kczo{8@?>`mX~CVoQsINBMl8<7sjS$N9oThj~$Z=w+HEqvIUvZ9l?`
zLPvS&A%L>l8?=|7BEQCqE0|FuwD2_o8{7rWhB-I)o+Q_yo?tIB1!M^_GPxd^N}I;Z
zuy{F#t;IfznBrgv@FHV;B}7ebg*C53nj+&ekack|RDX<Dx=2t8*rnWTfz<#=c=DQH
z$M`a*2?f!vnMisTfKGu5_<8N-;1OOI?7>re=m@V5sXRqE-M||y2O$}gFjgdfO6_UM
z^8mm$@#Pj+9t$fJ3l`kxkbI$_W73F=&?)HH2>NRM+|e2IE%5U;bUXZfCA#bV+=(vb
z=N;&7^m7lohx~jMx<~!oi|z?OUxRMHpRYrAz|RqM2mKsH_l%!o=$<v-4*S`_+Yz&S
z&O|om=K&0ko82)#58>^3bKB$Q;EQH=!X)CPpLYV}WwZN+iTV|@d(}k!O|$!!xx=^3
z<=-*8*UTNhYwqwpbMX6S_XBf>ADi7z&F&39C$Qho%<dN^&iDMB><q$xD0cl^>gN%8
z_ge2|)_b|a0Sgy+Q<FSWsj^f=A{RN$YCmUQAe{d=j~?f}u=L;<-(;$kNB)q`f^RjC
zi|P*Z%_pf6?NPq<1Qu+5nSA5?$<4?4mR>Bq?Fio-e2(v!)N|NL)hR01crP^M^VrgX
zKNNTp{S`3(-OzwLLC8z!??V4N`n%D;iT)n+Z=t^z{oCm8L;pVd`$1AA`cI>;LjM5q
F{{wPZNqqnS

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/lvt-groovy/test.desc b/regression/cbmc-java/lvt-groovy/test.desc
new file mode 100644
index 00000000000..050fcd09c7e
--- /dev/null
+++ b/regression/cbmc-java/lvt-groovy/test.desc
@@ -0,0 +1,7 @@
+CORE
+DetectSplitPackagesTask.class
+--show-symbol-table
+^EXIT=0$
+^SIGNAL=0$
+--
+--
diff --git a/regression/cbmc-java/lvt-unexpected/test.desc b/regression/cbmc-java/lvt-unexpected/test.desc
index a7efd74bb7e..7164d59e21f 100644
--- a/regression/cbmc-java/lvt-unexpected/test.desc
+++ b/regression/cbmc-java/lvt-unexpected/test.desc
@@ -1,4 +1,4 @@
-KNOWNBUG
+CORE
 unexpected.class
 --verbosity 10 --show-symbol-table
 ^EXIT=0$

From 0e4176d2383d77459df5731c1abb7e471769c383 Mon Sep 17 00:00:00 2001
From: Peter Schrammel <peter.schrammel@diffblue.com>
Date: Fri, 30 Jun 2017 17:06:26 +0100
Subject: [PATCH 366/699] Fix modes in java entry point code

---
 src/java_bytecode/java_entry_point.cpp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/java_bytecode/java_entry_point.cpp b/src/java_bytecode/java_entry_point.cpp
index bb7e488c8a5..6f6ebd5f149 100644
--- a/src/java_bytecode/java_entry_point.cpp
+++ b/src/java_bytecode/java_entry_point.cpp
@@ -522,7 +522,7 @@ bool java_entry_point(
   if(to_code_type(symbol.type).return_type()!=empty_typet())
   {
     auxiliary_symbolt return_symbol;
-    return_symbol.mode=ID_C;
+    return_symbol.mode=ID_java;
     return_symbol.is_static_lifetime=false;
     return_symbol.name=JAVA_ENTRY_POINT_RETURN_SYMBOL;
     return_symbol.base_name="return";
@@ -536,7 +536,7 @@ bool java_entry_point(
   {
     // add the exceptional return value
     auxiliary_symbolt exc_symbol;
-    exc_symbol.mode=ID_C;
+    exc_symbol.mode=ID_java;
     exc_symbol.is_static_lifetime=true;
     exc_symbol.name=id2string(symbol.name)+EXC_SUFFIX;
     exc_symbol.base_name=id2string(symbol.name)+EXC_SUFFIX;

From 5409f56310502de3edc64158830f8e0811857a55 Mon Sep 17 00:00:00 2001
From: Peter Schrammel <peter.schrammel@diffblue.com>
Date: Fri, 30 Jun 2017 17:52:05 +0100
Subject: [PATCH 367/699] Add missing header guard endif comment

---
 src/java_bytecode/java_entry_point.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/java_bytecode/java_entry_point.h b/src/java_bytecode/java_entry_point.h
index c05a78b0689..9437ba65d70 100644
--- a/src/java_bytecode/java_entry_point.h
+++ b/src/java_bytecode/java_entry_point.h
@@ -34,4 +34,4 @@ main_function_resultt get_main_symbol(
   message_handlert &,
   bool allow_no_body=false);
 
-#endif
+#endif // CPROVER_JAVA_BYTECODE_JAVA_ENTRY_POINT_H

From af4edae930b42916e0ba70eb47a98af9aca70577 Mon Sep 17 00:00:00 2001
From: Kurt Degiorgio <degiorgiokurt@outlook.com>
Date: Tue, 27 Jun 2017 14:30:20 +0100
Subject: [PATCH 368/699] Fixing inheritance issue for java programs.

CBMC was incorrectly stubbing inherited methods. This leads to such methods
being treated as non-det. The fix simply prevents CBMC from stubbing methods
that are inherited.
---
 regression/Makefile                           |   1 +
 regression/cbmc-java-inheritance/Makefile     |  38 ++++++++++++++
 .../inheritance01/A.class                     | Bin 0 -> 235 bytes
 .../inheritance01/B.class                     | Bin 0 -> 164 bytes
 .../inheritance01/test.class                  | Bin 0 -> 556 bytes
 .../inheritance01/test.desc                   |   5 ++
 .../inheritance01/test.java                   |  20 ++++++++
 .../inheritance02/A.class                     | Bin 0 -> 235 bytes
 .../inheritance02/B.class                     | Bin 0 -> 510 bytes
 .../inheritance02/test.class                  | Bin 0 -> 283 bytes
 .../inheritance02/test.desc                   |   5 ++
 .../inheritance02/test.java                   |  24 +++++++++
 .../inheritance03/A.class                     | Bin 0 -> 164 bytes
 .../inheritance03/B.class                     | Bin 0 -> 164 bytes
 .../inheritance03/Z.class                     | Bin 0 -> 235 bytes
 .../inheritance03/test.class                  | Bin 0 -> 556 bytes
 .../inheritance03/test.desc                   |   5 ++
 .../inheritance03/test.java                   |  24 +++++++++
 .../inheritance04/A.class                     | Bin 0 -> 235 bytes
 .../inheritance04/B.class                     | Bin 0 -> 220 bytes
 .../inheritance04/Z.class                     | Bin 0 -> 164 bytes
 .../inheritance04/test.class                  | Bin 0 -> 552 bytes
 .../inheritance04/test.desc                   |   5 ++
 .../inheritance04/test.java                   |  28 ++++++++++
 .../inheritance05/A.class                     | Bin 0 -> 108 bytes
 .../inheritance05/B.class                     | Bin 0 -> 244 bytes
 .../inheritance05/test.class                  | Bin 0 -> 556 bytes
 .../inheritance05/test.desc                   |   5 ++
 .../inheritance05/test.java                   |  21 ++++++++
 .../inheritance06/A.java                      |  10 ++++
 .../inheritance06/B.java                      |   9 ++++
 .../inheritance06/temp/A.class                | Bin 0 -> 241 bytes
 .../inheritance06/temp/B.class                | Bin 0 -> 246 bytes
 .../inheritance06/test.class                  | Bin 0 -> 557 bytes
 .../inheritance06/test.desc                   |   5 ++
 .../inheritance06/test.java                   |  11 ++++
 .../java_bytecode_convert_method.cpp          |  48 ++++++++++++++++--
 .../java_bytecode_convert_method_class.h      |   4 ++
 src/java_bytecode/java_utils.cpp              |   6 +++
 src/java_bytecode/java_utils.h                |   2 +
 src/util/string_utils.cpp                     |  11 ++++
 src/util/string_utils.h                       |   4 ++
 42 files changed, 287 insertions(+), 4 deletions(-)
 create mode 100644 regression/cbmc-java-inheritance/Makefile
 create mode 100644 regression/cbmc-java-inheritance/inheritance01/A.class
 create mode 100644 regression/cbmc-java-inheritance/inheritance01/B.class
 create mode 100644 regression/cbmc-java-inheritance/inheritance01/test.class
 create mode 100644 regression/cbmc-java-inheritance/inheritance01/test.desc
 create mode 100644 regression/cbmc-java-inheritance/inheritance01/test.java
 create mode 100644 regression/cbmc-java-inheritance/inheritance02/A.class
 create mode 100644 regression/cbmc-java-inheritance/inheritance02/B.class
 create mode 100644 regression/cbmc-java-inheritance/inheritance02/test.class
 create mode 100644 regression/cbmc-java-inheritance/inheritance02/test.desc
 create mode 100644 regression/cbmc-java-inheritance/inheritance02/test.java
 create mode 100644 regression/cbmc-java-inheritance/inheritance03/A.class
 create mode 100644 regression/cbmc-java-inheritance/inheritance03/B.class
 create mode 100644 regression/cbmc-java-inheritance/inheritance03/Z.class
 create mode 100644 regression/cbmc-java-inheritance/inheritance03/test.class
 create mode 100644 regression/cbmc-java-inheritance/inheritance03/test.desc
 create mode 100644 regression/cbmc-java-inheritance/inheritance03/test.java
 create mode 100644 regression/cbmc-java-inheritance/inheritance04/A.class
 create mode 100644 regression/cbmc-java-inheritance/inheritance04/B.class
 create mode 100644 regression/cbmc-java-inheritance/inheritance04/Z.class
 create mode 100644 regression/cbmc-java-inheritance/inheritance04/test.class
 create mode 100644 regression/cbmc-java-inheritance/inheritance04/test.desc
 create mode 100644 regression/cbmc-java-inheritance/inheritance04/test.java
 create mode 100644 regression/cbmc-java-inheritance/inheritance05/A.class
 create mode 100644 regression/cbmc-java-inheritance/inheritance05/B.class
 create mode 100644 regression/cbmc-java-inheritance/inheritance05/test.class
 create mode 100644 regression/cbmc-java-inheritance/inheritance05/test.desc
 create mode 100644 regression/cbmc-java-inheritance/inheritance05/test.java
 create mode 100644 regression/cbmc-java-inheritance/inheritance06/A.java
 create mode 100644 regression/cbmc-java-inheritance/inheritance06/B.java
 create mode 100644 regression/cbmc-java-inheritance/inheritance06/temp/A.class
 create mode 100644 regression/cbmc-java-inheritance/inheritance06/temp/B.class
 create mode 100644 regression/cbmc-java-inheritance/inheritance06/test.class
 create mode 100644 regression/cbmc-java-inheritance/inheritance06/test.desc
 create mode 100644 regression/cbmc-java-inheritance/inheritance06/test.java

diff --git a/regression/Makefile b/regression/Makefile
index b2f31798489..cec34c0b37f 100644
--- a/regression/Makefile
+++ b/regression/Makefile
@@ -3,6 +3,7 @@ DIRS = ansi-c \
        cbmc \
        cpp \
        cbmc-java \
+       cbmc-java-inheritance \
        goto-analyzer \
        goto-instrument \
        goto-instrument-typedef \
diff --git a/regression/cbmc-java-inheritance/Makefile b/regression/cbmc-java-inheritance/Makefile
new file mode 100644
index 00000000000..dcdf752aea1
--- /dev/null
+++ b/regression/cbmc-java-inheritance/Makefile
@@ -0,0 +1,38 @@
+default: tests.log
+
+test:
+	@if ! ../test.pl -c ../../../src/cbmc/cbmc ; then \
+		../failed-tests-printer.pl ; \
+		exit 1 ; \
+	fi
+
+tests.log: ../test.pl
+	@if ! ../test.pl -c ../../../src/cbmc/cbmc ; then \
+		../failed-tests-printer.pl ; \
+		exit 1 ; \
+	fi
+
+show:
+	@for dir in *; do \
+		if [ -d "$$dir" ]; then \
+			vim -o "$$dir/*.java" "$$dir/*.out"; \
+		fi; \
+	done;
+
+clean:
+	find -name '*.out' -execdir $(RM) '{}' \;
+	find -name '*.gb' -execdir $(RM) '{}' \;
+	$(RM) tests.log
+
+%.class: %.java ../../src/org.cprover.jar
+	javac -g -cp ../../src/org.cprover.jar:. $<
+
+nondet_java_files := $(shell find . -name "Nondet*.java")
+nondet_class_files := $(patsubst %.java, %.class, $(nondet_java_files))
+
+.PHONY: nondet-class-files
+nondet-class-files: $(nondet_class_files)
+
+.PHONY: clean-nondet-class-files
+clean-nondet-class-files:
+	-rm $(nondet_class_files)
diff --git a/regression/cbmc-java-inheritance/inheritance01/A.class b/regression/cbmc-java-inheritance/inheritance01/A.class
new file mode 100644
index 0000000000000000000000000000000000000000..90633af3927fe5db65bdcf4e91e7e18cfe3a92b2
GIT binary patch
literal 235
zcmZ9Fy9xq93`KAD;kxU)SFltIwXhLH5J6ZFEfo9Nb&wIA1s(k=8!N%W5AdVJjHQ9(
zCO3!V{dv9s3{Z*Sq8OkQpiIb(lvZX;a9iyS!JB4VNvO<~mW#_Vk*Bpt4(#|Qi?#V-
zF(F!Ims2Wd%C15q&!)Q<S5brqpFk5r)y}<x(7WC;*~`?R35Orsa5xzRf9I~jO00h8
i0lITT2)O2crd{O`a<yok)uLXlKfL{s_FTlCgTfcs2O>lO

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java-inheritance/inheritance01/B.class b/regression/cbmc-java-inheritance/inheritance01/B.class
new file mode 100644
index 0000000000000000000000000000000000000000..1ba2667c1e32dd86876dc4e3d16e795d430af2ad
GIT binary patch
literal 164
zcmX^0Z`VEs1_l!bUM>b^1}=66ZgvJ9Mg}&U%)HDJJ4Oa(4b3n{1{UZ1lvG9rexJ;|
zRKL>Pq|~C2#H1Xc2v=}^X;E^jTPBFZS&~{@qL-CemdL}v!obSNz~}_TjtmM6OhB_i
ofDwp+GC-OQ$dU!pAQ4ur?F@_?!P4wNk_{}#2_!jyJSGNC06x|jQUCw|

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java-inheritance/inheritance01/test.class b/regression/cbmc-java-inheritance/inheritance01/test.class
new file mode 100644
index 0000000000000000000000000000000000000000..c8b094f59ada586e5cb53ede0ef669d9e535fd4d
GIT binary patch
literal 556
zcmYL_%S+=>6vn@krcD}CwLa@Oj;{(nKwY>IM10H)2s$nt1l^_SMN?}cN$MZt#-(c&
z6clvt-z4I9gSLy@bMAS3-!J#=<LL#!3T7NQ7`9MxU|_fi8zVaVVPVukL3e&S7{f0M
z<AVOGmn14qgD6aX2Z>i}s=7dq1%<UB4AON$Zg%caU~WfsCFt1=LiMk8UQ_XZJuJxk
zr^-JQlnzqQKil&zvO4Vr_L|@P5^)ZqR_v?4fnF)5DoGa`-lgZFgl_t6x#)uHVgi$b
zita2mz3^md^Be9@97i!J^rnR=7t^Q;dOMT*wTALj;-t||$VloP;&ukMoBUJ3P+cWK
ztm<uLVy7)OxNuB=n~w)bZ$$$!%kd*4sKsoIQ5f^{kC0m?WZ+rIiX~>{_UJy}++bz$
z8OG5ga=UjhuQ0gqfP8s*^%`BzD6nq5Y8fMw>CW8BWauMFKTj~1cT8Bk*%)YxuVjX_
f>$4wFyn<!kz|7sl?1+6cX^}h(cSDm8W?n;|W)xtk

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java-inheritance/inheritance01/test.desc b/regression/cbmc-java-inheritance/inheritance01/test.desc
new file mode 100644
index 00000000000..61ed56c4b41
--- /dev/null
+++ b/regression/cbmc-java-inheritance/inheritance01/test.desc
@@ -0,0 +1,5 @@
+CORE
+test.class
+--function test.check
+^EXIT=0$
+^SIGNAL=0$
diff --git a/regression/cbmc-java-inheritance/inheritance01/test.java b/regression/cbmc-java-inheritance/inheritance01/test.java
new file mode 100644
index 00000000000..4038d8419f6
--- /dev/null
+++ b/regression/cbmc-java-inheritance/inheritance01/test.java
@@ -0,0 +1,20 @@
+class A
+{
+  public int toInt()
+  {
+    return 12345;
+  }
+}
+
+class B extends A
+{
+}
+
+class test
+{
+  void check()
+  {
+    B b=new B();
+    assert(b.toInt()==12345);
+  }
+}
diff --git a/regression/cbmc-java-inheritance/inheritance02/A.class b/regression/cbmc-java-inheritance/inheritance02/A.class
new file mode 100644
index 0000000000000000000000000000000000000000..20d9f12ec40d85d487c7be3670d7766f9a058101
GIT binary patch
literal 235
zcmZ9Gy$S*`5QJy%$MeqrUcpi=)WSv(K?LDIv{3AGXOM{IK%-A(V<lMl06vtsu{4mK
z+1Zb5-k;|SzyOs9E{Xw40m_8jNNHup1h>`R5WH!&m4wP%X}P!@6M0&T<iLq<vRIoR
z789aXb~&YTrtBy*@@%?$aTP^)@Ch^_RBhio2)*kqlf6t0ns9irJq}+6!Q0t2Sc%o|
jJV19ggn(=A7xIsgN66lybykadwf^w-N80Bi&KwlJ*q|au

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java-inheritance/inheritance02/B.class b/regression/cbmc-java-inheritance/inheritance02/B.class
new file mode 100644
index 0000000000000000000000000000000000000000..cd5a6778035ac69e74535ee5906f461b9b46977e
GIT binary patch
literal 510
zcmYLFO-sW-5Pg%RO%tR2uJNN<!Grdo9(oZ<u~r2^y(ogc#bl9aOe9GK|4J_&J*&`y
zg5Ld6;v{H2?9AJleQ)2)*Z128fEHGC<WSL&MOEieQ!%SUK}ChBV-E8w76|24D~d!I
zyMZ6=xsi4035P&^LbmPtZrmZrYwPC(r58AYkUw&LaWc5Q6yaI&n4m?%4t&Q79|+T@
zv1Q*JTX(;`T-)}3RrJ$f5ZdCvO*yfM;*D$T-ZC%+!+-|ez#{4dGpTNRmVdR`{d2Y-
zhC#@#c2z7HSVn_!myn5rLqARp9<sB4V$b8D2sKAUZYZ3I4!es7+~A4&Xz)&QyeKM|
z$@h$8KI{fO2ctS?;+$!YLC*{bGaR#NQRA4OJncYAt8*`qhNw12kc(T}kC=Lgaxq5c
zGoec<UFQteH~CgzB!f)0QJiSCQYD~R%8sB8p(;;M<X1@l8h;iNeg=}UlNc?fUzC3U
Dnv7O^

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java-inheritance/inheritance02/test.class b/regression/cbmc-java-inheritance/inheritance02/test.class
new file mode 100644
index 0000000000000000000000000000000000000000..09d573eb9714afb5f542a04c82db9ad9200f70b2
GIT binary patch
literal 283
zcmYLD%T5A85Uk#(EX(px^hDy(M}&(<<3STnL=GAgj<drA7jZXP77{<p3nZHO0e%#*
z#sf~$-8EHR-Tkxs{04B1qX+?#5X}e<5}R5f+95iE;3mtn>Q>;Moj(h_`(kPY%~6({
zht*qZ$|sdB$oTrj=vP7XSgcBIhM6U6m04E(xmv3jAr1s`7vs<Z&nkkJ)dmZd&j#ak
zZZxUd(&!?es`4GD@OhVg4ub<gnW)Dqtp3Fo@<G70%)uYoCaUjSuV}UA#uuE)7VhYB
W1MlCGz@^w_`!Qmia6rtzgT^oTA}Z+s

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java-inheritance/inheritance02/test.desc b/regression/cbmc-java-inheritance/inheritance02/test.desc
new file mode 100644
index 00000000000..61ed56c4b41
--- /dev/null
+++ b/regression/cbmc-java-inheritance/inheritance02/test.desc
@@ -0,0 +1,5 @@
+CORE
+test.class
+--function test.check
+^EXIT=0$
+^SIGNAL=0$
diff --git a/regression/cbmc-java-inheritance/inheritance02/test.java b/regression/cbmc-java-inheritance/inheritance02/test.java
new file mode 100644
index 00000000000..1aae7f2ef63
--- /dev/null
+++ b/regression/cbmc-java-inheritance/inheritance02/test.java
@@ -0,0 +1,24 @@
+class A
+{
+  protected int toInt()
+  {
+    return 12345;
+  }
+}
+
+class B extends A
+{
+  public void secondary()
+  {
+    assert(toInt()==12345);
+  }
+}
+
+class test
+{
+  void check()
+  {
+    B b=new B();
+    b.secondary();
+  }
+}
diff --git a/regression/cbmc-java-inheritance/inheritance03/A.class b/regression/cbmc-java-inheritance/inheritance03/A.class
new file mode 100644
index 0000000000000000000000000000000000000000..1df27f96de776532ba8949f81d0e6025056e43e5
GIT binary patch
literal 164
zcmX^0Z`VEs1_l!bUM>b^1}=66ZgvJ9Mg}&U%)HDJJ4Oa(4b3n{1{UZ1lvG9rexJ;|
zRKL>Pq|~C2#H1Xc2v=}^X;E^jTPBFZS&~{@qL-CemdL}v!obSNz~~6XQ49(UOhB_i
ofDwp+GC-OQ$dU!pAQ4ur?F@_?!P4wNk_{}#2_!jyJSGNC07U{AY5)KL

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java-inheritance/inheritance03/B.class b/regression/cbmc-java-inheritance/inheritance03/B.class
new file mode 100644
index 0000000000000000000000000000000000000000..0d68ec19ee05aeb746692db484997beb3fd3c19e
GIT binary patch
literal 164
zcmX^0Z`VEs1_l!bUM>b^1}=66ZgvJ9Mg}&U%)HDJJ4Oa(4b3n{1{UZ1lvG9rexJ;|
zRKL>Pq|~C2#H1Xc2v=}^X;E^jTPBFZS&~{@qL-CemdL}v!obSNz~}_TjtmM6OhB_i
ofDwp+GC-OQ$dU!pAQ4ur?F@_?!P4wNk_{}#3nV#!JSGNC06zj4RsaA1

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java-inheritance/inheritance03/Z.class b/regression/cbmc-java-inheritance/inheritance03/Z.class
new file mode 100644
index 0000000000000000000000000000000000000000..49b6e2839925132588e5408cc2ae2140c01952e2
GIT binary patch
literal 235
zcmZ9Fy$%6U5QWd|kG1Q+CsCq6p^=D2BH2VJh(dRF-N+U0CS0CMqmn2*fQJ%ul_r@v
zGiSccyg$zufB`BIToeP80+b24k<!YH32v*sCU}!<D+!gE(sF(|Ci1ir$$=f;WU)3s
zEG9(D>~c!wRM}N%<k@uh;wp;p;1g&=sM@)A5PH{JBzu_}G~w`L8xALf;P2cuSc%o|
jJV1AD2m#mJ&$O#NLar9Avs%=v^@q1V(w>Xhb5QsK<ZdEe

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java-inheritance/inheritance03/test.class b/regression/cbmc-java-inheritance/inheritance03/test.class
new file mode 100644
index 0000000000000000000000000000000000000000..dfa16d22feba0ec2ce365dd46c6581f650971067
GIT binary patch
literal 556
zcmYL_NlU{}6ot=C(<V(*wbl*}bru{zUAPfM)T&UZc2N;@m!=Pm#zd0TAJdIX*D5F|
z=-%HX;(bBeMczBy;hZn;>*wtQzy=l!7$|8d8&FV6L&vC8V;aT{q-1BpKn0T;rU?0Y
zD-1;tIldR}JE7HbMVmn9gw&SfIng#DvAA?fP^*4h5C-dxCyqNeEfJi^VM5Zr6!tYC
z+l(yx`pCMC>l{zew`}*%#Ay1Rz!ry&TuDbFj8?C#JIh2C1Dv;KA_LRJG-e28*;#Wf
z?_zEDAMPLs{D3LsriNJ)bC@R#^(PyxD`7{B6ZtidZ>Fv>ZhxTa@}CllZ4o+wX!o2M
zJL+(Q7tT3f=f?wRs4Rh4CHP}TuotTe-^6!v`4#lYf*JTs#l;+}TyM0&Z?14<<{iq}
zD-!i5s9h9RUXaYKZ{8#Gjuh9mPidpXHUn{5ff<TSQo=BIbkH}ZHRM^1^vpNnK#m*M
dUy$xXQy-uvo}u>5{+Xmn5{kJa$qR8-@fU4~V7veT

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java-inheritance/inheritance03/test.desc b/regression/cbmc-java-inheritance/inheritance03/test.desc
new file mode 100644
index 00000000000..61ed56c4b41
--- /dev/null
+++ b/regression/cbmc-java-inheritance/inheritance03/test.desc
@@ -0,0 +1,5 @@
+CORE
+test.class
+--function test.check
+^EXIT=0$
+^SIGNAL=0$
diff --git a/regression/cbmc-java-inheritance/inheritance03/test.java b/regression/cbmc-java-inheritance/inheritance03/test.java
new file mode 100644
index 00000000000..0d965134877
--- /dev/null
+++ b/regression/cbmc-java-inheritance/inheritance03/test.java
@@ -0,0 +1,24 @@
+class Z 
+{
+  public int toInt()
+  {
+    return 12345;
+  }
+}
+
+class A extends Z
+{
+}
+
+class B extends A
+{
+}
+
+class test
+{
+  void check()
+  {
+    B b=new B();
+    assert(b.toInt()==12345);
+  }
+}
diff --git a/regression/cbmc-java-inheritance/inheritance04/A.class b/regression/cbmc-java-inheritance/inheritance04/A.class
new file mode 100644
index 0000000000000000000000000000000000000000..90633af3927fe5db65bdcf4e91e7e18cfe3a92b2
GIT binary patch
literal 235
zcmZ9Fy9xq93`KAD;kxU)SFltIwXhLH5J6ZFEfo9Nb&wIA1s(k=8!N%W5AdVJjHQ9(
zCO3!V{dv9s3{Z*Sq8OkQpiIb(lvZX;a9iyS!JB4VNvO<~mW#_Vk*Bpt4(#|Qi?#V-
zF(F!Ims2Wd%C15q&!)Q<S5brqpFk5r)y}<x(7WC;*~`?R35Orsa5xzRf9I~jO00h8
i0lITT2)O2crd{O`a<yok)uLXlKfL{s_FTlCgTfcs2O>lO

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java-inheritance/inheritance04/B.class b/regression/cbmc-java-inheritance/inheritance04/B.class
new file mode 100644
index 0000000000000000000000000000000000000000..b8d4c0dafbcd6d9ac21ca40f17d87fd292332914
GIT binary patch
literal 220
zcmZ8ay9&ZU5S-1^#Kd5)VCSQ-vJ^oDAs{x2eWF*KXb$4Vud=ZcEc^gJO5987!p;mc
z1M~U5-T)>@LfD9W#6DUCZz>C^X9RmN+!LIoItoIvmW9|<mt2&)EI+g3YLyncuBC)<
ztE%!KR?<X)7FRt!Ww$JX1D8Mx{yBQEc*&f_&k1;rRhOBV-O&^DU_tO1z1j>I8!%|9
U9cEK?+WqAI*Niy{*|X660mRN6TL1t6

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java-inheritance/inheritance04/Z.class b/regression/cbmc-java-inheritance/inheritance04/Z.class
new file mode 100644
index 0000000000000000000000000000000000000000..74b27f055a54d42f639d4eaef64857e80f80e13d
GIT binary patch
literal 164
zcmX^0Z`VEs1_l!bUM>b^1}=66ZgvJ9Mg}&U%)HDJJ4Oa(4b3n{1{UZ1lvG9rexJ;|
zRKL>Pq|~C2#H1Xc2v=}^X;E^jTPBFZS&~{@qL-CemdL}v!obSNz!(L@P7DeROhB_i
ofDwp+GC-OQ$dU!pAQ4ur?F@_?!P4wNk_{{<2qZaxJSGNC07d{9a{vGU

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java-inheritance/inheritance04/test.class b/regression/cbmc-java-inheritance/inheritance04/test.class
new file mode 100644
index 0000000000000000000000000000000000000000..7f4c18b5fde76ef0793cb1017aaf1c7c62e000e4
GIT binary patch
literal 552
zcmYL_OH0F05QWbqX_LlO+p2x|Y_;GE?8c>tQWXk578OBvX?oFUO(aSEF>YMCR-pw8
zy7xDUI5%j!$eqJH&U~4#pZ5;{Td0~aQP5$TP*6z0KvAlaju{h4S(!C4hj|?fgvqKM
zh9Zbu-wXHM&~9}^n?RR@<hJX%(GEdfT{|aeb-yhL6GyHmPP%t35uC|pLc+Ng&MhI`
zjBMxj*uIbRyq;ieJDoohv*~vOM;y9xBo&D;+PtwJYzt|OTNs07VG(6QQD$o$+q<gm
z{ev9@fgdn|oYGOTu!LnoX4HAwx)DyqD3RarI5KgAQAZ8+4*w+~-xi@8i1yH#k)tjb
zc;FIczLd!qq)br)u~PYCKCl<7d5**}vEB#0uwVv$lW}sIRd(2V%J)_{QyD<H=tDhv
zh4zT)jUE!&m5C>e4Upu#{wZyg*k(N5R$_)3CYeQ!D+cHrWgU~OriSKQ@j_mgGkQop
aLf4+5sc+CmX8%mmBmu?RmE;mpLH-vJ%3w4A

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java-inheritance/inheritance04/test.desc b/regression/cbmc-java-inheritance/inheritance04/test.desc
new file mode 100644
index 00000000000..61ed56c4b41
--- /dev/null
+++ b/regression/cbmc-java-inheritance/inheritance04/test.desc
@@ -0,0 +1,5 @@
+CORE
+test.class
+--function test.check
+^EXIT=0$
+^SIGNAL=0$
diff --git a/regression/cbmc-java-inheritance/inheritance04/test.java b/regression/cbmc-java-inheritance/inheritance04/test.java
new file mode 100644
index 00000000000..783e0079c37
--- /dev/null
+++ b/regression/cbmc-java-inheritance/inheritance04/test.java
@@ -0,0 +1,28 @@
+class A
+{
+  public int toInt()
+  {
+    return 12345;
+  }
+}
+
+class B extends A
+{
+  public int toInt()
+  {
+    return 9999;
+  }
+}
+
+class Z extends B
+{
+}
+
+class test
+{
+  void check()
+  {
+    Z z=new Z();
+    assert(z.toInt()==9999);
+  }
+}
diff --git a/regression/cbmc-java-inheritance/inheritance05/A.class b/regression/cbmc-java-inheritance/inheritance05/A.class
new file mode 100644
index 0000000000000000000000000000000000000000..692fc625e183548af9178a69d2854e385835937b
GIT binary patch
literal 108
zcmX^0Z`VEs1_l!bPId-%b_Nbc2G){%&%6>w24)RSPeul=;QZ2}<W#rJoK!{z&XUyP
z61}X%vP4D(Mn^^l0T5F^CowNw-#;lUHMxY1fq{{M31}XWW&s+(zye}1umVXY1~vdj
CloV6|

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java-inheritance/inheritance05/B.class b/regression/cbmc-java-inheritance/inheritance05/B.class
new file mode 100644
index 0000000000000000000000000000000000000000..d1f3c3841a63ba3510461055bd20bc4a6c52992e
GIT binary patch
literal 244
zcmYk0K@Y(|5QX2gv|6R@ox~9b99$$KK_Y1)9Ef{c8>!GHZ2c-1Cy9d};75sBE)F~I
z&6{sB`+7f~0Q&H4=%|>ens7~c1Y?+_i5wC1W@|$zOtY;Zxbq|xi~Jag(>ja}oD^ji
zr1Fae1bda`r&!DqHL|2Q%g#Q$gbs=@2s9yhs_!1cbk|)*dlB<0jnRO{_xTKeM&rjg
pcP6_!E2*S?2i@2ZN?g_WS1s7=6<T9eX~FLeuB`v0V#=Ipa6Z@oBEJ9t

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java-inheritance/inheritance05/test.class b/regression/cbmc-java-inheritance/inheritance05/test.class
new file mode 100644
index 0000000000000000000000000000000000000000..549b549c5de5aae5ef855669732b960a4778ba05
GIT binary patch
literal 556
zcmYL_OHbQS5QWb;PV5+yLU@I?v`~V?Ljo3TDxnHUTPaf7EK(uC&T+1aNwAUa@MGAp
zWDQ6l6{+3#HzCBi7D*PqcXVdvoX_|F^Pj%}cCg~W!JLJP0|RqK*qGPVTMO?T6m;jk
zg9UuB@KG>T^^!!zX%L0U*C6rQJ=GD&v7oRUghBd6kXv0l6qvQBqXcgnL8yNA&)O>f
zrH2K1|3vv+!FVh6{O%9$JkuF3uy_65tBKQ!`mwLR2YRKLswCY!^)5UY<0vujz{MC`
z7mHXDRCH&n=Y_ww_6Km^;y8*)p*Jmja<Po6U}7}cY@aGWB~BXEL*AsW6L&OF>+w$o
zvmKQLvFZ$+iJkV@;KDKUZ9X0#6BP}_D#wqEpcktJ-oiV-{s6gQK?a_MOf0dQ9F8{m
z<_49eM;J#B$Te<ZUSekB9{I`b&sP|GM1i{XPum!oO({z&lVOS^(<rlJL!Pi`QL(8E
kICio?#+B`R6fa?!*D!N;Fh^zsCT)_3;qGbjnJjDe1!wVKtpET3

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java-inheritance/inheritance05/test.desc b/regression/cbmc-java-inheritance/inheritance05/test.desc
new file mode 100644
index 00000000000..61ed56c4b41
--- /dev/null
+++ b/regression/cbmc-java-inheritance/inheritance05/test.desc
@@ -0,0 +1,5 @@
+CORE
+test.class
+--function test.check
+^EXIT=0$
+^SIGNAL=0$
diff --git a/regression/cbmc-java-inheritance/inheritance05/test.java b/regression/cbmc-java-inheritance/inheritance05/test.java
new file mode 100644
index 00000000000..3d0c967b728
--- /dev/null
+++ b/regression/cbmc-java-inheritance/inheritance05/test.java
@@ -0,0 +1,21 @@
+interface A
+{
+  public int toInt();
+}
+
+class B implements A
+{
+  public int toInt()
+  {
+    return 12345;
+  }
+}
+
+class test
+{
+  void check()
+  {
+    B b=new B();
+    assert(b.toInt()==12345);
+  }
+}
diff --git a/regression/cbmc-java-inheritance/inheritance06/A.java b/regression/cbmc-java-inheritance/inheritance06/A.java
new file mode 100644
index 00000000000..d2f2e7b43dc
--- /dev/null
+++ b/regression/cbmc-java-inheritance/inheritance06/A.java
@@ -0,0 +1,10 @@
+package temp;
+
+class A
+{
+  int toint()
+  {
+    return 123456;
+  }
+}
+
diff --git a/regression/cbmc-java-inheritance/inheritance06/B.java b/regression/cbmc-java-inheritance/inheritance06/B.java
new file mode 100644
index 00000000000..4bd0f629038
--- /dev/null
+++ b/regression/cbmc-java-inheritance/inheritance06/B.java
@@ -0,0 +1,9 @@
+package temp;
+
+public class B extends A
+{
+  public int check()
+  {
+    return toint();
+  }
+}
diff --git a/regression/cbmc-java-inheritance/inheritance06/temp/A.class b/regression/cbmc-java-inheritance/inheritance06/temp/A.class
new file mode 100644
index 0000000000000000000000000000000000000000..8e5acf1693d27bf8b3dd691cd5dda5a2ac60b53f
GIT binary patch
literal 241
zcmYj~Jqp4=5QX0)G0_+`*ot7O7N)TjQ3OE{Efo7CF0vs%BCDseu@WpifXDD4;;fYm
zv-93JZ<yET@dPl0@4`aO1idE?>JAzNdn9wI#sst5+Yzi;u@{8KQs!cH&LVNzhEd9-
zqzaj<Uu;2eH^uoBi@DSzdpbzMOX#5lo1GHbF_;p34TChy55YQ0M6A$($@ld$xHt`h
p!>Y}lH0j?#Hx`64|9T8w0V;4=>u8Jnk2Z}f+y9`$uFA}S_XRONBcK2P

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java-inheritance/inheritance06/temp/B.class b/regression/cbmc-java-inheritance/inheritance06/temp/B.class
new file mode 100644
index 0000000000000000000000000000000000000000..a4d9cfb5fb22101c67dca5b16f49e9c800b8c07f
GIT binary patch
literal 246
zcmZ8by$-=(6g{`UeCl^M*f6jdMWPakL@dPK)|dFuR+`pRSu7+558$E1t;E1`&b{X+
z_dZ|u2Y>+@0tU(gIx04*HfjWGs3Mh)2ztA-CK!`=BMH^HisT{-eVMF0|G<hFY-O<j
z#AXDsjI$(=Q<Ynm+uM03&w&ZcK^=mnREEdC`yIyIPh%COXz^`>e*rYG2#e9?t;tNx
gX7>iV@IWXq<~F!OC_*s)Mz7G$e^Hx5CDt@JZyBH=z5oCK

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java-inheritance/inheritance06/test.class b/regression/cbmc-java-inheritance/inheritance06/test.class
new file mode 100644
index 0000000000000000000000000000000000000000..53ce4d575ca62e7ddd8e6daf984a12e05318bf40
GIT binary patch
literal 557
zcmYL`OG^S#6vzK(9334;^HF9G)5@R+<i=%$Js~Jt7(wpF@lvCvF*EjI+O%w4fkHv;
z`xt$Wh|V2Sxp42f=kY(kd+yio+XsL$)^tRX)i9?+K{kR2=B2d|0DV_9Eb7o?IHzL?
zc?|_Zx@fwta6G%$bq{UVY;;7EKy^ZB$L`wRE+MeKaY;}QdQCx?I<>o^+P`fG=RzhE
zg4T_&+JsomGp+WSdFT6?fe_xYI{zYit=D%facs+yh$mccyJg;+2I83FUY@wUEA1OF
z5Hpa%G9fF&rH<LXF71s7j~u7xFp4bKuwq~pMM7eddERIV%kz;>m~|33=<qWMnWk`U
zM>NNZ%<T0!z;CQ$ndcSdIZ`4kLD=HCNkHBce9Q4kd<Hj%pl6wgB<~^LDN|G9)GAM1
z;aK4v%GD5o(-)`@nBE#7m<l~2`VNiV;ZLce_$qO32L7HfuRMdK`4$HK$bXt<Yi6un
i_WJ?JRAd1C0h;;*HSh{`A~r&jB0(rdMS^GiUbBCoY+)<_

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java-inheritance/inheritance06/test.desc b/regression/cbmc-java-inheritance/inheritance06/test.desc
new file mode 100644
index 00000000000..61ed56c4b41
--- /dev/null
+++ b/regression/cbmc-java-inheritance/inheritance06/test.desc
@@ -0,0 +1,5 @@
+CORE
+test.class
+--function test.check
+^EXIT=0$
+^SIGNAL=0$
diff --git a/regression/cbmc-java-inheritance/inheritance06/test.java b/regression/cbmc-java-inheritance/inheritance06/test.java
new file mode 100644
index 00000000000..fd8633b51bc
--- /dev/null
+++ b/regression/cbmc-java-inheritance/inheritance06/test.java
@@ -0,0 +1,11 @@
+import temp.B;
+
+public class test
+{
+  public void check()
+  {
+     B myObject = new B();
+     assert(myObject.check()==123456);
+  }
+}
+
diff --git a/src/java_bytecode/java_bytecode_convert_method.cpp b/src/java_bytecode/java_bytecode_convert_method.cpp
index b9a3cf00063..14b67ba330f 100644
--- a/src/java_bytecode/java_bytecode_convert_method.cpp
+++ b/src/java_bytecode/java_bytecode_convert_method.cpp
@@ -19,11 +19,13 @@ Author: Daniel Kroening, kroening@kroening.com
 #include <util/prefix.h>
 #include <util/arith_tools.h>
 #include <util/ieee_float.h>
+#include <util/invariant.h>
 
 #include <linking/zero_initializer.h>
 
 #include <goto-programs/cfg.h>
 #include <goto-programs/remove_exceptions.h>
+#include <goto-programs/class_hierarchy.h>
 #include <analyses/cfg_dominators.h>
 
 #include "java_bytecode_convert_method.h"
@@ -32,6 +34,7 @@ Author: Daniel Kroening, kroening@kroening.com
 #include "java_types.h"
 #include "java_utils.h"
 #include "java_string_library_preprocess.h"
+#include "java_utils.h"
 
 #include <limits>
 #include <algorithm>
@@ -1428,12 +1431,12 @@ codet java_bytecode_convert_methodt::convert_instructions(
 
       assert(arg0.id()==ID_virtual_function);
 
-      // does the function symbol exist?
+      // if we don't have a definition for the called symbol, and we won't
+      // inherit a definition from a super-class, create a stub.
       irep_idt id=arg0.get(ID_identifier);
-
-      if(symbol_table.symbols.find(id)==symbol_table.symbols.end())
+      if(symbol_table.symbols.find(id)==symbol_table.symbols.end() &&
+         !(is_virtual && is_method_inherited(arg0.get(ID_C_class), id)))
       {
-        // no, create stub
         symbolt symbol;
         symbol.name=id;
         symbol.base_name=arg0.get(ID_C_base_name);
@@ -2687,3 +2690,40 @@ void java_bytecode_convert_method(
 
   java_bytecode_convert_method(class_symbol, method);
 }
+
+const bool java_bytecode_convert_methodt::is_method_inherited(
+  const irep_idt &classname, const irep_idt &methodid) const
+{
+  class_hierarchyt ch;
+  namespacet ns(symbol_table);
+  ch(symbol_table);
+
+  std::string stripped_methodid(id2string(methodid));
+  stripped_methodid.erase(0, classname.size());
+
+  const std::string &classpackage=java_class_to_package(id2string(classname));
+  const auto &parents=ch.get_parents_trans(classname);
+  for(const auto &parent : parents)
+  {
+    const irep_idt id=id2string(parent)+stripped_methodid;
+    const symbolt *symbol;
+    if(!ns.lookup(id, symbol) &&
+       symbol->type.id()==ID_code)
+    {
+      const auto &access=symbol->type.get(ID_access);
+      if(access==ID_public || access==ID_protected)
+        return true;
+      // methods with the default access modifier are only
+      // accessible within the same package.
+      else if(access==ID_default &&
+              java_class_to_package(id2string(parent))==classpackage)
+        return true;
+      else if(access==ID_private)
+        continue;
+      else
+        INVARIANT(false, "Unexpected access modifier.");
+    }
+  }
+  return false;
+}
+
diff --git a/src/java_bytecode/java_bytecode_convert_method_class.h b/src/java_bytecode/java_bytecode_convert_method_class.h
index 8eba408ddff..f44df98be49 100644
--- a/src/java_bytecode/java_bytecode_convert_method_class.h
+++ b/src/java_bytecode/java_bytecode_convert_method_class.h
@@ -258,6 +258,10 @@ class java_bytecode_convert_methodt:public messaget
   bool class_needs_clinit(const irep_idt &classname);
   exprt get_or_create_clinit_wrapper(const irep_idt &classname);
   codet get_clinit_call(const irep_idt &classname);
+
+  const bool is_method_inherited(
+    const irep_idt &classname,
+    const irep_idt &methodid) const;
 };
 
 #endif
diff --git a/src/java_bytecode/java_utils.cpp b/src/java_bytecode/java_utils.cpp
index 656bfe1d7b2..9f8be11e4ad 100644
--- a/src/java_bytecode/java_utils.cpp
+++ b/src/java_bytecode/java_utils.cpp
@@ -10,6 +10,7 @@ Author: Daniel Kroening, kroening@kroening.com
 #include <util/prefix.h>
 #include <util/std_types.h>
 #include <util/invariant.h>
+#include <util/string_utils.h>
 
 #include "java_utils.h"
 #include "java_types.h"
@@ -52,3 +53,8 @@ unsigned java_method_parameter_slots(const code_typet &t)
 
   return slots;
 }
+
+const std::string java_class_to_package(const std::string &canonical_classname)
+{
+  return trim_from_last_delimiter(canonical_classname, '.');
+}
diff --git a/src/java_bytecode/java_utils.h b/src/java_bytecode/java_utils.h
index bd88cb71bb8..ef64ff9e18e 100644
--- a/src/java_bytecode/java_utils.h
+++ b/src/java_bytecode/java_utils.h
@@ -24,4 +24,6 @@ unsigned java_local_variable_slots(const typet &t);
 /// pass, upon call, the arguments of a Java method whose type is \p t.
 unsigned java_method_parameter_slots(const code_typet &t);
 
+const std::string java_class_to_package(const std::string &canonical_classname);
+
 #endif // CPROVER_JAVA_BYTECODE_JAVA_UTILS_H
diff --git a/src/util/string_utils.cpp b/src/util/string_utils.cpp
index 1bf5af4f68a..77e559b96c1 100644
--- a/src/util/string_utils.cpp
+++ b/src/util/string_utils.cpp
@@ -99,3 +99,14 @@ void split_string(
   left=result[0];
   right=result[1];
 }
+
+std::string trim_from_last_delimiter(
+  const std::string &s,
+  const char delim)
+{
+  std::string result="";
+  const size_t index=s.find_last_of(delim);
+  if(index!=std::string::npos)
+    result=s.substr(0, index);
+  return result;
+}
diff --git a/src/util/string_utils.h b/src/util/string_utils.h
index 5e4ef23a63a..5779596cdcf 100644
--- a/src/util/string_utils.h
+++ b/src/util/string_utils.h
@@ -29,4 +29,8 @@ void split_string(
   std::string &right,
   bool strip=false);
 
+std::string trim_from_last_delimiter(
+  const std::string &s,
+  const char delim);
+
 #endif

From 50732ee856e37a92edefb825fa8f467a96791016 Mon Sep 17 00:00:00 2001
From: Owen Jones <owen.jones@diffblue.com>
Date: Mon, 3 Jul 2017 14:15:02 +0100
Subject: [PATCH 369/699] Create is_digit_with_radix()

Produces an expression which checks if a character is a valid digit
with respect to a particular radix. Includes a unit test.
---
 .../refinement/string_constraint_generator.h  |  2 +
 .../string_constraint_generator_valueof.cpp   | 38 ++++++++++
 unit/Makefile                                 |  6 +-
 .../is_digit_with_radix.cpp                   | 74 +++++++++++++++++++
 4 files changed, 118 insertions(+), 2 deletions(-)
 create mode 100644 unit/solvers/refinement/string_constraint_generator_valueof/is_digit_with_radix.cpp

diff --git a/src/solvers/refinement/string_constraint_generator.h b/src/solvers/refinement/string_constraint_generator.h
index ca8bf17b5f0..2e36e72d016 100644
--- a/src/solvers/refinement/string_constraint_generator.h
+++ b/src/solvers/refinement/string_constraint_generator.h
@@ -328,4 +328,6 @@ class string_constraint_generatort
   bool is_constant_string(const string_exprt &expr) const;
 };
 
+exprt is_digit_with_radix(exprt chr, exprt radix);
+
 #endif
diff --git a/src/solvers/refinement/string_constraint_generator_valueof.cpp b/src/solvers/refinement/string_constraint_generator_valueof.cpp
index c009dd6e412..7d39cf63405 100644
--- a/src/solvers/refinement/string_constraint_generator_valueof.cpp
+++ b/src/solvers/refinement/string_constraint_generator_valueof.cpp
@@ -490,3 +490,41 @@ exprt string_constraint_generatort::add_axioms_for_parse_int(
   }
   return i;
 }
+
+/// Check if a character is a digit with respect to the given radix, e.g. if the
+/// radix is 10 then check if the character is in the range 0-9.
+/// \param chr: the character
+/// \param radix:  the radix
+/// \return an expression for the condition
+exprt is_digit_with_radix(exprt chr, exprt radix)
+{
+  const typet &char_type=chr.type();
+  exprt zero_char=from_integer('0', char_type);
+  exprt nine_char=from_integer('9', char_type);
+  exprt a_char=from_integer('a', char_type);
+  exprt A_char=from_integer('A', char_type);
+
+  and_exprt is_digit_when_radix_le_10(
+    binary_relation_exprt(chr, ID_ge, zero_char),
+    binary_relation_exprt(
+      chr, ID_lt, plus_exprt(zero_char, typecast_exprt(radix, char_type))));
+
+  minus_exprt radix_minus_ten(
+    typecast_exprt(radix, char_type), from_integer(10, char_type));
+
+  or_exprt is_digit_when_radix_gt_10(
+    and_exprt(
+      binary_relation_exprt(chr, ID_ge, zero_char),
+      binary_relation_exprt(chr, ID_le, nine_char)),
+    and_exprt(
+      binary_relation_exprt(chr, ID_ge, a_char),
+      binary_relation_exprt(chr, ID_lt, plus_exprt(a_char, radix_minus_ten))),
+    and_exprt(
+      binary_relation_exprt(chr, ID_ge, A_char),
+      binary_relation_exprt(chr, ID_lt, plus_exprt(A_char, radix_minus_ten))));
+
+  return if_exprt(
+    binary_relation_exprt(radix, ID_le, from_integer(10, radix.type())),
+    is_digit_when_radix_le_10,
+    is_digit_when_radix_gt_10);
+}
diff --git a/unit/Makefile b/unit/Makefile
index a1de1539ee7..2b1c11565bb 100644
--- a/unit/Makefile
+++ b/unit/Makefile
@@ -2,6 +2,7 @@
 
 SRC = unit_tests.cpp \
       catch_example.cpp \
+      solvers/refinement/string_constraint_generator_valueof/is_digit_with_radix.cpp \
       # Empty last line
 
 INCLUDES= -I ../src/ -I.
@@ -16,14 +17,15 @@ LIBS += ../src/ansi-c/ansi-c$(LIBEXT) \
         ../src/cpp/cpp$(LIBEXT) \
         ../src/json/json$(LIBEXT) \
         ../src/linking/linking$(LIBEXT) \
-        ../src/util/util$(LIBEXT) \
-        ../src/big-int/big-int$(LIBEXT) \
         ../src/goto-programs/goto-programs$(LIBEXT) \
         ../src/pointer-analysis/pointer-analysis$(LIBEXT) \
         ../src/langapi/langapi$(LIBEXT) \
         ../src/assembler/assembler$(LIBEXT) \
         ../src/analyses/analyses$(LIBEXT) \
         ../src/solvers/solvers$(LIBEXT) \
+        ../src/java_bytecode/java_bytecode$(LIBEXT) \
+        ../src/util/util$(LIBEXT) \
+        ../src/big-int/big-int$(LIBEXT) \
         # Empty last line
 
 TESTS = unit_tests$(EXEEXT) \
diff --git a/unit/solvers/refinement/string_constraint_generator_valueof/is_digit_with_radix.cpp b/unit/solvers/refinement/string_constraint_generator_valueof/is_digit_with_radix.cpp
new file mode 100644
index 00000000000..85a14ff3859
--- /dev/null
+++ b/unit/solvers/refinement/string_constraint_generator_valueof/is_digit_with_radix.cpp
@@ -0,0 +1,74 @@
+/*******************************************************************\
+
+ Module: Unit tests for is_digit_with_radix in
+   solvers/refinement/string_constraint_generator_valueof.cpp
+
+ Author: DiffBlue Limited. All rights reserved.
+
+\*******************************************************************/
+
+#include <catch.hpp>
+
+#include <solvers/refinement/string_constraint_generator.h>
+#include <util/namespace.h>
+#include <util/symbol_table.h>
+#include <util/simplify_expr.h>
+#include <util/std_types.h>
+
+SCENARIO("is_digit_with_radix",
+  "[core][solvers][refinement][string_constraint_generator_valueof]")
+{
+  typet char_type=unsignedbv_typet(16);
+  typet int_type=signedbv_typet(32);
+  symbol_tablet symtab;
+  namespacet ns(symtab);
+
+  WHEN("Radix 10")
+  {
+    int radix=10;
+    REQUIRE(true_exprt()==simplify_expr(
+      is_digit_with_radix(
+        from_integer('0', char_type),
+        from_integer(radix, int_type)), ns));
+    REQUIRE(true_exprt()==simplify_expr(
+      is_digit_with_radix(
+        from_integer('9', char_type),
+        from_integer(radix, int_type)), ns));
+    REQUIRE(false_exprt()==simplify_expr(
+      is_digit_with_radix(
+        from_integer('a', char_type),
+        from_integer(radix, int_type)), ns));
+  }
+  WHEN("Radix 8")
+  {
+    int radix=8;
+    REQUIRE(true_exprt()==simplify_expr(
+      is_digit_with_radix(
+        from_integer('7', char_type),
+        from_integer(radix, int_type)), ns));
+    REQUIRE(false_exprt()==simplify_expr(
+      is_digit_with_radix(
+        from_integer('8', char_type),
+        from_integer(radix, int_type)), ns));
+  }
+  WHEN("Radix 16")
+  {
+    int radix=16;
+    REQUIRE(true_exprt()==simplify_expr(
+      is_digit_with_radix(
+        from_integer('a', char_type),
+        from_integer(radix, int_type)), ns));
+    REQUIRE(true_exprt()==simplify_expr(
+      is_digit_with_radix(
+        from_integer('A', char_type),
+        from_integer(radix, int_type)), ns));
+    REQUIRE(true_exprt()==simplify_expr(
+      is_digit_with_radix(
+        from_integer('f', char_type),
+        from_integer(radix, int_type)), ns));
+    REQUIRE(false_exprt()==simplify_expr(
+      is_digit_with_radix(
+        from_integer('g', char_type),
+        from_integer(radix, int_type)), ns));
+  }
+}

From 4e5d8cce4dc7a250577e7d827b362f6c76bc9902 Mon Sep 17 00:00:00 2001
From: Owen Jones <owen.jones@diffblue.com>
Date: Mon, 3 Jul 2017 14:15:41 +0100
Subject: [PATCH 370/699] add_axioms_for_parse_int can take optional radix

Updated add_axioms_for_correct_number_format and
add_axioms_for_parse_int, and created helper function
get_numeric_value_from_character.
---
 .../refinement/string_constraint_generator.h  |  4 +-
 .../string_constraint_generator_valueof.cpp   | 93 +++++++++++++------
 unit/Makefile                                 |  1 +
 .../get_numeric_value_from_character.cpp      | 41 ++++++++
 4 files changed, 109 insertions(+), 30 deletions(-)
 create mode 100644 unit/solvers/refinement/string_constraint_generator_valueof/get_numeric_value_from_character.cpp

diff --git a/src/solvers/refinement/string_constraint_generator.h b/src/solvers/refinement/string_constraint_generator.h
index 2e36e72d016..55c453d480d 100644
--- a/src/solvers/refinement/string_constraint_generator.h
+++ b/src/solvers/refinement/string_constraint_generator.h
@@ -294,7 +294,7 @@ class string_constraint_generatort
 
   exprt add_axioms_for_parse_int(const function_application_exprt &f);
   exprt add_axioms_for_correct_number_format(
-    const string_exprt &str, std::size_t max_size=10);
+    const string_exprt &str, const exprt &radix, std::size_t max_size=10);
   exprt add_axioms_for_to_char_array(const function_application_exprt &f);
   exprt add_axioms_for_compare_to(const function_application_exprt &f);
 
@@ -329,5 +329,7 @@ class string_constraint_generatort
 };
 
 exprt is_digit_with_radix(exprt chr, exprt radix);
+exprt get_numeric_value_from_character(
+  const exprt &chr, const typet &char_type, const typet &type);
 
 #endif
diff --git a/src/solvers/refinement/string_constraint_generator_valueof.cpp b/src/solvers/refinement/string_constraint_generator_valueof.cpp
index 7d39cf63405..b408ba4090a 100644
--- a/src/solvers/refinement/string_constraint_generator_valueof.cpp
+++ b/src/solvers/refinement/string_constraint_generator_valueof.cpp
@@ -357,11 +357,14 @@ string_exprt string_constraint_generatort::add_axioms_for_value_of(
 }
 
 /// Add axioms making the return value true if the given string is a correct
-/// number.
-/// \param f: function application with one string expression
-/// \return an boolean expression
+/// number in the given radix
+/// \param str: string expression
+/// \param radix: the radix
+/// \param max_size: maximum number of characters
+/// \return a boolean expression saying whether the string does represent a
+///   number with the given radix
 exprt string_constraint_generatort::add_axioms_for_correct_number_format(
-  const string_exprt &str, std::size_t max_size)
+  const string_exprt &str, const exprt &radix, std::size_t max_size)
 {
   symbol_exprt correct=fresh_boolean("correct_number_format");
   const refined_string_typet &ref_type=to_refined_string_type(str.type());
@@ -375,16 +378,14 @@ exprt string_constraint_generatort::add_axioms_for_correct_number_format(
   exprt chr=str[0];
   equal_exprt starts_with_minus(chr, minus_char);
   equal_exprt starts_with_plus(chr, plus_char);
-  and_exprt starts_with_digit(
-    binary_relation_exprt(chr, ID_ge, zero_char),
-    binary_relation_exprt(chr, ID_le, nine_char));
+  exprt starts_with_digit=is_digit_with_radix(chr, radix);
 
   // TODO: we should have implications in the other direction for correct
   // correct => |str| > 0
   exprt non_empty=str.axiom_for_is_longer_than(from_integer(1, index_type));
   axioms.push_back(implies_exprt(correct, non_empty));
 
-  // correct => (str[0] = '+' or '-' || '0' <= str[0] <= '9')
+  // correct => (str[0] = '+' or '-' || is_digit_with_radix(str[0], radix))
   or_exprt correct_first(
     or_exprt(starts_with_minus, starts_with_plus), starts_with_digit);
   axioms.push_back(implies_exprt(correct, correct_first));
@@ -399,11 +400,9 @@ exprt string_constraint_generatort::add_axioms_for_correct_number_format(
   axioms.push_back(
     implies_exprt(correct, str.axiom_for_is_shorter_than(max_size)));
 
-  // forall 1 <= qvar < |str| . correct => '0'<= str[qvar] <= '9'
+  // forall 1 <= qvar < |str| . correct => is_digit_with_radix(str[qvar], radix)
   symbol_exprt qvar=fresh_univ_index("number_format", index_type);
-  and_exprt is_digit(
-    binary_relation_exprt(str[qvar], ID_ge, zero_char),
-    binary_relation_exprt(str[qvar], ID_le, nine_char));
+  exprt is_digit=is_digit_with_radix(str[qvar], radix);
   string_constraintt all_digits(
     qvar, from_integer(1, index_type), str.length(), correct, is_digit);
   axioms.push_back(all_digits);
@@ -412,58 +411,66 @@ exprt string_constraint_generatort::add_axioms_for_correct_number_format(
 }
 
 /// add axioms corresponding to the Integer.parseInt java function
-/// \param f: function application with one string expression
+/// \param f: a function application with either one string expression or one
+///   string expression and an expression for the radix
 /// \return an integer expression
 exprt string_constraint_generatort::add_axioms_for_parse_int(
   const function_application_exprt &f)
 {
-  string_exprt str=get_string_expr(args(f, 1)[0]);
+  PRECONDITION(f.arguments().size()==1 || f.arguments().size()==2);
+  string_exprt str=get_string_expr(f.arguments()[0]);
+  const exprt radix=
+    f.arguments().size()==1?from_integer(10, f.type()):f.arguments()[1];
+
   const typet &type=f.type();
   symbol_exprt i=fresh_symbol("parsed_int", type);
   const refined_string_typet &ref_type=to_refined_string_type(str.type());
   const typet &char_type=ref_type.get_char_type();
-  exprt zero_char=constant_char('0', char_type);
   exprt minus_char=constant_char('-', char_type);
   exprt plus_char=constant_char('+', char_type);
   assert(type.id()==ID_signedbv);
-  exprt ten=from_integer(10, type);
 
   exprt chr=str[0];
   exprt starts_with_minus=equal_exprt(chr, minus_char);
   exprt starts_with_plus=equal_exprt(chr, plus_char);
-  exprt starts_with_digit=binary_relation_exprt(chr, ID_ge, zero_char);
+  exprt starts_with_digit=
+    not_exprt(or_exprt(starts_with_minus, starts_with_plus));
 
-  // TODO: we should throw an exception when this does not hold:
-  exprt correct=add_axioms_for_correct_number_format(str);
+  /// TODO: we should throw an exception when this does not hold:
+  exprt correct=add_axioms_for_correct_number_format(str, radix);
   axioms.push_back(correct);
 
+  /// TODO(OJones): size should depend on the radix
+  /// TODO(OJones): we should deal with overflow properly
   for(unsigned size=1; size<=10; size++)
   {
     exprt sum=from_integer(0, type);
-    exprt first_value=typecast_exprt(minus_exprt(chr, zero_char), type);
+    exprt first_value=get_numeric_value_from_character(chr, char_type, type);
+    equal_exprt premise=str.axiom_for_has_length(size);
 
     for(unsigned j=1; j<size; j++)
     {
-      mult_exprt ten_sum(sum, ten);
+      mult_exprt radix_sum(sum, radix);
       if(j>=9)
       {
         // We have to be careful about overflows
-        div_exprt div(sum, ten);
-        equal_exprt no_overflow(div, sum);
+        div_exprt div(sum, radix);
+        implies_exprt no_overflow(premise, (equal_exprt(div, sum)));
         axioms.push_back(no_overflow);
       }
 
       sum=plus_exprt_with_overflow_check(
-        ten_sum,
-        typecast_exprt(minus_exprt(str[j], zero_char), type));
+        radix_sum,
+        get_numeric_value_from_character(str[j], char_type, type));
 
-      mult_exprt first(first_value, ten);
+      mult_exprt first(first_value, radix);
       if(j>=9)
       {
         // We have to be careful about overflows
-        div_exprt div_first(first, ten);
+        div_exprt div_first(first, radix);
         implies_exprt no_overflow_first(
-          starts_with_digit, equal_exprt(div_first, first_value));
+          and_exprt(starts_with_digit, premise),
+          equal_exprt(div_first, first_value));
         axioms.push_back(no_overflow_first);
       }
       first_value=first;
@@ -474,7 +481,6 @@ exprt string_constraint_generatort::add_axioms_for_parse_int(
     // a2 : starts_with_plus => i=sum
     // a3 : starts_with_minus => i=-sum
 
-    equal_exprt premise=str.axiom_for_has_length(size);
     implies_exprt a1(
       and_exprt(premise, starts_with_digit),
       equal_exprt(i, plus_exprt(sum, first_value)));
@@ -528,3 +534,32 @@ exprt is_digit_with_radix(exprt chr, exprt radix)
     is_digit_when_radix_le_10,
     is_digit_when_radix_gt_10);
 }
+
+/// Get the numeric value of a character, assuming that the radix is large
+/// enough
+/// \param chr: the character to get the numeric value of
+/// \param char_type: the type to use for characters
+/// \param type: the type to use for the return value
+/// \return an integer expression of the given type with the numeric value of
+///   the char
+exprt get_numeric_value_from_character(
+  const exprt &chr, const typet &char_type, const typet &type)
+{
+  constant_exprt zero_char=from_integer('0', char_type);
+  constant_exprt a_char=from_integer('a', char_type);
+  constant_exprt A_char=from_integer('A', char_type);
+  constant_exprt ten_int=from_integer(10, char_type);
+
+  binary_relation_exprt upper_case(chr, ID_ge, A_char);
+  binary_relation_exprt lower_case(chr, ID_ge, a_char);
+
+  return typecast_exprt(
+    if_exprt(
+      lower_case,
+      plus_exprt(minus_exprt(chr, a_char), ten_int),
+      if_exprt(
+        upper_case,
+        plus_exprt(minus_exprt(chr, A_char), ten_int),
+        minus_exprt(chr, zero_char))),
+    type);
+}
diff --git a/unit/Makefile b/unit/Makefile
index 2b1c11565bb..e11ed07e96d 100644
--- a/unit/Makefile
+++ b/unit/Makefile
@@ -3,6 +3,7 @@
 SRC = unit_tests.cpp \
       catch_example.cpp \
       solvers/refinement/string_constraint_generator_valueof/is_digit_with_radix.cpp \
+      solvers/refinement/string_constraint_generator_valueof/get_numeric_value_from_character.cpp \
       # Empty last line
 
 INCLUDES= -I ../src/ -I.
diff --git a/unit/solvers/refinement/string_constraint_generator_valueof/get_numeric_value_from_character.cpp b/unit/solvers/refinement/string_constraint_generator_valueof/get_numeric_value_from_character.cpp
new file mode 100644
index 00000000000..29bef9bd788
--- /dev/null
+++ b/unit/solvers/refinement/string_constraint_generator_valueof/get_numeric_value_from_character.cpp
@@ -0,0 +1,41 @@
+/*******************************************************************\
+
+ Module: Unit tests for get_numeric_value_from_character in
+   solvers/refinement/string_constraint_generator_valueof.cpp
+
+ Author: DiffBlue Limited. All rights reserved.
+
+\*******************************************************************/
+
+#include <catch.hpp>
+
+#include <solvers/refinement/string_constraint_generator.h>
+#include <util/namespace.h>
+#include <util/symbol_table.h>
+#include <util/simplify_expr.h>
+#include <util/std_types.h>
+
+SCENARIO("get_numeric_value_from_character",
+  "[core][solvers][refinement][string_constraint_generator_valueof]")
+{
+  typet char_type=unsignedbv_typet(16);
+  typet int_type=signedbv_typet(32);
+  symbol_tablet symtab;
+  namespacet ns(symtab);
+
+  REQUIRE(from_integer(0, int_type)==simplify_expr(
+    get_numeric_value_from_character(
+      from_integer('0', char_type), char_type, int_type),ns));
+  REQUIRE(from_integer(9, int_type)==simplify_expr(
+    get_numeric_value_from_character(
+      from_integer('9', char_type),
+      char_type, int_type), ns));
+  REQUIRE(from_integer(10, int_type)==simplify_expr(
+    get_numeric_value_from_character(
+      from_integer('A', char_type),
+      char_type, int_type), ns));
+  REQUIRE(from_integer(35, int_type)==simplify_expr(
+    get_numeric_value_from_character(
+      from_integer('z', char_type),
+      char_type, int_type), ns));
+}

From 238c02fa819f68c4cc77208a37585bbd68d1c872 Mon Sep 17 00:00:00 2001
From: Owen Jones <owen.jones@diffblue.com>
Date: Thu, 29 Jun 2017 12:20:35 +0100
Subject: [PATCH 371/699] Add parseInt with radix to preprocessing

---
 src/java_bytecode/java_string_library_preprocess.cpp | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/java_bytecode/java_string_library_preprocess.cpp b/src/java_bytecode/java_string_library_preprocess.cpp
index 5a1fedf65a9..1c7e852ec7b 100644
--- a/src/java_bytecode/java_string_library_preprocess.cpp
+++ b/src/java_bytecode/java_string_library_preprocess.cpp
@@ -1954,6 +1954,9 @@ void java_string_library_preprocesst::initialize_conversion_table()
   cprover_equivalent_to_java_function
     ["java::java.lang.Integer.parseInt:(Ljava/lang/String;)I"]=
       ID_cprover_string_parse_int_func;
+  cprover_equivalent_to_java_function
+    ["java::java.lang.Integer.parseInt:(Ljava/lang/String;I)I"]=
+      ID_cprover_string_parse_int_func;
   cprover_equivalent_to_java_string_returning_function
     ["java::java.lang.Integer.toHexString:(I)Ljava/lang/String;"]=
       ID_cprover_string_of_int_hex_func;

From bdb1a3c5d061cb602a2d6592a8adac950c399587 Mon Sep 17 00:00:00 2001
From: Owen Jones <owen.jones@diffblue.com>
Date: Mon, 3 Jul 2017 12:31:34 +0100
Subject: [PATCH 372/699] Regression tests

Create regression tests for parseInt with radix and add failing
regression tests for parseInt and parseInt with radix marked KNOWNBUG
(see issue #664 which is about making them parse).
---
 .../java_parseint/test.desc                   |   5 +--
 .../java_parseint/test_parseint.class         | Bin 727 -> 914 bytes
 .../java_parseint/test_parseint.java          |  16 ++++----
 .../java_parseint_knownbug/test.desc          |  12 ++++++
 .../test_parseint.class                       | Bin 0 -> 1089 bytes
 .../java_parseint_knownbug/test_parseint.java |  21 ++++++++++
 .../java_parseint_with_radix/test.desc        |  16 ++++++++
 .../test_parseint_with_radix.class            | Bin 0 -> 1537 bytes
 .../test_parseint_with_radix.java             |  36 ++++++++++++++++++
 .../test.desc                                 |  12 ++++++
 .../test_parseint_with_radix.class            | Bin 0 -> 1141 bytes
 .../test_parseint_with_radix.java             |  20 ++++++++++
 12 files changed, 128 insertions(+), 10 deletions(-)
 create mode 100644 regression/strings-smoke-tests/java_parseint_knownbug/test.desc
 create mode 100644 regression/strings-smoke-tests/java_parseint_knownbug/test_parseint.class
 create mode 100644 regression/strings-smoke-tests/java_parseint_knownbug/test_parseint.java
 create mode 100644 regression/strings-smoke-tests/java_parseint_with_radix/test.desc
 create mode 100644 regression/strings-smoke-tests/java_parseint_with_radix/test_parseint_with_radix.class
 create mode 100644 regression/strings-smoke-tests/java_parseint_with_radix/test_parseint_with_radix.java
 create mode 100644 regression/strings-smoke-tests/java_parseint_with_radix_knownbug/test.desc
 create mode 100644 regression/strings-smoke-tests/java_parseint_with_radix_knownbug/test_parseint_with_radix.class
 create mode 100644 regression/strings-smoke-tests/java_parseint_with_radix_knownbug/test_parseint_with_radix.java

diff --git a/regression/strings-smoke-tests/java_parseint/test.desc b/regression/strings-smoke-tests/java_parseint/test.desc
index 6a513e61deb..3b38dc2c575 100644
--- a/regression/strings-smoke-tests/java_parseint/test.desc
+++ b/regression/strings-smoke-tests/java_parseint/test.desc
@@ -3,6 +3,5 @@ test_parseint.class
 --refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
-^\[.*assertion.1\].* line 7.* SUCCESS$
-^\[.*assertion.2\].* line 8.* FAILURE$
---
+^\[.*assertion.1\].* line 8.* SUCCESS$
+^\[.*assertion.2\].* line 9.* FAILURE$
diff --git a/regression/strings-smoke-tests/java_parseint/test_parseint.class b/regression/strings-smoke-tests/java_parseint/test_parseint.class
index e1ffe0c72107860cfe03ac1f697018740f58a884..0f021d000fa3d68a1caa7d62f1a9090f569d5d01 100644
GIT binary patch
delta 430
zcmZvY%SyvQ6o&svFVn<`wHGh-R$DJ^ZH=v!f<bZNMyPHoE)<cmh8hjEq@m(dNX-j~
zYd3-*xab4;0zQii#gn*|Va}X0=Re;$GoPUcUi<iY9{{LgL%|R-9N7pK6i8T9u!Ln9
zGIAVw1>8#(6s(}gQR>%ri?RAmQ&>mBHpRJR9D0T!=v<mzhLO5sbe*$~u)BuYcJ%&T
z<~Z!!8di@qvHF$h3C$Aimez1=v)$4exUan^Gq63v2)jj?_{o3L;f5oc*ZZR5_oR{g
z&j<1<ho)i;WjDYo;fjiNR9&6D)-@24o){{;fxVC;VU%pxzocQvSN{ZvBSDdjB*y3_
zO8yf9w1DlxAoz$)H!JC<0lz*)1cH(claf<S1bM36qHpw=X{w8&gmFv|D~TK?k)qzj
m!W5?IoT05k`bM5(mVHt82<F^-shaRIAxP?uH+h-@3G=@q#YYza

delta 245
zcmW-bJx;?w5QV?pXtVZW1o<HeKZbyl07)8<B_q*LP$5AB7chtliWF4b!t5z1V<90?
z<N#cN(|{O9BaLRhnWy*O?2pO5|GpML%G9yKre!N&+o9QU#O#KI>{<E_TOIcu2PBq3
zkzE$={l@C;OaAb5ozL#_`{zdy`$XM@L(3@QkR$)9PV2`JV<x^-A8Cw|0yF+Z&1FzD
zq}P{FiB*%9%<IBt)TH3dm-_rfFaJ6iAqFRkH3^gukcp}-R3iUY$u?9=XvbgG(ssoS
MI=ZM_yRv9{|2BdhF8}}l

diff --git a/regression/strings-smoke-tests/java_parseint/test_parseint.java b/regression/strings-smoke-tests/java_parseint/test_parseint.java
index f278f273675..d9b84914c7c 100644
--- a/regression/strings-smoke-tests/java_parseint/test_parseint.java
+++ b/regression/strings-smoke-tests/java_parseint/test_parseint.java
@@ -1,10 +1,12 @@
 public class test_parseint
 {
-   public static void main(String[] argv)
-   {
-      String twelve = new String("12");
-      int parsed = Integer.parseInt(twelve);
-      assert(parsed == 12);
-      assert(parsed != 12);
-   }
+    public static void main(String[] args)
+    {
+        if (args.length == 1) {
+            String twelve = new String("12");
+            int parsed1 = Integer.parseInt(twelve);
+            assert(parsed1 == 12);
+            assert(parsed1 != 12);
+        }
+    }
 }
diff --git a/regression/strings-smoke-tests/java_parseint_knownbug/test.desc b/regression/strings-smoke-tests/java_parseint_knownbug/test.desc
new file mode 100644
index 00000000000..f543e2d900b
--- /dev/null
+++ b/regression/strings-smoke-tests/java_parseint_knownbug/test.desc
@@ -0,0 +1,12 @@
+KNOWNBUG
+test_parseint.class
+--refine-strings
+^EXIT=10$
+^SIGNAL=0$
+^\[.*assertion.1\].* line 9.* SUCCESS$
+^\[.*assertion.2\].* line 10.* FAILURE$
+^\[.*assertion.3\].* line 17.* SUCCESS$
+^\[.*assertion.4\].* line 18.* FAILURE$
+--
+--
+Issue #664 is about turning these tests on
diff --git a/regression/strings-smoke-tests/java_parseint_knownbug/test_parseint.class b/regression/strings-smoke-tests/java_parseint_knownbug/test_parseint.class
new file mode 100644
index 0000000000000000000000000000000000000000..59932ae0cd7421d1da7759308ce69496d0710978
GIT binary patch
literal 1089
zcmZ`%OHUI~7(KVscBaz-`jD6J2TEInN*Mup7z|26Qk4WD0T*OwCv~t)$;@Ef`1l=c
zWXD=f#7KgB|B(yCGed2~;$rUH@7(Wv-}%nHKYo2X1fXM5MLYUsWE5mogpgA)fZH)>
z7?j=}A0NvYQlX$<L0)=KhKxHZhEb3)B9QJgT-S6wt7f|oE!SADnq>j8DiEErY|FbZ
zAZ4=40^!+O*%as~TDJLQdvo1%p83fFsbZ~URF@6M^5Z%f_Fh=7pY55hx3*<Cu4&oc
zB+G0XmMzegd0yNwUK#nSVOR2to@3dSNxzM}X}n%zs$aJyfyY6qa)A=({bb8NNv`7@
zC~P<tc21vBU!ZN#GfFQX8(V=)S|*@Om8$hY)y3MjQ!?kQV60QhhkPv>l1K?8{?#R*
z7KZgPeSBn8AM=xR8Fw{|f<Xro0zFN}gFkLRa-5nY5Fcz%$EojBQyJqL?qT9o%ctub
zW{LK6W?KF64NNwB&D)+?G1){3Tx0kj8m;VT(q^lC61<|a=~|9iZYZXA-Zl^T9#(OU
z&#Rq}NhEsw8M%|d=16f(Gs^QX_>biFAwF^w!a1(d0Hh4=wUY#Np_@?*J?JGuvgl<o
ziP+oRVPqH62MDdCq<w^o178uD{)Ffbk{46*2gDDctn4H9y@BmEu|3S>4x_u62>5CX
zKYj*3{ukd@Ed{Cz)XGt)UgoF@)yI&9ifP0#!?QVBu)vcg8eq|aH)Qz}>f|Iai1WC>
z$vTn2MO>m23&bu5*b=cT0mf-@m9_%c`E?_5gshAk;wRFfBV_7ZHt%bAtOo`H$&~g5
dZ99;|dk9OP5pDI`uNgr|oAGbuCW8=e{RT?A;tK!(

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_parseint_knownbug/test_parseint.java b/regression/strings-smoke-tests/java_parseint_knownbug/test_parseint.java
new file mode 100644
index 00000000000..d2283bbfccd
--- /dev/null
+++ b/regression/strings-smoke-tests/java_parseint_knownbug/test_parseint.java
@@ -0,0 +1,21 @@
+public class test_parseint
+{
+    public static void main(String[] args)
+    {
+        if (args.length == 2) {
+            // 2^31-1, max value of Integer
+            String max_int = new String("2147483647");
+            int parsed2 = Integer.parseInt(max_int);
+            assert(parsed2 == 2147483647);
+            assert(parsed2 != 2147483647);
+        }
+        else if (args.length == 3) {
+            // -2^31, min value of Integer, and longest string we could have without
+            // leading zeroes
+            String min_int = new String("-2147483648");
+            int parsed3 = Integer.parseInt(min_int);
+            assert(parsed3 == -2147483648);
+            assert(parsed3 != -2147483648);
+        }
+    }
+}
diff --git a/regression/strings-smoke-tests/java_parseint_with_radix/test.desc b/regression/strings-smoke-tests/java_parseint_with_radix/test.desc
new file mode 100644
index 00000000000..e6138767e20
--- /dev/null
+++ b/regression/strings-smoke-tests/java_parseint_with_radix/test.desc
@@ -0,0 +1,16 @@
+CORE
+test_parseint_with_radix.class
+--refine-strings
+^EXIT=10$
+^SIGNAL=0$
+^\[.*assertion.1\].* line 8.* SUCCESS$
+^\[.*assertion.2\].* line 9.* FAILURE$
+^\[.*assertion.3\].* line 14.* SUCCESS$
+^\[.*assertion.4\].* line 15.* FAILURE$
+^\[.*assertion.5\].* line 20.* SUCCESS$
+^\[.*assertion.6\].* line 21.* FAILURE$
+^\[.*assertion.7\].* line 26.* SUCCESS$
+^\[.*assertion.8\].* line 27.* FAILURE$
+^\[.*assertion.9\].* line 32.* SUCCESS$
+^\[.*assertion.10\].* line 33.* FAILURE$
+--
diff --git a/regression/strings-smoke-tests/java_parseint_with_radix/test_parseint_with_radix.class b/regression/strings-smoke-tests/java_parseint_with_radix/test_parseint_with_radix.class
new file mode 100644
index 0000000000000000000000000000000000000000..22a393e7d103823ba68cca1ced4d362e5178623f
GIT binary patch
literal 1537
zcmZ`&&rcL*7=FIl*_~ln*k4+x0!p<l43%X8#TH~0&`7dvlhT-A4`kS#;MirC%nWU#
zClh;U&z|&9ZXP_C)<ldZ+d~sgnw~xRM|d^H#^?KBe*o)YX5R1l-uHQbJn#Jb|I-?P
zNnEs$z^H+&i7^Wrau&uh(Sa^Z8aQpiz^I8cCZ<fBHSwi^uPjVs#=tp&%t<E*TtD=x
zm0-aOoYk^h5)fAfVl!UF3ugr)L&H}D^!aMZ6-X4kiu=vx`l{=HFP#O_g=*0$UvYd-
zo_9e#yygW0M+%`Egex14AGls6T>04xudVn_$@^uRjO&h95%_56hr)H|CnsBWDr?!L
z(Dy29(<);S`Z>ve;8ws;lqFt^MKaNIyaCdZz(fO}C4tEXKuZFr8vrfc@z+>!rcE&d
zT}z=;{PAmNL$$|A3z##-^6r4FrRt_%bT4^w9Q_~acvQ9#M;aM{<o=e}$0d0;Yak!T
zd0dDiiIhNZ)A2%Gr;EN{^(jkkoQ-KyQ>^_|Zj7VQ$HtsF#(by(19NfAV_{GJZ&$Co
z#Zchz(7`!N6;jO#7Av8<<}$UZrq82P?_k*CFf~au<L1lUF}jxA!1LWwqY(}@+~frp
z>?#Jit_iNQNcPIsX+=Qsk>UFgPg#BizfpS|;!heH4)YyTAjxURcO1}zUY<JeF^&*n
zu=X3tBII7QYx)-Q&!8=*BiqmmBgy0wM9=+&*j=Rhl8Hai`3%PLHq5^p*j5v}FFNd6
zw9e46!(g>C+-$>evy}la>{_hOVC^uNtql1#4Ea3_zuGlp3$v<=PQ?&yC3xG0;O!oQ
z1-oX}3F7<5knT(2!F~z_ws1%RB1(W87@!@c5HadzaQG%hIQ%>;%%KyPDa&`%b{XAR
zr^2`Bb({MBPHpc{-Fp=1A({T6gwGlMAH{n~>0VL1*ElM4^a%s~q6-6}2gk$!j*AHl
zipw~mMBiYJB)8)z`Y3h}hS1N7H0I3Wn8KEc9aq>LVuK31N9+@Yy~HS)Wb7+qCnd%_
zIeaQHX0!2`^5gR0b9w;7e9of#9Yze;;tev|JJ@Z_;U>E4dq_>EzSEOxVS!Y->oL0T
c!qD$Sk32%`;C{=bQE2h=@-O&;2Mwp*10GLAApigX

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_parseint_with_radix/test_parseint_with_radix.java b/regression/strings-smoke-tests/java_parseint_with_radix/test_parseint_with_radix.java
new file mode 100644
index 00000000000..978bf9fb320
--- /dev/null
+++ b/regression/strings-smoke-tests/java_parseint_with_radix/test_parseint_with_radix.java
@@ -0,0 +1,36 @@
+public class test_parseint_with_radix
+{
+    public static void main(String[] args)
+    {
+        if (args.length == 1) {
+            String str1 = new String("F");
+            int parsed1 = Integer.parseInt(str1, 16);
+            assert(parsed1 == 15);
+            assert(parsed1 != 15);
+        }
+        else if (args.length == 2) {
+            String str2 = new String("123");
+            int parsed2 = Integer.parseInt(str2, 10);
+            assert(parsed2 == 123);
+            assert(parsed2 != 123);
+        }
+        else if (args.length == 3) {
+            String str3 = new String("77");
+            int parsed3 = Integer.parseInt(str3, 8);
+            assert(parsed3 == 63);
+            assert(parsed3 != 63);
+        }
+        else if (args.length == 4) {
+            String str4 = new String("-101");
+            int parsed4 = Integer.parseInt(str4, 2);
+            assert(parsed4 == -5);
+            assert(parsed4 != -5);
+        }
+        else if (args.length == 5) {
+            String str5 = new String("00aB");
+            int parsed5 = Integer.parseInt(str5, 16);
+            assert(parsed5 == 171);
+            assert(parsed5 != 171);
+        }
+    }
+}
diff --git a/regression/strings-smoke-tests/java_parseint_with_radix_knownbug/test.desc b/regression/strings-smoke-tests/java_parseint_with_radix_knownbug/test.desc
new file mode 100644
index 00000000000..e3aa52b3cef
--- /dev/null
+++ b/regression/strings-smoke-tests/java_parseint_with_radix_knownbug/test.desc
@@ -0,0 +1,12 @@
+KNOWNBUG
+test_parseint_with_radix.class
+--refine-strings
+^EXIT=10$
+^SIGNAL=0$
+^\[.*assertion.1\].* line 9.* SUCCESS$
+^\[.*assertion.2\].* line 10.* FAILURE$
+^\[.*assertion.3\].* line 16.* SUCCESS$
+^\[.*assertion.4\].* line 17.* FAILURE$
+--
+--
+Issue #664 is about turning these tests on
diff --git a/regression/strings-smoke-tests/java_parseint_with_radix_knownbug/test_parseint_with_radix.class b/regression/strings-smoke-tests/java_parseint_with_radix_knownbug/test_parseint_with_radix.class
new file mode 100644
index 0000000000000000000000000000000000000000..876f33d861b9addf3ed10e48ee6ee421597834fd
GIT binary patch
literal 1141
zcmah|T~E_s7(MU0tzB1O9}0-z2cm347~m9jC?ZNEnVNthfET1}%_xqJv_-uW{{}a5
z$F-V>kp%DkM_wSF7TnN5Y|{35pO5pNbNcqjuWx$*a>%P_Mz4&Ng0zYNGAjCTJpv8=
z(z}C$0~rG<6!a>{N*kPzF{ok)!!m9NBzttnF>KeYTFxWW(U&SlNkA+Jghx%wbngpD
zsr0NsaH3i=1X>EFWjtG7T{7$!Ub8@=P%Y|}S=~0h^-(hDE}M=(N5M55cX3U(9mBNT
z#W$wAylCqs^KG7ptGa0kw5DDbR`l0;wxV0*?2K!hRyptQ=(zTfhu=^YkbTG!%VLU1
z>>REo83lE_%<YpWAPY3jxO(x`Q+>_nO5X&O(PHIDtvXX(w~NN4>1pdajsAegNkbe7
zf!M$Nh&M8MczG>388<cD!ia_z#01*w{o{YUe{9=TTcEptXz)K5=T9Rg<F<x7xce8S
z=SwR_(G@tGYV^@_IbLToWw}P#APvQLmrL*KG>%QB>3K_iZlc07#MYAGn6^=>iK5T$
zItx5N3%Jbl*v!)>V(p#{j3jV(B=}5nmE~LT9m?!Ld}I*789u{)lJpsChYe^&8&?su
z;~X;_7M%o>n0ueu3vOX-7lHYNw1Z%wFBbcX(7jIxZzA5AkUt>03uS%>k?*zKRz0_k
z@yuRm3wa+w^$|kH0iq`WM2`V@#3i5jFzHea1;|vZkaC2-rHU~`@sPDAbYq%M%&}Ub
z4;vKXiOg{(MmIWep5oe&LMOUt#xw?S!OzVxchS#LFfP$qpqqCaLi^~GaYg(@GO&;I
rQOM1EYBuM54}o|>`+}xT$iZy{rOyaATJB+n5YQfYALc3-0bKhHa0Bu3

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_parseint_with_radix_knownbug/test_parseint_with_radix.java b/regression/strings-smoke-tests/java_parseint_with_radix_knownbug/test_parseint_with_radix.java
new file mode 100644
index 00000000000..7279127d053
--- /dev/null
+++ b/regression/strings-smoke-tests/java_parseint_with_radix_knownbug/test_parseint_with_radix.java
@@ -0,0 +1,20 @@
+public class test_parseint_with_radix
+{
+    public static void main(String[] args)
+    {
+        if (args.length == 1) {
+            // 2^31-1, max value of Integer
+            String str1 = new String("7FFFFFFF");
+            int parsed1 = Integer.parseInt(str1, 16);
+            assert(parsed1 == 2147483647);
+            assert(parsed1 != 2147483647);
+        }
+        else if (args.length == 2) {
+            // -2^31, min value of Integer, and longest string we could have
+            String str2 = new String("-100000000000000000000000000000000");
+            int parsed2 = Integer.parseInt(str2, 2);
+            assert(parsed2 == -2147483648);
+            assert(parsed2 != -2147483648);
+        }
+   }
+}

From 72677f2b684d11b2e42828419b58a3e7eaeec24b Mon Sep 17 00:00:00 2001
From: Cristina <cristina.david@gmail.com>
Date: Thu, 11 May 2017 20:21:28 +0100
Subject: [PATCH 373/699] Add regression test for runtime exceptions
 instrumentation

---
 .../ArrayIndexOutOfBoundsExceptionTest.class  | Bin 0 -> 917 bytes
 .../ArrayIndexOutOfBoundsExceptionTest.java   |  12 ++++++++++
 .../ArrayIndexOutOfBoundsException/test.desc  |   9 ++++++++
 .../cbmc-java/ClassCastException1/A.class     | Bin 0 -> 265 bytes
 .../cbmc-java/ClassCastException1/B.class     | Bin 0 -> 265 bytes
 .../ClassCastExceptionTest.class              | Bin 0 -> 976 bytes
 .../ClassCastExceptionTest.java               |  13 +++++++++++
 .../cbmc-java/ClassCastException1/test.desc   |   9 ++++++++
 .../cbmc-java/ClassCastException2/A.class     | Bin 0 -> 249 bytes
 .../cbmc-java/ClassCastException2/B.class     | Bin 0 -> 234 bytes
 .../cbmc-java/ClassCastException2/C.class     | Bin 0 -> 234 bytes
 .../ClassCastExceptionTest.class              | Bin 0 -> 902 bytes
 .../ClassCastExceptionTest.java               |  21 ++++++++++++++++++
 .../cbmc-java/ClassCastException2/test.desc   |   8 +++++++
 .../cbmc-java/NullPointerException2/A.class   | Bin 0 -> 247 bytes
 .../cbmc-java/NullPointerException2/B.class   | Bin 0 -> 241 bytes
 .../NullPointerException2/Test.class          | Bin 0 -> 825 bytes
 .../cbmc-java/NullPointerException2/Test.java |  20 +++++++++++++++++
 .../cbmc-java/NullPointerException2/test.desc |   9 ++++++++
 .../cbmc-java/NullPointerException3/A.class   | Bin 0 -> 247 bytes
 .../cbmc-java/NullPointerException3/B.class   | Bin 0 -> 241 bytes
 .../NullPointerException3/Test.class          | Bin 0 -> 835 bytes
 .../cbmc-java/NullPointerException3/Test.java |  20 +++++++++++++++++
 .../cbmc-java/NullPointerException3/test.desc |   9 ++++++++
 24 files changed, 130 insertions(+)
 create mode 100644 regression/cbmc-java/ArrayIndexOutOfBoundsException/ArrayIndexOutOfBoundsExceptionTest.class
 create mode 100644 regression/cbmc-java/ArrayIndexOutOfBoundsException/ArrayIndexOutOfBoundsExceptionTest.java
 create mode 100644 regression/cbmc-java/ArrayIndexOutOfBoundsException/test.desc
 create mode 100644 regression/cbmc-java/ClassCastException1/A.class
 create mode 100644 regression/cbmc-java/ClassCastException1/B.class
 create mode 100644 regression/cbmc-java/ClassCastException1/ClassCastExceptionTest.class
 create mode 100644 regression/cbmc-java/ClassCastException1/ClassCastExceptionTest.java
 create mode 100644 regression/cbmc-java/ClassCastException1/test.desc
 create mode 100644 regression/cbmc-java/ClassCastException2/A.class
 create mode 100644 regression/cbmc-java/ClassCastException2/B.class
 create mode 100644 regression/cbmc-java/ClassCastException2/C.class
 create mode 100644 regression/cbmc-java/ClassCastException2/ClassCastExceptionTest.class
 create mode 100644 regression/cbmc-java/ClassCastException2/ClassCastExceptionTest.java
 create mode 100644 regression/cbmc-java/ClassCastException2/test.desc
 create mode 100644 regression/cbmc-java/NullPointerException2/A.class
 create mode 100644 regression/cbmc-java/NullPointerException2/B.class
 create mode 100644 regression/cbmc-java/NullPointerException2/Test.class
 create mode 100644 regression/cbmc-java/NullPointerException2/Test.java
 create mode 100644 regression/cbmc-java/NullPointerException2/test.desc
 create mode 100644 regression/cbmc-java/NullPointerException3/A.class
 create mode 100644 regression/cbmc-java/NullPointerException3/B.class
 create mode 100644 regression/cbmc-java/NullPointerException3/Test.class
 create mode 100644 regression/cbmc-java/NullPointerException3/Test.java
 create mode 100644 regression/cbmc-java/NullPointerException3/test.desc

diff --git a/regression/cbmc-java/ArrayIndexOutOfBoundsException/ArrayIndexOutOfBoundsExceptionTest.class b/regression/cbmc-java/ArrayIndexOutOfBoundsException/ArrayIndexOutOfBoundsExceptionTest.class
new file mode 100644
index 0000000000000000000000000000000000000000..4aeaf6432915086b1bbff6f6210a348e21fa04ad
GIT binary patch
literal 917
zcmaJ<T~8BH5IwWqcH3ovekfM_pkS3!)V}ZrF(P6@QZ2EBM0mR0z1EBEF4+%Le}Vsj
zKj1T(NFqkw{ZYob6)1_O4}0g%?94f5=FYF*-+uyF!6O?s<}EDPFtojwLl#vF_ibdf
z|G>r~Y8I9VrK*S`8OAE`qvt9Tou2dvv`5ISDPP4;2&vlAF2URgJV}^tDqp@z`W+eW
z=ww2%8MvaiD?+9H^Pm~OQxT!sTn|I>am)AQpq0d}x6gva_oB^#D-Sj0j*Q|}#_kK{
z6J~1r%>(g4G<w4CHrjEh{O+peCP6Uvw^)iCxP<zZtnv67TZCO!Qu+@xVX_?y_x($8
zIF!wUB4pRx-g)D8J4ixTzEHZ&#qmtKlgC=TgGo#gW=D;@PW)K)<z>@^+UVzaR0k7q
z2<0pJ7q7J$hCxVJ7!ROjS*SZ$#zR7WgwyIANH^y99ECP|ybAmZo{Ur|z4Z$wo>83e
z58i`4%=0GMykwLwYi)c>f#--RKBw7huqC$X`U&WmF9z~_W`;pRf$z@W1QbzXFNbTm
z&JkVwiNOrE73+uHT((lJQy6bfkUDFALHY<2r^v8togEJm@{DY9g~p#{2C!!$%>pwV
z%Q9CEb1YJGRyfaO<{8}J+5*ch<K_^h!nL<J<2HX5jBN{drnva-Wk)N+G@ww-enajE
amiZZG>MPR!cBe7YFr24)26OBfsQdw1vCEqP

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/ArrayIndexOutOfBoundsException/ArrayIndexOutOfBoundsExceptionTest.java b/regression/cbmc-java/ArrayIndexOutOfBoundsException/ArrayIndexOutOfBoundsExceptionTest.java
new file mode 100644
index 00000000000..265b89ec489
--- /dev/null
+++ b/regression/cbmc-java/ArrayIndexOutOfBoundsException/ArrayIndexOutOfBoundsExceptionTest.java
@@ -0,0 +1,12 @@
+public class ArrayIndexOutOfBoundsExceptionTest {
+  public static void main(String args[]) {
+      try {
+          int[] a=new int[4];
+          a[4]=0;
+          throw new RuntimeException();
+      }
+      catch (ArrayIndexOutOfBoundsException exc) {
+          assert false;
+      }
+  }
+}
diff --git a/regression/cbmc-java/ArrayIndexOutOfBoundsException/test.desc b/regression/cbmc-java/ArrayIndexOutOfBoundsException/test.desc
new file mode 100644
index 00000000000..092cbf0b1f4
--- /dev/null
+++ b/regression/cbmc-java/ArrayIndexOutOfBoundsException/test.desc
@@ -0,0 +1,9 @@
+CORE
+ArrayIndexOutOfBoundsExceptionTest.class
+--java-throw-runtime-exceptions
+^EXIT=10$
+^SIGNAL=0$
+^.*assertion at file ArrayIndexOutOfBoundsExceptionTest.java line 9 function.*: FAILURE$
+^VERIFICATION FAILED$
+--
+^warning: ignoring
diff --git a/regression/cbmc-java/ClassCastException1/A.class b/regression/cbmc-java/ClassCastException1/A.class
new file mode 100644
index 0000000000000000000000000000000000000000..3618c09b4ef59667a868d72a16f83c799dc86ff5
GIT binary patch
literal 265
zcmXX=yKcfj5S#@+2$+{!nv@9zZqfxIAuC8o7Aa!UpPf^3$gv~ef%q*dq!fGr9~H3&
z6uUb!JNr2Q|D6E5AZ(+FzK?;AA%PUflHg5MsmzSfe0p9JoVfawgnpt*x!V3@vQ9--
zuo5O!E{e6NmF0KQG2cq_Xfl5#v_GnCoy&!?_EB62tz)6h+dh}SMpb1hwV7<hP6Y7a
z^YuAlV0l!C@+*4JHZnJOM1$W1h{J(<M?Anvi&@0g_T2FibYRfH1846l@)L}Mn*kk0
Kc2W20>RkZP`Y-nY

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/ClassCastException1/B.class b/regression/cbmc-java/ClassCastException1/B.class
new file mode 100644
index 0000000000000000000000000000000000000000..e9257dc442776837ad9e9e3e5f111a6f8a1718aa
GIT binary patch
literal 265
zcmXYrziz@n48}i0NNCERl(kDo+JP)=AO<3kDn;!8V!xy(dQqC7+<|y4CZrBL01t)m
zwHa*xzR&iZueaX|fH4L>n&^87JUkI7<9H{yQ&lK4BQ%Gv8-f#+Uy{&|RUtq2KZ&f?
zBFWhq#APb-ji{8>wdt5|rFk`;PYC|1+*hewDm(rh<wEO7XtOw`a%WUotfe-iOdLc9
zE<FByP6(_Hb5U%=&m@zn!3!FECO{kxS~c+kJ8f1WSKDj7ok1st1|B%O|0aCqPR)-@
K_Mz_IRPPScaxeY>

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/ClassCastException1/ClassCastExceptionTest.class b/regression/cbmc-java/ClassCastException1/ClassCastExceptionTest.class
new file mode 100644
index 0000000000000000000000000000000000000000..de62bd5ca58363ea34481a67386f6eb76a94ba00
GIT binary patch
literal 976
zcmZuvU2hUW6g{)Mu&^xhr4-v*t+q(17C)*lZH%V2Nt3N6(vY-1Ez1O_!qV(627if3
z|A5ccL=s7?&;BUmodsDNeAt<}bMHOp+_UrR_xB$FHu2Oz8f6`K4JfGSSkqB85R+Hy
zNu+R3$9)4y8E+V<;en2a422cj_qi8{p6kC9zTNEb76UtGh;Iv51kV`M%36a#+v&A9
zL&g#=f7S0cxpydw8S+-ou{#ah6EdD$YQa0<GnA~I4&m?Eey}@m_^G5h<bJS4cwJk#
z48_V@>%{(G*E+V_uGIrixa}>;#|9EQO1*BLa7Q+>kCzjZ9@5DN4#UzvJ+tJJ*!J2a
zt?(aShIBo!o%aX!X*dTt$B@`|Iuj?1dav&}d{4-^7iQ7rXd6<pi7avqxk&!L8}K&w
zWa1G+HcE`;Gt5U<Z~AT^x_s&w!(x=2Wi@dH8S*-+dGYs`?s{I&Ba>&Fq*NV`O?o&_
zF6kNjOg2^a<!{JDs38b}wYV=l-kOq-WkH`DrFU|SWqN68dXFqylCtQeg7A@}HBV8E
zc1C-wIs`kXgMtFB@$i!2DxJ-70j{A)Q4(_~(T!~WL|`iI<q?!4bqLj3{|W72gxJv#
z@eAt<5@$$_kfhMKI1h1(grZZIWSJ)(KqJf;iHlPvLFh@W5~pOYhPgDZQzfH{1QxJJ
z3g_s214|)Z88>l@YM1HLp)_>dmW6kw6K;lOKrWy92J;NM_8FS`6^YqtB}NR2`CNLk
ILV<$SKh!SLn*aa+

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/ClassCastException1/ClassCastExceptionTest.java b/regression/cbmc-java/ClassCastException1/ClassCastExceptionTest.java
new file mode 100644
index 00000000000..bb7eacd1647
--- /dev/null
+++ b/regression/cbmc-java/ClassCastException1/ClassCastExceptionTest.java
@@ -0,0 +1,13 @@
+public class ClassCastExceptionTest {
+  public static void main(String args[]) {
+      try {
+          Object x = new Integer(0);
+          String y = (String)x;
+          throw new RuntimeException();
+      }
+      catch (ClassCastException exc) {
+          assert false;
+      }
+    
+  }
+}
diff --git a/regression/cbmc-java/ClassCastException1/test.desc b/regression/cbmc-java/ClassCastException1/test.desc
new file mode 100644
index 00000000000..983d5f730d8
--- /dev/null
+++ b/regression/cbmc-java/ClassCastException1/test.desc
@@ -0,0 +1,9 @@
+CORE
+ClassCastExceptionTest.class
+--java-throw-runtime-exceptions
+^EXIT=10$
+^SIGNAL=0$
+^.*assertion at file ClassCastExceptionTest.java line 9 function.*: FAILURE$
+^VERIFICATION FAILED$
+--
+^warning: ignoring
diff --git a/regression/cbmc-java/ClassCastException2/A.class b/regression/cbmc-java/ClassCastException2/A.class
new file mode 100644
index 0000000000000000000000000000000000000000..5400c088442da1dc2e18fb898c5fdd4ef64a7bf7
GIT binary patch
literal 249
zcmXYry>7xl5QJyJKVTe;($b^^3f!a%LP8c)R#F7fpPdt&W$egzM!Z(4NGW&#9x7sw
zWToAm`7|r-_4nrj;2EO;T|D?0`iKbLLRHEv3EjzbM{tt*LlUA?Rr0kxX0q9etYq?-
z*10HmqEXiWL&qGH=F@cbLI~dLw#ns2+4wjqh1QACW_`}(r%`pamD<b;aS|aMxCB}e
zM%KrrsP^$&R><7o2_1gV7IAZsx5p~xZHYVk27R&Uz~|}RA)&`Q{0pFufE{6QPlY#<
CC@&cR

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/ClassCastException2/B.class b/regression/cbmc-java/ClassCastException2/B.class
new file mode 100644
index 0000000000000000000000000000000000000000..57c02bfbefd2cf121d19be5c3ccef41f58cc1bbd
GIT binary patch
literal 234
zcmXX=O%K6P5S-O&srrbkiz5zP+=zsRQ{zJ1pL&TW)k@zZ{+5%(!4L4G#1@;(&g|@L
zvak2!31EnZ2MbjfH5YY)GggT*6N1(0ZU}ae?j)feszff&$F0oPVjHv54AV%&8<DAe
z{+qVhE6u0jY((%@={bw!Lgn#R5DTpXq0Rgn$&*oOvX<KP58@(x*eDWc#+agw0{@d2
mF?hr5uo^JuPO*0f-B=Xha(BL_g%WH37eE;vPlU=h<$nM>Tq#xn

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/ClassCastException2/C.class b/regression/cbmc-java/ClassCastException2/C.class
new file mode 100644
index 0000000000000000000000000000000000000000..3bff3313aa1ec28b55e0f9d2a44817e36a272510
GIT binary patch
literal 234
zcmXX=Jr4m<5S-=Qan47y8YK!E9Z`6px@d_0IWO_#+{wL1{4JG4;RpCpVh@|l&g|@L
zvak2!31Eb#k0NRw>K+;dccK$*r-Wj+w;?zp-6=vN)QMW2k6V?k<u+!g6{eAlH!{=t
z{5KuD*M?6+F(&w{^qfU%q4RiK#L^fcjh$a3b+S55*2>tyL0)742PFat#ta=4_@BIp
k!5e0m)sQ)NO8q<N#-ad^yZbXyW*z)>1wK!N>Ngd906fnrTL1t6

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/ClassCastException2/ClassCastExceptionTest.class b/regression/cbmc-java/ClassCastException2/ClassCastExceptionTest.class
new file mode 100644
index 0000000000000000000000000000000000000000..503940e149abffa0c54dee4e007c706110245670
GIT binary patch
literal 902
zcmZuv%Wl&^6g}fSoH$OK2MwVug+c;p3Js6!S|Qp{RxU`SRHCdLXB1o#r?MT?FJaLi
zU|o=?L?p_Zk3yU=B|!=cd+xn+?m71{KYxAu4xovqfh_LmxNAUDXHCbNfrK*aX=Jdj
z<DP-E^6wkiKtsm^fnvoD0_lhD&<mcqf!*oLu7EfcNN%~F8$J<;)z%IK;;ms<3d~!s
zCtr*P9qI2Yut32YI(GlS_Fd&)2IJv7HxMXWtv>l%b`b8KIPzG@?8_kBB;UYxJ%Li~
zt#xF7up52b>owY;?|QvWr6(LJTiZm6j<R-W#pDU2EB_?S(kp7)?@_$?A7+7UJG7nm
zd-icuDQ6>)+H(4ry&CP|$amy(S9P{D%dU#wQ1zO~A<x=c{B{Hur#-wHd7(RylYRx3
zr<b#gCgw2DNlh`^e;2ar`$L~2noUw==y+)25grTVrnxUWN74zorfDe3CQDZat}nY2
zcFrLjaZFtAAy)Z7vV2A&S621Vih;z)^IxFX;3;?}>gNz=G&B_XPewr<S7@7m09ZhY
zUK&?XW<(`_Bs#{kI)?V<oV#5Af%x7S2|CFO>oZcP$c&MuYh0W~Gz+BBnWRJ(DFYZt
zMK#XxCP#@pDwI{ib;Nm>#Wf<iU)oDpreukoT*pepSH%t7BzBdb4(+v$TXO{7o;28u
iU_ic*`3mzCdi)dOu`fu?Hmf)i(9EZ5Bo#Uus=op15V>vu

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/ClassCastException2/ClassCastExceptionTest.java b/regression/cbmc-java/ClassCastException2/ClassCastExceptionTest.java
new file mode 100644
index 00000000000..d8979415dbc
--- /dev/null
+++ b/regression/cbmc-java/ClassCastException2/ClassCastExceptionTest.java
@@ -0,0 +1,21 @@
+class A {}
+
+class B extends A {}
+
+class C extends B {}
+
+public class ClassCastExceptionTest {
+  public static void main(String args[]) {
+      try {
+          A c = new C();
+          B b = (B)c;
+          // TODO: an explicit throw is currently needed in order
+          // for CBMC to convert the exception handler
+          throw new RuntimeException();
+      }
+      catch (ClassCastException exc) {
+          assert false;
+      }
+    
+  }
+}
diff --git a/regression/cbmc-java/ClassCastException2/test.desc b/regression/cbmc-java/ClassCastException2/test.desc
new file mode 100644
index 00000000000..c593280efe5
--- /dev/null
+++ b/regression/cbmc-java/ClassCastException2/test.desc
@@ -0,0 +1,8 @@
+CORE
+ClassCastExceptionTest.class
+--java-throw-runtime-exceptions
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION SUCCESSFUL$
+--
+^warning: ignoring
diff --git a/regression/cbmc-java/NullPointerException2/A.class b/regression/cbmc-java/NullPointerException2/A.class
new file mode 100644
index 0000000000000000000000000000000000000000..19526643bf25706bad6f178a660ab3f724c8920b
GIT binary patch
literal 247
zcmXX=%MQU%5Iv*SQjg*bEV0my9g#E=iKJmc>~HIaE7c}d{>w^Y;RAe>m|I=U%sFSy
zJU-vo8^8oT2L@al9UEN&DUKDvnyEzPbAmA#?g{21JxGEZs6?)Bmr!Oq5yq_af;1BG
zUSvx1QZ)0Ey7Fk?PYKR8y=9SHDs8Xt<TW3k#a%RE!RA{&p`*DMi{$8S!n2HW^ikob
q0OBxFEfEi}Qe)<E)xGNI33@Q7pw8JUL<0`v=HGw@BfY3qxY|GLz$mu>

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/NullPointerException2/B.class b/regression/cbmc-java/NullPointerException2/B.class
new file mode 100644
index 0000000000000000000000000000000000000000..f29cbafef50e97fe2936695afa091c7f9c847cd4
GIT binary patch
literal 241
zcmXX=Jx_!{5Pid^a45#o%2F+k#!h2_(TZ5y5&8u;x)<2Jz+(JcRwfqy0DqKm7M*0~
zedN7lzJETy09@fXg^$A+M=^3jbfdJgw*>$Eq9Fu#=1CIrN@@8x53L+)(e~_|RHhSs
zBSz))zZuvUHF32nuL<ea%ws1Xl#3^|oa}lhUPXogA%RN5snbO-^mDP9wN-<>f9vGl
tDx+}*kKb}byj)?7m=%o92`@iD?@T<ze51uA95B!R0!WauBCM8F_6z9_EFS;>

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/NullPointerException2/Test.class b/regression/cbmc-java/NullPointerException2/Test.class
new file mode 100644
index 0000000000000000000000000000000000000000..2644933a3a0cc875e9ea948ff2ebbc00121649f5
GIT binary patch
literal 825
zcmZuuT~8B16g{)scKWf<(kfPzTD58crGC^Wh_NChCJUOBkcdy)?F0vxE!o`~eut0z
z0iV$*i6rvwk5bPdSQFV~XXf5}?z!jQ`{U=g?*Q6(oJRqT9B$#Z#GO2BG$fii<S-*K
zn};;^Tpo9EPhwu6((vL~MTs7S@pBz}y+HK^#HK)IQHMHtB49UXHUv^jgT4|dx;j*A
z!=0Xr)(u#o><)Y{*zh84>{Dkdd8=b`xa%rT7MQ)`=}=&@`NrM$-g~XU3%6R`B+}v5
zf?>DSo-a`UC%85Yf>#3_CMsIq^VP0VXo$RMi^P?4cqrQ=liML|tebfLyH#)ZM32Oj
zM2m9}$S(T9X<zy7U>NyoMVl^iM(DiJ=3pE}!X4bl19CnSsEstAC(D6@F@fp`)j6B#
zauf|Bsy6Hr4;?&0Tc9*TzU*x)KVg{;f6e~|XFLio1zZp3)>pBPRR1q8+e?NFa5tN{
z&g~YseNn0!C4AWsrVE}WS}op!cY5{^;(!ke6Ff5~PKh$#&L03OxIin1i<qRxB!3{<
z=6y}LbM_ZlN3dTXB6Ym_37LHqjv#4fj}Hj9Sh0vS;f8*S1q_u%ZIT6wR8-<wW7L$a
z6IY_|5~{?o04_7fh?~Y0TqWN$tqQDPOtK_uk`N(LA4irgpEcJe(0mi++*joHAyXfb
XvOgp9f1`#k4a<3I#&Ls&g`2+t(wv!U

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/NullPointerException2/Test.java b/regression/cbmc-java/NullPointerException2/Test.java
new file mode 100644
index 00000000000..cf04d9edefb
--- /dev/null
+++ b/regression/cbmc-java/NullPointerException2/Test.java
@@ -0,0 +1,20 @@
+class B extends RuntimeException {}
+
+class A {
+    int i;
+}
+
+public class Test {
+    public static void main(String args[]) {
+        A a=null;
+        try {
+            a.i=0;
+            // TODO: an explicit throw is currently needed in order
+            // for CBMC to convert the exception handler
+            throw new B();
+        }
+        catch (NullPointerException exc) {
+            assert false;
+        }
+    }
+}
diff --git a/regression/cbmc-java/NullPointerException2/test.desc b/regression/cbmc-java/NullPointerException2/test.desc
new file mode 100644
index 00000000000..79cac6a9e9b
--- /dev/null
+++ b/regression/cbmc-java/NullPointerException2/test.desc
@@ -0,0 +1,9 @@
+CORE
+Test.class
+--java-throw-runtime-exceptions
+^EXIT=10$
+^SIGNAL=0$
+^.*assertion at file Test.java line 15 function.*: FAILURE$
+^VERIFICATION FAILED$
+--
+^warning: ignoring
diff --git a/regression/cbmc-java/NullPointerException3/A.class b/regression/cbmc-java/NullPointerException3/A.class
new file mode 100644
index 0000000000000000000000000000000000000000..19526643bf25706bad6f178a660ab3f724c8920b
GIT binary patch
literal 247
zcmXX=%MQU%5Iv*SQjg*bEV0my9g#E=iKJmc>~HIaE7c}d{>w^Y;RAe>m|I=U%sFSy
zJU-vo8^8oT2L@al9UEN&DUKDvnyEzPbAmA#?g{21JxGEZs6?)Bmr!Oq5yq_af;1BG
zUSvx1QZ)0Ey7Fk?PYKR8y=9SHDs8Xt<TW3k#a%RE!RA{&p`*DMi{$8S!n2HW^ikob
q0OBxFEfEi}Qe)<E)xGNI33@Q7pw8JUL<0`v=HGw@BfY3qxY|GLz$mu>

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/NullPointerException3/B.class b/regression/cbmc-java/NullPointerException3/B.class
new file mode 100644
index 0000000000000000000000000000000000000000..f29cbafef50e97fe2936695afa091c7f9c847cd4
GIT binary patch
literal 241
zcmXX=Jx_!{5Pid^a45#o%2F+k#!h2_(TZ5y5&8u;x)<2Jz+(JcRwfqy0DqKm7M*0~
zedN7lzJETy09@fXg^$A+M=^3jbfdJgw*>$Eq9Fu#=1CIrN@@8x53L+)(e~_|RHhSs
zBSz))zZuvUHF32nuL<ea%ws1Xl#3^|oa}lhUPXogA%RN5snbO-^mDP9wN-<>f9vGl
tDx+}*kKb}byj)?7m=%o92`@iD?@T<ze51uA95B!R0!WauBCM8F_6z9_EFS;>

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/NullPointerException3/Test.class b/regression/cbmc-java/NullPointerException3/Test.class
new file mode 100644
index 0000000000000000000000000000000000000000..cd8ba9d445765df26cec3cd8ac74d3e3317cd1b5
GIT binary patch
literal 835
zcmZuuT~8B16g{*3n0C9+(kfO(Kt(J?sUP(TG**PfWI>Y>67gxfoz%f)OLn)0-$H!%
z88wnfBJchv^$egjk#0J7?wxbbJ@?)pKfiqk(8MDf1<dAg8#ReJ8!606)bq$=UgC}o
zY5co37SNEmCs3L3;#ftA?uYSn9ebTXbp^zhKz2!oI(Z_Hs?BW*q?h|$B~WyAsMZHN
z9TjaDut3@E`(Ci=McVjh!F2Lg$K-G~RGcg_d&kqEz<BMAyY0RA8i5z~8to*~VQ<l}
z3(fxv)>3=E!1O<$^+6E4>gzC3(aN5$c8yX)=tVsisGP$`CXY;Ri?ES);`#5^yxkLB
z5)%^lIS+x{k{_J)XSe%<$XBb{bdxuN7mP*+qbL&Y;1a6jd?qkC)P9~U2M$IAszX%k
z&umwss2@?aVV8K|;31j<r6KZVXIuFR%d|M-VR$*<dN{YPigl#AfBD!}GT;MuvxV#2
zZh_kurK(ZDTMELc=UJlHpcS;4`XR&tFBZmlW>10=W!{}r04lgZFOQ2DXT&6bAUZ`m
zCEWQhupS>F_4*L$<F!x7?xS!7NjG<VK)A(<MPvv!^jBEGP+8O_S)fQoC7zRfH6`mv
zGoCZkC8osJ%gnJ%DO|+_t%Ym+CdoWSuLA2A(=CZ<$(Du0jZvoGWb9OFlh*vk%K5Lb
c_aW0CkxqR^_Wza*Uj~-*)C^{Zj)hyl0dxwQ1ONa4

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/NullPointerException3/Test.java b/regression/cbmc-java/NullPointerException3/Test.java
new file mode 100644
index 00000000000..35df442dd61
--- /dev/null
+++ b/regression/cbmc-java/NullPointerException3/Test.java
@@ -0,0 +1,20 @@
+class B extends RuntimeException {}
+
+class A {
+    int i;
+}
+
+public class Test {
+    public static void main(String args[]) {
+        A a=null;
+        try {
+            int i=a.i;
+            // TODO: an explicit throw is currently needed in order
+            // for CBMC to convert the exception handler
+            throw new B();
+        }
+        catch (NullPointerException exc) {
+            assert false;
+        }
+    }
+}
diff --git a/regression/cbmc-java/NullPointerException3/test.desc b/regression/cbmc-java/NullPointerException3/test.desc
new file mode 100644
index 00000000000..79cac6a9e9b
--- /dev/null
+++ b/regression/cbmc-java/NullPointerException3/test.desc
@@ -0,0 +1,9 @@
+CORE
+Test.class
+--java-throw-runtime-exceptions
+^EXIT=10$
+^SIGNAL=0$
+^.*assertion at file Test.java line 15 function.*: FAILURE$
+^VERIFICATION FAILED$
+--
+^warning: ignoring

From 961c0a35f6b26f3f8f44d51a4e9242824014b42b Mon Sep 17 00:00:00 2001
From: Cristina <cristina.david@gmail.com>
Date: Mon, 12 Jun 2017 10:34:37 +0100
Subject: [PATCH 374/699] Refactoring the runtime exception instrumentation out
 of java_bytecode_convert

Now the instrumentation for runtime exceptions is added in an independent pass (as described in java_bytecode_instrument.cpp), between the bytecode conversion and typechecking.
---
 .../ArrayIndexOutOfBoundsExceptionTest.class  | Bin
 .../ArrayIndexOutOfBoundsExceptionTest.java   |   0
 .../test.desc                                 |   0
 src/cbmc/cbmc_parse_options.cpp               |   1 +
 src/cbmc/cbmc_parse_options.h                 |   1 +
 src/java_bytecode/Makefile                    |   1 +
 .../java_bytecode_convert_method.cpp          | 102 +---
 .../java_bytecode_convert_method_class.h      |   5 -
 .../java_bytecode_instrument.cpp              | 528 ++++++++++++++++++
 src/java_bytecode/java_bytecode_instrument.h  |  19 +
 src/java_bytecode/java_bytecode_language.cpp  |   8 +
 src/java_bytecode/java_bytecode_language.h    |   1 +
 src/util/irep_ids.def                         |   2 +
 13 files changed, 577 insertions(+), 91 deletions(-)
 rename regression/cbmc-java/{ArrayIndexOutOfBoundsException => ArrayIndexOutOfBoundsException1}/ArrayIndexOutOfBoundsExceptionTest.class (100%)
 rename regression/cbmc-java/{ArrayIndexOutOfBoundsException => ArrayIndexOutOfBoundsException1}/ArrayIndexOutOfBoundsExceptionTest.java (100%)
 rename regression/cbmc-java/{ArrayIndexOutOfBoundsException => ArrayIndexOutOfBoundsException1}/test.desc (100%)
 create mode 100644 src/java_bytecode/java_bytecode_instrument.cpp
 create mode 100644 src/java_bytecode/java_bytecode_instrument.h

diff --git a/regression/cbmc-java/ArrayIndexOutOfBoundsException/ArrayIndexOutOfBoundsExceptionTest.class b/regression/cbmc-java/ArrayIndexOutOfBoundsException1/ArrayIndexOutOfBoundsExceptionTest.class
similarity index 100%
rename from regression/cbmc-java/ArrayIndexOutOfBoundsException/ArrayIndexOutOfBoundsExceptionTest.class
rename to regression/cbmc-java/ArrayIndexOutOfBoundsException1/ArrayIndexOutOfBoundsExceptionTest.class
diff --git a/regression/cbmc-java/ArrayIndexOutOfBoundsException/ArrayIndexOutOfBoundsExceptionTest.java b/regression/cbmc-java/ArrayIndexOutOfBoundsException1/ArrayIndexOutOfBoundsExceptionTest.java
similarity index 100%
rename from regression/cbmc-java/ArrayIndexOutOfBoundsException/ArrayIndexOutOfBoundsExceptionTest.java
rename to regression/cbmc-java/ArrayIndexOutOfBoundsException1/ArrayIndexOutOfBoundsExceptionTest.java
diff --git a/regression/cbmc-java/ArrayIndexOutOfBoundsException/test.desc b/regression/cbmc-java/ArrayIndexOutOfBoundsException1/test.desc
similarity index 100%
rename from regression/cbmc-java/ArrayIndexOutOfBoundsException/test.desc
rename to regression/cbmc-java/ArrayIndexOutOfBoundsException1/test.desc
diff --git a/src/cbmc/cbmc_parse_options.cpp b/src/cbmc/cbmc_parse_options.cpp
index eac3893130d..d1dd4947e17 100644
--- a/src/cbmc/cbmc_parse_options.cpp
+++ b/src/cbmc/cbmc_parse_options.cpp
@@ -1070,6 +1070,7 @@ void cbmc_parse_optionst::help()
     // NOLINTNEXTLINE(whitespace/line_length)
     " --java-max-vla-length        limit the length of user-code-created arrays\n"
     // NOLINTNEXTLINE(whitespace/line_length)
+    " --java-throw-runtime-exceptions Make implicit runtime exceptions explicit"
     " --java-cp-include-files      regexp or JSON list of files to load (with '@' prefix)\n"
     " --java-unwind-enum-static    try to unwind loops in static initialization of enums\n"
     "\n"
diff --git a/src/cbmc/cbmc_parse_options.h b/src/cbmc/cbmc_parse_options.h
index 4f43637234a..145ff8e6e77 100644
--- a/src/cbmc/cbmc_parse_options.h
+++ b/src/cbmc/cbmc_parse_options.h
@@ -65,6 +65,7 @@ class optionst;
   "(graphml-witness):" \
   "(java-max-vla-length):(java-unwind-enum-static)" \
   "(java-cp-include-files):" \
+  "(java-throw-runtime-exceptions)" \
   "(localize-faults)(localize-faults-method):" \
   "(lazy-methods)" \
   "(test-invariant-failure)" \
diff --git a/src/java_bytecode/Makefile b/src/java_bytecode/Makefile
index 0334b20595f..522218dc4f4 100644
--- a/src/java_bytecode/Makefile
+++ b/src/java_bytecode/Makefile
@@ -16,6 +16,7 @@ SRC = bytecode_info.cpp \
       java_class_loader.cpp \
       java_class_loader_limit.cpp \
       java_entry_point.cpp \
+      java_bytecode_instrument.cpp \
       java_local_variable_table.cpp \
       java_object_factory.cpp \
       java_pointer_casts.cpp \
diff --git a/src/java_bytecode/java_bytecode_convert_method.cpp b/src/java_bytecode/java_bytecode_convert_method.cpp
index 14b67ba330f..ef6b1dd1bb3 100644
--- a/src/java_bytecode/java_bytecode_convert_method.cpp
+++ b/src/java_bytecode/java_bytecode_convert_method.cpp
@@ -509,39 +509,14 @@ static member_exprt to_member(const exprt &pointer, const exprt &fieldref)
 
   const dereference_exprt obj_deref(pointer2, class_type);
 
-  return member_exprt(
+  member_exprt member_expr(
     obj_deref,
     fieldref.get(ID_component_name),
     fieldref.type());
-}
 
-codet java_bytecode_convert_methodt::get_array_bounds_check(
-  const exprt &arraystruct,
-  const exprt &idx,
-  const source_locationt &original_sloc)
-{
-  constant_exprt intzero=from_integer(0, java_int_type());
-  binary_relation_exprt gezero(idx, ID_ge, intzero);
-  const member_exprt length_field(arraystruct, "length", java_int_type());
-  binary_relation_exprt ltlength(idx, ID_lt, length_field);
-  code_blockt bounds_checks;
-
-  bounds_checks.add(code_assertt(gezero));
-  bounds_checks.operands().back().add_source_location()=original_sloc;
-  bounds_checks.operands().back().add_source_location()
-    .set_comment("Array index < 0");
-  bounds_checks.operands().back().add_source_location()
-    .set_property_class("array-index-out-of-bounds-low");
-  bounds_checks.add(code_assertt(ltlength));
-
-  bounds_checks.operands().back().add_source_location()=original_sloc;
-  bounds_checks.operands().back().add_source_location()
-    .set_comment("Array index >= length");
-  bounds_checks.operands().back().add_source_location()
-    .set_property_class("array-index-out-of-bounds-high");
-
-  // TODO make this throw ArrayIndexOutOfBoundsException instead of asserting.
-  return bounds_checks;
+  // tag it so it's easy to identify during instrumentation
+  member_expr.set(ID_java_member_access, true);
+  return member_expr;
 }
 
 /// Find all goto statements in 'repl' that target 'old_label' and redirect them
@@ -1256,50 +1231,26 @@ codet java_bytecode_convert_methodt::convert_instructions(
     else if(statement=="athrow")
     {
       assert(op.size()==1 && results.size()==1);
-      code_blockt block;
-      // TODO throw NullPointerException instead
-      const typecast_exprt lhs(op[0], pointer_typet(empty_typet()));
-      const exprt rhs(null_pointer_exprt(to_pointer_type(lhs.type())));
-      const exprt not_equal_null(
-        binary_relation_exprt(lhs, ID_notequal, rhs));
-      code_assertt check(not_equal_null);
-      check.add_source_location()
-        .set_comment("Throw null");
-      check.add_source_location()
-        .set_property_class("null-pointer-exception");
-      block.move_to_operands(check);
 
       side_effect_expr_throwt throw_expr;
       throw_expr.add_source_location()=i_it->source_location;
       throw_expr.copy_to_operands(op[0]);
       c=code_expressiont(throw_expr);
       results[0]=op[0];
-
-      block.move_to_operands(c);
-      c=block;
     }
     else if(statement=="checkcast")
     {
       // checkcast throws an exception in case a cast of object
       // on stack to given type fails.
       // The stack isn't modified.
-      // TODO: convert assertions to exceptions.
       assert(op.size()==1 && results.size()==1);
       binary_predicate_exprt check(op[0], ID_java_instanceof, arg0);
       code_assertt assert_class(check);
       assert_class.add_source_location().set_comment("Dynamic cast check");
       assert_class.add_source_location().set_property_class("bad-dynamic-cast");
-      // checkcast passes when the operand is null.
-      empty_typet voidt;
-      pointer_typet voidptr(voidt);
-      exprt null_check_op=op[0];
-      if(null_check_op.type()!=voidptr)
-        null_check_op.make_typecast(voidptr);
-      code_ifthenelset conditional_check;
-      notequal_exprt op_not_null(null_check_op, null_pointer_exprt(voidptr));
-      conditional_check.cond()=std::move(op_not_null);
-      conditional_check.then_case()=std::move(assert_class);
-      c=std::move(conditional_check);
+      // we add this assert such that we can recognise it
+      // during the instrumentation phase
+      c=std::move(assert_class);
       results[0]=op[0];
     }
     else if(statement=="invokedynamic")
@@ -1525,17 +1476,12 @@ codet java_bytecode_convert_methodt::convert_instructions(
         pointer_typet(java_type_from_char(type_char)));
 
       plus_exprt data_plus_offset(data_ptr, op[1], data_ptr.type());
+      // tag it so it's easy to identify during instrumentation
+      data_plus_offset.set(ID_java_array_access, true);
       typet element_type=data_ptr.type().subtype();
       const dereference_exprt element(data_plus_offset, element_type);
 
-      c=code_blockt();
-      codet bounds_check=
-        get_array_bounds_check(deref, op[1], i_it->source_location);
-      bounds_check.add_source_location()=i_it->source_location;
-      c.move_to_operands(bounds_check);
-      code_assignt array_put(element, op[2]);
-      array_put.add_source_location()=i_it->source_location;
-      c.move_to_operands(array_put);
+      c=code_assignt(element, op[2]);
       c.add_source_location()=i_it->source_location;
     }
     else if(statement==patternt("?store"))
@@ -1569,11 +1515,10 @@ codet java_bytecode_convert_methodt::convert_instructions(
         pointer_typet(java_type_from_char(type_char)));
 
       plus_exprt data_plus_offset(data_ptr, op[1], data_ptr.type());
+      // tag it so it's easy to identify during instrumentation
+      data_plus_offset.set(ID_java_array_access, true);
       typet element_type=data_ptr.type().subtype();
       dereference_exprt element(data_plus_offset, element_type);
-
-      c=get_array_bounds_check(deref, op[1], i_it->source_location);
-      c.add_source_location()=i_it->source_location;
       results[0]=java_bytecode_promotion(element);
     }
     else if(statement==patternt("?load"))
@@ -2136,14 +2081,6 @@ codet java_bytecode_convert_methodt::convert_instructions(
         java_new_array.add_source_location()=i_it->source_location;
 
       c=code_blockt();
-      // TODO make this throw NegativeArrayIndexException instead.
-      constant_exprt intzero=from_integer(0, java_int_type());
-      binary_relation_exprt gezero(op[0], ID_ge, intzero);
-      code_assertt check(gezero);
-      check.add_source_location().set_comment("Array size < 0");
-      check.add_source_location()
-        .set_property_class("array-create-negative-size");
-      c.move_to_operands(check);
 
       if(max_array_length!=0)
       {
@@ -2175,15 +2112,7 @@ codet java_bytecode_convert_methodt::convert_instructions(
       if(!i_it->source_location.get_line().empty())
         java_new_array.add_source_location()=i_it->source_location;
 
-      code_blockt checkandcreate;
-      // TODO make this throw NegativeArrayIndexException instead.
-      constant_exprt intzero=from_integer(0, java_int_type());
-      binary_relation_exprt gezero(op[0], ID_ge, intzero);
-      code_assertt check(gezero);
-      check.add_source_location().set_comment("Array size < 0");
-      check.add_source_location()
-        .set_property_class("array-create-negative-size");
-      checkandcreate.move_to_operands(check);
+      code_blockt create;
 
       if(max_array_length!=0)
       {
@@ -2191,11 +2120,12 @@ codet java_bytecode_convert_methodt::convert_instructions(
           from_integer(max_array_length, java_int_type());
         binary_relation_exprt le_max_size(op[0], ID_le, size_limit);
         code_assumet assume_le_max_size(le_max_size);
-        checkandcreate.move_to_operands(assume_le_max_size);
+        create.move_to_operands(assume_le_max_size);
       }
 
       const exprt tmp=tmp_variable("newarray", ref_type);
-      c=code_assignt(tmp, java_new_array);
+      create.copy_to_operands(code_assignt(tmp, java_new_array));
+      c=std::move(create);
       results[0]=tmp;
     }
     else if(statement=="arraylength")
diff --git a/src/java_bytecode/java_bytecode_convert_method_class.h b/src/java_bytecode/java_bytecode_convert_method_class.h
index f44df98be49..85537034894 100644
--- a/src/java_bytecode/java_bytecode_convert_method_class.h
+++ b/src/java_bytecode/java_bytecode_convert_method_class.h
@@ -123,11 +123,6 @@ class java_bytecode_convert_methodt:public messaget
     INST_INDEX_CONST=3
   };
 
-  codet get_array_bounds_check(
-    const exprt &arraystruct,
-    const exprt &idx,
-    const source_locationt &original_sloc);
-
   // return corresponding reference of variable
   const variablet &find_variable_for_slot(
     size_t address,
diff --git a/src/java_bytecode/java_bytecode_instrument.cpp b/src/java_bytecode/java_bytecode_instrument.cpp
new file mode 100644
index 00000000000..22072d9f823
--- /dev/null
+++ b/src/java_bytecode/java_bytecode_instrument.cpp
@@ -0,0 +1,528 @@
+/*******************************************************************\
+
+Module: Instrument codet with assertions/runtime exceptions
+
+Author: Cristina David
+
+Date:   June 2017
+
+\*******************************************************************/
+
+#include <util/arith_tools.h>
+#include <util/std_code.h>
+#include <util/std_expr.h>
+#include <util/symbol_table.h>
+
+#include <goto-programs/goto_functions.h>
+
+#include "java_bytecode_instrument.h"
+#include "java_entry_point.h"
+#include "java_object_factory.h"
+#include "java_root_class.h"
+#include "java_types.h"
+
+class java_bytecode_instrumentt
+{
+public:
+  java_bytecode_instrumentt(
+    symbol_tablet &_symbol_table,
+    const bool _throw_runtime_exceptions,
+    const size_t _max_array_length):
+    symbol_table(_symbol_table),
+    throw_runtime_exceptions(_throw_runtime_exceptions),
+    max_array_length(_max_array_length)
+    {
+    }
+
+  void operator()(exprt &expr);
+
+protected:
+  symbol_tablet &symbol_table;
+  bool throw_runtime_exceptions;
+  size_t max_array_length;
+
+  codet throw_exception(
+    const exprt &cond,
+    const source_locationt &original_loc,
+    const irep_idt &exc_name);
+
+  codet check_array_access(
+    const exprt &array_struct,
+    const exprt &idx,
+    const source_locationt &original_loc);
+
+  codet check_null_dereference(
+    const exprt &expr,
+    const source_locationt &original_loc,
+    const bool assertion_enabled);
+
+  codet check_class_cast(
+    const exprt &class1,
+    const exprt &class2,
+    const source_locationt &original_loc);
+
+  codet check_array_length(
+    const exprt &length,
+    const source_locationt &original_loc);
+
+  void instrument_code(exprt &expr);
+  codet instrument_expr(const exprt &expr);
+};
+
+
+/// Creates a class stub for exc_name and generates a
+///  conditional GOTO such that exc_name is thrown when
+///  cond is met.
+/// \par parameters: `cond`: condition to be met in order
+/// to throw an exception
+/// `original_loc`: source location in the original program
+/// `exc_name`: the name of the exception to be thrown
+/// \return Returns the code initialising the throwing the
+/// exception
+codet java_bytecode_instrumentt::throw_exception(
+  const exprt &cond,
+  const source_locationt &original_loc,
+  const irep_idt &exc_name)
+{
+  exprt exc;
+  code_blockt init_code;
+  const irep_idt &exc_obj_name=
+    id2string(goto_functionst::entry_point())+
+    "::"+id2string(exc_name);
+
+  if(!symbol_table.has_symbol(exc_obj_name))
+  {
+    // for now, create a class stub
+    // TODO: model exceptions and use that model
+    class_typet class_type;
+    class_type.set_tag(exc_name);
+    class_type.set(ID_base_name, exc_name);
+    class_type.set(ID_incomplete_class, true);
+
+    // produce class symbol
+    symbolt exc_symbol;
+    exc_symbol.base_name=exc_name;
+    exc_symbol.pretty_name=exc_name;
+    exc_symbol.name="java::"+id2string(exc_name);
+    class_type.set(ID_name, exc_symbol.name);
+    exc_symbol.type=class_type;
+    exc_symbol.mode=ID_java;
+    exc_symbol.is_type=true;
+    symbol_table.add(exc_symbol);
+    // create the class identifier
+    java_root_class(exc_symbol);
+
+    // create the exception object
+    exc=object_factory(
+      pointer_typet(exc_symbol.type),
+      exc_name,
+      init_code,
+      false,
+      symbol_table,
+      max_array_length,
+      original_loc);
+  }
+  else
+    exc=symbol_table.lookup(exc_obj_name).symbol_expr();
+
+  side_effect_expr_throwt throw_expr;
+  throw_expr.add_source_location()=original_loc;
+  throw_expr.move_to_operands(exc);
+
+  code_ifthenelset if_code;
+  if_code.add_source_location()=original_loc;
+  if_code.cond()=cond;
+  if_code.then_case()=code_expressiont(throw_expr);
+
+  init_code.move_to_operands(if_code);
+
+  return init_code;
+}
+
+/// Checks whether the array access array_struct[idx] is out-of-bounds,
+/// and throws ArrayIndexOutofBoundsException/generates an assertion
+/// if necessary; Exceptions are thrown when the `throw_runtime_exceptions`
+/// flag is set. Otherwise, assertions are emitted.
+/// \par parameters: `array_struct`: the array being accessed
+/// `idx`: index into the array
+/// `original_loc: source location in the original code
+/// \return Based on the value of the flag `throw_runtime_exceptions`,
+/// it returns code that either throws an ArrayIndexOutPfBoundsException
+/// or emits an assertion checking the array access
+codet java_bytecode_instrumentt::check_array_access(
+  const exprt &array_struct,
+  const exprt &idx,
+  const source_locationt &original_loc)
+{
+  const constant_exprt &zero=from_integer(0, java_int_type());
+  const binary_relation_exprt ge_zero(idx, ID_ge, zero);
+  const member_exprt length_field(array_struct, "length", java_int_type());
+  const binary_relation_exprt lt_length(idx, ID_lt, length_field);
+  const and_exprt cond(ge_zero, lt_length);
+
+  if(throw_runtime_exceptions)
+    return throw_exception(
+      not_exprt(cond),
+      original_loc,
+      "java.lang.ArrayIndexOutOfBoundsException");
+
+  code_blockt bounds_checks;
+  bounds_checks.add(code_assertt(ge_zero));
+  bounds_checks.operands().back().add_source_location()=original_loc;
+  bounds_checks.operands().back().add_source_location()
+    .set_comment("Array index should be >= 0");
+  bounds_checks.operands().back().add_source_location()
+    .set_property_class("array-index-out-of-bounds-low");
+
+  bounds_checks.add(code_assertt(lt_length));
+  bounds_checks.operands().back().add_source_location()=original_loc;
+  bounds_checks.operands().back().add_source_location()
+    .set_comment("Array index should be < length");
+  bounds_checks.operands().back().add_source_location()
+    .set_property_class("array-index-out-of-bounds-high");
+
+  return bounds_checks;
+}
+
+/// Checks whether `class1` is an instance of `class2` and throws
+/// ClassCastException/generates an assertion when necessary;
+/// Exceptions are thrown when the `throw_runtime_exceptions` flag is set.
+/// Otherwise, assertions are emitted.
+/// \par parameters: `class1`: the subclass
+/// `class2`: the super class
+/// `original_loc: source location in the original code
+/// \return Based on the value of the flag `throw_runtime_exceptions`,
+/// it returns code that either throws an ClassCastException or emits an
+/// assertion checking the subtype relation
+codet java_bytecode_instrumentt::check_class_cast(
+  const exprt &class1,
+  const exprt &class2,
+  const source_locationt &original_loc)
+{
+  binary_predicate_exprt class_cast_check(
+    class1, ID_java_instanceof, class2);
+
+  empty_typet voidt;
+  pointer_typet voidptr(voidt);
+  exprt null_check_op=class1;
+  if(null_check_op.type()!=voidptr)
+    null_check_op.make_typecast(voidptr);
+  notequal_exprt op_not_null(null_check_op, null_pointer_exprt(voidptr));
+
+  // checkcast passes when the operand is null
+  and_exprt and_expr(op_not_null, not_exprt(class_cast_check));
+
+  if(throw_runtime_exceptions)
+    return throw_exception(
+      and_expr,
+      original_loc,
+      "ClassCastException");
+
+  code_assertt assert_class(class_cast_check);
+  assert_class.add_source_location().
+    set_comment("Dynamic cast check");
+  assert_class.add_source_location().
+    set_property_class("bad-dynamic-cast");
+
+  code_ifthenelset conditional_check;
+  conditional_check.cond()=std::move(op_not_null);
+  conditional_check.then_case()=std::move(assert_class);
+  return conditional_check;
+}
+
+/// Checks whether `expr` is null and throws NullPointerException/
+/// generates an assertion when necessary;
+/// Exceptions are thrown when the `throw_runtime_exceptions` flag is set.
+/// Otherwise, assertions are emitted.
+/// \par parameters: `expr`: the checked expression
+/// `original_loc: source location in the original code
+/// \return Based on the value of the flag `throw_runtime_exceptions`,
+/// it returns code that either throws an NullPointerException or emits an
+/// assertion checking the subtype relation
+codet java_bytecode_instrumentt::check_null_dereference(
+  const exprt &expr,
+  const source_locationt &original_loc,
+  const bool assertion_enabled)
+{
+  exprt local_expr=expr;
+  empty_typet voidt;
+  pointer_typet voidptr(voidt);
+
+  if(local_expr.type()!=voidptr)
+    local_expr.make_typecast(voidptr);
+
+  const equal_exprt equal_expr(
+    local_expr,
+    null_pointer_exprt(voidptr));
+
+  if(throw_runtime_exceptions)
+    return throw_exception(
+      equal_expr,
+      original_loc, "java.lang.NullPointerException");
+
+  if(assertion_enabled)
+  {
+    code_assertt check((not_exprt(equal_expr)));
+    check.add_source_location()
+      .set_comment("Throw null");
+    check.add_source_location()
+      .set_property_class("null-pointer-exception");
+    return check;
+  }
+
+  return code_skipt();
+}
+
+/// Checks whether `length`>=0 and throws NegativeArraySizeException/
+/// generates an assertion when necessary;
+/// Exceptions are thrown when the `throw_runtime_exceptions` flag is set.
+/// Otherwise, assertions are emitted.
+/// \par parameters: `length`: the checked length
+/// `original_loc: source location in the original code
+/// \return Based on the value of the flag `throw_runtime_exceptions`,
+/// it returns code that either throws an NegativeArraySizeException
+/// or emits an assertion checking the subtype relation
+codet java_bytecode_instrumentt::check_array_length(
+  const exprt &length,
+  const source_locationt &original_loc)
+{
+  const constant_exprt &zero=from_integer(0, java_int_type());
+  const binary_relation_exprt ge_zero(length, ID_ge, zero);
+
+  if(throw_runtime_exceptions)
+    return throw_exception(
+      not_exprt(ge_zero),
+      original_loc,
+      "java.lang.NegativeArraySizeException");
+
+  code_assertt check(ge_zero);
+  check.add_source_location().set_comment("Array size should be >= 0");
+  check.add_source_location()
+    .set_property_class("array-create-negative-size");
+  return check;
+}
+
+/// Augments `expr` with instrumentation in the form of either
+/// assertions or runtime exceptions
+/// \par parameters: `expr`: the expression to be instrumented
+void java_bytecode_instrumentt::instrument_code(exprt &expr)
+{
+  codet &code=to_code(expr);
+
+  const irep_idt &statement=code.get_statement();
+
+  if(statement==ID_assign)
+  {
+    code_assignt code_assign=to_code_assign(code);
+
+    code_blockt block;
+    block.copy_to_operands(instrument_expr(code_assign.lhs()));
+    block.copy_to_operands(instrument_expr(code_assign.rhs()));
+    block.copy_to_operands(code_assign);
+
+    code=block;
+  }
+  else if(statement==ID_expression)
+  {
+    code_expressiont code_expression=
+      to_code_expression(code);
+
+    code_blockt block;
+    block.copy_to_operands(
+      instrument_expr(code_expression.expression()));
+    block.copy_to_operands(code_expression);
+    code=block;
+  }
+  else if(statement==ID_assert)
+  {
+    code_assertt code_assert=to_code_assert(code);
+
+    // does this correspond to checkcast?
+    if(code_assert.assertion().id()==ID_java_instanceof)
+    {
+      code_blockt block;
+
+      INVARIANT(
+        code_assert.assertion().operands().size()==2,
+        "Instanceof should have 2 operands");
+
+      block.copy_to_operands(
+        check_class_cast(
+          code_assert.assertion().op0(),
+          code_assert.assertion().op1(),
+          code_assert.source_location()));
+      block.copy_to_operands(code_assert);
+      code=block;
+    }
+  }
+  else if(statement==ID_block)
+  {
+    Forall_operands(it, code)
+      instrument_code(to_code(*it));
+  }
+  else if(statement==ID_label)
+  {
+    code_labelt &code_label=to_code_label(code);
+    instrument_code(code_label.code());
+  }
+  else if(statement==ID_ifthenelse)
+  {
+    code_blockt block;
+    code_ifthenelset &code_ifthenelse=to_code_ifthenelse(code);
+    block.copy_to_operands(instrument_expr(code_ifthenelse.cond()));
+    instrument_code(code_ifthenelse.then_case());
+    if(code_ifthenelse.else_case().is_not_nil())
+      instrument_code(code_ifthenelse.else_case());
+    block.copy_to_operands(code);
+    code=block;
+  }
+  else if(statement==ID_switch)
+  {
+    code_blockt block;
+    code_switcht &code_switch=to_code_switch(code);
+    block.copy_to_operands(
+      instrument_expr(code_switch.value()));
+    block.copy_to_operands(
+      instrument_expr(code_switch.body()));
+    block.copy_to_operands(code);
+    code=block;
+  }
+  else if(statement==ID_return)
+  {
+    if(code.operands().size()==1)
+    {
+      code_blockt block;
+      block.copy_to_operands(instrument_expr(code.op0()));
+      block.copy_to_operands(code);
+      code=block;
+    }
+  }
+  else if(statement==ID_function_call)
+  {
+    code_blockt block;
+    code_function_callt &code_function_call=to_code_function_call(code);
+    block.copy_to_operands(instrument_expr(code_function_call.lhs()));
+    block.copy_to_operands(instrument_expr(code_function_call.function()));
+
+    for(code_function_callt::argumentst::iterator
+          a_it=code_function_call.arguments().begin();
+        a_it!=code_function_call.arguments().end();
+        a_it++)
+      block.copy_to_operands(instrument_expr(*a_it));
+
+    block.copy_to_operands(code);
+    code=block;
+  }
+}
+
+/// Computes the instrumentation for `expr` in the form of
+/// either assertions or runtime exceptions.
+/// \par parameters: `expr`: the expression for which we compute
+/// instrumentation
+/// \return: The instrumentation required for `expr`
+codet java_bytecode_instrumentt::instrument_expr(
+  const exprt &expr)
+{
+  if(expr.id()==ID_plus &&
+     expr.get_bool(ID_java_array_access))
+  {
+    // this corresponds to ?aload and ?astore so
+    // we check that 0<=index<array.length
+    const plus_exprt &plus_expr=to_plus_expr(expr);
+    if(plus_expr.op0().id()==ID_member)
+    {
+      const member_exprt &member_expr=to_member_expr(plus_expr.op0());
+      if(member_expr.op0().id()==ID_dereference)
+      {
+        const dereference_exprt &dereference_expr=
+          to_dereference_expr(member_expr.op0());
+        codet bounds_check=
+          check_array_access(
+            dereference_expr,
+            plus_expr.op1(),
+            expr.source_location());
+        return bounds_check;
+      }
+    }
+  }
+  else if(expr.id()==ID_side_effect)
+  {
+    const side_effect_exprt &side_effect_expr=to_side_effect_expr(expr);
+    const irep_idt &statement=side_effect_expr.get_statement();
+    if(statement==ID_throw)
+      // this corresponds to athrow and so we check that
+      // we don't throw null
+      return check_null_dereference(
+        expr.op0(),
+        expr.source_location(),
+        true);
+    else if(statement==ID_java_new_array)
+      // this correpond to new array so we check that
+      // length is >=0
+      return check_array_length(
+        expr.op0(),
+        expr.source_location());
+  }
+  else if(expr.id()==ID_member &&
+          expr.get_bool(ID_java_member_access))
+  {
+    // this corresponds to either getfield or putfield
+    // so we must check null pointer dereference
+    const member_exprt &member_expr=to_member_expr(expr);
+    if(member_expr.op0().id()==ID_dereference)
+    {
+      const dereference_exprt dereference_expr=
+        to_dereference_expr(member_expr.op0());
+      codet null_dereference_check=
+        check_null_dereference(
+          dereference_expr.op0(),
+          dereference_expr.source_location(),
+          false);
+      return null_dereference_check;
+    }
+  }
+
+  if(!expr.has_operands())
+    return code_skipt();
+
+  code_blockt block;
+  forall_operands(it, expr)
+  {
+    block.copy_to_operands(instrument_expr(*it));
+  }
+  return block;
+}
+
+/// Instruments `expr`
+/// \par parameters: `expr`: the expression to be instrumented
+void java_bytecode_instrumentt::operator()(exprt &expr)
+{
+  instrument_code(expr);
+}
+
+/// Instruments all the code in the symbol_table with
+/// runtime exceptions or corresponding assertions.
+/// Exceptions are thrown when the `throw_runtime_exceptions` flag is set.
+/// Otherwise, assertions are emitted.
+/// \par parameters: `symbol_table`: the symbol table to instrument
+/// `throw_runtime_exceptions`: flag determining whether we instrument the code
+/// with runtime exceptions or with assertions. The former applies if this flag
+/// is set to true.
+/// `max_array_length`: maximum array length; the only reason we need this is
+/// in order to be able to call the object factory to create exceptions.
+void java_bytecode_instrument(
+  symbol_tablet &symbol_table,
+  bool throw_runtime_exceptions,
+  size_t max_array_length)
+{
+  java_bytecode_instrumentt instrument(
+    symbol_table,
+    throw_runtime_exceptions,
+    max_array_length);
+
+  Forall_symbols(s_it, symbol_table.symbols)
+  {
+    if(s_it->second.value.id()==ID_code)
+      instrument(s_it->second.value);
+  }
+}
diff --git a/src/java_bytecode/java_bytecode_instrument.h b/src/java_bytecode/java_bytecode_instrument.h
new file mode 100644
index 00000000000..e382da7e7bd
--- /dev/null
+++ b/src/java_bytecode/java_bytecode_instrument.h
@@ -0,0 +1,19 @@
+/*******************************************************************\
+
+Module: Instrument codet with assertions/runtime exceptions
+
+Author: Cristina David
+
+Date:   June 2017
+
+\*******************************************************************/
+
+#ifndef CPROVER_JAVA_BYTECODE_JAVA_BYTECODE_INSTRUMENT_H
+#define CPROVER_JAVA_BYTECODE_JAVA_BYTECODE_INSTRUMENT_H
+
+void java_bytecode_instrument(
+  symbol_tablet &symbol_table,
+  const bool throw_runtime_exceptions,
+  const size_t max_array_length);
+
+#endif
diff --git a/src/java_bytecode/java_bytecode_language.cpp b/src/java_bytecode/java_bytecode_language.cpp
index e024653bef7..3b1c2ba7dcf 100644
--- a/src/java_bytecode/java_bytecode_language.cpp
+++ b/src/java_bytecode/java_bytecode_language.cpp
@@ -22,6 +22,7 @@ Author: Daniel Kroening, kroening@kroening.com
 #include "java_bytecode_convert_class.h"
 #include "java_bytecode_convert_method.h"
 #include "java_bytecode_internal_additions.h"
+#include "java_bytecode_instrument.h"
 #include "java_bytecode_typecheck.h"
 #include "java_entry_point.h"
 #include "java_bytecode_parser.h"
@@ -36,6 +37,7 @@ void java_bytecode_languaget::get_language_options(const cmdlinet &cmd)
 {
   assume_inputs_non_null=cmd.isset("java-assume-inputs-non-null");
   string_refinement_enabled=cmd.isset("refine-strings");
+  throw_runtime_exceptions=cmd.isset("java-throw-runtime-exceptions");
   if(cmd.isset("java-max-input-array-length"))
     max_nondet_array_length=
       std::stoi(cmd.get_value("java-max-input-array-length"));
@@ -438,6 +440,12 @@ bool java_bytecode_languaget::typecheck(
   }
   // Otherwise our caller is in charge of elaborating methods on demand.
 
+  // now instrument runtime exceptions
+  java_bytecode_instrument(
+    symbol_table,
+    throw_runtime_exceptions,
+    max_nondet_array_length);
+
   // now typecheck all
   if(java_bytecode_typecheck(
        symbol_table, get_message_handler(), string_refinement_enabled))
diff --git a/src/java_bytecode/java_bytecode_language.h b/src/java_bytecode/java_bytecode_language.h
index c107ffd0267..d0c9c0ba0f7 100644
--- a/src/java_bytecode/java_bytecode_language.h
+++ b/src/java_bytecode/java_bytecode_language.h
@@ -103,6 +103,7 @@ class java_bytecode_languaget:public languaget
   lazy_methodst lazy_methods;
   lazy_methods_modet lazy_methods_mode;
   bool string_refinement_enabled;
+  bool throw_runtime_exceptions;
   java_string_library_preprocesst string_preprocess;
   std::string java_cp_include_files;
 };
diff --git a/src/util/irep_ids.def b/src/util/irep_ids.def
index 8a22f226fc0..e24d7cd981f 100644
--- a/src/util/irep_ids.def
+++ b/src/util/irep_ids.def
@@ -815,6 +815,8 @@ IREP_ID_ONE(skip_initialize)
 IREP_ID_ONE(basic_block_covered_lines)
 IREP_ID_ONE(is_nondet_nullable)
 IREP_ID_ONE(array_replace)
+IREP_ID_ONE(java_array_access)
+IREP_ID_ONE(java_member_access)
 
 #undef IREP_ID_ONE
 #undef IREP_ID_TWO

From a6d1084e3d5d46721acad20c56ae738baab1ffe4 Mon Sep 17 00:00:00 2001
From: Cristina <cristina.david@gmail.com>
Date: Thu, 29 Jun 2017 14:10:58 +0100
Subject: [PATCH 375/699] Move generate_class_stub out of
 java_bytecode_convert_classt and to java_utils.cpp and use it to generate
 stubs for exceptions

---
 src/java_bytecode/Makefile                    |  2 +-
 .../java_bytecode_convert_class.cpp           | 41 +++--------------
 .../java_bytecode_instrument.cpp              | 42 ++++++++---------
 src/java_bytecode/java_bytecode_instrument.h  |  2 +-
 src/java_bytecode/java_bytecode_language.cpp  |  1 +
 src/java_bytecode/java_utils.cpp              | 45 ++++++++++++++++++-
 src/java_bytecode/java_utils.h                |  6 +++
 7 files changed, 75 insertions(+), 64 deletions(-)

diff --git a/src/java_bytecode/Makefile b/src/java_bytecode/Makefile
index 522218dc4f4..5125f2f6664 100644
--- a/src/java_bytecode/Makefile
+++ b/src/java_bytecode/Makefile
@@ -5,6 +5,7 @@ SRC = bytecode_info.cpp \
       jar_file.cpp \
       java_bytecode_convert_class.cpp \
       java_bytecode_convert_method.cpp \
+      java_bytecode_instrument.cpp \
       java_bytecode_internal_additions.cpp \
       java_bytecode_language.cpp \
       java_bytecode_parse_tree.cpp \
@@ -16,7 +17,6 @@ SRC = bytecode_info.cpp \
       java_class_loader.cpp \
       java_class_loader_limit.cpp \
       java_entry_point.cpp \
-      java_bytecode_instrument.cpp \
       java_local_variable_table.cpp \
       java_object_factory.cpp \
       java_pointer_casts.cpp \
diff --git a/src/java_bytecode/java_bytecode_convert_class.cpp b/src/java_bytecode/java_bytecode_convert_class.cpp
index ada2468e924..9b6d53841e3 100644
--- a/src/java_bytecode/java_bytecode_convert_class.cpp
+++ b/src/java_bytecode/java_bytecode_convert_class.cpp
@@ -18,6 +18,7 @@ Author: Daniel Kroening, kroening@kroening.com
 #include "java_types.h"
 #include "java_bytecode_convert_method.h"
 #include "java_bytecode_language.h"
+#include "java_utils.h"
 
 #include <util/arith_tools.h>
 #include <util/namespace.h>
@@ -56,7 +57,10 @@ class java_bytecode_convert_classt:public messaget
       string_preprocess.add_string_type(
         parse_tree.parsed_class.name, symbol_table);
     else if(!loading_success)
-      generate_class_stub(parse_tree.parsed_class.name);
+      generate_class_stub(
+        parse_tree.parsed_class.name,
+        symbol_table,
+        get_message_handler());
   }
 
   typedef java_bytecode_parse_treet::classt classt;
@@ -73,7 +77,6 @@ class java_bytecode_convert_classt:public messaget
   void convert(const classt &c);
   void convert(symbolt &class_symbol, const fieldt &f);
 
-  void generate_class_stub(const irep_idt &class_name);
   void add_array_types();
 };
 
@@ -171,40 +174,6 @@ void java_bytecode_convert_classt::convert(const classt &c)
     java_root_class(*class_symbol);
 }
 
-void java_bytecode_convert_classt::generate_class_stub(
-  const irep_idt &class_name)
-{
-  class_typet class_type;
-
-  class_type.set_tag(class_name);
-  class_type.set(ID_base_name, class_name);
-
-  class_type.set(ID_incomplete_class, true);
-
-  // produce class symbol
-  symbolt new_symbol;
-  new_symbol.base_name=class_name;
-  new_symbol.pretty_name=class_name;
-  new_symbol.name="java::"+id2string(class_name);
-  class_type.set(ID_name, new_symbol.name);
-  new_symbol.type=class_type;
-  new_symbol.mode=ID_java;
-  new_symbol.is_type=true;
-
-  symbolt *class_symbol;
-
-  if(symbol_table.move(new_symbol, class_symbol))
-  {
-    warning() << "stub class symbol " << new_symbol.name
-              << " already exists" << eom;
-  }
-  else
-  {
-    // create the class identifier etc
-    java_root_class(*class_symbol);
-  }
-}
-
 void java_bytecode_convert_classt::convert(
   symbolt &class_symbol,
   const fieldt &f)
diff --git a/src/java_bytecode/java_bytecode_instrument.cpp b/src/java_bytecode/java_bytecode_instrument.cpp
index 22072d9f823..9ec9f3293b2 100644
--- a/src/java_bytecode/java_bytecode_instrument.cpp
+++ b/src/java_bytecode/java_bytecode_instrument.cpp
@@ -15,21 +15,25 @@ Date:   June 2017
 
 #include <goto-programs/goto_functions.h>
 
+#include "java_bytecode_convert_class.h"
 #include "java_bytecode_instrument.h"
 #include "java_entry_point.h"
 #include "java_object_factory.h"
 #include "java_root_class.h"
 #include "java_types.h"
+#include "java_utils.h"
 
-class java_bytecode_instrumentt
+class java_bytecode_instrumentt:public messaget
 {
 public:
   java_bytecode_instrumentt(
     symbol_tablet &_symbol_table,
     const bool _throw_runtime_exceptions,
+    message_handlert &_message_handler,
     const size_t _max_array_length):
     symbol_table(_symbol_table),
     throw_runtime_exceptions(_throw_runtime_exceptions),
+    message_handler(_message_handler),
     max_array_length(_max_array_length)
     {
     }
@@ -38,8 +42,9 @@ class java_bytecode_instrumentt
 
 protected:
   symbol_tablet &symbol_table;
-  bool throw_runtime_exceptions;
-  size_t max_array_length;
+  const bool throw_runtime_exceptions;
+  message_handlert &message_handler;
+  const size_t max_array_length;
 
   codet throw_exception(
     const exprt &cond,
@@ -92,25 +97,12 @@ codet java_bytecode_instrumentt::throw_exception(
 
   if(!symbol_table.has_symbol(exc_obj_name))
   {
-    // for now, create a class stub
-    // TODO: model exceptions and use that model
-    class_typet class_type;
-    class_type.set_tag(exc_name);
-    class_type.set(ID_base_name, exc_name);
-    class_type.set(ID_incomplete_class, true);
-
-    // produce class symbol
-    symbolt exc_symbol;
-    exc_symbol.base_name=exc_name;
-    exc_symbol.pretty_name=exc_name;
-    exc_symbol.name="java::"+id2string(exc_name);
-    class_type.set(ID_name, exc_symbol.name);
-    exc_symbol.type=class_type;
-    exc_symbol.mode=ID_java;
-    exc_symbol.is_type=true;
-    symbol_table.add(exc_symbol);
-    // create the class identifier
-    java_root_class(exc_symbol);
+    generate_class_stub(
+      exc_name,
+      symbol_table,
+      get_message_handler());
+    const symbolt &exc_symbol=symbol_table.lookup(
+      "java::"+id2string(exc_name));
 
     // create the exception object
     exc=object_factory(
@@ -512,12 +504,14 @@ void java_bytecode_instrumentt::operator()(exprt &expr)
 /// in order to be able to call the object factory to create exceptions.
 void java_bytecode_instrument(
   symbol_tablet &symbol_table,
-  bool throw_runtime_exceptions,
-  size_t max_array_length)
+  const bool throw_runtime_exceptions,
+  message_handlert &message_handler,
+  const size_t max_array_length)
 {
   java_bytecode_instrumentt instrument(
     symbol_table,
     throw_runtime_exceptions,
+    message_handler,
     max_array_length);
 
   Forall_symbols(s_it, symbol_table.symbols)
diff --git a/src/java_bytecode/java_bytecode_instrument.h b/src/java_bytecode/java_bytecode_instrument.h
index e382da7e7bd..0d987746bce 100644
--- a/src/java_bytecode/java_bytecode_instrument.h
+++ b/src/java_bytecode/java_bytecode_instrument.h
@@ -14,6 +14,6 @@ Date:   June 2017
 void java_bytecode_instrument(
   symbol_tablet &symbol_table,
   const bool throw_runtime_exceptions,
+  message_handlert &_message_handler,
   const size_t max_array_length);
-
 #endif
diff --git a/src/java_bytecode/java_bytecode_language.cpp b/src/java_bytecode/java_bytecode_language.cpp
index 3b1c2ba7dcf..297484ad82d 100644
--- a/src/java_bytecode/java_bytecode_language.cpp
+++ b/src/java_bytecode/java_bytecode_language.cpp
@@ -444,6 +444,7 @@ bool java_bytecode_languaget::typecheck(
   java_bytecode_instrument(
     symbol_table,
     throw_runtime_exceptions,
+    get_message_handler(),
     max_nondet_array_length);
 
   // now typecheck all
diff --git a/src/java_bytecode/java_utils.cpp b/src/java_bytecode/java_utils.cpp
index 9f8be11e4ad..5643d819a28 100644
--- a/src/java_bytecode/java_utils.cpp
+++ b/src/java_bytecode/java_utils.cpp
@@ -6,12 +6,13 @@ Author: Daniel Kroening, kroening@kroening.com
 
 \*******************************************************************/
 
-
+#include <util/invariant.h>
+#include <util/message.h>
 #include <util/prefix.h>
 #include <util/std_types.h>
-#include <util/invariant.h>
 #include <util/string_utils.h>
 
+#include "java_root_class.h"
 #include "java_utils.h"
 #include "java_types.h"
 
@@ -54,7 +55,47 @@ unsigned java_method_parameter_slots(const code_typet &t)
   return slots;
 }
 
+
 const std::string java_class_to_package(const std::string &canonical_classname)
 {
   return trim_from_last_delimiter(canonical_classname, '.');
 }
+
+void generate_class_stub(
+  const irep_idt &class_name,
+  symbol_tablet &symbol_table,
+  message_handlert &message_handler)
+{
+  class_typet class_type;
+
+  class_type.set_tag(class_name);
+  class_type.set(ID_base_name, class_name);
+
+  class_type.set(ID_incomplete_class, true);
+
+  // produce class symbol
+  symbolt new_symbol;
+  new_symbol.base_name=class_name;
+  new_symbol.pretty_name=class_name;
+  new_symbol.name="java::"+id2string(class_name);
+  class_type.set(ID_name, new_symbol.name);
+  new_symbol.type=class_type;
+  new_symbol.mode=ID_java;
+  new_symbol.is_type=true;
+
+  symbolt *class_symbol;
+
+  if(symbol_table.move(new_symbol, class_symbol))
+  {
+    messaget message(message_handler);
+    message.warning() <<
+      "stub class symbol " <<
+      new_symbol.name <<
+      " already exists" << messaget::eom;
+  }
+  else
+  {
+    // create the class identifier etc
+    java_root_class(*class_symbol);
+  }
+}
diff --git a/src/java_bytecode/java_utils.h b/src/java_bytecode/java_utils.h
index ef64ff9e18e..77cb35825b0 100644
--- a/src/java_bytecode/java_utils.h
+++ b/src/java_bytecode/java_utils.h
@@ -8,6 +8,7 @@ Author: Daniel Kroening, kroening@kroening.com
 
 
 #include <util/type.h>
+#include <util/symbol_table.h>
 
 #include "java_bytecode_parse_tree.h"
 
@@ -16,6 +17,11 @@ Author: Daniel Kroening, kroening@kroening.com
 
 bool java_is_array_type(const typet &type);
 
+void generate_class_stub(
+  const irep_idt &class_name,
+  symbol_tablet &symbol_table,
+  message_handlert &message_handler);
+
 /// Returns the number of JVM local variables (slots) taken by a local variable
 /// that, when translated to goto, has type \p t.
 unsigned java_local_variable_slots(const typet &t);

From 236e44231a1e0f2b3e64425bdace6d90c9154cd1 Mon Sep 17 00:00:00 2001
From: Cristina <cristina.david@gmail.com>
Date: Sun, 2 Jul 2017 17:09:36 +0100
Subject: [PATCH 376/699] Adjusted runtime exceptions regression tests

---
 .../cbmc-java/NullPointerException2/Test.class  | Bin 825 -> 825 bytes
 .../cbmc-java/NullPointerException2/test.desc   |   2 +-
 .../cbmc-java/NullPointerException3/Test.class  | Bin 835 -> 835 bytes
 .../cbmc-java/NullPointerException3/test.desc   |   2 +-
 4 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/regression/cbmc-java/NullPointerException2/Test.class b/regression/cbmc-java/NullPointerException2/Test.class
index 2644933a3a0cc875e9ea948ff2ebbc00121649f5..e49a2d70d61d80ae510fd2c7c04b3461001cf46e 100644
GIT binary patch
delta 25
fcmdnVwv%ncLMC2527U$sAQWVfV-TLaj;R{}N$&+L

delta 25
fcmdnVwv%ncLMC1w27U%U1_2-`#~?U)9aA>|NtXpA

diff --git a/regression/cbmc-java/NullPointerException2/test.desc b/regression/cbmc-java/NullPointerException2/test.desc
index 79cac6a9e9b..ed7e923ae16 100644
--- a/regression/cbmc-java/NullPointerException2/test.desc
+++ b/regression/cbmc-java/NullPointerException2/test.desc
@@ -3,7 +3,7 @@ Test.class
 --java-throw-runtime-exceptions
 ^EXIT=10$
 ^SIGNAL=0$
-^.*assertion at file Test.java line 15 function.*: FAILURE$
+^.*assertion at file Test.java line 17 function.*: FAILURE$
 ^VERIFICATION FAILED$
 --
 ^warning: ignoring
diff --git a/regression/cbmc-java/NullPointerException3/Test.class b/regression/cbmc-java/NullPointerException3/Test.class
index cd8ba9d445765df26cec3cd8ac74d3e3317cd1b5..77c124a4b869c9928a2fcd98c00f3c6e75d7bc1a 100644
GIT binary patch
delta 25
fcmX@ic9?C$LMC2527U$sAQWVfV-TLaj%g|YOW6fV

delta 25
fcmX@ic9?C$LMC1w27U%U1_2-`#~?U)9n(|*OMwMK

diff --git a/regression/cbmc-java/NullPointerException3/test.desc b/regression/cbmc-java/NullPointerException3/test.desc
index 79cac6a9e9b..ed7e923ae16 100644
--- a/regression/cbmc-java/NullPointerException3/test.desc
+++ b/regression/cbmc-java/NullPointerException3/test.desc
@@ -3,7 +3,7 @@ Test.class
 --java-throw-runtime-exceptions
 ^EXIT=10$
 ^SIGNAL=0$
-^.*assertion at file Test.java line 15 function.*: FAILURE$
+^.*assertion at file Test.java line 17 function.*: FAILURE$
 ^VERIFICATION FAILED$
 --
 ^warning: ignoring

From 87ff9de3484f7158ec02a1de1837eb444b8cbeaf Mon Sep 17 00:00:00 2001
From: Jesse Sigal <jesse.sigal@gmail.com>
Date: Wed, 28 Jun 2017 13:45:29 +0100
Subject: [PATCH 377/699] Fixed function inversion.

Now takes into account the multi-arity of plus (was previously assumed to be binary).
---
 src/solvers/refinement/string_refinement.cpp | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/solvers/refinement/string_refinement.cpp b/src/solvers/refinement/string_refinement.cpp
index 86b36a94790..09caf6ab121 100644
--- a/src/solvers/refinement/string_refinement.cpp
+++ b/src/solvers/refinement/string_refinement.cpp
@@ -1076,8 +1076,10 @@ std::map<exprt, int> string_refinementt::map_representation_of_sum(
     to_process.pop_back();
     if(cur.id()==ID_plus)
     {
-      to_process.push_back(std::make_pair(cur.op1(), positive));
-      to_process.push_back(std::make_pair(cur.op0(), positive));
+      for(const exprt &op : cur.operands())
+      {
+        to_process.push_back(std::make_pair(op, positive));
+      }
     }
     else if(cur.id()==ID_minus)
     {

From cd29f689d331f5e32bfdc810eb65972376f62780 Mon Sep 17 00:00:00 2001
From: Jesse Sigal <jesse.sigal@gmail.com>
Date: Wed, 28 Jun 2017 15:54:12 +0100
Subject: [PATCH 378/699] Extended check_axioms for not_contains and refactored

Previously when checking if axioms were satisfied by the model returned after SAT, the check_axioms function would assume all not_contains axioms were violated. They are now actually checked.

Factored out the solver creation and usage into `string_refinementt::is_axiom_sat`. It now sets the valuation of a chosen var to a witness for use outside of the function. Additionally, the orignal functions for adding negations to the solver now return expressions.
---
 src/solvers/refinement/string_refinement.cpp | 217 ++++++++++++++-----
 src/solvers/refinement/string_refinement.h   |   9 +-
 2 files changed, 172 insertions(+), 54 deletions(-)

diff --git a/src/solvers/refinement/string_refinement.cpp b/src/solvers/refinement/string_refinement.cpp
index 09caf6ab121..b8605ac3fb7 100644
--- a/src/solvers/refinement/string_refinement.cpp
+++ b/src/solvers/refinement/string_refinement.cpp
@@ -923,13 +923,73 @@ void string_refinementt::substitute_array_access(exprt &expr) const
   }
 }
 
-/// negates the constraint and add it to the solver. the intended usage is to
-/// find an assignement of the universal variable that would violate the axiom,
-/// to avoid false positives the symbols other than the universal variable
-/// should have been replaced by there valuation in the current model
-/// \par parameters: a string constraint and a solver for non string expressions
-void string_refinementt::add_negation_of_constraint_to_solver(
-  const string_constraintt &axiom, supert &solver)
+/// Negates the constraint to be fed to a solver. The intended usage is to find
+/// an assignement of the universal variable that would violate the axiom. To
+/// avoid false positives, the symbols other than the universal variable should
+/// have been replaced by their valuation in the current model.
+/// \pre Symbols other than the universal variable should have been replaced by
+///   their valuation in the current model.
+/// \param axiom: the not_contains constraint to add the negation of
+/// \param val: the existential witness for the axiom
+/// \param univ_var: the universal variable for the negation of the axiom
+/// \return: the negation of the axiom under the current evaluation
+exprt string_refinementt::negation_of_not_contains_constraint(
+  const string_not_contains_constraintt &axiom,
+  const exprt &val,
+  const symbol_exprt &univ_var)
+{
+  exprt lbu=axiom.univ_lower_bound();
+  exprt ubu=axiom.univ_upper_bound();
+  if(lbu.id()==ID_constant && ubu.id()==ID_constant)
+  {
+    mp_integer lb_int, ub_int;
+    to_integer(to_constant_expr(lbu), lb_int);
+    to_integer(to_constant_expr(ubu), ub_int);
+    if(ub_int<=lb_int)
+    {
+      debug() << "empty constraint with current model" << eom;
+      return false_exprt();
+    }
+  }
+
+  exprt lbe=axiom.exists_lower_bound();
+  exprt ube=axiom.exists_upper_bound();
+
+  if(axiom.premise()==false_exprt())
+  {
+    debug() << "(string_refinement::check_axioms) adding false" << eom;
+    return false_exprt();
+  }
+
+  // Witness is the Skolem function for the existential, which we evaluate at
+  // univ_var.
+  and_exprt univ_bounds(
+    binary_relation_exprt(lbu, ID_le, univ_var),
+    binary_relation_exprt(ubu, ID_gt, univ_var));
+  and_exprt exists_bounds(
+    binary_relation_exprt(lbe, ID_le, val),
+    binary_relation_exprt(ube, ID_gt, val));
+  equal_exprt equal_chars(
+    axiom.s0()[plus_exprt(univ_var, val)],
+    axiom.s1()[val]);
+  and_exprt negaxiom(univ_bounds, axiom.premise(), exists_bounds, equal_chars);
+
+  debug() << "(sr::check_axioms) negated not_contains axiom: "
+          << from_expr(ns, "", negaxiom) << eom;
+  substitute_array_access(negaxiom);
+  return negaxiom;
+}
+
+/// Negates the constraint to be fed to a solver. The intended usage is to find
+/// an assignement of the universal variable that would violate the axiom. To
+/// avoid false positives, the symbols other than the universal variable should
+/// have been replaced by their valuation in the current model.
+/// \pre Symbols other than the universal variable should have been replaced by
+///   their valuation in the current model.
+/// \param axiom: the not_contains constraint to add the negation of
+/// \return: the negation of the axiom under the current evaluation
+exprt string_refinementt::negation_of_constraint(
+  const string_constraintt &axiom)
 {
   exprt lb=axiom.lower_bound();
   exprt ub=axiom.upper_bound();
@@ -941,24 +1001,23 @@ void string_refinementt::add_negation_of_constraint_to_solver(
     if(ub_int<=lb_int)
     {
       debug() << "empty constraint with current model" << eom;
-      solver << false_exprt();
-      return;
+      return false_exprt();
     }
   }
 
   if(axiom.premise()==false_exprt())
   {
-      debug() << "(string_refinement::check_axioms) adding false" << eom;
-      solver << false_exprt();
-      return;
+    debug() << "(string_refinement::check_axioms) adding false" << eom;
+    return false_exprt();
   }
 
   and_exprt premise(axiom.premise(), axiom.univ_within_bounds());
   and_exprt negaxiom(premise, not_exprt(axiom.body()));
 
-  debug() << "(sr::check_axioms) negated axiom: " << from_expr(ns, "", negaxiom) << eom;
+  debug() << "(sr::check_axioms) negated axiom: "
+          << from_expr(ns, "", negaxiom) << eom;
   substitute_array_access(negaxiom);
-  solver << negaxiom;
+  return negaxiom;
 }
 
 /// return true if the current model satisfies all the axioms
@@ -979,63 +1038,89 @@ bool string_refinementt::check_axioms()
   for(size_t i=0; i<universal_axioms.size(); i++)
   {
     const string_constraintt &axiom=universal_axioms[i];
-    symbol_exprt univ_var=axiom.univ_var();
-    exprt bound_inf=axiom.lower_bound();
-    exprt bound_sup=axiom.upper_bound();
-    exprt prem=axiom.premise();
-    exprt body=axiom.body();
+    const symbol_exprt univ_var=axiom.univ_var();
+    const exprt bound_inf=axiom.lower_bound();
+    const exprt bound_sup=axiom.upper_bound();
+    const exprt prem=axiom.premise();
+    const exprt body=axiom.body();
 
-    string_constraintt axiom_in_model(
+    const string_constraintt axiom_in_model(
       univ_var, get(bound_inf), get(bound_sup), get(prem), get(body));
 
-    satcheck_no_simplifiert sat_check;
-    supert solver(ns, sat_check);
-    solver.set_ui(ui);
-    add_negation_of_constraint_to_solver(axiom_in_model, solver);
+    const exprt negaxiom=negation_of_constraint(axiom_in_model);
+    exprt witness;
 
-    switch(solver())
+    bool is_sat=is_axiom_sat(negaxiom, univ_var, witness);
+
+    if(is_sat)
     {
-    case decision_proceduret::resultt::D_SATISFIABLE:
-      {
-        exprt val=solver.get(axiom_in_model.univ_var());
-        debug() << "string constraint can be violated for "
-                << axiom_in_model.univ_var().get_identifier()
-                << " = " << from_expr(ns, "", val) << eom;
-        violated[i]=val;
-      }
-      break;
-    case decision_proceduret::resultt::D_UNSATISFIABLE:
-      break;
-    default:
-      throw "failure in checking axiom";
+      debug() << "string constraint can be violated for "
+              << univ_var.get_identifier()
+              << " = " << from_expr(ns, "", witness) << eom;
+      violated[i]=witness;
     }
   }
 
-  // tells whether one of the not_contains constraint can be violated
-  bool violated_not_contains=false;
+  // Maps from indexes of violated not_contains axiom to a witness of violation
+  std::map<std::size_t, exprt> violated_not_contains;
+
   debug() << "there are " << not_contains_axioms.size()
           << " not_contains axioms" << eom;
-
-  for(auto nc_axiom : not_contains_axioms)
+  for(size_t i=0; i<not_contains_axioms.size(); i++)
   {
-    typet index_type=nc_axiom.s0().length().type();
-    exprt zero=from_integer(0, index_type);
-    exprt witness=generator.get_witness_of(nc_axiom, zero);
-    exprt val=get(witness);
-    violated_not_contains=true;
+    const string_not_contains_constraintt &nc_axiom=not_contains_axioms[i];
+    const exprt univ_bound_inf=nc_axiom.univ_lower_bound();
+    const exprt univ_bound_sup=nc_axiom.univ_upper_bound();
+    const exprt prem=nc_axiom.premise();
+    const exprt exists_bound_inf=nc_axiom.exists_lower_bound();
+    const exprt exists_bound_sup=nc_axiom.exists_upper_bound();
+    const string_exprt s0=nc_axiom.s0();
+    const string_exprt s1=nc_axiom.s1();
+
+    symbol_exprt univ_var=generator.fresh_univ_index(
+      "not_contains_univ_var", nc_axiom.s0().length().type());
+    exprt wit=generator.get_witness_of(nc_axiom, univ_var);
+    exprt val=get(wit);
+    const string_not_contains_constraintt nc_axiom_in_model(
+      get(univ_bound_inf),
+      get(univ_bound_sup),
+      get(prem),
+      get(exists_bound_inf),
+      get(exists_bound_sup),
+      to_string_expr(get(s0)),
+      to_string_expr(get(s1)));
+
+    const exprt negaxiom=negation_of_not_contains_constraint(
+      nc_axiom_in_model, val, univ_var);
+    exprt witness;
+
+    bool is_sat=is_axiom_sat(negaxiom, univ_var, witness);
+
+    if(is_sat)
+    {
+      debug() << "string constraint can be violated for "
+              << univ_var.get_identifier()
+              << " = " << from_expr(ns, "", witness) << eom;
+      violated_not_contains[i]=witness;
+    }
   }
 
-  if(violated.empty() && !violated_not_contains)
+  if(violated.empty() && violated_not_contains.empty())
   {
     debug() << "no violated property" << eom;
     return true;
   }
   else
   {
-    debug() << violated.size() << " string axioms can be violated" << eom;
+    debug() << violated.size()
+            << " universal string axioms can be violated" << eom;
+    debug() << violated_not_contains.size()
+            << " not_contains string axioms can be violated" << eom;
 
     if(use_counter_example)
     {
+      // TODO: add counter examples for not_contains?
+
       // Checking if the current solution satisfies the constraints
       for(const auto &v : violated)
       {
@@ -1076,10 +1161,8 @@ std::map<exprt, int> string_refinementt::map_representation_of_sum(
     to_process.pop_back();
     if(cur.id()==ID_plus)
     {
-      for(const exprt &op : cur.operands())
-      {
+      for(const auto &op : cur.operands())
         to_process.push_back(std::make_pair(op, positive));
-      }
     }
     else if(cur.id()==ID_minus)
     {
@@ -1535,3 +1618,33 @@ exprt string_refinementt::get(const exprt &expr) const
 
   return substitute_array_lists(ecopy);
 }
+
+/// Creates a solver with `axiom` as the only formula added and runs it. If it
+/// is SAT, then true is returned and the given evalutation of `var` is stored
+/// in `witness`. If UNSAT, then what witness is is undefined.
+/// \param [in] axiom: the axiom to be checked
+/// \param [in] var: the variable whose evaluation will be stored in witness
+/// \param [out] witness: the witness of the satisfying assignment if one
+///   exists. If UNSAT, then behaviour is undefined.
+/// \return: true if axiom is SAT, false if UNSAT
+bool string_refinementt::is_axiom_sat(
+  const exprt &axiom, const symbol_exprt& var, exprt &witness)
+{
+  satcheck_no_simplifiert sat_check;
+  supert solver(ns, sat_check);
+  solver.set_ui(ui);
+  solver << axiom;
+
+  switch(solver())
+  {
+  case decision_proceduret::resultt::D_SATISFIABLE:
+    {
+      witness=solver.get(var);
+      return true;
+    }
+  case decision_proceduret::resultt::D_UNSATISFIABLE:
+    return false;
+  default:
+    throw "failure in checking axiom";
+  }
+}
diff --git a/src/solvers/refinement/string_refinement.h b/src/solvers/refinement/string_refinement.h
index ba189c247b7..419ad086f84 100644
--- a/src/solvers/refinement/string_refinement.h
+++ b/src/solvers/refinement/string_refinement.h
@@ -121,10 +121,15 @@ class string_refinementt: public bv_refinementt
   void set_to(const exprt &expr, bool value) override;
 
   void add_instantiations();
-  void add_negation_of_constraint_to_solver(
-    const string_constraintt &axiom, supert &solver);
+  exprt negation_of_not_contains_constraint(
+    const string_not_contains_constraintt &axiom,
+    const exprt &val,
+    const symbol_exprt &univ_var);
+  exprt negation_of_constraint(const string_constraintt &axiom);
   void fill_model();
   bool check_axioms();
+  bool is_axiom_sat(
+    const exprt &axiom, const symbol_exprt& var, exprt &witness);
 
   void set_char_array_equality(const exprt &lhs, const exprt &rhs);
   void update_index_set(const exprt &formula);

From 05516bbf5dfa239c06c1291f1d7c3f45585fb952 Mon Sep 17 00:00:00 2001
From: Jesse Sigal <jesse.sigal@gmail.com>
Date: Thu, 29 Jun 2017 11:22:00 +0100
Subject: [PATCH 379/699] Added regresion test for indexOf

Added the originating test for the bug to smoke tests.
---
 .../strings-smoke-tests/java_index_of2/test.desc  |   7 +++++++
 .../java_index_of2/test_index_of2.class           | Bin 0 -> 640 bytes
 .../java_index_of2/test_index_of2.java            |   9 +++++++++
 3 files changed, 16 insertions(+)
 create mode 100644 regression/strings-smoke-tests/java_index_of2/test.desc
 create mode 100644 regression/strings-smoke-tests/java_index_of2/test_index_of2.class
 create mode 100644 regression/strings-smoke-tests/java_index_of2/test_index_of2.java

diff --git a/regression/strings-smoke-tests/java_index_of2/test.desc b/regression/strings-smoke-tests/java_index_of2/test.desc
new file mode 100644
index 00000000000..09a7398d4b7
--- /dev/null
+++ b/regression/strings-smoke-tests/java_index_of2/test.desc
@@ -0,0 +1,7 @@
+CORE
+test_index_of2.class
+--refine-strings
+^EXIT=10$
+^SIGNAL=0$
+^VERIFICATION FAILED$
+--
diff --git a/regression/strings-smoke-tests/java_index_of2/test_index_of2.class b/regression/strings-smoke-tests/java_index_of2/test_index_of2.class
new file mode 100644
index 0000000000000000000000000000000000000000..cb7aacc4a7a627dd3b9c169e3a2ae1e077c418a6
GIT binary patch
literal 640
zcmZ`$T}vBL5IvLZ<|gZ^G4Ug9qgI<1t589F)0P%(L5Lp^5$cQF?B0Z%#@({JDgG9p
zeDhfa1%>+Ve`@L6tr~prWoGW&IcLty-2J`&4PY7X9278-N5w%IFA5NNDe%gHjR}FO
zgGo#YOcTmA8OJJ0bQr|zI+o3@@(Hw0$gS!?C!Yw}x%YbnYc2E@VYsdXwbeUps%X~~
z^T(mo0by*e-jToLVpj(3#YPh8puJ*ngN;ObKQ`shv|QjdA;0Q%@41~u*o!>%O&g|i
zqT=L02fjKw2wO`Z44(@Zg9IU)p08SM7c-c3;b4GJ>G%8cFvHg<3M0bMQzn5oE^2s7
zDE2Yi&5rVtC#nCkxm&7XyY<Xe8@z@-&svu^NEr83tRv+=O5wSa9)Ixq_F1*ydjM3d
z81WosL1r|zL;RX#PwegaE6|xK#4y`jnk0r6F~YGa-9d)I3@K&m3-g!AemsYDjAGR~
z!N3jd?^np(8j4IxQG&&>&5#_^@a>UDi8BSzA5;a(d=HF13RzA&0wX1HiTp8ybqXtc
V0jtmWAj+`V$he=4^s%(z_&<rceW3sV

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_index_of2/test_index_of2.java b/regression/strings-smoke-tests/java_index_of2/test_index_of2.java
new file mode 100644
index 00000000000..613ecefb75c
--- /dev/null
+++ b/regression/strings-smoke-tests/java_index_of2/test_index_of2.java
@@ -0,0 +1,9 @@
+public class test_index_of2
+{
+   public static void main(String param)
+   {
+      String s = "abcdefg";
+      int i = s.indexOf(param);
+      assert(i != 1);
+   }
+}

From 7a0ef6cadef6d85380769c2c9ca89c954c681a4c Mon Sep 17 00:00:00 2001
From: Owen Jones <owen.jones@diffblue.com>
Date: Tue, 4 Jul 2017 15:38:07 +0100
Subject: [PATCH 380/699] Revert "Merge pull request #986 from
 owen-jones-diffblue/bugfix/goto-trace-contains-ssa-information-test-gen-support"

This reverts commit 3f4c9d1005aaa20643c2d51475424caa78c3d93d, reversing
changes made to 7c415e89f751304ba2c093bd11ad63c3c2f32175.
---
 .../cbmc/pointer-function-parameters-2/test.desc    |  6 +++---
 .../cbmc/pointer-function-parameters/test.desc      |  4 ++--
 src/goto-symex/build_goto_trace.cpp                 | 13 ++-----------
 3 files changed, 7 insertions(+), 16 deletions(-)

diff --git a/regression/cbmc/pointer-function-parameters-2/test.desc b/regression/cbmc/pointer-function-parameters-2/test.desc
index 1db7d3c4f37..c67211d7387 100644
--- a/regression/cbmc/pointer-function-parameters-2/test.desc
+++ b/regression/cbmc/pointer-function-parameters-2/test.desc
@@ -5,8 +5,8 @@ main.c
 ^\*\* Used 4 iterations$
 ^Test suite:$
 ^a=\(\(signed int \*\*\)NULL\), tmp\$1=[^,]*, tmp\$2=[^,]*$
-^a=&tmp\$1, tmp\$1=\(\(signed int \*\)NULL\), tmp\$2=[^,]*$
-^a=&tmp\$1, tmp\$1=&tmp\$2, tmp\$2=([012356789][0-9]*|4[0-9]+)$
-^a=&tmp\$1, tmp\$1=&tmp\$2, tmp\$2=4$
+^a=&tmp\$1!0, tmp\$1=\(\(signed int \*\)NULL\), tmp\$2=[^,]*$
+^a=&tmp\$1!0, tmp\$1=&tmp\$2!0, tmp\$2=([012356789][0-9]*|4[0-9]+)$
+^a=&tmp\$1!0, tmp\$1=&tmp\$2!0, tmp\$2=4$
 --
 ^warning: ignoring
diff --git a/regression/cbmc/pointer-function-parameters/test.desc b/regression/cbmc/pointer-function-parameters/test.desc
index ee8efd932ad..b9aa6240dea 100644
--- a/regression/cbmc/pointer-function-parameters/test.desc
+++ b/regression/cbmc/pointer-function-parameters/test.desc
@@ -5,7 +5,7 @@ main.c
 ^\*\* Used 3 iterations$
 ^Test suite:$
 ^a=\(\(signed int \*\)NULL\), tmp\$1=[^,]*$
-^a=&tmp\$1, tmp\$1=4$
-^a=&tmp\$1, tmp\$1=([012356789][0-9]*|4[0-9]+)$
+^a=&tmp\$1!0, tmp\$1=4$
+^a=&tmp\$1!0, tmp\$1=([012356789][0-9]*|4[0-9]+)$
 --
 ^warning: ignoring
diff --git a/src/goto-symex/build_goto_trace.cpp b/src/goto-symex/build_goto_trace.cpp
index f7e806ac322..6139c4dcdab 100644
--- a/src/goto-symex/build_goto_trace.cpp
+++ b/src/goto-symex/build_goto_trace.cpp
@@ -308,17 +308,8 @@ void build_goto_trace(
         goto_trace_step.io_args.push_back(j);
       else
       {
-        // we only expect constants here
-        exprt expr=to_constant_expr(prop_conv.get(j));
-        if(expr.has_operands() && expr.op0().id()==ID_address_of)
-        {
-          exprt *op=&(to_address_of_expr(expr.op0()).object());
-          while(op->id()==ID_member || op->id()==ID_index)
-            op=&(op->op0());
-          *op=to_ssa_expr(*op).get_original_expr();
-        }
-        // use expr in the output
-        goto_trace_step.io_args.push_back(expr);
+        exprt tmp=prop_conv.get(j);
+        goto_trace_step.io_args.push_back(tmp);
       }
     }
 

From 8495451a9fa0fe337f0d89d9673b54a62a91868a Mon Sep 17 00:00:00 2001
From: Jesse Sigal <jesse.sigal@gmail.com>
Date: Fri, 30 Jun 2017 10:43:27 +0100
Subject: [PATCH 381/699] For contains, added bounds for substring index in
 !contains case

Previously, the startpos variable (the index at which the substring occurs) was only bound properly when the substring was contained in the string being searched. Hence, in the case where the substring was not contained, the notdet string would become enourmous, and during evaluation would cause out of memory errors. Now with startpos constrained, the solver does not attempt these enourmous strings.
---
 .../string_constraint_generator_testing.cpp   | 32 +++++++++++--------
 1 file changed, 19 insertions(+), 13 deletions(-)

diff --git a/src/solvers/refinement/string_constraint_generator_testing.cpp b/src/solvers/refinement/string_constraint_generator_testing.cpp
index 878441cd0d1..4e2134d6388 100644
--- a/src/solvers/refinement/string_constraint_generator_testing.cpp
+++ b/src/solvers/refinement/string_constraint_generator_testing.cpp
@@ -194,9 +194,10 @@ exprt string_constraint_generatort::add_axioms_for_contains(
 
   // We add axioms:
   // a1 : contains ==> |s0| >= |s1|
-  // a2 : 0 <= startpos <= |s0|-|s1|
-  // a3 : forall qvar < |s1|. contains ==> s1[qvar] = s0[startpos + qvar]
-  // a4 : !contains ==> |s1| > |s0| ||
+  // a2 : contains ==> 0 <= startpos <= |s0|-|s1|
+  // a3 : !contains ==> startpos = -1
+  // a4 : forall qvar < |s1|. contains ==> s1[qvar] = s0[startpos + qvar]
+  // a5 : !contains ==> |s1| > |s0| ||
   //      (forall startpos <= |s0| - |s1|.
   //         exists witness < |s1|. s1[witness] != s0[witness + startpos])
 
@@ -211,9 +212,14 @@ exprt string_constraint_generatort::add_axioms_for_contains(
   implies_exprt a2(contains, bounds);
   axioms.push_back(a2);
 
+  implies_exprt a3(
+    not_exprt(contains),
+    equal_exprt(startpos, from_integer(-1, index_type)));
+  axioms.push_back(a3);
+
   if(constant)
   {
-    // If the string is constant, we can use a more efficient axiom for a3:
+    // If the string is constant, we can use a more efficient axiom for a4:
     // contains ==> AND_{i < |s1|} s1[i] = s0[startpos + i]
     mp_integer s1_length;
     assert(!to_integer(s1.length(), s1_length));
@@ -224,10 +230,10 @@ exprt string_constraint_generatort::add_axioms_for_contains(
       plus_exprt shifted_i(expr_i, startpos);
       conjuncts.push_back(equal_exprt(s1[expr_i], s0[shifted_i]));
     }
-    implies_exprt a3(contains, conjunction(conjuncts));
-    axioms.push_back(a3);
+    implies_exprt a4(contains, conjunction(conjuncts));
+    axioms.push_back(a4);
 
-    // The a4 constraint for constant strings translates to:
+    // The a5 constraint for constant strings translates to:
     // !contains ==> |s1| > |s0| ||
     //               (forall qvar <= |s0| - |s1|.
     //                 !(AND_{i < |s1|} s1[i] == s0[i + qvar])
@@ -244,30 +250,30 @@ exprt string_constraint_generatort::add_axioms_for_contains(
       conjuncts1.push_back(equal_exprt(s1[expr_i], s0[shifted_i]));
     }
 
-    string_constraintt a4(
+    string_constraintt a5(
       qvar,
       plus_exprt(from_integer(1, index_type), length_diff),
       and_exprt(not_exprt(contains), s0.axiom_for_is_longer_than(s1)),
       not_exprt(conjunction(conjuncts1)));
-    axioms.push_back(a4);
+    axioms.push_back(a5);
   }
   else
   {
     symbol_exprt qvar=fresh_univ_index("QA_contains", index_type);
     exprt qvar_shifted=plus_exprt(qvar, startpos);
-    string_constraintt a3(
+    string_constraintt a4(
       qvar, s1.length(), contains, equal_exprt(s1[qvar], s0[qvar_shifted]));
-    axioms.push_back(a3);
+    axioms.push_back(a4);
 
     // We rewrite axiom a4 as:
     // forall startpos <= |s0|-|s1|.  (!contains && |s0| >= |s1|)
     //     ==> exists witness < |s1|. s1[witness] != s0[startpos+witness]
-    string_not_contains_constraintt a4(
+    string_not_contains_constraintt a5(
       from_integer(0, index_type),
       plus_exprt(from_integer(1, index_type), length_diff),
       and_exprt(not_exprt(contains), s0.axiom_for_is_longer_than(s1)),
       from_integer(0, index_type), s1.length(), s0, s1);
-    axioms.push_back(a4);
+    axioms.push_back(a5);
   }
   return typecast_exprt(contains, f.type());
 }

From 939fb876622b320ef4ae2d6a0239912fee4ecc96 Mon Sep 17 00:00:00 2001
From: Jesse Sigal <jesse.sigal@gmail.com>
Date: Mon, 3 Jul 2017 11:44:12 +0100
Subject: [PATCH 382/699] Added regression tests based on originating test-gen
 tests

The relevant tests implemented in diffblue/test-gen/pull/479 (StringContains3 and StringContains4) for test-gen have been adapted and added as StringContains01 and StringContains02 resp. They have been marked as future in accordance to the standard for other tests. A contains smoke test already exists and is active, which was extended.
---
 .../strings-smoke-tests/java_contains/test.desc |   6 +++++-
 .../java_contains/test_contains.class           | Bin 689 -> 825 bytes
 .../java_contains/test_contains.java            |   9 ++++++---
 regression/strings/StringContains01/test.class  | Bin 0 -> 618 bytes
 regression/strings/StringContains01/test.desc   |   6 ++++++
 regression/strings/StringContains01/test.java   |   8 ++++++++
 regression/strings/StringContains02/test.class  | Bin 0 -> 606 bytes
 regression/strings/StringContains02/test.desc   |   6 ++++++
 regression/strings/StringContains02/test.java   |   7 +++++++
 9 files changed, 38 insertions(+), 4 deletions(-)
 create mode 100644 regression/strings/StringContains01/test.class
 create mode 100644 regression/strings/StringContains01/test.desc
 create mode 100644 regression/strings/StringContains01/test.java
 create mode 100644 regression/strings/StringContains02/test.class
 create mode 100644 regression/strings/StringContains02/test.desc
 create mode 100644 regression/strings/StringContains02/test.java

diff --git a/regression/strings-smoke-tests/java_contains/test.desc b/regression/strings-smoke-tests/java_contains/test.desc
index 0c10fd4de93..e0ca4731a42 100644
--- a/regression/strings-smoke-tests/java_contains/test.desc
+++ b/regression/strings-smoke-tests/java_contains/test.desc
@@ -1,8 +1,12 @@
 CORE
 test_contains.class
 --refine-strings
-^EXIT=0$
+^EXIT=10$
 ^SIGNAL=0$
 ^\[.*assertion.1\].* line 8.* SUCCESS$
+^\[.*assertion.2\].* line 9.* SUCCESS$
+^\[.*assertion.3\].* line 12.* FAILURE$
+^\[.*assertion.4\].* line 13.* FAILURE$
+^VERIFICATION FAILED$
 --
 Issue: diffblue/test-gen#201
diff --git a/regression/strings-smoke-tests/java_contains/test_contains.class b/regression/strings-smoke-tests/java_contains/test_contains.class
index 989f5f04279074c7c827f6aec6cb3100ff201b36..078a8565a353a343b0fb50fbfaac5235f1df0516 100644
GIT binary patch
literal 825
zcmZ8eU2hUW6g>kAyDUpfm$E`Xto;z7l%h$WEHO4{6BAk=FedFwv%8FRE8W%I#W(#Q
z@@(R>nm}R`efQDdV;b+QrAU*>%-lQo+<VTMUzgv10NB9;6*E|pv8>>>iWpWD+)=Qa
zf`&B_uglm_k;0M)?#d{sxQDWg3PWzg3<B<lj^_qXoWQhtyu-kb8Ildhb;3ss@p9!Q
zgVgjooME=*xcsnxZgKyGD5i&V({UN{<<^<`&aC%Lw_9(AzT<Xx1uoMLP5bqM`6enS
zjtok}?p^g(+g{(d`Mx7M=^+oo6Wen`>KJT`b{giOGh}bJCRTfvEnW?Vm}S#uS{i1N
z)v$>wLt%p08w-5u`<}013pJuOHA}{}hC1#~O?qyfaXTcsV@3>%|BGy%ntq$V?Q_@W
zyA|PBkGtLQG;-`2Sv8^1?2*e1Mu!KE&pX$Q$eXZF4`lH%R_VKD=s#JuAcW8@4kq-|
zo}*})PDW>9a|HH96k?wCWRzs|y?GdP7p1=mnxON;1!6~fd<3bbCl2)F;aA85<f>ak
zC<CM~kUAPc{dtwGQTF2`E3h<5dMFj8A=1fDScnR%H4zhjZ3;hMly0;Y9Agp360sxV
zP>F2@GKo_lat)-hPqJT8_C1NeMO6l*OO#|3{;m8UROn_9qIhk^PNW%_)3qTo1IW^6
YNbzrwCnLwUh?WV&w8z4{g^1DOU(~gs!~g&Q

delta 454
zcmY*VO-lk%6g_Xo@s0CQGh>-)_MN5{LfA5>wk9oX<0{?^BAQs_(4tL0pq03D)3UV%
zN(r^^M@e_Agy3=R=Q;P@_ZA)~M_-fo4**5%YcP@ENUB)TAR(n<RmEBaI@W`DgJV-e
zBxu>vu#Fv#boaDmn-yPpS7mW?A>3At_}yXQ(1OiiHN~AMv_!jJsQ9;ycAY^!aXkYT
zG7OUI5eV179Oez|BHK%_WS+tFYaRd6yKeiU(e7~M4CJx*Pww1p);z!anCR76w)eyi
z9&}nBU{*X(BTohqU=unNrN}a}N^S%;2pSP33{R7cj#`+tdPJ3}mKj5;I`RmilB1kC
z;qnW3AJJTX2(=G=j7W6^?K2RQ5WOc8gF>i4BV7}m#;Zuv?=4bx4s3!nN9^ZOWob6C
lINbuU9eoI+4<33(NPY$X)h7DiqJfkG$v6(qiBlk9`5ST;KIs4e

diff --git a/regression/strings-smoke-tests/java_contains/test_contains.java b/regression/strings-smoke-tests/java_contains/test_contains.java
index fb585a2f0eb..f385c0593d2 100644
--- a/regression/strings-smoke-tests/java_contains/test_contains.java
+++ b/regression/strings-smoke-tests/java_contains/test_contains.java
@@ -1,12 +1,15 @@
 public class test_contains
 {
-   public static void main(/*String[] argv*/)
+   public static void main(String x)
    {
       String s = new String("Abc");
       String u = "bc";
       String t = "ab";
       assert(s.contains(u));
-      // Long version:
-      // assert(s.contains(t));
+      assert(!s.contains(t));
+
+      String z = new String(x);
+      if (z.length() > 3) assert(t.contains(z));
+      else assert(z.contains(u));
    }
 }
diff --git a/regression/strings/StringContains01/test.class b/regression/strings/StringContains01/test.class
new file mode 100644
index 0000000000000000000000000000000000000000..ce12a0ee4702ada48f472f2a0f9293bb9faf9f38
GIT binary patch
literal 618
zcmY*WOHUgy5dJ2c#L2RdkQ7Lu(9+WKs6;N@KnRqAdPv(ts!HYNY%FRTcERiLWAX=j
zE=VAOMDP7g2r*tBDY7&k+cV!|{O|Vi8o(MBeH1ZOK&=RYx{qnh2)y)>!<4|Rk2$;&
zculA-$Rtt5>NrY1>O^*Ws!O0fLViO>+HMlOrRDF0Y%}gELaC)A^`(E<QRbT~=7&S6
zBf`W|>p-5!Mo&ijjkYy9+Fy5lqirk0U!UbsS}rh8C~Sni2W-C`_f4pFwL>aemDp8>
z5+J}RGs{jGz{d!;1$cwEgxZi~`%(CgF|lDGu3cauz&pGrl!ujHI|nMX&#vwjvX(H8
zEE`A&Gygki{*<Pzj{7PK)%r4zqcntT_IPH5$*xMYQQapU?9}%8fd{sSd7gWbzk<p&
z=YTU0<ZN*q<I^nf#CvY#0`$ifqQo(uUh*tZ#yID$^b<0?fayx6bqa5Q>W7tcWCs|z
zLhi=}@_$`_ChZ?%8V2Q<N1Y{9_*4Mhpe|75?8TFSwUh}MuZVLL1`yfb$a-h+hG36k
Q97qnCV9QCKNVz8O0B)^z(*OVf

literal 0
HcmV?d00001

diff --git a/regression/strings/StringContains01/test.desc b/regression/strings/StringContains01/test.desc
new file mode 100644
index 00000000000..2e66f73126f
--- /dev/null
+++ b/regression/strings/StringContains01/test.desc
@@ -0,0 +1,6 @@
+FUTURE
+test.class
+--refine-strings
+^EXIT=10$
+^SIGNAL=0$
+^VERIFICATION FAILED$
diff --git a/regression/strings/StringContains01/test.java b/regression/strings/StringContains01/test.java
new file mode 100644
index 00000000000..de588381d8a
--- /dev/null
+++ b/regression/strings/StringContains01/test.java
@@ -0,0 +1,8 @@
+public class test
+{
+    public static void main(String s)
+    {
+        String ab = "abc";
+        assert(ab.contains(s));
+    }
+}
diff --git a/regression/strings/StringContains02/test.class b/regression/strings/StringContains02/test.class
new file mode 100644
index 0000000000000000000000000000000000000000..c1b575d8c6ead9140e80bf5c6f1cfe51c94594a8
GIT binary patch
literal 606
zcmY*WO;Zy=5PiMLW;V-WLVzTID9A?v2e@zpEv+Es0p$>iD!ENIQ#i2f!t8_}lRw~D
zt%548(z`#(vS$T?m+qeK*RNmq{QmR(CxC6NhNz-hg+MDnJH!lT1?EEdXbL<HF^^{g
z&k2*uGS8K<I!p6Coy%UL`UE;5RCaZ$?JGiQZT*-~?qq#Ms2%83eHdKylsR%>E?h{R
z5~kM<&g8Y+N@RMv)wM>ar#r51ylZ8A{$5_*!Gqm6xg!p{*}%kVUptzrRk_`C6cHkf
zM+h-S@ZYH<$pjW6EaC;BJ(}_6UiVvLGQ&C?fxuFPWvmeDBjjQ4OvU!U)IWiQAkI?D
z`g6kE;{`gOr0J@wfl6bwv(DG3jp#ZFpN!D#t6Uq^f6&2;+5s2%UMH+p@CN`?Z@W!6
zDuLW$Y@hIJo;|VmH*P^+91u0Ol_JU4KphhtJLpSzMYjDF-Vjq8jnWOuLyY}^|M3=;
zU#{CLx<mF%i5BxTIO35l1eko7x?K<f6Af{LU<gtEjB@E4yb;H}0@v@ui(WgOQ^kns
Ezr_`Gvj6}9

literal 0
HcmV?d00001

diff --git a/regression/strings/StringContains02/test.desc b/regression/strings/StringContains02/test.desc
new file mode 100644
index 00000000000..2e66f73126f
--- /dev/null
+++ b/regression/strings/StringContains02/test.desc
@@ -0,0 +1,6 @@
+FUTURE
+test.class
+--refine-strings
+^EXIT=10$
+^SIGNAL=0$
+^VERIFICATION FAILED$
diff --git a/regression/strings/StringContains02/test.java b/regression/strings/StringContains02/test.java
new file mode 100644
index 00000000000..77fa0284700
--- /dev/null
+++ b/regression/strings/StringContains02/test.java
@@ -0,0 +1,7 @@
+public class test
+{
+    public static void main(String s)
+    {
+        assert(s.contains("Hello"));
+    }
+}

From 45e0b9782b34a635bf3a2394b52a6ce392747623 Mon Sep 17 00:00:00 2001
From: Cristina <cristina.david@gmail.com>
Date: Fri, 16 Jun 2017 09:55:11 +0100
Subject: [PATCH 383/699] Switched from assertions to invariants/preconditions
 in exception handling

---
 src/analyses/uncaught_exceptions_analysis.cpp | 10 ++++--
 src/goto-programs/remove_exceptions.cpp       | 36 ++++++++++++-------
 2 files changed, 31 insertions(+), 15 deletions(-)

diff --git a/src/analyses/uncaught_exceptions_analysis.cpp b/src/analyses/uncaught_exceptions_analysis.cpp
index dfc012238ab..65baa49e082 100644
--- a/src/analyses/uncaught_exceptions_analysis.cpp
+++ b/src/analyses/uncaught_exceptions_analysis.cpp
@@ -17,7 +17,7 @@ Author: Cristina David
 /// Returns the compile type of an exception
 irep_idt uncaught_exceptions_domaint::get_exception_type(const typet &type)
 {
-  assert(type.id()==ID_pointer);
+  PRECONDITION(type.id()==ID_pointer);
 
   if(type.subtype().id()==ID_symbol)
   {
@@ -122,7 +122,9 @@ void uncaught_exceptions_domaint::transform(
   {
     const exprt &function_expr=
       to_code_function_call(instruction.code).function();
-    assert(function_expr.id()==ID_symbol);
+    DATA_INVARIANT(
+      function_expr.id()==ID_symbol,
+      "identifier expected to be a symbol");
     const irep_idt &function_name=
       to_symbol_expr(function_expr).get_identifier();
     // use the current information about the callee
@@ -193,7 +195,9 @@ void uncaught_exceptions_analysist::output(
     {
       std::cout << "Uncaught exceptions in function " <<
         it->first << ": " << std::endl;
-      assert(exceptions_map.find(it->first)!=exceptions_map.end());
+      INVARIANT(
+        exceptions_map.find(it->first)!=exceptions_map.end(),
+        "each function expected to be recorded in `exceptions_map`");
       for(auto exc_id : exceptions_map[it->first])
         std::cout << id2string(exc_id) << " ";
       std::cout << std::endl;
diff --git a/src/goto-programs/remove_exceptions.cpp b/src/goto-programs/remove_exceptions.cpp
index 23624eb1686..6b5c90302aa 100644
--- a/src/goto-programs/remove_exceptions.cpp
+++ b/src/goto-programs/remove_exceptions.cpp
@@ -77,7 +77,9 @@ void remove_exceptionst::add_exceptional_returns(
   const irep_idt &function_id=func_it->first;
   goto_programt &goto_program=func_it->second.body;
 
-  assert(symbol_table.has_symbol(function_id));
+  INVARIANT(
+    symbol_table.has_symbol(function_id),
+    "functions should be recorded in the symbol table");
   const symbolt &function_symbol=symbol_table.lookup(function_id);
 
   // for now only add exceptional returns for Java
@@ -116,7 +118,9 @@ void remove_exceptionst::add_exceptional_returns(
     {
       const exprt &function_expr=
         to_code_function_call(instr_it->code).function();
-      assert(function_expr.id()==ID_symbol);
+      DATA_INVARIANT(
+        function_expr.id()==ID_symbol,
+        "identifier expected to be a symbol");
       const irep_idt &function_name=
         to_symbol_expr(function_expr).get_identifier();
       has_uncaught_exceptions=!exceptions_map[function_name].empty();
@@ -142,7 +146,9 @@ void remove_exceptionst::add_exceptional_returns(
       symbol_tablet::symbolst::iterator s_it=
         symbol_table.symbols.find(function_id);
 
-      assert(s_it!=symbol_table.symbols.end());
+      INVARIANT(
+        s_it!=symbol_table.symbols.end(),
+        "functions should be recorded in the symbol table");
 
       auxiliary_symbolt new_symbol;
       new_symbol.is_static_lifetime=true;
@@ -180,7 +186,7 @@ void remove_exceptionst::instrument_exception_handler(
   const irep_idt &function_id=func_it->first;
   goto_programt &goto_program=func_it->second.body;
 
-  assert(instr_it->type==CATCH && instr_it->code.has_operands());
+  PRECONDITION(instr_it->type==CATCH && instr_it->code.has_operands());
 
   // retrieve the exception variable
   const exprt &exception=instr_it->code.op0();
@@ -226,9 +232,13 @@ static goto_programt::targett get_exceptional_output(
     const irep_idt &statement=it->code.get_statement();
     if(statement==ID_output)
     {
-      assert(it->code.operands().size()>=2);
+      DATA_INVARIANT(
+        it->code.operands().size()>=2,
+        "output expected to have at least 2 operands");
       const exprt &expr=it->code.op1();
-      assert(expr.id()==ID_symbol);
+      DATA_INVARIANT(
+        expr.id()==ID_symbol,
+        "identifier expected to be a symbol");
       const symbol_exprt &symbol=to_symbol_expr(expr);
       if(id2string(symbol.get_identifier()).find(EXC_SUFFIX)
          !=std::string::npos)
@@ -246,7 +256,7 @@ void remove_exceptionst::instrument_throw(
   const remove_exceptionst::stack_catcht &stack_catch,
   std::vector<exprt> &locals)
 {
-  assert(instr_it->type==THROW);
+  PRECONDITION(instr_it->type==THROW);
 
   const exprt &exc_expr=
     uncaught_exceptions_domaint::get_exception_symbol(instr_it->code);
@@ -263,8 +273,6 @@ void remove_exceptionst::instrument_throw(
   goto_programt &goto_program=func_it->second.body;
   const irep_idt &function_id=func_it->first;
 
-  assert(instr_it->code.operands().size()==1);
-
   // find the end of the function
   goto_programt::targett exceptional_output=
     get_exceptional_output(goto_program);
@@ -334,7 +342,7 @@ void remove_exceptionst::instrument_function_call(
   const stack_catcht &stack_catch,
   std::vector<exprt> &locals)
 {
-  assert(instr_it->type==FUNCTION_CALL);
+  PRECONDITION(instr_it->type==FUNCTION_CALL);
 
   goto_programt &goto_program=func_it->second.body;
   const irep_idt &function_id=func_it->first;
@@ -344,7 +352,9 @@ void remove_exceptionst::instrument_function_call(
   next_it++;
 
   code_function_callt &function_call=to_code_function_call(instr_it->code);
-  assert(function_call.function().id()==ID_symbol);
+  DATA_INVARIANT(
+    function_call.function().id()==ID_symbol,
+    "identified expected to be a symbol");
   const irep_idt &callee_id=
     to_symbol_expr(function_call.function()).get_identifier();
 
@@ -480,7 +490,9 @@ void remove_exceptionst::instrument_exceptions(
         // copy targets
         const irept::subt &exception_list=
           instr_it->code.find(ID_exception_list).get_sub();
-        assert(exception_list.size()==instr_it->targets.size());
+        INVARIANT(
+          exception_list.size()==instr_it->targets.size(),
+          "`exception_list` should contain current instruction's targets");
 
         // Fill the map with the catch type and the target
         unsigned i=0;

From f5f122e556f5f55fbb5ad026bbbe47f1b7989a28 Mon Sep 17 00:00:00 2001
From: Jesse Sigal <jesse.sigal@gmail.com>
Date: Thu, 29 Jun 2017 13:46:33 +0100
Subject: [PATCH 384/699] Added lower bound in lastIndexOf

Added a lower bound to the offset index in lastIndex of, should at minimum reduce the number of valid valuations by 1/2, but especially for fixed strings by much more.
---
 .../string_constraint_generator_indexof.cpp       | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/src/solvers/refinement/string_constraint_generator_indexof.cpp b/src/solvers/refinement/string_constraint_generator_indexof.cpp
index 2e3e6424c36..677262092e1 100644
--- a/src/solvers/refinement/string_constraint_generator_indexof.cpp
+++ b/src/solvers/refinement/string_constraint_generator_indexof.cpp
@@ -193,20 +193,22 @@ exprt string_constraint_generatort::add_axioms_for_last_index_of_string(
   symbol_exprt contains=fresh_boolean("contains_substring");
 
   // We add axioms:
-  // a1 : contains ==> offset <= from_index && offset <= |haystack| - |needle|
+  // a1 : contains ==> -1 <= offset && offset <= from_index
+  //                   && offset <= |haystack| - |needle|
   // a2 : !contains <=> offset = -1
-  // a3 : forall n:[0, needle.length[,
+  // a3 : forall n:[0, |needle|[,
   //        contains ==> haystack[n+offset] = needle[n]
   // a4 : forall n:[offset+1, min(from_index, |haystack| - |needle|)].
   //        contains ==>
-  //          (exists m:[0,|substring|[. haystack[m+n] != needle[m]])
+  //          (exists m:[0,|needle|[. haystack[m+n] != needle[m]])
   // a5:  forall n:[0, min(from_index, |haystack| - |needle|)].
   //        !contains ==>
-  //          (exists m:[0,|substring|[. haystack[m+n] != needle[m])
+  //          (exists m:[0,|needle|[. haystack[m+n] != needle[m])
 
   implies_exprt a1(
     contains,
     and_exprt(
+      binary_relation_exprt(from_integer(-1, index_type), ID_le, offset),
       binary_relation_exprt(
         offset, ID_le, minus_exprt(haystack.length(), needle.length())),
       binary_relation_exprt(offset, ID_le, from_index)));
@@ -255,8 +257,8 @@ exprt string_constraint_generatort::add_axioms_for_last_index_of_string(
   {
     // Unfold the existential quantifier as a disjunction in case of a constant
     // a4 && a5 <=> a6:
-    //  forall n:[0, min(from_index,|haystack|-|needle|)].
-    //    !contains || n > offset ==>
+    //  forall n:[0, min(from_index, |haystack| - |needle|)].
+    //    !contains || (n > offset) ==>
     //      haystack[n] != needle[0] || ... ||
     //      haystack[n+|needle|-1] != needle[|needle|-1]
     symbol_exprt qvar2=fresh_univ_index("QA_index_of_string_2", index_type);
@@ -273,6 +275,7 @@ exprt string_constraint_generatort::add_axioms_for_last_index_of_string(
 
     or_exprt premise(
       not_exprt(contains), binary_relation_exprt(qvar2, ID_gt, offset));
+
     string_constraintt a6(
       qvar2,
       from_integer(0, index_type),

From bb31bb547a9649b697eed2ae1fbe25f263347165 Mon Sep 17 00:00:00 2001
From: Jesse Sigal <jesse.sigal@gmail.com>
Date: Thu, 29 Jun 2017 14:18:29 +0100
Subject: [PATCH 385/699] Added regression test for lastIndexOf

Added regression (smoke test) for usage of long strings with lastIndexOf to detect future performance degredations.
---
 .../java_last_index_of2/test.desc                 |   7 +++++++
 .../java_last_index_of2/test_last_index_of2.class | Bin 0 -> 699 bytes
 .../java_last_index_of2/test_last_index_of2.java  |   8 ++++++++
 3 files changed, 15 insertions(+)
 create mode 100644 regression/strings-smoke-tests/java_last_index_of2/test.desc
 create mode 100644 regression/strings-smoke-tests/java_last_index_of2/test_last_index_of2.class
 create mode 100644 regression/strings-smoke-tests/java_last_index_of2/test_last_index_of2.java

diff --git a/regression/strings-smoke-tests/java_last_index_of2/test.desc b/regression/strings-smoke-tests/java_last_index_of2/test.desc
new file mode 100644
index 00000000000..5348cbe7fce
--- /dev/null
+++ b/regression/strings-smoke-tests/java_last_index_of2/test.desc
@@ -0,0 +1,7 @@
+CORE
+test_last_index_of2.class
+--refine-strings
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION SUCCESSFUL$
+--
diff --git a/regression/strings-smoke-tests/java_last_index_of2/test_last_index_of2.class b/regression/strings-smoke-tests/java_last_index_of2/test_last_index_of2.class
new file mode 100644
index 0000000000000000000000000000000000000000..9c82a7040752c9690160ca8f0b3b456e9c6f0157
GIT binary patch
literal 699
zcmZuvU279T6g{(>>~1#OG)=Wl)mHnZiGl^`n?;nW5Qz36B3K{FWOov#Zf0e6R{Sk}
z@zG}$T2Rn;f0KxJR?{H*a_@Ycd+xbs=KIgjUjgi*8zMwIz)B4PE(N$8;tE!MtcCE<
z_Hi}DHLUyCU|8JZc`me(naUr^oDWlxFt9@gZ%-;|?lHKX?sJC9ewGM^`My-*X)zfJ
z{mg>tV#1|jSn9m&AM-bSC*^9qGca1J@m*UuH!wVY^@P7J@jf;gg1tEXLmm#YLdW8<
zv{Y>)a&we&3Q{HF?NK(mbK8<em_vhMn-?aVa3f<2jCn4`LJ3U=nc^mqqtP%eM1(pb
zYBJqZ%LrT8CjObg2h*t^X`N~E;Xkc?T#s-A9fszt@L+f>V)NJ0?_nA0R(a0~KNwj<
z{`I5R?U98uvVE$^37UvpYLT3aBFjuc7i9e**69&LdRNwL+sSC<f^0>D;ymqEDKpB|
zn`dAjED%kKUU|q+!vb2gw$MJ6I+WL1PX8m^6D;3qRhlcOs5<XZ{{rvD8T@aS!zno$
zgePK(9<}kYNV@>+hy6?!Xm#;i#BSLQSZD>OsGY#Cyhp|T1b0R@6=X@OaH9KG_EOnv
F`4?selxF|{

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_last_index_of2/test_last_index_of2.java b/regression/strings-smoke-tests/java_last_index_of2/test_last_index_of2.java
new file mode 100644
index 00000000000..f533835fda4
--- /dev/null
+++ b/regression/strings-smoke-tests/java_last_index_of2/test_last_index_of2.java
@@ -0,0 +1,8 @@
+public class test_last_index_of2
+{
+   public static void main(String[] args)
+   {
+      String letters = "automatictestcasegenerationatdiffblue";
+      assert(letters.lastIndexOf("diffblue", 25)==-1);
+   }
+}

From ca3dbab050c9440f4131fd466bbea2c976f2d323 Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Thu, 6 Jul 2017 11:42:24 +0100
Subject: [PATCH 386/699] check_class_cast: don't duplicate existing assertion

java_bytecode_convert_method.cpp already creates an assertion; we should
replace it with an appropriately elaborated one rather than leaving the
existing one in place.
---
 regression/cbmc-java/cast_null1/test.class     | Bin 0 -> 237 bytes
 regression/cbmc-java/cast_null1/test.desc      |   9 +++++++++
 regression/cbmc-java/cast_null1/test.java      |   8 ++++++++
 src/java_bytecode/java_bytecode_instrument.cpp |   8 +++-----
 4 files changed, 20 insertions(+), 5 deletions(-)
 create mode 100644 regression/cbmc-java/cast_null1/test.class
 create mode 100644 regression/cbmc-java/cast_null1/test.desc
 create mode 100644 regression/cbmc-java/cast_null1/test.java

diff --git a/regression/cbmc-java/cast_null1/test.class b/regression/cbmc-java/cast_null1/test.class
new file mode 100644
index 0000000000000000000000000000000000000000..efced7cc257cac8cfdecc4f16a14a90d133f346e
GIT binary patch
literal 237
zcmYL?Jr4mv5Qg8``*P>=4=AWmxJD@&iH1-R{T>@xxjPAa{+CLk5VapAW<}UZW@eu}
zGxL1i?f?d;MQ~6KPzg{a_(Pp*Ga@*h?wa6^4_ig3&vdTlMV6@JN+u~2H<LOiM9V{Q
z+^C7REHvt5`g?hn6}a$NvVhRAC{AU*ix<gWZ46oveAGSx*5GmW`Pbx1T)o~Ebm4{&
faP~h?AVle>w!f-R4~XgCjd&$5;ILC6_X5!ytcoLW

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/cast_null1/test.desc b/regression/cbmc-java/cast_null1/test.desc
new file mode 100644
index 00000000000..86a52fc73e7
--- /dev/null
+++ b/regression/cbmc-java/cast_null1/test.desc
@@ -0,0 +1,9 @@
+CORE
+test.class
+
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION SUCCESSFUL$
+--
+Dynamic cast check: FAILURE
+^warning: ignoring
diff --git a/regression/cbmc-java/cast_null1/test.java b/regression/cbmc-java/cast_null1/test.java
new file mode 100644
index 00000000000..b6eb1d11817
--- /dev/null
+++ b/regression/cbmc-java/cast_null1/test.java
@@ -0,0 +1,8 @@
+
+public class test {
+
+  public static void main() {
+    test t = (test)null;
+  }
+
+}
diff --git a/src/java_bytecode/java_bytecode_instrument.cpp b/src/java_bytecode/java_bytecode_instrument.cpp
index 9ec9f3293b2..1a858fc11ea 100644
--- a/src/java_bytecode/java_bytecode_instrument.cpp
+++ b/src/java_bytecode/java_bytecode_instrument.cpp
@@ -327,7 +327,7 @@ void java_bytecode_instrumentt::instrument_code(exprt &expr)
   }
   else if(statement==ID_assert)
   {
-    code_assertt code_assert=to_code_assert(code);
+    const code_assertt &code_assert=to_code_assert(code);
 
     // does this correspond to checkcast?
     if(code_assert.assertion().id()==ID_java_instanceof)
@@ -338,13 +338,11 @@ void java_bytecode_instrumentt::instrument_code(exprt &expr)
         code_assert.assertion().operands().size()==2,
         "Instanceof should have 2 operands");
 
-      block.copy_to_operands(
+      code=
         check_class_cast(
           code_assert.assertion().op0(),
           code_assert.assertion().op1(),
-          code_assert.source_location()));
-      block.copy_to_operands(code_assert);
-      code=block;
+          code_assert.source_location());
     }
   }
   else if(statement==ID_block)

From 73bd18d6a2494f729e62a595238bdc0e150b0fb1 Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Thu, 6 Jul 2017 11:50:51 +0100
Subject: [PATCH 387/699] Don't throw ClassCastException when casting null
 pointer

Much like the assert-correct-class case, this is now guarded by a conditional
that only applies the check when the source pointer is non-null.
---
 regression/cbmc-java/cast_null2/test.class    | Bin 0 -> 237 bytes
 regression/cbmc-java/cast_null2/test.desc     |   8 +++++
 regression/cbmc-java/cast_null2/test.java     |   8 +++++
 .../java_bytecode_instrument.cpp              |  34 ++++++++++--------
 4 files changed, 35 insertions(+), 15 deletions(-)
 create mode 100644 regression/cbmc-java/cast_null2/test.class
 create mode 100644 regression/cbmc-java/cast_null2/test.desc
 create mode 100644 regression/cbmc-java/cast_null2/test.java

diff --git a/regression/cbmc-java/cast_null2/test.class b/regression/cbmc-java/cast_null2/test.class
new file mode 100644
index 0000000000000000000000000000000000000000..efced7cc257cac8cfdecc4f16a14a90d133f346e
GIT binary patch
literal 237
zcmYL?Jr4mv5Qg8``*P>=4=AWmxJD@&iH1-R{T>@xxjPAa{+CLk5VapAW<}UZW@eu}
zGxL1i?f?d;MQ~6KPzg{a_(Pp*Ga@*h?wa6^4_ig3&vdTlMV6@JN+u~2H<LOiM9V{Q
z+^C7REHvt5`g?hn6}a$NvVhRAC{AU*ix<gWZ46oveAGSx*5GmW`Pbx1T)o~Ebm4{&
faP~h?AVle>w!f-R4~XgCjd&$5;ILC6_X5!ytcoLW

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/cast_null2/test.desc b/regression/cbmc-java/cast_null2/test.desc
new file mode 100644
index 00000000000..c621e5854e5
--- /dev/null
+++ b/regression/cbmc-java/cast_null2/test.desc
@@ -0,0 +1,8 @@
+CORE
+test.class
+--java-throw-runtime-exceptions
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION SUCCESSFUL$
+--
+^warning: ignoring
diff --git a/regression/cbmc-java/cast_null2/test.java b/regression/cbmc-java/cast_null2/test.java
new file mode 100644
index 00000000000..b6eb1d11817
--- /dev/null
+++ b/regression/cbmc-java/cast_null2/test.java
@@ -0,0 +1,8 @@
+
+public class test {
+
+  public static void main() {
+    test t = (test)null;
+  }
+
+}
diff --git a/src/java_bytecode/java_bytecode_instrument.cpp b/src/java_bytecode/java_bytecode_instrument.cpp
index 1a858fc11ea..f522269554f 100644
--- a/src/java_bytecode/java_bytecode_instrument.cpp
+++ b/src/java_bytecode/java_bytecode_instrument.cpp
@@ -199,26 +199,30 @@ codet java_bytecode_instrumentt::check_class_cast(
   exprt null_check_op=class1;
   if(null_check_op.type()!=voidptr)
     null_check_op.make_typecast(voidptr);
-  notequal_exprt op_not_null(null_check_op, null_pointer_exprt(voidptr));
-
-  // checkcast passes when the operand is null
-  and_exprt and_expr(op_not_null, not_exprt(class_cast_check));
 
+  codet check_code;
   if(throw_runtime_exceptions)
-    return throw_exception(
-      and_expr,
-      original_loc,
-      "ClassCastException");
-
-  code_assertt assert_class(class_cast_check);
-  assert_class.add_source_location().
-    set_comment("Dynamic cast check");
-  assert_class.add_source_location().
-    set_property_class("bad-dynamic-cast");
+  {
+    check_code=
+      throw_exception(
+        not_exprt(class_cast_check),
+        original_loc,
+        "ClassCastException");
+  }
+  else
+  {
+    code_assertt assert_class(class_cast_check);
+    assert_class.add_source_location().
+      set_comment("Dynamic cast check");
+    assert_class.add_source_location().
+      set_property_class("bad-dynamic-cast");
+    check_code=std::move(assert_class);
+  }
 
   code_ifthenelset conditional_check;
+  notequal_exprt op_not_null(null_check_op, null_pointer_exprt(voidptr));
   conditional_check.cond()=std::move(op_not_null);
-  conditional_check.then_case()=std::move(assert_class);
+  conditional_check.then_case()=std::move(check_code);
   return conditional_check;
 }
 

From eb3b64c932de1c1daf0487335de10a20e1261f45 Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Tue, 4 Jul 2017 16:18:26 +0100
Subject: [PATCH 388/699] Ensure source locations are assigned to all
 expressions

This (a) assigns locations more generously in convert_instructions(...)
and (b) ensures they are preserved across instrumentation, both of which
help the instrument-cover-goals pass to add goals where they belong.
---
 .../java_bytecode_convert_method.cpp           | 18 ------------------
 src/java_bytecode/java_bytecode_instrument.cpp |  5 +++++
 src/java_bytecode/java_utils.cpp               | 10 +++++++++-
 src/java_bytecode/java_utils.h                 | 13 +++++++++++++
 4 files changed, 27 insertions(+), 19 deletions(-)

diff --git a/src/java_bytecode/java_bytecode_convert_method.cpp b/src/java_bytecode/java_bytecode_convert_method.cpp
index 489b7b95aa5..bbc8571df34 100644
--- a/src/java_bytecode/java_bytecode_convert_method.cpp
+++ b/src/java_bytecode/java_bytecode_convert_method.cpp
@@ -998,24 +998,6 @@ static unsigned get_bytecode_type_width(const typet &ty)
   return ty.get_unsigned_int(ID_width);
 }
 
-/// Merge code's source location with source_location, and recursively
-/// do the same to operand code. Typically this is used for a code_blockt
-/// as is generated for some Java operations such as "putstatic", but will
-/// also work if they generate conditionals, loops, etc.
-/// Merge means that any fields already set in code.add_source_location()
-/// remain so; any new ones from source_location are added.
-static void merge_source_location_rec(
-  codet &code,
-  const source_locationt &source_location)
-{
-  code.add_source_location().merge(source_location);
-  for(exprt &op : code.operands())
-  {
-    if(op.id()==ID_code)
-      merge_source_location_rec(to_code(op), source_location);
-  }
-}
-
 codet java_bytecode_convert_methodt::convert_instructions(
   const methodt &method,
   const code_typet &method_type,
diff --git a/src/java_bytecode/java_bytecode_instrument.cpp b/src/java_bytecode/java_bytecode_instrument.cpp
index 9ec9f3293b2..1688a06c102 100644
--- a/src/java_bytecode/java_bytecode_instrument.cpp
+++ b/src/java_bytecode/java_bytecode_instrument.cpp
@@ -300,6 +300,7 @@ codet java_bytecode_instrumentt::check_array_length(
 void java_bytecode_instrumentt::instrument_code(exprt &expr)
 {
   codet &code=to_code(expr);
+  source_locationt old_source_location=code.source_location();
 
   const irep_idt &statement=code.get_statement();
 
@@ -405,6 +406,10 @@ void java_bytecode_instrumentt::instrument_code(exprt &expr)
     block.copy_to_operands(code);
     code=block;
   }
+
+  // Ensure source location is retained:
+  if(!old_source_location.get_line().empty())
+    merge_source_location_rec(code, old_source_location);
 }
 
 /// Computes the instrumentation for `expr` in the form of
diff --git a/src/java_bytecode/java_utils.cpp b/src/java_bytecode/java_utils.cpp
index 5643d819a28..68004581c57 100644
--- a/src/java_bytecode/java_utils.cpp
+++ b/src/java_bytecode/java_utils.cpp
@@ -55,7 +55,6 @@ unsigned java_method_parameter_slots(const code_typet &t)
   return slots;
 }
 
-
 const std::string java_class_to_package(const std::string &canonical_classname)
 {
   return trim_from_last_delimiter(canonical_classname, '.');
@@ -99,3 +98,12 @@ void generate_class_stub(
     java_root_class(*class_symbol);
   }
 }
+
+void merge_source_location_rec(
+  exprt &expr,
+  const source_locationt &source_location)
+{
+  expr.add_source_location().merge(source_location);
+  for(exprt &op : expr.operands())
+    merge_source_location_rec(op, source_location);
+}
diff --git a/src/java_bytecode/java_utils.h b/src/java_bytecode/java_utils.h
index 77cb35825b0..e171cc841c9 100644
--- a/src/java_bytecode/java_utils.h
+++ b/src/java_bytecode/java_utils.h
@@ -32,4 +32,17 @@ unsigned java_method_parameter_slots(const code_typet &t);
 
 const std::string java_class_to_package(const std::string &canonical_classname);
 
+/// Attaches a source location to an expression and all of its subexpressions.
+/// Usually only codet needs this, but there are a few known examples of
+/// expressions needing a location, such as
+/// `goto_convertt::do_function_call_symbol` (function() needs a location)
+/// and `goto_convertt::clean_expr` (any subexpression being split into a
+/// separate instruction needs a location), so for safety we give every
+/// mentioned expression a location.
+/// Any code or expressions with source location fields already set keep those
+/// fields using rules of source_locationt::merge.
+void merge_source_location_rec(
+  exprt &expr,
+  const source_locationt &source_location);
+
 #endif // CPROVER_JAVA_BYTECODE_JAVA_UTILS_H

From 41bb0d44306416adf954e46275573626413cc845 Mon Sep 17 00:00:00 2001
From: thk123 <thomas@diffblue.com>
Date: Mon, 5 Jun 2017 11:09:06 +0100
Subject: [PATCH 389/699] Store in the class_typet whether the class is
 abstract

For interfaces and abstract classes, store in the type a value to
indicate if the class is abstract.
---
 src/java_bytecode/java_bytecode_convert_class.cpp | 1 +
 src/util/std_types.h                              | 5 +++++
 2 files changed, 6 insertions(+)

diff --git a/src/java_bytecode/java_bytecode_convert_class.cpp b/src/java_bytecode/java_bytecode_convert_class.cpp
index 9b6d53841e3..77c6e432e80 100644
--- a/src/java_bytecode/java_bytecode_convert_class.cpp
+++ b/src/java_bytecode/java_bytecode_convert_class.cpp
@@ -93,6 +93,7 @@ void java_bytecode_convert_classt::convert(const classt &c)
 
   class_type.set_tag(c.name);
   class_type.set(ID_base_name, c.name);
+  class_type.set(ID_abstract, c.is_abstract);
   if(c.is_enum)
   {
     class_type.set(
diff --git a/src/util/std_types.h b/src/util/std_types.h
index 1f5b16ee1ea..5c244e6728e 100644
--- a/src/util/std_types.h
+++ b/src/util/std_types.h
@@ -401,6 +401,11 @@ class class_typet:public struct_typet
 
     return false;
   }
+
+  bool is_abstract() const
+  {
+    return get_bool(ID_abstract);
+  }
 };
 
 /*! \brief Cast a generic typet to a \ref class_typet

From 4193022c8579b9f789309ac3c18974826043ef7b Mon Sep 17 00:00:00 2001
From: thk123 <thomas@diffblue.com>
Date: Tue, 4 Jul 2017 14:41:05 +0100
Subject: [PATCH 390/699] Added unit tests to demonstrate the abstract flag

Created some class files that the unit tests use and then inspects the
is_abstract_class flag for each type.
---
 unit/Makefile                                 |   5 +-
 .../java_bytecode_convert_class/A.class       | Bin 0 -> 222 bytes
 .../java_bytecode_convert_class/C.class       | Bin 0 -> 261 bytes
 .../ExampleClasses.java                       |  32 ++++
 .../Extendor.class                            | Bin 0 -> 229 bytes
 .../java_bytecode_convert_class/I.class       | Bin 0 -> 129 bytes
 .../Implementor.class                         | Bin 0 -> 266 bytes
 .../convert_abstract_class.cpp                | 149 ++++++++++++++++++
 8 files changed, 185 insertions(+), 1 deletion(-)
 create mode 100644 unit/java_bytecode/java_bytecode_convert_class/A.class
 create mode 100644 unit/java_bytecode/java_bytecode_convert_class/C.class
 create mode 100644 unit/java_bytecode/java_bytecode_convert_class/ExampleClasses.java
 create mode 100644 unit/java_bytecode/java_bytecode_convert_class/Extendor.class
 create mode 100644 unit/java_bytecode/java_bytecode_convert_class/I.class
 create mode 100644 unit/java_bytecode/java_bytecode_convert_class/Implementor.class
 create mode 100644 unit/java_bytecode/java_bytecode_convert_class/convert_abstract_class.cpp

diff --git a/unit/Makefile b/unit/Makefile
index e11ed07e96d..8f428b055d6 100644
--- a/unit/Makefile
+++ b/unit/Makefile
@@ -2,6 +2,7 @@
 
 SRC = unit_tests.cpp \
       catch_example.cpp \
+      java_bytecode/java_bytecode_convert_class/convert_abstract_class.cpp \
       solvers/refinement/string_constraint_generator_valueof/is_digit_with_radix.cpp \
       solvers/refinement/string_constraint_generator_valueof/get_numeric_value_from_character.cpp \
       # Empty last line
@@ -14,7 +15,9 @@ include ../src/common
 cprover.dir:
 	$(MAKE) $(MAKEARGS) -C ../src
 
-LIBS += ../src/ansi-c/ansi-c$(LIBEXT) \
+LIBS += ../src/java_bytecode/java_bytecode$(LIBEXT) \
+        ../src/miniz/miniz$(OBJEXT) \
+        ../src/ansi-c/ansi-c$(LIBEXT) \
         ../src/cpp/cpp$(LIBEXT) \
         ../src/json/json$(LIBEXT) \
         ../src/linking/linking$(LIBEXT) \
diff --git a/unit/java_bytecode/java_bytecode_convert_class/A.class b/unit/java_bytecode/java_bytecode_convert_class/A.class
new file mode 100644
index 0000000000000000000000000000000000000000..9684f38ea7c0655906c7480bacda17ebfeb1e5aa
GIT binary patch
literal 222
zcmW-b%?`m(5QWcFwN$CZT4IR>8%vQ$Ln09t#QwIu;Yxo*Tk%>}5(^LDp~PH^Ge6&)
znat<=dIOlC?Vy6Djg}3MK#H{@SW}g%Vn(R+2M2=bXOSd$Yn94PnFR8>7eUO#N@Q`$
zB7(Ea%4;Z>O4H8bE|N<u{aEC=%tvQ&6D};+e0)x5>wX-I^f=xIXBie|4+eh$5X(fB
jqru_@CN-|Qob{|ae1aZa5bA$}hL#C9Y}K^E(SZ8{NpmH6

literal 0
HcmV?d00001

diff --git a/unit/java_bytecode/java_bytecode_convert_class/C.class b/unit/java_bytecode/java_bytecode_convert_class/C.class
new file mode 100644
index 0000000000000000000000000000000000000000..70de87e848a77472c00edc1841a283d9369fdd1c
GIT binary patch
literal 261
zcmZ8byAHu%6#h<&QrE;}kQgzr7{$_%NL&VD|J$C>rdnxByp~B~@Bki4oEi*<?_9o1
z&Uw8bPXHq{Oz5Z@s2Qje$QR5Bg|QcU>4czndpknTid-ht7hcG#^U>ybtL#9SniGXi
z%qcH9Jwz_S+(hTt;hC4I&FNJgPXSwjN)k>6zPhLi3NYk|MQCLEFi_!sxVC+EQgoon
wHvkE8$V=4(5)h^+Q(Jnb<@<NgO$I{gYsko|!2DTTUsW9cwx)#2B5J670J(xGuK)l5

literal 0
HcmV?d00001

diff --git a/unit/java_bytecode/java_bytecode_convert_class/ExampleClasses.java b/unit/java_bytecode/java_bytecode_convert_class/ExampleClasses.java
new file mode 100644
index 00000000000..a7816923faa
--- /dev/null
+++ b/unit/java_bytecode/java_bytecode_convert_class/ExampleClasses.java
@@ -0,0 +1,32 @@
+interface I
+{
+  void interface_method();
+}
+
+abstract class A
+{
+  abstract void method();
+
+  int i;
+}
+
+class C
+{
+
+  int j;
+  void concreteMethod() {
+
+  }
+}
+
+class Extendor extends A {
+  void method() {
+
+  }
+}
+
+class Implementor implements I {
+  public void interface_method(){
+
+  }
+}
\ No newline at end of file
diff --git a/unit/java_bytecode/java_bytecode_convert_class/Extendor.class b/unit/java_bytecode/java_bytecode_convert_class/Extendor.class
new file mode 100644
index 0000000000000000000000000000000000000000..3986820feeea621ea71741958a4c6fbd15c82d7f
GIT binary patch
literal 229
zcmZ9Fy9&Z!424g6w^khlp@ZP44o;3DNYP1L6!*XO2P?fuFVfd?5*&O0A4*I+I2cII
z;p8KEf1WP@b98N}Xq#|MbO^>GOu}MGP{)%aLG#i;5_;P(k-IYXWp)sL#EB8h;+zHq
zd!LrsNp8YA?XN2lUnA*7BF|+$yNH``pg|{C>#C4RkY)s0VFZQ0)}?SW06xiX$V#mG
e^Z~lFA(%XkCLFM{eyH1QnfS+ChFiQ;V1EJZy&~uU

literal 0
HcmV?d00001

diff --git a/unit/java_bytecode/java_bytecode_convert_class/I.class b/unit/java_bytecode/java_bytecode_convert_class/I.class
new file mode 100644
index 0000000000000000000000000000000000000000..550de7e7469a2bd10a65a7922fc40b68da54c31f
GIT binary patch
literal 129
zcmX^0Z`VEs1_l!bPId-%b_Nbc27%1HlGLKK#N^cY+|-hc{1iq8W)00SMh33n{L-T2
zRJY8WR7M72*NVj4f}B+6oW$bd)MCA?#Ii(221ZYyeh^bXCowNw-#;lUHMxY1fq{{M
W31|tBW&s+;zye}1umVXY1~ve}wH(_3

literal 0
HcmV?d00001

diff --git a/unit/java_bytecode/java_bytecode_convert_class/Implementor.class b/unit/java_bytecode/java_bytecode_convert_class/Implementor.class
new file mode 100644
index 0000000000000000000000000000000000000000..1c85bca08aeb00b65dbb54105ca7402d7a804f28
GIT binary patch
literal 266
zcmZ9GyJ`Ya5QhI*jjO9h!AdY_X;Q?-Qf$P45MrU&hO_IaM|RJK-J|$gRsoAVKpsjm
z$HF4TT)%%Vzt_tTfFYUz3aI(0`*`%xAe2VhXgekp`p+vuagwf?(0JE|KMqOA*;0kE
zbeh^&&NeFI&xGwRT@!*uddMPv(~h^MCzX7~Jc(7FbN;$lM^(cEN`&gnfrO1sGg;)w
zAXa8On1_3gEP-a|!IQ`2zI^G4$)HreWKR;wbzZ(fXGsWU@eTtW@s+!@eWRlIFYAgd
I5a^-$2QAYslK=n!

literal 0
HcmV?d00001

diff --git a/unit/java_bytecode/java_bytecode_convert_class/convert_abstract_class.cpp b/unit/java_bytecode/java_bytecode_convert_class/convert_abstract_class.cpp
new file mode 100644
index 00000000000..71f39dfc937
--- /dev/null
+++ b/unit/java_bytecode/java_bytecode_convert_class/convert_abstract_class.cpp
@@ -0,0 +1,149 @@
+/*******************************************************************\
+
+ Module: Unit tests for converting abstract classes
+
+ Author: DiffBlue Limited. All rights reserved.
+
+\*******************************************************************/
+
+#include <catch.hpp>
+
+#include <istream>
+#include <memory>
+
+#include <util/config.h>
+#include <util/language.h>
+#include <util/message.h>
+#include <java_bytecode/java_bytecode_language.h>
+
+SCENARIO("java_bytecode_convert_abstract_class",
+  "[core][java_bytecode][java_bytecode_convert_class]")
+{
+  std::unique_ptr<languaget>java_lang(new_java_bytecode_language());
+
+  // Configure the path loading
+  cmdlinet command_line;
+  command_line.set(
+    "java-cp-include-files",
+    "./java_bytecode/java_bytecode_convert_class");
+  config.java.classpath.push_back(
+    "./java_bytecode/java_bytecode_convert_class");
+
+  // Configure the language
+  null_message_handlert message_handler;
+  java_lang->get_language_options(command_line);
+  java_lang->set_message_handler(message_handler);
+
+  std::istringstream java_code_stream("ignored");
+
+  GIVEN("Some class files in the class path")
+  {
+    WHEN("Parsing an interface")
+    {
+      java_lang->parse(java_code_stream, "I.class");
+
+      symbol_tablet new_symbol_table;
+      java_lang->typecheck(new_symbol_table, "");
+
+      java_lang->final(new_symbol_table);
+
+      REQUIRE(new_symbol_table.has_symbol("java::I"));
+      THEN("The symbol type should be abstract")
+      {
+        const symbolt &class_symbol=new_symbol_table.lookup("java::I");
+        const typet &symbol_type=class_symbol.type;
+
+        REQUIRE(symbol_type.id()==ID_struct);
+        class_typet class_type=to_class_type(symbol_type);
+        REQUIRE(class_type.is_class());
+        REQUIRE(class_type.is_abstract());
+      }
+    }
+    WHEN("Parsing an abstract class")
+    {
+      java_lang->parse(java_code_stream, "A.class");
+
+      symbol_tablet new_symbol_table;
+      java_lang->typecheck(new_symbol_table, "");
+
+      java_lang->final(new_symbol_table);
+
+      REQUIRE(new_symbol_table.has_symbol("java::A"));
+      THEN("The symbol type should be abstract")
+      {
+        const symbolt &class_symbol=new_symbol_table.lookup("java::A");
+        const typet &symbol_type=class_symbol.type;
+
+        REQUIRE(symbol_type.id()==ID_struct);
+        class_typet class_type=to_class_type(symbol_type);
+        REQUIRE(class_type.is_class());
+        REQUIRE(class_type.is_abstract());
+      }
+    }
+    WHEN("Passing a concrete class")
+    {
+      java_lang->parse(java_code_stream, "C.class");
+
+      symbol_tablet new_symbol_table;
+      java_lang->typecheck(new_symbol_table, "");
+
+      java_lang->final(new_symbol_table);
+
+      REQUIRE(new_symbol_table.has_symbol("java::C"));
+      THEN("The symbol type should not be abstract")
+      {
+        const symbolt &class_symbol=new_symbol_table.lookup("java::C");
+        const typet &symbol_type=class_symbol.type;
+
+        REQUIRE(symbol_type.id()==ID_struct);
+        class_typet class_type=to_class_type(symbol_type);
+        REQUIRE(class_type.is_class());
+        REQUIRE_FALSE(class_type.is_abstract());
+      }
+    }
+    WHEN("Passing a concrete class that implements an interface")
+    {
+      java_lang->parse(java_code_stream, "Implementor.class");
+
+      symbol_tablet new_symbol_table;
+      java_lang->typecheck(new_symbol_table, "");
+
+      java_lang->final(new_symbol_table);
+
+      REQUIRE(new_symbol_table.has_symbol("java::Implementor"));
+      THEN("The symbol type should not be abstract")
+      {
+        const symbolt &class_symbol=
+          new_symbol_table.lookup("java::Implementor");
+        const typet &symbol_type=class_symbol.type;
+
+        REQUIRE(symbol_type.id()==ID_struct);
+        class_typet class_type=to_class_type(symbol_type);
+        REQUIRE(class_type.is_class());
+        REQUIRE_FALSE(class_type.is_abstract());
+      }
+    }
+    WHEN("Passing a concrete class that extends an abstract class")
+    {
+      java_lang->parse(java_code_stream, "Extendor.class");
+
+      symbol_tablet new_symbol_table;
+      java_lang->typecheck(new_symbol_table, "");
+
+      java_lang->final(new_symbol_table);
+
+      REQUIRE(new_symbol_table.has_symbol("java::Extendor"));
+      THEN("The symbol type should not be abstract")
+      {
+        const symbolt &class_symbol=
+          new_symbol_table.lookup("java::Extendor");
+        const typet &symbol_type=class_symbol.type;
+
+        REQUIRE(symbol_type.id()==ID_struct);
+        class_typet class_type=to_class_type(symbol_type);
+        REQUIRE(class_type.is_class());
+        REQUIRE_FALSE(class_type.is_abstract());
+      }
+    }
+  }
+}

From 07ff02d22d2c2f48ee86f0b652931287e7c7b0eb Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Sat, 8 Jul 2017 22:31:54 +0100
Subject: [PATCH 391/699] Removing string literal function from string
 preprocess cpp

---
 src/java_bytecode/java_string_library_preprocess.cpp | 12 ------------
 1 file changed, 12 deletions(-)

diff --git a/src/java_bytecode/java_string_library_preprocess.cpp b/src/java_bytecode/java_string_library_preprocess.cpp
index 1c7e852ec7b..03fed3afa9f 100644
--- a/src/java_bytecode/java_string_library_preprocess.cpp
+++ b/src/java_bytecode/java_string_library_preprocess.cpp
@@ -868,18 +868,6 @@ codet java_string_library_preprocesst::make_equals_function_code(
   return code;
 }
 
-/// construct a string_exprt from a constant string value
-/// \param s: a string
-/// \param symbol_table: a symbol table
-/// \return an expression representing a string expr with the given content
-exprt java_string_library_preprocesst::string_literal(
-  const std::string &s, symbol_tablet &symbol_table)
-{
-  constant_exprt expr(s, string_typet());
-  return make_function_application(
-    ID_cprover_string_literal_func, {expr}, refined_string_type, symbol_table);
-}
-
 /// Provide code for the String.valueOf(F) function.
 /// \param type: type of the function call
 /// \param loc: location in the program_invocation_name

From c33306a9d5f06cf3c8228d22d6d831c6e2cd599a Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Mon, 10 Jul 2017 09:44:37 +0100
Subject: [PATCH 392/699] Removing string_literal declaration

This function was not used.
---
 src/java_bytecode/java_string_library_preprocess.h | 2 --
 1 file changed, 2 deletions(-)

diff --git a/src/java_bytecode/java_string_library_preprocess.h b/src/java_bytecode/java_string_library_preprocess.h
index ff3a7142fbc..472e8fe8e2b 100644
--- a/src/java_bytecode/java_string_library_preprocess.h
+++ b/src/java_bytecode/java_string_library_preprocess.h
@@ -286,8 +286,6 @@ class java_string_library_preprocesst:public messaget
     const std::string &s,
     symbol_tablet &symbol_table);
 
-  exprt string_literal(const std::string &s, symbol_tablet &symbol_table);
-
   codet make_function_from_call(
     const irep_idt &function_name,
     const code_typet &type,

From 280c45b139bff830a72d946ad2b5b27d6db0f638 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Tue, 20 Jun 2017 17:09:36 +0100
Subject: [PATCH 393/699] Declare malloc-site symbol before use

---
 src/java_bytecode/java_object_factory.cpp | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/java_bytecode/java_object_factory.cpp b/src/java_bytecode/java_object_factory.cpp
index efcd97f335e..61f287ced07 100644
--- a/src/java_bytecode/java_object_factory.cpp
+++ b/src/java_bytecode/java_object_factory.cpp
@@ -224,12 +224,13 @@ exprt allocate_dynamic_object_with_decl(
 {
   std::vector<const symbolt *> symbols_created;
 
+  code_blockt tmp_block;
   exprt result=allocate_dynamic_object(
     target_expr,
     allocate_type,
     symbol_table,
     loc,
-    output_code,
+    tmp_block,
     symbols_created,
     cast_needed);
 
@@ -242,6 +243,9 @@ exprt allocate_dynamic_object_with_decl(
     output_code.add(decl);
   }
 
+  for(const exprt &code : tmp_block.operands())
+    output_code.add(to_code(code));
+
   return result;
 }
 

From 8082795f4f99079ccd9ed44e53a8d2d0025f5c1f Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Sun, 9 Jul 2017 08:32:55 +0100
Subject: [PATCH 394/699] Add test checking that string content is declared
 before being allocated

---
 .../java_object_allocation/test.class             | Bin 0 -> 401 bytes
 .../java_object_allocation/test.desc              |   9 +++++++++
 .../java_object_allocation/test.java              |   9 +++++++++
 3 files changed, 18 insertions(+)
 create mode 100644 regression/strings-smoke-tests/java_object_allocation/test.class
 create mode 100644 regression/strings-smoke-tests/java_object_allocation/test.desc
 create mode 100644 regression/strings-smoke-tests/java_object_allocation/test.java

diff --git a/regression/strings-smoke-tests/java_object_allocation/test.class b/regression/strings-smoke-tests/java_object_allocation/test.class
new file mode 100644
index 0000000000000000000000000000000000000000..fce0d46166dbeedb6ed06ae1dfa1defbeb482af3
GIT binary patch
literal 401
zcmZusyG{c!5FFpbcQFSEN5Uf!1q}*8A`Kk~3M3j1D1wkEeZ~Zb;FFFE|3yP2koW*T
z3b9TB;$cg><JsBS_4~)m8-QJO1Y$HIEXGI$JS@d%y4;Ge9ASll?;C5X0|vjlb;%GM
z71x@fo*AppCil56FJwL@CRDdt-7$zkF)5WkHjb=S`k~qx$w!%>2Eov9xIdP5*dJ7-
zu|x8`DGFCzC78=H!5Z2$$94YDpXVd3h-!7S-zIx*Gp-7&BndYE6a4ML1|s^qJ056N
z2#Ry`TBpn?hrKD-69I;VBA<~?IR7O*gijafyu!Om{V9Tz843wyz3pf4({F<mfpev1
Qjwa1+({zRf;ylzp0UHiVssI20

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_object_allocation/test.desc b/regression/strings-smoke-tests/java_object_allocation/test.desc
new file mode 100644
index 00000000000..fe10bf71202
--- /dev/null
+++ b/regression/strings-smoke-tests/java_object_allocation/test.desc
@@ -0,0 +1,9 @@
+CORE
+test.class
+--refine-strings --show-goto-functions
+// Enable multi-line checking
+activate-multi-line-match
+EXIT=0
+SIGNAL=0
+char \([*]malloc_site.[0-9]*\)\[INFINITY\(\)\];\n\s*//.*\n\s*malloc_site.[0-9]*\s*=\s*MALLOC\(char \[INFINITY\(\)\], 2ull? \* INFINITY\(\)\);\n\s*//.*\n\s*cprover_string_array.[0-9]*\s*=\s*malloc_site.\d*;
+--
diff --git a/regression/strings-smoke-tests/java_object_allocation/test.java b/regression/strings-smoke-tests/java_object_allocation/test.java
new file mode 100644
index 00000000000..9122dd4dfaf
--- /dev/null
+++ b/regression/strings-smoke-tests/java_object_allocation/test.java
@@ -0,0 +1,9 @@
+public class test
+{
+   public static void check()
+   {
+      String s = new String("foo");
+      String t = new String("bar");
+      String u = s.concat(t);
+   }
+}

From e2dea9b4f7bb531da99c80305089b1b9d1538c3b Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Mon, 10 Jul 2017 11:14:00 +0100
Subject: [PATCH 395/699] Correcting type in add axiom for int

Type for value comparison with zero was wrong, causing warning about
ignoring comparison.
---
 src/solvers/refinement/string_constraint_generator_valueof.cpp | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/src/solvers/refinement/string_constraint_generator_valueof.cpp b/src/solvers/refinement/string_constraint_generator_valueof.cpp
index b408ba4090a..24dead705c3 100644
--- a/src/solvers/refinement/string_constraint_generator_valueof.cpp
+++ b/src/solvers/refinement/string_constraint_generator_valueof.cpp
@@ -109,7 +109,6 @@ string_exprt string_constraint_generatort::add_axioms_from_int(
   exprt zero_char=constant_char('0', char_type);
   exprt nine_char=constant_char('9', char_type);
   exprt minus_char=constant_char('-', char_type);
-  exprt zero=from_integer(0, index_type);
   exprt max=from_integer(max_size, index_type);
 
   // We add axioms:
@@ -118,7 +117,7 @@ string_exprt string_constraint_generatort::add_axioms_from_int(
   // a3 : |res|>1 && '0'<=res[0]<='9' => res[0]!='0'
   // a4 : |res|>1 && res[0]='-' => res[1]!='0'
 
-  binary_relation_exprt is_negative(i, ID_lt, zero);
+  binary_relation_exprt is_negative(i, ID_lt, from_integer(0, i.type()));
   and_exprt correct_length1(
     res.axiom_for_is_strictly_longer_than(1),
     res.axiom_for_is_shorter_than(max));

From 735065ce94f711f4d4a93461ab8901e0a5ef5550 Mon Sep 17 00:00:00 2001
From: Owen Jones <owen.jones@diffblue.com>
Date: Mon, 10 Jul 2017 17:17:00 +0100
Subject: [PATCH 396/699] Make Long.parseLong work

Note the tests are marked THOROUGH as they take a little too long.
This should be solved by #702.
---
 .../java_parselong_1/test.desc                  |   9 +++++++++
 .../java_parselong_1/test_parselong.class       | Bin 0 -> 923 bytes
 .../java_parselong_1/test_parselong.java        |  11 +++++++++++
 .../java_parselong_2/test.desc                  |   9 +++++++++
 .../java_parselong_2/test_parselong.class       | Bin 0 -> 926 bytes
 .../java_parselong_2/test_parselong.java        |  10 ++++++++++
 .../java_parselong_3/test.desc                  |   9 +++++++++
 .../java_parselong_3/test_parselong.class       | Bin 0 -> 927 bytes
 .../java_parselong_3/test_parselong.java        |  11 +++++++++++
 .../java_parselong_4/test.desc                  |   9 +++++++++
 .../java_parselong_4/test_parselong.class       | Bin 0 -> 929 bytes
 .../java_parselong_4/test_parselong.java        |  10 ++++++++++
 .../java_parselong_5/test.desc                  |   9 +++++++++
 .../java_parselong_5/test_parselong.class       | Bin 0 -> 949 bytes
 .../java_parselong_5/test_parselong.java        |  11 +++++++++++
 .../java_string_library_preprocess.cpp          |   6 ++++++
 .../refinement/string_constraint_generator.h    |   2 +-
 .../string_constraint_generator_valueof.cpp     |  16 ++++++++++------
 18 files changed, 115 insertions(+), 7 deletions(-)
 create mode 100644 regression/strings-smoke-tests/java_parselong_1/test.desc
 create mode 100644 regression/strings-smoke-tests/java_parselong_1/test_parselong.class
 create mode 100644 regression/strings-smoke-tests/java_parselong_1/test_parselong.java
 create mode 100644 regression/strings-smoke-tests/java_parselong_2/test.desc
 create mode 100644 regression/strings-smoke-tests/java_parselong_2/test_parselong.class
 create mode 100644 regression/strings-smoke-tests/java_parselong_2/test_parselong.java
 create mode 100644 regression/strings-smoke-tests/java_parselong_3/test.desc
 create mode 100644 regression/strings-smoke-tests/java_parselong_3/test_parselong.class
 create mode 100644 regression/strings-smoke-tests/java_parselong_3/test_parselong.java
 create mode 100644 regression/strings-smoke-tests/java_parselong_4/test.desc
 create mode 100644 regression/strings-smoke-tests/java_parselong_4/test_parselong.class
 create mode 100644 regression/strings-smoke-tests/java_parselong_4/test_parselong.java
 create mode 100644 regression/strings-smoke-tests/java_parselong_5/test.desc
 create mode 100644 regression/strings-smoke-tests/java_parselong_5/test_parselong.class
 create mode 100644 regression/strings-smoke-tests/java_parselong_5/test_parselong.java

diff --git a/regression/strings-smoke-tests/java_parselong_1/test.desc b/regression/strings-smoke-tests/java_parselong_1/test.desc
new file mode 100644
index 00000000000..fa8ad9ccc48
--- /dev/null
+++ b/regression/strings-smoke-tests/java_parselong_1/test.desc
@@ -0,0 +1,9 @@
+THOROUGH
+test_parselong.class
+--refine-strings
+^EXIT=10$
+^SIGNAL=0$
+^\[.*assertion.1\].* line 8.* SUCCESS$
+^\[.*assertion.2\].* line 9.* FAILURE$
+--
+--
diff --git a/regression/strings-smoke-tests/java_parselong_1/test_parselong.class b/regression/strings-smoke-tests/java_parselong_1/test_parselong.class
new file mode 100644
index 0000000000000000000000000000000000000000..d912ed08003c33b066551abc750ef9f2eb82ee74
GIT binary patch
literal 923
zcmZuvU2hUm5IuKUSXh>iLP7kdT9me0N~Msd#Mo4QFsnXbnzTNc3vBS#?QXNX_)C0|
zKj5>Ph_Q*j`=2z<-PR(~Y;t#I?#!Gs=g!aH-@XHAprs>)MGciWZs|~PTSpa32_&%`
z1sLT38dh{9WY!%Wcd@FW#*km+zHfPfa2@}l@Ojs^`V4HJA=Va-2<|gPs!O{J>W<sD
z7&4}CtY^c+uI0Uu$qYHu?QwgTdqVoBK{a?Se1@zUSbp&8h<m<eyUt*X`W$lMFchmV
z%>(|H*KF<#YMsCnbQ|JuZ$Op#bFPVsA9xaRrjqD}Ad>qNhEyluy*E$!QAmemVTiYT
z_US-+#~pe->#>mZ^V1AhWorXj%n|$lVW@F^ZF6&@UT?0qTCJwcThmZCu#S5M(#SBB
zCPmwSm3`!SF7ZxJLuqIj*g$g%=y~_R>IDpi>g<qGp7f->NrEyY!nsfEbBjoh%%o_?
zruQcK`<5>}tA9q31Pg|AL65zU1=^bwZ4Aqn<WOWqXopA>I&<XJ=r4CFx;zH^NQQzu
zov|>;Fi*B|l7Iq=<Rx$cC5p)65mfqs_A!*bTx1N@T=|OV_9w(f$d~7#y?c-3F%o-Y
z=s*66jwVrw83{3qp#3Ifoz^>pI4Xp-MV{nPrX0e-MO>o4PLFgMSBOQ1w*M-w5$o$=
wT=|8HhO%0q`h~M08{q`NTrT+q#t54F0czwkVzUFwHc=?X11ZZ5aunSB13X*2cmMzZ

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_parselong_1/test_parselong.java b/regression/strings-smoke-tests/java_parselong_1/test_parselong.java
new file mode 100644
index 00000000000..a328af58250
--- /dev/null
+++ b/regression/strings-smoke-tests/java_parselong_1/test_parselong.java
@@ -0,0 +1,11 @@
+public class test_parselong
+{
+    public static void main(String[] args)
+    {
+        // 2^40
+        String str = new String("1099511627776");
+        long parsed = Long.parseLong(str);
+        assert(parsed == 1099511627776L);
+        assert(parsed != 1099511627776L);
+    }
+}
diff --git a/regression/strings-smoke-tests/java_parselong_2/test.desc b/regression/strings-smoke-tests/java_parselong_2/test.desc
new file mode 100644
index 00000000000..17db69e3979
--- /dev/null
+++ b/regression/strings-smoke-tests/java_parselong_2/test.desc
@@ -0,0 +1,9 @@
+THOROUGH
+test_parselong.class
+--refine-strings
+^EXIT=10$
+^SIGNAL=0$
+^\[.*assertion.1\].* line 7.* SUCCESS$
+^\[.*assertion.2\].* line 8.* FAILURE$
+--
+--
diff --git a/regression/strings-smoke-tests/java_parselong_2/test_parselong.class b/regression/strings-smoke-tests/java_parselong_2/test_parselong.class
new file mode 100644
index 0000000000000000000000000000000000000000..d0ba8c19bc710603d76026422fffd27612d95e29
GIT binary patch
literal 926
zcmZuwO>fgc5Pj=7apE}NO$gs9EhK56NlSnOr6LMN0vR|2Rcbk)O=5zJYge|zFX2MO
zodYL8B8W<GN8-2e3qZ`er6HuUv^z69Gw;pw?)Tqcz5;0ChKd9h6<mzsk_riB6%|xt
zh+`>C3GaUVWD5#vDq<q*vWhEMR#0ciEppE@T;FtT?~dv5u4VKY*fv9C&9qH_ogq}I
zZZgPir*AN%bkjB-4tKkT`&cA1WOb*<txfKl!aoek{&Uk~NbA1g`A_$_>lv0~4{lPQ
zU2fV8g~}6shri@?i`#>G$9GLS4RE+Spvv4a$3(^RU4b}LNpu4c!Tml%qT}=4iwAr!
zphL1SMAv%O;XrD~8M-~=t|{o}rWr1a)*8~t5c~gOsBx{)Xm#8Djc1LO)vF?}p<qSB
zD#%G9#Za6Swf-u*;kpj-PEJE9Xll5I>r+6Fx;sYCXUJD(hZOQ8C+&3-lpz+(eP9=k
zDY{oBJyMgZwnaaj^zR#<=^Fhbj-;4Bqyzff+nA?|lc0OU(nT>9Ss@TjWN6KjSErrP
z9$p%Qy(dFLj@C#JWSApcJ4iqt1@dAzfg(jj@f*nW0qgsawz8oyWWAP7e@3|V0g(}M
zr8y|CUL(Gb*wz^8w|}CeNmQVQ0@MP;6%Rut{0tP75ydS+6f8=VLr6G@Q?#q}QcmLx
z@yO5vIE!<{`+N|Wexa<OB<HDi{%Fi*Fawau#y>$DL6P4=4t+#qc4W~e3`x5!gt<VD
GgoQu3{J;_b

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_parselong_2/test_parselong.java b/regression/strings-smoke-tests/java_parselong_2/test_parselong.java
new file mode 100644
index 00000000000..c2e3d60bd11
--- /dev/null
+++ b/regression/strings-smoke-tests/java_parselong_2/test_parselong.java
@@ -0,0 +1,10 @@
+public class test_parselong
+{
+    public static void main(String[] args)
+    {
+        String str = new String("+00AbCdEf0123");
+        long parsed = Long.parseLong(str, 16);
+        assert(parsed == 737894400291L);
+        assert(parsed != 737894400291L);
+    }
+}
diff --git a/regression/strings-smoke-tests/java_parselong_3/test.desc b/regression/strings-smoke-tests/java_parselong_3/test.desc
new file mode 100644
index 00000000000..fa8ad9ccc48
--- /dev/null
+++ b/regression/strings-smoke-tests/java_parselong_3/test.desc
@@ -0,0 +1,9 @@
+THOROUGH
+test_parselong.class
+--refine-strings
+^EXIT=10$
+^SIGNAL=0$
+^\[.*assertion.1\].* line 8.* SUCCESS$
+^\[.*assertion.2\].* line 9.* FAILURE$
+--
+--
diff --git a/regression/strings-smoke-tests/java_parselong_3/test_parselong.class b/regression/strings-smoke-tests/java_parselong_3/test_parselong.class
new file mode 100644
index 0000000000000000000000000000000000000000..c7cafd723c4e08a94e4da4d1e9e38262fa07c6f8
GIT binary patch
literal 927
zcmZuwT~E_c7=BLIu3OiAvpK(qqT4_ijG-YSk)S4;suwdP;DtHcnprF@X*++3H!j|L
zttQS$qWAtM!S@to&e104yx-6BzUQ1@hu?nyXyT5BBxY3Hh~cIN2^9@h)Z$2BRyjI4
zq!>WOoQAlFx}{+r3o7ai`5Er}rWaVQ<3F%`-nPvy1KVMUu33&1tTRNawJipD)9soJ
zX~S~NXZ^jl>Aeua3^~K?aC?h;me5a(a`4*n88Sv-`oXJx?)j$eI=#D8XOCMBL$UhO
z*yV3|-R4fO-U>X6yde(vdX$+z!%bBDz!QiQnM5}P5!|0JBwGRRym`v^Lpn4ThS*xi
zK50m6xqYu=KC%S;{5Zn}QCdd^Sz`Y`3`1(Zv9!9n*jR3?(AN-wiz=3MG_b5Ag)~EH
zl(q49v=2ScCE}@ZEEP>1E4V#|^t`=mb^?Y%b+St_pVX+lK@(+&hm9Z0#WRu~*JvQ=
zQP!qSCr$^@HGRu7yQds!WI>-Cblf|brkj(bJHs+1(G^J%5KUxh&5>58ozbq$4#7T=
zAR$j{G&C|yk*psFpnxK2ahyYmEF$>>Wcq>i14!Gs$PltIm(jjK+4zj;0QvG1)OYWZ
zI6!=R2<_)T*1^asP$MB~5emssXmrK1h@nDg_ec{g$`nILIFAdoYxGnu;u7)5(hInZ
zE5!S1XqSGYqM|GpD1Z92&1TpGkj*8&LLWetKSGXtL3FZZQAUBJ-xq_qMv8>%e*mr~
BzzhHY

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_parselong_3/test_parselong.java b/regression/strings-smoke-tests/java_parselong_3/test_parselong.java
new file mode 100644
index 00000000000..e05341bdb86
--- /dev/null
+++ b/regression/strings-smoke-tests/java_parselong_3/test_parselong.java
@@ -0,0 +1,11 @@
+public class test_parselong
+{
+    public static void main(String[] args)
+    {
+        // -2^41
+        String str = new String("-2199023255552");
+        long parsed = Long.parseLong(str, 10);
+        assert(parsed == -2199023255552L);
+        assert(parsed != -2199023255552L);
+    }
+}
diff --git a/regression/strings-smoke-tests/java_parselong_4/test.desc b/regression/strings-smoke-tests/java_parselong_4/test.desc
new file mode 100644
index 00000000000..17db69e3979
--- /dev/null
+++ b/regression/strings-smoke-tests/java_parselong_4/test.desc
@@ -0,0 +1,9 @@
+THOROUGH
+test_parselong.class
+--refine-strings
+^EXIT=10$
+^SIGNAL=0$
+^\[.*assertion.1\].* line 7.* SUCCESS$
+^\[.*assertion.2\].* line 8.* FAILURE$
+--
+--
diff --git a/regression/strings-smoke-tests/java_parselong_4/test_parselong.class b/regression/strings-smoke-tests/java_parselong_4/test_parselong.class
new file mode 100644
index 0000000000000000000000000000000000000000..89e6a99d4abcb7c4121abf106898def48d7b314c
GIT binary patch
literal 929
zcmZuwOK;Oa5dPM2;>2;@O$hH63Q1aM`bgUYrJ^bzfeajiDzzNYCRqg+*RE`b-@p&x
zLd2ajAQ40*xN+boA%U26A0edjV;(y*-#4?nKmUCF2B3je9Vtv}xE9BC9SSNss;DK9
z#7q?U_2V_Y8fJAQWYi5EH!-K7&QO@<zAwDMavlG!<@1&;It*-wA+}~YR<O<xsn)g_
z)J?Y|7&4~ih{wIXmhhg+V1~Tuwz<8<Jxkh0PBnO8`3zYz5PtA{pL@QrU8j4C>g;jL
zVJKCfnY;WIuiM<|)|-K6(Q1gpy)I=IPFW@@e&9*Ou}q>Hf=KQU8B)!Fw_iTu`ym|~
z3qyRZZ67tHH{G7s7WXYlzc9*hPL?*1MUL424@0iimF33L;==r~l%ew)77Q$6$v_$z
zhVn3P<9N9DJkKTS=}|Nd4Fk(q8Nqte+7<19p;#U7Q%)#7EN{|G84_XZhkEIhqz5$`
zNoJU}Y15w57IcJfd7^W|k%kuZXn{6-2UB!*QgpUhwk*3MEdrv69R2fT)k!jv(U}3*
z2T~Li=pPH63=^aqhXE*}L{<W4P$rK|eg~BvVEq8fc0MwIYR+ckUl85+h*%$m$q8t0
z-XeK`#P$IC_kX<op;w|tLevuIl+&jZehwNch~qXPN*0q8Lr6G_b0l@TEa!27c;x5~
zT*M{feL3_izfsXJsTL`B>ZHv^*aMKuCqKjJLsQ>FjeJ6Eyk%J?3dOi12XloC1y}z9
D$DqOl

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_parselong_4/test_parselong.java b/regression/strings-smoke-tests/java_parselong_4/test_parselong.java
new file mode 100644
index 00000000000..67eee61b85a
--- /dev/null
+++ b/regression/strings-smoke-tests/java_parselong_4/test_parselong.java
@@ -0,0 +1,10 @@
+public class test_parselong
+{
+    public static void main(String[] args)
+    {
+        String str = new String("7654321076543210");
+        long parsed = Long.parseLong(str, 8);
+        assert(parsed == 275730608604808L);
+        assert(parsed != 275730608604808L);
+    }
+}
diff --git a/regression/strings-smoke-tests/java_parselong_5/test.desc b/regression/strings-smoke-tests/java_parselong_5/test.desc
new file mode 100644
index 00000000000..fa8ad9ccc48
--- /dev/null
+++ b/regression/strings-smoke-tests/java_parselong_5/test.desc
@@ -0,0 +1,9 @@
+THOROUGH
+test_parselong.class
+--refine-strings
+^EXIT=10$
+^SIGNAL=0$
+^\[.*assertion.1\].* line 8.* SUCCESS$
+^\[.*assertion.2\].* line 9.* FAILURE$
+--
+--
diff --git a/regression/strings-smoke-tests/java_parselong_5/test_parselong.class b/regression/strings-smoke-tests/java_parselong_5/test_parselong.class
new file mode 100644
index 0000000000000000000000000000000000000000..deaff359766878fc996234305ee5403faf397641
GIT binary patch
literal 949
zcmah|%Wl(95Ixti<Hm8`O$hH4+LE-iX=#830a3Lefeb8yDzz-ojbjBD*RE`bFJVLY
z0M>v+5S3uh7qNjb*DVbpl}IGtnYlA_&K!@w|N8P3Km#{5q%f;uZVK}nBwW!@MJ<6O
z7L?&|_=A$5Vo^gvWL?#;gk=?VhQcfl0?Q9=&kZ*1fVUm1!@zbJ;!WGN!#fPIYHf=_
z-tamWL&mUO>v3<dZTU|{GDF_*Ozv!P-xmH+P!3<%0YlaZtss29&;7u1Jhyv``s{Jr
zWhhmj8N2)yuRGlB)?1-((`|&q{Vr7&PPis2LFfy_iAtgyfe7vo8B(o~n=c>n{fG|9
z!Z6h|ouh%Yme=!5>%J}M7seSbi`F`_$PxR0VHoC?R#*Q26ZI=9R&`v%nvOIw4CPU?
z^*@T=^L>xzNsm)d(a>=nH^vA&Y42KQ$WW|K4liU&kJ=j~G(#fN<IpahQ1qZiI%P&x
z8xAc3y_b#^*uK>{=15A0J-VPR*ue}fREk!KWy@kJvSJ{b$k8)TUY$-xr?M~rdryXh
z0zKnVkYSo^{V)MVl*miq6v`A4#cv_gAGm!0X*(YqKsFYY&rsGsAl^rzG7a_h8zc{q
z*d9Rp_E)q&iVDzJ1X_YZb{rZleirmy5LlBuL83xA1ccK#L#Ku{oW(h!k)`kAJT4IJ
yi&0$qiFp+jxk&Xh$5S?<5rAAi`3ZU-s{9Ue>?7in6N@$qB>k??<q|m(F8>CT6U7|>

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_parselong_5/test_parselong.java b/regression/strings-smoke-tests/java_parselong_5/test_parselong.java
new file mode 100644
index 00000000000..ac30cc8af83
--- /dev/null
+++ b/regression/strings-smoke-tests/java_parselong_5/test_parselong.java
@@ -0,0 +1,11 @@
+public class test_parselong
+{
+    public static void main(String[] args)
+    {
+        // -2^35
+        String str = new String("-100000000000000000000000000000000000");
+        long parsed = Long.parseLong(str, 2);
+        assert(parsed == -34359738368L);
+        assert(parsed != -34359738368L);
+    }
+}
diff --git a/src/java_bytecode/java_string_library_preprocess.cpp b/src/java_bytecode/java_string_library_preprocess.cpp
index 03fed3afa9f..d34c4f0308d 100644
--- a/src/java_bytecode/java_string_library_preprocess.cpp
+++ b/src/java_bytecode/java_string_library_preprocess.cpp
@@ -1945,6 +1945,12 @@ void java_string_library_preprocesst::initialize_conversion_table()
   cprover_equivalent_to_java_function
     ["java::java.lang.Integer.parseInt:(Ljava/lang/String;I)I"]=
       ID_cprover_string_parse_int_func;
+  cprover_equivalent_to_java_function
+    ["java::java.lang.Long.parseLong:(Ljava/lang/String;)J"]=
+      ID_cprover_string_parse_int_func;
+  cprover_equivalent_to_java_function
+    ["java::java.lang.Long.parseLong:(Ljava/lang/String;I)J"]=
+      ID_cprover_string_parse_int_func;
   cprover_equivalent_to_java_string_returning_function
     ["java::java.lang.Integer.toHexString:(I)Ljava/lang/String;"]=
       ID_cprover_string_of_int_hex_func;
diff --git a/src/solvers/refinement/string_constraint_generator.h b/src/solvers/refinement/string_constraint_generator.h
index 55c453d480d..082508871fa 100644
--- a/src/solvers/refinement/string_constraint_generator.h
+++ b/src/solvers/refinement/string_constraint_generator.h
@@ -294,7 +294,7 @@ class string_constraint_generatort
 
   exprt add_axioms_for_parse_int(const function_application_exprt &f);
   exprt add_axioms_for_correct_number_format(
-    const string_exprt &str, const exprt &radix, std::size_t max_size=10);
+    const string_exprt &str, const exprt &radix, std::size_t max_size);
   exprt add_axioms_for_to_char_array(const function_application_exprt &f);
   exprt add_axioms_for_compare_to(const function_application_exprt &f);
 
diff --git a/src/solvers/refinement/string_constraint_generator_valueof.cpp b/src/solvers/refinement/string_constraint_generator_valueof.cpp
index 24dead705c3..c59a20dab81 100644
--- a/src/solvers/refinement/string_constraint_generator_valueof.cpp
+++ b/src/solvers/refinement/string_constraint_generator_valueof.cpp
@@ -419,7 +419,9 @@ exprt string_constraint_generatort::add_axioms_for_parse_int(
   PRECONDITION(f.arguments().size()==1 || f.arguments().size()==2);
   string_exprt str=get_string_expr(f.arguments()[0]);
   const exprt radix=
-    f.arguments().size()==1?from_integer(10, f.type()):f.arguments()[1];
+    f.arguments().size()==1?
+      static_cast<exprt>(from_integer(10, f.type())):
+      static_cast<exprt>(typecast_exprt(f.arguments()[1], f.type()));
 
   const typet &type=f.type();
   symbol_exprt i=fresh_symbol("parsed_int", type);
@@ -436,21 +438,23 @@ exprt string_constraint_generatort::add_axioms_for_parse_int(
     not_exprt(or_exprt(starts_with_minus, starts_with_plus));
 
   /// TODO: we should throw an exception when this does not hold:
-  exprt correct=add_axioms_for_correct_number_format(str, radix);
+  const std::size_t max_string_length=40;
+  const exprt &correct=add_axioms_for_correct_number_format(
+    str, radix, max_string_length);
   axioms.push_back(correct);
 
   /// TODO(OJones): size should depend on the radix
   /// TODO(OJones): we should deal with overflow properly
-  for(unsigned size=1; size<=10; size++)
+  for(std::size_t size=1; size<=max_string_length; size++)
   {
     exprt sum=from_integer(0, type);
     exprt first_value=get_numeric_value_from_character(chr, char_type, type);
     equal_exprt premise=str.axiom_for_has_length(size);
 
-    for(unsigned j=1; j<size; j++)
+    for(std::size_t j=1; j<size; j++)
     {
       mult_exprt radix_sum(sum, radix);
-      if(j>=9)
+      if(j>=max_string_length-1)
       {
         // We have to be careful about overflows
         div_exprt div(sum, radix);
@@ -463,7 +467,7 @@ exprt string_constraint_generatort::add_axioms_for_parse_int(
         get_numeric_value_from_character(str[j], char_type, type));
 
       mult_exprt first(first_value, radix);
-      if(j>=9)
+      if(j>=max_string_length-1)
       {
         // We have to be careful about overflows
         div_exprt div_first(first, radix);

From f06649bb633d21229a8fd687023a93b7701ef487 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Fri, 7 Jul 2017 11:27:19 +0100
Subject: [PATCH 397/699] Adding axioms for arrays of characters in the form of
 an if expression

---
 .../refinement/string_constraint_generator.h  |  3 ++
 .../string_constraint_generator_main.cpp      | 31 +++++++++++++++++++
 2 files changed, 34 insertions(+)

diff --git a/src/solvers/refinement/string_constraint_generator.h b/src/solvers/refinement/string_constraint_generator.h
index 55c453d480d..3005a341000 100644
--- a/src/solvers/refinement/string_constraint_generator.h
+++ b/src/solvers/refinement/string_constraint_generator.h
@@ -94,6 +94,9 @@ class string_constraint_generatort
 
   static constant_exprt constant_char(int i, const typet &char_type);
 
+  // Used by string refinement
+  void add_axioms_for_if_array(const exprt &lhs, const if_exprt &expr);
+
 private:
   // The integer with the longest string is Integer.MIN_VALUE which is -2^31,
   // that is -2147483648 so takes 11 characters to write.
diff --git a/src/solvers/refinement/string_constraint_generator_main.cpp b/src/solvers/refinement/string_constraint_generator_main.cpp
index 8ac4f30f26c..60bdc637b42 100644
--- a/src/solvers/refinement/string_constraint_generator_main.cpp
+++ b/src/solvers/refinement/string_constraint_generator_main.cpp
@@ -272,6 +272,37 @@ string_exprt string_constraint_generatort::add_axioms_for_if(
   return res;
 }
 
+/// Add axioms enforcing that the content of the first array is equal to
+/// the true case array if the condition is true and
+/// the else case array otherwise.
+/// \param lhs: an expression
+/// \param expr: an if expression of type array
+void string_constraint_generatort::add_axioms_for_if_array(
+  const exprt &lhs, const if_exprt &expr)
+{
+  PRECONDITION(lhs.type()==expr.type());
+  PRECONDITION(expr.type().id()==ID_array);
+  exprt t=expr.true_case();
+  exprt f=expr.false_case();
+  INVARIANT(t.type()==f.type(), "branches of if_exprt should have same type");
+  const array_typet &type=to_array_type(t.type());
+  const typet &index_type=type.size().type();
+  const exprt max_length=from_integer(max_string_length, index_type);
+
+  // We add axioms:
+  // a1 : forall qvar<max_length, cond => lhs[qvar] = t[qvar]
+  // a1 : forall qvar2<max_length, !cond => lhs[qvar] = f[qvar]
+  symbol_exprt qvar=fresh_univ_index("QA_array_if_true", index_type);
+  equal_exprt qequal(index_exprt(lhs, qvar), index_exprt(t, qvar));
+  string_constraintt a1(qvar, max_length, expr.cond(), qequal);
+  axioms.push_back(a1);
+
+  symbol_exprt qvar2=fresh_univ_index("QA_array_if_false", index_type);
+  equal_exprt qequal2(index_exprt(lhs, qvar2), index_exprt(f, qvar2));
+  string_constraintt a2(qvar2, max_length, not_exprt(expr.cond()), qequal2);
+  axioms.push_back(a2);
+}
+
 /// if a symbol representing a string is present in the symbol_to_string table,
 /// returns the corresponding string, if the symbol is not yet present, creates
 /// a new string with the correct type depending on whether the mode is java or

From 30306f1fed9a466f20f9a8285add7f7bb4d623bd Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Sun, 9 Jul 2017 10:51:43 +0100
Subject: [PATCH 398/699] Handling of if_exprt in char array assignment

We handle that by calling constraint generation for "if" expressions.
---
 src/solvers/refinement/string_refinement.cpp | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/solvers/refinement/string_refinement.cpp b/src/solvers/refinement/string_refinement.cpp
index b8605ac3fb7..09d88f7817f 100644
--- a/src/solvers/refinement/string_refinement.cpp
+++ b/src/solvers/refinement/string_refinement.cpp
@@ -218,12 +218,17 @@ bool string_refinementt::add_axioms_for_string_assigns(
       add_symbol_to_symbol_map(lhs, rhs);
       return false;
     }
-    else if(rhs.id() == ID_nondet_symbol)
+    else if(rhs.id()==ID_nondet_symbol)
     {
       add_symbol_to_symbol_map(
         lhs, generator.fresh_symbol("nondet_array", lhs.type()));
       return false;
     }
+    else if(rhs.id()==ID_if)
+    {
+      generator.add_axioms_for_if_array(lhs, to_if_expr(rhs));
+      return false;
+    }
     else
     {
       debug() << "string_refinement warning: not handling char_array: "

From 2e6d2ce68fd820ed851244affdd463c3c76dab3a Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Sun, 9 Jul 2017 09:41:33 +0100
Subject: [PATCH 399/699] Using warning() for warning messages in string solver

---
 src/solvers/refinement/string_refinement.cpp | 15 ++++++---------
 1 file changed, 6 insertions(+), 9 deletions(-)

diff --git a/src/solvers/refinement/string_refinement.cpp b/src/solvers/refinement/string_refinement.cpp
index 09d88f7817f..048ad34e41d 100644
--- a/src/solvers/refinement/string_refinement.cpp
+++ b/src/solvers/refinement/string_refinement.cpp
@@ -231,8 +231,7 @@ bool string_refinementt::add_axioms_for_string_assigns(
     }
     else
     {
-      debug() << "string_refinement warning: not handling char_array: "
-              << from_expr(ns, "", rhs) << eom;
+      warning() << "ignoring char array " << from_expr(ns, "", rhs) << eom;
       return true;
     }
   }
@@ -375,8 +374,8 @@ void string_refinementt::set_to(const exprt &expr, bool value)
 
     if(eq_expr.lhs().type()!=eq_expr.rhs().type())
     {
-      debug() << "(sr::set_to) WARNING: ignoring "
-              << from_expr(ns, "", expr) << " [inconsistent types]" << eom;
+      warning() << "ignoring " << from_expr(ns, "", expr)
+                << " [inconsistent types]" << eom;
       debug() << "lhs has type: " << eq_expr.lhs().type().pretty(12) << eom;
       debug() << "rhs has type: " << eq_expr.rhs().type().pretty(12) << eom;
       return;
@@ -397,8 +396,7 @@ void string_refinementt::set_to(const exprt &expr, bool value)
     // TODO: See if this happens at all.
     if(lhs.id()!=ID_symbol)
     {
-      debug() << "(sr::set_to) WARNING: ignoring "
-              << from_expr(ns, "", expr) << eom;
+      warning() << "ignoring " << from_expr(ns, "", expr) << eom;
       return;
     }
 
@@ -409,9 +407,8 @@ void string_refinementt::set_to(const exprt &expr, bool value)
          subst_rhs.type().id() != ID_array ||
          eq_expr.lhs().type().subtype() != subst_rhs.type().subtype())
       {
-        debug() << "(sr::set_to) WARNING: ignoring "
-                << from_expr(ns, "", expr) << " [inconsistent types after substitution]"
-                << eom;
+        warning() << "ignoring " << from_expr(ns, "", expr)
+                  << " [inconsistent types after substitution]" << eom;
         return;
       }
       else

From b84d9d59bb9e110a3821ab106dfd69e2751e1c47 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Sun, 9 Jul 2017 10:50:52 +0100
Subject: [PATCH 400/699] Handling of if_exprt in checking universal axioms of
 string solver

---
 src/solvers/refinement/string_refinement.cpp | 24 +++++++++++++++++---
 1 file changed, 21 insertions(+), 3 deletions(-)

diff --git a/src/solvers/refinement/string_refinement.cpp b/src/solvers/refinement/string_refinement.cpp
index 048ad34e41d..bdc33e7fe6d 100644
--- a/src/solvers/refinement/string_refinement.cpp
+++ b/src/solvers/refinement/string_refinement.cpp
@@ -859,9 +859,15 @@ exprt string_refinementt::substitute_array_with_expr(
 }
 
 /// create an equivalent expression where array accesses and 'with' expressions
-/// are replaced by 'if' expressions. e.g. for an array access arr[x], where:
-/// `arr := {12, 24, 48}` the constructed expression will be: `index==0 ? 12 :
-/// index==1 ? 24 : 48`
+/// are replaced by 'if' expressions, in particular:
+///  * for an array access `arr[x]`, where:
+///    `arr := {12, 24, 48}` the constructed expression will be:
+///    `index==0 ? 12 : index==1 ? 24 : 48`
+///  * for an array access `arr[x]`, where:
+///    `arr := array_of(12) with {0:=24} with {2:=42}` the constructed
+///    expression will be: `index==0 ? 24 : index==2 ? 42 : 12`
+///  * for an array access `(g1?arr1:arr2)[x]` where `arr1 := {12}` and
+///    `arr2 := {34}`, the constructed expression will be: `g1 ? 12 : 34`
 /// \param expr: an expression containing array accesses
 /// \return an expression containing no array access
 void string_refinementt::substitute_array_access(exprt &expr) const
@@ -892,6 +898,18 @@ void string_refinementt::substitute_array_access(exprt &expr) const
       return;
     }
 
+    if(index_expr.array().id()==ID_if)
+    {
+      // Substitute recursively in branches of conditional expressions
+      if_exprt if_expr=to_if_expr(index_expr.array());
+      exprt true_case=index_exprt(if_expr.true_case(), index_expr.index());
+      substitute_array_access(true_case);
+      exprt false_case=index_exprt(if_expr.false_case(), index_expr.index());
+      substitute_array_access(false_case);
+      expr=if_exprt(if_expr.cond(), true_case, false_case);
+      return;
+    }
+
     assert(index_expr.array().id()==ID_array);
     array_exprt &array_expr=to_array_expr(index_expr.array());
 

From cc201f7a7fdcfa15e66dfbd8dd4e301f211790e1 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Sun, 9 Jul 2017 10:43:03 +0100
Subject: [PATCH 401/699] Test for char array expressions containing if_expr in
 VCC

The added test are failing with versions of the string solver that
would not take into account if expressions.
---
 .../strings-smoke-tests/java_if/test.class      | Bin 0 -> 914 bytes
 .../strings-smoke-tests/java_if/test.desc       |   9 +++++++++
 .../strings-smoke-tests/java_if/test.java       |  16 ++++++++++++++++
 3 files changed, 25 insertions(+)
 create mode 100644 regression/strings-smoke-tests/java_if/test.class
 create mode 100644 regression/strings-smoke-tests/java_if/test.desc
 create mode 100644 regression/strings-smoke-tests/java_if/test.java

diff --git a/regression/strings-smoke-tests/java_if/test.class b/regression/strings-smoke-tests/java_if/test.class
new file mode 100644
index 0000000000000000000000000000000000000000..11958bd6ce9137566602a6e24fad7ad1628c9971
GIT binary patch
literal 914
zcmZuvZEw<06n-u(v~*=K#s;Y9m{SY5p>w{)#ptHSMAQ!$&8A-py;(ZD7Tcn~W&8pC
z=t}~Li*H~3Pa4mqY|Lqz+<R`%bDwjb=iHyaKYs<Vg6kS$IHh1tMOneTiqjfoEGRf5
z_OnT(aZW^rii!pWRRuK-DRJezhD9tfOfQ&0!2Qtn+~AHKm@S7}3~ZAjv1+?^c#}ag
zDo+{Yb<g4q>4xp{N8Ozk_n!zbC3Z~PWyl$o#<uy|tUIQ=Rd0sA?QY#*NHs&V{qmvN
z8KM=`sZR!Vwe5`9wWing+x(s_xRN0c!X-hYV;VVz%$V|VYn!)2>g$c?J64$?Kh8zv
z*1EQ1ai1Xfx#M_qg5$zp91%{(MJ(%>LRQBm6d3df9}(+h>}7_+nEm#?Lw9}OBYIhM
zso;u^tGGrMK0hQp>XL-d7>E9j><~UC%ua{9<niMF0RP+>X(B>3^dcJK;IF!-6C5cr
zDqW%3rN_;$J2YU1S&Ij@&#eP3G?%bT37YOE%JfoV^rTp(AZ(#X0trKo))_jLXlJy?
zs{^nP0*F~!6T_c0Hsn#DSU}&=RY7H{Ul4mxm9kQE5AsGfK0u;Tm6m@%*~MgyqVG`p
zP@jE7vWI-F4=p><hu*`)9#R_vOny6(*&SyD`aKni4cnN9N^zXN1jIAX(YZvC0Uc}f
z++Sc4MM9(?{eq$3n1bWQB7sgE2wWK|0j9F)J~BNh@>|H#CnSZ~sLH-r!4yYKza=aw
I4bvz80D92A*8l(j

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_if/test.desc b/regression/strings-smoke-tests/java_if/test.desc
new file mode 100644
index 00000000000..382365ad33b
--- /dev/null
+++ b/regression/strings-smoke-tests/java_if/test.desc
@@ -0,0 +1,9 @@
+CORE
+test.class
+--refine-strings --string-max-length 100
+^EXIT=10$
+^SIGNAL=0$
+^\[.*assertion.1\].* line 12.* SUCCESS$
+^\[.*assertion.2\].* line 13.* FAILURE$
+--
+$ignoring\s*char\s*array
diff --git a/regression/strings-smoke-tests/java_if/test.java b/regression/strings-smoke-tests/java_if/test.java
new file mode 100644
index 00000000000..9760eb7bb2a
--- /dev/null
+++ b/regression/strings-smoke-tests/java_if/test.java
@@ -0,0 +1,16 @@
+public class test
+{
+    public static String main()
+    {
+        Object t[] = new Object[5];
+        t[0] = "world!";
+        StringBuilder s = new StringBuilder("Hello ");
+        if(t[0] instanceof String)
+        {
+            s.append((String) t[0]);
+        }
+        assert(s.toString().equals("Hello world!"));
+        assert(!s.toString().equals("Hello world!"));
+        return s.toString();
+    }
+}

From 8dcff58e8413dad898433cc8a616b48ccbf4b2fd Mon Sep 17 00:00:00 2001
From: thk123 <thomas@diffblue.com>
Date: Fri, 30 Jun 2017 12:22:58 +0100
Subject: [PATCH 402/699] Code tidy changes

Clarifying comment in symbol_table and adding required braces

Correcting an include postion

Removed unusued method declaration
---
 src/java_bytecode/java_object_factory.cpp | 9 +++------
 src/util/symbol_table.cpp                 | 5 ++---
 2 files changed, 5 insertions(+), 9 deletions(-)

diff --git a/src/java_bytecode/java_object_factory.cpp b/src/java_bytecode/java_object_factory.cpp
index 61f287ced07..181130ee9e1 100644
--- a/src/java_bytecode/java_object_factory.cpp
+++ b/src/java_bytecode/java_object_factory.cpp
@@ -6,6 +6,7 @@ Author: Daniel Kroening, kroening@kroening.com
 
 \*******************************************************************/
 
+#include "java_object_factory.h"
 
 #include <unordered_set>
 #include <sstream>
@@ -26,7 +27,6 @@ Author: Daniel Kroening, kroening@kroening.com
 
 #include <goto-programs/goto_functions.h>
 
-#include "java_object_factory.h"
 #include "java_types.h"
 #include "java_utils.h"
 
@@ -59,11 +59,6 @@ class java_object_factoryt
     const exprt &expr,
     const pointer_typet &ptr_type);
 
-  void gen_pointer_target_init(
-    const exprt &expr,
-    const typet &target_type,
-    bool create_dynamic_objects,
-    update_in_placet update_in_place);
 
   code_assignt get_null_assignment(
     const exprt &expr,
@@ -356,8 +351,10 @@ void java_object_factoryt::gen_pointer_target_init(
     if(target.id()==ID_address_of)
       init_expr=target.op0();
     else
+    {
       init_expr=
         dereference_exprt(target, target.type().subtype());
+    }
     gen_nondet_init(
       assignments,
       init_expr,
diff --git a/src/util/symbol_table.cpp b/src/util/symbol_table.cpp
index 2dd167600cf..43c0301dd7e 100644
--- a/src/util/symbol_table.cpp
+++ b/src/util/symbol_table.cpp
@@ -13,9 +13,8 @@ Author: Daniel Kroening, kroening@kroening.com
 
 /// Add a new symbol to the symbol table
 /// \param symbol: The symbol to be added to the symbol table
-/// \return Returns a boolean indicating whether the process failed, which
-///   should only happen if there is a symbol with the same name already in the
-///   symbol table
+/// \return Returns true if the process failed, which should only happen if
+///   there is a symbol with the same name already in the symbol table.
 bool symbol_tablet::add(const symbolt &symbol)
 {
   if(!symbols.insert(std::pair<irep_idt, symbolt>(symbol.name, symbol)).second)

From a904f089c41809b24bc9877331169acf998ada4c Mon Sep 17 00:00:00 2001
From: thk123 <thomas@diffblue.com>
Date: Tue, 6 Jun 2017 13:09:43 +0100
Subject: [PATCH 403/699] Add class for randomly selecting a concrete child of
 an abstract class

When generating a pointer to an abstract type, replace it with a pointer
to a concrete type that derives from that abstract type.
---
 src/java_bytecode/Makefile                    |   1 +
 .../get_concrete_class_at_random.cpp          | 100 ++++++++++++++++++
 .../get_concrete_class_at_random.h            |  32 ++++++
 src/java_bytecode/java_object_factory.cpp     |  18 +++-
 4 files changed, 149 insertions(+), 2 deletions(-)
 create mode 100644 src/java_bytecode/get_concrete_class_at_random.cpp
 create mode 100644 src/java_bytecode/get_concrete_class_at_random.h

diff --git a/src/java_bytecode/Makefile b/src/java_bytecode/Makefile
index 5125f2f6664..df1d707d12f 100644
--- a/src/java_bytecode/Makefile
+++ b/src/java_bytecode/Makefile
@@ -2,6 +2,7 @@ SRC = bytecode_info.cpp \
       character_refine_preprocess.cpp \
       ci_lazy_methods.cpp \
       expr2java.cpp \
+      get_concrete_class_at_random.cpp \
       jar_file.cpp \
       java_bytecode_convert_class.cpp \
       java_bytecode_convert_method.cpp \
diff --git a/src/java_bytecode/get_concrete_class_at_random.cpp b/src/java_bytecode/get_concrete_class_at_random.cpp
new file mode 100644
index 00000000000..c07a7a4f3c7
--- /dev/null
+++ b/src/java_bytecode/get_concrete_class_at_random.cpp
@@ -0,0 +1,100 @@
+// Copyright 2016-2017 DiffBlue Limited. All Rights Reserved.
+
+/// \file
+/// Java Bytecode Language Conversion
+
+#include "get_concrete_class_at_random.h"
+
+#include <algorithm>
+#include <random>
+
+#include <util/namespace.h>
+#include <util/std_types.h>
+#include <util/symbol_table.h>
+
+#include <goto-programs/class_hierarchy.h>
+
+/// Get type the pointer is pointing to, replacing it with a concrete
+/// implementation when it is abstract.
+/// \param `pointer_type`: The type of the pointer
+/// \return The subtype of the pointer. If this is an abstract class then we
+///   will randomly select a concrete child class.
+typet get_concrete_class_at_randomt::operator()(
+  const pointer_typet &pointer_type)
+{
+  const typet &subtype=ns.follow(pointer_type.subtype());
+  if(subtype.id()==ID_struct)
+  {
+    const class_typet &class_type=to_class_type(subtype);
+
+    if(class_type.is_class() && class_type.is_abstract())
+    {
+      return select_concrete_type(class_type);
+    }
+  }
+
+  // Here we must return the original subtype as if it is a pointer to a java
+  // array java_object_factoryt::gen_nondet_array_init relies on the subtype
+  // being a ID_symbol, here we have followed the symbol to its resolution.
+  // Perhaps java_object_factoryt::gen_nondet_array_init should support this
+  // Perhaps select_concrete_type when it fails should also ensure it doesn't
+  // modify the subtype (currently if no concrete implementations we'd do the same
+  // - swap a symbol to a struct
+  return pointer_type.subtype();
+}
+
+/// Randomly select a concrete sub-class of an abstract class or interface This
+/// can be then used when analyzing the function.
+/// \param `abstract_type`: an class type that is abstract (i.e. either an
+/// interface or a abstract class).
+/// \return A class_typet that the GOTO code should instantiate to fill this
+///   type. This will be a concrete type unless no concrete types are found that
+///   inherit from the abstract_type. `
+class_typet get_concrete_class_at_randomt::select_concrete_type(
+  const class_typet &abstract_type)
+{
+  if(!abstract_type.is_abstract())
+    throw std::invalid_argument("abstract_type");
+
+  const symbol_tablet &symbol_table=ns.get_symbol_table();
+  // abstract class - we should find a derived class ideally to test with
+  class_hierarchyt class_hierachy;
+  class_hierachy(symbol_table);
+  class_hierarchyt::idst child_ids=
+    class_hierachy.get_children_trans(abstract_type.get_string(ID_name));
+
+  // filter out abstract classes
+  class_hierarchyt::idst concrete_childen;
+  std::copy_if(
+    child_ids.begin(),
+    child_ids.end(),
+    std::back_inserter(concrete_childen),
+    [&] (const irep_idt &child_class_id)
+    {
+      const symbolt &type_symbol=symbol_table.lookup(child_class_id);
+      const class_typet &child_type=to_class_type(type_symbol.type);
+      return child_type.is_class() && !child_type.is_abstract();
+    });
+
+
+  if(concrete_childen.size()>0)
+  {
+    //Will be used to obtain a seed for the random number engine
+    std::random_device rd;
+    //Standard mersenne_twister_engine seeded with rd()
+    std::mt19937 gen(rd());
+    std::uniform_int_distribution<unsigned long> class_selector(
+      0, concrete_childen.size()-1);
+    unsigned long selected_class_index=class_selector(gen);
+    const symbolt &type_symbol=
+      symbol_table.lookup(concrete_childen[selected_class_index]);
+    const class_typet &child_type=to_class_type(type_symbol.type);
+    return child_type;
+  }
+  else
+  {
+    // else no children in the symbol table - here the best we can do is
+    // mock the interface/abstract object
+    return abstract_type;
+  }
+}
diff --git a/src/java_bytecode/get_concrete_class_at_random.h b/src/java_bytecode/get_concrete_class_at_random.h
new file mode 100644
index 00000000000..9bde1f4e5a6
--- /dev/null
+++ b/src/java_bytecode/get_concrete_class_at_random.h
@@ -0,0 +1,32 @@
+/*******************************************************************\
+
+Module: Java Bytecode Language Conversion
+
+Author: DiffBlue Limited. All rights reserved.
+
+\*******************************************************************/
+
+/// \file
+/// Java Bytecode Language Conversion
+
+#ifndef CPROVER_JAVA_BYTECODE_GET_CONCRETE_CLASS_AT_RANDOM_H
+#define CPROVER_JAVA_BYTECODE_GET_CONCRETE_CLASS_AT_RANDOM_H
+
+#include <util/std_types.h>
+
+class namespacet;
+
+class get_concrete_class_at_randomt
+{
+public:
+  explicit get_concrete_class_at_randomt (const namespacet &ns):ns(ns)
+  {}
+
+  typet operator()(const pointer_typet &pointer_type);
+
+private:
+  const namespacet& ns;
+  class_typet select_concrete_type(const class_typet &abstract_type);
+};
+
+#endif // CPROVER_JAVA_BYTECODE_GET_CONCRETE_CLASS_AT_RANDOM_H
diff --git a/src/java_bytecode/java_object_factory.cpp b/src/java_bytecode/java_object_factory.cpp
index 181130ee9e1..b845bba1436 100644
--- a/src/java_bytecode/java_object_factory.cpp
+++ b/src/java_bytecode/java_object_factory.cpp
@@ -27,6 +27,8 @@ Author: Daniel Kroening, kroening@kroening.com
 
 #include <goto-programs/goto_functions.h>
 
+#include <java_bytecode/get_concrete_class_at_random.h>
+
 #include "java_types.h"
 #include "java_utils.h"
 
@@ -396,6 +398,7 @@ void java_object_factoryt::gen_nondet_pointer_init(
   {
     const struct_typet &struct_type=to_struct_type(subtype);
     const irep_idt &struct_tag=struct_type.get_tag();
+
     // If this is a recursive type of some kind, set null.
     if(!recursion_set.insert(struct_tag).second)
     {
@@ -854,12 +857,23 @@ exprt object_factory(
   irep_idt identifier=id2string(goto_functionst::entry_point())+
     "::"+id2string(base_name);
 
+  typet real_type=type;
+  if(type.id()==ID_pointer && type.subtype().id()==ID_symbol)
+  {
+    const pointer_typet &pointer_type=to_pointer_type(type);
+    const namespacet ns(symbol_table);
+    get_concrete_class_at_randomt get_concrete_class_at_random(ns);
+    const typet &resolved_type=
+      get_concrete_class_at_random(pointer_type);
+    real_type.subtype()=resolved_type;
+  }
+
   auxiliary_symbolt main_symbol;
   main_symbol.mode=ID_java;
   main_symbol.is_static_lifetime=false;
   main_symbol.name=identifier;
   main_symbol.base_name=base_name;
-  main_symbol.type=type;
+  main_symbol.type=real_type;
   main_symbol.location=loc;
 
   exprt object=main_symbol.symbol_expr();
@@ -871,7 +885,7 @@ exprt object_factory(
   std::vector<const symbolt *> symbols_created;
   symbols_created.push_back(main_symbol_ptr);
 
-  symbolt &aux_symbol=new_tmp_symbol(symbol_table, loc, type);
+  symbolt &aux_symbol=new_tmp_symbol(symbol_table, loc, real_type);
   aux_symbol.is_static_lifetime=true;
 
   java_object_factoryt state(

From d5513db13bd9456f4b8dbed6ced151d2f721e5c0 Mon Sep 17 00:00:00 2001
From: Owen Jones <owen.jones@diffblue.com>
Date: Mon, 26 Jun 2017 17:48:28 +0100
Subject: [PATCH 404/699] Make class derived from object factory

---
 src/java_bytecode/java_object_factory.cpp | 130 ++++++++++++++++++----
 1 file changed, 107 insertions(+), 23 deletions(-)

diff --git a/src/java_bytecode/java_object_factory.cpp b/src/java_bytecode/java_object_factory.cpp
index b845bba1436..3d7951ccfdc 100644
--- a/src/java_bytecode/java_object_factory.cpp
+++ b/src/java_bytecode/java_object_factory.cpp
@@ -49,6 +49,7 @@ static symbolt &new_tmp_symbol(
 
 class java_object_factoryt
 {
+protected:
   std::vector<const symbolt *> &symbols_created;
   const source_locationt &loc;
   std::unordered_set<irep_idt, irep_id_hash> recursion_set;
@@ -65,13 +66,14 @@ class java_object_factoryt
   code_assignt get_null_assignment(
     const exprt &expr,
     const pointer_typet &ptr_type);
-
-  void gen_pointer_target_init(
+protected:
+  virtual void gen_pointer_target_init(
     code_blockt &assignments,
     const exprt &expr,
     const typet &target_type,
     bool create_dynamic_objects,
-    update_in_placet);
+    update_in_placet update_in_place);
+protected:
 
   void allocate_nondet_length_array(
     code_blockt &assignments,
@@ -94,6 +96,8 @@ class java_object_factoryt
       ns(_symbol_table)
   {}
 
+  virtual ~java_object_factoryt()=default;
+
   exprt allocate_object(
     code_blockt &assignments,
     const exprt &,
@@ -105,7 +109,7 @@ class java_object_factoryt
     const exprt &expr,
     update_in_placet);
 
-  void gen_nondet_init(
+  virtual void gen_nondet_init(
     code_blockt &assignments,
     const exprt &expr,
     bool is_sub,
@@ -136,6 +140,36 @@ class java_object_factoryt
     const update_in_placet &update_in_place);
 };
 
+
+class java_object_factory_with_randomt:java_object_factoryt
+{
+public:
+  java_object_factory_with_randomt(
+    std::vector<const symbolt *> &_symbols_created,
+    const source_locationt &loc,
+    bool _assume_non_null,
+    size_t _max_nondet_array_length,
+    symbol_tablet &_symbol_table):
+      java_object_factoryt(
+        _symbols_created,
+        loc,
+        _assume_non_null,
+        _max_nondet_array_length,
+        _symbol_table)
+  {}
+
+  void gen_nondet_init(
+    code_blockt &assignments,
+    const exprt &expr,
+    bool is_sub,
+    irep_idt class_identifier,
+    bool skip_classid,
+    bool create_dynamic_objects,
+    bool override,
+    const typet &override_type,
+    update_in_placet update_in_place) override;
+};
+
 /// Generates code for allocating a dynamic object. This is used in
 /// allocate_object and for allocating strings in the library preprocessing.
 /// \param target_expr: expression to which the necessary memory will be
@@ -660,7 +694,7 @@ void java_object_factoryt::gen_nondet_init(
   }
 }
 
-/// Allocates a fresh array. Single-use herem at the moment, but useful to keep
+/// Allocates a fresh array. Single-use at the moment, but useful to keep
 /// as a separate function for downstream branches.
 /// \par parameters: `lhs`, symbol to assign the new array structure
 /// `max_length_expr`, maximum length of the new array (minimum is fixed at zero
@@ -857,23 +891,12 @@ exprt object_factory(
   irep_idt identifier=id2string(goto_functionst::entry_point())+
     "::"+id2string(base_name);
 
-  typet real_type=type;
-  if(type.id()==ID_pointer && type.subtype().id()==ID_symbol)
-  {
-    const pointer_typet &pointer_type=to_pointer_type(type);
-    const namespacet ns(symbol_table);
-    get_concrete_class_at_randomt get_concrete_class_at_random(ns);
-    const typet &resolved_type=
-      get_concrete_class_at_random(pointer_type);
-    real_type.subtype()=resolved_type;
-  }
-
   auxiliary_symbolt main_symbol;
   main_symbol.mode=ID_java;
   main_symbol.is_static_lifetime=false;
   main_symbol.name=identifier;
   main_symbol.base_name=base_name;
-  main_symbol.type=real_type;
+  main_symbol.type=type;
   main_symbol.location=loc;
 
   exprt object=main_symbol.symbol_expr();
@@ -884,11 +907,7 @@ exprt object_factory(
 
   std::vector<const symbolt *> symbols_created;
   symbols_created.push_back(main_symbol_ptr);
-
-  symbolt &aux_symbol=new_tmp_symbol(symbol_table, loc, real_type);
-  aux_symbol.is_static_lifetime=true;
-
-  java_object_factoryt state(
+  java_object_factory_with_randomt state(
     symbols_created,
     loc,
     !allow_null,
@@ -951,7 +970,7 @@ void gen_nondet_init(
 {
   std::vector<const symbolt *> symbols_created;
 
-  java_object_factoryt state(
+  java_object_factory_with_randomt state(
     symbols_created,
     loc,
     assume_non_null,
@@ -980,3 +999,68 @@ void gen_nondet_init(
 
   init_code.append(assignments);
 }
+
+
+void java_object_factory_with_randomt::gen_nondet_init(
+  code_blockt &assignments,
+  const exprt &expr,
+  bool is_sub,
+  irep_idt class_identifier,
+  bool skip_classid,
+  bool create_dynamic_objects,
+  bool override,
+  const typet &override_type,
+  update_in_placet update_in_place)
+{
+  const typet &type=
+    override ? ns.follow(override_type) : ns.follow(expr.type());
+  typet real_type=type;
+
+  if(type.id()==ID_pointer && type.subtype().id()==ID_symbol)
+  {
+    const pointer_typet &pointer_type=to_pointer_type(type);
+    const namespacet ns(symbol_table);
+    get_concrete_class_at_randomt get_concrete_class_at_random(ns);
+    const typet &resolved_type=
+      get_concrete_class_at_random(pointer_type);
+
+    if(resolved_type!=real_type.subtype())
+    {
+      // Generate GOTO code to initalize the selected concrete type
+      // A { ... } tmp_object;
+      // A.x = NONDET ...
+      // // non-det init of all the fields of A
+      // A * p = &tmp_object
+      // expr = (I *)p
+
+      symbolt new_symbol=new_tmp_symbol(symbol_table, loc, pointer_typet(resolved_type));
+
+      // Generate a new object into this new symbol
+      gen_nondet_init(
+        assignments,
+        new_symbol.symbol_expr(),
+        is_sub,
+        class_identifier,
+        skip_classid,
+        create_dynamic_objects,
+        override,
+        override_type,
+        update_in_placet::NO_UPDATE_IN_PLACE);
+
+      assignments.add(
+        code_assignt(expr, typecast_exprt(new_symbol.symbol_expr(), type)));
+
+      return;
+    }
+  }
+  java_object_factoryt::gen_nondet_init(
+    assignments,
+    expr,
+    is_sub,
+    class_identifier,
+    skip_classid,
+    create_dynamic_objects,
+    override,
+    override_type,
+    update_in_place);
+}

From 78a4e05ad776d014b084da328d84b7bf8ddf8488 Mon Sep 17 00:00:00 2001
From: thk123 <thomas@diffblue.com>
Date: Fri, 30 Jun 2017 12:51:57 +0100
Subject: [PATCH 405/699] Made the random selection alphabetical instead of
 random

Use a class to handle exactly when types should be replaced.
---
 src/java_bytecode/Makefile                    |   3 +-
 .../get_concrete_class_alphabetically.cpp     | 123 ++++++++++++++++++
 .../get_concrete_class_alphabetically.h       |  32 +++++
 .../get_concrete_class_at_random.cpp          | 100 --------------
 .../get_concrete_class_at_random.h            |  32 -----
 src/java_bytecode/java_object_factory.cpp     |  13 +-
 src/java_bytecode/select_pointer_type.cpp     |  60 +++++++++
 src/java_bytecode/select_pointer_type.h       |  32 +++++
 8 files changed, 256 insertions(+), 139 deletions(-)
 create mode 100644 src/java_bytecode/get_concrete_class_alphabetically.cpp
 create mode 100644 src/java_bytecode/get_concrete_class_alphabetically.h
 delete mode 100644 src/java_bytecode/get_concrete_class_at_random.cpp
 delete mode 100644 src/java_bytecode/get_concrete_class_at_random.h
 create mode 100644 src/java_bytecode/select_pointer_type.cpp
 create mode 100644 src/java_bytecode/select_pointer_type.h

diff --git a/src/java_bytecode/Makefile b/src/java_bytecode/Makefile
index df1d707d12f..ba28e401492 100644
--- a/src/java_bytecode/Makefile
+++ b/src/java_bytecode/Makefile
@@ -2,7 +2,7 @@ SRC = bytecode_info.cpp \
       character_refine_preprocess.cpp \
       ci_lazy_methods.cpp \
       expr2java.cpp \
-      get_concrete_class_at_random.cpp \
+      get_concrete_class_alphabetically.cpp \
       jar_file.cpp \
       java_bytecode_convert_class.cpp \
       java_bytecode_convert_method.cpp \
@@ -25,6 +25,7 @@ SRC = bytecode_info.cpp \
       java_string_library_preprocess.cpp \
       java_types.cpp \
       java_utils.cpp \
+      select_pointer_type.cpp \
       # Empty last line
 
 INCLUDES= -I ..
diff --git a/src/java_bytecode/get_concrete_class_alphabetically.cpp b/src/java_bytecode/get_concrete_class_alphabetically.cpp
new file mode 100644
index 00000000000..01bf6519e21
--- /dev/null
+++ b/src/java_bytecode/get_concrete_class_alphabetically.cpp
@@ -0,0 +1,123 @@
+/*******************************************************************\
+
+Module: Java Bytecode Language Conversion
+
+Author: DiffBlue Limited. All rights reserved.
+
+\*******************************************************************/
+
+/// \file
+/// Select a subclass of the provided type, picking the alphabetically first
+
+#include "get_concrete_class_alphabetically.h"
+
+#include <algorithm>
+
+#include <util/invariant.h>
+#include <util/namespace.h>
+#include <util/std_types.h>
+#include <util/symbol_table.h>
+
+#include <goto-programs/class_hierarchy.h>
+
+/// Get type the pointer is pointing to, replacing it with a concrete
+/// implementation when it is abstract.
+/// \param `pointer_type`: The type of the pointer
+/// \return The subtype of the pointer. If this is an abstract class then we
+///   will randomly select a concrete child class.
+pointer_typet get_concrete_class_alphabeticallyt::operator()(
+  const pointer_typet &pointer_type)
+{
+  const typet &subtype=ns.follow(pointer_type.subtype());
+  INVARIANT(subtype.id()==ID_struct,
+    "Can only find derived classes of class types");
+
+  const class_typet &class_type=to_class_type(subtype);
+  INVARIANT(class_type.is_class(),
+    "Can only find derived classes of class types");
+
+  const class_typet &selected_subtype=select_concrete_type(class_type);
+
+  // If we've not selected a subtype (i.e. there aren't any) we should
+  // return the original unmodified type
+  if(selected_subtype==class_type)
+  {
+    return pointer_type;
+  }
+
+  // Recreate the pointer_type as it was before
+  if(pointer_type.subtype().id()==ID_symbol)
+  {
+    INVARIANT(
+      ns.get_symbol_table().has_symbol(selected_subtype.get(ID_name)),
+      "Selected a type that wasn't in the symbol table");
+
+    symbol_typet symbol_subtype(selected_subtype.get(ID_name));
+
+    return pointer_typet(symbol_subtype);
+  }
+  else
+  {
+    return pointer_typet(selected_subtype);
+  }
+}
+
+/// Select the alphabetically first concrete sub-class of an abstract class or
+/// interface This can be then used when analyzing the function.
+/// \param `abstract_type`: an class type that is abstract (i.e. either an
+///   interface or a abstract class).
+/// \return A class_typet that the GOTO code should instantiate to fill this
+///   type. This will be a concrete type unless no concrete types are found that
+///   inherit from the abstract_type. `
+class_typet get_concrete_class_alphabeticallyt::select_concrete_type(
+  const class_typet &abstract_type)
+{
+  const symbol_tablet &symbol_table=ns.get_symbol_table();
+  // abstract class - we should find a derived class ideally to test with
+  class_hierarchyt class_hierachy;
+  class_hierachy(symbol_table);
+  class_hierarchyt::idst child_ids=
+    class_hierachy.get_children_trans(abstract_type.get_string(ID_name));
+
+  // filter out abstract classes
+  class_hierarchyt::idst concrete_childen;
+  std::copy_if(
+    child_ids.begin(),
+    child_ids.end(),
+    std::back_inserter(concrete_childen),
+    [&] (const irep_idt &child_class_id)
+    {
+      const symbolt &type_symbol=symbol_table.lookup(child_class_id);
+      const class_typet &child_type=to_class_type(type_symbol.type);
+      return child_type.is_class() && !child_type.is_abstract();
+    });
+
+
+  if(!concrete_childen.empty())
+  {
+    // Alphabetize the list
+    std::sort(
+      concrete_childen.begin(),
+      concrete_childen.end(),
+      [](const irep_idt &a, const irep_idt &b)
+      {
+        return a.compare(b)<0;
+      });
+
+    const symbolt &type_symbol=
+      symbol_table.lookup(concrete_childen.front());
+    INVARIANT(
+      type_symbol.type.id()==ID_struct,
+      "Should always substitute a class type");
+
+    const class_typet &child_type=to_class_type(type_symbol.type);
+    INVARIANT(child_type.is_class(), "Should always substitute a class type");
+    return child_type;
+  }
+  else
+  {
+    // else no children in the symbol table - here the best we can do is
+    // mock the interface/abstract object
+    return abstract_type;
+  }
+}
diff --git a/src/java_bytecode/get_concrete_class_alphabetically.h b/src/java_bytecode/get_concrete_class_alphabetically.h
new file mode 100644
index 00000000000..08f2c00ec50
--- /dev/null
+++ b/src/java_bytecode/get_concrete_class_alphabetically.h
@@ -0,0 +1,32 @@
+/*******************************************************************\
+
+Module: Java Bytecode Language Conversion
+
+Author: DiffBlue Limited. All rights reserved.
+
+\*******************************************************************/
+
+/// \file
+/// Select a subclass of the provided type, picking the alphabetically first
+
+#ifndef CPROVER_JAVA_BYTECODE_GET_CONCRETE_CLASS_ALPHABETICALLY_H
+#define CPROVER_JAVA_BYTECODE_GET_CONCRETE_CLASS_ALPHABETICALLY_H
+
+#include <util/std_types.h>
+
+class namespacet;
+
+class get_concrete_class_alphabeticallyt
+{
+public:
+  explicit get_concrete_class_alphabeticallyt(const namespacet &ns):ns(ns)
+  {}
+
+  pointer_typet operator()(const pointer_typet &pointer_type);
+
+private:
+  const namespacet &ns;
+  class_typet select_concrete_type(const class_typet &abstract_type);
+};
+
+#endif // CPROVER_JAVA_BYTECODE_GET_CONCRETE_CLASS_ALPHABETICALLY_H
diff --git a/src/java_bytecode/get_concrete_class_at_random.cpp b/src/java_bytecode/get_concrete_class_at_random.cpp
deleted file mode 100644
index c07a7a4f3c7..00000000000
--- a/src/java_bytecode/get_concrete_class_at_random.cpp
+++ /dev/null
@@ -1,100 +0,0 @@
-// Copyright 2016-2017 DiffBlue Limited. All Rights Reserved.
-
-/// \file
-/// Java Bytecode Language Conversion
-
-#include "get_concrete_class_at_random.h"
-
-#include <algorithm>
-#include <random>
-
-#include <util/namespace.h>
-#include <util/std_types.h>
-#include <util/symbol_table.h>
-
-#include <goto-programs/class_hierarchy.h>
-
-/// Get type the pointer is pointing to, replacing it with a concrete
-/// implementation when it is abstract.
-/// \param `pointer_type`: The type of the pointer
-/// \return The subtype of the pointer. If this is an abstract class then we
-///   will randomly select a concrete child class.
-typet get_concrete_class_at_randomt::operator()(
-  const pointer_typet &pointer_type)
-{
-  const typet &subtype=ns.follow(pointer_type.subtype());
-  if(subtype.id()==ID_struct)
-  {
-    const class_typet &class_type=to_class_type(subtype);
-
-    if(class_type.is_class() && class_type.is_abstract())
-    {
-      return select_concrete_type(class_type);
-    }
-  }
-
-  // Here we must return the original subtype as if it is a pointer to a java
-  // array java_object_factoryt::gen_nondet_array_init relies on the subtype
-  // being a ID_symbol, here we have followed the symbol to its resolution.
-  // Perhaps java_object_factoryt::gen_nondet_array_init should support this
-  // Perhaps select_concrete_type when it fails should also ensure it doesn't
-  // modify the subtype (currently if no concrete implementations we'd do the same
-  // - swap a symbol to a struct
-  return pointer_type.subtype();
-}
-
-/// Randomly select a concrete sub-class of an abstract class or interface This
-/// can be then used when analyzing the function.
-/// \param `abstract_type`: an class type that is abstract (i.e. either an
-/// interface or a abstract class).
-/// \return A class_typet that the GOTO code should instantiate to fill this
-///   type. This will be a concrete type unless no concrete types are found that
-///   inherit from the abstract_type. `
-class_typet get_concrete_class_at_randomt::select_concrete_type(
-  const class_typet &abstract_type)
-{
-  if(!abstract_type.is_abstract())
-    throw std::invalid_argument("abstract_type");
-
-  const symbol_tablet &symbol_table=ns.get_symbol_table();
-  // abstract class - we should find a derived class ideally to test with
-  class_hierarchyt class_hierachy;
-  class_hierachy(symbol_table);
-  class_hierarchyt::idst child_ids=
-    class_hierachy.get_children_trans(abstract_type.get_string(ID_name));
-
-  // filter out abstract classes
-  class_hierarchyt::idst concrete_childen;
-  std::copy_if(
-    child_ids.begin(),
-    child_ids.end(),
-    std::back_inserter(concrete_childen),
-    [&] (const irep_idt &child_class_id)
-    {
-      const symbolt &type_symbol=symbol_table.lookup(child_class_id);
-      const class_typet &child_type=to_class_type(type_symbol.type);
-      return child_type.is_class() && !child_type.is_abstract();
-    });
-
-
-  if(concrete_childen.size()>0)
-  {
-    //Will be used to obtain a seed for the random number engine
-    std::random_device rd;
-    //Standard mersenne_twister_engine seeded with rd()
-    std::mt19937 gen(rd());
-    std::uniform_int_distribution<unsigned long> class_selector(
-      0, concrete_childen.size()-1);
-    unsigned long selected_class_index=class_selector(gen);
-    const symbolt &type_symbol=
-      symbol_table.lookup(concrete_childen[selected_class_index]);
-    const class_typet &child_type=to_class_type(type_symbol.type);
-    return child_type;
-  }
-  else
-  {
-    // else no children in the symbol table - here the best we can do is
-    // mock the interface/abstract object
-    return abstract_type;
-  }
-}
diff --git a/src/java_bytecode/get_concrete_class_at_random.h b/src/java_bytecode/get_concrete_class_at_random.h
deleted file mode 100644
index 9bde1f4e5a6..00000000000
--- a/src/java_bytecode/get_concrete_class_at_random.h
+++ /dev/null
@@ -1,32 +0,0 @@
-/*******************************************************************\
-
-Module: Java Bytecode Language Conversion
-
-Author: DiffBlue Limited. All rights reserved.
-
-\*******************************************************************/
-
-/// \file
-/// Java Bytecode Language Conversion
-
-#ifndef CPROVER_JAVA_BYTECODE_GET_CONCRETE_CLASS_AT_RANDOM_H
-#define CPROVER_JAVA_BYTECODE_GET_CONCRETE_CLASS_AT_RANDOM_H
-
-#include <util/std_types.h>
-
-class namespacet;
-
-class get_concrete_class_at_randomt
-{
-public:
-  explicit get_concrete_class_at_randomt (const namespacet &ns):ns(ns)
-  {}
-
-  typet operator()(const pointer_typet &pointer_type);
-
-private:
-  const namespacet& ns;
-  class_typet select_concrete_type(const class_typet &abstract_type);
-};
-
-#endif // CPROVER_JAVA_BYTECODE_GET_CONCRETE_CLASS_AT_RANDOM_H
diff --git a/src/java_bytecode/java_object_factory.cpp b/src/java_bytecode/java_object_factory.cpp
index 3d7951ccfdc..237b3fd189a 100644
--- a/src/java_bytecode/java_object_factory.cpp
+++ b/src/java_bytecode/java_object_factory.cpp
@@ -27,8 +27,8 @@ Author: Daniel Kroening, kroening@kroening.com
 
 #include <goto-programs/goto_functions.h>
 
-#include <java_bytecode/get_concrete_class_at_random.h>
 
+#include <java_bytecode/select_pointer_type.h>
 #include "java_types.h"
 #include "java_utils.h"
 
@@ -1020,11 +1020,12 @@ void java_object_factory_with_randomt::gen_nondet_init(
   {
     const pointer_typet &pointer_type=to_pointer_type(type);
     const namespacet ns(symbol_table);
-    get_concrete_class_at_randomt get_concrete_class_at_random(ns);
-    const typet &resolved_type=
-      get_concrete_class_at_random(pointer_type);
 
-    if(resolved_type!=real_type.subtype())
+    select_pointer_typet pointer_type_selector(ns);
+    const pointer_typet &replacement_pointer=
+      pointer_type_selector(pointer_type);
+
+    if(replacement_pointer!=real_type)
     {
       // Generate GOTO code to initalize the selected concrete type
       // A { ... } tmp_object;
@@ -1033,7 +1034,7 @@ void java_object_factory_with_randomt::gen_nondet_init(
       // A * p = &tmp_object
       // expr = (I *)p
 
-      symbolt new_symbol=new_tmp_symbol(symbol_table, loc, pointer_typet(resolved_type));
+      symbolt new_symbol=new_tmp_symbol(symbol_table, loc, replacement_pointer);
 
       // Generate a new object into this new symbol
       gen_nondet_init(
diff --git a/src/java_bytecode/select_pointer_type.cpp b/src/java_bytecode/select_pointer_type.cpp
new file mode 100644
index 00000000000..0df82c8a703
--- /dev/null
+++ b/src/java_bytecode/select_pointer_type.cpp
@@ -0,0 +1,60 @@
+/*******************************************************************\
+
+ Module: Java Bytecode Language Conversion
+
+ Author: DiffBlue Limited. All rights reserved.
+
+\*******************************************************************/
+
+/// \file
+/// Handle selection of correct pointer type (for example changing abstract
+/// classes to concrete versions).
+
+#include "select_pointer_type.h"
+
+#include <java_bytecode/get_concrete_class_alphabetically.h>
+
+#include <util/invariant.h>
+#include <util/namespace.h>
+#include <util/std_types.h>
+
+
+/// Select what type should be used for a given pointer type. If the class
+/// pointed to is abstract then we consider using a subclass of it.
+/// \param pointer_type: The pointer type replace
+/// \return A pointer type where the subtype may have been modified
+pointer_typet select_pointer_typet::operator()(
+  const pointer_typet &pointer_type) const
+{
+  // Currently only replace abstract classes
+  // Potentially in the future we might want to consider anything with
+  // derived classes
+  if(!is_abstract_type(pointer_type))
+  {
+    return pointer_type;
+  }
+
+  // TODO(tkiley): Look to see whether there is a suitable model class to use
+
+  get_concrete_class_alphabeticallyt get_concrete_class_alphabetically(ns);
+  const pointer_typet &resolved_type=
+    get_concrete_class_alphabetically(pointer_type);
+
+  return resolved_type;
+}
+
+/// Find out whether a pointer is pointing to an abstract class or interface
+/// \param pointer_type: The type of the pointer
+/// \return True if the type pointed to is either an abstract class or an
+///   interface.
+bool select_pointer_typet::is_abstract_type(
+  const pointer_typet &pointer_type) const
+{
+  const typet &pointing_to_type=ns.follow(pointer_type.subtype());
+  INVARIANT(
+    pointing_to_type.id()==ID_struct,
+    "All pointers in Java should be to classes");
+
+  const class_typet &class_type=to_class_type(pointing_to_type);
+  return class_type.is_class() && class_type.is_abstract();
+}
diff --git a/src/java_bytecode/select_pointer_type.h b/src/java_bytecode/select_pointer_type.h
new file mode 100644
index 00000000000..fac85cad543
--- /dev/null
+++ b/src/java_bytecode/select_pointer_type.h
@@ -0,0 +1,32 @@
+/*******************************************************************\
+
+ Module: Java Bytecode Language Conversion
+
+ Author: DiffBlue Limited. All rights reserved.
+
+\*******************************************************************/
+#ifndef CPROVER_JAVA_BYTECODE_SELECT_POINTER_TYPE_H
+#define CPROVER_JAVA_BYTECODE_SELECT_POINTER_TYPE_H
+
+/// \file
+/// Handle selection of correct pointer type (for example changing abstract
+/// classes to concrete versions).
+
+#include <util/std_types.h>
+
+class namespacet;
+
+class select_pointer_typet
+{
+public:
+  explicit select_pointer_typet(const namespacet &ns):ns(ns)
+  {}
+
+  pointer_typet operator()(const pointer_typet &pointer_type) const;
+private:
+  bool is_abstract_type(const pointer_typet &pointer_type) const;
+
+  const namespacet &ns;
+};
+
+#endif // CPROVER_JAVA_BYTECODE_SELECT_POINTER_TYPE_H

From 2c79f51fb0657d13cc7ac6584abed65ae3b7b5c4 Mon Sep 17 00:00:00 2001
From: thk123 <thomas@diffblue.com>
Date: Tue, 4 Jul 2017 18:18:50 +0100
Subject: [PATCH 406/699] Removed extra code and just combined into
 gen_nondet_pointer_init

Since the code had to go in the same file and meant in multiple places
would have to construct a different class, I concluded that this half
way refactoring was a step back. I think it is more confusing to follow
without really being any easier to merge.

The changes between the class and the master branch version introduced
by this change are highly isolated (a since if statement inside one
function).
---
 src/java_bytecode/java_object_factory.cpp | 165 +++++++++-------------
 1 file changed, 63 insertions(+), 102 deletions(-)

diff --git a/src/java_bytecode/java_object_factory.cpp b/src/java_bytecode/java_object_factory.cpp
index 237b3fd189a..8726cc5f931 100644
--- a/src/java_bytecode/java_object_factory.cpp
+++ b/src/java_bytecode/java_object_factory.cpp
@@ -49,7 +49,6 @@ static symbolt &new_tmp_symbol(
 
 class java_object_factoryt
 {
-protected:
   std::vector<const symbolt *> &symbols_created;
   const source_locationt &loc;
   std::unordered_set<irep_idt, irep_id_hash> recursion_set;
@@ -66,14 +65,13 @@ class java_object_factoryt
   code_assignt get_null_assignment(
     const exprt &expr,
     const pointer_typet &ptr_type);
-protected:
-  virtual void gen_pointer_target_init(
+
+  void gen_pointer_target_init(
     code_blockt &assignments,
     const exprt &expr,
     const typet &target_type,
     bool create_dynamic_objects,
     update_in_placet update_in_place);
-protected:
 
   void allocate_nondet_length_array(
     code_blockt &assignments,
@@ -96,8 +94,6 @@ class java_object_factoryt
       ns(_symbol_table)
   {}
 
-  virtual ~java_object_factoryt()=default;
-
   exprt allocate_object(
     code_blockt &assignments,
     const exprt &,
@@ -109,7 +105,7 @@ class java_object_factoryt
     const exprt &expr,
     update_in_placet);
 
-  virtual void gen_nondet_init(
+  void gen_nondet_init(
     code_blockt &assignments,
     const exprt &expr,
     bool is_sub,
@@ -138,36 +134,11 @@ class java_object_factoryt
     bool create_dynamic_objects,
     const struct_typet &struct_type,
     const update_in_placet &update_in_place);
-};
-
 
-class java_object_factory_with_randomt:java_object_factoryt
-{
-public:
-  java_object_factory_with_randomt(
-    std::vector<const symbolt *> &_symbols_created,
-    const source_locationt &loc,
-    bool _assume_non_null,
-    size_t _max_nondet_array_length,
-    symbol_tablet &_symbol_table):
-      java_object_factoryt(
-        _symbols_created,
-        loc,
-        _assume_non_null,
-        _max_nondet_array_length,
-        _symbol_table)
-  {}
-
-  void gen_nondet_init(
+  symbol_exprt gen_nondet_subtype_pointer_init(
     code_blockt &assignments,
-    const exprt &expr,
-    bool is_sub,
-    irep_idt class_identifier,
-    bool skip_classid,
     bool create_dynamic_objects,
-    bool override,
-    const typet &override_type,
-    update_in_placet update_in_place) override;
+    const pointer_typet &substitute_pointer_type);
 };
 
 /// Generates code for allocating a dynamic object. This is used in
@@ -427,6 +398,27 @@ void java_object_factoryt::gen_nondet_pointer_init(
   const pointer_typet &pointer_type,
   const update_in_placet &update_in_place)
 {
+  select_pointer_typet pointer_type_selector(ns);
+  const pointer_typet &replacement_pointer_type=
+    pointer_type_selector(pointer_type);
+
+  // If we are changing the pointer, we generate code for creating a pointer
+  // to the substituted type instead
+  if(replacement_pointer_type!=pointer_type)
+  {
+    const symbol_exprt real_pointer_symbol=gen_nondet_subtype_pointer_init(
+      assignments,
+      create_dynamic_objects,
+      replacement_pointer_type);
+
+    // Having created a pointer to object of type replacement_pointer_type
+    // we now assign it back to the original pointer with a cast
+    // from pointer_type to replacement_pointer_type
+    assignments.add(
+      code_assignt(expr, typecast_exprt(real_pointer_symbol, pointer_type)));
+    return;
+  }
+
   const typet &subtype=ns.follow(pointer_type.subtype());
   if(subtype.id()==ID_struct)
   {
@@ -532,6 +524,41 @@ void java_object_factoryt::gen_nondet_pointer_init(
   }
 }
 
+/// Generate GOTO code to initalize the selected concrete type
+/// A { ... } tmp_object;
+/// A.x = NONDET ...
+/// // non-det init of all the fields of A
+/// A * p = &tmp_object
+/// expr = (I *)p
+/// \param assignments: the code to append to
+/// \param create_dynamic_objects: if true, use malloc to allocate objects;
+///   otherwise generate fresh static symbols.
+/// \param replacement_pointer: The type of the pointer we actually want to
+///   to create.
+/// \return The symbol expression that corresponds to the pointer to object
+///   created of the required type.
+symbol_exprt java_object_factoryt::gen_nondet_subtype_pointer_init(
+  code_blockt &assignments,
+  bool create_dynamic_objects,
+  const pointer_typet &replacement_pointer)
+{
+  symbolt new_symbol=new_tmp_symbol(symbol_table, loc, replacement_pointer);
+
+  // Generate a new object into this new symbol
+  gen_nondet_init(
+    assignments,
+    new_symbol.symbol_expr(),
+    false,
+    "",
+    false,
+    create_dynamic_objects,
+    false,
+    typet(),
+    update_in_placet::NO_UPDATE_IN_PLACE);
+
+  return new_symbol.symbol_expr();
+}
+
 /// Initialises an object tree rooted at `expr`, allocating child objects as
 /// necessary and nondet-initialising their members, or if MUST_UPDATE_IN_PLACE
 /// is set, re-initialising already-allocated objects.
@@ -907,7 +934,7 @@ exprt object_factory(
 
   std::vector<const symbolt *> symbols_created;
   symbols_created.push_back(main_symbol_ptr);
-  java_object_factory_with_randomt state(
+  java_object_factoryt state(
     symbols_created,
     loc,
     !allow_null,
@@ -970,7 +997,7 @@ void gen_nondet_init(
 {
   std::vector<const symbolt *> symbols_created;
 
-  java_object_factory_with_randomt state(
+  java_object_factoryt state(
     symbols_created,
     loc,
     assume_non_null,
@@ -999,69 +1026,3 @@ void gen_nondet_init(
 
   init_code.append(assignments);
 }
-
-
-void java_object_factory_with_randomt::gen_nondet_init(
-  code_blockt &assignments,
-  const exprt &expr,
-  bool is_sub,
-  irep_idt class_identifier,
-  bool skip_classid,
-  bool create_dynamic_objects,
-  bool override,
-  const typet &override_type,
-  update_in_placet update_in_place)
-{
-  const typet &type=
-    override ? ns.follow(override_type) : ns.follow(expr.type());
-  typet real_type=type;
-
-  if(type.id()==ID_pointer && type.subtype().id()==ID_symbol)
-  {
-    const pointer_typet &pointer_type=to_pointer_type(type);
-    const namespacet ns(symbol_table);
-
-    select_pointer_typet pointer_type_selector(ns);
-    const pointer_typet &replacement_pointer=
-      pointer_type_selector(pointer_type);
-
-    if(replacement_pointer!=real_type)
-    {
-      // Generate GOTO code to initalize the selected concrete type
-      // A { ... } tmp_object;
-      // A.x = NONDET ...
-      // // non-det init of all the fields of A
-      // A * p = &tmp_object
-      // expr = (I *)p
-
-      symbolt new_symbol=new_tmp_symbol(symbol_table, loc, replacement_pointer);
-
-      // Generate a new object into this new symbol
-      gen_nondet_init(
-        assignments,
-        new_symbol.symbol_expr(),
-        is_sub,
-        class_identifier,
-        skip_classid,
-        create_dynamic_objects,
-        override,
-        override_type,
-        update_in_placet::NO_UPDATE_IN_PLACE);
-
-      assignments.add(
-        code_assignt(expr, typecast_exprt(new_symbol.symbol_expr(), type)));
-
-      return;
-    }
-  }
-  java_object_factoryt::gen_nondet_init(
-    assignments,
-    expr,
-    is_sub,
-    class_identifier,
-    skip_classid,
-    create_dynamic_objects,
-    override,
-    override_type,
-    update_in_place);
-}

From e4ac6e21ff999a36783abd80fa50c10ef1e1f7e5 Mon Sep 17 00:00:00 2001
From: thk123 <thomas@diffblue.com>
Date: Thu, 6 Jul 2017 15:03:44 +0100
Subject: [PATCH 407/699] Modified definition of abstract to not fall over on
 void* types

Exception pointers are generated as a pointer_typet(empty_typet())
rather than a pointer to a struct. These shouldn't be considered
abstract.
---
 src/java_bytecode/select_pointer_type.cpp | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/java_bytecode/select_pointer_type.cpp b/src/java_bytecode/select_pointer_type.cpp
index 0df82c8a703..776a74afa90 100644
--- a/src/java_bytecode/select_pointer_type.cpp
+++ b/src/java_bytecode/select_pointer_type.cpp
@@ -51,6 +51,12 @@ bool select_pointer_typet::is_abstract_type(
   const pointer_typet &pointer_type) const
 {
   const typet &pointing_to_type=ns.follow(pointer_type.subtype());
+
+  // void* pointers should be not considered abstract
+  // These happen in Java when initializing the exeception value.
+  if(pointing_to_type.id()==ID_empty)
+    return false;
+
   INVARIANT(
     pointing_to_type.id()==ID_struct,
     "All pointers in Java should be to classes");

From 90286a86ffa94b32d6cece644ab54e7b3f31783b Mon Sep 17 00:00:00 2001
From: thk123 <thomas@diffblue.com>
Date: Thu, 6 Jul 2017 16:38:33 +0100
Subject: [PATCH 408/699] Adding regression tests showing the modified gen code
 works

The nondet generation code has been modified to select a concrete
subtype when given an abstract type. These tests verify these cases are
correctly generated.
---
 .../A.class                                   | Bin 0 -> 347 bytes
 .../B.class                                   | Bin 0 -> 347 bytes
 .../I.class                                   | Bin 0 -> 118 bytes
 .../TestClass.class                           | Bin 0 -> 712 bytes
 .../TestClass.java                            |  44 +++++++++++++
 .../test.desc                                 |   6 ++
 .../A.class                                   | Bin 0 -> 347 bytes
 .../B.class                                   | Bin 0 -> 347 bytes
 .../C.class                                   | Bin 0 -> 351 bytes
 .../D.class                                   | Bin 0 -> 351 bytes
 .../I.class                                   | Bin 0 -> 118 bytes
 .../J.class                                   | Bin 0 -> 118 bytes
 .../TestClass.class                           | Bin 0 -> 836 bytes
 .../TestClass.java                            |  61 ++++++++++++++++++
 .../test.desc                                 |   8 +++
 .../A.class                                   | Bin 0 -> 347 bytes
 .../B.class                                   | Bin 0 -> 347 bytes
 .../I.class                                   | Bin 0 -> 118 bytes
 .../TestClass.class                           | Bin 0 -> 691 bytes
 .../TestClass.java                            |  42 ++++++++++++
 .../test.desc                                 |   7 ++
 .../A.class                                   | Bin 0 -> 347 bytes
 .../B.class                                   | Bin 0 -> 347 bytes
 .../C.class                                   | Bin 0 -> 351 bytes
 .../D.class                                   | Bin 0 -> 351 bytes
 .../I.class                                   | Bin 0 -> 118 bytes
 .../J.class                                   | Bin 0 -> 118 bytes
 .../TestClass.class                           | Bin 0 -> 804 bytes
 .../TestClass.java                            |  57 ++++++++++++++++
 .../test.desc                                 |   9 +++
 .../A.class                                   | Bin 0 -> 347 bytes
 .../B.class                                   | Bin 0 -> 347 bytes
 .../I.class                                   | Bin 0 -> 118 bytes
 .../TestClass.class                           | Bin 0 -> 697 bytes
 .../TestClass.java                            |  41 ++++++++++++
 .../test.desc                                 |   7 ++
 36 files changed, 282 insertions(+)
 create mode 100644 regression/cbmc-java/instance-method-user-interface-field/A.class
 create mode 100644 regression/cbmc-java/instance-method-user-interface-field/B.class
 create mode 100644 regression/cbmc-java/instance-method-user-interface-field/I.class
 create mode 100644 regression/cbmc-java/instance-method-user-interface-field/TestClass.class
 create mode 100644 regression/cbmc-java/instance-method-user-interface-field/TestClass.java
 create mode 100644 regression/cbmc-java/instance-method-user-interface-field/test.desc
 create mode 100644 regression/cbmc-java/instance-method-user-interface-two-fields-different/A.class
 create mode 100644 regression/cbmc-java/instance-method-user-interface-two-fields-different/B.class
 create mode 100644 regression/cbmc-java/instance-method-user-interface-two-fields-different/C.class
 create mode 100644 regression/cbmc-java/instance-method-user-interface-two-fields-different/D.class
 create mode 100644 regression/cbmc-java/instance-method-user-interface-two-fields-different/I.class
 create mode 100644 regression/cbmc-java/instance-method-user-interface-two-fields-different/J.class
 create mode 100644 regression/cbmc-java/instance-method-user-interface-two-fields-different/TestClass.class
 create mode 100644 regression/cbmc-java/instance-method-user-interface-two-fields-different/TestClass.java
 create mode 100644 regression/cbmc-java/instance-method-user-interface-two-fields-different/test.desc
 create mode 100644 regression/cbmc-java/static-method-user-interface-param/A.class
 create mode 100644 regression/cbmc-java/static-method-user-interface-param/B.class
 create mode 100644 regression/cbmc-java/static-method-user-interface-param/I.class
 create mode 100644 regression/cbmc-java/static-method-user-interface-param/TestClass.class
 create mode 100644 regression/cbmc-java/static-method-user-interface-param/TestClass.java
 create mode 100644 regression/cbmc-java/static-method-user-interface-param/test.desc
 create mode 100644 regression/cbmc-java/static-method-user-interface-two-params-different/A.class
 create mode 100644 regression/cbmc-java/static-method-user-interface-two-params-different/B.class
 create mode 100644 regression/cbmc-java/static-method-user-interface-two-params-different/C.class
 create mode 100644 regression/cbmc-java/static-method-user-interface-two-params-different/D.class
 create mode 100644 regression/cbmc-java/static-method-user-interface-two-params-different/I.class
 create mode 100644 regression/cbmc-java/static-method-user-interface-two-params-different/J.class
 create mode 100644 regression/cbmc-java/static-method-user-interface-two-params-different/TestClass.class
 create mode 100644 regression/cbmc-java/static-method-user-interface-two-params-different/TestClass.java
 create mode 100644 regression/cbmc-java/static-method-user-interface-two-params-different/test.desc
 create mode 100644 regression/cbmc-java/static-method-user-interface-two-params-same/A.class
 create mode 100644 regression/cbmc-java/static-method-user-interface-two-params-same/B.class
 create mode 100644 regression/cbmc-java/static-method-user-interface-two-params-same/I.class
 create mode 100644 regression/cbmc-java/static-method-user-interface-two-params-same/TestClass.class
 create mode 100644 regression/cbmc-java/static-method-user-interface-two-params-same/TestClass.java
 create mode 100644 regression/cbmc-java/static-method-user-interface-two-params-same/test.desc

diff --git a/regression/cbmc-java/instance-method-user-interface-field/A.class b/regression/cbmc-java/instance-method-user-interface-field/A.class
new file mode 100644
index 0000000000000000000000000000000000000000..86d25a78c288902109861e3598f73679d860a758
GIT binary patch
literal 347
zcmZusO-sW-6r4?ytckI<_3P?UJ(!C(MF@q05cFW_eG`|uB_@z;{Z(EBLGa)Y@JET0
zRS?0$8{W)&^O*PX`SuRr3<oiM>_iw~S7J|MUqT89#kvv*FHCLhrNH3mcp>0Vn>#JA
zots);uOABC&Q(!SndD8Ws)cGz&woVU-kXlrJUbVNm)d6E9(Rq$<J)H4mU?FT3&XkY
z?6gu{ce+xKD!~S#1fdI)35<F%tyH~CZ;F*JEe;vkhd{t$P)NSxvFIa@*`;m*1ShW$
n&u+X)3@P`R5EIu2*us#EpJ7D&Ykq<E#G!{@bM&uy?6xLfaMUse

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/instance-method-user-interface-field/B.class b/regression/cbmc-java/instance-method-user-interface-field/B.class
new file mode 100644
index 0000000000000000000000000000000000000000..09103c22aac6a03a430d8b26e869b6fe32fae16c
GIT binary patch
literal 347
zcmZusO-sW-5Pg#-SsP=l_3P?UJ(!EPN}(+Xg`fvZ@0+;PEir*)>#y=62n7%Rfc~iB
z>?(*L%bT5fZ{9Go*?xQixW;J&ABSCZa3pXna3UZGlryG;@J3hK3<;g{i#frc)Q^g=
zpXo~7t)6q$%w%3N)6eQcmUG!?TmO*0dD1Ogv+;lsEtDC3d)zc09zE2nrck%qPDo~|
zHIq`d?bTAg$QV25#t7XqV?xi8X(_8kdY>;<VQ|JP`yd1iUKE1Q@fhsmI^ryK3J_eb
qL2pjp<rp#z#Qbcud4N46{PSh#ar|q3hxf{&hhKB@ulc}r^}hgiSTYm<

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/instance-method-user-interface-field/I.class b/regression/cbmc-java/instance-method-user-interface-field/I.class
new file mode 100644
index 0000000000000000000000000000000000000000..ad5d429af3b107c5dd117be3d92107e8b212ecb8
GIT binary patch
literal 118
zcmX^0Z`VEs1_l!bPId-%b_Nbc2Cnqf5=Xz%+@#bZMh0dLO;4auaDHh~a;jTqPAVe<
zUr1_kiE~b3aj{-jVp$?110zs{0EnrdlbDyT@1K;Fnq0!hz`)4B1T+~)vjELuU;(ih
KSb-!H0~-LnR2Ucl

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/instance-method-user-interface-field/TestClass.class b/regression/cbmc-java/instance-method-user-interface-field/TestClass.class
new file mode 100644
index 0000000000000000000000000000000000000000..6a6298d05b84f9031e8c6d30d778c22be001940e
GIT binary patch
literal 712
zcmZuvT~E_c7=BLMt!p=64DDbr1?I;-l-+m-AsHklONw5MV89#CMxDj3HErkb@dtQg
zVkAo9r5FArV~Ecw18z)n&ii$q=Y8Hc{eAi4CxB;oYQsjuf`tb~Jj5dtk8K!em}uI_
zqoD#OTPE59b`njzm%}q}lnUr>e_J5G<A;8_%dpux5-|3oQ%_*Q^+WH)bTahfLpcnX
zskqTd21hdXRXj@?={r9WD7uGUlI{mGNyw<bjiQY1gzT}GOanF(eSx__Do5`R<cDkY
zMEaqC(|qlo$&a!d$Z*^pq_H24w=*p=9+Q3PKV=e1H9?R4#87#A^z1=2jYr;dUkRSS
z(X^%5OPIra2}P7lR7>dK36VXXJpt?HsX+Nw%Jrh`v6uF)mXXcX$2!+-bNz%XMtV9A
z8!%p=*Uc(Gu6+*ig$WI1-g%~hMSdVi`8iauL@RIycX=yt%GVlgz5Ny1FI1KJ4qaep
zwcP%Mobg%b#|L^wS|cssz{E0%S5QTb_Zn8Qku`Eiwn()OE2?FE)^eG?1??|Z#2*$c
zf@(7bZwOHXITtXF&yjO4kf${dI^R%ubvsXm{}#|h0WC`DaDuI@<@yzx64qERa4mJ*
SBX^ln?{j$?{S8($Z2kj+J8=L2

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/instance-method-user-interface-field/TestClass.java b/regression/cbmc-java/instance-method-user-interface-field/TestClass.java
new file mode 100644
index 00000000000..0065a473c57
--- /dev/null
+++ b/regression/cbmc-java/instance-method-user-interface-field/TestClass.java
@@ -0,0 +1,44 @@
+interface I
+{
+    int getANumber();
+}
+
+class A implements I {
+    public int a;
+
+    public int getANumber() { return a; }
+}
+
+class B implements I {
+    public int b;
+    public int getANumber() { return b; }
+}
+
+class TestClass
+{
+    public I someObject;
+
+    public boolean foo() {
+        if(someObject!=null)
+        {
+            int result = someObject.getANumber();
+            if(result == 42) {
+                return true;
+            } else {
+                return false;
+            }
+        }
+        else
+        {
+            return false;
+        }
+    }
+
+    public static void main(String[] args)
+    {
+        // ensure that A, B are referenced explicitly
+        // in order to get them converted into GOTO
+        A a = new A();
+        B b = new B();
+    }
+}
diff --git a/regression/cbmc-java/instance-method-user-interface-field/test.desc b/regression/cbmc-java/instance-method-user-interface-field/test.desc
new file mode 100644
index 00000000000..40d8c48db7b
--- /dev/null
+++ b/regression/cbmc-java/instance-method-user-interface-field/test.desc
@@ -0,0 +1,6 @@
+CORE
+TestClass.class
+--cover location --function TestClass.foo --show-goto-functions
+
+\.someObject = \(struct I \*\)\w+
+@class_identifier = "java::A";
diff --git a/regression/cbmc-java/instance-method-user-interface-two-fields-different/A.class b/regression/cbmc-java/instance-method-user-interface-two-fields-different/A.class
new file mode 100644
index 0000000000000000000000000000000000000000..86d25a78c288902109861e3598f73679d860a758
GIT binary patch
literal 347
zcmZusO-sW-6r4?ytckI<_3P?UJ(!C(MF@q05cFW_eG`|uB_@z;{Z(EBLGa)Y@JET0
zRS?0$8{W)&^O*PX`SuRr3<oiM>_iw~S7J|MUqT89#kvv*FHCLhrNH3mcp>0Vn>#JA
zots);uOABC&Q(!SndD8Ws)cGz&woVU-kXlrJUbVNm)d6E9(Rq$<J)H4mU?FT3&XkY
z?6gu{ce+xKD!~S#1fdI)35<F%tyH~CZ;F*JEe;vkhd{t$P)NSxvFIa@*`;m*1ShW$
n&u+X)3@P`R5EIu2*us#EpJ7D&Ykq<E#G!{@bM&uy?6xLfaMUse

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/instance-method-user-interface-two-fields-different/B.class b/regression/cbmc-java/instance-method-user-interface-two-fields-different/B.class
new file mode 100644
index 0000000000000000000000000000000000000000..09103c22aac6a03a430d8b26e869b6fe32fae16c
GIT binary patch
literal 347
zcmZusO-sW-5Pg#-SsP=l_3P?UJ(!EPN}(+Xg`fvZ@0+;PEir*)>#y=62n7%Rfc~iB
z>?(*L%bT5fZ{9Go*?xQixW;J&ABSCZa3pXna3UZGlryG;@J3hK3<;g{i#frc)Q^g=
zpXo~7t)6q$%w%3N)6eQcmUG!?TmO*0dD1Ogv+;lsEtDC3d)zc09zE2nrck%qPDo~|
zHIq`d?bTAg$QV25#t7XqV?xi8X(_8kdY>;<VQ|JP`yd1iUKE1Q@fhsmI^ryK3J_eb
qL2pjp<rp#z#Qbcud4N46{PSh#ar|q3hxf{&hhKB@ulc}r^}hgiSTYm<

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/instance-method-user-interface-two-fields-different/C.class b/regression/cbmc-java/instance-method-user-interface-two-fields-different/C.class
new file mode 100644
index 0000000000000000000000000000000000000000..ee05ffe5f45662bb1644f0b88736920f230803d3
GIT binary patch
literal 351
zcmZus!AiqG6r4?ytc|hOs<lUt>cL!kQv?YJO3;I)_f1^tmY6`Y^{c!Hg5bdq@T0`Z
zDv03W4R7YXdCdFxe0v8l#Uz4{?LK<gk=T_OOY8}Vf^{hno|?+oGlAa0;atE^>pLy5
znVCvouO4#U%v4@d8D({$%DHMx$A3iM-kX-zEIkp37TTVFd)zf1k8bN#Q|JrRT^P)C
zYtvG-?eS7Qsu*kN#|R-ABo!ETVp6JVk=*1<U0BLj*k^1X0s)I*A^DQWqL(~km$(TK
s9KAw3yYV_PqzsG^6Jys0*ua2{-(g7nYkq<E#G!{@^W<OimfISA0d^)bhyVZp

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/instance-method-user-interface-two-fields-different/D.class b/regression/cbmc-java/instance-method-user-interface-two-fields-different/D.class
new file mode 100644
index 0000000000000000000000000000000000000000..916313b41a4a06a1ca082ec3255fb170bdea4e86
GIT binary patch
literal 351
zcmZusO-sW-6r4?ytc|hO`UxU<R1fCjO%bF;P=X#Ty>HT`ZixvbTYr@oK@dFn1N>3q
zWEDj4@P;?@-aO`ge7?N{IKfT?AM0IoupzN2u_duBAf~J<f$+?f#-0mw4h|;*{;-;A
zfz{NM`eyNv>3XcPg32JRa#c)JZCd^#`u5&5w5Fp|foP`f#ka>@<MHUOTGY9|H0_1n
zST}Z9sHQodt49@M3EdbWB!i3u`mLB0s+=Xa*<9zA@-_Au+lN5FVpvGN<gw@_kJu${
u0t82|5YKMBObjUlyNHRg>jSKyN5=2aC;m0Rz<c7*!>@VoU-O#V8hinJTr!ma

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/instance-method-user-interface-two-fields-different/I.class b/regression/cbmc-java/instance-method-user-interface-two-fields-different/I.class
new file mode 100644
index 0000000000000000000000000000000000000000..ad5d429af3b107c5dd117be3d92107e8b212ecb8
GIT binary patch
literal 118
zcmX^0Z`VEs1_l!bPId-%b_Nbc2Cnqf5=Xz%+@#bZMh0dLO;4auaDHh~a;jTqPAVe<
zUr1_kiE~b3aj{-jVp$?110zs{0EnrdlbDyT@1K;Fnq0!hz`)4B1T+~)vjELuU;(ih
KSb-!H0~-LnR2Ucl

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/instance-method-user-interface-two-fields-different/J.class b/regression/cbmc-java/instance-method-user-interface-two-fields-different/J.class
new file mode 100644
index 0000000000000000000000000000000000000000..c3180580ad6c62f88a4e479c5656956d9c0d4702
GIT binary patch
literal 118
zcmX^0Z`VEs1_l!bPId-%b_Nbc2Cnqf5=Xz%+@#bZMh0dLO;4auaDHh~a;jTqPAVe<
zUr1_kiE~b3aj{-jVp$?11EUusg8+!BpOcuEuJ50em6}|_#=yYHzyvfINV5RVVPFBV
L7+8TM69XFny@nVW

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/instance-method-user-interface-two-fields-different/TestClass.class b/regression/cbmc-java/instance-method-user-interface-two-fields-different/TestClass.class
new file mode 100644
index 0000000000000000000000000000000000000000..bce9ce9e330749880a78e3bc338b5d242e3ab7cd
GIT binary patch
literal 836
zcmZuv(QXn!6g|T(EG%2VwxZUmt%zl*6sc%iKn<laX|t^lG&SneLRZ`htbwh6;Xn8R
zzL*%BO5$T5{3zp@rIwg9o0)s=-8=W3duM+C`S}Y#8BcYjP>3Ok6}c7Tc!*LQt0-xB
zq$7fYhO&;Rw2yV@(mv5)pdf!TX-&hrKz!)+oR_U5r|p*n6l=TsUu;#zb{LD)+`j8S
zqnk4i1k{Fi=m;b&x9{v7_gc<i-)?monYO&P-94}euJq4?s{h^{vaYr74E;ve9u8Si
zdFOdSxi<n+P2X;R*tI|YJJ7S;zCb$n);h93*~PBi?-ZN<!0mUc0lhuwu;9!kzXgOX
zMb}9oS`uwa)Rw3r(V;|JM0(RZ9<-eouGF2lkhUTj4O~Uqz!gjzn8B=u4FeTaHPl$4
z&b7(a;Mx+1T^toiP2`S;%9L$VbsWDwo)g(~CPQKe3%s`!FEa!onTXgDW@!~J3ZQ?D
zs7Nbl!}$}4Zv-J+=N<`y3%EgSj1w@2oAd<caf`b=+zZMBX8t=uXUNbfXPB4XDO3UJ
zpCT;q1!488!jFfPfFO-9@qHwaLk1?YSjG~c*@VzMC%nx(6`?GLfjjJLO#PYEvcl2`
zk=G~CtP!HLvE31L+W6iG2JKWuUH*Z@t4U{b><w7s<6Y-~HYlcoMbs$ec|cwsmu2iO
j^P;58;2ud+>^RFTIiDn@=Ge$0YnjMXo}hd=y9a*(CqRP-

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/instance-method-user-interface-two-fields-different/TestClass.java b/regression/cbmc-java/instance-method-user-interface-two-fields-different/TestClass.java
new file mode 100644
index 00000000000..7f2f00d6f52
--- /dev/null
+++ b/regression/cbmc-java/instance-method-user-interface-two-fields-different/TestClass.java
@@ -0,0 +1,61 @@
+interface I
+{
+    int getANumber();
+}
+
+class A implements I {
+    public int a;
+
+    public int getANumber() { return a; }
+}
+
+class B implements I {
+    public int b;
+    public int getANumber() { return b; }
+}
+
+interface J
+{
+    int getANumber();
+}
+
+class C implements J {
+    public int c;
+    public int getANumber() { return c; }
+}
+
+class D implements J {
+    public int d;
+    public int getANumber() { return d; }
+}
+
+class TestClass
+{
+    public I someObject1;
+    public J someObject2;
+
+    public boolean foo() {
+        if(someObject1 != null && someObject2 != null)
+        {
+            if(someObject1.getANumber() == someObject2.getANumber()) {
+                return true;
+            } else {
+                return false;
+            }
+        }
+        else
+        {
+            return false;
+        }
+    }
+
+    public static void main(String[] args)
+    {
+        // ensure that A, B, C, D are referenced explicitly
+        // in order to get them converted into GOTO
+        A a = new A();
+        B b = new B();
+        C c = new C();
+        D d = new D();
+    }
+}
diff --git a/regression/cbmc-java/instance-method-user-interface-two-fields-different/test.desc b/regression/cbmc-java/instance-method-user-interface-two-fields-different/test.desc
new file mode 100644
index 00000000000..4a9a4d71e8d
--- /dev/null
+++ b/regression/cbmc-java/instance-method-user-interface-two-fields-different/test.desc
@@ -0,0 +1,8 @@
+CORE
+TestClass.class
+--cover location --function TestClass.foo --show-goto-functions
+
+@class_identifier = "java::A";
+@class_identifier = "java::C";
+.someObject1 = \(struct I \*\)
+.someObject2 = \(struct J \*\)
diff --git a/regression/cbmc-java/static-method-user-interface-param/A.class b/regression/cbmc-java/static-method-user-interface-param/A.class
new file mode 100644
index 0000000000000000000000000000000000000000..86d25a78c288902109861e3598f73679d860a758
GIT binary patch
literal 347
zcmZusO-sW-6r4?ytckI<_3P?UJ(!C(MF@q05cFW_eG`|uB_@z;{Z(EBLGa)Y@JET0
zRS?0$8{W)&^O*PX`SuRr3<oiM>_iw~S7J|MUqT89#kvv*FHCLhrNH3mcp>0Vn>#JA
zots);uOABC&Q(!SndD8Ws)cGz&woVU-kXlrJUbVNm)d6E9(Rq$<J)H4mU?FT3&XkY
z?6gu{ce+xKD!~S#1fdI)35<F%tyH~CZ;F*JEe;vkhd{t$P)NSxvFIa@*`;m*1ShW$
n&u+X)3@P`R5EIu2*us#EpJ7D&Ykq<E#G!{@bM&uy?6xLfaMUse

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/static-method-user-interface-param/B.class b/regression/cbmc-java/static-method-user-interface-param/B.class
new file mode 100644
index 0000000000000000000000000000000000000000..09103c22aac6a03a430d8b26e869b6fe32fae16c
GIT binary patch
literal 347
zcmZusO-sW-5Pg#-SsP=l_3P?UJ(!EPN}(+Xg`fvZ@0+;PEir*)>#y=62n7%Rfc~iB
z>?(*L%bT5fZ{9Go*?xQixW;J&ABSCZa3pXna3UZGlryG;@J3hK3<;g{i#frc)Q^g=
zpXo~7t)6q$%w%3N)6eQcmUG!?TmO*0dD1Ogv+;lsEtDC3d)zc09zE2nrck%qPDo~|
zHIq`d?bTAg$QV25#t7XqV?xi8X(_8kdY>;<VQ|JP`yd1iUKE1Q@fhsmI^ryK3J_eb
qL2pjp<rp#z#Qbcud4N46{PSh#ar|q3hxf{&hhKB@ulc}r^}hgiSTYm<

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/static-method-user-interface-param/I.class b/regression/cbmc-java/static-method-user-interface-param/I.class
new file mode 100644
index 0000000000000000000000000000000000000000..ad5d429af3b107c5dd117be3d92107e8b212ecb8
GIT binary patch
literal 118
zcmX^0Z`VEs1_l!bPId-%b_Nbc2Cnqf5=Xz%+@#bZMh0dLO;4auaDHh~a;jTqPAVe<
zUr1_kiE~b3aj{-jVp$?110zs{0EnrdlbDyT@1K;Fnq0!hz`)4B1T+~)vjELuU;(ih
KSb-!H0~-LnR2Ucl

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/static-method-user-interface-param/TestClass.class b/regression/cbmc-java/static-method-user-interface-param/TestClass.class
new file mode 100644
index 0000000000000000000000000000000000000000..40b782a3bd139249d570f73c7b7f0b666be63d48
GIT binary patch
literal 691
zcmZutO>fgs5S(W_apR<Ingj=0K0*qu?ILpFmI^7YgcQkzL#kH5g_qO>7sp1n!|&k-
zaN$A)l{j+XCn1EG=k()(EqnLP?#|4<Uw^;<0PqAm7Aojgv55yJ9$L`RHL+!(gswUe
z+&19|ly}28%%2MAj(a3v>?bFIz^Wg{!SnfS9HfVG91&^w$wWp+G7Z)F0yOe>VJ1-Z
z4}&b<k7SnhN%S^J$m{sSzWa(v8f5b*7Z5`MD@$g<i}7hNA)vEEV0o0w$@>HO;gWME
z!&ty}Ui+u=qwGa8p7ut08phLp;ZUYiYBv8<riN6s1Ja7I%J!I9qhy{=f@h&xW97=}
zW5r&Bg{p~G4K6$m4fyQ|RIa)N>entVja$<oA1rQ%B91#m2TQze_2~S_34t239;09^
zd1nw`m}pq$zg&Q8SYcjUG+-5Vo+?;FgNPcA*{w0Qy`N}#-=GQXZq&U`C>fu1zAWhl
z-8u<@77W-_Zj<6BnpnpT+$$t((p2fH$sXmV&5B(_C8+&DQ~YM3!m(Qy+HW|bR<X~a
zzdVECpQFTBKG^vR^Z0s`21S7_uD?zHE{Pu%lAXmgO>D5fMC>;1kh@N+cWFyw-eE<<
F{eNO3Z%F_E

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/static-method-user-interface-param/TestClass.java b/regression/cbmc-java/static-method-user-interface-param/TestClass.java
new file mode 100644
index 00000000000..ba04482cb04
--- /dev/null
+++ b/regression/cbmc-java/static-method-user-interface-param/TestClass.java
@@ -0,0 +1,42 @@
+interface I
+{
+    int getANumber();
+}
+
+class A implements I {
+    public int a;
+
+    public int getANumber() { return a; }
+}
+
+class B implements I {
+    public int b;
+    public int getANumber() { return b; }
+}
+
+class TestClass
+{
+    public static boolean foo(I someObject) {
+        if(someObject!=null)
+        {
+            int result = someObject.getANumber();
+            if(result == 42) {
+                return true;
+            } else {
+                return false;
+            }
+        }
+        else
+        {
+            return false;
+        }
+    }
+
+    public static void main(String[] args)
+    {
+        // ensure that A, B are referenced explicitly
+        // in order to get them converted into GOTO
+        A a = new A();
+        B b = new B();
+    }
+}
diff --git a/regression/cbmc-java/static-method-user-interface-param/test.desc b/regression/cbmc-java/static-method-user-interface-param/test.desc
new file mode 100644
index 00000000000..5e274e11f5e
--- /dev/null
+++ b/regression/cbmc-java/static-method-user-interface-param/test.desc
@@ -0,0 +1,7 @@
+CORE
+TestClass.class
+--cover location --function TestClass.foo --show-goto-functions
+
+@class_identifier = "java::A";
+ = \(struct I \*\)
+tmp_object_factory\$\d+ = null;
diff --git a/regression/cbmc-java/static-method-user-interface-two-params-different/A.class b/regression/cbmc-java/static-method-user-interface-two-params-different/A.class
new file mode 100644
index 0000000000000000000000000000000000000000..57be332d7178ca59386bd97451a21cc915de137c
GIT binary patch
literal 347
zcmZusO-sW-6r4?yY#U>(_3P?UJ(!EPiVz9~A?U%<`z9`ROH3fy`m4MMg5bd);E$3{
zRzU<0Z+J8B&12r@*ZT*63mir8u{S^u`w|BdhZ0giDAu(=cxftQuLOE0rwajpTHkAd
zoy=7FX8oA!X0Gy*$~dbFRW4LxI{qX2_QABYX6ZyAT56kqd)zf1kM8PqQ|OuLE)3_o
zwbN3y?fFVQsTh3>VuUVCDlqEAq*T>1xy@I)usCL99|8f3K_U5$$D)rsVwboH5S+b1
oytwfeF{IpKOpIM0U>id+eufe8ulW_;Glw32&HaDPyKZZ|0dTi61poj5

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/static-method-user-interface-two-params-different/B.class b/regression/cbmc-java/static-method-user-interface-two-params-different/B.class
new file mode 100644
index 0000000000000000000000000000000000000000..a4af6b766822b09f8b2e2cf0d8878dab242697a7
GIT binary patch
literal 347
zcmZvXPfNo<5XIl7N!F%mt@Yp4qk1qGZxx{}2tv?<rT0x->Xw*5vh`DW5d^`5AHWY)
zd|CA%c$i_{oB0hhpPTm&0OvT2;A6Lo4)!GWB@QH{fXEov0^x-zjlC4;9G@%%{8@Fc
z1-4UD>YMdrrt7)N3Ob{-%2lyYwQ2Q_>Dvd>5KX6JfoQ4i<ePEZxIDV6)^)D0OuJz)
z*NvSOs%g$v>Pf}eLN`X}j+qJ!TQezCxlC@emCh}Wc(M<HfWbo{`HsgRM;)<BTn7kF
r-ymLGyT=^T26~8@V^;_0V?f2vFl7D<zruTF(<AZ=_y2`=+|=j`b>T7+

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/static-method-user-interface-two-params-different/C.class b/regression/cbmc-java/static-method-user-interface-two-params-different/C.class
new file mode 100644
index 0000000000000000000000000000000000000000..412c7c05a6c06fca1b5d4d0e933f4b46cb98202a
GIT binary patch
literal 351
zcmZus!AiqG6r4?ytc|hOYOP0)>cL!kQv?YJO3;I)_f1^tmY6`Y^{c!Hg5bdq@T0`Z
zDv03W4R7YXdCdFxe0v8l#a;v-+kNz~BQciPm6!;Kf^{hno|?+oGlAa0;atE^>pLy5
znVCvouO4#U%v4@d8D({$%DHMx$A3iM-kX-zEIkp37TTVFd)zf1k8bN#Q|JrRT^P)C
zYtvG-?eS7Qsu*kN#|R-ABo!ETVp6JVk=*1<U0BLj*k^1X0s)I*A^DQWqL(~km$(TK
s9KAw3yYV_PqzsG^6Jys0*ua2{-(g7nYkq<E#G!{@^W<OimfISA0d=o3h5!Hn

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/static-method-user-interface-two-params-different/D.class b/regression/cbmc-java/static-method-user-interface-two-params-different/D.class
new file mode 100644
index 0000000000000000000000000000000000000000..e15180a7178729ee0dc76561d54d0be9c2242518
GIT binary patch
literal 351
zcmZusO-sW-6r4?ytc|hO`iXe(s2<G4n<7YypaeZwdf%i=-4YW>w*D$Ff*^SC2l%7J
z$tsB8;SF!*y?M<0_<VZ@aDtr(KGwVFU_)Y4VoPFMKulRz0^yk{jXf9W92`yr{9!fK
z0;{Ph_08fT)Ad+o1(iWs<*Jyd+O+&f^zFTAXiZ0_0?|y{i*Jv+#^cdlwWxD_Y1#|D
zv2N_JP)&0@SC1;j61p)$NCp`R^jk40R5?p-v$@VK<!kISwhw`T#juck$z#z=9<fW@
u1PG2^A)eiMnHW+Ab`cX}*9TZZkBr};PyB0sf%n9rhhOvFzveZ!HTVL0<ua21

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/static-method-user-interface-two-params-different/I.class b/regression/cbmc-java/static-method-user-interface-two-params-different/I.class
new file mode 100644
index 0000000000000000000000000000000000000000..ad5d429af3b107c5dd117be3d92107e8b212ecb8
GIT binary patch
literal 118
zcmX^0Z`VEs1_l!bPId-%b_Nbc2Cnqf5=Xz%+@#bZMh0dLO;4auaDHh~a;jTqPAVe<
zUr1_kiE~b3aj{-jVp$?110zs{0EnrdlbDyT@1K;Fnq0!hz`)4B1T+~)vjELuU;(ih
KSb-!H0~-LnR2Ucl

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/static-method-user-interface-two-params-different/J.class b/regression/cbmc-java/static-method-user-interface-two-params-different/J.class
new file mode 100644
index 0000000000000000000000000000000000000000..c3180580ad6c62f88a4e479c5656956d9c0d4702
GIT binary patch
literal 118
zcmX^0Z`VEs1_l!bPId-%b_Nbc2Cnqf5=Xz%+@#bZMh0dLO;4auaDHh~a;jTqPAVe<
zUr1_kiE~b3aj{-jVp$?11EUusg8+!BpOcuEuJ50em6}|_#=yYHzyvfINV5RVVPFBV
L7+8TM69XFny@nVW

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/static-method-user-interface-two-params-different/TestClass.class b/regression/cbmc-java/static-method-user-interface-two-params-different/TestClass.class
new file mode 100644
index 0000000000000000000000000000000000000000..fb9f3540d9861037e9ba186fccc7223cd52a0864
GIT binary patch
literal 804
zcmZuv-%ry}7(KV`R@MzRL8nY{g35kWn7}}^#$=3`uoQe4!KhDnrOv{(nyvU>_&@ju
z_~MHMm-xtof0Xgu4Iw7Bx&2Ph_uX^8@3y~w|M&@@il-K)U?=eiOGzwa$wbA10o%l5
z3vm@!EKI1lYQci7k}O&?Q5A?k4|+lLLO?H;4g`#Pc<2kH-Js|1opf7%e_ysbWTxHF
zlbr+E57hewX+$4_fk4vT_XknEBL@SALhr*+AW?L89Jk?=-ZDQ3yZ)=zk?%z-%ro&1
zx2m`XxyfcEz2jZ^@vnSW20ejn@tu1lKgmi*_S%(Z)DL=XXVk3hw`o7~pR|CGO14H>
z(NbtjAy1*YLWc@%6Isphr0@AJ12yH;<si$-F@-cTCe~Bfz!MXj+*jk;;;M6PbIi*P
z0-38O$HTH@hX!pws*TT*p2ZR=(ZD@S@~f#!=b{Y+t`Suj1!Jsy3h|9V!!)1q5t+vf
zacW$E>$t(U1hTkEMr}T3wZ=GCK1a?zN49(hO~5{bF7O30<Eze_1^P%dix}|&|BVNf
zc!*gPaGSr8GRcmGaEq+E=8$7f;100?ZI+{xyL(~$nbk_GFof~u6ft**IHS2c!~|nv
zZwQMq`OL7tBlY@ft{f)=*4RRoN3c%24a{Q`i*QD5RL8Q&^T5EWJhKZl&9LG7Y+K`w
VG+STfNb}Sxpvd+FO03pU{sRGFe|!J{

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/static-method-user-interface-two-params-different/TestClass.java b/regression/cbmc-java/static-method-user-interface-two-params-different/TestClass.java
new file mode 100644
index 00000000000..5228b22ae58
--- /dev/null
+++ b/regression/cbmc-java/static-method-user-interface-two-params-different/TestClass.java
@@ -0,0 +1,57 @@
+interface I
+{
+    int getANumber();
+}
+
+class A implements I {
+    public int a;
+    public int getANumber() { return a; }
+}
+
+class B implements I {
+    public int b;
+    public int getANumber() { return b; }
+}
+
+interface J
+{
+    int getANumber();
+}
+
+class C implements J {
+    public int c;
+    public int getANumber() { return c; }
+}
+
+class D implements J {
+    public int d;
+    public int getANumber() { return d; }
+}
+
+class TestClass
+{
+    public static boolean foo(I someObject1, J someObject2) {
+        if(someObject1 != null && someObject2 != null)
+        {
+            if(someObject1.getANumber() == someObject2.getANumber()) {
+                return true;
+            } else {
+                return false;
+            }
+        }
+        else
+        {
+            return false;
+        }
+    }
+
+    public static void main(String[] args)
+    {
+        // ensure that A, B, C, D are referenced explicitly
+        // in order to get them converted into GOTO
+        A a = new A();
+        B b = new B();
+        C c = new C();
+        D d = new D();
+    }
+}
diff --git a/regression/cbmc-java/static-method-user-interface-two-params-different/test.desc b/regression/cbmc-java/static-method-user-interface-two-params-different/test.desc
new file mode 100644
index 00000000000..de160275a24
--- /dev/null
+++ b/regression/cbmc-java/static-method-user-interface-two-params-different/test.desc
@@ -0,0 +1,9 @@
+CORE
+TestClass.class
+--cover location --function TestClass.foo --show-goto-functions
+
+@class_identifier = "java::A";
+ = \(struct I \*\)
+@class_identifier = "java::C";
+ = \(struct J \*\)
+tmp_object_factory\$\d+ = null;
diff --git a/regression/cbmc-java/static-method-user-interface-two-params-same/A.class b/regression/cbmc-java/static-method-user-interface-two-params-same/A.class
new file mode 100644
index 0000000000000000000000000000000000000000..86d25a78c288902109861e3598f73679d860a758
GIT binary patch
literal 347
zcmZusO-sW-6r4?ytckI<_3P?UJ(!C(MF@q05cFW_eG`|uB_@z;{Z(EBLGa)Y@JET0
zRS?0$8{W)&^O*PX`SuRr3<oiM>_iw~S7J|MUqT89#kvv*FHCLhrNH3mcp>0Vn>#JA
zots);uOABC&Q(!SndD8Ws)cGz&woVU-kXlrJUbVNm)d6E9(Rq$<J)H4mU?FT3&XkY
z?6gu{ce+xKD!~S#1fdI)35<F%tyH~CZ;F*JEe;vkhd{t$P)NSxvFIa@*`;m*1ShW$
n&u+X)3@P`R5EIu2*us#EpJ7D&Ykq<E#G!{@bM&uy?6xLfaMUse

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/static-method-user-interface-two-params-same/B.class b/regression/cbmc-java/static-method-user-interface-two-params-same/B.class
new file mode 100644
index 0000000000000000000000000000000000000000..09103c22aac6a03a430d8b26e869b6fe32fae16c
GIT binary patch
literal 347
zcmZusO-sW-5Pg#-SsP=l_3P?UJ(!EPN}(+Xg`fvZ@0+;PEir*)>#y=62n7%Rfc~iB
z>?(*L%bT5fZ{9Go*?xQixW;J&ABSCZa3pXna3UZGlryG;@J3hK3<;g{i#frc)Q^g=
zpXo~7t)6q$%w%3N)6eQcmUG!?TmO*0dD1Ogv+;lsEtDC3d)zc09zE2nrck%qPDo~|
zHIq`d?bTAg$QV25#t7XqV?xi8X(_8kdY>;<VQ|JP`yd1iUKE1Q@fhsmI^ryK3J_eb
qL2pjp<rp#z#Qbcud4N46{PSh#ar|q3hxf{&hhKB@ulc}r^}hgiSTYm<

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/static-method-user-interface-two-params-same/I.class b/regression/cbmc-java/static-method-user-interface-two-params-same/I.class
new file mode 100644
index 0000000000000000000000000000000000000000..ad5d429af3b107c5dd117be3d92107e8b212ecb8
GIT binary patch
literal 118
zcmX^0Z`VEs1_l!bPId-%b_Nbc2Cnqf5=Xz%+@#bZMh0dLO;4auaDHh~a;jTqPAVe<
zUr1_kiE~b3aj{-jVp$?110zs{0EnrdlbDyT@1K;Fnq0!hz`)4B1T+~)vjELuU;(ih
KSb-!H0~-LnR2Ucl

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/static-method-user-interface-two-params-same/TestClass.class b/regression/cbmc-java/static-method-user-interface-two-params-same/TestClass.class
new file mode 100644
index 0000000000000000000000000000000000000000..10ca4729e9d2891c9c9ad80d42a9107255663ebc
GIT binary patch
literal 697
zcmZuuUr*Ce96h(~R@My|L#u$34F$V3anblTV=_ocmK1#$fuJwk%{mKPYue)H@dNO}
zi$qC$<be-GJhw%N3HSEid+zVgIltfS)%EW`0N%j0P(rheH9Rx%+=7m#iFFGFG}VR1
z4HGW}if@B3NZ$$QPHRuV*or>;0`p!F`tMJsLqFb?!wD@lFB-|oo{R%^zcCu=*B}un
zd%J#;ZcSv8bV>9jiUdlI*YEOceWX8$rv8WFkv~db(NF7tw$}o)gH(==cjUK!#8VlB
z0=DzXJCfgJXClLKXOPB0IPPX;%6LrS#e3WWLMo9SMZ{2{O(JU$ox~%5J5asM-In`O
zu~%TBY{IFag*KCVT$}9RHcFs+S4G|jL;7SL`)MzKCJH&NJ{p+eyQ`sdkrx6Lq7F~N
zv(P?=I3v(7%e|Nx7cfU$$pbKtDsLq$phk;IK4!GWv);bMvU>@;{R^6ao9#bPFiv$&
z2Iv{7&7TZBU?nylaV~ML;Atje=R{bfUyV8*67i*p4QNYjn;DO9gbx|5`miscADqMR
zE>PfE+;M-x+`nt1##~^XiW@B6A*Y+EHS%ogFVjCm+X|kLyUNDvtVknXrAI^KFPQ6b
AQ~&?~

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/static-method-user-interface-two-params-same/TestClass.java b/regression/cbmc-java/static-method-user-interface-two-params-same/TestClass.java
new file mode 100644
index 00000000000..145dce70525
--- /dev/null
+++ b/regression/cbmc-java/static-method-user-interface-two-params-same/TestClass.java
@@ -0,0 +1,41 @@
+interface I
+{
+    int getANumber();
+}
+
+class A implements I {
+    public int a;
+
+    public int getANumber() { return a; }
+}
+
+class B implements I {
+    public int b;
+    public int getANumber() { return b; }
+}
+
+class TestClass
+{
+    public static boolean foo(I someObject1, I someObject2) {
+        if(someObject1 != null && someObject2 != null)
+        {
+            if(someObject1.getANumber() == someObject2.getANumber()) {
+                return true;
+            } else {
+                return false;
+            }
+        }
+        else
+        {
+            return false;
+        }
+    }
+
+    public static void main(String[] args)
+    {
+        // ensure that A, B are referenced explicitly
+        // in order to get them converted into GOTO
+        A a = new A();
+        B b = new B();
+    }
+}
diff --git a/regression/cbmc-java/static-method-user-interface-two-params-same/test.desc b/regression/cbmc-java/static-method-user-interface-two-params-same/test.desc
new file mode 100644
index 00000000000..5e274e11f5e
--- /dev/null
+++ b/regression/cbmc-java/static-method-user-interface-two-params-same/test.desc
@@ -0,0 +1,7 @@
+CORE
+TestClass.class
+--cover location --function TestClass.foo --show-goto-functions
+
+@class_identifier = "java::A";
+ = \(struct I \*\)
+tmp_object_factory\$\d+ = null;

From 248ec8ea3bd40668670ff0626879d6bba20eb69b Mon Sep 17 00:00:00 2001
From: thk123 <thomas@diffblue.com>
Date: Fri, 7 Jul 2017 10:43:02 +0100
Subject: [PATCH 409/699] Don't require pointers point to classes

Previously we had an invariant that all pointers were pointers to
classes. This invariant is incorrect in at least two places: strings and
exceptions. Instead, since if it isn't a pointer to a class, it
certainly isn't a pointer to an abstract class, so we can just return
false in the event it isn't a pointer to a class.
---
 src/java_bytecode/select_pointer_type.cpp | 24 +++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/src/java_bytecode/select_pointer_type.cpp b/src/java_bytecode/select_pointer_type.cpp
index 776a74afa90..88092503a37 100644
--- a/src/java_bytecode/select_pointer_type.cpp
+++ b/src/java_bytecode/select_pointer_type.cpp
@@ -43,7 +43,8 @@ pointer_typet select_pointer_typet::operator()(
   return resolved_type;
 }
 
-/// Find out whether a pointer is pointing to an abstract class or interface
+/// Find out whether a pointer is pointing to an abstract type (either an
+/// abstract class or an interface).
 /// \param pointer_type: The type of the pointer
 /// \return True if the type pointed to is either an abstract class or an
 ///   interface.
@@ -51,16 +52,15 @@ bool select_pointer_typet::is_abstract_type(
   const pointer_typet &pointer_type) const
 {
   const typet &pointing_to_type=ns.follow(pointer_type.subtype());
-
-  // void* pointers should be not considered abstract
-  // These happen in Java when initializing the exeception value.
-  if(pointing_to_type.id()==ID_empty)
+  if(pointing_to_type.id()==ID_struct)
+  {
+    const class_typet &class_type=to_class_type(pointing_to_type);
+    return class_type.is_class() && class_type.is_abstract();
+  }
+  else
+  {
+    // we are dealing with some other type that a reference to a polymorphic
+    // class so therefore we are definitely not abstract
     return false;
-
-  INVARIANT(
-    pointing_to_type.id()==ID_struct,
-    "All pointers in Java should be to classes");
-
-  const class_typet &class_type=to_class_type(pointing_to_type);
-  return class_type.is_class() && class_type.is_abstract();
+  }
 }

From a3f7eedfd94a93141a65bad0b4bb3e131166e401 Mon Sep 17 00:00:00 2001
From: thk123 <thomas@diffblue.com>
Date: Fri, 7 Jul 2017 11:01:14 +0100
Subject: [PATCH 410/699] Made jsonArrays test less strict

---
 regression/strings-smoke-tests/jsonArrays/test.desc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/regression/strings-smoke-tests/jsonArrays/test.desc b/regression/strings-smoke-tests/jsonArrays/test.desc
index e59f08d44b4..71edef45763 100644
--- a/regression/strings-smoke-tests/jsonArrays/test.desc
+++ b/regression/strings-smoke-tests/jsonArrays/test.desc
@@ -3,7 +3,7 @@ test.class
 --refine-strings --function test.check --json-ui --trace --string-max-length 100 --cover location
 ^EXIT=0$
 ^SIGNAL=0$
-\"data\".*\"tmp_object_factory\$6.*\"
+\"data\".*\"tmp_object_factory\$\d+.*\"
 --
 This checks that tmp_object_factory$6 gets affected to the data field
 of some strings, which was not the case in previous versions of cbmc,

From e2e670efae440ac3ce96a9ca922e554e0bb4716c Mon Sep 17 00:00:00 2001
From: thk123 <thomas@diffblue.com>
Date: Fri, 7 Jul 2017 11:01:27 +0100
Subject: [PATCH 411/699] Removing whitespace that causes an error on windows

---
 .../cbmc-java/instance-method-user-interface-field/test.desc     | 1 -
 .../test.desc                                                    | 1 -
 .../cbmc-java/static-method-user-interface-param/test.desc       | 1 -
 .../static-method-user-interface-two-params-different/test.desc  | 1 -
 .../static-method-user-interface-two-params-same/test.desc       | 1 -
 5 files changed, 5 deletions(-)

diff --git a/regression/cbmc-java/instance-method-user-interface-field/test.desc b/regression/cbmc-java/instance-method-user-interface-field/test.desc
index 40d8c48db7b..da1f8c687ee 100644
--- a/regression/cbmc-java/instance-method-user-interface-field/test.desc
+++ b/regression/cbmc-java/instance-method-user-interface-field/test.desc
@@ -1,6 +1,5 @@
 CORE
 TestClass.class
 --cover location --function TestClass.foo --show-goto-functions
-
 \.someObject = \(struct I \*\)\w+
 @class_identifier = "java::A";
diff --git a/regression/cbmc-java/instance-method-user-interface-two-fields-different/test.desc b/regression/cbmc-java/instance-method-user-interface-two-fields-different/test.desc
index 4a9a4d71e8d..2ea5b2f5224 100644
--- a/regression/cbmc-java/instance-method-user-interface-two-fields-different/test.desc
+++ b/regression/cbmc-java/instance-method-user-interface-two-fields-different/test.desc
@@ -1,7 +1,6 @@
 CORE
 TestClass.class
 --cover location --function TestClass.foo --show-goto-functions
-
 @class_identifier = "java::A";
 @class_identifier = "java::C";
 .someObject1 = \(struct I \*\)
diff --git a/regression/cbmc-java/static-method-user-interface-param/test.desc b/regression/cbmc-java/static-method-user-interface-param/test.desc
index 5e274e11f5e..ff70e7d9ed2 100644
--- a/regression/cbmc-java/static-method-user-interface-param/test.desc
+++ b/regression/cbmc-java/static-method-user-interface-param/test.desc
@@ -1,7 +1,6 @@
 CORE
 TestClass.class
 --cover location --function TestClass.foo --show-goto-functions
-
 @class_identifier = "java::A";
  = \(struct I \*\)
 tmp_object_factory\$\d+ = null;
diff --git a/regression/cbmc-java/static-method-user-interface-two-params-different/test.desc b/regression/cbmc-java/static-method-user-interface-two-params-different/test.desc
index de160275a24..2db59134dd0 100644
--- a/regression/cbmc-java/static-method-user-interface-two-params-different/test.desc
+++ b/regression/cbmc-java/static-method-user-interface-two-params-different/test.desc
@@ -1,7 +1,6 @@
 CORE
 TestClass.class
 --cover location --function TestClass.foo --show-goto-functions
-
 @class_identifier = "java::A";
  = \(struct I \*\)
 @class_identifier = "java::C";
diff --git a/regression/cbmc-java/static-method-user-interface-two-params-same/test.desc b/regression/cbmc-java/static-method-user-interface-two-params-same/test.desc
index 5e274e11f5e..ff70e7d9ed2 100644
--- a/regression/cbmc-java/static-method-user-interface-two-params-same/test.desc
+++ b/regression/cbmc-java/static-method-user-interface-two-params-same/test.desc
@@ -1,7 +1,6 @@
 CORE
 TestClass.class
 --cover location --function TestClass.foo --show-goto-functions
-
 @class_identifier = "java::A";
  = \(struct I \*\)
 tmp_object_factory\$\d+ = null;

From 1563e30e08f9cbc4d0845360ceea4386e105193b Mon Sep 17 00:00:00 2001
From: "Lukasz A.J. Wrona" <lukasz.andrzej.wrona@gmail.com>
Date: Tue, 11 Jul 2017 10:38:23 +0100
Subject: [PATCH 412/699] Enable strings test suite

 - Enables regression/strings test suite
 - Updates the regression/strings Makefile to the latest version
---
 regression/Makefile         |  1 +
 regression/strings/Makefile | 36 ++++++++++++++++++++++++++++++++++--
 2 files changed, 35 insertions(+), 2 deletions(-)

diff --git a/regression/Makefile b/regression/Makefile
index cec34c0b37f..1946f6ce614 100644
--- a/regression/Makefile
+++ b/regression/Makefile
@@ -7,6 +7,7 @@ DIRS = ansi-c \
        goto-analyzer \
        goto-instrument \
        goto-instrument-typedef \
+       strings \
        strings-smoke-tests \
        test-script \
        # Empty last line
diff --git a/regression/strings/Makefile b/regression/strings/Makefile
index f9aee8c563e..47653a6bb95 100644
--- a/regression/strings/Makefile
+++ b/regression/strings/Makefile
@@ -1,6 +1,38 @@
+default: tests.log
 
 test:
-	@../test.pl -c ../../../src/cbmc/cbmc
+	@if ! ../test.pl -c ../../../src/cbmc/cbmc ; then \
+		../failed-tests-printer.pl ; \
+		exit 1 ; \
+	fi
 
 testfuture:
-	@../test.pl -c ../../../src/cbmc/cbmc -F
+	@if ! ../test.pl -c ../../../src/cbmc/cbmc -CF ; then \
+		../failed-tests-printer.pl ; \
+		exit 1 ; \
+	fi
+
+testall:
+	@if ! ../test.pl -c ../../../src/cbmc/cbmc -CFTK ; then \
+		../failed-tests-printer.pl ; \
+		exit 1 ; \
+	fi
+
+tests.log: ../test.pl
+	@if ! ../test.pl -c ../../../src/cbmc/cbmc ; then \
+		../failed-tests-printer.pl ; \
+		exit 1 ; \
+	fi
+
+show:
+	@for dir in *; do \
+		if [ -d "$$dir" ]; then \
+			vim -o "$$dir/*.c" "$$dir/*.out"; \
+		fi; \
+	done;
+
+clean:
+	find -name '*.out' -execdir $(RM) '{}' \;
+	find -name '*.gb' -execdir $(RM) '{}' \;
+	$(RM) tests.log
+

From 40ac691045f07dbf4294ff8d4690963699d23746 Mon Sep 17 00:00:00 2001
From: "Lukasz A.J. Wrona" <lukasz.andrzej.wrona@gmail.com>
Date: Tue, 11 Jul 2017 10:44:43 +0100
Subject: [PATCH 413/699] Fix a "bug-test-gen-095" test description

---
 regression/strings/bug-test-gen-095/test.desc | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/regression/strings/bug-test-gen-095/test.desc b/regression/strings/bug-test-gen-095/test.desc
index a40f9e43402..99d5a8b4bd8 100644
--- a/regression/strings/bug-test-gen-095/test.desc
+++ b/regression/strings/bug-test-gen-095/test.desc
@@ -1,7 +1,8 @@
-KNOWNBUG
+CORE
 test.class
 --refine-strings
-^EXIT=0$
+^EXIT=10$
 ^SIGNAL=0$
-^VERIFICATION SUCCESSFUL$
+[.*assertion\.1] .* line 8 .* FAILURE
+^VERIFICATION FAILED$
 --

From bb108a3d5ac9d5996b9f1eabba7c0711d1a8fddc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Matthias=20G=C3=BCdemann?= <matthias.guedemann@diffblue.com>
Date: Tue, 11 Jul 2017 11:30:11 +0200
Subject: [PATCH 414/699] Call `get_language_options` on `--show-parse-tree`

This also adds a Boolean flag to `languaget` which signals whether the language
specific options have been set. Currently only Java requires this which now sets
this in its `get_language_options` and has the flag as precondition for a call
to its `parse` function.
---
 src/cbmc/cbmc_parse_options.cpp               | 2 ++
 src/clobber/clobber_parse_options.cpp         | 1 +
 src/java_bytecode/java_bytecode_language.cpp  | 4 ++++
 src/java_bytecode/java_class_loader_limit.cpp | 2 +-
 src/util/language.h                           | 1 +
 5 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/src/cbmc/cbmc_parse_options.cpp b/src/cbmc/cbmc_parse_options.cpp
index d1dd4947e17..1dba025b40d 100644
--- a/src/cbmc/cbmc_parse_options.cpp
+++ b/src/cbmc/cbmc_parse_options.cpp
@@ -602,6 +602,7 @@ int cbmc_parse_optionst::get_goto_program(
       }
 
       languaget *language=get_language_from_filename(filename);
+      language->get_language_options(cmdline);
 
       if(language==NULL)
       {
@@ -751,6 +752,7 @@ void cbmc_parse_optionst::preprocessing()
     }
 
     languaget *ptr=get_language_from_filename(filename);
+    ptr->get_language_options(cmdline);
 
     if(ptr==NULL)
     {
diff --git a/src/clobber/clobber_parse_options.cpp b/src/clobber/clobber_parse_options.cpp
index 6537445e88b..7915a567caa 100644
--- a/src/clobber/clobber_parse_options.cpp
+++ b/src/clobber/clobber_parse_options.cpp
@@ -248,6 +248,7 @@ bool clobber_parse_optionst::get_goto_program(
       }
 
       languaget *language=get_language_from_filename(filename);
+      language->get_language_options(cmdline);
 
       if(language==NULL)
       {
diff --git a/src/java_bytecode/java_bytecode_language.cpp b/src/java_bytecode/java_bytecode_language.cpp
index 7877138514a..5ddb17c0df8 100644
--- a/src/java_bytecode/java_bytecode_language.cpp
+++ b/src/java_bytecode/java_bytecode_language.cpp
@@ -14,6 +14,7 @@ Author: Daniel Kroening, kroening@kroening.com
 #include <util/config.h>
 #include <util/cmdline.h>
 #include <util/string2int.h>
+#include <util/invariant.h>
 #include <json/json_parser.h>
 
 #include <goto-programs/class_hierarchy.h>
@@ -79,6 +80,8 @@ void java_bytecode_languaget::get_language_options(const cmdlinet &cmd)
   }
   else
     java_cp_include_files=".*";
+
+  language_options_initialized=true;
 }
 
 std::set<std::string> java_bytecode_languaget::extensions() const
@@ -105,6 +108,7 @@ bool java_bytecode_languaget::parse(
   std::istream &instream,
   const std::string &path)
 {
+  PRECONDITION(language_options_initialized);
   java_class_loader.set_message_handler(get_message_handler());
   java_class_loader.set_java_cp_include_files(java_cp_include_files);
 
diff --git a/src/java_bytecode/java_class_loader_limit.cpp b/src/java_bytecode/java_class_loader_limit.cpp
index 7ba1d4fe0ee..5e66cea6935 100644
--- a/src/java_bytecode/java_class_loader_limit.cpp
+++ b/src/java_bytecode/java_class_loader_limit.cpp
@@ -19,7 +19,7 @@ void java_class_loader_limitt::setup_class_load_limit(
   std::string &java_cp_include_files)
 {
   if(java_cp_include_files.empty())
-    throw "class regexp cannot be empty";
+    throw "class regexp cannot be empty, `get_language_options` not called?";
 
   // '@' signals file reading with list of class files to load
   regex_match=java_cp_include_files[0]!='@';
diff --git a/src/util/language.h b/src/util/language.h
index fac0e13aed7..b1e51dbbfec 100644
--- a/src/util/language.h
+++ b/src/util/language.h
@@ -137,6 +137,7 @@ class languaget:public messaget
   static irep_idt get_stub_return_symbol_name(const irep_idt &function_id);
 
   bool generate_opaque_stubs;
+  bool language_options_initialized=false;
 
 private:
   bool is_symbol_opaque_function(const symbolt &symbol);

From 05ffc71c54da2f0e59a9b6054dc71390ad65b7e1 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Wed, 12 Jul 2017 11:22:59 +0100
Subject: [PATCH 415/699] Setting bound in if_exprt for constant arrays

Characters arrays used for strings are either infinite length or
constant array with fixed length (ID_array).
In this latter case we need to set up the bound of axioms accordingly.
---
 .../refinement/string_constraint_generator_main.cpp | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/src/solvers/refinement/string_constraint_generator_main.cpp b/src/solvers/refinement/string_constraint_generator_main.cpp
index 60bdc637b42..00b494eccaf 100644
--- a/src/solvers/refinement/string_constraint_generator_main.cpp
+++ b/src/solvers/refinement/string_constraint_generator_main.cpp
@@ -294,12 +294,21 @@ void string_constraint_generatort::add_axioms_for_if_array(
   // a1 : forall qvar2<max_length, !cond => lhs[qvar] = f[qvar]
   symbol_exprt qvar=fresh_univ_index("QA_array_if_true", index_type);
   equal_exprt qequal(index_exprt(lhs, qvar), index_exprt(t, qvar));
-  string_constraintt a1(qvar, max_length, expr.cond(), qequal);
+
+  // In case t is a constant array of fixed length is does not make sense
+  // to talk about indexes exceeding this length
+  exprt upper_bound_t=
+    (t.id()==ID_array)?from_integer(t.operands().size(), index_type):max_length;
+  string_constraintt a1(qvar, upper_bound_t, expr.cond(), qequal);
   axioms.push_back(a1);
 
   symbol_exprt qvar2=fresh_univ_index("QA_array_if_false", index_type);
   equal_exprt qequal2(index_exprt(lhs, qvar2), index_exprt(f, qvar2));
-  string_constraintt a2(qvar2, max_length, not_exprt(expr.cond()), qequal2);
+  // In case f is a constant array of fixed length is does not make sense
+  // to talk about indexes exceeding this length
+  exprt upper_bound_f=
+    (f.id()==ID_array)?from_integer(f.operands().size(), index_type):max_length;
+  string_constraintt a2(qvar2, upper_bound_f, not_exprt(expr.cond()), qequal2);
   axioms.push_back(a2);
 }
 

From d0d046aa569089355bc5346ffcfb7bfcc00800e5 Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Mon, 10 Jul 2017 16:38:07 +0100
Subject: [PATCH 416/699] Add call-graph inversion function

This turns a standard caller->callee graph into a callee->caller graph.
---
 src/analyses/call_graph.cpp  |  10 +++
 src/analyses/call_graph.h    |   1 +
 unit/Makefile                |   1 +
 unit/analyses/call_graph.cpp | 123 +++++++++++++++++++++++++++++++++++
 4 files changed, 135 insertions(+)
 create mode 100644 unit/analyses/call_graph.cpp

diff --git a/src/analyses/call_graph.cpp b/src/analyses/call_graph.cpp
index 2d91e502a3f..b0fac24b591 100644
--- a/src/analyses/call_graph.cpp
+++ b/src/analyses/call_graph.cpp
@@ -49,6 +49,16 @@ void call_grapht::add(
   graph.insert(std::pair<irep_idt, irep_idt>(caller, callee));
 }
 
+/// Returns an inverted copy of this call graph
+/// \return Inverted (callee -> caller) call graph
+call_grapht call_grapht::get_inverted() const
+{
+  call_grapht result;
+  for(const auto &caller_callee : graph)
+    result.add(caller_callee.second, caller_callee.first);
+  return result;
+}
+
 void call_grapht::output_dot(std::ostream &out) const
 {
   out << "digraph call_graph {\n";
diff --git a/src/analyses/call_graph.h b/src/analyses/call_graph.h
index a93289f52bd..79e1c03b1aa 100644
--- a/src/analyses/call_graph.h
+++ b/src/analyses/call_graph.h
@@ -31,6 +31,7 @@ class call_grapht
   grapht graph;
 
   void add(const irep_idt &caller, const irep_idt &callee);
+  call_grapht get_inverted() const;
 
 protected:
   void add(const irep_idt &function,
diff --git a/unit/Makefile b/unit/Makefile
index 8f428b055d6..a48b3ca2c2c 100644
--- a/unit/Makefile
+++ b/unit/Makefile
@@ -2,6 +2,7 @@
 
 SRC = unit_tests.cpp \
       catch_example.cpp \
+      analyses/call_graph.cpp \
       java_bytecode/java_bytecode_convert_class/convert_abstract_class.cpp \
       solvers/refinement/string_constraint_generator_valueof/is_digit_with_radix.cpp \
       solvers/refinement/string_constraint_generator_valueof/get_numeric_value_from_character.cpp \
diff --git a/unit/analyses/call_graph.cpp b/unit/analyses/call_graph.cpp
new file mode 100644
index 00000000000..adc2e75e6c8
--- /dev/null
+++ b/unit/analyses/call_graph.cpp
@@ -0,0 +1,123 @@
+
+#include <iostream>
+
+#include <catch.hpp>
+
+#include <analyses/call_graph.h>
+
+#include <util/symbol_table.h>
+#include <util/std_code.h>
+
+#include <goto-programs/goto_convert_functions.h>
+
+static symbolt create_void_function_symbol(
+  const irep_idt &name,
+  const codet &code)
+{
+  code_typet void_function_type;
+  symbolt function;
+  function.name=name;
+  function.type=void_function_type;
+  function.mode=ID_java;
+  function.value=code;
+  return function;
+}
+
+static bool multimap_key_matches(
+  const std::multimap<irep_idt, irep_idt> &map,
+  const irep_idt &key,
+  const std::set<irep_idt> &values)
+{
+  auto matching_values=map.equal_range(key);
+  std::set<irep_idt> matching_set;
+  for(auto it=matching_values.first; it!=matching_values.second; ++it)
+    matching_set.insert(it->second);
+  return matching_set==values;
+}
+
+SCENARIO("call_graph",
+  "[core][util][call_graph]")
+{
+
+  GIVEN("Some cyclic function calls")
+  {
+
+    // Create code like:
+    // void A()
+    // {
+    //    A();
+    //    B();
+    // }
+    // void B()
+    // {
+    //   C();
+    //   D();
+    // }
+    // void C() { }
+    // void D() { }
+
+    symbol_tablet symbol_table;
+    code_typet void_function_type;
+
+    {
+      code_blockt calls;
+      code_function_callt call1;
+      call1.function()=symbol_exprt("A", void_function_type);
+      code_function_callt call2;
+      call2.function()=symbol_exprt("B", void_function_type);
+      calls.move_to_operands(call1);
+      calls.move_to_operands(call2);
+
+      symbol_table.add(create_void_function_symbol("A", calls));
+    }
+
+    {
+      code_blockt calls;
+      code_function_callt call1;
+      call1.function()=symbol_exprt("C", void_function_type);
+      code_function_callt call2;
+      call2.function()=symbol_exprt("D", void_function_type);
+      calls.move_to_operands(call1);
+      calls.move_to_operands(call2);
+
+      symbol_table.add(create_void_function_symbol("B", calls));
+    }
+
+    symbol_table.add(create_void_function_symbol("C", code_skipt()));
+    symbol_table.add(create_void_function_symbol("D", code_skipt()));
+
+    goto_functionst goto_functions;
+    stream_message_handlert msg(std::cout);
+    goto_convert(symbol_table, goto_functions, msg);
+
+    call_grapht call_graph_from_goto_functions(goto_functions);
+
+    WHEN("A call graph is constructed from the GOTO functions")
+    {
+      THEN("We expect A -> { A, B }, B -> { C, D }")
+      {
+        const auto &check_graph=call_graph_from_goto_functions.graph;
+        REQUIRE(check_graph.size()==4);
+        REQUIRE(multimap_key_matches(check_graph, "A", {"A", "B"}));
+        REQUIRE(multimap_key_matches(check_graph, "B", {"C", "D"}));
+      }
+    }
+
+    WHEN("The call graph is inverted")
+    {
+      call_grapht inverse_call_graph_from_goto_functions=
+        call_graph_from_goto_functions.get_inverted();
+      THEN("We expect A -> { A }, B -> { A }, C -> { B }, D -> { B }")
+      {
+        const auto &check_graph=inverse_call_graph_from_goto_functions.graph;
+        REQUIRE(check_graph.size()==4);
+        REQUIRE(multimap_key_matches(check_graph, "A", {"A"}));
+        REQUIRE(multimap_key_matches(check_graph, "B", {"A"}));
+        REQUIRE(multimap_key_matches(check_graph, "C", {"B"}));
+        REQUIRE(multimap_key_matches(check_graph, "D", {"B"}));
+      }
+    }
+
+  }
+
+}

From 728bbc3838d212345a533e603a9c6a1932015310 Mon Sep 17 00:00:00 2001
From: Cristina <cristina.david@gmail.com>
Date: Mon, 3 Jul 2017 12:08:58 +0100
Subject: [PATCH 417/699] Consider implicit exceptions when building the CFG
 from bytecode

---
 src/java_bytecode/java_bytecode_convert_method.cpp | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/java_bytecode/java_bytecode_convert_method.cpp b/src/java_bytecode/java_bytecode_convert_method.cpp
index 190de5ac702..4ae7c72ed69 100644
--- a/src/java_bytecode/java_bytecode_convert_method.cpp
+++ b/src/java_bytecode/java_bytecode_convert_method.cpp
@@ -1046,6 +1046,13 @@ codet java_bytecode_convert_methodt::convert_instructions(
     }
 
     if(i_it->statement=="athrow" ||
+       i_it->statement=="putfield" ||
+       i_it->statement=="getfield" ||
+       i_it->statement=="checkcast" ||
+       i_it->statement=="newarray" ||
+       i_it->statement=="anewarray" ||
+       i_it->statement==patternt("?astore") ||
+       i_it->statement==patternt("?aload") ||
        i_it->statement=="invokestatic" ||
        i_it->statement=="invokevirtual" ||
        i_it->statement=="invokespecial" ||

From 68f6ccd4206a8de55d3228510f468bd34d2e1d77 Mon Sep 17 00:00:00 2001
From: Cristina <cristina.david@gmail.com>
Date: Mon, 3 Jul 2017 12:10:18 +0100
Subject: [PATCH 418/699] Adjust regression tests for exceptions: given that we
 now consider implicit exceptions when building the CFG, there is no need for
 the redundant explicit throws

---
 .../ArrayIndexOutOfBoundsExceptionTest.class    | Bin 917 -> 875 bytes
 .../ArrayIndexOutOfBoundsExceptionTest.java     |   1 -
 .../ArrayIndexOutOfBoundsException1/test.desc   |   2 +-
 .../ClassCastExceptionTest.class                | Bin 976 -> 899 bytes
 .../ClassCastExceptionTest.java                 |   1 -
 .../cbmc-java/ClassCastException1/test.desc     |   2 +-
 .../ClassCastExceptionTest.java                 |   3 ---
 .../cbmc-java/NullPointerException2/Test.class  | Bin 825 -> 808 bytes
 .../cbmc-java/NullPointerException2/Test.java   |   3 ---
 .../cbmc-java/NullPointerException2/test.desc   |   2 +-
 .../cbmc-java/NullPointerException3/Test.class  | Bin 835 -> 808 bytes
 .../cbmc-java/NullPointerException3/Test.java   |   3 ---
 .../cbmc-java/NullPointerException3/test.desc   |   2 +-
 13 files changed, 4 insertions(+), 15 deletions(-)

diff --git a/regression/cbmc-java/ArrayIndexOutOfBoundsException1/ArrayIndexOutOfBoundsExceptionTest.class b/regression/cbmc-java/ArrayIndexOutOfBoundsException1/ArrayIndexOutOfBoundsExceptionTest.class
index 4aeaf6432915086b1bbff6f6210a348e21fa04ad..ca15fe999ec3297420eeb127a4394f9c1e01b4c6 100644
GIT binary patch
delta 367
zcmXw!%`O8`7>1v7&UDUnI;t(II%xe<v5{VYAhFQI+O60Kw=l8k4Rl>iND%gJz(u$R
z@y-#O^ZmSk-+A!g@!<34<sBF@NJ;2<`c+~!Jew&|Id7$Gv*X#F9yg5X7iZ?&)yRs8
zIdWCf;>(=Idl~y26g_*9$8rJF=pay?!yvlex#G^YZ|mB{n#5sVZ;3#K22Ir}Efz|y
z`g>`uYVP0C(V=%&6I!E3+?d)c(e*Qxk7*Dm3a}!V)?JyS!y{QHva8`0k!YWWxSPI+
zCA`Rz#F<2GmV-@Bhm~M~ME25?*QH$jJ6^yr(4g6hpYUURG$C>`+*F_q@&7;TYE!{x
LCq|mJ0I&Z7O)VfD

delta 442
zcmZWlyG{Z@6g{)A*<Ds#@P(+biVp+{(a_l#qp=~;*ijNg3`WrcjUA;Qu(9C>tiePQ
zG16Q4AO3-b@ywcNVKH;>xpU7sbMJ?BFSp*lo?ih}P;%j7QDVu3ree;4jb(`y7nZ`S
zF4mBjSnm~lA#&li*ei`8E|5N}-_*<J_10<m_`20@UNrV^Pa0S4=4DGD|MwWai;U?Z
z1~2T3U8~@sh>h@59CU0t1Hw<KM`k(%D9wAEsLUuB&B6ep$3%nA+lq<;3Fh8U1Cp2^
zaxjT0RuuV;Vj5#0U)*X@>W4#UwE^@|wGXq4*br8&Gk_fRA_<?;1}VxQO$!hiFu4hf
zHJfG*vizko4cKSUdKxq2CiveJW+Rn=+&Om4^GIk%5({yXGruEMqBbCrw4dN?b|H-i
W82Tg3|MMvk6PmZ9wvZ*z5PSoAKQi0^

diff --git a/regression/cbmc-java/ArrayIndexOutOfBoundsException1/ArrayIndexOutOfBoundsExceptionTest.java b/regression/cbmc-java/ArrayIndexOutOfBoundsException1/ArrayIndexOutOfBoundsExceptionTest.java
index 265b89ec489..2013694f875 100644
--- a/regression/cbmc-java/ArrayIndexOutOfBoundsException1/ArrayIndexOutOfBoundsExceptionTest.java
+++ b/regression/cbmc-java/ArrayIndexOutOfBoundsException1/ArrayIndexOutOfBoundsExceptionTest.java
@@ -3,7 +3,6 @@ public static void main(String args[]) {
       try {
           int[] a=new int[4];
           a[4]=0;
-          throw new RuntimeException();
       }
       catch (ArrayIndexOutOfBoundsException exc) {
           assert false;
diff --git a/regression/cbmc-java/ArrayIndexOutOfBoundsException1/test.desc b/regression/cbmc-java/ArrayIndexOutOfBoundsException1/test.desc
index 092cbf0b1f4..e6216e07c79 100644
--- a/regression/cbmc-java/ArrayIndexOutOfBoundsException1/test.desc
+++ b/regression/cbmc-java/ArrayIndexOutOfBoundsException1/test.desc
@@ -3,7 +3,7 @@ ArrayIndexOutOfBoundsExceptionTest.class
 --java-throw-runtime-exceptions
 ^EXIT=10$
 ^SIGNAL=0$
-^.*assertion at file ArrayIndexOutOfBoundsExceptionTest.java line 9 function.*: FAILURE$
+^.*assertion at file ArrayIndexOutOfBoundsExceptionTest.java line 8 function.*: FAILURE$
 ^VERIFICATION FAILED$
 --
 ^warning: ignoring
diff --git a/regression/cbmc-java/ClassCastException1/ClassCastExceptionTest.class b/regression/cbmc-java/ClassCastException1/ClassCastExceptionTest.class
index de62bd5ca58363ea34481a67386f6eb76a94ba00..f791d7e4fcd6d53f6131994620d78c4b0c00221f 100644
GIT binary patch
delta 449
zcmZWlxk>|36g}_F@-mY#%ecio;}SJdM<t4lAXo`1h&HJtMF@(d2*Eamjjc?VA4nY)
z0|wOE%75@b#PcF(Ve#&M&bjw}s2jEQ{`LF<pok3@am*^rxsaGwSWw70aImPb<U;Az
zvWq+l3M+TJkC7|RL@qiPJ7EGzf%Ikhx*T4WYt`_e)~Hk~bq@)w3Z(uTr;YkWtr~rb
z!0<2-DY<R0c?hu{?aSk)Lw!J`GGLRD0YQc&ZHie)FX*j&7ox*JB28=eivm7l?`Hsm
z7-HsN7$dA`@GZ#<`k)6{GP*Dh3vV!w+VBtWVYd+PK{ZQV#9ljnjs&?aBDBIdH2{-*
z7T0lDQ&fu~%XPJCmUFr{iVU$nXU2%ps|J|BB>fbhf;>@}P7pZrdsDGL2BdxG37c*U
Y%51|l9$^1JP?K1Y-k$!3EE9>~8%1q0QUCw|

delta 510
zcmYLF%TB^j5Iwi0+|pKUQ40dT1r=0$0CA&n<H7_r(L}?Nn1*1q8iGbwEc^n}g$Y04
z8a0wgB5rl%SGe~FjMEas;?A8j=ggV8_l|$@jnCiLHvk#r6!am%F{?np9LGFIQi0@_
zQURz~;8;`;aPg9YG?qD5>e*+L-7*C8r^V}H`mAV|(udVb*)G+;k6FsuWb6An3<jge
z@7PtVWK}fiSY^<AM7NP4(kmTY+12v7wS9A9T~^B%Hbbob6O%ObW5D@fIsckQn`a$K
z*o&&PKEU*_OHw9+++k1*I<{ce2C3#JL>dfH)Vy56Fib)Lgb;SMl;2aYNOz(Qp&+&(
z=2P$R?Y1EmTJU%BkB}Qs+XxU;I!({VBo|Iy?vx140es{s(Jp>sWQ1x2<22MAo%F~)
zjF6O(L`D=b`t=ayqZsoH6Bx$?X(#D$2uB=Ku5h~hA}VG)8DIp}7ibM|-vfN&6XYh5
Vg15;3b6pQzf}m|NYMSx*_#bF4NGJdR

diff --git a/regression/cbmc-java/ClassCastException1/ClassCastExceptionTest.java b/regression/cbmc-java/ClassCastException1/ClassCastExceptionTest.java
index bb7eacd1647..e3a87f5a163 100644
--- a/regression/cbmc-java/ClassCastException1/ClassCastExceptionTest.java
+++ b/regression/cbmc-java/ClassCastException1/ClassCastExceptionTest.java
@@ -3,7 +3,6 @@ public static void main(String args[]) {
       try {
           Object x = new Integer(0);
           String y = (String)x;
-          throw new RuntimeException();
       }
       catch (ClassCastException exc) {
           assert false;
diff --git a/regression/cbmc-java/ClassCastException1/test.desc b/regression/cbmc-java/ClassCastException1/test.desc
index 983d5f730d8..fa84bf185ab 100644
--- a/regression/cbmc-java/ClassCastException1/test.desc
+++ b/regression/cbmc-java/ClassCastException1/test.desc
@@ -3,7 +3,7 @@ ClassCastExceptionTest.class
 --java-throw-runtime-exceptions
 ^EXIT=10$
 ^SIGNAL=0$
-^.*assertion at file ClassCastExceptionTest.java line 9 function.*: FAILURE$
+^.*assertion at file ClassCastExceptionTest.java line 8 function.*: FAILURE$
 ^VERIFICATION FAILED$
 --
 ^warning: ignoring
diff --git a/regression/cbmc-java/ClassCastException2/ClassCastExceptionTest.java b/regression/cbmc-java/ClassCastException2/ClassCastExceptionTest.java
index d8979415dbc..6b83050ca6a 100644
--- a/regression/cbmc-java/ClassCastException2/ClassCastExceptionTest.java
+++ b/regression/cbmc-java/ClassCastException2/ClassCastExceptionTest.java
@@ -9,9 +9,6 @@ public static void main(String args[]) {
       try {
           A c = new C();
           B b = (B)c;
-          // TODO: an explicit throw is currently needed in order
-          // for CBMC to convert the exception handler
-          throw new RuntimeException();
       }
       catch (ClassCastException exc) {
           assert false;
diff --git a/regression/cbmc-java/NullPointerException2/Test.class b/regression/cbmc-java/NullPointerException2/Test.class
index e49a2d70d61d80ae510fd2c7c04b3461001cf46e..9885d01cc779a248b469d9b1ebf6e6ad74e8c3c4 100644
GIT binary patch
delta 414
zcmZXQ$xcE+5JgYFsd<CQ-~c!wASkG)Az|wW=*pFe|3c#4g?T%EKo@S%C{YvL`zQW{
zdLJfkOea-!t8d*~-Os^o(Es>)c>@L<MT9g$nzSriA(pnK6XDaaY)9<Swe+rspSEJz
z6(#MMcAPLLl(5HsdSRMwM4VolR?ts4;4r;2XCo_JFog=bROMpOm||Y2uWXe4?i4do
z;V`cl%$k;h>g1O|k&;kInFV#S;VZFS<(fI^xsNzEluqyQ#>B7q=Tn0B2_qwtmA9*t
zN!KKv$vE1^suO9KSaMaFWp;J(GQ7x=I2nJLin60v6*8;{m2ti`>R47SYZ%LVo*Wy0
k4;#$3hGDT}pU91|-VL7nfcO8EnV^r89A|$~pLuQm0KsD;&;S4c

delta 414
zcmXw#yG{Z@7=^!?g&lTTVG%_HxhQzWyBJ$zt%-@1FJj9x=yp_g+M-dTCer&RzJz)f
z;}nzs%>Vu8%*?(2>K}c6zkL9G4ny*E1D08FtcG}W9cuvr>yC{Om+D@~CR>i}>zyxG
zbL<F7T4tqKpePlw%bvlUB<H5%MNB1Ert9xV9MDg0%|$&>2AH^tnyNeu8r2>r1zQ=E
zbmmK;xM}Utq|Q=iMk-*IO3JFf!D<>>=CtQMVc+pCU&xHl9`J|c-*J+;@kqE;K#{EQ
z)V`*G)XM5AZW12LutZZKgEX@(FjixZsvspWuOU=7sIwr$hEy5*BUkHaIw8i<E|6pK
q?=b@U0@GER4xR~zxXc|H?-75bLp!<3|4UQ9EH*mM>+e{a^gF*FCMDVc

diff --git a/regression/cbmc-java/NullPointerException2/Test.java b/regression/cbmc-java/NullPointerException2/Test.java
index cf04d9edefb..684e6725a70 100644
--- a/regression/cbmc-java/NullPointerException2/Test.java
+++ b/regression/cbmc-java/NullPointerException2/Test.java
@@ -9,9 +9,6 @@ public static void main(String args[]) {
         A a=null;
         try {
             a.i=0;
-            // TODO: an explicit throw is currently needed in order
-            // for CBMC to convert the exception handler
-            throw new B();
         }
         catch (NullPointerException exc) {
             assert false;
diff --git a/regression/cbmc-java/NullPointerException2/test.desc b/regression/cbmc-java/NullPointerException2/test.desc
index ed7e923ae16..e4ad2c5739d 100644
--- a/regression/cbmc-java/NullPointerException2/test.desc
+++ b/regression/cbmc-java/NullPointerException2/test.desc
@@ -3,7 +3,7 @@ Test.class
 --java-throw-runtime-exceptions
 ^EXIT=10$
 ^SIGNAL=0$
-^.*assertion at file Test.java line 17 function.*: FAILURE$
+^.*assertion at file Test.java line 14 function.*: FAILURE$
 ^VERIFICATION FAILED$
 --
 ^warning: ignoring
diff --git a/regression/cbmc-java/NullPointerException3/Test.class b/regression/cbmc-java/NullPointerException3/Test.class
index 77c124a4b869c9928a2fcd98c00f3c6e75d7bc1a..7f90d2404b45c668bd96c959b043abc63a9c526f 100644
GIT binary patch
delta 452
zcmZXQOD{uF6otQY+uNhJS5>|0RrRJG7inT7VJIQSW=cdfVkD-<BnC}q{R2#kkdQDi
z5hi{S)~UoqPR`zY?X11lKIb)YorvDQ9-n~{O94qnl8iED8Bb!FuuKN{j98`urYTxx
zs>|oqw;h|a%!*Zu%tSh*RVZYRc|*SXnfF5iQnd>+HXem6uxQ9s%BSV%sC;}7ZS7X}
z_f8CEP4`fDz4l>BXIAcDGC4P^DuzMIifN%p*(m$P2TVhSN1I}z*|cO-hra~c$qFUu
zpi><;d?|KJxzB9O+~KWUk=?u@UMKa0zx_bsrNNmI$;vyX<D~l}?qob|W7P??OG<LR
zGIMqX@f_}=TO7ylA*bvq_6iyLg*x!QHR@RgEQ1(JK1~Zle-A4)w}$2Rti7kDj*VXt
VkKGdg|4Jw5<Atm4FA7bs;U8afEjj=I

delta 438
zcmYk2OD{t~7>1vj)1K)$j^5mgYEg>1l&V-s#7;tDYis8Z*miB%oLysK$JQkzBt-1|
zD7@#`$Rso0JKuYmZ*KihfA{PA<qhbv6EZ|IV2NeNN{C0((FzDyb*zQB1h0o|&~|M0
z+n2sMH<-iz)0wL}wnUEWrdh~S5Q><fqV_?2Vj5n=aC~7F{7%F+-T2x}#vi6L9Vih@
zv4RMyJPeX+FUEO0-Ye<O7ee7>?NM518DUf?V2tsEtNIEnHPp?~>LYgV74P(!%=_^@
z{(zxZoM7(#PIRk)0$I@$`zZw^R#s1OX?RhFC29)kC7CTUYUGk}L@J6hDUnUGn5L@J
zGNV<KbzNu#`y+qrn03ry9P@d}8-HVo&`pPcQaN}c9N;oHWV{FbyVUF7%wwrx78~vB
JCs|1Qi@(-oDcJx3

diff --git a/regression/cbmc-java/NullPointerException3/Test.java b/regression/cbmc-java/NullPointerException3/Test.java
index 35df442dd61..398d90b0c21 100644
--- a/regression/cbmc-java/NullPointerException3/Test.java
+++ b/regression/cbmc-java/NullPointerException3/Test.java
@@ -9,9 +9,6 @@ public static void main(String args[]) {
         A a=null;
         try {
             int i=a.i;
-            // TODO: an explicit throw is currently needed in order
-            // for CBMC to convert the exception handler
-            throw new B();
         }
         catch (NullPointerException exc) {
             assert false;
diff --git a/regression/cbmc-java/NullPointerException3/test.desc b/regression/cbmc-java/NullPointerException3/test.desc
index ed7e923ae16..e4ad2c5739d 100644
--- a/regression/cbmc-java/NullPointerException3/test.desc
+++ b/regression/cbmc-java/NullPointerException3/test.desc
@@ -3,7 +3,7 @@ Test.class
 --java-throw-runtime-exceptions
 ^EXIT=10$
 ^SIGNAL=0$
-^.*assertion at file Test.java line 17 function.*: FAILURE$
+^.*assertion at file Test.java line 14 function.*: FAILURE$
 ^VERIFICATION FAILED$
 --
 ^warning: ignoring

From 85b2a6d824dc7b4a5c1dbe766c7b59fb0d0523ef Mon Sep 17 00:00:00 2001
From: Cristina <cristina.david@gmail.com>
Date: Wed, 5 Jul 2017 20:58:24 +0100
Subject: [PATCH 419/699] Added two more tests for runtime exceptions

---
 .../ArrayIndexOutOfBoundsExceptionTest.class      | Bin 0 -> 875 bytes
 .../ArrayIndexOutOfBoundsExceptionTest.java       |  11 +++++++++++
 .../ArrayIndexOutOfBoundsException2/test.desc     |   9 +++++++++
 .../NegativeArraySizeExceptionTest.class          | Bin 0 -> 828 bytes
 .../NegativeArraySizeExceptionTest.java           |  10 ++++++++++
 .../NegativeArraySizeException/test.desc          |   9 +++++++++
 6 files changed, 39 insertions(+)
 create mode 100644 regression/cbmc-java/ArrayIndexOutOfBoundsException2/ArrayIndexOutOfBoundsExceptionTest.class
 create mode 100644 regression/cbmc-java/ArrayIndexOutOfBoundsException2/ArrayIndexOutOfBoundsExceptionTest.java
 create mode 100644 regression/cbmc-java/ArrayIndexOutOfBoundsException2/test.desc
 create mode 100644 regression/cbmc-java/NegativeArraySizeException/NegativeArraySizeExceptionTest.class
 create mode 100644 regression/cbmc-java/NegativeArraySizeException/NegativeArraySizeExceptionTest.java
 create mode 100644 regression/cbmc-java/NegativeArraySizeException/test.desc

diff --git a/regression/cbmc-java/ArrayIndexOutOfBoundsException2/ArrayIndexOutOfBoundsExceptionTest.class b/regression/cbmc-java/ArrayIndexOutOfBoundsException2/ArrayIndexOutOfBoundsExceptionTest.class
new file mode 100644
index 0000000000000000000000000000000000000000..3de63e25a0fbd797d481ae5044d5c401a74ce156
GIT binary patch
literal 875
zcmaJ<O>fgc5PcInvE#TUO`wDZ=m&wOL253&wIE6<Qbiz#RF!B?8+!>Zsa>sY6t4V?
z{(+tg5|seKogammwOUdMl*`V}?3?#ycIMabuRj2+q2<8FyoH4#3RtwT<iOPaJqHck
zxA1^aZHPFQDhZ-6eip={Ka@U!_6dcJAPkbn1f#jKM=-Y{UlOi$f>6FnkNQ&WYA~VF
zi99jf6DrXDMbJ#%1~H-0*;Gn=*a>|(>ZVEe&C@6i{djxi$zv_KE8}FHxsOB;5@wqR
zokQ_nw1*-bw0nsP!oj-MCPBy@>~JY^<Plm|P?PyJw@?GFr1~Ff!c;F2-n*CLI4he!
ziePVe!;8k9UX&_NJ`Z%8%afIKC#$-67bUoa=D3l`i7tw82(>Ht%Ykew6)D2fWCE>h
zVcA6!D}?fxr`tc2Ucw_Ahqi`1ZT@Iq#(|Rl=A{yULz40Xk9r@Ayeu~F50z`WHoh4k
z-4&lx?6uhv+kERBbjFt)rui&nL6+mYhB5$U%&;w@f+|OJ@<&D+Z0pu{r}NNWeRRqT
z^a;iZO5b3<K1crNS(a?GqK0bfIVK0MuE~@()0JScgw1g$lUrb%e!Y$xoa=JVEN*5j
zb<}VxV*uymURbD4bK>p4&8%fGV5U;|0_y~pc?#3`4CCL%=9njsoclz#e}|nM?*0K+
C<Gy+T

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/ArrayIndexOutOfBoundsException2/ArrayIndexOutOfBoundsExceptionTest.java b/regression/cbmc-java/ArrayIndexOutOfBoundsException2/ArrayIndexOutOfBoundsExceptionTest.java
new file mode 100644
index 00000000000..b1f8683115e
--- /dev/null
+++ b/regression/cbmc-java/ArrayIndexOutOfBoundsException2/ArrayIndexOutOfBoundsExceptionTest.java
@@ -0,0 +1,11 @@
+public class ArrayIndexOutOfBoundsExceptionTest {
+  public static void main(String args[]) {
+      try {
+          int[] a=new int[4];
+          int i=a[5];
+      }
+      catch (ArrayIndexOutOfBoundsException exc) {
+          assert false;
+      }
+  }
+}
diff --git a/regression/cbmc-java/ArrayIndexOutOfBoundsException2/test.desc b/regression/cbmc-java/ArrayIndexOutOfBoundsException2/test.desc
new file mode 100644
index 00000000000..e6216e07c79
--- /dev/null
+++ b/regression/cbmc-java/ArrayIndexOutOfBoundsException2/test.desc
@@ -0,0 +1,9 @@
+CORE
+ArrayIndexOutOfBoundsExceptionTest.class
+--java-throw-runtime-exceptions
+^EXIT=10$
+^SIGNAL=0$
+^.*assertion at file ArrayIndexOutOfBoundsExceptionTest.java line 8 function.*: FAILURE$
+^VERIFICATION FAILED$
+--
+^warning: ignoring
diff --git a/regression/cbmc-java/NegativeArraySizeException/NegativeArraySizeExceptionTest.class b/regression/cbmc-java/NegativeArraySizeException/NegativeArraySizeExceptionTest.class
new file mode 100644
index 0000000000000000000000000000000000000000..70adc3ee839bbd35bbe649fc544a92d7d9185894
GIT binary patch
literal 828
zcmZ`%T~8B16g_u$+i91ArPa26AxOpQgMHx*VkC&ZtoTqu0zOT*lQOXEHnUrT{uKTI
z&uAiv8h!Ui8SiY6nrI((X71f{&pCJI{`~djJAhSme3WosV4;j69tbS@@NB%~;~|y>
z+Jt&rrl~TSPU7^XPGvt*0|M<6it9So*>i&1d9q9JHj{xO+z526w#UbPWp*r>Pz#b!
zM!V8z8($^8>_Df4#b8?vWu{NmhB5MePk&Hbr=c2IxgC{eYs`Brbxde<-UWy9M0O(?
z54*k0=y<qhbzOBD5?22DIi1qdNi$^O`hVC6v%O4)M{ndPcggocD6NOlRiAz@8JkeO
z(zdJR=_=OvGwZd28B_@EiSOw}6_nu<S`+NXpL^djCNYGC>BUx2;86uDcuc5HINtUT
zRhaRsOj4T>KPcblK&9HK!L<svo{jkjzve!ccpgeTB2;ZzUwm>wwi{k&IqLFGyceEc
zf-d;rV2;;fo@6;bTPOoi#XRq2)KKS)Egmu2;l1g6^MiAqkB@NAF!L4O-X#h@F7iST
zf<bOh+h7{-WP0pL<jw>dOlf5rj4CneCT`_*P0lnq-{OxMUJKlwW5Atj>#I2on6DK-
cL!3c)=kVN5aQ|(?auncHUf5>ua^T?JZ$~(^bpQYW

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/NegativeArraySizeException/NegativeArraySizeExceptionTest.java b/regression/cbmc-java/NegativeArraySizeException/NegativeArraySizeExceptionTest.java
new file mode 100644
index 00000000000..d9c9859aa1f
--- /dev/null
+++ b/regression/cbmc-java/NegativeArraySizeException/NegativeArraySizeExceptionTest.java
@@ -0,0 +1,10 @@
+public class NegativeArraySizeExceptionTest {
+  public static void main(String args[]) {
+      try {
+          int a[]=new int[-1];
+      }
+      catch (NegativeArraySizeException exc) {
+          assert false;
+      }
+  }
+}
diff --git a/regression/cbmc-java/NegativeArraySizeException/test.desc b/regression/cbmc-java/NegativeArraySizeException/test.desc
new file mode 100644
index 00000000000..a203a79a628
--- /dev/null
+++ b/regression/cbmc-java/NegativeArraySizeException/test.desc
@@ -0,0 +1,9 @@
+CORE
+NegativeArraySizeExceptionTest.class
+--java-throw-runtime-exceptions
+^EXIT=10$
+^SIGNAL=0$
+^.*assertion at file NegativeArraySizeExceptionTest.java line 7 function.*: FAILURE$
+^VERIFICATION FAILED$
+--
+^warning: ignoring

From 4da42f98562c249e6da810d9ed7f6b805363956a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Matthias=20G=C3=BCdemann?= <matthias.guedemann@diffblue.com>
Date: Wed, 12 Jul 2017 17:48:34 +0200
Subject: [PATCH 420/699] Skip functions not in the symbol table in remove
 <clinit> loops

This checks whether a function symbol is in the symbol table before it tries to
remove loops from the static initializer. It also emits a warning message in
this case.
---
 src/cbmc/cbmc_parse_options.cpp               |  6 +++++-
 .../remove_static_init_loops.cpp              | 21 ++++++++++++++-----
 src/goto-programs/remove_static_init_loops.h  |  4 +++-
 3 files changed, 24 insertions(+), 7 deletions(-)

diff --git a/src/cbmc/cbmc_parse_options.cpp b/src/cbmc/cbmc_parse_options.cpp
index 1dba025b40d..3ea44b82999 100644
--- a/src/cbmc/cbmc_parse_options.cpp
+++ b/src/cbmc/cbmc_parse_options.cpp
@@ -506,7 +506,11 @@ int cbmc_parse_optionst::doit()
   // unwinds <clinit> loops to number of enum elements
   // side effect: add this as explicit unwind to unwind set
   if(options.get_bool_option("java-unwind-enum-static"))
-    remove_static_init_loops(symbol_table, goto_functions, options);
+    remove_static_init_loops(
+      symbol_table,
+      goto_functions,
+      options,
+      ui_message_handler);
 
   // get solver
   cbmc_solverst cbmc_solvers(options, symbol_table, ui_message_handler);
diff --git a/src/goto-programs/remove_static_init_loops.cpp b/src/goto-programs/remove_static_init_loops.cpp
index 1c5065c63d4..871bb972191 100644
--- a/src/goto-programs/remove_static_init_loops.cpp
+++ b/src/goto-programs/remove_static_init_loops.cpp
@@ -11,7 +11,6 @@ Author: Daniel Kroening, kroening@kroening.com
 
 #include <algorithm>
 
-#include <util/message.h>
 #include <util/suffix.h>
 #include <util/string2int.h>
 
@@ -27,7 +26,8 @@ class remove_static_init_loopst
 
   void unwind_enum_static(
     const goto_functionst &goto_functions,
-    optionst &options);
+    optionst &options,
+    message_handlert &);
 protected:
   const symbol_tablet &symbol_table;
 };
@@ -38,9 +38,12 @@ class remove_static_init_loopst
 /// \return side effect is adding <clinit> loops to unwindset
 void remove_static_init_loopst::unwind_enum_static(
   const goto_functionst &goto_functions,
-  optionst &options)
+  optionst &options,
+  message_handlert &msg)
 {
   size_t unwind_max=0;
+  messaget message;
+  message.set_message_handler(msg);
   forall_goto_functions(f, goto_functions)
   {
     auto &p=f->second.body;
@@ -53,6 +56,13 @@ void remove_static_init_loopst::unwind_enum_static(
         const std::string java_clinit="<clinit>:()V";
         const std::string &fname=id2string(ins.function);
         size_t class_prefix_length=fname.find_last_of('.');
+        // is the function symbol in the symbol table?
+        if(!symbol_table.has_symbol(ins.function))
+        {
+          message.warning() << "function `" << id2string(ins.function)
+                            << "` is not in symbol table" << messaget::eom;
+          continue;
+        }
         // is Java function and static init?
         const symbolt &function_name=symbol_table.lookup(ins.function);
         if(!(function_name.mode==ID_java && has_suffix(fname, java_clinit)))
@@ -96,8 +106,9 @@ void remove_static_init_loopst::unwind_enum_static(
 void remove_static_init_loops(
   const symbol_tablet &symbol_table,
   const goto_functionst &goto_functions,
-  optionst &options)
+  optionst &options,
+  message_handlert &msg)
 {
   remove_static_init_loopst remove_loops(symbol_table);
-  remove_loops.unwind_enum_static(goto_functions, options);
+  remove_loops.unwind_enum_static(goto_functions, options, msg);
 }
diff --git a/src/goto-programs/remove_static_init_loops.h b/src/goto-programs/remove_static_init_loops.h
index eee270215a2..3f781f6a70b 100644
--- a/src/goto-programs/remove_static_init_loops.h
+++ b/src/goto-programs/remove_static_init_loops.h
@@ -11,6 +11,7 @@ Author: Daniel Kroening, kroening@kroening.com
 
 #include <goto-programs/goto_functions.h>
 
+#include <util/message.h>
 #include <util/options.h>
 #include <util/symbol_table.h>
 
@@ -20,6 +21,7 @@ Author: Daniel Kroening, kroening@kroening.com
 void remove_static_init_loops(
   const symbol_tablet &,
   const goto_functionst &,
-  optionst &);
+  optionst &,
+  message_handlert &);
 
 #endif // CPROVER_GOTO_PROGRAMS_REMOVE_STATIC_INIT_LOOPS_H

From 88dbfcd3acdf5ecae37e5bd6ccc25394ad216e9c Mon Sep 17 00:00:00 2001
From: thk123 <thomas@diffblue.com>
Date: Fri, 14 Jul 2017 14:34:16 +0100
Subject: [PATCH 421/699] Added in parameter to correct call to gen_nondet_init

Previously, since the update_in_place parameter is optional and there is
one too few parameters, the NO_UPDATE_IN_PLACE was being interpreted as
the max_nondet_array_length (i.e. of 0) and the max_nondet_array_length
was being used as the assume_not_null (presumably true) and !nullable
was being used as create_dyn_objects. Took a guess it should be true.
---
 src/goto-programs/convert_nondet.cpp      |  3 +-
 src/java_bytecode/java_object_factory.cpp | 40 +++++++++++------------
 src/java_bytecode/java_object_factory.h   |  4 +--
 3 files changed, 24 insertions(+), 23 deletions(-)

diff --git a/src/goto-programs/convert_nondet.cpp b/src/goto-programs/convert_nondet.cpp
index 9e1a6d388c5..bd878d4cc4c 100644
--- a/src/goto-programs/convert_nondet.cpp
+++ b/src/goto-programs/convert_nondet.cpp
@@ -85,9 +85,10 @@ static goto_programt::targett insert_nondet_init_code(
     symbol_table,
     source_loc,
     true,
+    true,
     !nullable,
     max_nondet_array_length,
-    NO_UPDATE_IN_PLACE);
+    update_in_placet::NO_UPDATE_IN_PLACE);
 
   // Convert this code into goto instructions
   goto_programt new_instructions;
diff --git a/src/java_bytecode/java_object_factory.cpp b/src/java_bytecode/java_object_factory.cpp
index 8726cc5f931..e8b6e92308f 100644
--- a/src/java_bytecode/java_object_factory.cpp
+++ b/src/java_bytecode/java_object_factory.cpp
@@ -327,7 +327,7 @@ void java_object_factoryt::gen_pointer_target_init(
   bool create_dynamic_objects,
   update_in_placet update_in_place)
 {
-  assert(update_in_place!=MAY_UPDATE_IN_PLACE);
+  assert(update_in_place!=update_in_placet::MAY_UPDATE_IN_PLACE);
 
   if(target_type.id()==ID_struct &&
      has_prefix(
@@ -342,7 +342,7 @@ void java_object_factoryt::gen_pointer_target_init(
   else
   {
     exprt target;
-    if(update_in_place==NO_UPDATE_IN_PLACE)
+    if(update_in_place==update_in_placet::NO_UPDATE_IN_PLACE)
     {
       target=allocate_object(
         assignments,
@@ -428,7 +428,7 @@ void java_object_factoryt::gen_nondet_pointer_init(
     // If this is a recursive type of some kind, set null.
     if(!recursion_set.insert(struct_tag).second)
     {
-      if(update_in_place==NO_UPDATE_IN_PLACE)
+      if(update_in_place==update_in_placet::NO_UPDATE_IN_PLACE)
       {
         assignments.copy_to_operands(
           get_null_assignment(expr, pointer_type));
@@ -441,17 +441,17 @@ void java_object_factoryt::gen_nondet_pointer_init(
   code_blockt new_object_assignments;
   code_blockt update_in_place_assignments;
 
-  if(update_in_place!=NO_UPDATE_IN_PLACE)
+  if(update_in_place!=update_in_placet::NO_UPDATE_IN_PLACE)
   {
     gen_pointer_target_init(
       update_in_place_assignments,
       expr,
       subtype,
       create_dynamic_objects,
-      MUST_UPDATE_IN_PLACE);
+      update_in_placet::MUST_UPDATE_IN_PLACE);
   }
 
-  if(update_in_place==MUST_UPDATE_IN_PLACE)
+  if(update_in_place==update_in_placet::MUST_UPDATE_IN_PLACE)
   {
     assignments.append(update_in_place_assignments);
     return;
@@ -465,7 +465,7 @@ void java_object_factoryt::gen_nondet_pointer_init(
     expr,
     subtype,
     create_dynamic_objects,
-    NO_UPDATE_IN_PLACE);
+    update_in_placet::NO_UPDATE_IN_PLACE);
 
   // Determine whether the pointer can be null.
   // In particular the array field of a String should not be null.
@@ -506,13 +506,13 @@ void java_object_factoryt::gen_nondet_pointer_init(
 
   // Similarly to above, maybe use a conditional if both the
   // allocate-fresh and update-in-place cases are allowed:
-  if(update_in_place==NO_UPDATE_IN_PLACE)
+  if(update_in_place==update_in_placet::NO_UPDATE_IN_PLACE)
   {
     assignments.append(new_object_assignments);
   }
   else
   {
-    INVARIANT(update_in_place==MAY_UPDATE_IN_PLACE,
+    INVARIANT(update_in_place==update_in_placet::MAY_UPDATE_IN_PLACE,
       "No update and must update should have already been resolved");
 
     code_ifthenelset update_check;
@@ -604,7 +604,7 @@ void java_object_factoryt::gen_nondet_struct_init(
 
     if(name=="@class_identifier")
     {
-      if(update_in_place==MUST_UPDATE_IN_PLACE)
+      if(update_in_place==update_in_placet::MUST_UPDATE_IN_PLACE)
         continue;
 
       if(skip_classid)
@@ -618,7 +618,7 @@ void java_object_factoryt::gen_nondet_struct_init(
     }
     else if(name=="@lock")
     {
-      if(update_in_place==MUST_UPDATE_IN_PLACE)
+      if(update_in_place==update_in_placet::MUST_UPDATE_IN_PLACE)
         continue;
       code_assignt code(me, from_integer(0, me.type()));
       code.add_source_location()=loc;
@@ -634,8 +634,8 @@ void java_object_factoryt::gen_nondet_struct_init(
       // If this is a pointer to another object, offer the chance
       // to leave it alone by setting MAY_UPDATE_IN_PLACE instead.
       update_in_placet substruct_in_place=
-        update_in_place==MUST_UPDATE_IN_PLACE && !_is_sub ?
-        MAY_UPDATE_IN_PLACE :
+        update_in_place==update_in_placet::MUST_UPDATE_IN_PLACE && !_is_sub ?
+        update_in_placet::MAY_UPDATE_IN_PLACE :
         update_in_place;
       gen_nondet_init(
         assignments,
@@ -754,7 +754,7 @@ void java_object_factoryt::allocate_nondet_length_array(
     false,
     false,
     typet(),
-    NO_UPDATE_IN_PLACE);
+    update_in_placet::NO_UPDATE_IN_PLACE);
 
   // Insert assumptions to bound its length:
   binary_relation_exprt
@@ -783,7 +783,7 @@ void java_object_factoryt::gen_nondet_array_init(
   update_in_placet update_in_place)
 {
   assert(expr.type().id()==ID_pointer);
-  assert(update_in_place!=MAY_UPDATE_IN_PLACE);
+  assert(update_in_place!=update_in_placet::MAY_UPDATE_IN_PLACE);
   const typet &type=ns.follow(expr.type().subtype());
   const struct_typet &struct_type=to_struct_type(type);
   assert(expr.type().subtype().id()==ID_symbol);
@@ -792,7 +792,7 @@ void java_object_factoryt::gen_nondet_array_init(
 
   auto max_length_expr=from_integer(max_nondet_array_length, java_int_type());
 
-  if(update_in_place==NO_UPDATE_IN_PLACE)
+  if(update_in_place==update_in_placet::NO_UPDATE_IN_PLACE)
   {
     allocate_nondet_length_array(
       assignments,
@@ -855,7 +855,7 @@ void java_object_factoryt::gen_nondet_array_init(
 
   assignments.move_to_operands(done_test);
 
-  if(update_in_place!=MUST_UPDATE_IN_PLACE)
+  if(update_in_place!=update_in_placet::MUST_UPDATE_IN_PLACE)
   {
     // Add a redundant if(counter == max_length) break
     // that is easier for the unwinder to understand.
@@ -874,8 +874,8 @@ void java_object_factoryt::gen_nondet_array_init(
   // If this is a pointer to another object, offer the chance
   // to leave it alone by setting MAY_UPDATE_IN_PLACE instead.
   update_in_placet child_update_in_place=
-    update_in_place==MUST_UPDATE_IN_PLACE ?
-    MAY_UPDATE_IN_PLACE :
+    update_in_place==update_in_placet::MUST_UPDATE_IN_PLACE ?
+    update_in_placet::MAY_UPDATE_IN_PLACE :
     update_in_place;
   gen_nondet_init(
     assignments,
@@ -950,7 +950,7 @@ exprt object_factory(
     false,
     false,
     typet(),
-    NO_UPDATE_IN_PLACE);
+    update_in_placet::NO_UPDATE_IN_PLACE);
 
   // Add the following code to init_code for each symbol that's been created:
   //   <type> <identifier>;
diff --git a/src/java_bytecode/java_object_factory.h b/src/java_bytecode/java_object_factory.h
index 287a8824c74..05f58de4e82 100644
--- a/src/java_bytecode/java_object_factory.h
+++ b/src/java_bytecode/java_object_factory.h
@@ -23,7 +23,7 @@ exprt object_factory(
   size_t max_nondet_array_length,
   const source_locationt &);
 
-enum update_in_placet
+enum class update_in_placet
 {
   NO_UPDATE_IN_PLACE,
   MAY_UPDATE_IN_PLACE,
@@ -39,7 +39,7 @@ void gen_nondet_init(
   bool create_dyn_objs,
   bool assume_non_null,
   size_t max_nondet_array_length,
-  update_in_placet update_in_place=NO_UPDATE_IN_PLACE);
+  update_in_placet update_in_place);
 
 exprt allocate_dynamic_object(
   const exprt &target_expr,

From 412becd69ba96adc5f8b1424a1511b4d3486a675 Mon Sep 17 00:00:00 2001
From: Jesse Sigal <jesse.sigal@gmail.com>
Date: Mon, 17 Jul 2017 14:05:33 +0100
Subject: [PATCH 422/699] Added `$assertionsDisabled` case in
 `java_bytecode_convert_methodt::convert_instructions` ("getstatic" branch).

In `java_bytecode_convert_methodt::convert_instructions` (specifically the branch for "getstatic"), the special case of `$assertionsDisabled` was handled incorrectly when `--lazy-methods` is enabled. The class associated with `$assertionsDisabled` was not registerd with lazy methods. This is now fixed.
---
 .../java_bytecode_convert_method.cpp            | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/src/java_bytecode/java_bytecode_convert_method.cpp b/src/java_bytecode/java_bytecode_convert_method.cpp
index 4ae7c72ed69..9494fd2539b 100644
--- a/src/java_bytecode/java_bytecode_convert_method.cpp
+++ b/src/java_bytecode/java_bytecode_convert_method.cpp
@@ -2011,18 +2011,27 @@ codet java_bytecode_convert_methodt::convert_instructions(
       assert(op.empty() && results.size()==1);
       symbol_exprt symbol_expr(arg0.type());
       const auto &field_name=arg0.get_string(ID_component_name);
+      const bool is_assertions_disabled_field=
+        field_name.find("$assertionsDisabled")!=std::string::npos;
       symbol_expr.set_identifier(arg0.get_string(ID_class)+"."+field_name);
-      if(lazy_methods && arg0.type().id()==ID_symbol)
+      if(lazy_methods)
       {
-        lazy_methods->add_needed_class(
-          to_symbol_type(arg0.type()).get_identifier());
+        if(arg0.type().id()==ID_symbol)
+        {
+          lazy_methods->add_needed_class(
+            to_symbol_type(arg0.type()).get_identifier());
+        }
+        else if(is_assertions_disabled_field)
+        {
+          lazy_methods->add_needed_class(arg0.get_string(ID_class));
+        }
       }
       results[0]=java_bytecode_promotion(symbol_expr);
 
       codet clinit_call=get_clinit_call(arg0.get_string(ID_class));
       if(clinit_call.get_statement()!=ID_skip)
         c=clinit_call;
-      else if(field_name.find("$assertionsDisabled")!=std::string::npos)
+      else if(is_assertions_disabled_field)
       {
         // set $assertionDisabled to false
         c=code_assignt(symbol_expr, false_exprt());

From d5566934802fe4d1aa4b038954d8e84683bf82ae Mon Sep 17 00:00:00 2001
From: Owen Jones <owen.jones@diffblue.com>
Date: Fri, 14 Jul 2017 17:09:23 +0100
Subject: [PATCH 423/699] Speed up parseInt and parseLong

At the same time we make them work better near the maximum and minimum
values for the given type
---
 .../string_constraint_generator_valueof.cpp   | 153 +++++++++++-------
 1 file changed, 92 insertions(+), 61 deletions(-)

diff --git a/src/solvers/refinement/string_constraint_generator_valueof.cpp b/src/solvers/refinement/string_constraint_generator_valueof.cpp
index c59a20dab81..4d2d2cc0b5e 100644
--- a/src/solvers/refinement/string_constraint_generator_valueof.cpp
+++ b/src/solvers/refinement/string_constraint_generator_valueof.cpp
@@ -411,92 +411,123 @@ exprt string_constraint_generatort::add_axioms_for_correct_number_format(
 
 /// add axioms corresponding to the Integer.parseInt java function
 /// \param f: a function application with either one string expression or one
-///   string expression and an expression for the radix
+///   string expression and an integer expression for the radix
 /// \return an integer expression
 exprt string_constraint_generatort::add_axioms_for_parse_int(
   const function_application_exprt &f)
 {
   PRECONDITION(f.arguments().size()==1 || f.arguments().size()==2);
-  string_exprt str=get_string_expr(f.arguments()[0]);
+  const string_exprt str=get_string_expr(f.arguments()[0]);
   const exprt radix=
     f.arguments().size()==1?
       static_cast<exprt>(from_integer(10, f.type())):
       static_cast<exprt>(typecast_exprt(f.arguments()[1], f.type()));
 
   const typet &type=f.type();
-  symbol_exprt i=fresh_symbol("parsed_int", type);
+  const symbol_exprt i=fresh_symbol("parsed_int", type);
+  const symbol_exprt sign=fresh_symbol("sign_of_parsed_int", type);
   const refined_string_typet &ref_type=to_refined_string_type(str.type());
   const typet &char_type=ref_type.get_char_type();
-  exprt minus_char=constant_char('-', char_type);
-  exprt plus_char=constant_char('+', char_type);
+  const exprt minus_char=constant_char('-', char_type);
+  const exprt plus_char=constant_char('+', char_type);
   assert(type.id()==ID_signedbv);
 
-  exprt chr=str[0];
-  exprt starts_with_minus=equal_exprt(chr, minus_char);
-  exprt starts_with_plus=equal_exprt(chr, plus_char);
-  exprt starts_with_digit=
+  const exprt chr=str[0];
+  const typet &index_type=ref_type.get_index_type();
+  const exprt zero_expr=from_integer(0, index_type);
+  const exprt one_expr=from_integer(1, index_type);
+  const exprt two_expr=from_integer(2, index_type);
+  const exprt starts_with_minus=equal_exprt(chr, minus_char);
+  const exprt starts_with_plus=equal_exprt(chr, plus_char);
+  const exprt starts_with_digit=
     not_exprt(or_exprt(starts_with_minus, starts_with_plus));
 
+  /// Currently we do not cope with excessive leading zeros. This value of
+  /// max_string_length is long enough to be able to represent every number in
+  /// every base. We experimented with making the max_string_length depend on
+  /// the base, but this did not make any difference.
+  const std::size_t max_string_length=to_bitvector_type(type).get_width()+1;
+
   /// TODO: we should throw an exception when this does not hold:
-  const std::size_t max_string_length=40;
   const exprt &correct=add_axioms_for_correct_number_format(
     str, radix, max_string_length);
   axioms.push_back(correct);
 
-  /// TODO(OJones): size should depend on the radix
-  /// TODO(OJones): we should deal with overflow properly
-  for(std::size_t size=1; size<=max_string_length; size++)
-  {
-    exprt sum=from_integer(0, type);
-    exprt first_value=get_numeric_value_from_character(chr, char_type, type);
-    equal_exprt premise=str.axiom_for_has_length(size);
-
-    for(std::size_t j=1; j<size; j++)
-    {
-      mult_exprt radix_sum(sum, radix);
-      if(j>=max_string_length-1)
-      {
-        // We have to be careful about overflows
-        div_exprt div(sum, radix);
-        implies_exprt no_overflow(premise, (equal_exprt(div, sum)));
-        axioms.push_back(no_overflow);
-      }
-
-      sum=plus_exprt_with_overflow_check(
-        radix_sum,
-        get_numeric_value_from_character(str[j], char_type, type));
-
-      mult_exprt first(first_value, radix);
-      if(j>=max_string_length-1)
-      {
-        // We have to be careful about overflows
-        div_exprt div_first(first, radix);
-        implies_exprt no_overflow_first(
-          and_exprt(starts_with_digit, premise),
-          equal_exprt(div_first, first_value));
-        axioms.push_back(no_overflow_first);
-      }
-      first_value=first;
-    }
-
-    // If the length is `size`, we add axioms:
-    // a1 : starts_with_digit => i=sum+first_value
-    // a2 : starts_with_plus => i=sum
-    // a3 : starts_with_minus => i=-sum
+  /// TODO(OJones) Fix the below algorithm to make it work for for -2^63 in
+  /// binary (currently radix^63 overflows).
 
-    implies_exprt a1(
-      and_exprt(premise, starts_with_digit),
-      equal_exprt(i, plus_exprt(sum, first_value)));
-    axioms.push_back(a1);
+  /// First we deal with the contribution to i from all the characters after the
+  /// first one
+  for(std::size_t index=1; index<max_string_length; ++index)
+  {
+    const exprt index_expr=from_integer(index, index_type);
+
+    /// We need an expr which is str.length()-index-1 when this is >= 0, and is
+    /// zero otherwise
+    if_exprt length_minus_index_minus_one(
+      binary_relation_exprt(index_expr, ID_lt, str.length()),
+      minus_exprt(minus_exprt(str.length(), index_expr), one_expr),
+      zero_expr);
+
+    /// index < length => sign*str[index] = (i/radix^(length-index-1))%radix
+    const equal_exprt contribution_of_str_index(
+      mult_exprt(
+        sign, get_numeric_value_from_character(str[index], char_type, type)),
+      mod_exprt(
+        div_exprt(i, power_exprt(radix, length_minus_index_minus_one)), radix));
+    const implies_exprt qualified_contribution_of_str_index(
+      binary_relation_exprt(index_expr, ID_lt, str.length()),
+      contribution_of_str_index);
+
+    axioms.push_back(qualified_contribution_of_str_index);
+  }
 
-    implies_exprt a2(and_exprt(premise, starts_with_plus), equal_exprt(i, sum));
-    axioms.push_back(a2);
+  /// Now we deal with the contribution to i from the first character, or the
+  /// second character if the first character is + or -, and also define sign as
+  /// 1 or -1 appropriately
+
+  const if_exprt length_minus_one(
+    binary_relation_exprt(zero_expr, ID_lt, str.length()),
+    minus_exprt(str.length(), one_expr),
+    zero_expr);
+  const if_exprt length_minus_two(
+    binary_relation_exprt(one_expr, ID_lt, str.length()),
+    minus_exprt(str.length(), two_expr),
+    zero_expr);
+
+  /// starts_with_digit => sign = 1 && sign*str[0] = i/radix^(length-1)
+  const implies_exprt starts_with_digit_first_digit(
+    starts_with_digit,
+    and_exprt(
+      equal_exprt(sign, from_integer(1, type)),
+      equal_exprt(
+        mult_exprt(
+          sign, get_numeric_value_from_character(str[0], char_type, type)),
+        div_exprt(i, power_exprt(radix, length_minus_one)))));
+  axioms.push_back(starts_with_digit_first_digit);
+
+  /// starts_with_plus => sign = 1 && sign*str[1] = i/radix^(length-2)
+  const implies_exprt starts_with_plus_first_digit(
+    starts_with_plus,
+    and_exprt(
+      equal_exprt(sign, from_integer(1, type)),
+      equal_exprt(
+        mult_exprt(
+          sign, get_numeric_value_from_character(str[1], char_type, type)),
+        div_exprt(i, power_exprt(radix, length_minus_two)))));
+  axioms.push_back(starts_with_plus_first_digit);
+
+  /// starts_with_minus => sign = -1 && sign*str[1] = i/radix^(length-2)
+  const implies_exprt starts_with_minus_first_digit(
+    starts_with_minus,
+    and_exprt(
+      equal_exprt(sign, from_integer(-1, type)),
+      equal_exprt(
+        mult_exprt(
+          sign, get_numeric_value_from_character(str[1], char_type, type)),
+        div_exprt(i, power_exprt(radix, length_minus_two)))));
+  axioms.push_back(starts_with_minus_first_digit);
 
-    implies_exprt a3(
-      and_exprt(premise, starts_with_minus),
-      equal_exprt(i, unary_minus_exprt(sum)));
-    axioms.push_back(a3);
-  }
   return i;
 }
 

From 6f6a24e1b9f35c813c62d071eaad99ec8c484297 Mon Sep 17 00:00:00 2001
From: Owen Jones <owen.jones@diffblue.com>
Date: Mon, 17 Jul 2017 09:17:30 +0100
Subject: [PATCH 424/699] Update tests

---
 .../java_parseint/test.desc                   |   4 ++--
 .../java_parseint/test_parseint.class         | Bin 914 -> 902 bytes
 .../java_parseint/test_parseint.java          |  10 ++++-----
 .../java_parseint_knownbug/test.desc          |   6 +----
 .../test_parseint.class                       | Bin 1089 -> 928 bytes
 .../java_parseint_with_radix/test.desc        |  20 ++++++++---------
 .../test_parseint_with_radix.class            | Bin 1537 -> 1549 bytes
 .../test_parseint_with_radix.java             |   7 +++---
 .../test.desc                                 |   8 ++-----
 .../test_parseint_with_radix.class            | Bin 1141 -> 972 bytes
 .../test_parseint_with_radix.java             |  21 +++++-------------
 .../java_parselong_2/test.desc                |   2 +-
 .../java_parselong_3/test.desc                |   4 ++--
 .../java_parselong_3/test_parselong.class     | Bin 927 -> 933 bytes
 .../java_parselong_3/test_parselong.java      |   9 ++++----
 .../java_parselong_4/test.desc                |   2 +-
 .../java_parselong_5/test.desc                |   6 ++---
 .../java_parselong_5/test_parselong.class     | Bin 949 -> 976 bytes
 .../java_parselong_5/test_parselong.java      |   9 ++++----
 19 files changed, 46 insertions(+), 62 deletions(-)

diff --git a/regression/strings-smoke-tests/java_parseint/test.desc b/regression/strings-smoke-tests/java_parseint/test.desc
index 3b38dc2c575..0a54ddc5d0b 100644
--- a/regression/strings-smoke-tests/java_parseint/test.desc
+++ b/regression/strings-smoke-tests/java_parseint/test.desc
@@ -3,5 +3,5 @@ test_parseint.class
 --refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
-^\[.*assertion.1\].* line 8.* SUCCESS$
-^\[.*assertion.2\].* line 9.* FAILURE$
+^\[.*assertion.1\].* line 7.* SUCCESS$
+^\[.*assertion.2\].* line 8.* FAILURE$
diff --git a/regression/strings-smoke-tests/java_parseint/test_parseint.class b/regression/strings-smoke-tests/java_parseint/test_parseint.class
index 0f021d000fa3d68a1caa7d62f1a9090f569d5d01..8749f7c4734dd8ba1220a1aec601f2e3538381b5 100644
GIT binary patch
delta 137
zcmbQl-o`%Rq%=!nQF<{WgK)G@R$^JAeokUux_)p;QD$Dc^~B?Pn}rxBGICC1U<N`4
z28+p?m>hk?7+8U9Rt7ExHU@qMb_Qhz4hC}uP6i>Mr~*VCgE)f(kjKTK#~{fd#lQ$u
cr^z7AAj81KAPW{}`pclq&LGD)*_GKB0MiK-s{jB1

delta 124
zcmZo;pTs`l<iuw>6Hm%+7Gj*p$iIkz83-8|?6mf=EMTyjyoSj!NQ!|CD8dRP*%$;E
z*cn6_I2be;I2mjixEX|iG73N)0t~tg;tUcDj6hip21y1f1}2ax4AKlTKw1`vc^H`f
RGH9|h$T9w8m~6@H3jl895p@6n

diff --git a/regression/strings-smoke-tests/java_parseint/test_parseint.java b/regression/strings-smoke-tests/java_parseint/test_parseint.java
index d9b84914c7c..06b6f2db534 100644
--- a/regression/strings-smoke-tests/java_parseint/test_parseint.java
+++ b/regression/strings-smoke-tests/java_parseint/test_parseint.java
@@ -2,11 +2,9 @@ public class test_parseint
 {
     public static void main(String[] args)
     {
-        if (args.length == 1) {
-            String twelve = new String("12");
-            int parsed1 = Integer.parseInt(twelve);
-            assert(parsed1 == 12);
-            assert(parsed1 != 12);
-        }
+        String twelve = new String("12");
+        int parsed1 = Integer.parseInt(twelve);
+        assert(parsed1 == 12);
+        assert(parsed1 != 12);
     }
 }
diff --git a/regression/strings-smoke-tests/java_parseint_knownbug/test.desc b/regression/strings-smoke-tests/java_parseint_knownbug/test.desc
index f543e2d900b..123305b12d2 100644
--- a/regression/strings-smoke-tests/java_parseint_knownbug/test.desc
+++ b/regression/strings-smoke-tests/java_parseint_knownbug/test.desc
@@ -1,12 +1,8 @@
-KNOWNBUG
+CORE
 test_parseint.class
 --refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
 ^\[.*assertion.1\].* line 9.* SUCCESS$
 ^\[.*assertion.2\].* line 10.* FAILURE$
-^\[.*assertion.3\].* line 17.* SUCCESS$
-^\[.*assertion.4\].* line 18.* FAILURE$
 --
---
-Issue #664 is about turning these tests on
diff --git a/regression/strings-smoke-tests/java_parseint_knownbug/test_parseint.class b/regression/strings-smoke-tests/java_parseint_knownbug/test_parseint.class
index 59932ae0cd7421d1da7759308ce69496d0710978..1c8ad3bf2f5f0ea091730cd0223a69fc4bcd3be7 100644
GIT binary patch
delta 432
zcmZXP%`O9B6o#K~W;)+=Om$k-`d9VaR@F~g2x7s`4TyzwAz~w<O)Ps2GKqzi*oY+(
zgrs8YE^OU_1$Cwp8;kF}=bW7LeD8U6F7(RV_fr$7u;k(~su^<_cQKf7nPe)8OWtg>
zS}je%#R(^hF4L4WGp8FbQLB2qUsH7LoW7@mit^Q1u&K&s96vZwIX_NWGwU(Oyhn`A
z;93o)WA(jSefOw(T-!T1tZNoL`F}C^P-l(M1Sr2J9G1*PAuNdrsmh{CG*Wm#-AH1P
zlxVk`VnTB7cYqY#QbkFVkxsaLDKJxXt<a2Iu>6d%oirb?wu+BLR&TM-Ndzq;7Yo5=
z8{CH-9GaO%s*TP{*QZ1ey@Kp!iaz?qf*=`SP;^M1hw(*TGps&k%OU&czS6b^iKKf^
b$2r=%!ZPo$|6dY<A{gF!c<+cUl|k+YD6ls*

delta 559
zcmYL`Jx|+E6o#K`$GMJU+QfVpC?!yELPJX8l0X|NL)D3ag#j_3N@d6ZDkW<Pe}Dm5
z>cG-$%%xJPKnk$-A2HByZ2B?y>YVr7_r1@(?&ur)?XTY#T_E7K!z1Q2zD?f2px`ji
zixe(Jv)$|UGz$(kb2cUOP#l_<4vUmEmE$*8p5AHhZZ&sX3jOi@r~T~@mE+rz^259;
znOVGWQ{^&Q0?jLzC8{ou$%IF0VkTWIF9y}1R#^&aioVwNerqdEkT6ZnWto-mT74OF
zg%4C_B(h3nqL5@+`@=nBXn8=iq;#@}L0R3nwiseqx)dXfMtfyEDqd5xgF@HpP!F$-
zYWtK%p_}Zma*46wIp-u+=YL|=&q$t-9rw~-Nnc`boRhlxr*-~o-z3i@VkpbWU<r#B
zPFq+~<Z-BzrXjO;!oMbyb)jzx|7URxw#5>NDMOJbjKx>*8D~QN#F}VNV{ILu$ygJ3
zo-rk^oP5JrcjPtG>Xv@v4*yRnr_VgRP#hn<4P-s{2Yn~##3>2$JIM$=XT<D(-!BTa
OFx-X`lIPMG%-#b<JWetI

diff --git a/regression/strings-smoke-tests/java_parseint_with_radix/test.desc b/regression/strings-smoke-tests/java_parseint_with_radix/test.desc
index e6138767e20..4b3ab824a12 100644
--- a/regression/strings-smoke-tests/java_parseint_with_radix/test.desc
+++ b/regression/strings-smoke-tests/java_parseint_with_radix/test.desc
@@ -3,14 +3,14 @@ test_parseint_with_radix.class
 --refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
-^\[.*assertion.1\].* line 8.* SUCCESS$
-^\[.*assertion.2\].* line 9.* FAILURE$
-^\[.*assertion.3\].* line 14.* SUCCESS$
-^\[.*assertion.4\].* line 15.* FAILURE$
-^\[.*assertion.5\].* line 20.* SUCCESS$
-^\[.*assertion.6\].* line 21.* FAILURE$
-^\[.*assertion.7\].* line 26.* SUCCESS$
-^\[.*assertion.8\].* line 27.* FAILURE$
-^\[.*assertion.9\].* line 32.* SUCCESS$
-^\[.*assertion.10\].* line 33.* FAILURE$
+^\[.*assertion.1\].* line 9.* SUCCESS$
+^\[.*assertion.2\].* line 10.* FAILURE$
+^\[.*assertion.3\].* line 15.* SUCCESS$
+^\[.*assertion.4\].* line 16.* FAILURE$
+^\[.*assertion.5\].* line 21.* SUCCESS$
+^\[.*assertion.6\].* line 22.* FAILURE$
+^\[.*assertion.7\].* line 27.* SUCCESS$
+^\[.*assertion.8\].* line 28.* FAILURE$
+^\[.*assertion.9\].* line 33.* SUCCESS$
+^\[.*assertion.10\].* line 34.* FAILURE$
 --
diff --git a/regression/strings-smoke-tests/java_parseint_with_radix/test_parseint_with_radix.class b/regression/strings-smoke-tests/java_parseint_with_radix/test_parseint_with_radix.class
index 22a393e7d103823ba68cca1ced4d362e5178623f..397f052c0ec895939aa6b27f6b8f310fb1cb17e1 100644
GIT binary patch
literal 1549
zcmZ`(O-~zF6g|%#d&YwS+dv>G5J=Mm#sy;_B@HA_fFO|ERtixhk_8&<kr`@iG&8hO
zvWO}ri*}t=vIx5@x~SSpC2AyhQK^-xtXbtpWLrg)o;QGPFtOyB`_8-f+>dkZfByTu
z0$?0-I$}tv7}1c{5x}U9F^oshf=j_idwY8-KGUHgrC~zDWeuNexT0cG#}uxrxF*nc
z-gI5d@$7QRowZ$arD){^#9e{#lwGntx&#LX?+7R}<-8@(nzc*Tmz(P=mUCM=3na4T
zoLRhMI<`C?fQq+jy8>sjp5=PW8>Zu0cF9}**7jDH9W!s=pCseDX_o{}4cyDFnctYH
zqFE}W7Cpx<6(;?RuIHpBf5WYS>Qm-<Ef&Z`&(SJKO9Eq6fR+Tts{kztT&e=J6w@iN
z;<git5oliY%-q*sm>Yh39Jhcrl`9?$NM9^(Iyr03mgDI8P{+fvjVRjCE)YB368R?P
z_CL}kqvCoLH!vMV90`H0n*WVMxo$d6*`Ye=QT7*@m|zP-=@Cvu85uFB8S|k+RLn#%
zi<?Kv_-bX%%6S4E1C8UBV#I3|ER;N}U@^7ki@>84u`z66kkYi);%16mHM-_4*LJLY
zwGqzN+vElJ>@NDbx-qV{h;_-<X$3)5(9UNEPbt0y-yvfg;%6EGoZ>U=g94qjqx%l%
z!fBo&ID?OfFgWl%$%5owFe=IxGOrO>N(8r|WRtPjD}=88g77oMyA$dQG`)tlw2jCg
zRcxz<y%Z6n5;|ni_Zjp$hS<YKhS<Y;2K;SQ!iNk^`wUt=L*@jA%n^nsMn&DiHNT6f
z&k(97cz*)H`y&LiMnyX$Xg)rMM0XrN9;fiZIu0p7&==qVdTEC!gi8H13K2mPIx=X&
zG$olwGj37aCA4Cl9^X;j$JF-+YWtMxKBquGk?BuH{zd8DP`n*V_m<+lL$^@SBUJQ?
zW}FqB=o7u@7h^al=5gK^eS>-UPl#^xQ0z_&u%5GAj$6d~d~AtWzmGj7cFxD16Z_c5
zb}&pP8T*#lClX_xG%iSt*$iCt{kS~5A7rlvzn9Uni=>LA_!n(~T^J{tgEjQPx1AIE
pw7S#d{=x$BM9XhzeFjx|2_^U|!j1balZFt8UYEauAszx4{vS>ON&)}?

literal 1537
zcmZ`&&rcL*7=FIl*_~ln*k4+x0!p<l43%X8#TH~0&`7dvlhT-A4`kS#;MirC%nWU#
zClh;U&z|&9ZXP_C)<ldZ+d~sgnw~xRM|d^H#^?KBe*o)YX5R1l-uHQbJn#Jb|I-?P
zNnEs$z^H+&i7^Wrau&uh(Sa^Z8aQpiz^I8cCZ<fBHSwi^uPjVs#=tp&%t<E*TtD=x
zm0-aOoYk^h5)fAfVl!UF3ugr)L&H}D^!aMZ6-X4kiu=vx`l{=HFP#O_g=*0$UvYd-
zo_9e#yygW0M+%`Egex14AGls6T>04xudVn_$@^uRjO&h95%_56hr)H|CnsBWDr?!L
z(Dy29(<);S`Z>ve;8ws;lqFt^MKaNIyaCdZz(fO}C4tEXKuZFr8vrfc@z+>!rcE&d
zT}z=;{PAmNL$$|A3z##-^6r4FrRt_%bT4^w9Q_~acvQ9#M;aM{<o=e}$0d0;Yak!T
zd0dDiiIhNZ)A2%Gr;EN{^(jkkoQ-KyQ>^_|Zj7VQ$HtsF#(by(19NfAV_{GJZ&$Co
z#Zchz(7`!N6;jO#7Av8<<}$UZrq82P?_k*CFf~au<L1lUF}jxA!1LWwqY(}@+~frp
z>?#Jit_iNQNcPIsX+=Qsk>UFgPg#BizfpS|;!heH4)YyTAjxURcO1}zUY<JeF^&*n
zu=X3tBII7QYx)-Q&!8=*BiqmmBgy0wM9=+&*j=Rhl8Hai`3%PLHq5^p*j5v}FFNd6
zw9e46!(g>C+-$>evy}la>{_hOVC^uNtql1#4Ea3_zuGlp3$v<=PQ?&yC3xG0;O!oQ
z1-oX}3F7<5knT(2!F~z_ws1%RB1(W87@!@c5HadzaQG%hIQ%>;%%KyPDa&`%b{XAR
zr^2`Bb({MBPHpc{-Fp=1A({T6gwGlMAH{n~>0VL1*ElM4^a%s~q6-6}2gk$!j*AHl
zipw~mMBiYJB)8)z`Y3h}hS1N7H0I3Wn8KEc9aq>LVuK31N9+@Yy~HS)Wb7+qCnd%_
zIeaQHX0!2`^5gR0b9w;7e9of#9Yze;;tev|JJ@Z_;U>E4dq_>EzSEOxVS!Y->oL0T
c!qD$Sk32%`;C{=bQE2h=@-O&;2Mwp*10GLAApigX

diff --git a/regression/strings-smoke-tests/java_parseint_with_radix/test_parseint_with_radix.java b/regression/strings-smoke-tests/java_parseint_with_radix/test_parseint_with_radix.java
index 978bf9fb320..c44773d1bb2 100644
--- a/regression/strings-smoke-tests/java_parseint_with_radix/test_parseint_with_radix.java
+++ b/regression/strings-smoke-tests/java_parseint_with_radix/test_parseint_with_radix.java
@@ -3,10 +3,11 @@ public class test_parseint_with_radix
     public static void main(String[] args)
     {
         if (args.length == 1) {
-            String str1 = new String("F");
+            // 2^31-1, max value of Integer
+            String str1 = new String("7FFFFFFF");
             int parsed1 = Integer.parseInt(str1, 16);
-            assert(parsed1 == 15);
-            assert(parsed1 != 15);
+            assert(parsed1 == 2147483647);
+            assert(parsed1 != 2147483647);
         }
         else if (args.length == 2) {
             String str2 = new String("123");
diff --git a/regression/strings-smoke-tests/java_parseint_with_radix_knownbug/test.desc b/regression/strings-smoke-tests/java_parseint_with_radix_knownbug/test.desc
index e3aa52b3cef..20e429369da 100644
--- a/regression/strings-smoke-tests/java_parseint_with_radix_knownbug/test.desc
+++ b/regression/strings-smoke-tests/java_parseint_with_radix_knownbug/test.desc
@@ -3,10 +3,6 @@ test_parseint_with_radix.class
 --refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
-^\[.*assertion.1\].* line 9.* SUCCESS$
-^\[.*assertion.2\].* line 10.* FAILURE$
-^\[.*assertion.3\].* line 16.* SUCCESS$
-^\[.*assertion.4\].* line 17.* FAILURE$
+^\[.*assertion.1\].* line 8.* SUCCESS$
+^\[.*assertion.2\].* line 9.* FAILURE$
 --
---
-Issue #664 is about turning these tests on
diff --git a/regression/strings-smoke-tests/java_parseint_with_radix_knownbug/test_parseint_with_radix.class b/regression/strings-smoke-tests/java_parseint_with_radix_knownbug/test_parseint_with_radix.class
index 876f33d861b9addf3ed10e48ee6ee421597834fd..95b48bc13fcfa5656710030dcd8ef2239cf692b8 100644
GIT binary patch
delta 484
zcmZ8dOD_Xq6g_vQGhdCVPN!O>4^{POsXo**Bo;P=Rc$PXNP|X%#<u=~%%VvbEUinT
zLgELAKVf5SV_`wu8Ht6>ch0%F_uO;85ATaudj5WR0#L@R1|7o!X)i`JNEp>HhVd?F
z$jIm1A&}MJbvh<AOd=;Rb+LMB$0??GPU|P7i?>9iM4&Z-uTr;m4>zsjEo-N?$Cmaw
zEk^w?2*!bRX60+vQ8izwpX?u138`Gsex<PeP9jt&6m<BJ7ho)+q{D|EyF+pNlcMUh
z&N*l70jb$=!UAMOoCanxi02G`1FZ6l#HeIDpf(c;Ccmm%Bm|l3zYXX`h*cND=;Mkr
z++;JEap4itwkdbu*_cr7p)B7(Z6Odd#TD#1Io@!LW!E?ig}KUqB{+i@X*Qf^<t$46
znjwOIRvKp;K$KS*$RLI|M@zVM=?iIrK??GG^6!$e8xsha+8w%E5T0vz<Xfn1Uh?lO
Q$47yruQ<mKv5=7Z0Xqyj%m4rY

delta 636
zcmZ9J%}*0i6vcmUKKiE9L8pV#ss+@dK&#Z2Dhe9Z7^8`9zy&NvB}8oqDUI7={0o{c
zOjuxdtkuL4N$TFX_b<`J7_4^&KN2UI_wGIK-22YC@3a2u-1_wMLl3Aj=W>W~&4k0G
zi$TGq$hjmQ=gnrn-`7mJIE*`#%uT7#TyQB<(M-3lZd)6Tdb#yuWT>oAcNI}yQRwxs
zzOnMS()u!*9$0LIkDlER*B^urYb$b5yR2rX(*z3tY4|)W)xx#a(qg0jWNlU9%-lZs
zJknG(7d<X9<8c_jy{m@XFIC=DWLw)=M|0WZ3bXBR>Q&Pd7ohxX#FWTHNrOPvLCH$8
zE7|Qr7xhL0gCnvgVo-5ZV();!5E;pmWH}~?6sw#xGX;B5=vf`+_b`?Nvx{}F==;0a
z*WQxYYTM>mbB7y+p50+CrnoW1{=*=h3sSF1?cpqUNq&r~VyyEIi<FtMvWn;txuQ^u
z9Y-`J<yl<jNpVxo?ugw5vAQIuH8Hv=N}G|5sucO+_c$j+eufEh42#_brWlE_CBa5x
zOe}GdQ&M$W{tWg$MNM9PXVBPZ@^>h=kNq8FHJ%cr1MfWpTWD(s%X~*dr04&eYSh%m
N@UBO*KO>33*<YhUT|fW;

diff --git a/regression/strings-smoke-tests/java_parseint_with_radix_knownbug/test_parseint_with_radix.java b/regression/strings-smoke-tests/java_parseint_with_radix_knownbug/test_parseint_with_radix.java
index 7279127d053..fc4b7c458fb 100644
--- a/regression/strings-smoke-tests/java_parseint_with_radix_knownbug/test_parseint_with_radix.java
+++ b/regression/strings-smoke-tests/java_parseint_with_radix_knownbug/test_parseint_with_radix.java
@@ -2,19 +2,10 @@ public class test_parseint_with_radix
 {
     public static void main(String[] args)
     {
-        if (args.length == 1) {
-            // 2^31-1, max value of Integer
-            String str1 = new String("7FFFFFFF");
-            int parsed1 = Integer.parseInt(str1, 16);
-            assert(parsed1 == 2147483647);
-            assert(parsed1 != 2147483647);
-        }
-        else if (args.length == 2) {
-            // -2^31, min value of Integer, and longest string we could have
-            String str2 = new String("-100000000000000000000000000000000");
-            int parsed2 = Integer.parseInt(str2, 2);
-            assert(parsed2 == -2147483648);
-            assert(parsed2 != -2147483648);
-        }
-   }
+        // -2^31, min value of Integer, and longest string we could have
+        String str2 = new String("-100000000000000000000000000000000");
+        int parsed2 = Integer.parseInt(str2, 2);
+        assert(parsed2 == -2147483648);
+        assert(parsed2 != -2147483648);
+    }
 }
diff --git a/regression/strings-smoke-tests/java_parselong_2/test.desc b/regression/strings-smoke-tests/java_parselong_2/test.desc
index 17db69e3979..33734cb3d9b 100644
--- a/regression/strings-smoke-tests/java_parselong_2/test.desc
+++ b/regression/strings-smoke-tests/java_parselong_2/test.desc
@@ -1,4 +1,4 @@
-THOROUGH
+CORE
 test_parselong.class
 --refine-strings
 ^EXIT=10$
diff --git a/regression/strings-smoke-tests/java_parselong_3/test.desc b/regression/strings-smoke-tests/java_parselong_3/test.desc
index fa8ad9ccc48..d163c274e50 100644
--- a/regression/strings-smoke-tests/java_parselong_3/test.desc
+++ b/regression/strings-smoke-tests/java_parselong_3/test.desc
@@ -3,7 +3,7 @@ test_parselong.class
 --refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
-^\[.*assertion.1\].* line 8.* SUCCESS$
-^\[.*assertion.2\].* line 9.* FAILURE$
+^\[.*assertion.1\].* line 9.* SUCCESS$
+^\[.*assertion.2\].* line 10.* FAILURE$
 --
 --
diff --git a/regression/strings-smoke-tests/java_parselong_3/test_parselong.class b/regression/strings-smoke-tests/java_parselong_3/test_parselong.class
index c7cafd723c4e08a94e4da4d1e9e38262fa07c6f8..97bca1a951877b1d33b0ba1e30e28360f04beb30 100644
GIT binary patch
delta 68
zcmbQwzLb4}Dn|nY7%*<sbzu}0(X})(GB!3hGB7r?Ff}nZH?=S@-`v31!zjqkz{SA9
TAjrVUpbli&GH_3pWo`lhyI2dQ

delta 62
zcmZ3=KA(MpD#!o-{}@1Eqpk}hKcB9Vp{1pPk+G2}5EyN4W9(rRWMklBU}q3y;9yW^
O;AF66;F_$=+ynsdM-0^f

diff --git a/regression/strings-smoke-tests/java_parselong_3/test_parselong.java b/regression/strings-smoke-tests/java_parselong_3/test_parselong.java
index e05341bdb86..718f27ed8d9 100644
--- a/regression/strings-smoke-tests/java_parselong_3/test_parselong.java
+++ b/regression/strings-smoke-tests/java_parselong_3/test_parselong.java
@@ -2,10 +2,11 @@ public class test_parselong
 {
     public static void main(String[] args)
     {
-        // -2^41
-        String str = new String("-2199023255552");
+        // -(2^63 - 1) - note that -2^63 should work but doesn't because of a
+        // limitation in the current code
+        String str = new String("-9223372036854775807");
         long parsed = Long.parseLong(str, 10);
-        assert(parsed == -2199023255552L);
-        assert(parsed != -2199023255552L);
+        assert(parsed == -9223372036854775807L);
+        assert(parsed != -9223372036854775807L);
     }
 }
diff --git a/regression/strings-smoke-tests/java_parselong_4/test.desc b/regression/strings-smoke-tests/java_parselong_4/test.desc
index 17db69e3979..33734cb3d9b 100644
--- a/regression/strings-smoke-tests/java_parselong_4/test.desc
+++ b/regression/strings-smoke-tests/java_parselong_4/test.desc
@@ -1,4 +1,4 @@
-THOROUGH
+CORE
 test_parselong.class
 --refine-strings
 ^EXIT=10$
diff --git a/regression/strings-smoke-tests/java_parselong_5/test.desc b/regression/strings-smoke-tests/java_parselong_5/test.desc
index fa8ad9ccc48..032c7584481 100644
--- a/regression/strings-smoke-tests/java_parselong_5/test.desc
+++ b/regression/strings-smoke-tests/java_parselong_5/test.desc
@@ -1,9 +1,9 @@
-THOROUGH
+CORE
 test_parselong.class
 --refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
-^\[.*assertion.1\].* line 8.* SUCCESS$
-^\[.*assertion.2\].* line 9.* FAILURE$
+^\[.*assertion.1\].* line 9.* SUCCESS$
+^\[.*assertion.2\].* line 10.* FAILURE$
 --
 --
diff --git a/regression/strings-smoke-tests/java_parselong_5/test_parselong.class b/regression/strings-smoke-tests/java_parselong_5/test_parselong.class
index deaff359766878fc996234305ee5403faf397641..1c0ca1fbeada03dffad9bb0ca6dc39f9572a7c99 100644
GIT binary patch
delta 112
zcmdnWet~_0Dn|nY7%*<sbzyXL&^4qCY@W{8%_zvuz{SA9Ai%)Mpax{wFmO*cW^Mui
D;;a;o

delta 85
zcmcb>zLkA~D#!o-|9>z5!A4ydMm1GkLj%HK^Cre_MnN_PE(Uf60R|2RH3m)w8wRe)
He#}h(&I1y!

diff --git a/regression/strings-smoke-tests/java_parselong_5/test_parselong.java b/regression/strings-smoke-tests/java_parselong_5/test_parselong.java
index ac30cc8af83..9f04ac9b124 100644
--- a/regression/strings-smoke-tests/java_parselong_5/test_parselong.java
+++ b/regression/strings-smoke-tests/java_parselong_5/test_parselong.java
@@ -2,10 +2,11 @@ public class test_parselong
 {
     public static void main(String[] args)
     {
-        // -2^35
-        String str = new String("-100000000000000000000000000000000000");
+        // -(2^63 - 1) - note that -2^63 should work but doesn't because of a
+        // limitation in the current code
+        String str = new String("-111111111111111111111111111111111111111111111111111111111111111");
         long parsed = Long.parseLong(str, 2);
-        assert(parsed == -34359738368L);
-        assert(parsed != -34359738368L);
+        assert(parsed == -9223372036854775807L);
+        assert(parsed != -9223372036854775807L);
     }
 }

From aec7c19676e266a2853d24c7ade61a0dec7dc48d Mon Sep 17 00:00:00 2001
From: Owen Jones <owen.jones@diffblue.com>
Date: Wed, 19 Jul 2017 09:41:44 +0100
Subject: [PATCH 425/699] Revert "Merge pull request #1143 from
 owen-jones-diffblue/feature/rewrite-add-axioms-for-parse-int#702"

This reverts commit 6bd2e302f43cca15a08add79319b09126f153e2e, reversing
changes made to 489cadb6ac4a0d7488920940df7cd6bde24ee714.
---
 .../java_parseint/test.desc                   |   4 +-
 .../java_parseint/test_parseint.class         | Bin 902 -> 914 bytes
 .../java_parseint/test_parseint.java          |  10 +-
 .../java_parseint_knownbug/test.desc          |   6 +-
 .../test_parseint.class                       | Bin 928 -> 1089 bytes
 .../java_parseint_with_radix/test.desc        |  20 +--
 .../test_parseint_with_radix.class            | Bin 1549 -> 1537 bytes
 .../test_parseint_with_radix.java             |   7 +-
 .../test.desc                                 |   8 +-
 .../test_parseint_with_radix.class            | Bin 972 -> 1141 bytes
 .../test_parseint_with_radix.java             |  21 ++-
 .../java_parselong_2/test.desc                |   2 +-
 .../java_parselong_3/test.desc                |   4 +-
 .../java_parselong_3/test_parselong.class     | Bin 933 -> 927 bytes
 .../java_parselong_3/test_parselong.java      |   9 +-
 .../java_parselong_4/test.desc                |   2 +-
 .../java_parselong_5/test.desc                |   6 +-
 .../java_parselong_5/test_parselong.class     | Bin 976 -> 949 bytes
 .../java_parselong_5/test_parselong.java      |   9 +-
 .../string_constraint_generator_valueof.cpp   | 153 +++++++-----------
 20 files changed, 123 insertions(+), 138 deletions(-)

diff --git a/regression/strings-smoke-tests/java_parseint/test.desc b/regression/strings-smoke-tests/java_parseint/test.desc
index 0a54ddc5d0b..3b38dc2c575 100644
--- a/regression/strings-smoke-tests/java_parseint/test.desc
+++ b/regression/strings-smoke-tests/java_parseint/test.desc
@@ -3,5 +3,5 @@ test_parseint.class
 --refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
-^\[.*assertion.1\].* line 7.* SUCCESS$
-^\[.*assertion.2\].* line 8.* FAILURE$
+^\[.*assertion.1\].* line 8.* SUCCESS$
+^\[.*assertion.2\].* line 9.* FAILURE$
diff --git a/regression/strings-smoke-tests/java_parseint/test_parseint.class b/regression/strings-smoke-tests/java_parseint/test_parseint.class
index 8749f7c4734dd8ba1220a1aec601f2e3538381b5..0f021d000fa3d68a1caa7d62f1a9090f569d5d01 100644
GIT binary patch
delta 124
zcmZo;pTs`l<iuw>6Hm%+7Gj*p$iIkz83-8|?6mf=EMTyjyoSj!NQ!|CD8dRP*%$;E
z*cn6_I2be;I2mjixEX|iG73N)0t~tg;tUcDj6hip21y1f1}2ax4AKlTKw1`vc^H`f
RGH9|h$T9w8m~6@H3jl895p@6n

delta 137
zcmbQl-o`%Rq%=!nQF<{WgK)G@R$^JAeokUux_)p;QD$Dc^~B?Pn}rxBGICC1U<N`4
z28+p?m>hk?7+8U9Rt7ExHU@qMb_Qhz4hC}uP6i>Mr~*VCgE)f(kjKTK#~{fd#lQ$u
cr^z7AAj81KAPW{}`pclq&LGD)*_GKB0MiK-s{jB1

diff --git a/regression/strings-smoke-tests/java_parseint/test_parseint.java b/regression/strings-smoke-tests/java_parseint/test_parseint.java
index 06b6f2db534..d9b84914c7c 100644
--- a/regression/strings-smoke-tests/java_parseint/test_parseint.java
+++ b/regression/strings-smoke-tests/java_parseint/test_parseint.java
@@ -2,9 +2,11 @@ public class test_parseint
 {
     public static void main(String[] args)
     {
-        String twelve = new String("12");
-        int parsed1 = Integer.parseInt(twelve);
-        assert(parsed1 == 12);
-        assert(parsed1 != 12);
+        if (args.length == 1) {
+            String twelve = new String("12");
+            int parsed1 = Integer.parseInt(twelve);
+            assert(parsed1 == 12);
+            assert(parsed1 != 12);
+        }
     }
 }
diff --git a/regression/strings-smoke-tests/java_parseint_knownbug/test.desc b/regression/strings-smoke-tests/java_parseint_knownbug/test.desc
index 123305b12d2..f543e2d900b 100644
--- a/regression/strings-smoke-tests/java_parseint_knownbug/test.desc
+++ b/regression/strings-smoke-tests/java_parseint_knownbug/test.desc
@@ -1,8 +1,12 @@
-CORE
+KNOWNBUG
 test_parseint.class
 --refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
 ^\[.*assertion.1\].* line 9.* SUCCESS$
 ^\[.*assertion.2\].* line 10.* FAILURE$
+^\[.*assertion.3\].* line 17.* SUCCESS$
+^\[.*assertion.4\].* line 18.* FAILURE$
 --
+--
+Issue #664 is about turning these tests on
diff --git a/regression/strings-smoke-tests/java_parseint_knownbug/test_parseint.class b/regression/strings-smoke-tests/java_parseint_knownbug/test_parseint.class
index 1c8ad3bf2f5f0ea091730cd0223a69fc4bcd3be7..59932ae0cd7421d1da7759308ce69496d0710978 100644
GIT binary patch
delta 559
zcmYL`Jx|+E6o#K`$GMJU+QfVpC?!yELPJX8l0X|NL)D3ag#j_3N@d6ZDkW<Pe}Dm5
z>cG-$%%xJPKnk$-A2HByZ2B?y>YVr7_r1@(?&ur)?XTY#T_E7K!z1Q2zD?f2px`ji
zixe(Jv)$|UGz$(kb2cUOP#l_<4vUmEmE$*8p5AHhZZ&sX3jOi@r~T~@mE+rz^259;
znOVGWQ{^&Q0?jLzC8{ou$%IF0VkTWIF9y}1R#^&aioVwNerqdEkT6ZnWto-mT74OF
zg%4C_B(h3nqL5@+`@=nBXn8=iq;#@}L0R3nwiseqx)dXfMtfyEDqd5xgF@HpP!F$-
zYWtK%p_}Zma*46wIp-u+=YL|=&q$t-9rw~-Nnc`boRhlxr*-~o-z3i@VkpbWU<r#B
zPFq+~<Z-BzrXjO;!oMbyb)jzx|7URxw#5>NDMOJbjKx>*8D~QN#F}VNV{ILu$ygJ3
zo-rk^oP5JrcjPtG>Xv@v4*yRnr_VgRP#hn<4P-s{2Yn~##3>2$JIM$=XT<D(-!BTa
OFx-X`lIPMG%-#b<JWetI

delta 432
zcmZXP%`O9B6o#K~W;)+=Om$k-`d9VaR@F~g2x7s`4TyzwAz~w<O)Ps2GKqzi*oY+(
zgrs8YE^OU_1$Cwp8;kF}=bW7LeD8U6F7(RV_fr$7u;k(~su^<_cQKf7nPe)8OWtg>
zS}je%#R(^hF4L4WGp8FbQLB2qUsH7LoW7@mit^Q1u&K&s96vZwIX_NWGwU(Oyhn`A
z;93o)WA(jSefOw(T-!T1tZNoL`F}C^P-l(M1Sr2J9G1*PAuNdrsmh{CG*Wm#-AH1P
zlxVk`VnTB7cYqY#QbkFVkxsaLDKJxXt<a2Iu>6d%oirb?wu+BLR&TM-Ndzq;7Yo5=
z8{CH-9GaO%s*TP{*QZ1ey@Kp!iaz?qf*=`SP;^M1hw(*TGps&k%OU&czS6b^iKKf^
b$2r=%!ZPo$|6dY<A{gF!c<+cUl|k+YD6ls*

diff --git a/regression/strings-smoke-tests/java_parseint_with_radix/test.desc b/regression/strings-smoke-tests/java_parseint_with_radix/test.desc
index 4b3ab824a12..e6138767e20 100644
--- a/regression/strings-smoke-tests/java_parseint_with_radix/test.desc
+++ b/regression/strings-smoke-tests/java_parseint_with_radix/test.desc
@@ -3,14 +3,14 @@ test_parseint_with_radix.class
 --refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
-^\[.*assertion.1\].* line 9.* SUCCESS$
-^\[.*assertion.2\].* line 10.* FAILURE$
-^\[.*assertion.3\].* line 15.* SUCCESS$
-^\[.*assertion.4\].* line 16.* FAILURE$
-^\[.*assertion.5\].* line 21.* SUCCESS$
-^\[.*assertion.6\].* line 22.* FAILURE$
-^\[.*assertion.7\].* line 27.* SUCCESS$
-^\[.*assertion.8\].* line 28.* FAILURE$
-^\[.*assertion.9\].* line 33.* SUCCESS$
-^\[.*assertion.10\].* line 34.* FAILURE$
+^\[.*assertion.1\].* line 8.* SUCCESS$
+^\[.*assertion.2\].* line 9.* FAILURE$
+^\[.*assertion.3\].* line 14.* SUCCESS$
+^\[.*assertion.4\].* line 15.* FAILURE$
+^\[.*assertion.5\].* line 20.* SUCCESS$
+^\[.*assertion.6\].* line 21.* FAILURE$
+^\[.*assertion.7\].* line 26.* SUCCESS$
+^\[.*assertion.8\].* line 27.* FAILURE$
+^\[.*assertion.9\].* line 32.* SUCCESS$
+^\[.*assertion.10\].* line 33.* FAILURE$
 --
diff --git a/regression/strings-smoke-tests/java_parseint_with_radix/test_parseint_with_radix.class b/regression/strings-smoke-tests/java_parseint_with_radix/test_parseint_with_radix.class
index 397f052c0ec895939aa6b27f6b8f310fb1cb17e1..22a393e7d103823ba68cca1ced4d362e5178623f 100644
GIT binary patch
literal 1537
zcmZ`&&rcL*7=FIl*_~ln*k4+x0!p<l43%X8#TH~0&`7dvlhT-A4`kS#;MirC%nWU#
zClh;U&z|&9ZXP_C)<ldZ+d~sgnw~xRM|d^H#^?KBe*o)YX5R1l-uHQbJn#Jb|I-?P
zNnEs$z^H+&i7^Wrau&uh(Sa^Z8aQpiz^I8cCZ<fBHSwi^uPjVs#=tp&%t<E*TtD=x
zm0-aOoYk^h5)fAfVl!UF3ugr)L&H}D^!aMZ6-X4kiu=vx`l{=HFP#O_g=*0$UvYd-
zo_9e#yygW0M+%`Egex14AGls6T>04xudVn_$@^uRjO&h95%_56hr)H|CnsBWDr?!L
z(Dy29(<);S`Z>ve;8ws;lqFt^MKaNIyaCdZz(fO}C4tEXKuZFr8vrfc@z+>!rcE&d
zT}z=;{PAmNL$$|A3z##-^6r4FrRt_%bT4^w9Q_~acvQ9#M;aM{<o=e}$0d0;Yak!T
zd0dDiiIhNZ)A2%Gr;EN{^(jkkoQ-KyQ>^_|Zj7VQ$HtsF#(by(19NfAV_{GJZ&$Co
z#Zchz(7`!N6;jO#7Av8<<}$UZrq82P?_k*CFf~au<L1lUF}jxA!1LWwqY(}@+~frp
z>?#Jit_iNQNcPIsX+=Qsk>UFgPg#BizfpS|;!heH4)YyTAjxURcO1}zUY<JeF^&*n
zu=X3tBII7QYx)-Q&!8=*BiqmmBgy0wM9=+&*j=Rhl8Hai`3%PLHq5^p*j5v}FFNd6
zw9e46!(g>C+-$>evy}la>{_hOVC^uNtql1#4Ea3_zuGlp3$v<=PQ?&yC3xG0;O!oQ
z1-oX}3F7<5knT(2!F~z_ws1%RB1(W87@!@c5HadzaQG%hIQ%>;%%KyPDa&`%b{XAR
zr^2`Bb({MBPHpc{-Fp=1A({T6gwGlMAH{n~>0VL1*ElM4^a%s~q6-6}2gk$!j*AHl
zipw~mMBiYJB)8)z`Y3h}hS1N7H0I3Wn8KEc9aq>LVuK31N9+@Yy~HS)Wb7+qCnd%_
zIeaQHX0!2`^5gR0b9w;7e9of#9Yze;;tev|JJ@Z_;U>E4dq_>EzSEOxVS!Y->oL0T
c!qD$Sk32%`;C{=bQE2h=@-O&;2Mwp*10GLAApigX

literal 1549
zcmZ`(O-~zF6g|%#d&YwS+dv>G5J=Mm#sy;_B@HA_fFO|ERtixhk_8&<kr`@iG&8hO
zvWO}ri*}t=vIx5@x~SSpC2AyhQK^-xtXbtpWLrg)o;QGPFtOyB`_8-f+>dkZfByTu
z0$?0-I$}tv7}1c{5x}U9F^oshf=j_idwY8-KGUHgrC~zDWeuNexT0cG#}uxrxF*nc
z-gI5d@$7QRowZ$arD){^#9e{#lwGntx&#LX?+7R}<-8@(nzc*Tmz(P=mUCM=3na4T
zoLRhMI<`C?fQq+jy8>sjp5=PW8>Zu0cF9}**7jDH9W!s=pCseDX_o{}4cyDFnctYH
zqFE}W7Cpx<6(;?RuIHpBf5WYS>Qm-<Ef&Z`&(SJKO9Eq6fR+Tts{kztT&e=J6w@iN
z;<git5oliY%-q*sm>Yh39Jhcrl`9?$NM9^(Iyr03mgDI8P{+fvjVRjCE)YB368R?P
z_CL}kqvCoLH!vMV90`H0n*WVMxo$d6*`Ye=QT7*@m|zP-=@Cvu85uFB8S|k+RLn#%
zi<?Kv_-bX%%6S4E1C8UBV#I3|ER;N}U@^7ki@>84u`z66kkYi);%16mHM-_4*LJLY
zwGqzN+vElJ>@NDbx-qV{h;_-<X$3)5(9UNEPbt0y-yvfg;%6EGoZ>U=g94qjqx%l%
z!fBo&ID?OfFgWl%$%5owFe=IxGOrO>N(8r|WRtPjD}=88g77oMyA$dQG`)tlw2jCg
zRcxz<y%Z6n5;|ni_Zjp$hS<YKhS<Y;2K;SQ!iNk^`wUt=L*@jA%n^nsMn&DiHNT6f
z&k(97cz*)H`y&LiMnyX$Xg)rMM0XrN9;fiZIu0p7&==qVdTEC!gi8H13K2mPIx=X&
zG$olwGj37aCA4Cl9^X;j$JF-+YWtMxKBquGk?BuH{zd8DP`n*V_m<+lL$^@SBUJQ?
zW}FqB=o7u@7h^al=5gK^eS>-UPl#^xQ0z_&u%5GAj$6d~d~AtWzmGj7cFxD16Z_c5
zb}&pP8T*#lClX_xG%iSt*$iCt{kS~5A7rlvzn9Uni=>LA_!n(~T^J{tgEjQPx1AIE
pw7S#d{=x$BM9XhzeFjx|2_^U|!j1balZFt8UYEauAszx4{vS>ON&)}?

diff --git a/regression/strings-smoke-tests/java_parseint_with_radix/test_parseint_with_radix.java b/regression/strings-smoke-tests/java_parseint_with_radix/test_parseint_with_radix.java
index c44773d1bb2..978bf9fb320 100644
--- a/regression/strings-smoke-tests/java_parseint_with_radix/test_parseint_with_radix.java
+++ b/regression/strings-smoke-tests/java_parseint_with_radix/test_parseint_with_radix.java
@@ -3,11 +3,10 @@ public class test_parseint_with_radix
     public static void main(String[] args)
     {
         if (args.length == 1) {
-            // 2^31-1, max value of Integer
-            String str1 = new String("7FFFFFFF");
+            String str1 = new String("F");
             int parsed1 = Integer.parseInt(str1, 16);
-            assert(parsed1 == 2147483647);
-            assert(parsed1 != 2147483647);
+            assert(parsed1 == 15);
+            assert(parsed1 != 15);
         }
         else if (args.length == 2) {
             String str2 = new String("123");
diff --git a/regression/strings-smoke-tests/java_parseint_with_radix_knownbug/test.desc b/regression/strings-smoke-tests/java_parseint_with_radix_knownbug/test.desc
index 20e429369da..e3aa52b3cef 100644
--- a/regression/strings-smoke-tests/java_parseint_with_radix_knownbug/test.desc
+++ b/regression/strings-smoke-tests/java_parseint_with_radix_knownbug/test.desc
@@ -3,6 +3,10 @@ test_parseint_with_radix.class
 --refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
-^\[.*assertion.1\].* line 8.* SUCCESS$
-^\[.*assertion.2\].* line 9.* FAILURE$
+^\[.*assertion.1\].* line 9.* SUCCESS$
+^\[.*assertion.2\].* line 10.* FAILURE$
+^\[.*assertion.3\].* line 16.* SUCCESS$
+^\[.*assertion.4\].* line 17.* FAILURE$
 --
+--
+Issue #664 is about turning these tests on
diff --git a/regression/strings-smoke-tests/java_parseint_with_radix_knownbug/test_parseint_with_radix.class b/regression/strings-smoke-tests/java_parseint_with_radix_knownbug/test_parseint_with_radix.class
index 95b48bc13fcfa5656710030dcd8ef2239cf692b8..876f33d861b9addf3ed10e48ee6ee421597834fd 100644
GIT binary patch
delta 636
zcmZ9J%}*0i6vcmUKKiE9L8pV#ss+@dK&#Z2Dhe9Z7^8`9zy&NvB}8oqDUI7={0o{c
zOjuxdtkuL4N$TFX_b<`J7_4^&KN2UI_wGIK-22YC@3a2u-1_wMLl3Aj=W>W~&4k0G
zi$TGq$hjmQ=gnrn-`7mJIE*`#%uT7#TyQB<(M-3lZd)6Tdb#yuWT>oAcNI}yQRwxs
zzOnMS()u!*9$0LIkDlER*B^urYb$b5yR2rX(*z3tY4|)W)xx#a(qg0jWNlU9%-lZs
zJknG(7d<X9<8c_jy{m@XFIC=DWLw)=M|0WZ3bXBR>Q&Pd7ohxX#FWTHNrOPvLCH$8
zE7|Qr7xhL0gCnvgVo-5ZV();!5E;pmWH}~?6sw#xGX;B5=vf`+_b`?Nvx{}F==;0a
z*WQxYYTM>mbB7y+p50+CrnoW1{=*=h3sSF1?cpqUNq&r~VyyEIi<FtMvWn;txuQ^u
z9Y-`J<yl<jNpVxo?ugw5vAQIuH8Hv=N}G|5sucO+_c$j+eufEh42#_brWlE_CBa5x
zOe}GdQ&M$W{tWg$MNM9PXVBPZ@^>h=kNq8FHJ%cr1MfWpTWD(s%X~*dr04&eYSh%m
N@UBO*KO>33*<YhUT|fW;

delta 484
zcmZ8dOD_Xq6g_vQGhdCVPN!O>4^{POsXo**Bo;P=Rc$PXNP|X%#<u=~%%VvbEUinT
zLgELAKVf5SV_`wu8Ht6>ch0%F_uO;85ATaudj5WR0#L@R1|7o!X)i`JNEp>HhVd?F
z$jIm1A&}MJbvh<AOd=;Rb+LMB$0??GPU|P7i?>9iM4&Z-uTr;m4>zsjEo-N?$Cmaw
zEk^w?2*!bRX60+vQ8izwpX?u138`Gsex<PeP9jt&6m<BJ7ho)+q{D|EyF+pNlcMUh
z&N*l70jb$=!UAMOoCanxi02G`1FZ6l#HeIDpf(c;Ccmm%Bm|l3zYXX`h*cND=;Mkr
z++;JEap4itwkdbu*_cr7p)B7(Z6Odd#TD#1Io@!LW!E?ig}KUqB{+i@X*Qf^<t$46
znjwOIRvKp;K$KS*$RLI|M@zVM=?iIrK??GG^6!$e8xsha+8w%E5T0vz<Xfn1Uh?lO
Q$47yruQ<mKv5=7Z0Xqyj%m4rY

diff --git a/regression/strings-smoke-tests/java_parseint_with_radix_knownbug/test_parseint_with_radix.java b/regression/strings-smoke-tests/java_parseint_with_radix_knownbug/test_parseint_with_radix.java
index fc4b7c458fb..7279127d053 100644
--- a/regression/strings-smoke-tests/java_parseint_with_radix_knownbug/test_parseint_with_radix.java
+++ b/regression/strings-smoke-tests/java_parseint_with_radix_knownbug/test_parseint_with_radix.java
@@ -2,10 +2,19 @@ public class test_parseint_with_radix
 {
     public static void main(String[] args)
     {
-        // -2^31, min value of Integer, and longest string we could have
-        String str2 = new String("-100000000000000000000000000000000");
-        int parsed2 = Integer.parseInt(str2, 2);
-        assert(parsed2 == -2147483648);
-        assert(parsed2 != -2147483648);
-    }
+        if (args.length == 1) {
+            // 2^31-1, max value of Integer
+            String str1 = new String("7FFFFFFF");
+            int parsed1 = Integer.parseInt(str1, 16);
+            assert(parsed1 == 2147483647);
+            assert(parsed1 != 2147483647);
+        }
+        else if (args.length == 2) {
+            // -2^31, min value of Integer, and longest string we could have
+            String str2 = new String("-100000000000000000000000000000000");
+            int parsed2 = Integer.parseInt(str2, 2);
+            assert(parsed2 == -2147483648);
+            assert(parsed2 != -2147483648);
+        }
+   }
 }
diff --git a/regression/strings-smoke-tests/java_parselong_2/test.desc b/regression/strings-smoke-tests/java_parselong_2/test.desc
index 33734cb3d9b..17db69e3979 100644
--- a/regression/strings-smoke-tests/java_parselong_2/test.desc
+++ b/regression/strings-smoke-tests/java_parselong_2/test.desc
@@ -1,4 +1,4 @@
-CORE
+THOROUGH
 test_parselong.class
 --refine-strings
 ^EXIT=10$
diff --git a/regression/strings-smoke-tests/java_parselong_3/test.desc b/regression/strings-smoke-tests/java_parselong_3/test.desc
index d163c274e50..fa8ad9ccc48 100644
--- a/regression/strings-smoke-tests/java_parselong_3/test.desc
+++ b/regression/strings-smoke-tests/java_parselong_3/test.desc
@@ -3,7 +3,7 @@ test_parselong.class
 --refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
-^\[.*assertion.1\].* line 9.* SUCCESS$
-^\[.*assertion.2\].* line 10.* FAILURE$
+^\[.*assertion.1\].* line 8.* SUCCESS$
+^\[.*assertion.2\].* line 9.* FAILURE$
 --
 --
diff --git a/regression/strings-smoke-tests/java_parselong_3/test_parselong.class b/regression/strings-smoke-tests/java_parselong_3/test_parselong.class
index 97bca1a951877b1d33b0ba1e30e28360f04beb30..c7cafd723c4e08a94e4da4d1e9e38262fa07c6f8 100644
GIT binary patch
delta 62
zcmZ3=KA(MpD#!o-{}@1Eqpk}hKcB9Vp{1pPk+G2}5EyN4W9(rRWMklBU}q3y;9yW^
O;AF66;F_$=+ynsdM-0^f

delta 68
zcmbQwzLb4}Dn|nY7%*<sbzu}0(X})(GB!3hGB7r?Ff}nZH?=S@-`v31!zjqkz{SA9
TAjrVUpbli&GH_3pWo`lhyI2dQ

diff --git a/regression/strings-smoke-tests/java_parselong_3/test_parselong.java b/regression/strings-smoke-tests/java_parselong_3/test_parselong.java
index 718f27ed8d9..e05341bdb86 100644
--- a/regression/strings-smoke-tests/java_parselong_3/test_parselong.java
+++ b/regression/strings-smoke-tests/java_parselong_3/test_parselong.java
@@ -2,11 +2,10 @@ public class test_parselong
 {
     public static void main(String[] args)
     {
-        // -(2^63 - 1) - note that -2^63 should work but doesn't because of a
-        // limitation in the current code
-        String str = new String("-9223372036854775807");
+        // -2^41
+        String str = new String("-2199023255552");
         long parsed = Long.parseLong(str, 10);
-        assert(parsed == -9223372036854775807L);
-        assert(parsed != -9223372036854775807L);
+        assert(parsed == -2199023255552L);
+        assert(parsed != -2199023255552L);
     }
 }
diff --git a/regression/strings-smoke-tests/java_parselong_4/test.desc b/regression/strings-smoke-tests/java_parselong_4/test.desc
index 33734cb3d9b..17db69e3979 100644
--- a/regression/strings-smoke-tests/java_parselong_4/test.desc
+++ b/regression/strings-smoke-tests/java_parselong_4/test.desc
@@ -1,4 +1,4 @@
-CORE
+THOROUGH
 test_parselong.class
 --refine-strings
 ^EXIT=10$
diff --git a/regression/strings-smoke-tests/java_parselong_5/test.desc b/regression/strings-smoke-tests/java_parselong_5/test.desc
index 032c7584481..fa8ad9ccc48 100644
--- a/regression/strings-smoke-tests/java_parselong_5/test.desc
+++ b/regression/strings-smoke-tests/java_parselong_5/test.desc
@@ -1,9 +1,9 @@
-CORE
+THOROUGH
 test_parselong.class
 --refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
-^\[.*assertion.1\].* line 9.* SUCCESS$
-^\[.*assertion.2\].* line 10.* FAILURE$
+^\[.*assertion.1\].* line 8.* SUCCESS$
+^\[.*assertion.2\].* line 9.* FAILURE$
 --
 --
diff --git a/regression/strings-smoke-tests/java_parselong_5/test_parselong.class b/regression/strings-smoke-tests/java_parselong_5/test_parselong.class
index 1c0ca1fbeada03dffad9bb0ca6dc39f9572a7c99..deaff359766878fc996234305ee5403faf397641 100644
GIT binary patch
delta 85
zcmcb>zLkA~D#!o-|9>z5!A4ydMm1GkLj%HK^Cre_MnN_PE(Uf60R|2RH3m)w8wRe)
He#}h(&I1y!

delta 112
zcmdnWet~_0Dn|nY7%*<sbzyXL&^4qCY@W{8%_zvuz{SA9Ai%)Mpax{wFmO*cW^Mui
D;;a;o

diff --git a/regression/strings-smoke-tests/java_parselong_5/test_parselong.java b/regression/strings-smoke-tests/java_parselong_5/test_parselong.java
index 9f04ac9b124..ac30cc8af83 100644
--- a/regression/strings-smoke-tests/java_parselong_5/test_parselong.java
+++ b/regression/strings-smoke-tests/java_parselong_5/test_parselong.java
@@ -2,11 +2,10 @@ public class test_parselong
 {
     public static void main(String[] args)
     {
-        // -(2^63 - 1) - note that -2^63 should work but doesn't because of a
-        // limitation in the current code
-        String str = new String("-111111111111111111111111111111111111111111111111111111111111111");
+        // -2^35
+        String str = new String("-100000000000000000000000000000000000");
         long parsed = Long.parseLong(str, 2);
-        assert(parsed == -9223372036854775807L);
-        assert(parsed != -9223372036854775807L);
+        assert(parsed == -34359738368L);
+        assert(parsed != -34359738368L);
     }
 }
diff --git a/src/solvers/refinement/string_constraint_generator_valueof.cpp b/src/solvers/refinement/string_constraint_generator_valueof.cpp
index 4d2d2cc0b5e..c59a20dab81 100644
--- a/src/solvers/refinement/string_constraint_generator_valueof.cpp
+++ b/src/solvers/refinement/string_constraint_generator_valueof.cpp
@@ -411,123 +411,92 @@ exprt string_constraint_generatort::add_axioms_for_correct_number_format(
 
 /// add axioms corresponding to the Integer.parseInt java function
 /// \param f: a function application with either one string expression or one
-///   string expression and an integer expression for the radix
+///   string expression and an expression for the radix
 /// \return an integer expression
 exprt string_constraint_generatort::add_axioms_for_parse_int(
   const function_application_exprt &f)
 {
   PRECONDITION(f.arguments().size()==1 || f.arguments().size()==2);
-  const string_exprt str=get_string_expr(f.arguments()[0]);
+  string_exprt str=get_string_expr(f.arguments()[0]);
   const exprt radix=
     f.arguments().size()==1?
       static_cast<exprt>(from_integer(10, f.type())):
       static_cast<exprt>(typecast_exprt(f.arguments()[1], f.type()));
 
   const typet &type=f.type();
-  const symbol_exprt i=fresh_symbol("parsed_int", type);
-  const symbol_exprt sign=fresh_symbol("sign_of_parsed_int", type);
+  symbol_exprt i=fresh_symbol("parsed_int", type);
   const refined_string_typet &ref_type=to_refined_string_type(str.type());
   const typet &char_type=ref_type.get_char_type();
-  const exprt minus_char=constant_char('-', char_type);
-  const exprt plus_char=constant_char('+', char_type);
+  exprt minus_char=constant_char('-', char_type);
+  exprt plus_char=constant_char('+', char_type);
   assert(type.id()==ID_signedbv);
 
-  const exprt chr=str[0];
-  const typet &index_type=ref_type.get_index_type();
-  const exprt zero_expr=from_integer(0, index_type);
-  const exprt one_expr=from_integer(1, index_type);
-  const exprt two_expr=from_integer(2, index_type);
-  const exprt starts_with_minus=equal_exprt(chr, minus_char);
-  const exprt starts_with_plus=equal_exprt(chr, plus_char);
-  const exprt starts_with_digit=
+  exprt chr=str[0];
+  exprt starts_with_minus=equal_exprt(chr, minus_char);
+  exprt starts_with_plus=equal_exprt(chr, plus_char);
+  exprt starts_with_digit=
     not_exprt(or_exprt(starts_with_minus, starts_with_plus));
 
-  /// Currently we do not cope with excessive leading zeros. This value of
-  /// max_string_length is long enough to be able to represent every number in
-  /// every base. We experimented with making the max_string_length depend on
-  /// the base, but this did not make any difference.
-  const std::size_t max_string_length=to_bitvector_type(type).get_width()+1;
-
   /// TODO: we should throw an exception when this does not hold:
+  const std::size_t max_string_length=40;
   const exprt &correct=add_axioms_for_correct_number_format(
     str, radix, max_string_length);
   axioms.push_back(correct);
 
-  /// TODO(OJones) Fix the below algorithm to make it work for for -2^63 in
-  /// binary (currently radix^63 overflows).
-
-  /// First we deal with the contribution to i from all the characters after the
-  /// first one
-  for(std::size_t index=1; index<max_string_length; ++index)
+  /// TODO(OJones): size should depend on the radix
+  /// TODO(OJones): we should deal with overflow properly
+  for(std::size_t size=1; size<=max_string_length; size++)
   {
-    const exprt index_expr=from_integer(index, index_type);
-
-    /// We need an expr which is str.length()-index-1 when this is >= 0, and is
-    /// zero otherwise
-    if_exprt length_minus_index_minus_one(
-      binary_relation_exprt(index_expr, ID_lt, str.length()),
-      minus_exprt(minus_exprt(str.length(), index_expr), one_expr),
-      zero_expr);
-
-    /// index < length => sign*str[index] = (i/radix^(length-index-1))%radix
-    const equal_exprt contribution_of_str_index(
-      mult_exprt(
-        sign, get_numeric_value_from_character(str[index], char_type, type)),
-      mod_exprt(
-        div_exprt(i, power_exprt(radix, length_minus_index_minus_one)), radix));
-    const implies_exprt qualified_contribution_of_str_index(
-      binary_relation_exprt(index_expr, ID_lt, str.length()),
-      contribution_of_str_index);
-
-    axioms.push_back(qualified_contribution_of_str_index);
-  }
+    exprt sum=from_integer(0, type);
+    exprt first_value=get_numeric_value_from_character(chr, char_type, type);
+    equal_exprt premise=str.axiom_for_has_length(size);
 
-  /// Now we deal with the contribution to i from the first character, or the
-  /// second character if the first character is + or -, and also define sign as
-  /// 1 or -1 appropriately
-
-  const if_exprt length_minus_one(
-    binary_relation_exprt(zero_expr, ID_lt, str.length()),
-    minus_exprt(str.length(), one_expr),
-    zero_expr);
-  const if_exprt length_minus_two(
-    binary_relation_exprt(one_expr, ID_lt, str.length()),
-    minus_exprt(str.length(), two_expr),
-    zero_expr);
-
-  /// starts_with_digit => sign = 1 && sign*str[0] = i/radix^(length-1)
-  const implies_exprt starts_with_digit_first_digit(
-    starts_with_digit,
-    and_exprt(
-      equal_exprt(sign, from_integer(1, type)),
-      equal_exprt(
-        mult_exprt(
-          sign, get_numeric_value_from_character(str[0], char_type, type)),
-        div_exprt(i, power_exprt(radix, length_minus_one)))));
-  axioms.push_back(starts_with_digit_first_digit);
-
-  /// starts_with_plus => sign = 1 && sign*str[1] = i/radix^(length-2)
-  const implies_exprt starts_with_plus_first_digit(
-    starts_with_plus,
-    and_exprt(
-      equal_exprt(sign, from_integer(1, type)),
-      equal_exprt(
-        mult_exprt(
-          sign, get_numeric_value_from_character(str[1], char_type, type)),
-        div_exprt(i, power_exprt(radix, length_minus_two)))));
-  axioms.push_back(starts_with_plus_first_digit);
-
-  /// starts_with_minus => sign = -1 && sign*str[1] = i/radix^(length-2)
-  const implies_exprt starts_with_minus_first_digit(
-    starts_with_minus,
-    and_exprt(
-      equal_exprt(sign, from_integer(-1, type)),
-      equal_exprt(
-        mult_exprt(
-          sign, get_numeric_value_from_character(str[1], char_type, type)),
-        div_exprt(i, power_exprt(radix, length_minus_two)))));
-  axioms.push_back(starts_with_minus_first_digit);
+    for(std::size_t j=1; j<size; j++)
+    {
+      mult_exprt radix_sum(sum, radix);
+      if(j>=max_string_length-1)
+      {
+        // We have to be careful about overflows
+        div_exprt div(sum, radix);
+        implies_exprt no_overflow(premise, (equal_exprt(div, sum)));
+        axioms.push_back(no_overflow);
+      }
+
+      sum=plus_exprt_with_overflow_check(
+        radix_sum,
+        get_numeric_value_from_character(str[j], char_type, type));
+
+      mult_exprt first(first_value, radix);
+      if(j>=max_string_length-1)
+      {
+        // We have to be careful about overflows
+        div_exprt div_first(first, radix);
+        implies_exprt no_overflow_first(
+          and_exprt(starts_with_digit, premise),
+          equal_exprt(div_first, first_value));
+        axioms.push_back(no_overflow_first);
+      }
+      first_value=first;
+    }
+
+    // If the length is `size`, we add axioms:
+    // a1 : starts_with_digit => i=sum+first_value
+    // a2 : starts_with_plus => i=sum
+    // a3 : starts_with_minus => i=-sum
 
+    implies_exprt a1(
+      and_exprt(premise, starts_with_digit),
+      equal_exprt(i, plus_exprt(sum, first_value)));
+    axioms.push_back(a1);
+
+    implies_exprt a2(and_exprt(premise, starts_with_plus), equal_exprt(i, sum));
+    axioms.push_back(a2);
+
+    implies_exprt a3(
+      and_exprt(premise, starts_with_minus),
+      equal_exprt(i, unary_minus_exprt(sum)));
+    axioms.push_back(a3);
+  }
   return i;
 }
 

From 19ee8aab585166a99c2c881d3cfaeebb9621239c Mon Sep 17 00:00:00 2001
From: Jesse Sigal <jesse.sigal@gmail.com>
Date: Wed, 12 Jul 2017 12:53:53 +0100
Subject: [PATCH 426/699] Added `string_refinement_invariantt` macro as a
 placeholder for future structured exceptions

---
 .../refinement/string_refinement_invariant.h      | 15 +++++++++++++++
 1 file changed, 15 insertions(+)
 create mode 100644 src/solvers/refinement/string_refinement_invariant.h

diff --git a/src/solvers/refinement/string_refinement_invariant.h b/src/solvers/refinement/string_refinement_invariant.h
new file mode 100644
index 00000000000..59f0c64cc28
--- /dev/null
+++ b/src/solvers/refinement/string_refinement_invariant.h
@@ -0,0 +1,15 @@
+/*******************************************************************\
+
+Module: Placeholder for eventual upgraded invariants.
+
+Author: Jesse Sigal, jesse.sigal@diffblue.com
+
+\*******************************************************************/
+
+#ifndef CPROVER_SOLVERS_REFINEMENT_STRING_REFINEMENT_INVARIANT_H
+#define CPROVER_SOLVERS_REFINEMENT_STRING_REFINEMENT_INVARIANT_H
+
+#define string_refinement_invariantt(reason) \
+  (("string_refinement_invariantt("+std::string(reason)+")").c_str())
+
+#endif // CPROVER_SOLVERS_REFINEMENT_STRING_REFINEMENT_INVARIANT_H

From 312a0aeaac2fcbf5ae67e372a3ba7c1e3070fd07 Mon Sep 17 00:00:00 2001
From: Jesse Sigal <jesse.sigal@gmail.com>
Date: Wed, 5 Jul 2017 15:17:54 +0100
Subject: [PATCH 427/699] Updated assertions and throws to be invariants in
 src/sovlers/refinement.

---
 src/solvers/refinement/bv_refinement_loop.cpp |   6 +-
 src/solvers/refinement/refine_arithmetic.cpp  |  41 ++++---
 src/solvers/refinement/refine_arrays.cpp      |  17 ++-
 src/solvers/refinement/string_constraint.h    |  19 ++-
 .../refinement/string_constraint_generator.h  |   2 +-
 ...tring_constraint_generator_code_points.cpp |   8 +-
 ...string_constraint_generator_comparison.cpp |   6 +-
 .../string_constraint_generator_constants.cpp |   6 +-
 .../string_constraint_generator_indexof.cpp   |  24 ++--
 .../string_constraint_generator_insert.cpp    |  15 ++-
 .../string_constraint_generator_main.cpp      |  54 +++++----
 .../string_constraint_generator_testing.cpp   |  16 ++-
 ...ng_constraint_generator_transformation.cpp |  16 ++-
 .../string_constraint_generator_valueof.cpp   |  12 +-
 src/solvers/refinement/string_refinement.cpp  | 112 +++++++++++++-----
 src/solvers/refinement/string_refinement.h    |   6 +-
 16 files changed, 241 insertions(+), 119 deletions(-)

diff --git a/src/solvers/refinement/bv_refinement_loop.cpp b/src/solvers/refinement/bv_refinement_loop.cpp
index cf21409ee8b..6a0715ecdb6 100644
--- a/src/solvers/refinement/bv_refinement_loop.cpp
+++ b/src/solvers/refinement/bv_refinement_loop.cpp
@@ -21,9 +21,9 @@ bv_refinementt::bv_refinementt(
   do_arithmetic_refinement(true)
 {
   // check features we need
-  assert(prop.has_set_assumptions());
-  assert(prop.has_set_to());
-  assert(prop.has_is_in_conflict());
+  PRECONDITION(prop.has_set_assumptions());
+  PRECONDITION(prop.has_set_to());
+  PRECONDITION(prop.has_is_in_conflict());
 }
 
 bv_refinementt::~bv_refinementt()
diff --git a/src/solvers/refinement/refine_arithmetic.cpp b/src/solvers/refinement/refine_arithmetic.cpp
index 70faf0e600d..7b82335589a 100644
--- a/src/solvers/refinement/refine_arithmetic.cpp
+++ b/src/solvers/refinement/refine_arithmetic.cpp
@@ -14,6 +14,7 @@ Author: Daniel Kroening, kroening@kroening.com
 
 #include <langapi/language_util.h>
 
+#include <solvers/refinement/string_refinement_invariant.h>
 #include <solvers/floatbv/float_utils.h>
 
 #include "bv_refinement.h"
@@ -62,7 +63,7 @@ bvt bv_refinementt::convert_mult(const exprt &expr)
 
   const typet &type=ns.follow(expr.type());
 
-  assert(operands.size()>=2);
+  PRECONDITION(operands.size()>=2);
 
   if(operands.size()>2)
     return convert_mult(make_binary(expr)); // make binary
@@ -106,7 +107,7 @@ bvt bv_refinementt::convert_div(const div_exprt &expr)
   // we catch any division
   // unless it's integer division by a constant
 
-  assert(expr.operands().size()==2);
+  PRECONDITION(expr.operands().size()==2);
 
   if(expr.op1().is_constant())
     return SUB::convert_div(expr);
@@ -124,7 +125,7 @@ bvt bv_refinementt::convert_mod(const mod_exprt &expr)
   // we catch any mod
   // unless it's integer + constant
 
-  assert(expr.operands().size()==2);
+  PRECONDITION(expr.operands().size()==2);
 
   if(expr.op1().is_constant())
     return SUB::convert_mod(expr);
@@ -152,7 +153,7 @@ void bv_refinementt::get_values(approximationt &a)
     a.op2_value=get_value(a.op2_bv);
   }
   else
-    assert(0);
+    UNREACHABLE;
 
   a.result_value=get_value(a.result_bv);
 }
@@ -170,8 +171,10 @@ void bv_refinementt::check_SAT(approximationt &a)
 
   if(type.id()==ID_floatbv)
   {
-    // these are all trinary
-    assert(a.expr.operands().size()==3);
+    // these are all ternary
+    INVARIANT(
+      a.expr.operands().size()==3,
+      string_refinement_invariantt("all floatbv typed exprs are ternary"));
 
     if(a.over_state==MAX_STATE)
       return;
@@ -203,7 +206,7 @@ void bv_refinementt::check_SAT(approximationt &a)
     else if(a.expr.id()==ID_floatbv_div)
       result/=o1;
     else
-      assert(false);
+      UNREACHABLE;
 
     if(result.pack()==a.result_value) // ok
       return;
@@ -271,9 +274,9 @@ void bv_refinementt::check_SAT(approximationt &a)
       else if(a.expr.id()==ID_floatbv_div)
         r=float_utils.div(op0, op1);
       else
-        assert(0);
+        UNREACHABLE;
 
-      assert(r.size()==res.size());
+      CHECK_RETURN(r.size()==res.size());
       bv_utils.set_equal(r, res);
     }
   }
@@ -281,7 +284,9 @@ void bv_refinementt::check_SAT(approximationt &a)
           type.id()==ID_unsignedbv)
   {
     // these are all binary
-    assert(a.expr.operands().size()==2);
+    INVARIANT(
+      a.expr.operands().size()==2,
+      string_refinement_invariantt("all (un)signedbv typed exprs are binary"));
 
     // already full interpretation?
     if(a.over_state>0)
@@ -305,7 +310,7 @@ void bv_refinementt::check_SAT(approximationt &a)
     else if(a.expr.id()==ID_mod)
       o0%=o1;
     else
-      assert(false);
+      UNREACHABLE;
 
     if(o0.pack()==a.result_value) // ok
       return;
@@ -339,21 +344,21 @@ void bv_refinementt::check_SAT(approximationt &a)
             bv_utilst::representationt::UNSIGNED);
       }
       else
-        assert(0);
+        UNREACHABLE;
 
       bv_utils.set_equal(r, a.result_bv);
     }
     else
-      assert(0);
+      UNREACHABLE;
   }
   else if(type.id()==ID_fixedbv)
   {
     // TODO: not implemented
-    assert(0);
+    TODO;
   }
   else
   {
-    assert(0);
+    UNREACHABLE;
   }
 
   status() << "Found spurious `" << a.as_string()
@@ -375,7 +380,7 @@ void bv_refinementt::check_UNSAT(approximationt &a)
   status() << "Found assumption for `" << a.as_string()
            << "' in proof (state " << a.under_state << ")" << eom;
 
-  assert(!a.under_assumptions.empty());
+  PRECONDITION(!a.under_assumptions.empty());
 
   a.under_assumptions.clear();
 
@@ -486,7 +491,7 @@ bv_refinementt::add_approximation(
   approximationt &a=approximations.back(); // stable!
 
   std::size_t width=boolbv_width(expr.type());
-  assert(width!=0);
+  PRECONDITION(width!=0);
 
   a.expr=expr;
   a.result_bv=prop.new_variables(width);
@@ -515,7 +520,7 @@ bv_refinementt::add_approximation(
     set_frozen(a.op2_bv);
   }
   else
-    assert(false);
+    UNREACHABLE;
 
   bv=a.result_bv;
 
diff --git a/src/solvers/refinement/refine_arrays.cpp b/src/solvers/refinement/refine_arrays.cpp
index 5caee4b01bc..cbde7f1decb 100644
--- a/src/solvers/refinement/refine_arrays.cpp
+++ b/src/solvers/refinement/refine_arrays.cpp
@@ -16,6 +16,7 @@ Author: Daniel Kroening, kroening@kroening.com
 #include <util/find_symbols.h>
 
 #include "bv_refinement.h"
+#include <solvers/refinement/string_refinement_invariant.h>
 #include <solvers/sat/satcheck.h>
 
 /// generate array constraints
@@ -55,7 +56,9 @@ void bv_refinementt::arrays_overapproximated()
     if(current.id()==ID_implies)
     {
       implies_exprt imp=to_implies_expr(current);
-      assert(imp.operands().size()==2);
+      DATA_INVARIANT(
+        imp.operands().size()==2,
+        string_refinement_invariantt("implies must have two operands"));
       exprt implies_simplified=get(imp.op0());
       if(implies_simplified==false_exprt())
       {
@@ -67,7 +70,9 @@ void bv_refinementt::arrays_overapproximated()
     if(current.id()==ID_or)
     {
       or_exprt orexp=to_or_expr(current);
-      assert(orexp.operands().size()==2);
+      INVARIANT(
+        orexp.operands().size()==2,
+        string_refinement_invariantt("only treats the case of a binary or"));
       exprt o1=get(orexp.op0());
       exprt o2=get(orexp.op1());
       if(o1==true_exprt() || o2 == true_exprt())
@@ -91,7 +96,13 @@ void bv_refinementt::arrays_overapproximated()
       lazy_array_constraints.erase(it++);
       break;
     default:
-      assert(false);
+      error() << "error in array over approximation check" << eom;
+      INVARIANT(
+        false,
+        string_refinement_invariantt("error in array over approximation "
+          "check"));
+      // Placeholder to tell the compiler we bail
+      throw 0;
     }
   }
 
diff --git a/src/solvers/refinement/string_constraint.h b/src/solvers/refinement/string_constraint.h
index c83d63cc69a..03233ab083a 100644
--- a/src/solvers/refinement/string_constraint.h
+++ b/src/solvers/refinement/string_constraint.h
@@ -22,6 +22,7 @@ Author: Romain Brenguier, romain.brenguier@diffblue.com
 
 #include <langapi/language_ui.h>
 #include <solvers/refinement/bv_refinement.h>
+#include <solvers/refinement/string_refinement_invariant.h>
 #include <util/refined_string_type.h>
 
 class string_constraintt: public exprt
@@ -103,13 +104,13 @@ class string_constraintt: public exprt
 
 extern inline const string_constraintt &to_string_constraint(const exprt &expr)
 {
-  assert(expr.id()==ID_string_constraint && expr.operands().size()==5);
+  PRECONDITION(expr.id()==ID_string_constraint && expr.operands().size()==5);
   return static_cast<const string_constraintt &>(expr);
 }
 
 extern inline string_constraintt &to_string_constraint(exprt &expr)
 {
-  assert(expr.id()==ID_string_constraint && expr.operands().size()==5);
+  PRECONDITION(expr.id()==ID_string_constraint && expr.operands().size()==5);
   return static_cast<string_constraintt &>(expr);
 }
 
@@ -173,16 +174,22 @@ class string_not_contains_constraintt: public exprt
 inline const string_not_contains_constraintt
 &to_string_not_contains_constraint(const exprt &expr)
 {
-  assert(expr.id()==ID_string_not_contains_constraint);
-  assert(expr.operands().size()==7);
+  PRECONDITION(expr.id()==ID_string_not_contains_constraint);
+  DATA_INVARIANT(
+    expr.operands().size()==7,
+    string_refinement_invariantt("string_not_contains_constraintt must have 7 "
+      "operands"));
   return static_cast<const string_not_contains_constraintt &>(expr);
 }
 
 inline string_not_contains_constraintt
 &to_string_not_contains_constraint(exprt &expr)
 {
-  assert(expr.id()==ID_string_not_contains_constraint);
-  assert(expr.operands().size()==7);
+  PRECONDITION(expr.id()==ID_string_not_contains_constraint);
+  DATA_INVARIANT(
+    expr.operands().size()==7,
+    string_refinement_invariantt("string_not_contains_constraintt must have 7 "
+      "operands"));
   return static_cast<string_not_contains_constraintt &>(expr);
 }
 
diff --git a/src/solvers/refinement/string_constraint_generator.h b/src/solvers/refinement/string_constraint_generator.h
index a455f75ec7e..ca6ff4177de 100644
--- a/src/solvers/refinement/string_constraint_generator.h
+++ b/src/solvers/refinement/string_constraint_generator.h
@@ -317,7 +317,7 @@ class string_constraint_generatort
     const function_application_exprt &expr, size_t nb)
   {
     const function_application_exprt::argumentst &args=expr.arguments();
-    assert(args.size()==nb);
+    PRECONDITION(args.size()==nb);
     return args;
   }
 
diff --git a/src/solvers/refinement/string_constraint_generator_code_points.cpp b/src/solvers/refinement/string_constraint_generator_code_points.cpp
index ad44469d51e..d539e8d9e9e 100644
--- a/src/solvers/refinement/string_constraint_generator_code_points.cpp
+++ b/src/solvers/refinement/string_constraint_generator_code_points.cpp
@@ -30,7 +30,7 @@ string_exprt string_constraint_generatort::add_axioms_for_code_point(
 {
   string_exprt res=fresh_string(ref_type);
   const typet &type=code_point.type();
-  assert(type.id()==ID_signedbv);
+  PRECONDITION(type.id()==ID_signedbv);
 
   // We add axioms:
   // a1 : code_point<0x010000 => |res|=1
@@ -126,7 +126,7 @@ exprt string_constraint_generatort::add_axioms_for_code_point_at(
   const function_application_exprt &f)
 {
   typet return_type=f.type();
-  assert(return_type.id()==ID_signedbv);
+  PRECONDITION(return_type.id()==ID_signedbv);
   string_exprt str=get_string_expr(args(f, 2)[0]);
   const exprt &pos=args(f, 2)[1];
 
@@ -155,9 +155,9 @@ exprt string_constraint_generatort::add_axioms_for_code_point_before(
   const function_application_exprt &f)
 {
   const function_application_exprt::argumentst &args=f.arguments();
-  assert(args.size()==2);
+  PRECONDITION(args.size()==2);
   typet return_type=f.type();
-  assert(return_type.id()==ID_signedbv);
+  PRECONDITION(return_type.id()==ID_signedbv);
   symbol_exprt result=fresh_symbol("char", return_type);
   string_exprt str=get_string_expr(args[0]);
 
diff --git a/src/solvers/refinement/string_constraint_generator_comparison.cpp b/src/solvers/refinement/string_constraint_generator_comparison.cpp
index f926147d1d4..c5021b107e3 100644
--- a/src/solvers/refinement/string_constraint_generator_comparison.cpp
+++ b/src/solvers/refinement/string_constraint_generator_comparison.cpp
@@ -22,7 +22,7 @@ Author: Romain Brenguier, romain.brenguier@diffblue.com
 exprt string_constraint_generatort::add_axioms_for_equals(
   const function_application_exprt &f)
 {
-  assert(f.type()==bool_typet() || f.type().id()==ID_c_bool);
+  PRECONDITION(f.type()==bool_typet() || f.type().id()==ID_c_bool);
   symbol_exprt eq=fresh_boolean("equal");
   typecast_exprt tc_eq(eq, f.type());
 
@@ -98,7 +98,7 @@ exprt string_constraint_generatort::character_equals_ignore_case(
 exprt string_constraint_generatort::add_axioms_for_equals_ignore_case(
   const function_application_exprt &f)
 {
-  assert(f.type()==bool_typet() || f.type().id()==ID_c_bool);
+  PRECONDITION(f.type()==bool_typet() || f.type().id()==ID_c_bool);
 
   symbol_exprt eq=fresh_boolean("equal_ignore_case");
   typecast_exprt tc_eq(eq, f.type());
@@ -207,7 +207,7 @@ exprt string_constraint_generatort::add_axioms_for_compare_to(
   //       (|s1|<|s2| &&x=|s1|) || (|s1| > |s2| &&x=|s2|) &&res=|s1|-|s2|)
   // a4 : forall i'<x. res!=0 => s1[i]=s2[i]
 
-  assert(return_type.id()==ID_signedbv);
+  PRECONDITION(return_type.id()==ID_signedbv);
 
   equal_exprt res_null=equal_exprt(res, from_integer(0, return_type));
   implies_exprt a1(res_null, s1.axiom_for_has_same_length_as(s2));
diff --git a/src/solvers/refinement/string_constraint_generator_constants.cpp b/src/solvers/refinement/string_constraint_generator_constants.cpp
index 7225a0aad00..1351a8839d4 100644
--- a/src/solvers/refinement/string_constraint_generator_constants.cpp
+++ b/src/solvers/refinement/string_constraint_generator_constants.cpp
@@ -54,8 +54,8 @@ string_exprt string_constraint_generatort::add_axioms_for_constant(
 string_exprt string_constraint_generatort::add_axioms_for_empty_string(
   const function_application_exprt &f)
 {
-  assert(f.arguments().empty());
-  assert(refined_string_typet::is_refined_string_type(f.type()));
+  PRECONDITION(f.arguments().empty());
+  PRECONDITION(refined_string_typet::is_refined_string_type(f.type()));
   const refined_string_typet &ref_type=to_refined_string_type(f.type());
   exprt size=from_integer(0, ref_type.get_index_type());
   const array_typet &content_type=ref_type.get_content_type();
@@ -74,7 +74,7 @@ string_exprt string_constraint_generatort::add_axioms_from_literal(
   const function_application_exprt &f)
 {
   const function_application_exprt::argumentst &args=f.arguments();
-  assert(args.size()==1); // Bad args to string literal?
+  PRECONDITION(args.size()==1); // Bad args to string literal?
 
   const exprt &arg=args[0];
   irep_idt sval=to_constant_expr(arg).get_value();
diff --git a/src/solvers/refinement/string_constraint_generator_indexof.cpp b/src/solvers/refinement/string_constraint_generator_indexof.cpp
index 677262092e1..33e6cc960d9 100644
--- a/src/solvers/refinement/string_constraint_generator_indexof.cpp
+++ b/src/solvers/refinement/string_constraint_generator_indexof.cpp
@@ -11,6 +11,7 @@ Author: Romain Brenguier, romain.brenguier@diffblue.com
 /// Generates string constraints for the family of indexOf and lastIndexOf java
 ///   functions
 
+#include <solvers/refinement/string_refinement_invariant.h>
 #include <solvers/refinement/string_constraint_generator.h>
 
 /// Add axioms stating that the returned value is the index within str of the
@@ -149,7 +150,10 @@ exprt string_constraint_generatort::add_axioms_for_index_of_string(
     //      haystack[n+|needle|-1] != needle[|needle|-1]
     symbol_exprt qvar2=fresh_univ_index("QA_index_of_string_2", index_type);
     mp_integer sub_length;
-    assert(!to_integer(needle.length(), sub_length));
+    INVARIANT(
+      !to_integer(needle.length(), sub_length),
+      string_refinement_invariantt("a constant string must have constant "
+        "length"));
     exprt::operandst disjuncts;
     for(mp_integer offset=0; offset<sub_length; ++offset)
     {
@@ -263,7 +267,10 @@ exprt string_constraint_generatort::add_axioms_for_last_index_of_string(
     //      haystack[n+|needle|-1] != needle[|needle|-1]
     symbol_exprt qvar2=fresh_univ_index("QA_index_of_string_2", index_type);
     mp_integer sub_length;
-    assert(!to_integer(needle.length(), sub_length));
+    INVARIANT(
+      !to_integer(needle.length(), sub_length),
+      string_refinement_invariantt("a constant string must have constant "
+        "length"));
     exprt::operandst disjuncts;
     for(mp_integer offset=0; offset<sub_length; ++offset)
     {
@@ -299,7 +306,7 @@ exprt string_constraint_generatort::add_axioms_for_index_of(
   string_exprt str=get_string_expr(args[0]);
   const exprt &c=args[1];
   const refined_string_typet &ref_type=to_refined_string_type(str.type());
-  assert(f.type()==ref_type.get_index_type());
+  PRECONDITION(f.type()==ref_type.get_index_type());
   exprt from_index;
 
   if(args.size()==2)
@@ -307,7 +314,7 @@ exprt string_constraint_generatort::add_axioms_for_index_of(
   else if(args.size()==3)
     from_index=args[2];
   else
-    assert(false);
+    UNREACHABLE;
 
   if(c.type().id()==ID_unsignedbv || c.type().id()==ID_signedbv)
   {
@@ -316,7 +323,10 @@ exprt string_constraint_generatort::add_axioms_for_index_of(
   }
   else
   {
-    assert(refined_string_typet::is_refined_string_type(c.type()));
+    INVARIANT(
+      refined_string_typet::is_refined_string_type(c.type()),
+      string_refinement_invariantt("c can only be a (un)signedbv or a refined "
+        "string and the (un)signedbv case is already handled"));
     string_exprt sub=get_string_expr(c);
     return add_axioms_for_index_of_string(str, sub, from_index);
   }
@@ -396,14 +406,14 @@ exprt string_constraint_generatort::add_axioms_for_last_index_of(
   exprt c=args[1];
   const refined_string_typet &ref_type=to_refined_string_type(str.type());
   exprt from_index;
-  assert(f.type()==ref_type.get_index_type());
+  PRECONDITION(f.type()==ref_type.get_index_type());
 
   if(args.size()==2)
     from_index=minus_exprt(str.length(), from_integer(1, str.length().type()));
   else if(args.size()==3)
     from_index=args[2];
   else
-    assert(false);
+    UNREACHABLE;
 
   if(c.type().id()==ID_unsignedbv || c.type().id()==ID_signedbv)
   {
diff --git a/src/solvers/refinement/string_constraint_generator_insert.cpp b/src/solvers/refinement/string_constraint_generator_insert.cpp
index b7a0a381bad..65ccc3b89d7 100644
--- a/src/solvers/refinement/string_constraint_generator_insert.cpp
+++ b/src/solvers/refinement/string_constraint_generator_insert.cpp
@@ -9,6 +9,7 @@ Author: Romain Brenguier, romain.brenguier@diffblue.com
 /// \file
 /// Generates string constraints for the family of insert Java functions
 
+#include <solvers/refinement/string_refinement_invariant.h>
 #include <solvers/refinement/string_constraint_generator.h>
 
 /// add axioms stating that the result correspond to the first string where we
@@ -18,7 +19,7 @@ Author: Romain Brenguier, romain.brenguier@diffblue.com
 string_exprt string_constraint_generatort::add_axioms_for_insert(
   const string_exprt &s1, const string_exprt &s2, const exprt &offset)
 {
-  assert(offset.type()==s1.length().type());
+  PRECONDITION(offset.type()==s1.length().type());
   string_exprt pref=add_axioms_for_substring(
     s1, from_integer(0, offset.type()), offset);
   string_exprt suf=add_axioms_for_substring(s1, offset, s1.length());
@@ -34,7 +35,7 @@ string_exprt string_constraint_generatort::add_axioms_for_insert(
 string_exprt string_constraint_generatort::add_axioms_for_insert(
   const function_application_exprt &f)
 {
-  assert(f.arguments().size()>=3);
+  PRECONDITION(f.arguments().size()>=3);
   string_exprt s1=get_string_expr(f.arguments()[0]);
   string_exprt s2=get_string_expr(f.arguments()[2]);
   const exprt &offset=f.arguments()[1];
@@ -47,7 +48,10 @@ string_exprt string_constraint_generatort::add_axioms_for_insert(
   }
   else
   {
-    assert(f.arguments().size()==3);
+    INVARIANT(
+      f.arguments().size()==3,
+      string_refinement_invariantt("f must have 2 or 5 arguments and the case "
+        "of 5 arguments is already handled"));
     return add_axioms_for_insert(s1, s2, offset);
   }
 }
@@ -156,7 +160,10 @@ string_exprt string_constraint_generatort::add_axioms_for_insert_char_array(
   }
   else
   {
-    assert(f.arguments().size()==4);
+    INVARIANT(
+      f.arguments().size()==4,
+      string_refinement_invariantt("f must have 4 or 6 arguments and the case "
+        "of 6 arguments is already handled"));
     count=f.arguments()[2];
     offset=from_integer(0, count.type());
   }
diff --git a/src/solvers/refinement/string_constraint_generator_main.cpp b/src/solvers/refinement/string_constraint_generator_main.cpp
index 00b494eccaf..d697514767c 100644
--- a/src/solvers/refinement/string_constraint_generator_main.cpp
+++ b/src/solvers/refinement/string_constraint_generator_main.cpp
@@ -19,6 +19,7 @@ Author: Romain Brenguier, romain.brenguier@diffblue.com
 
 #include <ansi-c/string_constant.h>
 #include <java_bytecode/java_types.h>
+#include <solvers/refinement/string_refinement_invariant.h>
 #include <solvers/refinement/string_constraint_generator.h>
 #include <util/arith_tools.h>
 #include <util/pointer_predicates.h>
@@ -130,7 +131,7 @@ string_exprt string_constraint_generatort::fresh_string(
 /// \return a string expression
 string_exprt string_constraint_generatort::get_string_expr(const exprt &expr)
 {
-  assert(refined_string_typet::is_refined_string_type(expr.type()));
+  PRECONDITION(refined_string_typet::is_refined_string_type(expr.type()));
 
   if(expr.id()==ID_symbol)
   {
@@ -150,7 +151,7 @@ string_exprt string_constraint_generatort::get_string_expr(const exprt &expr)
 string_exprt string_constraint_generatort::convert_java_string_to_string_exprt(
     const exprt &jls)
 {
-  assert(jls.id()==ID_struct);
+  PRECONDITION(jls.id()==ID_struct);
 
   exprt length(to_struct_expr(jls).op1());
   // TODO: Add assertion on the type.
@@ -205,11 +206,11 @@ void string_constraint_generatort::add_default_axioms(
 string_exprt string_constraint_generatort::add_axioms_for_refined_string(
   const exprt &string)
 {
-  assert(refined_string_typet::is_refined_string_type(string.type()));
+  PRECONDITION(refined_string_typet::is_refined_string_type(string.type()));
   refined_string_typet type=to_refined_string_type(string.type());
 
   // Function applications should have been removed before
-  assert(string.id()!=ID_function_application);
+  PRECONDITION(string.id()!=ID_function_application);
 
   if(string.id()==ID_symbol)
   {
@@ -236,9 +237,13 @@ string_exprt string_constraint_generatort::add_axioms_for_refined_string(
   }
   else
   {
-    throw "add_axioms_for_refined_string:\n"+string.pretty()+
-      "\nwhich is not a function application, "+
-      "a symbol, a struct or an if expression";
+    INVARIANT(
+      false,
+      string_refinement_invariantt("add_axioms_for_refined_string:\n"+
+        string.pretty()+"\nwhich is not a function application, a symbol, a "+
+        "struct or an if expression"));
+    // For the compiler
+    throw 0;
   }
 }
 
@@ -248,10 +253,10 @@ string_exprt string_constraint_generatort::add_axioms_for_refined_string(
 string_exprt string_constraint_generatort::add_axioms_for_if(
   const if_exprt &expr)
 {
-  assert(
+  PRECONDITION(
     refined_string_typet::is_refined_string_type(expr.true_case().type()));
   string_exprt t=get_string_expr(expr.true_case());
-  assert(
+  PRECONDITION(
     refined_string_typet::is_refined_string_type(expr.false_case().type()));
   string_exprt f=get_string_expr(expr.false_case());
   const refined_string_typet &ref_type=to_refined_string_type(t.type());
@@ -336,7 +341,7 @@ exprt string_constraint_generatort::add_axioms_for_function_application(
   const function_application_exprt &expr)
 {
   const exprt &name=expr.function();
-  assert(name.id()==ID_symbol);
+  PRECONDITION(name.id()==ID_symbol);
 
   const irep_idt &id=is_ssa_expr(name)?to_ssa_expr(name).get_object_name():
     to_symbol_expr(name).get_identifier();
@@ -521,7 +526,7 @@ exprt string_constraint_generatort::add_axioms_for_function_application(
     std::string msg(
       "string_constraint_generator::function_application: unknown symbol :");
     msg+=id2string(id);
-    throw msg;
+    DATA_INVARIANT(false, string_refinement_invariantt(msg));
   }
   function_application_cache[expr]=res;
   return res;
@@ -543,7 +548,10 @@ string_exprt string_constraint_generatort::add_axioms_for_copy(
   }
   else
   {
-    assert(args.size()==3);
+    INVARIANT(
+      args.size()==3,
+      string_refinement_invariantt("f must have 1 or 3 arguments and the case "
+        "of 3 arguments is already handled"));
     string_exprt s1=get_string_expr(args[0]);
     exprt offset=args[1];
     exprt count=args[2];
@@ -583,7 +591,7 @@ exprt string_constraint_generatort::add_axioms_for_char_pointer(
   //       refinement. We need regression tests that use that function.
 
   // TODO: we do not know what to do in the other cases
-  assert(false);
+  TODO;
   return exprt();
 }
 
@@ -610,7 +618,7 @@ string_exprt string_constraint_generatort::add_axioms_from_char_array(
   const exprt &offset,
   const exprt &count)
 {
-  assert(false); // deprecated, we should use add_axioms_for_substring instead
+  UNREACHABLE; // deprecated, we should use add_axioms_for_substring instead
   const typet &char_type=to_array_type(data.type()).subtype();
   const typet &index_type=length.type();
   refined_string_typet ref_type(index_type, char_type);
@@ -622,7 +630,7 @@ string_exprt string_constraint_generatort::add_axioms_from_char_array(
 
   symbol_exprt qvar=fresh_univ_index("QA_string_of_char_array", index_type);
   exprt char_in_tab=data;
-  assert(char_in_tab.id()==ID_index);
+  PRECONDITION(char_in_tab.id()==ID_index);
   char_in_tab.op1()=plus_exprt_with_overflow_check(qvar, offset);
 
   string_constraintt a1(qvar, count, equal_exprt(str[qvar], char_in_tab));
@@ -640,7 +648,7 @@ string_exprt string_constraint_generatort::add_axioms_from_char_array(
 string_exprt string_constraint_generatort::add_axioms_from_char_array(
   const function_application_exprt &f)
 {
-  assert(false); // deprecated, we should use add_axioms_for_substring instead
+  UNREACHABLE; // deprecated, we should use add_axioms_for_substring instead
   exprt offset;
   exprt count;
   if(f.arguments().size()==4)
@@ -650,7 +658,10 @@ string_exprt string_constraint_generatort::add_axioms_from_char_array(
   }
   else
   {
-    assert(f.arguments().size()==2);
+    INVARIANT(
+      f.arguments().size()==2,
+      string_refinement_invariantt("f must have 2 or 4 arguments and the case "
+        "of 4 arguments is already handled"));
     count=f.arguments()[0];
     offset=from_integer(0, count.type());
   }
@@ -675,7 +686,7 @@ exprt string_constraint_generatort::add_axioms_for_char_literal(
   const function_application_exprt &f)
 {
   const function_application_exprt::argumentst &args=f.arguments();
-  assert(args.size()==1); // there should be exactly 1 argument to char literal
+  PRECONDITION(args.size()==1); // there should be exactly 1 arg to char literal
 
   const exprt &arg=args[0];
   // for C programs argument to char literal should be one string constant
@@ -687,12 +698,15 @@ exprt string_constraint_generatort::add_axioms_for_char_literal(
   {
     const string_constantt s=to_string_constant(arg.op0().op0().op0());
     irep_idt sval=s.get_value();
-    assert(sval.size()==1);
+    CHECK_RETURN(sval.size()==1);
     return from_integer(unsigned(sval[0]), arg.type());
   }
   else
   {
-    throw "convert_char_literal unimplemented";
+    // convert_char_literal unimplemented
+    UNIMPLEMENTED;
+    // For the compiler
+    throw 0;
   }
 }
 
diff --git a/src/solvers/refinement/string_constraint_generator_testing.cpp b/src/solvers/refinement/string_constraint_generator_testing.cpp
index 4e2134d6388..9b8a743e022 100644
--- a/src/solvers/refinement/string_constraint_generator_testing.cpp
+++ b/src/solvers/refinement/string_constraint_generator_testing.cpp
@@ -10,6 +10,7 @@ Author: Romain Brenguier, romain.brenguier@diffblue.com
 /// \file
 /// Generates string constraints for string functions that return Boolean values
 
+#include <solvers/refinement/string_refinement_invariant.h>
 #include <solvers/refinement/string_constraint_generator.h>
 
 /// add axioms stating that the returned expression is true exactly when the
@@ -72,7 +73,7 @@ exprt string_constraint_generatort::add_axioms_for_is_prefix(
   const function_application_exprt &f, bool swap_arguments)
 {
   const function_application_exprt::argumentst &args=f.arguments();
-  assert(f.type()==bool_typet() || f.type().id()==ID_c_bool);
+  PRECONDITION(f.type()==bool_typet() || f.type().id()==ID_c_bool);
   string_exprt s0=get_string_expr(args[swap_arguments?1:0]);
   string_exprt s1=get_string_expr(args[swap_arguments?0:1]);
   exprt offset;
@@ -90,7 +91,7 @@ exprt string_constraint_generatort::add_axioms_for_is_prefix(
 exprt string_constraint_generatort::add_axioms_for_is_empty(
   const function_application_exprt &f)
 {
-  assert(f.type()==bool_typet() || f.type().id()==ID_c_bool);
+  PRECONDITION(f.type()==bool_typet() || f.type().id()==ID_c_bool);
 
   // We add axioms:
   // a1 : is_empty => |s0| = 0
@@ -113,8 +114,8 @@ exprt string_constraint_generatort::add_axioms_for_is_suffix(
   const function_application_exprt &f, bool swap_arguments)
 {
   const function_application_exprt::argumentst &args=f.arguments();
-  assert(args.size()==2); // bad args to string issuffix?
-  assert(f.type()==bool_typet() || f.type().id()==ID_c_bool);
+  PRECONDITION(args.size()==2); // bad args to string issuffix?
+  PRECONDITION(f.type()==bool_typet() || f.type().id()==ID_c_bool);
 
   symbol_exprt issuffix=fresh_boolean("issuffix");
   typecast_exprt tc_issuffix(issuffix, f.type());
@@ -183,7 +184,7 @@ bool string_constraint_generatort::is_constant_string(
 exprt string_constraint_generatort::add_axioms_for_contains(
   const function_application_exprt &f)
 {
-  assert(f.type()==bool_typet() || f.type().id()==ID_c_bool);
+  PRECONDITION(f.type()==bool_typet() || f.type().id()==ID_c_bool);
   string_exprt s0=get_string_expr(args(f, 2)[0]);
   string_exprt s1=get_string_expr(args(f, 2)[1]);
   bool constant=is_constant_string(s1);
@@ -222,7 +223,10 @@ exprt string_constraint_generatort::add_axioms_for_contains(
     // If the string is constant, we can use a more efficient axiom for a4:
     // contains ==> AND_{i < |s1|} s1[i] = s0[startpos + i]
     mp_integer s1_length;
-    assert(!to_integer(s1.length(), s1_length));
+    INVARIANT(
+      !to_integer(s1.length(), s1_length),
+      string_refinement_invariantt("a constant string expression must have a "
+        "constant length"));
     exprt::operandst conjuncts;
     for(mp_integer i=0; i<s1_length; ++i)
     {
diff --git a/src/solvers/refinement/string_constraint_generator_transformation.cpp b/src/solvers/refinement/string_constraint_generator_transformation.cpp
index a0010f2ec22..1e2f8d0f536 100644
--- a/src/solvers/refinement/string_constraint_generator_transformation.cpp
+++ b/src/solvers/refinement/string_constraint_generator_transformation.cpp
@@ -11,6 +11,7 @@ Author: Romain Brenguier, romain.brenguier@diffblue.com
 /// Generates string constraints for string transformations, that is, functions
 ///   taking one string and returning another
 
+#include <solvers/refinement/string_refinement_invariant.h>
 #include <solvers/refinement/string_constraint_generator.h>
 
 /// add axioms to say that the returned string expression has length given by
@@ -69,7 +70,7 @@ string_exprt string_constraint_generatort::add_axioms_for_substring(
   const function_application_exprt &f)
 {
   const function_application_exprt::argumentst &args=f.arguments();
-  assert(args.size()>=2);
+  PRECONDITION(args.size()>=2);
   string_exprt str=get_string_expr(args[0]);
   exprt i(args[1]);
   exprt j;
@@ -79,7 +80,10 @@ string_exprt string_constraint_generatort::add_axioms_for_substring(
   }
   else
   {
-    assert(args.size()==2);
+    INVARIANT(
+      args.size()==2,
+      string_refinement_invariantt("f must have 2 or 3 arguments and the case "
+        "of 3 arguments is already handled"));
     j=str.length();
   }
   return add_axioms_for_substring(str, i, j);
@@ -96,8 +100,8 @@ string_exprt string_constraint_generatort::add_axioms_for_substring(
 {
   const refined_string_typet &ref_type=to_refined_string_type(str.type());
   const typet &index_type=ref_type.get_index_type();
-  assert(start.type()==index_type);
-  assert(end.type()==index_type);
+  PRECONDITION(start.type()==index_type);
+  PRECONDITION(end.type()==index_type);
   string_exprt res=fresh_string(ref_type);
 
   // We add axioms:
@@ -397,8 +401,8 @@ string_exprt string_constraint_generatort::add_axioms_for_delete_char_at(
 string_exprt string_constraint_generatort::add_axioms_for_delete(
   const string_exprt &str, const exprt &start, const exprt &end)
 {
-  assert(start.type()==str.length().type());
-  assert(end.type()==str.length().type());
+  PRECONDITION(start.type()==str.length().type());
+  PRECONDITION(end.type()==str.length().type());
   string_exprt str1=add_axioms_for_substring(
     str, from_integer(0, str.length().type()), start);
   string_exprt str2=add_axioms_for_substring(str, end, str.length());
diff --git a/src/solvers/refinement/string_constraint_generator_valueof.cpp b/src/solvers/refinement/string_constraint_generator_valueof.cpp
index c59a20dab81..2995648dc38 100644
--- a/src/solvers/refinement/string_constraint_generator_valueof.cpp
+++ b/src/solvers/refinement/string_constraint_generator_valueof.cpp
@@ -11,6 +11,7 @@ Author: Romain Brenguier, romain.brenguier@diffblue.com
 /// Generates string constraints for functions generating strings from other
 ///   types, in particular int, long, float, double, char, bool
 
+#include <solvers/refinement/string_refinement_invariant.h>
 #include <solvers/refinement/string_constraint_generator.h>
 
 /// Add axioms corresponding to the String.valueOf(I) java function.
@@ -54,7 +55,7 @@ string_exprt string_constraint_generatort::add_axioms_from_bool(
   string_exprt res=fresh_string(ref_type);
   const typet &char_type=ref_type.get_char_type();
 
-  assert(b.type()==bool_typet() || b.type().id()==ID_c_bool);
+  PRECONDITION(b.type()==bool_typet() || b.type().id()==ID_c_bool);
 
   typecast_exprt eq(b, bool_typet());
 
@@ -236,7 +237,7 @@ string_exprt string_constraint_generatort::add_axioms_from_int_hex(
 {
   string_exprt res=fresh_string(ref_type);
   const typet &type=i.type();
-  assert(type.id()==ID_signedbv);
+  PRECONDITION(type.id()==ID_signedbv);
   const typet &index_type=ref_type.get_index_type();
   const typet &char_type=ref_type.get_char_type();
   exprt sixteen=from_integer(16, index_type);
@@ -350,7 +351,10 @@ string_exprt string_constraint_generatort::add_axioms_for_value_of(
   }
   else
   {
-    assert(args.size()==1);
+    INVARIANT(
+      args.size()==1,
+      string_refinement_invariantt("f can only have 1 or 3 arguments and the "
+        "case of 3 has been handled"));
     return add_axioms_for_java_char_array(args[0]);
   }
 }
@@ -429,7 +433,7 @@ exprt string_constraint_generatort::add_axioms_for_parse_int(
   const typet &char_type=ref_type.get_char_type();
   exprt minus_char=constant_char('-', char_type);
   exprt plus_char=constant_char('+', char_type);
-  assert(type.id()==ID_signedbv);
+  PRECONDITION(type.id()==ID_signedbv);
 
   exprt chr=str[0];
   exprt starts_with_minus=equal_exprt(chr, minus_char);
diff --git a/src/solvers/refinement/string_refinement.cpp b/src/solvers/refinement/string_refinement.cpp
index bdc33e7fe6d..8df999e1855 100644
--- a/src/solvers/refinement/string_refinement.cpp
+++ b/src/solvers/refinement/string_refinement.cpp
@@ -26,6 +26,7 @@ Author: Alberto Griggio, alberto.griggio@gmail.com
 #include <util/simplify_expr.h>
 #include <solvers/sat/satcheck.h>
 #include <solvers/refinement/string_refinement.h>
+#include <solvers/refinement/string_refinement_invariant.h>
 #include <langapi/language_util.h>
 #include <java_bytecode/java_types.h>
 
@@ -125,7 +126,7 @@ void string_refinementt::add_instantiations()
 void string_refinementt::add_symbol_to_symbol_map(
   const exprt &lhs, const exprt &rhs)
 {
-  assert(lhs.id()==ID_symbol);
+  PRECONDITION(lhs.id()==ID_symbol);
 
   // We insert the mapped value of the rhs, if it exists.
   auto it=symbol_resolve.find(rhs);
@@ -148,7 +149,7 @@ void string_refinementt::add_symbol_to_symbol_map(
 void string_refinementt::set_char_array_equality(
   const exprt &lhs, const exprt &rhs)
 {
-  assert(lhs.id()==ID_symbol);
+  PRECONDITION(lhs.id()==ID_symbol);
 
   if(rhs.id()==ID_array && rhs.type().id()==ID_array)
   {
@@ -268,10 +269,18 @@ void string_refinementt::concretize_string(const exprt &expr)
     mp_integer found_length;
     if(!to_integer(length, found_length))
     {
-      assert(found_length.is_long());
-      assert(found_length>=0);
+      INVARIANT(
+        found_length.is_long(),
+        string_refinement_invariantt("the length of a string should be a "
+          "long"));
+      INVARIANT(
+        found_length>=0,
+        string_refinement_invariantt("the length of a string should be >= 0"));
       size_t concretize_limit=found_length.to_long();
-      assert(concretize_limit<=generator.max_string_length);
+      INVARIANT(
+        concretize_limit<=generator.max_string_length,
+        string_refinement_invariantt("string length must be less than the max "
+          "length"));
       exprt content_expr=str.content();
       std::vector<exprt> result;
 
@@ -366,7 +375,10 @@ void string_refinementt::concretize_lengths()
 /// \par parameters: an expression and the value to set it to
 void string_refinementt::set_to(const exprt &expr, bool value)
 {
-  assert(equality_propagation);
+  INVARIANT(
+    equality_propagation,
+    string_refinement_invariantt("set_to should only be called when equality "
+      "propagation is enabled"));
 
   if(expr.id()==ID_equal)
   {
@@ -385,7 +397,10 @@ void string_refinementt::set_to(const exprt &expr, bool value)
     {
       error() << "string_refinementt::set_to got non-boolean operand: "
               << expr.pretty() << eom;
-      throw 0;
+      INVARIANT(
+        false,
+        string_refinement_invariantt("set_to should only be called with exprs "
+          "of type bool"));
     }
 
     // Preprocessing to remove function applications.
@@ -426,9 +441,12 @@ void string_refinementt::set_to(const exprt &expr, bool value)
     else
     {
       // TODO: Something should also be done if value is false.
-      assert(!is_char_array(eq_expr.rhs().type()));
-      assert(!refined_string_typet::is_refined_string_type(
-        eq_expr.rhs().type()));
+      INVARIANT(
+        !is_char_array(eq_expr.rhs().type()),
+        string_refinement_invariantt("set_to cannot set a char_array"));
+      INVARIANT(
+        !refined_string_typet::is_refined_string_type(eq_expr.rhs().type()),
+        string_refinement_invariantt("set_to cannot set a refined_string"));
     }
 
     non_string_axioms.push_back(std::make_pair(equal_exprt(lhs, subst_rhs),
@@ -743,7 +761,7 @@ std::string string_refinementt::string_of_array(const array_exprt &arr)
       return std::string("");
 
   exprt size_expr=to_array_type(arr.type()).size();
-  assert(size_expr.id()==ID_constant);
+  PRECONDITION(size_expr.id()==ID_constant);
   to_unsigned_integer(to_constant_expr(size_expr), n);
   std::string str(n, '?');
 
@@ -755,7 +773,7 @@ std::string string_refinementt::string_of_array(const array_exprt &arr)
     // TODO: factorize with utf16_little_endian_to_ascii
     unsigned c;
     exprt arr_i=arr.operands()[i];
-    assert(arr_i.id()==ID_constant);
+    PRECONDITION(arr_i.id()==ID_constant);
     to_unsigned_integer(to_constant_expr(arr_i), c);
     if(c<=255 && c>=32)
       result << (unsigned char) c;
@@ -796,12 +814,16 @@ void string_refinementt::fill_model()
         debug() << " = \"" << string_of_array(to_array_expr(arr))
                 << "\" (size:" << from_expr(ns, "", len) << ")"<< eom;
       else
-        debug() << " = " << from_expr(ns, "", arr) << " (size:" << from_expr(ns, "", len)
-                << ")" << eom;
+        debug() << " = " << from_expr(ns, "", arr)
+                << " (size:" << from_expr(ns, "", len) << ")" << eom;
     }
     else
     {
-      assert(is_char_array(it.second.type()));
+      INVARIANT(
+        is_char_array(it.second.type()),
+        string_refinement_invariantt("symbol_resolve should only map to "
+          "refined_strings or to char_arrays, and refined_strings are already "
+          "handled"));
       exprt arr=it.second;
       replace_expr(symbol_resolve, arr);
       replace_expr(current_model, arr);
@@ -809,7 +831,8 @@ void string_refinementt::fill_model()
       current_model[it.first]=arr_model;
 
       debug() << from_expr(ns, "", to_symbol_expr(it.first)) << "="
-              << from_expr(ns, "", arr) << " = " << from_expr(ns, "", arr_model) << "" << eom;
+              << from_expr(ns, "", arr) << " = "
+              << from_expr(ns, "", arr_model) << "" << eom;
     }
   }
 
@@ -846,14 +869,17 @@ exprt string_refinementt::substitute_array_with_expr(
     const exprt &then_expr=with_expr.new_value();
     exprt else_expr=substitute_array_with_expr(with_expr.old(), index);
     const typet &type=then_expr.type();
-    assert(else_expr.type()==type);
+    CHECK_RETURN(else_expr.type()==type);
     return if_exprt(
       equal_exprt(index, with_expr.where()), then_expr, else_expr, type);
   }
   else
   {
-    // Only handle 'with' expressions on 'array_of' expressions.
-    assert(expr.id()==ID_array_of);
+    // Only handle 'with' expressions and 'array_of' expressions.
+    INVARIANT(
+      expr.id()==ID_array_of,
+      string_refinement_invariantt("only handles 'with' and 'array_of' "
+        "expressions, and expr is 'with' is handled above"));
     return to_array_of_expr(expr).what();
   }
 }
@@ -910,10 +936,16 @@ void string_refinementt::substitute_array_access(exprt &expr) const
       return;
     }
 
-    assert(index_expr.array().id()==ID_array);
+    DATA_INVARIANT(
+      index_expr.array().id()==ID_array,
+      string_refinement_invariantt("and index expression must be on a symbol, "
+        "with, array_of, if, or array, and all cases besides array are handled "
+        "above"));
     array_exprt &array_expr=to_array_expr(index_expr.array());
 
-    assert(!array_expr.operands().empty());
+    INVARIANT(
+      !array_expr.operands().empty(),
+      string_refinement_invariantt("the array expression should not be empty"));
     size_t last_index=array_expr.operands().size()-1;
 
     const typet &char_type=index_expr.array().type().subtype();
@@ -921,8 +953,11 @@ void string_refinementt::substitute_array_access(exprt &expr) const
 
     if(ite.type()!=char_type)
     {
-      // We have to manualy set the type for unknown values
-      assert(ite.id()==ID_unknown);
+      // We have to manually set the type for unknown values
+      INVARIANT(
+        ite.id()==ID_unknown,
+        string_refinement_invariantt("the last element can only have type char "
+          "or unknown, and it is not char type"));
       ite.type()=char_type;
     }
 
@@ -934,7 +969,10 @@ void string_refinementt::substitute_array_access(exprt &expr) const
       equal_exprt equals(index_expr.index(), from_integer(i, java_int_type()));
       if(op_it->type()!=char_type)
       {
-        assert(op_it->id()==ID_unknown);
+        INVARIANT(
+          op_it->id()==ID_unknown,
+          string_refinement_invariantt("elements can only have type char or "
+            "unknown, and it is not char type"));
         op_it->type()=char_type;
       }
       ite=if_exprt(equals, *op_it, ite);
@@ -1152,7 +1190,8 @@ bool string_refinementt::check_axioms()
         implies_exprt instance(premise, body);
         replace_expr(symbol_resolve, instance);
         replace_expr(axiom.univ_var(), val, instance);
-        debug() << "adding counter example " << from_expr(ns, "", instance) << eom;
+        debug() << "adding counter example " << from_expr(ns, "", instance)
+                << eom;
         add_lemma(instance);
       }
     }
@@ -1306,14 +1345,20 @@ exprt string_refinementt::compute_inverse_function(
   bool neg=false;
 
   auto it=elems.find(qvar);
-  assert(it!=elems.end());
+  INVARIANT(
+    it!=elems.end(),
+    string_refinement_invariantt("a function must have an occurrence of qvar"));
   if(it->second==1 || it->second==-1)
   {
     neg=(it->second==1);
   }
   else
   {
-    assert(it->second==0);
+    INVARIANT(
+      it->second==0,
+      string_refinement_invariantt("a proper function must have exactly one "
+        "occurrences after reduction, or it canceled out, and it does not have "
+        " one"));
     debug() << "in string_refinementt::compute_inverse_function:"
             << " warning: occurrences of qvar canceled out " << eom;
   }
@@ -1447,7 +1492,9 @@ void string_refinementt::update_index_set(const exprt &formula)
     {
       const exprt &s=cur.op0();
       const exprt &i=cur.op1();
-      assert(s.type().id()==ID_array);
+      DATA_INVARIANT(
+        s.type().id()==ID_array,
+        string_refinement_invariantt("index expressions must index on arrays"));
       exprt simplified=simplify_sum(i);
       add_to_index_set(s, simplified);
     }
@@ -1594,7 +1641,10 @@ exprt string_refinementt::substitute_array_lists(exprt expr) const
 
   if(expr.id()=="array-list")
   {
-    assert(expr.operands().size()>=2);
+    DATA_INVARIANT(
+      expr.operands().size()>=2,
+      string_refinement_invariantt("array-lists must have at least two "
+        "operands"));
     typet &char_type=expr.operands()[1].type();
     array_typet arr_type(char_type, infinity_exprt(char_type));
     array_of_exprt new_arr(from_integer(0, char_type),
@@ -1665,6 +1715,8 @@ bool string_refinementt::is_axiom_sat(
   case decision_proceduret::resultt::D_UNSATISFIABLE:
     return false;
   default:
-    throw "failure in checking axiom";
+    INVARIANT(false, string_refinement_invariantt("failure in checking axiom"));
+    // To tell the compiler that the previous line bails
+    throw 0;
   }
 }
diff --git a/src/solvers/refinement/string_refinement.h b/src/solvers/refinement/string_refinement.h
index 419ad086f84..7e534825596 100644
--- a/src/solvers/refinement/string_refinement.h
+++ b/src/solvers/refinement/string_refinement.h
@@ -24,6 +24,7 @@ Author: Alberto Griggio, alberto.griggio@gmail.com
 #include <util/replace_expr.h>
 #include <solvers/refinement/string_constraint.h>
 #include <solvers/refinement/string_constraint_generator.h>
+#include <solvers/refinement/string_refinement_invariant.h>
 
 #define MAX_NB_REFINEMENT 100
 
@@ -198,7 +199,10 @@ void string_refinementt::pad_vector(
     // pad until we reach the next initialized index (right to left)
     while(i>leftmost_index_to_pad)
       concrete_array[(i--)-1]=last_concretized;
-    assert(i==leftmost_index_to_pad);
+    INVARIANT(
+      i==leftmost_index_to_pad,
+      string_refinement_invariantt("Loop decrements i until it is not greater "
+        " than leftmost_index_to_pad"));
     if(i>0)
       last_concretized=concrete_array[i-1];
   }

From 0d39c4aee3adb91006abac1630b1cfc77bb9704d Mon Sep 17 00:00:00 2001
From: Lucas Cordeiro <lucasccordeiro@gmail.com>
Date: Wed, 19 Jul 2017 11:51:47 +0100
Subject: [PATCH 428/699] extend the existing-coverage option to support
 bytecode_index

---
 src/goto-instrument/cover.cpp | 37 ++++++++++++++++++++++-------------
 1 file changed, 23 insertions(+), 14 deletions(-)

diff --git a/src/goto-instrument/cover.cpp b/src/goto-instrument/cover.cpp
index a8ba1febf86..95ee5db61e6 100644
--- a/src/goto-instrument/cover.cpp
+++ b/src/goto-instrument/cover.cpp
@@ -132,24 +132,33 @@ bool coverage_goalst::get_coverage_goals(
     return true;
   }
 
-  for(const auto &goal : json.array)
+  // traverse the given JSON file
+  for(const auto &goals_in_json : json.array)
   {
-    // get the file of each existing goal
-    irep_idt file=goal["file"].value;
-    source_location.set_file(file);
-
-    // get the function of each existing goal
-    irep_idt function=goal["function"].value;
-    source_location.set_function(function);
-
-    // get the lines array
-    if(goal["lines"].is_array())
+    // get the set of goals
+    if(goals_in_json["goals"].is_array())
     {
-      for(const auto &line_json : goal["lines"].array)
+      // store the source location for each existing goal
+      for(const auto &each_goal : goals_in_json["goals"].array)
       {
-        // get the line of each existing goal
-        irep_idt line=line_json["number"].value;
+        // get and set the bytecode_index
+        irep_idt bytecode_index=
+          each_goal["sourceLocation"]["bytecode_index"].value;
+        source_location.set_java_bytecode_index(bytecode_index);
+
+        // get and set the file
+        irep_idt file=each_goal["sourceLocation"]["file"].value;
+        source_location.set_file(file);
+
+        // get and set the function
+        irep_idt function=each_goal["sourceLocation"]["function"].value;
+        source_location.set_function(function);
+
+        // get and set the line
+        irep_idt line=each_goal["sourceLocation"]["line"].value;
         source_location.set_line(line);
+
+        // store the existing goal
         goals.add_goal(source_location);
       }
     }

From 2acd0244f4b8823191aa43222344f548e839d771 Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Wed, 19 Jul 2017 15:06:09 +0100
Subject: [PATCH 429/699] Fix interpreter allocation sizing

This could previously overestimate object sizes, potentially by including
all other objects in the address space in the size estimate. That could
lead to overly long variable-length arrays, with performance cost though
most likely no correctness problems in Java, since all arrays have an
explicit length.
---
 src/goto-programs/interpreter_class.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/goto-programs/interpreter_class.h b/src/goto-programs/interpreter_class.h
index 9456037a474..956c71949de 100644
--- a/src/goto-programs/interpreter_class.h
+++ b/src/goto-programs/interpreter_class.h
@@ -145,7 +145,7 @@ class interpretert:public messaget
       return 0;
     std::size_t ret=0;
     std::size_t alloc_size=base_address_to_alloc_size(address);
-    while(memory_iter!=memory.end() && ret<alloc_size)
+    while(memory_iter!=memory.end() && memory_iter->first<(address+alloc_size))
     {
       ++ret;
       ++memory_iter;

From ff6135c1e3fdc101e7383ecd472f25158e13700e Mon Sep 17 00:00:00 2001
From: Jesse Sigal <jesse.sigal@gmail.com>
Date: Tue, 18 Jul 2017 14:39:05 +0100
Subject: [PATCH 430/699] Corrected instantiation of universal string
 constraints.

The function changed (`string_refinementt::instantiate`) is used to instantiate the universal constraint `axiom` with an element `val` of the index set of `str`. To do this it must find an occurrence of `axiom.univ_var()` in an index expression on `str`. However, `find_index` only found *an* index expression involving `str`. Hence, looking for `axiom.univ_var()` in just one index expression was incorrect, we care about there being at least one, not all. Now `find_index` only returns an index with the given `qvar`.
---
 src/solvers/refinement/string_refinement.cpp | 56 ++++++++++----------
 1 file changed, 29 insertions(+), 27 deletions(-)

diff --git a/src/solvers/refinement/string_refinement.cpp b/src/solvers/refinement/string_refinement.cpp
index 8df999e1855..c04f8185210 100644
--- a/src/solvers/refinement/string_refinement.cpp
+++ b/src/solvers/refinement/string_refinement.cpp
@@ -106,13 +106,11 @@ void string_refinementt::add_instantiations()
       debug() << from_expr(ns, "", j) << "; ";
     debug() << "}"  << eom;
 
-    for(const auto &j : i.second)
+    for(const auto &ua : universal_axioms)
     {
-      const exprt &val=j;
-
-      for(const auto &ua : universal_axioms)
+      for(const auto &j : i.second)
       {
-        exprt lemma=instantiate(ua, s, val);
+        exprt lemma=instantiate(ua, s, j);
         add_lemma(lemma);
       }
     }
@@ -1379,7 +1377,7 @@ class find_qvar_visitort: public const_expr_visitort
 
   explicit find_qvar_visitort(const exprt &qvar): qvar_(qvar), found(false) {}
 
-  void operator()(const exprt &expr)
+  void operator()(const exprt &expr) override
   {
     if(expr==qvar_)
       found=true;
@@ -1508,39 +1506,45 @@ void string_refinementt::update_index_set(const exprt &formula)
 
 
 // Will be used to visit an expression and return the index used
-// with the given char array
+// with the given char array that contains qvar
 class find_index_visitort: public const_expr_visitort
 {
 private:
   const exprt &str_;
+  const symbol_exprt &qvar_;
 
 public:
-  explicit find_index_visitort(const exprt &str): str_(str) {}
+  exprt index;
+
+  explicit find_index_visitort(
+    const exprt &str, const symbol_exprt &qvar):
+      str_(str),
+      qvar_(qvar),
+      index(nil_exprt()) {}
 
-  void operator()(const exprt &expr)
+  void operator()(const exprt &expr) override
   {
-    if(expr.id()==ID_index)
+    if(index.is_nil() && expr.id()==ID_index)
     {
       const index_exprt &i=to_index_expr(expr);
-      if(i.array()==str_)
-        throw i.index();
+      if(i.array()==str_ && find_qvar(i.index(), qvar_))
+        index=i.index();
     }
   }
 };
 
-/// find an index used in the expression for str, for instance with arguments
-/// (str[k] == 'a') and str, the function should return k
-/// \par parameters: a formula expr and a char array str
-/// \return an index expression
-exprt find_index(const exprt &expr, const exprt &str)
+/// Finds an index on `str` used in `expr` that contains `qvar`, for instance
+/// with arguments ``(str[k] == 'a')``, `str`, and `k`, the function should
+/// return `k`.
+/// \param [in] expr: the expression to search
+/// \param [in] str: the string which must be indexed
+/// \param [in] qvar: the universal variable that must be in the index
+/// \return an index expression in `expr` on `str` containing `qvar`
+exprt find_index(const exprt &expr, const exprt &str, const symbol_exprt &qvar)
 {
-  find_index_visitort v1(str);
-  try
-  {
-    expr.visit(v1);
-    return nil_exprt();
-  }
-  catch (exprt i) { return i; }
+  find_index_visitort v(str, qvar);
+  expr.visit(v);
+  return v.index;
 }
 
 /// \par parameters: a universally quantified formula `axiom`, an array of char
@@ -1553,11 +1557,9 @@ exprt find_index(const exprt &expr, const exprt &str)
 exprt string_refinementt::instantiate(
   const string_constraintt &axiom, const exprt &str, const exprt &val)
 {
-  exprt idx=find_index(axiom.body(), str);
+  exprt idx=find_index(axiom.body(), str, axiom.univ_var());
   if(idx.is_nil())
     return true_exprt();
-  if(!find_qvar(idx, axiom.univ_var()))
-    return true_exprt();
 
   exprt r=compute_inverse_function(axiom.univ_var(), val, idx);
   implies_exprt instance(axiom.premise(), axiom.body());

From 476f48dcff461653680f19b75416c945969795dd Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Wed, 19 Jul 2017 16:55:28 +0100
Subject: [PATCH 431/699] Propagating index set of if_expression representing
 char arrays

---
 src/solvers/refinement/string_refinement.cpp | 39 +++++++++++++++-----
 1 file changed, 29 insertions(+), 10 deletions(-)

diff --git a/src/solvers/refinement/string_refinement.cpp b/src/solvers/refinement/string_refinement.cpp
index c04f8185210..9c29f2e3cad 100644
--- a/src/solvers/refinement/string_refinement.cpp
+++ b/src/solvers/refinement/string_refinement.cpp
@@ -1412,6 +1412,30 @@ void string_refinementt::update_index_set(const std::vector<exprt> &cur)
     update_index_set(axiom);
 }
 
+/// An expression representing an array of characters can be in the form of an
+/// if expression for instance `cond?array1:(cond2:array2:array3)`.
+/// We return all the array expressions contained in `array_expr`.
+/// \param array_expr : an expression representing an array
+/// \return a vector containing symbols and constant arrays contained in the
+///         expression
+static std::vector<exprt> sub_arrays(const exprt &array_expr)
+{
+  if(array_expr.id()==ID_if)
+  {
+    std::vector<exprt> res1=sub_arrays(to_if_expr(array_expr).true_case());
+    std::vector<exprt> res2=sub_arrays(to_if_expr(array_expr).false_case());
+    res1.insert(res1.end(), res2.begin(), res2.end());
+    return res1;
+  }
+  else
+  {
+    INVARIANT(
+      array_expr.id()==ID_symbol || array_expr.id()==ID_array,
+      "character arrays should be symbol, constant array, or if expression");
+    return std::vector<exprt>(1, array_expr);
+  }
+}
+
 /// add to the index set all the indices that appear in the formula and the
 /// upper bound minus one
 /// \par parameters: a string constraint
@@ -1423,17 +1447,13 @@ void string_refinementt::add_to_index_set(const exprt &s, exprt i)
     mp_integer mpi;
     to_integer(i, mpi);
     if(mpi<0)
-    {
-      debug() << "add_to_index_set : ignoring negative number " << mpi << eom;
       return;
-    }
-  }
-  if(index_set[s].insert(i).second)
-  {
-    debug() << "adding to index set of " << from_expr(ns, "", s)
-            << ": " << from_expr(ns, "", i) << eom;
-    current_index_set[s].insert(i);
   }
+
+  std::vector<exprt> subs=sub_arrays(s);
+  for(const auto &sub : subs)
+    if(index_set[sub].insert(i).second)
+      current_index_set[sub].insert(i);
 }
 
 void string_refinementt::initial_index_set(const string_constraintt &axiom)
@@ -1504,7 +1524,6 @@ void string_refinementt::update_index_set(const exprt &formula)
   }
 }
 
-
 // Will be used to visit an expression and return the index used
 // with the given char array that contains qvar
 class find_index_visitort: public const_expr_visitort

From 00040555d4a58dcdfa17b34dc44966b4cefd78bd Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Wed, 19 Jul 2017 13:10:16 +0100
Subject: [PATCH 432/699] Take into account if_expression when generating new
 strings

We also add checks to make sure the length and content arguments are
of the right form.
---
 .../string_constraint_generator_main.cpp      | 20 ++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

diff --git a/src/solvers/refinement/string_constraint_generator_main.cpp b/src/solvers/refinement/string_constraint_generator_main.cpp
index d697514767c..69b818b4d33 100644
--- a/src/solvers/refinement/string_constraint_generator_main.cpp
+++ b/src/solvers/refinement/string_constraint_generator_main.cpp
@@ -24,7 +24,6 @@ Author: Romain Brenguier, romain.brenguier@diffblue.com
 #include <util/arith_tools.h>
 #include <util/pointer_predicates.h>
 #include <util/ssa_expr.h>
-#include <iostream>
 
 unsigned string_constraint_generatort::next_symbol_id=1;
 
@@ -232,6 +231,25 @@ string_exprt string_constraint_generatort::add_axioms_for_refined_string(
   else if(string.id()==ID_struct)
   {
     const string_exprt &s=to_string_expr(string);
+    INVARIANT(
+      s.length().id()==ID_symbol || s.length().id()==ID_constant,
+      "string length should be a symbol or a constant");
+    irep_idt content_id=s.content().id();
+    INVARIANT(
+      content_id==ID_symbol || content_id==ID_array || content_id==ID_if,
+      "string content should be a symbol, a constant array, or an if");
+    if(content_id==ID_if)
+    {
+      // If the string content is an if expression, we add axioms ensuring
+      // the content is the same as the content in the 'true' branch when the
+      // condition holds and the 'false' branch otherwise.
+      if_exprt if_expr=to_if_expr(s.content());
+      string_exprt str_true=add_axioms_for_refined_string(
+        string_exprt(s.length(), if_expr.true_case(), type));
+      string_exprt str_false=add_axioms_for_refined_string(
+        string_exprt(s.length(), if_expr.false_case(), type));
+      return add_axioms_for_if(if_exprt(if_expr.cond(), str_true, str_false));
+    }
     add_default_axioms(s);
     return s;
   }

From 74cffe43b63742298b51b433f44a9217fa8e4454 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Wed, 19 Jul 2017 16:56:41 +0100
Subject: [PATCH 433/699] Getting rid of add_axioms_for_if_array

They are now dealt with when we create strings using this kind of array.
This works better because at this point the length of the string is
known.
---
 .../refinement/string_constraint_generator.h  |  2 -
 .../string_constraint_generator_main.cpp      | 40 -------------------
 src/solvers/refinement/string_refinement.cpp  |  2 +-
 3 files changed, 1 insertion(+), 43 deletions(-)

diff --git a/src/solvers/refinement/string_constraint_generator.h b/src/solvers/refinement/string_constraint_generator.h
index ca6ff4177de..a969ad6594e 100644
--- a/src/solvers/refinement/string_constraint_generator.h
+++ b/src/solvers/refinement/string_constraint_generator.h
@@ -94,8 +94,6 @@ class string_constraint_generatort
 
   static constant_exprt constant_char(int i, const typet &char_type);
 
-  // Used by string refinement
-  void add_axioms_for_if_array(const exprt &lhs, const if_exprt &expr);
 
 private:
   // The integer with the longest string is Integer.MIN_VALUE which is -2^31,
diff --git a/src/solvers/refinement/string_constraint_generator_main.cpp b/src/solvers/refinement/string_constraint_generator_main.cpp
index 69b818b4d33..5012dfad95a 100644
--- a/src/solvers/refinement/string_constraint_generator_main.cpp
+++ b/src/solvers/refinement/string_constraint_generator_main.cpp
@@ -295,46 +295,6 @@ string_exprt string_constraint_generatort::add_axioms_for_if(
   return res;
 }
 
-/// Add axioms enforcing that the content of the first array is equal to
-/// the true case array if the condition is true and
-/// the else case array otherwise.
-/// \param lhs: an expression
-/// \param expr: an if expression of type array
-void string_constraint_generatort::add_axioms_for_if_array(
-  const exprt &lhs, const if_exprt &expr)
-{
-  PRECONDITION(lhs.type()==expr.type());
-  PRECONDITION(expr.type().id()==ID_array);
-  exprt t=expr.true_case();
-  exprt f=expr.false_case();
-  INVARIANT(t.type()==f.type(), "branches of if_exprt should have same type");
-  const array_typet &type=to_array_type(t.type());
-  const typet &index_type=type.size().type();
-  const exprt max_length=from_integer(max_string_length, index_type);
-
-  // We add axioms:
-  // a1 : forall qvar<max_length, cond => lhs[qvar] = t[qvar]
-  // a1 : forall qvar2<max_length, !cond => lhs[qvar] = f[qvar]
-  symbol_exprt qvar=fresh_univ_index("QA_array_if_true", index_type);
-  equal_exprt qequal(index_exprt(lhs, qvar), index_exprt(t, qvar));
-
-  // In case t is a constant array of fixed length is does not make sense
-  // to talk about indexes exceeding this length
-  exprt upper_bound_t=
-    (t.id()==ID_array)?from_integer(t.operands().size(), index_type):max_length;
-  string_constraintt a1(qvar, upper_bound_t, expr.cond(), qequal);
-  axioms.push_back(a1);
-
-  symbol_exprt qvar2=fresh_univ_index("QA_array_if_false", index_type);
-  equal_exprt qequal2(index_exprt(lhs, qvar2), index_exprt(f, qvar2));
-  // In case f is a constant array of fixed length is does not make sense
-  // to talk about indexes exceeding this length
-  exprt upper_bound_f=
-    (f.id()==ID_array)?from_integer(f.operands().size(), index_type):max_length;
-  string_constraintt a2(qvar2, upper_bound_f, not_exprt(expr.cond()), qequal2);
-  axioms.push_back(a2);
-}
-
 /// if a symbol representing a string is present in the symbol_to_string table,
 /// returns the corresponding string, if the symbol is not yet present, creates
 /// a new string with the correct type depending on whether the mode is java or
diff --git a/src/solvers/refinement/string_refinement.cpp b/src/solvers/refinement/string_refinement.cpp
index 9c29f2e3cad..8fcb962f08a 100644
--- a/src/solvers/refinement/string_refinement.cpp
+++ b/src/solvers/refinement/string_refinement.cpp
@@ -225,7 +225,7 @@ bool string_refinementt::add_axioms_for_string_assigns(
     }
     else if(rhs.id()==ID_if)
     {
-      generator.add_axioms_for_if_array(lhs, to_if_expr(rhs));
+      add_symbol_to_symbol_map(lhs, rhs);
       return false;
     }
     else

From e2ef2b279cc5d1ef42b801938465018b79777ca0 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Wed, 19 Jul 2017 00:23:02 +0100
Subject: [PATCH 434/699] Removing unused commented instruction

---
 src/solvers/refinement/string_refinement.cpp | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/src/solvers/refinement/string_refinement.cpp b/src/solvers/refinement/string_refinement.cpp
index 8fcb962f08a..079a4755227 100644
--- a/src/solvers/refinement/string_refinement.cpp
+++ b/src/solvers/refinement/string_refinement.cpp
@@ -158,9 +158,6 @@ void string_refinementt::set_char_array_equality(
       index_exprt arraycell(rhs, from_integer(i, index_type));
       equal_exprt arrayeq(arraycell, rhs.operands()[i]);
       add_lemma(arrayeq, false);
-#if 0
-      generator.axioms.push_back(arrayeq);
-#endif
     }
   }
   // At least for Java (as it is currently pre-processed), we need not consider

From bc2d47ea923384e6a3d9d3afe731554c0a261301 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Wed, 19 Jul 2017 17:09:43 +0100
Subject: [PATCH 435/699] Passing if expressions representing arrays to the
 parent solver

---
 src/solvers/refinement/string_refinement.cpp | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/solvers/refinement/string_refinement.cpp b/src/solvers/refinement/string_refinement.cpp
index 079a4755227..6f1aba365d3 100644
--- a/src/solvers/refinement/string_refinement.cpp
+++ b/src/solvers/refinement/string_refinement.cpp
@@ -202,7 +202,8 @@ bool string_refinementt::is_char_array(const typet &type) const
 /// add lemmas to the solver corresponding to the given equation
 /// \param lhs: left hand side of an equality expression
 /// \param rhs: right and side of the equality
-/// \return false if the lemmas were added successfully, true otherwise
+/// \return true if the assignemnt needs to be handled by the parent class
+///         via `set_to`
 bool string_refinementt::add_axioms_for_string_assigns(
   const exprt &lhs, const exprt &rhs)
 {
@@ -223,7 +224,7 @@ bool string_refinementt::add_axioms_for_string_assigns(
     else if(rhs.id()==ID_if)
     {
       add_symbol_to_symbol_map(lhs, rhs);
-      return false;
+      return true;
     }
     else
     {

From 857379db768e39662acba1f7f1b501ab38ad486f Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Fri, 21 Jul 2017 15:27:53 +0100
Subject: [PATCH 436/699] Better debugging information in string solver

This changes the function fill_model to debug model since it should
only be used to debug issues with the string solver.
---
 src/solvers/refinement/string_refinement.cpp | 38 ++++++++++----------
 src/solvers/refinement/string_refinement.h   |  2 +-
 2 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/src/solvers/refinement/string_refinement.cpp b/src/solvers/refinement/string_refinement.cpp
index c04f8185210..c95c26cc852 100644
--- a/src/solvers/refinement/string_refinement.cpp
+++ b/src/solvers/refinement/string_refinement.cpp
@@ -785,17 +785,18 @@ std::string string_refinementt::string_of_array(const array_exprt &arr)
   return result.str();
 }
 
-/// Fill in `current_model` by mapping the variables created by the solver to
-/// constant expressions given by the current model
-void string_refinementt::fill_model()
+/// Display part of the current model by mapping the variables created by the
+/// solver to constant expressions given by the current model
+void string_refinementt::debug_model()
 {
   for(auto it : symbol_resolve)
   {
     if(refined_string_typet::is_refined_string_type(it.second.type()))
     {
+      debug() << " - " << from_expr(ns, "", to_symbol_expr(it.first)) << ":\n";
       string_exprt refined=to_string_expr(it.second);
-      // TODO: check whith this is necessary:
-      replace_expr(symbol_resolve, refined);
+      debug() << "     in_map: " << from_expr(ns, "", refined) << eom;
+      debug() << "     resolved: " << from_expr(ns, "", refined) << eom;
       const exprt &econtent=refined.content();
       const exprt &elength=refined.length();
 
@@ -805,15 +806,14 @@ void string_refinementt::fill_model()
 
       current_model[elength]=len;
       current_model[econtent]=arr;
-      debug() << from_expr(ns, "", to_symbol_expr(it.first)) << "="
-              << from_expr(ns, "", refined);
 
       if(arr.id()==ID_array)
-        debug() << " = \"" << string_of_array(to_array_expr(arr))
-                << "\" (size:" << from_expr(ns, "", len) << ")"<< eom;
+        debug() << "     as_string: \"" << string_of_array(to_array_expr(arr))
+                << "\"\n";
       else
-        debug() << " = " << from_expr(ns, "", arr)
-                << " (size:" << from_expr(ns, "", len) << ")" << eom;
+        debug() << "     as_char_array: " << from_expr(ns, "", arr) << "\n";
+
+      debug() << "     size: " << from_expr(ns, "", len) << eom;
     }
     else
     {
@@ -824,32 +824,32 @@ void string_refinementt::fill_model()
           "handled"));
       exprt arr=it.second;
       replace_expr(symbol_resolve, arr);
+      debug() << " - " << from_expr(ns, "", to_symbol_expr(it.first)) << ":\n";
+      debug() << "     resolved: " << from_expr(ns, "", arr) << "\n";
+
       replace_expr(current_model, arr);
       exprt arr_model=get_array(arr);
       current_model[it.first]=arr_model;
 
-      debug() << from_expr(ns, "", to_symbol_expr(it.first)) << "="
-              << from_expr(ns, "", arr) << " = "
-              << from_expr(ns, "", arr_model) << "" << eom;
+      debug() << "     char_array: " << from_expr(ns, "", arr_model) << eom;
     }
   }
 
   for(auto it : generator.boolean_symbols)
   {
-      debug() << "" << it.get_identifier() << " := "
+      debug() << " - " << it.get_identifier() << ": "
               << from_expr(ns, "", supert::get(it)) << eom;
       current_model[it]=supert::get(it);
   }
 
   for(auto it : generator.index_symbols)
   {
-     debug() << "" << it.get_identifier() << " := "
-              << from_expr(ns, "", supert::get(it)) << eom;
+     debug() << " - " << it.get_identifier() << ": "
+             << from_expr(ns, "", supert::get(it)) << eom;
      current_model[it]=supert::get(it);
   }
 }
 
-
 /// Create a new expression where 'with' expressions on arrays are replaced by
 /// 'if' expressions. e.g. for an array access arr[x], where: `arr :=
 /// array_of(12) with {0:=24} with {2:=42}` the constructed expression will be:
@@ -1084,7 +1084,7 @@ bool string_refinementt::check_axioms()
           << "===========================================" << eom;
   debug() << "string_refinementt::check_axioms: build the"
           << " interpretation from the model of the prop_solver" << eom;
-  fill_model();
+  debug_model();
 
   // Maps from indexes of violated universal axiom to a witness of violation
   std::map<size_t, exprt> violated;
diff --git a/src/solvers/refinement/string_refinement.h b/src/solvers/refinement/string_refinement.h
index 7e534825596..331a68fb287 100644
--- a/src/solvers/refinement/string_refinement.h
+++ b/src/solvers/refinement/string_refinement.h
@@ -127,7 +127,7 @@ class string_refinementt: public bv_refinementt
     const exprt &val,
     const symbol_exprt &univ_var);
   exprt negation_of_constraint(const string_constraintt &axiom);
-  void fill_model();
+  void debug_model();
   bool check_axioms();
   bool is_axiom_sat(
     const exprt &axiom, const symbol_exprt& var, exprt &witness);

From bbee1b18c77d7b909923af39a99638ea7c8a9ded Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Fri, 21 Jul 2017 16:03:01 +0100
Subject: [PATCH 437/699] Remove field current model

This was only filled but never used.
---
 src/solvers/refinement/string_refinement.cpp | 10 ----------
 src/solvers/refinement/string_refinement.h   |  4 ----
 2 files changed, 14 deletions(-)

diff --git a/src/solvers/refinement/string_refinement.cpp b/src/solvers/refinement/string_refinement.cpp
index c95c26cc852..3d011d71cf3 100644
--- a/src/solvers/refinement/string_refinement.cpp
+++ b/src/solvers/refinement/string_refinement.cpp
@@ -803,10 +803,6 @@ void string_refinementt::debug_model()
       exprt len=supert::get(elength);
       len=simplify_expr(len, ns);
       exprt arr=get_array(econtent, len);
-
-      current_model[elength]=len;
-      current_model[econtent]=arr;
-
       if(arr.id()==ID_array)
         debug() << "     as_string: \"" << string_of_array(to_array_expr(arr))
                 << "\"\n";
@@ -826,11 +822,7 @@ void string_refinementt::debug_model()
       replace_expr(symbol_resolve, arr);
       debug() << " - " << from_expr(ns, "", to_symbol_expr(it.first)) << ":\n";
       debug() << "     resolved: " << from_expr(ns, "", arr) << "\n";
-
-      replace_expr(current_model, arr);
       exprt arr_model=get_array(arr);
-      current_model[it.first]=arr_model;
-
       debug() << "     char_array: " << from_expr(ns, "", arr_model) << eom;
     }
   }
@@ -839,14 +831,12 @@ void string_refinementt::debug_model()
   {
       debug() << " - " << it.get_identifier() << ": "
               << from_expr(ns, "", supert::get(it)) << eom;
-      current_model[it]=supert::get(it);
   }
 
   for(auto it : generator.index_symbols)
   {
      debug() << " - " << it.get_identifier() << ": "
              << from_expr(ns, "", supert::get(it)) << eom;
-     current_model[it]=supert::get(it);
   }
 }
 
diff --git a/src/solvers/refinement/string_refinement.h b/src/solvers/refinement/string_refinement.h
index 331a68fb287..743366d628d 100644
--- a/src/solvers/refinement/string_refinement.h
+++ b/src/solvers/refinement/string_refinement.h
@@ -94,10 +94,6 @@ class string_refinementt: public bv_refinementt
   std::map<exprt, exprt_listt> reverse_symbol_resolve;
   std::list<std::pair<exprt, bool>> non_string_axioms;
 
-  // Valuation in the current model of the symbols that have been created
-  // by the solver
-  replace_mapt current_model;
-
   // Length of char arrays found during concretization
   std::map<exprt, exprt> found_length;
   // Content of char arrays found during concretization

From 65835c249097f2be8905a66df5e117902f418406 Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Fri, 21 Jul 2017 17:25:02 +0100
Subject: [PATCH 438/699] Object factory: support global allocation

This already supported choosing between allocation on the stack and
the heap; this adds global object creation as a new possibility.
java_static_lifetime_init is switched to use global allocation, as
this reflects the true lifetime of static fields.
---
 src/goto-programs/convert_nondet.cpp          |   2 +-
 .../java_bytecode_instrument.cpp              |   1 +
 src/java_bytecode/java_entry_point.cpp        |   2 +
 src/java_bytecode/java_object_factory.cpp     | 168 ++++++++++--------
 src/java_bytecode/java_object_factory.h       |  13 +-
 5 files changed, 107 insertions(+), 79 deletions(-)

diff --git a/src/goto-programs/convert_nondet.cpp b/src/goto-programs/convert_nondet.cpp
index bd878d4cc4c..5b7935470ef 100644
--- a/src/goto-programs/convert_nondet.cpp
+++ b/src/goto-programs/convert_nondet.cpp
@@ -85,7 +85,7 @@ static goto_programt::targett insert_nondet_init_code(
     symbol_table,
     source_loc,
     true,
-    true,
+    allocation_typet::DYNAMIC,
     !nullable,
     max_nondet_array_length,
     update_in_placet::NO_UPDATE_IN_PLACE);
diff --git a/src/java_bytecode/java_bytecode_instrument.cpp b/src/java_bytecode/java_bytecode_instrument.cpp
index b41e1e73baf..79b89eebe60 100644
--- a/src/java_bytecode/java_bytecode_instrument.cpp
+++ b/src/java_bytecode/java_bytecode_instrument.cpp
@@ -113,6 +113,7 @@ codet java_bytecode_instrumentt::throw_exception(
       false,
       symbol_table,
       max_array_length,
+      allocation_typet::LOCAL,
       original_loc);
   }
   else
diff --git a/src/java_bytecode/java_entry_point.cpp b/src/java_bytecode/java_entry_point.cpp
index 6f6ebd5f149..adb48d98444 100644
--- a/src/java_bytecode/java_entry_point.cpp
+++ b/src/java_bytecode/java_entry_point.cpp
@@ -118,6 +118,7 @@ void java_static_lifetime_init(
           allow_null,
           symbol_table,
           max_nondet_array_length,
+          allocation_typet::GLOBAL,
           source_location);
         code_assignt assignment(sym.symbol_expr(), newsym);
         code_block.add(assignment);
@@ -180,6 +181,7 @@ exprt::operandst java_build_arguments(
         allow_null,
         symbol_table,
         max_nondet_array_length,
+        allocation_typet::LOCAL,
         function.location);
 
     // record as an input
diff --git a/src/java_bytecode/java_object_factory.cpp b/src/java_bytecode/java_object_factory.cpp
index e8b6e92308f..088c046fc8b 100644
--- a/src/java_bytecode/java_object_factory.cpp
+++ b/src/java_bytecode/java_object_factory.cpp
@@ -70,7 +70,7 @@ class java_object_factoryt
     code_blockt &assignments,
     const exprt &expr,
     const typet &target_type,
-    bool create_dynamic_objects,
+    allocation_typet alloc_type,
     update_in_placet update_in_place);
 
   void allocate_nondet_length_array(
@@ -98,7 +98,7 @@ class java_object_factoryt
     code_blockt &assignments,
     const exprt &,
     const typet &,
-    bool create_dynamic_objects);
+    allocation_typet alloc_type);
 
   void gen_nondet_array_init(
     code_blockt &assignments,
@@ -111,7 +111,7 @@ class java_object_factoryt
     bool is_sub,
     irep_idt class_identifier,
     bool skip_classid,
-    bool create_dynamic_objects,
+    allocation_typet alloc_type,
     bool override,
     const typet &override_type,
     update_in_placet);
@@ -121,7 +121,7 @@ class java_object_factoryt
     code_blockt &assignments,
     const exprt &expr,
     const irep_idt &class_identifier,
-    bool create_dynamic_objects,
+    allocation_typet alloc_type,
     const pointer_typet &pointer_type,
     const update_in_placet &update_in_place);
 
@@ -131,13 +131,13 @@ class java_object_factoryt
     bool is_sub,
     irep_idt class_identifier,
     bool skip_classid,
-    bool create_dynamic_objects,
+    allocation_typet alloc_type,
     const struct_typet &struct_type,
     const update_in_placet &update_in_place);
 
   symbol_exprt gen_nondet_subtype_pointer_init(
     code_blockt &assignments,
-    bool create_dynamic_objects,
+    allocation_typet alloc_type,
     const pointer_typet &substitute_pointer_type);
 };
 
@@ -257,43 +257,51 @@ exprt allocate_dynamic_object_with_decl(
 /// \param assignments: The code block to add code to
 /// \param target_expr: The expression which we are allocating a symbol for
 /// \param allocate_type:
-/// \param create_dynamic_objects: Whether to create a symbol with static
-///   lifetime or
+/// \param alloc_type: Allocation type (global, local or dynamic)
 /// \return the allocated object
 exprt java_object_factoryt::allocate_object(
   code_blockt &assignments,
   const exprt &target_expr,
   const typet &allocate_type,
-  bool create_dynamic_objects)
+  allocation_typet alloc_type)
 {
   const typet &allocate_type_resolved=ns.follow(allocate_type);
   const typet &target_type=ns.follow(target_expr.type().subtype());
   bool cast_needed=allocate_type_resolved!=target_type;
-  if(!create_dynamic_objects)
+  switch(alloc_type)
   {
-    symbolt &aux_symbol=new_tmp_symbol(symbol_table, loc, allocate_type);
-    symbols_created.push_back(&aux_symbol);
-
-    exprt object=aux_symbol.symbol_expr();
-    exprt aoe=address_of_exprt(object);
-    if(cast_needed)
-      aoe=typecast_exprt(aoe, target_expr.type());
-    code_assignt code(target_expr, aoe);
-    code.add_source_location()=loc;
-    assignments.copy_to_operands(code);
-    return aoe;
-  }
-  else
-  {
-    return allocate_dynamic_object(
-      target_expr,
-      allocate_type,
-      symbol_table,
-      loc,
-      assignments,
-      symbols_created,
-      cast_needed);
-  }
+    case allocation_typet::LOCAL:
+    case allocation_typet::GLOBAL:
+    {
+      symbolt &aux_symbol=new_tmp_symbol(symbol_table, loc, allocate_type);
+      if(alloc_type==allocation_typet::GLOBAL)
+        aux_symbol.is_static_lifetime=true;
+      symbols_created.push_back(&aux_symbol);
+
+      exprt object=aux_symbol.symbol_expr();
+      exprt aoe=address_of_exprt(object);
+      if(cast_needed)
+        aoe=typecast_exprt(aoe, target_expr.type());
+      code_assignt code(target_expr, aoe);
+      code.add_source_location()=loc;
+      assignments.copy_to_operands(code);
+      return aoe;
+    }
+    case allocation_typet::DYNAMIC:
+    {
+      return allocate_dynamic_object(
+        target_expr,
+        allocate_type,
+        symbol_table,
+        loc,
+        assignments,
+        symbols_created,
+        cast_needed);
+    }
+    default:
+      UNREACHABLE;
+      return exprt();
+  } // End switch
 }
 
 /// Adds an instruction to `init_code` null-initialising `expr`.
@@ -315,8 +323,7 @@ code_assignt java_object_factoryt::get_null_assignment(
 /// \par parameters: `expr`: pointer-typed lvalue expression to initialise
 /// `target_type`: structure type to initialise, which may not match *expr (for
 ///   example, expr might be void*)
-/// `create_dynamic_objects`: if true, use malloc to allocate objects; otherwise
-///   generate fresh static symbols.
+/// `alloc_type`: Allocation type (global, local or dynamic)
 /// `update_in_place`: NO_UPDATE_IN_PLACE: initialise `expr` from scratch
 ///   MUST_UPDATE_IN_PLACE: reinitialise an existing object MAY_UPDATE_IN_PLACE:
 ///   invalid input
@@ -324,7 +331,7 @@ void java_object_factoryt::gen_pointer_target_init(
   code_blockt &assignments,
   const exprt &expr,
   const typet &target_type,
-  bool create_dynamic_objects,
+  allocation_typet alloc_type,
   update_in_placet update_in_place)
 {
   assert(update_in_place!=update_in_placet::MAY_UPDATE_IN_PLACE);
@@ -348,7 +355,7 @@ void java_object_factoryt::gen_pointer_target_init(
         assignments,
         expr,
         target_type,
-        create_dynamic_objects);
+        alloc_type);
     }
     else
     {
@@ -368,7 +375,7 @@ void java_object_factoryt::gen_pointer_target_init(
       false,
       "",
       false,
-      create_dynamic_objects,
+      alloc_type,
       false,
       typet(),
       update_in_place);
@@ -384,8 +391,7 @@ void java_object_factoryt::gen_pointer_target_init(
 /// \param expr: lvalue expression to initialise
 /// \param class_identifier - the name of the class so we can identify
 /// special cases where a null pointer is not applicable.
-/// \param create_dynamic_objects: if true, use malloc to allocate objects;
-///   otherwise generate fresh static symbols.
+/// \param alloc_type: Allocation type (global, local or dynamic)
 /// \param pointer_type - The type of the pointer we are initalising
 /// `update_in_place`: NO_UPDATE_IN_PLACE: initialise `expr` from scratch
 ///   MUST_UPDATE_IN_PLACE: reinitialise an existing object MAY_UPDATE_IN_PLACE:
@@ -394,7 +400,7 @@ void java_object_factoryt::gen_nondet_pointer_init(
   code_blockt &assignments,
   const exprt &expr,
   const irep_idt &class_identifier,
-  bool create_dynamic_objects,
+  allocation_typet alloc_type,
   const pointer_typet &pointer_type,
   const update_in_placet &update_in_place)
 {
@@ -408,7 +414,7 @@ void java_object_factoryt::gen_nondet_pointer_init(
   {
     const symbol_exprt real_pointer_symbol=gen_nondet_subtype_pointer_init(
       assignments,
-      create_dynamic_objects,
+      alloc_type,
       replacement_pointer_type);
 
     // Having created a pointer to object of type replacement_pointer_type
@@ -447,7 +453,7 @@ void java_object_factoryt::gen_nondet_pointer_init(
       update_in_place_assignments,
       expr,
       subtype,
-      create_dynamic_objects,
+      alloc_type,
       update_in_placet::MUST_UPDATE_IN_PLACE);
   }
 
@@ -464,7 +470,7 @@ void java_object_factoryt::gen_nondet_pointer_init(
     non_null_inst,
     expr,
     subtype,
-    create_dynamic_objects,
+    alloc_type,
     update_in_placet::NO_UPDATE_IN_PLACE);
 
   // Determine whether the pointer can be null.
@@ -531,15 +537,14 @@ void java_object_factoryt::gen_nondet_pointer_init(
 /// A * p = &tmp_object
 /// expr = (I *)p
 /// \param assignments: the code to append to
-/// \param create_dynamic_objects: if true, use malloc to allocate objects;
-///   otherwise generate fresh static symbols.
+/// \param alloc_type: Allocation type (global, local or dynamic)
 /// \param replacement_pointer: The type of the pointer we actually want to
 ///   to create.
 /// \return The symbol expression that corresponds to the pointer to object
 ///   created of the required type.
 symbol_exprt java_object_factoryt::gen_nondet_subtype_pointer_init(
   code_blockt &assignments,
-  bool create_dynamic_objects,
+  allocation_typet alloc_type,
   const pointer_typet &replacement_pointer)
 {
   symbolt new_symbol=new_tmp_symbol(symbol_table, loc, replacement_pointer);
@@ -551,7 +556,7 @@ symbol_exprt java_object_factoryt::gen_nondet_subtype_pointer_init(
     false,
     "",
     false,
-    create_dynamic_objects,
+    alloc_type,
     false,
     typet(),
     update_in_placet::NO_UPDATE_IN_PLACE);
@@ -571,8 +576,7 @@ symbol_exprt java_object_factoryt::gen_nondet_subtype_pointer_init(
 /// \param class_identifier: clsid to initialise @java.lang.Object.
 ///   @class_identifier
 /// \param skip_classid: if true, skip initialising @class_identifier
-/// \param create_dynamic_objects: if true, use malloc to allocate objects;
-///   otherwise generate fresh static symbols.
+/// \param alloc_type: Allocation type (global, local or dynamic)
 /// \param struct_type - The type of the struct we are initalising
 /// \param update_in_place: NO_UPDATE_IN_PLACE: initialise `expr` from scratch
 ///   MUST_UPDATE_IN_PLACE: reinitialise an existing object MAY_UPDATE_IN_PLACE:
@@ -583,7 +587,7 @@ void java_object_factoryt::gen_nondet_struct_init(
   bool is_sub,
   irep_idt class_identifier,
   bool skip_classid,
-  bool create_dynamic_objects,
+  allocation_typet alloc_type,
   const struct_typet &struct_type,
   const update_in_placet &update_in_place)
 {
@@ -643,7 +647,7 @@ void java_object_factoryt::gen_nondet_struct_init(
         _is_sub,
         class_identifier,
         false,
-        create_dynamic_objects,
+        alloc_type,
         false,
         typet(),
         substruct_in_place);
@@ -660,8 +664,7 @@ void java_object_factoryt::gen_nondet_struct_init(
 ///   might be void*)
 /// `class_identifier`: clsid to initialise @java.lang.Object. @class_identifier
 /// `skip_classid`: if true, skip initialising @class_identifier
-/// `create_dynamic_objects`: if true, use malloc to allocate objects; otherwise
-///   generate fresh static symbols.
+/// `alloc_type`: Allocation type (global, local or dynamic)
 /// `override`: If true, initialise with `override_type` instead of
 ///   `expr.type()`. Used at the moment for reference arrays, which are
 ///   implemented as void* arrays but should be init'd as their true type with
@@ -676,7 +679,7 @@ void java_object_factoryt::gen_nondet_init(
   bool is_sub,
   irep_idt class_identifier,
   bool skip_classid,
-  bool create_dynamic_objects,
+  allocation_typet alloc_type,
   bool override,
   const typet &override_type,
   update_in_placet update_in_place)
@@ -692,7 +695,7 @@ void java_object_factoryt::gen_nondet_init(
       assignments,
       expr,
       class_identifier,
-      create_dynamic_objects,
+      alloc_type,
       pointer_type,
       update_in_place);
   }
@@ -705,7 +708,7 @@ void java_object_factoryt::gen_nondet_init(
       is_sub,
       class_identifier,
       skip_classid,
-      create_dynamic_objects,
+      alloc_type,
       struct_type,
       update_in_place);
   }
@@ -751,7 +754,7 @@ void java_object_factoryt::allocate_nondet_length_array(
     false,
     irep_idt(),
     false,
-    false,
+    allocation_typet::LOCAL, // Doesn't matter, as type is primitive
     false,
     typet(),
     update_in_placet::NO_UPDATE_IN_PLACE);
@@ -883,7 +886,8 @@ void java_object_factoryt::gen_nondet_array_init(
     false,
     irep_idt(),
     false,
-    true,
+    // These are variable in number, so use dynamic allocator:
+    allocation_typet::DYNAMIC,
     true,
     element_type,
     child_update_in_place);
@@ -896,16 +900,19 @@ void java_object_factoryt::gen_nondet_array_init(
   assignments.move_to_operands(init_done_label);
 }
 
-/// Similar to `gen_nondet_init` above, but always creates a fresh static global
-/// object or primitive nondet expression.
-/// \par parameters: `type`: type of new object to create
-/// `allow_null`: if true, may return null; otherwise always allocates an object
-/// `max_nondet_array_length`: upper bound on size of initialised arrays.
-/// `loc`: source location for all generated code
-/// `message_handler`: logging
-/// \return `symbol_table` gains any new symbols created, as per gen_nondet_init
-///   above. `init_code` gains any instructions requried to initialise either
+/// Similar to `gen_nondet_init`, but returns an object expression
+/// rather than assigning to one.
+/// \param type: type of new object to create
+/// \param base_name: base name of top-level constructed object
+/// \param [out] init_code: gains any instructions requried to initialise either
 ///   the returned value or its child objects
+/// \param allow_null: if true, may return null; otherwise always
+///   allocates an object
+/// \param max_nondet_array_length: upper bound on size of initialised arrays
+/// \param alloc_type: allocation method (global, local or dynamic objects)
+/// \param loc: source location for all generated code
+/// \return `symbol_table` gains any new symbols created, as per gen_nondet_init
+///   above. `init_code`
 exprt object_factory(
   const typet &type,
   const irep_idt base_name,
@@ -913,6 +920,7 @@ exprt object_factory(
   bool allow_null,
   symbol_tablet &symbol_table,
   size_t max_nondet_array_length,
+  allocation_typet alloc_type,
   const source_locationt &loc)
 {
   irep_idt identifier=id2string(goto_functionst::entry_point())+
@@ -947,7 +955,7 @@ exprt object_factory(
     false,
     "",
     false,
-    false,
+    alloc_type,
     false,
     typet(),
     update_in_placet::NO_UPDATE_IN_PLACE);
@@ -956,9 +964,12 @@ exprt object_factory(
   //   <type> <identifier>;
   for(const symbolt * const symbol_ptr : symbols_created)
   {
-    code_declt decl(symbol_ptr->symbol_expr());
-    decl.add_source_location()=loc;
-    init_code.add(decl);
+    if(!symbol_ptr->is_static_lifetime)
+    {
+      code_declt decl(symbol_ptr->symbol_expr());
+      decl.add_source_location()=loc;
+      init_code.add(decl);
+    }
   }
 
   init_code.append(assignments);
@@ -990,7 +1001,7 @@ void gen_nondet_init(
   symbol_tablet &symbol_table,
   const source_locationt &loc,
   bool skip_classid,
-  bool create_dyn_objs,
+  allocation_typet alloc_type,
   bool assume_non_null,
   size_t max_nondet_array_length,
   update_in_placet update_in_place)
@@ -1010,7 +1021,7 @@ void gen_nondet_init(
     false,
     "",
     skip_classid,
-    create_dyn_objs,
+    alloc_type,
     false,
     typet(),
     update_in_place);
@@ -1019,9 +1030,12 @@ void gen_nondet_init(
   //   <type> <identifier>;
   for(const symbolt * const symbol_ptr : symbols_created)
   {
-    code_declt decl(symbol_ptr->symbol_expr());
-    decl.add_source_location()=loc;
-    init_code.add(decl);
+    if(!symbol_ptr->is_static_lifetime)
+    {
+      code_declt decl(symbol_ptr->symbol_expr());
+      decl.add_source_location()=loc;
+      init_code.add(decl);
+    }
   }
 
   init_code.append(assignments);
diff --git a/src/java_bytecode/java_object_factory.h b/src/java_bytecode/java_object_factory.h
index 05f58de4e82..a56f0f14e31 100644
--- a/src/java_bytecode/java_object_factory.h
+++ b/src/java_bytecode/java_object_factory.h
@@ -14,6 +14,16 @@ Author: Daniel Kroening, kroening@kroening.com
 #include <util/std_code.h>
 #include <util/symbol_table.h>
 
+/// Selects the kind of allocation used by java_object_factory et al.
+enum class allocation_typet {
+  /// Allocate global objects
+  GLOBAL,
+  /// Allocate local stacked objects
+  LOCAL,
+  /// Allocate dynamic objects (using MALLOC)
+  DYNAMIC
+};
+
 exprt object_factory(
   const typet &type,
   const irep_idt base_name,
@@ -21,6 +31,7 @@ exprt object_factory(
   bool allow_null,
   symbol_tablet &symbol_table,
   size_t max_nondet_array_length,
+  allocation_typet alloc_type,
   const source_locationt &);
 
 enum class update_in_placet
@@ -36,7 +47,7 @@ void gen_nondet_init(
   symbol_tablet &symbol_table,
   const source_locationt &loc,
   bool skip_classid,
-  bool create_dyn_objs,
+  allocation_typet alloc_type,
   bool assume_non_null,
   size_t max_nondet_array_length,
   update_in_placet update_in_place);

From d3234c80a33f6c483aee79a9d790bf5804d56b5c Mon Sep 17 00:00:00 2001
From: Joel Allred <joel.allred@diffblue.com>
Date: Fri, 21 Jul 2017 17:37:12 +0100
Subject: [PATCH 439/699] Handle String.toString() in preprocess

---
 src/java_bytecode/java_string_library_preprocess.cpp | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/java_bytecode/java_string_library_preprocess.cpp b/src/java_bytecode/java_string_library_preprocess.cpp
index d34c4f0308d..427f76b8753 100644
--- a/src/java_bytecode/java_string_library_preprocess.cpp
+++ b/src/java_bytecode/java_string_library_preprocess.cpp
@@ -1655,6 +1655,14 @@ void java_string_library_preprocesst::initialize_conversion_table()
   cprover_equivalent_to_java_string_returning_function
     ["java::java.lang.String.toLowerCase:()Ljava/lang/String;"]=
       ID_cprover_string_to_lower_case_func;
+  conversion_table
+    ["java::java.lang.String.toString:()Ljava/lang/String;"]=
+      std::bind(
+        &java_string_library_preprocesst::make_copy_string_code,
+        this,
+        std::placeholders::_1,
+        std::placeholders::_2,
+        std::placeholders::_3);
   cprover_equivalent_to_java_string_returning_function
     ["java::java.lang.String.toUpperCase:()Ljava/lang/String;"]=
       ID_cprover_string_to_upper_case_func;

From 317baac162a7a7a522c1be9929f286b06778659c Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Fri, 21 Jul 2017 17:49:08 +0100
Subject: [PATCH 440/699] Better indentation in string solver debug

---
 src/solvers/refinement/string_refinement.cpp | 26 ++++++++++++--------
 1 file changed, 16 insertions(+), 10 deletions(-)

diff --git a/src/solvers/refinement/string_refinement.cpp b/src/solvers/refinement/string_refinement.cpp
index 3d011d71cf3..d7143d3269e 100644
--- a/src/solvers/refinement/string_refinement.cpp
+++ b/src/solvers/refinement/string_refinement.cpp
@@ -789,14 +789,17 @@ std::string string_refinementt::string_of_array(const array_exprt &arr)
 /// solver to constant expressions given by the current model
 void string_refinementt::debug_model()
 {
+  const std::string indent("  ");
   for(auto it : symbol_resolve)
   {
     if(refined_string_typet::is_refined_string_type(it.second.type()))
     {
-      debug() << " - " << from_expr(ns, "", to_symbol_expr(it.first)) << ":\n";
+      debug() << "- " << from_expr(ns, "", to_symbol_expr(it.first)) << ":\n";
       string_exprt refined=to_string_expr(it.second);
-      debug() << "     in_map: " << from_expr(ns, "", refined) << eom;
-      debug() << "     resolved: " << from_expr(ns, "", refined) << eom;
+      debug() << indent << indent << "in_map: "
+              << from_expr(ns, "", refined) << eom;
+      debug() << indent << indent << "resolved: "
+              << from_expr(ns, "", refined) << eom;
       const exprt &econtent=refined.content();
       const exprt &elength=refined.length();
 
@@ -804,12 +807,13 @@ void string_refinementt::debug_model()
       len=simplify_expr(len, ns);
       exprt arr=get_array(econtent, len);
       if(arr.id()==ID_array)
-        debug() << "     as_string: \"" << string_of_array(to_array_expr(arr))
-                << "\"\n";
+        debug() << indent << indent << "as_string: \""
+                << string_of_array(to_array_expr(arr)) << "\"\n";
       else
-        debug() << "     as_char_array: " << from_expr(ns, "", arr) << "\n";
+        debug() << indent << indent << "as_char_array: "
+                << from_expr(ns, "", arr) << "\n";
 
-      debug() << "     size: " << from_expr(ns, "", len) << eom;
+      debug() << indent << indent << "size: " << from_expr(ns, "", len) << eom;
     }
     else
     {
@@ -820,10 +824,12 @@ void string_refinementt::debug_model()
           "handled"));
       exprt arr=it.second;
       replace_expr(symbol_resolve, arr);
-      debug() << " - " << from_expr(ns, "", to_symbol_expr(it.first)) << ":\n";
-      debug() << "     resolved: " << from_expr(ns, "", arr) << "\n";
+      debug() << "- " << from_expr(ns, "", to_symbol_expr(it.first)) << ":\n";
+      debug() << indent << indent << "resolved: "
+              << from_expr(ns, "", arr) << "\n";
       exprt arr_model=get_array(arr);
-      debug() << "     char_array: " << from_expr(ns, "", arr_model) << eom;
+      debug() << indent << indent << "char_array: "
+              << from_expr(ns, "", arr_model) << eom;
     }
   }
 

From cea763be9944a4631ffafcf853fd638466b8c669 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Fri, 21 Jul 2017 15:20:04 +0100
Subject: [PATCH 441/699] Adapting resolve_symbol map to contain if expressions

This clarifies what can be stored in the map by adding assertions and
ensure we correctly propagate new symbols for the case of if
expressions and structured expressions.

Use recursion for dependences in symbol map.
---
 src/solvers/refinement/string_refinement.cpp | 59 +++++++++++++++++---
 1 file changed, 51 insertions(+), 8 deletions(-)

diff --git a/src/solvers/refinement/string_refinement.cpp b/src/solvers/refinement/string_refinement.cpp
index 6f1aba365d3..522ad04794e 100644
--- a/src/solvers/refinement/string_refinement.cpp
+++ b/src/solvers/refinement/string_refinement.cpp
@@ -117,28 +117,71 @@ void string_refinementt::add_instantiations()
   }
 }
 
+/// List the simple expressions on which the expression depends in the
+/// `symbol_resolve` map. A simple expression is either a symbol or a
+/// constant array
+/// \param expr: an expression
+static void depends_in_symbol_map(const exprt &expr, std::vector<exprt> &accu)
+{
+  if(expr.id()==ID_if)
+  {
+    if_exprt if_expr=to_if_expr(expr);
+    depends_in_symbol_map(if_expr.true_case(), accu);
+    depends_in_symbol_map(if_expr.false_case(), accu);
+  }
+  else if(expr.id()==ID_struct)
+  {
+    string_exprt str=to_string_expr(expr);
+    depends_in_symbol_map(str.content(), accu);
+  }
+  else
+  {
+    INVARIANT(
+      expr.id()==ID_symbol || expr.id()==ID_array || expr.id()==ID_array_of,
+      "leaf in symbol resolve should be a symbol or a constant array");
+    accu.push_back(expr);
+  }
+}
+
 /// keeps a map of symbols to expressions, such as none of the mapped values
 /// exist as a key
 /// \param lhs: a symbol expression
-/// \param rhs: an expression to map it to
+/// \param rhs: an expression to map it to, which should be either a symbol
+///             a string_exprt, an array_exprt, an array_of_exprt or an
+///             if_exprt with branches of the previous kind
 void string_refinementt::add_symbol_to_symbol_map(
   const exprt &lhs, const exprt &rhs)
 {
   PRECONDITION(lhs.id()==ID_symbol);
+  PRECONDITION(rhs.id()==ID_symbol ||
+               rhs.id()==ID_array ||
+               rhs.id()==ID_array_of ||
+               rhs.id()==ID_if ||
+               (rhs.id()==ID_struct &&
+                refined_string_typet::is_refined_string_type(rhs.type())));
 
   // We insert the mapped value of the rhs, if it exists.
   auto it=symbol_resolve.find(rhs);
   const exprt &new_rhs=it!=symbol_resolve.end()?it->second:rhs;
-
   symbol_resolve[lhs]=new_rhs;
-  reverse_symbol_resolve[new_rhs].push_back(lhs);
 
-  const std::list<exprt> &symbols_to_update_with_new_rhs(
-    reverse_symbol_resolve[lhs]);
-  for(exprt item : symbols_to_update_with_new_rhs)
+  // List the leaves of new_rhs
+  std::vector<exprt> leaves;
+  depends_in_symbol_map(new_rhs, leaves);
+
+  const auto &symbols_to_update_with_new_rhs=reverse_symbol_resolve[lhs];
+
+  // We need to update all the symbols which depend on lhs
+  for(const exprt &item : symbols_to_update_with_new_rhs)
+    replace_expr(symbol_resolve, symbol_resolve[item]);
+
+  // Every time a symbol at the leaves is updated we need to update lhs
+  // and the symbols that depend on it
+  for(const auto &leaf : leaves)
   {
-    symbol_resolve[item]=new_rhs;
-    reverse_symbol_resolve[new_rhs].push_back(item);
+    reverse_symbol_resolve[leaf].push_back(lhs);
+    for(const exprt &item : symbols_to_update_with_new_rhs)
+      reverse_symbol_resolve[leaf].push_back(item);
   }
 }
 

From 7b09ba3c3da5650d9edb92681263cea6eda1714b Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Fri, 21 Jul 2017 15:22:25 +0100
Subject: [PATCH 442/699] Simplify expressions representing arrays that we get
 from the model

Those could be if expressions where the conditions are constants and
should be simplified.
---
 src/solvers/refinement/string_refinement.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/solvers/refinement/string_refinement.cpp b/src/solvers/refinement/string_refinement.cpp
index 522ad04794e..87d7f9a313c 100644
--- a/src/solvers/refinement/string_refinement.cpp
+++ b/src/solvers/refinement/string_refinement.cpp
@@ -673,7 +673,7 @@ void string_refinementt::add_lemma(
 /// \return an array expression or an array_of_exprt
 exprt string_refinementt::get_array(const exprt &arr, const exprt &size) const
 {
-  exprt arr_val=get_array(arr);
+  exprt arr_val=simplify_expr(get_array(arr), ns);
   exprt size_val=supert::get(size);
   size_val=simplify_expr(size_val, ns);
   typet char_type=arr.type().subtype();

From cc8c420f32922102b657d1aad7dc683cab70b5fa Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Fri, 21 Jul 2017 16:47:19 +0100
Subject: [PATCH 443/699] Making added axioms fit the new invariant checks on
 universal formulas

---
 src/solvers/refinement/string_constraint_generator_main.cpp | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/solvers/refinement/string_constraint_generator_main.cpp b/src/solvers/refinement/string_constraint_generator_main.cpp
index 5012dfad95a..823295777d4 100644
--- a/src/solvers/refinement/string_constraint_generator_main.cpp
+++ b/src/solvers/refinement/string_constraint_generator_main.cpp
@@ -285,12 +285,13 @@ string_exprt string_constraint_generatort::add_axioms_for_if(
     implies_exprt(expr.cond(), res.axiom_for_has_same_length_as(t)));
   symbol_exprt qvar=fresh_univ_index("QA_string_if_true", index_type);
   equal_exprt qequal(res[qvar], t[qvar]);
-  axioms.push_back(string_constraintt(qvar, t.length(), expr.cond(), qequal));
+  string_constraintt sc1(qvar, t.length(), implies_exprt(expr.cond(), qequal));
+  axioms.push_back(sc1);
   axioms.push_back(
     implies_exprt(not_exprt(expr.cond()), res.axiom_for_has_same_length_as(f)));
   symbol_exprt qvar2=fresh_univ_index("QA_string_if_false", index_type);
   equal_exprt qequal2(res[qvar2], f[qvar2]);
-  string_constraintt sc2(qvar2, f.length(), not_exprt(expr.cond()), qequal2);
+  string_constraintt sc2(qvar2, f.length(), or_exprt(expr.cond(), qequal2));
   axioms.push_back(sc2);
   return res;
 }

From 3b4b0d0c74129e017826b1316e7208c3d1ceb3b8 Mon Sep 17 00:00:00 2001
From: "Lukasz A.J. Wrona" <lukasz.andrzej.wrona@gmail.com>
Date: Sun, 23 Jul 2017 14:31:08 +0100
Subject: [PATCH 444/699] Escape square brackets in java_length test descriptor

---
 regression/strings-smoke-tests/java_length/test.desc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/regression/strings-smoke-tests/java_length/test.desc b/regression/strings-smoke-tests/java_length/test.desc
index 487700d01fb..60c360eecb8 100644
--- a/regression/strings-smoke-tests/java_length/test.desc
+++ b/regression/strings-smoke-tests/java_length/test.desc
@@ -4,6 +4,6 @@ test_length.class
 ^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
-[.*assertion.1] .* line 7 .*: SUCCESS
-[.*assertion.2] .* line 8 .*: FAILURE
+\[.*assertion\.1\] .* line 7 .*: SUCCESS
+\[.*assertion\.2\] .* line 8 .*: FAILURE
 --

From f0054270d9a4502882dc032191b1571a8629ad6e Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Wed, 19 Jul 2017 15:08:34 +0100
Subject: [PATCH 445/699] Fix global variable initialisation

External globals (static fields in Java) should have been annotated with the
static_lifetime attribute and consequently initialised with either null, or
an actual instance of the right type. Instead they were given nondet pointers
which could lead to odd results, such as apparently being neither null nor
pointing to something of the expected type. This restores proper initialisation,
and excludes global void* fields (currently only the #exception_value special
returns match this definition)
---
 .../cbmc-java/external_getstatic1/test.class  | Bin 0 -> 569 bytes
 .../cbmc-java/external_getstatic1/test.desc   |   8 +++
 .../cbmc-java/external_getstatic1/test.java   |  16 +++++
 .../java_bytecode_convert_method.cpp          |   8 +++
 src/java_bytecode/java_object_factory.cpp     |  64 +++++++++++-------
 5 files changed, 71 insertions(+), 25 deletions(-)
 create mode 100644 regression/cbmc-java/external_getstatic1/test.class
 create mode 100644 regression/cbmc-java/external_getstatic1/test.desc
 create mode 100644 regression/cbmc-java/external_getstatic1/test.java

diff --git a/regression/cbmc-java/external_getstatic1/test.class b/regression/cbmc-java/external_getstatic1/test.class
new file mode 100644
index 0000000000000000000000000000000000000000..ec38ad6938551538faf41baaf86fb0c522a17d11
GIT binary patch
literal 569
zcmYLGO)mpc6g_Wd+Si#5+M?=PvA}{&cSJPBMzJ7*jl8xmGE8S=W-5M5|A2K#G$A2Y
z62D2reG_dr@6Mci?m6ea_x=0&4xof(3nua=3{05dC~!=2Oj$@E&oOOb2D2P<45P~;
z3}p~Gz8CH~p{TjC!N4vVl3R}FMB5Dd%IX<|QSlp+VWjGK@~G9U$>3CxsnHaU$1rpf
ziTdrKxQk)3V@Pe)-G2@1#BT+4x$me6Gm>Gnek1OM4I4u?=CNSILYj=r3<cHMaD{ih
zQSN2i3j#kNFEz<gw6TaKhRlF@T)UC=i1NvYNCuv8udZFcCR~bNEpHM&pjKR3nIYeh
zp%chP--8y2TGXI@FHxjRGwCK-rl6A1mky@V(m70jvs4+?#99}uqlg%xGZ}+wG}EV^
zLyOVk6SOZF9V!P;(A&tZeZpuX{f5Lv7s(GLqs20LdMA);k{me+rO9)FI$1(ZX#7V#
pXbvfi_FYP`2awJ27o^(Y#v=^<8TvrA7fz`ppxHZWg|XOl{0~KlWgY+k

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/external_getstatic1/test.desc b/regression/cbmc-java/external_getstatic1/test.desc
new file mode 100644
index 00000000000..dc5ca4fa5cb
--- /dev/null
+++ b/regression/cbmc-java/external_getstatic1/test.desc
@@ -0,0 +1,8 @@
+CORE
+test.class
+
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION SUCCESSFUL$
+--
+^warning: ignoring
diff --git a/regression/cbmc-java/external_getstatic1/test.java b/regression/cbmc-java/external_getstatic1/test.java
new file mode 100644
index 00000000000..5b3f3bdb9b2
--- /dev/null
+++ b/regression/cbmc-java/external_getstatic1/test.java
@@ -0,0 +1,16 @@
+class A
+{
+  public static A external_global;
+  public int i;
+};
+
+public class test
+{
+  public static void main()
+  {
+    if(A.external_global == null)
+      return;
+    A local = A.external_global;
+    assert(local instanceof A);
+  }
+}
diff --git a/src/java_bytecode/java_bytecode_convert_method.cpp b/src/java_bytecode/java_bytecode_convert_method.cpp
index 9494fd2539b..3cb2cc2861d 100644
--- a/src/java_bytecode/java_bytecode_convert_method.cpp
+++ b/src/java_bytecode/java_bytecode_convert_method.cpp
@@ -2014,6 +2014,10 @@ codet java_bytecode_convert_methodt::convert_instructions(
       const bool is_assertions_disabled_field=
         field_name.find("$assertionsDisabled")!=std::string::npos;
       symbol_expr.set_identifier(arg0.get_string(ID_class)+"."+field_name);
+
+      // If external, create a symbol table entry for this static field:
+      check_static_field_stub(symbol_expr, field_name);
+
       if(lazy_methods)
       {
         if(arg0.type().id()==ID_symbol)
@@ -2056,6 +2060,10 @@ codet java_bytecode_convert_methodt::convert_instructions(
       symbol_exprt symbol_expr(arg0.type());
       const auto &field_name=arg0.get_string(ID_component_name);
       symbol_expr.set_identifier(arg0.get_string(ID_class)+"."+field_name);
+
+      // If external, create a symbol table entry for this static field:
+      check_static_field_stub(symbol_expr, field_name);
+
       if(lazy_methods && arg0.type().id()==ID_symbol)
       {
         lazy_methods->add_needed_class(
diff --git a/src/java_bytecode/java_object_factory.cpp b/src/java_bytecode/java_object_factory.cpp
index 088c046fc8b..5559dfaf714 100644
--- a/src/java_bytecode/java_object_factory.cpp
+++ b/src/java_bytecode/java_object_factory.cpp
@@ -473,6 +473,8 @@ void java_object_factoryt::gen_nondet_pointer_init(
     alloc_type,
     update_in_placet::NO_UPDATE_IN_PLACE);
 
+  auto set_null_inst=get_null_assignment(expr, pointer_type);
+
   // Determine whether the pointer can be null.
   // In particular the array field of a String should not be null.
   bool not_null=
@@ -483,7 +485,18 @@ void java_object_factoryt::gen_nondet_pointer_init(
       class_identifier=="java.lang.CharSequence") &&
      subtype.id()==ID_array);
 
-  if(not_null)
+  // Alternatively, if this is a void* we *must* initialise with null:
+  // (This can currently happen for some cases of #exception_value)
+  bool must_be_null=
+    subtype==empty_typet();
+
+  if(must_be_null)
+  {
+    // Add the following code to assignments:
+    // <expr> = nullptr;
+    new_object_assignments.add(set_null_inst);
+  }
+  else if(not_null)
   {
     // Add the following code to assignments:
     // <expr> = <aoe>;
@@ -500,8 +513,6 @@ void java_object_factoryt::gen_nondet_pointer_init(
     //    <code from recursive call to gen_nondet_init() with
     //             tmp$<temporary_counter>>
     // }
-    auto set_null_inst=get_null_assignment(expr, pointer_type);
-
     code_ifthenelset null_check;
     null_check.cond()=side_effect_expr_nondett(bool_typet());
     null_check.then_case()=set_null_inst;
@@ -900,6 +911,29 @@ void java_object_factoryt::gen_nondet_array_init(
   assignments.move_to_operands(init_done_label);
 }
 
+/// Add code_declt instructions to `init_code` for every non-static symbol
+/// in `symbols_created`
+/// \param symbols_created: list of symbols
+/// \param loc: source location for new code_declt instances
+/// \param [out] init_code: gets code_declt for each symbol
+static void declare_created_symbols(
+  const std::vector<const symbolt *> &symbols_created,
+  const source_locationt &loc,
+  code_blockt &init_code)
+{
+  // Add the following code to init_code for each symbol that's been created:
+  //   <type> <identifier>;
+  for(const symbolt * const symbol_ptr : symbols_created)
+  {
+    if(!symbol_ptr->is_static_lifetime)
+    {
+      code_declt decl(symbol_ptr->symbol_expr());
+      decl.add_source_location()=loc;
+      init_code.add(decl);
+    }
+  }
+}
+
 /// Similar to `gen_nondet_init`, but returns an object expression
 /// rather than assigning to one.
 /// \param type: type of new object to create
@@ -960,17 +994,7 @@ exprt object_factory(
     typet(),
     update_in_placet::NO_UPDATE_IN_PLACE);
 
-  // Add the following code to init_code for each symbol that's been created:
-  //   <type> <identifier>;
-  for(const symbolt * const symbol_ptr : symbols_created)
-  {
-    if(!symbol_ptr->is_static_lifetime)
-    {
-      code_declt decl(symbol_ptr->symbol_expr());
-      decl.add_source_location()=loc;
-      init_code.add(decl);
-    }
-  }
+  declare_created_symbols(symbols_created, loc, init_code);
 
   init_code.append(assignments);
   return object;
@@ -1026,17 +1050,7 @@ void gen_nondet_init(
     typet(),
     update_in_place);
 
-  // Add the following code to init_code for each symbol that's been created:
-  //   <type> <identifier>;
-  for(const symbolt * const symbol_ptr : symbols_created)
-  {
-    if(!symbol_ptr->is_static_lifetime)
-    {
-      code_declt decl(symbol_ptr->symbol_expr());
-      decl.add_source_location()=loc;
-      init_code.add(decl);
-    }
-  }
+  declare_created_symbols(symbols_created, loc, init_code);
 
   init_code.append(assignments);
 }

From 5e02b0cadb80486511a1d6fcb78b95e198f93743 Mon Sep 17 00:00:00 2001
From: "Lukasz A.J. Wrona" <lukasz.andrzej.wrona@gmail.com>
Date: Mon, 24 Jul 2017 15:11:42 +0100
Subject: [PATCH 446/699] Disable bug-test-gen-095 string refinement test

---
 regression/strings/bug-test-gen-095/test.desc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/regression/strings/bug-test-gen-095/test.desc b/regression/strings/bug-test-gen-095/test.desc
index 99d5a8b4bd8..4cabceb1b36 100644
--- a/regression/strings/bug-test-gen-095/test.desc
+++ b/regression/strings/bug-test-gen-095/test.desc
@@ -1,4 +1,4 @@
-CORE
+FUTURE
 test.class
 --refine-strings
 ^EXIT=10$

From 3279e5649945ad928e35be7586ff775ad7583dba Mon Sep 17 00:00:00 2001
From: thk123 <thomas@diffblue.com>
Date: Fri, 21 Jul 2017 15:24:46 +0100
Subject: [PATCH 447/699] Fixed documentation on object_factory

---
 src/java_bytecode/java_object_factory.cpp | 32 ++++++++++++-----------
 1 file changed, 17 insertions(+), 15 deletions(-)

diff --git a/src/java_bytecode/java_object_factory.cpp b/src/java_bytecode/java_object_factory.cpp
index 5559dfaf714..16ca8df8659 100644
--- a/src/java_bytecode/java_object_factory.cpp
+++ b/src/java_bytecode/java_object_factory.cpp
@@ -942,11 +942,13 @@ static void declare_created_symbols(
 ///   the returned value or its child objects
 /// \param allow_null: if true, may return null; otherwise always
 ///   allocates an object
+/// \param symbol_table: gains any new symbols created, as per gen_nondet_init
+///   above.
 /// \param max_nondet_array_length: upper bound on size of initialised arrays
 /// \param alloc_type: allocation method (global, local or dynamic objects)
 /// \param loc: source location for all generated code
-/// \return `symbol_table` gains any new symbols created, as per gen_nondet_init
-///   above. `init_code`
+/// \return A symbol expression repesenting the new object that has been
+///   created.
 exprt object_factory(
   const typet &type,
   const irep_idt base_name,
@@ -1003,22 +1005,22 @@ exprt object_factory(
 /// Initialises a primitive or object tree rooted at `expr`, allocating child
 /// objects as necessary and nondet-initialising their members, or if MAY_ or
 /// MUST_UPDATE_IN_PLACE is set, re-initialising already-allocated objects.
-/// \par parameters: `expr`: lvalue expression to initialise
-/// `loc`: source location for all generated code
-/// `skip_classid`: if true, skip initialising @class_identifier
-/// `create_dyn_objs`: if true, use malloc to allocate objects; otherwise
+/// \param expr: lvalue expression to initialise
+/// \param init_code: gets an instruction sequence to initialise or
+///   reinitialise `expr` and child objects it refers to.
+/// \param symbol_table: is modified with any new symbols created.
+///   This includes any necessary temporaries, and if `create_dyn_objs` is
+///   false, any allocated objects.
+/// \param loc: source location for all generated code
+/// \param skip_classid: if true, skip initialising @class_identifier
+/// \param create_dyn_objs: if true, use malloc to allocate objects; otherwise
 ///   generate fresh static symbols.
-/// `assume_non_null`: never initialise pointer members with null, unless forced
-///   to by recursive datatypes
-/// `message_handler`: logging
-/// `max_nondet_array_length`: upper bound on size of initialised arrays.
-/// `update_in_place`: NO_UPDATE_IN_PLACE: initialise `expr` from scratch
+/// \param assume_non_null: never initialise pointer members with null, unless
+///   forced to by recursive datatypes;
+/// \param max_nondet_array_length: upper bound on size of initialised arrays.
+/// \param update_in_place: NO_UPDATE_IN_PLACE: initialise `expr` from scratch
 ///   MUST_UPDATE_IN_PLACE: reinitialise an existing object MAY_UPDATE_IN_PLACE:
 ///   generate a runtime nondet branch between the NO_ and MUST_ cases.
-/// \return `init_code` gets an instruction sequence to initialise or
-///   reinitialise `expr` and child objects it refers to. `symbol_table` is
-///   modified with any new symbols created. This includes any necessary
-///   temporaries, and if `create_dyn_objs` is false, any allocated objects.
 void gen_nondet_init(
   const exprt &expr,
   code_blockt &init_code,

From 96fdb9e5e97aad2effc6e694a66fd94515d849b3 Mon Sep 17 00:00:00 2001
From: thk123 <thomas@diffblue.com>
Date: Fri, 14 Jul 2017 15:07:56 +0100
Subject: [PATCH 448/699] Moved the logic of select_pointer_type into test-gen

The base classs behaviour now leaves the type untouched. This requires
no further testing so the original tests are now removed.

The select_pointer_type class is now passed in to allow configurable
behaviour. However, on this branch the behaviour is trivial.
---
 .../A.class                                   | Bin 347 -> 0 bytes
 .../B.class                                   | Bin 347 -> 0 bytes
 .../I.class                                   | Bin 118 -> 0 bytes
 .../TestClass.class                           | Bin 712 -> 0 bytes
 .../TestClass.java                            |  44 -------
 .../test.desc                                 |   5 -
 .../A.class                                   | Bin 347 -> 0 bytes
 .../B.class                                   | Bin 347 -> 0 bytes
 .../C.class                                   | Bin 351 -> 0 bytes
 .../D.class                                   | Bin 351 -> 0 bytes
 .../I.class                                   | Bin 118 -> 0 bytes
 .../J.class                                   | Bin 118 -> 0 bytes
 .../TestClass.class                           | Bin 836 -> 0 bytes
 .../TestClass.java                            |  61 ---------
 .../test.desc                                 |   7 -
 .../A.class                                   | Bin 347 -> 0 bytes
 .../B.class                                   | Bin 347 -> 0 bytes
 .../I.class                                   | Bin 118 -> 0 bytes
 .../TestClass.class                           | Bin 691 -> 0 bytes
 .../TestClass.java                            |  42 ------
 .../test.desc                                 |   6 -
 .../A.class                                   | Bin 347 -> 0 bytes
 .../B.class                                   | Bin 347 -> 0 bytes
 .../C.class                                   | Bin 351 -> 0 bytes
 .../D.class                                   | Bin 351 -> 0 bytes
 .../I.class                                   | Bin 118 -> 0 bytes
 .../J.class                                   | Bin 118 -> 0 bytes
 .../TestClass.class                           | Bin 804 -> 0 bytes
 .../TestClass.java                            |  57 --------
 .../test.desc                                 |   8 --
 .../A.class                                   | Bin 347 -> 0 bytes
 .../B.class                                   | Bin 347 -> 0 bytes
 .../I.class                                   | Bin 118 -> 0 bytes
 .../TestClass.class                           | Bin 697 -> 0 bytes
 .../TestClass.java                            |  41 ------
 .../test.desc                                 |   6 -
 src/goto-programs/convert_nondet.cpp          |   2 +
 src/java_bytecode/Makefile                    |   1 -
 .../get_concrete_class_alphabetically.cpp     | 123 ------------------
 .../get_concrete_class_alphabetically.h       |  32 -----
 .../java_bytecode_instrument.cpp              |   3 +-
 src/java_bytecode/java_bytecode_language.cpp  |   3 +-
 src/java_bytecode/java_entry_point.cpp        |  21 ++-
 src/java_bytecode/java_entry_point.h          |   5 +-
 src/java_bytecode/java_object_factory.cpp     |  29 ++++-
 src/java_bytecode/java_object_factory.h       |   9 +-
 src/java_bytecode/select_pointer_type.cpp     |  51 +-------
 src/java_bytecode/select_pointer_type.h       |  11 +-
 48 files changed, 61 insertions(+), 506 deletions(-)
 delete mode 100644 regression/cbmc-java/instance-method-user-interface-field/A.class
 delete mode 100644 regression/cbmc-java/instance-method-user-interface-field/B.class
 delete mode 100644 regression/cbmc-java/instance-method-user-interface-field/I.class
 delete mode 100644 regression/cbmc-java/instance-method-user-interface-field/TestClass.class
 delete mode 100644 regression/cbmc-java/instance-method-user-interface-field/TestClass.java
 delete mode 100644 regression/cbmc-java/instance-method-user-interface-field/test.desc
 delete mode 100644 regression/cbmc-java/instance-method-user-interface-two-fields-different/A.class
 delete mode 100644 regression/cbmc-java/instance-method-user-interface-two-fields-different/B.class
 delete mode 100644 regression/cbmc-java/instance-method-user-interface-two-fields-different/C.class
 delete mode 100644 regression/cbmc-java/instance-method-user-interface-two-fields-different/D.class
 delete mode 100644 regression/cbmc-java/instance-method-user-interface-two-fields-different/I.class
 delete mode 100644 regression/cbmc-java/instance-method-user-interface-two-fields-different/J.class
 delete mode 100644 regression/cbmc-java/instance-method-user-interface-two-fields-different/TestClass.class
 delete mode 100644 regression/cbmc-java/instance-method-user-interface-two-fields-different/TestClass.java
 delete mode 100644 regression/cbmc-java/instance-method-user-interface-two-fields-different/test.desc
 delete mode 100644 regression/cbmc-java/static-method-user-interface-param/A.class
 delete mode 100644 regression/cbmc-java/static-method-user-interface-param/B.class
 delete mode 100644 regression/cbmc-java/static-method-user-interface-param/I.class
 delete mode 100644 regression/cbmc-java/static-method-user-interface-param/TestClass.class
 delete mode 100644 regression/cbmc-java/static-method-user-interface-param/TestClass.java
 delete mode 100644 regression/cbmc-java/static-method-user-interface-param/test.desc
 delete mode 100644 regression/cbmc-java/static-method-user-interface-two-params-different/A.class
 delete mode 100644 regression/cbmc-java/static-method-user-interface-two-params-different/B.class
 delete mode 100644 regression/cbmc-java/static-method-user-interface-two-params-different/C.class
 delete mode 100644 regression/cbmc-java/static-method-user-interface-two-params-different/D.class
 delete mode 100644 regression/cbmc-java/static-method-user-interface-two-params-different/I.class
 delete mode 100644 regression/cbmc-java/static-method-user-interface-two-params-different/J.class
 delete mode 100644 regression/cbmc-java/static-method-user-interface-two-params-different/TestClass.class
 delete mode 100644 regression/cbmc-java/static-method-user-interface-two-params-different/TestClass.java
 delete mode 100644 regression/cbmc-java/static-method-user-interface-two-params-different/test.desc
 delete mode 100644 regression/cbmc-java/static-method-user-interface-two-params-same/A.class
 delete mode 100644 regression/cbmc-java/static-method-user-interface-two-params-same/B.class
 delete mode 100644 regression/cbmc-java/static-method-user-interface-two-params-same/I.class
 delete mode 100644 regression/cbmc-java/static-method-user-interface-two-params-same/TestClass.class
 delete mode 100644 regression/cbmc-java/static-method-user-interface-two-params-same/TestClass.java
 delete mode 100644 regression/cbmc-java/static-method-user-interface-two-params-same/test.desc
 delete mode 100644 src/java_bytecode/get_concrete_class_alphabetically.cpp
 delete mode 100644 src/java_bytecode/get_concrete_class_alphabetically.h

diff --git a/regression/cbmc-java/instance-method-user-interface-field/A.class b/regression/cbmc-java/instance-method-user-interface-field/A.class
deleted file mode 100644
index 86d25a78c288902109861e3598f73679d860a758..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 347
zcmZusO-sW-6r4?ytckI<_3P?UJ(!C(MF@q05cFW_eG`|uB_@z;{Z(EBLGa)Y@JET0
zRS?0$8{W)&^O*PX`SuRr3<oiM>_iw~S7J|MUqT89#kvv*FHCLhrNH3mcp>0Vn>#JA
zots);uOABC&Q(!SndD8Ws)cGz&woVU-kXlrJUbVNm)d6E9(Rq$<J)H4mU?FT3&XkY
z?6gu{ce+xKD!~S#1fdI)35<F%tyH~CZ;F*JEe;vkhd{t$P)NSxvFIa@*`;m*1ShW$
n&u+X)3@P`R5EIu2*us#EpJ7D&Ykq<E#G!{@bM&uy?6xLfaMUse

diff --git a/regression/cbmc-java/instance-method-user-interface-field/B.class b/regression/cbmc-java/instance-method-user-interface-field/B.class
deleted file mode 100644
index 09103c22aac6a03a430d8b26e869b6fe32fae16c..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 347
zcmZusO-sW-5Pg#-SsP=l_3P?UJ(!EPN}(+Xg`fvZ@0+;PEir*)>#y=62n7%Rfc~iB
z>?(*L%bT5fZ{9Go*?xQixW;J&ABSCZa3pXna3UZGlryG;@J3hK3<;g{i#frc)Q^g=
zpXo~7t)6q$%w%3N)6eQcmUG!?TmO*0dD1Ogv+;lsEtDC3d)zc09zE2nrck%qPDo~|
zHIq`d?bTAg$QV25#t7XqV?xi8X(_8kdY>;<VQ|JP`yd1iUKE1Q@fhsmI^ryK3J_eb
qL2pjp<rp#z#Qbcud4N46{PSh#ar|q3hxf{&hhKB@ulc}r^}hgiSTYm<

diff --git a/regression/cbmc-java/instance-method-user-interface-field/I.class b/regression/cbmc-java/instance-method-user-interface-field/I.class
deleted file mode 100644
index ad5d429af3b107c5dd117be3d92107e8b212ecb8..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 118
zcmX^0Z`VEs1_l!bPId-%b_Nbc2Cnqf5=Xz%+@#bZMh0dLO;4auaDHh~a;jTqPAVe<
zUr1_kiE~b3aj{-jVp$?110zs{0EnrdlbDyT@1K;Fnq0!hz`)4B1T+~)vjELuU;(ih
KSb-!H0~-LnR2Ucl

diff --git a/regression/cbmc-java/instance-method-user-interface-field/TestClass.class b/regression/cbmc-java/instance-method-user-interface-field/TestClass.class
deleted file mode 100644
index 6a6298d05b84f9031e8c6d30d778c22be001940e..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 712
zcmZuvT~E_c7=BLMt!p=64DDbr1?I;-l-+m-AsHklONw5MV89#CMxDj3HErkb@dtQg
zVkAo9r5FArV~Ecw18z)n&ii$q=Y8Hc{eAi4CxB;oYQsjuf`tb~Jj5dtk8K!em}uI_
zqoD#OTPE59b`njzm%}q}lnUr>e_J5G<A;8_%dpux5-|3oQ%_*Q^+WH)bTahfLpcnX
zskqTd21hdXRXj@?={r9WD7uGUlI{mGNyw<bjiQY1gzT}GOanF(eSx__Do5`R<cDkY
zMEaqC(|qlo$&a!d$Z*^pq_H24w=*p=9+Q3PKV=e1H9?R4#87#A^z1=2jYr;dUkRSS
z(X^%5OPIra2}P7lR7>dK36VXXJpt?HsX+Nw%Jrh`v6uF)mXXcX$2!+-bNz%XMtV9A
z8!%p=*Uc(Gu6+*ig$WI1-g%~hMSdVi`8iauL@RIycX=yt%GVlgz5Ny1FI1KJ4qaep
zwcP%Mobg%b#|L^wS|cssz{E0%S5QTb_Zn8Qku`Eiwn()OE2?FE)^eG?1??|Z#2*$c
zf@(7bZwOHXITtXF&yjO4kf${dI^R%ubvsXm{}#|h0WC`DaDuI@<@yzx64qERa4mJ*
SBX^ln?{j$?{S8($Z2kj+J8=L2

diff --git a/regression/cbmc-java/instance-method-user-interface-field/TestClass.java b/regression/cbmc-java/instance-method-user-interface-field/TestClass.java
deleted file mode 100644
index 0065a473c57..00000000000
--- a/regression/cbmc-java/instance-method-user-interface-field/TestClass.java
+++ /dev/null
@@ -1,44 +0,0 @@
-interface I
-{
-    int getANumber();
-}
-
-class A implements I {
-    public int a;
-
-    public int getANumber() { return a; }
-}
-
-class B implements I {
-    public int b;
-    public int getANumber() { return b; }
-}
-
-class TestClass
-{
-    public I someObject;
-
-    public boolean foo() {
-        if(someObject!=null)
-        {
-            int result = someObject.getANumber();
-            if(result == 42) {
-                return true;
-            } else {
-                return false;
-            }
-        }
-        else
-        {
-            return false;
-        }
-    }
-
-    public static void main(String[] args)
-    {
-        // ensure that A, B are referenced explicitly
-        // in order to get them converted into GOTO
-        A a = new A();
-        B b = new B();
-    }
-}
diff --git a/regression/cbmc-java/instance-method-user-interface-field/test.desc b/regression/cbmc-java/instance-method-user-interface-field/test.desc
deleted file mode 100644
index da1f8c687ee..00000000000
--- a/regression/cbmc-java/instance-method-user-interface-field/test.desc
+++ /dev/null
@@ -1,5 +0,0 @@
-CORE
-TestClass.class
---cover location --function TestClass.foo --show-goto-functions
-\.someObject = \(struct I \*\)\w+
-@class_identifier = "java::A";
diff --git a/regression/cbmc-java/instance-method-user-interface-two-fields-different/A.class b/regression/cbmc-java/instance-method-user-interface-two-fields-different/A.class
deleted file mode 100644
index 86d25a78c288902109861e3598f73679d860a758..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 347
zcmZusO-sW-6r4?ytckI<_3P?UJ(!C(MF@q05cFW_eG`|uB_@z;{Z(EBLGa)Y@JET0
zRS?0$8{W)&^O*PX`SuRr3<oiM>_iw~S7J|MUqT89#kvv*FHCLhrNH3mcp>0Vn>#JA
zots);uOABC&Q(!SndD8Ws)cGz&woVU-kXlrJUbVNm)d6E9(Rq$<J)H4mU?FT3&XkY
z?6gu{ce+xKD!~S#1fdI)35<F%tyH~CZ;F*JEe;vkhd{t$P)NSxvFIa@*`;m*1ShW$
n&u+X)3@P`R5EIu2*us#EpJ7D&Ykq<E#G!{@bM&uy?6xLfaMUse

diff --git a/regression/cbmc-java/instance-method-user-interface-two-fields-different/B.class b/regression/cbmc-java/instance-method-user-interface-two-fields-different/B.class
deleted file mode 100644
index 09103c22aac6a03a430d8b26e869b6fe32fae16c..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 347
zcmZusO-sW-5Pg#-SsP=l_3P?UJ(!EPN}(+Xg`fvZ@0+;PEir*)>#y=62n7%Rfc~iB
z>?(*L%bT5fZ{9Go*?xQixW;J&ABSCZa3pXna3UZGlryG;@J3hK3<;g{i#frc)Q^g=
zpXo~7t)6q$%w%3N)6eQcmUG!?TmO*0dD1Ogv+;lsEtDC3d)zc09zE2nrck%qPDo~|
zHIq`d?bTAg$QV25#t7XqV?xi8X(_8kdY>;<VQ|JP`yd1iUKE1Q@fhsmI^ryK3J_eb
qL2pjp<rp#z#Qbcud4N46{PSh#ar|q3hxf{&hhKB@ulc}r^}hgiSTYm<

diff --git a/regression/cbmc-java/instance-method-user-interface-two-fields-different/C.class b/regression/cbmc-java/instance-method-user-interface-two-fields-different/C.class
deleted file mode 100644
index ee05ffe5f45662bb1644f0b88736920f230803d3..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 351
zcmZus!AiqG6r4?ytc|hOs<lUt>cL!kQv?YJO3;I)_f1^tmY6`Y^{c!Hg5bdq@T0`Z
zDv03W4R7YXdCdFxe0v8l#Uz4{?LK<gk=T_OOY8}Vf^{hno|?+oGlAa0;atE^>pLy5
znVCvouO4#U%v4@d8D({$%DHMx$A3iM-kX-zEIkp37TTVFd)zf1k8bN#Q|JrRT^P)C
zYtvG-?eS7Qsu*kN#|R-ABo!ETVp6JVk=*1<U0BLj*k^1X0s)I*A^DQWqL(~km$(TK
s9KAw3yYV_PqzsG^6Jys0*ua2{-(g7nYkq<E#G!{@^W<OimfISA0d^)bhyVZp

diff --git a/regression/cbmc-java/instance-method-user-interface-two-fields-different/D.class b/regression/cbmc-java/instance-method-user-interface-two-fields-different/D.class
deleted file mode 100644
index 916313b41a4a06a1ca082ec3255fb170bdea4e86..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 351
zcmZusO-sW-6r4?ytc|hO`UxU<R1fCjO%bF;P=X#Ty>HT`ZixvbTYr@oK@dFn1N>3q
zWEDj4@P;?@-aO`ge7?N{IKfT?AM0IoupzN2u_duBAf~J<f$+?f#-0mw4h|;*{;-;A
zfz{NM`eyNv>3XcPg32JRa#c)JZCd^#`u5&5w5Fp|foP`f#ka>@<MHUOTGY9|H0_1n
zST}Z9sHQodt49@M3EdbWB!i3u`mLB0s+=Xa*<9zA@-_Au+lN5FVpvGN<gw@_kJu${
u0t82|5YKMBObjUlyNHRg>jSKyN5=2aC;m0Rz<c7*!>@VoU-O#V8hinJTr!ma

diff --git a/regression/cbmc-java/instance-method-user-interface-two-fields-different/I.class b/regression/cbmc-java/instance-method-user-interface-two-fields-different/I.class
deleted file mode 100644
index ad5d429af3b107c5dd117be3d92107e8b212ecb8..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 118
zcmX^0Z`VEs1_l!bPId-%b_Nbc2Cnqf5=Xz%+@#bZMh0dLO;4auaDHh~a;jTqPAVe<
zUr1_kiE~b3aj{-jVp$?110zs{0EnrdlbDyT@1K;Fnq0!hz`)4B1T+~)vjELuU;(ih
KSb-!H0~-LnR2Ucl

diff --git a/regression/cbmc-java/instance-method-user-interface-two-fields-different/J.class b/regression/cbmc-java/instance-method-user-interface-two-fields-different/J.class
deleted file mode 100644
index c3180580ad6c62f88a4e479c5656956d9c0d4702..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 118
zcmX^0Z`VEs1_l!bPId-%b_Nbc2Cnqf5=Xz%+@#bZMh0dLO;4auaDHh~a;jTqPAVe<
zUr1_kiE~b3aj{-jVp$?11EUusg8+!BpOcuEuJ50em6}|_#=yYHzyvfINV5RVVPFBV
L7+8TM69XFny@nVW

diff --git a/regression/cbmc-java/instance-method-user-interface-two-fields-different/TestClass.class b/regression/cbmc-java/instance-method-user-interface-two-fields-different/TestClass.class
deleted file mode 100644
index bce9ce9e330749880a78e3bc338b5d242e3ab7cd..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 836
zcmZuv(QXn!6g|T(EG%2VwxZUmt%zl*6sc%iKn<laX|t^lG&SneLRZ`htbwh6;Xn8R
zzL*%BO5$T5{3zp@rIwg9o0)s=-8=W3duM+C`S}Y#8BcYjP>3Ok6}c7Tc!*LQt0-xB
zq$7fYhO&;Rw2yV@(mv5)pdf!TX-&hrKz!)+oR_U5r|p*n6l=TsUu;#zb{LD)+`j8S
zqnk4i1k{Fi=m;b&x9{v7_gc<i-)?monYO&P-94}euJq4?s{h^{vaYr74E;ve9u8Si
zdFOdSxi<n+P2X;R*tI|YJJ7S;zCb$n);h93*~PBi?-ZN<!0mUc0lhuwu;9!kzXgOX
zMb}9oS`uwa)Rw3r(V;|JM0(RZ9<-eouGF2lkhUTj4O~Uqz!gjzn8B=u4FeTaHPl$4
z&b7(a;Mx+1T^toiP2`S;%9L$VbsWDwo)g(~CPQKe3%s`!FEa!onTXgDW@!~J3ZQ?D
zs7Nbl!}$}4Zv-J+=N<`y3%EgSj1w@2oAd<caf`b=+zZMBX8t=uXUNbfXPB4XDO3UJ
zpCT;q1!488!jFfPfFO-9@qHwaLk1?YSjG~c*@VzMC%nx(6`?GLfjjJLO#PYEvcl2`
zk=G~CtP!HLvE31L+W6iG2JKWuUH*Z@t4U{b><w7s<6Y-~HYlcoMbs$ec|cwsmu2iO
j^P;58;2ud+>^RFTIiDn@=Ge$0YnjMXo}hd=y9a*(CqRP-

diff --git a/regression/cbmc-java/instance-method-user-interface-two-fields-different/TestClass.java b/regression/cbmc-java/instance-method-user-interface-two-fields-different/TestClass.java
deleted file mode 100644
index 7f2f00d6f52..00000000000
--- a/regression/cbmc-java/instance-method-user-interface-two-fields-different/TestClass.java
+++ /dev/null
@@ -1,61 +0,0 @@
-interface I
-{
-    int getANumber();
-}
-
-class A implements I {
-    public int a;
-
-    public int getANumber() { return a; }
-}
-
-class B implements I {
-    public int b;
-    public int getANumber() { return b; }
-}
-
-interface J
-{
-    int getANumber();
-}
-
-class C implements J {
-    public int c;
-    public int getANumber() { return c; }
-}
-
-class D implements J {
-    public int d;
-    public int getANumber() { return d; }
-}
-
-class TestClass
-{
-    public I someObject1;
-    public J someObject2;
-
-    public boolean foo() {
-        if(someObject1 != null && someObject2 != null)
-        {
-            if(someObject1.getANumber() == someObject2.getANumber()) {
-                return true;
-            } else {
-                return false;
-            }
-        }
-        else
-        {
-            return false;
-        }
-    }
-
-    public static void main(String[] args)
-    {
-        // ensure that A, B, C, D are referenced explicitly
-        // in order to get them converted into GOTO
-        A a = new A();
-        B b = new B();
-        C c = new C();
-        D d = new D();
-    }
-}
diff --git a/regression/cbmc-java/instance-method-user-interface-two-fields-different/test.desc b/regression/cbmc-java/instance-method-user-interface-two-fields-different/test.desc
deleted file mode 100644
index 2ea5b2f5224..00000000000
--- a/regression/cbmc-java/instance-method-user-interface-two-fields-different/test.desc
+++ /dev/null
@@ -1,7 +0,0 @@
-CORE
-TestClass.class
---cover location --function TestClass.foo --show-goto-functions
-@class_identifier = "java::A";
-@class_identifier = "java::C";
-.someObject1 = \(struct I \*\)
-.someObject2 = \(struct J \*\)
diff --git a/regression/cbmc-java/static-method-user-interface-param/A.class b/regression/cbmc-java/static-method-user-interface-param/A.class
deleted file mode 100644
index 86d25a78c288902109861e3598f73679d860a758..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 347
zcmZusO-sW-6r4?ytckI<_3P?UJ(!C(MF@q05cFW_eG`|uB_@z;{Z(EBLGa)Y@JET0
zRS?0$8{W)&^O*PX`SuRr3<oiM>_iw~S7J|MUqT89#kvv*FHCLhrNH3mcp>0Vn>#JA
zots);uOABC&Q(!SndD8Ws)cGz&woVU-kXlrJUbVNm)d6E9(Rq$<J)H4mU?FT3&XkY
z?6gu{ce+xKD!~S#1fdI)35<F%tyH~CZ;F*JEe;vkhd{t$P)NSxvFIa@*`;m*1ShW$
n&u+X)3@P`R5EIu2*us#EpJ7D&Ykq<E#G!{@bM&uy?6xLfaMUse

diff --git a/regression/cbmc-java/static-method-user-interface-param/B.class b/regression/cbmc-java/static-method-user-interface-param/B.class
deleted file mode 100644
index 09103c22aac6a03a430d8b26e869b6fe32fae16c..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 347
zcmZusO-sW-5Pg#-SsP=l_3P?UJ(!EPN}(+Xg`fvZ@0+;PEir*)>#y=62n7%Rfc~iB
z>?(*L%bT5fZ{9Go*?xQixW;J&ABSCZa3pXna3UZGlryG;@J3hK3<;g{i#frc)Q^g=
zpXo~7t)6q$%w%3N)6eQcmUG!?TmO*0dD1Ogv+;lsEtDC3d)zc09zE2nrck%qPDo~|
zHIq`d?bTAg$QV25#t7XqV?xi8X(_8kdY>;<VQ|JP`yd1iUKE1Q@fhsmI^ryK3J_eb
qL2pjp<rp#z#Qbcud4N46{PSh#ar|q3hxf{&hhKB@ulc}r^}hgiSTYm<

diff --git a/regression/cbmc-java/static-method-user-interface-param/I.class b/regression/cbmc-java/static-method-user-interface-param/I.class
deleted file mode 100644
index ad5d429af3b107c5dd117be3d92107e8b212ecb8..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 118
zcmX^0Z`VEs1_l!bPId-%b_Nbc2Cnqf5=Xz%+@#bZMh0dLO;4auaDHh~a;jTqPAVe<
zUr1_kiE~b3aj{-jVp$?110zs{0EnrdlbDyT@1K;Fnq0!hz`)4B1T+~)vjELuU;(ih
KSb-!H0~-LnR2Ucl

diff --git a/regression/cbmc-java/static-method-user-interface-param/TestClass.class b/regression/cbmc-java/static-method-user-interface-param/TestClass.class
deleted file mode 100644
index 40b782a3bd139249d570f73c7b7f0b666be63d48..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 691
zcmZutO>fgs5S(W_apR<Ingj=0K0*qu?ILpFmI^7YgcQkzL#kH5g_qO>7sp1n!|&k-
zaN$A)l{j+XCn1EG=k()(EqnLP?#|4<Uw^;<0PqAm7Aojgv55yJ9$L`RHL+!(gswUe
z+&19|ly}28%%2MAj(a3v>?bFIz^Wg{!SnfS9HfVG91&^w$wWp+G7Z)F0yOe>VJ1-Z
z4}&b<k7SnhN%S^J$m{sSzWa(v8f5b*7Z5`MD@$g<i}7hNA)vEEV0o0w$@>HO;gWME
z!&ty}Ui+u=qwGa8p7ut08phLp;ZUYiYBv8<riN6s1Ja7I%J!I9qhy{=f@h&xW97=}
zW5r&Bg{p~G4K6$m4fyQ|RIa)N>entVja$<oA1rQ%B91#m2TQze_2~S_34t239;09^
zd1nw`m}pq$zg&Q8SYcjUG+-5Vo+?;FgNPcA*{w0Qy`N}#-=GQXZq&U`C>fu1zAWhl
z-8u<@77W-_Zj<6BnpnpT+$$t((p2fH$sXmV&5B(_C8+&DQ~YM3!m(Qy+HW|bR<X~a
zzdVECpQFTBKG^vR^Z0s`21S7_uD?zHE{Pu%lAXmgO>D5fMC>;1kh@N+cWFyw-eE<<
F{eNO3Z%F_E

diff --git a/regression/cbmc-java/static-method-user-interface-param/TestClass.java b/regression/cbmc-java/static-method-user-interface-param/TestClass.java
deleted file mode 100644
index ba04482cb04..00000000000
--- a/regression/cbmc-java/static-method-user-interface-param/TestClass.java
+++ /dev/null
@@ -1,42 +0,0 @@
-interface I
-{
-    int getANumber();
-}
-
-class A implements I {
-    public int a;
-
-    public int getANumber() { return a; }
-}
-
-class B implements I {
-    public int b;
-    public int getANumber() { return b; }
-}
-
-class TestClass
-{
-    public static boolean foo(I someObject) {
-        if(someObject!=null)
-        {
-            int result = someObject.getANumber();
-            if(result == 42) {
-                return true;
-            } else {
-                return false;
-            }
-        }
-        else
-        {
-            return false;
-        }
-    }
-
-    public static void main(String[] args)
-    {
-        // ensure that A, B are referenced explicitly
-        // in order to get them converted into GOTO
-        A a = new A();
-        B b = new B();
-    }
-}
diff --git a/regression/cbmc-java/static-method-user-interface-param/test.desc b/regression/cbmc-java/static-method-user-interface-param/test.desc
deleted file mode 100644
index ff70e7d9ed2..00000000000
--- a/regression/cbmc-java/static-method-user-interface-param/test.desc
+++ /dev/null
@@ -1,6 +0,0 @@
-CORE
-TestClass.class
---cover location --function TestClass.foo --show-goto-functions
-@class_identifier = "java::A";
- = \(struct I \*\)
-tmp_object_factory\$\d+ = null;
diff --git a/regression/cbmc-java/static-method-user-interface-two-params-different/A.class b/regression/cbmc-java/static-method-user-interface-two-params-different/A.class
deleted file mode 100644
index 57be332d7178ca59386bd97451a21cc915de137c..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 347
zcmZusO-sW-6r4?yY#U>(_3P?UJ(!EPiVz9~A?U%<`z9`ROH3fy`m4MMg5bd);E$3{
zRzU<0Z+J8B&12r@*ZT*63mir8u{S^u`w|BdhZ0giDAu(=cxftQuLOE0rwajpTHkAd
zoy=7FX8oA!X0Gy*$~dbFRW4LxI{qX2_QABYX6ZyAT56kqd)zf1kM8PqQ|OuLE)3_o
zwbN3y?fFVQsTh3>VuUVCDlqEAq*T>1xy@I)usCL99|8f3K_U5$$D)rsVwboH5S+b1
oytwfeF{IpKOpIM0U>id+eufe8ulW_;Glw32&HaDPyKZZ|0dTi61poj5

diff --git a/regression/cbmc-java/static-method-user-interface-two-params-different/B.class b/regression/cbmc-java/static-method-user-interface-two-params-different/B.class
deleted file mode 100644
index a4af6b766822b09f8b2e2cf0d8878dab242697a7..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 347
zcmZvXPfNo<5XIl7N!F%mt@Yp4qk1qGZxx{}2tv?<rT0x->Xw*5vh`DW5d^`5AHWY)
zd|CA%c$i_{oB0hhpPTm&0OvT2;A6Lo4)!GWB@QH{fXEov0^x-zjlC4;9G@%%{8@Fc
z1-4UD>YMdrrt7)N3Ob{-%2lyYwQ2Q_>Dvd>5KX6JfoQ4i<ePEZxIDV6)^)D0OuJz)
z*NvSOs%g$v>Pf}eLN`X}j+qJ!TQezCxlC@emCh}Wc(M<HfWbo{`HsgRM;)<BTn7kF
r-ymLGyT=^T26~8@V^;_0V?f2vFl7D<zruTF(<AZ=_y2`=+|=j`b>T7+

diff --git a/regression/cbmc-java/static-method-user-interface-two-params-different/C.class b/regression/cbmc-java/static-method-user-interface-two-params-different/C.class
deleted file mode 100644
index 412c7c05a6c06fca1b5d4d0e933f4b46cb98202a..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 351
zcmZus!AiqG6r4?ytc|hOYOP0)>cL!kQv?YJO3;I)_f1^tmY6`Y^{c!Hg5bdq@T0`Z
zDv03W4R7YXdCdFxe0v8l#a;v-+kNz~BQciPm6!;Kf^{hno|?+oGlAa0;atE^>pLy5
znVCvouO4#U%v4@d8D({$%DHMx$A3iM-kX-zEIkp37TTVFd)zf1k8bN#Q|JrRT^P)C
zYtvG-?eS7Qsu*kN#|R-ABo!ETVp6JVk=*1<U0BLj*k^1X0s)I*A^DQWqL(~km$(TK
s9KAw3yYV_PqzsG^6Jys0*ua2{-(g7nYkq<E#G!{@^W<OimfISA0d=o3h5!Hn

diff --git a/regression/cbmc-java/static-method-user-interface-two-params-different/D.class b/regression/cbmc-java/static-method-user-interface-two-params-different/D.class
deleted file mode 100644
index e15180a7178729ee0dc76561d54d0be9c2242518..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 351
zcmZusO-sW-6r4?ytc|hO`iXe(s2<G4n<7YypaeZwdf%i=-4YW>w*D$Ff*^SC2l%7J
z$tsB8;SF!*y?M<0_<VZ@aDtr(KGwVFU_)Y4VoPFMKulRz0^yk{jXf9W92`yr{9!fK
z0;{Ph_08fT)Ad+o1(iWs<*Jyd+O+&f^zFTAXiZ0_0?|y{i*Jv+#^cdlwWxD_Y1#|D
zv2N_JP)&0@SC1;j61p)$NCp`R^jk40R5?p-v$@VK<!kISwhw`T#juck$z#z=9<fW@
u1PG2^A)eiMnHW+Ab`cX}*9TZZkBr};PyB0sf%n9rhhOvFzveZ!HTVL0<ua21

diff --git a/regression/cbmc-java/static-method-user-interface-two-params-different/I.class b/regression/cbmc-java/static-method-user-interface-two-params-different/I.class
deleted file mode 100644
index ad5d429af3b107c5dd117be3d92107e8b212ecb8..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 118
zcmX^0Z`VEs1_l!bPId-%b_Nbc2Cnqf5=Xz%+@#bZMh0dLO;4auaDHh~a;jTqPAVe<
zUr1_kiE~b3aj{-jVp$?110zs{0EnrdlbDyT@1K;Fnq0!hz`)4B1T+~)vjELuU;(ih
KSb-!H0~-LnR2Ucl

diff --git a/regression/cbmc-java/static-method-user-interface-two-params-different/J.class b/regression/cbmc-java/static-method-user-interface-two-params-different/J.class
deleted file mode 100644
index c3180580ad6c62f88a4e479c5656956d9c0d4702..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 118
zcmX^0Z`VEs1_l!bPId-%b_Nbc2Cnqf5=Xz%+@#bZMh0dLO;4auaDHh~a;jTqPAVe<
zUr1_kiE~b3aj{-jVp$?11EUusg8+!BpOcuEuJ50em6}|_#=yYHzyvfINV5RVVPFBV
L7+8TM69XFny@nVW

diff --git a/regression/cbmc-java/static-method-user-interface-two-params-different/TestClass.class b/regression/cbmc-java/static-method-user-interface-two-params-different/TestClass.class
deleted file mode 100644
index fb9f3540d9861037e9ba186fccc7223cd52a0864..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 804
zcmZuv-%ry}7(KV`R@MzRL8nY{g35kWn7}}^#$=3`uoQe4!KhDnrOv{(nyvU>_&@ju
z_~MHMm-xtof0Xgu4Iw7Bx&2Ph_uX^8@3y~w|M&@@il-K)U?=eiOGzwa$wbA10o%l5
z3vm@!EKI1lYQci7k}O&?Q5A?k4|+lLLO?H;4g`#Pc<2kH-Js|1opf7%e_ysbWTxHF
zlbr+E57hewX+$4_fk4vT_XknEBL@SALhr*+AW?L89Jk?=-ZDQ3yZ)=zk?%z-%ro&1
zx2m`XxyfcEz2jZ^@vnSW20ejn@tu1lKgmi*_S%(Z)DL=XXVk3hw`o7~pR|CGO14H>
z(NbtjAy1*YLWc@%6Isphr0@AJ12yH;<si$-F@-cTCe~Bfz!MXj+*jk;;;M6PbIi*P
z0-38O$HTH@hX!pws*TT*p2ZR=(ZD@S@~f#!=b{Y+t`Suj1!Jsy3h|9V!!)1q5t+vf
zacW$E>$t(U1hTkEMr}T3wZ=GCK1a?zN49(hO~5{bF7O30<Eze_1^P%dix}|&|BVNf
zc!*gPaGSr8GRcmGaEq+E=8$7f;100?ZI+{xyL(~$nbk_GFof~u6ft**IHS2c!~|nv
zZwQMq`OL7tBlY@ft{f)=*4RRoN3c%24a{Q`i*QD5RL8Q&^T5EWJhKZl&9LG7Y+K`w
VG+STfNb}Sxpvd+FO03pU{sRGFe|!J{

diff --git a/regression/cbmc-java/static-method-user-interface-two-params-different/TestClass.java b/regression/cbmc-java/static-method-user-interface-two-params-different/TestClass.java
deleted file mode 100644
index 5228b22ae58..00000000000
--- a/regression/cbmc-java/static-method-user-interface-two-params-different/TestClass.java
+++ /dev/null
@@ -1,57 +0,0 @@
-interface I
-{
-    int getANumber();
-}
-
-class A implements I {
-    public int a;
-    public int getANumber() { return a; }
-}
-
-class B implements I {
-    public int b;
-    public int getANumber() { return b; }
-}
-
-interface J
-{
-    int getANumber();
-}
-
-class C implements J {
-    public int c;
-    public int getANumber() { return c; }
-}
-
-class D implements J {
-    public int d;
-    public int getANumber() { return d; }
-}
-
-class TestClass
-{
-    public static boolean foo(I someObject1, J someObject2) {
-        if(someObject1 != null && someObject2 != null)
-        {
-            if(someObject1.getANumber() == someObject2.getANumber()) {
-                return true;
-            } else {
-                return false;
-            }
-        }
-        else
-        {
-            return false;
-        }
-    }
-
-    public static void main(String[] args)
-    {
-        // ensure that A, B, C, D are referenced explicitly
-        // in order to get them converted into GOTO
-        A a = new A();
-        B b = new B();
-        C c = new C();
-        D d = new D();
-    }
-}
diff --git a/regression/cbmc-java/static-method-user-interface-two-params-different/test.desc b/regression/cbmc-java/static-method-user-interface-two-params-different/test.desc
deleted file mode 100644
index 2db59134dd0..00000000000
--- a/regression/cbmc-java/static-method-user-interface-two-params-different/test.desc
+++ /dev/null
@@ -1,8 +0,0 @@
-CORE
-TestClass.class
---cover location --function TestClass.foo --show-goto-functions
-@class_identifier = "java::A";
- = \(struct I \*\)
-@class_identifier = "java::C";
- = \(struct J \*\)
-tmp_object_factory\$\d+ = null;
diff --git a/regression/cbmc-java/static-method-user-interface-two-params-same/A.class b/regression/cbmc-java/static-method-user-interface-two-params-same/A.class
deleted file mode 100644
index 86d25a78c288902109861e3598f73679d860a758..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 347
zcmZusO-sW-6r4?ytckI<_3P?UJ(!C(MF@q05cFW_eG`|uB_@z;{Z(EBLGa)Y@JET0
zRS?0$8{W)&^O*PX`SuRr3<oiM>_iw~S7J|MUqT89#kvv*FHCLhrNH3mcp>0Vn>#JA
zots);uOABC&Q(!SndD8Ws)cGz&woVU-kXlrJUbVNm)d6E9(Rq$<J)H4mU?FT3&XkY
z?6gu{ce+xKD!~S#1fdI)35<F%tyH~CZ;F*JEe;vkhd{t$P)NSxvFIa@*`;m*1ShW$
n&u+X)3@P`R5EIu2*us#EpJ7D&Ykq<E#G!{@bM&uy?6xLfaMUse

diff --git a/regression/cbmc-java/static-method-user-interface-two-params-same/B.class b/regression/cbmc-java/static-method-user-interface-two-params-same/B.class
deleted file mode 100644
index 09103c22aac6a03a430d8b26e869b6fe32fae16c..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 347
zcmZusO-sW-5Pg#-SsP=l_3P?UJ(!EPN}(+Xg`fvZ@0+;PEir*)>#y=62n7%Rfc~iB
z>?(*L%bT5fZ{9Go*?xQixW;J&ABSCZa3pXna3UZGlryG;@J3hK3<;g{i#frc)Q^g=
zpXo~7t)6q$%w%3N)6eQcmUG!?TmO*0dD1Ogv+;lsEtDC3d)zc09zE2nrck%qPDo~|
zHIq`d?bTAg$QV25#t7XqV?xi8X(_8kdY>;<VQ|JP`yd1iUKE1Q@fhsmI^ryK3J_eb
qL2pjp<rp#z#Qbcud4N46{PSh#ar|q3hxf{&hhKB@ulc}r^}hgiSTYm<

diff --git a/regression/cbmc-java/static-method-user-interface-two-params-same/I.class b/regression/cbmc-java/static-method-user-interface-two-params-same/I.class
deleted file mode 100644
index ad5d429af3b107c5dd117be3d92107e8b212ecb8..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 118
zcmX^0Z`VEs1_l!bPId-%b_Nbc2Cnqf5=Xz%+@#bZMh0dLO;4auaDHh~a;jTqPAVe<
zUr1_kiE~b3aj{-jVp$?110zs{0EnrdlbDyT@1K;Fnq0!hz`)4B1T+~)vjELuU;(ih
KSb-!H0~-LnR2Ucl

diff --git a/regression/cbmc-java/static-method-user-interface-two-params-same/TestClass.class b/regression/cbmc-java/static-method-user-interface-two-params-same/TestClass.class
deleted file mode 100644
index 10ca4729e9d2891c9c9ad80d42a9107255663ebc..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 697
zcmZuuUr*Ce96h(~R@My|L#u$34F$V3anblTV=_ocmK1#$fuJwk%{mKPYue)H@dNO}
zi$qC$<be-GJhw%N3HSEid+zVgIltfS)%EW`0N%j0P(rheH9Rx%+=7m#iFFGFG}VR1
z4HGW}if@B3NZ$$QPHRuV*or>;0`p!F`tMJsLqFb?!wD@lFB-|oo{R%^zcCu=*B}un
zd%J#;ZcSv8bV>9jiUdlI*YEOceWX8$rv8WFkv~db(NF7tw$}o)gH(==cjUK!#8VlB
z0=DzXJCfgJXClLKXOPB0IPPX;%6LrS#e3WWLMo9SMZ{2{O(JU$ox~%5J5asM-In`O
zu~%TBY{IFag*KCVT$}9RHcFs+S4G|jL;7SL`)MzKCJH&NJ{p+eyQ`sdkrx6Lq7F~N
zv(P?=I3v(7%e|Nx7cfU$$pbKtDsLq$phk;IK4!GWv);bMvU>@;{R^6ao9#bPFiv$&
z2Iv{7&7TZBU?nylaV~ML;Atje=R{bfUyV8*67i*p4QNYjn;DO9gbx|5`miscADqMR
zE>PfE+;M-x+`nt1##~^XiW@B6A*Y+EHS%ogFVjCm+X|kLyUNDvtVknXrAI^KFPQ6b
AQ~&?~

diff --git a/regression/cbmc-java/static-method-user-interface-two-params-same/TestClass.java b/regression/cbmc-java/static-method-user-interface-two-params-same/TestClass.java
deleted file mode 100644
index 145dce70525..00000000000
--- a/regression/cbmc-java/static-method-user-interface-two-params-same/TestClass.java
+++ /dev/null
@@ -1,41 +0,0 @@
-interface I
-{
-    int getANumber();
-}
-
-class A implements I {
-    public int a;
-
-    public int getANumber() { return a; }
-}
-
-class B implements I {
-    public int b;
-    public int getANumber() { return b; }
-}
-
-class TestClass
-{
-    public static boolean foo(I someObject1, I someObject2) {
-        if(someObject1 != null && someObject2 != null)
-        {
-            if(someObject1.getANumber() == someObject2.getANumber()) {
-                return true;
-            } else {
-                return false;
-            }
-        }
-        else
-        {
-            return false;
-        }
-    }
-
-    public static void main(String[] args)
-    {
-        // ensure that A, B are referenced explicitly
-        // in order to get them converted into GOTO
-        A a = new A();
-        B b = new B();
-    }
-}
diff --git a/regression/cbmc-java/static-method-user-interface-two-params-same/test.desc b/regression/cbmc-java/static-method-user-interface-two-params-same/test.desc
deleted file mode 100644
index ff70e7d9ed2..00000000000
--- a/regression/cbmc-java/static-method-user-interface-two-params-same/test.desc
+++ /dev/null
@@ -1,6 +0,0 @@
-CORE
-TestClass.class
---cover location --function TestClass.foo --show-goto-functions
-@class_identifier = "java::A";
- = \(struct I \*\)
-tmp_object_factory\$\d+ = null;
diff --git a/src/goto-programs/convert_nondet.cpp b/src/goto-programs/convert_nondet.cpp
index 5b7935470ef..86d0d8c80eb 100644
--- a/src/goto-programs/convert_nondet.cpp
+++ b/src/goto-programs/convert_nondet.cpp
@@ -14,6 +14,7 @@ Author: Reuben Thomas, reuben.thomas@diffblue.com
 #include "goto-programs/goto_model.h"
 #include "goto-programs/remove_skip.h"
 
+#include <memory>
 #include "java_bytecode/java_object_factory.h" // gen_nondet_init
 
 #include "util/irep_ids.h"
@@ -88,6 +89,7 @@ static goto_programt::targett insert_nondet_init_code(
     allocation_typet::DYNAMIC,
     !nullable,
     max_nondet_array_length,
+    std::make_shared<select_pointer_typet>(),
     update_in_placet::NO_UPDATE_IN_PLACE);
 
   // Convert this code into goto instructions
diff --git a/src/java_bytecode/Makefile b/src/java_bytecode/Makefile
index ba28e401492..f96913f967f 100644
--- a/src/java_bytecode/Makefile
+++ b/src/java_bytecode/Makefile
@@ -2,7 +2,6 @@ SRC = bytecode_info.cpp \
       character_refine_preprocess.cpp \
       ci_lazy_methods.cpp \
       expr2java.cpp \
-      get_concrete_class_alphabetically.cpp \
       jar_file.cpp \
       java_bytecode_convert_class.cpp \
       java_bytecode_convert_method.cpp \
diff --git a/src/java_bytecode/get_concrete_class_alphabetically.cpp b/src/java_bytecode/get_concrete_class_alphabetically.cpp
deleted file mode 100644
index 01bf6519e21..00000000000
--- a/src/java_bytecode/get_concrete_class_alphabetically.cpp
+++ /dev/null
@@ -1,123 +0,0 @@
-/*******************************************************************\
-
-Module: Java Bytecode Language Conversion
-
-Author: DiffBlue Limited. All rights reserved.
-
-\*******************************************************************/
-
-/// \file
-/// Select a subclass of the provided type, picking the alphabetically first
-
-#include "get_concrete_class_alphabetically.h"
-
-#include <algorithm>
-
-#include <util/invariant.h>
-#include <util/namespace.h>
-#include <util/std_types.h>
-#include <util/symbol_table.h>
-
-#include <goto-programs/class_hierarchy.h>
-
-/// Get type the pointer is pointing to, replacing it with a concrete
-/// implementation when it is abstract.
-/// \param `pointer_type`: The type of the pointer
-/// \return The subtype of the pointer. If this is an abstract class then we
-///   will randomly select a concrete child class.
-pointer_typet get_concrete_class_alphabeticallyt::operator()(
-  const pointer_typet &pointer_type)
-{
-  const typet &subtype=ns.follow(pointer_type.subtype());
-  INVARIANT(subtype.id()==ID_struct,
-    "Can only find derived classes of class types");
-
-  const class_typet &class_type=to_class_type(subtype);
-  INVARIANT(class_type.is_class(),
-    "Can only find derived classes of class types");
-
-  const class_typet &selected_subtype=select_concrete_type(class_type);
-
-  // If we've not selected a subtype (i.e. there aren't any) we should
-  // return the original unmodified type
-  if(selected_subtype==class_type)
-  {
-    return pointer_type;
-  }
-
-  // Recreate the pointer_type as it was before
-  if(pointer_type.subtype().id()==ID_symbol)
-  {
-    INVARIANT(
-      ns.get_symbol_table().has_symbol(selected_subtype.get(ID_name)),
-      "Selected a type that wasn't in the symbol table");
-
-    symbol_typet symbol_subtype(selected_subtype.get(ID_name));
-
-    return pointer_typet(symbol_subtype);
-  }
-  else
-  {
-    return pointer_typet(selected_subtype);
-  }
-}
-
-/// Select the alphabetically first concrete sub-class of an abstract class or
-/// interface This can be then used when analyzing the function.
-/// \param `abstract_type`: an class type that is abstract (i.e. either an
-///   interface or a abstract class).
-/// \return A class_typet that the GOTO code should instantiate to fill this
-///   type. This will be a concrete type unless no concrete types are found that
-///   inherit from the abstract_type. `
-class_typet get_concrete_class_alphabeticallyt::select_concrete_type(
-  const class_typet &abstract_type)
-{
-  const symbol_tablet &symbol_table=ns.get_symbol_table();
-  // abstract class - we should find a derived class ideally to test with
-  class_hierarchyt class_hierachy;
-  class_hierachy(symbol_table);
-  class_hierarchyt::idst child_ids=
-    class_hierachy.get_children_trans(abstract_type.get_string(ID_name));
-
-  // filter out abstract classes
-  class_hierarchyt::idst concrete_childen;
-  std::copy_if(
-    child_ids.begin(),
-    child_ids.end(),
-    std::back_inserter(concrete_childen),
-    [&] (const irep_idt &child_class_id)
-    {
-      const symbolt &type_symbol=symbol_table.lookup(child_class_id);
-      const class_typet &child_type=to_class_type(type_symbol.type);
-      return child_type.is_class() && !child_type.is_abstract();
-    });
-
-
-  if(!concrete_childen.empty())
-  {
-    // Alphabetize the list
-    std::sort(
-      concrete_childen.begin(),
-      concrete_childen.end(),
-      [](const irep_idt &a, const irep_idt &b)
-      {
-        return a.compare(b)<0;
-      });
-
-    const symbolt &type_symbol=
-      symbol_table.lookup(concrete_childen.front());
-    INVARIANT(
-      type_symbol.type.id()==ID_struct,
-      "Should always substitute a class type");
-
-    const class_typet &child_type=to_class_type(type_symbol.type);
-    INVARIANT(child_type.is_class(), "Should always substitute a class type");
-    return child_type;
-  }
-  else
-  {
-    // else no children in the symbol table - here the best we can do is
-    // mock the interface/abstract object
-    return abstract_type;
-  }
-}
diff --git a/src/java_bytecode/get_concrete_class_alphabetically.h b/src/java_bytecode/get_concrete_class_alphabetically.h
deleted file mode 100644
index 08f2c00ec50..00000000000
--- a/src/java_bytecode/get_concrete_class_alphabetically.h
+++ /dev/null
@@ -1,32 +0,0 @@
-/*******************************************************************\
-
-Module: Java Bytecode Language Conversion
-
-Author: DiffBlue Limited. All rights reserved.
-
-\*******************************************************************/
-
-/// \file
-/// Select a subclass of the provided type, picking the alphabetically first
-
-#ifndef CPROVER_JAVA_BYTECODE_GET_CONCRETE_CLASS_ALPHABETICALLY_H
-#define CPROVER_JAVA_BYTECODE_GET_CONCRETE_CLASS_ALPHABETICALLY_H
-
-#include <util/std_types.h>
-
-class namespacet;
-
-class get_concrete_class_alphabeticallyt
-{
-public:
-  explicit get_concrete_class_alphabeticallyt(const namespacet &ns):ns(ns)
-  {}
-
-  pointer_typet operator()(const pointer_typet &pointer_type);
-
-private:
-  const namespacet &ns;
-  class_typet select_concrete_type(const class_typet &abstract_type);
-};
-
-#endif // CPROVER_JAVA_BYTECODE_GET_CONCRETE_CLASS_ALPHABETICALLY_H
diff --git a/src/java_bytecode/java_bytecode_instrument.cpp b/src/java_bytecode/java_bytecode_instrument.cpp
index 79b89eebe60..1720723e84c 100644
--- a/src/java_bytecode/java_bytecode_instrument.cpp
+++ b/src/java_bytecode/java_bytecode_instrument.cpp
@@ -114,7 +114,8 @@ codet java_bytecode_instrumentt::throw_exception(
       symbol_table,
       max_array_length,
       allocation_typet::LOCAL,
-      original_loc);
+      original_loc,
+      std::make_shared<select_pointer_typet>());
   }
   else
     exc=symbol_table.lookup(exc_obj_name).symbol_expr();
diff --git a/src/java_bytecode/java_bytecode_language.cpp b/src/java_bytecode/java_bytecode_language.cpp
index 5ddb17c0df8..a595cbc7411 100644
--- a/src/java_bytecode/java_bytecode_language.cpp
+++ b/src/java_bytecode/java_bytecode_language.cpp
@@ -704,7 +704,8 @@ bool java_bytecode_languaget::final(symbol_tablet &symbol_table)
       main_class,
       get_message_handler(),
       assume_inputs_non_null,
-      max_nondet_array_length));
+      max_nondet_array_length,
+      std::make_shared<select_pointer_typet>()));
 }
 
 void java_bytecode_languaget::show_parse(std::ostream &out)
diff --git a/src/java_bytecode/java_entry_point.cpp b/src/java_bytecode/java_entry_point.cpp
index adb48d98444..316fdaf2f32 100644
--- a/src/java_bytecode/java_entry_point.cpp
+++ b/src/java_bytecode/java_entry_point.cpp
@@ -78,7 +78,8 @@ void java_static_lifetime_init(
   symbol_tablet &symbol_table,
   const source_locationt &source_location,
   bool assume_init_pointers_not_null,
-  unsigned max_nondet_array_length)
+  unsigned max_nondet_array_length,
+  std::shared_ptr<select_pointer_typet> pointer_type_selector)
 {
   symbolt &initialize_symbol=symbol_table.lookup(INITIALIZE);
   code_blockt &code_block=to_code_block(to_code(initialize_symbol.value));
@@ -119,7 +120,8 @@ void java_static_lifetime_init(
           symbol_table,
           max_nondet_array_length,
           allocation_typet::GLOBAL,
-          source_location);
+          source_location,
+          pointer_type_selector);
         code_assignt assignment(sym.symbol_expr(), newsym);
         code_block.add(assignment);
       }
@@ -138,7 +140,8 @@ exprt::operandst java_build_arguments(
   code_blockt &init_code,
   symbol_tablet &symbol_table,
   bool assume_init_pointers_not_null,
-  unsigned max_nondet_array_length)
+  size_t max_nondet_array_length,
+  std::shared_ptr<select_pointer_typet> pointer_type_selector)
 {
   const code_typet::parameterst &parameters=
     to_code_type(function.type).parameters();
@@ -182,7 +185,8 @@ exprt::operandst java_build_arguments(
         symbol_table,
         max_nondet_array_length,
         allocation_typet::LOCAL,
-        function.location);
+        function.location,
+        pointer_type_selector);
 
     // record as an input
     codet input(ID_input);
@@ -462,7 +466,8 @@ bool java_entry_point(
   const irep_idt &main_class,
   message_handlert &message_handler,
   bool assume_init_pointers_not_null,
-  size_t max_nondet_array_length)
+  size_t max_nondet_array_length,
+  std::shared_ptr<select_pointer_typet> pointer_type_selector)
 {
   // check if the entry point is already there
   if(symbol_table.symbols.find(goto_functionst::entry_point())!=
@@ -485,7 +490,8 @@ bool java_entry_point(
     symbol_table,
     symbol.location,
     assume_init_pointers_not_null,
-    max_nondet_array_length);
+    max_nondet_array_length,
+    pointer_type_selector);
 
   code_blockt init_code;
 
@@ -552,7 +558,8 @@ bool java_entry_point(
       init_code,
       symbol_table,
       assume_init_pointers_not_null,
-      max_nondet_array_length);
+      max_nondet_array_length,
+      pointer_type_selector);
   call_main.arguments()=main_arguments;
 
   init_code.move_to_operands(call_main);
diff --git a/src/java_bytecode/java_entry_point.h b/src/java_bytecode/java_entry_point.h
index 9437ba65d70..ad00254bd22 100644
--- a/src/java_bytecode/java_entry_point.h
+++ b/src/java_bytecode/java_entry_point.h
@@ -10,7 +10,9 @@ Author: Daniel Kroening, kroening@kroening.com
 #ifndef CPROVER_JAVA_BYTECODE_JAVA_ENTRY_POINT_H
 #define CPROVER_JAVA_BYTECODE_JAVA_ENTRY_POINT_H
 
+#include <memory>
 #include <util/irep.h>
+#include <java_bytecode/select_pointer_type.h>
 
 #define JAVA_ENTRY_POINT_RETURN_SYMBOL "return'"
 
@@ -19,7 +21,8 @@ bool java_entry_point(
   const irep_idt &main_class,
   class message_handlert &message_handler,
   bool assume_init_pointers_not_null,
-  size_t max_nondet_array_length);
+  size_t max_nondet_array_length,
+  std::shared_ptr<select_pointer_typet> pointer_type_selector);
 
 typedef struct
 {
diff --git a/src/java_bytecode/java_object_factory.cpp b/src/java_bytecode/java_object_factory.cpp
index 16ca8df8659..0fedf5d7d75 100644
--- a/src/java_bytecode/java_object_factory.cpp
+++ b/src/java_bytecode/java_object_factory.cpp
@@ -10,6 +10,7 @@ Author: Daniel Kroening, kroening@kroening.com
 
 #include <unordered_set>
 #include <sstream>
+#include <memory>
 
 #include <util/arith_tools.h>
 #include <util/fresh_symbol.h>
@@ -57,6 +58,11 @@ class java_object_factoryt
   symbol_tablet &symbol_table;
   namespacet ns;
 
+  /// Resolves pointer types potentially using some heuristics for example
+  /// to replace pointers to interface types with pointers to concrete
+  /// implementations.
+  std::shared_ptr<select_pointer_typet> pointer_type_selector;
+
   void set_null(
     const exprt &expr,
     const pointer_typet &ptr_type);
@@ -85,13 +91,15 @@ class java_object_factoryt
     const source_locationt &loc,
     bool _assume_non_null,
     size_t _max_nondet_array_length,
-    symbol_tablet &_symbol_table):
+    symbol_tablet &_symbol_table,
+    std::shared_ptr<select_pointer_typet> pointer_type_selector):
       symbols_created(_symbols_created),
       loc(loc),
       assume_non_null(_assume_non_null),
       max_nondet_array_length(_max_nondet_array_length),
       symbol_table(_symbol_table),
-      ns(_symbol_table)
+      ns(_symbol_table),
+      pointer_type_selector(pointer_type_selector)
   {}
 
   exprt allocate_object(
@@ -404,9 +412,8 @@ void java_object_factoryt::gen_nondet_pointer_init(
   const pointer_typet &pointer_type,
   const update_in_placet &update_in_place)
 {
-  select_pointer_typet pointer_type_selector(ns);
   const pointer_typet &replacement_pointer_type=
-    pointer_type_selector(pointer_type);
+    pointer_type_selector->convert_pointer_type(pointer_type);
 
   // If we are changing the pointer, we generate code for creating a pointer
   // to the substituted type instead
@@ -947,6 +954,8 @@ static void declare_created_symbols(
 /// \param max_nondet_array_length: upper bound on size of initialised arrays
 /// \param alloc_type: allocation method (global, local or dynamic objects)
 /// \param loc: source location for all generated code
+/// \param pointer_type_selector: The pointer_selector to use to resolve
+///   pointer types where required.
 /// \return A symbol expression repesenting the new object that has been
 ///   created.
 exprt object_factory(
@@ -957,7 +966,8 @@ exprt object_factory(
   symbol_tablet &symbol_table,
   size_t max_nondet_array_length,
   allocation_typet alloc_type,
-  const source_locationt &loc)
+  const source_locationt &loc,
+  std::shared_ptr<select_pointer_typet> pointer_type_selector)
 {
   irep_idt identifier=id2string(goto_functionst::entry_point())+
     "::"+id2string(base_name);
@@ -983,7 +993,8 @@ exprt object_factory(
     loc,
     !allow_null,
     max_nondet_array_length,
-    symbol_table);
+    symbol_table,
+    pointer_type_selector);
   code_blockt assignments;
   state.gen_nondet_init(
     assignments,
@@ -1018,6 +1029,8 @@ exprt object_factory(
 /// \param assume_non_null: never initialise pointer members with null, unless
 ///   forced to by recursive datatypes;
 /// \param max_nondet_array_length: upper bound on size of initialised arrays.
+/// \param pointer_type_selector: The pointer_selector to use to resolve
+///   pointer types where required.
 /// \param update_in_place: NO_UPDATE_IN_PLACE: initialise `expr` from scratch
 ///   MUST_UPDATE_IN_PLACE: reinitialise an existing object MAY_UPDATE_IN_PLACE:
 ///   generate a runtime nondet branch between the NO_ and MUST_ cases.
@@ -1030,6 +1043,7 @@ void gen_nondet_init(
   allocation_typet alloc_type,
   bool assume_non_null,
   size_t max_nondet_array_length,
+  std::shared_ptr<select_pointer_typet> pointer_type_selector,
   update_in_placet update_in_place)
 {
   std::vector<const symbolt *> symbols_created;
@@ -1039,7 +1053,8 @@ void gen_nondet_init(
     loc,
     assume_non_null,
     max_nondet_array_length,
-    symbol_table);
+    symbol_table,
+    pointer_type_selector);
   code_blockt assignments;
   state.gen_nondet_init(
     assignments,
diff --git a/src/java_bytecode/java_object_factory.h b/src/java_bytecode/java_object_factory.h
index a56f0f14e31..b7ec50ecfd1 100644
--- a/src/java_bytecode/java_object_factory.h
+++ b/src/java_bytecode/java_object_factory.h
@@ -6,14 +6,17 @@ Author: Daniel Kroening, kroening@kroening.com
 
 \*******************************************************************/
 
-
 #ifndef CPROVER_JAVA_BYTECODE_JAVA_OBJECT_FACTORY_H
 #define CPROVER_JAVA_BYTECODE_JAVA_OBJECT_FACTORY_H
 
+#include <memory>
+
 #include <util/message.h>
 #include <util/std_code.h>
 #include <util/symbol_table.h>
 
+#include <java_bytecode/select_pointer_type.h>
+
 /// Selects the kind of allocation used by java_object_factory et al.
 enum class allocation_typet {
   /// Allocate global objects
@@ -32,7 +35,8 @@ exprt object_factory(
   symbol_tablet &symbol_table,
   size_t max_nondet_array_length,
   allocation_typet alloc_type,
-  const source_locationt &);
+  const source_locationt &location,
+  std::shared_ptr<select_pointer_typet> pointer_type_selector);
 
 enum class update_in_placet
 {
@@ -50,6 +54,7 @@ void gen_nondet_init(
   allocation_typet alloc_type,
   bool assume_non_null,
   size_t max_nondet_array_length,
+  std::shared_ptr<select_pointer_typet> pointer_type_selector,
   update_in_placet update_in_place);
 
 exprt allocate_dynamic_object(
diff --git a/src/java_bytecode/select_pointer_type.cpp b/src/java_bytecode/select_pointer_type.cpp
index 88092503a37..1e9309b2023 100644
--- a/src/java_bytecode/select_pointer_type.cpp
+++ b/src/java_bytecode/select_pointer_type.cpp
@@ -11,56 +11,15 @@
 /// classes to concrete versions).
 
 #include "select_pointer_type.h"
-
-#include <java_bytecode/get_concrete_class_alphabetically.h>
-
-#include <util/invariant.h>
-#include <util/namespace.h>
 #include <util/std_types.h>
 
-
-/// Select what type should be used for a given pointer type. If the class
-/// pointed to is abstract then we consider using a subclass of it.
+/// Select what type should be used for a given pointer type. For the base class
+/// we just use the supplied type. Derived classes can override this behaviour
+/// to provide more sophisticated type selection
 /// \param pointer_type: The pointer type replace
 /// \return A pointer type where the subtype may have been modified
-pointer_typet select_pointer_typet::operator()(
-  const pointer_typet &pointer_type) const
-{
-  // Currently only replace abstract classes
-  // Potentially in the future we might want to consider anything with
-  // derived classes
-  if(!is_abstract_type(pointer_type))
-  {
-    return pointer_type;
-  }
-
-  // TODO(tkiley): Look to see whether there is a suitable model class to use
-
-  get_concrete_class_alphabeticallyt get_concrete_class_alphabetically(ns);
-  const pointer_typet &resolved_type=
-    get_concrete_class_alphabetically(pointer_type);
-
-  return resolved_type;
-}
-
-/// Find out whether a pointer is pointing to an abstract type (either an
-/// abstract class or an interface).
-/// \param pointer_type: The type of the pointer
-/// \return True if the type pointed to is either an abstract class or an
-///   interface.
-bool select_pointer_typet::is_abstract_type(
+pointer_typet select_pointer_typet::convert_pointer_type(
   const pointer_typet &pointer_type) const
 {
-  const typet &pointing_to_type=ns.follow(pointer_type.subtype());
-  if(pointing_to_type.id()==ID_struct)
-  {
-    const class_typet &class_type=to_class_type(pointing_to_type);
-    return class_type.is_class() && class_type.is_abstract();
-  }
-  else
-  {
-    // we are dealing with some other type that a reference to a polymorphic
-    // class so therefore we are definitely not abstract
-    return false;
-  }
+  return  pointer_type;
 }
diff --git a/src/java_bytecode/select_pointer_type.h b/src/java_bytecode/select_pointer_type.h
index fac85cad543..0a12242efec 100644
--- a/src/java_bytecode/select_pointer_type.h
+++ b/src/java_bytecode/select_pointer_type.h
@@ -19,14 +19,9 @@ class namespacet;
 class select_pointer_typet
 {
 public:
-  explicit select_pointer_typet(const namespacet &ns):ns(ns)
-  {}
-
-  pointer_typet operator()(const pointer_typet &pointer_type) const;
-private:
-  bool is_abstract_type(const pointer_typet &pointer_type) const;
-
-  const namespacet &ns;
+  virtual ~select_pointer_typet()=default;
+  virtual pointer_typet convert_pointer_type(
+    const pointer_typet &pointer_type) const;
 };
 
 #endif // CPROVER_JAVA_BYTECODE_SELECT_POINTER_TYPE_H

From 20fb06816f82f4421f0e7283961155c4cf81cd48 Mon Sep 17 00:00:00 2001
From: thk123 <thomas@diffblue.com>
Date: Fri, 21 Jul 2017 15:55:30 +0100
Subject: [PATCH 449/699] Added overload with the identiy pointer_selector

---
 src/goto-programs/convert_nondet.cpp          |  1 -
 .../java_bytecode_instrument.cpp              |  3 +-
 src/java_bytecode/java_object_factory.cpp     | 46 +++++++++++++++++++
 src/java_bytecode/java_object_factory.h       | 21 +++++++++
 4 files changed, 68 insertions(+), 3 deletions(-)

diff --git a/src/goto-programs/convert_nondet.cpp b/src/goto-programs/convert_nondet.cpp
index 86d0d8c80eb..252c0176eeb 100644
--- a/src/goto-programs/convert_nondet.cpp
+++ b/src/goto-programs/convert_nondet.cpp
@@ -89,7 +89,6 @@ static goto_programt::targett insert_nondet_init_code(
     allocation_typet::DYNAMIC,
     !nullable,
     max_nondet_array_length,
-    std::make_shared<select_pointer_typet>(),
     update_in_placet::NO_UPDATE_IN_PLACE);
 
   // Convert this code into goto instructions
diff --git a/src/java_bytecode/java_bytecode_instrument.cpp b/src/java_bytecode/java_bytecode_instrument.cpp
index 1720723e84c..79b89eebe60 100644
--- a/src/java_bytecode/java_bytecode_instrument.cpp
+++ b/src/java_bytecode/java_bytecode_instrument.cpp
@@ -114,8 +114,7 @@ codet java_bytecode_instrumentt::throw_exception(
       symbol_table,
       max_array_length,
       allocation_typet::LOCAL,
-      original_loc,
-      std::make_shared<select_pointer_typet>());
+      original_loc);
   }
   else
     exc=symbol_table.lookup(exc_obj_name).symbol_expr();
diff --git a/src/java_bytecode/java_object_factory.cpp b/src/java_bytecode/java_object_factory.cpp
index 0fedf5d7d75..e3e79ee0ce6 100644
--- a/src/java_bytecode/java_object_factory.cpp
+++ b/src/java_bytecode/java_object_factory.cpp
@@ -1071,3 +1071,49 @@ void gen_nondet_init(
 
   init_code.append(assignments);
 }
+
+/// Call object_factory with a default (identity) pointer_type_selector
+exprt object_factory(const typet &type,
+  const irep_idt base_name,
+  code_blockt &init_code,
+  bool allow_null,
+  symbol_tablet &symbol_table,
+  size_t max_nondet_array_length,
+  allocation_typet alloc_type,
+  const source_locationt &location)
+{
+  return object_factory(
+    type,
+    base_name,
+    init_code,
+    allow_null,
+    symbol_table,
+    max_nondet_array_length,
+    alloc_type,
+    location,
+    std::make_shared<select_pointer_typet>());
+}
+
+/// Call gen_nondet_init with a default (identity) pointer_type_selector
+void gen_nondet_init(const exprt &expr,
+  code_blockt &init_code,
+  symbol_tablet &symbol_table,
+  const source_locationt &loc,
+  bool skip_classid,
+  allocation_typet alloc_type,
+  bool assume_non_null,
+  size_t max_nondet_array_length,
+  update_in_placet update_in_place)
+{
+  gen_nondet_init(
+    expr,
+    init_code,
+    symbol_table,
+    loc,
+    skip_classid,
+    alloc_type,
+    assume_non_null,
+    max_nondet_array_length,
+    std::make_shared<select_pointer_typet>(),
+    update_in_place);
+}
diff --git a/src/java_bytecode/java_object_factory.h b/src/java_bytecode/java_object_factory.h
index b7ec50ecfd1..ec0e46bfb2b 100644
--- a/src/java_bytecode/java_object_factory.h
+++ b/src/java_bytecode/java_object_factory.h
@@ -38,6 +38,16 @@ exprt object_factory(
   const source_locationt &location,
   std::shared_ptr<select_pointer_typet> pointer_type_selector);
 
+exprt object_factory(
+  const typet &type,
+  const irep_idt base_name,
+  code_blockt &init_code,
+  bool allow_null,
+  symbol_tablet &symbol_table,
+  size_t max_nondet_array_length,
+  allocation_typet alloc_type,
+  const source_locationt &location);
+
 enum class update_in_placet
 {
   NO_UPDATE_IN_PLACE,
@@ -57,6 +67,17 @@ void gen_nondet_init(
   std::shared_ptr<select_pointer_typet> pointer_type_selector,
   update_in_placet update_in_place);
 
+void gen_nondet_init(
+  const exprt &expr,
+  code_blockt &init_code,
+  symbol_tablet &symbol_table,
+  const source_locationt &loc,
+  bool skip_classid,
+  allocation_typet alloc_type,
+  bool assume_non_null,
+  size_t max_nondet_array_length,
+  update_in_placet update_in_place);
+
 exprt allocate_dynamic_object(
   const exprt &target_expr,
   const typet &allocate_type,

From 366ee47aba4ffab2db8e0d728d63b7a5d3717320 Mon Sep 17 00:00:00 2001
From: thk123 <thomas@diffblue.com>
Date: Mon, 24 Jul 2017 18:02:52 +0100
Subject: [PATCH 450/699] Replaced shared pointers with references

Sicne we don't ever need to reassign, this is more correct.
---
 src/java_bytecode/java_bytecode_language.cpp |  3 ++-
 src/java_bytecode/java_entry_point.cpp       |  6 +++---
 src/java_bytecode/java_entry_point.h         |  3 +--
 src/java_bytecode/java_object_factory.cpp    | 17 +++++++++--------
 src/java_bytecode/java_object_factory.h      |  6 ++----
 5 files changed, 17 insertions(+), 18 deletions(-)

diff --git a/src/java_bytecode/java_bytecode_language.cpp b/src/java_bytecode/java_bytecode_language.cpp
index a595cbc7411..41f87d53479 100644
--- a/src/java_bytecode/java_bytecode_language.cpp
+++ b/src/java_bytecode/java_bytecode_language.cpp
@@ -698,6 +698,7 @@ bool java_bytecode_languaget::final(symbol_tablet &symbol_table)
 
   symbolt entry=res.main_function;
 
+  select_pointer_typet pointer_type_selector;
   return(
     java_entry_point(
       symbol_table,
@@ -705,7 +706,7 @@ bool java_bytecode_languaget::final(symbol_tablet &symbol_table)
       get_message_handler(),
       assume_inputs_non_null,
       max_nondet_array_length,
-      std::make_shared<select_pointer_typet>()));
+      pointer_type_selector));
 }
 
 void java_bytecode_languaget::show_parse(std::ostream &out)
diff --git a/src/java_bytecode/java_entry_point.cpp b/src/java_bytecode/java_entry_point.cpp
index 316fdaf2f32..52153837c79 100644
--- a/src/java_bytecode/java_entry_point.cpp
+++ b/src/java_bytecode/java_entry_point.cpp
@@ -79,7 +79,7 @@ void java_static_lifetime_init(
   const source_locationt &source_location,
   bool assume_init_pointers_not_null,
   unsigned max_nondet_array_length,
-  std::shared_ptr<select_pointer_typet> pointer_type_selector)
+  const select_pointer_typet &pointer_type_selector)
 {
   symbolt &initialize_symbol=symbol_table.lookup(INITIALIZE);
   code_blockt &code_block=to_code_block(to_code(initialize_symbol.value));
@@ -141,7 +141,7 @@ exprt::operandst java_build_arguments(
   symbol_tablet &symbol_table,
   bool assume_init_pointers_not_null,
   size_t max_nondet_array_length,
-  std::shared_ptr<select_pointer_typet> pointer_type_selector)
+  const select_pointer_typet &pointer_type_selector)
 {
   const code_typet::parameterst &parameters=
     to_code_type(function.type).parameters();
@@ -467,7 +467,7 @@ bool java_entry_point(
   message_handlert &message_handler,
   bool assume_init_pointers_not_null,
   size_t max_nondet_array_length,
-  std::shared_ptr<select_pointer_typet> pointer_type_selector)
+  const select_pointer_typet &pointer_type_selector)
 {
   // check if the entry point is already there
   if(symbol_table.symbols.find(goto_functionst::entry_point())!=
diff --git a/src/java_bytecode/java_entry_point.h b/src/java_bytecode/java_entry_point.h
index ad00254bd22..deb3e2c31cd 100644
--- a/src/java_bytecode/java_entry_point.h
+++ b/src/java_bytecode/java_entry_point.h
@@ -10,7 +10,6 @@ Author: Daniel Kroening, kroening@kroening.com
 #ifndef CPROVER_JAVA_BYTECODE_JAVA_ENTRY_POINT_H
 #define CPROVER_JAVA_BYTECODE_JAVA_ENTRY_POINT_H
 
-#include <memory>
 #include <util/irep.h>
 #include <java_bytecode/select_pointer_type.h>
 
@@ -22,7 +21,7 @@ bool java_entry_point(
   class message_handlert &message_handler,
   bool assume_init_pointers_not_null,
   size_t max_nondet_array_length,
-  std::shared_ptr<select_pointer_typet> pointer_type_selector);
+  const select_pointer_typet &pointer_type_selector);
 
 typedef struct
 {
diff --git a/src/java_bytecode/java_object_factory.cpp b/src/java_bytecode/java_object_factory.cpp
index e3e79ee0ce6..5b4f336f727 100644
--- a/src/java_bytecode/java_object_factory.cpp
+++ b/src/java_bytecode/java_object_factory.cpp
@@ -10,7 +10,6 @@ Author: Daniel Kroening, kroening@kroening.com
 
 #include <unordered_set>
 #include <sstream>
-#include <memory>
 
 #include <util/arith_tools.h>
 #include <util/fresh_symbol.h>
@@ -61,7 +60,7 @@ class java_object_factoryt
   /// Resolves pointer types potentially using some heuristics for example
   /// to replace pointers to interface types with pointers to concrete
   /// implementations.
-  std::shared_ptr<select_pointer_typet> pointer_type_selector;
+  const select_pointer_typet &pointer_type_selector;
 
   void set_null(
     const exprt &expr,
@@ -92,7 +91,7 @@ class java_object_factoryt
     bool _assume_non_null,
     size_t _max_nondet_array_length,
     symbol_tablet &_symbol_table,
-    std::shared_ptr<select_pointer_typet> pointer_type_selector):
+    const select_pointer_typet &pointer_type_selector):
       symbols_created(_symbols_created),
       loc(loc),
       assume_non_null(_assume_non_null),
@@ -413,7 +412,7 @@ void java_object_factoryt::gen_nondet_pointer_init(
   const update_in_placet &update_in_place)
 {
   const pointer_typet &replacement_pointer_type=
-    pointer_type_selector->convert_pointer_type(pointer_type);
+    pointer_type_selector.convert_pointer_type(pointer_type);
 
   // If we are changing the pointer, we generate code for creating a pointer
   // to the substituted type instead
@@ -967,7 +966,7 @@ exprt object_factory(
   size_t max_nondet_array_length,
   allocation_typet alloc_type,
   const source_locationt &loc,
-  std::shared_ptr<select_pointer_typet> pointer_type_selector)
+  const select_pointer_typet &pointer_type_selector)
 {
   irep_idt identifier=id2string(goto_functionst::entry_point())+
     "::"+id2string(base_name);
@@ -1043,7 +1042,7 @@ void gen_nondet_init(
   allocation_typet alloc_type,
   bool assume_non_null,
   size_t max_nondet_array_length,
-  std::shared_ptr<select_pointer_typet> pointer_type_selector,
+  const select_pointer_typet &pointer_type_selector,
   update_in_placet update_in_place)
 {
   std::vector<const symbolt *> symbols_created;
@@ -1082,6 +1081,7 @@ exprt object_factory(const typet &type,
   allocation_typet alloc_type,
   const source_locationt &location)
 {
+  select_pointer_typet pointer_type_selector;
   return object_factory(
     type,
     base_name,
@@ -1091,7 +1091,7 @@ exprt object_factory(const typet &type,
     max_nondet_array_length,
     alloc_type,
     location,
-    std::make_shared<select_pointer_typet>());
+    pointer_type_selector);
 }
 
 /// Call gen_nondet_init with a default (identity) pointer_type_selector
@@ -1105,6 +1105,7 @@ void gen_nondet_init(const exprt &expr,
   size_t max_nondet_array_length,
   update_in_placet update_in_place)
 {
+  select_pointer_typet pointer_type_selector;
   gen_nondet_init(
     expr,
     init_code,
@@ -1114,6 +1115,6 @@ void gen_nondet_init(const exprt &expr,
     alloc_type,
     assume_non_null,
     max_nondet_array_length,
-    std::make_shared<select_pointer_typet>(),
+    pointer_type_selector,
     update_in_place);
 }
diff --git a/src/java_bytecode/java_object_factory.h b/src/java_bytecode/java_object_factory.h
index ec0e46bfb2b..61524ed0c13 100644
--- a/src/java_bytecode/java_object_factory.h
+++ b/src/java_bytecode/java_object_factory.h
@@ -9,8 +9,6 @@ Author: Daniel Kroening, kroening@kroening.com
 #ifndef CPROVER_JAVA_BYTECODE_JAVA_OBJECT_FACTORY_H
 #define CPROVER_JAVA_BYTECODE_JAVA_OBJECT_FACTORY_H
 
-#include <memory>
-
 #include <util/message.h>
 #include <util/std_code.h>
 #include <util/symbol_table.h>
@@ -36,7 +34,7 @@ exprt object_factory(
   size_t max_nondet_array_length,
   allocation_typet alloc_type,
   const source_locationt &location,
-  std::shared_ptr<select_pointer_typet> pointer_type_selector);
+  const select_pointer_typet &pointer_type_selector);
 
 exprt object_factory(
   const typet &type,
@@ -64,7 +62,7 @@ void gen_nondet_init(
   allocation_typet alloc_type,
   bool assume_non_null,
   size_t max_nondet_array_length,
-  std::shared_ptr<select_pointer_typet> pointer_type_selector,
+  const select_pointer_typet &pointer_type_selector,
   update_in_placet update_in_place);
 
 void gen_nondet_init(

From af36ed14142f84ae87a8ca9d8437d80640b67e6a Mon Sep 17 00:00:00 2001
From: Jesse Sigal <jesse.sigal@gmail.com>
Date: Wed, 12 Jul 2017 17:45:08 +0100
Subject: [PATCH 451/699] Added KNOWNBUG regression test for
 `--string-printable`

The test causes CBMC to keep using memory until it crashes. Additionally, by using `--verbosity 10`, it can be seen that currently the `--string-printable` option does NOT enforce that nondet strings only contain printable (ASCII) characters.
---
 .../java_contains/test_contains.java               |  6 ++++--
 .../java_contains/test_string_printable.desc       | 14 ++++++++++++++
 2 files changed, 18 insertions(+), 2 deletions(-)
 create mode 100644 regression/strings-smoke-tests/java_contains/test_string_printable.desc

diff --git a/regression/strings-smoke-tests/java_contains/test_contains.java b/regression/strings-smoke-tests/java_contains/test_contains.java
index f385c0593d2..e985706e486 100644
--- a/regression/strings-smoke-tests/java_contains/test_contains.java
+++ b/regression/strings-smoke-tests/java_contains/test_contains.java
@@ -9,7 +9,9 @@ public static void main(String x)
       assert(!s.contains(t));
 
       String z = new String(x);
-      if (z.length() > 3) assert(t.contains(z));
-      else assert(z.contains(u));
+      if (z.length() > 3)
+        assert(t.contains(z));
+      else
+        assert(z.contains(u));
    }
 }
diff --git a/regression/strings-smoke-tests/java_contains/test_string_printable.desc b/regression/strings-smoke-tests/java_contains/test_string_printable.desc
new file mode 100644
index 00000000000..bf36f44ada4
--- /dev/null
+++ b/regression/strings-smoke-tests/java_contains/test_string_printable.desc
@@ -0,0 +1,14 @@
+KNOWNBUG
+test_string_printable.class
+--refine-strings --string-printable
+^EXIT=10$
+^SIGNAL=0$
+^\[.*assertion.1\].* line 8.* SUCCESS$
+^\[.*assertion.2\].* line 9.* SUCCESS$
+^\[.*assertion.3\].* line 12.* FAILURE$
+^\[.*assertion.4\].* line 13.* FAILURE$
+^VERIFICATION FAILED$
+--
+--
+This should create a huge formula and run out of memory.
+Issue: https://github.com/diffblue/test-gen/issues/745

From d4be554988481b9a0c5e79bcf22bc04b2efb41c5 Mon Sep 17 00:00:00 2001
From: Kareem Khazem <karkhaz@amazon.com>
Date: Tue, 25 Jul 2017 12:24:13 +0100
Subject: [PATCH 452/699] Don't lint text between #if 0...#endif

---
 scripts/cpplint.py | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/scripts/cpplint.py b/scripts/cpplint.py
index a41d26d7722..68ba0f5e6b3 100755
--- a/scripts/cpplint.py
+++ b/scripts/cpplint.py
@@ -1377,7 +1377,8 @@ def CleanseRawStrings(raw_lines):
 def FindNextMultiLineCommentStart(lines, lineix):
   """Find the beginning marker for a multiline comment."""
   while lineix < len(lines):
-    if lines[lineix].strip().startswith('/*'):
+    if (lines[lineix].strip().startswith('/*') or
+       lines[lineix].strip().startswith('#if 0')):
       # Only return this marker if the comment goes beyond this line
       if lines[lineix].strip().find('*/', 2) < 0:
         return lineix
@@ -1388,7 +1389,8 @@ def FindNextMultiLineCommentStart(lines, lineix):
 def FindNextMultiLineCommentEnd(lines, lineix):
   """We are inside a comment, find the end marker."""
   while lineix < len(lines):
-    if lines[lineix].strip().endswith('*/'):
+    if (lines[lineix].strip().endswith('*/') or
+       lines[lineix].strip().endswith('#endif')):
       return lineix
     lineix += 1
   return len(lines)

From 7b5fb34c8366dbf76c7756b2b3f8a7693ac66f99 Mon Sep 17 00:00:00 2001
From: Jesse Sigal <jesse.sigal@gmail.com>
Date: Fri, 21 Jul 2017 14:54:16 +0100
Subject: [PATCH 453/699] Fixed universal constraints that break invariants.

In preparation for checking the invariant of universal constraints, all violations have been fixed. Additionally, an `indexOf` axiom had an off-by-one error and the contains regression test was missing a `--string-max-length`.
---
 .../java_case/test_case.class                 | Bin 1019 -> 1011 bytes
 .../java_contains/test.desc                   |   2 +-
 .../string_constraint_generator_indexof.cpp   | 168 +++++-------------
 .../string_constraint_generator_main.cpp      |   1 -
 .../string_constraint_generator_testing.cpp   |  81 ++-------
 ...ng_constraint_generator_transformation.cpp |  23 ++-
 6 files changed, 83 insertions(+), 192 deletions(-)

diff --git a/regression/strings-smoke-tests/java_case/test_case.class b/regression/strings-smoke-tests/java_case/test_case.class
index 863da75113c20863de00fa0169902a184502cd74..68e4955d131a90116d90e40d96257ebf8e98c2f3 100644
GIT binary patch
delta 25
hcmey({+WG)2O|&5;c18485vj(Z#%qva}48rCIE+_3PJz?

delta 33
rcmV++0N(%e2m1%GNC6ZG!+^tw!-&I{0RRZYpu?xbsKd6iQ~{p?1%?l%

diff --git a/regression/strings-smoke-tests/java_contains/test.desc b/regression/strings-smoke-tests/java_contains/test.desc
index e0ca4731a42..b2a9cae2597 100644
--- a/regression/strings-smoke-tests/java_contains/test.desc
+++ b/regression/strings-smoke-tests/java_contains/test.desc
@@ -1,6 +1,6 @@
 CORE
 test_contains.class
---refine-strings
+--refine-strings --string-max-length 100
 ^EXIT=10$
 ^SIGNAL=0$
 ^\[.*assertion.1\].* line 8.* SUCCESS$
diff --git a/src/solvers/refinement/string_constraint_generator_indexof.cpp b/src/solvers/refinement/string_constraint_generator_indexof.cpp
index 33e6cc960d9..5990fc4c9ee 100644
--- a/src/solvers/refinement/string_constraint_generator_indexof.cpp
+++ b/src/solvers/refinement/string_constraint_generator_indexof.cpp
@@ -15,7 +15,7 @@ Author: Romain Brenguier, romain.brenguier@diffblue.com
 #include <solvers/refinement/string_constraint_generator.h>
 
 /// Add axioms stating that the returned value is the index within str of the
-/// first occurence of c starting the search at from_index, or -1 if no such
+/// first occurrence of c starting the search at from_index, or -1 if no such
 /// character occurs at or after position from_index.
 /// \param str: a string expression
 /// \param c: an expression representing a character
@@ -69,7 +69,7 @@ exprt string_constraint_generatort::add_axioms_for_index_of(
 }
 
 /// Add axioms stating that the returned value is the index within haystack of
-/// the first occurence of needle starting the search at from_index, or -1 if
+/// the first occurrence of needle starting the search at from_index, or -1 if
 /// needle does not occur at or after position from_index.
 /// \param haystack: a string expression
 /// \param needle: a string expression
@@ -92,7 +92,7 @@ exprt string_constraint_generatort::add_axioms_for_index_of_string(
   //        contains ==> haystack[n+offset]=needle[n]
   // a4 : forall n:[from_index,offset[.
   //        contains ==> (exists m:[0,|needle|[. haystack[m+n] != needle[m]])
-  // a5:  forall n:[from_index,|haystack|-|needle|[.
+  // a5:  forall n:[from_index,|haystack|-|needle|].
   //        !contains ==> (exists m:[0,|needle|[. haystack[m+n] != needle[m])
 
   implies_exprt a1(
@@ -116,70 +116,35 @@ exprt string_constraint_generatort::add_axioms_for_index_of_string(
     equal_exprt(haystack[plus_exprt(qvar, offset)], needle[qvar]));
   axioms.push_back(a3);
 
-  if(!is_constant_string(needle))
-  {
-    // string_not contains_constraintt are formulas of the form:
-    // forall x in [lb,ub[. p(x) => exists y in [lb,ub[. s1[x+y] != s2[y]
-    string_not_contains_constraintt a4(
-      from_index,
-      offset,
-      contains,
-      from_integer(0, index_type),
-      needle.length(),
-      haystack,
-      needle);
-    axioms.push_back(a4);
-
-    string_not_contains_constraintt a5(
-      from_index,
+  // string_not contains_constraintt are formulas of the form:
+  // forall x in [lb,ub[. p(x) => exists y in [lb,ub[. s1[x+y] != s2[y]
+  string_not_contains_constraintt a4(
+    from_index,
+    offset,
+    contains,
+    from_integer(0, index_type),
+    needle.length(),
+    haystack,
+    needle);
+  axioms.push_back(a4);
+
+  string_not_contains_constraintt a5(
+    from_index,
+    plus_exprt( // Add 1 for inclusive upper bound.
       minus_exprt(haystack.length(), needle.length()),
-      not_exprt(contains),
-      from_integer(0, index_type),
-      needle.length(),
-      haystack,
-      needle);
-    axioms.push_back(a5);
-  }
-  else
-  {
-    // Unfold the existential quantifier as a disjunction in case of a constant
-    // a4 && a5 <=> a6:
-    //  forall n:[from_index,|haystack|-|needle|].
-    //    !contains || n < offset ==>
-    //      haystack[n] != needle[0] || ... ||
-    //      haystack[n+|needle|-1] != needle[|needle|-1]
-    symbol_exprt qvar2=fresh_univ_index("QA_index_of_string_2", index_type);
-    mp_integer sub_length;
-    INVARIANT(
-      !to_integer(needle.length(), sub_length),
-      string_refinement_invariantt("a constant string must have constant "
-        "length"));
-    exprt::operandst disjuncts;
-    for(mp_integer offset=0; offset<sub_length; ++offset)
-    {
-      exprt expr_offset=from_integer(offset, index_type);
-      plus_exprt shifted(expr_offset, qvar2);
-      disjuncts.push_back(
-        not_exprt(equal_exprt(haystack[shifted], needle[expr_offset])));
-    }
-
-    or_exprt premise(
-      not_exprt(contains), binary_relation_exprt(qvar2, ID_lt, offset));
-    minus_exprt length_diff(haystack.length(), needle.length());
-    string_constraintt a6(
-      qvar2,
-      from_index,
-      plus_exprt(from_integer(1, index_type), length_diff),
-      premise,
-      disjunction(disjuncts));
-    axioms.push_back(a6);
-  }
+      from_integer(1, index_type)),
+    not_exprt(contains),
+    from_integer(0, index_type),
+    needle.length(),
+    haystack,
+    needle);
+  axioms.push_back(a5);
 
   return offset;
 }
 
 /// Add axioms stating that the returned value is the index within haystack of
-/// the last occurence of needle starting the search backward at from_index (ie
+/// the last occurrence of needle starting the search backward at from_index (ie
 /// the index is smaller or equal to from_index), or -1 if needle does not occur
 /// before from_index.
 /// \param haystack: a string expression
@@ -235,62 +200,25 @@ exprt string_constraint_generatort::add_axioms_for_last_index_of_string(
     from_index,
     length_diff);
 
-  if(!is_constant_string(needle))
-  {
-    string_not_contains_constraintt a4(
-      plus_exprt(offset, from_integer(1, index_type)),
-      plus_exprt(end_index, from_integer(1, index_type)),
-      contains,
-      from_integer(0, index_type),
-      needle.length(),
-      haystack,
-      needle);
-    axioms.push_back(a4);
-
-    string_not_contains_constraintt a5(
-      from_integer(0, index_type),
-      plus_exprt(end_index, from_integer(1, index_type)),
-      not_exprt(contains),
-      from_integer(0, index_type),
-      needle.length(),
-      haystack,
-      needle);
-    axioms.push_back(a5);
-  }
-  else
-  {
-    // Unfold the existential quantifier as a disjunction in case of a constant
-    // a4 && a5 <=> a6:
-    //  forall n:[0, min(from_index, |haystack| - |needle|)].
-    //    !contains || (n > offset) ==>
-    //      haystack[n] != needle[0] || ... ||
-    //      haystack[n+|needle|-1] != needle[|needle|-1]
-    symbol_exprt qvar2=fresh_univ_index("QA_index_of_string_2", index_type);
-    mp_integer sub_length;
-    INVARIANT(
-      !to_integer(needle.length(), sub_length),
-      string_refinement_invariantt("a constant string must have constant "
-        "length"));
-    exprt::operandst disjuncts;
-    for(mp_integer offset=0; offset<sub_length; ++offset)
-    {
-      exprt expr_offset=from_integer(offset, index_type);
-      plus_exprt shifted(expr_offset, qvar2);
-      disjuncts.push_back(
-        not_exprt(equal_exprt(haystack[shifted], needle[expr_offset])));
-    }
-
-    or_exprt premise(
-      not_exprt(contains), binary_relation_exprt(qvar2, ID_gt, offset));
-
-    string_constraintt a6(
-      qvar2,
-      from_integer(0, index_type),
-      plus_exprt(from_integer(1, index_type), end_index),
-      premise,
-      disjunction(disjuncts));
-    axioms.push_back(a6);
-  }
+  string_not_contains_constraintt a4(
+    plus_exprt(offset, from_integer(1, index_type)),
+    plus_exprt(end_index, from_integer(1, index_type)),
+    contains,
+    from_integer(0, index_type),
+    needle.length(),
+    haystack,
+    needle);
+  axioms.push_back(a4);
+
+  string_not_contains_constraintt a5(
+    from_integer(0, index_type),
+    plus_exprt(end_index, from_integer(1, index_type)),
+    not_exprt(contains),
+    from_integer(0, index_type),
+    needle.length(),
+    haystack,
+    needle);
+  axioms.push_back(a5);
 
   return offset;
 }
@@ -333,7 +261,7 @@ exprt string_constraint_generatort::add_axioms_for_index_of(
 }
 
 /// Add axioms stating that the returned value is the index within str of the
-/// last occurence of c starting the search backward at from_index, or -1 if no
+/// last occurrence of c starting the search backward at from_index, or -1 if no
 /// such character occurs at or before position from_index.
 /// \param str: a string expression
 /// \param c: an expression representing a character
@@ -373,7 +301,7 @@ exprt string_constraint_generatort::add_axioms_for_last_index_of(
       equal_exprt(str[index], c)));
   axioms.push_back(a3);
 
-  symbol_exprt n=fresh_univ_index("QA_last_index_of", index_type);
+  symbol_exprt n=fresh_univ_index("QA_last_index_of1", index_type);
   string_constraintt a4(
     n,
     plus_exprt(index, index1),
@@ -382,7 +310,7 @@ exprt string_constraint_generatort::add_axioms_for_last_index_of(
     not_exprt(equal_exprt(str[n], c)));
   axioms.push_back(a4);
 
-  symbol_exprt m=fresh_univ_index("QA_last_index_of", index_type);
+  symbol_exprt m=fresh_univ_index("QA_last_index_of2", index_type);
   string_constraintt a5(
     m,
     from_index_plus_one,
diff --git a/src/solvers/refinement/string_constraint_generator_main.cpp b/src/solvers/refinement/string_constraint_generator_main.cpp
index 823295777d4..a3add2c74c8 100644
--- a/src/solvers/refinement/string_constraint_generator_main.cpp
+++ b/src/solvers/refinement/string_constraint_generator_main.cpp
@@ -164,7 +164,6 @@ string_exprt string_constraint_generatort::convert_java_string_to_string_exprt(
   {
     java_content=dereference_exprt(java_content, java_content.type());
   }
-
   refined_string_typet type(java_int_type(), java_char_type());
 
   return string_exprt(length, java_content, type);
diff --git a/src/solvers/refinement/string_constraint_generator_testing.cpp b/src/solvers/refinement/string_constraint_generator_testing.cpp
index 9b8a743e022..afb758afbb4 100644
--- a/src/solvers/refinement/string_constraint_generator_testing.cpp
+++ b/src/solvers/refinement/string_constraint_generator_testing.cpp
@@ -187,7 +187,6 @@ exprt string_constraint_generatort::add_axioms_for_contains(
   PRECONDITION(f.type()==bool_typet() || f.type().id()==ID_c_bool);
   string_exprt s0=get_string_expr(args(f, 2)[0]);
   string_exprt s1=get_string_expr(args(f, 2)[1]);
-  bool constant=is_constant_string(s1);
 
   symbol_exprt contains=fresh_boolean("contains");
   const refined_string_typet ref_type=to_refined_string_type(s0.type());
@@ -218,66 +217,24 @@ exprt string_constraint_generatort::add_axioms_for_contains(
     equal_exprt(startpos, from_integer(-1, index_type)));
   axioms.push_back(a3);
 
-  if(constant)
-  {
-    // If the string is constant, we can use a more efficient axiom for a4:
-    // contains ==> AND_{i < |s1|} s1[i] = s0[startpos + i]
-    mp_integer s1_length;
-    INVARIANT(
-      !to_integer(s1.length(), s1_length),
-      string_refinement_invariantt("a constant string expression must have a "
-        "constant length"));
-    exprt::operandst conjuncts;
-    for(mp_integer i=0; i<s1_length; ++i)
-    {
-      exprt expr_i=from_integer(i, index_type);
-      plus_exprt shifted_i(expr_i, startpos);
-      conjuncts.push_back(equal_exprt(s1[expr_i], s0[shifted_i]));
-    }
-    implies_exprt a4(contains, conjunction(conjuncts));
-    axioms.push_back(a4);
-
-    // The a5 constraint for constant strings translates to:
-    // !contains ==> |s1| > |s0| ||
-    //               (forall qvar <= |s0| - |s1|.
-    //                 !(AND_{i < |s1|} s1[i] == s0[i + qvar])
-    //
-    // which we implement as:
-    // forall qvar <= |s0| - |s1|.  (!contains && |s0| >= |s1|)
-    //     ==> !(AND_{i < |s1|} (s1[i] == s0[qvar+i]))
-    symbol_exprt qvar=fresh_univ_index("QA_contains_constant", index_type);
-    exprt::operandst conjuncts1;
-    for(mp_integer i=0; i<s1_length; ++i)
-    {
-      exprt expr_i=from_integer(i, index_type);
-      plus_exprt shifted_i(expr_i, qvar);
-      conjuncts1.push_back(equal_exprt(s1[expr_i], s0[shifted_i]));
-    }
-
-    string_constraintt a5(
-      qvar,
-      plus_exprt(from_integer(1, index_type), length_diff),
-      and_exprt(not_exprt(contains), s0.axiom_for_is_longer_than(s1)),
-      not_exprt(conjunction(conjuncts1)));
-    axioms.push_back(a5);
-  }
-  else
-  {
-    symbol_exprt qvar=fresh_univ_index("QA_contains", index_type);
-    exprt qvar_shifted=plus_exprt(qvar, startpos);
-    string_constraintt a4(
-      qvar, s1.length(), contains, equal_exprt(s1[qvar], s0[qvar_shifted]));
-    axioms.push_back(a4);
-
-    // We rewrite axiom a4 as:
-    // forall startpos <= |s0|-|s1|.  (!contains && |s0| >= |s1|)
-    //     ==> exists witness < |s1|. s1[witness] != s0[startpos+witness]
-    string_not_contains_constraintt a5(
-      from_integer(0, index_type),
-      plus_exprt(from_integer(1, index_type), length_diff),
-      and_exprt(not_exprt(contains), s0.axiom_for_is_longer_than(s1)),
-      from_integer(0, index_type), s1.length(), s0, s1);
-    axioms.push_back(a5);
-  }
+  symbol_exprt qvar=fresh_univ_index("QA_contains", index_type);
+  exprt qvar_shifted=plus_exprt(qvar, startpos);
+  string_constraintt a4(
+    qvar, s1.length(), contains, equal_exprt(s1[qvar], s0[qvar_shifted]));
+  axioms.push_back(a4);
+
+  // We rewrite axiom a4 as:
+  // forall startpos <= |s0|-|s1|.  (!contains && |s0| >= |s1|)
+  //     ==> exists witness < |s1|. s1[witness] != s0[startpos+witness]
+  string_not_contains_constraintt a5(
+    from_integer(0, index_type),
+    plus_exprt(from_integer(1, index_type), length_diff),
+    and_exprt(not_exprt(contains), s0.axiom_for_is_longer_than(s1)),
+    from_integer(0, index_type),
+    s1.length(),
+    s0,
+    s1);
+  axioms.push_back(a5);
+
   return typecast_exprt(contains, f.type());
 }
diff --git a/src/solvers/refinement/string_constraint_generator_transformation.cpp b/src/solvers/refinement/string_constraint_generator_transformation.cpp
index 1e2f8d0f536..49680c8b9cd 100644
--- a/src/solvers/refinement/string_constraint_generator_transformation.cpp
+++ b/src/solvers/refinement/string_constraint_generator_transformation.cpp
@@ -287,7 +287,6 @@ string_exprt string_constraint_generatort::add_axioms_for_to_upper_case(
   exprt char_a=constant_char('a', char_type);
   exprt char_A=constant_char('A', char_type);
   exprt char_z=constant_char('z', char_type);
-  exprt char_Z=constant_char('Z', char_type);
 
   // TODO: add support for locales using case mapping information
   // from the UnicodeData file.
@@ -296,21 +295,29 @@ string_exprt string_constraint_generatort::add_axioms_for_to_upper_case(
   // a1 : |res| = |str|
   // a2 : forall idx<str.length, 'a'<=str[idx]<='z' => res[idx]=str[idx]+'A'-'a'
   // a3 : forall idx<str.length, !('a'<=str[idx]<='z') => res[idx]=str[idx]
+  // Note that index expressions are only allowed in the body of universal
+  // axioms, so we use a trivial premise and push our premise into the body.
 
   exprt a1=res.axiom_for_has_same_length_as(str);
   axioms.push_back(a1);
 
-  symbol_exprt idx=fresh_univ_index("QA_upper_case", index_type);
+  symbol_exprt idx1=fresh_univ_index("QA_upper_case1", index_type);
   exprt is_lower_case=and_exprt(
-    binary_relation_exprt(char_a, ID_le, str[idx]),
-    binary_relation_exprt(str[idx], ID_le, char_z));
+    binary_relation_exprt(char_a, ID_le, str[idx1]),
+    binary_relation_exprt(str[idx1], ID_le, char_z));
   minus_exprt diff(char_A, char_a);
-  equal_exprt convert(res[idx], plus_exprt(str[idx], diff));
-  string_constraintt a2(idx, res.length(), is_lower_case, convert);
+  equal_exprt convert(res[idx1], plus_exprt(str[idx1], diff));
+  implies_exprt body1(is_lower_case, convert);
+  string_constraintt a2(idx1, res.length(), body1);
   axioms.push_back(a2);
 
-  equal_exprt eq(res[idx], str[idx]);
-  string_constraintt a3(idx, res.length(), not_exprt(is_lower_case), eq);
+  symbol_exprt idx2=fresh_univ_index("QA_upper_case2", index_type);
+  exprt is_not_lower_case=not_exprt(and_exprt(
+    binary_relation_exprt(char_a, ID_le, str[idx2]),
+    binary_relation_exprt(str[idx2], ID_le, char_z)));
+  equal_exprt eq(res[idx2], str[idx2]);
+  implies_exprt body2(is_not_lower_case, eq);
+  string_constraintt a3(idx2, res.length(), body2);
   axioms.push_back(a3);
   return res;
 }

From 9f4179fc868462bbe6f09293a60cbba63db8c599 Mon Sep 17 00:00:00 2001
From: Jesse Sigal <jesse.sigal@gmail.com>
Date: Fri, 21 Jul 2017 14:40:07 +0100
Subject: [PATCH 454/699] Fixed checking of not contains axioms

Previously, the Skolem form the not contains axioms was checked by negating it with the Skolem function for the existential still being used. This is logically incorrect and has been fixed. In the negation of the not contains axiom (whence the existential becomes a universal qunatifier), we expand the universal as a conjunction. Additionally, `string_refinement::get` did not properly get refined strings, which it does now.
---
 src/solvers/refinement/string_refinement.cpp | 66 +++++++++++++-------
 src/solvers/refinement/string_refinement.h   |  1 -
 2 files changed, 45 insertions(+), 22 deletions(-)

diff --git a/src/solvers/refinement/string_refinement.cpp b/src/solvers/refinement/string_refinement.cpp
index 71fd4c46184..e22df07dd02 100644
--- a/src/solvers/refinement/string_refinement.cpp
+++ b/src/solvers/refinement/string_refinement.cpp
@@ -1023,12 +1023,10 @@ void string_refinementt::substitute_array_access(exprt &expr) const
 /// \pre Symbols other than the universal variable should have been replaced by
 ///   their valuation in the current model.
 /// \param axiom: the not_contains constraint to add the negation of
-/// \param val: the existential witness for the axiom
 /// \param univ_var: the universal variable for the negation of the axiom
 /// \return: the negation of the axiom under the current evaluation
 exprt string_refinementt::negation_of_not_contains_constraint(
   const string_not_contains_constraintt &axiom,
-  const exprt &val,
   const symbol_exprt &univ_var)
 {
   exprt lbu=axiom.univ_lower_bound();
@@ -1040,7 +1038,8 @@ exprt string_refinementt::negation_of_not_contains_constraint(
     to_integer(to_constant_expr(ubu), ub_int);
     if(ub_int<=lb_int)
     {
-      debug() << "empty constraint with current model" << eom;
+      debug() << "(string_refinement::check_axioms) empty constraint with "
+              << "current model, adding false" << eom;
       return false_exprt();
     }
   }
@@ -1048,26 +1047,38 @@ exprt string_refinementt::negation_of_not_contains_constraint(
   exprt lbe=axiom.exists_lower_bound();
   exprt ube=axiom.exists_upper_bound();
 
+  INVARIANT(
+    lbe.id()==ID_constant && ube.id()==ID_constant,
+    string_refinement_invariantt("please"));
+
+  mp_integer lbe_int, ube_int;
+  to_integer(to_constant_expr(lbe), lbe_int);
+  to_integer(to_constant_expr(ube), ube_int);
+
   if(axiom.premise()==false_exprt())
   {
-    debug() << "(string_refinement::check_axioms) adding false" << eom;
+    debug() << "(string_refinement::check_axioms) false premise, adding false"
+            << eom;
     return false_exprt();
   }
 
-  // Witness is the Skolem function for the existential, which we evaluate at
-  // univ_var.
   and_exprt univ_bounds(
     binary_relation_exprt(lbu, ID_le, univ_var),
     binary_relation_exprt(ubu, ID_gt, univ_var));
-  and_exprt exists_bounds(
-    binary_relation_exprt(lbe, ID_le, val),
-    binary_relation_exprt(ube, ID_gt, val));
-  equal_exprt equal_chars(
-    axiom.s0()[plus_exprt(univ_var, val)],
-    axiom.s1()[val]);
-  and_exprt negaxiom(univ_bounds, axiom.premise(), exists_bounds, equal_chars);
-
-  debug() << "(sr::check_axioms) negated not_contains axiom: "
+
+  std::vector<exprt> conjuncts;
+  for(mp_integer i=lbe_int; i<ube_int; i=i+1)
+  {
+    const constant_exprt i_exprt=from_integer(i, univ_var.type());
+    const equal_exprt equal_chars(
+      axiom.s0()[plus_exprt(univ_var, i_exprt)],
+      axiom.s1()[i_exprt]);
+    conjuncts.push_back(equal_chars);
+  }
+  exprt equal_strings=conjunction(conjuncts);
+  and_exprt negaxiom(univ_bounds, axiom.premise(), equal_strings);
+
+  debug() << "(string_refinement::check_axioms) negated not_contains axiom: "
           << from_expr(ns, "", negaxiom) << eom;
   substitute_array_access(negaxiom);
   return negaxiom;
@@ -1093,21 +1104,23 @@ exprt string_refinementt::negation_of_constraint(
     to_integer(to_constant_expr(ub), ub_int);
     if(ub_int<=lb_int)
     {
-      debug() << "empty constraint with current model" << eom;
+      debug() << "(string_refinement::check_axioms) empty constraint with "
+              << "current model, adding false" << eom;
       return false_exprt();
     }
   }
 
   if(axiom.premise()==false_exprt())
   {
-    debug() << "(string_refinement::check_axioms) adding false" << eom;
+    debug() << "(string_refinement::check_axioms) false premise, adding false"
+            << eom;
     return false_exprt();
   }
 
   and_exprt premise(axiom.premise(), axiom.univ_within_bounds());
   and_exprt negaxiom(premise, not_exprt(axiom.body()));
 
-  debug() << "(sr::check_axioms) negated axiom: "
+  debug() << "(string_refinement::check_axioms) negated universal axiom: "
           << from_expr(ns, "", negaxiom) << eom;
   substitute_array_access(negaxiom);
   return negaxiom;
@@ -1172,8 +1185,6 @@ bool string_refinementt::check_axioms()
 
     symbol_exprt univ_var=generator.fresh_univ_index(
       "not_contains_univ_var", nc_axiom.s0().length().type());
-    exprt wit=generator.get_witness_of(nc_axiom, univ_var);
-    exprt val=get(wit);
     const string_not_contains_constraintt nc_axiom_in_model(
       get(univ_bound_inf),
       get(univ_bound_sup),
@@ -1184,7 +1195,7 @@ bool string_refinementt::check_axioms()
       to_string_expr(get(s1)));
 
     const exprt negaxiom=negation_of_not_contains_constraint(
-      nc_axiom_in_model, val, univ_var);
+      nc_axiom_in_model, univ_var);
     exprt witness;
 
     bool is_sat=is_axiom_sat(negaxiom, univ_var, witness);
@@ -1741,6 +1752,18 @@ exprt string_refinementt::get(const exprt &expr) const
     if(it!=found_length.end())
       return get_array(ecopy, it->second);
   }
+  else if(refined_string_typet::is_refined_string_type(ecopy.type()) &&
+          ecopy.id()==ID_struct)
+  {
+    string_exprt ecopy2=to_string_expr(ecopy);
+    const exprt &econtent=ecopy2.content();
+    const exprt &elength=ecopy2.length();
+
+    exprt len=supert::get(elength);
+    len=simplify_expr(len, ns);
+    const exprt arr=get_array(econtent, len);
+    ecopy=string_exprt(len, arr, ecopy.type());
+  }
 
   ecopy=supert::get(ecopy);
 
@@ -1772,6 +1795,7 @@ bool string_refinementt::is_axiom_sat(
     }
   case decision_proceduret::resultt::D_UNSATISFIABLE:
     return false;
+  case decision_proceduret::resultt::D_ERROR:
   default:
     INVARIANT(false, string_refinement_invariantt("failure in checking axiom"));
     // To tell the compiler that the previous line bails
diff --git a/src/solvers/refinement/string_refinement.h b/src/solvers/refinement/string_refinement.h
index 743366d628d..d53f0057422 100644
--- a/src/solvers/refinement/string_refinement.h
+++ b/src/solvers/refinement/string_refinement.h
@@ -120,7 +120,6 @@ class string_refinementt: public bv_refinementt
   void add_instantiations();
   exprt negation_of_not_contains_constraint(
     const string_not_contains_constraintt &axiom,
-    const exprt &val,
     const symbol_exprt &univ_var);
   exprt negation_of_constraint(const string_constraintt &axiom);
   void debug_model();

From d43f9b50c11d7e6ef930a18238301a0d47b6cbeb Mon Sep 17 00:00:00 2001
From: Jesse Sigal <jesse.sigal@gmail.com>
Date: Wed, 19 Jul 2017 11:58:18 +0100
Subject: [PATCH 455/699] Added `string_constraintt` invariant checking

Updated the documentation to explicitly state the invariants (and turned on MathJax in Doxygen). Created a function to check the invariant and added a check in `string_refinementt::dec_solve`.
---
 src/doxyfile                                  |   2 +-
 src/solvers/refinement/string_constraint.h    |  33 +++
 ...ng_constraint_generator_transformation.cpp |   5 +-
 src/solvers/refinement/string_refinement.cpp  | 230 +++++++++++++++---
 src/solvers/refinement/string_refinement.h    |   6 +-
 5 files changed, 230 insertions(+), 46 deletions(-)

diff --git a/src/doxyfile b/src/doxyfile
index 7d894c4e704..4bccf022c96 100644
--- a/src/doxyfile
+++ b/src/doxyfile
@@ -1473,7 +1473,7 @@ FORMULA_TRANSPARENT    = YES
 # The default value is: NO.
 # This tag requires that the tag GENERATE_HTML is set to YES.
 
-USE_MATHJAX            = NO
+USE_MATHJAX            = YES
 
 # When MathJax is enabled you can set the default output format to be used for
 # the MathJax output. See the MathJax site (see:
diff --git a/src/solvers/refinement/string_constraint.h b/src/solvers/refinement/string_constraint.h
index 03233ab083a..6edb848b550 100644
--- a/src/solvers/refinement/string_constraint.h
+++ b/src/solvers/refinement/string_constraint.h
@@ -24,6 +24,30 @@ Author: Romain Brenguier, romain.brenguier@diffblue.com
 #include <solvers/refinement/bv_refinement.h>
 #include <solvers/refinement/string_refinement_invariant.h>
 #include <util/refined_string_type.h>
+#include <langapi/language_util.h>
+
+/*! \brief Universally quantified string constraint
+
+    This represents a universally quantified string constraint as laid out in
+    DOI: 10.1007/978-3-319-03077-7. The paper seems to specify a universal
+    constraint as follows.
+
+    A universal constraint is of the form \f$\forall n. L(n) \rightarrow
+    P(n, s_0,\ldots, s_k)\f$ where
+
+    1. \f$L(n)\f$ does not contain string indices [possibly not required, but
+       implied by examples]
+    2. \f$\forall n. L(n) \rightarrow P'\left(s_0[f_0(n)],\ldots, s_k[f_k(n)]
+       \right)\f$, i.e. when focusing on one specific string, all indices are
+       the same [stated in a roundabout manner]
+    3. Each \f$f\f$ is linear and therefore has an inverse [explicitly stated]
+    4. \f$L(n)\f$ and \f$P(n, s_0,\ldots, s_k)\f$ may contain other (free)
+       variables, but in \f$P\f$, \f$n\f$ can only occur as an argument to an
+       \f$f\f$ [explicitly stated, implied]
+
+    We extend this slightly by restricting n to be in a specific range, but this
+    is another implication which can be pushed in to \f$L(n)\f$.
+*/
 
 class string_constraintt: public exprt
 {
@@ -114,6 +138,15 @@ extern inline string_constraintt &to_string_constraint(exprt &expr)
   return static_cast<string_constraintt &>(expr);
 }
 
+inline static std::string from_expr(
+  const namespacet &ns,
+  const irep_idt &identifier,
+  const string_constraintt &expr)
+{
+  return from_expr(ns, identifier, expr.premise())+" => "+
+    from_expr(ns, identifier, expr.body());
+}
+
 class string_not_contains_constraintt: public exprt
 {
 public:
diff --git a/src/solvers/refinement/string_constraint_generator_transformation.cpp b/src/solvers/refinement/string_constraint_generator_transformation.cpp
index 49680c8b9cd..abbd6d34794 100644
--- a/src/solvers/refinement/string_constraint_generator_transformation.cpp
+++ b/src/solvers/refinement/string_constraint_generator_transformation.cpp
@@ -293,8 +293,9 @@ string_exprt string_constraint_generatort::add_axioms_for_to_upper_case(
 
   // We add axioms:
   // a1 : |res| = |str|
-  // a2 : forall idx<str.length, 'a'<=str[idx]<='z' => res[idx]=str[idx]+'A'-'a'
-  // a3 : forall idx<str.length, !('a'<=str[idx]<='z') => res[idx]=str[idx]
+  // a2 : forall idx1<str.length, 'a'<=str[idx1]<='z' =>
+  //                                res[idx1]=str[idx1]+'A'-'a'
+  // a3 : forall idx2<str.length, !('a'<=str[idx2]<='z') => res[idx2]=str[idx2]
   // Note that index expressions are only allowed in the body of universal
   // axioms, so we use a trivial premise and push our premise into the body.
 
diff --git a/src/solvers/refinement/string_refinement.cpp b/src/solvers/refinement/string_refinement.cpp
index e22df07dd02..1ea01ef2c78 100644
--- a/src/solvers/refinement/string_refinement.cpp
+++ b/src/solvers/refinement/string_refinement.cpp
@@ -19,6 +19,7 @@ Author: Alberto Griggio, alberto.griggio@gmail.com
 
 #include <sstream>
 #include <iomanip>
+#include <stack>
 #include <ansi-c/string_constant.h>
 #include <util/cprover_prefix.h>
 #include <util/replace_expr.h>
@@ -517,6 +518,10 @@ decision_proceduret::resultt string_refinementt::dec_solve()
     if(axiom.id()==ID_string_constraint)
     {
       string_constraintt c=to_string_constraint(axiom);
+      DATA_INVARIANT(
+        is_valid_string_constraint(c),
+        string_refinement_invariantt(
+          "string constraints satisfy their invariant"));
       universal_axioms.push_back(c);
     }
     else if(axiom.id()==ID_string_not_contains_constraint)
@@ -1025,10 +1030,11 @@ void string_refinementt::substitute_array_access(exprt &expr) const
 /// \param axiom: the not_contains constraint to add the negation of
 /// \param univ_var: the universal variable for the negation of the axiom
 /// \return: the negation of the axiom under the current evaluation
-exprt string_refinementt::negation_of_not_contains_constraint(
+static exprt negation_of_not_contains_constraint(
   const string_not_contains_constraintt &axiom,
   const symbol_exprt &univ_var)
 {
+  // If the for all is vacuously true, the negation is false.
   exprt lbu=axiom.univ_lower_bound();
   exprt ubu=axiom.univ_upper_bound();
   if(lbu.id()==ID_constant && ubu.id()==ID_constant)
@@ -1037,37 +1043,29 @@ exprt string_refinementt::negation_of_not_contains_constraint(
     to_integer(to_constant_expr(lbu), lb_int);
     to_integer(to_constant_expr(ubu), ub_int);
     if(ub_int<=lb_int)
-    {
-      debug() << "(string_refinement::check_axioms) empty constraint with "
-              << "current model, adding false" << eom;
       return false_exprt();
-    }
   }
 
   exprt lbe=axiom.exists_lower_bound();
   exprt ube=axiom.exists_upper_bound();
 
-  INVARIANT(
-    lbe.id()==ID_constant && ube.id()==ID_constant,
-    string_refinement_invariantt("please"));
-
   mp_integer lbe_int, ube_int;
   to_integer(to_constant_expr(lbe), lbe_int);
   to_integer(to_constant_expr(ube), ube_int);
 
+  // If the premise is false, the implication is trivially true, so the
+  // negation is false.
   if(axiom.premise()==false_exprt())
-  {
-    debug() << "(string_refinement::check_axioms) false premise, adding false"
-            << eom;
     return false_exprt();
-  }
 
   and_exprt univ_bounds(
     binary_relation_exprt(lbu, ID_le, univ_var),
     binary_relation_exprt(ubu, ID_gt, univ_var));
 
+  // The negated existential becomes an universal, and this is the unrolling of
+  // that universal quantifier.
   std::vector<exprt> conjuncts;
-  for(mp_integer i=lbe_int; i<ube_int; i=i+1)
+  for(mp_integer i=lbe_int; i<ube_int; ++i)
   {
     const constant_exprt i_exprt=from_integer(i, univ_var.type());
     const equal_exprt equal_chars(
@@ -1078,9 +1076,6 @@ exprt string_refinementt::negation_of_not_contains_constraint(
   exprt equal_strings=conjunction(conjuncts);
   and_exprt negaxiom(univ_bounds, axiom.premise(), equal_strings);
 
-  debug() << "(string_refinement::check_axioms) negated not_contains axiom: "
-          << from_expr(ns, "", negaxiom) << eom;
-  substitute_array_access(negaxiom);
   return negaxiom;
 }
 
@@ -1092,9 +1087,9 @@ exprt string_refinementt::negation_of_not_contains_constraint(
 ///   their valuation in the current model.
 /// \param axiom: the not_contains constraint to add the negation of
 /// \return: the negation of the axiom under the current evaluation
-exprt string_refinementt::negation_of_constraint(
-  const string_constraintt &axiom)
+static exprt negation_of_constraint(const string_constraintt &axiom)
 {
+  // If the for all is vacuously true, the negation is false.
   exprt lb=axiom.lower_bound();
   exprt ub=axiom.upper_bound();
   if(lb.id()==ID_constant && ub.id()==ID_constant)
@@ -1103,26 +1098,17 @@ exprt string_refinementt::negation_of_constraint(
     to_integer(to_constant_expr(lb), lb_int);
     to_integer(to_constant_expr(ub), ub_int);
     if(ub_int<=lb_int)
-    {
-      debug() << "(string_refinement::check_axioms) empty constraint with "
-              << "current model, adding false" << eom;
       return false_exprt();
-    }
   }
 
+  // If the premise is false, the implication is trivially true, so the
+  // negation is false.
   if(axiom.premise()==false_exprt())
-  {
-    debug() << "(string_refinement::check_axioms) false premise, adding false"
-            << eom;
     return false_exprt();
-  }
 
   and_exprt premise(axiom.premise(), axiom.univ_within_bounds());
   and_exprt negaxiom(premise, not_exprt(axiom.body()));
 
-  debug() << "(string_refinement::check_axioms) negated universal axiom: "
-          << from_expr(ns, "", negaxiom) << eom;
-  substitute_array_access(negaxiom);
   return negaxiom;
 }
 
@@ -1153,7 +1139,10 @@ bool string_refinementt::check_axioms()
     const string_constraintt axiom_in_model(
       univ_var, get(bound_inf), get(bound_sup), get(prem), get(body));
 
-    const exprt negaxiom=negation_of_constraint(axiom_in_model);
+    exprt negaxiom=negation_of_constraint(axiom_in_model);
+    debug() << "(string_refinementt::check_axioms) Adding negated constraint: "
+            << from_expr(ns, "", negaxiom) << eom;
+    substitute_array_access(negaxiom);
     exprt witness;
 
     bool is_sat=is_axiom_sat(negaxiom, univ_var, witness);
@@ -1194,8 +1183,11 @@ bool string_refinementt::check_axioms()
       to_string_expr(get(s0)),
       to_string_expr(get(s1)));
 
-    const exprt negaxiom=negation_of_not_contains_constraint(
+    exprt negaxiom=negation_of_not_contains_constraint(
       nc_axiom_in_model, univ_var);
+    debug() << "(string_refinementt::check_axioms) Adding negated constraint: "
+            << from_expr(ns, "", negaxiom) << eom;
+    substitute_array_access(negaxiom);
     exprt witness;
 
     bool is_sat=is_axiom_sat(negaxiom, univ_var, witness);
@@ -1755,14 +1747,12 @@ exprt string_refinementt::get(const exprt &expr) const
   else if(refined_string_typet::is_refined_string_type(ecopy.type()) &&
           ecopy.id()==ID_struct)
   {
-    string_exprt ecopy2=to_string_expr(ecopy);
-    const exprt &econtent=ecopy2.content();
-    const exprt &elength=ecopy2.length();
+    const string_exprt &string=to_string_expr(ecopy);
+    const exprt &content=string.content();
+    const exprt &length=string.length();
 
-    exprt len=supert::get(elength);
-    len=simplify_expr(len, ns);
-    const exprt arr=get_array(econtent, len);
-    ecopy=string_exprt(len, arr, ecopy.type());
+    const exprt arr=get_array(content, length);
+    ecopy=string_exprt(length, arr, string.type());
   }
 
   ecopy=supert::get(ecopy);
@@ -1802,3 +1792,165 @@ bool string_refinementt::is_axiom_sat(
     throw 0;
   }
 }
+
+/// \related string_constraintt
+typedef std::map<exprt, std::vector<exprt>> array_index_mapt;
+
+/// \related string_constraintt
+class gather_indices_visitort: public const_expr_visitort
+{
+public:
+  array_index_mapt indices;
+
+  gather_indices_visitort(): indices() {}
+
+  void operator()(const exprt &expr) override
+  {
+    if(expr.id()==ID_index)
+    {
+      const index_exprt index=to_index_expr(expr);
+      const exprt s(index.array());
+      const exprt i(index.index());
+      indices[s].push_back(i);
+    }
+  }
+};
+
+/// \related string_constraintt
+static array_index_mapt gather_indices(const exprt &expr)
+{
+  gather_indices_visitort v;
+  expr.visit(v);
+  return v.indices;
+}
+
+/// \related string_constraintt
+class is_linear_arithmetic_expr_visitort: public const_expr_visitort
+{
+public:
+  bool correct;
+
+  is_linear_arithmetic_expr_visitort(): correct(true) {}
+
+  void operator()(const exprt &expr) override
+  {
+    if(expr.id()!=ID_plus && expr.id()!=ID_minus && expr.id()!=ID_unary_minus)
+    {
+      // This represents that the expr is a valid leaf, may not be future proof
+      // or 100% enforced, but is correct prescriptively. All non-sum exprs must
+      // be leaves.
+      correct&=expr.operands().empty();
+    }
+  }
+};
+
+/// \related string_constraintt
+static bool is_linear_arithmetic_expr(const exprt &expr)
+{
+  is_linear_arithmetic_expr_visitort v;
+  expr.visit(v);
+  return v.correct;
+}
+
+/// The universally quantified variable is only allowed to occur in index
+/// expressions in the body of a string constraint. This function returns true
+/// if this is the case and false otherwise.
+/// \related string_constraintt
+/// \param [in] expr: The string constraint to check
+/// \return true if the universal variable only occurs in index expressions,
+///   false otherwise.
+static bool universal_only_in_index(const string_constraintt &expr)
+{
+  // For efficiency, we do a depth-first search of the
+  // body. The exprt visitors do a BFS and hide the stack/queue, so we would
+  // need to store a map from child to parent.
+
+  // The unsigned int represents index depth we are. For example, if we are
+  // considering the fragment `a[b[x]]` (not inside an index expression), then
+  // the stack would look something like `[..., (a, 0), (b, 1), (x, 2)]`.
+  typedef std::pair<exprt, unsigned> valuet;
+  std::stack<valuet> stack;
+  // We start at 0 since expr is not an index expression, so expr.body() is not
+  // in an index expression.
+  stack.push(valuet(expr.body(), 0));
+  while(!stack.empty())
+  {
+    // Inspect current value
+    const valuet cur=stack.top();
+    stack.pop();
+    const exprt e=cur.first;
+    const unsigned index_depth=cur.second;
+    const unsigned child_index_depth=index_depth+(e.id()==ID_index?0:1);
+
+    // If we found the universal variable not in an index_exprt, fail
+    if(e==expr.univ_var() && index_depth==0)
+      return false;
+    else
+      forall_operands(it, e)
+        stack.push(valuet(*it, child_index_depth));
+  }
+  return true;
+}
+
+/// Checks the data invariant for \link string_constraintt
+/// \related string_constraintt
+/// \param [in] expr: the string constraint to check
+/// \return whether the constraint satisfies the invariant
+bool string_refinementt::is_valid_string_constraint(
+  const string_constraintt &expr)
+{
+  // Condition 1: The premise cannot contain any string indices
+  const array_index_mapt premise_indices=gather_indices(expr.premise());
+  if(!premise_indices.empty())
+  {
+    error() << "Premise has indices: " << from_expr(ns, "", expr) << ", map: {";
+    for(const auto &pair : premise_indices)
+    {
+      error() << from_expr(ns, "", pair.first) << ": {";
+      for(const auto &i : pair.second)
+        error() << from_expr(ns, "", i) <<  ", ";
+    }
+    error() << "}}" << eom;
+    return false;
+  }
+
+  const array_index_mapt body_indices=gather_indices(expr.body());
+  // Must validate for each string. Note that we have an invariant that the
+  // second value in the pair is non-empty.
+  for(const auto &pair : body_indices)
+  {
+    // Condition 2: All indices of the same string must be the of the same form
+    const exprt rep=pair.second.back();
+    for(size_t j=0; j<pair.second.size()-1; j++)
+    {
+      const exprt i=pair.second[j];
+      const equal_exprt equals(rep, i);
+      const exprt result=simplify_expr(equals, ns);
+      if(result.is_false())
+      {
+        error() << "Indices not equal: " << from_expr(ns, "", expr) << ", str: "
+                << from_expr(ns, "", pair.first) << eom;
+        return false;
+      }
+    }
+
+    // Condition 3: f must be linear
+    if(!is_linear_arithmetic_expr(rep))
+    {
+      error() << "f is not linear: " << from_expr(ns, "", expr) << ", str: "
+              << from_expr(ns, "", pair.first) << eom;
+      return false;
+    }
+
+    // Condition 4: the quantified variable can only occur in indices in the
+    // body
+    if(!universal_only_in_index(expr))
+    {
+      error() << "Universal variable outside of index:"
+              << from_expr(ns, "", expr) << eom;
+      return false;
+    }
+  }
+
+  return true;
+}
diff --git a/src/solvers/refinement/string_refinement.h b/src/solvers/refinement/string_refinement.h
index d53f0057422..3a83734b1d5 100644
--- a/src/solvers/refinement/string_refinement.h
+++ b/src/solvers/refinement/string_refinement.h
@@ -118,10 +118,6 @@ class string_refinementt: public bv_refinementt
   void set_to(const exprt &expr, bool value) override;
 
   void add_instantiations();
-  exprt negation_of_not_contains_constraint(
-    const string_not_contains_constraintt &axiom,
-    const symbol_exprt &univ_var);
-  exprt negation_of_constraint(const string_constraintt &axiom);
   void debug_model();
   bool check_axioms();
   bool is_axiom_sat(
@@ -150,6 +146,8 @@ class string_refinementt: public bv_refinementt
   exprt sum_over_map(
     std::map<exprt, int> &m, const typet &type, bool negated=false) const;
 
+  bool is_valid_string_constraint(const string_constraintt &expr);
+
   exprt simplify_sum(const exprt &f) const;
   template <typename T1, typename T2>
   void pad_vector(

From c306d56e72a9a7898b24030294865fd52c234cbd Mon Sep 17 00:00:00 2001
From: Jesse Sigal <jesse.sigal@gmail.com>
Date: Fri, 21 Jul 2017 14:49:53 +0100
Subject: [PATCH 456/699] Fixed some spelling errors

---
 src/solvers/refinement/string_refinement.cpp | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/src/solvers/refinement/string_refinement.cpp b/src/solvers/refinement/string_refinement.cpp
index 1ea01ef2c78..a8c66d63404 100644
--- a/src/solvers/refinement/string_refinement.cpp
+++ b/src/solvers/refinement/string_refinement.cpp
@@ -211,7 +211,7 @@ void string_refinementt::set_char_array_equality(
 
 /// remove functions applications and create the necessary axioms
 /// \par parameters: an expression containing function applications
-/// \return an epression containing no function application
+/// \return an expression containing no function application
 exprt string_refinementt::substitute_function_applications(exprt expr)
 {
   for(size_t i=0; i<expr.operands().size(); ++i)
@@ -795,7 +795,7 @@ exprt string_refinementt::get_array(const exprt &arr) const
 }
 
 /// convert the content of a string to a more readable representation. This
-/// should only be used for debbuging.
+/// should only be used for debugging.
 /// \par parameters: a constant array expression and a integer expression
 /// \return a string
 std::string string_refinementt::string_of_array(const array_exprt &arr)
@@ -1022,7 +1022,7 @@ void string_refinementt::substitute_array_access(exprt &expr) const
 }
 
 /// Negates the constraint to be fed to a solver. The intended usage is to find
-/// an assignement of the universal variable that would violate the axiom. To
+/// an assignment of the universal variable that would violate the axiom. To
 /// avoid false positives, the symbols other than the universal variable should
 /// have been replaced by their valuation in the current model.
 /// \pre Symbols other than the universal variable should have been replaced by
@@ -1080,7 +1080,7 @@ static exprt negation_of_not_contains_constraint(
 }
 
 /// Negates the constraint to be fed to a solver. The intended usage is to find
-/// an assignement of the universal variable that would violate the axiom. To
+/// an assignment of the universal variable that would violate the axiom. To
 /// avoid false positives, the symbols other than the universal variable should
 /// have been replaced by their valuation in the current model.
 /// \pre Symbols other than the universal variable should have been replaced by
@@ -1238,7 +1238,7 @@ bool string_refinementt::check_axioms()
   }
 }
 
-/// \par parameters: an expression with only addition and substraction
+/// \par parameters: an expression with only addition and subtraction
 /// \return a map where each leaf of the input is mapped to the number of times
 ///   it is added. For instance, expression $x + x - y$ would give the map x ->
 ///   2, y -> -1.
@@ -1355,7 +1355,7 @@ exprt string_refinementt::sum_over_map(
 }
 
 /// \par parameters: an expression with only plus and minus expr
-/// \return an equivalent expression in a cannonical form
+/// \return an equivalent expression in a canonical form
 exprt string_refinementt::simplify_sum(const exprt &f) const
 {
   std::map<exprt, int> map=map_representation_of_sum(f);
@@ -1375,7 +1375,7 @@ exprt string_refinementt::compute_inverse_function(
   exprt positive, negative;
   // number of time the element should be added (can be negative)
   // qvar has to be equal to val - f(0) if it appears positively in f
-  // (ie if f(qvar)=f(0) + qvar) and f(0) - val if it appears negatively
+  // (i.e. if f(qvar)=f(0) + qvar) and f(0) - val if it appears negatively
   // in f. So we start by computing val - f(0).
   std::map<exprt, int> elems=map_representation_of_sum(minus_exprt(val, f));
 
@@ -1611,7 +1611,7 @@ exprt find_index(const exprt &expr, const exprt &str, const symbol_exprt &qvar)
 /// \return substitute `qvar` the universally quantified variable of `axiom`, by
 ///   an index `val`, in `axiom`, so that the index used for `str` equals `val`.
 ///   For instance, if `axiom` corresponds to $\forall q. s[q+x]='a' &&
-///   t[q]='b'$, `instantiate(axom,s,v)` would return an expression for
+///   t[q]='b'$, `instantiate(axiom,s,v)` would return an expression for
 ///   $s[v]='a' && t[v-x]='b'$.
 exprt string_refinementt::instantiate(
   const string_constraintt &axiom, const exprt &str, const exprt &val)
@@ -1690,7 +1690,7 @@ void string_refinementt::instantiate_not_contains(
 
 /// replace array-lists by 'with' expressions
 /// \par parameters: an expression containing array-list expressions
-/// \return an epression containing no array-list
+/// \return an expression containing no array-list
 exprt string_refinementt::substitute_array_lists(exprt expr) const
 {
   for(size_t i=0; i<expr.operands().size(); ++i)
@@ -1761,7 +1761,7 @@ exprt string_refinementt::get(const exprt &expr) const
 }
 
 /// Creates a solver with `axiom` as the only formula added and runs it. If it
-/// is SAT, then true is returned and the given evalutation of `var` is stored
+/// is SAT, then true is returned and the given evaluation of `var` is stored
 /// in `witness`. If UNSAT, then what witness is is undefined.
 /// \param [in] axiom: the axiom to be checked
 /// \param [in] var: the variable whose evaluation will be stored in witness

From 5cb4c9a95a6eab0e5079d7bd75ba495a0c602de0 Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Wed, 26 Jul 2017 11:17:33 +0100
Subject: [PATCH 457/699] Add a utility for spotting string literal identifiers

This is ported over from test-gen, but really belongs here since the
identifiers are assigned by the java-bytecode-convert-method module.
---
 src/java_bytecode/java_bytecode_typecheck_expr.cpp |  4 ++--
 src/java_bytecode/java_entry_point.cpp             | 10 +++++-----
 src/java_bytecode/java_utils.cpp                   |  5 +++++
 src/java_bytecode/java_utils.h                     |  7 +++++++
 4 files changed, 19 insertions(+), 7 deletions(-)

diff --git a/src/java_bytecode/java_bytecode_typecheck_expr.cpp b/src/java_bytecode/java_bytecode_typecheck_expr.cpp
index d1d0e988d49..4d0de578b6c 100644
--- a/src/java_bytecode/java_bytecode_typecheck_expr.cpp
+++ b/src/java_bytecode/java_bytecode_typecheck_expr.cpp
@@ -21,6 +21,7 @@ Author: Daniel Kroening, kroening@kroening.com
 #include "java_bytecode_typecheck.h"
 #include "java_pointer_casts.h"
 #include "java_types.h"
+#include "java_utils.h"
 
 void java_bytecode_typecheckt::typecheck_expr(exprt &expr)
 {
@@ -101,8 +102,7 @@ void java_bytecode_typecheckt::typecheck_expr_java_string_literal(exprt &expr)
   const irep_idt value=expr.get(ID_value);
   const symbol_typet string_type("java::java.lang.String");
 
-  std::string escaped_symbol_name=
-    "java::java.lang.String.Literal.";
+  std::string escaped_symbol_name=JAVA_STRING_LITERAL_PREFIX ".";
   escaped_symbol_name+=escape_non_alnum(id2string(value));
 
   auto findit=symbol_table.symbols.find(escaped_symbol_name);
diff --git a/src/java_bytecode/java_entry_point.cpp b/src/java_bytecode/java_entry_point.cpp
index 52153837c79..19a0a5d53a0 100644
--- a/src/java_bytecode/java_entry_point.cpp
+++ b/src/java_bytecode/java_entry_point.cpp
@@ -31,6 +31,7 @@ Author: Daniel Kroening, kroening@kroening.com
 #include "java_entry_point.h"
 #include "java_object_factory.h"
 #include "java_types.h"
+#include "java_utils.h"
 
 #define INITIALIZE CPROVER_PREFIX "initialize"
 
@@ -71,7 +72,7 @@ static bool should_init_symbol(const symbolt &sym)
      sym.mode==ID_java)
     return true;
 
-  return has_prefix(id2string(sym.name), "java::java.lang.String.Literal");
+  return is_java_string_literal_id(sym.name);
 }
 
 void java_static_lifetime_init(
@@ -102,14 +103,13 @@ void java_static_lifetime_init(
         bool allow_null=!assume_init_pointers_not_null;
         if(allow_null)
         {
-          std::string namestr=id2string(sym.symbol_expr().get_identifier());
+          irep_idt nameid=sym.symbol_expr().get_identifier();
+          std::string namestr=id2string(nameid);
           const std::string suffix="@class_model";
           // Static '.class' fields are always non-null.
           if(has_suffix(namestr, suffix))
             allow_null=false;
-          if(allow_null && has_prefix(
-               namestr,
-               "java::java.lang.String.Literal"))
+          if(allow_null && is_java_string_literal_id(nameid))
             allow_null=false;
         }
         auto newsym=object_factory(
diff --git a/src/java_bytecode/java_utils.cpp b/src/java_bytecode/java_utils.cpp
index 68004581c57..367f9010f0f 100644
--- a/src/java_bytecode/java_utils.cpp
+++ b/src/java_bytecode/java_utils.cpp
@@ -107,3 +107,8 @@ void merge_source_location_rec(
   for(exprt &op : expr.operands())
     merge_source_location_rec(op, source_location);
 }
+
+bool is_java_string_literal_id(const irep_idt &id)
+{
+  return has_prefix(id2string(id), JAVA_STRING_LITERAL_PREFIX);
+}
diff --git a/src/java_bytecode/java_utils.h b/src/java_bytecode/java_utils.h
index e171cc841c9..a610eba96be 100644
--- a/src/java_bytecode/java_utils.h
+++ b/src/java_bytecode/java_utils.h
@@ -9,6 +9,7 @@ Author: Daniel Kroening, kroening@kroening.com
 
 #include <util/type.h>
 #include <util/symbol_table.h>
+#include <util/message.h>
 
 #include "java_bytecode_parse_tree.h"
 
@@ -45,4 +46,10 @@ void merge_source_location_rec(
   exprt &expr,
   const source_locationt &source_location);
 
+#define JAVA_STRING_LITERAL_PREFIX "java::java.lang.String.Literal"
+
+/// \param id: any string
+/// \return Returns true if 'id' identifies a string literal symbol
+bool is_java_string_literal_id(const irep_idt &id);
+
 #endif // CPROVER_JAVA_BYTECODE_JAVA_UTILS_H

From 7121d4c763c9118fd38099c7f2588d4026ce78ee Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Wed, 26 Jul 2017 09:48:46 +0100
Subject: [PATCH 458/699] Object factory: remove type from recursion set on
 leaving scope

Previously the set was never shrunk, which led to sibling objects
with like type (e.g. class X { Other o1; Other o2; }) being mistaken
for potentially-recursive types and unconditionally set null.

The added test-case verifies that sibling objects can be initialised
both non-null.
---
 .../cbmc-java/siblingobjects1/Other.class     | Bin 0 -> 199 bytes
 .../cbmc-java/siblingobjects1/test.class      | Bin 0 -> 570 bytes
 .../cbmc-java/siblingobjects1/test.desc       |   8 +++
 .../cbmc-java/siblingobjects1/test.java       |  17 ++++++
 .../cbmc-java/siblingobjects2/Other.class     | Bin 0 -> 224 bytes
 .../cbmc-java/siblingobjects2/test.class      | Bin 0 -> 820 bytes
 .../cbmc-java/siblingobjects2/test.desc       |   9 +++
 .../cbmc-java/siblingobjects2/test.java       |  31 ++++++++++
 src/java_bytecode/java_object_factory.cpp     |  54 +++++++++++++++++-
 9 files changed, 118 insertions(+), 1 deletion(-)
 create mode 100644 regression/cbmc-java/siblingobjects1/Other.class
 create mode 100644 regression/cbmc-java/siblingobjects1/test.class
 create mode 100644 regression/cbmc-java/siblingobjects1/test.desc
 create mode 100644 regression/cbmc-java/siblingobjects1/test.java
 create mode 100644 regression/cbmc-java/siblingobjects2/Other.class
 create mode 100644 regression/cbmc-java/siblingobjects2/test.class
 create mode 100644 regression/cbmc-java/siblingobjects2/test.desc
 create mode 100644 regression/cbmc-java/siblingobjects2/test.java

diff --git a/regression/cbmc-java/siblingobjects1/Other.class b/regression/cbmc-java/siblingobjects1/Other.class
new file mode 100644
index 0000000000000000000000000000000000000000..32b9ecbde03aa80938790a3b6762c4f8b1c6bd64
GIT binary patch
literal 199
zcmXYqy$ZrW5QJy*YhpCMfMBT>rm++oK@h|giv1-XdLbqdFXC%i2^Kzp4<&BIVrF-~
zVcGZR`2sLS=)*+dqT`}Vpc`vNaAvAddQLEhqdmb|lm|%&*Q$`4`kcsWCz70rzb)%3
zl}ptGPs@v*Wa26UIB*GetWUBc^coiBqBurzlF3wK0E6EG#Ij)jH$Gz0;?(EaboTfG
Ry8mjA-TA?g-RESW{RP50Aj$v$

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/siblingobjects1/test.class b/regression/cbmc-java/siblingobjects1/test.class
new file mode 100644
index 0000000000000000000000000000000000000000..587eaab4feb12237e62ece98a14472e2fcff416f
GIT binary patch
literal 570
zcmYLF%TB^j5IxftN=s2hMSOrS7V1KyVJ9&f)RoEtV<Ni(H(G_(w8f9{2VA2@5>0fc
zi63R0i##@GI_FH!oI5|iZyx{($eS>bF`#2s!kmP89SbHR$mqzL$YD{(5<&5{3HnJn
zycYhhY<CEgc{>P%A3B~J96EtrYl;Ses)T6Kah-6FpsuZ75VVrl5QOm)#}#MoR!#Wl
za+rmd?YM+QCA90er}kZ+juq?8zJXcs+J0ReJ969zMG$V@*!Q-DaU?C6h+D8EBrrzE
zNNKBSyH{HWgJeg(@A<q*{;Ffy!U|Ri$<buFb|dN`ryEhFCO?djZiv9~MPum2F~c?s
z{HiLJ`BnyBQ3c5y{6#Vfkj%(5eT8E(Kfzs=D{+l%bU~foc#1LFBNfKU;pi!359Bsp
zpnSpPqJBf`JVARv{2h_YE~1~(LxJ>2L1T>ZQiJbe@~Swdn2A6g<18^u53LJ5V_+hs
dzasVkU3-M4KC}7IZII~SL9zB_?sQL{`2$+_U-tk2

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/siblingobjects1/test.desc b/regression/cbmc-java/siblingobjects1/test.desc
new file mode 100644
index 00000000000..fd32dd3f006
--- /dev/null
+++ b/regression/cbmc-java/siblingobjects1/test.desc
@@ -0,0 +1,8 @@
+CORE
+test.class
+--function test.main
+^EXIT=10$
+^SIGNAL=0$
+VERIFICATION FAILED
+assertion at file test\.java line 10 .* FAILURE
+--
diff --git a/regression/cbmc-java/siblingobjects1/test.java b/regression/cbmc-java/siblingobjects1/test.java
new file mode 100644
index 00000000000..385f501d8f7
--- /dev/null
+++ b/regression/cbmc-java/siblingobjects1/test.java
@@ -0,0 +1,17 @@
+
+public class test {
+
+  public Other o1;
+  public Other o2;
+
+  public void main() {
+    if(o1 == null || o2 == null)
+      return;
+    assert(false);
+  }
+
+}
+
+class Other {
+  int x;
+}
diff --git a/regression/cbmc-java/siblingobjects2/Other.class b/regression/cbmc-java/siblingobjects2/Other.class
new file mode 100644
index 0000000000000000000000000000000000000000..e3b5e79fb89d31a6a1137b93dbe0ee5059417108
GIT binary patch
literal 224
zcmW-bK@Y(|5QX2g+NDallQ`nQ#f`W~B$9>$ao^U43M;9t^lv#y9Q*)3N=$p0@6EiI
znaub1{s5Su?ZHM<AP{H~DCb%cDq7`+Ai|9~sdP$kXNgYCoM86{d(IcPgCYcBqSZRP
zMk?LO=)#V-y=7^vmPs+xjJliASw5tXDry9$JV$61-uNQ*alDDnDmLiB;y=IyDsY&9
g3&A8VUS{>U>#`P(Gkk%bWn5>vrP*QnJXvV`0XEeoQUCw|

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/siblingobjects2/test.class b/regression/cbmc-java/siblingobjects2/test.class
new file mode 100644
index 0000000000000000000000000000000000000000..3f769495c3ad6f47b11d5488ced37a63d714b41b
GIT binary patch
literal 820
zcmb7CT~8B16g{*3*mhaAEoiA|MGz|#rP1&vF&fk-ln023B&ON66J1<(o82k#x9|si
zR!K=T(YHSMqm1V^h5F!&FL&miIrq%DcjnjcZ$AKRq2<6uy$A<4B`g(j3(F37D-v!C
zwrb;!g97R{8V>Ga&BnTd6+ck0clXSDojj8Cp~C#CpQbu7K^&#eg4FMXx~HHH74q9b
z6qv^fnYH!T3fY~wrxi-OL8M;|jypOz5Hb&r{UB19-8X*s!%M$Efvb`JXxjZah>T9s
zb`+a-Gzde5MHBZ!eWJsE9Tv8`;pAFpKOQ7q{UVS{ibkhq^T<E(UCd$L#VkA*C3rTP
zE;b~o34BdL85M<^kXxZ2y=y(a=<s=x#0edXn2mcb?qgG-JZ0{6j&#>3<i;~1Q<`AY
zQ^ronc_~zTIt>!tyOd`4X21gu>k!L)0+(-<0p|jbJ8H;Uu8BG3IU?+X@d~p#S0!lk
z9P0C!ew8sl1}(<wCH3uuy3ss?H9~_+W`rfl&X66UBEWcOH-{7)A}@j#M6k+x!EfQA
zh!uKl&}Ea^0?{n2hWO<e8O7BWtHf353+z+Od`IEUIf_50at;Y#8y-tUg5@47_y+%{
vut0^{RH1;yzZAp)P?>Xvm^p=={e*1hE9|L@iz$hN94z;V%<?)D3pf4%(lCh)

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/siblingobjects2/test.desc b/regression/cbmc-java/siblingobjects2/test.desc
new file mode 100644
index 00000000000..c3dacca8719
--- /dev/null
+++ b/regression/cbmc-java/siblingobjects2/test.desc
@@ -0,0 +1,9 @@
+CORE
+test.class
+--function test.main
+^EXIT=10$
+^SIGNAL=0$
+VERIFICATION FAILED
+assertion at file test.java line 23 function java::test\.toplevel_pointers_not_null.*: FAILURE
+assertion at file test.java line 18 function java::test\.next_pointers_not_null.*: SUCCESS
+--
diff --git a/regression/cbmc-java/siblingobjects2/test.java b/regression/cbmc-java/siblingobjects2/test.java
new file mode 100644
index 00000000000..82533d478b0
--- /dev/null
+++ b/regression/cbmc-java/siblingobjects2/test.java
@@ -0,0 +1,31 @@
+
+public class test {
+
+  public Other o1;
+  public Other o2;
+
+  public void main() {
+    if(o1 != null && o2 != null) {
+      if(o1.next != null && o2.next != null) {
+        next_pointers_not_null();
+      }
+      toplevel_pointers_not_null();
+    }
+  }
+
+  public void next_pointers_not_null() {
+    // Not currently achievable due to recursive types
+    assert(false);
+  }
+
+  public void toplevel_pointers_not_null() {
+    // Should be possible to hit
+    assert(false);
+  }
+
+}
+
+class Other {
+  int x;
+  Other next;
+}
diff --git a/src/java_bytecode/java_object_factory.cpp b/src/java_bytecode/java_object_factory.cpp
index 5b4f336f727..fad2f45e583 100644
--- a/src/java_bytecode/java_object_factory.cpp
+++ b/src/java_bytecode/java_object_factory.cpp
@@ -389,6 +389,54 @@ void java_object_factoryt::gen_pointer_target_init(
   }
 }
 
+/// Recursion-set entry owner class. If a recursion-set entry is added
+/// in a particular scope, ensures that it is erased on leaving
+/// that scope.
+class recursion_set_entryt
+{
+  /// Recursion set to modify
+  std::unordered_set<irep_idt, irep_id_hash> &recursion_set;
+  /// Entry to erase on destruction, if non-empty
+  irep_idt erase_entry;
+
+public:
+  /// Initialise a recursion-set entry owner operating on a given set.
+  /// Initially it does not own any set entry.
+  /// \param _recursion_set: set to operate on.
+  recursion_set_entryt(std::unordered_set<irep_idt, irep_id_hash> &_recursion_set):
+    recursion_set(_recursion_set)
+  { }
+
+  /// Removes erase_entry (if set) from the controlled set.
+  ~recursion_set_entryt()
+  {
+    if(erase_entry!=irep_idt())
+      recursion_set.erase(erase_entry);
+  }
+
+  recursion_set_entryt(const recursion_set_entryt &)=delete;
+  recursion_set_entryt &operator=(const recursion_set_entryt &)=delete;
+
+  /// Try to add an entry to the controlled set. If it is added, own that
+  /// entry and erase it on destruction; otherwise do nothing.
+  /// \param entry: entry to add
+  /// \return true if added to the set (and therefore owned by this object)
+  bool insert_entry(const irep_idt &entry)
+  {
+    INVARIANT(
+      erase_entry==irep_idt(),
+      "insert_entry should only be called once");
+    INVARIANT(entry!=irep_idt(), "entry should be a struct tag");
+    bool ret=recursion_set.insert(entry).second;
+    if(ret)
+    {
+      // We added something, so erase it when this is destroyed:
+      erase_entry=entry;
+    }
+    return ret;
+  }
+};
+
 /// Initialises a primitive or object tree rooted at `expr`, of type pointer. It
 /// allocates child objects as necessary and nondet-initialising their members,
 /// or if MUST_UPDATE_IN_PLACE is set, re-initialising already-allocated
@@ -431,6 +479,10 @@ void java_object_factoryt::gen_nondet_pointer_init(
     return;
   }
 
+  // This deletes the recursion set entry on leaving this function scope,
+  // if one is set below.
+  recursion_set_entryt recursion_set_entry(recursion_set);
+
   const typet &subtype=ns.follow(pointer_type.subtype());
   if(subtype.id()==ID_struct)
   {
@@ -438,7 +490,7 @@ void java_object_factoryt::gen_nondet_pointer_init(
     const irep_idt &struct_tag=struct_type.get_tag();
 
     // If this is a recursive type of some kind, set null.
-    if(!recursion_set.insert(struct_tag).second)
+    if(!recursion_set_entry.insert_entry(struct_tag))
     {
       if(update_in_place==update_in_placet::NO_UPDATE_IN_PLACE)
       {

From 3a13476d678027e0793e822e058fedcaa29da41a Mon Sep 17 00:00:00 2001
From: Owen Jones <owen.jones@diffblue.com>
Date: Tue, 25 Jul 2017 10:00:37 +0100
Subject: [PATCH 459/699] Fix formatting spotted by the linter

---
 .../get_numeric_value_from_character.cpp                        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/unit/solvers/refinement/string_constraint_generator_valueof/get_numeric_value_from_character.cpp b/unit/solvers/refinement/string_constraint_generator_valueof/get_numeric_value_from_character.cpp
index 29bef9bd788..d562cb1c5ac 100644
--- a/unit/solvers/refinement/string_constraint_generator_valueof/get_numeric_value_from_character.cpp
+++ b/unit/solvers/refinement/string_constraint_generator_valueof/get_numeric_value_from_character.cpp
@@ -25,7 +25,7 @@ SCENARIO("get_numeric_value_from_character",
 
   REQUIRE(from_integer(0, int_type)==simplify_expr(
     get_numeric_value_from_character(
-      from_integer('0', char_type), char_type, int_type),ns));
+      from_integer('0', char_type), char_type, int_type), ns));
   REQUIRE(from_integer(9, int_type)==simplify_expr(
     get_numeric_value_from_character(
       from_integer('9', char_type),

From ca96a491be1c3c7843c2e68ab3387167906429b5 Mon Sep 17 00:00:00 2001
From: Owen Jones <owen.jones@diffblue.com>
Date: Wed, 26 Jul 2017 15:40:32 +0100
Subject: [PATCH 460/699] Refactor add_axioms_for_correct_number_format

# Conflicts:
#	src/solvers/refinement/string_constraint_generator_valueof.cpp
---
 .../refinement/string_constraint_generator.h  |  2 +-
 .../string_constraint_generator_valueof.cpp   | 38 +++++++++----------
 2 files changed, 19 insertions(+), 21 deletions(-)

diff --git a/src/solvers/refinement/string_constraint_generator.h b/src/solvers/refinement/string_constraint_generator.h
index a969ad6594e..a4c5c543d1d 100644
--- a/src/solvers/refinement/string_constraint_generator.h
+++ b/src/solvers/refinement/string_constraint_generator.h
@@ -294,7 +294,7 @@ class string_constraint_generatort
     const function_application_exprt &f);
 
   exprt add_axioms_for_parse_int(const function_application_exprt &f);
-  exprt add_axioms_for_correct_number_format(
+  void add_axioms_for_correct_number_format(
     const string_exprt &str, const exprt &radix, std::size_t max_size);
   exprt add_axioms_for_to_char_array(const function_application_exprt &f);
   exprt add_axioms_for_compare_to(const function_application_exprt &f);
diff --git a/src/solvers/refinement/string_constraint_generator_valueof.cpp b/src/solvers/refinement/string_constraint_generator_valueof.cpp
index 2995648dc38..3110c454607 100644
--- a/src/solvers/refinement/string_constraint_generator_valueof.cpp
+++ b/src/solvers/refinement/string_constraint_generator_valueof.cpp
@@ -364,12 +364,9 @@ string_exprt string_constraint_generatort::add_axioms_for_value_of(
 /// \param str: string expression
 /// \param radix: the radix
 /// \param max_size: maximum number of characters
-/// \return a boolean expression saying whether the string does represent a
-///   number with the given radix
-exprt string_constraint_generatort::add_axioms_for_correct_number_format(
+void string_constraint_generatort::add_axioms_for_correct_number_format(
   const string_exprt &str, const exprt &radix, std::size_t max_size)
 {
-  symbol_exprt correct=fresh_boolean("correct_number_format");
   const refined_string_typet &ref_type=to_refined_string_type(str.type());
   const typet &char_type=ref_type.get_char_type();
   const typet &index_type=ref_type.get_index_type();
@@ -386,31 +383,34 @@ exprt string_constraint_generatort::add_axioms_for_correct_number_format(
   // TODO: we should have implications in the other direction for correct
   // correct => |str| > 0
   exprt non_empty=str.axiom_for_is_longer_than(from_integer(1, index_type));
-  axioms.push_back(implies_exprt(correct, non_empty));
+  axioms.push_back(non_empty);
 
   // correct => (str[0] = '+' or '-' || is_digit_with_radix(str[0], radix))
   or_exprt correct_first(
     or_exprt(starts_with_minus, starts_with_plus), starts_with_digit);
-  axioms.push_back(implies_exprt(correct, correct_first));
+  axioms.push_back(correct_first);
 
   // correct => str[0]='+' or '-' ==> |str| > 1
   implies_exprt contains_digit(
     or_exprt(starts_with_minus, starts_with_plus),
     str.axiom_for_is_longer_than(from_integer(2, index_type)));
-  axioms.push_back(implies_exprt(correct, contains_digit));
+  axioms.push_back(contains_digit);
 
   // correct => |str| < max_size
-  axioms.push_back(
-    implies_exprt(correct, str.axiom_for_is_shorter_than(max_size)));
-
-  // forall 1 <= qvar < |str| . correct => is_digit_with_radix(str[qvar], radix)
-  symbol_exprt qvar=fresh_univ_index("number_format", index_type);
-  exprt is_digit=is_digit_with_radix(str[qvar], radix);
-  string_constraintt all_digits(
-    qvar, from_integer(1, index_type), str.length(), correct, is_digit);
-  axioms.push_back(all_digits);
+  axioms.push_back(str.axiom_for_is_shorter_than(max_size));
 
-  return correct;
+  // forall 1 <= i < |str| . correct => is_digit_with_radix(str[i], radix)
+  // We unfold the above because we know that it will be used for all i up to
+  // str.length()
+  for(std::size_t index=1; index<max_size; ++index)
+  {
+    const exprt index_expr=from_integer(index, index_type);
+    /// index < length && correct => is_digit(str[index])
+    implies_exprt character_at_index_is_digit(
+      binary_relation_exprt(index_expr, ID_lt, str.length()),
+      is_digit_with_radix(str[index], radix));
+    axioms.push_back(character_at_index_is_digit);
+  }
 }
 
 /// add axioms corresponding to the Integer.parseInt java function
@@ -443,9 +443,7 @@ exprt string_constraint_generatort::add_axioms_for_parse_int(
 
   /// TODO: we should throw an exception when this does not hold:
   const std::size_t max_string_length=40;
-  const exprt &correct=add_axioms_for_correct_number_format(
-    str, radix, max_string_length);
-  axioms.push_back(correct);
+  add_axioms_for_correct_number_format(str, radix, max_string_length);
 
   /// TODO(OJones): size should depend on the radix
   /// TODO(OJones): we should deal with overflow properly

From b295c054864342c34f1752d835172dc27740499e Mon Sep 17 00:00:00 2001
From: "Lukasz A.J. Wrona" <lukasz.andrzej.wrona@gmail.com>
Date: Tue, 25 Jul 2017 13:24:17 +0100
Subject: [PATCH 461/699] Enable working string regression tests

---
 regression/strings/StaticCharMethods01/test.desc    | 2 +-
 regression/strings/StaticCharMethods02/test.desc    | 3 ++-
 regression/strings/StaticCharMethods03/test.desc    | 3 ++-
 regression/strings/StaticCharMethods04/test.desc    | 3 ++-
 regression/strings/StaticCharMethods05/test.desc    | 5 ++++-
 regression/strings/StringCompare01/test.desc        | 2 ++
 regression/strings/StringCompare02/test.desc        | 3 ++-
 regression/strings/StringCompare03/test.desc        | 3 ++-
 regression/strings/StringCompare04/test.desc        | 3 ++-
 regression/strings/StringCompare05/test.desc        | 3 ++-
 regression/strings/StringConcatenation01/test.desc  | 2 +-
 regression/strings/StringConcatenation02/test.desc  | 3 ++-
 regression/strings/StringConcatenation03/test.desc  | 3 ++-
 regression/strings/StringConcatenation04/test.desc  | 3 ++-
 regression/strings/StringIndexMethods01/test.desc   | 2 +-
 regression/strings/StringIndexMethods02/test.desc   | 3 ++-
 regression/strings/StringIndexMethods03/test.desc   | 3 ++-
 regression/strings/StringIndexMethods04/test.desc   | 3 ++-
 regression/strings/StringIndexMethods05/test.desc   | 1 +
 regression/strings/StringMiscellaneous02/test.desc  | 3 ++-
 regression/strings/StringMiscellaneous03/test.desc  | 3 ++-
 regression/strings/StringMiscellaneous04/test.desc  | 2 +-
 regression/strings/StringStartEnd01/test.desc       | 2 +-
 regression/strings/StringStartEnd02/test.desc       | 3 ++-
 regression/strings/StringStartEnd03/test.desc       | 3 ++-
 regression/strings/StringValueOf02/test.desc        | 3 ++-
 regression/strings/StringValueOf03/test.desc        | 3 ++-
 regression/strings/StringValueOf04/test.desc        | 3 ++-
 regression/strings/StringValueOf05/test.desc        | 3 ++-
 regression/strings/StringValueOf06/test.desc        | 3 ++-
 regression/strings/StringValueOf07/test.desc        | 3 ++-
 regression/strings/StringValueOf08/test.desc        | 3 ++-
 regression/strings/StringValueOf09/test.desc        | 3 ++-
 regression/strings/SubString01/test.desc            | 2 +-
 regression/strings/SubString02/test.desc            | 3 ++-
 regression/strings/SubString03/test.desc            | 3 ++-
 regression/strings/bug-test-gen-095/test.desc       | 2 +-
 regression/strings/bug-test-gen-119-2/test.desc     | 2 +-
 regression/strings/bug-test-gen-119/test.desc       | 2 +-
 regression/strings/java_append_char/test.desc       | 5 +++--
 regression/strings/java_append_int/test.desc        | 6 ++++--
 regression/strings/java_append_object/test.desc     | 4 ++--
 regression/strings/java_case/test.desc              | 4 ++--
 regression/strings/java_char_array/test.desc        | 4 ++--
 regression/strings/java_char_array_init/test.desc   | 2 +-
 regression/strings/java_char_at/test.desc           | 4 ++--
 regression/strings/java_code_point/test.desc        | 4 ++--
 regression/strings/java_compare/test.desc           | 4 ++--
 regression/strings/java_concat/test.desc            | 2 +-
 regression/strings/java_contains/test.desc          | 4 ++--
 regression/strings/java_delete/test.desc            | 4 ++--
 regression/strings/java_delete_char_at/test.desc    | 4 ++--
 regression/strings/java_easychair/test.desc         | 2 +-
 regression/strings/java_empty/test.desc             | 4 ++--
 regression/strings/java_endswith/test.desc          | 4 ++--
 regression/strings/java_equal/test.desc             | 4 ++--
 regression/strings/java_float/test.desc             | 4 ++--
 regression/strings/java_hash_code/test.desc         | 4 ++--
 regression/strings/java_index_of/test.desc          | 4 ++--
 regression/strings/java_index_of_char/test.desc     | 4 ++--
 regression/strings/java_insert_char/test.desc       | 4 ++--
 regression/strings/java_insert_char_array/test.desc | 4 ++--
 regression/strings/java_insert_int/test.desc        | 4 ++--
 regression/strings/java_insert_multiple/test.desc   | 4 ++--
 regression/strings/java_insert_string/test.desc     | 4 ++--
 65 files changed, 122 insertions(+), 86 deletions(-)

diff --git a/regression/strings/StaticCharMethods01/test.desc b/regression/strings/StaticCharMethods01/test.desc
index a40f4534120..0440fc98273 100644
--- a/regression/strings/StaticCharMethods01/test.desc
+++ b/regression/strings/StaticCharMethods01/test.desc
@@ -1,4 +1,4 @@
-FUTURE
+CORE
 StaticCharMethods01.class
 --refine-strings
 ^EXIT=0$
diff --git a/regression/strings/StaticCharMethods02/test.desc b/regression/strings/StaticCharMethods02/test.desc
index 9366df6fa57..d537da812c9 100644
--- a/regression/strings/StaticCharMethods02/test.desc
+++ b/regression/strings/StaticCharMethods02/test.desc
@@ -1,8 +1,9 @@
-FUTURE
+CORE
 StaticCharMethods02.class
 --refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
+^\[.*assertion\.1\] .* line 6 .* FAILURE$
 --
 ^warning: ignoring
diff --git a/regression/strings/StaticCharMethods03/test.desc b/regression/strings/StaticCharMethods03/test.desc
index caba8503984..174071ed1da 100644
--- a/regression/strings/StaticCharMethods03/test.desc
+++ b/regression/strings/StaticCharMethods03/test.desc
@@ -1,8 +1,9 @@
-FUTURE
+CORE
 StaticCharMethods03.class
 --refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
+^\[.*assertion\.1\] .* line 6 .* FAILURE$
 ^VERIFICATION FAILED$
 --
 ^warning: ignoring
diff --git a/regression/strings/StaticCharMethods04/test.desc b/regression/strings/StaticCharMethods04/test.desc
index 1f686c041c2..ecc807f2d31 100644
--- a/regression/strings/StaticCharMethods04/test.desc
+++ b/regression/strings/StaticCharMethods04/test.desc
@@ -1,8 +1,9 @@
-FUTURE
+CORE
 StaticCharMethods04.class
 --refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
+^\[.*assertion\.1\] .* line 6 .* FAILURE$
 --
 ^warning: ignoring
diff --git a/regression/strings/StaticCharMethods05/test.desc b/regression/strings/StaticCharMethods05/test.desc
index b21901ac84a..88156354781 100644
--- a/regression/strings/StaticCharMethods05/test.desc
+++ b/regression/strings/StaticCharMethods05/test.desc
@@ -1,8 +1,11 @@
-FUTURE
+CORE
 StaticCharMethods05.class
 --refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
+^\[pointer_dereference\.2\] reference is null in \*this->data: FAILURE$
+^\[.*assertion\.1\] .* line 12 .* FAILURE$
+^\[.*assertion\.2\] .* line 22 .* FAILURE$
 ^VERIFICATION FAILED$
 --
 ^warning: ignoring
diff --git a/regression/strings/StringCompare01/test.desc b/regression/strings/StringCompare01/test.desc
index 007a6f798a7..2140f3a0c48 100644
--- a/regression/strings/StringCompare01/test.desc
+++ b/regression/strings/StringCompare01/test.desc
@@ -6,3 +6,5 @@ StringCompare01.class
 ^VERIFICATION SUCCESSFUL$
 --
 ^warning: ignoring
+--
+Fails because string.regionMatches is not implemented
diff --git a/regression/strings/StringCompare02/test.desc b/regression/strings/StringCompare02/test.desc
index 971e6a98c81..d20bfb7eb5c 100644
--- a/regression/strings/StringCompare02/test.desc
+++ b/regression/strings/StringCompare02/test.desc
@@ -1,8 +1,9 @@
-FUTURE
+CORE
 StringCompare02.class
 --refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
+^\[.*assertion\.1\] .* line 12 .* FAILURE$
 ^VERIFICATION FAILED$
 --
 ^warning: ignoring
diff --git a/regression/strings/StringCompare03/test.desc b/regression/strings/StringCompare03/test.desc
index acc89c80c4a..afc9b9b5307 100644
--- a/regression/strings/StringCompare03/test.desc
+++ b/regression/strings/StringCompare03/test.desc
@@ -1,8 +1,9 @@
-FUTURE
+CORE
 StringCompare03.class
 --refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
+^\[.*assertion\.1\] .* line 12 .* FAILURE$
 ^VERIFICATION FAILED$
 --
 ^warning: ignoring
diff --git a/regression/strings/StringCompare04/test.desc b/regression/strings/StringCompare04/test.desc
index 3ea3cbd7592..afc70f4933b 100644
--- a/regression/strings/StringCompare04/test.desc
+++ b/regression/strings/StringCompare04/test.desc
@@ -1,8 +1,9 @@
-FUTURE
+CORE
 StringCompare04.class
 --refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
+^\[.*assertion\.1\] .* line 7 .* FAILURE$
 --
 ^warning: ignoring
diff --git a/regression/strings/StringCompare05/test.desc b/regression/strings/StringCompare05/test.desc
index ef6aac2b72e..0f24821dee6 100644
--- a/regression/strings/StringCompare05/test.desc
+++ b/regression/strings/StringCompare05/test.desc
@@ -1,8 +1,9 @@
-FUTURE
+CORE
 StringCompare05.class
 --refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
+^\[.*assertion\.1\] .* line 9 .* FAILURE$
 --
 ^warning: ignoring
diff --git a/regression/strings/StringConcatenation01/test.desc b/regression/strings/StringConcatenation01/test.desc
index 6465f209faa..29244c24734 100644
--- a/regression/strings/StringConcatenation01/test.desc
+++ b/regression/strings/StringConcatenation01/test.desc
@@ -1,4 +1,4 @@
-KNOWNBUG
+CORE
 StringConcatenation01.class
 --refine-strings
 ^EXIT=0$
diff --git a/regression/strings/StringConcatenation02/test.desc b/regression/strings/StringConcatenation02/test.desc
index e6ea2349af8..ad9402eaec9 100644
--- a/regression/strings/StringConcatenation02/test.desc
+++ b/regression/strings/StringConcatenation02/test.desc
@@ -1,8 +1,9 @@
-KNOWNBUG
+CORE
 StringConcatenation02.class
 --refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
+^\[.*assertion\.1\] .* line 7 .* FAILURE$
 --
 ^warning: ignoring
diff --git a/regression/strings/StringConcatenation03/test.desc b/regression/strings/StringConcatenation03/test.desc
index ecb497de375..c5798d1ae1d 100644
--- a/regression/strings/StringConcatenation03/test.desc
+++ b/regression/strings/StringConcatenation03/test.desc
@@ -1,8 +1,9 @@
-FUTURE
+CORE
 StringConcatenation03.class
 --refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
+^\[.*assertion\.1\] .* line 11 .* FAILURE$
 --
 ^warning: ignoring
diff --git a/regression/strings/StringConcatenation04/test.desc b/regression/strings/StringConcatenation04/test.desc
index 1425e609a3a..a781c7887b1 100644
--- a/regression/strings/StringConcatenation04/test.desc
+++ b/regression/strings/StringConcatenation04/test.desc
@@ -1,8 +1,9 @@
-FUTURE
+CORE
 StringConcatenation04.class
 --refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
+^\[.*assertion\.1\] .* line 8 .* FAILURE$
 ^VERIFICATION FAILED$
 --
 ^warning: ignoring
diff --git a/regression/strings/StringIndexMethods01/test.desc b/regression/strings/StringIndexMethods01/test.desc
index dc4c6f14324..4bdc0d39b71 100644
--- a/regression/strings/StringIndexMethods01/test.desc
+++ b/regression/strings/StringIndexMethods01/test.desc
@@ -1,4 +1,4 @@
-FUTURE
+THOROUGH
 StringIndexMethods01.class
 --refine-strings
 ^EXIT=0$
diff --git a/regression/strings/StringIndexMethods02/test.desc b/regression/strings/StringIndexMethods02/test.desc
index 1114e980758..05518537f78 100644
--- a/regression/strings/StringIndexMethods02/test.desc
+++ b/regression/strings/StringIndexMethods02/test.desc
@@ -1,8 +1,9 @@
-FUTURE
+CORE
 StringIndexMethods02.class
 --refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
+^\[.*assertion\.1\] .* line 6 .* FAILURE$
 ^VERIFICATION FAILED$
 --
 ^warning: ignoring
diff --git a/regression/strings/StringIndexMethods03/test.desc b/regression/strings/StringIndexMethods03/test.desc
index 69d7e5d5745..17a62282b22 100644
--- a/regression/strings/StringIndexMethods03/test.desc
+++ b/regression/strings/StringIndexMethods03/test.desc
@@ -1,8 +1,9 @@
-FUTURE
+CORE
 StringIndexMethods03.class
 --refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
+^\[.*assertion\.1\] .* line 6 .* FAILURE$
 ^VERIFICATION FAILED$
 --
 ^warning: ignoring
diff --git a/regression/strings/StringIndexMethods04/test.desc b/regression/strings/StringIndexMethods04/test.desc
index 0707dbe9105..5902a92be18 100644
--- a/regression/strings/StringIndexMethods04/test.desc
+++ b/regression/strings/StringIndexMethods04/test.desc
@@ -1,8 +1,9 @@
-FUTURE
+CORE
 StringIndexMethods04.class
 --refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
+^\[.*assertion\.1\] .* line 6 .* FAILURE$
 ^VERIFICATION FAILED$
 --
 ^warning: ignoring
diff --git a/regression/strings/StringIndexMethods05/test.desc b/regression/strings/StringIndexMethods05/test.desc
index bfe98a03e7c..29dee098ac7 100644
--- a/regression/strings/StringIndexMethods05/test.desc
+++ b/regression/strings/StringIndexMethods05/test.desc
@@ -3,6 +3,7 @@ StringIndexMethods05.class
 --refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
+^\[.*assertion\.1\] .* line 6 .* FAILURE$
 ^VERIFICATION FAILED$
 --
 ^warning: ignoring
diff --git a/regression/strings/StringMiscellaneous02/test.desc b/regression/strings/StringMiscellaneous02/test.desc
index 3fde950e418..7fd0118b93a 100644
--- a/regression/strings/StringMiscellaneous02/test.desc
+++ b/regression/strings/StringMiscellaneous02/test.desc
@@ -1,8 +1,9 @@
-FUTURE
+CORE
 StringMiscellaneous02.class
 --refine-strings --unwind 30
 ^EXIT=10$
 ^SIGNAL=0$
+^\[.*assertion\.1\] .* line 6 .* FAILURE$
 ^VERIFICATION FAILED$
 --
 ^warning: ignoring
diff --git a/regression/strings/StringMiscellaneous03/test.desc b/regression/strings/StringMiscellaneous03/test.desc
index 2a1a3f02739..d19fcdfaa5e 100644
--- a/regression/strings/StringMiscellaneous03/test.desc
+++ b/regression/strings/StringMiscellaneous03/test.desc
@@ -1,8 +1,9 @@
-FUTURE
+CORE
 StringMiscellaneous03.class
 --refine-strings --unwind 30
 ^EXIT=10$
 ^SIGNAL=0$
+^\[.*assertion\.1\] .* line 11 .* FAILURE$
 ^VERIFICATION FAILED$
 --
 ^warning: ignoring
diff --git a/regression/strings/StringMiscellaneous04/test.desc b/regression/strings/StringMiscellaneous04/test.desc
index 4c2c0491e5f..9eb355cd0d2 100644
--- a/regression/strings/StringMiscellaneous04/test.desc
+++ b/regression/strings/StringMiscellaneous04/test.desc
@@ -1,4 +1,4 @@
-FUTURE
+CORE
 StringMiscellaneous04.class
 --refine-strings --unwind 30
 ^EXIT=0$
diff --git a/regression/strings/StringStartEnd01/test.desc b/regression/strings/StringStartEnd01/test.desc
index eba4f6eb2b0..123429bd623 100644
--- a/regression/strings/StringStartEnd01/test.desc
+++ b/regression/strings/StringStartEnd01/test.desc
@@ -1,4 +1,4 @@
-KNOWNBUG
+THOROUGH
 StringStartEnd01.class
 --refine-strings --unwind 30
 ^EXIT=0$
diff --git a/regression/strings/StringStartEnd02/test.desc b/regression/strings/StringStartEnd02/test.desc
index ff91ad0ce4d..a650aa0ebe9 100644
--- a/regression/strings/StringStartEnd02/test.desc
+++ b/regression/strings/StringStartEnd02/test.desc
@@ -1,8 +1,9 @@
-KNOWNBUG
+CORE
 StringStartEnd02.class
 --refine-strings --unwind 30
 ^EXIT=10$
 ^SIGNAL=0$
+^\[.*assertion\.1\] .* line 13 .* FAILURE$
 ^VERIFICATION FAILED$
 --
 ^warning: ignoring
diff --git a/regression/strings/StringStartEnd03/test.desc b/regression/strings/StringStartEnd03/test.desc
index 6b1695384ca..b7727fd8b91 100644
--- a/regression/strings/StringStartEnd03/test.desc
+++ b/regression/strings/StringStartEnd03/test.desc
@@ -1,8 +1,9 @@
-KNOWNBUG
+THOROUGH
 StringStartEnd03.class
 --refine-strings --unwind 15
 ^EXIT=10$
 ^SIGNAL=0$
+^\[.*assertion\.1\] .* line 13 .* FAILURE$
 ^VERIFICATION FAILED$
 --
 ^warning: ignoring
diff --git a/regression/strings/StringValueOf02/test.desc b/regression/strings/StringValueOf02/test.desc
index aa3fb97ba7c..906d983e34f 100644
--- a/regression/strings/StringValueOf02/test.desc
+++ b/regression/strings/StringValueOf02/test.desc
@@ -1,8 +1,9 @@
-FUTURE
+CORE
 StringValueOf02.class
 --refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
+^\[.*assertion\.1\] .* line 7 .* FAILURE$
 ^VERIFICATION FAILED$
 --
 ^warning: ignoring
diff --git a/regression/strings/StringValueOf03/test.desc b/regression/strings/StringValueOf03/test.desc
index 4c7357c2278..ffde4e2de6f 100644
--- a/regression/strings/StringValueOf03/test.desc
+++ b/regression/strings/StringValueOf03/test.desc
@@ -1,8 +1,9 @@
-FUTURE
+CORE
 StringValueOf03.class
 --refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
+^\[.*assertion\.1\] .* line 7 .* FAILURE$
 ^VERIFICATION FAILED$
 --
 ^warning: ignoring
diff --git a/regression/strings/StringValueOf04/test.desc b/regression/strings/StringValueOf04/test.desc
index 5cd66829b02..e73f1492261 100644
--- a/regression/strings/StringValueOf04/test.desc
+++ b/regression/strings/StringValueOf04/test.desc
@@ -1,8 +1,9 @@
-KNOWNBUG
+CORE
 StringValueOf04.class
 --refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
+^\[.*assertion\.1\] .* line 7 .* FAILURE$
 ^VERIFICATION FAILED$
 --
 ^warning: ignoring
diff --git a/regression/strings/StringValueOf05/test.desc b/regression/strings/StringValueOf05/test.desc
index 3f5b25f9ce3..494b6779cc2 100644
--- a/regression/strings/StringValueOf05/test.desc
+++ b/regression/strings/StringValueOf05/test.desc
@@ -1,8 +1,9 @@
-KNOWNBUG
+CORE
 StringValueOf05.class
 --refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
+^\[.*assertion\.1\] .* line 7 .* FAILURE$
 ^VERIFICATION FAILED$
 --
 ^warning: ignoring
diff --git a/regression/strings/StringValueOf06/test.desc b/regression/strings/StringValueOf06/test.desc
index bf1c4048390..29fe55a89f2 100644
--- a/regression/strings/StringValueOf06/test.desc
+++ b/regression/strings/StringValueOf06/test.desc
@@ -1,8 +1,9 @@
-KNOWNBUG
+CORE
 StringValueOf06.class
 --refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
+^\[.*assertion\.1\] .* line 7 .* FAILURE$
 ^VERIFICATION FAILED$
 --
 ^warning: ignoring
diff --git a/regression/strings/StringValueOf07/test.desc b/regression/strings/StringValueOf07/test.desc
index 7ba53c21fb6..e1d94ae7025 100644
--- a/regression/strings/StringValueOf07/test.desc
+++ b/regression/strings/StringValueOf07/test.desc
@@ -1,8 +1,9 @@
-KNOWNBUG
+CORE
 StringValueOf07.class
 --refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
+^\[.*assertion\.1\] .* line 8 .* FAILURE$
 ^VERIFICATION FAILED$
 --
 ^warning: ignoring
diff --git a/regression/strings/StringValueOf08/test.desc b/regression/strings/StringValueOf08/test.desc
index 70994423c68..3746e46471f 100644
--- a/regression/strings/StringValueOf08/test.desc
+++ b/regression/strings/StringValueOf08/test.desc
@@ -1,8 +1,9 @@
-FUTURE
+CORE
 StringValueOf08.class
 --refine-strings --string-max-length 100
 ^EXIT=10$
 ^SIGNAL=0$
+^\[.*assertion\.1\] .* line 7 .* FAILURE$
 ^VERIFICATION FAILED$
 --
 ^warning: ignoring
diff --git a/regression/strings/StringValueOf09/test.desc b/regression/strings/StringValueOf09/test.desc
index a63f7bc3e0c..d1bad9a12b6 100644
--- a/regression/strings/StringValueOf09/test.desc
+++ b/regression/strings/StringValueOf09/test.desc
@@ -1,8 +1,9 @@
-FUTURE
+THOROUGH
 StringValueOf09.class
 --refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
+^\[.*assertion\.1\] .* line 7 .* FAILURE$
 ^VERIFICATION FAILED$
 --
 ^warning: ignoring
diff --git a/regression/strings/SubString01/test.desc b/regression/strings/SubString01/test.desc
index 975e4d2e0a7..975eaa118f3 100644
--- a/regression/strings/SubString01/test.desc
+++ b/regression/strings/SubString01/test.desc
@@ -1,4 +1,4 @@
-KNOWNBUG
+CORE
 SubString01.class
 --refine-strings
 ^EXIT=0$
diff --git a/regression/strings/SubString02/test.desc b/regression/strings/SubString02/test.desc
index bdafa21bc63..2003191a147 100644
--- a/regression/strings/SubString02/test.desc
+++ b/regression/strings/SubString02/test.desc
@@ -1,8 +1,9 @@
-KNOWNBUG
+CORE
 SubString02.class
 --refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
+^\[.*assertion\.1\] .* line 7 .* FAILURE$
 ^VERIFICATION FAILED$
 --
 ^warning: ignoring
diff --git a/regression/strings/SubString03/test.desc b/regression/strings/SubString03/test.desc
index 961f1a92ce8..22143857480 100644
--- a/regression/strings/SubString03/test.desc
+++ b/regression/strings/SubString03/test.desc
@@ -1,8 +1,9 @@
-KNOWNBUG
+CORE
 SubString03.class
 --refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
+^\[.*assertion\.1\] .* line 7 .* FAILURE$
 ^VERIFICATION FAILED$
 --
 ^warning: ignoring
diff --git a/regression/strings/bug-test-gen-095/test.desc b/regression/strings/bug-test-gen-095/test.desc
index 4cabceb1b36..9f39bb3f26c 100644
--- a/regression/strings/bug-test-gen-095/test.desc
+++ b/regression/strings/bug-test-gen-095/test.desc
@@ -3,6 +3,6 @@ test.class
 --refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
-[.*assertion\.1] .* line 8 .* FAILURE
+\[.*assertion\.1\] .* line 8 .* FAILURE
 ^VERIFICATION FAILED$
 --
diff --git a/regression/strings/bug-test-gen-119-2/test.desc b/regression/strings/bug-test-gen-119-2/test.desc
index 5d5571785d4..312601b835d 100644
--- a/regression/strings/bug-test-gen-119-2/test.desc
+++ b/regression/strings/bug-test-gen-119-2/test.desc
@@ -1,4 +1,4 @@
-FUTURE
+CORE
 StringValueOfLong.class
 --refine-strings
 ^EXIT=0$
diff --git a/regression/strings/bug-test-gen-119/test.desc b/regression/strings/bug-test-gen-119/test.desc
index d2bcd586e25..c5672ad9702 100644
--- a/regression/strings/bug-test-gen-119/test.desc
+++ b/regression/strings/bug-test-gen-119/test.desc
@@ -1,4 +1,4 @@
-FUTURE
+CORE
 StringValueOfBool.class
 --refine-strings
 ^EXIT=0$
diff --git a/regression/strings/java_append_char/test.desc b/regression/strings/java_append_char/test.desc
index f38fb748736..e39f1d5ebe8 100644
--- a/regression/strings/java_append_char/test.desc
+++ b/regression/strings/java_append_char/test.desc
@@ -1,7 +1,8 @@
-FUTURE
+CORE
 test_append_char.class
 --refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
-^\[.*assertion.1\].* line 15.* FAILURE$
+^VERIFICATION FAILED$
+^\[.*assertion\.1\].* line 15.* FAILURE$
 --
diff --git a/regression/strings/java_append_int/test.desc b/regression/strings/java_append_int/test.desc
index d65eecf13f5..1d3e387d278 100644
--- a/regression/strings/java_append_int/test.desc
+++ b/regression/strings/java_append_int/test.desc
@@ -1,7 +1,9 @@
-FUTURE
+KNOWNBUG
 test_append_int.class
 --refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
-^\[.*assertion.1\].* line 9.* FAILURE$
+^\[.*assertion\.1\].* line 9.* FAILURE$
 --
+--
+Requires private library, should be moved to test-gen suite
diff --git a/regression/strings/java_append_object/test.desc b/regression/strings/java_append_object/test.desc
index f15910bca93..23ad1a81be4 100644
--- a/regression/strings/java_append_object/test.desc
+++ b/regression/strings/java_append_object/test.desc
@@ -1,7 +1,7 @@
-FUTURE
+KNOWNBUG
 test_append_object.class
 --refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
-^\[.*assertion.1\].* line 15.* FAILURE$
+^\[.*assertion\.1\].* line 15.* FAILURE$
 --
diff --git a/regression/strings/java_case/test.desc b/regression/strings/java_case/test.desc
index 47db60a36d9..1dee2b7dd3e 100644
--- a/regression/strings/java_case/test.desc
+++ b/regression/strings/java_case/test.desc
@@ -1,7 +1,7 @@
-FUTURE
+CORE
 test_case.class
 --refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
-^\[.*assertion.1\].* line 8.* FAILURE$
+^\[.*assertion\.1\].* line 8.* FAILURE$
 --
diff --git a/regression/strings/java_char_array/test.desc b/regression/strings/java_char_array/test.desc
index 62cc45997ba..0acb4c57e47 100644
--- a/regression/strings/java_char_array/test.desc
+++ b/regression/strings/java_char_array/test.desc
@@ -1,7 +1,7 @@
-FUTURE
+CORE
 test_char_array.class
 --refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
-^\[.*assertion.1\].* line 9.* FAILURE$
+^\[.*assertion\.1\].* line 9.* FAILURE$
 --
diff --git a/regression/strings/java_char_array_init/test.desc b/regression/strings/java_char_array_init/test.desc
index 24437881467..3efff6619b7 100644
--- a/regression/strings/java_char_array_init/test.desc
+++ b/regression/strings/java_char_array_init/test.desc
@@ -1,4 +1,4 @@
-FUTURE
+CORE
 test_init.class
 --refine-strings
 ^EXIT=10$
diff --git a/regression/strings/java_char_at/test.desc b/regression/strings/java_char_at/test.desc
index 0226b19529e..b9f7706b7e2 100644
--- a/regression/strings/java_char_at/test.desc
+++ b/regression/strings/java_char_at/test.desc
@@ -1,7 +1,7 @@
-FUTURE
+CORE
 test_char_at.class
 --refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
-^\[.*assertion.1\].* line 5.* FAILURE$
+^\[.*assertion\.1\].* line 5.* FAILURE$
 --
diff --git a/regression/strings/java_code_point/test.desc b/regression/strings/java_code_point/test.desc
index 2b94f1fa0c0..b8571739ab9 100644
--- a/regression/strings/java_code_point/test.desc
+++ b/regression/strings/java_code_point/test.desc
@@ -1,7 +1,7 @@
-FUTURE
+CORE
 test_code_point.class
 --refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
-^\[.*assertion.1\].* line 8.* FAILURE$
+^\[.*assertion\.1\].* line 8.* FAILURE$
 --
diff --git a/regression/strings/java_compare/test.desc b/regression/strings/java_compare/test.desc
index e7444831e77..c409e58fadc 100644
--- a/regression/strings/java_compare/test.desc
+++ b/regression/strings/java_compare/test.desc
@@ -1,7 +1,7 @@
-FUTURE
+CORE
 test_compare.class
 --refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
-^\[.*assertion.1\].* line 7.* FAILURE$
+^\[.*assertion\.1\].* line 7.* FAILURE$
 --
diff --git a/regression/strings/java_concat/test.desc b/regression/strings/java_concat/test.desc
index fb784efd723..2dcca464779 100644
--- a/regression/strings/java_concat/test.desc
+++ b/regression/strings/java_concat/test.desc
@@ -1,4 +1,4 @@
-FUTURE
+CORE
 test_concat.class
 --refine-strings
 ^EXIT=10$
diff --git a/regression/strings/java_contains/test.desc b/regression/strings/java_contains/test.desc
index bb4fadba9d3..e5bb1edbc3b 100644
--- a/regression/strings/java_contains/test.desc
+++ b/regression/strings/java_contains/test.desc
@@ -1,7 +1,7 @@
-FUTURE
+CORE
 test_contains.class
 --refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
-^\[.*assertion.1\].* line 7.* FAILURE$
+^\[.*assertion\.1\].* line 7.* FAILURE$
 --
diff --git a/regression/strings/java_delete/test.desc b/regression/strings/java_delete/test.desc
index ff41e78b3df..964669b6896 100644
--- a/regression/strings/java_delete/test.desc
+++ b/regression/strings/java_delete/test.desc
@@ -1,7 +1,7 @@
-FUTURE
+CORE
 test_delete.class
 --refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
-^\[.*assertion.1\].* line 8.* FAILURE$
+^\[.*assertion\.1\].* line 8.* FAILURE$
 --
diff --git a/regression/strings/java_delete_char_at/test.desc b/regression/strings/java_delete_char_at/test.desc
index 0314c606e56..8450851614c 100644
--- a/regression/strings/java_delete_char_at/test.desc
+++ b/regression/strings/java_delete_char_at/test.desc
@@ -1,7 +1,7 @@
-FUTURE
+CORE
 test_delete_char_at.class
 --refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
-^\[.*assertion.1\].* line 9.* FAILURE$
+^\[.*assertion\.1\].* line 9.* FAILURE$
 --
diff --git a/regression/strings/java_easychair/test.desc b/regression/strings/java_easychair/test.desc
index 14418a7798e..004b61e2b18 100644
--- a/regression/strings/java_easychair/test.desc
+++ b/regression/strings/java_easychair/test.desc
@@ -3,5 +3,5 @@ easychair.class
 --refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
-^\[.*assertion.1\].* line 30.* FAILURE$
+^\[.*assertion\.1\].* line 30.* FAILURE$
 --
diff --git a/regression/strings/java_empty/test.desc b/regression/strings/java_empty/test.desc
index 44e8e1346a9..0d2635c6963 100644
--- a/regression/strings/java_empty/test.desc
+++ b/regression/strings/java_empty/test.desc
@@ -1,7 +1,7 @@
-FUTURE
+CORE
 test_empty.class
 --refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
-^\[.*assertion.1\].* line 6.* FAILURE$
+^\[.*assertion\.1\].* line 6.* FAILURE$
 --
diff --git a/regression/strings/java_endswith/test.desc b/regression/strings/java_endswith/test.desc
index 285e6ee103c..8d6444b75bd 100644
--- a/regression/strings/java_endswith/test.desc
+++ b/regression/strings/java_endswith/test.desc
@@ -1,7 +1,7 @@
-FUTURE
+CORE
 test_endswith.class
 --refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
-^\[.*assertion.1\].* line 7.* FAILURE$
+^\[.*assertion\.1\].* line 7.* FAILURE$
 --
diff --git a/regression/strings/java_equal/test.desc b/regression/strings/java_equal/test.desc
index bb61dcea8ed..3e744a2eb05 100644
--- a/regression/strings/java_equal/test.desc
+++ b/regression/strings/java_equal/test.desc
@@ -1,7 +1,7 @@
-FUTURE
+CORE
 test_equal.class
 --refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
-^\[.*assertion.1\].* line 8.* FAILURE$
+^\[.*assertion\.1\].* line 8.* FAILURE$
 --
diff --git a/regression/strings/java_float/test.desc b/regression/strings/java_float/test.desc
index 31404ae5e08..7a560bf3ccf 100644
--- a/regression/strings/java_float/test.desc
+++ b/regression/strings/java_float/test.desc
@@ -1,7 +1,7 @@
-FUTURE
+THOROUGH
 test_float.class
 --refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
-^\[.*assertion.1\].* line 15.* FAILURE$
+^\[.*assertion\.1\].* line 15.* FAILURE$
 --
diff --git a/regression/strings/java_hash_code/test.desc b/regression/strings/java_hash_code/test.desc
index 4f786d42f80..b8893f4a9b0 100644
--- a/regression/strings/java_hash_code/test.desc
+++ b/regression/strings/java_hash_code/test.desc
@@ -1,7 +1,7 @@
-FUTURE
+CORE
 test_hash_code.class
 --refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
-^\[.*assertion.1\].* line 7.* FAILURE$
+^\[.*assertion\.1\].* line 7.* FAILURE$
 --
diff --git a/regression/strings/java_index_of/test.desc b/regression/strings/java_index_of/test.desc
index 28a0809f441..67ff3297142 100644
--- a/regression/strings/java_index_of/test.desc
+++ b/regression/strings/java_index_of/test.desc
@@ -1,7 +1,7 @@
-FUTURE
+CORE
 test_index_of.class
 --refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
-^\[.*assertion.1\].* line 8.* FAILURE$
+^\[.*assertion\.1\].* line 8.* FAILURE$
 --
diff --git a/regression/strings/java_index_of_char/test.desc b/regression/strings/java_index_of_char/test.desc
index 30d179cbaaa..83fbccc0515 100644
--- a/regression/strings/java_index_of_char/test.desc
+++ b/regression/strings/java_index_of_char/test.desc
@@ -1,7 +1,7 @@
-FUTURE
+CORE
 test_index_of_char.class
 --refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
-^\[.*assertion.1\].* line 8.* FAILURE$
+^\[.*assertion\.1\].* line 8.* FAILURE$
 --
diff --git a/regression/strings/java_insert_char/test.desc b/regression/strings/java_insert_char/test.desc
index f5727a3a4ab..406a20e9c52 100644
--- a/regression/strings/java_insert_char/test.desc
+++ b/regression/strings/java_insert_char/test.desc
@@ -1,7 +1,7 @@
-FUTURE
+CORE
 test_insert_char.class
 --refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
-^\[.*assertion.1\].* line 8.* FAILURE$
+^\[.*assertion\.1\].* line 8.* FAILURE$
 --
diff --git a/regression/strings/java_insert_char_array/test.desc b/regression/strings/java_insert_char_array/test.desc
index 2432502ce3b..49a3afbffce 100644
--- a/regression/strings/java_insert_char_array/test.desc
+++ b/regression/strings/java_insert_char_array/test.desc
@@ -1,7 +1,7 @@
-FUTURE
+CORE
 test_insert_char_array.class
 --refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
-^\[.*assertion.1\].* line 12.* FAILURE$
+^\[.*assertion\.1\].* line 12.* FAILURE$
 --
diff --git a/regression/strings/java_insert_int/test.desc b/regression/strings/java_insert_int/test.desc
index 2229d33b491..aa1f5cacab2 100644
--- a/regression/strings/java_insert_int/test.desc
+++ b/regression/strings/java_insert_int/test.desc
@@ -1,7 +1,7 @@
-FUTURE
+CORE
 test_insert_int.class
 --refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
-^\[.*assertion.1\].* line 8.* FAILURE$
+^\[.*assertion\.1\].* line 8.* FAILURE$
 --
diff --git a/regression/strings/java_insert_multiple/test.desc b/regression/strings/java_insert_multiple/test.desc
index 497793cd650..3ad6df9d1e2 100644
--- a/regression/strings/java_insert_multiple/test.desc
+++ b/regression/strings/java_insert_multiple/test.desc
@@ -1,7 +1,7 @@
-FUTURE
+CORE
 test_insert_multiple.class
 --refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
-^\[.*assertion.1\].* line 9.* FAILURE$
+^\[.*assertion\.1\].* line 9.* FAILURE$
 --
diff --git a/regression/strings/java_insert_string/test.desc b/regression/strings/java_insert_string/test.desc
index 91e13cefab1..7ed578bfca5 100644
--- a/regression/strings/java_insert_string/test.desc
+++ b/regression/strings/java_insert_string/test.desc
@@ -1,7 +1,7 @@
-FUTURE
+CORE
 test_insert_string.class
 --refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
-^\[.*assertion.1\].* line 8.* FAILURE$
+^\[.*assertion\.1\].* line 8.* FAILURE$
 --

From 710f615a188e320b0b41abecfcdd0d8b7218ff22 Mon Sep 17 00:00:00 2001
From: "Lukasz A.J. Wrona" <lukasz.andrzej.wrona@gmail.com>
Date: Thu, 13 Jul 2017 12:37:43 +0100
Subject: [PATCH 462/699] Adapt perl script to handle multiple .desc files

Changes test.pl to name output *.out files after *.desc instead
of *.class files. Also updates failed-test-printer.pl to work with
those new *.out files and multiple *.desc files.
---
 regression/failed-tests-printer.pl | 12 ++++++++----
 regression/test.pl                 |  5 ++++-
 2 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/regression/failed-tests-printer.pl b/regression/failed-tests-printer.pl
index 40767185d5c..aa5f28b5933 100755
--- a/regression/failed-tests-printer.pl
+++ b/regression/failed-tests-printer.pl
@@ -6,21 +6,25 @@
 
 my $printed_this_test = 1;
 my $current_test = "";
+my $output_file = "";
+my $descriptor_file = "";
 
 while (<LOG>) {
   chomp;
   if (/^Test '(.+)'/) {
     $current_test = $1;
     $printed_this_test = 0;
+  } elsif (/Descriptor:\s+([^\s]+)/) {
+    $descriptor_file = $1;
+  } elsif (/Output:\s+([^\s]+)/) {
+    $output_file = $1;
   } elsif (/\[FAILED\]\s*$/) {
     if(0 == $printed_this_test) {
       $printed_this_test = 1;
       print "\n\n";
       print "Failed test: $current_test\n";
-      my $outf = `sed -n '2p' $current_test/test.desc`;
-      $outf =~ s/\..*$/.out/;
-      system("cat $current_test/$outf");
-      print "\n\nFailed test.desc lines:\n";
+      system("cat $current_test/$output_file");
+      print "\n\nFailed $descriptor_file lines:\n";
     }
     print "$_\n";
   }
diff --git a/regression/test.pl b/regression/test.pl
index 0bf364b86c3..a5de48639d7 100755
--- a/regression/test.pl
+++ b/regression/test.pl
@@ -3,6 +3,7 @@
 use subs;
 use strict;
 use warnings;
+use File::Basename;
 
 use Cwd;
 
@@ -71,7 +72,8 @@ ($$$$$)
 
   $options =~ s/$ign//g if(defined($ign));
 
-  my $output = $input;
+  my $descriptor = basename($test);
+  my $output = $descriptor;
   $output =~ s/\.[^.]*$/.out/;
 
   if($output eq $input) {
@@ -82,6 +84,7 @@ ($$$$$)
   print LOG "Test '$name'\n";
   print LOG "  Level: $level\n";
   print LOG "  Input: $input\n";
+  print LOG "  Descriptor: $descriptor\n";
   print LOG "  Output: $output\n";
   print LOG "  Options: $options\n";
   print LOG "  Results:\n";

From 71d8a14a0da99e12de7c3ceba6a720c9fab18967 Mon Sep 17 00:00:00 2001
From: Joel Allred <joel.allred@diffblue.com>
Date: Wed, 26 Jul 2017 23:32:41 +0100
Subject: [PATCH 463/699] Add zsh support to auto-complete

This required the replacement of calls to _filedir in the script.
---
 scripts/bash-autocomplete/Readme.md        | 22 ++++++++++++++++++++--
 scripts/bash-autocomplete/cbmc.sh.template |  4 ++--
 2 files changed, 22 insertions(+), 4 deletions(-)

diff --git a/scripts/bash-autocomplete/Readme.md b/scripts/bash-autocomplete/Readme.md
index 00101d99159..a56074561da 100644
--- a/scripts/bash-autocomplete/Readme.md
+++ b/scripts/bash-autocomplete/Readme.md
@@ -1,19 +1,37 @@
 # CBMC Autocomplete Scripts for Bash
 This directory contains an autocomplete script for bash.
-## Installation
+
+## Installation for bash
 1. Compile cbmc and
 
 2. `cd scripts/bash-autocomplete`
 
 3.  `./extract-switches.sh`
 
-4. Put the following at the end of you in your `~/.bashrc`, with the directories adapted to your directory structure:
+4. Put the following at the end of your `~/.bashrc`, with the directories adapted to your directory structure:
     ```bash
     cbmcautocomplete=~/diffblue/cbmc/scripts/bash-autocomplete/cbmc.sh
     if [ -f $cbmcautocomplete ]; then
       . $cbmcautocomplete
     fi
     ```
+
+5. `source ~/.bashrc`
+
+## Installation for zsh
+Follow 1. 2. and 3. as above.
+
+4. Put the following at the end of your `~/.zshrc`, with the directories adapted to your directory structure:
+    ```bash
+    autoload bashcompinit
+    bashcompinit
+    cbmcautocomplete=~/diffblue/cbmc/scripts/bash-autocomplete/cbmc.sh
+    if [ -f $cbmcautocomplete ]; then
+      . $cbmcautocomplete
+    fi
+    ```
+5. `source ~/.zshrc`
+
 ## Usage
 As with the usual autocomplete in bash, start typing a switch to complete it, for example:
 ```
diff --git a/scripts/bash-autocomplete/cbmc.sh.template b/scripts/bash-autocomplete/cbmc.sh.template
index cbd64762b2d..0e241d0b3bf 100644
--- a/scripts/bash-autocomplete/cbmc.sh.template
+++ b/scripts/bash-autocomplete/cbmc.sh.template
@@ -26,7 +26,7 @@ _cbmc_autocomplete()
    -I|--classpath|-cp|--outfile|--existing-coverage|--graphml-cex)
      #a switch that takes a file parameter of which we don't know an extension
      #TODO probably we can do more for -I, --classpath, -cp
-     _filedir
+     COMPREPLY=( $(compgen -f -- $cur) )
      return 0
      ;;
   esac
@@ -38,6 +38,6 @@ _cbmc_autocomplete()
   fi
 
   #if none of the above applies, offer directories and files that we can analyze
-  _filedir "@(class|jar|cpp|cc|c\+\+|ii|cxx|c|i|gb)"
+  COMPREPLY=( $(compgen -G '*.class|*.jar|*.cpp|*.cc|*.c\+\+|*.ii|*.cxx|*.c|*.i|*.gb' -- $cur) )
 }
 complete -F _cbmc_autocomplete cbmc

From 89d679962e7c8f0696af054ad81651721ae10017 Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Wed, 26 Jul 2017 17:20:17 +0100
Subject: [PATCH 464/699] Mark well-known globals System.out and System.err
 non-null

This is a precursor for the forthcoming exceptions improvements, which
among other things will throw a NullPointerException on attempting a
virtual call against a null pointer (e.g. System.out.println, if
System.out may be null). Test basic1 would then fail. This therefore
augments basic1 to explicitly check that .out and.err are non-null,
and marks them out as special in java_entry_point, similar to the existing
handling of Class and String literals.

Longer-term the modelling library should determine that these are always
expected to be non-null, but this serves as a stopgap in the meantime.
---
 regression/cbmc-java/basic1/helloworld.class | Bin 426 -> 923 bytes
 regression/cbmc-java/basic1/helloworld.java  |   9 ++++++++-
 src/java_bytecode/java_entry_point.cpp       |  15 ++++++++++++++-
 3 files changed, 22 insertions(+), 2 deletions(-)

diff --git a/regression/cbmc-java/basic1/helloworld.class b/regression/cbmc-java/basic1/helloworld.class
index b1dabd1ca447e1f599a8ca0197e0b1ac571116aa..244d721feaa31d660036d64436fb91cb44071b28 100644
GIT binary patch
literal 923
zcmZuvT~8B16g{*3nB8ScOQl$C(SoQ2m7=1eG)99Mn^ZBW0mY|nJHf^6ZnL}f<FD{+
z;xm|(L=$~9@kbf&w6>)Q+3f7yd+(ex=iK@8_xn!(t0<e8MBaeFtbq%-$Wbs6MPA38
ziFsU7$py7sHgN@4If@*MCYErG<2u8c1uF=oAKIQ9Jh20-?#Lzs+hvHCZPyMTGDM1t
z+YHeSuPGUlRoj&>I<30&U#Vs)v@F|Ym?^%k?pq(Ml4H4hrCR9Q?%ulEn5czT<Nb51
z-RmcQ2EE*H{)3w}uj4o5Q(HkL-$}>uK6<{>Tvk{DQ%DOWk>a=^u#6Hzc0}@caPm#x
z_k0HNOl>dhsQq&sD*`uhOW-z2f{ePuaaZ6T)<|>@!}dy*t<6sj*;eWq%n>`seSrs9
zXGo3cw(9$`5ssy5pMy}g$Re*pg-qW7!hK2VL-IgcEy5Vmok%nAwrX;SI8!{`xrp>h
zm8RSsL08;%=M?A@X$FJ5vz`8UXnGZLb|hoNp^4MHnli9`*&LckV+uP|pbfhy(0!Vu
z`^8dOWj{p`dTAOUITX#(m(e%2bPRS#0mC${@qQ8pGMJ%QwSIv{5Aga3+5x7H5c!RX
zABes=M(h{;rQ==jK}{d4>0>oxtY&m!mcJreJtUqgYS_jE@u*YGL#LHftRqinS%HZ)
zs#cMpz9e=?&{^s*5u48CDjZo*=eeP{)t(BHn-*Op4#1<t6Zr;B3GGu1gesUAH1SB;
JalTj1{R1`C!k+*D

delta 214
zcmYL>I|{;35Jk_6nwP}*|9^rXu(1(bg}4D*3l)n%Km;2%5iH$-ofZlf*5abXc?dc%
zGndP`_oz>a{_A~z0Am6Vo19CYf<w`xL|IeORO9(Hes)G0M^p2u(@^-6Wf(@?S+ofk
zJx$Z6MO)#mjlDDOVWsw4x}>Dlj3p}-C|ps2d?i0MyrIq_BrDhcnu4V9MH_S=QG>b{
TtYYFy@{fDJR@0ji$RhgzqXih~

diff --git a/regression/cbmc-java/basic1/helloworld.java b/regression/cbmc-java/basic1/helloworld.java
index c76a0967f92..bfb08fce317 100644
--- a/regression/cbmc-java/basic1/helloworld.java
+++ b/regression/cbmc-java/basic1/helloworld.java
@@ -4,7 +4,14 @@
 /* Hello World Java Program */
 class helloworld  {
     public static void main(String[] args) {
+        assert(System.out != null);
         System.out.println("Hello World!");
+        assert(System.err != null);
+        System.err.println("Hello World!");
+        assert(System.in != null);
+        try {
+          int avail = System.in.available();
+        }
+        catch(java.io.IOException e) {}
     }
 }
-
diff --git a/src/java_bytecode/java_entry_point.cpp b/src/java_bytecode/java_entry_point.cpp
index 19a0a5d53a0..691497e268a 100644
--- a/src/java_bytecode/java_entry_point.cpp
+++ b/src/java_bytecode/java_entry_point.cpp
@@ -9,6 +9,7 @@ Author: Daniel Kroening, kroening@kroening.com
 
 #include <algorithm>
 #include <set>
+#include <unordered_set>
 #include <iostream>
 
 #include <util/arith_tools.h>
@@ -62,7 +63,6 @@ static void create_initialize(symbol_tablet &symbol_table)
     throw "failed to add "+std::string(INITIALIZE);
 }
 
-
 static bool should_init_symbol(const symbolt &sym)
 {
   if(sym.type.id()!=ID_code &&
@@ -75,6 +75,17 @@ static bool should_init_symbol(const symbolt &sym)
   return is_java_string_literal_id(sym.name);
 }
 
+static bool is_non_null_library_global(const irep_idt &symbolid)
+{
+  static const std::unordered_set<irep_idt, irep_id_hash> non_null_globals=
+  {
+    "java::java.lang.System.out",
+    "java::java.lang.System.err",
+    "java::java.lang.System.in"
+  };
+  return non_null_globals.count(symbolid);
+}
+
 void java_static_lifetime_init(
   symbol_tablet &symbol_table,
   const source_locationt &source_location,
@@ -111,6 +122,8 @@ void java_static_lifetime_init(
             allow_null=false;
           if(allow_null && is_java_string_literal_id(nameid))
             allow_null=false;
+          if(allow_null && is_non_null_library_global(nameid))
+            allow_null=false;
         }
         auto newsym=object_factory(
           sym.type,

From 527c282288b4e364533a0fb2fc672618fa1c05fa Mon Sep 17 00:00:00 2001
From: Owen Jones <owen.jones@diffblue.com>
Date: Thu, 27 Jul 2017 10:20:23 +0100
Subject: [PATCH 465/699] Rewrite parseint code to use modulo

Should be faster (definitely when the radix is a power of 2) and cope with
a larger range of numbers. It doesn't have the old problems with detecting
overflow. Also update various tests, turning on ones that now run fast enough.
---
 .../java_parseint/test.desc                   |   7 -
 .../java_parseint/test_parseint.class         | Bin 914 -> 0 bytes
 .../java_parseint/test_parseint.java          |  12 --
 .../java_parseint_1/Test.class                | Bin 0 -> 1001 bytes
 .../java_parseint_1/Test.java                 |  19 ++
 .../java_parseint_1/test.desc                 |   9 +
 .../java_parseint_2/Test.class                | Bin 0 -> 737 bytes
 .../java_parseint_2/Test.java                 |  10 ++
 .../java_parseint_2/test.desc                 |   6 +
 .../java_parseint_knownbug/Test.class         | Bin 0 -> 825 bytes
 .../java_parseint_knownbug/Test.java          |  12 ++
 .../java_parseint_knownbug/test.desc          |   6 +-
 .../test_parseint.class                       | Bin 1089 -> 0 bytes
 .../java_parseint_knownbug/test_parseint.java |  21 ---
 .../java_parseint_with_radix/Test.class       | Bin 0 -> 1428 bytes
 ...est_parseint_with_radix.java => Test.java} |  14 +-
 .../java_parseint_with_radix/test.desc        |   4 +-
 .../test_parseint_with_radix.class            | Bin 1537 -> 0 bytes
 .../Test.class                                | Bin 0 -> 1035 bytes
 ...est_parseint_with_radix.java => Test.java} |   8 +-
 .../java_parseint_with_radix_knownbug/output  | 164 ++++++++++++++++++
 .../test.desc                                 |   4 +-
 .../test_parseint_with_radix.class            | Bin 1141 -> 0 bytes
 .../java_parselong_1/test_parselong.class     | Bin 923 -> 0 bytes
 .../java_parselong_2/test_parselong.class     | Bin 926 -> 0 bytes
 .../java_parselong_3/test_parselong.class     | Bin 927 -> 0 bytes
 .../java_parselong_4/test_parselong.class     | Bin 929 -> 0 bytes
 .../java_parselong_5/test_parselong.class     | Bin 949 -> 0 bytes
 .../java_parselong_binary_1/Test.class        | Bin 0 -> 854 bytes
 .../Test.java}                                |   4 +-
 .../test.desc                                 |   6 +-
 .../java_parselong_decimal_1/Test.class       | Bin 0 -> 828 bytes
 .../Test.java}                                |   4 +-
 .../test.desc                                 |   4 +-
 .../java_parselong_decimal_2/Test.class       | Bin 0 -> 832 bytes
 .../Test.java}                                |   4 +-
 .../test.desc                                 |   4 +-
 .../java_parselong_hex_1/Test.class           | Bin 0 -> 831 bytes
 .../Test.java}                                |   4 +-
 .../test.desc                                 |   6 +-
 .../java_parselong_octal_1/Test.class         | Bin 0 -> 834 bytes
 .../Test.java}                                |   4 +-
 .../test.desc                                 |   6 +-
 .../string_constraint_generator_valueof.cpp   | 147 +++++++++-------
 44 files changed, 341 insertions(+), 148 deletions(-)
 delete mode 100644 regression/strings-smoke-tests/java_parseint/test.desc
 delete mode 100644 regression/strings-smoke-tests/java_parseint/test_parseint.class
 delete mode 100644 regression/strings-smoke-tests/java_parseint/test_parseint.java
 create mode 100644 regression/strings-smoke-tests/java_parseint_1/Test.class
 create mode 100644 regression/strings-smoke-tests/java_parseint_1/Test.java
 create mode 100644 regression/strings-smoke-tests/java_parseint_1/test.desc
 create mode 100644 regression/strings-smoke-tests/java_parseint_2/Test.class
 create mode 100644 regression/strings-smoke-tests/java_parseint_2/Test.java
 create mode 100644 regression/strings-smoke-tests/java_parseint_2/test.desc
 create mode 100644 regression/strings-smoke-tests/java_parseint_knownbug/Test.class
 create mode 100644 regression/strings-smoke-tests/java_parseint_knownbug/Test.java
 delete mode 100644 regression/strings-smoke-tests/java_parseint_knownbug/test_parseint.class
 delete mode 100644 regression/strings-smoke-tests/java_parseint_knownbug/test_parseint.java
 create mode 100644 regression/strings-smoke-tests/java_parseint_with_radix/Test.class
 rename regression/strings-smoke-tests/java_parseint_with_radix/{test_parseint_with_radix.java => Test.java} (77%)
 delete mode 100644 regression/strings-smoke-tests/java_parseint_with_radix/test_parseint_with_radix.class
 create mode 100644 regression/strings-smoke-tests/java_parseint_with_radix_knownbug/Test.class
 rename regression/strings-smoke-tests/java_parseint_with_radix_knownbug/{test_parseint_with_radix.java => Test.java} (78%)
 create mode 100644 regression/strings-smoke-tests/java_parseint_with_radix_knownbug/output
 delete mode 100644 regression/strings-smoke-tests/java_parseint_with_radix_knownbug/test_parseint_with_radix.class
 delete mode 100644 regression/strings-smoke-tests/java_parselong_1/test_parselong.class
 delete mode 100644 regression/strings-smoke-tests/java_parselong_2/test_parselong.class
 delete mode 100644 regression/strings-smoke-tests/java_parselong_3/test_parselong.class
 delete mode 100644 regression/strings-smoke-tests/java_parselong_4/test_parselong.class
 delete mode 100644 regression/strings-smoke-tests/java_parselong_5/test_parselong.class
 create mode 100644 regression/strings-smoke-tests/java_parselong_binary_1/Test.class
 rename regression/strings-smoke-tests/{java_parselong_5/test_parselong.java => java_parselong_binary_1/Test.java} (76%)
 rename regression/strings-smoke-tests/{java_parselong_3 => java_parselong_binary_1}/test.desc (66%)
 create mode 100644 regression/strings-smoke-tests/java_parselong_decimal_1/Test.class
 rename regression/strings-smoke-tests/{java_parselong_1/test_parselong.java => java_parselong_decimal_1/Test.java} (74%)
 rename regression/strings-smoke-tests/{java_parselong_1 => java_parselong_decimal_1}/test.desc (70%)
 create mode 100644 regression/strings-smoke-tests/java_parselong_decimal_2/Test.class
 rename regression/strings-smoke-tests/{java_parselong_3/test_parselong.java => java_parselong_decimal_2/Test.java} (75%)
 rename regression/strings-smoke-tests/{java_parselong_5 => java_parselong_decimal_2}/test.desc (70%)
 create mode 100644 regression/strings-smoke-tests/java_parselong_hex_1/Test.class
 rename regression/strings-smoke-tests/{java_parselong_2/test_parselong.java => java_parselong_hex_1/Test.java} (73%)
 rename regression/strings-smoke-tests/{java_parselong_4 => java_parselong_hex_1}/test.desc (66%)
 create mode 100644 regression/strings-smoke-tests/java_parselong_octal_1/Test.class
 rename regression/strings-smoke-tests/{java_parselong_4/test_parselong.java => java_parselong_octal_1/Test.java} (74%)
 rename regression/strings-smoke-tests/{java_parselong_2 => java_parselong_octal_1}/test.desc (66%)

diff --git a/regression/strings-smoke-tests/java_parseint/test.desc b/regression/strings-smoke-tests/java_parseint/test.desc
deleted file mode 100644
index 3b38dc2c575..00000000000
--- a/regression/strings-smoke-tests/java_parseint/test.desc
+++ /dev/null
@@ -1,7 +0,0 @@
-CORE
-test_parseint.class
---refine-strings
-^EXIT=10$
-^SIGNAL=0$
-^\[.*assertion.1\].* line 8.* SUCCESS$
-^\[.*assertion.2\].* line 9.* FAILURE$
diff --git a/regression/strings-smoke-tests/java_parseint/test_parseint.class b/regression/strings-smoke-tests/java_parseint/test_parseint.class
deleted file mode 100644
index 0f021d000fa3d68a1caa7d62f1a9090f569d5d01..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 914
zcmZ`%%Wl&^6g^`*w&S?uMM@|IS}2gDv>^~S^dV3IsZxMNP^Fdynk1tz#dRv%DgV+9
z6&u!oL=ctAo<Cv%;*KeaLd(K)=f2K8_jtbl`g#PQj=K(0xMJa|jX4Jzt~t1l8%ZQl
zvQTzlsbs~$JZ@T8V93w$Fcd)~dw%#(hP>s84g=d_Fqfq-qg4jIRNi1P)_NVmkZwp{
zJniqaMDSb{Gvpe*HupAoAeDa{G@@5BRMn9PqnEop2!-^cC4$-E(r1_~y=ZLnJzn*=
z->o*IK>FP!HO7qI2yZWjJ&|XyVx&%u7_Ji*54toYe+m@CL^I;;*H8Fv%!mYGu$SB3
z@lH;&*ALp_v5YquBe|&Nx;TS0L*`!&3|j5BN-kQcy10d!3l|d%#Zl#hzk)srf?hyO
z#^5bb{~grFz@N3YMLS|BlulPAJ3?RgBheKEYsXrU`=2%vC_QRh^XNa5?i~@zKy-#2
zNu{Vy3Hr%fn5AcuqG!Z1MYR>(bTFj^of-0~WEt5+WdQbpE*i3QnsJa`0^Qv|1<2zp
zc}Wy7NfFijj=*%XtCb_;0QU}|ZRYd=jK=&IBvwAc+(&jg<Gw}e5Z2}Z_P1f|U=&kR
z^?2$O%_S;ynuKrBBpYR#xI!x^CNor*!2-^qNDK-n;XI~@F)_deOq0Dxp9}3L$`&rM
qAH><l<>9jRcoQI-OMZs456gHDL;nQx<l+h_0nNRy<e4Ey!|ZR-LA-VV

diff --git a/regression/strings-smoke-tests/java_parseint/test_parseint.java b/regression/strings-smoke-tests/java_parseint/test_parseint.java
deleted file mode 100644
index d9b84914c7c..00000000000
--- a/regression/strings-smoke-tests/java_parseint/test_parseint.java
+++ /dev/null
@@ -1,12 +0,0 @@
-public class test_parseint
-{
-    public static void main(String[] args)
-    {
-        if (args.length == 1) {
-            String twelve = new String("12");
-            int parsed1 = Integer.parseInt(twelve);
-            assert(parsed1 == 12);
-            assert(parsed1 != 12);
-        }
-    }
-}
diff --git a/regression/strings-smoke-tests/java_parseint_1/Test.class b/regression/strings-smoke-tests/java_parseint_1/Test.class
new file mode 100644
index 0000000000000000000000000000000000000000..81304601f473385534b4e8453a7e7cf7a28b7d53
GIT binary patch
literal 1001
zcmZ`%-A~g{96h())~yux!Ka8HD98X|GA5vcXh0K^i4P+r@M6k#oyF0TwnGz5{6Bb+
zH=fl*j3oN*f8+z=X`P!w%(C|W&b{aNJLlYf|M}%BfC6soXvdI->v0V0P>|Izg3$!p
zFs9*#4h=(bjH_=?PEIsT=*Z!whDm{rLDTc3>syZPEm@wqS(6n3u^|wfvuw-1C!l6W
z)&wGpPDKhNi<T`{>f4*rT@4NkWQtDNtgV@@71Rwd;y<@M_9(7O&%eta&m4z6vdclM
znEz7Nc0=lxxohTXrd`dIeAlw8JgV)Ot|u$hCYD)ko3EZ)w%^3_#4UmLl5dt@JT`a2
zf%Gj9pDWiIlJ$~PcgymT6$nfO8YY5C22w~1q)ty2P$u)iW?sXT!8C6fIESP_Z|mfP
zKQTRYUB?yB^OJ>{!tB&^VTQ(n5gMiq%wYDP0Z%r!WSQ!_vc*=fhSwmAbPHX!eOZ-k
z9S;*=`5zi%Nw#Q<HQt~=cSU-ZD=ST%49Kr@gV(o#0e%SW{7^)yH*m(43hG3f&kU;^
z--7Sx=pn>=E);a|84E#yPOgpL2hfFXRtfZ=mk7zChs{)CZ~7wpm_LHDo>31GDUN+c
zbp8Wkdr0@EjCW`|g0_B$__rpu-@*>C&==juosgb5P0#3O=^6bmdZ1YiHRq|6M)-@-
zs7CE^WT|%!Iu;ni5`$P_2qo@T8Nq9M2>cbuNMao4(MMmM<Xk{Mb66pEF~my5E`=Dq
z;xbpj75;k=Jw{f;fcSw9<ru?_B?n(^CR_;P1JaqcPcZhNMGg>AKO%NE?Vx8Aig7=<
KlWQy#4E_SLX2Hz>

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_parseint_1/Test.java b/regression/strings-smoke-tests/java_parseint_1/Test.java
new file mode 100644
index 00000000000..8831b817489
--- /dev/null
+++ b/regression/strings-smoke-tests/java_parseint_1/Test.java
@@ -0,0 +1,19 @@
+public class Test
+{
+    public static void foo(int i)
+    {
+        if (i == 1) {
+            String twelve = new String("12");
+            int parsed1 = Integer.parseInt(twelve);
+            assert(parsed1 == 12);
+            assert(parsed1 != 12);
+        }
+        else if (i == 2) {
+            // 2^31-1, max value of Integer
+            String max_int = new String("2147483647");
+            int parsed2 = Integer.parseInt(max_int);
+            assert(parsed2 == 2147483647);
+            assert(parsed2 != 2147483647);
+        }
+    }
+}
diff --git a/regression/strings-smoke-tests/java_parseint_1/test.desc b/regression/strings-smoke-tests/java_parseint_1/test.desc
new file mode 100644
index 00000000000..b0e5d799277
--- /dev/null
+++ b/regression/strings-smoke-tests/java_parseint_1/test.desc
@@ -0,0 +1,9 @@
+CORE
+Test.class
+--function Test.foo --refine-strings
+^EXIT=10$
+^SIGNAL=0$
+^\[.*assertion.1\].* line 8.* SUCCESS$
+^\[.*assertion.2\].* line 9.* FAILURE$
+^\[.*assertion.3\].* line 15.* SUCCESS$
+^\[.*assertion.4\].* line 16.* FAILURE$
diff --git a/regression/strings-smoke-tests/java_parseint_2/Test.class b/regression/strings-smoke-tests/java_parseint_2/Test.class
new file mode 100644
index 0000000000000000000000000000000000000000..58992e04a96ae1b0ad55f5e611fa582ee161e434
GIT binary patch
literal 737
zcmZuvO>fgc5PfSq*~E3JlhP29@=+*|1c?Z#w?+t5K#COLkg5{BppCtREyj-48-7er
z+&BXgMIgbQ--HmeCNzg~nJ>S2^JdmRe}DZBU<bE-RIuse5-wL!#ubjMK0Iu4Z27o`
z>m1t*>)RsFr8X){^M@)IlSIZ0?2w^6P^mKa7~D?xfWh0#V#%;JQmK48e>0JK-+~$H
zqbw51fzZn4i=t;<shl`Q`!YAX#PKrA7&bbiBk@-B6Om5)W203%-L>3-N@sKPA}=bI
z@eGQA&xFope3!%x8CJ(eM6aKS*<xO05G4z_{y3ZKNIq6pT-DCMW9b5{AmF$W;3jSb
zsKRGxF6TV>cZEk<XPVZvjU1f-UGx~jCGy$iNJfUCwk!=(Bd3zODuqZ&85;lDb=W28
zYs<d9gpN<pSmsL0_*4TeXXf;QE`NwEdb<ieC<~ibHAOC%U54x`WqtCDe5rQ=_JINi
z=g5|eB8{WiLJ5EnHS$%|u}&4+JSDV4zTFGMFK`C!(mT{X!ac^yH+auaQ2Jph-GZ`C
ze~+c%L>`cB5tXHH{H4HoY*5C@H*kRlG$|t)ztEz~;Nq#`ok9*!tCv56AA@`E;klpS
To>gxtN^pYvcE=Va4%&YJT_%n~

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_parseint_2/Test.java b/regression/strings-smoke-tests/java_parseint_2/Test.java
new file mode 100644
index 00000000000..a32036c75ab
--- /dev/null
+++ b/regression/strings-smoke-tests/java_parseint_2/Test.java
@@ -0,0 +1,10 @@
+public class Test
+{
+    public static void foo(String input_string)
+    {
+        int parsed1 = Integer.parseInt(input_string);
+        if (parsed1 == 2) {
+            assert(false);
+        }
+    }
+}
diff --git a/regression/strings-smoke-tests/java_parseint_2/test.desc b/regression/strings-smoke-tests/java_parseint_2/test.desc
new file mode 100644
index 00000000000..60c72ba9b36
--- /dev/null
+++ b/regression/strings-smoke-tests/java_parseint_2/test.desc
@@ -0,0 +1,6 @@
+THOROUGH
+Test.class
+--function Test.foo --refine-strings
+^EXIT=10$
+^SIGNAL=0$
+^\[.*assertion.1\].* line 7.* FAILURE$
diff --git a/regression/strings-smoke-tests/java_parseint_knownbug/Test.class b/regression/strings-smoke-tests/java_parseint_knownbug/Test.class
new file mode 100644
index 0000000000000000000000000000000000000000..dd9c488696240aebb743fb50bf4c19a59a8212be
GIT binary patch
literal 825
zcmZ`%O>fgc5PfSWS;uin;?fW(UnK?7KpWavG!hX46_6@Idq`EOy&xxE!j{yoY=<*H
zfM3uH+&BXgK~#b}{|UsbDT$!svO6<7^X9#o{r>aIR{#zgCM;a$m@{z2gocWVd0frH
z#5MgDWpG?KVW^C%i3QX+ZZJ&GyHO;<SO$LdKt^tNAUp=P%aCbFU&ePC^y<PkLuxJX
z1Vg?peX%jz?}~6sB{SIVpyv*@-B2q3IGBo`%ZM=ATOx|@5XQ40VBq`Ge=7Z0745k%
z-TJ`w`}Iy7O21D@{J;$(;WeoLI>S^ac6%?LxCaR&$zm{Cy}>alvl9%%o_Hh`g{<nb
zq!2CSQD7+ii_VZ+Tv>Kjoo3^<(^OeEITkG}p>AOcrx?nUlKX!q@-Pg8kfbYkj$0O%
zvGN!AW_M5YNX|_4q#iZ2;skWvk40Y)nvtj^_djJMJwGX18_<3jN}h;hD7-N>8csZ<
z2U^Z9=4i(jZI~6xN(@;#2n7W?i{#bmW^|`(Be3^mXt3$bBtiNEWLv)za2hk@Wl<Uz
zza}t^V$CCHJGMST>T&He(yb539HKaD^Eb#H!Pprg`)wS1JBg`&deX0iG})ZU8bmIO
z3R$bjCH+g(!=!bbL78&$^gqwy9C4Z@k3RDcR5;GFX{x+1X67WEfue1GLhcYe^$sch
VBQhr?Dws4h>z*3KMRGJ;`UQBzp3(pS

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_parseint_knownbug/Test.java b/regression/strings-smoke-tests/java_parseint_knownbug/Test.java
new file mode 100644
index 00000000000..bb63540ad96
--- /dev/null
+++ b/regression/strings-smoke-tests/java_parseint_knownbug/Test.java
@@ -0,0 +1,12 @@
+public class Test
+{
+    public static void foo()
+    {
+        // -2^31, min value of Integer, and longest string we could have without
+        // leading zeroes
+        String min_int = new String("-2147483648");
+        int parsed3 = Integer.parseInt(min_int);
+        assert(parsed3 == -2147483648);
+        assert(parsed3 != -2147483648);
+    }
+}
diff --git a/regression/strings-smoke-tests/java_parseint_knownbug/test.desc b/regression/strings-smoke-tests/java_parseint_knownbug/test.desc
index f543e2d900b..c8084216052 100644
--- a/regression/strings-smoke-tests/java_parseint_knownbug/test.desc
+++ b/regression/strings-smoke-tests/java_parseint_knownbug/test.desc
@@ -1,12 +1,10 @@
 KNOWNBUG
-test_parseint.class
---refine-strings
+Test.class
+--refine-strings --function Test.foo
 ^EXIT=10$
 ^SIGNAL=0$
 ^\[.*assertion.1\].* line 9.* SUCCESS$
 ^\[.*assertion.2\].* line 10.* FAILURE$
-^\[.*assertion.3\].* line 17.* SUCCESS$
-^\[.*assertion.4\].* line 18.* FAILURE$
 --
 --
 Issue #664 is about turning these tests on
diff --git a/regression/strings-smoke-tests/java_parseint_knownbug/test_parseint.class b/regression/strings-smoke-tests/java_parseint_knownbug/test_parseint.class
deleted file mode 100644
index 59932ae0cd7421d1da7759308ce69496d0710978..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 1089
zcmZ`%OHUI~7(KVscBaz-`jD6J2TEInN*Mup7z|26Qk4WD0T*OwCv~t)$;@Ef`1l=c
zWXD=f#7KgB|B(yCGed2~;$rUH@7(Wv-}%nHKYo2X1fXM5MLYUsWE5mogpgA)fZH)>
z7?j=}A0NvYQlX$<L0)=KhKxHZhEb3)B9QJgT-S6wt7f|oE!SADnq>j8DiEErY|FbZ
zAZ4=40^!+O*%as~TDJLQdvo1%p83fFsbZ~URF@6M^5Z%f_Fh=7pY55hx3*<Cu4&oc
zB+G0XmMzegd0yNwUK#nSVOR2to@3dSNxzM}X}n%zs$aJyfyY6qa)A=({bb8NNv`7@
zC~P<tc21vBU!ZN#GfFQX8(V=)S|*@Om8$hY)y3MjQ!?kQV60QhhkPv>l1K?8{?#R*
z7KZgPeSBn8AM=xR8Fw{|f<Xro0zFN}gFkLRa-5nY5Fcz%$EojBQyJqL?qT9o%ctub
zW{LK6W?KF64NNwB&D)+?G1){3Tx0kj8m;VT(q^lC61<|a=~|9iZYZXA-Zl^T9#(OU
z&#Rq}NhEsw8M%|d=16f(Gs^QX_>biFAwF^w!a1(d0Hh4=wUY#Np_@?*J?JGuvgl<o
ziP+oRVPqH62MDdCq<w^o178uD{)Ffbk{46*2gDDctn4H9y@BmEu|3S>4x_u62>5CX
zKYj*3{ukd@Ed{Cz)XGt)UgoF@)yI&9ifP0#!?QVBu)vcg8eq|aH)Qz}>f|Iai1WC>
z$vTn2MO>m23&bu5*b=cT0mf-@m9_%c`E?_5gshAk;wRFfBV_7ZHt%bAtOo`H$&~g5
dZ99;|dk9OP5pDI`uNgr|oAGbuCW8=e{RT?A;tK!(

diff --git a/regression/strings-smoke-tests/java_parseint_knownbug/test_parseint.java b/regression/strings-smoke-tests/java_parseint_knownbug/test_parseint.java
deleted file mode 100644
index d2283bbfccd..00000000000
--- a/regression/strings-smoke-tests/java_parseint_knownbug/test_parseint.java
+++ /dev/null
@@ -1,21 +0,0 @@
-public class test_parseint
-{
-    public static void main(String[] args)
-    {
-        if (args.length == 2) {
-            // 2^31-1, max value of Integer
-            String max_int = new String("2147483647");
-            int parsed2 = Integer.parseInt(max_int);
-            assert(parsed2 == 2147483647);
-            assert(parsed2 != 2147483647);
-        }
-        else if (args.length == 3) {
-            // -2^31, min value of Integer, and longest string we could have without
-            // leading zeroes
-            String min_int = new String("-2147483648");
-            int parsed3 = Integer.parseInt(min_int);
-            assert(parsed3 == -2147483648);
-            assert(parsed3 != -2147483648);
-        }
-    }
-}
diff --git a/regression/strings-smoke-tests/java_parseint_with_radix/Test.class b/regression/strings-smoke-tests/java_parseint_with_radix/Test.class
new file mode 100644
index 0000000000000000000000000000000000000000..26bc43a8c10a59cf847a0d5c0ce4782097700684
GIT binary patch
literal 1428
zcmZuwOHUI~7(I9Tm|-aNfgltV@mWwPMGzlA#Ucp_J`xNBc0)VjKyAs);6fKBYU0|R
zaU(kxx=|A`lBkI;j7wMk2>*aF8qXc*18kbi{qDKncfQB@`t9%g4*&)+p(Bi56@40#
zIu!KlNMWE34LGf0P=|_M4MQ5vXc*RTR>e6T=W#*Bh(Oa(!*NX8wTcC2!g7qoyqOaa
z3j)Crt6;ff0=`7|tbjjL%$Wk=X{%sfUAw(#+Bc-LKy130HS)8DZOQu%=yz{f4mqZ8
zn2vja95;(aawMiaD#x``GH}_rV<huNVJSJ|+E!tSj_RsmJ7$j0Vu}Iu94LddByhS6
z(2~Gl8K5PBp)x>ASON_*u9022Vyt@QaZ&=>NH)LIpgvPvv$N);CEKZ!75B-?LWrSB
zAhNegQclXZQ59n$q;WBX2%-Y5702<?OfTDZ(PsOp0oJMv53|1BR6o1(_xBr@c*txj
z#zVM-%&uJ57MIPeE6|+ye@t?S(Mq<df@?0BOrv?j<5i%gM%Yw0M;flgW%AUXt~t}O
zY%^Cbn!|F}_(0(o(8V<hbInAgRklgX2Wp2Ve)sW~<SBRtdNv_m(NNILZ_ootPCK;i
zfc<FYtqyI76JfCOh-5x;PsIJ}NN+)zkNGy?pFSChyhC90HG<C&?TCb*qkaqO{3f)I
zWo*5IZHPcTP$H<?CeW)1?$sc;S51H~@nDHS-zLzi3DPwP(z^&A#?^I<c`ej?1cB=K
z-!<ZY?~2dFwNiX&?+9WYQM}m8;DJ>Xa`rxN_IGiRc7VSirBkVah91s+3_8Y9k4Y+W
zowClM5i9h#PhlTW+Q*dj359)1ZC;Y;6C*!UwXf9eJ5~EZ-F~8-YIg`94hRhgMGT#y
z4TnS@x<m#?JiS+$Bh1BUM+bFoK>`O@k;0rwbb8nvu|ppAgjkn{JtcP7!@i@BOfvQd
zv7-`Wo)nHrjM;i{-1Fn!-~=tu3pk6$Kj=}>Eq<X%`GfA7W}<@b`0n$jQ(EUiZ&!h6
htl=#hpF#C+!0&s5;Qy;FlLnxKF3LZ^NnRA3`Ui@k7C!(0

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_parseint_with_radix/test_parseint_with_radix.java b/regression/strings-smoke-tests/java_parseint_with_radix/Test.java
similarity index 77%
rename from regression/strings-smoke-tests/java_parseint_with_radix/test_parseint_with_radix.java
rename to regression/strings-smoke-tests/java_parseint_with_radix/Test.java
index 978bf9fb320..29716aa2486 100644
--- a/regression/strings-smoke-tests/java_parseint_with_radix/test_parseint_with_radix.java
+++ b/regression/strings-smoke-tests/java_parseint_with_radix/Test.java
@@ -1,32 +1,32 @@
-public class test_parseint_with_radix
+public class Test
 {
-    public static void main(String[] args)
+    public static void foo(int i)
     {
-        if (args.length == 1) {
+        if (i == 1) {
             String str1 = new String("F");
             int parsed1 = Integer.parseInt(str1, 16);
             assert(parsed1 == 15);
             assert(parsed1 != 15);
         }
-        else if (args.length == 2) {
+        else if (i == 2) {
             String str2 = new String("123");
             int parsed2 = Integer.parseInt(str2, 10);
             assert(parsed2 == 123);
             assert(parsed2 != 123);
         }
-        else if (args.length == 3) {
+        else if (i == 3) {
             String str3 = new String("77");
             int parsed3 = Integer.parseInt(str3, 8);
             assert(parsed3 == 63);
             assert(parsed3 != 63);
         }
-        else if (args.length == 4) {
+        else if (i == 4) {
             String str4 = new String("-101");
             int parsed4 = Integer.parseInt(str4, 2);
             assert(parsed4 == -5);
             assert(parsed4 != -5);
         }
-        else if (args.length == 5) {
+        else if (i == 5) {
             String str5 = new String("00aB");
             int parsed5 = Integer.parseInt(str5, 16);
             assert(parsed5 == 171);
diff --git a/regression/strings-smoke-tests/java_parseint_with_radix/test.desc b/regression/strings-smoke-tests/java_parseint_with_radix/test.desc
index e6138767e20..8b4a846fa3b 100644
--- a/regression/strings-smoke-tests/java_parseint_with_radix/test.desc
+++ b/regression/strings-smoke-tests/java_parseint_with_radix/test.desc
@@ -1,6 +1,6 @@
 CORE
-test_parseint_with_radix.class
---refine-strings
+Test.class
+--refine-strings --function Test.foo
 ^EXIT=10$
 ^SIGNAL=0$
 ^\[.*assertion.1\].* line 8.* SUCCESS$
diff --git a/regression/strings-smoke-tests/java_parseint_with_radix/test_parseint_with_radix.class b/regression/strings-smoke-tests/java_parseint_with_radix/test_parseint_with_radix.class
deleted file mode 100644
index 22a393e7d103823ba68cca1ced4d362e5178623f..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 1537
zcmZ`&&rcL*7=FIl*_~ln*k4+x0!p<l43%X8#TH~0&`7dvlhT-A4`kS#;MirC%nWU#
zClh;U&z|&9ZXP_C)<ldZ+d~sgnw~xRM|d^H#^?KBe*o)YX5R1l-uHQbJn#Jb|I-?P
zNnEs$z^H+&i7^Wrau&uh(Sa^Z8aQpiz^I8cCZ<fBHSwi^uPjVs#=tp&%t<E*TtD=x
zm0-aOoYk^h5)fAfVl!UF3ugr)L&H}D^!aMZ6-X4kiu=vx`l{=HFP#O_g=*0$UvYd-
zo_9e#yygW0M+%`Egex14AGls6T>04xudVn_$@^uRjO&h95%_56hr)H|CnsBWDr?!L
z(Dy29(<);S`Z>ve;8ws;lqFt^MKaNIyaCdZz(fO}C4tEXKuZFr8vrfc@z+>!rcE&d
zT}z=;{PAmNL$$|A3z##-^6r4FrRt_%bT4^w9Q_~acvQ9#M;aM{<o=e}$0d0;Yak!T
zd0dDiiIhNZ)A2%Gr;EN{^(jkkoQ-KyQ>^_|Zj7VQ$HtsF#(by(19NfAV_{GJZ&$Co
z#Zchz(7`!N6;jO#7Av8<<}$UZrq82P?_k*CFf~au<L1lUF}jxA!1LWwqY(}@+~frp
z>?#Jit_iNQNcPIsX+=Qsk>UFgPg#BizfpS|;!heH4)YyTAjxURcO1}zUY<JeF^&*n
zu=X3tBII7QYx)-Q&!8=*BiqmmBgy0wM9=+&*j=Rhl8Hai`3%PLHq5^p*j5v}FFNd6
zw9e46!(g>C+-$>evy}la>{_hOVC^uNtql1#4Ea3_zuGlp3$v<=PQ?&yC3xG0;O!oQ
z1-oX}3F7<5knT(2!F~z_ws1%RB1(W87@!@c5HadzaQG%hIQ%>;%%KyPDa&`%b{XAR
zr^2`Bb({MBPHpc{-Fp=1A({T6gwGlMAH{n~>0VL1*ElM4^a%s~q6-6}2gk$!j*AHl
zipw~mMBiYJB)8)z`Y3h}hS1N7H0I3Wn8KEc9aq>LVuK31N9+@Yy~HS)Wb7+qCnd%_
zIeaQHX0!2`^5gR0b9w;7e9of#9Yze;;tev|JJ@Z_;U>E4dq_>EzSEOxVS!Y->oL0T
c!qD$Sk32%`;C{=bQE2h=@-O&;2Mwp*10GLAApigX

diff --git a/regression/strings-smoke-tests/java_parseint_with_radix_knownbug/Test.class b/regression/strings-smoke-tests/java_parseint_with_radix_knownbug/Test.class
new file mode 100644
index 0000000000000000000000000000000000000000..507c0f9f16b5fadb2004d17ab72f384c4f076501
GIT binary patch
literal 1035
zcmah|-%ry}7(I90)~+k;2Z}iH7a|T21~^3p`4N<4$y5@^5_l`y6^nBvZShh3J9v>d
zp4CK*B>L`u<OAZlWik{J+ob*Ox!?J|@0{EI`1SQ0fFd56Xh)xpTL$tbBIq|UfWZVT
z+}5@Z4-a(=nK002U|4%chK_=X5sc~>6X@u*eP4Qk<2L-qj&HBlWlcb=2*f9yh7(K)
zX!-t%Ky=QnNr6<^X~<`ruUDnFq>=@)Ww&bAE4JsTbrXyRFCCvX%1hD@CRpQz>#|0^
z6qfP>Z&VT2?KgIzZa3Bni-G4f)|jYo*q$$I+!iGgn8_iVAS2-jv@Hg9_0>~*BkV=p
z0>)&u-kjE4bT_@KoOjf03DtgBwXu*vRv`UvOLE8Ok1myRM@P}ZUEH&fLRz4!l|TE(
zrzf80dICK|qa**hC_oLMW8A`hJou~q^VM}(4Ft~TPurkO%CtI{8i8DsY-xn%a4FDv
z2CdXj%Tg`gT%Bjj)SC1iPu7kF(7#}l8$8$*T<3Sv&aXnGyOd-`8rU6KK0CN7@Gba`
z4eUXDU=YDMKI0+C@fll33FyQHt`g|NMIt1N9E)khwsO%OOz$JIoYnRaEf1#CUl4or
z5%Fzgy0iLwB==z~?;-L17~5%KyO_zvb}$hZFv9||ll<fv{NxF~8e0p;9^<go!ds_W
zgCi&SvzVAd60_W!rxy#{snCgay6~1Vl*A$#DSDB^B}(f=9^JT1D;6+}D<M`Pb~VH(
z7uOhp-h!6I4ltmjNBl%b<N*0*$mTbWO)iEG0-3D!8ExCpqq~S|pAbK7xT+aL#F|mZ
K(#u5zH-7_Q@W%K6

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_parseint_with_radix_knownbug/test_parseint_with_radix.java b/regression/strings-smoke-tests/java_parseint_with_radix_knownbug/Test.java
similarity index 78%
rename from regression/strings-smoke-tests/java_parseint_with_radix_knownbug/test_parseint_with_radix.java
rename to regression/strings-smoke-tests/java_parseint_with_radix_knownbug/Test.java
index 7279127d053..e7cbf6df57b 100644
--- a/regression/strings-smoke-tests/java_parseint_with_radix_knownbug/test_parseint_with_radix.java
+++ b/regression/strings-smoke-tests/java_parseint_with_radix_knownbug/Test.java
@@ -1,15 +1,15 @@
-public class test_parseint_with_radix
+public class Test
 {
-    public static void main(String[] args)
+    public static void foo(int i)
     {
-        if (args.length == 1) {
+        if (i == 1) {
             // 2^31-1, max value of Integer
             String str1 = new String("7FFFFFFF");
             int parsed1 = Integer.parseInt(str1, 16);
             assert(parsed1 == 2147483647);
             assert(parsed1 != 2147483647);
         }
-        else if (args.length == 2) {
+        else if (i == 2) {
             // -2^31, min value of Integer, and longest string we could have
             String str2 = new String("-100000000000000000000000000000000");
             int parsed2 = Integer.parseInt(str2, 2);
diff --git a/regression/strings-smoke-tests/java_parseint_with_radix_knownbug/output b/regression/strings-smoke-tests/java_parseint_with_radix_knownbug/output
new file mode 100644
index 00000000000..e9cde4a8842
--- /dev/null
+++ b/regression/strings-smoke-tests/java_parseint_with_radix_knownbug/output
@@ -0,0 +1,164 @@
+CBMC version 5.7 64-bit x86_64 linux
+Parsing test_parseint_with_radix.class
+Java main class: test_parseint_with_radix
+Converting
+Generating GOTO Program
+Adding CPROVER library (x86_64)
+Removal of function pointers and virtual functions
+Partial Inlining
+Generic Property Instrumentation
+Starting Bounded Model Checking
+Unwinding loop __CPROVER__start.0 iteration 1  thread 0
+Unwinding loop __CPROVER__start.0 iteration 2  thread 0
+Unwinding loop __CPROVER__start.0 iteration 3  thread 0
+Unwinding loop __CPROVER__start.0 iteration 4  thread 0
+Unwinding loop __CPROVER__start.0 iteration 5  thread 0
+Unwinding recursion java::test_parseint_with_radix::clinit_wrapper iteration 1
+Unwinding recursion java::test_parseint_with_radix::clinit_wrapper iteration 1
+size of program expression: 530 steps
+simple slicing removed 50 assignments
+Generated 68 VCC(s), 9 remaining after simplification
+Passing problem to string refinement loop with MiniSAT 2.2.1 without simplifier
+converting SSA
+Running string refinement loop with MiniSAT 2.2.1 without simplifier
+BV-Refinement: post-processing
+BV-Refinement: iteration 1
+54337 variables, 39117 clauses
+SAT checker inconsistent: instance is UNSATISFIABLE
+BV-Refinement: got UNSAT, and the proof passes => UNSAT
+Total iterations: 1
+BV-Refinement: post-processing
+BV-Refinement: iteration 1
+54337 variables, 39117 clauses
+SAT checker inconsistent: instance is UNSATISFIABLE
+BV-Refinement: got UNSAT, and the proof passes => UNSAT
+Total iterations: 1
+Runtime decision procedure: 0.386s
+
+** Results:
+[pointer_dereference.1] reference is null in *stub_ignored_arg1: SUCCESS
+[pointer_dereference.2] reference is null in *stub_ignored_arg1->data: SUCCESS
+[pointer_dereference.3] reference is null in *cprover_string_array$7: SUCCESS
+[pointer_dereference.4] reference is null in *this: SUCCESS
+[pointer_dereference.5] reference is null in *stub_ignored_arg0: SUCCESS
+[pointer_dereference.6] reference is null in *stub_ignored_arg0->data: SUCCESS
+[java::test_parseint_with_radix.main:([Ljava/lang/String;)V.pointer_dereference.1] reference is null in *args: SUCCESS
+[java::test_parseint_with_radix.main:([Ljava/lang/String;)V.pointer_dereference.2] reference is null in *new_tmp0: SUCCESS
+[java::test_parseint_with_radix.main:([Ljava/lang/String;)V.pointer_dereference.3] reference is null in *new_tmp2: SUCCESS
+[java::test_parseint_with_radix.main:([Ljava/lang/String;)V.assertion.1] assertion at file test_parseint_with_radix.java line 9 function java::test_parseint_with_radix.main:([Ljava/lang/String;)V bytecode_index 20: SUCCESS
+[java::test_parseint_with_radix.main:([Ljava/lang/String;)V.null-pointer-exception.1] Throw null: SUCCESS
+[java::test_parseint_with_radix.main:([Ljava/lang/String;)V.pointer_dereference.4] reference is null in *new_tmp3: SUCCESS
+[java::test_parseint_with_radix.main:([Ljava/lang/String;)V.assertion.2] assertion at file test_parseint_with_radix.java line 10 function java::test_parseint_with_radix.main:([Ljava/lang/String;)V bytecode_index 29: SUCCESS
+[java::test_parseint_with_radix.main:([Ljava/lang/String;)V.null-pointer-exception.2] Throw null: SUCCESS
+[java::test_parseint_with_radix.main:([Ljava/lang/String;)V.pointer_dereference.5] reference is null in *args: SUCCESS
+[java::test_parseint_with_radix.main:([Ljava/lang/String;)V.pointer_dereference.6] reference is null in *new_tmp4: SUCCESS
+[java::test_parseint_with_radix.main:([Ljava/lang/String;)V.pointer_dereference.7] reference is null in *new_tmp6: SUCCESS
+[java::test_parseint_with_radix.main:([Ljava/lang/String;)V.assertion.3] assertion at file test_parseint_with_radix.java line 16 function java::test_parseint_with_radix.main:([Ljava/lang/String;)V bytecode_index 52: SUCCESS
+[java::test_parseint_with_radix.main:([Ljava/lang/String;)V.null-pointer-exception.3] Throw null: SUCCESS
+[java::test_parseint_with_radix.main:([Ljava/lang/String;)V.pointer_dereference.8] reference is null in *new_tmp7: SUCCESS
+[java::test_parseint_with_radix.main:([Ljava/lang/String;)V.assertion.4] assertion at file test_parseint_with_radix.java line 17 function java::test_parseint_with_radix.main:([Ljava/lang/String;)V bytecode_index 61: SUCCESS
+[java::test_parseint_with_radix.main:([Ljava/lang/String;)V.null-pointer-exception.4] Throw null: SUCCESS
+[pointer_dereference.7] reference is null in *this: SUCCESS
+[array-create-negative-size.1] Array size should be >= 0: SUCCESS
+[pointer_dereference.8] reference is null in *cloned_array: SUCCESS
+[pointer_dereference.9] reference is null in *cloned_array: SUCCESS
+[pointer_dereference.10] reference is null in *this: SUCCESS
+[pointer_dereference.11] reference is null in *cloned_array: SUCCESS
+[pointer_dereference.12] reference is null in *this: SUCCESS
+[pointer_dereference.13] reference is null in *cloned_array: SUCCESS
+[pointer_dereference.14] reference is null in cloned_array->data[index]: SUCCESS
+[pointer_dereference.15] reference is null in this->data[index]: SUCCESS
+[pointer_dereference.16] reference is null in *this: SUCCESS
+[array-create-negative-size.2] Array size should be >= 0: SUCCESS
+[pointer_dereference.17] reference is null in *cloned_array: SUCCESS
+[pointer_dereference.18] reference is null in *cloned_array: SUCCESS
+[pointer_dereference.19] reference is null in *this: SUCCESS
+[pointer_dereference.20] reference is null in *cloned_array: SUCCESS
+[pointer_dereference.21] reference is null in *this: SUCCESS
+[pointer_dereference.22] reference is null in *cloned_array: SUCCESS
+[pointer_dereference.23] reference is null in cloned_array->data[index]: SUCCESS
+[pointer_dereference.24] reference is null in this->data[index]: SUCCESS
+[pointer_dereference.25] reference is null in *this: SUCCESS
+[array-create-negative-size.3] Array size should be >= 0: SUCCESS
+[pointer_dereference.26] reference is null in *cloned_array: SUCCESS
+[pointer_dereference.27] reference is null in *cloned_array: SUCCESS
+[pointer_dereference.28] reference is null in *this: SUCCESS
+[pointer_dereference.29] reference is null in *cloned_array: SUCCESS
+[pointer_dereference.30] reference is null in *this: SUCCESS
+[pointer_dereference.31] reference is null in *cloned_array: SUCCESS
+[pointer_dereference.32] reference is null in cloned_array->data[index]: SUCCESS
+[pointer_dereference.33] reference is null in this->data[index]: SUCCESS
+[pointer_dereference.34] reference is null in *this: SUCCESS
+[array-create-negative-size.4] Array size should be >= 0: SUCCESS
+[pointer_dereference.35] reference is null in *cloned_array: SUCCESS
+[pointer_dereference.36] reference is null in *cloned_array: SUCCESS
+[pointer_dereference.37] reference is null in *this: SUCCESS
+[pointer_dereference.38] reference is null in *cloned_array: SUCCESS
+[pointer_dereference.39] reference is null in *this: SUCCESS
+[pointer_dereference.40] reference is null in *cloned_array: SUCCESS
+[pointer_dereference.41] reference is null in cloned_array->data[index]: SUCCESS
+[pointer_dereference.42] reference is null in this->data[index]: SUCCESS
+[pointer_dereference.43] reference is null in *this: SUCCESS
+[array-create-negative-size.5] Array size should be >= 0: SUCCESS
+[pointer_dereference.44] reference is null in *cloned_array: SUCCESS
+[pointer_dereference.45] reference is null in *cloned_array: SUCCESS
+[pointer_dereference.46] reference is null in *this: SUCCESS
+[pointer_dereference.47] reference is null in *cloned_array: SUCCESS
+[pointer_dereference.48] reference is null in *this: SUCCESS
+[pointer_dereference.49] reference is null in *cloned_array: SUCCESS
+[pointer_dereference.50] reference is null in cloned_array->data[index]: SUCCESS
+[pointer_dereference.51] reference is null in this->data[index]: SUCCESS
+[pointer_dereference.52] reference is null in *this: SUCCESS
+[array-create-negative-size.6] Array size should be >= 0: SUCCESS
+[pointer_dereference.53] reference is null in *cloned_array: SUCCESS
+[pointer_dereference.54] reference is null in *cloned_array: SUCCESS
+[pointer_dereference.55] reference is null in *this: SUCCESS
+[pointer_dereference.56] reference is null in *cloned_array: SUCCESS
+[pointer_dereference.57] reference is null in *this: SUCCESS
+[pointer_dereference.58] reference is null in *cloned_array: SUCCESS
+[pointer_dereference.59] reference is null in cloned_array->data[index]: SUCCESS
+[pointer_dereference.60] reference is null in this->data[index]: SUCCESS
+[pointer_dereference.61] reference is null in *this: SUCCESS
+[array-create-negative-size.7] Array size should be >= 0: SUCCESS
+[pointer_dereference.62] reference is null in *cloned_array: SUCCESS
+[pointer_dereference.63] reference is null in *cloned_array: SUCCESS
+[pointer_dereference.64] reference is null in *this: SUCCESS
+[pointer_dereference.65] reference is null in *cloned_array: SUCCESS
+[pointer_dereference.66] reference is null in *this: SUCCESS
+[pointer_dereference.67] reference is null in *cloned_array: SUCCESS
+[pointer_dereference.68] reference is null in cloned_array->data[index]: SUCCESS
+[pointer_dereference.69] reference is null in this->data[index]: SUCCESS
+[pointer_dereference.70] reference is null in *this: SUCCESS
+[array-create-negative-size.8] Array size should be >= 0: SUCCESS
+[pointer_dereference.71] reference is null in *cloned_array: SUCCESS
+[pointer_dereference.72] reference is null in *cloned_array: SUCCESS
+[pointer_dereference.73] reference is null in *this: SUCCESS
+[pointer_dereference.74] reference is null in *cloned_array: SUCCESS
+[pointer_dereference.75] reference is null in *this: SUCCESS
+[pointer_dereference.76] reference is null in *cloned_array: SUCCESS
+[pointer_dereference.77] reference is null in cloned_array->data[index]: SUCCESS
+[pointer_dereference.78] reference is null in this->data[index]: SUCCESS
+[pointer_dereference.79] reference is null in *this: SUCCESS
+[array-create-negative-size.9] Array size should be >= 0: SUCCESS
+[pointer_dereference.80] reference is null in *cloned_array: SUCCESS
+[pointer_dereference.81] reference is null in *cloned_array: SUCCESS
+[pointer_dereference.82] reference is null in *this: SUCCESS
+[pointer_dereference.83] reference is null in *cloned_array: SUCCESS
+[pointer_dereference.84] reference is null in *this: SUCCESS
+[pointer_dereference.85] reference is null in *cloned_array: SUCCESS
+[pointer_dereference.86] reference is null in cloned_array->data[index]: SUCCESS
+[pointer_dereference.87] reference is null in this->data[index]: SUCCESS
+[pointer_dereference.88] reference is null in *args: SUCCESS
+[pointer_dereference.89] reference is null in *args: SUCCESS
+[pointer_dereference.90] reference is null in *args: SUCCESS
+[java::test_parseint_with_radix.main:([Ljava/lang/String;)V.pointer_dereference.9] reference is null in *args: SUCCESS
+[pointer_dereference.91] reference is null in *args: SUCCESS
+[java::test_parseint_with_radix.main:([Ljava/lang/String;)V.pointer_dereference.10] reference is null in array_data_init$10[array_init_iter$11]: SUCCESS
+[java::test_parseint_with_radix.main:([Ljava/lang/String;)V.pointer_dereference.11] reference is null in *malloc_site$12: SUCCESS
+[java::test_parseint_with_radix.main:([Ljava/lang/String;)V.pointer_dereference.12] reference is null in *malloc_site$12: SUCCESS
+[java::test_parseint_with_radix.main:([Ljava/lang/String;)V.pointer_dereference.13] reference is null in *malloc_site$12: SUCCESS
+[java::test_parseint_with_radix.main:([Ljava/lang/String;)V.pointer_dereference.14] reference is null in *malloc_site$12: SUCCESS
+[java::test_parseint_with_radix.main:([Ljava/lang/String;)V.pointer_dereference.15] reference is null in *malloc_site$13: SUCCESS
+
+** 0 of 123 failed (1 iteration)
+VERIFICATION SUCCESSFUL
diff --git a/regression/strings-smoke-tests/java_parseint_with_radix_knownbug/test.desc b/regression/strings-smoke-tests/java_parseint_with_radix_knownbug/test.desc
index e3aa52b3cef..62ba98812e5 100644
--- a/regression/strings-smoke-tests/java_parseint_with_radix_knownbug/test.desc
+++ b/regression/strings-smoke-tests/java_parseint_with_radix_knownbug/test.desc
@@ -1,6 +1,6 @@
 KNOWNBUG
-test_parseint_with_radix.class
---refine-strings
+Test.class
+--refine-strings --function Test.foo
 ^EXIT=10$
 ^SIGNAL=0$
 ^\[.*assertion.1\].* line 9.* SUCCESS$
diff --git a/regression/strings-smoke-tests/java_parseint_with_radix_knownbug/test_parseint_with_radix.class b/regression/strings-smoke-tests/java_parseint_with_radix_knownbug/test_parseint_with_radix.class
deleted file mode 100644
index 876f33d861b9addf3ed10e48ee6ee421597834fd..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 1141
zcmah|T~E_s7(MU0tzB1O9}0-z2cm347~m9jC?ZNEnVNthfET1}%_xqJv_-uW{{}a5
z$F-V>kp%DkM_wSF7TnN5Y|{35pO5pNbNcqjuWx$*a>%P_Mz4&Ng0zYNGAjCTJpv8=
z(z}C$0~rG<6!a>{N*kPzF{ok)!!m9NBzttnF>KeYTFxWW(U&SlNkA+Jghx%wbngpD
zsr0NsaH3i=1X>EFWjtG7T{7$!Ub8@=P%Y|}S=~0h^-(hDE}M=(N5M55cX3U(9mBNT
z#W$wAylCqs^KG7ptGa0kw5DDbR`l0;wxV0*?2K!hRyptQ=(zTfhu=^YkbTG!%VLU1
z>>REo83lE_%<YpWAPY3jxO(x`Q+>_nO5X&O(PHIDtvXX(w~NN4>1pdajsAegNkbe7
zf!M$Nh&M8MczG>388<cD!ia_z#01*w{o{YUe{9=TTcEptXz)K5=T9Rg<F<x7xce8S
z=SwR_(G@tGYV^@_IbLToWw}P#APvQLmrL*KG>%QB>3K_iZlc07#MYAGn6^=>iK5T$
zItx5N3%Jbl*v!)>V(p#{j3jV(B=}5nmE~LT9m?!Ld}I*789u{)lJpsChYe^&8&?su
z;~X;_7M%o>n0ueu3vOX-7lHYNw1Z%wFBbcX(7jIxZzA5AkUt>03uS%>k?*zKRz0_k
z@yuRm3wa+w^$|kH0iq`WM2`V@#3i5jFzHea1;|vZkaC2-rHU~`@sPDAbYq%M%&}Ub
z4;vKXiOg{(MmIWep5oe&LMOUt#xw?S!OzVxchS#LFfP$qpqqCaLi^~GaYg(@GO&;I
rQOM1EYBuM54}o|>`+}xT$iZy{rOyaATJB+n5YQfYALc3-0bKhHa0Bu3

diff --git a/regression/strings-smoke-tests/java_parselong_1/test_parselong.class b/regression/strings-smoke-tests/java_parselong_1/test_parselong.class
deleted file mode 100644
index d912ed08003c33b066551abc750ef9f2eb82ee74..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 923
zcmZuvU2hUm5IuKUSXh>iLP7kdT9me0N~Msd#Mo4QFsnXbnzTNc3vBS#?QXNX_)C0|
zKj5>Ph_Q*j`=2z<-PR(~Y;t#I?#!Gs=g!aH-@XHAprs>)MGciWZs|~PTSpa32_&%`
z1sLT38dh{9WY!%Wcd@FW#*km+zHfPfa2@}l@Ojs^`V4HJA=Va-2<|gPs!O{J>W<sD
z7&4}CtY^c+uI0Uu$qYHu?QwgTdqVoBK{a?Se1@zUSbp&8h<m<eyUt*X`W$lMFchmV
z%>(|H*KF<#YMsCnbQ|JuZ$Op#bFPVsA9xaRrjqD}Ad>qNhEyluy*E$!QAmemVTiYT
z_US-+#~pe->#>mZ^V1AhWorXj%n|$lVW@F^ZF6&@UT?0qTCJwcThmZCu#S5M(#SBB
zCPmwSm3`!SF7ZxJLuqIj*g$g%=y~_R>IDpi>g<qGp7f->NrEyY!nsfEbBjoh%%o_?
zruQcK`<5>}tA9q31Pg|AL65zU1=^bwZ4Aqn<WOWqXopA>I&<XJ=r4CFx;zH^NQQzu
zov|>;Fi*B|l7Iq=<Rx$cC5p)65mfqs_A!*bTx1N@T=|OV_9w(f$d~7#y?c-3F%o-Y
z=s*66jwVrw83{3qp#3Ifoz^>pI4Xp-MV{nPrX0e-MO>o4PLFgMSBOQ1w*M-w5$o$=
wT=|8HhO%0q`h~M08{q`NTrT+q#t54F0czwkVzUFwHc=?X11ZZ5aunSB13X*2cmMzZ

diff --git a/regression/strings-smoke-tests/java_parselong_2/test_parselong.class b/regression/strings-smoke-tests/java_parselong_2/test_parselong.class
deleted file mode 100644
index d0ba8c19bc710603d76026422fffd27612d95e29..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 926
zcmZuwO>fgc5Pj=7apE}NO$gs9EhK56NlSnOr6LMN0vR|2Rcbk)O=5zJYge|zFX2MO
zodYL8B8W<GN8-2e3qZ`er6HuUv^z69Gw;pw?)Tqcz5;0ChKd9h6<mzsk_riB6%|xt
zh+`>C3GaUVWD5#vDq<q*vWhEMR#0ciEppE@T;FtT?~dv5u4VKY*fv9C&9qH_ogq}I
zZZgPir*AN%bkjB-4tKkT`&cA1WOb*<txfKl!aoek{&Uk~NbA1g`A_$_>lv0~4{lPQ
zU2fV8g~}6shri@?i`#>G$9GLS4RE+Spvv4a$3(^RU4b}LNpu4c!Tml%qT}=4iwAr!
zphL1SMAv%O;XrD~8M-~=t|{o}rWr1a)*8~t5c~gOsBx{)Xm#8Djc1LO)vF?}p<qSB
zD#%G9#Za6Swf-u*;kpj-PEJE9Xll5I>r+6Fx;sYCXUJD(hZOQ8C+&3-lpz+(eP9=k
zDY{oBJyMgZwnaaj^zR#<=^Fhbj-;4Bqyzff+nA?|lc0OU(nT>9Ss@TjWN6KjSErrP
z9$p%Qy(dFLj@C#JWSApcJ4iqt1@dAzfg(jj@f*nW0qgsawz8oyWWAP7e@3|V0g(}M
zr8y|CUL(Gb*wz^8w|}CeNmQVQ0@MP;6%Rut{0tP75ydS+6f8=VLr6G@Q?#q}QcmLx
z@yO5vIE!<{`+N|Wexa<OB<HDi{%Fi*Fawau#y>$DL6P4=4t+#qc4W~e3`x5!gt<VD
GgoQu3{J;_b

diff --git a/regression/strings-smoke-tests/java_parselong_3/test_parselong.class b/regression/strings-smoke-tests/java_parselong_3/test_parselong.class
deleted file mode 100644
index c7cafd723c4e08a94e4da4d1e9e38262fa07c6f8..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 927
zcmZuwT~E_c7=BLIu3OiAvpK(qqT4_ijG-YSk)S4;suwdP;DtHcnprF@X*++3H!j|L
zttQS$qWAtM!S@to&e104yx-6BzUQ1@hu?nyXyT5BBxY3Hh~cIN2^9@h)Z$2BRyjI4
zq!>WOoQAlFx}{+r3o7ai`5Er}rWaVQ<3F%`-nPvy1KVMUu33&1tTRNawJipD)9soJ
zX~S~NXZ^jl>Aeua3^~K?aC?h;me5a(a`4*n88Sv-`oXJx?)j$eI=#D8XOCMBL$UhO
z*yV3|-R4fO-U>X6yde(vdX$+z!%bBDz!QiQnM5}P5!|0JBwGRRym`v^Lpn4ThS*xi
zK50m6xqYu=KC%S;{5Zn}QCdd^Sz`Y`3`1(Zv9!9n*jR3?(AN-wiz=3MG_b5Ag)~EH
zl(q49v=2ScCE}@ZEEP>1E4V#|^t`=mb^?Y%b+St_pVX+lK@(+&hm9Z0#WRu~*JvQ=
zQP!qSCr$^@HGRu7yQds!WI>-Cblf|brkj(bJHs+1(G^J%5KUxh&5>58ozbq$4#7T=
zAR$j{G&C|yk*psFpnxK2ahyYmEF$>>Wcq>i14!Gs$PltIm(jjK+4zj;0QvG1)OYWZ
zI6!=R2<_)T*1^asP$MB~5emssXmrK1h@nDg_ec{g$`nILIFAdoYxGnu;u7)5(hInZ
zE5!S1XqSGYqM|GpD1Z92&1TpGkj*8&LLWetKSGXtL3FZZQAUBJ-xq_qMv8>%e*mr~
BzzhHY

diff --git a/regression/strings-smoke-tests/java_parselong_4/test_parselong.class b/regression/strings-smoke-tests/java_parselong_4/test_parselong.class
deleted file mode 100644
index 89e6a99d4abcb7c4121abf106898def48d7b314c..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 929
zcmZuwOK;Oa5dPM2;>2;@O$hH63Q1aM`bgUYrJ^bzfeajiDzzNYCRqg+*RE`b-@p&x
zLd2ajAQ40*xN+boA%U26A0edjV;(y*-#4?nKmUCF2B3je9Vtv}xE9BC9SSNss;DK9
z#7q?U_2V_Y8fJAQWYi5EH!-K7&QO@<zAwDMavlG!<@1&;It*-wA+}~YR<O<xsn)g_
z)J?Y|7&4~ih{wIXmhhg+V1~Tuwz<8<Jxkh0PBnO8`3zYz5PtA{pL@QrU8j4C>g;jL
zVJKCfnY;WIuiM<|)|-K6(Q1gpy)I=IPFW@@e&9*Ou}q>Hf=KQU8B)!Fw_iTu`ym|~
z3qyRZZ67tHH{G7s7WXYlzc9*hPL?*1MUL424@0iimF33L;==r~l%ew)77Q$6$v_$z
zhVn3P<9N9DJkKTS=}|Nd4Fk(q8Nqte+7<19p;#U7Q%)#7EN{|G84_XZhkEIhqz5$`
zNoJU}Y15w57IcJfd7^W|k%kuZXn{6-2UB!*QgpUhwk*3MEdrv69R2fT)k!jv(U}3*
z2T~Li=pPH63=^aqhXE*}L{<W4P$rK|eg~BvVEq8fc0MwIYR+ckUl85+h*%$m$q8t0
z-XeK`#P$IC_kX<op;w|tLevuIl+&jZehwNch~qXPN*0q8Lr6G_b0l@TEa!27c;x5~
zT*M{feL3_izfsXJsTL`B>ZHv^*aMKuCqKjJLsQ>FjeJ6Eyk%J?3dOi12XloC1y}z9
D$DqOl

diff --git a/regression/strings-smoke-tests/java_parselong_5/test_parselong.class b/regression/strings-smoke-tests/java_parselong_5/test_parselong.class
deleted file mode 100644
index deaff359766878fc996234305ee5403faf397641..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 949
zcmah|%Wl(95Ixti<Hm8`O$hH4+LE-iX=#830a3Lefeb8yDzz-ojbjBD*RE`bFJVLY
z0M>v+5S3uh7qNjb*DVbpl}IGtnYlA_&K!@w|N8P3Km#{5q%f;uZVK}nBwW!@MJ<6O
z7L?&|_=A$5Vo^gvWL?#;gk=?VhQcfl0?Q9=&kZ*1fVUm1!@zbJ;!WGN!#fPIYHf=_
z-tamWL&mUO>v3<dZTU|{GDF_*Ozv!P-xmH+P!3<%0YlaZtss29&;7u1Jhyv``s{Jr
zWhhmj8N2)yuRGlB)?1-((`|&q{Vr7&PPis2LFfy_iAtgyfe7vo8B(o~n=c>n{fG|9
z!Z6h|ouh%Yme=!5>%J}M7seSbi`F`_$PxR0VHoC?R#*Q26ZI=9R&`v%nvOIw4CPU?
z^*@T=^L>xzNsm)d(a>=nH^vA&Y42KQ$WW|K4liU&kJ=j~G(#fN<IpahQ1qZiI%P&x
z8xAc3y_b#^*uK>{=15A0J-VPR*ue}fREk!KWy@kJvSJ{b$k8)TUY$-xr?M~rdryXh
z0zKnVkYSo^{V)MVl*miq6v`A4#cv_gAGm!0X*(YqKsFYY&rsGsAl^rzG7a_h8zc{q
z*d9Rp_E)q&iVDzJ1X_YZb{rZleirmy5LlBuL83xA1ccK#L#Ku{oW(h!k)`kAJT4IJ
yi&0$qiFp+jxk&Xh$5S?<5rAAi`3ZU-s{9Ue>?7in6N@$qB>k??<q|m(F8>CT6U7|>

diff --git a/regression/strings-smoke-tests/java_parselong_binary_1/Test.class b/regression/strings-smoke-tests/java_parselong_binary_1/Test.class
new file mode 100644
index 0000000000000000000000000000000000000000..199471e4b3e59c46dea1fbe29a3cdce80ba66a28
GIT binary patch
literal 854
zcmah{%Wl(95Ixt=*m0UyW5Tnvv>^$!X=!!@R8&AJ1iDC7sogn_2`<L2Y={3qVncp_
zH6Rg0CD`*tY#_{aO9B)LFYcWg&zy5+=6?P0=`(;PnmRI=SFw=76&(T=bu6KxA&sl@
zcs%|_Nl;PMq4BJmjykTXxXw^qw4%rfV>j@lyKZE4J*UUO_8F9x>$~x72C-V(Wso+5
zp2LuByT0>y@Vx7UJ3N`8&<<?N+qFWM`zJvue(FYq(cW>Q_$FaI2?9E!IOGKf)(flQ
zS$@CKi9^@#Q-X46g;7HNfFaX~E&JIc>o7s1t{74++dI*tcY;A^JNI4Au5p4D4rm~U
zJVWkpaE7JjwblQBynb25ih%}J4a^|RP@aO_`8B3{VHi*s5+_!%X5a?a|DfIO9yoT)
zP^zA8luvSI3fd0*KJ}3Fer%inDB7ygOtRCeO^<fQVD_BI4V~UZ8BHx7&<|SJKIUon
z8QMC_m3c2@i6EKC(^(*|K{umYu8+Xpk|Cf-r;-F2X2~{=6HtOlo`y4%;+K#J4!Cs$
zVXq*LAU&+hA0cnNgEB;MZWijR*GL~h+Z#du@>_H`jdD^kAvGbBtw5(YnnMZ|B5RSy
zMVKT^$2!V5OCGHV=Ww2cT_BHM`gc@RT$D;wb!j56nFt5+h4cp)L#WalNaA}ar~BkE
PG6Z9TPh*Z80hfOQZd#^M

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_parselong_5/test_parselong.java b/regression/strings-smoke-tests/java_parselong_binary_1/Test.java
similarity index 76%
rename from regression/strings-smoke-tests/java_parselong_5/test_parselong.java
rename to regression/strings-smoke-tests/java_parselong_binary_1/Test.java
index ac30cc8af83..00b77873c3e 100644
--- a/regression/strings-smoke-tests/java_parselong_5/test_parselong.java
+++ b/regression/strings-smoke-tests/java_parselong_binary_1/Test.java
@@ -1,6 +1,6 @@
-public class test_parselong
+public class Test
 {
-    public static void main(String[] args)
+    public static void foo()
     {
         // -2^35
         String str = new String("-100000000000000000000000000000000000");
diff --git a/regression/strings-smoke-tests/java_parselong_3/test.desc b/regression/strings-smoke-tests/java_parselong_binary_1/test.desc
similarity index 66%
rename from regression/strings-smoke-tests/java_parselong_3/test.desc
rename to regression/strings-smoke-tests/java_parselong_binary_1/test.desc
index fa8ad9ccc48..d7a85429a93 100644
--- a/regression/strings-smoke-tests/java_parselong_3/test.desc
+++ b/regression/strings-smoke-tests/java_parselong_binary_1/test.desc
@@ -1,6 +1,6 @@
-THOROUGH
-test_parselong.class
---refine-strings
+CORE
+Test.class
+--refine-strings --function Test.foo
 ^EXIT=10$
 ^SIGNAL=0$
 ^\[.*assertion.1\].* line 8.* SUCCESS$
diff --git a/regression/strings-smoke-tests/java_parselong_decimal_1/Test.class b/regression/strings-smoke-tests/java_parselong_decimal_1/Test.class
new file mode 100644
index 0000000000000000000000000000000000000000..98489907514727a836ac1541da4410878245c40f
GIT binary patch
literal 828
zcmZuvO;giQ6g@9VlO|0`X=$yWh=P_XlwzgB&~b237gBUlh8ftsrm+TN!X&A`!-X6B
z2VAQ&){z<A`=4~YFJP<U=H;H7d(S=h<NMDqUja1GFp$NZhHGhDHy~l&zyfaQ$lzuQ
zU=#yrs2I>i)S`hZZfUs9P?+aY<b<&s_|XG5;$6?_F|Y#$wdMM5e2+n{EbcKVTS3oZ
zu-dNgJQ=*~I^nJeX2`b#n|pgabOk<jD)DnSB98X16U7_E@hk}Fjp9%w9P(GZ=5fDY
z>%^h!_bEU<;$f7Oe$0^V#N2+d!;ca+>WU%Vvb|G1Mkg4Aw)4mp)pb!|SrD4YVVWWL
zFFDcGSJv0>*6VAl&1Q2=#4Tx9Hc`Whi78kN<w?^0-{W`~h5@NnL;($T6RWuM7yZ-j
zp<~Ak#md=+#Kfj1r0u}(lh&li6Z^kO)VeiE+VW^M45gkExuMe=3!~x01NuRGIlvsP
zI7`cAxw2@5ESc6#lb|<Gs77D0{#11Y_MQw01$x!Q$uL8<c@lskN`!Qr8z;YpLUcgu
z7}9=T9zofzenx8Z1Jof3vop}%yhY|1`u+&Uw?DkYiC5H=lbR*aDN<#FF401o4phem
zA)%o}x(u3d8RrRESi%KdBwd#X(LMjbf`-dVk+QCg)in~`z;r(I3FZ)*@(zmp5$f4C
Q1x*T)xhaM*OF+WaUyl8qtpET3

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_parselong_1/test_parselong.java b/regression/strings-smoke-tests/java_parselong_decimal_1/Test.java
similarity index 74%
rename from regression/strings-smoke-tests/java_parselong_1/test_parselong.java
rename to regression/strings-smoke-tests/java_parselong_decimal_1/Test.java
index a328af58250..a46474b1ac4 100644
--- a/regression/strings-smoke-tests/java_parselong_1/test_parselong.java
+++ b/regression/strings-smoke-tests/java_parselong_decimal_1/Test.java
@@ -1,6 +1,6 @@
-public class test_parselong
+public class Test
 {
-    public static void main(String[] args)
+    public static void foo()
     {
         // 2^40
         String str = new String("1099511627776");
diff --git a/regression/strings-smoke-tests/java_parselong_1/test.desc b/regression/strings-smoke-tests/java_parselong_decimal_1/test.desc
similarity index 70%
rename from regression/strings-smoke-tests/java_parselong_1/test.desc
rename to regression/strings-smoke-tests/java_parselong_decimal_1/test.desc
index fa8ad9ccc48..baaacde7d66 100644
--- a/regression/strings-smoke-tests/java_parselong_1/test.desc
+++ b/regression/strings-smoke-tests/java_parselong_decimal_1/test.desc
@@ -1,6 +1,6 @@
 THOROUGH
-test_parselong.class
---refine-strings
+Test.class
+--refine-strings --function Test.foo
 ^EXIT=10$
 ^SIGNAL=0$
 ^\[.*assertion.1\].* line 8.* SUCCESS$
diff --git a/regression/strings-smoke-tests/java_parselong_decimal_2/Test.class b/regression/strings-smoke-tests/java_parselong_decimal_2/Test.class
new file mode 100644
index 0000000000000000000000000000000000000000..922b885b7b3405849f548cb171d8829a565fd3af
GIT binary patch
literal 832
zcmZuv%Wl(95IxuNBX*p3W5Tl(3VA@9)(wk_QWX`DpeZa;Rcd#RV}eVtE8F2i5F7FX
ztO1E2D#4zAqGhgI5}<f-@67njnKLu@$I;hs09t5iNMlaHwIr@<5HPRd25zcIp&}h0
z9}xynP}QJvR82!2w-nrFD9&49=me4Ld*K5&w7LVQ$H4X&<W<*mqcw&^wYI|`ZumWi
zA=`F6=jrfO*9o>cn4!@2ZELV&1upkbgJSf;4T+<@?S#=?;&|@+bcRvD6ZWmwR&!u^
z{bnZ$T(3_6`M?Uoxbzc-bSJXxms{3B%tl=?Bv<XhsUEH44+GnI<nrn&FR;J~b>xs|
z$o)&skZG7pD=UlUvU!I-lLH$H7IZYRs3U_cLwTBY|Mxr|27ym<MP5O{k`5EgfAK%-
z?mKqGP^zBoh>t8YC2jj&pTx#Zp4i5Jk{;Kn`Rp`nV?fJcFnUht22O9HjK&iU=?86Q
z4|BBSG_9BA%Dfk{5+Iq#(^(*|NjIZgs*k}wkRhN*ryK_vX2{l004TvAPsO=O@*9Xm
z2do`J*exW+5I5^N?F*#!kB~<w&dxx2`wpo?sJmlm-~Wh?rcqus5mz-Jku5``*O*5V
z6{>cRJg&kZWg5NZGR~8iM*|mdk(6B`kKXi8R1{nmOO$nGqOTPzCv+k88Ttr{_#R^7
V6XdgvavBMOzRt%nOOAl6zW`}>p+5is

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_parselong_3/test_parselong.java b/regression/strings-smoke-tests/java_parselong_decimal_2/Test.java
similarity index 75%
rename from regression/strings-smoke-tests/java_parselong_3/test_parselong.java
rename to regression/strings-smoke-tests/java_parselong_decimal_2/Test.java
index e05341bdb86..e5578284020 100644
--- a/regression/strings-smoke-tests/java_parselong_3/test_parselong.java
+++ b/regression/strings-smoke-tests/java_parselong_decimal_2/Test.java
@@ -1,6 +1,6 @@
-public class test_parselong
+public class Test
 {
-    public static void main(String[] args)
+    public static void foo()
     {
         // -2^41
         String str = new String("-2199023255552");
diff --git a/regression/strings-smoke-tests/java_parselong_5/test.desc b/regression/strings-smoke-tests/java_parselong_decimal_2/test.desc
similarity index 70%
rename from regression/strings-smoke-tests/java_parselong_5/test.desc
rename to regression/strings-smoke-tests/java_parselong_decimal_2/test.desc
index fa8ad9ccc48..baaacde7d66 100644
--- a/regression/strings-smoke-tests/java_parselong_5/test.desc
+++ b/regression/strings-smoke-tests/java_parselong_decimal_2/test.desc
@@ -1,6 +1,6 @@
 THOROUGH
-test_parselong.class
---refine-strings
+Test.class
+--refine-strings --function Test.foo
 ^EXIT=10$
 ^SIGNAL=0$
 ^\[.*assertion.1\].* line 8.* SUCCESS$
diff --git a/regression/strings-smoke-tests/java_parselong_hex_1/Test.class b/regression/strings-smoke-tests/java_parselong_hex_1/Test.class
new file mode 100644
index 0000000000000000000000000000000000000000..33ba81a040629e141776f69a38248f9fb51f07b5
GIT binary patch
literal 831
zcmZuv%Wl(95Ixti<JfT;CuvN0meN8VrA^vqN2ywcA_1XYq^i{JoY)O6#;$CK4?%3m
z53pbbNCZ&{_DFmSUjSmRTN0pb?wy%CbIzHW`}OCi&j6Zes>ong#*Gx_R0x<?aTB)`
zq*0bA;mx=2Y)(c+g~GF{Dr#7eahstqZ-${AM2_!;_ngq|y0*o@4j7Vaj^{+{42ep0
zk3nqtmd%iDJD$Bgc-FOpU7pO4Z~Hyd-7^D+`)5Hhdg6qH(cZPg=ni2V`aYdu6!3y0
z^SN1fO|M_?M1kY=DIs}m24PJ7kRj8F%-++-=5dThT`{EAdhVGXwc`(ho_*ip><TAX
z;(!`-<QVjS!3l1m(b(*^tgXYw^2#dDTa>Y+p^k=zDP$Q+lcLSv<JbxUpVW$+K*q9$
z6|DXRztcUkdl5sia=sxxv8f4Y+xPmUHSY1$HvUueph~@GCsi$%cEey;cIX7QHC9H`
zi3apQi#fn7?Knd#W_pSDLRJDK6FEBb<kjhBbW61n*jq9L6zELGL569vwbKL?VUVZb
z!npVaM1lj>Pay2)6C;R^YP$Xr(#AU^hbYWULw@-R=@TgXBdA~ghz=)F&YFl>4e;M6
zK_&hiWR#J@U1H=a3{s}jS1#cqc{wcN5-yXnE9B9a{(-WLt74HVu8s9IW95{cPk(?m
age<;>n0Sxm`9?X61VP*2<Cq~w!1Z6RtD!{z

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_parselong_2/test_parselong.java b/regression/strings-smoke-tests/java_parselong_hex_1/Test.java
similarity index 73%
rename from regression/strings-smoke-tests/java_parselong_2/test_parselong.java
rename to regression/strings-smoke-tests/java_parselong_hex_1/Test.java
index c2e3d60bd11..944597ee24c 100644
--- a/regression/strings-smoke-tests/java_parselong_2/test_parselong.java
+++ b/regression/strings-smoke-tests/java_parselong_hex_1/Test.java
@@ -1,6 +1,6 @@
-public class test_parselong
+public class Test
 {
-    public static void main(String[] args)
+    public static void foo()
     {
         String str = new String("+00AbCdEf0123");
         long parsed = Long.parseLong(str, 16);
diff --git a/regression/strings-smoke-tests/java_parselong_4/test.desc b/regression/strings-smoke-tests/java_parselong_hex_1/test.desc
similarity index 66%
rename from regression/strings-smoke-tests/java_parselong_4/test.desc
rename to regression/strings-smoke-tests/java_parselong_hex_1/test.desc
index 17db69e3979..f9ef9a9c0b6 100644
--- a/regression/strings-smoke-tests/java_parselong_4/test.desc
+++ b/regression/strings-smoke-tests/java_parselong_hex_1/test.desc
@@ -1,6 +1,6 @@
-THOROUGH
-test_parselong.class
---refine-strings
+CORE
+Test.class
+--refine-strings --function Test.foo
 ^EXIT=10$
 ^SIGNAL=0$
 ^\[.*assertion.1\].* line 7.* SUCCESS$
diff --git a/regression/strings-smoke-tests/java_parselong_octal_1/Test.class b/regression/strings-smoke-tests/java_parselong_octal_1/Test.class
new file mode 100644
index 0000000000000000000000000000000000000000..73fbc420bb0eb1386ccc9ff51728b20ff4ef2053
GIT binary patch
literal 834
zcmZuv%Wl(95Ir|`?AURdS7XAn6bgAjn?3?8C{<Al5^aD*s!Hwd#xcRg*p=<@4XhCx
z@&l{^i6AP$js>5D1Y)k+CP0yrduPTo=bV{4-+z7n0-%Yejtr(%TuR}xjs#|OT)|Zh
zX;hNHk8dyOr=qGu6InGKbzD<%ouN3x!_W>Q$M?c@C*&R1?lQ1l24&gtoM?qXs@Ap{
z<Tbx*Gh|ziXFuvc@7TeXNM<Ose2cr=JaB}66qKW<PDmK7Ejx^E6UGzYr!$NKQLx8f
z@P^C1UZWiaj@P3EWuFIOOufO7X-C|8_K@$#Xw(%$YT0s+^yqEBA6WK%N3d&xU`_xU
z$RW>=`xl%-w{G5OE-fz1AKxN%R>how2IdV+Aj?o5*WEpy$h{!&Nw6$9R4f=+#L{03
zk2`y|6)}{mCwme@n;3((e6L4x<2Da%^FKuoYSeyqT(#!X^DvlQJ9GlOJ5ojiiu&|{
z-ewom^voGr1C}d`UdWO_GLfgVKwg7xMt8D41batD0!2ENILI(bwsDw%5=`<moEjCs
zf=qD0$^jBP1!)L*vz|+RLUQ#zlmUuUlTcs3LHYpN&Jg<7Kca(iRIo}hs|i|2`s>7>
zhl&bPxI>IWg-ObE+U7D&lb6RV&fqL5J4YUE^-ok(oR>>fabcvd87rskLi!_&0aW=d
XWa$HxlZ^_PBofA|7{?Sj30(XQv3{dB

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_parselong_4/test_parselong.java b/regression/strings-smoke-tests/java_parselong_octal_1/Test.java
similarity index 74%
rename from regression/strings-smoke-tests/java_parselong_4/test_parselong.java
rename to regression/strings-smoke-tests/java_parselong_octal_1/Test.java
index 67eee61b85a..4dc8f7b712a 100644
--- a/regression/strings-smoke-tests/java_parselong_4/test_parselong.java
+++ b/regression/strings-smoke-tests/java_parselong_octal_1/Test.java
@@ -1,6 +1,6 @@
-public class test_parselong
+public class Test
 {
-    public static void main(String[] args)
+    public static void foo()
     {
         String str = new String("7654321076543210");
         long parsed = Long.parseLong(str, 8);
diff --git a/regression/strings-smoke-tests/java_parselong_2/test.desc b/regression/strings-smoke-tests/java_parselong_octal_1/test.desc
similarity index 66%
rename from regression/strings-smoke-tests/java_parselong_2/test.desc
rename to regression/strings-smoke-tests/java_parselong_octal_1/test.desc
index 17db69e3979..f9ef9a9c0b6 100644
--- a/regression/strings-smoke-tests/java_parselong_2/test.desc
+++ b/regression/strings-smoke-tests/java_parselong_octal_1/test.desc
@@ -1,6 +1,6 @@
-THOROUGH
-test_parselong.class
---refine-strings
+CORE
+Test.class
+--refine-strings --function Test.foo
 ^EXIT=10$
 ^SIGNAL=0$
 ^\[.*assertion.1\].* line 7.* SUCCESS$
diff --git a/src/solvers/refinement/string_constraint_generator_valueof.cpp b/src/solvers/refinement/string_constraint_generator_valueof.cpp
index 3110c454607..1801ec16c22 100644
--- a/src/solvers/refinement/string_constraint_generator_valueof.cpp
+++ b/src/solvers/refinement/string_constraint_generator_valueof.cpp
@@ -415,91 +415,97 @@ void string_constraint_generatort::add_axioms_for_correct_number_format(
 
 /// add axioms corresponding to the Integer.parseInt java function
 /// \param f: a function application with either one string expression or one
-///   string expression and an expression for the radix
+///   string expression and an integer expression for the radix
 /// \return an integer expression
 exprt string_constraint_generatort::add_axioms_for_parse_int(
   const function_application_exprt &f)
 {
   PRECONDITION(f.arguments().size()==1 || f.arguments().size()==2);
-  string_exprt str=get_string_expr(f.arguments()[0]);
+  const string_exprt str=get_string_expr(f.arguments()[0]);
+  const typet &type=f.type();
+  PRECONDITION(type.id()==ID_signedbv);
   const exprt radix=
     f.arguments().size()==1?
-      static_cast<exprt>(from_integer(10, f.type())):
-      static_cast<exprt>(typecast_exprt(f.arguments()[1], f.type()));
+      static_cast<exprt>(from_integer(10, type)):
+      static_cast<exprt>(typecast_exprt(f.arguments()[1], type));
 
-  const typet &type=f.type();
-  symbol_exprt i=fresh_symbol("parsed_int", type);
+  const symbol_exprt x=fresh_symbol("parsed_int", type);
   const refined_string_typet &ref_type=to_refined_string_type(str.type());
   const typet &char_type=ref_type.get_char_type();
-  exprt minus_char=constant_char('-', char_type);
-  exprt plus_char=constant_char('+', char_type);
-  PRECONDITION(type.id()==ID_signedbv);
+  const typet &index_type=ref_type.get_index_type();
+  const exprt minus_char=constant_char('-', char_type);
+  const exprt zero_expr=from_integer(0, type);
 
-  exprt chr=str[0];
-  exprt starts_with_minus=equal_exprt(chr, minus_char);
-  exprt starts_with_plus=equal_exprt(chr, plus_char);
-  exprt starts_with_digit=
-    not_exprt(or_exprt(starts_with_minus, starts_with_plus));
+  /// We experimented with making the max_string_length depend on the base, but
+  /// this did not make any difference to the speed of execution.
+  const std::size_t max_string_length=to_bitvector_type(type).get_width()+1;
 
   /// TODO: we should throw an exception when this does not hold:
-  const std::size_t max_string_length=40;
+  /// Note that the only thing stopping us from taking longer strings with many
+  /// leading zeros is the axioms for correct number format
   add_axioms_for_correct_number_format(str, radix, max_string_length);
 
-  /// TODO(OJones): size should depend on the radix
-  /// TODO(OJones): we should deal with overflow properly
-  for(std::size_t size=1; size<=max_string_length; size++)
-  {
-    exprt sum=from_integer(0, type);
-    exprt first_value=get_numeric_value_from_character(chr, char_type, type);
-    equal_exprt premise=str.axiom_for_has_length(size);
+  /// TODO(OJones): Fix the below algorithm to make it work for min_int. There
+  /// are two problems. (1) Because we build i as positive and then negate it if
+  /// the first character is '-', we hit overflow for min_int because
+  /// |min_int| > max_int. (2) radix^63 overflows. I think we'll have to
+  /// special-case it.
 
-    for(std::size_t j=1; j<size; j++)
-    {
-      mult_exprt radix_sum(sum, radix);
-      if(j>=max_string_length-1)
-      {
-        // We have to be careful about overflows
-        div_exprt div(sum, radix);
-        implies_exprt no_overflow(premise, (equal_exprt(div, sum)));
-        axioms.push_back(no_overflow);
-      }
+  axioms.push_back(binary_relation_exprt(x, ID_ge, zero_expr));
 
-      sum=plus_exprt_with_overflow_check(
-        radix_sum,
-        get_numeric_value_from_character(str[j], char_type, type));
+  exprt radix_to_power_of_i;
+  exprt no_overflow;
 
-      mult_exprt first(first_value, radix);
-      if(j>=max_string_length-1)
-      {
-        // We have to be careful about overflows
-        div_exprt div_first(first, radix);
-        implies_exprt no_overflow_first(
-          and_exprt(starts_with_digit, premise),
-          equal_exprt(div_first, first_value));
-        axioms.push_back(no_overflow_first);
-      }
-      first_value=first;
-    }
+  for(std::size_t i=0; i<max_string_length; ++i)
+  {
+    /// We are counting backwards from the end of the string, i.e. i refers
+    /// to str[j] where j=str.length()-i-1
+    const constant_exprt i_expr=from_integer(i, index_type);
+    const minus_exprt j(
+      minus_exprt(str.length(), i_expr), from_integer(1, index_type));
 
-    // If the length is `size`, we add axioms:
-    // a1 : starts_with_digit => i=sum+first_value
-    // a2 : starts_with_plus => i=sum
-    // a3 : starts_with_minus => i=-sum
+    if(i==0)
+    {
+      no_overflow=true_exprt();
+      radix_to_power_of_i=from_integer(1, type);
+    }
+    else
+    {
+      exprt radix_to_power_of_i_minus_one=radix_to_power_of_i;
+      /// Note that power_exprt is probably designed for floating point. Also,
+      /// it doesn't work when the exponent isn't a constant, hence why this
+      /// loop is indexed by i instead of j. It is faster than
+      /// mult_exprt(radix_to_power_of_i, radix).
+      radix_to_power_of_i=power_exprt(radix, i_expr);
+      /// The first time there is overflow we will have that
+      /// radix^i/radix != radix^(i-1)
+      /// However, that condition may hold in future, so we have to be sure to
+      /// propagate the first time this fails to all higher values of i
+      no_overflow=and_exprt(
+        equal_exprt(
+          div_exprt(radix_to_power_of_i, radix), radix_to_power_of_i_minus_one),
+        no_overflow);
+    }
 
-    implies_exprt a1(
-      and_exprt(premise, starts_with_digit),
-      equal_exprt(i, plus_exprt(sum, first_value)));
-    axioms.push_back(a1);
+    /// If we have already read all characters from the string then we use 0
+    /// instead of the value from str[j]
+    const binary_relation_exprt i_is_valid(i_expr, ID_lt, str.length());
+    const if_exprt digit_value(
+      i_is_valid,
+      get_numeric_value_from_character(str[j], char_type, type),
+      from_integer(0, type));
 
-    implies_exprt a2(and_exprt(premise, starts_with_plus), equal_exprt(i, sum));
-    axioms.push_back(a2);
+    /// when there is no overflow, str[j] = (x/radix^i)%radix
+    const equal_exprt contribution_of_str_j(
+      digit_value,
+      mod_exprt(div_exprt(x, radix_to_power_of_i), radix));
 
-    implies_exprt a3(
-      and_exprt(premise, starts_with_minus),
-      equal_exprt(i, unary_minus_exprt(sum)));
-    axioms.push_back(a3);
+    axioms.push_back(implies_exprt(no_overflow, contribution_of_str_j));
+    axioms.push_back(implies_exprt(
+      not_exprt(no_overflow), equal_exprt(digit_value, zero_expr)));
   }
-  return i;
+
+  return if_exprt(equal_exprt(str[0], minus_char), unary_minus_exprt(x), x);
 }
 
 /// Check if a character is a digit with respect to the given radix, e.g. if the
@@ -541,7 +547,7 @@ exprt is_digit_with_radix(exprt chr, exprt radix)
 }
 
 /// Get the numeric value of a character, assuming that the radix is large
-/// enough
+/// enough. '+' and '-' yield 0.
 /// \param chr: the character to get the numeric value of
 /// \param char_type: the type to use for characters
 /// \param type: the type to use for the return value
@@ -555,16 +561,25 @@ exprt get_numeric_value_from_character(
   constant_exprt A_char=from_integer('A', char_type);
   constant_exprt ten_int=from_integer(10, char_type);
 
-  binary_relation_exprt upper_case(chr, ID_ge, A_char);
+  /// There are four cases, which occur in ASCII in the following order:
+  /// '+' and '-', digits, upper case letters, lower case letters
   binary_relation_exprt lower_case(chr, ID_ge, a_char);
+  binary_relation_exprt upper_case_or_lower_case(chr, ID_ge, A_char);
+  binary_relation_exprt upper_case_lower_case_or_digit(chr, ID_ge, zero_char);
 
+  /// return char >= 'a' ? (char - 'a' + 10) :
+  ///   char >= 'A' ? (char - 'A' + 10) :
+  ///     char >= '0' ? (char - '0') : 0
   return typecast_exprt(
     if_exprt(
       lower_case,
       plus_exprt(minus_exprt(chr, a_char), ten_int),
       if_exprt(
-        upper_case,
+        upper_case_or_lower_case,
         plus_exprt(minus_exprt(chr, A_char), ten_int),
-        minus_exprt(chr, zero_char))),
+        if_exprt(
+          upper_case_lower_case_or_digit,
+          minus_exprt(chr, zero_char),
+          from_integer(0, char_type)))),
     type);
 }

From 448abb62a4905f43e7860d352799943d896fa505 Mon Sep 17 00:00:00 2001
From: Owen Jones <owen.jones@diffblue.com>
Date: Wed, 26 Jul 2017 14:04:22 +0100
Subject: [PATCH 466/699] Refactor helper functions

---
 .../string_constraint_generator_valueof.cpp   | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/src/solvers/refinement/string_constraint_generator_valueof.cpp b/src/solvers/refinement/string_constraint_generator_valueof.cpp
index 1801ec16c22..f192b47de43 100644
--- a/src/solvers/refinement/string_constraint_generator_valueof.cpp
+++ b/src/solvers/refinement/string_constraint_generator_valueof.cpp
@@ -365,7 +365,7 @@ string_exprt string_constraint_generatort::add_axioms_for_value_of(
 /// \param radix: the radix
 /// \param max_size: maximum number of characters
 void string_constraint_generatort::add_axioms_for_correct_number_format(
-  const string_exprt &str, const exprt &radix, std::size_t max_size)
+  const string_exprt &str, const exprt &radix_char_type, std::size_t max_size)
 {
   const refined_string_typet &ref_type=to_refined_string_type(str.type());
   const typet &char_type=ref_type.get_char_type();
@@ -378,7 +378,7 @@ void string_constraint_generatort::add_axioms_for_correct_number_format(
   exprt chr=str[0];
   equal_exprt starts_with_minus(chr, minus_char);
   equal_exprt starts_with_plus(chr, plus_char);
-  exprt starts_with_digit=is_digit_with_radix(chr, radix);
+  exprt starts_with_digit=is_digit_with_radix(chr, radix_char_type);
 
   // TODO: we should have implications in the other direction for correct
   // correct => |str| > 0
@@ -408,7 +408,7 @@ void string_constraint_generatort::add_axioms_for_correct_number_format(
     /// index < length && correct => is_digit(str[index])
     implies_exprt character_at_index_is_digit(
       binary_relation_exprt(index_expr, ID_lt, str.length()),
-      is_digit_with_radix(str[index], radix));
+      is_digit_with_radix(str[index], radix_char_type));
     axioms.push_back(character_at_index_is_digit);
   }
 }
@@ -443,7 +443,8 @@ exprt string_constraint_generatort::add_axioms_for_parse_int(
   /// TODO: we should throw an exception when this does not hold:
   /// Note that the only thing stopping us from taking longer strings with many
   /// leading zeros is the axioms for correct number format
-  add_axioms_for_correct_number_format(str, radix, max_string_length);
+  add_axioms_for_correct_number_format(
+    str, typecast_exprt(radix, char_type), max_string_length);
 
   /// TODO(OJones): Fix the below algorithm to make it work for min_int. There
   /// are two problems. (1) Because we build i as positive and then negate it if
@@ -513,21 +514,21 @@ exprt string_constraint_generatort::add_axioms_for_parse_int(
 /// \param chr: the character
 /// \param radix:  the radix
 /// \return an expression for the condition
-exprt is_digit_with_radix(exprt chr, exprt radix)
+exprt is_digit_with_radix(exprt chr, exprt radix_char_type)
 {
   const typet &char_type=chr.type();
   exprt zero_char=from_integer('0', char_type);
   exprt nine_char=from_integer('9', char_type);
   exprt a_char=from_integer('a', char_type);
   exprt A_char=from_integer('A', char_type);
+  constant_exprt ten_char_type=from_integer(10, char_type);
 
   and_exprt is_digit_when_radix_le_10(
     binary_relation_exprt(chr, ID_ge, zero_char),
     binary_relation_exprt(
-      chr, ID_lt, plus_exprt(zero_char, typecast_exprt(radix, char_type))));
+      chr, ID_lt, plus_exprt(zero_char, radix_char_type)));
 
-  minus_exprt radix_minus_ten(
-    typecast_exprt(radix, char_type), from_integer(10, char_type));
+  minus_exprt radix_minus_ten(radix_char_type, ten_char_type);
 
   or_exprt is_digit_when_radix_gt_10(
     and_exprt(
@@ -541,7 +542,7 @@ exprt is_digit_with_radix(exprt chr, exprt radix)
       binary_relation_exprt(chr, ID_lt, plus_exprt(A_char, radix_minus_ten))));
 
   return if_exprt(
-    binary_relation_exprt(radix, ID_le, from_integer(10, radix.type())),
+    binary_relation_exprt(radix_char_type, ID_le, ten_char_type),
     is_digit_when_radix_le_10,
     is_digit_when_radix_gt_10);
 }

From 7aaf76191b50184906147123512677e2694d3cb2 Mon Sep 17 00:00:00 2001
From: Owen Jones <owen.jones@diffblue.com>
Date: Wed, 26 Jul 2017 15:27:01 +0100
Subject: [PATCH 467/699] Refactor big for loop into a function

---
 .../refinement/string_constraint_generator.h  |  10 +-
 .../string_constraint_generator_valueof.cpp   | 101 +++++++++++-------
 2 files changed, 73 insertions(+), 38 deletions(-)

diff --git a/src/solvers/refinement/string_constraint_generator.h b/src/solvers/refinement/string_constraint_generator.h
index a4c5c543d1d..659091b7aa6 100644
--- a/src/solvers/refinement/string_constraint_generator.h
+++ b/src/solvers/refinement/string_constraint_generator.h
@@ -293,9 +293,17 @@ class string_constraint_generatort
   exprt add_axioms_for_offset_by_code_point(
     const function_application_exprt &f);
 
-  exprt add_axioms_for_parse_int(const function_application_exprt &f);
+  exprt add_axioms_for_characters_in_integer_string(
+    const symbol_exprt& x,
+    const typet& type,
+    const typet& char_type,
+    const typet& index_type,
+    const string_exprt& str,
+    const std::size_t max_string_length,
+    const exprt& radix);
   void add_axioms_for_correct_number_format(
     const string_exprt &str, const exprt &radix, std::size_t max_size);
+  exprt add_axioms_for_parse_int(const function_application_exprt &f);
   exprt add_axioms_for_to_char_array(const function_application_exprt &f);
   exprt add_axioms_for_compare_to(const function_application_exprt &f);
 
diff --git a/src/solvers/refinement/string_constraint_generator_valueof.cpp b/src/solvers/refinement/string_constraint_generator_valueof.cpp
index f192b47de43..f3338d36f4b 100644
--- a/src/solvers/refinement/string_constraint_generator_valueof.cpp
+++ b/src/solvers/refinement/string_constraint_generator_valueof.cpp
@@ -413,47 +413,35 @@ void string_constraint_generatort::add_axioms_for_correct_number_format(
   }
 }
 
-/// add axioms corresponding to the Integer.parseInt java function
-/// \param f: a function application with either one string expression or one
-///   string expression and an integer expression for the radix
-/// \return an integer expression
-exprt string_constraint_generatort::add_axioms_for_parse_int(
-  const function_application_exprt &f)
+/// Add axioms connecting the characters in the input string to the value of the
+/// output integer
+/// \param x: symbol for abs(integer represented by str)
+/// \param type: the type for x
+/// \param char_type: the type to use for characters
+/// \param index_type: the type to use for indexes
+/// \param str: input string
+/// \param max_string_length: the maximum length str can have
+/// \param radix: the radix, with the same type as x
+/// \return an expression for the integer represented by the string
+exprt string_constraint_generatort::add_axioms_for_characters_in_integer_string(
+  const symbol_exprt& x,
+  const typet& type,
+  const typet& char_type,
+  const typet& index_type,
+  const string_exprt& str,
+  const std::size_t max_string_length,
+  const exprt& radix)
 {
-  PRECONDITION(f.arguments().size()==1 || f.arguments().size()==2);
-  const string_exprt str=get_string_expr(f.arguments()[0]);
-  const typet &type=f.type();
-  PRECONDITION(type.id()==ID_signedbv);
-  const exprt radix=
-    f.arguments().size()==1?
-      static_cast<exprt>(from_integer(10, type)):
-      static_cast<exprt>(typecast_exprt(f.arguments()[1], type));
-
-  const symbol_exprt x=fresh_symbol("parsed_int", type);
-  const refined_string_typet &ref_type=to_refined_string_type(str.type());
-  const typet &char_type=ref_type.get_char_type();
-  const typet &index_type=ref_type.get_index_type();
-  const exprt minus_char=constant_char('-', char_type);
-  const exprt zero_expr=from_integer(0, type);
-
-  /// We experimented with making the max_string_length depend on the base, but
-  /// this did not make any difference to the speed of execution.
-  const std::size_t max_string_length=to_bitvector_type(type).get_width()+1;
-
-  /// TODO: we should throw an exception when this does not hold:
-  /// Note that the only thing stopping us from taking longer strings with many
-  /// leading zeros is the axioms for correct number format
-  add_axioms_for_correct_number_format(
-    str, typecast_exprt(radix, char_type), max_string_length);
-
   /// TODO(OJones): Fix the below algorithm to make it work for min_int. There
   /// are two problems. (1) Because we build i as positive and then negate it if
   /// the first character is '-', we hit overflow for min_int because
   /// |min_int| > max_int. (2) radix^63 overflows. I think we'll have to
   /// special-case it.
 
+  const exprt zero_expr=from_integer(0, type);
   axioms.push_back(binary_relation_exprt(x, ID_ge, zero_expr));
 
+  const exprt one_index_type=from_integer(1, index_type);
   exprt radix_to_power_of_i;
   exprt no_overflow;
 
@@ -462,8 +450,7 @@ exprt string_constraint_generatort::add_axioms_for_parse_int(
     /// We are counting backwards from the end of the string, i.e. i refers
     /// to str[j] where j=str.length()-i-1
     const constant_exprt i_expr=from_integer(i, index_type);
-    const minus_exprt j(
-      minus_exprt(str.length(), i_expr), from_integer(1, index_type));
+    const minus_exprt j(minus_exprt(str.length(), i_expr), one_index_type);
 
     if(i==0)
     {
@@ -472,7 +459,7 @@ exprt string_constraint_generatort::add_axioms_for_parse_int(
     }
     else
     {
-      exprt radix_to_power_of_i_minus_one=radix_to_power_of_i;
+      const exprt radix_to_power_of_i_minus_one=radix_to_power_of_i;
       /// Note that power_exprt is probably designed for floating point. Also,
       /// it doesn't work when the exponent isn't a constant, hence why this
       /// loop is indexed by i instead of j. It is faster than
@@ -494,7 +481,7 @@ exprt string_constraint_generatort::add_axioms_for_parse_int(
     const if_exprt digit_value(
       i_is_valid,
       get_numeric_value_from_character(str[j], char_type, type),
-      from_integer(0, type));
+      zero_expr);
 
     /// when there is no overflow, str[j] = (x/radix^i)%radix
     const equal_exprt contribution_of_str_j(
@@ -506,7 +493,47 @@ exprt string_constraint_generatort::add_axioms_for_parse_int(
       not_exprt(no_overflow), equal_exprt(digit_value, zero_expr)));
   }
 
-  return if_exprt(equal_exprt(str[0], minus_char), unary_minus_exprt(x), x);
+  return if_exprt(
+    equal_exprt(str[0], constant_char('-', char_type)),
+    unary_minus_exprt(x),
+    x);
+}
+
+/// add axioms corresponding to the Integer.parseInt java function
+/// \param f: a function application with either one string expression or one
+///   string expression and an integer expression for the radix
+/// \return an integer expression
+exprt string_constraint_generatort::add_axioms_for_parse_int(
+  const function_application_exprt &f)
+{
+  PRECONDITION(f.arguments().size()==1 || f.arguments().size()==2);
+  const string_exprt str=get_string_expr(f.arguments()[0]);
+  const typet &type=f.type();
+  PRECONDITION(type.id()==ID_signedbv);
+  const exprt radix=
+    f.arguments().size()==1?
+      static_cast<exprt>(from_integer(10, type)):
+      static_cast<exprt>(typecast_exprt(f.arguments()[1], type));
+
+  const symbol_exprt x=fresh_symbol("abs_parsed_int", type);
+  const refined_string_typet &ref_type=to_refined_string_type(str.type());
+  const typet &char_type=ref_type.get_char_type();
+  const typet &index_type=ref_type.get_index_type();
+
+  /// We experimented with making the max_string_length depend on the base, but
+  /// this did not make any difference to the speed of execution.
+  const std::size_t max_string_length=to_bitvector_type(type).get_width()+1;
+
+  /// TODO: we should throw an exception when this does not hold:
+  /// Note that the only thing stopping us from taking longer strings with many
+  /// leading zeros is the axioms for correct number format
+  add_axioms_for_correct_number_format(
+    str, typecast_exprt(radix, char_type), max_string_length);
+
+  exprt parsed_int_expr=add_axioms_for_characters_in_integer_string(
+    x, type, char_type, index_type, str, max_string_length, radix);
+
+  return parsed_int_expr;
 }
 
 /// Check if a character is a digit with respect to the given radix, e.g. if the

From 4cfbfb5556a355737035533e437481c275ca83a8 Mon Sep 17 00:00:00 2001
From: Owen Jones <owen.jones@diffblue.com>
Date: Thu, 27 Jul 2017 11:40:54 +0100
Subject: [PATCH 468/699] Updated two unit tests

---
 .../get_numeric_value_from_character.cpp      | 108 +++++++++++++++---
 .../is_digit_with_radix.cpp                   |  47 +++-----
 2 files changed, 103 insertions(+), 52 deletions(-)

diff --git a/unit/solvers/refinement/string_constraint_generator_valueof/get_numeric_value_from_character.cpp b/unit/solvers/refinement/string_constraint_generator_valueof/get_numeric_value_from_character.cpp
index d562cb1c5ac..296c8780523 100644
--- a/unit/solvers/refinement/string_constraint_generator_valueof/get_numeric_value_from_character.cpp
+++ b/unit/solvers/refinement/string_constraint_generator_valueof/get_numeric_value_from_character.cpp
@@ -15,27 +15,97 @@
 #include <util/simplify_expr.h>
 #include <util/std_types.h>
 
+
+
 SCENARIO("get_numeric_value_from_character",
   "[core][solvers][refinement][string_constraint_generator_valueof]")
 {
-  typet char_type=unsignedbv_typet(16);
-  typet int_type=signedbv_typet(32);
+  const typet char_type_1=unsignedbv_typet(8);
+  const typet char_type_2=unsignedbv_typet(16);
+  const typet char_type_3=unsignedbv_typet(32);
+  const typet int_type_1=signedbv_typet(8);
+  const typet int_type_2=signedbv_typet(16);
+  const typet int_type_3=signedbv_typet(32);
+  const typet int_type_4=signedbv_typet(64);
   symbol_tablet symtab;
-  namespacet ns(symtab);
-
-  REQUIRE(from_integer(0, int_type)==simplify_expr(
-    get_numeric_value_from_character(
-      from_integer('0', char_type), char_type, int_type), ns));
-  REQUIRE(from_integer(9, int_type)==simplify_expr(
-    get_numeric_value_from_character(
-      from_integer('9', char_type),
-      char_type, int_type), ns));
-  REQUIRE(from_integer(10, int_type)==simplify_expr(
-    get_numeric_value_from_character(
-      from_integer('A', char_type),
-      char_type, int_type), ns));
-  REQUIRE(from_integer(35, int_type)==simplify_expr(
-    get_numeric_value_from_character(
-      from_integer('z', char_type),
-      char_type, int_type), ns));
+  const namespacet ns(symtab);
+
+  WHEN("0")
+  {
+    mp_integer character='0';
+    mp_integer expected_value=0;
+    const typet& char_type=char_type_1;
+    const typet& int_type=int_type_1;
+    constant_exprt expected_value_exprt=from_integer(expected_value, int_type);
+    exprt actual_value_exprt=simplify_expr(
+      get_numeric_value_from_character(
+        from_integer(character, char_type), char_type, int_type),
+      ns);
+    REQUIRE(expected_value_exprt==actual_value_exprt);
+  }
+  WHEN("9")
+  {
+    mp_integer character='9';
+    mp_integer expected_value=9;
+    const typet& char_type=char_type_2;
+    const typet& int_type=int_type_2;
+    constant_exprt expected_value_exprt=from_integer(expected_value, int_type);
+    exprt actual_value_exprt=simplify_expr(
+      get_numeric_value_from_character(
+        from_integer(character, char_type), char_type, int_type),
+      ns);
+    REQUIRE(expected_value_exprt==actual_value_exprt);
+  }
+  WHEN("A")
+  {
+    mp_integer character='A';
+    mp_integer expected_value=10;
+    const typet& char_type=char_type_3;
+    const typet& int_type=int_type_3;
+    constant_exprt expected_value_exprt=from_integer(expected_value, int_type);
+    exprt actual_value_exprt=simplify_expr(
+      get_numeric_value_from_character(
+        from_integer(character, char_type), char_type, int_type),
+      ns);
+    REQUIRE(expected_value_exprt==actual_value_exprt);
+  }
+  WHEN("z")
+  {
+    mp_integer character='z';
+    mp_integer expected_value=35;
+    const typet& char_type=char_type_1;
+    const typet& int_type=int_type_4;
+    constant_exprt expected_value_exprt=from_integer(expected_value, int_type);
+    exprt actual_value_exprt=simplify_expr(
+      get_numeric_value_from_character(
+        from_integer(character, char_type), char_type, int_type),
+      ns);
+    REQUIRE(expected_value_exprt==actual_value_exprt);
+  }
+  WHEN("+")
+  {
+    mp_integer character='+';
+    mp_integer expected_value=0;
+    const typet& char_type=char_type_2;
+    const typet& int_type=int_type_1;
+    constant_exprt expected_value_exprt=from_integer(expected_value, int_type);
+    exprt actual_value_exprt=simplify_expr(
+      get_numeric_value_from_character(
+        from_integer(character, char_type), char_type, int_type),
+      ns);
+    REQUIRE(expected_value_exprt==actual_value_exprt);
+  }
+  WHEN("-")
+  {
+    mp_integer character='-';
+    mp_integer expected_value=0;
+    const typet& char_type=char_type_3;
+    const typet& int_type=int_type_2;
+    constant_exprt expected_value_exprt=from_integer(expected_value, int_type);
+    exprt actual_value_exprt=simplify_expr(
+      get_numeric_value_from_character(
+        from_integer(character, char_type), char_type, int_type),
+      ns);
+    REQUIRE(expected_value_exprt==actual_value_exprt);
+  }
 }
diff --git a/unit/solvers/refinement/string_constraint_generator_valueof/is_digit_with_radix.cpp b/unit/solvers/refinement/string_constraint_generator_valueof/is_digit_with_radix.cpp
index 85a14ff3859..31ca819a600 100644
--- a/unit/solvers/refinement/string_constraint_generator_valueof/is_digit_with_radix.cpp
+++ b/unit/solvers/refinement/string_constraint_generator_valueof/is_digit_with_radix.cpp
@@ -18,57 +18,38 @@
 SCENARIO("is_digit_with_radix",
   "[core][solvers][refinement][string_constraint_generator_valueof]")
 {
-  typet char_type=unsignedbv_typet(16);
-  typet int_type=signedbv_typet(32);
+  const typet char_type=unsignedbv_typet(16);
   symbol_tablet symtab;
-  namespacet ns(symtab);
+  const namespacet ns(symtab);
 
   WHEN("Radix 10")
   {
-    int radix=10;
+    const constant_exprt radix_expr=from_integer(10, char_type);
     REQUIRE(true_exprt()==simplify_expr(
-      is_digit_with_radix(
-        from_integer('0', char_type),
-        from_integer(radix, int_type)), ns));
+      is_digit_with_radix(from_integer('0', char_type), radix_expr), ns));
     REQUIRE(true_exprt()==simplify_expr(
-      is_digit_with_radix(
-        from_integer('9', char_type),
-        from_integer(radix, int_type)), ns));
+      is_digit_with_radix(from_integer('9', char_type), radix_expr), ns));
     REQUIRE(false_exprt()==simplify_expr(
-      is_digit_with_radix(
-        from_integer('a', char_type),
-        from_integer(radix, int_type)), ns));
+      is_digit_with_radix(from_integer('a', char_type), radix_expr), ns));
   }
   WHEN("Radix 8")
   {
-    int radix=8;
+    const constant_exprt radix_expr=from_integer(8, char_type);
     REQUIRE(true_exprt()==simplify_expr(
-      is_digit_with_radix(
-        from_integer('7', char_type),
-        from_integer(radix, int_type)), ns));
+      is_digit_with_radix(from_integer('7', char_type), radix_expr), ns));
     REQUIRE(false_exprt()==simplify_expr(
-      is_digit_with_radix(
-        from_integer('8', char_type),
-        from_integer(radix, int_type)), ns));
+      is_digit_with_radix(from_integer('8', char_type), radix_expr), ns));
   }
   WHEN("Radix 16")
   {
-    int radix=16;
+    const constant_exprt radix_expr=from_integer(16, char_type);
     REQUIRE(true_exprt()==simplify_expr(
-      is_digit_with_radix(
-        from_integer('a', char_type),
-        from_integer(radix, int_type)), ns));
+      is_digit_with_radix(from_integer('a', char_type), radix_expr), ns));
     REQUIRE(true_exprt()==simplify_expr(
-      is_digit_with_radix(
-        from_integer('A', char_type),
-        from_integer(radix, int_type)), ns));
+      is_digit_with_radix(from_integer('A', char_type), radix_expr), ns));
     REQUIRE(true_exprt()==simplify_expr(
-      is_digit_with_radix(
-        from_integer('f', char_type),
-        from_integer(radix, int_type)), ns));
+      is_digit_with_radix(from_integer('f', char_type), radix_expr), ns));
     REQUIRE(false_exprt()==simplify_expr(
-      is_digit_with_radix(
-        from_integer('g', char_type),
-        from_integer(radix, int_type)), ns));
+      is_digit_with_radix(from_integer('g', char_type), radix_expr), ns));
   }
 }

From 760e6bd8ea77967fc29692523a1fdde1215e9b99 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Tue, 16 May 2017 14:10:20 +0100
Subject: [PATCH 469/699] Adding intermediary function for empty strings

---
 src/solvers/refinement/string_constraint_generator.h     | 1 +
 .../refinement/string_constraint_generator_constants.cpp | 9 +++++++++
 2 files changed, 10 insertions(+)

diff --git a/src/solvers/refinement/string_constraint_generator.h b/src/solvers/refinement/string_constraint_generator.h
index 659091b7aa6..8942b34499f 100644
--- a/src/solvers/refinement/string_constraint_generator.h
+++ b/src/solvers/refinement/string_constraint_generator.h
@@ -335,6 +335,7 @@ class string_constraint_generatort
   exprt character_equals_ignore_case(
     exprt char1, exprt char2, exprt char_a, exprt char_A, exprt char_Z);
   bool is_constant_string(const string_exprt &expr) const;
+  string_exprt empty_string(const refined_string_typet &ref_type);
 };
 
 exprt is_digit_with_radix(exprt chr, exprt radix);
diff --git a/src/solvers/refinement/string_constraint_generator_constants.cpp b/src/solvers/refinement/string_constraint_generator_constants.cpp
index 1351a8839d4..6a68c82acfe 100644
--- a/src/solvers/refinement/string_constraint_generator_constants.cpp
+++ b/src/solvers/refinement/string_constraint_generator_constants.cpp
@@ -57,6 +57,15 @@ string_exprt string_constraint_generatort::add_axioms_for_empty_string(
   PRECONDITION(f.arguments().empty());
   PRECONDITION(refined_string_typet::is_refined_string_type(f.type()));
   const refined_string_typet &ref_type=to_refined_string_type(f.type());
+  return empty_string(ref_type);
+}
+
+/// Generate a string expression representing the empty string
+/// \param ref_type: a refined string type
+/// \return a string expression
+string_exprt string_constraint_generatort::empty_string(
+  const refined_string_typet &ref_type)
+{
   exprt size=from_integer(0, ref_type.get_index_type());
   const array_typet &content_type=ref_type.get_content_type();
   array_of_exprt empty_array(

From b4b0a6e022ec49be5004b8f1b72a8b92fc3c2b84 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Wed, 24 May 2017 11:33:10 +0100
Subject: [PATCH 470/699] Intermediary function for conversion to uppercase

---
 src/solvers/refinement/string_constraint_generator.h |  2 ++
 .../string_constraint_generator_transformation.cpp   | 12 ++++++++++--
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/src/solvers/refinement/string_constraint_generator.h b/src/solvers/refinement/string_constraint_generator.h
index 8942b34499f..e1523c58c71 100644
--- a/src/solvers/refinement/string_constraint_generator.h
+++ b/src/solvers/refinement/string_constraint_generator.h
@@ -267,6 +267,8 @@ class string_constraint_generatort
     const function_application_exprt &expr);
   string_exprt add_axioms_for_to_upper_case(
     const function_application_exprt &expr);
+  string_exprt add_axioms_for_to_upper_case(
+    const string_exprt &expr);
   string_exprt add_axioms_for_trim(const function_application_exprt &expr);
 
   // Add axioms corresponding to the String.valueOf([CII) function
diff --git a/src/solvers/refinement/string_constraint_generator_transformation.cpp b/src/solvers/refinement/string_constraint_generator_transformation.cpp
index abbd6d34794..094cf5a0ac8 100644
--- a/src/solvers/refinement/string_constraint_generator_transformation.cpp
+++ b/src/solvers/refinement/string_constraint_generator_transformation.cpp
@@ -277,9 +277,8 @@ string_exprt string_constraint_generatort::add_axioms_for_to_lower_case(
 /// \par parameters: function application with one string argument
 /// \return a new string expression
 string_exprt string_constraint_generatort::add_axioms_for_to_upper_case(
-  const function_application_exprt &expr)
+  const string_exprt &str)
 {
-  string_exprt str=get_string_expr(args(expr, 1)[0]);
   const refined_string_typet &ref_type=to_refined_string_type(str.type());
   const typet &char_type=ref_type.get_char_type();
   const typet &index_type=ref_type.get_index_type();
@@ -323,6 +322,15 @@ string_exprt string_constraint_generatort::add_axioms_for_to_upper_case(
   return res;
 }
 
+/// add axioms corresponding to the String.toUpperCase java function
+/// \param expr: function application with one string argument
+/// \return a new string expression
+string_exprt string_constraint_generatort::add_axioms_for_to_upper_case(
+  const function_application_exprt &expr)
+{
+  string_exprt str=get_string_expr(args(expr, 1)[0]);
+  return add_axioms_for_to_upper_case(str);
+}
 
 /// add axioms corresponding stating that the result is similar to that of the
 /// StringBuilder.setCharAt java function Warning: this may be underspecified in

From f8d54e3579cf0314f067c06b2eb57cd37d8eadff Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Mon, 15 May 2017 14:07:54 +0100
Subject: [PATCH 471/699] New file for String.format function

This adds a file with functions to add constraints corresponding to
the String.format java function
---
 .../string_constraint_generator_format.cpp    | 453 ++++++++++++++++++
 1 file changed, 453 insertions(+)
 create mode 100644 src/solvers/refinement/string_constraint_generator_format.cpp

diff --git a/src/solvers/refinement/string_constraint_generator_format.cpp b/src/solvers/refinement/string_constraint_generator_format.cpp
new file mode 100644
index 00000000000..639509e2749
--- /dev/null
+++ b/src/solvers/refinement/string_constraint_generator_format.cpp
@@ -0,0 +1,453 @@
+/*******************************************************************\
+
+Module: Generates string constraints for the Java format function
+
+Author: Romain Brenguier
+
+Date:   May 2017
+
+\*******************************************************************/
+
+/// \file
+/// Generates string constraints for the Java format function
+
+#include <iomanip>
+#include <string>
+#include <regex>
+#include <vector>
+
+#include <util/std_expr.h>
+
+#include "string_constraint_generator.h"
+
+// Format specifier describes how a value should be printed.
+class string_constraint_generatort::format_specifiert
+{
+public:
+  // Constants describing the meaning of characters in format specifiers.
+  static const char DECIMAL_INTEGER          ='d';
+  static const char OCTAL_INTEGER            ='o';
+  static const char HEXADECIMAL_INTEGER      ='x';
+  static const char HEXADECIMAL_INTEGER_UPPER='X';
+  static const char SCIENTIFIC               ='e';
+  static const char SCIENTIFIC_UPPER         ='E';
+  static const char GENERAL                  ='g';
+  static const char GENERAL_UPPER            ='G';
+  static const char DECIMAL_FLOAT            ='f';
+  static const char HEXADECIMAL_FLOAT        ='a';
+  static const char HEXADECIMAL_FLOAT_UPPER  ='A';
+  static const char CHARACTER                ='c';
+  static const char CHARACTER_UPPER          ='C';
+  static const char DATE_TIME                ='t';
+  static const char DATE_TIME_UPPER          ='T';
+  static const char BOOLEAN                  ='b';
+  static const char BOOLEAN_UPPER            ='B';
+  static const char STRING                   ='s';
+  static const char STRING_UPPER             ='S';
+  static const char HASHCODE                 ='h';
+  static const char HASHCODE_UPPER           ='H';
+  static const char LINE_SEPARATOR           ='n';
+  static const char PERCENT_SIGN             ='%';
+
+  int index=-1;
+  std::string flag;
+  int width;
+  int precision;
+  bool dt=false;
+  char conversion;
+
+  format_specifiert() { }
+
+  format_specifiert(
+    int _index,
+    std::string _flag,
+    int _width,
+    int _precision,
+    bool _dt,
+    char c):
+      index(_index),
+      flag(_flag),
+      width(_width),
+      precision(_precision),
+      dt(_dt),
+      conversion(c)
+  { }
+};
+
+// Format text represent a constant part of a format string.
+class format_textt
+{
+public:
+  explicit format_textt(std::string _content): content(_content) { }
+
+  explicit format_textt(const format_textt &fs): content(fs.content) { }
+
+  std::string get_content() const
+  {
+    return content;
+  }
+
+private:
+  std::string content;
+};
+
+// A format element is either a specifier or text.
+class format_elementt
+{
+public:
+  typedef enum {SPECIFIER, TEXT} format_typet;
+
+  explicit format_elementt(format_typet _type): type(_type), fstring("")
+  {
+  }
+
+  explicit format_elementt(std::string s): type(TEXT), fstring(s)
+  {
+  }
+
+  explicit format_elementt(string_constraint_generatort::format_specifiert fs):
+    type(SPECIFIER), fstring("")
+  {
+    fspec[0]=fs;
+  }
+
+  bool is_format_specifier() const
+  {
+    return type==SPECIFIER;
+  }
+
+  bool is_format_text() const
+  {
+    return type==TEXT;
+  }
+
+  string_constraint_generatort::format_specifiert get_format_specifier() const
+  {
+    PRECONDITION(is_format_specifier());
+    return fspec[0];
+  }
+
+  format_textt &get_format_text()
+  {
+    PRECONDITION(is_format_text());
+    return fstring;
+  }
+
+  const format_textt &get_format_text() const
+  {
+    PRECONDITION(is_format_text());
+    return fstring;
+  }
+
+  ~format_elementt() {}
+
+private:
+  format_typet type;
+  format_textt fstring;
+  string_constraint_generatort::format_specifiert fspec[1];
+};
+
+#if 0
+/// Used to check first argument of `String.format` is correct.
+///
+/// TODO: This is not used for now but an exception should be thrown when the
+///   format string is not correct
+/// \param s: a string
+/// \return True if the argument is a correct format string. Any '%' found
+///   between format specifier means the string is invalid.
+static bool check_format_string(std::string s)
+{
+  std::string format_specifier=
+      "%(\\d+\\$)?([-#+ 0,(\\<]*)?(\\d+)?(\\.\\d+)?([tT])?([a-zA-Z%])";
+  std::regex regex(format_specifier);
+  std::smatch match;
+
+  while(std::regex_search(s, match, regex))
+  {
+    if(match.position()!= 0)
+      for(const auto &c : match.str())
+        if(c=='%')
+          return false;
+    s=match.suffix();
+  }
+
+  for(const auto &c : s)
+    if(c=='%')
+      return false;
+
+  return true;
+}
+#endif
+
+/// Helper function for parsing format strings.
+/// This follows the implementation in openJDK of the java.util.Formatter class:
+/// http://hg.openjdk.java.net/jdk7/jdk7/jdk/file/9b8c96f96a0f/src/share/classes/java/util/Formatter.java#l2660
+/// \param m: a match in a regular expression
+/// \return Format specifier represented by the matched string. The groups in
+///   the match should represent: index, flag, width, precision, date and
+///   conversion type.
+static string_constraint_generatort::format_specifiert
+  format_specifier_of_match(std::smatch &m)
+{
+  string_constraint_generatort::format_specifiert f;
+
+  if(!m[1].str().empty())
+    f.index=std::stoi(m[1].str());
+
+  if(!m[2].str().empty())
+    f.flag=m[2].str();
+
+  if(!m[3].str().empty())
+    f.width=std::stoi(m[3].str());
+
+  if(!m[4].str().empty())
+    f.precision=std::stoi(m[4].str());
+
+  std::string tT=m[5].str();
+  f.dt=(tT!="");
+  if(tT=="T")
+    f.flag.push_back(
+      string_constraint_generatort::format_specifiert::DATE_TIME_UPPER);
+
+  if(m[6].str().length()!=1)
+    throw "invalid format specifier:"+m.str();
+
+  f.conversion=m[6].str()[0];
+  return f;
+}
+
+/// Parse the given string into format specifiers and text.
+/// This follows the implementation in openJDK of the java.util.Formatter class:
+/// http://hg.openjdk.java.net/jdk7/jdk7/jdk/file/9b8c96f96a0f/src/share/classes/java/util/Formatter.java#l2513
+/// \param s: a string
+/// \return A vector of format_elementt.
+static std::vector<format_elementt> parse_format_string(std::string s)
+{
+  std::string format_specifier=
+    "%(\\d+\\$)?([-#+ 0,(\\<]*)?(\\d+)?(\\.\\d+)?([tT])?([a-zA-Z%])";
+  std::regex regex(format_specifier);
+  std::vector<format_elementt> al;
+  std::smatch match;
+
+  while(std::regex_search(s, match, regex))
+  {
+    if(match.position()!= 0)
+    {
+      std::string pre_match=s.substr(0, match.position());
+      al.emplace_back(pre_match);
+    }
+
+    al.emplace_back(format_specifier_of_match(match));
+    s=match.suffix();
+  }
+
+  al.emplace_back(s);
+  return al;
+}
+
+/// Helper for add_axioms_for_format_specifier
+/// \param expr: a structured expression
+/// \param component_name: name of the desired component
+/// \return Expression in the component of `expr` named `component_name`.
+static exprt get_component_in_struct(
+  const struct_exprt &expr, irep_idt component_name)
+{
+  const struct_typet &type=to_struct_type(expr.type());
+  std::size_t number=type.component_number(component_name);
+  return expr.operands()[number];
+}
+
+/// Parse `s` and add axioms ensuring the output corresponds to the output of
+/// String.format. Assumes the argument is a structured expression which
+/// contains the fields: string expr, int, float, char, boolean, hashcode,
+/// date_time. The correct component will be fetched depending on the format
+/// specifier.
+/// \param fs: a format specifier
+/// \param arg: a struct containing the possible value of the argument to format
+/// \param ref_type: a type  for refined string type
+/// \return String expression representing the output of String.format.
+string_exprt string_constraint_generatort::add_axioms_for_format_specifier(
+  const format_specifiert &fs,
+  const struct_exprt &arg,
+  const refined_string_typet &ref_type)
+{
+  switch(fs.conversion)
+  {
+  case format_specifiert::DECIMAL_INTEGER:
+    return add_axioms_from_int(
+      get_component_in_struct(arg, ID_int), MAX_INTEGER_LENGTH, ref_type);
+  case format_specifiert::HEXADECIMAL_INTEGER:
+    return add_axioms_from_int_hex(
+      get_component_in_struct(arg, ID_int), ref_type);
+  case format_specifiert::SCIENTIFIC:
+    return add_axioms_from_float_scientific_notation(
+      get_component_in_struct(arg, ID_float), ref_type);
+  case format_specifiert::DECIMAL_FLOAT:
+    return add_axioms_for_string_of_float(
+      get_component_in_struct(arg, ID_float), ref_type);
+  case format_specifiert::CHARACTER:
+    return add_axioms_from_char(
+      get_component_in_struct(arg, ID_char), ref_type);
+  case format_specifiert::BOOLEAN:
+    return add_axioms_from_bool(
+      get_component_in_struct(arg, ID_boolean), ref_type);
+  case format_specifiert::STRING:
+    return get_string_expr(get_component_in_struct(arg, "string_expr"));
+  case format_specifiert::HASHCODE:
+    return add_axioms_from_int(
+      get_component_in_struct(arg, "hashcode"), MAX_INTEGER_LENGTH, ref_type);
+  case format_specifiert::LINE_SEPARATOR:
+    // TODO: the constant should depend on the system: System.lineSeparator()
+    return add_axioms_for_constant("\n", ref_type);
+  case format_specifiert::PERCENT_SIGN:
+    return add_axioms_for_constant("%", ref_type);
+  case format_specifiert::SCIENTIFIC_UPPER:
+  case format_specifiert::GENERAL_UPPER:
+  case format_specifiert::HEXADECIMAL_FLOAT_UPPER:
+  case format_specifiert::CHARACTER_UPPER:
+  case format_specifiert::DATE_TIME_UPPER:
+  case format_specifiert::BOOLEAN_UPPER:
+  case format_specifiert::STRING_UPPER:
+  case format_specifiert::HASHCODE_UPPER:
+  {
+    string_constraint_generatort::format_specifiert fs_lower=fs;
+    fs_lower.conversion=tolower(fs.conversion);
+    string_exprt lower_case=add_axioms_for_format_specifier(
+      fs_lower, arg, ref_type);
+    return add_axioms_for_to_upper_case(lower_case);
+  }
+  case format_specifiert::OCTAL_INTEGER:
+    // TODO: conversion of octal not implemented
+  case format_specifiert::GENERAL:
+    // TODO: general not implemented
+  case format_specifiert::HEXADECIMAL_FLOAT:
+    // TODO: hexadecimal float not implemented
+  case format_specifiert::DATE_TIME:
+    // TODO: DateTime not implemented
+    // For all these unimplemented cases we return a non-deterministic string
+    warning() << "unimplemented format specifier: " << fs.conversion << eom;
+    return fresh_string(ref_type);
+  default:
+    error() << "invalid format specifier: " << fs.conversion << eom;
+    INVARIANT(
+      false, "format specifier must belong to [bBhHsScCdoxXeEfgGaAtT%n]");
+    throw 0;
+  }
+}
+
+/// Parse `s` and add axioms ensuring the output corresponds to the output of
+/// String.format.
+/// \param s: a format string
+/// \param args: a vector of arguments
+/// \param ref_type: a type  for refined string type
+/// \return String expression representing the output of String.format.
+string_exprt string_constraint_generatort::add_axioms_for_format(
+  const std::string &s,
+  const std::vector<exprt> &args,
+  const refined_string_typet &ref_type)
+{
+  const std::vector<format_elementt> format_strings=parse_format_string(s);
+  std::vector<string_exprt> intermediary_strings;
+  std::size_t arg_count=0;
+
+  for(const format_elementt &fe : format_strings)
+    if(fe.is_format_specifier())
+    {
+      const format_specifiert &fs=fe.get_format_specifier();
+      struct_exprt arg;
+      if(fs.conversion!=format_specifiert::PERCENT_SIGN &&
+         fs.conversion!=format_specifiert::LINE_SEPARATOR)
+      {
+        if(fs.index==-1)
+        {
+          INVARIANT(
+            arg_count<args.size(), "number of format must match specifiers");
+          arg=to_struct_expr(args[arg_count++]);
+        }
+        else
+        {
+          INVARIANT(
+            fs.index<=args.size(), "number of format must match specifiers");
+          // first argument `args[0]` corresponds to index 1
+          arg=to_struct_expr(args[fs.index-1]);
+        }
+      }
+      intermediary_strings.push_back(
+        add_axioms_for_format_specifier(fs, arg, ref_type));
+    }
+    else
+      intermediary_strings.push_back(
+        add_axioms_for_constant(
+          fe.get_format_text().get_content(), ref_type));
+
+  if(intermediary_strings.empty())
+    return empty_string(ref_type);
+
+  auto it=intermediary_strings.begin();
+  string_exprt str=*(it++);
+  for(; it!=intermediary_strings.end(); ++it)
+    str=add_axioms_for_concat(str, *it);
+  return str;
+}
+
+/// Construct a string from a constant array.
+/// \param arr: an array expression containing only constants
+/// \param length: an unsigned value representing the length of the array
+/// \return String of length `length` represented by the array assuming each
+///   field in `arr` represents a character.
+std::string string_constraint_generatort::string_of_constant_array(
+  const array_exprt &arr, unsigned int length)
+{
+  std::ostringstream result;
+
+  for(size_t i=0; i<arr.operands().size() && i<length; i++)
+  {
+    // TODO: factorize with utf16_little_endian_to_ascii
+    unsigned int c;
+    exprt arr_i=arr.operands()[i];
+    PRECONDITION(arr_i.id()==ID_constant);
+    to_unsigned_integer(to_constant_expr(arr_i), c);
+    if(c<=255 && c>=32)
+      result << (unsigned char) c;
+    else
+    {
+      result << "\\u" << std::hex << std::setw(4) << std::setfill('0') << c;
+    }
+  }
+  return result.str();
+}
+
+/// Add axioms to specify the Java String.format function.
+///
+/// TODO: This is correct only if the first argument (ie the format string) is
+/// constant or does not contain format specifiers.
+/// \param f: a function application
+/// \return A string expression representing the return value of the
+///   String.format function on the given arguments, assuming the first argument
+///   in the function application is a constant. Otherwise the first argument is
+///   returned.
+string_exprt string_constraint_generatort::add_axioms_for_format(
+  const function_application_exprt &f)
+{
+  PRECONDITION(!f.arguments().empty());
+  string_exprt s1=get_string_expr(f.arguments()[0]);
+  const refined_string_typet &ref_type=to_refined_string_type(f.type());
+
+  if(s1.length().id()==ID_constant && s1.content().id()==ID_array)
+  {
+    unsigned int length;
+    to_unsigned_integer(to_constant_expr(s1.length()), length);
+    std::string s=string_of_constant_array(to_array_expr(s1.content()), length);
+
+    // List of arguments after s
+    std::vector<exprt> args(
+      std::next(f.arguments().begin()), f.arguments().end());
+    return add_axioms_for_format(s, args, ref_type);
+  }
+  else
+  {
+    warning() << "ignoring format function with non constant first argument"
+              << eom;
+    return fresh_string(ref_type);
+  }
+}

From 9bcb2e7d670d0529b97d1941e056f843d3a8d949 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Sat, 8 Jul 2017 22:25:16 +0100
Subject: [PATCH 472/699] Adding declaration of format functions and
 string_of_constant_array

Also adding string format file to Makefile
---
 src/solvers/Makefile                          |  1 +
 .../refinement/string_constraint_generator.h  | 23 ++++++++++++++++++-
 2 files changed, 23 insertions(+), 1 deletion(-)

diff --git a/src/solvers/Makefile b/src/solvers/Makefile
index 5c994aefc14..32844fd27c7 100644
--- a/src/solvers/Makefile
+++ b/src/solvers/Makefile
@@ -166,6 +166,7 @@ SRC = $(BOOLEFORCE_SRC) \
       refinement/string_constraint_generator_indexof.cpp \
       refinement/string_constraint_generator_insert.cpp \
       refinement/string_constraint_generator_float.cpp \
+      refinement/string_constraint_generator_format.cpp \
       refinement/string_constraint_generator_main.cpp \
       refinement/string_constraint_generator_testing.cpp \
       refinement/string_constraint_generator_transformation.cpp \
diff --git a/src/solvers/refinement/string_constraint_generator.h b/src/solvers/refinement/string_constraint_generator.h
index e1523c58c71..b0f99649428 100644
--- a/src/solvers/refinement/string_constraint_generator.h
+++ b/src/solvers/refinement/string_constraint_generator.h
@@ -26,7 +26,7 @@ Author: Romain Brenguier, romain.brenguier@diffblue.com
 #include <util/refined_string_type.h>
 #include <solvers/refinement/string_constraint.h>
 
-class string_constraint_generatort
+class string_constraint_generatort: messaget
 {
 public:
   // This module keeps a list of axioms. It has methods which generate
@@ -95,6 +95,12 @@ class string_constraint_generatort
   static constant_exprt constant_char(int i, const typet &char_type);
 
 
+  // Used by format function
+  class format_specifiert;
+
+  // Helper function which can be useful outside of this class
+  std::string string_of_constant_array(const array_exprt &arr, unsigned length);
+
 private:
   // The integer with the longest string is Integer.MIN_VALUE which is -2^31,
   // that is -2147483648 so takes 11 characters to write.
@@ -170,6 +176,21 @@ class string_constraint_generatort
   string_exprt add_axioms_for_delete(const function_application_exprt &expr);
   string_exprt add_axioms_for_delete_char_at(
     const function_application_exprt &expr);
+  string_exprt add_axioms_for_format(const function_application_exprt &f);
+  string_exprt add_axioms_for_format(
+    const std::string &s,
+    const std::vector<exprt> &args,
+    const refined_string_typet &ref_type);
+  exprt add_axioms_for_format_specifier_is_correct(
+    const function_application_exprt &expr);
+  bool add_axioms_for_format_specifier_is_correct(
+    const std::string &s);
+
+  string_exprt add_axioms_for_format_specifier(
+    const format_specifiert &fs,
+    const struct_exprt &arg,
+    const refined_string_typet &ref_type);
+
   string_exprt add_axioms_for_insert(
     const string_exprt &s1, const string_exprt &s2, const exprt &offset);
   string_exprt add_axioms_for_insert(const function_application_exprt &f);

From c79baf87e0f36d912bd040e875792ef3aa0ba815 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Wed, 17 May 2017 08:56:25 +0100
Subject: [PATCH 473/699] Factorizing part of string_of_array in
 string_refiniment with code of the generator

---
 src/solvers/refinement/string_refinement.cpp | 23 +-------------------
 1 file changed, 1 insertion(+), 22 deletions(-)

diff --git a/src/solvers/refinement/string_refinement.cpp b/src/solvers/refinement/string_refinement.cpp
index a8c66d63404..a6bddb979c6 100644
--- a/src/solvers/refinement/string_refinement.cpp
+++ b/src/solvers/refinement/string_refinement.cpp
@@ -807,28 +807,7 @@ std::string string_refinementt::string_of_array(const array_exprt &arr)
   exprt size_expr=to_array_type(arr.type()).size();
   PRECONDITION(size_expr.id()==ID_constant);
   to_unsigned_integer(to_constant_expr(size_expr), n);
-  std::string str(n, '?');
-
-  std::ostringstream result;
-  std::locale loc;
-
-  for(size_t i=0; i<arr.operands().size() && i<n; i++)
-  {
-    // TODO: factorize with utf16_little_endian_to_ascii
-    unsigned c;
-    exprt arr_i=arr.operands()[i];
-    PRECONDITION(arr_i.id()==ID_constant);
-    to_unsigned_integer(to_constant_expr(arr_i), c);
-    if(c<=255 && c>=32)
-      result << (unsigned char) c;
-    else
-    {
-      result << "\\u" << std::hex << std::setw(4) << std::setfill('0')
-             << (unsigned int) c;
-    }
-  }
-
-  return result.str();
+  return generator.string_of_constant_array(arr, n);
 }
 
 /// Display part of the current model by mapping the variables created by the

From 162b45b14115ae0366bf627bf9450edafe6a3372 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Wed, 17 May 2017 08:57:15 +0100
Subject: [PATCH 474/699] Adding calls to add_axioms_for_format in
 add_axioms_for_function_application

---
 src/solvers/refinement/string_constraint_generator_main.cpp | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/solvers/refinement/string_constraint_generator_main.cpp b/src/solvers/refinement/string_constraint_generator_main.cpp
index a3add2c74c8..0babb05cd2e 100644
--- a/src/solvers/refinement/string_constraint_generator_main.cpp
+++ b/src/solvers/refinement/string_constraint_generator_main.cpp
@@ -499,6 +499,8 @@ exprt string_constraint_generatort::add_axioms_for_function_application(
     res=add_axioms_for_intern(expr);
   else if(id==ID_cprover_string_array_of_char_pointer_func)
     res=add_axioms_for_char_pointer(expr);
+  else if(id==ID_cprover_string_format_func)
+    res=add_axioms_for_format(expr);
   else
   {
     std::string msg(

From 2d6d6893da8ca3af0b383894850d987f6426c211 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Sat, 8 Jul 2017 22:31:14 +0100
Subject: [PATCH 475/699] Adding String.format to Java String library
 preprocessing

---
 .../java_string_library_preprocess.cpp        | 318 +++++++++++++++++-
 .../java_string_library_preprocess.h          |  24 ++
 2 files changed, 341 insertions(+), 1 deletion(-)

diff --git a/src/java_bytecode/java_string_library_preprocess.cpp b/src/java_bytecode/java_string_library_preprocess.cpp
index 427f76b8753..b4f72d0112d 100644
--- a/src/java_bytecode/java_string_library_preprocess.cpp
+++ b/src/java_bytecode/java_string_library_preprocess.cpp
@@ -815,6 +815,11 @@ codet java_string_library_preprocesst::code_assign_java_string_to_string_expr(
   // Assignments
   code_blockt code;
   code.add(code_assignt(lhs.length(), rhs_length));
+
+  // We always assume data of a String is not null
+  not_exprt data_not_null(equal_exprt(
+    member_data, null_pointer_exprt(to_pointer_type(member_data.type()))));
+  code.add(code_assumet(data_not_null));
   code.add(code_assignt(lhs.content(), rhs_data));
   return code;
 }
@@ -1169,6 +1174,308 @@ codet java_string_library_preprocesst::make_string_to_char_array_code(
   return code;
 }
 
+/// Adds to the code an assignment of the form
+/// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+/// type_name tmp_type_name
+/// tmp_type_name = ((Classname*)arg_i)->value
+/// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+/// and returns `tmp_typename`.
+/// In case the class corresponding to `type_name` is not available in
+/// `symbol_table`, the variable is declared but not assigned.
+/// Used to access the values of the arguments of `String.format`.
+/// \param object: an expression representing a reference to an object
+/// \param type_name: name of the corresponding primitive type, this can be
+///        one of the following: ID_boolean, ID_char, ID_byte, ID_short, ID_int,
+///        ID_long, ID_float, ID_double, ID_void
+/// \param loc: a location in the source
+/// \param symbol_table: the symbol table
+/// \param code: code block to which we are adding some assignments
+/// \return An expression contaning a symbol `tmp_type_name` where `type_name`
+///         is the given argument (ie. boolean, char etc.). Which represents the
+///         primitive value contained in the given object.
+exprt java_string_library_preprocesst::get_primitive_value_of_object(
+  const exprt &object,
+  irep_idt type_name,
+  const source_locationt &loc,
+  symbol_tablet &symbol_table,
+  code_blockt &code)
+{
+  symbol_typet object_type;
+  typet value_type;
+  if(type_name==ID_boolean)
+  {
+    value_type=java_boolean_type();
+    object_type=symbol_typet("java::java.lang.Boolean");
+  }
+  else if(type_name==ID_char)
+  {
+    value_type=java_char_type();
+    object_type=symbol_typet("java::java.lang.Character");
+  }
+  else if(type_name==ID_byte)
+  {
+    value_type=java_byte_type();
+    object_type=symbol_typet("java::java.lang.Byte");
+  }
+  else if(type_name==ID_short)
+  {
+    value_type=java_short_type();
+    object_type=symbol_typet("java::java.lang.Short");
+  }
+  else if(type_name==ID_int)
+  {
+    value_type=java_int_type();
+    object_type=symbol_typet("java::java.lang.Integer");
+  }
+  else if(type_name==ID_long)
+  {
+    value_type=java_long_type();
+    object_type=symbol_typet("java::java.lang.Long");
+  }
+  else if(type_name==ID_float)
+  {
+    value_type=java_float_type();
+    object_type=symbol_typet("java::java.lang.Float");
+  }
+  else if(type_name==ID_double)
+  {
+    value_type=java_double_type();
+    object_type=symbol_typet("java::java.lang.Double");
+  }
+  else if(type_name==ID_void)
+    return nil_exprt();
+  else
+    UNREACHABLE;
+
+  // declare tmp_type_name to hold the value
+  std::string aux_name="tmp_"+id2string(type_name);
+  symbolt symbol=get_fresh_aux_symbol(
+    value_type, aux_name, aux_name, loc, ID_java, symbol_table);
+  exprt value=symbol.symbol_expr();
+
+  // Check that the type of the object is in the symbol table,
+  // otherwise there is no safe way of finding its value.
+  if(symbol_table.has_symbol(object_type.get_identifier()))
+  {
+    struct_typet struct_type=to_struct_type(
+      symbol_table.lookup(object_type.get_identifier()).type);
+    // Check that the type has a value field
+    const struct_union_typet::componentt value_comp=
+      struct_type.get_component("value");
+    if(!value_comp.is_nil())
+    {
+      pointer_typet pointer_type(struct_type);
+      dereference_exprt deref(
+        typecast_exprt(object, pointer_type), pointer_type.subtype());
+      member_exprt deref_value(deref, value_comp.get_name(), value_comp.type());
+      code.add(code_assignt(value, deref_value));
+      return value;
+    }
+  }
+
+  warning() << object_type.get_identifier()
+            << " not available to format function" << eom;
+  code.add(code_declt(value));
+  return value;
+}
+
+/// Helper for format function. Returns the expression:
+/// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+/// *((void**)(argv->data)+index )
+/// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+/// which corresponds to the object at position `index` in  `argv`.
+/// \param argv: reference to an array of references
+/// \param index: index of the desired object
+/// \return An expression representing the object at position `index` of `argv`.
+exprt java_string_library_preprocesst::get_object_at_index(
+  const exprt &argv,
+  int index)
+{
+  dereference_exprt deref_objs(argv, argv.type().subtype());
+  pointer_typet empty_pointer((empty_typet()));
+  pointer_typet pointer_of_pointer;
+  pointer_of_pointer.copy_to_subtypes(empty_pointer);
+  member_exprt data_member(deref_objs, "data", pointer_of_pointer);
+  plus_exprt data_pointer_plus_index(
+    data_member, from_integer(index, java_int_type()), data_member.type());
+  dereference_exprt data_at_index(
+    data_pointer_plus_index, data_pointer_plus_index.type().subtype());
+  return data_at_index;
+}
+
+/// Helper for format function. Adds code:
+/// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+/// string_expr arg_i_string_expr;
+/// int tmp_int;
+/// float tmp_float;
+/// char tmp_char;
+/// boolean tmp_boolean;
+/// Object* arg_i=get_object_at_index(argv, index)
+/// if(arg_i!=NULL)
+/// {
+///   if(arg_i.@class_identifier=="java::java.lang.String")
+///   {
+///     arg_i_string_expr = (string_expr)((String*)arg_i_as_string)
+///   }
+///   tmp_int=((Integer)arg_i)->value
+///   tmp_float=((Float)arg_i)->value
+///   tmp_char=((Char)arg_i)->value
+///   tmp_boolean=((Boolean)arg_i)->value
+/// }
+/// arg_i_struct = { string_expr=arg_i_string_expr;
+///   integer=tmp_int; float=tmp_float; char=tmp_char; boolean=tmp_boolean}
+/// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+/// and returns `arg_i_struct`.
+///
+/// TODO: date_time and hash code are not implemented
+/// \param argv: reference to an array of references
+/// \param index: index of the desired argument
+/// \param structured_type: type for arguments of the internal format function
+/// \param loc: a location in the source
+/// \param symbol_table: the symbol table
+/// \param code: code block to which we are adding some assignments
+/// \return An expression of type `structured_type` representing the possible
+///         values of the argument at position `index` of `argv`.
+exprt java_string_library_preprocesst::make_argument_for_format(
+  const exprt &argv,
+  int index,
+  const struct_typet &structured_type,
+  const source_locationt &loc,
+  symbol_tablet &symbol_table,
+  code_blockt &code)
+{
+  // Declarations of the fields of arg_i_struct
+  // arg_i_struct is { arg_i_string_expr, tmp_int, tmp_char, ... }
+  struct_exprt arg_i_struct(structured_type);
+  std::list<exprt> field_exprs;
+  for(const auto & comp : structured_type.components())
+  {
+    const irep_idt &name=comp.get_name();
+    const typet &type=comp.type();
+    exprt field_expr;
+    if(name!="string_expr")
+    {
+      std::string tmp_name="tmp_"+id2string(name);
+      symbolt field_symbol=get_fresh_aux_symbol(
+        type, tmp_name, tmp_name, loc, ID_java, symbol_table);
+      field_expr=field_symbol.symbol_expr();
+      code.add(code_declt(field_expr));
+    }
+    else
+      field_expr=fresh_string_expr(loc, symbol_table, code);
+
+    field_exprs.push_back(field_expr);
+    arg_i_struct.copy_to_operands(field_expr);
+  }
+
+  // arg_i = argv[index]
+  exprt obj=get_object_at_index(argv, index);
+  symbolt object_symbol=get_fresh_aux_symbol(
+    obj.type(), "tmp_object", "tmp_object", loc, ID_java, symbol_table);
+  symbol_exprt arg_i=object_symbol.symbol_expr();
+  (void) allocate_dynamic_object_with_decl(
+    arg_i, obj.type(), symbol_table, loc, code, false);
+  code.add(code_assignt(arg_i, obj));
+  code.add(code_assumet(not_exprt(equal_exprt(
+    arg_i, null_pointer_exprt(to_pointer_type(arg_i.type()))))));
+
+  // if arg_i != null then [code_not_null]
+  code_ifthenelset code_avoid_null_arg;
+  code_avoid_null_arg.cond()=not_exprt(equal_exprt(
+    arg_i, null_pointer_exprt(to_pointer_type(arg_i.type()))));
+  code_blockt code_not_null;
+
+  // Assigning all the fields of arg_i_struct
+  for(const auto &comp : structured_type.components())
+  {
+    const irep_idt &name=comp.get_name();
+    exprt field_expr=field_exprs.front();
+    field_exprs.pop_front();
+
+    if(name=="string_expr")
+    {
+      pointer_typet string_pointer(symbol_typet("java::java.lang.String"));
+      typecast_exprt arg_i_as_string(arg_i, string_pointer);
+      code_not_null.add(code_assign_java_string_to_string_expr(
+        to_string_expr(field_expr), arg_i_as_string, symbol_table));
+      exprt arg_i_string_expr_sym=fresh_string_expr_symbol(
+        loc, symbol_table, code_not_null);
+      code_not_null.add(code_assignt(
+        arg_i_string_expr_sym, to_string_expr(field_expr)));
+    }
+    else if(name==ID_int || name==ID_float || name==ID_char || name==ID_boolean)
+    {
+      exprt value=get_primitive_value_of_object(
+        arg_i, name, loc, symbol_table, code_not_null);
+      code_not_null.add(code_assignt(field_expr, value));
+    }
+    else
+    {
+      // TODO: date_time and hash_code not implemented
+    }
+  }
+
+  code.add(code_not_null);
+  return arg_i_struct;
+}
+
+/// Used to provide code for the Java String.format function.
+///
+/// TODO: date_time and hash code are not implemented, and we set a limit of
+/// 10 arguments
+/// \param type: type of the function call
+/// \param loc: location in the program_invocation_name
+/// \param symbol_table: symbol table
+/// \return Code implementing the Java String.format function.
+///         Since the exact class of the arguments is not known, we give as
+///         argument to the internal format function a structure containing
+///         the different possible types.
+codet java_string_library_preprocesst::make_string_format_code(
+  const code_typet &type,
+  const source_locationt &loc,
+  symbol_tablet &symbol_table)
+{
+  PRECONDITION(type.parameters().size()==2);
+  code_blockt code;
+  exprt::operandst args=process_parameters(
+    type.parameters(), loc, symbol_table, code);
+  INVARIANT(args.size()==2, "String.format should have two arguments");
+
+  // The argument can be:
+  // a string, an integer, a floating point, a character, a boolean,
+  // an object of which we take the hash code, or a date/time
+  struct_typet structured_type;
+  structured_type.components().emplace_back("string_expr", refined_string_type);
+  structured_type.components().emplace_back(ID_int, java_int_type());
+  structured_type.components().emplace_back(ID_float, java_float_type());
+  structured_type.components().emplace_back(ID_char, java_char_type());
+  structured_type.components().emplace_back(ID_boolean, java_boolean_type());
+  // TODO: hash_code not implemented for now
+  structured_type.components().emplace_back("hashcode", java_int_type());
+  // TODO: date_time type not implemented for now
+  structured_type.components().emplace_back("date_time", java_int_type());
+
+  // We will process arguments so that each is converted to a `struct_exprt`
+  // containing each possible type used in format specifiers.
+  std::vector<exprt> processed_args;
+  processed_args.push_back(args[0]);
+  for(std::size_t i=0; i<MAX_FORMAT_ARGS; ++i)
+    processed_args.push_back(make_argument_for_format(
+      args[1], i, structured_type, loc, symbol_table, code));
+
+  string_exprt string_expr=fresh_string_expr(loc, symbol_table, code);
+  code.add(code_assign_function_to_string_expr(
+    string_expr, ID_cprover_string_format_func, processed_args, symbol_table));
+  exprt string_expr_sym=fresh_string_expr_symbol(loc, symbol_table, code);
+  code.add(code_assignt(string_expr_sym, string_expr));
+  exprt java_string=allocate_fresh_string(
+    type.return_type(), loc, symbol_table, code);
+  code.add(code_assign_string_expr_to_new_java_string(
+    java_string, string_expr, loc, symbol_table));
+  code.add(code_returnt(java_string));
+  return code;
+}
+
 /// Used to provide our own implementation of the java.lang.Object.getClass()
 /// function.
 /// \param type: type of the function called
@@ -1582,6 +1889,15 @@ void java_string_library_preprocesst::initialize_conversion_table()
   cprover_equivalent_to_java_function
     ["java::java.lang.String.equalsIgnoreCase:(Ljava/lang/String;)Z"]=
       ID_cprover_string_equals_ignore_case_func;
+  conversion_table
+    ["java::java.lang.String.format:(Ljava/lang/String;[Ljava/lang/Object;)"
+      "Ljava/lang/String;"]=
+      std::bind(
+        &java_string_library_preprocesst::make_string_format_code,
+        this,
+        std::placeholders::_1,
+        std::placeholders::_2,
+        std::placeholders::_3);
   cprover_equivalent_to_java_function
     ["java::java.lang.String.hashCode:()I"]=
       ID_cprover_string_hash_code_func;
@@ -1922,7 +2238,7 @@ void java_string_library_preprocesst::initialize_conversion_table()
         std::placeholders::_2,
         std::placeholders::_3);
 
- // CharSequence library
+  // CharSequence library
   cprover_equivalent_to_java_function
     ["java::java.lang.CharSequence.charAt:(I)C"]=
       ID_cprover_string_char_at_func;
diff --git a/src/java_bytecode/java_string_library_preprocess.h b/src/java_bytecode/java_string_library_preprocess.h
index 472e8fe8e2b..cc8dd4cf469 100644
--- a/src/java_bytecode/java_string_library_preprocess.h
+++ b/src/java_bytecode/java_string_library_preprocess.h
@@ -27,6 +27,9 @@ Date:   March 2017
 #include "character_refine_preprocess.h"
 #include "java_types.h"
 
+// Arbitrary limit of 10 arguments for the number of arguments to String.format
+#define MAX_FORMAT_ARGS 10
+
 class java_string_library_preprocesst:public messaget
 {
 public:
@@ -128,6 +131,11 @@ class java_string_library_preprocesst:public messaget
     const source_locationt &loc,
     symbol_tablet &symbol_table);
 
+  codet make_string_format_code(
+    const code_typet &type,
+    const source_locationt &loc,
+    symbol_tablet &symbol_table);
+
   codet make_copy_string_code(
     const code_typet &type,
     const source_locationt &loc,
@@ -316,6 +324,22 @@ class java_string_library_preprocesst:public messaget
     const code_typet &type,
     const source_locationt &loc,
     symbol_tablet &symbol_table);
+
+  exprt make_argument_for_format(const exprt &argv,
+    int index,
+    const struct_typet &structured_type,
+    const source_locationt &loc,
+    symbol_tablet &symbol_table,
+    code_blockt &code);
+
+  exprt get_primitive_value_of_object(
+    const exprt &object,
+    irep_idt type_name,
+    const source_locationt &loc,
+    symbol_tablet &symbol_table,
+    code_blockt &code);
+
+  exprt get_object_at_index(const exprt &argv, int index);
 };
 
 #endif // CPROVER_JAVA_BYTECODE_JAVA_STRING_LIBRARY_PREPROCESS_H

From 27be555550f6260a37b6eeed64fd032efbe3eb19 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Sun, 9 Jul 2017 11:40:28 +0100
Subject: [PATCH 476/699] Adding test for String.format function

---
 .../strings-smoke-tests/java_format/test.class    | Bin 0 -> 755 bytes
 .../strings-smoke-tests/java_format/test.desc     |   8 ++++++++
 .../strings-smoke-tests/java_format/test.java     |  10 ++++++++++
 3 files changed, 18 insertions(+)
 create mode 100644 regression/strings-smoke-tests/java_format/test.class
 create mode 100644 regression/strings-smoke-tests/java_format/test.desc
 create mode 100644 regression/strings-smoke-tests/java_format/test.java

diff --git a/regression/strings-smoke-tests/java_format/test.class b/regression/strings-smoke-tests/java_format/test.class
new file mode 100644
index 0000000000000000000000000000000000000000..a889c41e687246ea1d49649905de445b061ee0b4
GIT binary patch
literal 755
zcmZvZ%Wl&^6o&taFJn6{N!>JrLZO8=BmtUDH>l;N0vie}f{<EPlVqq|92>?C??PUH
zEf=XpAYjikA;cMnG(oVL%RguS^PO{k{QCS2z$V%r3@kY~%W=-ZvWN4y;G&2X2dnyW
zk>ipF7fT##9@bH3SXdKjDpeLHae6mQMK_Xt2DZ;&Z-;T1-DEHt&8H0JPSTeQrQI-=
zkA{P;R8Mp;Jq$z`GgKPQ-9zzOv?CE8v^$v!<AW`RxlSf}FCL1Qc{Imm24}k${jv5s
z$x!v={ZJdZnM|_{?ct+@G7&sal9lz8p*%Hy+&z@NjG($gk(-YOnm*=mih=8Jl6|yr
zg`qb6bZ1iHJ*5&w$T}0pRUg-|@t6IWJ5Q|!g7RE%{9Dzt8EMS3_21fU`D!R4;$NIK
znf#y@m!^n25zT?2+LvjlWdDSi+LsOKfrhY;Rhp$ilV;_bE}2dS$OUCu=jpagJEPrd
z9fQ5sfe2`|bCDX11yty)LlvxCy%iM9uQ2wE!0dd2_22{S5h|^KAHf-+_yz9XF}&}y
z@|&sLdPi1;JV^kP&KA+wsDtAM94wOJqVN-Sj%t;J(<i8#d3InvC?3Hdftzn(8XsY6
U?6KnnTf0~&__uX&wfy<aZ~c6k#{d8T

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_format/test.desc b/regression/strings-smoke-tests/java_format/test.desc
new file mode 100644
index 00000000000..2a200d7918c
--- /dev/null
+++ b/regression/strings-smoke-tests/java_format/test.desc
@@ -0,0 +1,8 @@
+CORE
+test.class
+--refine-strings --string-max-length 20
+^EXIT=10$
+^SIGNAL=0$
+^\[.*assertion.1\].* line 6.* SUCCESS$
+^\[.*assertion.2\].* line 7.* FAILURE$
+--
diff --git a/regression/strings-smoke-tests/java_format/test.java b/regression/strings-smoke-tests/java_format/test.java
new file mode 100644
index 00000000000..9726153fbb3
--- /dev/null
+++ b/regression/strings-smoke-tests/java_format/test.java
@@ -0,0 +1,10 @@
+public class test
+{
+    public static String main()
+    {
+        String s = String.format("foo %s", "bar");
+        assert(s.equals("foo bar"));
+        assert(!s.equals("foo bar"));
+        return s;
+    }
+}

From 6fd1c329e5a40dd0ab24220a906ae948359feec1 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Sun, 16 Jul 2017 18:27:50 +0100
Subject: [PATCH 477/699] Renaming utility function to
 utf16_constant_array_to_ascii

---
 .../refinement/string_constraint_generator.h  |  5 ++--
 .../string_constraint_generator_format.cpp    | 28 ++++++++-----------
 src/solvers/refinement/string_refinement.cpp  |  2 +-
 3 files changed, 15 insertions(+), 20 deletions(-)

diff --git a/src/solvers/refinement/string_constraint_generator.h b/src/solvers/refinement/string_constraint_generator.h
index b0f99649428..1b6c0ba87fb 100644
--- a/src/solvers/refinement/string_constraint_generator.h
+++ b/src/solvers/refinement/string_constraint_generator.h
@@ -98,9 +98,6 @@ class string_constraint_generatort: messaget
   // Used by format function
   class format_specifiert;
 
-  // Helper function which can be useful outside of this class
-  std::string string_of_constant_array(const array_exprt &arr, unsigned length);
-
 private:
   // The integer with the longest string is Integer.MIN_VALUE which is -2^31,
   // that is -2147483648 so takes 11 characters to write.
@@ -364,5 +361,7 @@ class string_constraint_generatort: messaget
 exprt is_digit_with_radix(exprt chr, exprt radix);
 exprt get_numeric_value_from_character(
   const exprt &chr, const typet &char_type, const typet &type);
+std::string utf16_constant_array_to_ascii(
+  const array_exprt &arr, unsigned length);
 
 #endif
diff --git a/src/solvers/refinement/string_constraint_generator_format.cpp b/src/solvers/refinement/string_constraint_generator_format.cpp
index 639509e2749..cf51ff86dc6 100644
--- a/src/solvers/refinement/string_constraint_generator_format.cpp
+++ b/src/solvers/refinement/string_constraint_generator_format.cpp
@@ -17,6 +17,7 @@ Date:   May 2017
 #include <vector>
 
 #include <util/std_expr.h>
+#include <util/unicode.h>
 
 #include "string_constraint_generator.h"
 
@@ -395,26 +396,20 @@ string_exprt string_constraint_generatort::add_axioms_for_format(
 /// \param length: an unsigned value representing the length of the array
 /// \return String of length `length` represented by the array assuming each
 ///   field in `arr` represents a character.
-std::string string_constraint_generatort::string_of_constant_array(
+std::string utf16_constant_array_to_ascii(
   const array_exprt &arr, unsigned int length)
 {
-  std::ostringstream result;
-
+  std::wstring out('?', length);
+  unsigned int c;
   for(size_t i=0; i<arr.operands().size() && i<length; i++)
   {
-    // TODO: factorize with utf16_little_endian_to_ascii
-    unsigned int c;
-    exprt arr_i=arr.operands()[i];
-    PRECONDITION(arr_i.id()==ID_constant);
-    to_unsigned_integer(to_constant_expr(arr_i), c);
-    if(c<=255 && c>=32)
-      result << (unsigned char) c;
-    else
-    {
-      result << "\\u" << std::hex << std::setw(4) << std::setfill('0') << c;
-    }
+    PRECONDITION(arr.operands()[i].id()==ID_constant);
+    bool conversion_failed=to_unsigned_integer(
+      to_constant_expr(arr.operands()[i]), c);
+    INVARIANT(!conversion_failed, "constant should be converted to unsigned");
+    out[i]=c;
   }
-  return result.str();
+  return utf16_little_endian_to_ascii(out);
 }
 
 /// Add axioms to specify the Java String.format function.
@@ -437,7 +432,8 @@ string_exprt string_constraint_generatort::add_axioms_for_format(
   {
     unsigned int length;
     to_unsigned_integer(to_constant_expr(s1.length()), length);
-    std::string s=string_of_constant_array(to_array_expr(s1.content()), length);
+    std::string s=utf16_constant_array_to_ascii(
+      to_array_expr(s1.content()), length);
 
     // List of arguments after s
     std::vector<exprt> args(
diff --git a/src/solvers/refinement/string_refinement.cpp b/src/solvers/refinement/string_refinement.cpp
index a6bddb979c6..1c876567a2c 100644
--- a/src/solvers/refinement/string_refinement.cpp
+++ b/src/solvers/refinement/string_refinement.cpp
@@ -807,7 +807,7 @@ std::string string_refinementt::string_of_array(const array_exprt &arr)
   exprt size_expr=to_array_type(arr.type()).size();
   PRECONDITION(size_expr.id()==ID_constant);
   to_unsigned_integer(to_constant_expr(size_expr), n);
-  return generator.string_of_constant_array(arr, n);
+  return utf16_constant_array_to_ascii(arr, n);
 }
 
 /// Display part of the current model by mapping the variables created by the

From c7d972f4e2ca11966297f7dd3e78ae6cb016d637 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Sun, 16 Jul 2017 21:55:49 +0100
Subject: [PATCH 478/699] Corrections in string refinement constraint
 generation

Correcting comparison between signed and unsigned

Removed extra space

Use vector to store an optional format_specifiert:
Although unique pointers seem adapted for this situation, using them leads
to complication as the copy operator gets deleted and the previous
version would not compile with visual studio 12.

Comment on deactivated code
---
 .../refinement/string_constraint_generator.h  |  2 +-
 .../string_constraint_generator_format.cpp    | 75 ++++++++-----------
 2 files changed, 34 insertions(+), 43 deletions(-)

diff --git a/src/solvers/refinement/string_constraint_generator.h b/src/solvers/refinement/string_constraint_generator.h
index 1b6c0ba87fb..57bb9c22505 100644
--- a/src/solvers/refinement/string_constraint_generator.h
+++ b/src/solvers/refinement/string_constraint_generator.h
@@ -176,7 +176,7 @@ class string_constraint_generatort: messaget
   string_exprt add_axioms_for_format(const function_application_exprt &f);
   string_exprt add_axioms_for_format(
     const std::string &s,
-    const std::vector<exprt> &args,
+    const exprt::operandst &args,
     const refined_string_typet &ref_type);
   exprt add_axioms_for_format_specifier_is_correct(
     const function_application_exprt &expr);
diff --git a/src/solvers/refinement/string_constraint_generator_format.cpp b/src/solvers/refinement/string_constraint_generator_format.cpp
index cf51ff86dc6..a30cae81a7c 100644
--- a/src/solvers/refinement/string_constraint_generator_format.cpp
+++ b/src/solvers/refinement/string_constraint_generator_format.cpp
@@ -57,8 +57,6 @@ class string_constraint_generatort::format_specifiert
   bool dt=false;
   char conversion;
 
-  format_specifiert() { }
-
   format_specifiert(
     int _index,
     std::string _flag,
@@ -81,7 +79,7 @@ class format_textt
 public:
   explicit format_textt(std::string _content): content(_content) { }
 
-  explicit format_textt(const format_textt &fs): content(fs.content) { }
+  format_textt(const format_textt &fs): content(fs.content) { }
 
   std::string get_content() const
   {
@@ -107,9 +105,10 @@ class format_elementt
   }
 
   explicit format_elementt(string_constraint_generatort::format_specifiert fs):
-    type(SPECIFIER), fstring("")
+    type(SPECIFIER),
+    fstring("")
   {
-    fspec[0]=fs;
+    fspec.push_back(fs);
   }
 
   bool is_format_specifier() const
@@ -125,7 +124,7 @@ class format_elementt
   string_constraint_generatort::format_specifiert get_format_specifier() const
   {
     PRECONDITION(is_format_specifier());
-    return fspec[0];
+    return fspec.back();
   }
 
   format_textt &get_format_text()
@@ -140,19 +139,16 @@ class format_elementt
     return fstring;
   }
 
-  ~format_elementt() {}
-
 private:
   format_typet type;
   format_textt fstring;
-  string_constraint_generatort::format_specifiert fspec[1];
+  std::vector<string_constraint_generatort::format_specifiert> fspec;
 };
 
 #if 0
+// This code is deactivated as it is not used for now, but ultimalety this
+// should be used to throw an exception when the format string is not correct
 /// Used to check first argument of `String.format` is correct.
-///
-/// TODO: This is not used for now but an exception should be thrown when the
-///   format string is not correct
 /// \param s: a string
 /// \return True if the argument is a correct format string. Any '%' found
 ///   between format specifier means the string is invalid.
@@ -190,31 +186,23 @@ static bool check_format_string(std::string s)
 static string_constraint_generatort::format_specifiert
   format_specifier_of_match(std::smatch &m)
 {
-  string_constraint_generatort::format_specifiert f;
-
-  if(!m[1].str().empty())
-    f.index=std::stoi(m[1].str());
-
-  if(!m[2].str().empty())
-    f.flag=m[2].str();
-
-  if(!m[3].str().empty())
-    f.width=std::stoi(m[3].str());
-
-  if(!m[4].str().empty())
-    f.precision=std::stoi(m[4].str());
-
+  int index=m[1].str().empty()?-1:std::stoi(m[1].str());
+  std::string flag=m[2].str().empty()?"":m[2].str();
+  int width=m[3].str().empty()?-1:std::stoi(m[3].str());
+  int precision=m[4].str().empty()?-1:std::stoi(m[4].str());
   std::string tT=m[5].str();
-  f.dt=(tT!="");
+
+  bool dt=(tT!="");
   if(tT=="T")
-    f.flag.push_back(
+    flag.push_back(
       string_constraint_generatort::format_specifiert::DATE_TIME_UPPER);
 
-  if(m[6].str().length()!=1)
-    throw "invalid format specifier:"+m.str();
+  INVARIANT(
+    m[6].str().length()==1, "format conversion should be one character");
+  char conversion=m[6].str()[0];
 
-  f.conversion=m[6].str()[0];
-  return f;
+  return string_constraint_generatort::format_specifiert(
+    index, flag, width, precision, dt, conversion);
 }
 
 /// Parse the given string into format specifiers and text.
@@ -232,7 +220,7 @@ static std::vector<format_elementt> parse_format_string(std::string s)
 
   while(std::regex_search(s, match, regex))
   {
-    if(match.position()!= 0)
+    if(match.position()!=0)
     {
       std::string pre_match=s.substr(0, match.position());
       al.emplace_back(pre_match);
@@ -344,7 +332,7 @@ string_exprt string_constraint_generatort::add_axioms_for_format_specifier(
 /// \return String expression representing the output of String.format.
 string_exprt string_constraint_generatort::add_axioms_for_format(
   const std::string &s,
-  const std::vector<exprt> &args,
+  const exprt::operandst &args,
   const refined_string_typet &ref_type)
 {
   const std::vector<format_elementt> format_strings=parse_format_string(s);
@@ -367,8 +355,11 @@ string_exprt string_constraint_generatort::add_axioms_for_format(
         }
         else
         {
+          INVARIANT(fs.index>=0, "index in format should be positive");
           INVARIANT(
-            fs.index<=args.size(), "number of format must match specifiers");
+            static_cast<std::size_t>(fs.index)<=args.size(),
+            "number of format must match specifiers");
+
           // first argument `args[0]` corresponds to index 1
           arg=to_struct_expr(args[fs.index-1]);
         }
@@ -399,14 +390,14 @@ string_exprt string_constraint_generatort::add_axioms_for_format(
 std::string utf16_constant_array_to_ascii(
   const array_exprt &arr, unsigned int length)
 {
-  std::wstring out('?', length);
+  std::wstring out(length, '?');
   unsigned int c;
-  for(size_t i=0; i<arr.operands().size() && i<length; i++)
+  for(std::size_t i=0; i<arr.operands().size() && i<length; i++)
   {
     PRECONDITION(arr.operands()[i].id()==ID_constant);
     bool conversion_failed=to_unsigned_integer(
       to_constant_expr(arr.operands()[i]), c);
-    INVARIANT(!conversion_failed, "constant should be converted to unsigned");
+    INVARIANT(!conversion_failed, "constant should be convertible to unsigned");
     out[i]=c;
   }
   return utf16_little_endian_to_ascii(out);
@@ -427,14 +418,14 @@ string_exprt string_constraint_generatort::add_axioms_for_format(
   PRECONDITION(!f.arguments().empty());
   string_exprt s1=get_string_expr(f.arguments()[0]);
   const refined_string_typet &ref_type=to_refined_string_type(f.type());
+  unsigned int length;
 
-  if(s1.length().id()==ID_constant && s1.content().id()==ID_array)
+  if(s1.length().id()==ID_constant &&
+     s1.content().id()==ID_array &&
+     !to_unsigned_integer(to_constant_expr(s1.length()), length))
   {
-    unsigned int length;
-    to_unsigned_integer(to_constant_expr(s1.length()), length);
     std::string s=utf16_constant_array_to_ascii(
       to_array_expr(s1.content()), length);
-
     // List of arguments after s
     std::vector<exprt> args(
       std::next(f.arguments().begin()), f.arguments().end());

From bf0c217f1c5298a94a1c8f33561d78a4eafc8fb0 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Sun, 16 Jul 2017 21:57:28 +0100
Subject: [PATCH 479/699] Adding test for String.format with non-constant
 argument

---
 .../strings-smoke-tests/java_format2/test.class   | Bin 0 -> 901 bytes
 .../strings-smoke-tests/java_format2/test.desc    |   8 ++++++++
 .../strings-smoke-tests/java_format2/test.java    |  10 ++++++++++
 3 files changed, 18 insertions(+)
 create mode 100644 regression/strings-smoke-tests/java_format2/test.class
 create mode 100644 regression/strings-smoke-tests/java_format2/test.desc
 create mode 100644 regression/strings-smoke-tests/java_format2/test.java

diff --git a/regression/strings-smoke-tests/java_format2/test.class b/regression/strings-smoke-tests/java_format2/test.class
new file mode 100644
index 0000000000000000000000000000000000000000..e78ed5bb9dfd699ae896ecb6963b06ad5d25faf7
GIT binary patch
literal 901
zcmZuvOH<QO6#j0LCQTY>iBc-QiURhb)CW2`Fpdt$D(a#RGvMkrjTlT5O>X@sF6<w0
z>tm)kI_lov<T#$20!7N^-1Gd-ch0%L|9<-kU>SEzD5&Hxr{j`|%a}Ki$3hN^(zqf;
zRY%Q)fr^g0i3YARoSNrJ;>E&`!ere~csuYq3~ZZ0TlGU<+-Fd#wM_<fE$Vm-1;-D)
zC%tali=WA42HS~T9&Ga1m-fC>6)*jSFdX3}Vuh-^+z%NRtIjTe%bNiYcbY8``{B+?
zZQMmY6A?@3v25Z-xDzeG-B*wK>$IJYYYe$nH`pg^wxV9_dK<o^XGjK1630RTMdI`#
ziYf~PQXGLlZSQ)nARG%zXj+)SBypCB7OrE)!VTPHD31yr9xUxq97n`dm0fh)vgi)C
z|AQV*nYN9)Trk`_VF%BT3_9d;@>(=E3S9}Jd2f0=pdqG@q8*gd^$H`dYXO~@q15pb
zKlVC@)M<yJM*+I;Hs<KBDD;h3u`H)2O#z{xNOFp-CcTW_Y<&;x6Db+kB(>B@--vW;
zn1IumCd)txGvtxQ?~tW@V8hO+KcH+W_10IY&Szx%C^u}aK7c+zu8;h87+ZTVe;p6K
zAB7qp2}w!2+fYf*5?u{7=vYTCWl|b;Lm6i%K8d@SC5_=MSq3tHP}6a4mXgmO&bOSB
h2d3=&09GHm`T?r)1=;agB?`@BJ&+r@Kt=`^{{cgNxd8wG

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_format2/test.desc b/regression/strings-smoke-tests/java_format2/test.desc
new file mode 100644
index 00000000000..2a200d7918c
--- /dev/null
+++ b/regression/strings-smoke-tests/java_format2/test.desc
@@ -0,0 +1,8 @@
+CORE
+test.class
+--refine-strings --string-max-length 20
+^EXIT=10$
+^SIGNAL=0$
+^\[.*assertion.1\].* line 6.* SUCCESS$
+^\[.*assertion.2\].* line 7.* FAILURE$
+--
diff --git a/regression/strings-smoke-tests/java_format2/test.java b/regression/strings-smoke-tests/java_format2/test.java
new file mode 100644
index 00000000000..c197d5c6793
--- /dev/null
+++ b/regression/strings-smoke-tests/java_format2/test.java
@@ -0,0 +1,10 @@
+public class test
+{
+    public static String main(String str)
+    {
+        String s = String.format("foo %s", str);
+        assert(s.equals("foo ".concat(str)));
+        assert(!s.equals("foo ".concat(str)));
+        return s;
+    }
+}

From 5138f7d04f16c228235067149b4fb7d18432c749 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Tue, 18 Jul 2017 08:17:54 +0100
Subject: [PATCH 480/699] Adding a test with an indexed argument in format

---
 .../strings-smoke-tests/java_format3/test.class   | Bin 0 -> 898 bytes
 .../strings-smoke-tests/java_format3/test.desc    |   8 ++++++++
 .../strings-smoke-tests/java_format3/test.java    |  12 ++++++++++++
 3 files changed, 20 insertions(+)
 create mode 100644 regression/strings-smoke-tests/java_format3/test.class
 create mode 100644 regression/strings-smoke-tests/java_format3/test.desc
 create mode 100644 regression/strings-smoke-tests/java_format3/test.java

diff --git a/regression/strings-smoke-tests/java_format3/test.class b/regression/strings-smoke-tests/java_format3/test.class
new file mode 100644
index 0000000000000000000000000000000000000000..6d235dcccab44f4c171b51e69e00437972477e28
GIT binary patch
literal 898
zcmZuvOHUI~7(KT$oflJE2B@Vzfub!{s!|^aF%r~-SadOlq`10mM;x5a=*-mrVps0m
z`bfZN)V;sS7{5EE6a$O<_@3vS@7~{kzx@PI$6W&w<}{R4%xk!$;j)IZfeIFMWKh*`
zMHp9AEE*WYoQj%(Yq-uZQQ}eLgs~g=(E~T)EzjvNux$oq)%D%@9)nb_Y%$2|LC0ap
zHeBC%((AUI@R>+vuo^*|ds{qog?-?Z<CktkJsPnS#Vb_Z<*v^#Ro<vHcKKUg^SHlL
zv*Xb9cPPwUS{t;e#yTk>W5>MxYLmZC`m4CXpslvO1BQkj^uo6D$Q68a0l6qZOpL=K
z67x%?h=&Zh5%Sa4uG5YQkkg_NYf(=VOQ@U3B1fWIJT!3=w-^eevbEu?9)@8+WwO9h
zaofZlEdK{EkVfDyg0Ra8X}Nq{*YhK;0i%@@$D=rJdfcPgOdV}9tf05bjwr5s^q>s+
zjuW||(>Y{J1B`nVpx4~S41EfTJ`T$jgj~8wU}9RdPmooklhK)8*a!PWmlP&xR}v@D
zpu0IpKpv;b(ow)Pc|`Ghq$wZRv{K3sNKMI-?WSy{?Pl6i?5|K8#XgFkq4iO%TKXQ0
zK4!mTtho>KSK^)=xZh!H=&pXGhEhTzPwj~r!6`Tgl|H|Y$1oC7`2jGBI72zp6gx{f
z4Cl$xk@|zWiVJyYxOgbFp6CF^t;`-y^`XiiAWL7M9hWV-kTmnY7|skCDa`%@@#V4{

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_format3/test.desc b/regression/strings-smoke-tests/java_format3/test.desc
new file mode 100644
index 00000000000..d9461eb09d3
--- /dev/null
+++ b/regression/strings-smoke-tests/java_format3/test.desc
@@ -0,0 +1,8 @@
+CORE
+test.class
+--refine-strings --string-max-length 20
+^EXIT=10$
+^SIGNAL=0$
+^\[.*assertion.1\].* line 7.* SUCCESS$
+^\[.*assertion.2\].* line 9.* FAILURE$
+--
diff --git a/regression/strings-smoke-tests/java_format3/test.java b/regression/strings-smoke-tests/java_format3/test.java
new file mode 100644
index 00000000000..fd88ef5c3b5
--- /dev/null
+++ b/regression/strings-smoke-tests/java_format3/test.java
@@ -0,0 +1,12 @@
+public class test
+{
+    public static String main(int i)
+    {
+        String s = String.format("%3$sar", "a", "r", "b");
+        if(i==0)
+            assert(s.equals("bar"));
+        else
+            assert(!s.equals("bar"));
+        return s;
+    }
+}

From 1d994138f32d91b96b57896f791a9716fc81fee5 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Tue, 18 Jul 2017 11:00:08 +0100
Subject: [PATCH 481/699] Adding test for exception throwing in String.format

This is marked as knownbug as it does not work at the moment.
---
 .../java_format4/test.class                    | Bin 0 -> 939 bytes
 .../strings-smoke-tests/java_format4/test.desc |   8 ++++++++
 .../strings-smoke-tests/java_format4/test.java |  17 +++++++++++++++++
 3 files changed, 25 insertions(+)
 create mode 100644 regression/strings-smoke-tests/java_format4/test.class
 create mode 100644 regression/strings-smoke-tests/java_format4/test.desc
 create mode 100644 regression/strings-smoke-tests/java_format4/test.java

diff --git a/regression/strings-smoke-tests/java_format4/test.class b/regression/strings-smoke-tests/java_format4/test.class
new file mode 100644
index 0000000000000000000000000000000000000000..8adb0b41ad8e853868145112c999e726f94845d2
GIT binary patch
literal 939
zcmaJ<T~8B16g|VX-F8`MDT)XJOQqNrZL9KPAV!0bkW_uBApxI;cCCX;m+WqhzlA^G
zgD<Fw7>)YwZzAfMErJU1VeZ`Td+wR}{^QeE0E<|(V4#r3RTFb*6fMl-S_T$MCdw8}
z6iif1ELgaX8v>(qG7Q}yQhqmlphCIrxorWlC6HQHT@~FGFiPbOfy9d6b_KEx)pZ~B
zcDLQ&iB1;CH~g0LHe{f*ee6s`&sE4CjmQn7C06fB)fJd8HFo4nS@UGKQ)@<n>UNgO
zXI%uq;{3S*PAv2Ty-0brb<cA<(p&R`T^X&uYPoxQ6;3q5C=eKGMzZzdq1=mcnW%Dk
zf%J0AJ6_Ie`n{m#t|`4rMx(82gf@ne6-X9Cr${KdQ`C>QcidJ)gp%EC)KIr!V@P29
zH0S<rN>_uxCkiJH{Rb}z(xXk>v~df!{~Fk*iCjL5cNDmD4vA0y;Hr=Cd|tDsAXhxT
zyueu74OQT_PcW0QsK)@GeG9YvI0nC!$c^hQsTmNO8_FE58gIcnSviDwOJx8fl&RRs
zC!}uo6EKPkv@*DeF?w|I8zh+z)bj(0FEBQZe4_ag$;LaR_A&Sw=H?;N-xd!3aa0cC
zj?<W7HzS@m!HMAC&LWK|dS@^Qhj6Qesxdgs%W~!=jI-9Eb{P|KmpUft1FrB)!Z^Z|
ziK(9q3Eo;vA7Pl1jb~1_UW`kDk-YT*gZnTOuaPj`BXyPm-IrV1_cTuqjRDO50#9+n
AM*si-

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_format4/test.desc b/regression/strings-smoke-tests/java_format4/test.desc
new file mode 100644
index 00000000000..120bf0cf11f
--- /dev/null
+++ b/regression/strings-smoke-tests/java_format4/test.desc
@@ -0,0 +1,8 @@
+KNOWNBUG
+test.class
+--refine-strings --string-max-length 20
+^EXIT=10$
+^SIGNAL=0$
+^\[.*assertion.1\].* line 8.* SUCCESS$
+^\[.*assertion.2\].* line 13.* FAILURE$
+--
diff --git a/regression/strings-smoke-tests/java_format4/test.java b/regression/strings-smoke-tests/java_format4/test.java
new file mode 100644
index 00000000000..bc76a9ee416
--- /dev/null
+++ b/regression/strings-smoke-tests/java_format4/test.java
@@ -0,0 +1,17 @@
+public class test
+{
+    public static String main(String str)
+    {
+        try
+        {
+            String s = String.format("%s %s", "a");
+            assert(false);
+            return s;
+        }
+        catch(java.util.IllegalFormatException e)
+        {
+            assert(false);
+            return str;
+        }
+    }
+}

From ceb8ab71f385a05317982b2b71e0d16e0843d4e6 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Tue, 18 Jul 2017 11:28:17 +0100
Subject: [PATCH 482/699] Adding a test with multiple arguments

Marked as THOROUGH as it takes around 20 seconds to run
---
 .../strings-smoke-tests/java_format5/test.class   | Bin 0 -> 968 bytes
 .../strings-smoke-tests/java_format5/test.desc    |   8 ++++++++
 .../strings-smoke-tests/java_format5/test.java    |  12 ++++++++++++
 3 files changed, 20 insertions(+)
 create mode 100644 regression/strings-smoke-tests/java_format5/test.class
 create mode 100644 regression/strings-smoke-tests/java_format5/test.desc
 create mode 100644 regression/strings-smoke-tests/java_format5/test.java

diff --git a/regression/strings-smoke-tests/java_format5/test.class b/regression/strings-smoke-tests/java_format5/test.class
new file mode 100644
index 0000000000000000000000000000000000000000..66f386a8c3e2b30756df7e1abb64ef067700ef5b
GIT binary patch
literal 968
zcmZuwTT|0O6#lkJn{5cTEKq8_pa{}ZrCy3!iwdGXRb?g)GpSG8G?ZXzHA($1@CSVL
zG6Rm+cYl-Pc#={s1Cu$sd(Q4T-*>*<{Q39o7l1Mz>rgPuk=Ib*nB$n_C~{omxXv-p
zQR29v<0ft;A#j_c96Adc?&wHkR>NH#_fTONotD1uc!AsP_)lD4Hrh^;fz=rji*Cma
z9x^ET!Wx6R(rr2nshZnyUi7vaj`u1&%phuATejDv=Z5}%Pz^R*pK8<s#}BHMy(Qfa
z!+5@4sBOykvecHHR>=%Jx6`6+)*z$v;<U|SGm!S1=kje-Tf=<@zG%1i+39At=h@CP
zH{_BG;pRgC0~t&(q-Xr&AB7I_Up6)!J0NIDW|M`jQyI2S)*{;=Gy_#E8W_Vk;mU^H
zbk<uN1|EQ<$sX2P9?1CA^ST~&98%Hn$iNbokD>OvCUMrg-j*czO8#WquaAWKG^?j7
zmvG+oWSgWLKU!pvLD!f%q`1<iyJpBV9pCkw<^f~UH|Ws@U349n>AfiQ#8^5T_Dm}U
zl!FNxv*eX%W;Dm=_P{>TB8IaxCZZrij@Cy10M6k&c}ZNrMT&&UKM<$$fGc8Y{u7F&
z2-UPy5jU;4NSIbaXr`qJZdzO<O)H%cI*pnbGQYy8<+hRgjNu&=i{i{KQahOXj<mIh
zk>62xtRLRS&>&p=NMK4tFhkJ98Vf|V0u8G~tOY$HoavLoWYq5h{a%+y2ZkxiNFw$Z
ss~WCkz%hLwLpkaZ7!hI@qdU;l4^Wja7(OXUScTd)mO|lX$cf?Vf7GqOH~;_u

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_format5/test.desc b/regression/strings-smoke-tests/java_format5/test.desc
new file mode 100644
index 00000000000..1a77e4be0a5
--- /dev/null
+++ b/regression/strings-smoke-tests/java_format5/test.desc
@@ -0,0 +1,8 @@
+THOROUGH
+test.class
+--refine-strings --string-max-length 20
+^EXIT=10$
+^SIGNAL=0$
+^\[.*assertion.1\].* line 7.* SUCCESS$
+^\[.*assertion.2\].* line 9.* FAILURE$
+--
diff --git a/regression/strings-smoke-tests/java_format5/test.java b/regression/strings-smoke-tests/java_format5/test.java
new file mode 100644
index 00000000000..5078791baa2
--- /dev/null
+++ b/regression/strings-smoke-tests/java_format5/test.java
@@ -0,0 +1,12 @@
+public class test
+{
+    public static String main(boolean b)
+    {
+        String s = String.format("%s%s%s%s%s%s%s%s", "a", "b", "c", "d", "e", "f", "g", "h");
+        if(b)
+            assert(s.equals("abcdefgh"));
+        else
+            assert(!s.equals("abcdefgh"));
+        return s;
+    }
+}

From c172622dbed266d1fdfdd6c3276664bb579c840b Mon Sep 17 00:00:00 2001
From: Lucas Cordeiro <lucasccordeiro@gmail.com>
Date: Thu, 20 Jul 2017 16:31:15 +0100
Subject: [PATCH 483/699] added warning message for incomplete/incorrect goals

---
 src/goto-instrument/cover.cpp | 54 ++++++++++++++++++++++++++---------
 src/goto-instrument/cover.h   |  9 +++---
 2 files changed, 45 insertions(+), 18 deletions(-)

diff --git a/src/goto-instrument/cover.cpp b/src/goto-instrument/cover.cpp
index 95ee5db61e6..ceb2e27e9ad 100644
--- a/src/goto-instrument/cover.cpp
+++ b/src/goto-instrument/cover.cpp
@@ -142,9 +142,9 @@ bool coverage_goalst::get_coverage_goals(
       for(const auto &each_goal : goals_in_json["goals"].array)
       {
         // get and set the bytecode_index
-        irep_idt bytecode_index=
+        irep_idt bytecodeIndex=
           each_goal["sourceLocation"]["bytecode_index"].value;
-        source_location.set_java_bytecode_index(bytecode_index);
+        source_location.set_java_bytecode_index(bytecodeIndex);
 
         // get and set the file
         irep_idt file=each_goal["sourceLocation"]["file"].value;
@@ -166,25 +166,47 @@ bool coverage_goalst::get_coverage_goals(
   return false;
 }
 
+/// store existing goal
+/// \param goal: source location of the existing goal
 void coverage_goalst::add_goal(source_locationt goal)
 {
-  existing_goals.push_back(goal);
+  existing_goals[goal]=false;
+}
+
+/// check whether we have an existing goal that is uncovered
+/// \param msg: message to be printed about the uncovered goal
+void coverage_goalst::check_uncovered_goals(messaget msg)
+{
+  for(auto const &existing_loc : existing_goals)
+  {
+    if(!existing_loc.second)
+    {
+      msg.warning() << "Warning: existing goal in file "
+      << existing_loc.first.get_file()
+      << " line " << existing_loc.first.get_line()
+      << " function " << existing_loc.first.get_function()
+      << " is uncovered" << messaget::eom;
+    }
+  }
 }
 
 /// compare the value of the current goal to the existing ones
 /// \param source_loc: source location of the current goal
 /// \return true : if the current goal exists false : otherwise
-bool coverage_goalst::is_existing_goal(source_locationt source_loc) const
+bool coverage_goalst::is_existing_goal(source_locationt source_loc)
 {
-  for(const auto &existing_loc : existing_goals)
+  for(auto const &existing_loc : existing_goals)
   {
-    if((source_loc.get_file()==existing_loc.get_file()) &&
-       (source_loc.get_function()==existing_loc.get_function()) &&
-       (source_loc.get_line()==existing_loc.get_line()) &&
+    if((source_loc.get_file()==existing_loc.first.get_file()) &&
+       (source_loc.get_function()==existing_loc.first.get_function()) &&
+       (source_loc.get_line()==existing_loc.first.get_line()) &&
        (source_loc.get_java_bytecode_index().empty() ||
          (source_loc.get_java_bytecode_index()==
-           existing_loc.get_java_bytecode_index())))
-        return true;
+           existing_loc.first.get_java_bytecode_index())))
+    {
+      existing_goals[existing_loc.first]=true;
+      return true;
+    }
   }
   return false;
 }
@@ -998,7 +1020,7 @@ void instrument_cover_goals(
   const symbol_tablet &symbol_table,
   goto_programt &goto_program,
   coverage_criteriont criterion,
-  const coverage_goalst &goals,
+  coverage_goalst &goals,
   bool function_only,
   bool ignore_trivial)
 {
@@ -1342,7 +1364,7 @@ void instrument_cover_goals(
   const symbol_tablet &symbol_table,
   goto_functionst &goto_functions,
   coverage_criteriont criterion,
-  const coverage_goalst &goals,
+  coverage_goalst &goals,
   bool function_only,
   bool ignore_trivial)
 {
@@ -1450,10 +1472,10 @@ bool instrument_cover_goals(
   }
 
   // check existing test goals
-  coverage_goalst existing_goals;
+  static coverage_goalst existing_goals;
   if(cmdline.isset("existing-coverage"))
   {
-    msg.status() << "Check existing coverage goals" << messaget::eom;
+    msg.status() << "Add existing coverage goals" << messaget::eom;
     // get file with covered test goals
     const std::string coverage=cmdline.get_value("existing-coverage");
     // get a coverage_goalst object
@@ -1477,6 +1499,10 @@ bool instrument_cover_goals(
       cmdline.isset("no-trivial-tests"));
   }
 
+  // check whether all existing goals have been covered
+  msg.status() << "Checking uncovered goals" << messaget::eom;
+  existing_goals.check_uncovered_goals(msg);
+
   if(cmdline.isset("cover-traces-must-terminate"))
   {
     // instrument an additional goal in CPROVER_START. This will rephrase
diff --git a/src/goto-instrument/cover.h b/src/goto-instrument/cover.h
index 20c67b32ee1..7da53fede6e 100644
--- a/src/goto-instrument/cover.h
+++ b/src/goto-instrument/cover.h
@@ -25,10 +25,11 @@ class coverage_goalst
     message_handlert &message_handler,
     coverage_goalst &goals);
   void add_goal(source_locationt goal);
-  bool is_existing_goal(source_locationt source_loc) const;
+  bool is_existing_goal(source_locationt source_loc);
+  void check_uncovered_goals(messaget msg);
 
 private:
-  std::vector<source_locationt> existing_goals;
+  std::map<source_locationt, bool> existing_goals;
 };
 
 enum class coverage_criteriont
@@ -56,7 +57,7 @@ void instrument_cover_goals(
   const symbol_tablet &symbol_table,
   goto_functionst &goto_functions,
   coverage_criteriont,
-  const coverage_goalst &goals,
+  coverage_goalst &goals,
   bool function_only=false,
   bool ignore_trivial=false);
 
@@ -64,7 +65,7 @@ void instrument_cover_goals(
   const symbol_tablet &symbol_table,
   goto_programt &goto_program,
   coverage_criteriont,
-  const coverage_goalst &goals,
+  coverage_goalst &goals,
   bool function_only=false,
   bool ignore_trivial=false);
 

From 571a720121651f3170241f45dfc1ed908edb32c6 Mon Sep 17 00:00:00 2001
From: Jesse Sigal <jesse.sigal@gmail.com>
Date: Tue, 1 Aug 2017 14:22:56 +0100
Subject: [PATCH 484/699] Shortened the string contains test.

After a change that deleted the constant unfolding for existential axioms (due to being incorrect), this smoke test is too slow. The original code was kept because previously it was there to trigger bugged behaviour that was subsequently fixed.
---
 .../strings-smoke-tests/java_contains/test.desc |   7 +++----
 .../java_contains/test_contains.class           | Bin 825 -> 716 bytes
 .../java_contains/test_contains.java            |  12 +++++++-----
 .../java_contains/test_string_printable.desc    |  10 ++++------
 4 files changed, 14 insertions(+), 15 deletions(-)

diff --git a/regression/strings-smoke-tests/java_contains/test.desc b/regression/strings-smoke-tests/java_contains/test.desc
index b2a9cae2597..158cf338c0a 100644
--- a/regression/strings-smoke-tests/java_contains/test.desc
+++ b/regression/strings-smoke-tests/java_contains/test.desc
@@ -1,12 +1,11 @@
 CORE
 test_contains.class
 --refine-strings --string-max-length 100
-^EXIT=10$
+^EXIT=0$
 ^SIGNAL=0$
 ^\[.*assertion.1\].* line 8.* SUCCESS$
 ^\[.*assertion.2\].* line 9.* SUCCESS$
-^\[.*assertion.3\].* line 12.* FAILURE$
-^\[.*assertion.4\].* line 13.* FAILURE$
-^VERIFICATION FAILED$
+^VERIFICATION SUCCESSFUL$
+--
 --
 Issue: diffblue/test-gen#201
diff --git a/regression/strings-smoke-tests/java_contains/test_contains.class b/regression/strings-smoke-tests/java_contains/test_contains.class
index 078a8565a353a343b0fb50fbfaac5235f1df0516..0319198566d7af33510c5ae08b3eca1841825824 100644
GIT binary patch
delta 369
zcmYL^$x6de7=^!^4oTD0rq$Zo!Ksc_DM;N}Q6Hf`fFwmqMIzYX(swA?xpC>rg$Na0
z_yFQF75^Ji;d1_g^Ph9>Tly>2{hYpk03G&ha@0)f77ZJNMT;ei<qTO?^t@`)w8?17
zn$0>JCY$5ak*bd;?E{yB!oBovz4nzC4BBVm%`g}!5+{D&!KI`y{JwzaJIs)G*kU`X
zs#-;n3ol0DdH*^Hy<spiX*uk$8}-yt^q}^8S&0S8t>`=H5{MH8!J<qJsY+_9^@@7d
zL}mrk@lr|LIZD!N>Ybb>rFNsHahTIwBj#2~M^8rCcbS)69%HKiR{nV<EGmC)omdtM
f#q0#<9y9q!GVy}>ulDP#wNe<)vCg*;n^nI7GLS3}

delta 536
zcmY+A&1(};6vcmUGRd1vUNnhqOlspt)!4MDv5-}%U<CzNg089ynS>Zq$^>QxciN5r
zK*=uaLf37fMGJN>uKM>#@xFmtgvb3j-22Ws_jmSt?)k5aA3uREt3KD5*EBqC`#9Y3
zxa)B*k72>~_cafE^32=jp{D8ch(%3n_i3yey9b?}G8IK>EBG9Awu5lkd7DI|aHz;^
z^!kP}RfW^*O9*;~>y!*jEGueP8yj&vh?3Dbd=W+C$k1j*QA`GL@}WNtlVB9an#YC?
zPyS<i-P;=UC+}3dnA;wN!{n2YF1B7xzNzjTBep=5YL-%}3`(?AB;Js&Az4YzE}ftb
z>>x7|b1A6A?krWQ?dZ9zW+i`}_|E#yDbA+sxNC0RJ*JS`W9|?=WqHN+-jsz?@|!34
zXDK{WciSmkxP&d4lae)sMik%+Z4oUhJuJ3PftParkAi*?7dK_9ihDs*^S-9BZ}tx@
qNmW^?|1;H1)kC>rjww#j?mlkj2z|wQY0&<e#WBz98Rk++xBdbQT~O8l

diff --git a/regression/strings-smoke-tests/java_contains/test_contains.java b/regression/strings-smoke-tests/java_contains/test_contains.java
index e985706e486..0357b3d596b 100644
--- a/regression/strings-smoke-tests/java_contains/test_contains.java
+++ b/regression/strings-smoke-tests/java_contains/test_contains.java
@@ -8,10 +8,12 @@ public static void main(String x)
       assert(s.contains(u));
       assert(!s.contains(t));
 
-      String z = new String(x);
-      if (z.length() > 3)
-        assert(t.contains(z));
-      else
-        assert(z.contains(u));
+      // Too slow now after constant unfolding was deleted due to invalidity.
+      // May be fast enough in the future though.
+      // String z = new String(x);
+      // if (z.length() > 3)
+      //  assert(t.contains(z));
+      // else
+      //  assert(z.contains(u));
    }
 }
diff --git a/regression/strings-smoke-tests/java_contains/test_string_printable.desc b/regression/strings-smoke-tests/java_contains/test_string_printable.desc
index bf36f44ada4..ccd29948c26 100644
--- a/regression/strings-smoke-tests/java_contains/test_string_printable.desc
+++ b/regression/strings-smoke-tests/java_contains/test_string_printable.desc
@@ -1,13 +1,11 @@
 KNOWNBUG
-test_string_printable.class
---refine-strings --string-printable
-^EXIT=10$
+test_contains.class
+--refine-strings --string-max-length 100 --string-printable
+^EXIT=0$
 ^SIGNAL=0$
 ^\[.*assertion.1\].* line 8.* SUCCESS$
 ^\[.*assertion.2\].* line 9.* SUCCESS$
-^\[.*assertion.3\].* line 12.* FAILURE$
-^\[.*assertion.4\].* line 13.* FAILURE$
-^VERIFICATION FAILED$
+^VERIFICATION SUCCESSFUL$
 --
 --
 This should create a huge formula and run out of memory.

From b1531d9528261a0d24c761b07bf62477e57bfc1e Mon Sep 17 00:00:00 2001
From: "Lukasz A.J. Wrona" <lukasz.andrzej.wrona@gmail.com>
Date: Tue, 1 Aug 2017 15:21:24 +0100
Subject: [PATCH 485/699] test.pl - go through all child directories

Fixes a bug where test.pl would ignore directories that contain
valid tests (*.desc and *.java combo) and only test those directories
that contained a file with exact name "test.desc".
---
 regression/test.pl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/regression/test.pl b/regression/test.pl
index a5de48639d7..3118fd375f6 100755
--- a/regression/test.pl
+++ b/regression/test.pl
@@ -184,7 +184,7 @@ ()
   my @list;
 
   opendir CWD, ".";
-  @list = grep { !/^\./ && -d "$_" && !/CVS/ && -s "$_/test.desc" } readdir CWD;
+  @list = grep { !/^\./ && -d "$_" && !/CVS/ } readdir CWD;
   closedir CWD;
 
   @list = sort @list;

From 2456011c4d62f7da67a370ab7eddc8f330d984c3 Mon Sep 17 00:00:00 2001
From: Peter Schrammel <peter.schrammel@diffblue.com>
Date: Tue, 25 Jul 2017 15:02:14 +0200
Subject: [PATCH 486/699] Make configt::set_classpath private

It's only called from within configt.
---
 src/util/config.h | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/util/config.h b/src/util/config.h
index 6fb4a5a2376..992fac2e6bd 100644
--- a/src/util/config.h
+++ b/src/util/config.h
@@ -152,10 +152,11 @@ class configt
 
   bool set(const cmdlinet &cmdline);
 
-  void set_classpath(const std::string &cp);
-
   static irep_idt this_architecture();
   static irep_idt this_operating_system();
+
+private:
+  void set_classpath(const std::string &cp);
 };
 
 extern configt config;

From e59511c9168f04cb21e85642aa8875c1cb4b4efd Mon Sep 17 00:00:00 2001
From: Peter Schrammel <peter.schrammel@diffblue.com>
Date: Tue, 25 Jul 2017 14:53:25 +0200
Subject: [PATCH 487/699] Factorize setting config from symbol table when
 reading goto binaries

---
 src/cbmc/cbmc_parse_options.cpp                       | 3 ---
 src/clobber/clobber_parse_options.cpp                 | 2 --
 src/goto-diff/goto_diff_parse_options.cpp             | 1 -
 src/goto-instrument/goto_instrument_parse_options.cpp | 1 -
 src/goto-programs/initialize_goto_model.cpp           | 3 ---
 src/goto-programs/read_goto_binary.cpp                | 4 ++++
 src/musketeer/musketeer_parse_options.cpp             | 2 --
 7 files changed, 4 insertions(+), 12 deletions(-)

diff --git a/src/cbmc/cbmc_parse_options.cpp b/src/cbmc/cbmc_parse_options.cpp
index 3ea44b82999..902479b7c1f 100644
--- a/src/cbmc/cbmc_parse_options.cpp
+++ b/src/cbmc/cbmc_parse_options.cpp
@@ -677,9 +677,6 @@ int cbmc_parse_optionst::get_goto_program(
       }
     }
 
-    if(!binaries.empty())
-      config.set_from_symbol_table(symbol_table);
-
     if(cmdline.isset("show-symbol-table"))
     {
       show_symbol_table();
diff --git a/src/clobber/clobber_parse_options.cpp b/src/clobber/clobber_parse_options.cpp
index 7915a567caa..ae13320f9cb 100644
--- a/src/clobber/clobber_parse_options.cpp
+++ b/src/clobber/clobber_parse_options.cpp
@@ -208,8 +208,6 @@ bool clobber_parse_optionst::get_goto_program(
            symbol_table, goto_functions, get_message_handler()))
         return true;
 
-      config.set_from_symbol_table(symbol_table);
-
       if(cmdline.isset("show-symbol-table"))
       {
         show_symbol_table();
diff --git a/src/goto-diff/goto_diff_parse_options.cpp b/src/goto-diff/goto_diff_parse_options.cpp
index ee2a74a0b24..94cf6bcbf5e 100644
--- a/src/goto-diff/goto_diff_parse_options.cpp
+++ b/src/goto-diff/goto_diff_parse_options.cpp
@@ -346,7 +346,6 @@ int goto_diff_parse_optionst::get_goto_program(
       return 6;
 
     config.set(cmdline);
-    config.set_from_symbol_table(goto_model.symbol_table);
 
     // This one is done.
     cmdline.args.erase(cmdline.args.begin());
diff --git a/src/goto-instrument/goto_instrument_parse_options.cpp b/src/goto-instrument/goto_instrument_parse_options.cpp
index 92995c74252..a770ffa6666 100644
--- a/src/goto-instrument/goto_instrument_parse_options.cpp
+++ b/src/goto-instrument/goto_instrument_parse_options.cpp
@@ -866,7 +866,6 @@ void goto_instrument_parse_optionst::get_goto_program()
     throw 0;
 
   config.set(cmdline);
-  config.set_from_symbol_table(symbol_table);
 }
 
 void goto_instrument_parse_optionst::instrument_goto_program()
diff --git a/src/goto-programs/initialize_goto_model.cpp b/src/goto-programs/initialize_goto_model.cpp
index df678c522c4..e18f78e70f9 100644
--- a/src/goto-programs/initialize_goto_model.cpp
+++ b/src/goto-programs/initialize_goto_model.cpp
@@ -130,9 +130,6 @@ bool initialize_goto_model(
         return true;
     }
 
-    if(!binaries.empty())
-      config.set_from_symbol_table(goto_model.symbol_table);
-
     msg.status() << "Generating GOTO Program" << messaget::eom;
 
     goto_convert(
diff --git a/src/goto-programs/read_goto_binary.cpp b/src/goto-programs/read_goto_binary.cpp
index 6eaede5fd97..7560ca66e9d 100644
--- a/src/goto-programs/read_goto_binary.cpp
+++ b/src/goto-programs/read_goto_binary.cpp
@@ -26,6 +26,7 @@ Module: Read Goto Programs
 #include <util/tempfile.h>
 #include <util/rename_symbol.h>
 #include <util/base_type.h>
+#include <util/config.h>
 
 #include <langapi/language_ui.h>
 
@@ -382,6 +383,9 @@ bool read_object_and_link(
       linking.object_type_updates))
     return true;
 
+  // reading successful, let's update config
+  config.set_from_symbol_table(symbol_table);
+
   return false;
 }
 
diff --git a/src/musketeer/musketeer_parse_options.cpp b/src/musketeer/musketeer_parse_options.cpp
index 16860e7b20d..1918d939cc5 100644
--- a/src/musketeer/musketeer_parse_options.cpp
+++ b/src/musketeer/musketeer_parse_options.cpp
@@ -138,8 +138,6 @@ void goto_fence_inserter_parse_optionst::get_goto_program(
   if(read_goto_binary(cmdline.args[0],
     symbol_table, goto_functions, get_message_handler()))
     throw 0;
-
-  config.set_from_symbol_table(symbol_table);
 }
 
 void goto_fence_inserter_parse_optionst::instrument_goto_program(

From 71d55ec3b5e1de6bb74b4378137673e0e7206ecb Mon Sep 17 00:00:00 2001
From: Peter Schrammel <peter.schrammel@diffblue.com>
Date: Thu, 20 Jul 2017 22:46:22 +0100
Subject: [PATCH 488/699] Replace BV_ADDR_BITS by config setting

---
 src/goto-programs/json_goto_trace.cpp  |  5 ++--
 src/solvers/flattening/bv_pointers.cpp |  2 +-
 src/solvers/flattening/pointer_logic.h |  2 +-
 src/solvers/smt1/smt1_conv.cpp         | 34 ++++++++++++++-----------
 src/solvers/smt2/smt2_conv.cpp         | 35 +++++++++++++++-----------
 src/util/config.cpp                    |  2 ++
 src/util/config.h                      |  6 +++++
 7 files changed, 52 insertions(+), 34 deletions(-)

diff --git a/src/goto-programs/json_goto_trace.cpp b/src/goto-programs/json_goto_trace.cpp
index 3f4397f3c8e..3580d1a689a 100644
--- a/src/goto-programs/json_goto_trace.cpp
+++ b/src/goto-programs/json_goto_trace.cpp
@@ -15,9 +15,9 @@ Author: Daniel Kroening
 
 #include <util/json_expr.h>
 #include <util/arith_tools.h>
+#include <util/config.h>
 
 #include <langapi/language_util.h>
-#include <solvers/flattening/pointer_logic.h>
 
 #include "json_goto_trace.h"
 
@@ -33,7 +33,8 @@ void remove_pointer_offsets(exprt &src)
     std::string binary_str=id2string(to_constant_expr(src.op0()).get_value());
     // The constant address consists of OBJECT-ID || OFFSET.
     // Shift out the object-identifier bits, leaving only the offset:
-    mp_integer offset=binary2integer(binary_str.substr(BV_ADDR_BITS), false);
+    mp_integer offset=binary2integer(
+      binary_str.substr(config.bv_encoding.object_bits), false);
     src=from_integer(offset, src.type());
   }
   else
diff --git a/src/solvers/flattening/bv_pointers.cpp b/src/solvers/flattening/bv_pointers.cpp
index aeecd21e2bc..bd846bb08af 100644
--- a/src/solvers/flattening/bv_pointers.cpp
+++ b/src/solvers/flattening/bv_pointers.cpp
@@ -96,7 +96,7 @@ bv_pointerst::bv_pointerst(
   boolbvt(_ns, _prop),
   pointer_logic(_ns)
 {
-  object_bits=BV_ADDR_BITS;
+  object_bits=config.bv_encoding.object_bits;
   offset_bits=config.ansi_c.pointer_width-object_bits;
   bits=config.ansi_c.pointer_width;
 }
diff --git a/src/solvers/flattening/pointer_logic.h b/src/solvers/flattening/pointer_logic.h
index a0dc8b7fb50..d094dbd8523 100644
--- a/src/solvers/flattening/pointer_logic.h
+++ b/src/solvers/flattening/pointer_logic.h
@@ -16,7 +16,7 @@ Author: Daniel Kroening, kroening@kroening.com
 #include <util/expr.h>
 #include <util/numbering.h>
 
-#define BV_ADDR_BITS 8
+class namespacet;
 
 class pointer_logict
 {
diff --git a/src/solvers/smt1/smt1_conv.cpp b/src/solvers/smt1/smt1_conv.cpp
index ac2326fbc07..831c9513b89 100644
--- a/src/solvers/smt1/smt1_conv.cpp
+++ b/src/solvers/smt1/smt1_conv.cpp
@@ -19,6 +19,7 @@ Author: Daniel Kroening, kroening@kroening.com
 #include <util/base_type.h>
 #include <util/ieee_float.h>
 #include <util/byte_operators.h>
+#include <util/config.h>
 
 #include <ansi-c/string_constant.h>
 
@@ -152,10 +153,11 @@ exprt smt1_convt::ce_value(
     pointer_logict::pointert p;
     p.object=integer2unsigned(
       binary2integer(
-        value.substr(0, BV_ADDR_BITS), false));
+        value.substr(0, config.bv_encoding.object_bits), false));
 
     p.offset=
-      binary2integer(value.substr(BV_ADDR_BITS, std::string::npos), true);
+      binary2integer(
+        value.substr(config.bv_encoding.object_bits, std::string::npos), true);
 
     result.copy_to_operands(pointer_logic.pointer_expr(p, type));
 
@@ -259,8 +261,10 @@ void smt1_convt::convert_address_of_rec(
   {
     out
       << "(concat"
-      << " bv" << pointer_logic.add_object(expr) << "[" << BV_ADDR_BITS << "]"
-      << " bv0[" << boolbv_width(result_type)-BV_ADDR_BITS << "]"
+      << " bv" << pointer_logic.add_object(expr) << "["
+      << config.bv_encoding.object_bits << "]"
+      << " bv0["
+      << boolbv_width(result_type)-config.bv_encoding.object_bits << "]"
       << ")";
   }
   else if(expr.id()==ID_index)
@@ -886,8 +890,8 @@ void smt1_convt::convert_expr(const exprt &expr, bool bool_as_bv)
     assert(expr.operands().size()==1);
     assert(expr.op0().type().id()==ID_pointer);
     std::size_t op_width=boolbv_width(expr.op0().type());
-    out << "(zero_extend[" << BV_ADDR_BITS << "] (extract["
-        << (op_width-1-BV_ADDR_BITS)
+    out << "(zero_extend[" << config.bv_encoding.object_bits << "] (extract["
+        << (op_width-1-config.bv_encoding.object_bits)
         << ":0] ";
     convert_expr(expr.op0(), true);
     out << "))";
@@ -898,7 +902,7 @@ void smt1_convt::convert_expr(const exprt &expr, bool bool_as_bv)
     assert(expr.operands().size()==1);
     assert(expr.op0().type().id()==ID_pointer);
     std::size_t op_width=boolbv_width(expr.op0().type());
-    signed int ext=boolbv_width(expr.type())-BV_ADDR_BITS;
+    signed int ext=boolbv_width(expr.type())-config.bv_encoding.object_bits;
 
     if(ext>0)
       out << "(zero_extend[" << ext << "] ";
@@ -906,7 +910,7 @@ void smt1_convt::convert_expr(const exprt &expr, bool bool_as_bv)
     out << "(extract["
         << (op_width-1)
         << ":"
-        << op_width-1-BV_ADDR_BITS << "] ";
+        << op_width-1-config.bv_encoding.object_bits << "] ";
     convert_expr(expr.op0(), true);
     out << ")";
 
@@ -930,10 +934,10 @@ void smt1_convt::convert_expr(const exprt &expr, bool bool_as_bv)
 
     out << "(= (extract["
         << (op_width-1)
-        << ":" << op_width-BV_ADDR_BITS << "] ";
+        << ":" << op_width-config.bv_encoding.object_bits << "] ";
     convert_expr(expr.op0(), true);
     out << ") bv" << pointer_logic.get_invalid_object()
-        << "[" << BV_ADDR_BITS << "])";
+        << "[" << config.bv_encoding.object_bits << "])";
 
     // this may have to be converted
     from_bool_end(type, bool_as_bv);
@@ -1850,8 +1854,8 @@ void smt1_convt::convert_constant(
       assert(boolbv_width(expr.type())!=0);
       out << "(concat"
           << " bv" << pointer_logic.get_null_object()
-          << "[" << BV_ADDR_BITS << "]"
-          << " bv0[" << boolbv_width(expr.type())-BV_ADDR_BITS
+          << "[" << config.bv_encoding.object_bits << "]"
+          << " bv0[" << boolbv_width(expr.type())-config.bv_encoding.object_bits
           << "]"
           << ")"; // concat
     }
@@ -1942,14 +1946,14 @@ void smt1_convt::convert_is_dynamic_object(
 
     out << "(let (?obj (extract["
         << (op_width-1)
-        << ":" << op_width-BV_ADDR_BITS << "] ";
+        << ":" << op_width-config.bv_encoding.object_bits << "] ";
     convert_expr(expr.op0(), true);
     out << ")) ";
 
     if(dynamic_objects.size()==1)
     {
       out << "(= bv" << dynamic_objects.front()
-          << "[" << BV_ADDR_BITS << "] ?obj)";
+          << "[" << config.bv_encoding.object_bits << "] ?obj)";
     }
     else
     {
@@ -1957,7 +1961,7 @@ void smt1_convt::convert_is_dynamic_object(
 
       for(const auto &obj : dynamic_objects)
         out << " (= bv" << obj
-            << "[" << BV_ADDR_BITS << "] ?obj)";
+            << "[" << config.bv_encoding.object_bits << "] ?obj)";
 
       out << ")"; // or
     }
diff --git a/src/solvers/smt2/smt2_conv.cpp b/src/solvers/smt2/smt2_conv.cpp
index a26dd2445c6..c077eff105c 100644
--- a/src/solvers/smt2/smt2_conv.cpp
+++ b/src/solvers/smt2/smt2_conv.cpp
@@ -21,6 +21,7 @@ Author: Daniel Kroening, kroening@kroening.com
 #include <util/base_type.h>
 #include <util/string2int.h>
 #include <util/invariant.h>
+#include <util/config.h>
 
 #include <ansi-c/string_constant.h>
 
@@ -141,7 +142,7 @@ void smt2_convt::define_object_size(
   std::size_t pointer_width = boolbv_width(ptr.type());
   std::size_t number = 0;
   std::size_t h=pointer_width-1;
-  std::size_t l=pointer_width-BV_ADDR_BITS;
+  std::size_t l=pointer_width-config.bv_encoding.object_bits;
 
   for(const auto &o : pointer_logic.objects)
   {
@@ -160,9 +161,10 @@ void smt2_convt::define_object_size(
     out << "(assert (implies (= " <<
       "((_ extract " << h << " " << l << ") ";
     convert_expr(ptr);
-    out << ") (_ bv" << number << " " << BV_ADDR_BITS << "))" <<
-      "(= " << id << " (_ bv" << object_size.to_ulong() << " " <<
-      size_width << "))))\n";
+    out << ") (_ bv" << number << " "
+        << config.bv_encoding.object_bits << "))"
+        << "(= " << id << " (_ bv" << object_size.to_ulong() << " "
+        << size_width << "))))\n";
 
     ++number;
   }
@@ -453,7 +455,7 @@ exprt smt2_convt::parse_rec(const irept &src, const typet &_type)
     to_integer(bv_expr, v);
 
     // split into object and offset
-    mp_integer pow=power(2, width-BV_ADDR_BITS);
+    mp_integer pow=power(2, width-config.bv_encoding.object_bits);
     pointer_logict::pointert ptr;
     ptr.object=integer2size_t(v/pow);
     ptr.offset=v%pow;
@@ -486,8 +488,10 @@ void smt2_convt::convert_address_of_rec(
   {
     out
       << "(concat (_ bv"
-      << pointer_logic.add_object(expr) << " " << BV_ADDR_BITS << ")"
-      << " (_ bv0 " << boolbv_width(result_type)-BV_ADDR_BITS << "))";
+      << pointer_logic.add_object(expr) << " "
+      << config.bv_encoding.object_bits << ")"
+      << " (_ bv0 "
+      << boolbv_width(result_type)-config.bv_encoding.object_bits << "))";
   }
   else if(expr.id()==ID_index)
   {
@@ -1305,7 +1309,8 @@ void smt2_convt::convert_expr(const exprt &expr)
   {
     assert(expr.operands().size()==1);
     assert(expr.op0().type().id()==ID_pointer);
-    std::size_t offset_bits=boolbv_width(expr.op0().type())-BV_ADDR_BITS;
+    std::size_t offset_bits=
+      boolbv_width(expr.op0().type())-config.bv_encoding.object_bits;
     std::size_t result_width=boolbv_width(expr.type());
 
     // max extract width
@@ -1327,7 +1332,7 @@ void smt2_convt::convert_expr(const exprt &expr)
   {
     assert(expr.operands().size()==1);
     assert(expr.op0().type().id()==ID_pointer);
-    std::size_t ext=boolbv_width(expr.type())-BV_ADDR_BITS;
+    std::size_t ext=boolbv_width(expr.type())-config.bv_encoding.object_bits;
     std::size_t pointer_width=boolbv_width(expr.op0().type());
 
     if(ext>0)
@@ -1335,7 +1340,7 @@ void smt2_convt::convert_expr(const exprt &expr)
 
     out << "((_ extract "
         << pointer_width-1 << " "
-        << pointer_width-BV_ADDR_BITS << ") ";
+        << pointer_width-config.bv_encoding.object_bits << ") ";
     convert_expr(expr.op0());
     out << ")";
 
@@ -1353,10 +1358,10 @@ void smt2_convt::convert_expr(const exprt &expr)
     std::size_t pointer_width=boolbv_width(expr.op0().type());
     out << "(= ((_ extract "
         << pointer_width-1 << " "
-        << pointer_width-BV_ADDR_BITS << ") ";
+        << pointer_width-config.bv_encoding.object_bits << ") ";
     convert_expr(expr.op0());
     out << ") (_ bv" << pointer_logic.get_invalid_object()
-        << " " << BV_ADDR_BITS << "))";
+        << " " << config.bv_encoding.object_bits << "))";
   }
   else if(expr.id()=="pointer_object_has_type")
   {
@@ -2722,14 +2727,14 @@ void smt2_convt::convert_is_dynamic_object(const exprt &expr)
 
     out << "(let ((?obj ((_ extract "
         << pointer_width-1 << " "
-        << pointer_width-BV_ADDR_BITS << ") ";
+        << pointer_width-config.bv_encoding.object_bits << ") ";
     convert_expr(expr.op0());
     out << "))) ";
 
     if(dynamic_objects.size()==1)
     {
       out << "(= (_ bv" << dynamic_objects.front()
-          << " " << BV_ADDR_BITS << ") ?obj)";
+          << " " << config.bv_encoding.object_bits << ") ?obj)";
     }
     else
     {
@@ -2737,7 +2742,7 @@ void smt2_convt::convert_is_dynamic_object(const exprt &expr)
 
       for(const auto &object : dynamic_objects)
         out << " (= (_ bv" << object
-            << " " << BV_ADDR_BITS << ") ?obj)";
+            << " " << config.bv_encoding.object_bits << ") ?obj)";
 
       out << ")"; // or
     }
diff --git a/src/util/config.cpp b/src/util/config.cpp
index 2422092f4c0..71d5517ca87 100644
--- a/src/util/config.cpp
+++ b/src/util/config.cpp
@@ -730,6 +730,8 @@ bool configt::set(const cmdlinet &cmdline)
 
   cpp.cpp_standard=cppt::default_cpp_standard();
 
+  bv_encoding.object_bits=8;
+
   ansi_c.single_precision_constant=false;
   ansi_c.for_has_scope=true; // C99 or later
   ansi_c.c_standard=ansi_ct::default_c_standard();
diff --git a/src/util/config.h b/src/util/config.h
index 992fac2e6bd..22f8de1df08 100644
--- a/src/util/config.h
+++ b/src/util/config.h
@@ -143,6 +143,12 @@ class configt
     irep_idt main_class;
   } java;
 
+  struct bv_encodingt
+  {
+    // number of bits to encode heap object addresses
+    unsigned object_bits;
+  } bv_encoding;
+
   // this is the function to start executing
   std::string main;
 

From dacf8faf6d3b1d65da8e7ea6959df3f7c15d744d Mon Sep 17 00:00:00 2001
From: Peter Schrammel <peter.schrammel@diffblue.com>
Date: Thu, 20 Jul 2017 23:49:51 +0100
Subject: [PATCH 489/699] Better error message when too many dynamic objects

---
 regression/cbmc/address_space_size_limit1/test.desc | 2 +-
 src/solvers/flattening/bv_pointers.cpp              | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/regression/cbmc/address_space_size_limit1/test.desc b/regression/cbmc/address_space_size_limit1/test.desc
index 9dcfb8970aa..1cb3a86cd65 100644
--- a/regression/cbmc/address_space_size_limit1/test.desc
+++ b/regression/cbmc/address_space_size_limit1/test.desc
@@ -1,5 +1,5 @@
 CORE
 test.c
 --no-simplify --unwind 300
-too many variables
+too many addressed objects
 --
diff --git a/src/solvers/flattening/bv_pointers.cpp b/src/solvers/flattening/bv_pointers.cpp
index bd846bb08af..9a0c330fa32 100644
--- a/src/solvers/flattening/bv_pointers.cpp
+++ b/src/solvers/flattening/bv_pointers.cpp
@@ -683,7 +683,7 @@ void bv_pointerst::add_addr(const exprt &expr, bvt &bv)
   std::size_t a=pointer_logic.add_object(expr);
 
   if(a==(std::size_t(1)<<object_bits))
-    throw "too many variables";
+    throw "too many addressed objects";
 
   encode(a, bv);
 }

From 6e2ee6f0cccbe4a0bfcba2196f3c2c74da41c121 Mon Sep 17 00:00:00 2001
From: "Lukasz A.J. Wrona" <lukasz.andrzej.wrona@gmail.com>
Date: Mon, 31 Jul 2017 16:09:39 +0100
Subject: [PATCH 490/699] Add regression test for issue test-gen/856

---
 regression/strings-smoke-tests/java_equal/test_2.desc      | 7 +++++++
 .../strings-smoke-tests/java_equal/test_equal_2.java       | 7 +++++++
 2 files changed, 14 insertions(+)
 create mode 100644 regression/strings-smoke-tests/java_equal/test_2.desc
 create mode 100644 regression/strings-smoke-tests/java_equal/test_equal_2.java

diff --git a/regression/strings-smoke-tests/java_equal/test_2.desc b/regression/strings-smoke-tests/java_equal/test_2.desc
new file mode 100644
index 00000000000..bfa989a3695
--- /dev/null
+++ b/regression/strings-smoke-tests/java_equal/test_2.desc
@@ -0,0 +1,7 @@
+KNOWNBUG
+test_equal_2.class
+--refine-strings --string-max-length 100 --string-max-length 100
+^EXIT=0$
+^SIGNAL=0$
+--
+https://github.com/diffblue/test-gen/issues/856
diff --git a/regression/strings-smoke-tests/java_equal/test_equal_2.java b/regression/strings-smoke-tests/java_equal/test_equal_2.java
new file mode 100644
index 00000000000..931ed71471a
--- /dev/null
+++ b/regression/strings-smoke-tests/java_equal/test_equal_2.java
@@ -0,0 +1,7 @@
+public class test_equal_2
+{
+   public static void main(String s)
+   {
+       assert(!(s.equals("pi") && s.equals("po")));
+   }
+}

From e525d5b9f01240230e5a8ff099f9f089f8035c4b Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Mon, 31 Jul 2017 16:56:01 +0100
Subject: [PATCH 491/699] Adapt convert_digit_char for the case without radix
 argument

---
 src/java_bytecode/character_refine_preprocess.cpp | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/java_bytecode/character_refine_preprocess.cpp b/src/java_bytecode/character_refine_preprocess.cpp
index 8c0723599d5..d9a896340a6 100644
--- a/src/java_bytecode/character_refine_preprocess.cpp
+++ b/src/java_bytecode/character_refine_preprocess.cpp
@@ -132,9 +132,13 @@ codet character_refine_preprocesst::convert_digit_char(
   conversion_inputt &target)
 {
   const code_function_callt &function_call=target;
-  assert(function_call.arguments().size()==2);
+  PRECONDITION(function_call.arguments().size()>=1);
   const exprt &arg=function_call.arguments()[0];
-  const exprt &radix=function_call.arguments()[1];
+  // If there is no radix argument we set it to 36 which is the maximum possible
+  const exprt &radix=
+    function_call.arguments().size()>1?
+      function_call.arguments()[1]:
+      from_integer(36, arg.type());
   const exprt &result=function_call.lhs();
   const typet &type=result.type();
 

From c59e84670339eda95d44da3e133c3b3e6bfe7fd0 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Wed, 2 Aug 2017 09:03:54 +0100
Subject: [PATCH 492/699] Document convert_digit_char and make precondition
 more precise

---
 src/java_bytecode/character_refine_preprocess.cpp | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/src/java_bytecode/character_refine_preprocess.cpp b/src/java_bytecode/character_refine_preprocess.cpp
index d9a896340a6..bcd3aaa418d 100644
--- a/src/java_bytecode/character_refine_preprocess.cpp
+++ b/src/java_bytecode/character_refine_preprocess.cpp
@@ -126,19 +126,22 @@ codet character_refine_preprocesst::convert_compare(conversion_inputt &target)
 
 
 /// Converts function call to an assignment of an expression corresponding to
-/// the java method Character.digit:(CI)I
+/// the java method Character.digit:(CI)I. The function call has one character
+/// argument and an optional integer radix argument. If the radix is not given
+/// it is set to 36 by default.
 /// \param target: a position in a goto program
+/// \return code assigning the result of the Character.digit function to the
+///         left-hand-side of the given target
 codet character_refine_preprocesst::convert_digit_char(
   conversion_inputt &target)
 {
   const code_function_callt &function_call=target;
-  PRECONDITION(function_call.arguments().size()>=1);
+  const std::size_t nb_args=function_call.arguments().size();
+  PRECONDITION(nb_args==1 || nb_args==2);
   const exprt &arg=function_call.arguments()[0];
   // If there is no radix argument we set it to 36 which is the maximum possible
   const exprt &radix=
-    function_call.arguments().size()>1?
-      function_call.arguments()[1]:
-      from_integer(36, arg.type());
+    nb_args>1?function_call.arguments()[1]:from_integer(36, arg.type());
   const exprt &result=function_call.lhs();
   const typet &type=result.type();
 

From cc01a047a78cc8938b9b48133f05ffbe5b850ce1 Mon Sep 17 00:00:00 2001
From: Lucas Cordeiro <lucasccordeiro@gmail.com>
Date: Thu, 20 Jul 2017 17:06:34 +0100
Subject: [PATCH 493/699] ensured minimal requirements for a goal entry

---
 src/goto-instrument/cover.cpp | 87 +++++++++++++++++++++++++----------
 src/goto-instrument/cover.h   |  5 +-
 2 files changed, 66 insertions(+), 26 deletions(-)

diff --git a/src/goto-instrument/cover.cpp b/src/goto-instrument/cover.cpp
index ceb2e27e9ad..cd43d74f981 100644
--- a/src/goto-instrument/cover.cpp
+++ b/src/goto-instrument/cover.cpp
@@ -108,7 +108,8 @@ class basic_blockst
 bool coverage_goalst::get_coverage_goals(
   const std::string &coverage_file,
   message_handlert &message_handler,
-  coverage_goalst &goals)
+  coverage_goalst &goals,
+  const irep_idt &mode)
 {
   jsont json;
   source_locationt source_location;
@@ -141,22 +142,53 @@ bool coverage_goalst::get_coverage_goals(
       // store the source location for each existing goal
       for(const auto &each_goal : goals_in_json["goals"].array)
       {
-        // get and set the bytecode_index
-        irep_idt bytecodeIndex=
-          each_goal["sourceLocation"]["bytecode_index"].value;
-        source_location.set_java_bytecode_index(bytecodeIndex);
+        // ensure minimal requirements for a goal entry
+        PRECONDITION(
+          (!each_goal["goal"].is_null()) ||
+          (!each_goal["sourceLocation"]["bytecode_index"].is_null()) ||
+          (!each_goal["sourceLocation"]["file"].is_null() &&
+           !each_goal["sourceLocation"]["function"].is_null() &&
+           !each_goal["sourceLocation"]["line"].is_null()));
+
+        // check whether bytecode_index is provided for Java programs
+        if(mode==ID_java &&
+          each_goal["sourceLocation"]["bytecode_index"].is_null())
+        {
+          messaget message(message_handler);
+          message.error() << coverage_file
+                          << " file does not contain bytecode_index"
+                          << messaget::eom;
+          return true;
+        }
 
-        // get and set the file
-        irep_idt file=each_goal["sourceLocation"]["file"].value;
-        source_location.set_file(file);
+        if(!each_goal["sourceLocation"]["bytecode_index"].is_null())
+        {
+          // get and set the bytecode_index
+          irep_idt bytecode_index=
+            each_goal["sourceLocation"]["bytecode_index"].value;
+          source_location.set_java_bytecode_index(bytecode_index);
+        }
 
-        // get and set the function
-        irep_idt function=each_goal["sourceLocation"]["function"].value;
-        source_location.set_function(function);
+        if(!each_goal["sourceLocation"]["file"].is_null())
+        {
+          // get and set the file
+          irep_idt file=each_goal["sourceLocation"]["file"].value;
+          source_location.set_file(file);
+        }
 
-        // get and set the line
-        irep_idt line=each_goal["sourceLocation"]["line"].value;
-        source_location.set_line(line);
+        if(!each_goal["sourceLocation"]["function"].is_null())
+        {
+          // get and set the function
+          irep_idt function=each_goal["sourceLocation"]["function"].value;
+          source_location.set_function(function);
+        }
+
+        if(!each_goal["sourceLocation"]["line"].is_null())
+        {
+          // get and set the line
+          irep_idt line=each_goal["sourceLocation"]["line"].value;
+          source_location.set_line(line);
+        }
 
         // store the existing goal
         goals.add_goal(source_location);
@@ -175,17 +207,18 @@ void coverage_goalst::add_goal(source_locationt goal)
 
 /// check whether we have an existing goal that is uncovered
 /// \param msg: message to be printed about the uncovered goal
-void coverage_goalst::check_uncovered_goals(messaget msg)
+void coverage_goalst::check_uncovered_goals(messaget &msg)
 {
-  for(auto const &existing_loc : existing_goals)
+  for(const auto &existing_loc : existing_goals)
   {
     if(!existing_loc.second)
     {
-      msg.warning() << "Warning: existing goal in file "
-      << existing_loc.first.get_file()
-      << " line " << existing_loc.first.get_line()
-      << " function " << existing_loc.first.get_function()
-      << " is uncovered" << messaget::eom;
+      msg.warning()
+        << "Warning: existing goal in file "
+        << existing_loc.first.get_file()
+        << " line " << existing_loc.first.get_line()
+        << " function " << existing_loc.first.get_function()
+        << " is uncovered" << messaget::eom;
     }
   }
 }
@@ -195,7 +228,7 @@ void coverage_goalst::check_uncovered_goals(messaget msg)
 /// \return true : if the current goal exists false : otherwise
 bool coverage_goalst::is_existing_goal(source_locationt source_loc)
 {
-  for(auto const &existing_loc : existing_goals)
+  for(const auto &existing_loc : existing_goals)
   {
     if((source_loc.get_file()==existing_loc.first.get_file()) &&
        (source_loc.get_function()==existing_loc.first.get_function()) &&
@@ -1472,14 +1505,20 @@ bool instrument_cover_goals(
   }
 
   // check existing test goals
-  static coverage_goalst existing_goals;
+  coverage_goalst existing_goals;
   if(cmdline.isset("existing-coverage"))
   {
+    // get the mode to ensure invariants
+    // (e.g., bytecode_index for Java programs)
+    namespacet ns(symbol_table);
+    const irep_idt &mode=ns.lookup(goto_functions.entry_point()).mode;
+
     msg.status() << "Add existing coverage goals" << messaget::eom;
     // get file with covered test goals
     const std::string coverage=cmdline.get_value("existing-coverage");
     // get a coverage_goalst object
-    if(coverage_goalst::get_coverage_goals(coverage, msgh, existing_goals))
+    if(coverage_goalst::get_coverage_goals(
+       coverage, msgh, existing_goals, mode))
     {
       msg.error() << "get_coverage_goals failed" << messaget::eom;
       return true;
diff --git a/src/goto-instrument/cover.h b/src/goto-instrument/cover.h
index 7da53fede6e..81eb8a8d959 100644
--- a/src/goto-instrument/cover.h
+++ b/src/goto-instrument/cover.h
@@ -23,10 +23,11 @@ class coverage_goalst
   static bool get_coverage_goals(
     const std::string &coverage,
     message_handlert &message_handler,
-    coverage_goalst &goals);
+    coverage_goalst &goals,
+    const irep_idt &mode);
   void add_goal(source_locationt goal);
   bool is_existing_goal(source_locationt source_loc);
-  void check_uncovered_goals(messaget msg);
+  void check_uncovered_goals(messaget &msg);
 
 private:
   std::map<source_locationt, bool> existing_goals;

From 4928ef657a5a0668e5e7f19930658f10f98da017 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Wed, 2 Aug 2017 08:56:15 +0100
Subject: [PATCH 494/699] Regression tests for Character.getNumericValue

This used to make CBMC crash but is now evaluated correctly.
---
 .../strings/CharacterGetNumericValue/test.class   | Bin 0 -> 631 bytes
 .../strings/CharacterGetNumericValue/test.desc    |   9 +++++++++
 .../strings/CharacterGetNumericValue/test.java    |  12 ++++++++++++
 3 files changed, 21 insertions(+)
 create mode 100644 regression/strings/CharacterGetNumericValue/test.class
 create mode 100644 regression/strings/CharacterGetNumericValue/test.desc
 create mode 100644 regression/strings/CharacterGetNumericValue/test.java

diff --git a/regression/strings/CharacterGetNumericValue/test.class b/regression/strings/CharacterGetNumericValue/test.class
new file mode 100644
index 0000000000000000000000000000000000000000..565d2d522b743744f31d89f507070d075d652f93
GIT binary patch
literal 631
zcmYjNT}vB56g{)M$t3IAtY0zJ+WPen74${0&`^}Lf?(T+6hZqm*$i=Xvys_}KgJh*
z5Pa4`EiLG~ze!5(Y>g=kGqdNOd+s^+;m@x-0P9%vQNTnId6a!jqQddghldG{DIe2#
z#WBM$wkXn6YNNVI`az|l8Os&}J7CDyRHDp#2DiGj$KchwEy+;YRf+uE>oleQYROdS
z2$e9DtKW8y#Hm<|Mbcht7_E}_JKH$iFd{nsBu<|Ag<2FpDf^9XPe*cFS)HPhsadrW
z0frC+D8lD>9pDXS87c$qt-j%pT6Z-Wu#FsZ0p_v55Du7MnnyA+6mkI74}}(yk<?de
zOG8PdR?(h_dp1h7zO+My|L8HThr+dFs<do9kETqfM+Mr=0p@7M1zI@^E7ml<Trit~
z&SCnSp_|d2TfPOmwnV(3GoOJJ93_PGw$u(B`hd5gs4d@lmzcVNbB2}apKwF}9P_{7
z?cXAIpTXn*;0p}(VXN+B>Sg4z87??YC}5V1ZIG!ELOGmAT56f#(Px+InH^wcH2(wq
b4BWed=YEGX(Cj<58aX(@rp+~$jU4|A>=t;y

literal 0
HcmV?d00001

diff --git a/regression/strings/CharacterGetNumericValue/test.desc b/regression/strings/CharacterGetNumericValue/test.desc
new file mode 100644
index 00000000000..9f34df46fd6
--- /dev/null
+++ b/regression/strings/CharacterGetNumericValue/test.desc
@@ -0,0 +1,9 @@
+CORE
+test.class
+--refine-strings
+^EXIT=10$
+^SIGNAL=0$
+assertion at file test.java line 8 .* SUCCESS$
+assertion at file test.java line 10 .* FAILURE$
+--
+^warning: ignoring
diff --git a/regression/strings/CharacterGetNumericValue/test.java b/regression/strings/CharacterGetNumericValue/test.java
new file mode 100644
index 00000000000..b4fe441de04
--- /dev/null
+++ b/regression/strings/CharacterGetNumericValue/test.java
@@ -0,0 +1,12 @@
+public class test
+{
+
+    public static void main(String[] args)
+    {
+        char c = 'a';
+        if(args.length>1)
+            assert Character.getNumericValue(c) == 10;
+        else
+            assert Character.getNumericValue(c) != 10;
+    }
+}

From 84f0af1981c8157251dc3ea084409e10fc0fda5a Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Tue, 1 Aug 2017 13:26:17 +0100
Subject: [PATCH 495/699] Fix axioms introduced for StringBuilder.setLength

The length of the result and input of the functions where used in the
wrong place.
---
 ...ng_constraint_generator_transformation.cpp | 28 +++++++++----------
 1 file changed, 14 insertions(+), 14 deletions(-)

diff --git a/src/solvers/refinement/string_constraint_generator_transformation.cpp b/src/solvers/refinement/string_constraint_generator_transformation.cpp
index 094cf5a0ac8..f835ec5b646 100644
--- a/src/solvers/refinement/string_constraint_generator_transformation.cpp
+++ b/src/solvers/refinement/string_constraint_generator_transformation.cpp
@@ -14,14 +14,14 @@ Author: Romain Brenguier, romain.brenguier@diffblue.com
 #include <solvers/refinement/string_refinement_invariant.h>
 #include <solvers/refinement/string_constraint_generator.h>
 
-/// add axioms to say that the returned string expression has length given by
-/// the second argument and whose characters are equal to those of the first
-/// argument for the positions which are defined in both strings
-/// \par parameters: function application with two arguments, the first of which
-///   is
-/// a string and the second an integer which should have same type has
-/// return by get_index_type()
-/// \return a new string expression
+/// add axioms to say that the returned string expression `res` has length `k`
+/// and characters at position `i` in `res` are equal to the character at
+/// position `i` in `s1` if `i` is smaller that the length of `s1`, otherwise
+/// it is the null character `\u0000`.
+/// \param f: function application with two arguments, the first of which
+///        is a string `s1` and the second an integer `k` which should have
+///        same type as the string length
+/// \return a new string expression `res`
 string_exprt string_constraint_generatort::add_axioms_for_set_length(
   const function_application_exprt &f)
 {
@@ -32,8 +32,8 @@ string_exprt string_constraint_generatort::add_axioms_for_set_length(
 
   // We add axioms:
   // a1 : |res|=k
-  // a2 : forall i<|s1|. i < |res|  ==> res[i] = s1[i]
-  // a3 : forall i<|s1|. i >= |res| ==> res[i] = 0
+  // a2 : forall i<|res|. i < |s1|  ==> res[i] = s1[i]
+  // a3 : forall i<|res|. i >= |s1| ==> res[i] = 0
 
   axioms.push_back(res.axiom_for_has_length(k));
 
@@ -41,8 +41,8 @@ string_exprt string_constraint_generatort::add_axioms_for_set_length(
     "QA_index_set_length", ref_type.get_index_type());
   string_constraintt a2(
     idx,
-    s1.length(),
-    res.axiom_for_is_strictly_longer_than(idx),
+    res.length(),
+    s1.axiom_for_is_strictly_longer_than(idx),
     equal_exprt(s1[idx], res[idx]));
   axioms.push_back(a2);
 
@@ -50,8 +50,8 @@ string_exprt string_constraint_generatort::add_axioms_for_set_length(
     "QA_index_set_length2", ref_type.get_index_type());
   string_constraintt a3(
     idx2,
-    s1.length(),
-    res.axiom_for_is_shorter_than(idx2),
+    res.length(),
+    s1.axiom_for_is_shorter_than(idx2),
     equal_exprt(res[idx2], constant_char(0, ref_type.get_char_type())));
   axioms.push_back(a3);
 

From 84b0c58e9d59e36d108d1c918f4ec617e9e99f52 Mon Sep 17 00:00:00 2001
From: Peter Schrammel <peter.schrammel@diffblue.com>
Date: Thu, 20 Jul 2017 23:44:56 +0100
Subject: [PATCH 496/699] Allow specifying object-bits via command line and
 language defaults

---
 .../cbmc/address_space_size_limit1/test.desc  |  2 +-
 src/cbmc/cbmc_parse_options.cpp               |  1 +
 src/cbmc/cbmc_parse_options.h                 |  1 +
 src/langapi/language_ui.cpp                   |  3 ++
 src/solvers/flattening/bv_pointers.cpp        |  8 ++-
 src/util/config.cpp                           | 49 ++++++++++++++++++-
 src/util/config.h                             | 11 +++++
 7 files changed, 71 insertions(+), 4 deletions(-)

diff --git a/regression/cbmc/address_space_size_limit1/test.desc b/regression/cbmc/address_space_size_limit1/test.desc
index 1cb3a86cd65..d0d0ed3c04e 100644
--- a/regression/cbmc/address_space_size_limit1/test.desc
+++ b/regression/cbmc/address_space_size_limit1/test.desc
@@ -1,5 +1,5 @@
 CORE
 test.c
---no-simplify --unwind 300
+--no-simplify --unwind 300 --object-bits 8
 too many addressed objects
 --
diff --git a/src/cbmc/cbmc_parse_options.cpp b/src/cbmc/cbmc_parse_options.cpp
index 902479b7c1f..bd9396baa69 100644
--- a/src/cbmc/cbmc_parse_options.cpp
+++ b/src/cbmc/cbmc_parse_options.cpp
@@ -1095,6 +1095,7 @@ void cbmc_parse_optionst::help()
     " --graphml-witness filename   write the witness in GraphML format to filename\n" // NOLINT(*)
     "\n"
     "Backend options:\n"
+    " --object-bits n              number of bits used for object addresses\n"
     " --dimacs                     generate CNF in DIMACS format\n"
     " --beautify                   beautify the counterexample (greedy heuristic)\n" // NOLINT(*)
     " --localize-faults            localize faults (experimental)\n"
diff --git a/src/cbmc/cbmc_parse_options.h b/src/cbmc/cbmc_parse_options.h
index 145ff8e6e77..0a367ccc60d 100644
--- a/src/cbmc/cbmc_parse_options.h
+++ b/src/cbmc/cbmc_parse_options.h
@@ -31,6 +31,7 @@ class optionst;
   "(debug-level):(no-propagation)(no-simplify-if)" \
   "(document-subgoals)(outfile):(test-preprocessor)" \
   "D:I:(c89)(c99)(c11)(cpp89)(cpp99)(cpp11)" \
+  "(object-bits):" \
   "(classpath):(cp):(main-class):" \
   "(depth):(partial-loops)(no-unwinding-assertions)(unwinding-assertions)" \
   OPT_GOTO_CHECK \
diff --git a/src/langapi/language_ui.cpp b/src/langapi/language_ui.cpp
index fe24dff1887..33916adb0f6 100644
--- a/src/langapi/language_ui.cpp
+++ b/src/langapi/language_ui.cpp
@@ -14,6 +14,7 @@ Author: Daniel Kroening, kroening@cs.cmu.edu
 #include <util/namespace.h>
 #include <util/language.h>
 #include <util/cmdline.h>
+#include <util/config.h>
 #include <util/unicode.h>
 
 #include "language_ui.h"
@@ -125,6 +126,8 @@ bool language_uit::final()
     return true;
   }
 
+  config.set_object_bits_from_symbol_table(symbol_table);
+
   return false;
 }
 
diff --git a/src/solvers/flattening/bv_pointers.cpp b/src/solvers/flattening/bv_pointers.cpp
index 9a0c330fa32..fdc0a6780e5 100644
--- a/src/solvers/flattening/bv_pointers.cpp
+++ b/src/solvers/flattening/bv_pointers.cpp
@@ -682,8 +682,12 @@ void bv_pointerst::add_addr(const exprt &expr, bvt &bv)
 {
   std::size_t a=pointer_logic.add_object(expr);
 
-  if(a==(std::size_t(1)<<object_bits))
-    throw "too many addressed objects";
+  const std::size_t max_objects=std::size_t(1)<<object_bits;
+  if(a==max_objects)
+    throw
+      "too many addressed objects: maximum number of objects is set to 2^n="+
+      std::to_string(max_objects)+" (with n="+std::to_string(object_bits)+"); "+
+      "use the `--object-bits n` option to increase the maximum number";
 
   encode(a, bv);
 }
diff --git a/src/util/config.cpp b/src/util/config.cpp
index 71d5517ca87..59a596d9436 100644
--- a/src/util/config.cpp
+++ b/src/util/config.cpp
@@ -17,6 +17,7 @@ Author: Daniel Kroening, kroening@kroening.com
 #include "simplify_expr.h"
 #include "std_expr.h"
 #include "cprover_prefix.h"
+#include "string2int.h"
 
 configt config;
 
@@ -730,7 +731,9 @@ bool configt::set(const cmdlinet &cmdline)
 
   cpp.cpp_standard=cppt::default_cpp_standard();
 
-  bv_encoding.object_bits=8;
+  bv_encoding.object_bits=bv_encoding.default_object_bits;
+  // This will allow us to override by language defaults later.
+  bv_encoding.is_object_bits_default=true;
 
   ansi_c.single_precision_constant=false;
   ansi_c.for_has_scope=true; // C99 or later
@@ -1012,6 +1015,20 @@ bool configt::set(const cmdlinet &cmdline)
   if(cmdline.isset("round-to-zero"))
     ansi_c.rounding_mode=ieee_floatt::ROUND_TO_ZERO;
 
+  if(cmdline.isset("object-bits"))
+  {
+    bv_encoding.object_bits=
+      unsafe_string2unsigned(cmdline.get_value("object-bits"));
+    bv_encoding.is_object_bits_default=false;
+
+    if(!(0<bv_encoding.object_bits &&
+         bv_encoding.object_bits<ansi_c.pointer_width))
+    {
+      throw "object-bits must be positive and less than the pointer width ("+
+        std::to_string(ansi_c.pointer_width)+") ";
+    }
+  }
+
   return false;
 }
 
@@ -1145,6 +1162,36 @@ void configt::set_from_symbol_table(
 
   // mode, preprocessor (and all preprocessor command line options),
   // lib, string_abstraction not stored in namespace
+
+  set_object_bits_from_symbol_table(symbol_table);
+}
+
+/// Sets the number of bits used for object addresses
+/// \param symbol_table The symbol table
+void configt::set_object_bits_from_symbol_table(
+  const symbol_tablet &symbol_table)
+{
+  // has been overridden by command line option,
+  //   thus do not apply language defaults
+  if(!bv_encoding.is_object_bits_default)
+    return;
+
+  // set object_bits according to entry point language
+  if(symbol_table.has_symbol(CPROVER_PREFIX "_start"))
+  {
+    const symbolt &entry_point_symbol=
+      symbol_table.lookup(CPROVER_PREFIX "_start");
+
+    if(entry_point_symbol.mode==ID_java)
+      bv_encoding.object_bits=java.default_object_bits;
+    else if(entry_point_symbol.mode==ID_C)
+      bv_encoding.object_bits=ansi_c.default_object_bits;
+    else if(entry_point_symbol.mode==ID_cpp)
+      bv_encoding.object_bits=cpp.default_object_bits;
+    DATA_INVARIANT(
+      0<bv_encoding.object_bits && bv_encoding.object_bits<ansi_c.pointer_width,
+      "object_bits should fit into pointer width");
+  }
 }
 
 irep_idt configt::this_architecture()
diff --git a/src/util/config.h b/src/util/config.h
index 22f8de1df08..30903aa2f2e 100644
--- a/src/util/config.h
+++ b/src/util/config.h
@@ -118,6 +118,8 @@ class configt
     libt lib;
 
     bool string_abstraction;
+
+    static const unsigned default_object_bits=8;
   } ansi_c;
 
   struct cppt
@@ -129,6 +131,8 @@ class configt
     void set_cpp03() { cpp_standard=cpp_standardt::CPP03; }
     void set_cpp11() { cpp_standard=cpp_standardt::CPP11; }
     void set_cpp14() { cpp_standard=cpp_standardt::CPP14; }
+
+    static const unsigned default_object_bits=8;
   } cpp;
 
   struct verilogt
@@ -141,12 +145,17 @@ class configt
     typedef std::list<std::string> classpatht;
     classpatht classpath;
     irep_idt main_class;
+
+    static const unsigned default_object_bits=16;
   } java;
 
   struct bv_encodingt
   {
     // number of bits to encode heap object addresses
     unsigned object_bits;
+    bool is_object_bits_default;
+
+    static const unsigned default_object_bits=8;
   } bv_encoding;
 
   // this is the function to start executing
@@ -158,6 +167,8 @@ class configt
 
   bool set(const cmdlinet &cmdline);
 
+  void set_object_bits_from_symbol_table(const symbol_tablet &);
+
   static irep_idt this_architecture();
   static irep_idt this_operating_system();
 

From f8bf577ce7277e9246e551b2e4c0f728d4567bd5 Mon Sep 17 00:00:00 2001
From: Peter Schrammel <peter.schrammel@diffblue.com>
Date: Wed, 2 Aug 2017 15:28:43 +0100
Subject: [PATCH 497/699] Catch command line parsing exceptions

---
 src/cbmc/cbmc_parse_options.cpp | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/src/cbmc/cbmc_parse_options.cpp b/src/cbmc/cbmc_parse_options.cpp
index bd9396baa69..215f6abacf9 100644
--- a/src/cbmc/cbmc_parse_options.cpp
+++ b/src/cbmc/cbmc_parse_options.cpp
@@ -448,7 +448,23 @@ int cbmc_parse_optionst::doit()
   //
 
   optionst options;
-  get_command_line_options(options);
+  try
+  {
+    get_command_line_options(options);
+  }
+
+  catch(const char *error_msg)
+  {
+    error() << error_msg << eom;
+    return 6; // should contemplate EX_SOFTWARE from sysexits.h
+  }
+
+  catch(const std::string error_msg)
+  {
+    error() << error_msg << eom;
+    return 6; // should contemplate EX_SOFTWARE from sysexits.h
+  }
+
   eval_verbosity();
 
   //

From d122cfb3fe1cced0745b35d74569a4d490b78873 Mon Sep 17 00:00:00 2001
From: Peter Schrammel <peter.schrammel@diffblue.com>
Date: Fri, 21 Jul 2017 00:15:35 +0100
Subject: [PATCH 498/699] Add java address space limits tests

---
 .../address_space_size_limit1/Test.class          | Bin 0 -> 640 bytes
 .../cbmc-java/address_space_size_limit1/Test.java |  13 +++++++++++++
 .../cbmc-java/address_space_size_limit1/test.desc |   5 +++++
 .../address_space_size_limit2/Test.class          | Bin 0 -> 640 bytes
 .../cbmc-java/address_space_size_limit2/Test.java |  13 +++++++++++++
 .../cbmc-java/address_space_size_limit2/test.desc |   8 ++++++++
 6 files changed, 39 insertions(+)
 create mode 100644 regression/cbmc-java/address_space_size_limit1/Test.class
 create mode 100644 regression/cbmc-java/address_space_size_limit1/Test.java
 create mode 100644 regression/cbmc-java/address_space_size_limit1/test.desc
 create mode 100644 regression/cbmc-java/address_space_size_limit2/Test.class
 create mode 100644 regression/cbmc-java/address_space_size_limit2/Test.java
 create mode 100644 regression/cbmc-java/address_space_size_limit2/test.desc

diff --git a/regression/cbmc-java/address_space_size_limit1/Test.class b/regression/cbmc-java/address_space_size_limit1/Test.class
new file mode 100644
index 0000000000000000000000000000000000000000..5f81fc826ffa983a71fe170b00828a9d1b6ffa96
GIT binary patch
literal 640
zcmYL{T~8B16o%ikv)yU83zV<6bhQW~Rzf5(B%06|3~EAB<f6m`xZ1W8GElZ=cWd|o
z{0eSNyy4o<CKC1D-@;$;<IGy^#q60m=bh)gXR<$jefb7p9d}*iP{~2Sm$>0_ylD<q
ziFp?eDlTqeL1K|WXS}uv(@Q}dt0>XEFn+4zpw(3!t{f1Yx(;>nm|)ko@4e)()$1t2
zL_>$_MgO#=qCKPL!fBvGLa}z(I1XM1Yuz9`T5Bee4v#j>#j$1*v`=<|SE*j&HX&PY
zcZYOQGa9$q>ql+%TpM6+PsPc7!}2hWk_Q)gZey}0G2y|(7@<7s_T=9T&!VUoNi2D|
zgJnWtB-w2pt9C+=hYbVT;7LZstuDU;kI+%Ej#TGAj-4lcF0jc1EbvR__?azU><B27
zjS)TxUhE6pkavr$NHr@1(2D;F);rD;Ci&}d1Z?I^VS1?VBa;#y6{=q$c0}DTRNrD|
z)xUz+_Xn_>=R}vkuiqncfmwf5JopIf4f0oT_6LyP4c$uV73PE44*MHtZ*v^ydH0aL
z&2S|T@e^5+m@Sr&MG>W;h4s`HFgYbYBYOd9U&0n2kQuT6I;WJAf#q%TUxISldhQRu
C&~X6(

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/address_space_size_limit1/Test.java b/regression/cbmc-java/address_space_size_limit1/Test.java
new file mode 100644
index 00000000000..4f60b51e973
--- /dev/null
+++ b/regression/cbmc-java/address_space_size_limit1/Test.java
@@ -0,0 +1,13 @@
+public class Test {
+    int x;
+    Test(int x) { this.x = x; }
+
+    public static void main(String[] args) {
+        int i;
+        Test[] tests = new Test[30];
+        for(i = 0; i < 30; ++i) {
+            tests[i] = new Test(i);
+        }
+        assert i == tests[0].x;
+    }
+}
diff --git a/regression/cbmc-java/address_space_size_limit1/test.desc b/regression/cbmc-java/address_space_size_limit1/test.desc
new file mode 100644
index 00000000000..d08ff5b05c1
--- /dev/null
+++ b/regression/cbmc-java/address_space_size_limit1/test.desc
@@ -0,0 +1,5 @@
+CORE
+Test.class
+--object-bits 4
+too many addressed objects
+--
diff --git a/regression/cbmc-java/address_space_size_limit2/Test.class b/regression/cbmc-java/address_space_size_limit2/Test.class
new file mode 100644
index 0000000000000000000000000000000000000000..5f81fc826ffa983a71fe170b00828a9d1b6ffa96
GIT binary patch
literal 640
zcmYL{T~8B16o%ikv)yU83zV<6bhQW~Rzf5(B%06|3~EAB<f6m`xZ1W8GElZ=cWd|o
z{0eSNyy4o<CKC1D-@;$;<IGy^#q60m=bh)gXR<$jefb7p9d}*iP{~2Sm$>0_ylD<q
ziFp?eDlTqeL1K|WXS}uv(@Q}dt0>XEFn+4zpw(3!t{f1Yx(;>nm|)ko@4e)()$1t2
zL_>$_MgO#=qCKPL!fBvGLa}z(I1XM1Yuz9`T5Bee4v#j>#j$1*v`=<|SE*j&HX&PY
zcZYOQGa9$q>ql+%TpM6+PsPc7!}2hWk_Q)gZey}0G2y|(7@<7s_T=9T&!VUoNi2D|
zgJnWtB-w2pt9C+=hYbVT;7LZstuDU;kI+%Ej#TGAj-4lcF0jc1EbvR__?azU><B27
zjS)TxUhE6pkavr$NHr@1(2D;F);rD;Ci&}d1Z?I^VS1?VBa;#y6{=q$c0}DTRNrD|
z)xUz+_Xn_>=R}vkuiqncfmwf5JopIf4f0oT_6LyP4c$uV73PE44*MHtZ*v^ydH0aL
z&2S|T@e^5+m@Sr&MG>W;h4s`HFgYbYBYOd9U&0n2kQuT6I;WJAf#q%TUxISldhQRu
C&~X6(

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/address_space_size_limit2/Test.java b/regression/cbmc-java/address_space_size_limit2/Test.java
new file mode 100644
index 00000000000..4f60b51e973
--- /dev/null
+++ b/regression/cbmc-java/address_space_size_limit2/Test.java
@@ -0,0 +1,13 @@
+public class Test {
+    int x;
+    Test(int x) { this.x = x; }
+
+    public static void main(String[] args) {
+        int i;
+        Test[] tests = new Test[30];
+        for(i = 0; i < 30; ++i) {
+            tests[i] = new Test(i);
+        }
+        assert i == tests[0].x;
+    }
+}
diff --git a/regression/cbmc-java/address_space_size_limit2/test.desc b/regression/cbmc-java/address_space_size_limit2/test.desc
new file mode 100644
index 00000000000..9cf9d12a7f7
--- /dev/null
+++ b/regression/cbmc-java/address_space_size_limit2/test.desc
@@ -0,0 +1,8 @@
+CORE
+Test.class
+--object-bits 8
+^EXIT=10$
+^SIGNAL=0$
+^VERIFICATION FAILED$
+^\[java::Test.main:\(\[Ljava/lang/String;\)V.assertion.1\] .*: FAILURE$
+--

From 28d478d4848aaf65fa6917683d288aae3da2b3c2 Mon Sep 17 00:00:00 2001
From: Peter Schrammel <peter.schrammel@diffblue.com>
Date: Fri, 21 Jul 2017 00:35:28 +0100
Subject: [PATCH 499/699] Tests for overflows in pointer arithmetic

One is detected with --pointer-check enabled,
the other one is currently not detected.
---
 .../cbmc/address_space_size_limit2/test.c     |  10 ++
 .../cbmc/address_space_size_limit2/test.desc  |   5 +
 .../cbmc/address_space_size_limit3/main.c     | 136 ++++++++++++++++++
 .../cbmc/address_space_size_limit3/test.desc  |  11 ++
 4 files changed, 162 insertions(+)
 create mode 100644 regression/cbmc/address_space_size_limit2/test.c
 create mode 100644 regression/cbmc/address_space_size_limit2/test.desc
 create mode 100644 regression/cbmc/address_space_size_limit3/main.c
 create mode 100644 regression/cbmc/address_space_size_limit3/test.desc

diff --git a/regression/cbmc/address_space_size_limit2/test.c b/regression/cbmc/address_space_size_limit2/test.c
new file mode 100644
index 00000000000..c35cc13da7f
--- /dev/null
+++ b/regression/cbmc/address_space_size_limit2/test.c
@@ -0,0 +1,10 @@
+#include <stdlib.h>
+#include <assert.h>
+
+int main(int argc, char** argv)
+{
+  char* c=(char*)malloc(10);
+  char* d=c;
+  for(char i=0; i<10; i++, d++);
+  assert((size_t)d==(size_t)c+10);
+}
diff --git a/regression/cbmc/address_space_size_limit2/test.desc b/regression/cbmc/address_space_size_limit2/test.desc
new file mode 100644
index 00000000000..63d05de2268
--- /dev/null
+++ b/regression/cbmc/address_space_size_limit2/test.desc
@@ -0,0 +1,5 @@
+KNOWNBUG
+test.c
+--32 --object-bits 31 --unwind 11 --no-simplify
+dynamic object too large
+--
diff --git a/regression/cbmc/address_space_size_limit3/main.c b/regression/cbmc/address_space_size_limit3/main.c
new file mode 100644
index 00000000000..6c62d538ee5
--- /dev/null
+++ b/regression/cbmc/address_space_size_limit3/main.c
@@ -0,0 +1,136 @@
+// copy of Pointer_Arithmetic12
+
+#include <stdint.h>
+
+#include <assert.h>
+
+uint32_t __stack[32];
+
+uint32_t eax;
+uint32_t ebp;
+uint32_t ebx;
+uint32_t ecx;
+uint32_t edi;
+uint32_t edx;
+uint32_t esi;
+uint32_t esp=(uint32_t)&(__stack[31]);
+uint32_t var0;
+uint32_t var1;
+uint32_t var10;
+uint32_t var11;
+uint32_t var12;
+uint32_t var13;
+uint32_t var14;
+uint32_t var15;
+uint32_t var16;
+uint32_t var2;
+uint32_t var3;
+uint32_t var4;
+uint32_t var5;
+uint32_t var6;
+uint32_t var7;
+uint32_t var8;
+uint32_t var9;
+
+void g__L_0x3b4_0()
+{
+  L_0x3b4_0: esp-=0x4;
+  L_0x3b4_1: *(uint32_t*)(esp)=ebp;
+  L_0x3b5_0: ebp=esp;
+  L_0x3b7_0: var4=ebp;
+  L_0x3b7_1: var4+=0xc;
+  L_0x3b7_2: eax=*(uint32_t*)(var4);
+  L_0x3ba_0: edx=eax;
+  L_0x3bc_0: edx&=0x3;
+  L_0x3bf_0: var5=ebp;
+  L_0x3bf_1: var5+=0x8;
+  L_0x3bf_2: eax=*(uint32_t*)(var5);
+  L_0x3c2_0: *(uint32_t*)(eax)=edx;
+  L_0x3c4_0: ebp=*(uint32_t*)(esp);
+  L_0x3c4_1: esp+=0x4;
+  L_0x3c5_0: return;
+}
+
+void f__L_0x3c6_0()
+{
+  L_0x3c6_0: esp-=0x4;
+  L_0x3c6_1: *(uint32_t*)(esp)=ebp;
+  L_0x3c7_0: ebp=esp;
+  L_0x3c9_0: esp-=0x18;
+  L_0x3cc_0: var6=ebp;
+  L_0x3cc_1: var6-=0x4;
+  L_0x3cc_2: *(uint32_t*)(var6)=0x0;
+  L_0x3d3_0: var7=ebp;
+  L_0x3d3_1: var7-=0x8;
+  L_0x3d3_2: *(uint32_t*)(var7)=0x0;
+  L_0x3da_0: var8=ebp;
+  L_0x3da_1: var8+=0x8;
+  L_0x3da_2: eax=*(uint32_t*)(var8);
+  L_0x3dd_0: var9=ebp;
+  L_0x3dd_1: var9-=0x4;
+  L_0x3dd_2: *(uint32_t*)(var9)=eax;
+  L_0x3e0_0: var10=ebp;
+  L_0x3e0_1: var10-=0x4;
+  L_0x3e0_2: eax=*(uint32_t*)(var10);
+  L_0x3e3_0: var11=esp;
+  L_0x3e3_1: var11+=0x4;
+  L_0x3e3_2: *(uint32_t*)(var11)=eax;
+  L_0x3e7_0: var12=ebp;
+  L_0x3e7_1: var12-=0x8;
+  L_0x3e7_2: eax=(uint32_t)&*(uint32_t*)(var12);
+  L_0x3ea_0: *(uint32_t*)(esp)=eax;
+  L_0x3ed_0: esp-=4; g__L_0x3b4_0(); esp+=4;
+  L_0x3f2_0: var13=ebp;
+  L_0x3f2_1: var13-=0x4;
+  L_0x3f2_2: *(uint32_t*)(var13)=0x5;
+  L_0x3f9_0: var14=ebp;
+  L_0x3f9_1: var14-=0x8;
+  L_0x3f9_2: eax=*(uint32_t*)(var14);
+  L_0x3fc_0: esp=ebp;
+  L_0x3fc_1: ebp=*(uint32_t*)(esp);
+  L_0x3fc_2: esp+=0x4;
+  L_0x3fd_0: return;
+}
+
+int main()
+{
+  L_0x3fe_0: esp-=0x4;
+  L_0x3fe_1: *(uint32_t*)(esp)=ebp;
+  L_0x3ff_0: ebp=esp;
+  L_0x401_0: esp-=0x14;
+  L_0x404_0: var15=ebp;
+  L_0x404_1: var15-=0x4;
+#ifdef NONDET
+  L_0x404_2: *(uint32_t*)(var15)=nondet_uint();
+#else
+  L_0x404_2: *(uint32_t*)(var15)=0xffffffff;
+#endif
+  L_0x40b_0: var16=ebp;
+  L_0x40b_1: var16-=0x4;
+  L_0x40b_2: eax=*(uint32_t*)(var16);
+  L_0x40e_0: *(uint32_t*)(esp)=eax;
+  L_0x411_0: esp-=4; f__L_0x3c6_0(); esp+=4;
+#if 1
+             uint32_t eax1=eax;
+  C_0x3ff_0: ebp=esp;
+  C_0x401_0: esp-=0x14;
+  C_0x404_0: var15=ebp;
+  C_0x404_1: var15-=0x4;
+#ifdef NONDET
+  C_0x404_2: *(uint32_t*)(var15)=nondet_uint();
+#else
+  C_0x404_2: *(uint32_t*)(var15)=0xffffffff;
+#endif
+  C_0x40b_0: var16=ebp;
+  C_0x40b_1: var16-=0x4;
+  C_0x40b_2: eax=*(uint32_t*)(var16);
+  C_0x40e_0: *(uint32_t*)(esp)=eax;
+  C_0x411_0: esp-=4; f__L_0x3c6_0(); esp+=4;
+             uint32_t eax2=eax;
+             assert(eax2==eax1);
+#endif
+  L_0x416_0: esp=ebp;
+  L_0x416_1: ebp=*(uint32_t*)(esp);
+  L_0x416_2: esp+=0x4;
+  L_0x417_0: return 0;
+}
diff --git a/regression/cbmc/address_space_size_limit3/test.desc b/regression/cbmc/address_space_size_limit3/test.desc
new file mode 100644
index 00000000000..ee7b4e94ab8
--- /dev/null
+++ b/regression/cbmc/address_space_size_limit3/test.desc
@@ -0,0 +1,11 @@
+CORE
+main.c
+--32 --little-endian --object-bits 25 --pointer-check
+^EXIT=10$
+^SIGNAL=0$
+^VERIFICATION FAILED$
+^.* dereference failure: pointer outside object bounds in .*: FAILURE$
+--
+^warning: ignoring
+--
+requires at least 8 offset bits

From 55d4011a007adb1601bd791de0e228fbf38b1a73 Mon Sep 17 00:00:00 2001
From: Peter Schrammel <peter.schrammel@diffblue.com>
Date: Sat, 22 Jul 2017 21:19:27 +0100
Subject: [PATCH 500/699] Fix getting model for object address (unsigned ->
 size_t)

Bug exhibited by cbmc-java/iterator2 when run with --object-bits 35
---
 src/solvers/flattening/bv_pointers.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/solvers/flattening/bv_pointers.cpp b/src/solvers/flattening/bv_pointers.cpp
index fdc0a6780e5..22cbfc7a963 100644
--- a/src/solvers/flattening/bv_pointers.cpp
+++ b/src/solvers/flattening/bv_pointers.cpp
@@ -601,7 +601,7 @@ exprt bv_pointerst::bv_get_rec(
   result.set_value(value);
 
   pointer_logict::pointert pointer;
-  pointer.object=integer2unsigned(binary2integer(value_addr, false));
+  pointer.object=integer2size_t(binary2integer(value_addr, false));
   pointer.offset=binary2integer(value_offset, true);
 
   // we add the elaborated expression as operand

From ef43fc99d447c1bddede5126475d2c239cdbd2a0 Mon Sep 17 00:00:00 2001
From: Peter Schrammel <peter.schrammel@diffblue.com>
Date: Wed, 26 Jul 2017 11:27:10 +0200
Subject: [PATCH 501/699] Output message about used object bits settings

---
 src/cbmc/cbmc_parse_options.cpp |  2 ++
 src/util/config.cpp             | 10 ++++++++++
 src/util/config.h               |  1 +
 3 files changed, 13 insertions(+)

diff --git a/src/cbmc/cbmc_parse_options.cpp b/src/cbmc/cbmc_parse_options.cpp
index 215f6abacf9..dbfb16fa917 100644
--- a/src/cbmc/cbmc_parse_options.cpp
+++ b/src/cbmc/cbmc_parse_options.cpp
@@ -720,6 +720,8 @@ int cbmc_parse_optionst::get_goto_program(
       show_goto_functions(ns, get_ui(), goto_functions);
       return 0;
     }
+
+    status() << config.object_bits_info() << eom;
   }
 
   catch(const char *e)
diff --git a/src/util/config.cpp b/src/util/config.cpp
index 59a596d9436..c666ae54aa6 100644
--- a/src/util/config.cpp
+++ b/src/util/config.cpp
@@ -1194,6 +1194,16 @@ void configt::set_object_bits_from_symbol_table(
   }
 }
 
+std::string configt::object_bits_info()
+{
+  return "Running with "+std::to_string(bv_encoding.object_bits)+
+    " object bits, "+
+    std::to_string(ansi_c.pointer_width-bv_encoding.object_bits)+
+    " offset bits ("+
+    (bv_encoding.is_object_bits_default ? "default" : "user-specified")+
+    ")";
+}
+
 irep_idt configt::this_architecture()
 {
   irep_idt this_arch;
diff --git a/src/util/config.h b/src/util/config.h
index 30903aa2f2e..4b1b39c1402 100644
--- a/src/util/config.h
+++ b/src/util/config.h
@@ -168,6 +168,7 @@ class configt
   bool set(const cmdlinet &cmdline);
 
   void set_object_bits_from_symbol_table(const symbol_tablet &);
+  std::string object_bits_info();
 
   static irep_idt this_architecture();
   static irep_idt this_operating_system();

From b4262f3c74586d15630c1698ee36242d85ea23c6 Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Thu, 13 Jul 2017 08:43:05 +0100
Subject: [PATCH 502/699] Always allocate an exception object at throw site

Previously we could erroneously fail to initialise the object on second
and subsequent exception throw-sites in a particular function, and so throw
a nondet object rather than an initialised exception instance. The attached
test case checks for this by ensuring that in particular we can't throw null
and so hit an assertion when trying to read its class-identifier for catch dispatch.

This commit also fixes the classid of ClassCastException, which would otherwise
expose a failure in test ClassCastException1
---
 regression/cbmc-java/exceptions21/test.class  | Bin 0 -> 445 bytes
 regression/cbmc-java/exceptions21/test.desc   |  11 ++++
 regression/cbmc-java/exceptions21/test.java   |  24 ++++++++
 .../java_bytecode_instrument.cpp              |  57 +++++++++---------
 4 files changed, 63 insertions(+), 29 deletions(-)
 create mode 100644 regression/cbmc-java/exceptions21/test.class
 create mode 100644 regression/cbmc-java/exceptions21/test.desc
 create mode 100644 regression/cbmc-java/exceptions21/test.java

diff --git a/regression/cbmc-java/exceptions21/test.class b/regression/cbmc-java/exceptions21/test.class
new file mode 100644
index 0000000000000000000000000000000000000000..52c93d2bc4a41f6cc8585e770f8ce605f6f4bd35
GIT binary patch
literal 445
zcmYk1%}T>S6ot=C(xypM+u9%NLQzoA3Kqnrbt5WbtwKd`nWj@ojY+Ag_y9hHZ{WHh
z6cl^_A4)yxLWRtkd(V7x=H~P3?E}CrYBtg+nJC-PP_if$6IBxnf>hsEK~Eqjg7lsr
z`tiO%-`Kno7za^L3GyvJRPFIySB);+Za_!+f?Owdz1uT)IP)0IK!M$f#v@N1`3Yvl
z>OS5cxDT!a3pN82!-0v6U^(#{fg9d5+T$R&i2N{Cqr*o}4P!qF1%*H0ygN`{j8)E^
z=Kly6GpHJCCR4NQmbfQpsrnQ$VIgp+>6w{;xnJ~|R}G%6zeBs8LO+$3-mJgEXuiN~
zKWVb{ubvQgP(&Fi)cDE@_rw8qW}3{BVYJ0AOD<0`hYIFM7s*$6qr~aUSVNUAun6Ou
Vt!^UEk5ii{=*Nk0)*=B7^FQ-yLR<g<

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/exceptions21/test.desc b/regression/cbmc-java/exceptions21/test.desc
new file mode 100644
index 00000000000..24040e046e4
--- /dev/null
+++ b/regression/cbmc-java/exceptions21/test.desc
@@ -0,0 +1,11 @@
+CORE
+test.class
+--function test.f --java-throw-runtime-exceptions
+^EXIT=0$
+^SIGNAL=0$
+VERIFICATION SUCCESSFUL
+--
+reference is null in .*: FAILURE
+--
+This checks that the second use of a particular exception type in a given function is correctly initialised.
+In the failing case the #exception_value variable is nondet at the time it is thrown, so cbmc can set it to null and fail an assertion.
diff --git a/regression/cbmc-java/exceptions21/test.java b/regression/cbmc-java/exceptions21/test.java
new file mode 100644
index 00000000000..bc4c5570cc1
--- /dev/null
+++ b/regression/cbmc-java/exceptions21/test.java
@@ -0,0 +1,24 @@
+public class test {
+
+    int field;
+
+    public static void f() {
+
+        test testinstance = new test();
+        test testnull = null;
+        int x = 0;
+        try {
+            x = testinstance.field;
+        }
+        catch(NullPointerException e) {
+            x++;
+        }
+        try {
+            x = testnull.field;
+        }
+        catch(NullPointerException e) {
+            x++;
+        }
+    }
+
+}
diff --git a/src/java_bytecode/java_bytecode_instrument.cpp b/src/java_bytecode/java_bytecode_instrument.cpp
index 79b89eebe60..8a11307b530 100644
--- a/src/java_bytecode/java_bytecode_instrument.cpp
+++ b/src/java_bytecode/java_bytecode_instrument.cpp
@@ -9,6 +9,7 @@ Date:   June 2017
 \*******************************************************************/
 
 #include <util/arith_tools.h>
+#include <util/fresh_symbol.h>
 #include <util/std_code.h>
 #include <util/std_expr.h>
 #include <util/symbol_table.h>
@@ -18,7 +19,6 @@ Date:   June 2017
 #include "java_bytecode_convert_class.h"
 #include "java_bytecode_instrument.h"
 #include "java_entry_point.h"
-#include "java_object_factory.h"
 #include "java_root_class.h"
 #include "java_types.h"
 #include "java_utils.h"
@@ -90,47 +90,46 @@ codet java_bytecode_instrumentt::throw_exception(
   const source_locationt &original_loc,
   const irep_idt &exc_name)
 {
-  exprt exc;
-  code_blockt init_code;
-  const irep_idt &exc_obj_name=
-    id2string(goto_functionst::entry_point())+
-    "::"+id2string(exc_name);
+  irep_idt exc_class_name("java::"+id2string(exc_name));
 
-  if(!symbol_table.has_symbol(exc_obj_name))
+  if(!symbol_table.has_symbol(exc_class_name))
   {
     generate_class_stub(
       exc_name,
       symbol_table,
       get_message_handler());
-    const symbolt &exc_symbol=symbol_table.lookup(
-      "java::"+id2string(exc_name));
-
-    // create the exception object
-    exc=object_factory(
-      pointer_typet(exc_symbol.type),
-      exc_name,
-      init_code,
-      false,
-      symbol_table,
-      max_array_length,
-      allocation_typet::LOCAL,
-      original_loc);
   }
-  else
-    exc=symbol_table.lookup(exc_obj_name).symbol_expr();
+
+  pointer_typet exc_ptr_type;
+  exc_ptr_type.subtype()=symbol_typet(exc_class_name);
+
+  // Allocate and throw an instance of the exception class:
+
+  symbolt &new_symbol=
+    get_fresh_aux_symbol(
+      exc_ptr_type,
+      "new_exception",
+      "new_exception",
+      original_loc,
+      ID_java,
+      symbol_table);
+
+  side_effect_exprt new_instance(ID_java_new, exc_ptr_type);
+  code_assignt assign_new(new_symbol.symbol_expr(), new_instance);
 
   side_effect_expr_throwt throw_expr;
-  throw_expr.add_source_location()=original_loc;
-  throw_expr.move_to_operands(exc);
+  throw_expr.copy_to_operands(new_symbol.symbol_expr());
+
+  code_blockt throw_code;
+  throw_code.move_to_operands(assign_new);
+  throw_code.copy_to_operands(code_expressiont(throw_expr));
 
   code_ifthenelset if_code;
   if_code.add_source_location()=original_loc;
   if_code.cond()=cond;
-  if_code.then_case()=code_expressiont(throw_expr);
-
-  init_code.move_to_operands(if_code);
+  if_code.then_case()=throw_code;
 
-  return init_code;
+  return if_code;
 }
 
 /// Checks whether the array access array_struct[idx] is out-of-bounds,
@@ -209,7 +208,7 @@ codet java_bytecode_instrumentt::check_class_cast(
       throw_exception(
         not_exprt(class_cast_check),
         original_loc,
-        "ClassCastException");
+        "java.lang.ClassCastException");
   }
   else
   {

From c1f4db15f70845095b0cca9b88afd431bd3099f2 Mon Sep 17 00:00:00 2001
From: Joel Allred <joel.allred@diffblue.com>
Date: Tue, 1 Aug 2017 15:32:01 +0100
Subject: [PATCH 503/699] Refactoring in string_refinementt::set_to()

Move invariant checks to top of function.
---
 src/solvers/refinement/string_refinement.cpp | 84 ++++++++------------
 1 file changed, 35 insertions(+), 49 deletions(-)

diff --git a/src/solvers/refinement/string_refinement.cpp b/src/solvers/refinement/string_refinement.cpp
index 1c876567a2c..f99e3064b2a 100644
--- a/src/solvers/refinement/string_refinement.cpp
+++ b/src/solvers/refinement/string_refinement.cpp
@@ -415,52 +415,45 @@ void string_refinementt::concretize_lengths()
 /// \par parameters: an expression and the value to set it to
 void string_refinementt::set_to(const exprt &expr, bool value)
 {
-  INVARIANT(
-    equality_propagation,
-    string_refinement_invariantt("set_to should only be called when equality "
-      "propagation is enabled"));
+  PRECONDITION(expr.type().id()==ID_bool);
+  PRECONDITION(equality_propagation);
 
   if(expr.id()==ID_equal)
   {
     equal_exprt eq_expr=to_equal_expr(expr);
+    const exprt &lhs=eq_expr.lhs();
+    const exprt &rhs=eq_expr.rhs();
 
-    if(eq_expr.lhs().type()!=eq_expr.rhs().type())
+    // The assignment of a string equality to false is not supported.
+    PRECONDITION(value || !is_char_array(rhs.type()));
+    PRECONDITION(value ||
+      !refined_string_typet::is_refined_string_type(rhs.type()));
+
+    if(lhs.id()!=ID_symbol)
     {
-      warning() << "ignoring " << from_expr(ns, "", expr)
-                << " [inconsistent types]" << eom;
-      debug() << "lhs has type: " << eq_expr.lhs().type().pretty(12) << eom;
-      debug() << "rhs has type: " << eq_expr.rhs().type().pretty(12) << eom;
+      warning() << "ignoring " << from_expr(ns, "", expr) << eom;
       return;
     }
 
-    if(expr.type().id()!=ID_bool)
+    if(lhs.type()!=rhs.type())
     {
-      error() << "string_refinementt::set_to got non-boolean operand: "
-              << expr.pretty() << eom;
-      INVARIANT(
-        false,
-        string_refinement_invariantt("set_to should only be called with exprs "
-          "of type bool"));
+      warning() << "ignoring " << from_expr(ns, "", expr)
+                << " [inconsistent types]" << eom;
+      debug() << "lhs has type: " << lhs.type().pretty(12) << eom;
+      debug() << "rhs has type: " << rhs.type().pretty(12) << eom;
+      return;
     }
 
     // Preprocessing to remove function applications.
-    const exprt &lhs=eq_expr.lhs();
     debug() << "(sr::set_to) " << from_expr(ns, "", lhs)
-            << " = " << from_expr(ns, "", eq_expr.rhs()) << eom;
+            << " = " << from_expr(ns, "", rhs) << eom;
 
-    // TODO: See if this happens at all.
-    if(lhs.id()!=ID_symbol)
+    const exprt subst_rhs=substitute_function_applications(rhs);
+    if(lhs.type()!=subst_rhs.type())
     {
-      warning() << "ignoring " << from_expr(ns, "", expr) << eom;
-      return;
-    }
-
-    exprt subst_rhs=substitute_function_applications(eq_expr.rhs());
-    if(eq_expr.lhs().type()!=subst_rhs.type())
-    {
-      if(eq_expr.lhs().type().id() != ID_array ||
-         subst_rhs.type().id() != ID_array ||
-         eq_expr.lhs().type().subtype() != subst_rhs.type().subtype())
+      if(lhs.type().id()!=ID_array ||
+         subst_rhs.type().id()!=ID_array ||
+         lhs.type().subtype()!=subst_rhs.type().subtype())
       {
         warning() << "ignoring " << from_expr(ns, "", expr)
                   << " [inconsistent types after substitution]" << eom;
@@ -473,29 +466,22 @@ void string_refinementt::set_to(const exprt &expr, bool value)
       }
     }
 
-    if(value)
-    {
-      if(!add_axioms_for_string_assigns(lhs, subst_rhs))
-        return;
-    }
-    else
-    {
-      // TODO: Something should also be done if value is false.
-      INVARIANT(
-        !is_char_array(eq_expr.rhs().type()),
-        string_refinement_invariantt("set_to cannot set a char_array"));
-      INVARIANT(
-        !refined_string_typet::is_refined_string_type(eq_expr.rhs().type()),
-        string_refinement_invariantt("set_to cannot set a refined_string"));
-    }
+    if(value && !add_axioms_for_string_assigns(lhs, subst_rhs))
+      return;
 
-    non_string_axioms.push_back(std::make_pair(equal_exprt(lhs, subst_rhs),
-                                               value));
+    // Push the substituted equality to the list of axioms to be given to
+    // supert::set_to.
+    non_string_axioms.push_back(
+      std::make_pair(equal_exprt(lhs, subst_rhs), value));
   }
-  // We keep a list of the axioms to give to supert::set_to in order to
-  // substitute the symbols in dec_solve().
+  // Push the unmodified equality to the list of axioms to be given to
+  // supert::set_to.
   else
+  {
+    // TODO: Verify that the expression contains no string.
+    // This will be easy once exprt iterators will have been implemented.
     non_string_axioms.push_back(std::make_pair(expr, value));
+  }
 }
 
 /// use a refinement loop to instantiate universal axioms, call the sat solver,

From 6ec155b80bad1467873646b06c4e3595e1236059 Mon Sep 17 00:00:00 2001
From: Joel Allred <joel.allred@diffblue.com>
Date: Tue, 1 Aug 2017 16:13:34 +0100
Subject: [PATCH 504/699] Call supert::set_to on non-symbol lhs

When string_refinementt::set_to() is called on an equality where the lhs
is not a symbol, we must call supert::set_to().
We also assert that the equality is not of refined string type.
---
 src/solvers/refinement/string_refinement.cpp | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/solvers/refinement/string_refinement.cpp b/src/solvers/refinement/string_refinement.cpp
index f99e3064b2a..bddd6640672 100644
--- a/src/solvers/refinement/string_refinement.cpp
+++ b/src/solvers/refinement/string_refinement.cpp
@@ -429,9 +429,14 @@ void string_refinementt::set_to(const exprt &expr, bool value)
     PRECONDITION(value ||
       !refined_string_typet::is_refined_string_type(rhs.type()));
 
+    PRECONDITION(lhs.id()==ID_symbol || !is_char_array(rhs.type()));
+    PRECONDITION(lhs.id()==ID_symbol ||
+      !refined_string_typet::is_refined_string_type(rhs.type()));
+
+    // If lhs is not a symbol, let supert::set_to() handle it.
     if(lhs.id()!=ID_symbol)
     {
-      warning() << "ignoring " << from_expr(ns, "", expr) << eom;
+      non_string_axioms.push_back(std::make_pair(expr, value));
       return;
     }
 

From 30860c071a165744a349416842824731b87d0ff1 Mon Sep 17 00:00:00 2001
From: Joel Allred <joel.allred@diffblue.com>
Date: Thu, 3 Aug 2017 13:18:32 +0100
Subject: [PATCH 505/699] Add skipped regression tests for #1202

diffblue/test-gen#1202
---
 .../java_format/test_warning.desc                   | 12 ++++++++++++
 .../java_format2/test_warning.desc                  | 13 +++++++++++++
 .../java_format3/test_warning.desc                  | 13 +++++++++++++
 3 files changed, 38 insertions(+)
 create mode 100644 regression/strings-smoke-tests/java_format/test_warning.desc
 create mode 100644 regression/strings-smoke-tests/java_format2/test_warning.desc
 create mode 100644 regression/strings-smoke-tests/java_format3/test_warning.desc

diff --git a/regression/strings-smoke-tests/java_format/test_warning.desc b/regression/strings-smoke-tests/java_format/test_warning.desc
new file mode 100644
index 00000000000..221d098b269
--- /dev/null
+++ b/regression/strings-smoke-tests/java_format/test_warning.desc
@@ -0,0 +1,12 @@
+KNOWNBUG
+test.class
+--refine-strings --string-max-length 20 --verbosity 9
+^EXIT=10$
+^SIGNAL=0$
+^\[.*assertion.1\].* line 6.* SUCCESS$
+^\[.*assertion.2\].* line 7.* FAILURE$
+--
+^ignoring
+--
+Some type inconsistencies exist when adding equations to the solver.
+Issue: diffblue/test-gen#1202
diff --git a/regression/strings-smoke-tests/java_format2/test_warning.desc b/regression/strings-smoke-tests/java_format2/test_warning.desc
new file mode 100644
index 00000000000..c4661f818c4
--- /dev/null
+++ b/regression/strings-smoke-tests/java_format2/test_warning.desc
@@ -0,0 +1,13 @@
+KNOWNBUG
+test.class
+--refine-strings --string-max-length 20 --verbosity 9
+^EXIT=10$
+^SIGNAL=0$
+^\[.*assertion.1\].* line 6.* SUCCESS$
+^\[.*assertion.2\].* line 7.* FAILURE$
+--
+^warning
+--
+Some type inconsistencies exist when adding equations to the solver.
+Issue: diffblue/test-gen#1202
+
diff --git a/regression/strings-smoke-tests/java_format3/test_warning.desc b/regression/strings-smoke-tests/java_format3/test_warning.desc
new file mode 100644
index 00000000000..4fe0a783e10
--- /dev/null
+++ b/regression/strings-smoke-tests/java_format3/test_warning.desc
@@ -0,0 +1,13 @@
+KNOWNBUG
+test.class
+--refine-strings --string-max-length 20 --verbosity 9
+^EXIT=10$
+^SIGNAL=0$
+^\[.*assertion.1\].* line 7.* SUCCESS$
+^\[.*assertion.2\].* line 9.* FAILURE$
+--
+^warning
+--
+Some type inconsistencies exist when adding equations to the solver.
+Issue: diffblue/test-gen#1202
+

From db4f90d43129d3c5047fed30dd8503426abf1b85 Mon Sep 17 00:00:00 2001
From: Owen Jones <owen.jones@diffblue.com>
Date: Wed, 2 Aug 2017 09:52:49 +0100
Subject: [PATCH 506/699] Integer.toString(int i, int radix) now works

But it's very slow
---
 .../java_int_to_string/Test1.class            | Bin 0 -> 786 bytes
 .../java_int_to_string/Test1.java             |   9 ++
 .../java_int_to_string/Test2.class            | Bin 0 -> 787 bytes
 .../java_int_to_string/Test2.java             |   9 ++
 .../java_int_to_string/Test3.class            | Bin 0 -> 799 bytes
 .../java_int_to_string/Test3.java             |   9 ++
 .../java_int_to_string/Test4.class            | Bin 0 -> 800 bytes
 .../java_int_to_string/Test4.java             |   9 ++
 .../java_int_to_string/Test5.class            | Bin 0 -> 784 bytes
 .../java_int_to_string/Test5.java             |   9 ++
 .../java_int_to_string/test.desc              |  10 --
 .../java_int_to_string/test1.desc             |   8 ++
 .../java_int_to_string/test2.desc             |   8 ++
 .../java_int_to_string/test3.desc             |   8 ++
 .../java_int_to_string/test4.desc             |   8 ++
 .../java_int_to_string/test5.desc             |   8 ++
 .../java_int_to_string/test_int.class         | Bin 1074 -> 0 bytes
 .../java_int_to_string/test_int.java          |  15 --
 .../java_int_to_string_knownbug/Test.class    | Bin 0 -> 797 bytes
 .../java_int_to_string_knownbug/Test.java     |   9 ++
 .../java_int_to_string_knownbug/test.desc     |   8 ++
 .../Test_binary1.class                        | Bin 0 -> 813 bytes
 .../Test_binary1.java                         |   9 ++
 .../Test_binary2.class                        | Bin 0 -> 843 bytes
 .../Test_binary2.java                         |   9 ++
 .../Test_binary3.class                        | Bin 0 -> 844 bytes
 .../Test_binary3.java                         |   9 ++
 .../Test_decimal.class                        | Bin 0 -> 811 bytes
 .../Test_decimal.java                         |   9 ++
 .../Test_hex1.class                           | Bin 0 -> 802 bytes
 .../Test_hex1.java                            |   9 ++
 .../Test_hex2.class                           | Bin 0 -> 812 bytes
 .../Test_hex2.java                            |   9 ++
 .../Test_hex3.class                           | Bin 0 -> 813 bytes
 .../Test_hex3.java                            |   9 ++
 .../Test_octal1.class                         | Bin 0 -> 808 bytes
 .../Test_octal1.java                          |   9 ++
 .../Test_octal2.class                         | Bin 0 -> 821 bytes
 .../Test_octal2.java                          |   9 ++
 .../Test_octal3.class                         | Bin 0 -> 822 bytes
 .../Test_octal3.java                          |   9 ++
 .../test_binary1.desc                         |   8 ++
 .../test_binary2.desc                         |   8 ++
 .../test_binary3.desc                         |   8 ++
 .../test_decimal.desc                         |   8 ++
 .../test_hex1.desc                            |   8 ++
 .../test_hex2.desc                            |   8 ++
 .../test_hex3.desc                            |   8 ++
 .../test_octal1.desc                          |   8 ++
 .../test_octal2.desc                          |   8 ++
 .../test_octal3.desc                          |   8 ++
 .../Test_binary.class                         | Bin 0 -> 842 bytes
 .../Test_binary.java                          |   9 ++
 .../Test_hex.class                            | Bin 0 -> 810 bytes
 .../Test_hex.java                             |   9 ++
 .../Test_octal.class                          | Bin 0 -> 819 bytes
 .../Test_octal.java                           |   9 ++
 .../test_binary.desc                          |   8 ++
 .../test_hex.desc                             |   8 ++
 .../test_octal.desc                           |   8 ++
 .../java_string_library_preprocess.cpp        |   3 +
 .../refinement/string_constraint_generator.h  |   6 +-
 .../string_constraint_generator_concat.cpp    |   7 +-
 .../string_constraint_generator_float.cpp     |  11 +-
 .../string_constraint_generator_insert.cpp    |   7 +-
 .../string_constraint_generator_valueof.cpp   | 128 ++++++++++++------
 unit/Makefile                                 |   1 +
 .../is_digit_with_radix.cpp                   |  24 ++--
 .../is_digit_with_radix_lower_case.cpp        |  57 ++++++++
 69 files changed, 504 insertions(+), 88 deletions(-)
 create mode 100644 regression/strings-smoke-tests/java_int_to_string/Test1.class
 create mode 100644 regression/strings-smoke-tests/java_int_to_string/Test1.java
 create mode 100644 regression/strings-smoke-tests/java_int_to_string/Test2.class
 create mode 100644 regression/strings-smoke-tests/java_int_to_string/Test2.java
 create mode 100644 regression/strings-smoke-tests/java_int_to_string/Test3.class
 create mode 100644 regression/strings-smoke-tests/java_int_to_string/Test3.java
 create mode 100644 regression/strings-smoke-tests/java_int_to_string/Test4.class
 create mode 100644 regression/strings-smoke-tests/java_int_to_string/Test4.java
 create mode 100644 regression/strings-smoke-tests/java_int_to_string/Test5.class
 create mode 100644 regression/strings-smoke-tests/java_int_to_string/Test5.java
 delete mode 100644 regression/strings-smoke-tests/java_int_to_string/test.desc
 create mode 100644 regression/strings-smoke-tests/java_int_to_string/test1.desc
 create mode 100644 regression/strings-smoke-tests/java_int_to_string/test2.desc
 create mode 100644 regression/strings-smoke-tests/java_int_to_string/test3.desc
 create mode 100644 regression/strings-smoke-tests/java_int_to_string/test4.desc
 create mode 100644 regression/strings-smoke-tests/java_int_to_string/test5.desc
 delete mode 100644 regression/strings-smoke-tests/java_int_to_string/test_int.class
 delete mode 100644 regression/strings-smoke-tests/java_int_to_string/test_int.java
 create mode 100644 regression/strings-smoke-tests/java_int_to_string_knownbug/Test.class
 create mode 100644 regression/strings-smoke-tests/java_int_to_string_knownbug/Test.java
 create mode 100644 regression/strings-smoke-tests/java_int_to_string_knownbug/test.desc
 create mode 100644 regression/strings-smoke-tests/java_int_to_string_with_radix/Test_binary1.class
 create mode 100644 regression/strings-smoke-tests/java_int_to_string_with_radix/Test_binary1.java
 create mode 100644 regression/strings-smoke-tests/java_int_to_string_with_radix/Test_binary2.class
 create mode 100644 regression/strings-smoke-tests/java_int_to_string_with_radix/Test_binary2.java
 create mode 100644 regression/strings-smoke-tests/java_int_to_string_with_radix/Test_binary3.class
 create mode 100644 regression/strings-smoke-tests/java_int_to_string_with_radix/Test_binary3.java
 create mode 100644 regression/strings-smoke-tests/java_int_to_string_with_radix/Test_decimal.class
 create mode 100644 regression/strings-smoke-tests/java_int_to_string_with_radix/Test_decimal.java
 create mode 100644 regression/strings-smoke-tests/java_int_to_string_with_radix/Test_hex1.class
 create mode 100644 regression/strings-smoke-tests/java_int_to_string_with_radix/Test_hex1.java
 create mode 100644 regression/strings-smoke-tests/java_int_to_string_with_radix/Test_hex2.class
 create mode 100644 regression/strings-smoke-tests/java_int_to_string_with_radix/Test_hex2.java
 create mode 100644 regression/strings-smoke-tests/java_int_to_string_with_radix/Test_hex3.class
 create mode 100644 regression/strings-smoke-tests/java_int_to_string_with_radix/Test_hex3.java
 create mode 100644 regression/strings-smoke-tests/java_int_to_string_with_radix/Test_octal1.class
 create mode 100644 regression/strings-smoke-tests/java_int_to_string_with_radix/Test_octal1.java
 create mode 100644 regression/strings-smoke-tests/java_int_to_string_with_radix/Test_octal2.class
 create mode 100644 regression/strings-smoke-tests/java_int_to_string_with_radix/Test_octal2.java
 create mode 100644 regression/strings-smoke-tests/java_int_to_string_with_radix/Test_octal3.class
 create mode 100644 regression/strings-smoke-tests/java_int_to_string_with_radix/Test_octal3.java
 create mode 100644 regression/strings-smoke-tests/java_int_to_string_with_radix/test_binary1.desc
 create mode 100644 regression/strings-smoke-tests/java_int_to_string_with_radix/test_binary2.desc
 create mode 100644 regression/strings-smoke-tests/java_int_to_string_with_radix/test_binary3.desc
 create mode 100644 regression/strings-smoke-tests/java_int_to_string_with_radix/test_decimal.desc
 create mode 100644 regression/strings-smoke-tests/java_int_to_string_with_radix/test_hex1.desc
 create mode 100644 regression/strings-smoke-tests/java_int_to_string_with_radix/test_hex2.desc
 create mode 100644 regression/strings-smoke-tests/java_int_to_string_with_radix/test_hex3.desc
 create mode 100644 regression/strings-smoke-tests/java_int_to_string_with_radix/test_octal1.desc
 create mode 100644 regression/strings-smoke-tests/java_int_to_string_with_radix/test_octal2.desc
 create mode 100644 regression/strings-smoke-tests/java_int_to_string_with_radix/test_octal3.desc
 create mode 100644 regression/strings-smoke-tests/java_int_to_string_with_radix_knownbug/Test_binary.class
 create mode 100644 regression/strings-smoke-tests/java_int_to_string_with_radix_knownbug/Test_binary.java
 create mode 100644 regression/strings-smoke-tests/java_int_to_string_with_radix_knownbug/Test_hex.class
 create mode 100644 regression/strings-smoke-tests/java_int_to_string_with_radix_knownbug/Test_hex.java
 create mode 100644 regression/strings-smoke-tests/java_int_to_string_with_radix_knownbug/Test_octal.class
 create mode 100644 regression/strings-smoke-tests/java_int_to_string_with_radix_knownbug/Test_octal.java
 create mode 100644 regression/strings-smoke-tests/java_int_to_string_with_radix_knownbug/test_binary.desc
 create mode 100644 regression/strings-smoke-tests/java_int_to_string_with_radix_knownbug/test_hex.desc
 create mode 100644 regression/strings-smoke-tests/java_int_to_string_with_radix_knownbug/test_octal.desc
 create mode 100644 unit/solvers/refinement/string_constraint_generator_valueof/is_digit_with_radix_lower_case.cpp

diff --git a/regression/strings-smoke-tests/java_int_to_string/Test1.class b/regression/strings-smoke-tests/java_int_to_string/Test1.class
new file mode 100644
index 0000000000000000000000000000000000000000..1182bf70ce7ac68e1036a3921c7f8d93f7318e80
GIT binary patch
literal 786
zcmZuv%Wl&^6g}hDIIi2IZW98uJPRZN8iLBI6#^BIss>o3szi4aXB4KmHrNge{)GGh
zYd~rdNU-Od5aQZt<04pie4ppsGk1Re{`wuj8afUfEIC-lg%WIBv~kJ7WnAI7>cGMh
z$BKh%xXy8dVPQoiiHuVfg~=n8h<+dk3~Z0V+EAfN?=$F)<}QP=84V;uxvN6?Y;@3<
z@lICE;B_Nk1iK<unSUHK(w8b>;N2aWq@8tYKM*P;U<!KOeeqVb0}&3}y);(gkn*#=
zRQRu+iq|;+M}xuM@Pp$KoL)4FefdOXgiemRnt`~O#T-Y|MGH4w%)n*PI(Mnv#Vy=s
zs25ZZPjo(x<0xh@a~O_Q7j4{Os1&8o`}@*Q{|Ze8WtcCjw!%~nB_Y{qbds(%wwnKw
zXUR7s5s>(5<5YUWv)-iJE*H3)0j-3gHjs&m<zPBD-B3EB1npyw_G#0W0amGJvdPjx
zw}?49%jC7`&**Qqj=(;Wp`k*jl?O=%+3utO9u~+eVR730j;gcfdlmN!wCzvO$5?E6
z#v#lxX1>9CaRmP3bohM{&dBtf%!5I;Nu(A%Mov%Do)TL$VHGvXpP{b=?H86g>NP4k
mJDp=Kp8}Zo>_e2s;Km0S`e*3>3d&GSXzqhd_BnDioc{y0q?nNa

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_int_to_string/Test1.java b/regression/strings-smoke-tests/java_int_to_string/Test1.java
new file mode 100644
index 00000000000..13d9219fac3
--- /dev/null
+++ b/regression/strings-smoke-tests/java_int_to_string/Test1.java
@@ -0,0 +1,9 @@
+public class Test1
+{
+    public static void main()
+    {
+        String s = Integer.toString(12);
+        assert(s.equals("12"));
+        assert(!s.equals("12"));
+    }
+}
diff --git a/regression/strings-smoke-tests/java_int_to_string/Test2.class b/regression/strings-smoke-tests/java_int_to_string/Test2.class
new file mode 100644
index 0000000000000000000000000000000000000000..9de562836fa727c69e155e169ca0b32af51a3960
GIT binary patch
literal 787
zcmZuv%Wl&^6g}hDIIi2IZW98uJPRa&Hc-l{6#^BIDgrE0Rie9zGYV5&8*GOKe?oqM
zH6XPJB-ryO`~yN<J8fJ93y<&foO|ZZkKbRu0a(K=2M!h-EaF@VHqP6);NT)Iaa?v_
zVS!`G!4+KPxW+KIB$7nNsfxnnfl5R#kbMTW%V2G&P^EVn^hR@s!Pt!YlA+vDp?o^r
z@5y*OD`xOIkuQQB5v$BU3L5DPl`!zmwoKC1b!y)iDkNYEdYwJ-MzjMF4%*!`R^fp1
z)7@0~FQ154IRHn4!QSwLqY<2LG>m=uNM(dhj=7S7xR}NaN7F?M*Ii7(rE!;6Z&SaE
z8(3zj7hLy`g+7eqC}uEo9F7$iZQNw26s6C4d(uz;3XLaam@TTd!c-0<A=znkoUS&u
zn*Y;h$=5>>kos!lM0(7#-lXd;7r2`N?S!G$mx+pHe=;{+Q97gqEo7G#YSWqlR;g#Y
z$<jgBh#5M|<hAL~=x??T!9I|op+cvX2T2Cm?zjLR=Ey5ye$xDws<Y-hm7kxXJ^l!N
zg!z_d9Kal5>MN}0hv45&hTj$8j7-nTJQ!q~L~7A%<n%V}39&^JR#Bt;Df&v#eqoWL
pUZaxJlR4J%DS%neK0s*%ZoG$~e}ew6pbW)?=HAO>pCL!X*+2dHnV|px

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_int_to_string/Test2.java b/regression/strings-smoke-tests/java_int_to_string/Test2.java
new file mode 100644
index 00000000000..9b52a1b0de0
--- /dev/null
+++ b/regression/strings-smoke-tests/java_int_to_string/Test2.java
@@ -0,0 +1,9 @@
+public class Test2
+{
+    public static void main()
+    {
+        String s = Integer.toString(-23);
+        assert(s.equals("-23"));
+        assert(!s.equals("-23"));
+    }
+}
diff --git a/regression/strings-smoke-tests/java_int_to_string/Test3.class b/regression/strings-smoke-tests/java_int_to_string/Test3.class
new file mode 100644
index 0000000000000000000000000000000000000000..2ecef3c14125ec0dcd506bc35dd358de594da231
GIT binary patch
literal 799
zcmZuvTTc@~6#izf?XuW*rL|tFqNr_EDp14(Vl<!$vFbw!iM&m>lRCKU>h9JDU;G{R
z5BRJmU@*~lf0MDE-9n4ehnYE-?|kPrKYt&72hhZ#1sfMlTvFc;heHbrE@xq3HiIh`
zu42x_H4B*paoxfVR87<vPS5cu5@9R@KiZHH?|7oiz;+mnHR;RvK7(4VZ8K==L02&3
zTGAKK`g<J_ZY5v_rxm!|+vcH6^dqAdzmyS!+1e6OytGQ;dtCZNOh%`*%ir>b$NgTT
z9f#8Ik$<`!bNAI#{yHTvQD?}kx!zF;Ry*j2u6QhygjUKqpODzdA<s~l5N`Uh=!wwA
zP293EjZ=hQTxhN|?=9VJt`M({+n8r4PeL9Z58zQ41|fr<@|$SbxPt|T`~>>Evn$;A
zFVm<4sx}Ue#bR}{_P-tt@utr`nn1C7!ad?#t<lJHlT7O#?S-M#6_E@@cU&WlDejYl
zma>CcTCYvJXZdo{DoHAc1$nv)q&4Ve^y>8kuumi?aOgHtBki7Kdj!A?ilk*x8VA24
zbP~Mms9&Ky`3!x4nYv@_!yI7h8!|5rko|Ge{9$5FlBsDj2O7ybB{fiiN&hr6PHa$x
zXHX{pSvpxLzfdu8u0)XY<2ssY6+pqU_AxbpseOc|eu4gPLkWux#eR^qeSs7Ol|NFV
Bo*@7L

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_int_to_string/Test3.java b/regression/strings-smoke-tests/java_int_to_string/Test3.java
new file mode 100644
index 00000000000..11ad18e5d98
--- /dev/null
+++ b/regression/strings-smoke-tests/java_int_to_string/Test3.java
@@ -0,0 +1,9 @@
+public class Test3
+{
+    public static void main()
+    {
+        String s = Integer.toString(Integer.MAX_VALUE);
+        assert(s.equals("2147483647"));
+        assert(!s.equals("2147483647"));
+    }
+}
diff --git a/regression/strings-smoke-tests/java_int_to_string/Test4.class b/regression/strings-smoke-tests/java_int_to_string/Test4.class
new file mode 100644
index 0000000000000000000000000000000000000000..98ba758b492cb1de3660663c8dc226c7c16221b6
GIT binary patch
literal 800
zcmZuv%Wl&^6g?Ba62~QpX+n4eC=^HnZD=tRsTBgXAXNldq^d-B6K52rxHi}h3s(FF
z`2p5|)FO~z&o?2&wbRB$u$Y<qJm)^<=kKrI0XSGTVd1=i3(7lynaJT{0Vd}1xMboo
z<_%mikxwG7nz)9hffmEbc^*X~jAh_Q8#3a3PYf8?4uifXeHq_lP@1i626a6c2!>Ku
z`r_$muP?%_B$&bO1}^uuc_<V8(5S{QWW-=}w?q^>tCYUSrBA?Qw7a|f4exl|A9i|i
zDE%S%XL>PrUq0clQUC*OhWwiA9hPABf>G#-M=~KaQ_RH##6k&WhDrvw>BnLyLJQY%
z!@>+sFccS-mz)*n?yWn{3ISVKz#>CE%Xx4#frnujgbZ3rV4!2+CYBh=S?II=u5jbO
zOp_L<+&DNAtIf^U|C-dr>k;>81l8s-_XKmbMKdpDOzR#khM_hPkqpIPS|iOV9+88#
zvV%F=uSLse<$BU9NeT!BWx6Y*b?9aEYV8BCk0j(^)2*jQT0Y6vBmlFhl2$-%n*5fc
zljPgB@&)SSPteAgZQJ@jj4_Jekbi!F!jI$T_nA2%Q&KV;D#;p=>S(~AkD8wn>r~+>
z)X9IEP64@JXc#zCqmZ-HI-Il$pkkZ*D2`#MAD}9qq5a!Xf}$a3-A~#+M@kNjKj}c5
AR{#J2

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_int_to_string/Test4.java b/regression/strings-smoke-tests/java_int_to_string/Test4.java
new file mode 100644
index 00000000000..e2ded14ae78
--- /dev/null
+++ b/regression/strings-smoke-tests/java_int_to_string/Test4.java
@@ -0,0 +1,9 @@
+public class Test4
+{
+    public static void main()
+    {
+        String s = Integer.toString(Integer.MIN_VALUE + 1);
+        assert(s.equals("-2147483647"));
+        assert(!s.equals("-2147483647"));
+    }
+}
diff --git a/regression/strings-smoke-tests/java_int_to_string/Test5.class b/regression/strings-smoke-tests/java_int_to_string/Test5.class
new file mode 100644
index 0000000000000000000000000000000000000000..ceb1cebf1c7df350b1e7063972769a3119d0b819
GIT binary patch
literal 784
zcmZuv+iuf95IyUAT(?QxCIl$=0!e_Ti15@3feJ_!0UlCSqHh~#6}GrG*c&81h5P`|
zfYc(8;GJ(mh_TbeMIg(&b3JorW`F+v`W-+Aw_Uhcad8gkOK@<(!9^FBaM{Kc7Zz4*
zth%_0Yc{SkEUof16^W8@ls=Rx?}uW*!1frdO&Ljbk3nxVcNvVWcpw<cT^WgIql3Ok
zcCugwzZ(ZU+~tYP^kbu;Udoig?(T?G-QA${11=*1CZpfo=WlsC<k7I*Q;Cd*<e%>;
z9=v+WU*`Ze8Vt^65FS%-d+{g<#ABHibaTwL48+4c7Hl*<v~a`296TzqPT3xA;ub@_
zsPtgk=A$Hu69zL!v9ac%jdg}f5&FEpF9P+KX~L6Xv54A^lo$#^a#TEZR~y^S|8-}H
zHzOWW@72Z$_oU87lZIU`aJNF*2t#ckQkjUsj5iHPjmSak*rRniv}Ax)>RHz$>7XHE
zfzC2%ZMqrVX6p#-BMBNRbXvKQ+927R1i;4<X(cSrlHXBumfX?5Kzs5D`WVYC-#COh
z#@shpFOFdUIB9-gn6p}XUdx9;vPmDkIoP;El&5t~B3MO@{HN$ILHm_G%X*DMPS0p`
jauUFz?;N5uhHZR+p?`+{Z$BA|3C+8ob$x~u4QKxVj=Gph

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_int_to_string/Test5.java b/regression/strings-smoke-tests/java_int_to_string/Test5.java
new file mode 100644
index 00000000000..af0b93c8916
--- /dev/null
+++ b/regression/strings-smoke-tests/java_int_to_string/Test5.java
@@ -0,0 +1,9 @@
+public class Test5
+{
+    public static void main()
+    {
+        String s = Integer.toString(0);
+        assert(s.equals("0"));
+        assert(!s.equals("0"));
+    }
+}
diff --git a/regression/strings-smoke-tests/java_int_to_string/test.desc b/regression/strings-smoke-tests/java_int_to_string/test.desc
deleted file mode 100644
index e8d4260b1e0..00000000000
--- a/regression/strings-smoke-tests/java_int_to_string/test.desc
+++ /dev/null
@@ -1,10 +0,0 @@
-CORE
-test_int.class
---refine-strings
-^EXIT=10$
-^SIGNAL=0$
-assertion.* file test_int.java line 6 .* SUCCESS$
-assertion.* file test_int.java line 9 .* SUCCESS$
-assertion.* file test_int.java line 11 .* FAILURE$
-assertion.* file test_int.java line 13 .* FAILURE$
---
diff --git a/regression/strings-smoke-tests/java_int_to_string/test1.desc b/regression/strings-smoke-tests/java_int_to_string/test1.desc
new file mode 100644
index 00000000000..a2310910fe8
--- /dev/null
+++ b/regression/strings-smoke-tests/java_int_to_string/test1.desc
@@ -0,0 +1,8 @@
+THOROUGH
+Test1.class
+--refine-strings
+^EXIT=10$
+^SIGNAL=0$
+assertion.* line 6 .* SUCCESS$
+assertion.* line 7 .* FAILURE$
+--
diff --git a/regression/strings-smoke-tests/java_int_to_string/test2.desc b/regression/strings-smoke-tests/java_int_to_string/test2.desc
new file mode 100644
index 00000000000..84de6312d9b
--- /dev/null
+++ b/regression/strings-smoke-tests/java_int_to_string/test2.desc
@@ -0,0 +1,8 @@
+THOROUGH
+Test2.class
+--refine-strings
+^EXIT=10$
+^SIGNAL=0$
+assertion.* line 6 .* SUCCESS$
+assertion.* line 7 .* FAILURE$
+--
diff --git a/regression/strings-smoke-tests/java_int_to_string/test3.desc b/regression/strings-smoke-tests/java_int_to_string/test3.desc
new file mode 100644
index 00000000000..ec1b558b9b0
--- /dev/null
+++ b/regression/strings-smoke-tests/java_int_to_string/test3.desc
@@ -0,0 +1,8 @@
+THOROUGH
+Test3.class
+--refine-strings
+^EXIT=10$
+^SIGNAL=0$
+assertion.* line 6 .* SUCCESS$
+assertion.* line 7 .* FAILURE$
+--
diff --git a/regression/strings-smoke-tests/java_int_to_string/test4.desc b/regression/strings-smoke-tests/java_int_to_string/test4.desc
new file mode 100644
index 00000000000..cdc0f39f580
--- /dev/null
+++ b/regression/strings-smoke-tests/java_int_to_string/test4.desc
@@ -0,0 +1,8 @@
+THOROUGH
+Test4.class
+--refine-strings
+^EXIT=10$
+^SIGNAL=0$
+assertion.* line 6 .* SUCCESS$
+assertion.* line 7 .* FAILURE$
+--
diff --git a/regression/strings-smoke-tests/java_int_to_string/test5.desc b/regression/strings-smoke-tests/java_int_to_string/test5.desc
new file mode 100644
index 00000000000..0ca2c04a3bf
--- /dev/null
+++ b/regression/strings-smoke-tests/java_int_to_string/test5.desc
@@ -0,0 +1,8 @@
+THOROUGH
+Test5.class
+--refine-strings
+^EXIT=10$
+^SIGNAL=0$
+assertion.* line 6 .* SUCCESS$
+assertion.* line 7 .* FAILURE$
+--
diff --git a/regression/strings-smoke-tests/java_int_to_string/test_int.class b/regression/strings-smoke-tests/java_int_to_string/test_int.class
deleted file mode 100644
index ca4e3be5dc4cbe057e18e8f43a9813c6d11e4e1c..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 1074
zcmZuvTTc^F5dKbgyW1{XX$wUxpkPr-xfHNoK`x>sBt=ay7)gxTwkLRSyNkP96Z|Le
z<eSf80!9;k_n-LcGcnHTQVP+BbD5cMX1@8(`T6JTcK{_U8%Q8$U>Mip=)m<DMhxUJ
zs-s{)LoSXnj2oE1WDG?eQwF9nqvHlc*RbXL+zW*3_z#6|Rcu~kV4DouoNz=i&!FT-
zHyG4qx5gPd%fjK08}$nJo=Gr6y6jdhd&BaCv`?IB@LKo`MmgYq@JcwrELEsm!l5I-
zD(f*pYn2wk(&cUIomI3gXREj#c*5BtI13mO>w#5$vu5oy%jzgG#OA8@2{B{cZFp6_
zA|#DOtJ9>cWg>}`j+-WK;kJnj=wygY)5s+gcW{@Xx7~56CBP%kb3GmROw3|V$9)s?
zSfKeQW=N=5tG<p!6H9o&kZjj@QrYHJB7DXb4#JRXqgI`OZ*fl+b6epI$??DOHU73?
z*(6RTe<mFEnH{C~IooR24|tuJx((ux3Gu=$J|!swYQ(KN3EI^pa^B6L??{kM4|A^3
z$ur28>TD0NY}0RH=&5mEc)WJ196eLepa6Z9O$^ZwOwhMv$zCZu-4qaAq-al*Riu;A
z87&-veWFVQU9@XWCqp;g%@BYLddQ07B6`UqlYbLhq4Ryx{DMgN0LnhP$I|K{qWkFh
z2JOWW^dHGz6kIz%Z2S=M5Hp@O&SSFb2V|SEsW5*JBdz>wv=!?P^Y+@cC1a(@xB!Fh
zQDUxP06KDrp+Ibx$iG4&yrelQB*iYtAg3A(nd1_&WN8S{hklwXhv$^vPm^6He-i33
y26S9GMvnHrKB_u+Dqg9n43J899Kzg(u6~57e1`I`kg`}55pz+>Jw!$XSN{SbO5BeC

diff --git a/regression/strings-smoke-tests/java_int_to_string/test_int.java b/regression/strings-smoke-tests/java_int_to_string/test_int.java
deleted file mode 100644
index 9ddbc332b6f..00000000000
--- a/regression/strings-smoke-tests/java_int_to_string/test_int.java
+++ /dev/null
@@ -1,15 +0,0 @@
-public class test_int
-{
-   public static void main(int i)
-   {
-      String s = Integer.toString(12);
-      assert(s.equals("12"));
-      String t = Integer.toString(-23);
-      System.out.println(t);
-      assert(t.equals("-23"));
-      if(i==1)
-          assert(!s.equals("12"));
-      else if(i==2)
-          assert(!t.equals("-23"));
-   }
-}
diff --git a/regression/strings-smoke-tests/java_int_to_string_knownbug/Test.class b/regression/strings-smoke-tests/java_int_to_string_knownbug/Test.class
new file mode 100644
index 0000000000000000000000000000000000000000..e8e940f8bd2d0dc9c0985b55beb86d7704ce63da
GIT binary patch
literal 797
zcmZuvU2hUW6g|U!vTOy`g7|@2tqN$1t*A}f7){lr5%qzliG3TE2~OSa>h9u$PyP-0
z13s%sYc$b!f0HrZffh*gVQ22gx#ylccYpo)_5(l*s}5Y8w{SswPric;E@tUkuyM)3
zWh`2_;=opjs}8QAW}(h-a*-#Ah*KGb$wQg&ZXkLLY?r~@kfBWPF=(~=4uifK^#nt{
zEkp5au-_H&wgNMF?a1fB4v(eskAiyoQYOUF-WEx^PSyKdhQymH{2qVHn*k5|%}yH2
zuuu89PRjjPPx<Rny@dvYz2OH(3Y<<fh<))`s(x8TxvV%`<WXQKPWiUNRP;sc;yP})
zn8OK%+|uew>uzi9)}7WG@w!;TGDBrr^Wb>?M{yj*BvtWSXu7zG6^6nT`MkR)e41b;
zG#-G&rqQuks%_Q(H=-%t40u3~QmW0Q$DHeRdhq<T(`G<hVJP=RB4g2;NTgRv2b7?d
z>|%kI>(ZuKp`u15O9Qc>KxdJ>Cf$r~qj3oKiHr<9I?Yj#Hcz%Y24Ef~^0FvTir*1h
z72o!>uh5@-hB3r^!!r+H4Uzi}`^6!$KWD=qreW1g8#VKwlWkB_6IEFBm)euYCMi6H
z3gu7Jmqq3`sus?a337I#qcu_i6g}qvxgjk5BXsQxjDH7GECw>}eKqzuax$p?1?A70
Axc~qF

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_int_to_string_knownbug/Test.java b/regression/strings-smoke-tests/java_int_to_string_knownbug/Test.java
new file mode 100644
index 00000000000..7c6e06e2ed3
--- /dev/null
+++ b/regression/strings-smoke-tests/java_int_to_string_knownbug/Test.java
@@ -0,0 +1,9 @@
+public class Test
+{
+    public static void main()
+    {
+        String t = Integer.toString(Integer.MIN_VALUE);
+        assert(t.equals("-2147483648"));
+        assert(!t.equals("-2147483648"));
+    }
+}
diff --git a/regression/strings-smoke-tests/java_int_to_string_knownbug/test.desc b/regression/strings-smoke-tests/java_int_to_string_knownbug/test.desc
new file mode 100644
index 00000000000..7d46cd722aa
--- /dev/null
+++ b/regression/strings-smoke-tests/java_int_to_string_knownbug/test.desc
@@ -0,0 +1,8 @@
+KNOWNBUG
+Test.class
+--refine-strings
+^EXIT=10$
+^SIGNAL=0$
+assertion.* line 6 .* SUCCESS$
+assertion.* line 7 .* FAILURE$
+--
diff --git a/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_binary1.class b/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_binary1.class
new file mode 100644
index 0000000000000000000000000000000000000000..e28d7089d5f02e70b23edf69bdf1c0becced5f0b
GIT binary patch
literal 813
zcmZuu%Wl&^6g^`*8OL>#)NMn65?%$8K$}`BY+4~u0VyKDB2^{2L6c+@rnolP4ie%^
z$Pcgvq!xh$d;WxfK#1$4iGyG<Gxs&;oO|z&-(S7~*o14r!it4+sN`Vcyon1IF5(i$
zWeZuXaI9Lmf~y?Y7#3GW6v;4Ffgjydk?44`$H4X(vfIj6@ofgZTH9kVc7mQ{D72I>
z9}f;YGTcpy8Jt$o72ci*RpOrnjrh5W81k)M8O6^!$`|1qcZ*OCh4KlXa!%_&ycP{l
z`29vZ4wc`h{CqnW-4~C<%MlJomBHNZdM8S(b}$IL@_|Zt7iOW?6D%9^$aB<e)N$R$
z9Bk@h&E0Tamym4Sz#2n2WxYG;{C*e)A%i`O$gystfenUY`r}FGKz8H5LSyM9C#`Dw
zvFu9%G~-~BE>)Y&+W$Jv%2xy7(L9!`GwCtWR*m*hNP%}eS{6g8CnFWg-c&ygEgn#U
zHnmTiHfjF=E0&WHkfnnLi#**0@*4CqdNcK7un%NtDAJuB1*s3R?QsDdERvVQ()9CN
zs!l%ND*nuThW79y^dXk&j&X#{5OZIVeR>T3eK!0q4JT~+h|PgPb_SeyD|Fu^(GzA)
z5|>e;{3$v)XunY5D3_?@^i;^^NCvRrm`BJB!HxGY^iR<L?I=OXK(p^8eV-vm!`VMF
CuA@f)

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_binary1.java b/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_binary1.java
new file mode 100644
index 00000000000..57ce4f998a9
--- /dev/null
+++ b/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_binary1.java
@@ -0,0 +1,9 @@
+public class Test_binary1
+{
+    public static void main()
+    {
+        String s = Integer.toString(-23, 2);
+        assert(s.equals("-10111"));
+        assert(!s.equals("-10111"));
+    }
+}
diff --git a/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_binary2.class b/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_binary2.class
new file mode 100644
index 0000000000000000000000000000000000000000..43de70464cdef4603108ca723ca7ecda7671b4ee
GIT binary patch
literal 843
zcmaJ<+fEZf82+Za+ijPHwky<n0zuTaDiwm>K#T@8X{>rtLIO8t+D_`=va7RO6XS)?
zVPC*&H36fE-uq0(`cF#_M&c$r^PlGX{?pIjU%vxb$C?8d^EMWYcfDTEK>`=kaIl!d
zl7mZFwsF}(N=ICAa1})xC5BVWJc@*hWf(;FWyBl4Xfd!ohUBIUWPFFgD3*2@%&o8`
z7&0{(h$o$chEUr&n8B-sP44e-CAEHRG~?$oVwkCIizt59kO5b3);0*`fXjgJ$>-Jf
z`D<SBdC;!ZV<m$&`KRkKZ@zfUU-ofqlo?W+P5(F(ryh1xQ#_QKH#Z5rqOn|LkR`_$
zw;IHvEtHFExb9*aGYku>|Nn^7#SN@56vjCBhCO<qRHzu-Np2ez7dNrWkR88x+SnJ(
z_%G9-NGd1}hhn~1t(H#eLsGozaG$y~SDbJUKsQP>oy?eO%cl`C<Xa+=O0-6~QY+&Q
zIcR=+SfovGX-!zRp!-0Q0YX8R&KzkKx*6S8`3USI2?=;~Ci_NO6O!FQ0A?{qS{nJ$
z<F^#8AK&&2>kG_BpI~({TlSKNu)CQ0hScs6(my86@5g4%X7t%Sm?T@UiFcmPTePl2
zX6iCdqd@*M^rw;dr8oI(o<h!z5?Sx30pvXA5K~>)<_DO@XITGMq){v++`GE&^Q0tj
F;SYCpt1AEi

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_binary2.java b/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_binary2.java
new file mode 100644
index 00000000000..2591b194c1d
--- /dev/null
+++ b/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_binary2.java
@@ -0,0 +1,9 @@
+public class Test_binary2
+{
+    public static void main()
+    {
+        String s = Integer.toString(Integer.MAX_VALUE, 2);
+        assert(s.equals("1111111111111111111111111111111"));
+        assert(!s.equals("1111111111111111111111111111111"));
+    }
+}
diff --git a/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_binary3.class b/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_binary3.class
new file mode 100644
index 0000000000000000000000000000000000000000..8ae1868a1bb2d42b8556b8bf2bbe023fd5e90819
GIT binary patch
literal 844
zcmaJ<%Wl&^6g?B$apJm7V%iX1r7Z=LKpP5$O)CT{AVmbaNL7h$(8L*qDXtA;2MMv^
zH^>jL2Ba2&1be;-A?_s21A(yQnfsb^?(4^|FW&&H<GKSE^ES>KZvo~Yg@r5}EM~Ce
z-~yIyTy&7p5tkfXM%hM%;lwhJW1$imh4DQZ^Hw0*3~Y}fy(vSP+-5M!m0bpND{2dd
zTtkN9ardAl)Q%2j@EVcNgI%tq){l*5@=V4IGmRY)Cr?{4<m&Z}4MI8KG9-NRd5wMk
ziq`@jc52N;$*@EI>1M+H=a2Y{K8}qlLuS(tjx%wZQCIomfz-T(N$6FL<syeXImWp4
zFcBT0TwK9b7t@$wSXf#6|3{=QR<O!Y8Ux)OHtD`nkz#Ns$!*kJT*Deee*9v)wJ-eS
z57VGZswjzuVzFGWSN_$Aw0PO&0kvtaJmDUIZd7PIxiQsNKr>`0wnZ$JXpeHGUM5{~
z&;a+aNUPw|p0IpLH-aPsgn~Ss1=4DCGrFzn5!eS3Qt;?Z_l>kCB)fwE%wmqTEQ+JY
zZzx(nzU3L#XP6H^!s=nR>ZK21_b~MpnI}icexEeI8=Ezo(P#5ul5D{y-g!E2(!LIv
zsmnNt68TTjpGE4YUggt83OO@MWWApTQ1F~XO!Z)!?_nCBVEtW@MzN4`@94VEl9Ix?
E-<E->VE_OC

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_binary3.java b/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_binary3.java
new file mode 100644
index 00000000000..403a811ae29
--- /dev/null
+++ b/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_binary3.java
@@ -0,0 +1,9 @@
+public class Test_binary3
+{
+    public static void main()
+    {
+        String s = Integer.toString(Integer.MIN_VALUE + 1, 2);
+        assert(s.equals("-1111111111111111111111111111111"));
+        assert(!s.equals("-1111111111111111111111111111111"));
+    }
+}
diff --git a/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_decimal.class b/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_decimal.class
new file mode 100644
index 0000000000000000000000000000000000000000..f152e9fdb322d0d2a54356be3d917e51e411f685
GIT binary patch
literal 811
zcmZuu%Wl&^6g?9=w&S{q>$V|4Av_8sfi{3Dx@d(!1*E6}7O5)H4Vu`aFvYRKc3ANv
z<Of&-Qj0)>J^#U9AjEaj#6hr_nfpBF+_^t~fB6Pr1Gh|=STS)9=L;}UHE_YiMO@Nx
z*@T7_9jhj;;Hr*m42!EgjzyHnFo++>n0I~QF|Y#$ZCeI1xyzu`>iZ1pPUs1SQd<V%
z$)MjA(Oz22;Iu=R`};hSseckwlNT~(D7N=RoILl0EBoBvB9uOt0pU~5X&>@8yy^3x
z*X$&b40@EG?<CxP`Ix^N;pnI_7~8IYqQvZkgUA(+WXiiR3%#CVS(ryrN8LgL*DcJ!
zBJpdtHwnhV4XiO#GRpgtu^&cJ7%^D0a5~m4G;x!`&N`lU4~3ij6&mX%Em>77NJLK%
zppk@=bh*}Q)&DoHCSDJ?PoJ?|n@Nv}w(7KmQU<)^)20~8o`_{6ys3Wrv1C9ATGIio
z*`VbE%&w&Klcj)u6-ByB<TdGK^yVAKU?0fH!KPaq1!)elt#JVyERt8i(zN+4Rj19H
z_D|dVjNI-=C_^kY9Q6qKA?Ch9dv*-{`)v4K7EbAu5uF2->^y1JP=$^=WKF0I(zuK=
z<xkNmAomMZ9hEYboSrJ#80i2O9ODRuA$0XUROJ(te@9AD^2k~D(!tM=lf&6Rh2o<e

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_decimal.java b/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_decimal.java
new file mode 100644
index 00000000000..afe64844abf
--- /dev/null
+++ b/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_decimal.java
@@ -0,0 +1,9 @@
+public class Test_decimal
+{
+    public static void main()
+    {
+        String s = Integer.toString(-27, 10);
+        assert(s.equals("-27"));
+        assert(!s.equals("-27"));
+    }
+}
diff --git a/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_hex1.class b/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_hex1.class
new file mode 100644
index 0000000000000000000000000000000000000000..b76f8b5081746ec44b5a79620492736bdec040f2
GIT binary patch
literal 802
zcmZuu%Wl&^6g^`*w&S>o>$V|4Av_8sfi^^{V9^SJ3P=$F7O5)H4VomQbc$<(?I0HX
z2>AilfYc(8V9$T>7YK2kG<FdzX68Q5oO|xQKYoAt24Ed63l^3woWuD%OjJ!=uy7HV
z3|zLLW7)upg)6vf;2Oii3XdWY#xn4u`!eD^PYf8?E`z=)eHq_jP;2!a25l=C2!>Ke
z`r^sxpeMrZ1kB)ef<E_lcqkM9IH<*YGGZunwnY>_-xF_I8$@xyrBCFPa69|_HE(*{
zA2z#jDE%Sj=ejZPzj(}FPDl*Y7|hMScPzu|2BWYq9?GO>G38xLh-}QEXrOMRf$KI3
zuu1l6t4AC*ZeW$6lGVF6YxqGJ1|dT}<ub5lqludgP6mJ4+ZX-#uh3L6!+eHn`>_}b
zVl(4lmM+)Y?fU;3)y1n3_h<}DwG-)Sp^ZAtzLXJfd9)yg@<2o~6oXVe%_<&Ig0{0u
z+cjzD0COry^JJ-@d7?;niM%GgjNV-12<!tH3LLuiNs#&=+nxg8Vu8Fo7Sqpf37vet
z?fi6{&rlwHggVAz!_^Lv8>8?Q`m-Y#-%p0$W#OcpIw|KuBRfZ0byQ*C7Fn~>CTUzk
znewOT<e~gR)j*|8kkhG>^@$E(-Zc-AAH&ezLsLIN{kNrrB?ra6n>2og90h0p0MehI
AH~;_u

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_hex1.java b/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_hex1.java
new file mode 100644
index 00000000000..874ba5fe5ad
--- /dev/null
+++ b/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_hex1.java
@@ -0,0 +1,9 @@
+public class Test_hex1
+{
+    public static void main()
+    {
+        String s = Integer.toString(-27, 16);
+        assert(s.equals("-1b"));
+        assert(!s.equals("-1b"));
+    }
+}
diff --git a/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_hex2.class b/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_hex2.class
new file mode 100644
index 0000000000000000000000000000000000000000..dc8a7cbbfed687a6bd920fbcee1f530a6c27d635
GIT binary patch
literal 812
zcmZuvU2oD*7=8|IX(`<(bwm8b=~O@+x-9Nui_uI?h^QAVOWch)lp{N{Yqc%L3lo2b
z`~k1kWHXxRy}!wbZ(-1x*`(*ZU*~z=uU~(@{Q$6nWfK<8>!>L2hr^+X3@+qgV!^;g
z6PK{4<FW}OiMV3oDylka3?~+O6p1jFfgjzM5$|}S%fPl7vg^{9@f`-GTH9h!H-fHU
zD72(6p7i%RBHT=Z8Jt$&a&L==GSLr>YP=&OhJ0&NMDg<-@pgHQAojTQ37i~GYnQ*_
z4UhZ1Mmr9r-y{D_JLc}o$Nbd@L`R*$Sa-d{G|YC;4_)z4CZw}d+@%D_LIE~IF$Hb<
zvFM4=!ZlpCFoRjbT75D82-(67EHRYR2lpmzco2p`$dH>d=xA8DiCYYI8veAiE8O@W
z)3^@eiGzt)sy3Uo|CO2*ulwAiM$A`_xW}MtHR^sLrP}alL=2^_h-4_b(?qFTai1JC
zpKUDAq%B$lW|xy{Nm4*4u<0z4)}Wiwt<?{}K9P`tLuYnmq%|Pf8V6tw^Q7fanm&F<
z(aGagN3rd%P#=AUHo#on$?iiRApaf4vjgOQ9yNbR%?X_{qH~~<tkD)`QGt%zBu%Id
z%JC%1<Ud7!4w>Jm=r~=XkTcUvRz`UMMaSGnegIwl2vzw4?RZHEiiV7JH!1uqDH)vm
E3tGFRe*gdg

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_hex2.java b/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_hex2.java
new file mode 100644
index 00000000000..9a46dba5b7a
--- /dev/null
+++ b/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_hex2.java
@@ -0,0 +1,9 @@
+public class Test_hex2
+{
+    public static void main()
+    {
+        String s = Integer.toString(Integer.MAX_VALUE, 16);
+        assert(s.equals("7fffffff"));
+        assert(!s.equals("7fffffff"));
+    }
+}
diff --git a/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_hex3.class b/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_hex3.class
new file mode 100644
index 0000000000000000000000000000000000000000..933866a06d836324f1a57a549b2d73884e96780d
GIT binary patch
literal 813
zcmZuv%Wl&^6g?9=aqPH_W7-g&p-><RwBb?FMJog<AVmaNq^d+WXp#)+6xRmZK`dDC
z8{`LA15%4Xf<51a5O<QsE&@xQxsNmFK7aoH`W?UuZdkB!)<9Kz2QUj6oHJozA&>JG
zE@08XMGJX_xMblnY6j{I#};`Mi7=LdAKjA??|P!oz_uB3>(ZC;Z3eAY-(t`=g1%rV
zwxur~5BItv+*Du&w;lAjx5Y!L^h2W_@5qRu(B2eL{A@?Oxw%FZdtCZNP7b%d%U|=R
z$NfRG6Nl0tkbkBV^WKX`{N<R$K!YK_-t!LAusXpo?1=|b1)WWJmlctXA{>TNO4{;c
zF%Y4RE4XT72D1$2((3ccN7Oc!u*^_NU)-Jc;eHqfA;FUn2AVdm;W~qp!k=_^MKAu#
zG%19Vj)SRKuC-eA|J9lkuZG;CPR!SixF@7*b!vYx4YlFXj2Oy&5y?>WlSHXq@sJ!e
zplvMBsBPK<=2TR<BxxWPICPdsYtqf=&NdFfK9Z1uOJ{Cuq&*<no&Ye1dD2XjlgDof
ztsbwsn&W(d{_qpBBg{42+&+vE3g3`_dI0msQS<xMtioyIa4vL`v$TdeRAJy2Nz>4I
z%JDcV<Uc{biOerl4V)|!<W!Q$$~X_8<XZbEj9};=plhFz{kJ5=l10Y8qY6JwN(N{C
E0M6Z^wEzGB

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_hex3.java b/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_hex3.java
new file mode 100644
index 00000000000..38e8588eb69
--- /dev/null
+++ b/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_hex3.java
@@ -0,0 +1,9 @@
+public class Test_hex3
+{
+    public static void main()
+    {
+        String s = Integer.toString(Integer.MIN_VALUE + 1, 16);
+        assert(s.equals("-7fffffff"));
+        assert(!s.equals("-7fffffff"));
+    }
+}
diff --git a/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_octal1.class b/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_octal1.class
new file mode 100644
index 0000000000000000000000000000000000000000..70d57fafa12cd4298ef8252a712d6321f65842d0
GIT binary patch
literal 808
zcmZuu%Wl&^6g?9=w&OUB>$V|4Av_8sfi@IXbkPcd3P=$F7O5)H4VpNkFvYdOp0MIa
z$Pcgvq!xh$d;WxfK#1$4c_3KK%zd77?%W^0zkCC*fpr@;mTjEF`5Y`%EL^a05tmF{
zwqan|#EOk8xN71W!@>$r5)msIg~@%H@J=AQ3~Zml*p{JGcNny4ZI40UiMoQJ*pi`m
z(m(8ocsDI(@LG}2gFPP0)ISO8>V-@g3awp{sOOQdc(A@jActIr1Wzfib->^7M!>^f
zqpe~Y_9$OyEAGF1%wG**OjH@HZ9g~>Vz;Ay?2CsorFCbJ*HS141<aYKIjG~hgFGCP
zzItnuP#oOADnoh7cyB!PgE)?2hWregi8Tie+$4@^!_&@z@YP?Tk!ptdX;m{+q9+K?
zQqeeFsy3Uo{|#%1*L@z)S1eU$(j%g+8f~CB1>Om0O$?>3NMtO!6Z!OCs!s{p(LU|i
zqRj)$EvMs?rGfqwb95KUYtYN+&DM{>K9G@tOSdr$(i~(vqXKwXATNi-N%LE(PMbH~
zpRV;8nMWU?4X{}E^dn>k$bW_L>=@?v+3>q*IHl8ubRKlFv!vBP1txBjHKw*m;}S}g
zKSd{p%r8_-luJ}{dZJ`wr~{bytRv(GF!lG)wNKFg9Vtc0BIDdm2R}nj250{OHqxPb

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_octal1.java b/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_octal1.java
new file mode 100644
index 00000000000..d006176e777
--- /dev/null
+++ b/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_octal1.java
@@ -0,0 +1,9 @@
+public class Test_octal1
+{
+    public static void main()
+    {
+        String s = Integer.toString(-23, 8);
+        assert(s.equals("-27"));
+        assert(!s.equals("-27"));
+    }
+}
diff --git a/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_octal2.class b/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_octal2.class
new file mode 100644
index 0000000000000000000000000000000000000000..3269a829ec45d9375fbce2c776bf78730e405436
GIT binary patch
literal 821
zcmZuv%Wl&^6g?9=vEw+zF>MIXP$-ZDXlPZ@MJog<AVmaNq^d+WXyS~*6xRlO!U~D+
zAV0twkXi&1?D-}{xK5e}0!yB`&vWjbdw>4^`W?VJ)-2e#V4$MC8xDsSQn;9fg(VZ0
zEL_I2fh!iwB;u-tYp5EiF`QiHaV#Pw!yvvdW8U#amx1juWVU1=)g1<{TH9sNx5KVr
zD70iCp7akoBHBrU8QfOraetRbGSQEXx_TjFhJ0&B#OitIDekXr6379U0l|~YZSC_n
zyy5ep*J!Iq20ilU+lqTHAM;lu7z1?%bIbFO3$fZ^Kk~#wnb10O$SVnyjRG8o;taMK
zDA5y<jqA8!Baagdxz&y7NANaoVuhhR%egmsjR#Q_MwBo|W1wN<7FLOTmhiN*FFf^^
zY1|H#uEL2}sy3Uo|8<-ZulwAm_gJjXxyPWJH5x-<Mz!tJtQbmN5z9z)r=`-PsXjSq
zP<vRSk=wKn%qb@=lca%A;LuqltwA@VJ6%5l`$$3xE}fZ?k@kUPdmMlTERvQ*X`1|&
zqLbteS98oS&>ww5dVqzxn>mCrK<*pNXGh5Xm^Z(lnG-r~MCU>$IZf-BK?MeGlQf|=
zsm4<%lm9gRS)_iUV&F`PLe5SrSs&E_6kY2Oxd9CQ19a^((*L%Uprnzq?<S3(BPE6N
Fe*nf2ra%Ay

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_octal2.java b/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_octal2.java
new file mode 100644
index 00000000000..c04f658e662
--- /dev/null
+++ b/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_octal2.java
@@ -0,0 +1,9 @@
+public class Test_octal2
+{
+    public static void main()
+    {
+        String s = Integer.toString(Integer.MAX_VALUE, 8);
+        assert(s.equals("17777777777"));
+        assert(!s.equals("17777777777"));
+    }
+}
diff --git a/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_octal3.class b/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_octal3.class
new file mode 100644
index 0000000000000000000000000000000000000000..c482db18c147d41e55805984117dc91a954750e1
GIT binary patch
literal 822
zcmZuv%Wl&^6g?9=vEw+zF>MIXP$-ZD+EA$Iq7?!akRn36NL7h$(8L*qDXtCngcS>Z
zgZuz%Kxz?4u;-f);yP&_h+6W@eV%jg-23a#w;upjamRv<O9m?1dw^L;;c^xh7ED~R
za21ONu30dXi0c+^plYDTaC(u)v51rmgZPn*dB+!B2DZnL*^q%$_ZhTmZI?mc47-A%
z(2{}J>K}AOw37rgxUJCR{w|MXq8}S|^-{(R`PPnz)r-(m+`qd{AO~Cq1Wzuvwa?%3
zhR=guqpczt^vIuYEAG8|#$OL%4AdFS4bML=#A=8A$P-UwLhH;RFDFno3UC;TQ`lyp
zL{CIEZsL}WJWes#ODk)WkMM0QVVR*kO?o(fj>l0HMhv+b9s>;<x3NO((}eBLzVOsP
zrcpmsy9&o*soHGTPHH(L-t@Uo4>Dh!agRXPYcz+#lxowbVKJ1tB9@WpPD-U$Q+;yK
zr1r2tGq-6Wm{U%ACP@RKz@f89T7zyzce;KA_KAcPTskvDBP|5U_9y^zm?tfZ(j@sE
zMJLH?uI89up+EhM^Z;{pH**MMfZTVO&ySG(IcxqfH79i1kj{lpa+>xrg9;4XBWX-+
zQjKR&CjVLbvq=3$#lX1|g`A&MvO25-D7w}maswFpN9fuYr2lUzK}jQJKS&zCKuQW1
F{{kWeqjmrQ

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_octal3.java b/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_octal3.java
new file mode 100644
index 00000000000..828ffa954f1
--- /dev/null
+++ b/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_octal3.java
@@ -0,0 +1,9 @@
+public class Test_octal3
+{
+    public static void main()
+    {
+        String s = Integer.toString(Integer.MIN_VALUE + 1, 8);
+        assert(s.equals("-17777777777"));
+        assert(!s.equals("-17777777777"));
+    }
+}
diff --git a/regression/strings-smoke-tests/java_int_to_string_with_radix/test_binary1.desc b/regression/strings-smoke-tests/java_int_to_string_with_radix/test_binary1.desc
new file mode 100644
index 00000000000..f43c4f2eab0
--- /dev/null
+++ b/regression/strings-smoke-tests/java_int_to_string_with_radix/test_binary1.desc
@@ -0,0 +1,8 @@
+CORE
+Test_binary1.class
+--refine-strings
+^EXIT=10$
+^SIGNAL=0$
+assertion.* line 6 .* SUCCESS$
+assertion.* line 7 .* FAILURE$
+--
diff --git a/regression/strings-smoke-tests/java_int_to_string_with_radix/test_binary2.desc b/regression/strings-smoke-tests/java_int_to_string_with_radix/test_binary2.desc
new file mode 100644
index 00000000000..0613a4de16e
--- /dev/null
+++ b/regression/strings-smoke-tests/java_int_to_string_with_radix/test_binary2.desc
@@ -0,0 +1,8 @@
+CORE
+Test_binary2.class
+--refine-strings
+^EXIT=10$
+^SIGNAL=0$
+assertion.* line 6 .* SUCCESS$
+assertion.* line 7 .* FAILURE$
+--
diff --git a/regression/strings-smoke-tests/java_int_to_string_with_radix/test_binary3.desc b/regression/strings-smoke-tests/java_int_to_string_with_radix/test_binary3.desc
new file mode 100644
index 00000000000..3473672d547
--- /dev/null
+++ b/regression/strings-smoke-tests/java_int_to_string_with_radix/test_binary3.desc
@@ -0,0 +1,8 @@
+CORE
+Test_binary3.class
+--refine-strings
+^EXIT=10$
+^SIGNAL=0$
+assertion.* line 6 .* SUCCESS$
+assertion.* line 7 .* FAILURE$
+--
diff --git a/regression/strings-smoke-tests/java_int_to_string_with_radix/test_decimal.desc b/regression/strings-smoke-tests/java_int_to_string_with_radix/test_decimal.desc
new file mode 100644
index 00000000000..9964325e0ea
--- /dev/null
+++ b/regression/strings-smoke-tests/java_int_to_string_with_radix/test_decimal.desc
@@ -0,0 +1,8 @@
+CORE
+Test_decimal.class
+--refine-strings
+^EXIT=10$
+^SIGNAL=0$
+assertion.* line 6 .* SUCCESS$
+assertion.* line 7 .* FAILURE$
+--
diff --git a/regression/strings-smoke-tests/java_int_to_string_with_radix/test_hex1.desc b/regression/strings-smoke-tests/java_int_to_string_with_radix/test_hex1.desc
new file mode 100644
index 00000000000..bc2e3da1f9c
--- /dev/null
+++ b/regression/strings-smoke-tests/java_int_to_string_with_radix/test_hex1.desc
@@ -0,0 +1,8 @@
+CORE
+Test_hex1.class
+--refine-strings
+^EXIT=10$
+^SIGNAL=0$
+assertion.* line 6 .* SUCCESS$
+assertion.* line 7 .* FAILURE$
+--
diff --git a/regression/strings-smoke-tests/java_int_to_string_with_radix/test_hex2.desc b/regression/strings-smoke-tests/java_int_to_string_with_radix/test_hex2.desc
new file mode 100644
index 00000000000..3d154f9a349
--- /dev/null
+++ b/regression/strings-smoke-tests/java_int_to_string_with_radix/test_hex2.desc
@@ -0,0 +1,8 @@
+CORE
+Test_hex2.class
+--refine-strings
+^EXIT=10$
+^SIGNAL=0$
+assertion.* line 6 .* SUCCESS$
+assertion.* line 7 .* FAILURE$
+--
diff --git a/regression/strings-smoke-tests/java_int_to_string_with_radix/test_hex3.desc b/regression/strings-smoke-tests/java_int_to_string_with_radix/test_hex3.desc
new file mode 100644
index 00000000000..8ae7e9ef1d1
--- /dev/null
+++ b/regression/strings-smoke-tests/java_int_to_string_with_radix/test_hex3.desc
@@ -0,0 +1,8 @@
+CORE
+Test_hex3.class
+--refine-strings
+^EXIT=10$
+^SIGNAL=0$
+assertion.* line 6 .* SUCCESS$
+assertion.* line 7 .* FAILURE$
+--
diff --git a/regression/strings-smoke-tests/java_int_to_string_with_radix/test_octal1.desc b/regression/strings-smoke-tests/java_int_to_string_with_radix/test_octal1.desc
new file mode 100644
index 00000000000..24d6a80006e
--- /dev/null
+++ b/regression/strings-smoke-tests/java_int_to_string_with_radix/test_octal1.desc
@@ -0,0 +1,8 @@
+CORE
+Test_octal1.class
+--refine-strings
+^EXIT=10$
+^SIGNAL=0$
+assertion.* line 6 .* SUCCESS$
+assertion.* line 7 .* FAILURE$
+--
diff --git a/regression/strings-smoke-tests/java_int_to_string_with_radix/test_octal2.desc b/regression/strings-smoke-tests/java_int_to_string_with_radix/test_octal2.desc
new file mode 100644
index 00000000000..c7ed4a1c466
--- /dev/null
+++ b/regression/strings-smoke-tests/java_int_to_string_with_radix/test_octal2.desc
@@ -0,0 +1,8 @@
+CORE
+Test_octal2.class
+--refine-strings
+^EXIT=10$
+^SIGNAL=0$
+assertion.* line 6 .* SUCCESS$
+assertion.* line 7 .* FAILURE$
+--
diff --git a/regression/strings-smoke-tests/java_int_to_string_with_radix/test_octal3.desc b/regression/strings-smoke-tests/java_int_to_string_with_radix/test_octal3.desc
new file mode 100644
index 00000000000..6b201a5414c
--- /dev/null
+++ b/regression/strings-smoke-tests/java_int_to_string_with_radix/test_octal3.desc
@@ -0,0 +1,8 @@
+CORE
+Test_octal3.class
+--refine-strings
+^EXIT=10$
+^SIGNAL=0$
+assertion.* line 6 .* SUCCESS$
+assertion.* line 7 .* FAILURE$
+--
diff --git a/regression/strings-smoke-tests/java_int_to_string_with_radix_knownbug/Test_binary.class b/regression/strings-smoke-tests/java_int_to_string_with_radix_knownbug/Test_binary.class
new file mode 100644
index 0000000000000000000000000000000000000000..daae1fcce6c602bee287047c16028a9f0bf0668d
GIT binary patch
literal 842
zcmaJ<+ins;82*OcWnoza))w(prB(&Br8U)?Hbzr5A)>vYX<~28027?L-PPH}#CYRt
z$P0L_Cauv#?|mj?{0GXxXxwCH{?mNlfBNz3%Qpb)xZ%LXf{hEtThbjQa4}6+IfX?B
zm#}2xvV)Y4xZ>a{DmJPNCzp5>2^GsQi0;XVw|&uNV0#S7O&Q4eHiJ>A?lPELVOKEZ
znlccN`v+~Ic62a<*9<${-{neb{n%*6&t$}qZSIIDe%h7+SFbk+<bcb7;K}7R_xUSc
z_j%B(w_+uO9{IDan0KB(;xC3UHfjv1&5nPZh|>!Dsv{mqO`D%VUeQo4a>z3jrm&45
z7CoU{T*Gx2S)5=fFR!is|07Zt%UEG3O_A=7dvsr^P%&g?$ZgbJtYVE)nm*WW?~6|S
zhiOzK6%>bKu~=y|s{iUkQoQVQpSm<(nQ@OmH>xz8+>~m|rwK9?yCRZGbSJ4&E8{*n
zXncDp(;~RE6)a!UjUdSYp&(CZfwVf^jBcxT1onZ11Ux#ELnCbo$?hlsbC@SBjpF3-
z8;aJCZ+V9G8Ro-}um+f`dC5cA17yA;_2dZY@3ZE2Q?q6>hHM^8k}cT8yFlkn+SV~M
zbs48nBL8Xn(@6Z(i+rX?A!jFvtPj%w3Z8R_%mB9e9;WdL*54Ir6blLWj;{M0DG8ka
E4dmdb*8l(j

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_int_to_string_with_radix_knownbug/Test_binary.java b/regression/strings-smoke-tests/java_int_to_string_with_radix_knownbug/Test_binary.java
new file mode 100644
index 00000000000..15c689f1fab
--- /dev/null
+++ b/regression/strings-smoke-tests/java_int_to_string_with_radix_knownbug/Test_binary.java
@@ -0,0 +1,9 @@
+public class Test_binary
+{
+    public static void main()
+    {
+        String s = Integer.toString(Integer.MIN_VALUE, 2);
+        assert(s.equals("-10000000000000000000000000000000"));
+        assert(!s.equals("-10000000000000000000000000000000"));
+    }
+}
diff --git a/regression/strings-smoke-tests/java_int_to_string_with_radix_knownbug/Test_hex.class b/regression/strings-smoke-tests/java_int_to_string_with_radix_knownbug/Test_hex.class
new file mode 100644
index 0000000000000000000000000000000000000000..b568e5cab6c05cd5cfae5494341f8b34c318c37e
GIT binary patch
literal 810
zcmZuv%Wl&^6g?9=@uLoLOdG;8v=m4JZ3?OYsTBehkRk$Iq^d+WXyT00DXtB+gIKWO
zH^>jL2Ba2&1be;-A+D1;E&@xQxzBU%V}Abr`W?V3Zkn)gK|@V>N4kj|E*f;r>sT;x
z35yyoo6wVpD<-a@uA#wja*;=o2xA%e(E}Oro+tVYY=@z+E`1r_Wl-vkZ3cBC=nIBY
zNBZLFaK9(Qtt6Pi=>#tKws|NM{m7`syE0-hJ6j@(pYMt{YlN`RrBB#ocRG9gHE(&`
zAGEr0DE$HXi`|&JFP`w1V+;*V27TT2j;b)b!7y~iBbjg(Q`qGM$3h7<Lpj52`>_~^
z(84ubw@}0h24m^Y%H$(t3rkpLsAd`W(<wX*!yqK)ltDww!U}FM*je;uZ%?@KU#3YL
zlo$u8SgE($jsJC85U+;ZqdCmgkGUtHYYm!xDWlr(Xh95>zKCQf`qMgTSn-e?w4EKy
z)1EC_I<u=uw<IYb6xei@No&!~=*~9}!9J3ZgF|OwY@|m(vNZ|7EapfvP?;vbrRXI2
zwxihg7pRXvAwR-w(<vN48)4=f^k;`KejGQy&&&y(GNyB&lANbESU?RLZjqEy>r~?@
zRLOsuegnB*sA)J;p^&rFN>;~p0A<HKz|07m`T?r)8To%(N>K91S@)90&ykYD`9IN4
BpPv8#

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_int_to_string_with_radix_knownbug/Test_hex.java b/regression/strings-smoke-tests/java_int_to_string_with_radix_knownbug/Test_hex.java
new file mode 100644
index 00000000000..d504137254f
--- /dev/null
+++ b/regression/strings-smoke-tests/java_int_to_string_with_radix_knownbug/Test_hex.java
@@ -0,0 +1,9 @@
+public class Test_hex
+{
+    public static void main()
+    {
+        String s = Integer.toString(Integer.MIN_VALUE, 16);
+        assert(s.equals("-80000000"));
+        assert(!s.equals("-80000000"));
+    }
+}
diff --git a/regression/strings-smoke-tests/java_int_to_string_with_radix_knownbug/Test_octal.class b/regression/strings-smoke-tests/java_int_to_string_with_radix_knownbug/Test_octal.class
new file mode 100644
index 0000000000000000000000000000000000000000..f8830a84878c1302bfa87a0140d6541a264d2717
GIT binary patch
literal 819
zcmZuv%Wl&^6g^`*w&S`aF>MIXP+A}fv?)~ui&h9!K#B;kNL8ubpoudIQ(PPD2`d)-
z2KfQjfYc(8V9z%p#C6idMPSKu-{+n?cYgl<`W?VJ)*QIFWTC3RBin(7%XtzDHm*2W
z#FB-p4(v4JnuF`8S*SCdUgAk2VkM(6c_0(s4MdND?J<~}GL-5rgI=reFc@1=PcRhP
zG89h-2VD_wr^yUnJMww3!(*A+$4*1NkO_m^-WG{^9{Gv~8-#JdWk~20@!I?R4Q~cK
z>^D0qmSLabvmM3#mrwYs5sHNdgT3ho$2^=)G>CoiNTyv28SqMq<f4EgLn%XTg-Y~A
z?BWJ)x|qc&qO-iVI{gUV#WGeHDp}F}$z?o@<0xiuvNjf)E>>}ip_t`A>+TC*{pA`@
zL(Ek)QOmVftNy=%P4Rlb1G<j++KKQObfZp7C}gd+0@@TqxhE1Ci{6we-I*FtfY!8!
z1zNaE+h@f}Ix=ZG2n9ttOJp@kGLpH*5!gpkG<bBHBPYEE(%o?a<}goI9_4BATgpz0
z?|6FA{sQCiC*+2hYk1}%tRZH;!QMSW{>Mr8`^=rT(?{(*7^LUuF`B5t!fnzft!?6X
z1{I2*r9Tht7pfM{l_}-?l*#&t2T<~yL(B|e86RNipOO1_q!c9w&Apcnet`@P7ykf(
CPok6n

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_int_to_string_with_radix_knownbug/Test_octal.java b/regression/strings-smoke-tests/java_int_to_string_with_radix_knownbug/Test_octal.java
new file mode 100644
index 00000000000..2808cd29c76
--- /dev/null
+++ b/regression/strings-smoke-tests/java_int_to_string_with_radix_knownbug/Test_octal.java
@@ -0,0 +1,9 @@
+public class Test_octal
+{
+    public static void main()
+    {
+        String s = Integer.toString(Integer.MIN_VALUE, 8);
+        assert(s.equals("-20000000000"));
+        assert(!s.equals("-20000000000"));
+    }
+}
diff --git a/regression/strings-smoke-tests/java_int_to_string_with_radix_knownbug/test_binary.desc b/regression/strings-smoke-tests/java_int_to_string_with_radix_knownbug/test_binary.desc
new file mode 100644
index 00000000000..8c90293465b
--- /dev/null
+++ b/regression/strings-smoke-tests/java_int_to_string_with_radix_knownbug/test_binary.desc
@@ -0,0 +1,8 @@
+KNOWNBUG
+Test_binary.class
+--refine-strings
+^EXIT=10$
+^SIGNAL=0$
+assertion.* line 6 .* SUCCESS$
+assertion.* line 7 .* FAILURE$
+--
diff --git a/regression/strings-smoke-tests/java_int_to_string_with_radix_knownbug/test_hex.desc b/regression/strings-smoke-tests/java_int_to_string_with_radix_knownbug/test_hex.desc
new file mode 100644
index 00000000000..5012b9dc642
--- /dev/null
+++ b/regression/strings-smoke-tests/java_int_to_string_with_radix_knownbug/test_hex.desc
@@ -0,0 +1,8 @@
+KNOWNBUG
+Test_hex.class
+--refine-strings
+^EXIT=10$
+^SIGNAL=0$
+assertion.* line 6 .* SUCCESS$
+assertion.* line 7 .* FAILURE$
+--
diff --git a/regression/strings-smoke-tests/java_int_to_string_with_radix_knownbug/test_octal.desc b/regression/strings-smoke-tests/java_int_to_string_with_radix_knownbug/test_octal.desc
new file mode 100644
index 00000000000..3418b92e060
--- /dev/null
+++ b/regression/strings-smoke-tests/java_int_to_string_with_radix_knownbug/test_octal.desc
@@ -0,0 +1,8 @@
+KNOWNBUG
+Test_octal.class
+--refine-strings
+^EXIT=10$
+^SIGNAL=0$
+assertion.* line 6 .* SUCCESS$
+assertion.* line 7 .* FAILURE$
+--
diff --git a/src/java_bytecode/java_string_library_preprocess.cpp b/src/java_bytecode/java_string_library_preprocess.cpp
index 5ad4efddbd3..6efb5a826ff 100644
--- a/src/java_bytecode/java_string_library_preprocess.cpp
+++ b/src/java_bytecode/java_string_library_preprocess.cpp
@@ -2281,6 +2281,9 @@ void java_string_library_preprocesst::initialize_conversion_table()
   cprover_equivalent_to_java_string_returning_function
     ["java::java.lang.Integer.toString:(I)Ljava/lang/String;"]=
       ID_cprover_string_of_int_func;
+  cprover_equivalent_to_java_string_returning_function
+    ["java::java.lang.Integer.toString:(II)Ljava/lang/String;"]=
+      ID_cprover_string_of_int_func;
   conversion_table
     ["java::java.lang.Object.getClass:()Ljava/lang/Class;"]=
       std::bind(
diff --git a/src/solvers/refinement/string_constraint_generator.h b/src/solvers/refinement/string_constraint_generator.h
index 57bb9c22505..ece5f83246e 100644
--- a/src/solvers/refinement/string_constraint_generator.h
+++ b/src/solvers/refinement/string_constraint_generator.h
@@ -203,7 +203,10 @@ class string_constraint_generatort: messaget
   string_exprt add_axioms_from_literal(const function_application_exprt &f);
   string_exprt add_axioms_from_int(const function_application_exprt &f);
   string_exprt add_axioms_from_int(
-    const exprt &i, size_t max_size, const refined_string_typet &ref_type);
+    const exprt &x,
+    const exprt radix,
+    size_t max_size,
+    const refined_string_typet &ref_type);
   string_exprt add_axioms_from_int_hex(
     const exprt &i, const refined_string_typet &ref_type);
   string_exprt add_axioms_from_int_hex(const function_application_exprt &f);
@@ -359,6 +362,7 @@ class string_constraint_generatort: messaget
 };
 
 exprt is_digit_with_radix(exprt chr, exprt radix);
+exprt is_digit_with_radix_lower_case(exprt chr, exprt radix);
 exprt get_numeric_value_from_character(
   const exprt &chr, const typet &char_type, const typet &type);
 std::string utf16_constant_array_to_ascii(
diff --git a/src/solvers/refinement/string_constraint_generator_concat.cpp b/src/solvers/refinement/string_constraint_generator_concat.cpp
index 1a157bbd859..40e941453fe 100644
--- a/src/solvers/refinement/string_constraint_generator_concat.cpp
+++ b/src/solvers/refinement/string_constraint_generator_concat.cpp
@@ -111,8 +111,9 @@ string_exprt string_constraint_generatort::add_axioms_for_concat_int(
 {
   const refined_string_typet &ref_type=to_refined_string_type(f.type());
   string_exprt s1=get_string_expr(args(f, 2)[0]);
+  const exprt &x=args(f, 2)[1];
   string_exprt s2=add_axioms_from_int(
-    args(f, 2)[1], MAX_INTEGER_LENGTH, ref_type);
+    x, from_integer(10, x.type()), MAX_INTEGER_LENGTH, ref_type);
   return add_axioms_for_concat(s1, s2);
 }
 
@@ -125,7 +126,9 @@ string_exprt string_constraint_generatort::add_axioms_for_concat_long(
 {
   const refined_string_typet &ref_type=to_refined_string_type(f.type());
   string_exprt s1=get_string_expr(args(f, 2)[0]);
-  string_exprt s2=add_axioms_from_int(args(f, 2)[1], MAX_LONG_LENGTH, ref_type);
+  const exprt &x=args(f, 2)[1];
+  string_exprt s2=add_axioms_from_int(
+    x, from_integer(10, x.type()), MAX_LONG_LENGTH, ref_type);
   return add_axioms_for_concat(s1, s2);
 }
 
diff --git a/src/solvers/refinement/string_constraint_generator_float.cpp b/src/solvers/refinement/string_constraint_generator_float.cpp
index 0bbb9ae6efa..82986a02b4a 100644
--- a/src/solvers/refinement/string_constraint_generator_float.cpp
+++ b/src/solvers/refinement/string_constraint_generator_float.cpp
@@ -201,7 +201,8 @@ string_exprt string_constraint_generatort::add_axioms_for_string_of_float(
   mod_exprt integer_part(round_expr_to_zero(f), max_non_exponent_notation);
   // We should not need more than 8 characters to represent the integer
   // part of the float.
-  string_exprt integer_part_str=add_axioms_from_int(integer_part, 8, ref_type);
+  string_exprt integer_part_str=add_axioms_from_int(
+    integer_part, from_integer(10, integer_part.type()), 8, ref_type);
 
   return add_axioms_for_concat(integer_part_str, fractional_part_str);
 }
@@ -407,7 +408,11 @@ string_exprt string_constraint_generatort::
   dec_significand_int=round_expr_to_zero(dec_significand);
 
   string_exprt string_expr_integer_part=
-    add_axioms_from_int(dec_significand_int, 3, ref_type);
+    add_axioms_from_int(
+      dec_significand_int,
+      from_integer(10, dec_significand_int.type()),
+      3,
+      ref_type);
   minus_exprt fractional_part(
     dec_significand, floatbv_of_int_expr(dec_significand_int, float_spec));
 
@@ -438,7 +443,7 @@ string_exprt string_constraint_generatort::
 
   // exponent_string = string_of_int(decimal_exponent)
   string_exprt exponent_string=add_axioms_from_int(
-    decimal_exponent, 3, ref_type);
+    decimal_exponent, from_integer(10, decimal_exponent.type()), 3, ref_type);
 
   // string_expr = concat(string_expr_with_E, exponent_string)
   return add_axioms_for_concat(string_expr_with_E, exponent_string);
diff --git a/src/solvers/refinement/string_constraint_generator_insert.cpp b/src/solvers/refinement/string_constraint_generator_insert.cpp
index 65ccc3b89d7..f3aa16f5cda 100644
--- a/src/solvers/refinement/string_constraint_generator_insert.cpp
+++ b/src/solvers/refinement/string_constraint_generator_insert.cpp
@@ -66,8 +66,9 @@ string_exprt string_constraint_generatort::add_axioms_for_insert_int(
 {
   const refined_string_typet &ref_type=to_refined_string_type(f.type());
   string_exprt s1=get_string_expr(args(f, 3)[0]);
+  const exprt &x=args(f, 3)[2];
   string_exprt s2=add_axioms_from_int(
-    args(f, 3)[2], MAX_INTEGER_LENGTH, ref_type);
+    x, from_integer(10, x.type()), MAX_INTEGER_LENGTH, ref_type);
   return add_axioms_for_insert(s1, s2, args(f, 3)[1]);
 }
 
@@ -81,7 +82,9 @@ string_exprt string_constraint_generatort::add_axioms_for_insert_long(
 {
   const refined_string_typet &ref_type=to_refined_string_type(f.type());
   string_exprt s1=get_string_expr(args(f, 3)[0]);
-  string_exprt s2=add_axioms_from_int(args(f, 3)[2], MAX_LONG_LENGTH, ref_type);
+  const exprt &x=args(f, 3)[2];
+  string_exprt s2=add_axioms_from_int(
+    x, from_integer(10, x.type()), MAX_LONG_LENGTH, ref_type);
   return add_axioms_for_insert(s1, s2, args(f, 3)[1]);
 }
 
diff --git a/src/solvers/refinement/string_constraint_generator_valueof.cpp b/src/solvers/refinement/string_constraint_generator_valueof.cpp
index 04092905e8f..fada129695b 100644
--- a/src/solvers/refinement/string_constraint_generator_valueof.cpp
+++ b/src/solvers/refinement/string_constraint_generator_valueof.cpp
@@ -16,6 +16,14 @@ Author: Romain Brenguier, romain.brenguier@diffblue.com
 
 #include <solvers/floatbv/float_bv.h>
 
+const exprt get_radix_from_optional_second_argument(
+  const function_application_exprt &f, const typet &type)
+{
+  return f.arguments().size()==1?
+    static_cast<exprt>(from_integer(10, type)):
+    static_cast<exprt>(typecast_exprt(f.arguments()[1], type));
+}
+
 /// Add axioms corresponding to the String.valueOf(I) java function.
 /// \param expr: function application with one integer argument
 /// \return a new string expression
@@ -23,7 +31,10 @@ string_exprt string_constraint_generatort::add_axioms_from_int(
   const function_application_exprt &expr)
 {
   const refined_string_typet &ref_type=to_refined_string_type(expr.type());
-  return add_axioms_from_int(args(expr, 1)[0], MAX_INTEGER_LENGTH, ref_type);
+  PRECONDITION(expr.arguments().size()>=1);
+  const exprt &x=expr.arguments()[0];
+  const exprt radix=get_radix_from_optional_second_argument(expr, x.type());
+  return add_axioms_from_int(x, radix, MAX_INTEGER_LENGTH, ref_type);
 }
 
 /// Add axioms corresponding to the String.valueOf(J) java function.
@@ -33,7 +44,10 @@ string_exprt string_constraint_generatort::add_axioms_from_long(
   const function_application_exprt &expr)
 {
   const refined_string_typet &ref_type=to_refined_string_type(expr.type());
-  return add_axioms_from_int(args(expr, 1)[0], MAX_LONG_LENGTH, ref_type);
+  PRECONDITION(expr.arguments().size()>=1);
+  const exprt &x=expr.arguments()[0];
+  const exprt radix=get_radix_from_optional_second_argument(expr, x.type());
+  return add_axioms_from_int(x, radix, MAX_INTEGER_LENGTH, ref_type);
 }
 
 /// Add axioms corresponding to the String.valueOf(Z) java function.
@@ -95,32 +109,36 @@ string_exprt string_constraint_generatort::add_axioms_from_bool(
 /// Add axioms enforcing that the string corresponds to the result
 /// of String.valueOf(I) or String.valueOf(J) Java functions applied
 /// on the integer expression.
-/// \param i: a signed integer expression
+/// \param x: a signed integer expression
 /// \param max_size: a maximal size for the string representation
+/// \param radix: an expression for the radix
 /// \param ref_type: type for refined strings
 /// \return a string expression
 string_exprt string_constraint_generatort::add_axioms_from_int(
-  const exprt &i, size_t max_size, const refined_string_typet &ref_type)
+  const exprt &x,
+  const exprt radix,
+  size_t max_size,
+  const refined_string_typet &ref_type)
 {
-  PRECONDITION(i.type().id()==ID_signedbv);
+  max_size=33;
+  PRECONDITION(x.type().id()==ID_signedbv);
   PRECONDITION(max_size<std::numeric_limits<size_t>::max());
   string_exprt res=fresh_string(ref_type);
-  const typet &type=i.type();
-  exprt ten=from_integer(10, type);
+  const typet &type=x.type();
   const typet &char_type=ref_type.get_char_type();
   const typet &index_type=ref_type.get_index_type();
   exprt zero_char=constant_char('0', char_type);
-  exprt nine_char=constant_char('9', char_type);
+  exprt radix_char_type=typecast_exprt(radix, char_type);
   exprt minus_char=constant_char('-', char_type);
   exprt max=from_integer(max_size, index_type);
 
   // We add axioms:
-  // a1 : i < 0 => 1 <|res|<=max_size && res[0]='-'
-  // a2 : i >= 0 => 0 <|res|<=max_size-1 && '0'<=res[0]<='9'
-  // a3 : |res|>1 && '0'<=res[0]<='9' => res[0]!='0'
+  // a1 : x < 0 => 1 <|res|<=max_size && res[0]='-'
+  // a2 : x >= 0 => 0 <|res|<=max_size-1 && res[0] is a digit for the radix
+  // a3 : |res|>1 && res[0] is a digit for the radix => res[0]!='0'
   // a4 : |res|>1 && res[0]='-' => res[1]!='0'
 
-  binary_relation_exprt is_negative(i, ID_lt, from_integer(0, i.type()));
+  binary_relation_exprt is_negative(x, ID_lt, from_integer(0, type));
   and_exprt correct_length1(
     res.axiom_for_is_strictly_longer_than(1),
     res.axiom_for_is_shorter_than(max));
@@ -129,9 +147,7 @@ string_exprt string_constraint_generatort::add_axioms_from_int(
   axioms.push_back(a1);
 
   not_exprt is_positive(is_negative);
-  and_exprt starts_with_digit(
-    binary_relation_exprt(res[0], ID_ge, zero_char),
-    binary_relation_exprt(res[0], ID_le, nine_char));
+  exprt starts_with_digit=is_digit_with_radix_lower_case(res[0], radix_char_type);
   and_exprt correct_length2(
     res.axiom_for_is_strictly_longer_than(0),
     res.axiom_for_is_strictly_shorter_than(max));
@@ -151,49 +167,44 @@ string_exprt string_constraint_generatort::add_axioms_from_int(
   for(size_t size=1; size<=max_size; size++)
   {
     // For each possible size, we have:
-    // sum_0 = starts_with_digit ? res[0]-'0' : 0
-    // sum_j = 10 * sum_{j-1} + res[i] - '0'
+    // sum_0 = numeric value of res[0] (which is 0 if res[0] is '-')
+    // sum_j = radix * sum_{j-1} + numeric value of res[j]
     // and add axioms:
     // a5 : |res| == size =>
     //        forall 1 <= j < size.
     //          is_number && (j >= max_size-2 => no_overflow)
-    //     where is_number := '0' <= res[j] <= '9'
-    //     and no_overflow := sum_{j-1} = (10 * sum_{j-1} / 10)
+    //     where is_number := res[j] is a digit for the radix
+    //     and no_overflow := sum_{j-1} = (radix * sum_{j-1} / radix)
     //                        && sum_j >= sum_{j - 1}
     //         (the first part avoid overflows in multiplication and
     //          the second one in additions)
-    // a6 : |res| == size && '0' <= res[0] <= '9' => i == sum
-    // a7 : |res| == size && res[0] == '-' => i == -sum
+    // a6 : |res| == size && res[0] is a digit for radix => x == sum
+    // a7 : |res| == size && res[0] == '-' => x == -sum
 
     exprt::operandst digit_constraints;
-    exprt sum=if_exprt(
-      starts_with_digit,
-      typecast_exprt(minus_exprt(res[0], zero_char), type),
-      from_integer(0, type));
+    exprt sum=get_numeric_value_from_character(res[0], char_type, type);
 
     for(size_t j=1; j<size; j++)
     {
-      mult_exprt ten_sum(sum, ten);
-      // sum = 10 * sum + (res[j] - '0')
+      mult_exprt radix_sum(sum, radix);
+      // new_sum = radix * sum + (numeric value of res[j])
       exprt new_sum=plus_exprt(
-        ten_sum, typecast_exprt(minus_exprt(res[j], zero_char), type));
-      and_exprt is_number(
-        binary_relation_exprt(res[j], ID_ge, zero_char),
-        binary_relation_exprt(res[j], ID_le, nine_char));
+        radix_sum, get_numeric_value_from_character(res[j], char_type, type));
+      exprt is_number=is_digit_with_radix_lower_case(res[j], radix_char_type);
       digit_constraints.push_back(is_number);
 
       // An overflow can happen when reaching the last index of a string of
       // maximal size which is `max_size` for negative numbers and
-      // `max_size - 1` for positive numbers because of the abscence of a `-`
+      // `max_size - 1` for positive numbers because of the absence of a `-`
       // sign.
-      if(j>=max_size-2)
-      {
+//      if(j>=max_size-2)
+//      {
         // check for overflows if the size is big
         and_exprt no_overflow(
-          equal_exprt(sum, div_exprt(ten_sum, ten)),
-          binary_relation_exprt(new_sum, ID_ge, ten_sum));
+          equal_exprt(sum, div_exprt(radix_sum, radix)),
+          binary_relation_exprt(new_sum, ID_ge, radix_sum));
         digit_constraints.push_back(no_overflow);
-      }
+//      }
       sum=new_sum;
     }
 
@@ -202,12 +213,12 @@ string_exprt string_constraint_generatort::add_axioms_from_int(
     axioms.push_back(a5);
 
     implies_exprt a6(
-      and_exprt(premise, starts_with_digit), equal_exprt(i, sum));
+      and_exprt(premise, starts_with_digit), equal_exprt(x, sum));
     axioms.push_back(a6);
 
     implies_exprt a7(
       and_exprt(premise, starts_with_minus),
-      equal_exprt(i, unary_minus_exprt(sum)));
+      equal_exprt(x, unary_minus_exprt(sum)));
     axioms.push_back(a7);
   }
 
@@ -512,10 +523,7 @@ exprt string_constraint_generatort::add_axioms_for_parse_int(
   const string_exprt str=get_string_expr(f.arguments()[0]);
   const typet &type=f.type();
   PRECONDITION(type.id()==ID_signedbv);
-  const exprt radix=
-    f.arguments().size()==1?
-      static_cast<exprt>(from_integer(10, type)):
-      static_cast<exprt>(typecast_exprt(f.arguments()[1], type));
+  const exprt radix=get_radix_from_optional_second_argument(f, type);
 
   const symbol_exprt x=fresh_symbol("abs_parsed_int", type);
   const refined_string_typet &ref_type=to_refined_string_type(str.type());
@@ -576,6 +584,40 @@ exprt is_digit_with_radix(exprt chr, exprt radix_char_type)
     is_digit_when_radix_gt_10);
 }
 
+/// Check if a character is a digit with respect to the given radix, e.g. if the
+/// radix is 10 then check if the character is in the range 0-9. For bases above
+/// 10 only lower case letters are allowed, not upper case.
+/// \param chr: the character
+/// \param radix:  the radix
+/// \return an expression for the condition
+exprt is_digit_with_radix_lower_case(exprt chr, exprt radix_char_type)
+{
+  const typet &char_type=chr.type();
+  exprt zero_char=from_integer('0', char_type);
+  exprt nine_char=from_integer('9', char_type);
+  exprt a_char=from_integer('a', char_type);
+  constant_exprt ten_char_type=from_integer(10, char_type);
+
+  and_exprt is_digit_when_radix_le_10(
+    binary_relation_exprt(chr, ID_ge, zero_char),
+    binary_relation_exprt(chr, ID_lt, plus_exprt(zero_char, radix_char_type)));
+
+  minus_exprt radix_minus_ten(radix_char_type, ten_char_type);
+
+  or_exprt is_digit_when_radix_gt_10(
+    and_exprt(
+      binary_relation_exprt(chr, ID_ge, zero_char),
+      binary_relation_exprt(chr, ID_le, nine_char)),
+    and_exprt(
+      binary_relation_exprt(chr, ID_ge, a_char),
+      binary_relation_exprt(chr, ID_lt, plus_exprt(a_char, radix_minus_ten))));
+
+  return if_exprt(
+    binary_relation_exprt(radix_char_type, ID_le, ten_char_type),
+    is_digit_when_radix_le_10,
+    is_digit_when_radix_gt_10);
+}
+
 /// Get the numeric value of a character, assuming that the radix is large
 /// enough. '+' and '-' yield 0.
 /// \param chr: the character to get the numeric value of
diff --git a/unit/Makefile b/unit/Makefile
index d16a907186e..b6318f40e41 100644
--- a/unit/Makefile
+++ b/unit/Makefile
@@ -14,6 +14,7 @@ SRC += unit_tests.cpp \
        analyses/does_remove_const/is_type_at_least_as_const_as.cpp \
        java_bytecode/java_bytecode_convert_class/convert_abstract_class.cpp \
        solvers/refinement/string_constraint_generator_valueof/is_digit_with_radix.cpp \
+      solvers/refinement/string_constraint_generator_valueof/is_digit_with_radix_lower_case.cpp \
        solvers/refinement/string_constraint_generator_valueof/get_numeric_value_from_character.cpp \
        catch_example.cpp \
        # Empty last line
diff --git a/unit/solvers/refinement/string_constraint_generator_valueof/is_digit_with_radix.cpp b/unit/solvers/refinement/string_constraint_generator_valueof/is_digit_with_radix.cpp
index 31ca819a600..1043c77f4a0 100644
--- a/unit/solvers/refinement/string_constraint_generator_valueof/is_digit_with_radix.cpp
+++ b/unit/solvers/refinement/string_constraint_generator_valueof/is_digit_with_radix.cpp
@@ -24,32 +24,32 @@ SCENARIO("is_digit_with_radix",
 
   WHEN("Radix 10")
   {
-    const constant_exprt radix_expr=from_integer(10, char_type);
+    const constant_exprt radix=from_integer(10, char_type);
     REQUIRE(true_exprt()==simplify_expr(
-      is_digit_with_radix(from_integer('0', char_type), radix_expr), ns));
+      is_digit_with_radix(from_integer('0', char_type), radix), ns));
     REQUIRE(true_exprt()==simplify_expr(
-      is_digit_with_radix(from_integer('9', char_type), radix_expr), ns));
+      is_digit_with_radix(from_integer('9', char_type), radix), ns));
     REQUIRE(false_exprt()==simplify_expr(
-      is_digit_with_radix(from_integer('a', char_type), radix_expr), ns));
+      is_digit_with_radix(from_integer('a', char_type), radix), ns));
   }
   WHEN("Radix 8")
   {
-    const constant_exprt radix_expr=from_integer(8, char_type);
+    const constant_exprt radix=from_integer(8, char_type);
     REQUIRE(true_exprt()==simplify_expr(
-      is_digit_with_radix(from_integer('7', char_type), radix_expr), ns));
+      is_digit_with_radix(from_integer('7', char_type), radix), ns));
     REQUIRE(false_exprt()==simplify_expr(
-      is_digit_with_radix(from_integer('8', char_type), radix_expr), ns));
+      is_digit_with_radix(from_integer('8', char_type), radix), ns));
   }
   WHEN("Radix 16")
   {
-    const constant_exprt radix_expr=from_integer(16, char_type);
+    const constant_exprt radix=from_integer(16, char_type);
     REQUIRE(true_exprt()==simplify_expr(
-      is_digit_with_radix(from_integer('a', char_type), radix_expr), ns));
+      is_digit_with_radix(from_integer('a', char_type), radix), ns));
     REQUIRE(true_exprt()==simplify_expr(
-      is_digit_with_radix(from_integer('A', char_type), radix_expr), ns));
+      is_digit_with_radix(from_integer('A', char_type), radix), ns));
     REQUIRE(true_exprt()==simplify_expr(
-      is_digit_with_radix(from_integer('f', char_type), radix_expr), ns));
+      is_digit_with_radix(from_integer('f', char_type), radix), ns));
     REQUIRE(false_exprt()==simplify_expr(
-      is_digit_with_radix(from_integer('g', char_type), radix_expr), ns));
+      is_digit_with_radix(from_integer('g', char_type), radix), ns));
   }
 }
diff --git a/unit/solvers/refinement/string_constraint_generator_valueof/is_digit_with_radix_lower_case.cpp b/unit/solvers/refinement/string_constraint_generator_valueof/is_digit_with_radix_lower_case.cpp
new file mode 100644
index 00000000000..6b463692822
--- /dev/null
+++ b/unit/solvers/refinement/string_constraint_generator_valueof/is_digit_with_radix_lower_case.cpp
@@ -0,0 +1,57 @@
+/*******************************************************************\
+
+ Module: Unit tests for is_digit_with_radix in
+   solvers/refinement/string_constraint_generator_valueof.cpp
+
+ Author: DiffBlue Limited. All rights reserved.
+
+\*******************************************************************/
+
+#include <catch.hpp>
+
+#include <solvers/refinement/string_constraint_generator.h>
+#include <util/namespace.h>
+#include <util/symbol_table.h>
+#include <util/simplify_expr.h>
+#include <util/std_types.h>
+
+SCENARIO("is_digit_with_radix_strict",
+  "[core][solvers][refinement][string_constraint_generator_valueof]")
+{
+  const typet char_type=unsignedbv_typet(16);
+  symbol_tablet symtab;
+  const namespacet ns(symtab);
+
+  WHEN("Radix 10")
+  {
+    const constant_exprt radix=from_integer(10, char_type);
+    REQUIRE(true_exprt()==simplify_expr(
+      is_digit_with_radix_lower_case(from_integer('0', char_type), radix), ns));
+    REQUIRE(true_exprt()==simplify_expr(
+      is_digit_with_radix_lower_case(from_integer('9', char_type), radix), ns));
+    REQUIRE(false_exprt()==simplify_expr(
+      is_digit_with_radix(from_integer('a', char_type), radix), ns));
+  }
+  WHEN("Radix 8")
+  {
+    const constant_exprt radix=from_integer(8, char_type);
+    REQUIRE(true_exprt()==simplify_expr(
+      is_digit_with_radix_lower_case(from_integer('7', char_type), radix), ns));
+    REQUIRE(false_exprt()==simplify_expr(
+      is_digit_with_radix_lower_case(from_integer('8', char_type), radix), ns));
+  }
+  WHEN("Radix 16")
+  {
+    const constant_exprt radix=from_integer(16, char_type);
+    REQUIRE(true_exprt()==simplify_expr(
+      is_digit_with_radix_lower_case(from_integer('5', char_type), radix), ns));
+    REQUIRE(true_exprt()==simplify_expr(
+      is_digit_with_radix_lower_case(from_integer('a', char_type), radix), ns));
+    REQUIRE(false_exprt()==simplify_expr(
+      is_digit_with_radix_lower_case(from_integer('A', char_type), radix), ns));
+    REQUIRE(true_exprt()==simplify_expr(
+      is_digit_with_radix_lower_case(from_integer('f', char_type), radix), ns));
+    REQUIRE(false_exprt()==simplify_expr(
+      is_digit_with_radix_lower_case(from_integer('g', char_type), radix), ns));
+  }
+}

From 4db3fbda0129c83eba1aca5f445f5e296c5eb48c Mon Sep 17 00:00:00 2001
From: Owen Jones <owen.jones@diffblue.com>
Date: Wed, 2 Aug 2017 09:53:22 +0100
Subject: [PATCH 507/699] Calculate max string length for speed

Most of the time we know the radix, so we can use the appropriate value for how
long the string could possibly be. add_axioms_from_int() now has a version with
a specified max_string_length, and a version without, in which it is
calculated and then the first version is called.

This allows us to turn on all of the tests except the binary ones.
---
 .../java_int_to_string/test1.desc             |   2 +-
 .../java_int_to_string/test2.desc             |   2 +-
 .../java_int_to_string/test3.desc             |   2 +-
 .../java_int_to_string/test4.desc             |   2 +-
 .../java_int_to_string/test5.desc             |   2 +-
 .../test_binary1.desc                         |   2 +-
 .../test_binary2.desc                         |   2 +-
 .../test_binary3.desc                         |   2 +-
 .../refinement/string_constraint_generator.h  |  16 +-
 .../string_constraint_generator_concat.cpp    |   6 +-
 .../string_constraint_generator_float.cpp     |   8 +-
 .../string_constraint_generator_insert.cpp    |   6 +-
 .../string_constraint_generator_valueof.cpp   | 215 +++++++++++++-----
 unit/Makefile                                 |   5 +-
 .../calculate_max_string_length.cpp           | 136 +++++++++++
 15 files changed, 326 insertions(+), 82 deletions(-)
 create mode 100644 unit/solvers/refinement/string_constraint_generator_valueof/calculate_max_string_length.cpp

diff --git a/regression/strings-smoke-tests/java_int_to_string/test1.desc b/regression/strings-smoke-tests/java_int_to_string/test1.desc
index a2310910fe8..46556544066 100644
--- a/regression/strings-smoke-tests/java_int_to_string/test1.desc
+++ b/regression/strings-smoke-tests/java_int_to_string/test1.desc
@@ -1,4 +1,4 @@
-THOROUGH
+CORE
 Test1.class
 --refine-strings
 ^EXIT=10$
diff --git a/regression/strings-smoke-tests/java_int_to_string/test2.desc b/regression/strings-smoke-tests/java_int_to_string/test2.desc
index 84de6312d9b..11849c1c6fe 100644
--- a/regression/strings-smoke-tests/java_int_to_string/test2.desc
+++ b/regression/strings-smoke-tests/java_int_to_string/test2.desc
@@ -1,4 +1,4 @@
-THOROUGH
+CORE
 Test2.class
 --refine-strings
 ^EXIT=10$
diff --git a/regression/strings-smoke-tests/java_int_to_string/test3.desc b/regression/strings-smoke-tests/java_int_to_string/test3.desc
index ec1b558b9b0..1e2b8bc0835 100644
--- a/regression/strings-smoke-tests/java_int_to_string/test3.desc
+++ b/regression/strings-smoke-tests/java_int_to_string/test3.desc
@@ -1,4 +1,4 @@
-THOROUGH
+CORE
 Test3.class
 --refine-strings
 ^EXIT=10$
diff --git a/regression/strings-smoke-tests/java_int_to_string/test4.desc b/regression/strings-smoke-tests/java_int_to_string/test4.desc
index cdc0f39f580..0a71ba2ebe7 100644
--- a/regression/strings-smoke-tests/java_int_to_string/test4.desc
+++ b/regression/strings-smoke-tests/java_int_to_string/test4.desc
@@ -1,4 +1,4 @@
-THOROUGH
+CORE
 Test4.class
 --refine-strings
 ^EXIT=10$
diff --git a/regression/strings-smoke-tests/java_int_to_string/test5.desc b/regression/strings-smoke-tests/java_int_to_string/test5.desc
index 0ca2c04a3bf..66f3314b992 100644
--- a/regression/strings-smoke-tests/java_int_to_string/test5.desc
+++ b/regression/strings-smoke-tests/java_int_to_string/test5.desc
@@ -1,4 +1,4 @@
-THOROUGH
+CORE
 Test5.class
 --refine-strings
 ^EXIT=10$
diff --git a/regression/strings-smoke-tests/java_int_to_string_with_radix/test_binary1.desc b/regression/strings-smoke-tests/java_int_to_string_with_radix/test_binary1.desc
index f43c4f2eab0..8479fdfd130 100644
--- a/regression/strings-smoke-tests/java_int_to_string_with_radix/test_binary1.desc
+++ b/regression/strings-smoke-tests/java_int_to_string_with_radix/test_binary1.desc
@@ -1,4 +1,4 @@
-CORE
+THOROUGH
 Test_binary1.class
 --refine-strings
 ^EXIT=10$
diff --git a/regression/strings-smoke-tests/java_int_to_string_with_radix/test_binary2.desc b/regression/strings-smoke-tests/java_int_to_string_with_radix/test_binary2.desc
index 0613a4de16e..0b263f5778b 100644
--- a/regression/strings-smoke-tests/java_int_to_string_with_radix/test_binary2.desc
+++ b/regression/strings-smoke-tests/java_int_to_string_with_radix/test_binary2.desc
@@ -1,4 +1,4 @@
-CORE
+THOROUGH
 Test_binary2.class
 --refine-strings
 ^EXIT=10$
diff --git a/regression/strings-smoke-tests/java_int_to_string_with_radix/test_binary3.desc b/regression/strings-smoke-tests/java_int_to_string_with_radix/test_binary3.desc
index 3473672d547..d69070b02b7 100644
--- a/regression/strings-smoke-tests/java_int_to_string_with_radix/test_binary3.desc
+++ b/regression/strings-smoke-tests/java_int_to_string_with_radix/test_binary3.desc
@@ -1,4 +1,4 @@
-CORE
+THOROUGH
 Test_binary3.class
 --refine-strings
 ^EXIT=10$
diff --git a/src/solvers/refinement/string_constraint_generator.h b/src/solvers/refinement/string_constraint_generator.h
index ece5f83246e..17fdd735614 100644
--- a/src/solvers/refinement/string_constraint_generator.h
+++ b/src/solvers/refinement/string_constraint_generator.h
@@ -205,8 +205,12 @@ class string_constraint_generatort: messaget
   string_exprt add_axioms_from_int(
     const exprt &x,
     const exprt radix,
-    size_t max_size,
     const refined_string_typet &ref_type);
+  string_exprt add_axioms_from_int(
+    const exprt &x,
+    const exprt radix,
+    const refined_string_typet &ref_type,
+    size_t max_size);
   string_exprt add_axioms_from_int_hex(
     const exprt &i, const refined_string_typet &ref_type);
   string_exprt add_axioms_from_int_hex(const function_application_exprt &f);
@@ -362,9 +366,15 @@ class string_constraint_generatort: messaget
 };
 
 exprt is_digit_with_radix(exprt chr, exprt radix);
-exprt is_digit_with_radix_lower_case(exprt chr, exprt radix);
+exprt is_digit_with_radix_lower_case(
+  exprt chr, exprt radix_char_type, unsigned long radix=36ul);
 exprt get_numeric_value_from_character(
-  const exprt &chr, const typet &char_type, const typet &type);
+  const exprt &chr,
+  const typet &char_type,
+  const typet &type,
+  unsigned long radix=36ul);
+size_t calculate_max_string_length(const typet &type, const double radix);
+unsigned long try_to_evaluate_expr_as_ul(const exprt &expr, unsigned long def);
 std::string utf16_constant_array_to_ascii(
   const array_exprt &arr, unsigned length);
 
diff --git a/src/solvers/refinement/string_constraint_generator_concat.cpp b/src/solvers/refinement/string_constraint_generator_concat.cpp
index 40e941453fe..aab0d43dc3a 100644
--- a/src/solvers/refinement/string_constraint_generator_concat.cpp
+++ b/src/solvers/refinement/string_constraint_generator_concat.cpp
@@ -112,8 +112,7 @@ string_exprt string_constraint_generatort::add_axioms_for_concat_int(
   const refined_string_typet &ref_type=to_refined_string_type(f.type());
   string_exprt s1=get_string_expr(args(f, 2)[0]);
   const exprt &x=args(f, 2)[1];
-  string_exprt s2=add_axioms_from_int(
-    x, from_integer(10, x.type()), MAX_INTEGER_LENGTH, ref_type);
+  string_exprt s2=add_axioms_from_int(x, from_integer(10, x.type()), ref_type);
   return add_axioms_for_concat(s1, s2);
 }
 
@@ -127,8 +126,7 @@ string_exprt string_constraint_generatort::add_axioms_for_concat_long(
   const refined_string_typet &ref_type=to_refined_string_type(f.type());
   string_exprt s1=get_string_expr(args(f, 2)[0]);
   const exprt &x=args(f, 2)[1];
-  string_exprt s2=add_axioms_from_int(
-    x, from_integer(10, x.type()), MAX_LONG_LENGTH, ref_type);
+  string_exprt s2=add_axioms_from_int(x, from_integer(10, x.type()), ref_type);
   return add_axioms_for_concat(s1, s2);
 }
 
diff --git a/src/solvers/refinement/string_constraint_generator_float.cpp b/src/solvers/refinement/string_constraint_generator_float.cpp
index 82986a02b4a..c454ed04a8f 100644
--- a/src/solvers/refinement/string_constraint_generator_float.cpp
+++ b/src/solvers/refinement/string_constraint_generator_float.cpp
@@ -202,7 +202,7 @@ string_exprt string_constraint_generatort::add_axioms_for_string_of_float(
   // We should not need more than 8 characters to represent the integer
   // part of the float.
   string_exprt integer_part_str=add_axioms_from_int(
-    integer_part, from_integer(10, integer_part.type()), 8, ref_type);
+    integer_part, from_integer(10, integer_part.type()), ref_type, 8);
 
   return add_axioms_for_concat(integer_part_str, fractional_part_str);
 }
@@ -411,8 +411,8 @@ string_exprt string_constraint_generatort::
     add_axioms_from_int(
       dec_significand_int,
       from_integer(10, dec_significand_int.type()),
-      3,
-      ref_type);
+      ref_type,
+      3);
   minus_exprt fractional_part(
     dec_significand, floatbv_of_int_expr(dec_significand_int, float_spec));
 
@@ -443,7 +443,7 @@ string_exprt string_constraint_generatort::
 
   // exponent_string = string_of_int(decimal_exponent)
   string_exprt exponent_string=add_axioms_from_int(
-    decimal_exponent, from_integer(10, decimal_exponent.type()), 3, ref_type);
+    decimal_exponent, from_integer(10, decimal_exponent.type()), ref_type, 3);
 
   // string_expr = concat(string_expr_with_E, exponent_string)
   return add_axioms_for_concat(string_expr_with_E, exponent_string);
diff --git a/src/solvers/refinement/string_constraint_generator_insert.cpp b/src/solvers/refinement/string_constraint_generator_insert.cpp
index f3aa16f5cda..67a1b4bd14f 100644
--- a/src/solvers/refinement/string_constraint_generator_insert.cpp
+++ b/src/solvers/refinement/string_constraint_generator_insert.cpp
@@ -67,8 +67,7 @@ string_exprt string_constraint_generatort::add_axioms_for_insert_int(
   const refined_string_typet &ref_type=to_refined_string_type(f.type());
   string_exprt s1=get_string_expr(args(f, 3)[0]);
   const exprt &x=args(f, 3)[2];
-  string_exprt s2=add_axioms_from_int(
-    x, from_integer(10, x.type()), MAX_INTEGER_LENGTH, ref_type);
+  string_exprt s2=add_axioms_from_int(x, from_integer(10, x.type()), ref_type);
   return add_axioms_for_insert(s1, s2, args(f, 3)[1]);
 }
 
@@ -83,8 +82,7 @@ string_exprt string_constraint_generatort::add_axioms_for_insert_long(
   const refined_string_typet &ref_type=to_refined_string_type(f.type());
   string_exprt s1=get_string_expr(args(f, 3)[0]);
   const exprt &x=args(f, 3)[2];
-  string_exprt s2=add_axioms_from_int(
-    x, from_integer(10, x.type()), MAX_LONG_LENGTH, ref_type);
+  string_exprt s2=add_axioms_from_int(x, from_integer(10, x.type()), ref_type);
   return add_axioms_for_insert(s1, s2, args(f, 3)[1]);
 }
 
diff --git a/src/solvers/refinement/string_constraint_generator_valueof.cpp b/src/solvers/refinement/string_constraint_generator_valueof.cpp
index fada129695b..6b840945825 100644
--- a/src/solvers/refinement/string_constraint_generator_valueof.cpp
+++ b/src/solvers/refinement/string_constraint_generator_valueof.cpp
@@ -13,6 +13,9 @@ Author: Romain Brenguier, romain.brenguier@diffblue.com
 
 #include <solvers/refinement/string_refinement_invariant.h>
 #include <solvers/refinement/string_constraint_generator.h>
+#include <util/simplify_expr.h>
+
+#include <cmath>
 
 #include <solvers/floatbv/float_bv.h>
 
@@ -34,7 +37,7 @@ string_exprt string_constraint_generatort::add_axioms_from_int(
   PRECONDITION(expr.arguments().size()>=1);
   const exprt &x=expr.arguments()[0];
   const exprt radix=get_radix_from_optional_second_argument(expr, x.type());
-  return add_axioms_from_int(x, radix, MAX_INTEGER_LENGTH, ref_type);
+  return add_axioms_from_int(x, radix, ref_type);
 }
 
 /// Add axioms corresponding to the String.valueOf(J) java function.
@@ -47,7 +50,7 @@ string_exprt string_constraint_generatort::add_axioms_from_long(
   PRECONDITION(expr.arguments().size()>=1);
   const exprt &x=expr.arguments()[0];
   const exprt radix=get_radix_from_optional_second_argument(expr, x.type());
-  return add_axioms_from_int(x, radix, MAX_INTEGER_LENGTH, ref_type);
+  return add_axioms_from_int(x, radix, ref_type);
 }
 
 /// Add axioms corresponding to the String.valueOf(Z) java function.
@@ -117,10 +120,29 @@ string_exprt string_constraint_generatort::add_axioms_from_bool(
 string_exprt string_constraint_generatort::add_axioms_from_int(
   const exprt &x,
   const exprt radix,
-  size_t max_size,
   const refined_string_typet &ref_type)
 {
-  max_size=33;
+  /// If we cannot tell what the radix is then so we assume it is 2 to make sure
+  /// max_size will definitely be large enough
+  double radix_d=static_cast<double>(try_to_evaluate_expr_as_ul(radix, 2ul));
+  size_t max_size=calculate_max_string_length(x.type(), radix_d);
+
+  return add_axioms_from_int(x, radix, ref_type, max_size);
+}
+
+/// Add axioms enforcing that the string corresponds to the result
+/// of String.valueOf(I) or String.valueOf(J) Java functions applied
+/// on the integer expression.
+/// \param x: a signed integer expression
+/// \param max_size: a maximal size for the string representation
+/// \param ref_type: type for refined strings
+/// \return a string expression
+string_exprt string_constraint_generatort::add_axioms_from_int(
+  const exprt &x,
+  const exprt radix,
+  const refined_string_typet &ref_type,
+  size_t max_size)
+{
   PRECONDITION(x.type().id()==ID_signedbv);
   PRECONDITION(max_size<std::numeric_limits<size_t>::max());
   string_exprt res=fresh_string(ref_type);
@@ -131,6 +153,7 @@ string_exprt string_constraint_generatort::add_axioms_from_int(
   exprt radix_char_type=typecast_exprt(radix, char_type);
   exprt minus_char=constant_char('-', char_type);
   exprt max=from_integer(max_size, index_type);
+  unsigned long radix_ul=try_to_evaluate_expr_as_ul(radix, 36ul);
 
   // We add axioms:
   // a1 : x < 0 => 1 <|res|<=max_size && res[0]='-'
@@ -147,7 +170,8 @@ string_exprt string_constraint_generatort::add_axioms_from_int(
   axioms.push_back(a1);
 
   not_exprt is_positive(is_negative);
-  exprt starts_with_digit=is_digit_with_radix_lower_case(res[0], radix_char_type);
+  exprt starts_with_digit=
+    is_digit_with_radix_lower_case(res[0], radix_char_type, radix_ul);
   and_exprt correct_length2(
     res.axiom_for_is_strictly_longer_than(0),
     res.axiom_for_is_strictly_shorter_than(max));
@@ -182,15 +206,18 @@ string_exprt string_constraint_generatort::add_axioms_from_int(
     // a7 : |res| == size && res[0] == '-' => x == -sum
 
     exprt::operandst digit_constraints;
-    exprt sum=get_numeric_value_from_character(res[0], char_type, type);
+    exprt sum=
+      get_numeric_value_from_character(res[0], char_type, type, radix_ul);
 
     for(size_t j=1; j<size; j++)
     {
       mult_exprt radix_sum(sum, radix);
       // new_sum = radix * sum + (numeric value of res[j])
       exprt new_sum=plus_exprt(
-        radix_sum, get_numeric_value_from_character(res[j], char_type, type));
-      exprt is_number=is_digit_with_radix_lower_case(res[j], radix_char_type);
+        radix_sum,
+        get_numeric_value_from_character(res[j], char_type, type, radix_ul));
+      exprt is_number=
+        is_digit_with_radix_lower_case(res[j], radix_char_type, radix_ul);
       digit_constraints.push_back(is_number);
 
       // An overflow can happen when reaching the last index of a string of
@@ -554,20 +581,20 @@ exprt string_constraint_generatort::add_axioms_for_parse_int(
 exprt is_digit_with_radix(exprt chr, exprt radix_char_type)
 {
   const typet &char_type=chr.type();
-  exprt zero_char=from_integer('0', char_type);
-  exprt nine_char=from_integer('9', char_type);
-  exprt a_char=from_integer('a', char_type);
-  exprt A_char=from_integer('A', char_type);
-  constant_exprt ten_char_type=from_integer(10, char_type);
+  const exprt zero_char=from_integer('0', char_type);
+  const exprt nine_char=from_integer('9', char_type);
+  const exprt a_char=from_integer('a', char_type);
+  const exprt A_char=from_integer('A', char_type);
+  const constant_exprt ten_char_type=from_integer(10, char_type);
 
-  and_exprt is_digit_when_radix_le_10(
+  const and_exprt is_digit_when_radix_le_10(
     binary_relation_exprt(chr, ID_ge, zero_char),
     binary_relation_exprt(
       chr, ID_lt, plus_exprt(zero_char, radix_char_type)));
 
-  minus_exprt radix_minus_ten(radix_char_type, ten_char_type);
+  const minus_exprt radix_minus_ten(radix_char_type, ten_char_type);
 
-  or_exprt is_digit_when_radix_gt_10(
+  const or_exprt is_digit_when_radix_gt_10(
     and_exprt(
       binary_relation_exprt(chr, ID_ge, zero_char),
       binary_relation_exprt(chr, ID_le, nine_char)),
@@ -588,34 +615,43 @@ exprt is_digit_with_radix(exprt chr, exprt radix_char_type)
 /// radix is 10 then check if the character is in the range 0-9. For bases above
 /// 10 only lower case letters are allowed, not upper case.
 /// \param chr: the character
-/// \param radix:  the radix
+/// \param radix_char_type:  the radix as an expression of the same type as chr
+/// \param radix: the radix, which should be between 2 and 36 (default 36)
 /// \return an expression for the condition
-exprt is_digit_with_radix_lower_case(exprt chr, exprt radix_char_type)
+exprt is_digit_with_radix_lower_case(
+  exprt chr, exprt radix_char_type, unsigned long radix)
 {
   const typet &char_type=chr.type();
-  exprt zero_char=from_integer('0', char_type);
-  exprt nine_char=from_integer('9', char_type);
-  exprt a_char=from_integer('a', char_type);
-  constant_exprt ten_char_type=from_integer(10, char_type);
+  const exprt zero_char=from_integer('0', char_type);
+  const exprt nine_char=from_integer('9', char_type);
+  const exprt a_char=from_integer('a', char_type);
+  const constant_exprt ten_char_type=from_integer(10, char_type);
 
-  and_exprt is_digit_when_radix_le_10(
+  const and_exprt is_digit_when_radix_le_10(
     binary_relation_exprt(chr, ID_ge, zero_char),
     binary_relation_exprt(chr, ID_lt, plus_exprt(zero_char, radix_char_type)));
 
-  minus_exprt radix_minus_ten(radix_char_type, ten_char_type);
+  if(radix<=10)
+  {
+    return is_digit_when_radix_le_10;
+  }
+  else
+  {
+    const minus_exprt radix_minus_ten(radix_char_type, ten_char_type);
 
-  or_exprt is_digit_when_radix_gt_10(
-    and_exprt(
-      binary_relation_exprt(chr, ID_ge, zero_char),
-      binary_relation_exprt(chr, ID_le, nine_char)),
-    and_exprt(
-      binary_relation_exprt(chr, ID_ge, a_char),
-      binary_relation_exprt(chr, ID_lt, plus_exprt(a_char, radix_minus_ten))));
+    const or_exprt is_digit_when_radix_gt_10(
+      and_exprt(
+        binary_relation_exprt(chr, ID_ge, zero_char),
+        binary_relation_exprt(chr, ID_le, nine_char)),
+        and_exprt(
+          binary_relation_exprt(chr, ID_ge, a_char),
+          binary_relation_exprt(chr, ID_lt, plus_exprt(a_char, radix_minus_ten))));
 
-  return if_exprt(
-    binary_relation_exprt(radix_char_type, ID_le, ten_char_type),
-    is_digit_when_radix_le_10,
-    is_digit_when_radix_gt_10);
+    return if_exprt(
+      binary_relation_exprt(radix_char_type, ID_le, ten_char_type),
+      is_digit_when_radix_le_10,
+      is_digit_when_radix_gt_10);
+  }
 }
 
 /// Get the numeric value of a character, assuming that the radix is large
@@ -623,35 +659,100 @@ exprt is_digit_with_radix_lower_case(exprt chr, exprt radix_char_type)
 /// \param chr: the character to get the numeric value of
 /// \param char_type: the type to use for characters
 /// \param type: the type to use for the return value
+/// \param radix: the radix, which should be between 2 and 36 (default 36)
 /// \return an integer expression of the given type with the numeric value of
 ///   the char
 exprt get_numeric_value_from_character(
-  const exprt &chr, const typet &char_type, const typet &type)
+  const exprt &chr,
+  const typet &char_type,
+  const typet &type,
+  unsigned long radix)
 {
-  constant_exprt zero_char=from_integer('0', char_type);
-  constant_exprt a_char=from_integer('a', char_type);
-  constant_exprt A_char=from_integer('A', char_type);
-  constant_exprt ten_int=from_integer(10, char_type);
+  const constant_exprt zero_char=from_integer('0', char_type);
+  const constant_exprt ten_int=from_integer(10, char_type);
+  const constant_exprt a_char=from_integer('a', char_type);
+  const constant_exprt A_char=from_integer('A', char_type);
 
   /// There are four cases, which occur in ASCII in the following order:
   /// '+' and '-', digits, upper case letters, lower case letters
-  binary_relation_exprt lower_case(chr, ID_ge, a_char);
-  binary_relation_exprt upper_case_or_lower_case(chr, ID_ge, A_char);
-  binary_relation_exprt upper_case_lower_case_or_digit(chr, ID_ge, zero_char);
-
-  /// return char >= 'a' ? (char - 'a' + 10) :
-  ///   char >= 'A' ? (char - 'A' + 10) :
-  ///     char >= '0' ? (char - '0') : 0
-  return typecast_exprt(
-    if_exprt(
-      lower_case,
-      plus_exprt(minus_exprt(chr, a_char), ten_int),
+  const binary_relation_exprt upper_case_lower_case_or_digit(
+    chr, ID_ge, zero_char);
+
+  if(radix<=10)
+  {
+    /// return char >= '0' ? (char - '0') : 0
+    return typecast_exprt(
       if_exprt(
-        upper_case_or_lower_case,
-        plus_exprt(minus_exprt(chr, A_char), ten_int),
+        upper_case_lower_case_or_digit,
+        minus_exprt(chr, zero_char),
+        from_integer(0, char_type)),
+      type);
+  }
+  else
+  {
+    const binary_relation_exprt lower_case(chr, ID_ge, a_char);
+    const binary_relation_exprt upper_case_or_lower_case(chr, ID_ge, A_char);
+    /// return char >= 'a' ? (char - 'a' + 10) :
+    ///   char >= 'A' ? (char - 'A' + 10) :
+    ///     char >= '0' ? (char - '0') : 0
+    return typecast_exprt(
+      if_exprt(
+        lower_case,
+        plus_exprt(minus_exprt(chr, a_char), ten_int),
         if_exprt(
-          upper_case_lower_case_or_digit,
-          minus_exprt(chr, zero_char),
-          from_integer(0, char_type)))),
-    type);
+          upper_case_or_lower_case,
+          plus_exprt(minus_exprt(chr, A_char), ten_int),
+          if_exprt(
+            upper_case_lower_case_or_digit,
+            minus_exprt(chr, zero_char),
+            from_integer(0, char_type)))),
+      type);
+  }
+}
+
+/// Calculate the string length needed to represent any value of the given type
+/// using the given radix
+/// \param type: the type that we are considering values of
+/// \param radix: the radix we are using, as a double
+/// \return the maximum string length
+size_t calculate_max_string_length(const typet &type, double radix)
+{
+  double n_bits=static_cast<double>(to_bitvector_type(type).get_width());
+
+  /// If the type is signed then the maximum absolute value that needs to be
+  /// representable is one bit smaller
+  bool signed_type=type.id()==ID_signedbv;
+  /// Let m be the minimal number of characters needed.
+  /// For signed types, the longest string will be for -2^(n-1), so
+  ///   m = 1 + min{k: 2^(n-1) < r^k}
+  ///     = 1 + min{k: n-1 < k log_2(r)}
+  ///     = 1 + min{k: k > (n-1) / log_2(r)}
+  ///     = 1 + min{k: k > floor((n-1) / log_2(r))}
+  ///     = 1 + (1 + floor((n-1) / log_2(r)))
+  ///     = 2 + floor((n-1) / log_2(r))
+  /// For unsigned types, the longest string will be for (2^n)-1, so
+  ///   m = min{k: (2^n)-1 < r^k}
+  ///     = min{k: 2^n <= r^k}
+  ///     = min{k: n <= k log_2(r)}
+  ///     = min{k: k >= n / log_2(r)}
+  ///     = min{k: k >= ceil(n / log_2(r))}
+  ///     = ceil(n / log_2(r))
+  double max_string_length=signed_type?
+    floor(static_cast<double>(n_bits-1)/log2(radix))+2.0:
+    ceil(static_cast<double>(n_bits)/log2(radix));
+  return static_cast<size_t>(max_string_length);
+}
+
+/// If the expression is a constant expression then we get the value of it as
+/// an unsigned long. If not we return a default value.
+/// \param expr: input expression
+/// \param def: default value to return if we cannot evaluate expr
+/// \return the output as an unsigned long
+unsigned long try_to_evaluate_expr_as_ul(const exprt &expr, unsigned long def)
+{
+  symbol_tablet symtab;
+  const namespacet ns(symtab);
+  mp_integer mp_radix;
+  bool to_integer_failed=to_integer(simplify_expr(expr, ns), mp_radix);
+  return to_integer_failed?def:integer2ulong(mp_radix);
 }
diff --git a/unit/Makefile b/unit/Makefile
index b6318f40e41..672cb13650f 100644
--- a/unit/Makefile
+++ b/unit/Makefile
@@ -13,9 +13,10 @@ SRC += unit_tests.cpp \
        analyses/does_remove_const/does_type_preserve_const_correctness.cpp \
        analyses/does_remove_const/is_type_at_least_as_const_as.cpp \
        java_bytecode/java_bytecode_convert_class/convert_abstract_class.cpp \
-       solvers/refinement/string_constraint_generator_valueof/is_digit_with_radix.cpp \
-      solvers/refinement/string_constraint_generator_valueof/is_digit_with_radix_lower_case.cpp \
+       solvers/refinement/string_constraint_generator_valueof/calculate_max_string_length.cpp \
        solvers/refinement/string_constraint_generator_valueof/get_numeric_value_from_character.cpp \
+       solvers/refinement/string_constraint_generator_valueof/is_digit_with_radix.cpp \
+       solvers/refinement/string_constraint_generator_valueof/is_digit_with_radix_lower_case.cpp \
        catch_example.cpp \
        # Empty last line
 
diff --git a/unit/solvers/refinement/string_constraint_generator_valueof/calculate_max_string_length.cpp b/unit/solvers/refinement/string_constraint_generator_valueof/calculate_max_string_length.cpp
new file mode 100644
index 00000000000..b07ea833e52
--- /dev/null
+++ b/unit/solvers/refinement/string_constraint_generator_valueof/calculate_max_string_length.cpp
@@ -0,0 +1,136 @@
+/*******************************************************************\
+
+ Module: Unit tests for calculate_max_string_length in
+   solvers/refinement/string_constraint_generator_valueof.cpp
+
+ Author: DiffBlue Limited. All rights reserved.
+
+\*******************************************************************/
+
+#include <catch.hpp>
+
+#include <solvers/refinement/string_constraint_generator.h>
+#include <util/std_types.h>
+
+
+size_t expected_length(const int radix, const typet &type)
+{
+  std::string longest("");
+  if(radix==2)
+  {
+    if(type==unsignedbv_typet(32))
+    {
+      longest="11111111111111111111111111111111";
+    }
+    else if(type==unsignedbv_typet(64))
+    {
+      longest=
+        "1111111111111111111111111111111111111111111111111111111111111111";
+    }
+    else if(type==signedbv_typet(32))
+    {
+      longest="-10000000000000000000000000000000";
+    }
+    else if(type==signedbv_typet(64))
+    {
+      longest=
+        "-1000000000000000000000000000000000000000000000000000000000000000";
+    }
+  }
+  else if(radix==8)
+  {
+    if(type==unsignedbv_typet(32))
+    {
+      longest="37777777777";
+    }
+    else if(type==unsignedbv_typet(64))
+    {
+      longest=
+        "1777777777777777777777";
+    }
+    else if(type==signedbv_typet(32))
+    {
+      longest="-20000000000";
+    }
+    else if(type==signedbv_typet(64))
+    {
+      longest=
+        "-1000000000000000000000";
+    }
+  }
+  else if(radix==10)
+  {
+    if(type==unsignedbv_typet(32))
+    {
+      longest="4294967295";
+    }
+    else if(type==unsignedbv_typet(64))
+    {
+      longest=
+        "18446744073709551615";
+    }
+    else if(type==signedbv_typet(32))
+    {
+      longest="-2147483648";
+    }
+    else if(type==signedbv_typet(64))
+    {
+      longest=
+        "-9223372036854775808";
+    }
+  }
+  else if(radix==16)
+  {
+    if(type==unsignedbv_typet(32))
+    {
+      longest="ffffffff";
+    }
+    else if(type==unsignedbv_typet(64))
+    {
+      longest=
+        "ffffffffffffffff";
+    }
+    else if(type==signedbv_typet(32))
+    {
+      longest="-80000000";
+    }
+    else if(type==signedbv_typet(64))
+    {
+      longest=
+        "-8000000000000000";
+    }
+  }
+
+  return longest.size();
+}
+
+SCENARIO("calculate_max_string_length",
+  "[core][solvers][refinement][string_constraint_generator_valueof]")
+{
+  const int radixes[]={2, 8, 10, 16};
+  const typet int_types[]={
+    signedbv_typet(32),
+    unsignedbv_typet(32),
+    signedbv_typet(64),
+    unsignedbv_typet(64)};
+
+  for(const int radix : radixes)
+  {
+    WHEN(std::string("radix = ")+std::to_string(radix))
+    {
+      for(const typet &type : int_types)
+      {
+        WHEN(std::string("type = ")+type.pretty())
+        {
+          double radix_d=static_cast<double>(radix);
+          size_t actual_value=calculate_max_string_length(type, radix_d);
+          size_t expected_value=expected_length(radix, type);
+          /// Due to floating point rounding errors, we sometime get one more
+          /// than the actual value, which is perfectly fine for our purposes
+          REQUIRE(expected_value<=actual_value);
+          REQUIRE(expected_value+1>=actual_value);
+        }
+      }
+    }
+  }
+}

From bcd5eb361625962482e0dcd4239c104116869b12 Mon Sep 17 00:00:00 2001
From: Owen Jones <owen.jones@diffblue.com>
Date: Tue, 1 Aug 2017 13:40:17 +0100
Subject: [PATCH 508/699] Only apply the overflow condition when needed

This speeds up the binary case a lot, and lets us turn all the tests on
---
 .../java_int_to_string_with_radix/test_binary1.desc   |  2 +-
 .../java_int_to_string_with_radix/test_binary2.desc   |  2 +-
 .../java_int_to_string_with_radix/test_binary3.desc   |  2 +-
 .../string_constraint_generator_valueof.cpp           | 11 +++++------
 4 files changed, 8 insertions(+), 9 deletions(-)

diff --git a/regression/strings-smoke-tests/java_int_to_string_with_radix/test_binary1.desc b/regression/strings-smoke-tests/java_int_to_string_with_radix/test_binary1.desc
index 8479fdfd130..f43c4f2eab0 100644
--- a/regression/strings-smoke-tests/java_int_to_string_with_radix/test_binary1.desc
+++ b/regression/strings-smoke-tests/java_int_to_string_with_radix/test_binary1.desc
@@ -1,4 +1,4 @@
-THOROUGH
+CORE
 Test_binary1.class
 --refine-strings
 ^EXIT=10$
diff --git a/regression/strings-smoke-tests/java_int_to_string_with_radix/test_binary2.desc b/regression/strings-smoke-tests/java_int_to_string_with_radix/test_binary2.desc
index 0b263f5778b..0613a4de16e 100644
--- a/regression/strings-smoke-tests/java_int_to_string_with_radix/test_binary2.desc
+++ b/regression/strings-smoke-tests/java_int_to_string_with_radix/test_binary2.desc
@@ -1,4 +1,4 @@
-THOROUGH
+CORE
 Test_binary2.class
 --refine-strings
 ^EXIT=10$
diff --git a/regression/strings-smoke-tests/java_int_to_string_with_radix/test_binary3.desc b/regression/strings-smoke-tests/java_int_to_string_with_radix/test_binary3.desc
index d69070b02b7..3473672d547 100644
--- a/regression/strings-smoke-tests/java_int_to_string_with_radix/test_binary3.desc
+++ b/regression/strings-smoke-tests/java_int_to_string_with_radix/test_binary3.desc
@@ -1,4 +1,4 @@
-THOROUGH
+CORE
 Test_binary3.class
 --refine-strings
 ^EXIT=10$
diff --git a/src/solvers/refinement/string_constraint_generator_valueof.cpp b/src/solvers/refinement/string_constraint_generator_valueof.cpp
index 6b840945825..65691e0668b 100644
--- a/src/solvers/refinement/string_constraint_generator_valueof.cpp
+++ b/src/solvers/refinement/string_constraint_generator_valueof.cpp
@@ -221,17 +221,16 @@ string_exprt string_constraint_generatort::add_axioms_from_int(
       digit_constraints.push_back(is_number);
 
       // An overflow can happen when reaching the last index of a string of
-      // maximal size which is `max_size` for negative numbers and
-      // `max_size - 1` for positive numbers because of the absence of a `-`
+      // maximal size which is `max_size-1` for negative numbers and
+      // `max_size - 2` for positive numbers because of the absence of a `-`
       // sign.
-//      if(j>=max_size-2)
-//      {
-        // check for overflows if the size is big
+      if(j>=max_size-2)
+      {
         and_exprt no_overflow(
           equal_exprt(sum, div_exprt(radix_sum, radix)),
           binary_relation_exprt(new_sum, ID_ge, radix_sum));
         digit_constraints.push_back(no_overflow);
-//      }
+      }
       sum=new_sum;
     }
 

From 19d1b91d0504f161e006cb996ea5c3797e5c25b5 Mon Sep 17 00:00:00 2001
From: Owen Jones <owen.jones@diffblue.com>
Date: Tue, 1 Aug 2017 16:42:10 +0100
Subject: [PATCH 509/699] Improve signature of is_digit_with_radix

Use const references
---
 src/solvers/refinement/string_constraint_generator.h          | 4 ++--
 .../refinement/string_constraint_generator_valueof.cpp        | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/solvers/refinement/string_constraint_generator.h b/src/solvers/refinement/string_constraint_generator.h
index 17fdd735614..11a047e68a0 100644
--- a/src/solvers/refinement/string_constraint_generator.h
+++ b/src/solvers/refinement/string_constraint_generator.h
@@ -365,9 +365,9 @@ class string_constraint_generatort: messaget
   string_exprt empty_string(const refined_string_typet &ref_type);
 };
 
-exprt is_digit_with_radix(exprt chr, exprt radix);
+exprt is_digit_with_radix(const exprt &chr, const exprt &radix);
 exprt is_digit_with_radix_lower_case(
-  exprt chr, exprt radix_char_type, unsigned long radix=36ul);
+  const exprt &chr, const exprt &radix_char_type, unsigned long radix=36ul);
 exprt get_numeric_value_from_character(
   const exprt &chr,
   const typet &char_type,
diff --git a/src/solvers/refinement/string_constraint_generator_valueof.cpp b/src/solvers/refinement/string_constraint_generator_valueof.cpp
index 65691e0668b..2232e60ef11 100644
--- a/src/solvers/refinement/string_constraint_generator_valueof.cpp
+++ b/src/solvers/refinement/string_constraint_generator_valueof.cpp
@@ -577,7 +577,7 @@ exprt string_constraint_generatort::add_axioms_for_parse_int(
 /// \param chr: the character
 /// \param radix:  the radix
 /// \return an expression for the condition
-exprt is_digit_with_radix(exprt chr, exprt radix_char_type)
+exprt is_digit_with_radix(const exprt &chr, const exprt &radix_char_type)
 {
   const typet &char_type=chr.type();
   const exprt zero_char=from_integer('0', char_type);
@@ -618,7 +618,7 @@ exprt is_digit_with_radix(exprt chr, exprt radix_char_type)
 /// \param radix: the radix, which should be between 2 and 36 (default 36)
 /// \return an expression for the condition
 exprt is_digit_with_radix_lower_case(
-  exprt chr, exprt radix_char_type, unsigned long radix)
+  const exprt &chr, const exprt &radix_char_type, unsigned long radix)
 {
   const typet &char_type=chr.type();
   const exprt zero_char=from_integer('0', char_type);

From df813eba6c0f980dcda6b82f843f2a09e6bdcba8 Mon Sep 17 00:00:00 2001
From: Owen Jones <owen.jones@diffblue.com>
Date: Wed, 2 Aug 2017 09:49:30 +0100
Subject: [PATCH 510/699] Fix merge conflict

---
 .../string_constraint_generator_format.cpp           | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/src/solvers/refinement/string_constraint_generator_format.cpp b/src/solvers/refinement/string_constraint_generator_format.cpp
index a30cae81a7c..0fe965e296d 100644
--- a/src/solvers/refinement/string_constraint_generator_format.cpp
+++ b/src/solvers/refinement/string_constraint_generator_format.cpp
@@ -263,8 +263,10 @@ string_exprt string_constraint_generatort::add_axioms_for_format_specifier(
   switch(fs.conversion)
   {
   case format_specifiert::DECIMAL_INTEGER:
-    return add_axioms_from_int(
-      get_component_in_struct(arg, ID_int), MAX_INTEGER_LENGTH, ref_type);
+  {
+    const exprt &x1=get_component_in_struct(arg, ID_int);
+    return add_axioms_from_int(x1, from_integer(10, x1.type()), ref_type);
+  }
   case format_specifiert::HEXADECIMAL_INTEGER:
     return add_axioms_from_int_hex(
       get_component_in_struct(arg, ID_int), ref_type);
@@ -283,8 +285,10 @@ string_exprt string_constraint_generatort::add_axioms_for_format_specifier(
   case format_specifiert::STRING:
     return get_string_expr(get_component_in_struct(arg, "string_expr"));
   case format_specifiert::HASHCODE:
-    return add_axioms_from_int(
-      get_component_in_struct(arg, "hashcode"), MAX_INTEGER_LENGTH, ref_type);
+  {
+    const exprt &x2=get_component_in_struct(arg, "hashcode");
+    return add_axioms_from_int(x2, from_integer(10, x2.type()), ref_type);
+  }
   case format_specifiert::LINE_SEPARATOR:
     // TODO: the constant should depend on the system: System.lineSeparator()
     return add_axioms_for_constant("\n", ref_type);

From bc3405bec8559ace258d0e3298663d6ee87cdbdd Mon Sep 17 00:00:00 2001
From: Owen Jones <owen.jones@diffblue.com>
Date: Thu, 3 Aug 2017 16:12:46 +0100
Subject: [PATCH 511/699] Address @smowton's comments

Reorganised add_axioms_from_int functions so that it's now easier to
provide the radix and/or the max_size, or leave them out and use
intelligently-determined default values. This means we don't have to
make temporary variables to hold the first argument so we can get it's
type to construct the radix with the right type, saving a lot of code.

Also renamed some functions to be more descriptive, made some comments
clearer and changed the signature of max_printed_integer_length to take
an unsigned long instead of a double, stop using simplify_expr with an
empty namespace.
---
 .../refinement/string_constraint_generator.h  |  18 +-
 .../string_constraint_generator_concat.cpp    |   6 +-
 .../string_constraint_generator_float.cpp     |  13 +-
 .../string_constraint_generator_format.cpp    |  11 +-
 .../string_constraint_generator_insert.cpp    |   6 +-
 .../string_constraint_generator_valueof.cpp   | 155 ++++++++++--------
 .../calculate_max_string_length.cpp           |   3 +-
 7 files changed, 109 insertions(+), 103 deletions(-)

diff --git a/src/solvers/refinement/string_constraint_generator.h b/src/solvers/refinement/string_constraint_generator.h
index 11a047e68a0..968fa3236e9 100644
--- a/src/solvers/refinement/string_constraint_generator.h
+++ b/src/solvers/refinement/string_constraint_generator.h
@@ -203,14 +203,14 @@ class string_constraint_generatort: messaget
   string_exprt add_axioms_from_literal(const function_application_exprt &f);
   string_exprt add_axioms_from_int(const function_application_exprt &f);
   string_exprt add_axioms_from_int(
-    const exprt &x,
-    const exprt radix,
-    const refined_string_typet &ref_type);
-  string_exprt add_axioms_from_int(
-    const exprt &x,
-    const exprt radix,
+    const exprt &input_int,
+    const refined_string_typet &ref_type,
+    size_t max_size=0);
+  string_exprt add_axioms_from_int_with_radix(
+    const exprt &input_int,
+    const exprt &radix,
     const refined_string_typet &ref_type,
-    size_t max_size);
+    size_t max_size=0);
   string_exprt add_axioms_from_int_hex(
     const exprt &i, const refined_string_typet &ref_type);
   string_exprt add_axioms_from_int_hex(const function_application_exprt &f);
@@ -373,8 +373,8 @@ exprt get_numeric_value_from_character(
   const typet &char_type,
   const typet &type,
   unsigned long radix=36ul);
-size_t calculate_max_string_length(const typet &type, const double radix);
-unsigned long try_to_evaluate_expr_as_ul(const exprt &expr, unsigned long def);
+size_t max_printed_string_length(const typet &type, unsigned long radix);
+unsigned long to_integer_or_default(const exprt &expr, unsigned long def);
 std::string utf16_constant_array_to_ascii(
   const array_exprt &arr, unsigned length);
 
diff --git a/src/solvers/refinement/string_constraint_generator_concat.cpp b/src/solvers/refinement/string_constraint_generator_concat.cpp
index aab0d43dc3a..7f183071a9a 100644
--- a/src/solvers/refinement/string_constraint_generator_concat.cpp
+++ b/src/solvers/refinement/string_constraint_generator_concat.cpp
@@ -111,8 +111,7 @@ string_exprt string_constraint_generatort::add_axioms_for_concat_int(
 {
   const refined_string_typet &ref_type=to_refined_string_type(f.type());
   string_exprt s1=get_string_expr(args(f, 2)[0]);
-  const exprt &x=args(f, 2)[1];
-  string_exprt s2=add_axioms_from_int(x, from_integer(10, x.type()), ref_type);
+  string_exprt s2=add_axioms_from_int(args(f, 2)[1], ref_type);
   return add_axioms_for_concat(s1, s2);
 }
 
@@ -125,8 +124,7 @@ string_exprt string_constraint_generatort::add_axioms_for_concat_long(
 {
   const refined_string_typet &ref_type=to_refined_string_type(f.type());
   string_exprt s1=get_string_expr(args(f, 2)[0]);
-  const exprt &x=args(f, 2)[1];
-  string_exprt s2=add_axioms_from_int(x, from_integer(10, x.type()), ref_type);
+  string_exprt s2=add_axioms_from_int(args(f, 2)[1], ref_type);
   return add_axioms_for_concat(s1, s2);
 }
 
diff --git a/src/solvers/refinement/string_constraint_generator_float.cpp b/src/solvers/refinement/string_constraint_generator_float.cpp
index c454ed04a8f..826a9d5b38b 100644
--- a/src/solvers/refinement/string_constraint_generator_float.cpp
+++ b/src/solvers/refinement/string_constraint_generator_float.cpp
@@ -201,8 +201,7 @@ string_exprt string_constraint_generatort::add_axioms_for_string_of_float(
   mod_exprt integer_part(round_expr_to_zero(f), max_non_exponent_notation);
   // We should not need more than 8 characters to represent the integer
   // part of the float.
-  string_exprt integer_part_str=add_axioms_from_int(
-    integer_part, from_integer(10, integer_part.type()), ref_type, 8);
+  string_exprt integer_part_str=add_axioms_from_int(integer_part, ref_type, 8);
 
   return add_axioms_for_concat(integer_part_str, fractional_part_str);
 }
@@ -408,11 +407,7 @@ string_exprt string_constraint_generatort::
   dec_significand_int=round_expr_to_zero(dec_significand);
 
   string_exprt string_expr_integer_part=
-    add_axioms_from_int(
-      dec_significand_int,
-      from_integer(10, dec_significand_int.type()),
-      ref_type,
-      3);
+    add_axioms_from_int(dec_significand_int, ref_type, 3);
   minus_exprt fractional_part(
     dec_significand, floatbv_of_int_expr(dec_significand_int, float_spec));
 
@@ -442,8 +437,8 @@ string_exprt string_constraint_generatort::
     from_integer('E', ref_type.get_char_type()));
 
   // exponent_string = string_of_int(decimal_exponent)
-  string_exprt exponent_string=add_axioms_from_int(
-    decimal_exponent, from_integer(10, decimal_exponent.type()), ref_type, 3);
+  string_exprt exponent_string=
+    add_axioms_from_int(decimal_exponent, ref_type, 3);
 
   // string_expr = concat(string_expr_with_E, exponent_string)
   return add_axioms_for_concat(string_expr_with_E, exponent_string);
diff --git a/src/solvers/refinement/string_constraint_generator_format.cpp b/src/solvers/refinement/string_constraint_generator_format.cpp
index 0fe965e296d..6320a23ad7a 100644
--- a/src/solvers/refinement/string_constraint_generator_format.cpp
+++ b/src/solvers/refinement/string_constraint_generator_format.cpp
@@ -263,10 +263,7 @@ string_exprt string_constraint_generatort::add_axioms_for_format_specifier(
   switch(fs.conversion)
   {
   case format_specifiert::DECIMAL_INTEGER:
-  {
-    const exprt &x1=get_component_in_struct(arg, ID_int);
-    return add_axioms_from_int(x1, from_integer(10, x1.type()), ref_type);
-  }
+    return add_axioms_from_int(get_component_in_struct(arg, ID_int), ref_type);
   case format_specifiert::HEXADECIMAL_INTEGER:
     return add_axioms_from_int_hex(
       get_component_in_struct(arg, ID_int), ref_type);
@@ -285,10 +282,8 @@ string_exprt string_constraint_generatort::add_axioms_for_format_specifier(
   case format_specifiert::STRING:
     return get_string_expr(get_component_in_struct(arg, "string_expr"));
   case format_specifiert::HASHCODE:
-  {
-    const exprt &x2=get_component_in_struct(arg, "hashcode");
-    return add_axioms_from_int(x2, from_integer(10, x2.type()), ref_type);
-  }
+    return add_axioms_from_int(
+      get_component_in_struct(arg, "hashcode"), ref_type);
   case format_specifiert::LINE_SEPARATOR:
     // TODO: the constant should depend on the system: System.lineSeparator()
     return add_axioms_for_constant("\n", ref_type);
diff --git a/src/solvers/refinement/string_constraint_generator_insert.cpp b/src/solvers/refinement/string_constraint_generator_insert.cpp
index 67a1b4bd14f..aabb2f0eb0a 100644
--- a/src/solvers/refinement/string_constraint_generator_insert.cpp
+++ b/src/solvers/refinement/string_constraint_generator_insert.cpp
@@ -66,8 +66,7 @@ string_exprt string_constraint_generatort::add_axioms_for_insert_int(
 {
   const refined_string_typet &ref_type=to_refined_string_type(f.type());
   string_exprt s1=get_string_expr(args(f, 3)[0]);
-  const exprt &x=args(f, 3)[2];
-  string_exprt s2=add_axioms_from_int(x, from_integer(10, x.type()), ref_type);
+  string_exprt s2=add_axioms_from_int(args(f, 3)[2], ref_type);
   return add_axioms_for_insert(s1, s2, args(f, 3)[1]);
 }
 
@@ -81,8 +80,7 @@ string_exprt string_constraint_generatort::add_axioms_for_insert_long(
 {
   const refined_string_typet &ref_type=to_refined_string_type(f.type());
   string_exprt s1=get_string_expr(args(f, 3)[0]);
-  const exprt &x=args(f, 3)[2];
-  string_exprt s2=add_axioms_from_int(x, from_integer(10, x.type()), ref_type);
+  string_exprt s2=add_axioms_from_int(args(f, 3)[2], ref_type);
   return add_axioms_for_insert(s1, s2, args(f, 3)[1]);
 }
 
diff --git a/src/solvers/refinement/string_constraint_generator_valueof.cpp b/src/solvers/refinement/string_constraint_generator_valueof.cpp
index 2232e60ef11..e8f0ce49a90 100644
--- a/src/solvers/refinement/string_constraint_generator_valueof.cpp
+++ b/src/solvers/refinement/string_constraint_generator_valueof.cpp
@@ -16,16 +16,8 @@ Author: Romain Brenguier, romain.brenguier@diffblue.com
 #include <util/simplify_expr.h>
 
 #include <cmath>
-
 #include <solvers/floatbv/float_bv.h>
 
-const exprt get_radix_from_optional_second_argument(
-  const function_application_exprt &f, const typet &type)
-{
-  return f.arguments().size()==1?
-    static_cast<exprt>(from_integer(10, type)):
-    static_cast<exprt>(typecast_exprt(f.arguments()[1], type));
-}
 
 /// Add axioms corresponding to the String.valueOf(I) java function.
 /// \param expr: function application with one integer argument
@@ -35,9 +27,17 @@ string_exprt string_constraint_generatort::add_axioms_from_int(
 {
   const refined_string_typet &ref_type=to_refined_string_type(expr.type());
   PRECONDITION(expr.arguments().size()>=1);
-  const exprt &x=expr.arguments()[0];
-  const exprt radix=get_radix_from_optional_second_argument(expr, x.type());
-  return add_axioms_from_int(x, radix, ref_type);
+  if (expr.arguments().size()==1)
+  {
+    return add_axioms_from_int(expr.arguments()[0], ref_type);
+  }
+  else
+  {
+    return add_axioms_from_int_with_radix(
+      expr.arguments()[0],
+      expr.arguments()[1],
+      ref_type);
+  }
 }
 
 /// Add axioms corresponding to the String.valueOf(J) java function.
@@ -48,9 +48,17 @@ string_exprt string_constraint_generatort::add_axioms_from_long(
 {
   const refined_string_typet &ref_type=to_refined_string_type(expr.type());
   PRECONDITION(expr.arguments().size()>=1);
-  const exprt &x=expr.arguments()[0];
-  const exprt radix=get_radix_from_optional_second_argument(expr, x.type());
-  return add_axioms_from_int(x, radix, ref_type);
+  if (expr.arguments().size()==1)
+  {
+    return add_axioms_from_int(expr.arguments()[0], ref_type);
+  }
+  else
+  {
+    return add_axioms_from_int_with_radix(
+      expr.arguments()[0],
+      expr.arguments()[1],
+      ref_type);
+  }
 }
 
 /// Add axioms corresponding to the String.valueOf(Z) java function.
@@ -113,47 +121,58 @@ string_exprt string_constraint_generatort::add_axioms_from_bool(
 /// of String.valueOf(I) or String.valueOf(J) Java functions applied
 /// on the integer expression.
 /// \param x: a signed integer expression
-/// \param max_size: a maximal size for the string representation
-/// \param radix: an expression for the radix
 /// \param ref_type: type for refined strings
+/// \param max_size: a maximal size for the string representation (default 0,
+///        which is interpreted to mean "as large as is needed for this type)
 /// \return a string expression
 string_exprt string_constraint_generatort::add_axioms_from_int(
-  const exprt &x,
-  const exprt radix,
-  const refined_string_typet &ref_type)
+  const exprt &input_int,
+  const refined_string_typet &ref_type,
+  size_t max_size)
 {
-  /// If we cannot tell what the radix is then so we assume it is 2 to make sure
-  /// max_size will definitely be large enough
-  double radix_d=static_cast<double>(try_to_evaluate_expr_as_ul(radix, 2ul));
-  size_t max_size=calculate_max_string_length(x.type(), radix_d);
-
-  return add_axioms_from_int(x, radix, ref_type, max_size);
+  const constant_exprt radix=from_integer(10, input_int.type());
+  return add_axioms_from_int_with_radix(input_int, radix, ref_type, max_size);
 }
 
 /// Add axioms enforcing that the string corresponds to the result
-/// of String.valueOf(I) or String.valueOf(J) Java functions applied
+/// of String.valueOf(II) or String.valueOf(JI) Java functions applied
 /// on the integer expression.
 /// \param x: a signed integer expression
-/// \param max_size: a maximal size for the string representation
+/// \param radix: the radix to use
 /// \param ref_type: type for refined strings
+/// \param max_size: a maximal size for the string representation (default 0,
+///        which is interpreted to mean "as large as is needed for this type)
 /// \return a string expression
-string_exprt string_constraint_generatort::add_axioms_from_int(
-  const exprt &x,
-  const exprt radix,
+string_exprt string_constraint_generatort::add_axioms_from_int_with_radix(
+  const exprt &input_int,
+  const exprt &radix,
   const refined_string_typet &ref_type,
   size_t max_size)
 {
-  PRECONDITION(x.type().id()==ID_signedbv);
+  const typet &type=input_int.type();
+  PRECONDITION(type.id()==ID_signedbv);
+  if(max_size==0)
+  {
+    /// If we cannot tell what the radix is then so we assume it is 2 to make
+    /// sure max_size will definitely be large enough
+    max_size=max_printed_string_length(type, to_integer_or_default(radix, 2ul));
+  }
   PRECONDITION(max_size<std::numeric_limits<size_t>::max());
   string_exprt res=fresh_string(ref_type);
-  const typet &type=x.type();
   const typet &char_type=ref_type.get_char_type();
   const typet &index_type=ref_type.get_index_type();
   exprt zero_char=constant_char('0', char_type);
   exprt radix_char_type=typecast_exprt(radix, char_type);
+  exprt radix_input_type=typecast_exprt(radix, type);
   exprt minus_char=constant_char('-', char_type);
   exprt max=from_integer(max_size, index_type);
-  unsigned long radix_ul=try_to_evaluate_expr_as_ul(radix, 36ul);
+  /// radix_ul is used to make get_numeric_value_from_character and
+  /// is_digit_with_radix_lower_case faster when the radix is less than 10,
+  /// and hence we don't have to consider letters as well as digits. If we
+  /// can't tell what the radix is then so we assume it is 36 to make sure that
+  /// we create constraints that will work with any radix.
+  unsigned long radix_ul=to_integer_or_default(radix, 36ul);
+  PRECONDITION(radix_ul>=2ul && radix_ul<=36ul);
 
   // We add axioms:
   // a1 : x < 0 => 1 <|res|<=max_size && res[0]='-'
@@ -161,7 +180,7 @@ string_exprt string_constraint_generatort::add_axioms_from_int(
   // a3 : |res|>1 && res[0] is a digit for the radix => res[0]!='0'
   // a4 : |res|>1 && res[0]='-' => res[1]!='0'
 
-  binary_relation_exprt is_negative(x, ID_lt, from_integer(0, type));
+  binary_relation_exprt is_negative(input_int, ID_lt, from_integer(0, type));
   and_exprt correct_length1(
     res.axiom_for_is_strictly_longer_than(1),
     res.axiom_for_is_shorter_than(max));
@@ -202,8 +221,8 @@ string_exprt string_constraint_generatort::add_axioms_from_int(
     //                        && sum_j >= sum_{j - 1}
     //         (the first part avoid overflows in multiplication and
     //          the second one in additions)
-    // a6 : |res| == size && res[0] is a digit for radix => x == sum
-    // a7 : |res| == size && res[0] == '-' => x == -sum
+    // a6 : |res| == size && res[0] is a digit for radix => input_int == sum
+    // a7 : |res| == size && res[0] == '-' => input_int == -sum
 
     exprt::operandst digit_constraints;
     exprt sum=
@@ -211,7 +230,7 @@ string_exprt string_constraint_generatort::add_axioms_from_int(
 
     for(size_t j=1; j<size; j++)
     {
-      mult_exprt radix_sum(sum, radix);
+      mult_exprt radix_sum(sum, radix_input_type);
       // new_sum = radix * sum + (numeric value of res[j])
       exprt new_sum=plus_exprt(
         radix_sum,
@@ -227,7 +246,7 @@ string_exprt string_constraint_generatort::add_axioms_from_int(
       if(j>=max_size-2)
       {
         and_exprt no_overflow(
-          equal_exprt(sum, div_exprt(radix_sum, radix)),
+          equal_exprt(sum, div_exprt(radix_sum, radix_input_type)),
           binary_relation_exprt(new_sum, ID_ge, radix_sum));
         digit_constraints.push_back(no_overflow);
       }
@@ -239,12 +258,12 @@ string_exprt string_constraint_generatort::add_axioms_from_int(
     axioms.push_back(a5);
 
     implies_exprt a6(
-      and_exprt(premise, starts_with_digit), equal_exprt(x, sum));
+      and_exprt(premise, starts_with_digit), equal_exprt(input_int, sum));
     axioms.push_back(a6);
 
     implies_exprt a7(
       and_exprt(premise, starts_with_minus),
-      equal_exprt(x, unary_minus_exprt(sum)));
+      equal_exprt(input_int, unary_minus_exprt(sum)));
     axioms.push_back(a7);
   }
 
@@ -549,7 +568,9 @@ exprt string_constraint_generatort::add_axioms_for_parse_int(
   const string_exprt str=get_string_expr(f.arguments()[0]);
   const typet &type=f.type();
   PRECONDITION(type.id()==ID_signedbv);
-  const exprt radix=get_radix_from_optional_second_argument(f, type);
+  const exprt radix=f.arguments().size()==1?
+    static_cast<exprt>(from_integer(10, type)):
+    static_cast<exprt>(typecast_exprt(f.arguments()[1], type));
 
   const symbol_exprt x=fresh_symbol("abs_parsed_int", type);
   const refined_string_typet &ref_type=to_refined_string_type(str.type());
@@ -710,36 +731,38 @@ exprt get_numeric_value_from_character(
 }
 
 /// Calculate the string length needed to represent any value of the given type
-/// using the given radix
+/// using the given radix. Due to floating point rounding errors we sometimes
+/// return a value 1 larger than needed, which is fine for our purposes.
 /// \param type: the type that we are considering values of
 /// \param radix: the radix we are using, as a double
 /// \return the maximum string length
-size_t calculate_max_string_length(const typet &type, double radix)
+size_t max_printed_string_length(const typet &type, unsigned long ul_radix)
 {
   double n_bits=static_cast<double>(to_bitvector_type(type).get_width());
-
-  /// If the type is signed then the maximum absolute value that needs to be
-  /// representable is one bit smaller
+  double radix=static_cast<double>(ul_radix);
   bool signed_type=type.id()==ID_signedbv;
-  /// Let m be the minimal number of characters needed.
-  /// For signed types, the longest string will be for -2^(n-1), so
-  ///   m = 1 + min{k: 2^(n-1) < r^k}
-  ///     = 1 + min{k: n-1 < k log_2(r)}
-  ///     = 1 + min{k: k > (n-1) / log_2(r)}
-  ///     = 1 + min{k: k > floor((n-1) / log_2(r))}
-  ///     = 1 + (1 + floor((n-1) / log_2(r)))
-  ///     = 2 + floor((n-1) / log_2(r))
-  /// For unsigned types, the longest string will be for (2^n)-1, so
-  ///   m = min{k: (2^n)-1 < r^k}
-  ///     = min{k: 2^n <= r^k}
-  ///     = min{k: n <= k log_2(r)}
-  ///     = min{k: k >= n / log_2(r)}
-  ///     = min{k: k >= ceil(n / log_2(r))}
-  ///     = ceil(n / log_2(r))
-  double max_string_length=signed_type?
+  /// We want to calculate max, the maximum number of characters needed to
+  /// represent any value of the given type.
+  ///
+  /// For signed types, the longest string will be for -2^(n_bits-1), so
+  /// max = 1 + min{k: 2^(n_bits-1) < radix^k} (the 1 is for the minus sign)
+  ///     = 1 + min{k: n_bits-1 < k log_2(radix)}
+  ///     = 1 + min{k: k > (n_bits-1) / log_2(radix)}
+  ///     = 1 + min{k: k > floor((n_bits-1) / log_2(radix))}
+  ///     = 1 + (1 + floor((n_bits-1) / log_2(radix)))
+  ///     = 2 + floor((n_bits-1) / log_2(radix))
+  ///
+  /// For unsigned types, the longest string will be for (2^n_bits)-1, so
+  /// max = min{k: (2^n_bits)-1 < radix^k}
+  ///     = min{k: 2^n_bits <= radix^k}
+  ///     = min{k: n_bits <= k log_2(radix)}
+  ///     = min{k: k >= n_bits / log_2(radix)}
+  ///     = min{k: k >= ceil(n_bits / log_2(radix))}
+  ///     = ceil(n_bits / log_2(radix))
+  double max=signed_type?
     floor(static_cast<double>(n_bits-1)/log2(radix))+2.0:
     ceil(static_cast<double>(n_bits)/log2(radix));
-  return static_cast<size_t>(max_string_length);
+  return static_cast<size_t>(max);
 }
 
 /// If the expression is a constant expression then we get the value of it as
@@ -747,11 +770,9 @@ size_t calculate_max_string_length(const typet &type, double radix)
 /// \param expr: input expression
 /// \param def: default value to return if we cannot evaluate expr
 /// \return the output as an unsigned long
-unsigned long try_to_evaluate_expr_as_ul(const exprt &expr, unsigned long def)
+unsigned long to_integer_or_default(const exprt &expr, unsigned long def)
 {
-  symbol_tablet symtab;
-  const namespacet ns(symtab);
   mp_integer mp_radix;
-  bool to_integer_failed=to_integer(simplify_expr(expr, ns), mp_radix);
+  bool to_integer_failed=to_integer(expr, mp_radix);
   return to_integer_failed?def:integer2ulong(mp_radix);
 }
diff --git a/unit/solvers/refinement/string_constraint_generator_valueof/calculate_max_string_length.cpp b/unit/solvers/refinement/string_constraint_generator_valueof/calculate_max_string_length.cpp
index b07ea833e52..d61030d7642 100644
--- a/unit/solvers/refinement/string_constraint_generator_valueof/calculate_max_string_length.cpp
+++ b/unit/solvers/refinement/string_constraint_generator_valueof/calculate_max_string_length.cpp
@@ -122,8 +122,7 @@ SCENARIO("calculate_max_string_length",
       {
         WHEN(std::string("type = ")+type.pretty())
         {
-          double radix_d=static_cast<double>(radix);
-          size_t actual_value=calculate_max_string_length(type, radix_d);
+          size_t actual_value=max_printed_string_length(type, radix);
           size_t expected_value=expected_length(radix, type);
           /// Due to floating point rounding errors, we sometime get one more
           /// than the actual value, which is perfectly fine for our purposes

From 0a0a357ca31457e73b3361fd6032d81c0221eed5 Mon Sep 17 00:00:00 2001
From: Owen Jones <owen.jones@diffblue.com>
Date: Thu, 3 Aug 2017 16:58:43 +0100
Subject: [PATCH 512/699] Minor improvements to unit tests

---
 .../calculate_max_string_length.cpp           | 29 ++++++++++++-------
 .../is_digit_with_radix_lower_case.cpp        |  4 +--
 2 files changed, 21 insertions(+), 12 deletions(-)

diff --git a/unit/solvers/refinement/string_constraint_generator_valueof/calculate_max_string_length.cpp b/unit/solvers/refinement/string_constraint_generator_valueof/calculate_max_string_length.cpp
index d61030d7642..fc3e508a6a9 100644
--- a/unit/solvers/refinement/string_constraint_generator_valueof/calculate_max_string_length.cpp
+++ b/unit/solvers/refinement/string_constraint_generator_valueof/calculate_max_string_length.cpp
@@ -107,27 +107,36 @@ size_t expected_length(const int radix, const typet &type)
 SCENARIO("calculate_max_string_length",
   "[core][solvers][refinement][string_constraint_generator_valueof]")
 {
-  const int radixes[]={2, 8, 10, 16};
+  const unsigned long radixes[]={2, 8, 10, 16};
+  const unsigned long default_radix=2;
   const typet int_types[]={
     signedbv_typet(32),
     unsignedbv_typet(32),
     signedbv_typet(64),
     unsignedbv_typet(64)};
 
-  for(const int radix : radixes)
+  for(const typet &type : int_types)
   {
-    WHEN(std::string("radix = ")+std::to_string(radix))
+    WHEN(std::string("type = ")+type.pretty())
     {
-      for(const typet &type : int_types)
+      for(const unsigned long radix : radixes)
       {
-        WHEN(std::string("type = ")+type.pretty())
+        WHEN(std::string("radix = ")+std::to_string(radix))
         {
           size_t actual_value=max_printed_string_length(type, radix);
-          size_t expected_value=expected_length(radix, type);
-          /// Due to floating point rounding errors, we sometime get one more
-          /// than the actual value, which is perfectly fine for our purposes
-          REQUIRE(expected_value<=actual_value);
-          REQUIRE(expected_value+1>=actual_value);
+          WHEN(std::string("correct value")+type.pretty())
+          {
+            size_t expected_value=expected_length(radix, type);
+            /// Due to floating point rounding errors, we sometime get one more
+            /// than the actual value, which is perfectly fine for our purposes
+            REQUIRE(expected_value<=actual_value);
+            REQUIRE(expected_value+1>=actual_value);
+          }
+          WHEN(std::string("value is less than with default radix"))
+          {
+            size_t actual_value_for_default=max_printed_string_length(type, default_radix);
+            REQUIRE(actual_value<=actual_value_for_default);
+          }
         }
       }
     }
diff --git a/unit/solvers/refinement/string_constraint_generator_valueof/is_digit_with_radix_lower_case.cpp b/unit/solvers/refinement/string_constraint_generator_valueof/is_digit_with_radix_lower_case.cpp
index 6b463692822..5d27b8b65aa 100644
--- a/unit/solvers/refinement/string_constraint_generator_valueof/is_digit_with_radix_lower_case.cpp
+++ b/unit/solvers/refinement/string_constraint_generator_valueof/is_digit_with_radix_lower_case.cpp
@@ -15,7 +15,7 @@
 #include <util/simplify_expr.h>
 #include <util/std_types.h>
 
-SCENARIO("is_digit_with_radix_strict",
+SCENARIO("is_digit_with_radix_lower_case",
   "[core][solvers][refinement][string_constraint_generator_valueof]")
 {
   const typet char_type=unsignedbv_typet(16);
@@ -30,7 +30,7 @@ SCENARIO("is_digit_with_radix_strict",
     REQUIRE(true_exprt()==simplify_expr(
       is_digit_with_radix_lower_case(from_integer('9', char_type), radix), ns));
     REQUIRE(false_exprt()==simplify_expr(
-      is_digit_with_radix(from_integer('a', char_type), radix), ns));
+      is_digit_with_radix_lower_case(from_integer('a', char_type), radix), ns));
   }
   WHEN("Radix 8")
   {

From e3cc966c9312ffe744a89d8b9f45e88c60d6c084 Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Fri, 4 Aug 2017 14:46:41 +0100
Subject: [PATCH 513/699] Fix Doxygen warnings

---
 src/cpp/cpp_constructor.cpp | 1 +
 src/util/graph.h            | 2 +-
 src/util/invariant.h        | 2 +-
 3 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/cpp/cpp_constructor.cpp b/src/cpp/cpp_constructor.cpp
index 9be6e8c3f01..df037cda6cb 100644
--- a/src/cpp/cpp_constructor.cpp
+++ b/src/cpp/cpp_constructor.cpp
@@ -18,6 +18,7 @@ Author: Daniel Kroening, kroening@cs.cmu.edu
 
 #include "cpp_util.h"
 
+/// \param source_location: source location for generated code
 /// \param object: non-typechecked object
 /// \param operands: non-typechecked operands
 /// \return typechecked code
diff --git a/src/util/graph.h b/src/util/graph.h
index 625f5656454..a77dba7e524 100644
--- a/src/util/graph.h
+++ b/src/util/graph.h
@@ -581,7 +581,7 @@ void grapht<N>::make_chordal()
 }
 
 /// Find a topological order of the nodes if graph is DAG, return empty list for
-/// non-DAG or empty graph. Uses Kahn's algorithm running in O(#edges+#nodes).
+/// non-DAG or empty graph. Uses Kahn's algorithm running in O(n_edges+n_nodes).
 template<class N>
 std::list<typename grapht<N>::node_indext> grapht<N>::topsort() const
 {
diff --git a/src/util/invariant.h b/src/util/invariant.h
index 325020a0d6e..3d0aec54ae3 100644
--- a/src/util/invariant.h
+++ b/src/util/invariant.h
@@ -142,7 +142,7 @@ void report_exception_to_stderr(const invariant_failedt &);
 /// Takes a backtrace, gives it to the reason structure, then aborts, printing
 /// reason.what() (which therefore includes the backtrace).
 /// In future this may throw `reason` instead of aborting.
-/// \param ET : (template type parameter), type of exception to construct
+/// Template parameter ET: type of exception to construct
 /// \param file : C string giving the name of the file.
 /// \param function : C string giving the name of the function.
 /// \param line : The line number of the invariant

From a9b2cdf0f0da6b55146d97f12f4a33435ab88c82 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Tue, 1 Aug 2017 09:44:52 +0100
Subject: [PATCH 514/699] Adding base types of the String(Builder|Buffer)
 classes

This allows CBMC to know about which classes these extends and
implement.
---
 src/java_bytecode/java_string_library_preprocess.cpp | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/src/java_bytecode/java_string_library_preprocess.cpp b/src/java_bytecode/java_string_library_preprocess.cpp
index 5ad4efddbd3..eb8844183fb 100644
--- a/src/java_bytecode/java_string_library_preprocess.cpp
+++ b/src/java_bytecode/java_string_library_preprocess.cpp
@@ -202,6 +202,17 @@ void java_string_library_preprocesst::add_string_type(
   string_type.components()[2].type()=java_reference_type(
     array_typet(java_char_type(), infinity_exprt(string_length_type())));
   string_type.add_base(symbol_typet("java::java.lang.Object"));
+  if(class_name!="java.lang.CharSequence")
+  {
+    string_type.add_base(symbol_typet("java::java.io.Serializable"));
+    string_type.add_base(symbol_typet("java::java.lang.CharSequence"));
+  }
+  if(class_name=="java.lang.String")
+    string_type.add_base(symbol_typet("java::java.lang.Comparable"));
+
+  if(class_name=="java.lang.StringBuilder" ||
+     class_name=="java.lang.StringBuffer")
+    string_type.add_base(symbol_typet("java::java.lang.AbstractStringBuilder"));
 
   symbolt tmp_string_symbol;
   tmp_string_symbol.name="java::"+id2string(class_name);

From 665dd70e65f2000fe21fd882954ebc3a5b609940 Mon Sep 17 00:00:00 2001
From: "Lukasz A.J. Wrona" <lukasz.andrzej.wrona@gmail.com>
Date: Fri, 21 Jul 2017 17:55:37 +0100
Subject: [PATCH 515/699] Implement depth-first search iterators for exprt
 class

 - Implements 3 forward iterators, traversing expression tree by
   exploring each expression's operands() vector using depth-first
   traversal (unique_depth_iteratort, depth_iteratort,
   const_depth_iteratort)
 - Adds exprt member functions for obtaining said iterator
 - Adds unit tests for said iterator
---
 src/util/expr.cpp           |  26 +++-
 src/util/expr.h             |  15 +++
 src/util/expr_iterator.h    | 240 ++++++++++++++++++++++++++++++++++++
 unit/Makefile               |   7 ++
 unit/util/expr_iterator.cpp | 135 ++++++++++++++++++++
 5 files changed, 420 insertions(+), 3 deletions(-)
 create mode 100644 src/util/expr_iterator.h
 create mode 100644 unit/util/expr_iterator.cpp

diff --git a/src/util/expr.cpp b/src/util/expr.cpp
index ee7f310d471..d252e6cbd91 100644
--- a/src/util/expr.cpp
+++ b/src/util/expr.cpp
@@ -10,16 +10,14 @@ Author: Daniel Kroening, kroening@kroening.com
 /// Expression Representation
 
 #include "expr.h"
-
 #include <cassert>
-
 #include <stack>
-
 #include "string2int.h"
 #include "mp_arith.h"
 #include "fixedbv.h"
 #include "ieee_float.h"
 #include "invariant.h"
+#include "expr_iterator.h"
 #include "rational.h"
 #include "rational_tools.h"
 #include "arith_tools.h"
@@ -515,3 +513,25 @@ void exprt::visit(const_expr_visitort &visitor) const
       stack.push(&(*it));
   }
 }
+
+depth_iteratort exprt::depth_begin()
+{ return depth_iteratort(*this); }
+depth_iteratort exprt::depth_end()
+{ return depth_iteratort(); }
+const_depth_iteratort exprt::depth_begin() const
+{ return const_depth_iteratort(*this); }
+const_depth_iteratort exprt::depth_end() const
+{ return const_depth_iteratort(); }
+const_depth_iteratort exprt::depth_cbegin() const
+{ return const_depth_iteratort(*this); }
+const_depth_iteratort exprt::depth_cend() const
+{ return const_depth_iteratort(); }
+
+const_unique_depth_iteratort exprt::unique_depth_begin() const
+{ return const_unique_depth_iteratort(*this); }
+const_unique_depth_iteratort exprt::unique_depth_end() const
+{ return const_unique_depth_iteratort(); }
+const_unique_depth_iteratort exprt::unique_depth_cbegin() const
+{ return const_unique_depth_iteratort(*this); }
+const_unique_depth_iteratort exprt::unique_depth_cend() const
+{ return const_unique_depth_iteratort(); }
diff --git a/src/util/expr.h b/src/util/expr.h
index 2d58dca1cf2..b58803f5689 100644
--- a/src/util/expr.h
+++ b/src/util/expr.h
@@ -41,6 +41,10 @@ Author: Daniel Kroening, kroening@kroening.com
   for(expr_listt::iterator it=(expr).begin(); \
       it!=(expr).end(); ++it)
 
+class depth_iteratort;
+class const_depth_iteratort;
+class const_unique_depth_iteratort;
+
 /*! \brief Base class for all expressions
 */
 class exprt:public irept
@@ -161,6 +165,17 @@ class exprt:public irept
 
   void visit(class expr_visitort &visitor);
   void visit(class const_expr_visitort &visitor) const;
+
+  depth_iteratort depth_begin();
+  depth_iteratort depth_end();
+  const_depth_iteratort depth_begin() const;
+  const_depth_iteratort depth_end() const;
+  const_depth_iteratort depth_cbegin() const;
+  const_depth_iteratort depth_cend() const;
+  const_unique_depth_iteratort unique_depth_begin() const;
+  const_unique_depth_iteratort unique_depth_end() const;
+  const_unique_depth_iteratort unique_depth_cbegin() const;
+  const_unique_depth_iteratort unique_depth_cend() const;
 };
 
 typedef std::list<exprt> expr_listt;
diff --git a/src/util/expr_iterator.h b/src/util/expr_iterator.h
new file mode 100644
index 00000000000..7f6b83440f0
--- /dev/null
+++ b/src/util/expr_iterator.h
@@ -0,0 +1,240 @@
+/*******************************************************************\
+
+ Module: exprt iterator module
+
+ Author: DiffBlue Limited. All rights reserved.
+
+\*******************************************************************/
+
+#ifndef CPROVER_UTIL_EXPR_ITERATOR_H
+#define CPROVER_UTIL_EXPR_ITERATOR_H
+
+#include <iterator>
+#include <functional>
+#include <set>
+#include <algorithm>
+#include "expr.h"
+#include "invariant.h"
+
+// Forward declarations - table of contents
+
+/// \file Forward depth-first search iterators
+/// These iterators' copy operations are expensive, so use auto&, and avoid
+/// std::next(), std::prev() and post-increment iterator
+///
+/// Non-const iterators dereference to const exprt (for use with STL
+/// algorithms) but have an extra .mutate() method. That method is used
+/// to access non-const exprt reference but is an expensive operation
+
+/// Naive depth-first-search iterator with .mutate method for
+/// modifying exprt under the iterator.
+class depth_iteratort;
+/// Naive depth-first-search iterator.
+class const_depth_iteratort;
+/// Depth first-search iterator with duplicate avoidance (skips over
+/// duplicates, shows only first encountered child)
+/// Slower iteration than naive version. Very expensive copy.
+class const_unique_depth_iteratort;
+
+/// Helper class for depth_iterator_baset
+struct depth_iterator_expr_statet final
+{
+  typedef std::vector<exprt>::const_iterator operands_iteratort;
+  inline depth_iterator_expr_statet(
+    const exprt &expr,
+    operands_iteratort it,
+    operands_iteratort end):
+    expr(expr), it(it), end(end) { }
+  std::reference_wrapper<const exprt> expr;
+  operands_iteratort it;
+  operands_iteratort end;
+};
+
+inline bool operator==(
+  const depth_iterator_expr_statet &left,
+  const depth_iterator_expr_statet &right)
+{ return left.it==right.it && left.expr.get()==right.expr.get(); }
+
+
+/// Depth first search iterator base - iterates over supplied expression
+/// and all its operands recursively.
+/// Base class using CRTP
+/// Do override .push_expr method of this class, but when doing so
+/// make this class a friend so it has access to that overridden .push_expr
+/// method in the child class
+template<typename depth_iterator_t>
+class depth_iterator_baset
+{
+public:
+  typedef void difference_type;   // NOLINT Required by STL
+  typedef exprt value_type;       // NOLINT
+  typedef const exprt *pointer;   // NOLINT
+  typedef const exprt &reference; // NOLINT
+  typedef std::forward_iterator_tag iterator_category; // NOLINT
+  bool operator==(const depth_iterator_t &other) const
+  {
+    return m_stack==other.m_stack;
+  }
+
+  /// Preincrement operator
+  /// Do not call on the end() iterator
+  depth_iterator_t &operator++()
+  {
+    PRECONDITION(!m_stack.empty());
+    while(true)
+    {
+      if(m_stack.back().it==m_stack.back().end)
+      {
+        m_stack.pop_back();
+        if(m_stack.empty())
+          break;
+      }
+      // Check eg. if we haven't seen this node before
+      else if(this->downcast().push_expr(*m_stack.back().it))
+        break;
+      m_stack.back().it++;
+    }
+    return this->downcast();
+  }
+
+  /// Post-increment operator
+  /// Expensive copy. Avoid if possible
+  depth_iterator_t operator++(int)
+  {
+    depth_iterator_t tmp(*this);
+    this->operator++();
+    return tmp;
+  }
+
+  /// Dereference operator
+  /// Dereferencing end() iterator is undefined behaviour
+  const exprt &operator*() const
+  {
+    PRECONDITION(!m_stack.empty());
+    return m_stack.back().expr.get();
+  }
+
+  /// Dereference operator (member access)
+  /// Dereferencing end() iterator is undefined behaviour
+  const exprt *operator->() const
+  { return &**this; }
+
+protected:
+  /// Create end iterator
+  depth_iterator_baset()=default;
+
+  /// Create begin iterator, starting at the supplied node
+  explicit depth_iterator_baset(const exprt &root)
+  { this->push_expr(root); }
+
+  /// Destructor
+  /// Protected to discourage upcasting
+  ~depth_iterator_baset()=default;
+
+  depth_iterator_baset(const depth_iterator_baset &)=default;
+  depth_iterator_baset(depth_iterator_baset &&other)
+  { m_stack=std::move(other.m_stack); }
+  depth_iterator_baset &operator=(const depth_iterator_baset&)=default;
+  depth_iterator_baset &operator=(depth_iterator_baset &&other)
+  { m_stack=std::move(other.m_stack); }
+
+  /// Obtain non-const exprt reference. Performs a copy-on-write on
+  /// the root node as a side effect. To be called only if a the root
+  /// is a non-const exprt. Do not call on the end() iterator
+  exprt &mutate()
+  {
+    PRECONDITION(!m_stack.empty());
+    auto expr=std::ref(const_cast<exprt &>(m_stack.front().expr.get()));
+    for(auto &state : m_stack)
+    {
+      auto &operands=expr.get().operands();
+      const auto i=operands.size()-(state.end-state.it);
+      const auto it=operands.begin()+i;
+      state.expr=expr.get();
+      state.it=it;
+      state.end=operands.end();
+      if(!(state==m_stack.back()))
+      {
+        expr=std::ref(*it);
+      }
+    }
+    return expr.get();
+  }
+
+  /// Pushes expression onto the stack
+  /// If overridden, this function should be called from the inheriting
+  /// class by the override function
+  /// \return true if element was successfully pushed onto the stack,
+  /// false otherwise
+  /// If returning false, child will not be iterated over
+  bool push_expr(const exprt &expr)
+  {
+    m_stack.emplace_back(expr, expr.operands().begin(), expr.operands().end());
+    return true;
+  }
+
+private:
+  std::vector<depth_iterator_expr_statet> m_stack;
+
+  depth_iterator_t &downcast()
+  { return static_cast<depth_iterator_t &>(*this); }
+};
+
+template<typename T, typename std::enable_if<
+  std::is_base_of<depth_iterator_baset<T>, T>::value, int>::type=0>
+bool operator!=(
+  const T &left,
+  const T &right)
+{ return !(left==right); }
+
+class const_depth_iteratort final:
+  public depth_iterator_baset<const_depth_iteratort>
+{
+public:
+  /// Create iterator starting at the supplied node (root)
+  explicit const_depth_iteratort(const exprt &expr):
+    depth_iterator_baset(expr) { }
+  /// Create an end iterator
+  const_depth_iteratort()=default;
+};
+
+class depth_iteratort final:
+  public depth_iterator_baset<depth_iteratort>
+{
+public:
+  /// Create an end iterator
+  depth_iteratort()=default;
+  /// Create iterator starting at the supplied node (root)
+  /// All mutations of the child nodes will be reflected on this node
+  explicit depth_iteratort(exprt &expr):
+    depth_iterator_baset(expr) { }
+  /// Obtain non-const reference to the pointed exprt instance
+  /// Modifies root expression
+  exprt &mutate()
+  { return depth_iterator_baset::mutate(); }
+};
+
+class const_unique_depth_iteratort final:
+  public depth_iterator_baset<const_unique_depth_iteratort>
+{
+  friend depth_iterator_baset;
+public:
+  /// Create iterator starting at the supplied node (root)
+  explicit const_unique_depth_iteratort(const exprt &expr):
+    depth_iterator_baset(expr),
+    m_traversed({ expr }) { }
+  /// Create an end iterator
+  const_unique_depth_iteratort()=default;
+private:
+  /// Push expression onto the stack and add to the set of traversed exprts
+  bool push_expr(const exprt &expr) // "override" - hide base class method
+  {
+    const bool inserted=this->m_traversed.insert(expr).second;
+    if(inserted)
+      depth_iterator_baset::push_expr(expr);
+    return inserted;
+  }
+  std::set<exprt> m_traversed;
+};
+
+#endif
diff --git a/unit/Makefile b/unit/Makefile
index 672cb13650f..63a6acb4fda 100644
--- a/unit/Makefile
+++ b/unit/Makefile
@@ -3,6 +3,13 @@
 # Source files for test utilities
 SRC = src/expr/require_expr.cpp \
       src/ansi-c/c_to_expr.cpp \
+      unit_tests.cpp \
+      catch_example.cpp \
+      util/expr_iterator.cpp \
+      analyses/call_graph.cpp \
+      java_bytecode/java_bytecode_convert_class/convert_abstract_class.cpp \
+      solvers/refinement/string_constraint_generator_valueof/is_digit_with_radix.cpp \
+      solvers/refinement/string_constraint_generator_valueof/get_numeric_value_from_character.cpp \
       # Empty last line
 
 # Test source files
diff --git a/unit/util/expr_iterator.cpp b/unit/util/expr_iterator.cpp
new file mode 100644
index 00000000000..4b914b01551
--- /dev/null
+++ b/unit/util/expr_iterator.cpp
@@ -0,0 +1,135 @@
+/*******************************************************************\
+
+ Module: Example Catch Tests
+
+ Author: DiffBlue Limited. All rights reserved.
+
+\*******************************************************************/
+
+#include <catch.hpp>
+#include <util/expr.h>
+#include <util/expr_iterator.h>
+
+TEST_CASE("Depth iterator over empty exprt")
+{
+  exprt expr;
+  std::vector<std::reference_wrapper<const exprt>> results;
+  std::copy(expr.depth_begin(),
+            expr.depth_end(),
+            std::back_inserter(results));
+  REQUIRE(results.size()==1);
+  REQUIRE(results.front().get()==expr);
+}
+
+TEST_CASE("Unique depth iterator over empty exprt")
+{
+  exprt expr;
+  std::vector<std::reference_wrapper<const exprt>> results;
+  std::copy(expr.unique_depth_begin(),
+            expr.unique_depth_end(),
+            std::back_inserter(results));
+  REQUIRE(results.size()==1);
+  REQUIRE(results.front().get()==expr);
+}
+
+TEST_CASE("Iterate over a node with 3 children")
+{
+  std::vector<exprt> input(4);
+  input[0].operands()={ input[1], input[2], input[3] };
+  std::vector<std::reference_wrapper<const exprt>> results;
+  std::copy(input[0].depth_begin(),
+            input[0].depth_end(),
+            std::back_inserter(results));
+  REQUIRE(results.size()==input.size());
+
+  auto it=results.begin();
+  for(const auto &expr : input)
+  {
+    REQUIRE(it->get()==expr);
+    it++;
+  }
+}
+
+TEST_CASE("Iterate over a node with 5 children, ignoring duplicates")
+{
+  std::vector<exprt> input(4);
+  input[1].id(ID_int);
+  input[2].id(ID_symbol);
+  input[3].id(ID_array);
+  input[0].operands()={ input[1], input[2], input[1], input[3], input[2] };
+  std::vector<std::reference_wrapper<const exprt>> results;
+  std::copy(input[0].unique_depth_begin(),
+            input[0].unique_depth_end(),
+            std::back_inserter(results));
+  REQUIRE(results.size()==input.size());
+
+  auto it=results.begin();
+  for(const auto &expr : input)
+  {
+    REQUIRE(it->get()==expr);
+    it++;
+  }
+}
+
+TEST_CASE("Iterate over a 3-level node")
+{
+  std::vector<exprt> input(4);
+  input[1].id(ID_int);
+  input[2].operands()={ input[3] };
+  input[0].operands()={ input[1], input[2] };
+  std::vector<std::reference_wrapper<const exprt>> results;
+  std::copy(input[0].depth_begin(),
+            input[0].depth_end(),
+            std::back_inserter(results));
+  REQUIRE(results.size()==input.size());
+
+  auto it=results.begin();
+  for(const auto &expr : input)
+  {
+    REQUIRE(it->get()==expr);
+    it++;
+  }
+}
+
+TEST_CASE("Iterate over a 3-level tree, ignoring duplicates")
+{
+  std::vector<exprt> input(4);
+  input[1].id(ID_int);
+  input[2].operands()={ input[3], input[1] };
+  input[0].operands()={ input[1], input[2], input[3] };
+  std::vector<std::reference_wrapper<const exprt>> results;
+  std::copy(input[0].unique_depth_begin(),
+            input[0].unique_depth_end(),
+            std::back_inserter(results));
+  REQUIRE(results.size()==input.size());
+
+  auto it=results.begin();
+  for(const auto &expr : input)
+  {
+    REQUIRE(it->get()==expr);
+    it++;
+  }
+}
+
+TEST_CASE("Iterate over a 3-level tree, mutate - set all types to ID_symbol")
+{
+  std::vector<exprt> input(4);
+  input[1].id(ID_int);
+  input[2].operands()={ input[3] };
+  input[0].operands()={ input[1], input[2] };
+  std::vector<std::reference_wrapper<exprt>> results;
+  for(auto it=input[0].depth_begin(),
+           end=input[0].depth_end();
+      it != end; ++it)
+  {
+    exprt &expr=it.mutate();
+    results.push_back(std::ref(expr));
+    REQUIRE(*it==expr);
+    expr.id(ID_symbol);
+  }
+  REQUIRE(results.size()==input.size());
+  for(const auto& expr : results)
+  {
+    REQUIRE(expr.get().id()==ID_symbol);
+  }
+}

From 3339f410294e387b8e6641fa8511ee3baf400f98 Mon Sep 17 00:00:00 2001
From: Owen Jones <owen.jones@diffblue.com>
Date: Mon, 7 Aug 2017 09:54:58 +0100
Subject: [PATCH 516/699] Fix parameter names in documentation and declaration

---
 src/solvers/refinement/string_constraint_generator.h          | 2 +-
 .../refinement/string_constraint_generator_valueof.cpp        | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/solvers/refinement/string_constraint_generator.h b/src/solvers/refinement/string_constraint_generator.h
index 968fa3236e9..2203d9f64b3 100644
--- a/src/solvers/refinement/string_constraint_generator.h
+++ b/src/solvers/refinement/string_constraint_generator.h
@@ -373,7 +373,7 @@ exprt get_numeric_value_from_character(
   const typet &char_type,
   const typet &type,
   unsigned long radix=36ul);
-size_t max_printed_string_length(const typet &type, unsigned long radix);
+size_t max_printed_string_length(const typet &type, unsigned long ul_radix);
 unsigned long to_integer_or_default(const exprt &expr, unsigned long def);
 std::string utf16_constant_array_to_ascii(
   const array_exprt &arr, unsigned length);
diff --git a/src/solvers/refinement/string_constraint_generator_valueof.cpp b/src/solvers/refinement/string_constraint_generator_valueof.cpp
index e8f0ce49a90..86522bf67fe 100644
--- a/src/solvers/refinement/string_constraint_generator_valueof.cpp
+++ b/src/solvers/refinement/string_constraint_generator_valueof.cpp
@@ -137,7 +137,7 @@ string_exprt string_constraint_generatort::add_axioms_from_int(
 /// Add axioms enforcing that the string corresponds to the result
 /// of String.valueOf(II) or String.valueOf(JI) Java functions applied
 /// on the integer expression.
-/// \param x: a signed integer expression
+/// \param input_int: a signed integer expression
 /// \param radix: the radix to use
 /// \param ref_type: type for refined strings
 /// \param max_size: a maximal size for the string representation (default 0,
@@ -734,7 +734,7 @@ exprt get_numeric_value_from_character(
 /// using the given radix. Due to floating point rounding errors we sometimes
 /// return a value 1 larger than needed, which is fine for our purposes.
 /// \param type: the type that we are considering values of
-/// \param radix: the radix we are using, as a double
+/// \param ul_radix: the radix we are using, as a double
 /// \return the maximum string length
 size_t max_printed_string_length(const typet &type, unsigned long ul_radix)
 {

From d77f0d2c9f6043fa85fa35b9def07b3765e4d290 Mon Sep 17 00:00:00 2001
From: "Lukasz A.J. Wrona" <lukasz.andrzej.wrona@gmail.com>
Date: Fri, 4 Aug 2017 10:02:18 +0100
Subject: [PATCH 517/699] Escape '\n', '\r' and '"' characters in generated
 tests

---
 src/util/unicode.cpp | 25 +++++++++++++++++--------
 1 file changed, 17 insertions(+), 8 deletions(-)

diff --git a/src/util/unicode.cpp b/src/util/unicode.cpp
index df38d52f8e7..a9f3f59889b 100644
--- a/src/util/unicode.cpp
+++ b/src/util/unicode.cpp
@@ -272,7 +272,7 @@ std::wstring utf8_to_utf16(const std::string& in, bool swap_bytes)
 
 /// \par parameters: String in UTF-8 format
 /// \return String in UTF-16BE format
-std::wstring utf8_to_utf16_big_endian(const std::string& in)
+std::wstring utf8_to_utf16_big_endian(const std::string &in)
 {
   bool swap_bytes=is_little_endian_arch();
   return utf8_to_utf16(in, swap_bytes);
@@ -280,7 +280,7 @@ std::wstring utf8_to_utf16_big_endian(const std::string& in)
 
 /// \par parameters: String in UTF-8 format
 /// \return String in UTF-16LE format
-std::wstring utf8_to_utf16_little_endian(const std::string& in)
+std::wstring utf8_to_utf16_little_endian(const std::string &in)
 {
   bool swap_bytes=!is_little_endian_arch();
   return utf8_to_utf16(in, swap_bytes);
@@ -288,21 +288,30 @@ std::wstring utf8_to_utf16_little_endian(const std::string& in)
 
 /// \par parameters: String in UTF-16LE format
 /// \return String in US-ASCII format, with \uxxxx escapes for other characters
-std::string utf16_little_endian_to_ascii(const std::wstring& in)
+std::string utf16_little_endian_to_ascii(const std::wstring &in)
 {
   std::ostringstream result;
-  std::locale loc;
-  for(const auto c : in)
+  const std::locale loc;
+  for(const auto ch : in)
   {
-    if(c<=255 && isprint(c, loc))
-      result << (unsigned char)c;
+    if(ch=='\n')
+      result << "\\n";
+    else if(ch=='\r')
+      result << "\\r";
+    else if(ch<=255 && isprint(ch, loc))
+    {
+      const auto uch=static_cast<unsigned char>(ch);
+      if(uch=='"')
+        result << '\\';
+      result << uch;
+    }
     else
     {
       result << "\\u"
              << std::hex
              << std::setw(4)
              << std::setfill('0')
-             << (unsigned int)c;
+             << static_cast<unsigned int>(ch);
     }
   }
   return result.str();

From 21735a0f2510f24b73a913425226c393103e26cd Mon Sep 17 00:00:00 2001
From: "Lukasz A.J. Wrona" <lukasz.andrzej.wrona@gmail.com>
Date: Fri, 4 Aug 2017 16:11:16 +0100
Subject: [PATCH 518/699] Rename utf16_constant_array_to_ascii to
 utf16_constant_array_to_java

---
 src/solvers/refinement/string_constraint_generator.h        | 2 +-
 .../refinement/string_constraint_generator_format.cpp       | 6 +++---
 src/solvers/refinement/string_refinement.cpp                | 2 +-
 src/util/unicode.cpp                                        | 2 +-
 src/util/unicode.h                                          | 2 +-
 5 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/src/solvers/refinement/string_constraint_generator.h b/src/solvers/refinement/string_constraint_generator.h
index 968fa3236e9..07ed54fe927 100644
--- a/src/solvers/refinement/string_constraint_generator.h
+++ b/src/solvers/refinement/string_constraint_generator.h
@@ -375,7 +375,7 @@ exprt get_numeric_value_from_character(
   unsigned long radix=36ul);
 size_t max_printed_string_length(const typet &type, unsigned long radix);
 unsigned long to_integer_or_default(const exprt &expr, unsigned long def);
-std::string utf16_constant_array_to_ascii(
+std::string utf16_constant_array_to_java(
   const array_exprt &arr, unsigned length);
 
 #endif
diff --git a/src/solvers/refinement/string_constraint_generator_format.cpp b/src/solvers/refinement/string_constraint_generator_format.cpp
index 6320a23ad7a..7ad34d7d2ec 100644
--- a/src/solvers/refinement/string_constraint_generator_format.cpp
+++ b/src/solvers/refinement/string_constraint_generator_format.cpp
@@ -386,7 +386,7 @@ string_exprt string_constraint_generatort::add_axioms_for_format(
 /// \param length: an unsigned value representing the length of the array
 /// \return String of length `length` represented by the array assuming each
 ///   field in `arr` represents a character.
-std::string utf16_constant_array_to_ascii(
+std::string utf16_constant_array_to_java(
   const array_exprt &arr, unsigned int length)
 {
   std::wstring out(length, '?');
@@ -399,7 +399,7 @@ std::string utf16_constant_array_to_ascii(
     INVARIANT(!conversion_failed, "constant should be convertible to unsigned");
     out[i]=c;
   }
-  return utf16_little_endian_to_ascii(out);
+  return utf16_little_endian_to_java(out);
 }
 
 /// Add axioms to specify the Java String.format function.
@@ -423,7 +423,7 @@ string_exprt string_constraint_generatort::add_axioms_for_format(
      s1.content().id()==ID_array &&
      !to_unsigned_integer(to_constant_expr(s1.length()), length))
   {
-    std::string s=utf16_constant_array_to_ascii(
+    std::string s=utf16_constant_array_to_java(
       to_array_expr(s1.content()), length);
     // List of arguments after s
     std::vector<exprt> args(
diff --git a/src/solvers/refinement/string_refinement.cpp b/src/solvers/refinement/string_refinement.cpp
index 218309826b6..95e84d422a4 100644
--- a/src/solvers/refinement/string_refinement.cpp
+++ b/src/solvers/refinement/string_refinement.cpp
@@ -799,7 +799,7 @@ std::string string_refinementt::string_of_array(const array_exprt &arr)
   exprt size_expr=to_array_type(arr.type()).size();
   PRECONDITION(size_expr.id()==ID_constant);
   to_unsigned_integer(to_constant_expr(size_expr), n);
-  return utf16_constant_array_to_ascii(arr, n);
+  return utf16_constant_array_to_java(arr, n);
 }
 
 /// Display part of the current model by mapping the variables created by the
diff --git a/src/util/unicode.cpp b/src/util/unicode.cpp
index a9f3f59889b..6ea0e3cc364 100644
--- a/src/util/unicode.cpp
+++ b/src/util/unicode.cpp
@@ -288,7 +288,7 @@ std::wstring utf8_to_utf16_little_endian(const std::string &in)
 
 /// \par parameters: String in UTF-16LE format
 /// \return String in US-ASCII format, with \uxxxx escapes for other characters
-std::string utf16_little_endian_to_ascii(const std::wstring &in)
+std::string utf16_little_endian_to_java(const std::wstring &in)
 {
   std::ostringstream result;
   const std::locale loc;
diff --git a/src/util/unicode.h b/src/util/unicode.h
index 93e83c5b64f..22b7fadb464 100644
--- a/src/util/unicode.h
+++ b/src/util/unicode.h
@@ -24,7 +24,7 @@ std::string utf32_to_utf8(const std::basic_string<unsigned int> &s);
 
 std::wstring utf8_to_utf16_big_endian(const std::string &);
 std::wstring utf8_to_utf16_little_endian(const std::string &);
-std::string utf16_little_endian_to_ascii(const std::wstring &in);
+std::string utf16_little_endian_to_java(const std::wstring &in);
 
 const char **narrow_argv(int argc, const wchar_t **argv_wide);
 

From 8c25dcf3cc0790b368cba3ac3e362fb69e8d8224 Mon Sep 17 00:00:00 2001
From: Peter Schrammel <peter.schrammel@diffblue.com>
Date: Fri, 4 Aug 2017 19:27:33 +0100
Subject: [PATCH 519/699] Workaround for travis performing shallow clones with
 wrong branch

travis clones a repo by 'git clone --depth 50 repo' which is ok if the
PR target is the master branch.  It should actually add '--branch=
$TRAVIS_BRANCH' to the clone command.  This commit provides a
workaround.
---
 scripts/travis_doxygen.sh | 6 +++++-
 scripts/travis_lint.sh    | 6 +++++-
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/scripts/travis_doxygen.sh b/scripts/travis_doxygen.sh
index 78adcff3c13..359de72ff60 100755
--- a/scripts/travis_doxygen.sh
+++ b/scripts/travis_doxygen.sh
@@ -8,5 +8,9 @@ pip install --user unidiff
 if [ "$TRAVIS_PULL_REQUEST" == "false" ]; then
   $script_folder/run_diff.sh DOXYGEN HEAD~1 # Check for errors introduced in last commit
 else
-  $script_folder/run_diff.sh DOXYGEN $TRAVIS_BRANCH # Check for errors compared to merge target
+  TMP_HEAD=$(git rev-parse HEAD)
+  git config remote.origin.fetch +refs/heads/$TRAVIS_BRANCH:refs/remotes/origin/$TRAVIS_BRANCH
+  git fetch --unshallow
+  git checkout $TMP_HEAD
+  $script_folder/run_diff.sh DOXYGEN origin/$TRAVIS_BRANCH # Check for errors compared to merge target
 fi
diff --git a/scripts/travis_lint.sh b/scripts/travis_lint.sh
index 036605237ee..6592a3ebdfa 100755
--- a/scripts/travis_lint.sh
+++ b/scripts/travis_lint.sh
@@ -8,5 +8,9 @@ pip install --user unidiff
 if [ "$TRAVIS_PULL_REQUEST" == "false" ]; then
   $script_folder/run_diff.sh CPPLINT HEAD~1 # Check for errors introduced in last commit
 else
-  $script_folder/run_diff.sh CPPLINT $TRAVIS_BRANCH # Check for errors compared to merge target
+  TMP_HEAD=$(git rev-parse HEAD)
+  git config remote.origin.fetch +refs/heads/$TRAVIS_BRANCH:refs/remotes/origin/$TRAVIS_BRANCH
+  git fetch --unshallow
+  git checkout $TMP_HEAD
+  $script_folder/run_diff.sh CPPLINT origin/$TRAVIS_BRANCH # Check for errors compared to merge target
 fi

From 6ed24e58e5f86ac72c090c1ad3e643a557cf1322 Mon Sep 17 00:00:00 2001
From: Cristina <cristina.david@gmail.com>
Date: Mon, 22 May 2017 19:48:39 +0100
Subject: [PATCH 520/699] Throw ArithmeticException whenever a division-by-zero
 is encountered

---
 .../java_bytecode_convert_method.cpp          |  4 +++
 .../java_bytecode_instrument.cpp              | 36 +++++++++++++++++++
 2 files changed, 40 insertions(+)

diff --git a/src/java_bytecode/java_bytecode_convert_method.cpp b/src/java_bytecode/java_bytecode_convert_method.cpp
index 3cb2cc2861d..91ba790ab8d 100644
--- a/src/java_bytecode/java_bytecode_convert_method.cpp
+++ b/src/java_bytecode/java_bytecode_convert_method.cpp
@@ -1051,6 +1051,10 @@ codet java_bytecode_convert_methodt::convert_instructions(
        i_it->statement=="checkcast" ||
        i_it->statement=="newarray" ||
        i_it->statement=="anewarray" ||
+       i_it->statement=="idiv" ||
+       i_it->statement=="ldiv" ||
+       i_it->statement=="irem" ||
+       i_it->statement=="lrem" ||
        i_it->statement==patternt("?astore") ||
        i_it->statement==patternt("?aload") ||
        i_it->statement=="invokestatic" ||
diff --git a/src/java_bytecode/java_bytecode_instrument.cpp b/src/java_bytecode/java_bytecode_instrument.cpp
index 79b89eebe60..8e56439346b 100644
--- a/src/java_bytecode/java_bytecode_instrument.cpp
+++ b/src/java_bytecode/java_bytecode_instrument.cpp
@@ -57,6 +57,10 @@ class java_bytecode_instrumentt:public messaget
     const exprt &idx,
     const source_locationt &original_loc);
 
+  codet check_arithmetic_exception(
+    const exprt &denominator,
+    const source_locationt &original_loc);
+
   codet check_null_dereference(
     const exprt &expr,
     const source_locationt &original_loc,
@@ -133,6 +137,30 @@ codet java_bytecode_instrumentt::throw_exception(
   return init_code;
 }
 
+
+/// Checks whether there is a division by zero
+/// and throws ArithmeticException if necessary.
+/// Exceptions are thrown when the `throw_runtime_exceptions`
+/// flag is set.
+/// \return Based on the value of the flag `throw_runtime_exceptions`,
+/// it returns code that either throws an ArithmeticException
+/// or is a skip
+codet java_bytecode_instrumentt::check_arithmetic_exception(
+  const exprt &denominator,
+  const source_locationt &original_loc)
+{
+  const constant_exprt &zero=from_integer(0, denominator.type());
+  const binary_relation_exprt equal_zero(denominator, ID_equal, zero);
+
+  if(throw_runtime_exceptions)
+    return throw_exception(
+      equal_zero,
+      original_loc,
+      "java.lang.ArithmeticException");
+
+  return code_skipt();
+}
+
 /// Checks whether the array access array_struct[idx] is out-of-bounds,
 /// and throws ArrayIndexOutofBoundsException/generates an assertion
 /// if necessary; Exceptions are thrown when the `throw_runtime_exceptions`
@@ -464,6 +492,14 @@ codet java_bytecode_instrumentt::instrument_expr(
         expr.op0(),
         expr.source_location());
   }
+  else if((expr.id()==ID_div || expr.id()==ID_mod) &&
+          expr.type().id()==ID_signedbv)
+  {
+    // check division by zero (for integer types only)
+    return check_arithmetic_exception(
+      expr.op1(),
+      expr.source_location());
+  }
   else if(expr.id()==ID_member &&
           expr.get_bool(ID_java_member_access))
   {

From fb89e5aa3bf29b6dd8d408494dd60f9e71c3161b Mon Sep 17 00:00:00 2001
From: Cristina <cristina.david@gmail.com>
Date: Mon, 22 May 2017 20:51:54 +0100
Subject: [PATCH 521/699] Regression test for ArithmeticException

---
 .../ArithmeticExceptionTest.class                 | Bin 0 -> 818 bytes
 .../ArithmeticExceptionTest.java                  |  11 +++++++++++
 .../cbmc-java/ArithmeticException1/test.desc      |   9 +++++++++
 .../ArithmeticExceptionTest.class                 | Bin 0 -> 646 bytes
 .../ArithmeticExceptionTest.java                  |  12 ++++++++++++
 .../cbmc-java/ArithmeticException2/test.desc      |   9 +++++++++
 .../ArithmeticExceptionTest.class                 | Bin 0 -> 629 bytes
 .../ArithmeticExceptionTest.java                  |  11 +++++++++++
 .../cbmc-java/ArithmeticException3/test.desc      |   9 +++++++++
 .../ArithmeticExceptionTest.class                 | Bin 0 -> 646 bytes
 .../ArithmeticExceptionTest.java                  |  12 ++++++++++++
 .../cbmc-java/ArithmeticException4/test.desc      |   9 +++++++++
 .../ArithmeticExceptionTest.class                 | Bin 0 -> 639 bytes
 .../ArithmeticExceptionTest.java                  |  11 +++++++++++
 .../cbmc-java/ArithmeticException5/test.desc      |   8 ++++++++
 .../ArithmeticExceptionTest.class                 | Bin 0 -> 605 bytes
 .../ArithmeticExceptionTest.java                  |  10 ++++++++++
 .../cbmc-java/ArithmeticException6/test.desc      |   9 +++++++++
 18 files changed, 120 insertions(+)
 create mode 100644 regression/cbmc-java/ArithmeticException1/ArithmeticExceptionTest.class
 create mode 100644 regression/cbmc-java/ArithmeticException1/ArithmeticExceptionTest.java
 create mode 100644 regression/cbmc-java/ArithmeticException1/test.desc
 create mode 100644 regression/cbmc-java/ArithmeticException2/ArithmeticExceptionTest.class
 create mode 100644 regression/cbmc-java/ArithmeticException2/ArithmeticExceptionTest.java
 create mode 100644 regression/cbmc-java/ArithmeticException2/test.desc
 create mode 100644 regression/cbmc-java/ArithmeticException3/ArithmeticExceptionTest.class
 create mode 100644 regression/cbmc-java/ArithmeticException3/ArithmeticExceptionTest.java
 create mode 100644 regression/cbmc-java/ArithmeticException3/test.desc
 create mode 100644 regression/cbmc-java/ArithmeticException4/ArithmeticExceptionTest.class
 create mode 100644 regression/cbmc-java/ArithmeticException4/ArithmeticExceptionTest.java
 create mode 100644 regression/cbmc-java/ArithmeticException4/test.desc
 create mode 100644 regression/cbmc-java/ArithmeticException5/ArithmeticExceptionTest.class
 create mode 100644 regression/cbmc-java/ArithmeticException5/ArithmeticExceptionTest.java
 create mode 100644 regression/cbmc-java/ArithmeticException5/test.desc
 create mode 100644 regression/cbmc-java/ArithmeticException6/ArithmeticExceptionTest.class
 create mode 100644 regression/cbmc-java/ArithmeticException6/ArithmeticExceptionTest.java
 create mode 100644 regression/cbmc-java/ArithmeticException6/test.desc

diff --git a/regression/cbmc-java/ArithmeticException1/ArithmeticExceptionTest.class b/regression/cbmc-java/ArithmeticException1/ArithmeticExceptionTest.class
new file mode 100644
index 0000000000000000000000000000000000000000..3ad4e6ebe86e52587843990ffa9af01256fb2197
GIT binary patch
literal 818
zcmZuvPfrs;6#u>Mw%cwCmR6w@5Kz#<!CtsgjRY~#R6UfCfT!tpQU<nLGP^Zg{Th4$
z&S)ZuCVKZn8Q<H0C9#K{nfLbh=e;-c`_K2E0JgB{BadYdD+T1R>fw<OSK`M$*0Ap3
z38A{C;#k|n45Rp!iB&h$JpvsOaxD{?<ORWLY#b2W-C<7??zK&%-;V}eZTAICsI-TH
z3J;Vu65k}<<k-Z7`Sy-A$?-rZCfGX<^qKhV>p0nF!GSUnVYczHeWE_8W~icmvy)g8
z^|!^441aIfUY`eq<vXAWnxdy{pDn8s<OoxpL<Ohs)LB{|PlS+f1>sGHerGtcfqreI
zpT!CCQt~sYvV<Z^gr#xC6VN3T;1g<hK({mAvvz0+a}!wN;o)fs4Qvp~WAcaYi4GDT
z{W!H7@~!dgdO9{%_jYdOxyxk4KlsXyu*#R7=XXHmniRw*2PF0LI>k|wcj7&}c@4Va
zLk82l=F%kF@mZh@Kp8W<7f?Z!GeZ8%XovT@(<=K5;qyy=2VdY^p!fss;We_qu2QbY
z#)1^(I%|VpV1^aFv?Pzq$zz@|;<my#`F9@=m|JAdEap;`I%<p(1u!%7*2BUy6BqyW
kvX#PsnM&>(ybE~lC0yq#od5e0jVv;ym(u+b2N^v43vqX+?f?J)

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/ArithmeticException1/ArithmeticExceptionTest.java b/regression/cbmc-java/ArithmeticException1/ArithmeticExceptionTest.java
new file mode 100644
index 00000000000..7988e85700e
--- /dev/null
+++ b/regression/cbmc-java/ArithmeticException1/ArithmeticExceptionTest.java
@@ -0,0 +1,11 @@
+public class ArithmeticExceptionTest {
+    public static void  main(String args[]) {
+        try {
+            int i=0;
+            int j=10/i;
+        }
+        catch(ArithmeticException exc) {
+            assert false;
+        }
+    }
+}
diff --git a/regression/cbmc-java/ArithmeticException1/test.desc b/regression/cbmc-java/ArithmeticException1/test.desc
new file mode 100644
index 00000000000..e8f7c941fd4
--- /dev/null
+++ b/regression/cbmc-java/ArithmeticException1/test.desc
@@ -0,0 +1,9 @@
+CORE
+ArithmeticExceptionTest.class
+--java-throw-runtime-exceptions
+^EXIT=10$
+^SIGNAL=0$
+^.*assertion at file ArithmeticExceptionTest.java line 8 function.*: FAILURE$
+^VERIFICATION FAILED
+--
+^warning: ignoring
diff --git a/regression/cbmc-java/ArithmeticException2/ArithmeticExceptionTest.class b/regression/cbmc-java/ArithmeticException2/ArithmeticExceptionTest.class
new file mode 100644
index 0000000000000000000000000000000000000000..3ac62d1ede54f090f97492e6620371a6529a2426
GIT binary patch
literal 646
zcmZvZ&rcIU6vw}>-QC&UF3=W)DzsSjfF9&R!okLXfTs$F5)<*X-A?M%c1vcb#=nJs
zfHRQLL=(OHM;YI&)OuhKGjHCH&-=c&zkYxF0bmDDLxiZgY}+psco@LPBZ2i09%=#`
zA?j!dY!a5A#aSk`QR6f_R9V~|${vBv2wqF2%Dg5Nx1PTzI0xgNBrLU6Dvu|luGFVC
znFFI(rG(Y3kL^MHCEgy!X@9$8v`YK0Y~e!3#L4G(@p+!lVhDaK8Q#Ie&Um5|`Bquf
z#=chO(?}YX9DPmXxm9&4GxO4dBP?K%P@gxsCp$t35ux^9(rmmVt;d?Mc2AY<A@Ddt
z6Hf@`dGSeiAQQt=&s_&YUKo$tlbO=8w?D)4lxD&K-qsm&eEtOhm1|ZITSf3Du*l~U
zzv_Gw-|mYk=*lLd%%_(-2>~jovTainI1qd{g1r?K-ZVEyyY3~b?Q6IfD1C?bVG8l{
zDz7YY0|$ki)yS*t%Vn;|GD42}%nZ1F3CqkBC>#r{Soec}+IDgjP^tR22reL;OE|?F
WxK`(1_DrW`xF|$>cAC{Zy!HoF7ky*^

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/ArithmeticException2/ArithmeticExceptionTest.java b/regression/cbmc-java/ArithmeticException2/ArithmeticExceptionTest.java
new file mode 100644
index 00000000000..0c83bf9a409
--- /dev/null
+++ b/regression/cbmc-java/ArithmeticException2/ArithmeticExceptionTest.java
@@ -0,0 +1,12 @@
+public class ArithmeticExceptionTest {
+    public static void  main(String args[]) {
+        try {
+            long denom=0;
+            long num=10;
+            long j=num/denom;
+        }
+        catch(ArithmeticException exc) {
+            assert false;
+        }
+    }
+}
diff --git a/regression/cbmc-java/ArithmeticException2/test.desc b/regression/cbmc-java/ArithmeticException2/test.desc
new file mode 100644
index 00000000000..00820d86c6e
--- /dev/null
+++ b/regression/cbmc-java/ArithmeticException2/test.desc
@@ -0,0 +1,9 @@
+CORE
+ArithmeticExceptionTest.class
+--java-throw-runtime-exceptions
+^EXIT=10$
+^SIGNAL=0$
+^.*assertion at file ArithmeticExceptionTest.java line 9 function.*: FAILURE$
+^VERIFICATION FAILED
+--
+^warning: ignoring
diff --git a/regression/cbmc-java/ArithmeticException3/ArithmeticExceptionTest.class b/regression/cbmc-java/ArithmeticException3/ArithmeticExceptionTest.class
new file mode 100644
index 0000000000000000000000000000000000000000..21c451e02f32de87391382dd30ce9f5daacffdf4
GIT binary patch
literal 629
zcmZuuJx?1!5PfrZ_S(k*#w5lV9D+mv6wuINA`l@3a+1O*QlL7YS7gCHTYGE7Z{ZJ6
zJ4jdp33`4M%Itw-3bfLG%)IyJ&Fs_j-2;FvEc?izBrump7G;5XAD(?zd@Nv5ph}os
z36n%>qq=eORV87wEn5USCS+?WR^|)AU0wS{@b<ecNtmvySpMjDno=KGFef^piV3CF
zllobB5pK4__;j;jw2Du+Epf78!sz^a*h}$jhLEd8?N@QX(e3L<ep6OzaZfArrz4Gu
z4lX0vv#yS0Vm7RBfC&VI>bS@|=m2^6gz_8EsJ#QNyP7cf4$IaM_!M9Xp9zIA`DgP?
zMuxi{hxXe%FmAUc6QyNqZzRuMnm#9ZTE|%CdFS{Gs8F_s_~wGFf8HngRppcT%&ZSV
z0}I3y@7Xj+OqoW3?-qIjhsi+2trh%*-p)0O^}lehFmVs>_Yj%KLCO+b#^GgkDy#(l
zY6lsJ)PUgPIm|O=hBE@rp+IqpL$m)qZKX26Ofh>4aRuRB!*g%oT7NIPBY##S11H$E
KU3^H>AO8WIDtt!(

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/ArithmeticException3/ArithmeticExceptionTest.java b/regression/cbmc-java/ArithmeticException3/ArithmeticExceptionTest.java
new file mode 100644
index 00000000000..dfe7b031288
--- /dev/null
+++ b/regression/cbmc-java/ArithmeticException3/ArithmeticExceptionTest.java
@@ -0,0 +1,11 @@
+public class ArithmeticExceptionTest {
+    public static void  main(String args[]) {
+        try {
+            int i=0;
+            int j=10%i;
+        }
+        catch(ArithmeticException exc) {
+            assert false;
+        }
+    }
+}
diff --git a/regression/cbmc-java/ArithmeticException3/test.desc b/regression/cbmc-java/ArithmeticException3/test.desc
new file mode 100644
index 00000000000..e8f7c941fd4
--- /dev/null
+++ b/regression/cbmc-java/ArithmeticException3/test.desc
@@ -0,0 +1,9 @@
+CORE
+ArithmeticExceptionTest.class
+--java-throw-runtime-exceptions
+^EXIT=10$
+^SIGNAL=0$
+^.*assertion at file ArithmeticExceptionTest.java line 8 function.*: FAILURE$
+^VERIFICATION FAILED
+--
+^warning: ignoring
diff --git a/regression/cbmc-java/ArithmeticException4/ArithmeticExceptionTest.class b/regression/cbmc-java/ArithmeticException4/ArithmeticExceptionTest.class
new file mode 100644
index 0000000000000000000000000000000000000000..a4723d1d652bd59d4cc9043e4a0654a2abb3aa7d
GIT binary patch
literal 646
zcmZvZO;6iE5Qg7LY_IJY2;nQGBq=Qi=%HMYI20j1N>70vf+`hGj<cc*i396R)!)J&
z;0%>OY9)H_k3!6vrs)A6c4z0~nRmv29)8{fSi_qTA*wFh_6r4G1n@C0@G^vls=z{s
z8tMWK!qifnWl|f}PqPmyi`!k<A<z-Q+fb=8n}p)>%4dSJ+wVxiL{p{mV9;wzeQ1+8
z(2G?{m|Z?@p2pwe)oz@gthS6+>B)OrIMy<8a<(6z=lLv#;BO?|zwoftALvAWR2H?c
zt(E!OlSU<b-xGOmRUOLAytCj4V;CpYMopf{j!;5GsQ#BU9B)tSz9!5)Q)PPyyo#`h
z*M#z@_*45-CWfaTxpup}FdnxfGo@u`dx+;L&42^Ett006{0jgoSFIqnir`IPoX-h<
z)%Yg9-M4q3YnzBNpI+`H1eipHZJV0Ff#ACyY)zxEv)H&;cdt-s-oU*?=@+~&cM!j?
z^U4x8a8Sru^}NcyT;_T#Bjl*h%z)dMFvU!P!hyiFb<h0Mww9xS$%=oA;1a^Qf>Znf
V*Xn#?4|Q6Gi$b(zr<u*ebB|V&eP{px

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/ArithmeticException4/ArithmeticExceptionTest.java b/regression/cbmc-java/ArithmeticException4/ArithmeticExceptionTest.java
new file mode 100644
index 00000000000..1e811e417f8
--- /dev/null
+++ b/regression/cbmc-java/ArithmeticException4/ArithmeticExceptionTest.java
@@ -0,0 +1,12 @@
+public class ArithmeticExceptionTest {
+    public static void  main(String args[]) {
+        try {
+          long denom=0;
+          long num=10;
+          long result=num%denom;
+        }
+        catch(ArithmeticException exc) {
+            assert false;
+        }
+    }
+}
diff --git a/regression/cbmc-java/ArithmeticException4/test.desc b/regression/cbmc-java/ArithmeticException4/test.desc
new file mode 100644
index 00000000000..00820d86c6e
--- /dev/null
+++ b/regression/cbmc-java/ArithmeticException4/test.desc
@@ -0,0 +1,9 @@
+CORE
+ArithmeticExceptionTest.class
+--java-throw-runtime-exceptions
+^EXIT=10$
+^SIGNAL=0$
+^.*assertion at file ArithmeticExceptionTest.java line 9 function.*: FAILURE$
+^VERIFICATION FAILED
+--
+^warning: ignoring
diff --git a/regression/cbmc-java/ArithmeticException5/ArithmeticExceptionTest.class b/regression/cbmc-java/ArithmeticException5/ArithmeticExceptionTest.class
new file mode 100644
index 0000000000000000000000000000000000000000..813391d04afa843b51da2278350fa0eeaecd54a3
GIT binary patch
literal 639
zcmZuvO;6iE5Pg%_UdNaa!dD8UpGbTh;KB`5fq<$ip*;juDsXX}6<wOxXuU!F7XAQd
zKq^uz!JQw4n01?`2YlGsnR)Z(&3GRkf87CC#k&9jYTm{id;AH!D8a|Hz)S!SHG$ax
zb-WaKMHrilvP^2D(j?nfS=8#tHh~TZ-nvSZc~2-VEPf?8TWMPoMj9%SpL^Yw)cY39
ziEgA4!sNnX<0LwZRyt8~ywWsUCC6*FaJXrr_{Uy!n&Vjv!C#L%f60Sp+S9T8pe)tw
zrdH;AR~i-XoX7Iis@j*CS+>L>hEXQe2Th(qhZsUgsQm}(kGG?BstHriRM{Q^uS2}S
zTS8?}{H1jwW5ZJqLR%eP7?0bQnbNYo*{A0zO^*}2tpn!q`4<3GsaZjMD}pzHGM^*t
z)!7nTcj*>%Wr3*h>E%H}38Sd;-9nGxz-2pA{y2`peER7U)y6g43k>~+_w5$q{wgo?
zxs!uJPBhI_$UT>plsF?;1-}7SHO3i%!mhx0nL`u*M6KpDz-ZO~iP8mxa|x$-1J?@t
T!`l~VIb0ON4LinUo}PLF!N`3}

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/ArithmeticException5/ArithmeticExceptionTest.java b/regression/cbmc-java/ArithmeticException5/ArithmeticExceptionTest.java
new file mode 100644
index 00000000000..d32299a427f
--- /dev/null
+++ b/regression/cbmc-java/ArithmeticException5/ArithmeticExceptionTest.java
@@ -0,0 +1,11 @@
+public class ArithmeticExceptionTest {
+    public static void  main(String args[]) {
+        try {
+            double i=0;
+            double j=10/i;
+        }
+        catch(ArithmeticException exc) {
+            assert false;
+        }
+    }
+}
diff --git a/regression/cbmc-java/ArithmeticException5/test.desc b/regression/cbmc-java/ArithmeticException5/test.desc
new file mode 100644
index 00000000000..d57ec32a9a9
--- /dev/null
+++ b/regression/cbmc-java/ArithmeticException5/test.desc
@@ -0,0 +1,8 @@
+CORE
+ArithmeticExceptionTest.class
+--java-throw-runtime-exceptions
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION SUCCESSFUL
+--
+^warning: ignoring
diff --git a/regression/cbmc-java/ArithmeticException6/ArithmeticExceptionTest.class b/regression/cbmc-java/ArithmeticException6/ArithmeticExceptionTest.class
new file mode 100644
index 0000000000000000000000000000000000000000..fdcb29ad2522533d0fdb0d5fb7d08fe1d7d592ca
GIT binary patch
literal 605
zcmZutO;5r=5Pd^Si?s@(0-~rS9@K+gI1(d4j3#~@P!qkCveCs-Ok0e<#XrCqO*GL&
z@BS#`EQ)wAo6OA4ym|9xK0aUG0F+R)kU+*nb_@n`Cgv>Y>YukTj|CG2!t{z0h9Zb$
z#}9X8=rlahB+v!HC`(^PTLf)&?TnyTJ551I9!Ostb=wUQoG36C+K%+ut?nz>L_Koc
z>qF;eQ038tMA`LzsH}RY8@OUus>X#%Afv0ch@@M)bH$C)a3aEJqvhN>HpXES3M$_8
z9RG6jAGD1zScKdk&~TYr5Oe}U_Ma{_!^EPEB`gzCqvqpAOSlp5I7(GLJ`W+&6rl`6
zvofUTEu$_M_%;_P@^uq@a7yKrAdWPU($98+e+Bl$KED18>MI~7*&2f+aZ3^@jurG2
zF@8WUW#zqc59xykX!jU@g?|2w_<R4Gh{q|MV#y%RR%e^wXD}Ndo$VB7O~m$0q$jyB
o{i~)lpa7=Q#uLnYn0gPo_6SWW`{o=fQyg)`>}{ogW>B8}0?o>G7XSbN

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/ArithmeticException6/ArithmeticExceptionTest.java b/regression/cbmc-java/ArithmeticException6/ArithmeticExceptionTest.java
new file mode 100644
index 00000000000..281f868b3e6
--- /dev/null
+++ b/regression/cbmc-java/ArithmeticException6/ArithmeticExceptionTest.java
@@ -0,0 +1,10 @@
+public class ArithmeticExceptionTest {
+    public static void  main(int denom) {
+        try {
+            int j=10/denom;
+        }
+        catch(ArithmeticException exc) {
+            assert false;
+        }
+    }
+}
diff --git a/regression/cbmc-java/ArithmeticException6/test.desc b/regression/cbmc-java/ArithmeticException6/test.desc
new file mode 100644
index 00000000000..8cab5f69869
--- /dev/null
+++ b/regression/cbmc-java/ArithmeticException6/test.desc
@@ -0,0 +1,9 @@
+CORE
+ArithmeticExceptionTest.class
+--java-throw-runtime-exceptions
+^EXIT=10$
+^SIGNAL=0$
+^.*assertion at file ArithmeticExceptionTest.java line 7 function.*: FAILURE$
+^VERIFICATION FAILED
+--
+^warning: ignoring

From 6c4dba37241e0a737e90c3b048a8cde28c0eedc8 Mon Sep 17 00:00:00 2001
From: Peter Schrammel <peter.schrammel@diffblue.com>
Date: Wed, 2 Aug 2017 15:04:48 +0100
Subject: [PATCH 522/699] Fix language-specific constant printing in JSON

---
 src/util/json_expr.cpp | 66 +++++++++++++++++++-----------------------
 1 file changed, 29 insertions(+), 37 deletions(-)

diff --git a/src/util/json_expr.cpp b/src/util/json_expr.cpp
index 4f5ce44d2fd..66dab1ef932 100644
--- a/src/util/json_expr.cpp
+++ b/src/util/json_expr.cpp
@@ -228,6 +228,27 @@ json_objectt json(
 
   if(expr.id()==ID_constant)
   {
+    std::unique_ptr<languaget> lang;
+    if(mode==ID_unknown)
+      lang=std::unique_ptr<languaget>(get_default_language());
+    else
+    {
+      lang=std::unique_ptr<languaget>(get_language_from_mode(mode));
+      if(!lang)
+        lang=std::unique_ptr<languaget>(get_default_language());
+    }
+
+    const typet &underlying_type=
+      type.id()==ID_c_bit_field?type.subtype():
+      type;
+
+    std::string type_string;
+    if(lang->from_type(underlying_type, type_string, ns))
+      assert(false && "unknown type");
+
+    std::string value_string;
+    lang->from_expr(expr, value_string, ns);
+
     const constant_exprt &constant_expr=to_constant_expr(expr);
     if(type.id()==ID_unsignedbv ||
        type.id()==ID_signedbv ||
@@ -238,32 +259,8 @@ json_objectt json(
       result["name"]=json_stringt("integer");
       result["binary"]=json_stringt(id2string(constant_expr.get_value()));
       result["width"]=json_numbert(std::to_string(width));
-
-      const typet &underlying_type=
-        type.id()==ID_c_bit_field?type.subtype():
-        type;
-
-      std::unique_ptr<languaget> lang;
-      if(mode==ID_unknown)
-        lang=std::unique_ptr<languaget>(get_default_language());
-      else
-      {
-        lang=std::unique_ptr<languaget>(get_language_from_mode(mode));
-        if(!lang)
-          lang=std::unique_ptr<languaget>(get_default_language());
-      }
-
-      std::string type_string;
-      if(!lang->from_type(underlying_type, type_string, ns))
-        result["type"]=json_stringt(type_string);
-      else
-        assert(false && "unknown type");
-
-      mp_integer i;
-      if(!to_integer(expr, i))
-        result["data"]=json_stringt(integer2string(i));
-      else
-        assert(false && "could not convert data to integer");
+      result["type"]=json_stringt(type_string);
+      result["data"]=json_stringt(value_string);
     }
     else if(type.id()==ID_c_enum)
     {
@@ -271,12 +268,7 @@ json_objectt json(
       result["binary"]=json_stringt(id2string(constant_expr.get_value()));
       result["width"]=json_numbert(type.subtype().get_string(ID_width));
       result["type"]=json_stringt("enum");
-
-      mp_integer i;
-      if(!to_integer(expr, i))
-        result["data"]=json_stringt(integer2string(i));
-      else
-        assert(false && "could not convert data to integer");
+      result["data"]=json_stringt(value_string);
     }
     else if(type.id()==ID_c_enum_tag)
     {
@@ -309,12 +301,13 @@ json_objectt json(
     else if(type.id()==ID_pointer)
     {
       result["name"]=json_stringt("pointer");
+      result["type"]=json_stringt(type_string);
       exprt simpl_expr=simplify_json_expr(expr, ns);
       if(simpl_expr.get(ID_value)==ID_NULL ||
          // remove typecast on NULL
          (simpl_expr.id()==ID_constant && simpl_expr.type().id()==ID_pointer &&
           simpl_expr.op0().get(ID_value)==ID_NULL))
-        result["data"]=json_stringt("NULL");
+        result["data"]=json_stringt(value_string);
       else if(simpl_expr.id()==ID_symbol)
       {
         const irep_idt &ptr_id=to_symbol_expr(simpl_expr).get_identifier();
@@ -332,11 +325,10 @@ json_objectt json(
     else if(type.id()==ID_c_bool)
     {
       result["name"]=json_stringt("integer");
-      result["type"]=json_stringt("_Bool");
+      result["width"]=json_numbert(type.get_string(ID_width));
+      result["type"]=json_stringt(type_string);
       result["binary"]=json_stringt(expr.get_string(ID_value));
-      mp_integer b;
-      to_integer(to_constant_expr(expr), b);
-      result["data"]=json_stringt(integer2string(b));
+      result["data"]=json_stringt(value_string);
     }
     else if(type.id()==ID_string)
     {

From 0f80a02514bb623aaa0314ef9f3543dc0432b9be Mon Sep 17 00:00:00 2001
From: Peter Schrammel <peter.schrammel@diffblue.com>
Date: Wed, 2 Aug 2017 17:47:03 +0100
Subject: [PATCH 523/699] Fix mode in input/output steps in JSON trace

---
 src/goto-programs/json_goto_trace.cpp | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/src/goto-programs/json_goto_trace.cpp b/src/goto-programs/json_goto_trace.cpp
index e3cdaa7dd8b..baed0f04a39 100644
--- a/src/goto-programs/json_goto_trace.cpp
+++ b/src/goto-programs/json_goto_trace.cpp
@@ -251,6 +251,7 @@ void convert(
           mode=ID_unknown;
         else
           mode=function_name->mode;
+        json_output["mode"]=json_stringt(id2string(mode));
         json_arrayt &json_values=json_output["values"].make_array();
 
         for(const auto &arg : step.io_args)
@@ -276,6 +277,15 @@ void convert(
         json_input["thread"]=json_numbert(std::to_string(step.thread_nr));
         json_input["inputID"]=json_stringt(id2string(step.io_id));
 
+        // Recovering the mode from the function
+        irep_idt mode;
+        const symbolt *function_name;
+        if(ns.lookup(source_location.get_function(), function_name))
+          // Failed to find symbol
+          mode=ID_unknown;
+        else
+          mode=function_name->mode;
+        json_input["mode"]=json_stringt(id2string(mode));
         json_arrayt &json_values=json_input["values"].make_array();
 
         for(const auto &arg : step.io_args)
@@ -283,7 +293,7 @@ void convert(
           if(arg.is_nil())
             json_values.push_back(json_stringt(""));
           else
-            json_values.push_back(json(arg, ns));
+            json_values.push_back(json(arg, ns, mode));
         }
 
         if(!json_location.is_null())

From df5aa9692ebafe5bf984165c601305dc3f6f4266 Mon Sep 17 00:00:00 2001
From: Peter Schrammel <peter.schrammel@diffblue.com>
Date: Tue, 8 Aug 2017 08:42:23 +0100
Subject: [PATCH 524/699] Replace asserts

---
 src/util/json_expr.cpp | 21 +++++++++++++--------
 1 file changed, 13 insertions(+), 8 deletions(-)

diff --git a/src/util/json_expr.cpp b/src/util/json_expr.cpp
index 66dab1ef932..fd5db771cf8 100644
--- a/src/util/json_expr.cpp
+++ b/src/util/json_expr.cpp
@@ -21,6 +21,8 @@ Author: Peter Schrammel
 #include "config.h"
 #include "identifier.h"
 #include "language.h"
+#include "invariant.h"
+
 #include <langapi/mode.h>
 
 #include <memory>
@@ -243,8 +245,8 @@ json_objectt json(
       type;
 
     std::string type_string;
-    if(lang->from_type(underlying_type, type_string, ns))
-      assert(false && "unknown type");
+    bool error=lang->from_type(underlying_type, type_string, ns);
+    CHECK_RETURN(!error);
 
     std::string value_string;
     lang->from_expr(expr, value_string, ns);
@@ -312,7 +314,9 @@ json_objectt json(
       {
         const irep_idt &ptr_id=to_symbol_expr(simpl_expr).get_identifier();
         identifiert identifier(id2string(ptr_id));
-        assert(!identifier.components.empty());
+        DATA_INVARIANT(
+          !identifier.components.empty(),
+          "pointer identifier should have non-empty components");
         result["data"]=json_stringt(identifier.components.back());
       }
     }
@@ -364,7 +368,9 @@ json_objectt json(
     {
       const struct_typet &struct_type=to_struct_type(type);
       const struct_typet::componentst &components=struct_type.components();
-      assert(components.size()==expr.operands().size());
+      DATA_INVARIANT(
+        components.size()==expr.operands().size(),
+        "number of struct components should match with its type");
 
       json_arrayt &members=result["members"].make_array();
       for(unsigned m=0; m<expr.operands().size(); m++)
@@ -379,11 +385,10 @@ json_objectt json(
   {
     result["name"]=json_stringt("union");
 
-    assert(expr.operands().size()==1);
-
+    const union_exprt &union_expr=to_union_expr(expr);
     json_objectt &e=result["member"].make_object();
-    e["value"]=json(expr.op0(), ns, mode);
-    e["name"]=json_stringt(id2string(to_union_expr(expr).get_component_name()));
+    e["value"]=json(union_expr.op(), ns, mode);
+    e["name"]=json_stringt(id2string(union_expr.get_component_name()));
   }
   else
     result["name"]=json_stringt("unknown");

From 49526f728c327454249e94af49c8aa4dd7c064e8 Mon Sep 17 00:00:00 2001
From: Peter Schrammel <peter.schrammel@diffblue.com>
Date: Tue, 8 Aug 2017 08:50:28 +0100
Subject: [PATCH 525/699] Replace asserts

---
 src/goto-programs/json_goto_trace.cpp | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/src/goto-programs/json_goto_trace.cpp b/src/goto-programs/json_goto_trace.cpp
index baed0f04a39..edc7df455e5 100644
--- a/src/goto-programs/json_goto_trace.cpp
+++ b/src/goto-programs/json_goto_trace.cpp
@@ -13,11 +13,10 @@ Author: Daniel Kroening
 
 #include "json_goto_trace.h"
 
-#include <cassert>
-
 #include <util/json_expr.h>
 #include <util/arith_tools.h>
 #include <util/config.h>
+#include <util/invariant.h>
 
 #include <langapi/language_util.h>
 
@@ -194,7 +193,9 @@ void convert(
         std::string value_string, binary_string, type_string, full_lhs_string;
         json_objectt full_lhs_value;
 
-        assert(step.full_lhs.is_not_nil());
+        DATA_INVARIANT(
+          step.full_lhs.is_not_nil(),
+          "full_lhs in assignment must not be nil");
         exprt simplified=simplify_array_access(step.full_lhs);
         full_lhs_string=from_expr(ns, identifier, simplified);
 
@@ -214,7 +215,9 @@ void convert(
         }
         else
         {
-          assert(step.full_lhs_value.is_not_nil());
+          DATA_INVARIANT(
+            step.full_lhs_value.is_not_nil(),
+            "full_lhs_value in assignment must not be nil");
           full_lhs_value=json(step.full_lhs_value, ns);
         }
 

From 3eab185246424e4ff3686529a29b22fc690a8416 Mon Sep 17 00:00:00 2001
From: eigold <eu.goldberg@gmail.com>
Date: Mon, 26 Jun 2017 16:05:48 -0400
Subject: [PATCH 526/699] generation of  hexadecimal floating point numbers in
 tests

outputs NaN, positive/negative infinity and positive/negative zero
---
 src/java_bytecode/expr2java.cpp | 54 +++++++++++++++++++++++++++++++++
 1 file changed, 54 insertions(+)

diff --git a/src/java_bytecode/expr2java.cpp b/src/java_bytecode/expr2java.cpp
index 69829c676d8..6a7bdabcab9 100644
--- a/src/java_bytecode/expr2java.cpp
+++ b/src/java_bytecode/expr2java.cpp
@@ -9,12 +9,14 @@ Author: Daniel Kroening, kroening@cs.cmu.edu
 #include "expr2java.h"
 
 #include <cassert>
+#include <sstream>
 
 #include <util/namespace.h>
 #include <util/std_types.h>
 #include <util/std_expr.h>
 #include <util/symbol.h>
 #include <util/arith_tools.h>
+#include <util/ieee_float.h>
 
 #include <ansi-c/c_qualifiers.h>
 #include <ansi-c/c_misc.h>
@@ -235,6 +237,58 @@ std::string expr2javat::convert_constant(
     dest+='L';
     return dest;
   }
+  else if((src.type()==java_float_type()) ||
+          (src.type()==java_double_type()))
+  {
+    ieee_floatt ieee_repr(to_constant_expr(src));
+    std::string result;
+
+    bool is_java_float=(src.type()==java_float_type());
+    if(ieee_repr.is_zero())
+    {
+      if(ieee_repr.get_sign())
+        result+='-';
+      result+="0.0";
+      if(is_java_float)
+        result+='f';
+      return result;
+    }
+
+    if(ieee_repr.is_NaN())
+    {
+       if(is_java_float)
+         return "Float.NaN";
+       else
+         return "Double.NaN";
+    }
+
+    if(ieee_repr.is_infinity())
+    {
+      if(is_java_float)
+      {
+        if(ieee_repr.get_sign())
+          return "Float.NEGATIVE_INFINITY";
+        else
+          return "Float.POSITIVE_INFINITY";
+      }
+      else
+      {
+        if(ieee_repr.get_sign())
+          return "Double.NEGATIVE_INFINITY";
+        else
+          return "Double.POSITIVE_INFINITY";
+      }
+    }
+
+    std::stringstream buffer;
+    buffer << std::hexfloat;
+    if(is_java_float)
+      buffer << ieee_repr.to_float() << 'f';
+    else
+      buffer << ieee_repr.to_double();
+    return buffer.str();
+  }
+
 
   return expr2ct::convert_constant(src, precedence);
 }

From ff2f662a5ec980e88afac9e556e2656e9f4e60e3 Mon Sep 17 00:00:00 2001
From: Cesar Rodriguez <cesar.rodriguez@diffblue.com>
Date: Mon, 7 Aug 2017 12:57:26 +0100
Subject: [PATCH 527/699] New option --java-max-input-tree-depth

This commits modifies `java_object_factoryt::gen_nondet_init` so that the object
herarchy created by it has a depth bounded by the value of
--java-max-input-tree-depth (default 5). This is in addition to the existing
`recursion_set` of types.
---
 .../cbmc-java/siblingobjects2/test.desc       |   2 +-
 .../cbmc-java/siblingobjects2/test.java       |   2 +-
 src/cbmc/cbmc_parse_options.cpp               |  18 ++-
 src/cbmc/cbmc_parse_options.h                 |   5 +-
 src/goto-programs/convert_nondet.cpp          |  16 +-
 src/goto-programs/convert_nondet.h            |   5 +-
 .../java_bytecode_instrument.cpp              |  13 +-
 src/java_bytecode/java_bytecode_instrument.h  |   3 +-
 src/java_bytecode/java_bytecode_language.cpp  |  17 +-
 src/java_bytecode/java_bytecode_language.h    |   3 +
 src/java_bytecode/java_entry_point.cpp        |  48 +++---
 src/java_bytecode/java_entry_point.h          |   1 +
 src/java_bytecode/java_object_factory.cpp     | 149 ++++++++++++------
 src/java_bytecode/java_object_factory.h       |   7 +-
 14 files changed, 192 insertions(+), 97 deletions(-)

diff --git a/regression/cbmc-java/siblingobjects2/test.desc b/regression/cbmc-java/siblingobjects2/test.desc
index c3dacca8719..a6eefe5c7e5 100644
--- a/regression/cbmc-java/siblingobjects2/test.desc
+++ b/regression/cbmc-java/siblingobjects2/test.desc
@@ -5,5 +5,5 @@ test.class
 ^SIGNAL=0$
 VERIFICATION FAILED
 assertion at file test.java line 23 function java::test\.toplevel_pointers_not_null.*: FAILURE
-assertion at file test.java line 18 function java::test\.next_pointers_not_null.*: SUCCESS
+assertion at file test.java line 18 function java::test\.next_pointers_not_null.*: FAILURE
 --
diff --git a/regression/cbmc-java/siblingobjects2/test.java b/regression/cbmc-java/siblingobjects2/test.java
index 82533d478b0..b48802655b5 100644
--- a/regression/cbmc-java/siblingobjects2/test.java
+++ b/regression/cbmc-java/siblingobjects2/test.java
@@ -14,7 +14,7 @@ public void main() {
   }
 
   public void next_pointers_not_null() {
-    // Not currently achievable due to recursive types
+    // Should be possible to hit with --java-max-input-tree-depth >= 2
     assert(false);
   }
 
diff --git a/src/cbmc/cbmc_parse_options.cpp b/src/cbmc/cbmc_parse_options.cpp
index adefdacc0f7..34883528b58 100644
--- a/src/cbmc/cbmc_parse_options.cpp
+++ b/src/cbmc/cbmc_parse_options.cpp
@@ -835,16 +835,21 @@ bool cbmc_parse_optionst::process_goto_program(
     // Similar removal of java nondet statements:
     // TODO Should really get this from java_bytecode_language somehow, but we
     // don't have an instance of that here.
-    const auto max_nondet_array_length=
+    const size_t max_nondet_array_length=
       cmdline.isset("java-max-input-array-length")
-        ? std::stoi(cmdline.get_value("java-max-input-array-length"))
+        ? std::stoul(cmdline.get_value("java-max-input-array-length"))
         : MAX_NONDET_ARRAY_LENGTH_DEFAULT;
+    const size_t max_nondet_tree_depth=
+      cmdline.isset("java-max-input-tree-depth")
+        ? std::stoul(cmdline.get_value("java-max-input-tree-depth"))
+        : MAX_NONDET_TREE_DEPTH;
     replace_java_nondet(goto_functions);
     convert_nondet(
       goto_functions,
       symbol_table,
       ui_message_handler,
-      max_nondet_array_length);
+      max_nondet_array_length,
+      max_nondet_tree_depth);
 
     // add generic checks
     status() << "Generic Property Instrumentation" << eom;
@@ -1068,10 +1073,15 @@ void cbmc_parse_optionst::help()
     "Java Bytecode frontend options:\n"
     " --classpath dir/jar          set the classpath\n"
     " --main-class class-name      set the name of the main class\n"
+    " --java-assume-inputs-non-null test harness makes input arguments not null\n"
+    " --java-max-input-array-length N maximum allowed length for an array passed as input\n"
+    " --java-max-input-tree-depth N   object references are (deterministically) set to null in the object\n"
+    "                                 hierarchy of input parameters when their depth is >= N and the object\n"
+    "                                 type happens twice in the tree branch\n"
     // NOLINTNEXTLINE(whitespace/line_length)
     " --java-max-vla-length        limit the length of user-code-created arrays\n"
     // NOLINTNEXTLINE(whitespace/line_length)
-    " --java-throw-runtime-exceptions Make implicit runtime exceptions explicit"
+    " --java-throw-runtime-exceptions make implicit runtime exceptions explicit\n"
     " --java-cp-include-files      regexp or JSON list of files to load (with '@' prefix)\n"
     " --java-unwind-enum-static    try to unwind loops in static initialization of enums\n"
     "\n"
diff --git a/src/cbmc/cbmc_parse_options.h b/src/cbmc/cbmc_parse_options.h
index 9d454ea0951..849fde7c126 100644
--- a/src/cbmc/cbmc_parse_options.h
+++ b/src/cbmc/cbmc_parse_options.h
@@ -64,9 +64,12 @@ class optionst;
   "(string-abstraction)(no-arch)(arch):" \
   "(round-to-nearest)(round-to-plus-inf)(round-to-minus-inf)(round-to-zero)" \
   "(graphml-witness):" \
-  "(java-max-vla-length):(java-unwind-enum-static)" \
+  "(java-max-vla-length):" \
+  "(java-unwind-enum-static)" \
   "(java-cp-include-files):" \
   "(java-throw-runtime-exceptions)" \
+  "(java-max-input-array-length):" \
+  "(java-max-input-tree-depth):" \
   "(localize-faults)(localize-faults-method):" \
   "(lazy-methods)" \
   "(fixedbv)(floatbv)(all-claims)(all-properties)" // legacy, and will eventually disappear // NOLINT(whitespace/line_length)
diff --git a/src/goto-programs/convert_nondet.cpp b/src/goto-programs/convert_nondet.cpp
index 252c0176eeb..1484969fead 100644
--- a/src/goto-programs/convert_nondet.cpp
+++ b/src/goto-programs/convert_nondet.cpp
@@ -33,7 +33,8 @@ static goto_programt::targett insert_nondet_init_code(
   const goto_programt::targett &target,
   symbol_tablet &symbol_table,
   message_handlert &message_handler,
-  size_t max_nondet_array_length)
+  size_t max_nondet_array_length,
+  size_t max_nondet_tree_depth)
 {
   // Return if the instruction isn't an assignment
   const auto next_instr=std::next(target);
@@ -89,6 +90,7 @@ static goto_programt::targett insert_nondet_init_code(
     allocation_typet::DYNAMIC,
     !nullable,
     max_nondet_array_length,
+    max_nondet_tree_depth,
     update_in_placet::NO_UPDATE_IN_PLACE);
 
   // Convert this code into goto instructions
@@ -113,7 +115,8 @@ static void convert_nondet(
   goto_programt &goto_program,
   symbol_tablet &symbol_table,
   message_handlert &message_handler,
-  size_t max_nondet_array_length)
+  size_t max_nondet_array_length,
+  size_t max_nondet_tree_depth)
 {
   for(auto instruction_iterator=goto_program.instructions.begin(),
         end=goto_program.instructions.end();
@@ -124,7 +127,8 @@ static void convert_nondet(
       instruction_iterator,
       symbol_table,
       message_handler,
-      max_nondet_array_length);
+      max_nondet_array_length,
+      max_nondet_tree_depth);
   }
 }
 
@@ -134,7 +138,8 @@ void convert_nondet(
   goto_functionst &goto_functions,
   symbol_tablet &symbol_table,
   message_handlert &message_handler,
-  size_t max_nondet_array_length)
+  size_t max_nondet_array_length,
+  size_t max_nondet_tree_depth)
 {
   for(auto &goto_program : goto_functions.function_map)
   {
@@ -142,7 +147,8 @@ void convert_nondet(
       goto_program.second.body,
       symbol_table,
       message_handler,
-      max_nondet_array_length);
+      max_nondet_array_length,
+      max_nondet_tree_depth);
   }
 
   goto_functions.compute_location_numbers();
diff --git a/src/goto-programs/convert_nondet.h b/src/goto-programs/convert_nondet.h
index 2d083c58bf7..4ebd2483479 100644
--- a/src/goto-programs/convert_nondet.h
+++ b/src/goto-programs/convert_nondet.h
@@ -24,10 +24,13 @@ class message_handlert;
 /// \param symbol_table: The symbol table to query/update.
 /// \param message_handler: For error logging.
 /// \param max_nondet_array_length: The maximum length of any new arrays.
+/// \param max_nondet_tree_depth: Maximum depth for object hierarchy on input
+///   parameterers.
 void convert_nondet(
   goto_functionst &goto_functions,
   symbol_tablet &symbol_table,
   message_handlert &message_handler,
-  size_t max_nondet_array_length);
+  size_t max_nondet_array_length,
+  size_t max_nondet_tree_depth);
 
 #endif
diff --git a/src/java_bytecode/java_bytecode_instrument.cpp b/src/java_bytecode/java_bytecode_instrument.cpp
index 2aca67e549c..e96bbb8e85b 100644
--- a/src/java_bytecode/java_bytecode_instrument.cpp
+++ b/src/java_bytecode/java_bytecode_instrument.cpp
@@ -30,12 +30,14 @@ class java_bytecode_instrumentt:public messaget
     symbol_tablet &_symbol_table,
     const bool _throw_runtime_exceptions,
     message_handlert &_message_handler,
-    const size_t _max_array_length):
+    const size_t _max_array_length,
+    const size_t _max_tree_depth):
     messaget(_message_handler),
     symbol_table(_symbol_table),
     throw_runtime_exceptions(_throw_runtime_exceptions),
     message_handler(_message_handler),
-    max_array_length(_max_array_length)
+    max_array_length(_max_array_length),
+    max_tree_depth(_max_tree_depth)
     {
     }
 
@@ -46,6 +48,7 @@ class java_bytecode_instrumentt:public messaget
   const bool throw_runtime_exceptions;
   message_handlert &message_handler;
   const size_t max_array_length;
+  const size_t max_tree_depth;
 
   codet throw_exception(
     const exprt &cond,
@@ -550,13 +553,15 @@ void java_bytecode_instrument(
   symbol_tablet &symbol_table,
   const bool throw_runtime_exceptions,
   message_handlert &message_handler,
-  const size_t max_array_length)
+  const size_t max_array_length,
+  const size_t max_tree_depth)
 {
   java_bytecode_instrumentt instrument(
     symbol_table,
     throw_runtime_exceptions,
     message_handler,
-    max_array_length);
+    max_array_length,
+    max_tree_depth);
 
   Forall_symbols(s_it, symbol_table.symbols)
   {
diff --git a/src/java_bytecode/java_bytecode_instrument.h b/src/java_bytecode/java_bytecode_instrument.h
index 0d987746bce..7d9ed248a1e 100644
--- a/src/java_bytecode/java_bytecode_instrument.h
+++ b/src/java_bytecode/java_bytecode_instrument.h
@@ -15,5 +15,6 @@ void java_bytecode_instrument(
   symbol_tablet &symbol_table,
   const bool throw_runtime_exceptions,
   message_handlert &_message_handler,
-  const size_t max_array_length);
+  const size_t max_array_length,
+  const size_t max_depth);
 #endif
diff --git a/src/java_bytecode/java_bytecode_language.cpp b/src/java_bytecode/java_bytecode_language.cpp
index 4ad972548c4..b7f293d5a7c 100644
--- a/src/java_bytecode/java_bytecode_language.cpp
+++ b/src/java_bytecode/java_bytecode_language.cpp
@@ -42,6 +42,9 @@ void java_bytecode_languaget::get_language_options(const cmdlinet &cmd)
   if(cmd.isset("java-max-input-array-length"))
     max_nondet_array_length=
       std::stoi(cmd.get_value("java-max-input-array-length"));
+  if(cmd.isset("java-max-input-tree-depth"))
+    max_nondet_tree_depth=
+      std::stoi(cmd.get_value("java-max-input-tree-depth"));
   if(cmd.isset("java-max-vla-length"))
     max_user_array_length=std::stoi(cmd.get_value("java-max-vla-length"));
   if(cmd.isset("lazy-methods-context-sensitive"))
@@ -449,7 +452,8 @@ bool java_bytecode_languaget::typecheck(
     symbol_table,
     throw_runtime_exceptions,
     get_message_handler(),
-    max_nondet_array_length);
+    max_nondet_array_length,
+    max_nondet_tree_depth);
 
   // now typecheck all
   if(java_bytecode_typecheck(
@@ -683,9 +687,6 @@ void java_bytecode_languaget::replace_string_methods(
 
 bool java_bytecode_languaget::final(symbol_tablet &symbol_table)
 {
-  /*
-  if(c_final(symbol_table, message_handler)) return true;
-  */
   java_internal_additions(symbol_table);
 
   // Replace code of String methods calls by code we generate
@@ -696,17 +697,17 @@ bool java_bytecode_languaget::final(symbol_tablet &symbol_table)
   if(res.stop_convert)
     return res.error_found;
 
-  symbolt entry=res.main_function;
-
+  // generate the test harness in __CPROVER__start and a call the entry point
   select_pointer_typet pointer_type_selector;
-  return(
+  return
     java_entry_point(
       symbol_table,
       main_class,
       get_message_handler(),
       assume_inputs_non_null,
       max_nondet_array_length,
-      pointer_type_selector));
+      max_nondet_tree_depth,
+      pointer_type_selector);
 }
 
 void java_bytecode_languaget::show_parse(std::ostream &out)
diff --git a/src/java_bytecode/java_bytecode_language.h b/src/java_bytecode/java_bytecode_language.h
index 950cc45fe73..a885325b197 100644
--- a/src/java_bytecode/java_bytecode_language.h
+++ b/src/java_bytecode/java_bytecode_language.h
@@ -17,6 +17,7 @@ Author: Daniel Kroening, kroening@kroening.com
 #include "java_string_library_preprocess.h"
 
 #define MAX_NONDET_ARRAY_LENGTH_DEFAULT 5
+#define MAX_NONDET_TREE_DEPTH 5
 
 class symbolt;
 
@@ -62,6 +63,7 @@ class java_bytecode_languaget:public languaget
   virtual ~java_bytecode_languaget();
   java_bytecode_languaget():
     max_nondet_array_length(MAX_NONDET_ARRAY_LENGTH_DEFAULT),
+    max_nondet_tree_depth(MAX_NONDET_TREE_DEPTH),
     max_user_array_length(0)
     {}
 
@@ -101,6 +103,7 @@ class java_bytecode_languaget:public languaget
   java_class_loadert java_class_loader;
   bool assume_inputs_non_null;      // assume inputs variables to be non-null
   size_t max_nondet_array_length;   // maximal length for non-det array creation
+  size_t max_nondet_tree_depth;     // maximal depth for object tree in non-det creation
   size_t max_user_array_length;     // max size for user code created arrays
   lazy_methodst lazy_methods;
   lazy_methods_modet lazy_methods_mode;
diff --git a/src/java_bytecode/java_entry_point.cpp b/src/java_bytecode/java_entry_point.cpp
index e1f528a2e33..afbc6e046b3 100644
--- a/src/java_bytecode/java_entry_point.cpp
+++ b/src/java_bytecode/java_entry_point.cpp
@@ -91,6 +91,7 @@ void java_static_lifetime_init(
   const source_locationt &source_location,
   bool assume_init_pointers_not_null,
   unsigned max_nondet_array_length,
+  unsigned max_nondet_tree_depth,
   const select_pointer_typet &pointer_type_selector)
 {
   symbolt &initialize_symbol=symbol_table.lookup(INITIALIZE);
@@ -132,6 +133,7 @@ void java_static_lifetime_init(
           allow_null,
           symbol_table,
           max_nondet_array_length,
+          max_nondet_tree_depth,
           allocation_typet::GLOBAL,
           source_location,
           pointer_type_selector);
@@ -154,6 +156,7 @@ exprt::operandst java_build_arguments(
   symbol_tablet &symbol_table,
   bool assume_init_pointers_not_null,
   size_t max_nondet_array_length,
+  size_t max_nondet_tree_depth,
   const select_pointer_typet &pointer_type_selector)
 {
   const code_typet::parameterst &parameters=
@@ -162,32 +165,37 @@ exprt::operandst java_build_arguments(
   exprt::operandst main_arguments;
   main_arguments.resize(parameters.size());
 
+  bool is_default_entry_point(config.main.empty());
+  bool is_main=is_default_entry_point;
+
+  // if walks like a duck and quacks like a duck, it is a duck!
+  if(!is_main)
+  {
+    bool named_main=has_suffix(config.main, ".main");
+    const typet &string_array_type=
+      java_type_from_string("[Ljava.lang.String;");
+    bool has_correct_type=
+      to_code_type(function.type).return_type().id()==ID_empty &&
+      (!to_code_type(function.type).has_this()) &&
+      parameters.size()==1 &&
+      parameters[0].type().full_eq(string_array_type);
+    is_main=(named_main && has_correct_type);
+  }
+
   for(std::size_t param_number=0;
       param_number<parameters.size();
       param_number++)
   {
-    bool is_this=(param_number==0) &&
-                 parameters[param_number].get_this();
-    bool is_default_entry_point(config.main.empty());
-    bool is_main=is_default_entry_point;
-    if(!is_main)
-    {
-      bool named_main=has_suffix(config.main, ".main");
-      const typet &string_array_type=
-        java_type_from_string("[Ljava.lang.String;");
-      bool has_correct_type=
-        to_code_type(function.type).return_type().id()==ID_empty &&
-        (!to_code_type(function.type).has_this()) &&
-        parameters.size()==1 &&
-        parameters[0].type().full_eq(string_array_type);
-      is_main=(named_main && has_correct_type);
-    }
-
     const code_typet::parametert &p=parameters[param_number];
     const irep_idt base_name=p.get_base_name().empty()?
       ("argument#"+std::to_string(param_number)):p.get_base_name();
 
-    bool allow_null=(!is_main) && (!is_this) && !assume_init_pointers_not_null;
+    // true iff this parameter is the `this` pointer of the method, which cannot
+    // be null
+    bool is_this=(param_number==0) && parameters[param_number].get_this();
+
+    bool allow_null=
+      !assume_init_pointers_not_null && !is_main && !is_this;
 
     main_arguments[param_number]=
       object_factory(
@@ -197,6 +205,7 @@ exprt::operandst java_build_arguments(
         allow_null,
         symbol_table,
         max_nondet_array_length,
+        max_nondet_tree_depth,
         allocation_typet::LOCAL,
         function.location,
         pointer_type_selector);
@@ -480,6 +489,7 @@ bool java_entry_point(
   message_handlert &message_handler,
   bool assume_init_pointers_not_null,
   size_t max_nondet_array_length,
+  size_t max_nondet_tree_depth,
   const select_pointer_typet &pointer_type_selector)
 {
   // check if the entry point is already there
@@ -504,6 +514,7 @@ bool java_entry_point(
     symbol.location,
     assume_init_pointers_not_null,
     max_nondet_array_length,
+    max_nondet_tree_depth,
     pointer_type_selector);
 
   code_blockt init_code;
@@ -572,6 +583,7 @@ bool java_entry_point(
       symbol_table,
       assume_init_pointers_not_null,
       max_nondet_array_length,
+      max_nondet_tree_depth,
       pointer_type_selector);
   call_main.arguments()=main_arguments;
 
diff --git a/src/java_bytecode/java_entry_point.h b/src/java_bytecode/java_entry_point.h
index 43e2c8767ed..9e3ae36eec3 100644
--- a/src/java_bytecode/java_entry_point.h
+++ b/src/java_bytecode/java_entry_point.h
@@ -22,6 +22,7 @@ bool java_entry_point(
   class message_handlert &message_handler,
   bool assume_init_pointers_not_null,
   size_t max_nondet_array_length,
+  size_t max_nondet_tree_depth,
   const select_pointer_typet &pointer_type_selector);
 
 typedef struct
diff --git a/src/java_bytecode/java_object_factory.cpp b/src/java_bytecode/java_object_factory.cpp
index ca07d71298f..f058698b15b 100644
--- a/src/java_bytecode/java_object_factory.cpp
+++ b/src/java_bytecode/java_object_factory.cpp
@@ -51,9 +51,11 @@ class java_object_factoryt
 {
   std::vector<const symbolt *> &symbols_created;
   const source_locationt &loc;
+  /// Maximum value for the non-deterministically-choosen length of an array.
+  const size_t max_nondet_array_length;
+  const size_t max_nondet_tree_depth;
   std::unordered_set<irep_idt, irep_id_hash> recursion_set;
   bool assume_non_null;
-  size_t max_nondet_array_length;
   symbol_tablet &symbol_table;
   namespacet ns;
 
@@ -62,11 +64,6 @@ class java_object_factoryt
   /// implementations.
   const select_pointer_typet &pointer_type_selector;
 
-  void set_null(
-    const exprt &expr,
-    const pointer_typet &ptr_type);
-
-
   code_assignt get_null_assignment(
     const exprt &expr,
     const pointer_typet &ptr_type);
@@ -76,6 +73,7 @@ class java_object_factoryt
     const exprt &expr,
     const typet &target_type,
     allocation_typet alloc_type,
+    size_t depth,
     update_in_placet update_in_place);
 
   void allocate_nondet_length_array(
@@ -90,12 +88,14 @@ class java_object_factoryt
     const source_locationt &loc,
     bool _assume_non_null,
     size_t _max_nondet_array_length,
+    size_t _max_nondet_tree_depth,
     symbol_tablet &_symbol_table,
     const select_pointer_typet &pointer_type_selector):
       symbols_created(_symbols_created),
       loc(loc),
       assume_non_null(_assume_non_null),
       max_nondet_array_length(_max_nondet_array_length),
+      max_nondet_tree_depth(_max_nondet_tree_depth),
       symbol_table(_symbol_table),
       ns(_symbol_table),
       pointer_type_selector(pointer_type_selector)
@@ -110,6 +110,7 @@ class java_object_factoryt
   void gen_nondet_array_init(
     code_blockt &assignments,
     const exprt &expr,
+    size_t depth,
     update_in_placet);
 
   void gen_nondet_init(
@@ -119,8 +120,9 @@ class java_object_factoryt
     irep_idt class_identifier,
     bool skip_classid,
     allocation_typet alloc_type,
-    bool override,
+    bool override_,
     const typet &override_type,
+    size_t depth,
     update_in_placet);
 
 private:
@@ -130,6 +132,7 @@ class java_object_factoryt
     const irep_idt &class_identifier,
     allocation_typet alloc_type,
     const pointer_typet &pointer_type,
+    size_t depth,
     const update_in_placet &update_in_place);
 
   void gen_nondet_struct_init(
@@ -140,12 +143,14 @@ class java_object_factoryt
     bool skip_classid,
     allocation_typet alloc_type,
     const struct_typet &struct_type,
+    size_t depth,
     const update_in_placet &update_in_place);
 
   symbol_exprt gen_nondet_subtype_pointer_init(
     code_blockt &assignments,
     allocation_typet alloc_type,
-    const pointer_typet &substitute_pointer_type);
+    const pointer_typet &substitute_pointer_type,
+    size_t depth);
 };
 
 /// Generates code for allocating a dynamic object. This is used in
@@ -174,7 +179,7 @@ exprt allocate_dynamic_object(
 
   if(allocate_type.id()!=ID_empty)
   {
-    assert(!object_size.is_nil() && "size of Java objects should be known");
+    INVARIANT(!object_size.is_nil(), "Size of Java objects should be known");
     // malloc expression
     exprt malloc_expr=side_effect_exprt(ID_malloc);
     malloc_expr.copy_to_operands(object_size);
@@ -339,9 +344,11 @@ void java_object_factoryt::gen_pointer_target_init(
   const exprt &expr,
   const typet &target_type,
   allocation_typet alloc_type,
+  size_t depth,
   update_in_placet update_in_place)
 {
-  assert(update_in_place!=update_in_placet::MAY_UPDATE_IN_PLACE);
+  PRECONDITION(expr.type().id()==ID_pointer);
+  PRECONDITION(update_in_place!=update_in_placet::MAY_UPDATE_IN_PLACE);
 
   if(target_type.id()==ID_struct &&
      has_prefix(
@@ -351,6 +358,7 @@ void java_object_factoryt::gen_pointer_target_init(
     gen_nondet_array_init(
       assignments,
       expr,
+      depth+1,
       update_in_place);
   }
   else
@@ -363,6 +371,9 @@ void java_object_factoryt::gen_pointer_target_init(
         expr,
         target_type,
         alloc_type);
+      INVARIANT(
+        target.type().id()==ID_pointer,
+        "We expect an address-of object");
     }
     else
     {
@@ -379,12 +390,13 @@ void java_object_factoryt::gen_pointer_target_init(
     gen_nondet_init(
       assignments,
       init_expr,
-      false,
-      "",
-      false,
+      false,   // is_sub
+      "",      // class_identifier
+      false,   // skip_classid
       alloc_type,
-      false,
-      typet(),
+      false,   // override
+      typet(), // override type immaterial
+      depth+1,
       update_in_place);
   }
 }
@@ -457,8 +469,11 @@ void java_object_factoryt::gen_nondet_pointer_init(
   const irep_idt &class_identifier,
   allocation_typet alloc_type,
   const pointer_typet &pointer_type,
+  size_t depth,
   const update_in_placet &update_in_place)
 {
+  PRECONDITION(expr.type().id()==ID_pointer);
+
   const pointer_typet &replacement_pointer_type=
     pointer_type_selector.convert_pointer_type(pointer_type);
 
@@ -469,7 +484,8 @@ void java_object_factoryt::gen_nondet_pointer_init(
     const symbol_exprt real_pointer_symbol=gen_nondet_subtype_pointer_init(
       assignments,
       alloc_type,
-      replacement_pointer_type);
+      replacement_pointer_type,
+      depth);
 
     // Having created a pointer to object of type replacement_pointer_type
     // we now assign it back to the original pointer with a cast
@@ -489,8 +505,10 @@ void java_object_factoryt::gen_nondet_pointer_init(
     const struct_typet &struct_type=to_struct_type(subtype);
     const irep_idt &struct_tag=struct_type.get_tag();
 
-    // If this is a recursive type of some kind, set null.
-    if(!recursion_set_entry.insert_entry(struct_tag))
+    // If this is a recursive type of some kind AND the depth is exceeded, set
+    // the pointer to null.
+    if(!recursion_set_entry.insert_entry(struct_tag) &&
+      depth>=max_nondet_tree_depth)
     {
       if(update_in_place==update_in_placet::NO_UPDATE_IN_PLACE)
       {
@@ -512,6 +530,7 @@ void java_object_factoryt::gen_nondet_pointer_init(
       expr,
       subtype,
       alloc_type,
+      depth,
       update_in_placet::MUST_UPDATE_IN_PLACE);
   }
 
@@ -529,6 +548,7 @@ void java_object_factoryt::gen_nondet_pointer_init(
     expr,
     subtype,
     alloc_type,
+    depth,
     update_in_placet::NO_UPDATE_IN_PLACE);
 
   auto set_null_inst=get_null_assignment(expr, pointer_type);
@@ -588,7 +608,7 @@ void java_object_factoryt::gen_nondet_pointer_init(
   else
   {
     INVARIANT(update_in_place==update_in_placet::MAY_UPDATE_IN_PLACE,
-      "No update and must update should have already been resolved");
+      "No-update and must-update should have already been resolved");
 
     code_ifthenelset update_check;
     update_check.cond()=side_effect_expr_nondett(bool_typet());
@@ -614,7 +634,8 @@ void java_object_factoryt::gen_nondet_pointer_init(
 symbol_exprt java_object_factoryt::gen_nondet_subtype_pointer_init(
   code_blockt &assignments,
   allocation_typet alloc_type,
-  const pointer_typet &replacement_pointer)
+  const pointer_typet &replacement_pointer,
+  size_t depth)
 {
   symbolt new_symbol=new_tmp_symbol(symbol_table, loc, replacement_pointer);
 
@@ -622,12 +643,13 @@ symbol_exprt java_object_factoryt::gen_nondet_subtype_pointer_init(
   gen_nondet_init(
     assignments,
     new_symbol.symbol_expr(),
-    false,
-    "",
-    false,
+    false,   // is_sub
+    "",      // class_identifier
+    false,   // skip_classid
     alloc_type,
-    false,
-    typet(),
+    false,   // override
+    typet(), // override_type
+    depth,
     update_in_placet::NO_UPDATE_IN_PLACE);
 
   return new_symbol.symbol_expr();
@@ -658,8 +680,12 @@ void java_object_factoryt::gen_nondet_struct_init(
   bool skip_classid,
   allocation_typet alloc_type,
   const struct_typet &struct_type,
+  size_t depth,
   const update_in_placet &update_in_place)
 {
+  PRECONDITION(ns.follow(expr.type()).id()==ID_struct);
+  PRECONDITION(struct_type.id()==ID_struct);
+
   typedef struct_typet::componentst componentst;
   const irep_idt &struct_tag=struct_type.get_tag();
 
@@ -715,10 +741,11 @@ void java_object_factoryt::gen_nondet_struct_init(
         me,
         _is_sub,
         class_identifier,
-        false,
+        false,   // skip_classid
         alloc_type,
-        false,
-        typet(),
+        false,   // override
+        typet(), // override_type
+        depth,
         substruct_in_place);
     }
   }
@@ -749,12 +776,14 @@ void java_object_factoryt::gen_nondet_init(
   irep_idt class_identifier,
   bool skip_classid,
   allocation_typet alloc_type,
-  bool override,
+  bool override_,
   const typet &override_type,
+  size_t depth,
   update_in_placet update_in_place)
 {
   const typet &type=
-    override ? ns.follow(override_type) : ns.follow(expr.type());
+    override_ ? ns.follow(override_type) : ns.follow(expr.type());
+
 
   if(type.id()==ID_pointer)
   {
@@ -766,6 +795,7 @@ void java_object_factoryt::gen_nondet_init(
       class_identifier,
       alloc_type,
       pointer_type,
+      depth,
       update_in_place);
   }
   else if(type.id()==ID_struct)
@@ -779,6 +809,7 @@ void java_object_factoryt::gen_nondet_init(
       skip_classid,
       alloc_type,
       struct_type,
+      depth,
       update_in_place);
   }
   else
@@ -820,12 +851,13 @@ void java_object_factoryt::allocate_nondet_length_array(
   gen_nondet_init(
     assignments,
     length_sym_expr,
-    false,
+    false,   // is_sub
     irep_idt(),
-    false,
-    allocation_typet::LOCAL, // Doesn't matter, as type is primitive
-    false,
-    typet(),
+    false,   // skip_classid
+    allocation_typet::LOCAL, // immaterial, type is primitive
+    false,   // override
+    typet(), // override type is immaterial
+    0,       // depth is immaterial
     update_in_placet::NO_UPDATE_IN_PLACE);
 
   // Insert assumptions to bound its length:
@@ -852,13 +884,15 @@ void java_object_factoryt::allocate_nondet_length_array(
 void java_object_factoryt::gen_nondet_array_init(
   code_blockt &assignments,
   const exprt &expr,
+  size_t depth,
   update_in_placet update_in_place)
 {
-  assert(expr.type().id()==ID_pointer);
-  assert(update_in_place!=update_in_placet::MAY_UPDATE_IN_PLACE);
+  PRECONDITION(expr.type().id()==ID_pointer);
+  PRECONDITION(expr.type().subtype().id()==ID_symbol);
+  PRECONDITION(update_in_place!=update_in_placet::MAY_UPDATE_IN_PLACE);
+
   const typet &type=ns.follow(expr.type().subtype());
   const struct_typet &struct_type=to_struct_type(type);
-  assert(expr.type().subtype().id()==ID_symbol);
   const typet &element_type=
     static_cast<const typet &>(expr.type().subtype().find(ID_C_element_type));
 
@@ -952,13 +986,14 @@ void java_object_factoryt::gen_nondet_array_init(
   gen_nondet_init(
     assignments,
     arraycellref,
-    false,
-    irep_idt(),
-    false,
+    false, // is_sub
+    irep_idt(), // class_identifier
+    false, // skip_classid
     // These are variable in number, so use dynamic allocator:
     allocation_typet::DYNAMIC,
-    true,
+    true,  // override
     element_type,
+    depth,
     child_update_in_place);
 
   exprt java_one=from_integer(1, java_int_type());
@@ -1016,6 +1051,7 @@ exprt object_factory(
   bool allow_null,
   symbol_tablet &symbol_table,
   size_t max_nondet_array_length,
+  size_t max_nondet_tree_depth,
   allocation_typet alloc_type,
   const source_locationt &loc,
   const select_pointer_typet &pointer_type_selector)
@@ -1035,7 +1071,7 @@ exprt object_factory(
 
   symbolt *main_symbol_ptr;
   bool moving_symbol_failed=symbol_table.move(main_symbol, main_symbol_ptr);
-  assert(!moving_symbol_failed);
+  CHECK_RETURN(!moving_symbol_failed);
 
   std::vector<const symbolt *> symbols_created;
   symbols_created.push_back(main_symbol_ptr);
@@ -1044,18 +1080,20 @@ exprt object_factory(
     loc,
     !allow_null,
     max_nondet_array_length,
+    max_nondet_tree_depth,
     symbol_table,
     pointer_type_selector);
   code_blockt assignments;
   state.gen_nondet_init(
     assignments,
     object,
-    false,
-    "",
-    false,
+    false,   // is_sub
+    "",      // class_identifier
+    false,   // skip_classid
     alloc_type,
-    false,
-    typet(),
+    false,   // override
+    typet(), // override_type is immaterial
+    0,       // initial depth
     update_in_placet::NO_UPDATE_IN_PLACE);
 
   declare_created_symbols(symbols_created, loc, init_code);
@@ -1094,6 +1132,7 @@ void gen_nondet_init(
   allocation_typet alloc_type,
   bool assume_non_null,
   size_t max_nondet_array_length,
+  size_t max_nondet_tree_depth,
   const select_pointer_typet &pointer_type_selector,
   update_in_placet update_in_place)
 {
@@ -1104,18 +1143,20 @@ void gen_nondet_init(
     loc,
     assume_non_null,
     max_nondet_array_length,
+    max_nondet_tree_depth,
     symbol_table,
     pointer_type_selector);
   code_blockt assignments;
   state.gen_nondet_init(
     assignments,
     expr,
-    false,
-    "",
+    false,   // is_sub
+    "",      // class_identifier
     skip_classid,
     alloc_type,
-    false,
-    typet(),
+    false,   // override
+    typet(), // override_type is immaterial
+    0,       // initial depth
     update_in_place);
 
   declare_created_symbols(symbols_created, loc, init_code);
@@ -1130,6 +1171,7 @@ exprt object_factory(const typet &type,
   bool allow_null,
   symbol_tablet &symbol_table,
   size_t max_nondet_array_length,
+  size_t max_nondet_tree_depth,
   allocation_typet alloc_type,
   const source_locationt &location)
 {
@@ -1141,6 +1183,7 @@ exprt object_factory(const typet &type,
     allow_null,
     symbol_table,
     max_nondet_array_length,
+    max_nondet_tree_depth,
     alloc_type,
     location,
     pointer_type_selector);
@@ -1155,6 +1198,7 @@ void gen_nondet_init(const exprt &expr,
   allocation_typet alloc_type,
   bool assume_non_null,
   size_t max_nondet_array_length,
+  size_t max_nondet_tree_depth,
   update_in_placet update_in_place)
 {
   select_pointer_typet pointer_type_selector;
@@ -1167,6 +1211,7 @@ void gen_nondet_init(const exprt &expr,
     alloc_type,
     assume_non_null,
     max_nondet_array_length,
+    max_nondet_tree_depth,
     pointer_type_selector,
     update_in_place);
 }
diff --git a/src/java_bytecode/java_object_factory.h b/src/java_bytecode/java_object_factory.h
index 61524ed0c13..34e4d8372eb 100644
--- a/src/java_bytecode/java_object_factory.h
+++ b/src/java_bytecode/java_object_factory.h
@@ -16,7 +16,8 @@ Author: Daniel Kroening, kroening@kroening.com
 #include <java_bytecode/select_pointer_type.h>
 
 /// Selects the kind of allocation used by java_object_factory et al.
-enum class allocation_typet {
+enum class allocation_typet
+{
   /// Allocate global objects
   GLOBAL,
   /// Allocate local stacked objects
@@ -32,6 +33,7 @@ exprt object_factory(
   bool allow_null,
   symbol_tablet &symbol_table,
   size_t max_nondet_array_length,
+  size_t max_nondet_tree_depth,
   allocation_typet alloc_type,
   const source_locationt &location,
   const select_pointer_typet &pointer_type_selector);
@@ -43,6 +45,7 @@ exprt object_factory(
   bool allow_null,
   symbol_tablet &symbol_table,
   size_t max_nondet_array_length,
+  size_t max_nondet_tree_depth,
   allocation_typet alloc_type,
   const source_locationt &location);
 
@@ -62,6 +65,7 @@ void gen_nondet_init(
   allocation_typet alloc_type,
   bool assume_non_null,
   size_t max_nondet_array_length,
+  size_t max_nondet_tree_depth,
   const select_pointer_typet &pointer_type_selector,
   update_in_placet update_in_place);
 
@@ -74,6 +78,7 @@ void gen_nondet_init(
   allocation_typet alloc_type,
   bool assume_non_null,
   size_t max_nondet_array_length,
+  size_t max_nondet_tree_depth,
   update_in_placet update_in_place);
 
 exprt allocate_dynamic_object(

From 05d98154cae2176ec9639f281c0a2143e4ee4df1 Mon Sep 17 00:00:00 2001
From: Cesar Rodriguez <cesar.rodriguez@diffblue.com>
Date: Mon, 7 Aug 2017 13:03:18 +0100
Subject: [PATCH 528/699] Java gen_non_det allow_null only for root object

This commit changes the semantics (and the name, for coherence with
object_factory()) of the parameter that determines how the generated code allows
references to be null.

The parameter `allow_null` now only applies to the root object. Objects "below"
in the object tree are always allowed to have null pointers.
---
 src/goto-programs/convert_nondet.cpp      |  2 +-
 src/java_bytecode/java_object_factory.cpp | 25 +++++++++++++++--------
 src/java_bytecode/java_object_factory.h   |  4 ++--
 3 files changed, 19 insertions(+), 12 deletions(-)

diff --git a/src/goto-programs/convert_nondet.cpp b/src/goto-programs/convert_nondet.cpp
index 1484969fead..926f0bcc41e 100644
--- a/src/goto-programs/convert_nondet.cpp
+++ b/src/goto-programs/convert_nondet.cpp
@@ -88,7 +88,7 @@ static goto_programt::targett insert_nondet_init_code(
     source_loc,
     true,
     allocation_typet::DYNAMIC,
-    !nullable,
+    nullable,
     max_nondet_array_length,
     max_nondet_tree_depth,
     update_in_placet::NO_UPDATE_IN_PLACE);
diff --git a/src/java_bytecode/java_object_factory.cpp b/src/java_bytecode/java_object_factory.cpp
index f058698b15b..31446fb04c6 100644
--- a/src/java_bytecode/java_object_factory.cpp
+++ b/src/java_bytecode/java_object_factory.cpp
@@ -55,7 +55,6 @@ class java_object_factoryt
   const size_t max_nondet_array_length;
   const size_t max_nondet_tree_depth;
   std::unordered_set<irep_idt, irep_id_hash> recursion_set;
-  bool assume_non_null;
   symbol_tablet &symbol_table;
   namespacet ns;
 
@@ -86,14 +85,12 @@ class java_object_factoryt
   java_object_factoryt(
     std::vector<const symbolt *> &_symbols_created,
     const source_locationt &loc,
-    bool _assume_non_null,
     size_t _max_nondet_array_length,
     size_t _max_nondet_tree_depth,
     symbol_tablet &_symbol_table,
     const select_pointer_typet &pointer_type_selector):
       symbols_created(_symbols_created),
       loc(loc),
-      assume_non_null(_assume_non_null),
       max_nondet_array_length(_max_nondet_array_length),
       max_nondet_tree_depth(_max_nondet_tree_depth),
       symbol_table(_symbol_table),
@@ -122,6 +119,7 @@ class java_object_factoryt
     allocation_typet alloc_type,
     bool override_,
     const typet &override_type,
+    bool allow_null,
     size_t depth,
     update_in_placet);
 
@@ -132,6 +130,7 @@ class java_object_factoryt
     const irep_idt &class_identifier,
     allocation_typet alloc_type,
     const pointer_typet &pointer_type,
+    bool allow_null,
     size_t depth,
     const update_in_placet &update_in_place);
 
@@ -396,6 +395,7 @@ void java_object_factoryt::gen_pointer_target_init(
       alloc_type,
       false,   // override
       typet(), // override type immaterial
+      true,    // allow_null always enabled in sub-objects
       depth+1,
       update_in_place);
   }
@@ -469,6 +469,7 @@ void java_object_factoryt::gen_nondet_pointer_init(
   const irep_idt &class_identifier,
   allocation_typet alloc_type,
   const pointer_typet &pointer_type,
+  bool allow_null,
   size_t depth,
   const update_in_placet &update_in_place)
 {
@@ -556,7 +557,7 @@ void java_object_factoryt::gen_nondet_pointer_init(
   // Determine whether the pointer can be null.
   // In particular the array field of a String should not be null.
   bool not_null=
-    assume_non_null ||
+    !allow_null ||
     ((class_identifier=="java.lang.String" ||
       class_identifier=="java.lang.StringBuilder" ||
       class_identifier=="java.lang.StringBuffer" ||
@@ -649,6 +650,7 @@ symbol_exprt java_object_factoryt::gen_nondet_subtype_pointer_init(
     alloc_type,
     false,   // override
     typet(), // override_type
+    true,    // allow_null
     depth,
     update_in_placet::NO_UPDATE_IN_PLACE);
 
@@ -745,6 +747,7 @@ void java_object_factoryt::gen_nondet_struct_init(
         alloc_type,
         false,   // override
         typet(), // override_type
+        true,    // allow_null always true for sub-objects
         depth,
         substruct_in_place);
     }
@@ -778,6 +781,7 @@ void java_object_factoryt::gen_nondet_init(
   allocation_typet alloc_type,
   bool override_,
   const typet &override_type,
+  bool allow_null,
   size_t depth,
   update_in_placet update_in_place)
 {
@@ -795,6 +799,7 @@ void java_object_factoryt::gen_nondet_init(
       class_identifier,
       alloc_type,
       pointer_type,
+      allow_null,
       depth,
       update_in_place);
   }
@@ -857,6 +862,7 @@ void java_object_factoryt::allocate_nondet_length_array(
     allocation_typet::LOCAL, // immaterial, type is primitive
     false,   // override
     typet(), // override type is immaterial
+    false,   // allow_null
     0,       // depth is immaterial
     update_in_placet::NO_UPDATE_IN_PLACE);
 
@@ -993,6 +999,7 @@ void java_object_factoryt::gen_nondet_array_init(
     allocation_typet::DYNAMIC,
     true,  // override
     element_type,
+    true,  // allow_null
     depth,
     child_update_in_place);
 
@@ -1078,7 +1085,6 @@ exprt object_factory(
   java_object_factoryt state(
     symbols_created,
     loc,
-    !allow_null,
     max_nondet_array_length,
     max_nondet_tree_depth,
     symbol_table,
@@ -1093,6 +1099,7 @@ exprt object_factory(
     alloc_type,
     false,   // override
     typet(), // override_type is immaterial
+    allow_null,
     0,       // initial depth
     update_in_placet::NO_UPDATE_IN_PLACE);
 
@@ -1130,7 +1137,7 @@ void gen_nondet_init(
   const source_locationt &loc,
   bool skip_classid,
   allocation_typet alloc_type,
-  bool assume_non_null,
+  bool allow_null,
   size_t max_nondet_array_length,
   size_t max_nondet_tree_depth,
   const select_pointer_typet &pointer_type_selector,
@@ -1141,7 +1148,6 @@ void gen_nondet_init(
   java_object_factoryt state(
     symbols_created,
     loc,
-    assume_non_null,
     max_nondet_array_length,
     max_nondet_tree_depth,
     symbol_table,
@@ -1156,6 +1162,7 @@ void gen_nondet_init(
     alloc_type,
     false,   // override
     typet(), // override_type is immaterial
+    allow_null,
     0,       // initial depth
     update_in_place);
 
@@ -1196,7 +1203,7 @@ void gen_nondet_init(const exprt &expr,
   const source_locationt &loc,
   bool skip_classid,
   allocation_typet alloc_type,
-  bool assume_non_null,
+  bool allow_null,
   size_t max_nondet_array_length,
   size_t max_nondet_tree_depth,
   update_in_placet update_in_place)
@@ -1209,7 +1216,7 @@ void gen_nondet_init(const exprt &expr,
     loc,
     skip_classid,
     alloc_type,
-    assume_non_null,
+    allow_null,
     max_nondet_array_length,
     max_nondet_tree_depth,
     pointer_type_selector,
diff --git a/src/java_bytecode/java_object_factory.h b/src/java_bytecode/java_object_factory.h
index 34e4d8372eb..9aa9c073c29 100644
--- a/src/java_bytecode/java_object_factory.h
+++ b/src/java_bytecode/java_object_factory.h
@@ -63,7 +63,7 @@ void gen_nondet_init(
   const source_locationt &loc,
   bool skip_classid,
   allocation_typet alloc_type,
-  bool assume_non_null,
+  bool allow_null,
   size_t max_nondet_array_length,
   size_t max_nondet_tree_depth,
   const select_pointer_typet &pointer_type_selector,
@@ -76,7 +76,7 @@ void gen_nondet_init(
   const source_locationt &loc,
   bool skip_classid,
   allocation_typet alloc_type,
-  bool assume_non_null,
+  bool allow_null,
   size_t max_nondet_array_length,
   size_t max_nondet_tree_depth,
   update_in_placet update_in_place);

From 5759b260ae7fbb5476b80b4998bf8e2fa4054cb9 Mon Sep 17 00:00:00 2001
From: Cesar Rodriguez <cesar.rodriguez@diffblue.com>
Date: Mon, 7 Aug 2017 13:05:39 +0100
Subject: [PATCH 529/699] Fields in java.lang.Class shall not be null

---
 src/java_bytecode/java_object_factory.cpp | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/java_bytecode/java_object_factory.cpp b/src/java_bytecode/java_object_factory.cpp
index 31446fb04c6..f4d645e8458 100644
--- a/src/java_bytecode/java_object_factory.cpp
+++ b/src/java_bytecode/java_object_factory.cpp
@@ -554,15 +554,17 @@ void java_object_factoryt::gen_nondet_pointer_init(
 
   auto set_null_inst=get_null_assignment(expr, pointer_type);
 
-  // Determine whether the pointer can be null.
-  // In particular the array field of a String should not be null.
+  // Determine whether the pointer can be null. In particular:
+  // - the 'data' of a String should not be null.
+  // - the pointers inside the java.lang.Class class shall not be null
   bool not_null=
     !allow_null ||
     ((class_identifier=="java.lang.String" ||
       class_identifier=="java.lang.StringBuilder" ||
       class_identifier=="java.lang.StringBuffer" ||
       class_identifier=="java.lang.CharSequence") &&
-     subtype.id()==ID_array);
+     subtype.id()==ID_array) ||
+    class_identifier=="java.lang.Class";
 
   // Alternatively, if this is a void* we *must* initialise with null:
   // (This can currently happen for some cases of #exception_value)

From c3e273f0f9129ca87a808f1ccec348c16393cf9b Mon Sep 17 00:00:00 2001
From: "Lukasz A.J. Wrona" <lukasz.andrzej.wrona@gmail.com>
Date: Tue, 8 Aug 2017 13:00:04 +0100
Subject: [PATCH 530/699] Escape backslash, \t, \f and \b in generated tests

---
 src/util/unicode.cpp | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/util/unicode.cpp b/src/util/unicode.cpp
index 6ea0e3cc364..6e0c483ec08 100644
--- a/src/util/unicode.cpp
+++ b/src/util/unicode.cpp
@@ -298,10 +298,16 @@ std::string utf16_little_endian_to_java(const std::wstring &in)
       result << "\\n";
     else if(ch=='\r')
       result << "\\r";
+    else if(ch=='\f')
+      result << "\\f";
+    else if(ch=='\b')
+      result << "\\b";
+    else if(ch=='\t')
+      result << "\\t";
     else if(ch<=255 && isprint(ch, loc))
     {
       const auto uch=static_cast<unsigned char>(ch);
-      if(uch=='"')
+      if(uch=='"' || uch=='\\')
         result << '\\';
       result << uch;
     }

From 9078d1555fe120378a1575fd2a95133da7d86e9b Mon Sep 17 00:00:00 2001
From: Peter Schrammel <peter.schrammel@diffblue.com>
Date: Wed, 2 Aug 2017 18:14:42 +0100
Subject: [PATCH 531/699] Rename bytecode_index -> bytecodeIndex in JSON output

JSON property names should use camelCase.
---
 regression/cbmc-java/NullPointer1/test.desc      |  2 +-
 regression/cbmc-java/NullPointer4/test.desc      |  2 +-
 regression/cbmc-java/enum1/test.desc             |  2 +-
 .../putstatic_source_location/test.desc          |  2 +-
 .../java_parseint_with_radix_knownbug/output     |  8 ++++----
 src/goto-instrument/cover.cpp                    | 16 ++++++++--------
 src/util/json_expr.cpp                           |  2 +-
 src/util/source_location.cpp                     |  2 +-
 8 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/regression/cbmc-java/NullPointer1/test.desc b/regression/cbmc-java/NullPointer1/test.desc
index b11a57a56fd..64fd6a24f69 100644
--- a/regression/cbmc-java/NullPointer1/test.desc
+++ b/regression/cbmc-java/NullPointer1/test.desc
@@ -3,7 +3,7 @@ NullPointer1.class
 --pointer-check --stop-on-fail
 ^EXIT=10$
 ^SIGNAL=0$
-^  file NullPointer1.java line 16 function java::NullPointer1.main:\(\[Ljava/lang/String;\)V bytecode_index 9$
+^  file NullPointer1.java line 16 function java::NullPointer1.main:\(\[Ljava/lang/String;\)V bytecode-index 9$
 ^VERIFICATION FAILED$
 --
 ^warning: ignoring
diff --git a/regression/cbmc-java/NullPointer4/test.desc b/regression/cbmc-java/NullPointer4/test.desc
index 28c9e6f47fd..fbe3588bfff 100644
--- a/regression/cbmc-java/NullPointer4/test.desc
+++ b/regression/cbmc-java/NullPointer4/test.desc
@@ -3,7 +3,7 @@ NullPointer4.class
 --pointer-check --stop-on-fail
 ^EXIT=10$
 ^SIGNAL=0$
-^  file NullPointer4.java line 6 function java::NullPointer4.main:\(\[Ljava/lang/String;\)V bytecode_index 4$
+^  file NullPointer4.java line 6 function java::NullPointer4.main:\(\[Ljava/lang/String;\)V bytecode-index 4$
 ^VERIFICATION FAILED$
 --
 ^warning: ignoring
diff --git a/regression/cbmc-java/enum1/test.desc b/regression/cbmc-java/enum1/test.desc
index 4c1fcafe076..eff2c2e6817 100644
--- a/regression/cbmc-java/enum1/test.desc
+++ b/regression/cbmc-java/enum1/test.desc
@@ -4,6 +4,6 @@ enum1.class
 ^VERIFICATION SUCCESSFUL$
 ^EXIT=0$
 ^SIGNAL=0$
-^Unwinding loop java::enum1.<clinit>:\(\)V.0 iteration 5 \(6 max\) file enum1.java line 6 function java::enum1.<clinit>:\(\)V bytecode_index 78 thread 0$
+^Unwinding loop java::enum1.<clinit>:\(\)V.0 iteration 5 \(6 max\) file enum1.java line 6 function java::enum1.<clinit>:\(\)V bytecode-index 78 thread 0$
 --
 ^warning: ignoring
diff --git a/regression/cbmc-java/putstatic_source_location/test.desc b/regression/cbmc-java/putstatic_source_location/test.desc
index 131860ef72d..fdb85eb8ee7 100644
--- a/regression/cbmc-java/putstatic_source_location/test.desc
+++ b/regression/cbmc-java/putstatic_source_location/test.desc
@@ -3,4 +3,4 @@ test.class
 --show-goto-functions
 ^EXIT=0$
 ^SIGNAL=0$
-test\.java line 5 function java::test.main:\(\)V bytecode_index 1
+test\.java line 5 function java::test.main:\(\)V bytecode-index 1
diff --git a/regression/strings-smoke-tests/java_parseint_with_radix_knownbug/output b/regression/strings-smoke-tests/java_parseint_with_radix_knownbug/output
index e9cde4a8842..dfb2f48b2cf 100644
--- a/regression/strings-smoke-tests/java_parseint_with_radix_knownbug/output
+++ b/regression/strings-smoke-tests/java_parseint_with_radix_knownbug/output
@@ -45,18 +45,18 @@ Runtime decision procedure: 0.386s
 [java::test_parseint_with_radix.main:([Ljava/lang/String;)V.pointer_dereference.1] reference is null in *args: SUCCESS
 [java::test_parseint_with_radix.main:([Ljava/lang/String;)V.pointer_dereference.2] reference is null in *new_tmp0: SUCCESS
 [java::test_parseint_with_radix.main:([Ljava/lang/String;)V.pointer_dereference.3] reference is null in *new_tmp2: SUCCESS
-[java::test_parseint_with_radix.main:([Ljava/lang/String;)V.assertion.1] assertion at file test_parseint_with_radix.java line 9 function java::test_parseint_with_radix.main:([Ljava/lang/String;)V bytecode_index 20: SUCCESS
+[java::test_parseint_with_radix.main:([Ljava/lang/String;)V.assertion.1] assertion at file test_parseint_with_radix.java line 9 function java::test_parseint_with_radix.main:([Ljava/lang/String;)V bytecode-index 20: SUCCESS
 [java::test_parseint_with_radix.main:([Ljava/lang/String;)V.null-pointer-exception.1] Throw null: SUCCESS
 [java::test_parseint_with_radix.main:([Ljava/lang/String;)V.pointer_dereference.4] reference is null in *new_tmp3: SUCCESS
-[java::test_parseint_with_radix.main:([Ljava/lang/String;)V.assertion.2] assertion at file test_parseint_with_radix.java line 10 function java::test_parseint_with_radix.main:([Ljava/lang/String;)V bytecode_index 29: SUCCESS
+[java::test_parseint_with_radix.main:([Ljava/lang/String;)V.assertion.2] assertion at file test_parseint_with_radix.java line 10 function java::test_parseint_with_radix.main:([Ljava/lang/String;)V bytecode-index 29: SUCCESS
 [java::test_parseint_with_radix.main:([Ljava/lang/String;)V.null-pointer-exception.2] Throw null: SUCCESS
 [java::test_parseint_with_radix.main:([Ljava/lang/String;)V.pointer_dereference.5] reference is null in *args: SUCCESS
 [java::test_parseint_with_radix.main:([Ljava/lang/String;)V.pointer_dereference.6] reference is null in *new_tmp4: SUCCESS
 [java::test_parseint_with_radix.main:([Ljava/lang/String;)V.pointer_dereference.7] reference is null in *new_tmp6: SUCCESS
-[java::test_parseint_with_radix.main:([Ljava/lang/String;)V.assertion.3] assertion at file test_parseint_with_radix.java line 16 function java::test_parseint_with_radix.main:([Ljava/lang/String;)V bytecode_index 52: SUCCESS
+[java::test_parseint_with_radix.main:([Ljava/lang/String;)V.assertion.3] assertion at file test_parseint_with_radix.java line 16 function java::test_parseint_with_radix.main:([Ljava/lang/String;)V bytecode-index 52: SUCCESS
 [java::test_parseint_with_radix.main:([Ljava/lang/String;)V.null-pointer-exception.3] Throw null: SUCCESS
 [java::test_parseint_with_radix.main:([Ljava/lang/String;)V.pointer_dereference.8] reference is null in *new_tmp7: SUCCESS
-[java::test_parseint_with_radix.main:([Ljava/lang/String;)V.assertion.4] assertion at file test_parseint_with_radix.java line 17 function java::test_parseint_with_radix.main:([Ljava/lang/String;)V bytecode_index 61: SUCCESS
+[java::test_parseint_with_radix.main:([Ljava/lang/String;)V.assertion.4] assertion at file test_parseint_with_radix.java line 17 function java::test_parseint_with_radix.main:([Ljava/lang/String;)V bytecode-index 61: SUCCESS
 [java::test_parseint_with_radix.main:([Ljava/lang/String;)V.null-pointer-exception.4] Throw null: SUCCESS
 [pointer_dereference.7] reference is null in *this: SUCCESS
 [array-create-negative-size.1] Array size should be >= 0: SUCCESS
diff --git a/src/goto-instrument/cover.cpp b/src/goto-instrument/cover.cpp
index d482777c2ed..e91e309f919 100644
--- a/src/goto-instrument/cover.cpp
+++ b/src/goto-instrument/cover.cpp
@@ -145,27 +145,27 @@ bool coverage_goalst::get_coverage_goals(
         // ensure minimal requirements for a goal entry
         PRECONDITION(
           (!each_goal["goal"].is_null()) ||
-          (!each_goal["sourceLocation"]["bytecode_index"].is_null()) ||
+          (!each_goal["sourceLocation"]["bytecodeIndex"].is_null()) ||
           (!each_goal["sourceLocation"]["file"].is_null() &&
            !each_goal["sourceLocation"]["function"].is_null() &&
            !each_goal["sourceLocation"]["line"].is_null()));
 
-        // check whether bytecode_index is provided for Java programs
+        // check whether bytecodeIndex is provided for Java programs
         if(mode==ID_java &&
-          each_goal["sourceLocation"]["bytecode_index"].is_null())
+          each_goal["sourceLocation"]["bytecodeIndex"].is_null())
         {
           messaget message(message_handler);
           message.error() << coverage_file
-                          << " file does not contain bytecode_index"
+                          << " file does not contain bytecodeIndex"
                           << messaget::eom;
           return true;
         }
 
-        if(!each_goal["sourceLocation"]["bytecode_index"].is_null())
+        if(!each_goal["sourceLocation"]["bytecodeIndex"].is_null())
         {
-          // get and set the bytecode_index
+          // get and set the bytecodeIndex
           irep_idt bytecode_index=
-            each_goal["sourceLocation"]["bytecode_index"].value;
+            each_goal["sourceLocation"]["bytecodeIndex"].value;
           source_location.set_java_bytecode_index(bytecode_index);
         }
 
@@ -1509,7 +1509,7 @@ bool instrument_cover_goals(
   if(cmdline.isset("existing-coverage"))
   {
     // get the mode to ensure invariants
-    // (e.g., bytecode_index for Java programs)
+    // (e.g., bytecodeIndex for Java programs)
     namespacet ns(symbol_table);
     const irep_idt &mode=ns.lookup(goto_functions.entry_point()).mode;
 
diff --git a/src/util/json_expr.cpp b/src/util/json_expr.cpp
index 4f5ce44d2fd..676c1940db0 100644
--- a/src/util/json_expr.cpp
+++ b/src/util/json_expr.cpp
@@ -95,7 +95,7 @@ json_objectt json(const source_locationt &location)
     result["function"]=json_stringt(id2string(location.get_function()));
 
   if(!location.get_java_bytecode_index().empty())
-    result["bytecode_index"]=
+    result["bytecodeIndex"]=
       json_stringt(id2string(location.get_java_bytecode_index()));
 
   return result;
diff --git a/src/util/source_location.cpp b/src/util/source_location.cpp
index 57d266b2aa4..46f7f5282d9 100644
--- a/src/util/source_location.cpp
+++ b/src/util/source_location.cpp
@@ -56,7 +56,7 @@ std::string source_locationt::as_string(bool print_cwd) const
   {
     if(dest!="")
       dest+=' ';
-    dest+="bytecode_index "+id2string(bytecode);
+    dest+="bytecode-index "+id2string(bytecode);
   }
 
   return dest;

From 5ff94dee8f8f40cf140dc14e7f162dc3cadfdd1e Mon Sep 17 00:00:00 2001
From: Peter Schrammel <peter.schrammel@diffblue.com>
Date: Wed, 2 Aug 2017 18:51:58 +0100
Subject: [PATCH 532/699] Use empty()

---
 src/analyses/goto_check.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/analyses/goto_check.cpp b/src/analyses/goto_check.cpp
index 367b4e13893..26e1297256d 100644
--- a/src/analyses/goto_check.cpp
+++ b/src/analyses/goto_check.cpp
@@ -1703,7 +1703,7 @@ void goto_checkt::goto_check(
         if(!it->source_location.get_column().empty())
           i_it->source_location.set_column(it->source_location.get_column());
 
-        if(it->source_location.get_java_bytecode_index()!=irep_idt())
+        if(!it->source_location.get_java_bytecode_index().empty())
           i_it->source_location.set_java_bytecode_index(
             it->source_location.get_java_bytecode_index());
       }

From 8085d9ee876ba51b07734140183f2dcea10a1c2c Mon Sep 17 00:00:00 2001
From: Cesar Rodriguez <cesar.rodriguez@diffblue.com>
Date: Thu, 3 Aug 2017 18:19:59 +0100
Subject: [PATCH 533/699] Documentation

- for java_object_factoryt
- also in java_bytecode_language.cpp
---
 src/java_bytecode/java_bytecode_language.cpp |   2 +-
 src/java_bytecode/java_entry_point.cpp       |  74 +++-
 src/java_bytecode/java_entry_point.h         |   1 +
 src/java_bytecode/java_object_factory.cpp    | 441 +++++++++++++------
 src/java_bytecode/java_object_factory.h      |  59 +++
 5 files changed, 429 insertions(+), 148 deletions(-)

diff --git a/src/java_bytecode/java_bytecode_language.cpp b/src/java_bytecode/java_bytecode_language.cpp
index b7f293d5a7c..a9004c56e4a 100644
--- a/src/java_bytecode/java_bytecode_language.cpp
+++ b/src/java_bytecode/java_bytecode_language.cpp
@@ -689,7 +689,7 @@ bool java_bytecode_languaget::final(symbol_tablet &symbol_table)
 {
   java_internal_additions(symbol_table);
 
-  // Replace code of String methods calls by code we generate
+  // replace code of String methods calls by code we generate
   replace_string_methods(symbol_table);
 
   main_function_resultt res=
diff --git a/src/java_bytecode/java_entry_point.cpp b/src/java_bytecode/java_entry_point.cpp
index afbc6e046b3..9cf1989c418 100644
--- a/src/java_bytecode/java_entry_point.cpp
+++ b/src/java_bytecode/java_entry_point.cpp
@@ -150,6 +150,15 @@ void java_static_lifetime_init(
   }
 }
 
+///  Extends \p init_code with code that allocates the objects used as test
+///  arguments for the function under test (\p function) and
+///  non-deterministically initializes them.
+///
+///  All the code generated by this function goes to __CPROVER__start, just
+///  before the call to the method under test.
+///
+///  \returns A std::vector of symbol_exprt, one per parameter of \p function,
+///  containing the objects that can be used as arguments for \p function.
 exprt::operandst java_build_arguments(
   const symbolt &function,
   code_blockt &init_code,
@@ -165,6 +174,9 @@ exprt::operandst java_build_arguments(
   exprt::operandst main_arguments;
   main_arguments.resize(parameters.size());
 
+  // certain method arguments cannot be allowed to be null, we set the following
+  // variable to true iff the method under test is the "main" method, which will
+  // be called (by the jvm) with arguments that are never null
   bool is_default_entry_point(config.main.empty());
   bool is_main=is_default_entry_point;
 
@@ -182,6 +194,9 @@ exprt::operandst java_build_arguments(
     is_main=(named_main && has_correct_type);
   }
 
+  // we iterate through all the parameters of the function under test, allocate
+  // an object for that parameter (recursively allocating other objects
+  // necessary to initialize it), and declare such object as an ID_input
   for(std::size_t param_number=0;
       param_number<parameters.size();
       param_number++)
@@ -197,6 +212,8 @@ exprt::operandst java_build_arguments(
     bool allow_null=
       !assume_init_pointers_not_null && !is_main && !is_this;
 
+    // generate code to allocate and non-deterministicaly initialize the
+    // argument
     main_arguments[param_number]=
       object_factory(
         p.type(),
@@ -475,14 +492,40 @@ main_function_resultt get_main_symbol(
   return res;  // give up with error
 }
 
-/// find entry point and create initialization code for function
-/// symbol_table
-/// main class
-/// message_handler
-/// \param assume_init_pointers_not_null: allow pointers in initialization code
-///   to be null
-/// max_nondet_array_length
-/// \return true if error occurred on entry point search
+/// Given the \p symbol_table and the \p main_class to test, this function
+/// generates a new function __CPROVER__start that calls the method under tests.
+///
+/// If __CPROVER__start is already in the `symbol_table`, it silently returns.
+/// Otherwise it finds the method under test using `get_main_symbol` and
+/// constructs a body for __CPROVER__start which does as follows:
+///
+/// 1. Allocates and initializes the parameters of the method under test.
+/// 2. Call it and save its return variable in the variable 'return'.
+/// 3. Declare variable 'return' as an output variable (codet with id
+///    ID_output), together with other objects possibly altered by the execution
+///    the method under test (in `java_record_outputs`)
+///
+/// When \p assume_init_pointers_not_null is false, the generated parameter
+/// initialization code will non-deterministically set input parameters to
+/// either null or a stack-allocated object. Observe that the null/non-null
+/// setting only applies to the parameter itself, and is not propagated to other
+/// pointers that it might be necessary to initialize in the object tree rooted
+/// at the parameter.
+/// Parameter \p max_nondet_array_length provides the maximum length for an
+/// array used as part of the input to the method under test, and
+/// \p max_nondet_tree_depth defines the maximum depth of the object tree
+/// created for such inputs. This maximum depth is used **in conjunction** with
+/// the so-called "recursive type set" (see field `recursive_set` in class
+/// java_object_factoryt) to bound the depth of the object tree for the
+/// parameter. Only when
+/// - the depth of the tree is >= max_nondet_tree_depth **AND**
+/// - the type of the object under initialization is already found in the
+///   recursive set
+/// then that object is not initalized and the reference pointing to it is
+/// (deterministically) set to null. This is a source of underapproximation in
+/// our approach to test generation, and should perhaps be fixed in the future.
+///
+/// \returns true if error occurred on entry point search
 bool java_entry_point(
   symbol_tablet &symbol_table,
   const irep_idt &main_class,
@@ -539,7 +582,10 @@ bool java_entry_point(
     init_code.move_to_operands(call_init);
   }
 
-  // build call to the main method
+  // build call to the main method, of the form
+  // return = main_method(arg1, arg2, ..., argn)
+  // where return is a new variable
+  // and arg1 ... argn are constructed below as well
 
   code_function_callt call_main;
 
@@ -547,10 +593,13 @@ bool java_entry_point(
   loc.set_function(symbol.name);
   source_locationt &dloc=loc;
 
+  // function to call
   call_main.add_source_location()=dloc;
   call_main.function()=symbol.symbol_expr();
   call_main.function().add_source_location()=dloc;
 
+  // if the method return type is not void, store return value in a new variable
+  // named 'return'
   if(to_code_type(symbol.type).return_type()!=empty_typet())
   {
     auxiliary_symbolt return_symbol;
@@ -576,6 +625,8 @@ bool java_entry_point(
     symbol_table.add(exc_symbol);
   }
 
+  // create code that allocates the objects used as test arguments and
+  // non-deterministically initializes them
   exprt::operandst main_arguments=
     java_build_arguments(
       symbol,
@@ -587,11 +638,14 @@ bool java_entry_point(
       pointer_type_selector);
   call_main.arguments()=main_arguments;
 
+  // we insert the call to the method AFTER the argument initialization code
   init_code.move_to_operands(call_main);
 
+  // declare certain (which?) variables as test outputs
   java_record_outputs(symbol, main_arguments, init_code, symbol_table);
 
-  // add "main"
+  // create a symbol for the __CPROVER__start function, associate the code that
+  // we just built and register it in the symbol table
   symbolt new_symbol;
 
   code_typet main_type;
diff --git a/src/java_bytecode/java_entry_point.h b/src/java_bytecode/java_entry_point.h
index 9e3ae36eec3..97828ed2bdb 100644
--- a/src/java_bytecode/java_entry_point.h
+++ b/src/java_bytecode/java_entry_point.h
@@ -32,6 +32,7 @@ typedef struct
   bool stop_convert;
 } main_function_resultt;
 
+/// Figures out the entry point of the code to verify
 main_function_resultt get_main_symbol(
   symbol_tablet &symbol_table,
   const irep_idt &main_class,
diff --git a/src/java_bytecode/java_object_factory.cpp b/src/java_bytecode/java_object_factory.cpp
index f4d645e8458..4d653eefc1a 100644
--- a/src/java_bytecode/java_object_factory.cpp
+++ b/src/java_bytecode/java_object_factory.cpp
@@ -49,16 +49,38 @@ static symbolt &new_tmp_symbol(
 
 class java_object_factoryt
 {
+  /// Every new variable initialized by the code emitted by the methods of this
+  /// class gets a symbol in the symbol table, and such symbols are also added
+  /// to this vector.
   std::vector<const symbolt *> &symbols_created;
+
+  /// The source location for new statements emitted during the operation of the
+  /// methods in this class.
   const source_locationt &loc;
-  /// Maximum value for the non-deterministically-choosen length of an array.
+
+  /// Maximum value for the non-deterministically-chosen length of an array.
   const size_t max_nondet_array_length;
+
+  /// Used to prevent the methods in this class to loop infinitely during the
+  /// generation of code that allocates/initializes data structures of recursive
+  /// data types or unbounded depth. We bound the maximum number of times we
+  /// dereference a pointer using a 'depth counter'. We set a pointer to null if
+  /// such depth becomes >= than this maximum value.
   const size_t max_nondet_tree_depth;
+
+  /// This is employed in conjunction with the depth above. Every time the
+  /// non-det generator visits a type, the type is added to this set. We forbid
+  /// the non-det initialization when we see the type for the second time in
+  /// this set AND the tree depth becomes >= than the maximum value above.
   std::unordered_set<irep_idt, irep_id_hash> recursion_set;
+
+  /// The symbol table.
   symbol_tablet &symbol_table;
+
+  /// A namespace built from exclusively one symbol table - the one above.
   namespacet ns;
 
-  /// Resolves pointer types potentially using some heuristics for example
+  /// Resolves pointer types potentially using some heuristics, for example
   /// to replace pointers to interface types with pointers to concrete
   /// implementations.
   const select_pointer_typet &pointer_type_selector;
@@ -153,7 +175,8 @@ class java_object_factoryt
 };
 
 /// Generates code for allocating a dynamic object. This is used in
-/// allocate_object and for allocating strings in the library preprocessing.
+/// allocate_object() and also in the library preprocessing for allocating
+/// strings.
 /// \param target_expr: expression to which the necessary memory will be
 ///   allocated
 /// \param allocate_type: type of the object allocated
@@ -184,7 +207,7 @@ exprt allocate_dynamic_object(
     malloc_expr.copy_to_operands(object_size);
     typet result_type=pointer_type(allocate_type);
     malloc_expr.type()=result_type;
-    // Create a symbol for the malloc expression so we can initialize
+    // create a symbol for the malloc expression so we can initialize
     // without having to do it potentially through a double-deref, which
     // breaks the to-SSA phase.
     symbolt &malloc_sym=new_tmp_symbol(
@@ -262,14 +285,17 @@ exprt allocate_dynamic_object_with_decl(
   return result;
 }
 
-/// Returns false if we can't figure out the size of allocate_type.
-/// allocate_type may differ from target_expr, e.g. for target_expr having type
-/// int* and allocate_type being an int[10].
-/// \param assignments: The code block to add code to
-/// \param target_expr: The expression which we are allocating a symbol for
+/// Installs a new symbol in the symbol table, pushing the corresponding symbolt
+/// object to the field `symbols_created` and emits to \p assignments a new
+/// assignment of the form `<target_expr> := address-of(new_object)`.  The
+/// \p allocate_type may differ from `target_expr.type()`, e.g. for target_expr
+/// having type int* and allocate_type being an int[10].
+///
+/// \param assignments: The code block to add code to.
+/// \param target_expr: The expression which we are allocating a symbol for.
 /// \param allocate_type:
 /// \param alloc_type: Allocation type (global, local or dynamic)
-/// \return the allocated object
+/// \return An address_of_exprt of the newly allocated object.
 exprt java_object_factoryt::allocate_object(
   code_blockt &assignments,
   const exprt &target_expr,
@@ -315,9 +341,7 @@ exprt java_object_factoryt::allocate_object(
   } // End switch
 }
 
-/// Adds an instruction to `init_code` null-initialising `expr`.
-/// \par parameters: `expr`: pointer-typed lvalue expression to initialise
-/// `ptr_type`: pointer type to write
+/// Returns a codet that assigns \p expr, of type \p ptr_type, a NULL value.
 code_assignt java_object_factoryt::get_null_assignment(
   const exprt &expr,
   const pointer_typet &ptr_type)
@@ -328,16 +352,45 @@ code_assignt java_object_factoryt::get_null_assignment(
   return code;
 }
 
-/// Initialises an object tree rooted at `expr`, allocating child objects as
-/// necessary and nondet-initialising their members, or if MUST_UPDATE_IN_PLACE
-/// is set, re-initialising already-allocated objects.
-/// \par parameters: `expr`: pointer-typed lvalue expression to initialise
-/// `target_type`: structure type to initialise, which may not match *expr (for
-///   example, expr might be void*)
-/// `alloc_type`: Allocation type (global, local or dynamic)
-/// `update_in_place`: NO_UPDATE_IN_PLACE: initialise `expr` from scratch
-///   MUST_UPDATE_IN_PLACE: reinitialise an existing object MAY_UPDATE_IN_PLACE:
-///   invalid input
+/// Initializes the pointer-typed lvalue expression `expr` to point to an object
+/// of type `target_type`, recursively nondet-initializing the members of that
+/// object. Code emitted mainly depends on \p update_in_place:
+///
+/// When in NO_UPDATE_IN_PLACE mode, the code emitted looks like:
+///
+/// ```
+///   struct new_object obj; // depends on alloc_type
+///   <expr> := &obj
+///   // recursive initialization of obj in NO_UPDATE_IN_PLACE mode
+/// ```
+///
+/// When in MUST_UPDATE_IN_PLACE mode, all code is emitted by a recursive call
+/// to gen_nondet_init in MUST_UPDATE_IN_PLACE mode, and looks like:
+///
+/// ```
+///   (*<expr>).some_int := NONDET(int)
+///   (*<expr>).some_char := NONDET(char)
+/// ```
+/// It is illegal to call the function with MAY_UPDATE_IN_PLACE.
+///
+/// \param[out] assignments:
+///   A code_blockt where the initialization code will be emitted to.
+/// \param expr:
+///   Pointer-typed lvalue expression to initialize.
+///   The pointed type equals \p target_type.
+/// \param target_type:
+///   Structure type to initialize, which may not match `*expr` (for example,
+///   `expr` might be have type void*). It cannot be a pointer to a primitive
+///   type because Java does not allow so.
+/// \param alloc_type:
+///   Allocation type (global, local or dynamic)
+/// \param depth:
+///   Number of times that a pointer has been dereferenced from the root of the
+///   object tree that we are initializing.
+/// \param update_in_place:
+///   NO_UPDATE_IN_PLACE: initialize `expr` from scratch
+///   MUST_UPDATE_IN_PLACE: reinitialize an existing object
+///   MAY_UPDATE_IN_PLACE: invalid input
 void java_object_factoryt::gen_pointer_target_init(
   code_blockt &assignments,
   const exprt &expr,
@@ -362,6 +415,12 @@ void java_object_factoryt::gen_pointer_target_init(
   }
   else
   {
+    // obtain a target pointer to initialize; if in MUST_UPDATE_IN_PLACE mode we
+    // initialize the fields of the object pointed by `expr`; if in
+    // NO_UPDATE_IN_PLACE then we allocate a new object, get a pointer to it
+    // (return value of `allocate_object`), emit a statement of the form
+    // `<expr> := address-of(<new-object>)` and recursively initialize such new
+    // object.
     exprt target;
     if(update_in_place==update_in_placet::NO_UPDATE_IN_PLACE)
     {
@@ -372,12 +431,15 @@ void java_object_factoryt::gen_pointer_target_init(
         alloc_type);
       INVARIANT(
         target.type().id()==ID_pointer,
-        "We expect an address-of object");
+        "Pointer-typed expression expected");
     }
     else
     {
       target=expr;
     }
+
+    // we dereference the pointer and initialize the resulting object using a
+    // recursive call
     exprt init_expr;
     if(target.id()==ID_address_of)
       init_expr=target.op0();
@@ -412,7 +474,7 @@ class recursion_set_entryt
   irep_idt erase_entry;
 
 public:
-  /// Initialise a recursion-set entry owner operating on a given set.
+  /// Initialize a recursion-set entry owner operating on a given set.
   /// Initially it does not own any set entry.
   /// \param _recursion_set: set to operate on.
   recursion_set_entryt(std::unordered_set<irep_idt, irep_id_hash> &_recursion_set):
@@ -449,20 +511,35 @@ class recursion_set_entryt
   }
 };
 
-/// Initialises a primitive or object tree rooted at `expr`, of type pointer. It
-/// allocates child objects as necessary and nondet-initialising their members,
-/// or if MUST_UPDATE_IN_PLACE is set, re-initialising already-allocated
-/// objects.
-/// \param assignemnts - the code block we are building with
-///   initilisation code
-/// \param expr: lvalue expression to initialise
-/// \param class_identifier - the name of the class so we can identify
-/// special cases where a null pointer is not applicable.
-/// \param alloc_type: Allocation type (global, local or dynamic)
-/// \param pointer_type - The type of the pointer we are initalising
-/// `update_in_place`: NO_UPDATE_IN_PLACE: initialise `expr` from scratch
-///   MUST_UPDATE_IN_PLACE: reinitialise an existing object MAY_UPDATE_IN_PLACE:
-///   generate a runtime nondet branch between the NO_ and MUST_ cases.
+/// Initializes a pointer \p expr of type \p pointer_type to a primitive-typed
+/// value or an object tree.  It allocates child objects as necessary and
+/// nondet-initializes their members, or if MUST_UPDATE_IN_PLACE is set,
+/// re-initializes already-allocated objects.
+///
+/// \param assignments:
+///   The code block we are building with initialization code.
+/// \param expr:
+///   Pointer-typed lvalue expression to initialize.
+/// \param class_identifier:
+///   Name of the parent class. Used to initialize the `@class_identifier` among
+///   others.
+/// \param alloc_type:
+///   Allocation type (global, local or dynamic)
+/// \param allow_null:
+///   true iff the the non-det initialization code is allowed to set null as a
+///   value to the pointer \p expr; note that the current value of allow_null is
+///   _not_ inherited by subsequent recursive calls; those will always be
+///   authorized to assign null to a pointer
+/// \param depth:
+///   Number of times that a pointer has been dereferenced from the root of the
+///   object tree that we are initializing.
+/// \param pointer_type:
+///   The type of the pointer we are initalizing
+/// \param update_in_place:
+///   * NO_UPDATE_IN_PLACE: initialize `expr` from scratch
+///   * MAY_UPDATE_IN_PLACE: generate a runtime nondet branch between the NO_
+///     and MUST_ cases.
+///   * MUST_UPDATE_IN_PLACE: reinitialize an existing object
 void java_object_factoryt::gen_nondet_pointer_init(
   code_blockt &assignments,
   const exprt &expr,
@@ -500,6 +577,18 @@ void java_object_factoryt::gen_nondet_pointer_init(
   // if one is set below.
   recursion_set_entryt recursion_set_entry(recursion_set);
 
+  // If the pointed value is struct-typed, then we need to prevent the
+  // possibility of this code to loop infinitely when initializing a data
+  // structure with recursive types or unbounded depth.  We implement two
+  // mechanisms here. We keep a set of 'types seen', and detect when we perform
+  // a 2nd visit to the same type.  We also detect the depth in the chain of
+  // (recursive) calls to the methods of this class. The depth counter is
+  // incremented only when a pointer is deferenced, including pointers to
+  // arrays.
+  //
+  // When we visit for 2nd time a type AND the maximum depth is exceeded, we set
+  // the pointer to NULL instead of recursively initializing the struct to which
+  // it points.
   const typet &subtype=ns.follow(pointer_type.subtype());
   if(subtype.id()==ID_struct)
   {
@@ -524,6 +613,10 @@ void java_object_factoryt::gen_nondet_pointer_init(
   code_blockt new_object_assignments;
   code_blockt update_in_place_assignments;
 
+  // if the initialization mode is MAY_UPDATE or MUST_UPDATE in place, then we
+  // emit to `update_in_place_assignments` code for in-place initialization of
+  // the object pointed by `expr`, assuming that such object is of type
+  // `subtype`
   if(update_in_place!=update_in_placet::NO_UPDATE_IN_PLACE)
   {
     gen_pointer_target_init(
@@ -535,14 +628,17 @@ void java_object_factoryt::gen_nondet_pointer_init(
       update_in_placet::MUST_UPDATE_IN_PLACE);
   }
 
+  // if we MUST_UPDATE_IN_PLACE, then the job is done, we copy the code emitted
+  // above to `assignments` and return
   if(update_in_place==update_in_placet::MUST_UPDATE_IN_PLACE)
   {
     assignments.append(update_in_place_assignments);
     return;
   }
 
-  // Otherwise we need code for the allocate-new-object case:
-
+  // if the mode is NO_UPDATE or MAY_UPDATE in place, then we need to emit a
+  // vector of assignments that create a new object (recursively initializes it)
+  // and asign to `expr` the address of such object
   code_blockt non_null_inst;
   gen_pointer_target_init(
     non_null_inst,
@@ -622,18 +718,30 @@ void java_object_factoryt::gen_nondet_pointer_init(
   }
 }
 
-/// Generate GOTO code to initalize the selected concrete type
-/// A { ... } tmp_object;
-/// A.x = NONDET ...
-/// // non-det init of all the fields of A
-/// A * p = &tmp_object
-/// expr = (I *)p
-/// \param assignments: the code to append to
+/// Generate codet assignments to initalize the selected concrete type.
+/// Generated code looks as follows (here A = replacement_pointer.subtype()):
+///
+///   // allocate memory for a new object, depends on `alloc_type`
+///   A { ... } tmp_object;
+///
+///   // non-det init all the fields of A
+///   A.x = NONDET(...)
+///   A.y = NONDET(...)
+///
+///   // assign `expr` with a suitably casted pointer to new_object
+///   A * p = &tmp_object
+///
+/// \param assignments
+///   A block of code where we append the generated code.
 /// \param alloc_type: Allocation type (global, local or dynamic)
-/// \param replacement_pointer: The type of the pointer we actually want to
-///   to create.
-/// \return The symbol expression that corresponds to the pointer to object
-///   created of the required type.
+/// \param replacement_pointer
+///   The type of the pointer we actually want to to create.
+/// \param depth:
+///   Number of times that a pointer has been dereferenced from the root of the
+///   object tree that we are initializing.
+/// \return
+///   A symbol expression of type \p replacement_pointer corresponding to a
+///   pointer to object `tmp_object` (see above).
 symbol_exprt java_object_factoryt::gen_nondet_subtype_pointer_init(
   code_blockt &assignments,
   allocation_typet alloc_type,
@@ -659,23 +767,33 @@ symbol_exprt java_object_factoryt::gen_nondet_subtype_pointer_init(
   return new_symbol.symbol_expr();
 }
 
-/// Initialises an object tree rooted at `expr`, allocating child objects as
-/// necessary and nondet-initialising their members, or if MUST_UPDATE_IN_PLACE
-/// is set, re-initialising already-allocated objects.
-/// \param assignments: The code block to append the new
-///   instructions to
-/// \param expr: pointer-typed lvalue expression to initialise
-/// \param is_sub: If true, `expr` is a substructure of a larger object, which
-///   in Java necessarily means a base class. not match *expr (for example, expr
-///   might be void*)
-/// \param class_identifier: clsid to initialise @java.lang.Object.
-///   @class_identifier
-/// \param skip_classid: if true, skip initialising @class_identifier
-/// \param alloc_type: Allocation type (global, local or dynamic)
-/// \param struct_type - The type of the struct we are initalising
-/// \param update_in_place: NO_UPDATE_IN_PLACE: initialise `expr` from scratch
-///   MUST_UPDATE_IN_PLACE: reinitialise an existing object MAY_UPDATE_IN_PLACE:
-///   invalid input
+/// Initializes an object tree rooted at `expr`, allocating child objects as
+/// necessary and nondet-initializes their members, or if MUST_UPDATE_IN_PLACE
+/// is set, re-initializes already-allocated objects.
+///
+/// \param assignments:
+///   The code block to append the new instructions to.
+/// \param expr
+///   Struct-typed lvalue expression to initialize.
+/// \param is_sub:
+///   If true, `expr` is a substructure of a larger object, which in Java
+///   necessarily means a base class.
+/// \param class_identifier:
+///   Name of the parent class. Used to initialize the `@class_identifier` among
+///   others.
+/// \param skip_classid:
+///   If true, skip initializing `@class_identifier`.
+/// \param alloc_type:
+///   Allocation type (global, local or dynamic)
+/// \param struct_type:
+///   The type of the struct we are initalizing.
+/// \param depth:
+///   Number of times that a pointer has been dereferenced from the root of the
+///   object tree that we are initializing.
+/// \param update_in_place:
+///   NO_UPDATE_IN_PLACE: initialize `expr` from scratch
+///   MUST_UPDATE_IN_PLACE: reinitialize an existing object
+///   MAY_UPDATE_IN_PLACE: invalid input
 void java_object_factoryt::gen_nondet_struct_init(
   code_blockt &assignments,
   const exprt &expr,
@@ -756,24 +874,42 @@ void java_object_factoryt::gen_nondet_struct_init(
   }
 }
 
-/// Initialises a primitive or object tree rooted at `expr`, allocating child
-/// objects as necessary and nondet-initialising their members, or if
-/// MUST_UPDATE_IN_PLACE is set, re-initialising already-allocated objects.
-/// \par parameters: `expr`: lvalue expression to initialise
-/// `is_sub`: If true, `expr` is a substructure of a larger object, which in
-///   Java necessarily means a base class. not match *expr (for example, expr
-///   might be void*)
-/// `class_identifier`: clsid to initialise @java.lang.Object. @class_identifier
-/// `skip_classid`: if true, skip initialising @class_identifier
-/// `alloc_type`: Allocation type (global, local or dynamic)
-/// `override`: If true, initialise with `override_type` instead of
-///   `expr.type()`. Used at the moment for reference arrays, which are
-///   implemented as void* arrays but should be init'd as their true type with
-///   appropriate casts.
-/// `override_type`: Override type per above
-/// `update_in_place`: NO_UPDATE_IN_PLACE: initialise `expr` from scratch
-///   MUST_UPDATE_IN_PLACE: reinitialise an existing object MAY_UPDATE_IN_PLACE:
-///   generate a runtime nondet branch between the NO_ and MUST_ cases.
+/// Initializes a primitive-typed or referece-typed object tree rooted at
+/// `expr`, allocating child objects as necessary and nondet-initializing their
+/// members, or if MUST_UPDATE_IN_PLACE is set, re-initializing
+/// already-allocated objects.
+///
+/// \param assignments:
+///   A code block where the initializing assignments will be appended to.
+/// \param expr:
+///   Lvalue expression to initialize.
+/// \param is_sub:
+///   If true, `expr` is a substructure of a larger object, which in Java
+///   necessarily means a base class.
+/// \param class_identifier:
+///   Name of the parent class. Used to initialize the `@class_identifier` among
+///   others.
+/// \param skip_classid:
+///   If true, skip initializing `@class_identifier`.
+/// \param alloc_type:
+///   Allocation type (global, local or dynamic)
+/// \param override_:
+///   If true, initialize with `override_type` instead of `expr.type()`. Used at
+///   the moment for reference arrays, which are implemented as void* arrays but
+///   should be init'd as their true type with appropriate casts.
+/// \param allow_null:
+///   True iff the the non-det initialization code is allowed to set null as a
+///   value to a pointer.
+/// \param depth:
+///   Number of times that a pointer has been dereferenced from the root of the
+///   object tree that we are initializing.
+/// \param override_type:
+///   Override type per above.
+/// \param update_in_place:
+///   NO_UPDATE_IN_PLACE: initialize `expr` from scratch
+///   MAY_UPDATE_IN_PLACE: generate a runtime nondet branch between the NO_
+///   and MUST_ cases.
+///   MUST_UPDATE_IN_PLACE: reinitialize an existing object
 void java_object_factoryt::gen_nondet_init(
   code_blockt &assignments,
   const exprt &expr,
@@ -821,6 +957,8 @@ void java_object_factoryt::gen_nondet_init(
   }
   else
   {
+    // types different from pointer or structure:
+    // bool, int, float, byte, char, ...
     exprt rhs=type.id()==ID_c_bool?
       get_nondet_bool(type):
       side_effect_expr_nondett(type);
@@ -831,14 +969,18 @@ void java_object_factoryt::gen_nondet_init(
   }
 }
 
-/// Allocates a fresh array. Single-use at the moment, but useful to keep
-/// as a separate function for downstream branches.
-/// \par parameters: `lhs`, symbol to assign the new array structure
-/// `max_length_expr`, maximum length of the new array (minimum is fixed at zero
-///   for now)
-/// `element_type`, actual element type of the array (the array for all
-///   reference types will have void* type, but this will be annotated as the
-///   true member type)
+/// Allocates a fresh array and emits an assignment writing to \p lhs the
+/// address of the new array.  Single-use at the moment, but useful to keep as a
+/// separate function for downstream branches.
+/// \param[out] assignments:
+///   Code is emitted here.
+/// \param lhs:
+///   Symbol to assign the new array structure.
+/// \param max_length_expr:
+///   Maximum length of the new array (minimum is fixed at zero for now).
+/// \param element_type:
+///   Actual element type of the array (the array for all reference types will
+///   have void* type, but this will be annotated as the true member type).
 /// \return Appends instructions to `assignments`
 void java_object_factoryt::allocate_nondet_length_array(
   code_blockt &assignments,
@@ -887,8 +1029,12 @@ void java_object_factoryt::allocate_nondet_length_array(
   assignments.copy_to_operands(assign);
 }
 
-/// create code to initialize a Java array with size `max_nondet_array_length`,
-/// loop over elements and initialize them
+/// Create code to initialize a Java array whose size will be at most
+/// `max_nondet_array_length`. The code is emitted to \p assignments does as
+/// follows:
+/// 1. non-deterministically choose a length for the array
+/// 2. assume that such length is >=0 and <= max_length
+/// 3. loop through all elements of the array and initialize them
 void java_object_factoryt::gen_nondet_array_init(
   code_blockt &assignments,
   const exprt &expr,
@@ -906,6 +1052,8 @@ void java_object_factoryt::gen_nondet_array_init(
 
   auto max_length_expr=from_integer(max_nondet_array_length, java_int_type());
 
+  // In NO_UPDATE_IN_PLACE mode we allocate a new array and recursively
+  // initialize its elements
   if(update_in_place==update_in_placet::NO_UPDATE_IN_PLACE)
   {
     allocate_nondet_length_array(
@@ -1036,23 +1184,17 @@ static void declare_created_symbols(
   }
 }
 
-/// Similar to `gen_nondet_init`, but returns an object expression
-/// rather than assigning to one.
-/// \param type: type of new object to create
-/// \param base_name: base name of top-level constructed object
-/// \param [out] init_code: gains any instructions requried to initialise either
-///   the returned value or its child objects
-/// \param allow_null: if true, may return null; otherwise always
-///   allocates an object
-/// \param symbol_table: gains any new symbols created, as per gen_nondet_init
-///   above.
-/// \param max_nondet_array_length: upper bound on size of initialised arrays
-/// \param alloc_type: allocation method (global, local or dynamic objects)
-/// \param loc: source location for all generated code
-/// \param pointer_type_selector: The pointer_selector to use to resolve
-///   pointer types where required.
-/// \return A symbol expression repesenting the new object that has been
-///   created.
+/// Similar to `gen_nondet_init` below, but instead of allocating and
+/// non-deterministically initializing the the argument `expr` passed to that
+/// function, we create a static global object of type \p type and
+/// non-deterministically initialize it.
+///
+/// See gen_nondet_init for a description of the parameters.
+/// The only new one is \p type, which is the type of the object to create.
+///
+/// \return The object created, the \p symbol_table gains any new symbols
+/// created, and \p init_code gains any instructions requried to initialize
+/// either the returned value or its child objects
 exprt object_factory(
   const typet &type,
   const irep_idt base_name,
@@ -1111,27 +1253,52 @@ exprt object_factory(
   return object;
 }
 
-/// Initialises a primitive or object tree rooted at `expr`, allocating child
-/// objects as necessary and nondet-initialising their members, or if MAY_ or
-/// MUST_UPDATE_IN_PLACE is set, re-initialising already-allocated objects.
-/// \param expr: lvalue expression to initialise
-/// \param init_code: gets an instruction sequence to initialise or
-///   reinitialise `expr` and child objects it refers to.
-/// \param symbol_table: is modified with any new symbols created.
-///   This includes any necessary temporaries, and if `create_dyn_objs` is
-///   false, any allocated objects.
-/// \param loc: source location for all generated code
-/// \param skip_classid: if true, skip initialising @class_identifier
-/// \param create_dyn_objs: if true, use malloc to allocate objects; otherwise
-///   generate fresh static symbols.
-/// \param assume_non_null: never initialise pointer members with null, unless
-///   forced to by recursive datatypes;
-/// \param max_nondet_array_length: upper bound on size of initialised arrays.
-/// \param pointer_type_selector: The pointer_selector to use to resolve
-///   pointer types where required.
-/// \param update_in_place: NO_UPDATE_IN_PLACE: initialise `expr` from scratch
-///   MUST_UPDATE_IN_PLACE: reinitialise an existing object MAY_UPDATE_IN_PLACE:
-///   generate a runtime nondet branch between the NO_ and MUST_ cases.
+/// Initializes a primitive-typed or referece-typed object tree rooted at
+/// `expr`, allocating child objects as necessary and nondet-initializing their
+/// members, or if MAY_ or MUST_UPDATE_IN_PLACE is set, re-initializing
+/// already-allocated objects.
+///
+/// \param expr:
+///   Lvalue expression to initialize.
+/// \param[out] init_code:
+///   A code block where the initializing assignments will be appended to.
+///   It gets an instruction sequence to initialize or reinitialize `expr` and
+///   child objects it refers to.
+/// \param symbol_table:
+///   The symbol table, where new variables created as a result of emitting code
+///   to \p init_code will be inserted to.  This includes any necessary
+///   temporaries, and if `create_dyn_objs` is false, any allocated objects.
+/// \param loc:
+///   Source location to which all generated code will be associated to.
+/// \param skip_classid:
+///   If true, skip initializing field `@class_identifier`.
+/// \param alloc_type:
+///   Allocate new objects as global objects (GLOBAL) or as local variables
+///   (LOCAL) or using malloc (DYNAMIC).
+/// \param allow_null:
+///   When \p expr is a pointer, the non-det initializing code will
+///   unconditionally set \p expr to a non-null object iff \p allow_null is
+///   true. Note that other references down the object hierarchy *can* be null
+///   when \p allow_null is false (as this parameter is not inherited by
+///   subsequent recursive calls).  Has no effect when \p expr is not
+///   pointer-typed.
+/// \param max_nondet_array_length:
+///   Upper bound on size of initialized arrays.
+/// \param max_nondet_tree_depth:
+///   Maximum depth in the object hirearchy (counted as the number of times a
+///   pointer is deferenced) created by the initialization code that will be
+///   emitted here.
+/// \param pointer_type_selector:
+///   The pointer_selector to use to resolve pointer types where required.
+/// \param update_in_place:
+///   NO_UPDATE_IN_PLACE: initialize `expr` from scratch
+///   MAY_UPDATE_IN_PLACE: generate a runtime nondet branch between the NO_
+///   and MUST_ cases.
+///   MUST_UPDATE_IN_PLACE: reinitialize an existing object
+/// \return `init_code` gets an instruction sequence to initialize or
+///   reinitialize `expr` and child objects it refers to. `symbol_table` is
+///   modified with any new symbols created. This includes any necessary
+///   temporaries, and if `create_dyn_objs` is false, any allocated objects.
 void gen_nondet_init(
   const exprt &expr,
   code_blockt &init_code,
@@ -1173,7 +1340,7 @@ void gen_nondet_init(
   init_code.append(assignments);
 }
 
-/// Call object_factory with a default (identity) pointer_type_selector
+/// Call object_factory() above with a default (identity) pointer_type_selector
 exprt object_factory(const typet &type,
   const irep_idt base_name,
   code_blockt &init_code,
@@ -1198,7 +1365,7 @@ exprt object_factory(const typet &type,
     pointer_type_selector);
 }
 
-/// Call gen_nondet_init with a default (identity) pointer_type_selector
+/// Call gen_nondet_init() above with a default (identity) pointer_type_selector
 void gen_nondet_init(const exprt &expr,
   code_blockt &init_code,
   symbol_tablet &symbol_table,
diff --git a/src/java_bytecode/java_object_factory.h b/src/java_bytecode/java_object_factory.h
index 9aa9c073c29..a90867d9a58 100644
--- a/src/java_bytecode/java_object_factory.h
+++ b/src/java_bytecode/java_object_factory.h
@@ -6,6 +6,65 @@ Author: Daniel Kroening, kroening@kroening.com
 
 \*******************************************************************/
 
+/// \file
+/// This module is responsible for the synthesis of code (in the form of a
+/// sequence of codet statements) that can allocate and initialize
+/// non-deterministically both primitive Java types and objects. The
+/// non-deterministic initialization of one object triggers the
+/// non-deterministic initialization of all its fields, which in turn could be
+/// references to other objects. We thus speak about an object tree.
+///
+/// This is useful for, e.g., the creation of a verification harness (non-det
+/// initialization of the parameters of the method to verify), mocking methods
+/// that are called but for which we don't have a body (overapproximating the
+/// return value and possibly side effects).
+///
+/// The two main APIs are \ref gen_nondet_init() and \ref object_factory(), at
+/// the bottom of the file.  Their purpose is very similar. A call to
+///
+///   gen_nondet_init(expr, code, ..., update_in_place)
+///
+/// appends to `code` (a code_blockt) a sequence of statements that
+/// non-deterministically initialize the `expr` (which is expected to be an
+/// l-value exprt) with a primitive or reference value of type equal to or
+/// compatible with `expr.type()` -- see documentation for the argument
+/// `pointer_type_selector` for additional details.
+///
+/// The code generated mainly depends on the parameter `update_in_place`. Assume
+/// that `expr` is a reference to an object (in our IR, that means a pointer to
+/// a struct).
+///
+/// When update_in_place == NO_UPDATE_IN_PLACE, the following code is
+/// generated:
+///
+/// ```
+///     struct MyClass object;
+///     if (NONDET(bool))
+///       expr = NULL;
+///     else
+///       expr = &object;
+///       ... // non-det initialization of `object` in NO_UPDATE_IN_PLACE mode
+/// ```
+///
+/// When update_in_place == MUST_UPDATE_IN_PLACE, the following code is
+/// generated (assuming that MyClass has fields "int x" and "OtherClass y"):
+///
+/// ```
+///     expr->x = NONDET(int);
+///     expr->y = ... // non-det initialization in MUST_UPDATE_IN_PLACE mode
+/// ```
+///
+/// When update_in_place == MAY_UPDATE_IN_PLACE, the following code is
+/// generated:
+///
+/// ```
+///     if (NONDET(bool))
+///       ... // non-det initialization of `expr` in MUST_UPDATE_IN_PLACE
+///     else
+///       ... // non-det initialization of `expr` in NO_UPDATE_IN_PLACE
+/// ```
+///
+
 #ifndef CPROVER_JAVA_BYTECODE_JAVA_OBJECT_FACTORY_H
 #define CPROVER_JAVA_BYTECODE_JAVA_OBJECT_FACTORY_H
 

From 28ca28d34b945a2d751721bc47f1c502abb35d1d Mon Sep 17 00:00:00 2001
From: Peter Schrammel <peter.schrammel@diffblue.com>
Date: Tue, 8 Aug 2017 17:23:53 +0100
Subject: [PATCH 534/699] Test for java-specific output in JSON

In particular, booleans are now printed as true/false instead of 0/1;
NULL as null, and pointer types as their respective structs.
---
 regression/cbmc-java/json_trace2/Test.class | Bin 0 -> 292 bytes
 regression/cbmc-java/json_trace2/Test.java  |   7 +++++++
 regression/cbmc-java/json_trace2/test.desc  |  10 ++++++++++
 3 files changed, 17 insertions(+)
 create mode 100644 regression/cbmc-java/json_trace2/Test.class
 create mode 100644 regression/cbmc-java/json_trace2/Test.java
 create mode 100644 regression/cbmc-java/json_trace2/test.desc

diff --git a/regression/cbmc-java/json_trace2/Test.class b/regression/cbmc-java/json_trace2/Test.class
new file mode 100644
index 0000000000000000000000000000000000000000..68771db843ab17d0c80c4dbea1b7f72f1f9c2b9f
GIT binary patch
literal 292
zcmZ8bJx{|h6ucMPNfY|DFm_-|i$sOQ24bni)Rv(Y1Dg{plu}YuTz*v-CM1TgNc<?o
zIby=YyYs!f)BFDUJOH>rKZ8OiK{r895MNbw<*x-QAKnS{Wb@zzy=hgu`R=)J+odhm
zRJ3=mUT~aGSN6@0*S3Bf-xe!Z`pe<HptJC{e45#pKYO;=?6#%5sX{hgGJ6(sZD<&l
z1wqjNUxgDyJTANlw83!3{0)dgG@}p5JBc9Sj2kg5T1d%*^_&<5<@5_i?e(5KYTVtX
TTCrBsX^?TFAfe=_F|~gI3HUH&

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/json_trace2/Test.java b/regression/cbmc-java/json_trace2/Test.java
new file mode 100644
index 00000000000..25608c219d3
--- /dev/null
+++ b/regression/cbmc-java/json_trace2/Test.java
@@ -0,0 +1,7 @@
+public class Test {
+  boolean test(Object x) {
+    if(x==null)
+      return false;
+    return true;
+  }
+}
diff --git a/regression/cbmc-java/json_trace2/test.desc b/regression/cbmc-java/json_trace2/test.desc
new file mode 100644
index 00000000000..13d8774fb25
--- /dev/null
+++ b/regression/cbmc-java/json_trace2/test.desc
@@ -0,0 +1,10 @@
+CORE
+Test.class
+--cover location --trace --json-ui --function Test.test
+activate-multi-line-match
+EXIT=0
+SIGNAL=0
+"outputID": "return",\n *"sourceLocation": \{\n *"file": "Test\.java",\n *"function": "java::Test\.test:\(Ljava/lang/Object;\)Z",\n *"line": "3"\n *\},\n *"stepType": "output",\n *"thread": 0,\n *"values": \[\n *\{\n *"binary": "00000000",\n *"data": "false",\n *"name": "integer",\n *"type": "boolean",\n *"width": 8
+"inputID": "arg1a",\n *"internal": true,\n *"mode": "java",\n *"sourceLocation": \{\n *"file": "Test\.java",\n *"function": "java::Test\.test:\(Ljava/lang/Object;\)Z",\n *"line": "3"\n *\},\n *"stepType": "input",\n *"thread": 0,\n *"values": \[\n *\{\n *"data": "null",\n *"name": "pointer",\n *"type": "struct java\.lang\.Object \{ __CPROVER_string @class_identifier; boolean @lock; \} \*"
+--
+^warning: ignoring

From 21a5ed5657dbc4acafa88eb0451ba425d76781f8 Mon Sep 17 00:00:00 2001
From: Jesse Sigal <jesse.sigal@gmail.com>
Date: Tue, 8 Aug 2017 13:53:45 +0100
Subject: [PATCH 535/699] Factored out
 `string_refinementt::instantiate_not_contains`

The function `string_refinementt::instantiate_not_contains` has been mostly replaced by a stub. The reasoning is that this function, along with others such as `instantiate` and the functions it uses, are loosely coupled with `string_refinementt`. This is a first step for removing these functions. The main purpose is to write unit tests for the currently broken `instantiate_not_contains`.
---
 src/solvers/Makefile                          |  1 +
 src/solvers/refinement/string_constraint.h    | 31 +++++++-
 .../string_constraint_instantiation.cpp       | 71 +++++++++++++++++++
 .../string_constraint_instantiation.h         | 24 +++++++
 src/solvers/refinement/string_refinement.cpp  | 66 ++++-------------
 src/solvers/refinement/string_refinement.h    |  5 +-
 6 files changed, 143 insertions(+), 55 deletions(-)
 create mode 100644 src/solvers/refinement/string_constraint_instantiation.cpp
 create mode 100644 src/solvers/refinement/string_constraint_instantiation.h

diff --git a/src/solvers/Makefile b/src/solvers/Makefile
index 32844fd27c7..b7b9c5b43d9 100644
--- a/src/solvers/Makefile
+++ b/src/solvers/Makefile
@@ -171,6 +171,7 @@ SRC = $(BOOLEFORCE_SRC) \
       refinement/string_constraint_generator_testing.cpp \
       refinement/string_constraint_generator_transformation.cpp \
       refinement/string_constraint_generator_valueof.cpp \
+      refinement/string_constraint_instantiation.cpp \
       sat/cnf.cpp \
       sat/cnf_clause_list.cpp \
       sat/dimacs_cnf.cpp \
diff --git a/src/solvers/refinement/string_constraint.h b/src/solvers/refinement/string_constraint.h
index 6edb848b550..867284101e3 100644
--- a/src/solvers/refinement/string_constraint.h
+++ b/src/solvers/refinement/string_constraint.h
@@ -24,6 +24,7 @@ Author: Romain Brenguier, romain.brenguier@diffblue.com
 #include <solvers/refinement/bv_refinement.h>
 #include <solvers/refinement/string_refinement_invariant.h>
 #include <util/refined_string_type.h>
+#include <util/string_expr.h>
 #include <langapi/language_util.h>
 
 /*! \brief Universally quantified string constraint
@@ -138,12 +139,20 @@ extern inline string_constraintt &to_string_constraint(exprt &expr)
   return static_cast<string_constraintt &>(expr);
 }
 
+/// Used for debug printing.
+/// \param [in] ns: namespace for `from_expr`
+/// \param [in] identifier: identifier for `from_expr`
+/// \param [in] expr: constraint to render
+/// \return rendered string
 inline static std::string from_expr(
   const namespacet &ns,
   const irep_idt &identifier,
   const string_constraintt &expr)
 {
-  return from_expr(ns, identifier, expr.premise())+" => "+
+  return "forall "+from_expr(ns, identifier, expr.univ_var())+" in ["+
+    from_expr(ns, identifier, expr.lower_bound())+", "+
+    from_expr(ns, identifier, expr.upper_bound())+"). "+
+    from_expr(ns, identifier, expr.premise())+" => "+
     from_expr(ns, identifier, expr.body());
 }
 
@@ -204,6 +213,26 @@ class string_not_contains_constraintt: public exprt
   }
 };
 
+/// Used for debug printing.
+/// \param [in] ns: namespace for `from_expr`
+/// \param [in] identifier: identifier for `from_expr`
+/// \param [in] expr: constraint to render
+/// \return rendered string
+inline static std::string from_expr(
+  const namespacet &ns,
+  const irep_idt &identifier,
+  const string_not_contains_constraintt &expr)
+{
+  return "forall x in ["+
+    from_expr(ns, identifier, expr.univ_lower_bound())+", "+
+    from_expr(ns, identifier, expr.univ_upper_bound())+"). "+
+    from_expr(ns, identifier, expr.premise())+" => ("+
+    "exists y in ["+from_expr(ns, identifier, expr.exists_lower_bound())+", "+
+    from_expr(ns, identifier, expr.exists_upper_bound())+"). "+
+    from_expr(ns, identifier, expr.s0())+"[x+y] != "+
+    from_expr(ns, identifier, expr.s1())+"[y])";
+}
+
 inline const string_not_contains_constraintt
 &to_string_not_contains_constraint(const exprt &expr)
 {
diff --git a/src/solvers/refinement/string_constraint_instantiation.cpp b/src/solvers/refinement/string_constraint_instantiation.cpp
new file mode 100644
index 00000000000..ca3a63861a2
--- /dev/null
+++ b/src/solvers/refinement/string_constraint_instantiation.cpp
@@ -0,0 +1,71 @@
+/*******************************************************************\
+
+Module: Defines functions related to string constraints.
+
+Author: Jesse Sigal, jesse.sigal@diffblue.com
+
+\*******************************************************************/
+
+/// \file
+/// Defines related function for string constraints.
+
+#include <solvers/refinement/string_constraint_instantiation.h>
+
+#include <solvers/refinement/string_constraint.h>
+#include <solvers/refinement/string_constraint_generator.h>
+#include <solvers/refinement/string_refinement.h>
+
+/// Instantiates a quantified formula representing `not_contains` by
+/// substituting the quantifiers and generating axioms.
+/// \related string_refinementt
+/// \param [in] axiom: the axiom to instantiate
+/// \param [in] index_set0: the index set for `axiom.s0()`
+/// \param [in] index_set1: the index set for `axiom.s1()`
+/// \param [in] generator: generator to be used to get `axiom`'s witness
+/// \return the lemmas produced through instantiation
+std::vector<exprt> instantiate_not_contains(
+  const string_not_contains_constraintt &axiom,
+  const std::set<exprt> &index_set0,
+  const std::set<exprt> &index_set1,
+  const string_constraint_generatort &generator)
+{
+  std::vector<exprt> lemmas;
+
+  const string_exprt s0=to_string_expr(axiom.s0());
+  const string_exprt s1=to_string_expr(axiom.s1());
+
+  for(const auto &i0 : index_set0)
+    for(const auto &i1 : index_set1)
+    {
+      const minus_exprt val(i0, i1);
+      const exprt witness=generator.get_witness_of(axiom, val);
+      const and_exprt prem_and_is_witness(
+        axiom.premise(),
+        equal_exprt(witness, i1));
+
+      const not_exprt differ(equal_exprt(s0[i0], s1[i1]));
+      const implies_exprt lemma(prem_and_is_witness, differ);
+      lemmas.push_back(lemma);
+
+      // we put bounds on the witnesses:
+      // 0 <= v <= |s0| - |s1| ==> 0 <= v+w[v] < |s0| && 0 <= w[v] < |s1|
+      const exprt zero=from_integer(0, val.type());
+      const binary_relation_exprt c1(zero, ID_le, plus_exprt(val, witness));
+      const binary_relation_exprt c2(
+        s0.length(), ID_gt, plus_exprt(val, witness));
+      const binary_relation_exprt c3(s1.length(), ID_gt, witness);
+      const binary_relation_exprt c4(zero, ID_le, witness);
+
+      const minus_exprt diff(s0.length(), s1.length());
+
+      const and_exprt premise(
+        binary_relation_exprt(zero, ID_le, val),
+        binary_relation_exprt(diff, ID_ge, val));
+      const implies_exprt witness_bounds(
+        premise,
+        and_exprt(and_exprt(c1, c2), and_exprt(c3, c4)));
+      lemmas.push_back(witness_bounds);
+    }
+
+  return lemmas;
+}
diff --git a/src/solvers/refinement/string_constraint_instantiation.h b/src/solvers/refinement/string_constraint_instantiation.h
new file mode 100644
index 00000000000..f4918e7e8d9
--- /dev/null
+++ b/src/solvers/refinement/string_constraint_instantiation.h
@@ -0,0 +1,24 @@
+/*******************************************************************\
+
+Module: Defines related function for string constraints.
+
+Author: Jesse Sigal, jesse.sigal@diffblue.com
+
+\*******************************************************************/
+
+/// \file
+/// Defines related function for string constraints.
+
+#ifndef CPROVER_SOLVERS_REFINEMENT_STRING_CONSTRAINT_INSTANTIATION_H
+#define CPROVER_SOLVERS_REFINEMENT_STRING_CONSTRAINT_INSTANTIATION_H
+
+#include <solvers/refinement/string_constraint.h>
+#include <solvers/refinement/string_constraint_generator.h>
+
+std::vector<exprt> instantiate_not_contains(
+  const string_not_contains_constraintt &axiom,
+  const std::set<exprt> &index_set0,
+  const std::set<exprt> &index_set1,
+  const string_constraint_generatort &generator);
+
+#endif // CPROVER_SOLVERS_REFINEMENT_STRING_CONSTRAINT_INSTANTIATION_H
diff --git a/src/solvers/refinement/string_refinement.cpp b/src/solvers/refinement/string_refinement.cpp
index 95e84d422a4..1c9297b5e65 100644
--- a/src/solvers/refinement/string_refinement.cpp
+++ b/src/solvers/refinement/string_refinement.cpp
@@ -29,6 +29,7 @@ Author: Alberto Griggio, alberto.griggio@gmail.com
 #include <util/simplify_expr.h>
 #include <solvers/sat/satcheck.h>
 #include <solvers/refinement/string_refinement_invariant.h>
+#include <solvers/refinement/string_constraint_instantiation.h>
 #include <langapi/language_util.h>
 #include <java_bytecode/java_types.h>
 
@@ -606,8 +607,8 @@ decision_proceduret::resultt string_refinementt::dec_solve()
       for(unsigned i=0; i<not_contains_axioms.size(); i++)
       {
         debug()<< "constraint " << i << eom;
-        std::list<exprt> lemmas;
-        instantiate_not_contains(not_contains_axioms[i], lemmas);
+        const std::vector<exprt> lemmas=
+          instantiate_not_contains(not_contains_axioms[i]);
         for(const exprt &lemma : lemmas)
           add_lemma(lemma);
       }
@@ -1603,60 +1604,23 @@ exprt string_refinementt::instantiate(
   return implies_exprt(bounds, instance);
 }
 
-/// instantiate a quantified formula representing `not_contains` by substituting
-/// the quantifiers and generating axioms
-/// \par parameters: a quantified formula representing `not_contains`, and a
-/// list to which to add the created lemmas to
-void string_refinementt::instantiate_not_contains(
-  const string_not_contains_constraintt &axiom, std::list<exprt> &new_lemmas)
+/// Instantiates a quantified formula representing `not_contains` by
+/// substituting the quantifiers and generating axioms.
+/// \param [in] axiom: the axiom to instantiate
+/// \return the lemmas produced through instantiation
+std::vector<exprt> string_refinementt::instantiate_not_contains(
+  const string_not_contains_constraintt &axiom)
 {
-  exprt s0=axiom.s0();
-  exprt s1=axiom.s1();
+  const string_exprt s0=to_string_expr(axiom.s0());
+  const string_exprt s1=to_string_expr(axiom.s1());
 
   debug() << "instantiate not contains " << from_expr(ns, "", s0) << " : "
           << from_expr(ns, "", s1) << eom;
-  expr_sett index_set0=index_set[to_string_expr(s0).content()];
-  expr_sett index_set1=index_set[to_string_expr(s1).content()];
+  const expr_sett index_set0=index_set[s0.content()];
+  const expr_sett index_set1=index_set[s1.content()];
 
-  for(auto it0 : index_set0)
-    for(auto it1 : index_set1)
-    {
-      debug() << from_expr(ns, "", it0) << " : " << from_expr(ns, "", it1)
-              << eom;
-      exprt val=minus_exprt(it0, it1);
-      exprt witness=generator.get_witness_of(axiom, val);
-      and_exprt prem_and_is_witness(
-        axiom.premise(),
-        equal_exprt(witness, it1));
-
-      not_exprt differ(
-        equal_exprt(
-          to_string_expr(s0)[it0],
-          to_string_expr(s1)[it1]));
-      exprt lemma=implies_exprt(prem_and_is_witness, differ);
-
-      new_lemmas.push_back(lemma);
-      // we put bounds on the witnesses:
-      // 0 <= v <= |s0| - |s1| ==> 0 <= v+w[v] < |s0| && 0 <= w[v] < |s1|
-      exprt zero=from_integer(0, val.type());
-      binary_relation_exprt c1(zero, ID_le, plus_exprt(val, witness));
-      binary_relation_exprt c2
-        (to_string_expr(s0).length(), ID_gt, plus_exprt(val, witness));
-      binary_relation_exprt c3(to_string_expr(s1).length(), ID_gt, witness);
-      binary_relation_exprt c4(zero, ID_le, witness);
-
-      minus_exprt diff(
-        to_string_expr(s0).length(),
-        to_string_expr(s1).length());
-
-      and_exprt premise(
-        binary_relation_exprt(zero, ID_le, val),
-        binary_relation_exprt(diff, ID_ge, val));
-      exprt witness_bounds=implies_exprt(
-        premise,
-        and_exprt(and_exprt(c1, c2), and_exprt(c3, c4)));
-      new_lemmas.push_back(witness_bounds);
-    }
+  return ::instantiate_not_contains(
+    axiom, index_set0, index_set1, generator);
 }
 
 /// replace array-lists by 'with' expressions
diff --git a/src/solvers/refinement/string_refinement.h b/src/solvers/refinement/string_refinement.h
index 3a83734b1d5..64e54cb8e15 100644
--- a/src/solvers/refinement/string_refinement.h
+++ b/src/solvers/refinement/string_refinement.h
@@ -133,9 +133,8 @@ class string_refinementt: public bv_refinementt
   exprt instantiate(
     const string_constraintt &axiom, const exprt &str, const exprt &val);
 
-  void instantiate_not_contains(
-    const string_not_contains_constraintt &axiom,
-    std::list<exprt> &new_lemmas);
+  std::vector<exprt> instantiate_not_contains(
+    const string_not_contains_constraintt &axiom);
 
   exprt substitute_array_lists(exprt) const;
 

From f5ebce04bc894a49b086a564c020c77e4a4d8018 Mon Sep 17 00:00:00 2001
From: Jesse Sigal <jesse.sigal@gmail.com>
Date: Tue, 8 Aug 2017 13:57:47 +0100
Subject: [PATCH 536/699] Added unit tests for `instantiate_not_contains`

---
 unit/Makefile                                 |   1 +
 .../instantiate_not_contains.cpp              | 491 ++++++++++++++++++
 2 files changed, 492 insertions(+)
 create mode 100644 unit/solvers/refinement/string_constraint_instantiation/instantiate_not_contains.cpp

diff --git a/unit/Makefile b/unit/Makefile
index 63a6acb4fda..75960795d12 100644
--- a/unit/Makefile
+++ b/unit/Makefile
@@ -24,6 +24,7 @@ SRC += unit_tests.cpp \
        solvers/refinement/string_constraint_generator_valueof/get_numeric_value_from_character.cpp \
        solvers/refinement/string_constraint_generator_valueof/is_digit_with_radix.cpp \
        solvers/refinement/string_constraint_generator_valueof/is_digit_with_radix_lower_case.cpp \
+       solvers/refinement/string_constraint_instantiation/instantiate_not_contains.cpp \
        catch_example.cpp \
        # Empty last line
 
diff --git a/unit/solvers/refinement/string_constraint_instantiation/instantiate_not_contains.cpp b/unit/solvers/refinement/string_constraint_instantiation/instantiate_not_contains.cpp
new file mode 100644
index 00000000000..872fe3537d6
--- /dev/null
+++ b/unit/solvers/refinement/string_constraint_instantiation/instantiate_not_contains.cpp
@@ -0,0 +1,491 @@
+/*******************************************************************\
+
+ Module: Unit tests for `instantiate_not_contains_`.
+
+ Author: Jesse Sigal, jesse.sigal@diffblue.com
+
+\*******************************************************************/
+
+#include <catch.hpp>
+
+#include <solvers/refinement/string_constraint_instantiation.h>
+
+#include <solvers/sat/satcheck.h>
+#include <solvers/refinement/bv_refinement.h>
+#include <java_bytecode/java_types.h>
+#include <langapi/mode.h>
+#include <java_bytecode/java_bytecode_language.h>
+#include <util/namespace.h>
+#include <util/symbol_table.h>
+#include <util/simplify_expr.h>
+
+/// \class Types used throughout the test. Currently it is impossible to
+/// statically initialize this value, there is a PR to allow this
+/// diffblue/cbmc/pull/1213
+class tt
+{
+public:
+  tt() {}
+  typet char_type() const {return java_char_type();}
+  typet length_type() const {return java_int_type();}
+  array_typet array_type() const
+  {
+    return array_typet(char_type(), infinity_exprt(length_type()));
+  }
+  refined_string_typet string_type() const
+  {
+    return refined_string_typet(length_type(), char_type());
+  }
+  array_typet witness_type() const
+  {
+    return array_typet(length_type(), infinity_exprt(length_type()));
+  }
+};
+
+// Static variable to get proper types
+const tt t;
+
+/// Creates a `constant_exprt` of the proper length type.
+/// \param [in] i: integer to convert
+/// \return corresponding `constant_exprt`
+constant_exprt from_integer(const mp_integer i)
+{
+  return from_integer(i, t.length_type());
+}
+
+/// Creates a `string_exprt` of the proper string type.
+/// \param [in] str: string to convert
+/// \return corresponding `string_exprt`
+string_exprt make_string_exprt(const std::string &str)
+{
+  const constant_exprt length=from_integer(str.length(), t.length_type());
+  array_exprt content(t.array_type());
+
+  for(const char c : str)
+    content.copy_to_operands(from_integer(c, t.char_type()));
+
+  return string_exprt(length, content, t.string_type());
+}
+
+/// For a constant `string_exprt`, creates a full index set.
+/// \param [in] s: `string_exprt` to create index set for
+/// \return the corresponding index set
+std::set<exprt> full_index_set(const string_exprt &s)
+{
+  PRECONDITION(s.length().is_constant());
+  mp_integer n;
+  to_integer(s.length(), n);
+  std::set<exprt> ret;
+  for(mp_integer i=0; i<n; ++i)
+    ret.insert(from_integer(i));
+  return ret;
+}
+
+/// Simplifies, and returns the conjunction of the lemmas.
+/// \param [in] lemmas: lemmas to process
+/// \param [in] ns: namespace for simplifying
+/// \return conjunction of simplified lemmas
+exprt combine_lemmas(const std::vector<exprt> &lemmas, const namespacet &ns)
+{
+  // Conjunction of new lemmas
+  exprt conj=conjunction(lemmas);
+
+  // Simplify
+  simplify(conj, ns);
+
+  return conj;
+}
+
+/// Creates information string and simplifies lemmas.
+/// \param [in,out] lemmas: lemmas to process (which are simplified)
+/// \param [in] ns: namespace for printing and simplifying
+/// \return information string
+std::string create_info(std::vector<exprt> &lemmas, const namespacet &ns)
+{
+  // Recording new lemmas
+  std::string new_lemmas;
+  for(auto &lemma : lemmas)
+  {
+    simplify(lemma, ns);
+    new_lemmas+=from_expr(ns, "", lemma)+"\n\n";
+  }
+  return "Instantiated lemmas:\n"+new_lemmas;
+}
+
+/// Checks the satisfiability of the given expression.
+/// \param [in] expr: expression to check
+/// \param [in] ns: namespace for solver
+/// \return SAT solver result
+decision_proceduret::resultt check_sat(const exprt &expr, const namespacet &ns)
+{
+  satcheck_no_simplifiert sat_check;
+  bv_refinementt solver(ns, sat_check);
+  solver << expr;
+  return solver();
+}
+
+// The [!mayfail] tag allows tests to fail while reporting the failure
+SCENARIO("instantiate_not_contains",
+  "[!mayfail][core][solvers][refinement][string_constraint_instantiation]")
+{
+  // For printing expression
+  register_language(new_java_bytecode_language);
+  symbol_tablet symtbl;
+  const namespacet ns(symtbl);
+
+  GIVEN("The not_contains axioms of String.lastIndexOf(String, Int)")
+  {
+    // Creating strings
+    const string_exprt ab=make_string_exprt("ab");
+    const string_exprt b=make_string_exprt("b");
+
+    // Creating "ab".lastIndexOf("b", 0)
+    function_application_exprt func(
+      symbol_exprt(ID_cprover_string_last_index_of_func), t.length_type());
+    const exprt::operandst args={ab, b, from_integer(2)};
+    func.arguments()=args;
+
+    // Generating the corresponding axioms and simplifying, recording info
+    string_constraint_generatort generator;
+    exprt res=generator.add_axioms_for_function_application(func);
+    std::string axioms;
+    std::vector<string_not_contains_constraintt> nc_axioms;
+    for(auto &axiom : generator.axioms)
+    {
+      simplify(axiom, ns);
+      if(axiom.id()==ID_string_constraint)
+      {
+        string_constraintt sc=to_string_constraint(axiom);
+        axioms+=from_expr(ns, "", sc);
+      }
+      else if(axiom.id()==ID_string_not_contains_constraint)
+      {
+        string_not_contains_constraintt sc=
+          to_string_not_contains_constraint(axiom);
+        axioms+=from_expr(ns, "", sc);
+        generator.witness[sc]=
+          generator.fresh_symbol("w", t.witness_type());
+        nc_axioms.push_back(sc);
+      }
+      else
+        axioms+=from_expr(ns, "", axiom);
+
+      axioms+="\n\n";
+    }
+    INFO("Original axioms:\n");
+    INFO(axioms);
+
+    WHEN("we instantiate and simplify")
+    {
+      // Making index sets
+      const std::set<exprt> index_set_ab=full_index_set(ab);
+      const std::set<exprt> index_set_b=full_index_set(b);
+
+      // List of new lemmas to be returned
+      std::vector<exprt> lemmas;
+
+      // Instantiate the lemmas
+      for(const auto &axiom : nc_axioms)
+      {
+        const std::vector<exprt> l=instantiate_not_contains(
+          axiom, index_set_ab, index_set_b, generator);
+        lemmas.insert(lemmas.end(), l.begin(), l.end());
+      }
+
+      const exprt conj=combine_lemmas(lemmas, ns);
+      const std::string info=create_info(lemmas, ns);
+      INFO(info);
+
+      THEN("the conjunction of instantiations is SAT")
+      {
+        // Check if SAT
+        decision_proceduret::resultt result=check_sat(conj, ns);
+
+        // Require SAT
+        if(result==decision_proceduret::resultt::D_ERROR)
+          INFO("Got an error");
+
+        REQUIRE(result==decision_proceduret::resultt::D_SATISFIABLE);
+      }
+    }
+  }
+
+  GIVEN("A vacuously true not_contains axioms")
+  {
+    // Creating strings
+    const string_exprt a=make_string_exprt("a");
+
+    // Make
+    // forall x in [0, 0). true => (exists y in [0, 1).
+    //   { .=1, .={ (char)'a' } }[x+y] != { .=1, .={ (char)'b' } }[y]
+    // )
+    // which is vacuously true.
+    string_not_contains_constraintt vacuous(
+      from_integer(0),
+      from_integer(0),
+      true_exprt(),
+      from_integer(0),
+      from_integer(1),
+      a,
+      a);
+
+    // Create witness for axiom
+    string_constraint_generatort generator;
+    generator.witness[vacuous]=
+      generator.fresh_symbol("w", t.witness_type());
+
+    INFO("Original axiom:\n");
+    INFO(from_expr(ns, "", vacuous)+"\n\n");
+
+    WHEN("we instantiate and simplify")
+    {
+      // Making index sets
+      const std::set<exprt> index_set_a=full_index_set(a);
+
+      // Instantiate the lemmas
+      std::vector<exprt> lemmas=instantiate_not_contains(
+        vacuous, index_set_a, index_set_a, generator);
+
+      const exprt conj=combine_lemmas(lemmas, ns);
+      const std::string info=create_info(lemmas, ns);
+      INFO(info);
+
+      THEN("the conjunction of instantiations is SAT")
+      {
+        // Check if SAT
+        decision_proceduret::resultt result=check_sat(conj, ns);
+
+        // Require SAT
+        if(result==decision_proceduret::resultt::D_ERROR)
+          INFO("Got an error");
+
+        REQUIRE(result==decision_proceduret::resultt::D_SATISFIABLE);
+      }
+    }
+  }
+
+  GIVEN("A trivially false (via empty existential) not_contains axioms")
+  {
+    // Creating strings
+    const string_exprt a=make_string_exprt("a");
+    const string_exprt b=make_string_exprt("b");
+
+    // Make
+    // forall x in [0, 1). true => (exists y in [0, 0).
+    //   { .=1, .={ (char)'a' } }[x+y] != { .=1, .={ (char)'b' } }[y]
+    // )
+    // which is false.
+    string_not_contains_constraintt trivial(
+      from_integer(0),
+      from_integer(1),
+      true_exprt(),
+      from_integer(0),
+      from_integer(0),
+      a,
+      b);
+
+    // Create witness for axiom
+    string_constraint_generatort generator;
+    generator.witness[trivial]=
+      generator.fresh_symbol("w", t.witness_type());
+
+    INFO("Original axiom:\n");
+    INFO(from_expr(ns, "", trivial)+"\n\n");
+
+    WHEN("we instantiate and simplify")
+    {
+      // Making index sets
+      const std::set<exprt> index_set_a=full_index_set(a);
+      const std::set<exprt> index_set_b=full_index_set(b);
+
+      // Instantiate the lemmas
+      std::vector<exprt> lemmas=instantiate_not_contains(
+        trivial, index_set_a, index_set_b, generator);
+
+      const exprt conj=combine_lemmas(lemmas, ns);
+      const std::string info=create_info(lemmas, ns);
+      INFO(info);
+
+      THEN("the conjunction of instantiations is UNSAT")
+      {
+        // Check if SAT
+        decision_proceduret::resultt result=check_sat(conj, ns);
+
+        // Require UNSAT
+        if(result==decision_proceduret::resultt::D_ERROR)
+          INFO("Got an error");
+
+        REQUIRE(result==decision_proceduret::resultt::D_UNSATISFIABLE);
+      }
+    }
+  }
+
+  GIVEN("A not_contains axioms with an non-empty and empty string")
+  {
+    // Creating strings
+    const string_exprt a=make_string_exprt("a");
+    const string_exprt empty=make_string_exprt("");
+
+    // Make
+    // forall x in [0, 1). true => (exists y in [0, 0).
+    //   { .=1, .={ (char)'a' } }[x+y] != { .=0, .={ } }[y]
+    // )
+    // which is false.
+    string_not_contains_constraintt trivial(
+      from_integer(0),
+      from_integer(1),
+      true_exprt(),
+      from_integer(0),
+      from_integer(0),
+      a,
+      empty);
+
+    // Create witness for axiom
+    string_constraint_generatort generator;
+    generator.witness[trivial]=
+      generator.fresh_symbol("w", t.witness_type());
+
+    INFO("Original axiom:\n");
+    INFO(from_expr(ns, "", trivial)+"\n\n");
+
+    WHEN("we instantiate and simplify")
+    {
+      // Making index sets
+      const std::set<exprt> index_set_a=full_index_set(a);
+      const std::set<exprt> index_set_empty=
+        {generator.fresh_exist_index("z", t.length_type())};
+
+      // Instantiate the lemmas
+      std::vector<exprt> lemmas=instantiate_not_contains(
+        trivial, index_set_a, index_set_empty, generator);
+
+      const exprt conj=combine_lemmas(lemmas, ns);
+      const std::string info=create_info(lemmas, ns);
+      INFO(info);
+
+      THEN("the conjunction of instantiations is UNSAT")
+      {
+        // Check if SAT
+        decision_proceduret::resultt result=check_sat(conj, ns);
+
+        // Require UNSAT
+        if(result==decision_proceduret::resultt::D_ERROR)
+          INFO("Got an error");
+
+        REQUIRE(result==decision_proceduret::resultt::D_UNSATISFIABLE);
+      }
+    }
+  }
+
+  GIVEN("A not_contains on the same string twice (hence is false)")
+  {
+    // Creating strings
+    const string_exprt ab=make_string_exprt("ab");
+
+    // Make
+    // forall x in [0, 2). true => (exists y in [0, 2).
+    //   { .=2, .={ (char)'a', (char)'b'} }[x+y] !=
+    //   { .=2, .={ (char)'a', (char)'b'}[y]
+    // )
+    // which is false (for x = 0).
+    string_not_contains_constraintt trivial(
+      from_integer(0),
+      from_integer(2),
+      true_exprt(),
+      from_integer(0),
+      from_integer(2),
+      ab,
+      ab);
+
+    // Create witness for axiom
+    string_constraint_generatort generator;
+    generator.witness[trivial]=
+      generator.fresh_symbol("w", t.witness_type());
+
+    INFO("Original axiom:\n");
+    INFO(from_expr(ns, "", trivial)+"\n\n");
+
+    WHEN("we instantiate and simplify")
+    {
+      // Making index sets
+      const std::set<exprt> index_set_ab=full_index_set(ab);
+
+      // Instantiate the lemmas
+      std::vector<exprt> lemmas=instantiate_not_contains(
+        trivial, index_set_ab, index_set_ab, generator);
+
+      const exprt conj=combine_lemmas(lemmas, ns);
+      const std::string info=create_info(lemmas, ns);
+      INFO(info);
+
+      THEN("the conjunction of instantiations is UNSAT")
+      {
+        // Check if SAT
+        decision_proceduret::resultt result=check_sat(conj, ns);
+
+        // Require UNSAT
+        if(result==decision_proceduret::resultt::D_ERROR)
+          INFO("Got an error");
+
+        REQUIRE(result==decision_proceduret::resultt::D_UNSATISFIABLE);
+      }
+    }
+  }
+
+  GIVEN("A not_contains on two string with no chars in common (hence is true)")
+  {
+    // Creating strings
+    const string_exprt ab=make_string_exprt("ab");
+    const string_exprt cd=make_string_exprt("cd");
+
+    // Make
+    // forall x in [0, 2). true => (exists y in [0, 2).
+    //   { .=2, .={ (char)'a', (char)'b'} }[x+y] !=
+    //   { .=2, .={ (char)'a', (char)'b'}[y]
+    // )
+    // which is true.
+    string_not_contains_constraintt trivial(
+      from_integer(0),
+      from_integer(2),
+      true_exprt(),
+      from_integer(0),
+      from_integer(2),
+      ab,
+      cd);
+
+    // Create witness for axiom
+    string_constraint_generatort generator;
+    generator.witness[trivial]=
+      generator.fresh_symbol("w", t.witness_type());
+
+    INFO("Original axiom:\n");
+    INFO(from_expr(ns, "", trivial)+"\n\n");
+
+    WHEN("we instantiate and simplify")
+    {
+      // Making index sets
+      const std::set<exprt> index_set_ab=full_index_set(ab);
+      const std::set<exprt> index_set_cd=full_index_set(cd);
+
+      // Instantiate the lemmas
+      std::vector<exprt> lemmas=instantiate_not_contains(
+        trivial, index_set_ab, index_set_cd, generator);
+
+      const exprt conj=combine_lemmas(lemmas, ns);
+      const std::string info=create_info(lemmas, ns);
+      INFO(info);
+
+      THEN("the conjunction of instantiations is SAT")
+      {
+        // Check if SAT
+        decision_proceduret::resultt result=check_sat(conj, ns);
+
+        // Require UNSAT
+        if(result==decision_proceduret::resultt::D_ERROR)
+          INFO("Got an error");
+
+        REQUIRE(result==decision_proceduret::resultt::D_SATISFIABLE);
+      }
+    }
+  }
+}

From c159fa2605417d0ad04a0a4e8ab849323b6fd071 Mon Sep 17 00:00:00 2001
From: "Lukasz A.J. Wrona" <lukasz.andrzej.wrona@gmail.com>
Date: Fri, 14 Jul 2017 16:07:38 +0100
Subject: [PATCH 537/699] Make message::get_mstream const

Changes message::mstream object to mutable so that message::debug()
and its friends can be run by constant methods.

Warning: in the future, when implementing multiple threads,
implementation of get_mstream will have to be changed so that each
thread has its own, local standard output. As it stands each
get_mstream() call changes stream type for the whole program.
---
 src/util/message.h | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/src/util/message.h b/src/util/message.h
index 230a795937c..9da886b0404 100644
--- a/src/util/message.h
+++ b/src/util/message.h
@@ -236,50 +236,50 @@ class messaget
     return m;
   }
 
-  mstreamt &get_mstream(unsigned message_level)
+  mstreamt &get_mstream(unsigned message_level) const
   {
     mstream.message_level=message_level;
     return mstream;
   }
 
-  mstreamt &error()
+  mstreamt &error() const
   {
     return get_mstream(M_ERROR);
   }
 
-  mstreamt &warning()
+  mstreamt &warning() const
   {
     return get_mstream(M_WARNING);
   }
 
-  mstreamt &result()
+  mstreamt &result() const
   {
     return get_mstream(M_RESULT);
   }
 
-  mstreamt &status()
+  mstreamt &status() const
   {
     return get_mstream(M_STATUS);
   }
 
-  mstreamt &statistics()
+  mstreamt &statistics() const
   {
     return get_mstream(M_STATISTICS);
   }
 
-  mstreamt &progress()
+  mstreamt &progress() const
   {
     return get_mstream(M_PROGRESS);
   }
 
-  mstreamt &debug()
+  mstreamt &debug() const
   {
     return get_mstream(M_DEBUG);
   }
 
 protected:
   message_handlert *message_handler;
-  mstreamt mstream;
+  mutable mstreamt mstream;
 };
 
 #endif // CPROVER_UTIL_MESSAGE_H

From 24e9dde21917cb39e1a00873a16ce752e14e183a Mon Sep 17 00:00:00 2001
From: Cesar Rodriguez <cesar.rodriguez@diffblue.com>
Date: Wed, 9 Aug 2017 10:46:32 +0100
Subject: [PATCH 538/699] Fixing linter warnings

---
 src/cbmc/cbmc_parse_options.cpp | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/cbmc/cbmc_parse_options.cpp b/src/cbmc/cbmc_parse_options.cpp
index 34883528b58..34f330e3f9f 100644
--- a/src/cbmc/cbmc_parse_options.cpp
+++ b/src/cbmc/cbmc_parse_options.cpp
@@ -1073,20 +1073,27 @@ void cbmc_parse_optionst::help()
     "Java Bytecode frontend options:\n"
     " --classpath dir/jar          set the classpath\n"
     " --main-class class-name      set the name of the main class\n"
+    // NOLINTNEXTLINE(whitespace/line_length)
     " --java-assume-inputs-non-null test harness makes input arguments not null\n"
+    // NOLINTNEXTLINE(whitespace/line_length)
     " --java-max-input-array-length N maximum allowed length for an array passed as input\n"
+    // NOLINTNEXTLINE(whitespace/line_length)
     " --java-max-input-tree-depth N   object references are (deterministically) set to null in the object\n"
+    // NOLINTNEXTLINE(whitespace/line_length)
     "                                 hierarchy of input parameters when their depth is >= N and the object\n"
     "                                 type happens twice in the tree branch\n"
     // NOLINTNEXTLINE(whitespace/line_length)
     " --java-max-vla-length        limit the length of user-code-created arrays\n"
     // NOLINTNEXTLINE(whitespace/line_length)
     " --java-throw-runtime-exceptions make implicit runtime exceptions explicit\n"
+    // NOLINTNEXTLINE(whitespace/line_length)
     " --java-cp-include-files      regexp or JSON list of files to load (with '@' prefix)\n"
+    // NOLINTNEXTLINE(whitespace/line_length)
     " --java-unwind-enum-static    try to unwind loops in static initialization of enums\n"
     "\n"
     "Semantic transformations:\n"
-    " --nondet-static              add nondeterministic initialization of variables with static lifetime\n" // NOLINT(*)
+    // NOLINTNEXTLINE(whitespace/line_length)
+    " --nondet-static              add nondeterministic initialization of variables with static lifetime\n"
     "\n"
     "BMC options:\n"
     " --program-only               only show program expression\n"

From 9c035c07a212738d319e1e88056d7eb89e27a2f0 Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Thu, 27 Jul 2017 11:22:06 +0100
Subject: [PATCH 539/699] Restructure java-instrument

This ensures that subexpressions are instrumented before their parents,
and prevents creation of excessive needless trees of skips and empty blocks
as an added bonus.
---
 .../java_bytecode_instrument.cpp              | 137 +++++++++++-------
 1 file changed, 87 insertions(+), 50 deletions(-)

diff --git a/src/java_bytecode/java_bytecode_instrument.cpp b/src/java_bytecode/java_bytecode_instrument.cpp
index 2aca67e549c..4d09d25b74f 100644
--- a/src/java_bytecode/java_bytecode_instrument.cpp
+++ b/src/java_bytecode/java_bytecode_instrument.cpp
@@ -76,6 +76,8 @@ class java_bytecode_instrumentt:public messaget
     const source_locationt &original_loc);
 
   void instrument_code(exprt &expr);
+  void add_expr_instrumentation(code_blockt &block, const exprt &expr);
+  void prepend_instrumentation(codet &code, code_blockt &instrumentation);
   codet instrument_expr(const exprt &expr);
 };
 
@@ -327,6 +329,42 @@ codet java_bytecode_instrumentt::check_array_length(
   return check;
 }
 
+/// Checks whether `expr` requires instrumentation, and if so adds it
+/// to `block`.
+/// \param [out] block: block where instrumentation will be added
+/// \param expr: expression to instrument
+void java_bytecode_instrumentt::add_expr_instrumentation(
+  code_blockt &block,
+  const exprt &expr)
+{
+  codet expr_instrumentation=instrument_expr(expr);
+  if(expr_instrumentation!=code_skipt())
+  {
+    if(expr_instrumentation.get_statement()==ID_block)
+      block.append(to_code_block(expr_instrumentation));
+    else
+      block.move_to_operands(expr_instrumentation);
+  }
+}
+
+/// Appends `code` to `instrumentation` and overwrites reference `code`
+/// with the augmented block if `instrumentation` is non-empty.
+/// \param [in, out] code: code being instrumented
+/// \param instrumentation: instrumentation code block to prepend
+void java_bytecode_instrumentt::prepend_instrumentation(
+  codet &code,
+  code_blockt &instrumentation)
+{
+  if(instrumentation!=code_blockt())
+  {
+    if(code.get_statement()==ID_block)
+      instrumentation.append(to_code_block(code));
+    else
+      instrumentation.copy_to_operands(code);
+    code=instrumentation;
+  }
+}
+
 /// Augments `expr` with instrumentation in the form of either
 /// assertions or runtime exceptions
 /// \par parameters: `expr`: the expression to be instrumented
@@ -342,11 +380,9 @@ void java_bytecode_instrumentt::instrument_code(exprt &expr)
     code_assignt code_assign=to_code_assign(code);
 
     code_blockt block;
-    block.copy_to_operands(instrument_expr(code_assign.lhs()));
-    block.copy_to_operands(instrument_expr(code_assign.rhs()));
-    block.copy_to_operands(code_assign);
-
-    code=block;
+    add_expr_instrumentation(block, code_assign.lhs());
+    add_expr_instrumentation(block, code_assign.rhs());
+    prepend_instrumentation(code, block);
   }
   else if(statement==ID_expression)
   {
@@ -354,10 +390,8 @@ void java_bytecode_instrumentt::instrument_code(exprt &expr)
       to_code_expression(code);
 
     code_blockt block;
-    block.copy_to_operands(
-      instrument_expr(code_expression.expression()));
-    block.copy_to_operands(code_expression);
-    code=block;
+    add_expr_instrumentation(block, code_expression.expression());
+    prepend_instrumentation(code, block);
   }
   else if(statement==ID_assert)
   {
@@ -393,49 +427,40 @@ void java_bytecode_instrumentt::instrument_code(exprt &expr)
   {
     code_blockt block;
     code_ifthenelset &code_ifthenelse=to_code_ifthenelse(code);
-    block.copy_to_operands(instrument_expr(code_ifthenelse.cond()));
+    add_expr_instrumentation(block, code_ifthenelse.cond());
     instrument_code(code_ifthenelse.then_case());
     if(code_ifthenelse.else_case().is_not_nil())
       instrument_code(code_ifthenelse.else_case());
-    block.copy_to_operands(code);
-    code=block;
+    prepend_instrumentation(code, block);
   }
   else if(statement==ID_switch)
   {
     code_blockt block;
     code_switcht &code_switch=to_code_switch(code);
-    block.copy_to_operands(
-      instrument_expr(code_switch.value()));
-    block.copy_to_operands(
-      instrument_expr(code_switch.body()));
-    block.copy_to_operands(code);
-    code=block;
+    add_expr_instrumentation(block, code_switch.value());
+    add_expr_instrumentation(block, code_switch.body());
+    prepend_instrumentation(code, block);
   }
   else if(statement==ID_return)
   {
     if(code.operands().size()==1)
     {
       code_blockt block;
-      block.copy_to_operands(instrument_expr(code.op0()));
-      block.copy_to_operands(code);
-      code=block;
+      add_expr_instrumentation(block, code.op0());
+      prepend_instrumentation(code, block);
     }
   }
   else if(statement==ID_function_call)
   {
     code_blockt block;
     code_function_callt &code_function_call=to_code_function_call(code);
-    block.copy_to_operands(instrument_expr(code_function_call.lhs()));
-    block.copy_to_operands(instrument_expr(code_function_call.function()));
+    add_expr_instrumentation(block, code_function_call.lhs());
+    add_expr_instrumentation(block, code_function_call.function());
 
-    for(code_function_callt::argumentst::iterator
-          a_it=code_function_call.arguments().begin();
-        a_it!=code_function_call.arguments().end();
-        a_it++)
-      block.copy_to_operands(instrument_expr(*a_it));
+    for(const auto &arg : code_function_call.arguments())
+      add_expr_instrumentation(block, arg);
 
-    block.copy_to_operands(code);
-    code=block;
+    prepend_instrumentation(code, block);
   }
 
   // Ensure source location is retained:
@@ -451,6 +476,16 @@ void java_bytecode_instrumentt::instrument_code(exprt &expr)
 codet java_bytecode_instrumentt::instrument_expr(
   const exprt &expr)
 {
+  code_blockt result;
+  // First check our operands:
+  forall_operands(it, expr)
+  {
+    codet op_result=instrument_expr(*it);
+    if(op_result!=code_skipt())
+      result.move_to_operands(op_result);
+  }
+
+  // Add any check due at this node:
   if(expr.id()==ID_plus &&
      expr.get_bool(ID_java_array_access))
   {
@@ -469,7 +504,7 @@ codet java_bytecode_instrumentt::instrument_expr(
             dereference_expr,
             plus_expr.op1(),
             expr.source_location());
-        return bounds_check;
+        result.move_to_operands(bounds_check);
       }
     }
   }
@@ -478,26 +513,33 @@ codet java_bytecode_instrumentt::instrument_expr(
     const side_effect_exprt &side_effect_expr=to_side_effect_expr(expr);
     const irep_idt &statement=side_effect_expr.get_statement();
     if(statement==ID_throw)
+    {
       // this corresponds to athrow and so we check that
       // we don't throw null
-      return check_null_dereference(
-        expr.op0(),
-        expr.source_location(),
-        true);
+      result.copy_to_operands(
+        check_null_dereference(
+          expr.op0(),
+          expr.source_location(),
+          true));
+    }
     else if(statement==ID_java_new_array)
+    {
       // this correpond to new array so we check that
       // length is >=0
-      return check_array_length(
-        expr.op0(),
-        expr.source_location());
+      result.copy_to_operands(
+        check_array_length(
+          expr.op0(),
+          expr.source_location()));
+    }
   }
   else if((expr.id()==ID_div || expr.id()==ID_mod) &&
           expr.type().id()==ID_signedbv)
   {
     // check division by zero (for integer types only)
-    return check_arithmetic_exception(
-      expr.op1(),
-      expr.source_location());
+    result.copy_to_operands(
+      check_arithmetic_exception(
+        expr.op1(),
+        expr.source_location()));
   }
   else if(expr.id()==ID_member &&
           expr.get_bool(ID_java_member_access))
@@ -514,19 +556,14 @@ codet java_bytecode_instrumentt::instrument_expr(
           dereference_expr.op0(),
           dereference_expr.source_location(),
           false);
-      return null_dereference_check;
+      result.move_to_operands(null_dereference_check);
     }
   }
 
-  if(!expr.has_operands())
+  if(result==code_blockt())
     return code_skipt();
-
-  code_blockt block;
-  forall_operands(it, expr)
-  {
-    block.copy_to_operands(instrument_expr(*it));
-  }
-  return block;
+  else
+    return result;
 }
 
 /// Instruments `expr`

From bfb397e6fc2cf974b096f50484ceada7d8d7840b Mon Sep 17 00:00:00 2001
From: Peter Schrammel <peter.schrammel@diffblue.com>
Date: Wed, 9 Aug 2017 12:35:21 +0100
Subject: [PATCH 540/699] Suppress some doxygen warnings

---
 scripts/run_diff.sh | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/scripts/run_diff.sh b/scripts/run_diff.sh
index 43d43f7577a..0e388537fb4 100755
--- a/scripts/run_diff.sh
+++ b/scripts/run_diff.sh
@@ -38,6 +38,8 @@ then
   doxygen=doxygen
   doxygenlogdir="doc/html"
   doxygenlog="$doxygenlogdir/doxygen.log"
+  suppress_warnings=(
+    "warning: Included by graph for .* not generated, too many nodes. Consider increasing DOT_GRAPH_MAX_NODES.")
   if ! $doxygen --version &>/dev/null
   then
     echo "Lint script could not be found in the $script_folder directory"
@@ -45,7 +47,8 @@ then
     exit 1
   else
     mkdir -p $doxygenlogdir && cd src && $doxygen &> ../$doxygenlog && cd ..
-    cmd='cat $doxygenlog'
+    suppress_warnings_regex=$(IFS="|" ; echo "${suppress_warnings[*]}")
+    cmd='grep -Ev "$suppress_warnings_regex" $doxygenlog'
   fi
 else
   echo "Mode $mode not recognized"

From 69221aaf96a805e27337e6c14a8ea5d8d9673f62 Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Wed, 19 Jul 2017 10:27:19 +0100
Subject: [PATCH 541/699] Implement Java exception catching

This side-effect instruction marks the beginning of a handler (a site that can only
be branched to via exceptional control-flow); the remove_exceptions pass will assign
an appropriate pointer to a nominated expression (currently always a symbol_exprt
denoting a local temporary that denotes the caught exception).
---
 regression/cbmc-java/exceptions22/test.class  | Bin 0 -> 643 bytes
 regression/cbmc-java/exceptions22/test.desc   |  11 ++++
 regression/cbmc-java/exceptions22/test.java   |  20 ++++++
 src/goto-programs/goto_convert_class.h        |   6 ++
 src/goto-programs/goto_convert_exceptions.cpp |  22 ++++---
 .../goto_convert_side_effect.cpp              |  19 ++++++
 src/goto-programs/goto_program.cpp            |  52 +++++++++------
 src/goto-programs/goto_program_template.h     |   2 +-
 src/goto-programs/remove_exceptions.cpp       |  59 ++++++++++--------
 src/java_bytecode/expr2java.cpp               |  11 ++++
 .../java_bytecode_convert_method.cpp          |  54 +++++++++++-----
 src/java_bytecode/java_class_loader.cpp       |   3 +
 src/util/irep_ids.def                         |   1 +
 src/util/std_code.h                           |  44 +++++++++++++
 14 files changed, 238 insertions(+), 66 deletions(-)
 create mode 100644 regression/cbmc-java/exceptions22/test.class
 create mode 100644 regression/cbmc-java/exceptions22/test.desc
 create mode 100644 regression/cbmc-java/exceptions22/test.java

diff --git a/regression/cbmc-java/exceptions22/test.class b/regression/cbmc-java/exceptions22/test.class
new file mode 100644
index 0000000000000000000000000000000000000000..38081aaa0f253c0acbb4fdb01626d233ab6356b5
GIT binary patch
literal 643
zcmYL`OH0E*6ot<;X(x>_tyOD%KNspkH!ejK9|*n{6+w4tI!d&rlBD8q@ejCGK}A9L
z{wVQGv@L;ooO|zg&z*e#yng~%!JG{n6&n_YB}VexM<vE=WVL9ZA~9}b0+SL`0{wGd
z9IGe^nqj;Z#9pnT>H^|SAh#NXL9!-b%rBe>n48VI5-98kp*n0`*Hm<@lNq@7f>5Bh
znt1-zfp?S2Y)s0zfVJv3{yBEF*@}F%6X>dZqT*!f(!2E>^ul#80GDpGu-x#%i{<S*
zU)^Y14tn4SRJx&!w&U$6YDRRRSrXF@W-u#I>}DR-E|s6qbywPKaA1LQUByA9>KzvC
zCoKjz?HQ)|Xf_{H6f3$rPbN4bT&@M)#<>gb*~M3gN1ccw*IX)cIP`T=tH`8k`3;!|
zl=hxr-lOLO+0$3#z8=$<!AgU9no;I|((Mdd$nlf>21zVYmB{Q!^t-(Bxmc>bto=8z
zKVXn4zxMv176EOj%M<9|VueO&7|reyMs2XeT1o8yeI@G!`Flw70jBW`Q_uM4uRWti
OWRY>!^-Gk~@X#-6J!a1U

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/exceptions22/test.desc b/regression/cbmc-java/exceptions22/test.desc
new file mode 100644
index 00000000000..a3eaa698597
--- /dev/null
+++ b/regression/cbmc-java/exceptions22/test.desc
@@ -0,0 +1,11 @@
+CORE
+test.class
+
+^EXIT=0$
+^SIGNAL=0$
+VERIFICATION SUCCESSFUL
+--
+^warning: ignoring
+--
+This test checks that a thrown exception is caught, and is not erroneously rethrown
+on function exit such that another surrounding try block can catch it again.
diff --git a/regression/cbmc-java/exceptions22/test.java b/regression/cbmc-java/exceptions22/test.java
new file mode 100644
index 00000000000..7ca29cddab9
--- /dev/null
+++ b/regression/cbmc-java/exceptions22/test.java
@@ -0,0 +1,20 @@
+public class test {
+  public static void main () {
+    try {
+      f();
+    }
+    catch(Exception e) {
+      assert(false); // Should be unreachable
+    }
+  }
+
+  public static void f() {
+    try {
+      throw new Exception();
+    }
+    catch(Exception e) {
+      // Should prevent main's catch handler from being invoked
+    }
+  }
+}
+
diff --git a/src/goto-programs/goto_convert_class.h b/src/goto-programs/goto_convert_class.h
index 8e6fe4da973..508f70e5aaa 100644
--- a/src/goto-programs/goto_convert_class.h
+++ b/src/goto-programs/goto_convert_class.h
@@ -100,6 +100,9 @@ class goto_convertt:public messaget
   void remove_push_catch(
     side_effect_exprt &expr,
     goto_programt &dest);
+  void remove_exception_landingpad(
+    side_effect_exprt &expr,
+    goto_programt &dest);
   void remove_assignment(
     side_effect_exprt &expr,
     goto_programt &dest,
@@ -244,6 +247,9 @@ class goto_convertt:public messaget
   void convert_msc_leave(const codet &code, goto_programt &dest);
   void convert_try_catch(const codet &code, goto_programt &dest);
   void convert_java_try_catch(const codet &code, goto_programt &dest);
+  void convert_java_exception_landingpad(
+    const codet &code,
+    goto_programt &dest);
   void convert_CPROVER_try_catch(const codet &code, goto_programt &dest);
   void convert_CPROVER_try_finally(const codet &code, goto_programt &dest);
   void convert_CPROVER_throw(const codet &code, goto_programt &dest);
diff --git a/src/goto-programs/goto_convert_exceptions.cpp b/src/goto-programs/goto_convert_exceptions.cpp
index 581ae2bcecd..8076682096f 100644
--- a/src/goto-programs/goto_convert_exceptions.cpp
+++ b/src/goto-programs/goto_convert_exceptions.cpp
@@ -130,13 +130,6 @@ void goto_convertt::convert_java_try_catch(
       handlers_list[i].id(handlers_sub[i].id());
   }
 
-  // the CATCH instruction may also signal a handler
-  if(code.op0().has_operands())
-  {
-    catch_instruction->code.get_sub().resize(1);
-    catch_instruction->code.get_sub()[0]=code.op0().op0();
-  }
-
   // add a SKIP target for the end of everything
   goto_programt end;
   goto_programt::targett end_target=end.add_instruction();
@@ -148,6 +141,21 @@ void goto_convertt::convert_java_try_catch(
   dest.destructive_append(end);
 }
 
+/// Lower a side_effect_exprt describing an exception
+/// landing-pad (catch site) into GOTO code
+/// \param code: code to convert
+///   (must be a code_expressiont(side_effect_expr_landingpadt))
+/// \param [out] dest: code appended to this GOTO program
+void goto_convertt::convert_java_exception_landingpad(
+  const codet &code,
+  goto_programt &dest)
+{
+  PRECONDITION(code.get_statement()==ID_expression);
+  PRECONDITION(
+    to_side_effect_expr(code.op0()).get_statement()==ID_exception_landingpad);
+  copy(code, CATCH, dest);
+}
+
 void goto_convertt::convert_try_catch(
   const codet &code,
   goto_programt &dest)
diff --git a/src/goto-programs/goto_convert_side_effect.cpp b/src/goto-programs/goto_convert_side_effect.cpp
index 1d12ba8e9d7..b57d7149f80 100644
--- a/src/goto-programs/goto_convert_side_effect.cpp
+++ b/src/goto-programs/goto_convert_side_effect.cpp
@@ -647,6 +647,23 @@ void goto_convertt::remove_push_catch(
   expr.make_nil();
 }
 
+/// Lower a side_effect_exprt describing an exception
+/// landing-pad (catch site) into GOTO code
+/// \param expr: expression to convert
+/// \param [out] dest: code appended to this GOTO program
+void goto_convertt::remove_exception_landingpad(
+  side_effect_exprt &expr,
+  goto_programt &dest)
+{
+  PRECONDITION(expr.get_statement()==ID_exception_landingpad);
+
+  // Similar to the above, only currently used in Java.
+  convert_java_exception_landingpad(code_expressiont(expr), dest);
+
+  // the result can't be used, these are void
+  expr.make_nil();
+}
+
 void goto_convertt::remove_side_effect(
   side_effect_exprt &expr,
   goto_programt &dest,
@@ -709,6 +726,8 @@ void goto_convertt::remove_side_effect(
   }
   else if(statement==ID_push_catch)
     remove_push_catch(expr, dest);
+  else if(statement==ID_exception_landingpad)
+    remove_exception_landingpad(expr, dest);
   else
   {
     error().source_location=expr.find_source_location();
diff --git a/src/goto-programs/goto_program.cpp b/src/goto-programs/goto_program.cpp
index 347e156e589..953df2fc8c7 100644
--- a/src/goto-programs/goto_program.cpp
+++ b/src/goto-programs/goto_program.cpp
@@ -157,31 +157,47 @@ std::ostream &goto_programt::output_instruction(
     break;
 
   case CATCH:
-    if(!instruction.targets.empty())
+  {
+    if(instruction.code.get_statement()==ID_expression &&
+       instruction.code.op0().id()==ID_side_effect)
     {
-      out << "CATCH-PUSH ";
-
-      unsigned i=0;
-      const irept::subt &exception_list=
-        instruction.code.find(ID_exception_list).get_sub();
-      assert(instruction.targets.size()==exception_list.size());
-      for(instructiont::targetst::const_iterator
-          gt_it=instruction.targets.begin();
-          gt_it!=instruction.targets.end();
-          gt_it++,
-          i++)
+      const auto &landingpad=
+        to_side_effect_expr_landingpad(instruction.code.op0());
+      out << "EXCEPTION LANDING PAD ("
+          << from_type(ns, identifier, landingpad.catch_expr().type())
+          << ' '
+          << from_expr(ns, identifier, landingpad.catch_expr())
+          << ")";
+    }
+    else if(instruction.code.get_statement()==ID_catch)
+    {
+      if(!instruction.targets.empty())
       {
-        if(gt_it!=instruction.targets.begin())
-          out << ", ";
-        out << exception_list[i].id() << "->"
-            << (*gt_it)->target_number;
+        out << "CATCH-PUSH ";
+
+        unsigned i=0;
+        const irept::subt &exception_list=
+          instruction.code.find(ID_exception_list).get_sub();
+        assert(instruction.targets.size()==exception_list.size());
+        for(instructiont::targetst::const_iterator
+              gt_it=instruction.targets.begin();
+            gt_it!=instruction.targets.end();
+            gt_it++,
+              i++)
+        {
+          if(gt_it!=instruction.targets.begin())
+            out << ", ";
+          out << exception_list[i].id() << "->"
+              << (*gt_it)->target_number;
+        }
       }
+      else
+        out << "CATCH-POP";
     }
-    else
-      out << "CATCH-POP";
 
     out << '\n';
     break;
+  }
 
   case ATOMIC_BEGIN:
     out << "ATOMIC_BEGIN" << '\n';
diff --git a/src/goto-programs/goto_program_template.h b/src/goto-programs/goto_program_template.h
index 9b46dd2ba62..cbdaef8dcfd 100644
--- a/src/goto-programs/goto_program_template.h
+++ b/src/goto-programs/goto_program_template.h
@@ -44,7 +44,7 @@ enum goto_program_instruction_typet
   DEAD=15,          // marks the end-of-live of a local variable
   FUNCTION_CALL=16, // call a function
   THROW=17,         // throw an exception
-  CATCH=18          // catch an exception
+  CATCH=18          // push, pop or enter an exception handler
 };
 
 std::ostream &operator<<(std::ostream &, goto_program_instruction_typet);
diff --git a/src/goto-programs/remove_exceptions.cpp b/src/goto-programs/remove_exceptions.cpp
index 0c99e44b81a..c39e92587c0 100644
--- a/src/goto-programs/remove_exceptions.cpp
+++ b/src/goto-programs/remove_exceptions.cpp
@@ -22,6 +22,7 @@ Date:   December 2016
 
 #include <util/c_types.h>
 #include <util/std_expr.h>
+#include <util/std_code.h>
 #include <util/symbol_table.h>
 
 #include <analyses/uncaught_exceptions_analysis.h>
@@ -179,8 +180,13 @@ void remove_exceptionst::add_exceptional_returns(
   }
 }
 
-/// at the beginning of each handler in function f  adds exc=f#exception_value;
-/// f#exception_value=NULL;
+/// Translates an exception landing-pad into instructions that copy the
+/// in-flight exception pointer to a nominated expression, then clear the
+/// in-flight exception, hence marking it caught.
+/// \param func_it: iterator pointing to the function containing this
+///   landingpad instruction
+/// \param instr_it [in, out]: iterator pointing to the landingpad instruction.
+///   Will be overwritten.
 void remove_exceptionst::instrument_exception_handler(
   const goto_functionst::function_mapt::iterator &func_it,
   const goto_programt::instructionst::iterator &instr_it)
@@ -188,37 +194,37 @@ void remove_exceptionst::instrument_exception_handler(
   const irep_idt &function_id=func_it->first;
   goto_programt &goto_program=func_it->second.body;
 
-  PRECONDITION(instr_it->type==CATCH && instr_it->code.has_operands());
+  PRECONDITION(instr_it->type==CATCH);
 
   // retrieve the exception variable
-  const exprt &exception=instr_it->code.op0();
+  const auto &code_expr=to_code_expression(instr_it->code).expression();
+  const exprt &thrown_exception_local=
+    to_side_effect_expr_landingpad(code_expr).catch_expr();
+  irep_idt thrown_exception_global=id2string(function_id)+EXC_SUFFIX;
 
-  if(symbol_table.has_symbol(id2string(function_id)+EXC_SUFFIX))
+  if(symbol_table.has_symbol(thrown_exception_global))
   {
-    const symbolt &function_symbol=
-      symbol_table.lookup(id2string(function_id)+EXC_SUFFIX);
+    const symbol_exprt thrown_global_symbol=
+      symbol_table.lookup(thrown_exception_global).symbol_expr();
     // next we reset the exceptional return to NULL
-    symbol_exprt lhs_expr_null=function_symbol.symbol_expr();
-    null_pointer_exprt rhs_expr_null(pointer_type(empty_typet()));
+    null_pointer_exprt null_voidptr((pointer_type(empty_typet())));
 
     // add the assignment
     goto_programt::targett t_null=goto_program.insert_after(instr_it);
     t_null->make_assignment();
     t_null->source_location=instr_it->source_location;
     t_null->code=code_assignt(
-      lhs_expr_null,
-      rhs_expr_null);
+      thrown_global_symbol,
+      null_voidptr);
     t_null->function=instr_it->function;
 
-    // add the assignment exc=f#exception_value
-    symbol_exprt rhs_expr_exc=function_symbol.symbol_expr();
-
+    // add the assignment exc=f#exception_value (before the null assignment)
     goto_programt::targett t_exc=goto_program.insert_after(instr_it);
     t_exc->make_assignment();
     t_exc->source_location=instr_it->source_location;
     t_exc->code=code_assignt(
-      typecast_exprt(exception, rhs_expr_exc.type()),
-      rhs_expr_exc);
+      thrown_exception_local,
+      typecast_exprt(thrown_global_symbol, thrown_exception_local.type()));
     t_exc->function=instr_it->function;
   }
   instr_it->make_skip();
@@ -456,10 +462,18 @@ void remove_exceptionst::instrument_exceptions(
       code_declt decl=to_code_decl(instr_it->code);
       locals.push_back(decl.symbol());
     }
-    // it's a CATCH but not a handler (as it has no operands)
-    else if(instr_it->type==CATCH && !instr_it->code.has_operands())
+    // Is it a handler push/pop or catch landing-pad?
+    else if(instr_it->type==CATCH)
     {
-      if(instr_it->targets.empty()) // pop
+      // Is it an exception landing pad (start of a catch block)?
+      if(instr_it->code.get_statement()==ID_expression &&
+         instr_it->code.op0().id()==ID_side_effect &&
+         to_side_effect_expr(instr_it->code.op0()).get_statement()==
+         ID_exception_landingpad)
+      {
+        instrument_exception_handler(func_it, instr_it);
+      }
+      else if(instr_it->targets.empty()) // pop exception handler
       {
         // pop the local vars stack
         if(!stack_locals.empty())
@@ -479,7 +493,7 @@ void remove_exceptionst::instrument_exceptions(
 #endif
         }
       }
-      else // push
+      else // push exception handler
       {
         stack_locals.push_back(locals);
         locals.clear();
@@ -507,11 +521,6 @@ void remove_exceptionst::instrument_exceptions(
       }
       instr_it->make_skip();
     }
-    // CATCH handler
-    else if(instr_it->type==CATCH && instr_it->code.has_operands())
-    {
-      instrument_exception_handler(func_it, instr_it);
-    }
     else if(instr_it->type==THROW)
     {
       instrument_throw(func_it, instr_it, stack_catch, locals);
diff --git a/src/java_bytecode/expr2java.cpp b/src/java_bytecode/expr2java.cpp
index 69829c676d8..9fc013866eb 100644
--- a/src/java_bytecode/expr2java.cpp
+++ b/src/java_bytecode/expr2java.cpp
@@ -392,6 +392,17 @@ std::string expr2javat::convert_with_precedence(
   else if(src.id()==ID_side_effect &&
           src.get(ID_statement)==ID_throw)
     return convert_function(src, "throw", precedence=16);
+  else if(src.id()==ID_side_effect &&
+          src.get(ID_statement)==ID_exception_landingpad)
+  {
+    const exprt &catch_expr=
+      to_side_effect_expr_landingpad(src).catch_expr();
+    return "catch_landingpad(" +
+      convert(catch_expr.type()) +
+      ' ' +
+      convert(catch_expr) +
+      ')';
+  }
   else if(src.id()==ID_unassigned)
     return "?";
   else if(src.id()=="pod_constructor")
diff --git a/src/java_bytecode/java_bytecode_convert_method.cpp b/src/java_bytecode/java_bytecode_convert_method.cpp
index 53643d43016..0173cec8e37 100644
--- a/src/java_bytecode/java_bytecode_convert_method.cpp
+++ b/src/java_bytecode/java_bytecode_convert_method.cpp
@@ -1206,29 +1206,44 @@ codet java_bytecode_convert_methodt::convert_instructions(
       statement=std::string(id2string(statement), 0, statement.size()-2);
     }
 
+    typet catch_type;
+
+    // Find catch blocks that begin here. For now we assume if more than
+    // one catch targets the same bytecode then we must be indifferent to
+    // its type and just call it a Throwable.
     auto it=method.exception_table.begin();
     for(; it!=method.exception_table.end(); ++it)
     {
       if(cur_pc==it->handler_pc)
       {
-        // at the beginning of a handler, clear the stack and
-        // push the corresponding exceptional return variable
-        stack.clear();
-        auxiliary_symbolt new_symbol;
-        new_symbol.is_static_lifetime=true;
-        // generate the name of the exceptional return variable
-        const std::string &exceptional_var_name=
-          id2string(method_name)+
-          EXC_SUFFIX;
-        new_symbol.base_name=exceptional_var_name;
-        new_symbol.name=exceptional_var_name;
-        new_symbol.type=typet(ID_pointer, empty_typet());
-        new_symbol.mode=ID_java;
-        symbol_table.add(new_symbol);
-        stack.push_back(new_symbol.symbol_expr());
+        if(catch_type!=typet() || it->catch_type==symbol_typet())
+          catch_type=symbol_typet("java::java.lang.Throwable");
+        else
+          catch_type=it->catch_type;
       }
     }
 
+    codet catch_instruction;
+
+    if(catch_type!=typet())
+    {
+      // at the beginning of a handler, clear the stack and
+      // push the corresponding exceptional return variable
+      // We also create a catch exception instruction that
+      // precedes the catch block, and which remove_exceptionst
+      // will transform into something like:
+      // catch_var = GLOBAL_THROWN_EXCEPTION;
+      // GLOBAL_THROWN_EXCEPTION = null;
+      stack.clear();
+      symbol_exprt catch_var=
+        tmp_variable(
+          "caught_exception",
+          pointer_typet(catch_type));
+      stack.push_back(catch_var);
+      side_effect_expr_landingpadt catch_expr(catch_var);
+      catch_instruction=code_expressiont(catch_expr);
+    }
+
     exprt::operandst op=pop(bytecode_info.pop);
     exprt::operandst results;
     results.resize(bytecode_info.push, nil_exprt());
@@ -2439,6 +2454,15 @@ codet java_bytecode_convert_methodt::convert_instructions(
       }
     }
 
+    // Finally if this is the beginning of a catch block (already determined
+    // before the big bytecode switch), insert the exception 'landing pad'
+    // instruction before the actual instruction:
+    if(catch_instruction!=codet())
+    {
+      c.make_block();
+      c.operands().insert(c.operands().begin(), catch_instruction);
+    }
+
     if(!i_it->source_location.get_line().empty())
       merge_source_location_rec(c, i_it->source_location);
 
diff --git a/src/java_bytecode/java_class_loader.cpp b/src/java_bytecode/java_class_loader.cpp
index 6b720f05fb6..0d643602906 100644
--- a/src/java_bytecode/java_class_loader.cpp
+++ b/src/java_bytecode/java_class_loader.cpp
@@ -31,6 +31,9 @@ java_bytecode_parse_treet &java_class_loadert::operator()(
   queue.push("java.lang.String");
   // add java.lang.Class
   queue.push("java.lang.Class");
+  // Require java.lang.Throwable as the catch-type used for
+  // universal exception handlers:
+  queue.push("java.lang.Throwable");
   queue.push(class_name);
 
   java_class_loader_limitt class_loader_limit(
diff --git a/src/util/irep_ids.def b/src/util/irep_ids.def
index e24d7cd981f..a2f3fa82c23 100644
--- a/src/util/irep_ids.def
+++ b/src/util/irep_ids.def
@@ -745,6 +745,7 @@ IREP_ID_ONE(java_instanceof)
 IREP_ID_ONE(java_super_method_call)
 IREP_ID_ONE(java_enum_static_unwind)
 IREP_ID_ONE(push_catch)
+IREP_ID_ONE(exception_landingpad)
 IREP_ID_ONE(length_upper_bound)
 IREP_ID_ONE(string_constraint)
 IREP_ID_ONE(string_not_contains_constraint)
diff --git a/src/util/std_code.h b/src/util/std_code.h
index 1591348ed32..12daa6cd3f8 100644
--- a/src/util/std_code.h
+++ b/src/util/std_code.h
@@ -1152,6 +1152,7 @@ inline const side_effect_expr_throwt &to_side_effect_expr_throw(
   assert(expr.get(ID_statement)==ID_throw);
   return static_cast<const side_effect_expr_throwt &>(expr);
 }
+
 /*! \brief A side effect that pushes/pops a catch handler
 */
 class side_effect_expr_catcht:public side_effect_exprt
@@ -1182,6 +1183,49 @@ static inline const side_effect_expr_catcht &to_side_effect_expr_catch(
   return static_cast<const side_effect_expr_catcht &>(expr);
 }
 
+/*! \brief A side effect that catches an exception, assigning the exception
+      in flight to an expression (e.g. catch(Exception e) might be expressed
+      landingpadt(symbol_expr("e", ...)))
+*/
+class side_effect_expr_landingpadt:public side_effect_exprt
+{
+ public:
+  side_effect_expr_landingpadt():side_effect_exprt(ID_exception_landingpad)
+  {
+    operands().resize(1);
+  }
+  explicit side_effect_expr_landingpadt(const exprt &catch_expr):
+  side_effect_exprt(ID_exception_landingpad)
+  {
+    copy_to_operands(catch_expr);
+  }
+  const exprt &catch_expr() const
+  {
+    return op0();
+  }
+  exprt &catch_expr()
+  {
+    return op0();
+  }
+};
+
+static inline side_effect_expr_landingpadt &
+to_side_effect_expr_landingpad(exprt &expr)
+{
+  assert(expr.id()==ID_side_effect);
+  assert(expr.get(ID_statement)==ID_exception_landingpad);
+  return static_cast<side_effect_expr_landingpadt &>(expr);
+}
+
+static inline const side_effect_expr_landingpadt &
+to_side_effect_expr_landingpad(
+  const exprt &expr)
+{
+  assert(expr.id()==ID_side_effect);
+  assert(expr.get(ID_statement)==ID_exception_landingpad);
+  return static_cast<const side_effect_expr_landingpadt &>(expr);
+}
+
 /*! \brief A try/catch block
 */
 class code_try_catcht:public codet

From 4e13ea91501011df8557f1734de73cc2fe5f92c2 Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Fri, 4 Aug 2017 16:11:47 +0100
Subject: [PATCH 542/699] Implement universal exception handlers

Handlers that don't specify a type (i.e. the exception type is an
empty string) are supposed to catch all exceptions, but until now
this would result in literally comparing the class identifier against
the empty string.
---
 src/goto-programs/remove_exceptions.cpp | 223 +++++++++++-------------
 1 file changed, 97 insertions(+), 126 deletions(-)

diff --git a/src/goto-programs/remove_exceptions.cpp b/src/goto-programs/remove_exceptions.cpp
index c39e92587c0..48bfdb81e23 100644
--- a/src/goto-programs/remove_exceptions.cpp
+++ b/src/goto-programs/remove_exceptions.cpp
@@ -56,17 +56,23 @@ class remove_exceptionst
     const goto_functionst::function_mapt::iterator &,
     const goto_programt::instructionst::iterator &);
 
+  void add_exception_dispatch_sequence(
+    const goto_functionst::function_mapt::iterator &,
+    const goto_programt::instructionst::iterator &instr_it,
+    const stack_catcht &stack_catch,
+    const std::vector<exprt> &locals);
+
   void instrument_throw(
     const goto_functionst::function_mapt::iterator &,
     const goto_programt::instructionst::iterator &,
     const stack_catcht &,
-    std::vector<exprt> &);
+    const std::vector<exprt> &);
 
   void instrument_function_call(
     const goto_functionst::function_mapt::iterator &,
     const goto_programt::instructionst::iterator &,
     const stack_catcht &,
-    std::vector<exprt> &);
+    const std::vector<exprt> &);
 
   void instrument_exceptions(
     const goto_functionst::function_mapt::iterator &);
@@ -230,70 +236,34 @@ void remove_exceptionst::instrument_exception_handler(
   instr_it->make_skip();
 }
 
-/// finds the instruction where the exceptional output is set or the end of the
-/// function if no such output exists
-static goto_programt::targett get_exceptional_output(
-  goto_programt &goto_program)
-{
-  Forall_goto_program_instructions(it, goto_program)
-  {
-    const irep_idt &statement=it->code.get_statement();
-    if(statement==ID_output)
-    {
-      DATA_INVARIANT(
-        it->code.operands().size()>=2,
-        "output expected to have at least 2 operands");
-      const exprt &expr=it->code.op1();
-      DATA_INVARIANT(
-        expr.id()==ID_symbol,
-        "identifier expected to be a symbol");
-      const symbol_exprt &symbol=to_symbol_expr(expr);
-      if(id2string(symbol.get_identifier()).find(EXC_SUFFIX)
-         !=std::string::npos)
-        return it;
-    }
-  }
-  return goto_program.get_end_function();
-}
-
-/// instruments each throw with conditional GOTOS to the  corresponding
-/// exception handlers
-void remove_exceptionst::instrument_throw(
+/// Emit the code:
+/// if (exception instanceof ExnA) then goto handlera
+/// else if (exception instanceof ExnB) then goto handlerb
+/// else goto universal_handler or (dead locals; function exit)
+/// \param function_id: function instr_it belongs to
+/// \param instr_it: throw or call instruction that may be an
+///   exception source
+/// \param stack_catch: exception handlers currently registered
+/// \param locals: local variables to kill on a function-exit edge
+void remove_exceptionst::add_exception_dispatch_sequence(
   const goto_functionst::function_mapt::iterator &func_it,
   const goto_programt::instructionst::iterator &instr_it,
   const remove_exceptionst::stack_catcht &stack_catch,
-  std::vector<exprt> &locals)
+  const std::vector<exprt> &locals)
 {
-  PRECONDITION(instr_it->type==THROW);
-
-  const exprt &exc_expr=
-    uncaught_exceptions_domaint::get_exception_symbol(instr_it->code);
-  bool assertion_error=id2string(
-    uncaught_exceptions_domaint::get_exception_type(exc_expr.type())).
-    find("java.lang.AssertionError")!=std::string::npos;
-
-  // we don't count AssertionError (we couldn't catch it anyway
-  // and this may reduce the instrumentation considerably if the programmer
-  // used assertions)
-  if(assertion_error)
-    return;
-
-  goto_programt &goto_program=func_it->second.body;
   const irep_idt &function_id=func_it->first;
+  goto_programt &goto_program=func_it->second.body;
 
-  // find the end of the function
-  goto_programt::targett exceptional_output=
-    get_exceptional_output(goto_program);
-  if(exceptional_output!=instr_it)
-  {
-    // jump to the end of the function
-    // this will appear after the GOTO-based dynamic dispatch below
-    goto_programt::targett t_end=goto_program.insert_after(instr_it);
-    t_end->make_goto(exceptional_output);
-    t_end->source_location=instr_it->source_location;
-    t_end->function=instr_it->function;
-  }
+  // Unless we have a universal exception handler, jump to end of function
+  // if not caught:
+  goto_programt::targett default_target=goto_program.get_end_function();
 
+  // Jump to the universal handler or function end, as appropriate.
+  // This will appear after the GOTO-based dynamic dispatch below
+  goto_programt::targett default_dispatch=goto_program.insert_after(instr_it);
+  default_dispatch->make_goto();
+  default_dispatch->source_location=instr_it->source_location;
+  default_dispatch->function=instr_it->function;
 
   // find the symbol corresponding to the caught exceptions
   const symbolt &exc_symbol=
@@ -308,22 +278,32 @@ void remove_exceptionst::instrument_throw(
     {
       goto_programt::targett new_state_pc=
         stack_catch[i][j].second;
+      if(stack_catch[i][j].first==irep_idt())
+      {
+        // Universal handler. Highest on the stack takes
+        // precedence, so overwrite any we've already seen:
+        default_target=new_state_pc;
+      }
+      else
+      {
+        // Normal exception handler, make an instanceof check.
+        goto_programt::targett t_exc=goto_program.insert_after(instr_it);
+        t_exc->make_goto(new_state_pc);
+        t_exc->source_location=instr_it->source_location;
+        t_exc->function=instr_it->function;
 
-      // find handler
-      goto_programt::targett t_exc=goto_program.insert_after(instr_it);
-      t_exc->make_goto(new_state_pc);
-      t_exc->source_location=instr_it->source_location;
-      t_exc->function=instr_it->function;
-
-      // use instanceof to check that this is the correct handler
-      symbol_typet type(stack_catch[i][j].first);
-      type_exprt expr(type);
+        // use instanceof to check that this is the correct handler
+        symbol_typet type(stack_catch[i][j].first);
+        type_exprt expr(type);
 
-      binary_predicate_exprt check(exc_thrown, ID_java_instanceof, expr);
-      t_exc->guard=check;
+        binary_predicate_exprt check(exc_thrown, ID_java_instanceof, expr);
+        t_exc->guard=check;
+      }
     }
   }
 
+  default_dispatch->set_target(default_target);
+
   // add dead instructions
   for(const auto &local : locals)
   {
@@ -333,6 +313,37 @@ void remove_exceptionst::instrument_throw(
     t_dead->source_location=instr_it->source_location;
     t_dead->function=instr_it->function;
   }
+}
+
+/// instruments each throw with conditional GOTOS to the  corresponding
+/// exception handlers
+void remove_exceptionst::instrument_throw(
+  const goto_functionst::function_mapt::iterator &func_it,
+  const goto_programt::instructionst::iterator &instr_it,
+  const remove_exceptionst::stack_catcht &stack_catch,
+  const std::vector<exprt> &locals)
+{
+  PRECONDITION(instr_it->type==THROW);
+
+  const exprt &exc_expr=
+    uncaught_exceptions_domaint::get_exception_symbol(instr_it->code);
+  bool assertion_error=id2string(
+    uncaught_exceptions_domaint::get_exception_type(exc_expr.type())).
+    find("java.lang.AssertionError")!=std::string::npos;
+
+  // we don't count AssertionError (we couldn't catch it anyway
+  // and this may reduce the instrumentation considerably if the programmer
+  // used assertions)
+  if(assertion_error)
+    return;
+
+  add_exception_dispatch_sequence(
+    func_it, instr_it, stack_catch, locals);
+
+  // find the symbol where the thrown exception should be stored:
+  const symbolt &exc_symbol=
+        symbol_table.lookup(id2string(func_it->first)+EXC_SUFFIX);
+  symbol_exprt exc_thrown=exc_symbol.symbol_expr();
 
   // add the assignment with the appropriate cast
   code_assignt assignment(typecast_exprt(exc_thrown, exc_expr.type()),
@@ -348,7 +359,7 @@ void remove_exceptionst::instrument_function_call(
   const goto_functionst::function_mapt::iterator &func_it,
   const goto_programt::instructionst::iterator &instr_it,
   const stack_catcht &stack_catch,
-  std::vector<exprt> &locals)
+  const std::vector<exprt> &locals)
 {
   PRECONDITION(instr_it->type==FUNCTION_CALL);
 
@@ -366,61 +377,23 @@ void remove_exceptionst::instrument_function_call(
   const irep_idt &callee_id=
     to_symbol_expr(function_call.function()).get_identifier();
 
-  if(symbol_table.has_symbol(id2string(callee_id)+EXC_SUFFIX) &&
-     symbol_table.has_symbol(id2string(function_id)+EXC_SUFFIX))
-  {
-    // we may have an escaping exception
-    const symbolt &callee_exc_symbol=
-      symbol_table.lookup(id2string(callee_id)+EXC_SUFFIX);
-    symbol_exprt callee_exc=callee_exc_symbol.symbol_expr();
-
-    // find the end of the function
-    goto_programt::targett exceptional_output=
-      get_exceptional_output(goto_program);
-    if(exceptional_output!=instr_it)
-    {
-      // jump to the end of the function
-      // this will appear after the GOTO-based dynamic dispatch below
-      goto_programt::targett t_end=goto_program.insert_after(instr_it);
-      t_end->make_goto(exceptional_output);
-      t_end->source_location=instr_it->source_location;
-      t_end->function=instr_it->function;
-    }
+  const irep_idt &callee_inflight_exception=id2string(callee_id)+EXC_SUFFIX;
+  const irep_idt &local_inflight_exception=id2string(function_id)+EXC_SUFFIX;
 
-    for(std::size_t i=stack_catch.size(); i-->0;)
-    {
-      for(std::size_t j=stack_catch[i].size(); j-->0;)
-      {
-        goto_programt::targett new_state_pc;
-        new_state_pc=stack_catch[i][j].second;
-        goto_programt::targett t_exc=goto_program.insert_after(instr_it);
-        t_exc->make_goto(new_state_pc);
-        t_exc->source_location=instr_it->source_location;
-        t_exc->function=instr_it->function;
-        // use instanceof to check that this is the correct handler
-        symbol_typet type(stack_catch[i][j].first);
-        type_exprt expr(type);
-        binary_predicate_exprt check_instanceof(
-          callee_exc,
-          ID_java_instanceof,
-          expr);
-        t_exc->guard=check_instanceof;
-      }
-    }
+  if(symbol_table.has_symbol(callee_inflight_exception) &&
+     symbol_table.has_symbol(local_inflight_exception))
+  {
+    add_exception_dispatch_sequence(
+      func_it, instr_it, stack_catch, locals);
 
-    // add dead instructions
-    for(const auto &local : locals)
-    {
-      goto_programt::targett t_dead=goto_program.insert_after(instr_it);
-      t_dead->make_dead();
-      t_dead->code=code_deadt(local);
-      t_dead->source_location=instr_it->source_location;
-      t_dead->function=instr_it->function;
-    }
+    const symbol_exprt callee_inflight_exception_expr=
+      symbol_table.lookup(callee_inflight_exception).symbol_expr();
+    const symbol_exprt local_inflight_exception_expr=
+      symbol_table.lookup(local_inflight_exception).symbol_expr();
 
     // add a null check (so that instanceof can be applied)
     equal_exprt eq_null(
-      callee_exc,
+      local_inflight_exception_expr,
       null_pointer_exprt(pointer_type(empty_typet())));
     goto_programt::targett t_null=goto_program.insert_after(instr_it);
     t_null->make_goto(next_it);
@@ -430,14 +403,12 @@ void remove_exceptionst::instrument_function_call(
 
     // after each function call g() in function f
     // adds f#exception_value=g#exception_value;
-    const symbolt &caller=
-      symbol_table.lookup(id2string(function_id)+EXC_SUFFIX);
-    const symbol_exprt &lhs_expr=caller.symbol_expr();
-
     goto_programt::targett t=goto_program.insert_after(instr_it);
     t->make_assignment();
     t->source_location=instr_it->source_location;
-    t->code=code_assignt(lhs_expr, callee_exc);
+    t->code=code_assignt(
+      local_inflight_exception_expr,
+      callee_inflight_exception_expr);
     t->function=instr_it->function;
   }
 }

From 08f6b27758ac786b3ab089fcc81fe7184f1114cc Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Thu, 3 Aug 2017 17:34:46 +0100
Subject: [PATCH 543/699] Replace direct use of EXC_SUFFIX with a universal
 catch

---
 src/java_bytecode/java_entry_point.cpp | 70 ++++++++++++++++++++------
 src/java_bytecode/java_entry_point.h   |  1 +
 2 files changed, 56 insertions(+), 15 deletions(-)

diff --git a/src/java_bytecode/java_entry_point.cpp b/src/java_bytecode/java_entry_point.cpp
index 9cf1989c418..45a2dda9b3e 100644
--- a/src/java_bytecode/java_entry_point.cpp
+++ b/src/java_bytecode/java_entry_point.cpp
@@ -307,11 +307,9 @@ void java_record_outputs(
   codet output(ID_output);
   output.operands().resize(2);
 
-  assert(symbol_table.has_symbol(id2string(function.name)+EXC_SUFFIX));
-
   // retrieve the exception variable
   const symbolt exc_symbol=symbol_table.lookup(
-    id2string(function.name)+EXC_SUFFIX);
+    JAVA_ENTRY_POINT_EXCEPTION_SYMBOL);
 
   output.op0()=address_of_exprt(
     index_exprt(string_constantt(exc_symbol.base_name),
@@ -613,17 +611,19 @@ bool java_entry_point(
     call_main.lhs()=return_symbol.symbol_expr();
   }
 
-  if(!symbol_table.has_symbol(id2string(symbol.name)+EXC_SUFFIX))
-  {
-    // add the exceptional return value
-    auxiliary_symbolt exc_symbol;
-    exc_symbol.mode=ID_java;
-    exc_symbol.is_static_lifetime=true;
-    exc_symbol.name=id2string(symbol.name)+EXC_SUFFIX;
-    exc_symbol.base_name=id2string(symbol.name)+EXC_SUFFIX;
-    exc_symbol.type=java_reference_type(empty_typet());
-    symbol_table.add(exc_symbol);
-  }
+  // add the exceptional return value
+  auxiliary_symbolt exc_symbol;
+  exc_symbol.mode=ID_java;
+  exc_symbol.name=JAVA_ENTRY_POINT_EXCEPTION_SYMBOL;
+  exc_symbol.base_name=exc_symbol.name;
+  exc_symbol.type=java_reference_type(empty_typet());
+  symbol_table.add(exc_symbol);
+
+  // Zero-initialise the top-level exception catch variable:
+  init_code.copy_to_operands(
+    code_assignt(
+      exc_symbol.symbol_expr(),
+      null_pointer_exprt(to_pointer_type(exc_symbol.type))));
 
   // create code that allocates the objects used as test arguments and
   // non-deterministically initializes them
@@ -638,8 +638,48 @@ bool java_entry_point(
       pointer_type_selector);
   call_main.arguments()=main_arguments;
 
+  // Create target labels for the toplevel exception handler:
+  code_labelt toplevel_catch("toplevel_catch", code_skipt());
+  code_labelt after_catch("after_catch", code_skipt());
+
+  code_blockt call_block;
+
+  // Push a universal exception handler:
+  side_effect_expr_catcht push_universal_handler;
+  irept catch_type_list(ID_exception_list);
+  irept catch_target_list(ID_label);
+  // Catch all exceptions:
+  // This is equivalent to catching Throwable, but also works if some of
+  // the class hierarchy is missing so that we can't determine that
+  // the thrown instance is an indirect child of Throwable
+  catch_type_list.get_sub().push_back(irept());
+  catch_target_list.get_sub().push_back(irept(toplevel_catch.get_label()));
+  push_universal_handler.set(ID_exception_list, catch_type_list);
+  push_universal_handler.set(ID_label, catch_target_list);
+
+  call_block.copy_to_operands(code_expressiont(push_universal_handler));
+
   // we insert the call to the method AFTER the argument initialization code
-  init_code.move_to_operands(call_main);
+  call_block.move_to_operands(call_main);
+
+  // Pop the handler:
+  side_effect_expr_catcht pop_handler;
+  pop_handler.set(ID_exception_list, get_nil_irep());
+  pop_handler.set(ID_label, get_nil_irep());
+
+  //call_block.copy_to_operands(code_expressiont(pop_handler));
+  init_code.move_to_operands(call_block);
+
+  // Normal return: skip the exception handler:
+  init_code.copy_to_operands(code_gotot(after_catch.get_label()));
+
+  // Exceptional return: catch and assign to exc_symbol.
+  side_effect_expr_landingpadt landingpad(exc_symbol.symbol_expr());
+  init_code.copy_to_operands(toplevel_catch);
+  init_code.copy_to_operands(code_expressiont(landingpad));
+
+  // Converge normal and exceptional return:
+  init_code.move_to_operands(after_catch);
 
   // declare certain (which?) variables as test outputs
   java_record_outputs(symbol, main_arguments, init_code, symbol_table);
diff --git a/src/java_bytecode/java_entry_point.h b/src/java_bytecode/java_entry_point.h
index 97828ed2bdb..18e42aafc65 100644
--- a/src/java_bytecode/java_entry_point.h
+++ b/src/java_bytecode/java_entry_point.h
@@ -15,6 +15,7 @@ Author: Daniel Kroening, kroening@kroening.com
 #include <java_bytecode/select_pointer_type.h>
 
 #define JAVA_ENTRY_POINT_RETURN_SYMBOL "return'"
+#define JAVA_ENTRY_POINT_EXCEPTION_SYMBOL "uncaught_exception'"
 
 bool java_entry_point(
   class symbol_tablet &symbol_table,

From d15c67dfbd9ab3e31d9e5ec1125d9a3e9286b764 Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Mon, 7 Aug 2017 10:30:46 +0100
Subject: [PATCH 544/699] Add tests for Java finally construct

These check that a finally block is accessible when a catch block is
absent, present and catches, present and does not catch, and present
without any exception being thrown at all. The first three cases are
then repeated for the case where an exception escapes from a function
rather than being thrown locally.
---
 regression/cbmc-java/finally1/test.class | Bin 0 -> 594 bytes
 regression/cbmc-java/finally1/test.desc  |   9 +++++++++
 regression/cbmc-java/finally1/test.java  |  11 +++++++++++
 regression/cbmc-java/finally2/test.class | Bin 0 -> 637 bytes
 regression/cbmc-java/finally2/test.desc  |   9 +++++++++
 regression/cbmc-java/finally2/test.java  |  12 ++++++++++++
 regression/cbmc-java/finally3/test.class | Bin 0 -> 727 bytes
 regression/cbmc-java/finally3/test.desc  |  10 ++++++++++
 regression/cbmc-java/finally3/test.java  |  14 ++++++++++++++
 regression/cbmc-java/finally4/test.class | Bin 0 -> 713 bytes
 regression/cbmc-java/finally4/test.desc  |   9 +++++++++
 regression/cbmc-java/finally4/test.java  |  15 +++++++++++++++
 regression/cbmc-java/finally5/test.class | Bin 0 -> 681 bytes
 regression/cbmc-java/finally5/test.desc  |   9 +++++++++
 regression/cbmc-java/finally5/test.java  |  15 +++++++++++++++
 regression/cbmc-java/finally6/test.class | Bin 0 -> 720 bytes
 regression/cbmc-java/finally6/test.desc  |   9 +++++++++
 regression/cbmc-java/finally6/test.java  |  16 ++++++++++++++++
 regression/cbmc-java/finally7/test.class | Bin 0 -> 818 bytes
 regression/cbmc-java/finally7/test.desc  |  10 ++++++++++
 regression/cbmc-java/finally7/test.java  |  18 ++++++++++++++++++
 21 files changed, 166 insertions(+)
 create mode 100644 regression/cbmc-java/finally1/test.class
 create mode 100644 regression/cbmc-java/finally1/test.desc
 create mode 100644 regression/cbmc-java/finally1/test.java
 create mode 100644 regression/cbmc-java/finally2/test.class
 create mode 100644 regression/cbmc-java/finally2/test.desc
 create mode 100644 regression/cbmc-java/finally2/test.java
 create mode 100644 regression/cbmc-java/finally3/test.class
 create mode 100644 regression/cbmc-java/finally3/test.desc
 create mode 100644 regression/cbmc-java/finally3/test.java
 create mode 100644 regression/cbmc-java/finally4/test.class
 create mode 100644 regression/cbmc-java/finally4/test.desc
 create mode 100644 regression/cbmc-java/finally4/test.java
 create mode 100644 regression/cbmc-java/finally5/test.class
 create mode 100644 regression/cbmc-java/finally5/test.desc
 create mode 100644 regression/cbmc-java/finally5/test.java
 create mode 100644 regression/cbmc-java/finally6/test.class
 create mode 100644 regression/cbmc-java/finally6/test.desc
 create mode 100644 regression/cbmc-java/finally6/test.java
 create mode 100644 regression/cbmc-java/finally7/test.class
 create mode 100644 regression/cbmc-java/finally7/test.desc
 create mode 100644 regression/cbmc-java/finally7/test.java

diff --git a/regression/cbmc-java/finally1/test.class b/regression/cbmc-java/finally1/test.class
new file mode 100644
index 0000000000000000000000000000000000000000..73e239d42e59377c5c0ac3f6ebaebe02330f5750
GIT binary patch
literal 594
zcmY*W$xZ@65PdZaG>n7bhPdE<P!D?HXpF`sCT<6aiQa~xqoX)uW(M_J_yNyqqKPDO
z_nVBdx>bmms_J^LU%#sU_<DN>P{zE43`PZt77UDLATTB{ZXv0f6BZ^>5||<kEjUpm
z!`KV_XxodNT0_<ebVf+6dA=8~6B3I{Cj@gVs7pfb!1Lu%^SUO(sv<LR?RY*RTZtX_
z>d?8-ZGmZmwR7*v8!b&puept1L8}rpLs#y4>Ut)YQM_{L+&VUFWZ99bR~wFhzS_NS
z!$KdS*n>9zT<?To5V8v;BQRrQ7ITDrk9l0Xly3Y_w|Wr<cR%iPJ>ph_S3xM$W#omj
z-hF`wi<=Da9?n=@@L~bV7nLWj5+G%qV?UotoQZRC`4#l2h{$nF=_XH$JW~x#J?5;a
zV{I6xuSj(EpJ2Ao*G7_$sm^jo!x^NRWM~=nnSjY1fdQ^;7<&SPpXld^A&n7p(irYK
lDr*&BU{Jgu-GVS5U?!enDtAA!f9{lI5{A8@W*E_M;T!!5Zm$3U

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/finally1/test.desc b/regression/cbmc-java/finally1/test.desc
new file mode 100644
index 00000000000..a5fb4996899
--- /dev/null
+++ b/regression/cbmc-java/finally1/test.desc
@@ -0,0 +1,9 @@
+CORE
+test.class
+
+^EXIT=10$
+^SIGNAL=0$
+assertion at file test\.java line 7 function java::test\.main:\(\)V bytecode-index 9: FAILURE
+^VERIFICATION FAILED$
+--
+^warning: ignoring
diff --git a/regression/cbmc-java/finally1/test.java b/regression/cbmc-java/finally1/test.java
new file mode 100644
index 00000000000..f1a964d83d3
--- /dev/null
+++ b/regression/cbmc-java/finally1/test.java
@@ -0,0 +1,11 @@
+public class test {
+ public static void main() throws Exception {
+   try {
+     throw new Exception();
+   }
+   finally {
+     assert(false);
+   }
+ }
+}
+
diff --git a/regression/cbmc-java/finally2/test.class b/regression/cbmc-java/finally2/test.class
new file mode 100644
index 0000000000000000000000000000000000000000..a7e4c2e4c22470ea15e5a7e0ce3edbd33f8fae62
GIT binary patch
literal 637
zcmY*VxlY4C5Pjn~S=$&A!WHhb;E<r9L<qzoB(4I41fAoozz}R?JHWT_1Jr;75=f-y
zk0?OQE+i4n&d$6yZ{Ezu_v<@=MNB!cQ4;8PV4!3}U_fBdK~@!q91LSbV3g1`<t2%X
z(;y0y^&s)eRaqg>2_d%>gh9GY$V|^15zMuyA_@7OAe4Kx%d(6Q6`6rcF9-?k2dU>@
z?0Q$a%!38S2+qc>FR!#Z!CLaGf11ugREvGN87Kuil}S2(?p=E>T(q+(^<SuZ;psxN
z--UxVLa7C<HjHn?aTK!=B_lBIVgi$dLW{XyK9_#_PxtUFj&6Pz$hU}VRlWwHw<41u
zmX+oN-Yu;$z^6FDI3LsIBU7QIJn=6BQpWl1;B1&9am>!XfF2YPd46-c$lId8R6|p5
zI2w%2yumnrL8iX_2=fj@Z^&|*tMBNvt&z^vA2i*9rK62LZZ@=h5hnjlMshsD!Zds9
z<VrWpErH^mK-U+~<nYNxx;2-$*FsOz`J%Q6bQZ-ktUCzv9%kkVrrP3nOk)crorU49
Ks9k$C-1h?)+jaH;

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/finally2/test.desc b/regression/cbmc-java/finally2/test.desc
new file mode 100644
index 00000000000..ae317e016fe
--- /dev/null
+++ b/regression/cbmc-java/finally2/test.desc
@@ -0,0 +1,9 @@
+CORE
+test.class
+
+^EXIT=10$
+^SIGNAL=0$
+assertion at file test\.java line 8 function java::test\.main:\(\)V bytecode-index 9: FAILURE
+^VERIFICATION FAILED$
+--
+^warning: ignoring
diff --git a/regression/cbmc-java/finally2/test.java b/regression/cbmc-java/finally2/test.java
new file mode 100644
index 00000000000..548936094dc
--- /dev/null
+++ b/regression/cbmc-java/finally2/test.java
@@ -0,0 +1,12 @@
+public class test {
+ public static void main() throws Exception {
+   try {
+     throw new Exception();
+   }
+   catch(Exception e) { }
+   finally {
+     assert(false);
+   }
+ }
+}
+
diff --git a/regression/cbmc-java/finally3/test.class b/regression/cbmc-java/finally3/test.class
new file mode 100644
index 0000000000000000000000000000000000000000..e73e96ce4ad6481abfa103f8bc0ba411caaf3c1c
GIT binary patch
literal 727
zcmY*W(M}UV6g{)u-D!uV6cDINQ4|y~kr$#b#6S>ZA|MIGMBcXBi41Oc$?R1920wux
z@EJ`ck;K09M?7G>GuRei=FYw6%suy>x%l(zH-Hr^2ngKaxGUh<I9)**4UQRs(B}69
z?qinY0mJxQToh6pm1o6ERm9Cywiws}L%6CkWnM6p78c(z_#1gkGK_4gOzw2rO{w=S
znSgezGKS$j6DJ?H<6~DQO^$~QV)IKPk6m|;Ifn9TlKyKe_VSKS<SS*HRE#Xl)1&xP
z9AOw$h8cTbPUGyu@=hmBcXO2)sr%g+8Uw<*R_3rRjY|4>gds!>^&6z#nwwhZn#Q(@
z9P<$#;W0yPz<k?0l8GT}2BrN&oqxVw_eQm^Mz##N8!0);FxirY(z3PQ(<OgQhXAtk
z0JHQVg8qut>UL7Pl|UY%O6Le=4T_9nuyh7?YKf@P8M-3bg;An<j{23NN7(aoc<;|p
z>c07o-~>bG2r1=VmreJwt^dI%-Bb6tO!N5EWD4_idQNN-0o{E<LK5VJ2|S}&$EZ4i
z;5Em1b(`bX6^%mSl4hH54`_LMG}T{b#Z3*2j+K9+asuvugJ1fAz%F*J)mzN=4&X&=
KcKy18Z~q16Q<9DV

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/finally3/test.desc b/regression/cbmc-java/finally3/test.desc
new file mode 100644
index 00000000000..40c2fe0ab68
--- /dev/null
+++ b/regression/cbmc-java/finally3/test.desc
@@ -0,0 +1,10 @@
+CORE
+test.class
+
+^EXIT=10$
+^SIGNAL=0$
+assertion at file test\.java line 7 function java::test\.main:\(\)V bytecode-index 9: SUCCESS
+assertion at file test\.java line 10 function java::test\.main:\(\)V bytecode-index 22: FAILURE
+^VERIFICATION FAILED$
+--
+^warning: ignoring
diff --git a/regression/cbmc-java/finally3/test.java b/regression/cbmc-java/finally3/test.java
new file mode 100644
index 00000000000..51d347c3327
--- /dev/null
+++ b/regression/cbmc-java/finally3/test.java
@@ -0,0 +1,14 @@
+public class test {
+ public static void main() throws Exception {
+   try {
+     throw new NullPointerException();
+   }
+   catch(ArithmeticException e) {
+     assert(false);
+   }
+   finally {
+     assert(false);
+   }
+ }
+}
+
diff --git a/regression/cbmc-java/finally4/test.class b/regression/cbmc-java/finally4/test.class
new file mode 100644
index 0000000000000000000000000000000000000000..f7989f80e54e568d46a4a8c46aacae93a19bcd76
GIT binary patch
literal 713
zcmY*WO-~d-5PdZ>yS+O*unP;gDvPjU;zuGLxEP5M5if!smYBe8cD5spyECMxSNs9~
z3hu@;nn<FF-2F!$G*&n6hnY-OSH0I&^{RjV`St_AI&Ot1p;1N=R|T$x@X-*sF0dG)
zi6wy>g!*cn=TaM$rTH_J$DN++66k<X+)$}9j|u+mJFf}BR@Rk->W)g~%R#>*^`0d&
z(2rG0m};9idAl1QyR>VwObEB%C-T@;7g!;bHj>`IvSB+L=tMqOwn*8?+}uBk-^CFs
zh$55`5*jwK){E0OYn#I<x3$hRp*aC*We)q&sASZPr?LeFS`ltyl~5bgUv-XTVp#b&
zwRfnqlS?%d*@<e^F?XxS3nMIaWv;aBj^<+dX21Y%>i{df@)AD*)f!d_pL~!N#&(LM
zCVOIExO)ydvqVg@ExIIc168Jaj{1?k$Jo>0(Ff3Hc&B*y9sd3~f{Pa}tPDdJEe@ld
z|G|3~XFLSAM4f-@AF!>X<-F(mFF|lF;C==EDvS!uv5*#@H+h;Gqw^@V1!ksq1!jNq
zEq1?n?7F*1jy^xqx$Xo3Gqc675T_8qCj|Z%cvkae&!J{py8thGVmGtk;46Otzbc6W

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/finally4/test.desc b/regression/cbmc-java/finally4/test.desc
new file mode 100644
index 00000000000..eeba95d006c
--- /dev/null
+++ b/regression/cbmc-java/finally4/test.desc
@@ -0,0 +1,9 @@
+CORE
+test.class
+
+^EXIT=10$
+^SIGNAL=0$
+assertion at file test\.java line 11 function java::test\.main:\(\)V bytecode-index 7: FAILURE
+^VERIFICATION FAILED$
+--
+^warning: ignoring
diff --git a/regression/cbmc-java/finally4/test.java b/regression/cbmc-java/finally4/test.java
new file mode 100644
index 00000000000..4943a8d251d
--- /dev/null
+++ b/regression/cbmc-java/finally4/test.java
@@ -0,0 +1,15 @@
+public class test {
+ public static void main() throws Exception {
+   try {
+     int x = 1;
+     x++;
+   }
+   catch(ArithmeticException e) {
+     assert(false);
+   }
+   finally {
+     assert(false);
+   }
+ }
+}
+
diff --git a/regression/cbmc-java/finally5/test.class b/regression/cbmc-java/finally5/test.class
new file mode 100644
index 0000000000000000000000000000000000000000..0bde735c6afb52b2b0f2b8387903498e0525ba3a
GIT binary patch
literal 681
zcmY*WO;6iE5Pcgvv9p*YK!NZLg;p(xa^Z*&6@^O+2!W8`gySr&X|R#)Kz|E=pl7I5
z5J=6PpHx*9Zx@n)4>LP6Z)V;+-~Ye;17HzvB_u{9T#OcJ#vF`G*cfpzAyLqNQeq0z
z4rT-f=KM5ONfyRY`YBBPT0_+Z#DPFzDU8BwS-^Vteow$&jq6IF{3VRkX7i+`l3fjE
z;lvLkf!>|W558~srzY*-wSZjv5vWr$nj?<{+@+xLG*s@y%_LCkp&n7pRGNJ__Ro9|
zy(oDY)TRfXKvicK8h-S3;bWWVT9U*Gsdr1AMWmx=Ihge@hc^P1E@-QEtb*)C-|n|0
zK7Tx;+y$;SsENQ(U8P~7>Ycs3Fl(|vK@KoOX(ja*m8xdSmkp|b5^b5$1ihfo&tF4a
zY9K1K1(W2-=p!^|pojDtI(viM6|4)4-@)F$M!xmgggxzWzIADU7MsB)J+K6e)~2QA
z9NW*R3~SrLz(15||FY$kf$*OaKy9D)PSfkpy+eWPoEG2DS$fa<Tnu$iTQnqqzJB*N
fiWhL~pRlc8u=JUatlDR4HhJW{6)ncFDOVo=_eysz

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/finally5/test.desc b/regression/cbmc-java/finally5/test.desc
new file mode 100644
index 00000000000..cc3b6780920
--- /dev/null
+++ b/regression/cbmc-java/finally5/test.desc
@@ -0,0 +1,9 @@
+CORE
+test.class
+
+^EXIT=10$
+^SIGNAL=0$
+assertion at file test\.java line 7 function java::test\.main:\(\)V bytecode-index 12: FAILURE
+^VERIFICATION FAILED$
+--
+^warning: ignoring
diff --git a/regression/cbmc-java/finally5/test.java b/regression/cbmc-java/finally5/test.java
new file mode 100644
index 00000000000..3411b175943
--- /dev/null
+++ b/regression/cbmc-java/finally5/test.java
@@ -0,0 +1,15 @@
+public class test {
+ public static void main() throws Exception {
+   try {
+     f();
+   }
+   finally {
+     assert(false);
+   }
+ }
+
+ public static void f() throws Exception {
+   throw new Exception();
+ }
+}
+
diff --git a/regression/cbmc-java/finally6/test.class b/regression/cbmc-java/finally6/test.class
new file mode 100644
index 0000000000000000000000000000000000000000..5f4d132176170a45c753b55890c6ee9ca41cfe86
GIT binary patch
literal 720
zcmY*WT~8B16g|`3?reuGEd^^uP*D7WM55u57!2Zzh%pcodE0JBT`ap~cZ>c2e+7TQ
zXEYHbiGAlE`JnO4U|W2-ckb7@=bkzH^W!Ig72Hu!m{#y{wL&u^F{|KWTH>05XZ&@A
zIm}Dk5SUyD^IT^|oF@5`I1k%h-4PJG0^Vwz#Kj{4=kC2%0`7X+(E_#2IMG|Z{kG0_
zOfw7nVVnq5w~H`(|2#afY3`D^DWEn!M*6^_6ZMUNzZ!M_;i~Plmqq$%Y)~qN&Wrnd
z;b9n{itzwVW5y5&v`lun8zyg;9}l>0WLcV#{irltL`DWnVj;jS+!m;hnqIW`bX5E|
zxAQJbKb&7u8#S(XDT_d}qw_e^o#9>{S@c+-CcBuYx{8vEddo27%LRqNIBkv5EWMyF
zFP=agn?}@WJ)7jom|$zkwtk{7vG(vgN?+g{Vd)g^>l2jw&ulm|2sdpwHVBvc$9B#k
zmdAOA9}8y8o+iq)E_1%EHs~LaaD&+?xGyCpw<M;1lLXx_vbtpZ`Ss*R{fT4Fn6n!I
z{}di6$v$%zFR5Ob^Kp52{))X5m}vOlP&tBhKf`st!ZA{uQyfTPD3wtP){I~+TfXua
Dp1^$H

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/finally6/test.desc b/regression/cbmc-java/finally6/test.desc
new file mode 100644
index 00000000000..91aca5d1b77
--- /dev/null
+++ b/regression/cbmc-java/finally6/test.desc
@@ -0,0 +1,9 @@
+CORE
+test.class
+
+^EXIT=10$
+^SIGNAL=0$
+assertion at file test\.java line 8 function java::test\.main:\(\)V bytecode-index 12: FAILURE
+^VERIFICATION FAILED$
+--
+^warning: ignoring
diff --git a/regression/cbmc-java/finally6/test.java b/regression/cbmc-java/finally6/test.java
new file mode 100644
index 00000000000..e7c328bdf56
--- /dev/null
+++ b/regression/cbmc-java/finally6/test.java
@@ -0,0 +1,16 @@
+public class test {
+ public static void main() throws Exception {
+   try {
+     f();
+   }
+   catch(Exception e) { }
+   finally {
+     assert(false);
+   }
+ }
+
+ public static void f() throws Exception {
+   throw new Exception();
+ }
+}
+
diff --git a/regression/cbmc-java/finally7/test.class b/regression/cbmc-java/finally7/test.class
new file mode 100644
index 0000000000000000000000000000000000000000..94bdd643637162375146e9a54b5a1aebc2a73365
GIT binary patch
literal 818
zcmY*X&rcIU6#iy++iACj{y?x|i$ziSk-&wE2~iB<ML-F}L~h&dD1+NwGCNiO7A_t=
zqlp+v?A`y!gT^<5ZPz`#H}8Glz8~Mr&p+RP09eP0j}n?bif9$d%yHcE;i1XV=9u@v
z&GEL6J6Pbj%P_SNq^VF^CUN>ira>nXT?Tf<kl&E8)DIcl#if@F-d55T43!-ji@koY
zBh;ZG6VMA}%rJ4FgYfNcaB9=G-8}|>`$H&BZFP?ORQNSRVIz$GmG%#kz6!-tX$lp!
zNcHMT@GdB05|uI<#*{I^&@kDxD2U&zJsys`tyH2IS{X=5ecTgThNG?wb7Oq3A4M+`
z8Ec_31kbePSS(`+%M8^q|9R&`gqk!Orw)%*^8RY?Og2-kGUjeYBrU^CSEN#j?r3ll
zO7{sMU5_wNmsFygW7URPl};X*S)Xi`q852ZKDT@Uc5aBMk<HsAX@)vc9ZUU4-XU!B
z8=TK@&+y<9-m44b2G49*8iqD%4x^p_!Ii-|T&m(ypS<;}WNT={c*l01wTMR?-?HlT
ztlD&bL@P`YYZ|$Ij%$;<9MivP8FIg9;2DC<cGqcax?3t{Hf-CWfx;y?O<NdHF1uu9
u^dCn7H%7{=6U%(Hdhsj#GjQ({JogJ+qtex!LzT=-IXLA_qvfoHZ~g`KF`4cF

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/finally7/test.desc b/regression/cbmc-java/finally7/test.desc
new file mode 100644
index 00000000000..5772f2dea33
--- /dev/null
+++ b/regression/cbmc-java/finally7/test.desc
@@ -0,0 +1,10 @@
+CORE
+test.class
+
+^EXIT=10$
+^SIGNAL=0$
+assertion at file test\.java line 7 function java::test\.main:\(\)V bytecode-index 12: SUCCESS
+assertion at file test\.java line 10 function java::test\.main:\(\)V bytecode-index 25: FAILURE
+^VERIFICATION FAILED$
+--
+^warning: ignoring
diff --git a/regression/cbmc-java/finally7/test.java b/regression/cbmc-java/finally7/test.java
new file mode 100644
index 00000000000..b9e8e16380e
--- /dev/null
+++ b/regression/cbmc-java/finally7/test.java
@@ -0,0 +1,18 @@
+public class test {
+ public static void main() throws Exception {
+   try {
+     f();
+   }
+   catch(ArithmeticException e) {
+     assert(false);
+   }
+   finally {
+     assert(false);
+   }
+ }
+
+ public static void f() throws NullPointerException {
+   throw new NullPointerException();
+ }
+}
+

From 5d534eb6c4871dbd8cd8924d15d8d8fb2c46d020 Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Mon, 7 Aug 2017 13:08:24 +0100
Subject: [PATCH 545/699] Clean up CATCH instruction code

The three types of CATCH instruction (push-handler, pop-handler and handler-landingpad)
are now represented by distinct codet subclasses, and the codet and GOTO representations
have been made uniform (the goto-convert step is a simple copy with instruction type CATCH).

The Java version of push-catch gives <type-tag, label> pairs and then later populates
GOTO targets for them, while the C++ version, being block-structured by nature,
omits the labels and directly populates the GOTO instruction targets.
---
 src/goto-programs/goto_convert.cpp            |  46 +++---
 src/goto-programs/goto_convert_class.h        |  10 --
 src/goto-programs/goto_convert_exceptions.cpp |  77 ++-------
 .../goto_convert_side_effect.cpp              |  32 ----
 src/goto-programs/goto_program.cpp            |  51 +++---
 src/goto-programs/remove_exceptions.cpp       |  32 ++--
 src/java_bytecode/expr2java.cpp               |   6 +-
 .../java_bytecode_convert_method.cpp          |  35 ++--
 src/java_bytecode/java_entry_point.cpp        |  24 ++-
 src/util/irep_ids.def                         |   1 +
 src/util/std_code.h                           | 153 ++++++++++++++----
 11 files changed, 220 insertions(+), 247 deletions(-)

diff --git a/src/goto-programs/goto_convert.cpp b/src/goto-programs/goto_convert.cpp
index 5f308b3f9ff..022526863e4 100644
--- a/src/goto-programs/goto_convert.cpp
+++ b/src/goto-programs/goto_convert.cpp
@@ -58,31 +58,24 @@ static void finish_catch_push_targets(goto_programt &dest)
   // in the second pass set the targets
   Forall_goto_program_instructions(it, dest)
   {
-    if(it->is_catch())
+    if(it->is_catch() && it->code.get_statement()==ID_push_catch)
     {
-      bool handler_added=true;
-      irept exceptions=it->code.find(ID_exception_list);
+      // Populate `targets` with a GOTO instruction target per
+      // exception handler if it isn't already populated.
+      // (Java handlers, for example, need this finish step; C++
+      //  handlers will already be populated by now)
 
-      if(exceptions.is_nil() &&
-         it->code.has_operands())
-        exceptions=it->code.op0().find(ID_exception_list);
-
-      const irept::subt &exception_list=exceptions.get_sub();
-
-      if(!exception_list.empty())
+      if(it->targets.empty())
       {
-        // in this case we have a CATCH_PUSH
-        irept handlers=it->code.find(ID_label);
-        if(handlers.is_nil() &&
-           it->code.has_operands())
-          handlers=it->code.op0().find(ID_label);
-        const irept::subt &handler_list=handlers.get_sub();
-
-        // some handlers may not have been converted (if there was no
-        // exception to be caught); in such a situation we abort
+        bool handler_added=true;
+        const code_push_catcht::exception_listt &handler_list=
+          to_code_push_catch(it->code).exception_list();
+
         for(const auto &handler : handler_list)
         {
-          if(label_targets.find(handler.id())==label_targets.end())
+          // some handlers may not have been converted (if there was no
+          // exception to be caught); in such a situation we abort
+          if(label_targets.find(handler.get_label())==label_targets.end())
           {
             handler_added=false;
             break;
@@ -93,14 +86,7 @@ static void finish_catch_push_targets(goto_programt &dest)
           continue;
 
         for(const auto &handler : handler_list)
-        {
-          std::map<irep_idt,
-                   goto_programt::targett>::const_iterator handler_it=
-            label_targets.find(handler.id());
-          assert(handler_it!=label_targets.end());
-          // set the target
-          it->targets.push_back(handler_it->second);
-        }
+          it->targets.push_back(label_targets.at(handler.get_label()));
       }
     }
   }
@@ -566,6 +552,10 @@ void goto_convertt::convert(
     forall_operands(it, code)
       convert(to_code(*it), dest);
   }
+  else if(statement==ID_push_catch ||
+          statement==ID_pop_catch ||
+          statement==ID_exception_landingpad)
+    copy(code, CATCH, dest);
   else
     copy(code, OTHER, dest);
 
diff --git a/src/goto-programs/goto_convert_class.h b/src/goto-programs/goto_convert_class.h
index 508f70e5aaa..ceefa622c9d 100644
--- a/src/goto-programs/goto_convert_class.h
+++ b/src/goto-programs/goto_convert_class.h
@@ -97,12 +97,6 @@ class goto_convertt:public messaget
     side_effect_exprt &expr,
     goto_programt &dest,
     bool result_is_used);
-  void remove_push_catch(
-    side_effect_exprt &expr,
-    goto_programt &dest);
-  void remove_exception_landingpad(
-    side_effect_exprt &expr,
-    goto_programt &dest);
   void remove_assignment(
     side_effect_exprt &expr,
     goto_programt &dest,
@@ -246,10 +240,6 @@ class goto_convertt:public messaget
   void convert_msc_try_except(const codet &code, goto_programt &dest);
   void convert_msc_leave(const codet &code, goto_programt &dest);
   void convert_try_catch(const codet &code, goto_programt &dest);
-  void convert_java_try_catch(const codet &code, goto_programt &dest);
-  void convert_java_exception_landingpad(
-    const codet &code,
-    goto_programt &dest);
   void convert_CPROVER_try_catch(const codet &code, goto_programt &dest);
   void convert_CPROVER_try_finally(const codet &code, goto_programt &dest);
   void convert_CPROVER_throw(const codet &code, goto_programt &dest);
diff --git a/src/goto-programs/goto_convert_exceptions.cpp b/src/goto-programs/goto_convert_exceptions.cpp
index 8076682096f..f34d4d2f3fa 100644
--- a/src/goto-programs/goto_convert_exceptions.cpp
+++ b/src/goto-programs/goto_convert_exceptions.cpp
@@ -93,69 +93,6 @@ void goto_convertt::convert_msc_leave(
   t->source_location=code.source_location();
 }
 
-void goto_convertt::convert_java_try_catch(
-  const codet &code,
-  goto_programt &dest)
-{
-  assert(!code.operands().empty());
-
-  // add the CATCH instruction to 'dest'
-  goto_programt::targett catch_instruction=dest.add_instruction();
-  catch_instruction->make_catch();
-  catch_instruction->code.set_statement(ID_catch);
-  catch_instruction->source_location=code.source_location();
-  catch_instruction->function=code.source_location().get_function();
-
-  // the CATCH instruction is annotated with a list of exception IDs
-  const irept exceptions=code.op0().find(ID_exception_list);
-  if(exceptions.is_not_nil())
-  {
-    irept::subt exceptions_sub=exceptions.get_sub();
-    irept::subt &exception_list=
-      catch_instruction->code.add(ID_exception_list).get_sub();
-    exception_list.resize(exceptions_sub.size());
-    for(size_t i=0; i<exceptions_sub.size(); ++i)
-      exception_list[i].id(exceptions_sub[i].id());
-  }
-
-  // the CATCH instruction is also annotated with a list of handle labels
-  const irept handlers=code.op0().find(ID_label);
-  if(handlers.is_not_nil())
-  {
-    irept::subt handlers_sub=handlers.get_sub();
-    irept::subt &handlers_list=
-      catch_instruction->code.add(ID_label).get_sub();
-    handlers_list.resize(handlers_sub.size());
-    for(size_t i=0; i<handlers_sub.size(); ++i)
-      handlers_list[i].id(handlers_sub[i].id());
-  }
-
-  // add a SKIP target for the end of everything
-  goto_programt end;
-  goto_programt::targett end_target=end.add_instruction();
-  end_target->make_skip();
-  end_target->source_location=code.source_location();
-  end_target->function=code.source_location().get_function();
-
-  // add the end-target
-  dest.destructive_append(end);
-}
-
-/// Lower a side_effect_exprt describing an exception
-/// landing-pad (catch site) into GOTO code
-/// \param code: code to convert
-///   (must be a code_expressiont(side_effect_expr_landingpadt))
-/// \param [out] dest: code appended to this GOTO program
-void goto_convertt::convert_java_exception_landingpad(
-  const codet &code,
-  goto_programt &dest)
-{
-  PRECONDITION(code.get_statement()==ID_expression);
-  PRECONDITION(
-    to_side_effect_expr(code.op0()).get_statement()==ID_exception_landingpad);
-  copy(code, CATCH, dest);
-}
-
 void goto_convertt::convert_try_catch(
   const codet &code,
   goto_programt &dest)
@@ -165,13 +102,14 @@ void goto_convertt::convert_try_catch(
   // add the CATCH-push instruction to 'dest'
   goto_programt::targett catch_push_instruction=dest.add_instruction();
   catch_push_instruction->make_catch();
-  catch_push_instruction->code.set_statement(ID_catch);
   catch_push_instruction->source_location=code.source_location();
 
+  code_push_catcht push_catch_code;
+
   // the CATCH-push instruction is annotated with a list of IDs,
   // one per target
-  irept::subt &exception_list=
-    catch_push_instruction->code.add(ID_exception_list).get_sub();
+  code_push_catcht::exception_listt &exception_list=
+    push_catch_code.exception_list();
 
   // add a SKIP target for the end of everything
   goto_programt end;
@@ -184,7 +122,7 @@ void goto_convertt::convert_try_catch(
   // add the CATCH-pop to the end of the 'try' block
   goto_programt::targett catch_pop_instruction=dest.add_instruction();
   catch_pop_instruction->make_catch();
-  catch_pop_instruction->code.set_statement(ID_catch);
+  catch_pop_instruction->code=code_pop_catcht();
 
   // add a goto to the end of the 'try' block
   dest.add_instruction()->make_goto(end_target);
@@ -194,7 +132,8 @@ void goto_convertt::convert_try_catch(
     const codet &block=to_code(code.operands()[i]);
 
     // grab the ID and add to CATCH instruction
-    exception_list.push_back(irept(block.get(ID_exception_id)));
+    exception_list.push_back(
+      code_push_catcht::exception_list_entryt(block.get(ID_exception_id)));
 
     goto_programt tmp;
     convert(block, tmp);
@@ -205,6 +144,8 @@ void goto_convertt::convert_try_catch(
     dest.add_instruction()->make_goto(end_target);
   }
 
+  catch_push_instruction->code=push_catch_code;
+
   // add the end-target
   dest.destructive_append(end);
 }
diff --git a/src/goto-programs/goto_convert_side_effect.cpp b/src/goto-programs/goto_convert_side_effect.cpp
index b57d7149f80..2fc795254d2 100644
--- a/src/goto-programs/goto_convert_side_effect.cpp
+++ b/src/goto-programs/goto_convert_side_effect.cpp
@@ -636,34 +636,6 @@ void goto_convertt::remove_statement_expression(
   static_cast<exprt &>(expr)=tmp_symbol_expr;
 }
 
-void goto_convertt::remove_push_catch(
-  side_effect_exprt &expr,
-  goto_programt &dest)
-{
-  // we only get here for ID_push_catch, which is only used for Java
-  convert_java_try_catch(code_expressiont(expr), dest);
-
-  // the result can't be used, these are void
-  expr.make_nil();
-}
-
-/// Lower a side_effect_exprt describing an exception
-/// landing-pad (catch site) into GOTO code
-/// \param expr: expression to convert
-/// \param [out] dest: code appended to this GOTO program
-void goto_convertt::remove_exception_landingpad(
-  side_effect_exprt &expr,
-  goto_programt &dest)
-{
-  PRECONDITION(expr.get_statement()==ID_exception_landingpad);
-
-  // Similar to the above, only currently used in Java.
-  convert_java_exception_landingpad(code_expressiont(expr), dest);
-
-  // the result can't be used, these are void
-  expr.make_nil();
-}
-
 void goto_convertt::remove_side_effect(
   side_effect_exprt &expr,
   goto_programt &dest,
@@ -724,10 +696,6 @@ void goto_convertt::remove_side_effect(
     // the result can't be used, these are void
     expr.make_nil();
   }
-  else if(statement==ID_push_catch)
-    remove_push_catch(expr, dest);
-  else if(statement==ID_exception_landingpad)
-    remove_exception_landingpad(expr, dest);
   else
   {
     error().source_location=expr.find_source_location();
diff --git a/src/goto-programs/goto_program.cpp b/src/goto-programs/goto_program.cpp
index 953df2fc8c7..2e31e012907 100644
--- a/src/goto-programs/goto_program.cpp
+++ b/src/goto-programs/goto_program.cpp
@@ -158,41 +158,42 @@ std::ostream &goto_programt::output_instruction(
 
   case CATCH:
   {
-    if(instruction.code.get_statement()==ID_expression &&
-       instruction.code.op0().id()==ID_side_effect)
+    if(instruction.code.get_statement()==ID_exception_landingpad)
     {
-      const auto &landingpad=
-        to_side_effect_expr_landingpad(instruction.code.op0());
+      const auto &landingpad=to_code_landingpad(instruction.code);
       out << "EXCEPTION LANDING PAD ("
           << from_type(ns, identifier, landingpad.catch_expr().type())
           << ' '
           << from_expr(ns, identifier, landingpad.catch_expr())
           << ")";
     }
-    else if(instruction.code.get_statement()==ID_catch)
+    else if(instruction.code.get_statement()==ID_push_catch)
     {
-      if(!instruction.targets.empty())
+      out << "CATCH-PUSH ";
+
+      unsigned i=0;
+      const irept::subt &exception_list=
+        instruction.code.find(ID_exception_list).get_sub();
+      assert(instruction.targets.size()==exception_list.size());
+      for(instructiont::targetst::const_iterator
+            gt_it=instruction.targets.begin();
+          gt_it!=instruction.targets.end();
+          gt_it++,
+            i++)
       {
-        out << "CATCH-PUSH ";
-
-        unsigned i=0;
-        const irept::subt &exception_list=
-          instruction.code.find(ID_exception_list).get_sub();
-        assert(instruction.targets.size()==exception_list.size());
-        for(instructiont::targetst::const_iterator
-              gt_it=instruction.targets.begin();
-            gt_it!=instruction.targets.end();
-            gt_it++,
-              i++)
-        {
-          if(gt_it!=instruction.targets.begin())
-            out << ", ";
-          out << exception_list[i].id() << "->"
-              << (*gt_it)->target_number;
-        }
+        if(gt_it!=instruction.targets.begin())
+          out << ", ";
+        out << exception_list[i].id() << "->"
+            << (*gt_it)->target_number;
       }
-      else
-        out << "CATCH-POP";
+    }
+    else if(instruction.code.get_statement()==ID_pop_catch)
+    {
+      out << "CATCH-POP";
+    }
+    else
+    {
+      out << "! unexpected CATCH opcode " << instruction.code.get_statement();
     }
 
     out << '\n';
diff --git a/src/goto-programs/remove_exceptions.cpp b/src/goto-programs/remove_exceptions.cpp
index 48bfdb81e23..0134684c091 100644
--- a/src/goto-programs/remove_exceptions.cpp
+++ b/src/goto-programs/remove_exceptions.cpp
@@ -203,9 +203,8 @@ void remove_exceptionst::instrument_exception_handler(
   PRECONDITION(instr_it->type==CATCH);
 
   // retrieve the exception variable
-  const auto &code_expr=to_code_expression(instr_it->code).expression();
   const exprt &thrown_exception_local=
-    to_side_effect_expr_landingpad(code_expr).catch_expr();
+    to_code_landingpad(instr_it->code).catch_expr();
   irep_idt thrown_exception_global=id2string(function_id)+EXC_SUFFIX;
 
   if(symbol_table.has_symbol(thrown_exception_global))
@@ -436,15 +435,14 @@ void remove_exceptionst::instrument_exceptions(
     // Is it a handler push/pop or catch landing-pad?
     else if(instr_it->type==CATCH)
     {
+      const irep_idt &statement=instr_it->code.get_statement();
       // Is it an exception landing pad (start of a catch block)?
-      if(instr_it->code.get_statement()==ID_expression &&
-         instr_it->code.op0().id()==ID_side_effect &&
-         to_side_effect_expr(instr_it->code.op0()).get_statement()==
-         ID_exception_landingpad)
+      if(statement==ID_exception_landingpad)
       {
         instrument_exception_handler(func_it, instr_it);
       }
-      else if(instr_it->targets.empty()) // pop exception handler
+      // Is it a catch handler pop?
+      else if(statement==ID_pop_catch)
       {
         // pop the local vars stack
         if(!stack_locals.empty())
@@ -464,7 +462,8 @@ void remove_exceptionst::instrument_exceptions(
 #endif
         }
       }
-      else // push exception handler
+      // Is it a catch handler push?
+      else if(statement==ID_push_catch)
       {
         stack_locals.push_back(locals);
         locals.clear();
@@ -475,9 +474,14 @@ void remove_exceptionst::instrument_exceptions(
           stack_catch.back();
 
         // copy targets
-        const irept::subt &exception_list=
-          instr_it->code.find(ID_exception_list).get_sub();
+        const code_push_catcht::exception_listt &exception_list=
+          to_code_push_catch(instr_it->code).exception_list();
+
+        // The target list can be empty if `finish_catch_push_targets` found that
+        // the targets were unreachable (in which case no exception can truly
+        // be thrown at runtime)
         INVARIANT(
+          instr_it->targets.size()==0 ||
           exception_list.size()==instr_it->targets.size(),
           "`exception_list` should contain current instruction's targets");
 
@@ -486,10 +490,16 @@ void remove_exceptionst::instrument_exceptions(
         for(auto target : instr_it->targets)
         {
           last_exception.push_back(
-            std::make_pair(exception_list[i].id(), target));
+            std::make_pair(exception_list[i].get_tag(), target));
           i++;
         }
       }
+      else
+      {
+        INVARIANT(
+          false,
+          "CATCH opcode should be one of push-catch, pop-catch, landingpad");
+      }
       instr_it->make_skip();
     }
     else if(instr_it->type==THROW)
diff --git a/src/java_bytecode/expr2java.cpp b/src/java_bytecode/expr2java.cpp
index 9fc013866eb..32bedc0e0b1 100644
--- a/src/java_bytecode/expr2java.cpp
+++ b/src/java_bytecode/expr2java.cpp
@@ -392,11 +392,11 @@ std::string expr2javat::convert_with_precedence(
   else if(src.id()==ID_side_effect &&
           src.get(ID_statement)==ID_throw)
     return convert_function(src, "throw", precedence=16);
-  else if(src.id()==ID_side_effect &&
-          src.get(ID_statement)==ID_exception_landingpad)
+  else if(src.id()==ID_code &&
+          to_code(src).get_statement()==ID_exception_landingpad)
   {
     const exprt &catch_expr=
-      to_side_effect_expr_landingpad(src).catch_expr();
+      to_code_landingpad(to_code(src)).catch_expr();
     return "catch_landingpad(" +
       convert(catch_expr.type()) +
       ' ' +
diff --git a/src/java_bytecode/java_bytecode_convert_method.cpp b/src/java_bytecode/java_bytecode_convert_method.cpp
index 0173cec8e37..f9ecc738772 100644
--- a/src/java_bytecode/java_bytecode_convert_method.cpp
+++ b/src/java_bytecode/java_bytecode_convert_method.cpp
@@ -1240,8 +1240,8 @@ codet java_bytecode_convert_methodt::convert_instructions(
           "caught_exception",
           pointer_typet(catch_type));
       stack.push_back(catch_var);
-      side_effect_expr_landingpadt catch_expr(catch_var);
-      catch_instruction=code_expressiont(catch_expr);
+      code_landingpadt catch_statement(catch_var);
+      catch_instruction=catch_statement;
     }
 
     exprt::operandst op=pop(bytecode_info.pop);
@@ -2386,23 +2386,21 @@ codet java_bytecode_convert_methodt::convert_instructions(
       // add the actual PUSH-CATCH instruction
       if(!exception_ids.empty())
       {
-        // add the exception ids
-        side_effect_expr_catcht catch_push_expr;
-        irept result(ID_exception_list);
-        result.get_sub().resize(exception_ids.size());
+        code_push_catcht catch_push;
+        INVARIANT(
+          exception_ids.size()==handler_labels.size(),
+          "Exception tags and handler labels should be 1-to-1");
+        code_push_catcht::exception_listt &exception_list=
+          catch_push.exception_list();
         for(size_t i=0; i<exception_ids.size(); ++i)
-          result.get_sub()[i].id(exception_ids[i]);
-        catch_push_expr.set(ID_exception_list, result);
-
-        // add the labels corresponding to the handlers
-        irept labels(ID_label);
-        labels.get_sub().resize(handler_labels.size());
-        for(size_t i=0; i<handler_labels.size(); ++i)
-          labels.get_sub()[i].id(handler_labels[i]);
-        catch_push_expr.set(ID_label, labels);
+        {
+          exception_list.push_back(
+            code_push_catcht::exception_list_entryt(
+              exception_ids[i],
+              handler_labels[i]));
+        }
 
         code_blockt try_block;
-        code_expressiont catch_push(catch_push_expr);
         try_block.move_to_operands(catch_push);
         try_block.move_to_operands(c);
         c=try_block;
@@ -2442,11 +2440,8 @@ codet java_bytecode_convert_methodt::convert_instructions(
           // another CATCH-POP for the same try-catch
           start_pc=exception_row.start_pc;
           // add CATCH_POP instruction
-          side_effect_expr_catcht catch_pop_expr;
+          code_pop_catcht catch_pop;
           code_blockt end_try_block;
-          code_expressiont catch_pop(catch_pop_expr);
-          catch_pop.set(ID_exception_list, get_nil_irep());
-          catch_pop.set(ID_label, get_nil_irep());
           end_try_block.move_to_operands(c);
           end_try_block.move_to_operands(catch_pop);
           c=end_try_block;
diff --git a/src/java_bytecode/java_entry_point.cpp b/src/java_bytecode/java_entry_point.cpp
index 45a2dda9b3e..4d2ebd95f23 100644
--- a/src/java_bytecode/java_entry_point.cpp
+++ b/src/java_bytecode/java_entry_point.cpp
@@ -645,38 +645,32 @@ bool java_entry_point(
   code_blockt call_block;
 
   // Push a universal exception handler:
-  side_effect_expr_catcht push_universal_handler;
-  irept catch_type_list(ID_exception_list);
-  irept catch_target_list(ID_label);
   // Catch all exceptions:
   // This is equivalent to catching Throwable, but also works if some of
   // the class hierarchy is missing so that we can't determine that
   // the thrown instance is an indirect child of Throwable
-  catch_type_list.get_sub().push_back(irept());
-  catch_target_list.get_sub().push_back(irept(toplevel_catch.get_label()));
-  push_universal_handler.set(ID_exception_list, catch_type_list);
-  push_universal_handler.set(ID_label, catch_target_list);
+  code_push_catcht push_universal_handler(
+    irep_idt(), toplevel_catch.get_label());
+  irept catch_type_list(ID_exception_list);
+  irept catch_target_list(ID_label);
 
-  call_block.copy_to_operands(code_expressiont(push_universal_handler));
+  call_block.move_to_operands(push_universal_handler);
 
   // we insert the call to the method AFTER the argument initialization code
   call_block.move_to_operands(call_main);
 
   // Pop the handler:
-  side_effect_expr_catcht pop_handler;
-  pop_handler.set(ID_exception_list, get_nil_irep());
-  pop_handler.set(ID_label, get_nil_irep());
-
-  //call_block.copy_to_operands(code_expressiont(pop_handler));
+  code_pop_catcht pop_handler;
+  call_block.move_to_operands(pop_handler);
   init_code.move_to_operands(call_block);
 
   // Normal return: skip the exception handler:
   init_code.copy_to_operands(code_gotot(after_catch.get_label()));
 
   // Exceptional return: catch and assign to exc_symbol.
-  side_effect_expr_landingpadt landingpad(exc_symbol.symbol_expr());
+  code_landingpadt landingpad(exc_symbol.symbol_expr());
   init_code.copy_to_operands(toplevel_catch);
-  init_code.copy_to_operands(code_expressiont(landingpad));
+  init_code.move_to_operands(landingpad);
 
   // Converge normal and exceptional return:
   init_code.move_to_operands(after_catch);
diff --git a/src/util/irep_ids.def b/src/util/irep_ids.def
index a2f3fa82c23..04eaa8a83d6 100644
--- a/src/util/irep_ids.def
+++ b/src/util/irep_ids.def
@@ -745,6 +745,7 @@ IREP_ID_ONE(java_instanceof)
 IREP_ID_ONE(java_super_method_call)
 IREP_ID_ONE(java_enum_static_unwind)
 IREP_ID_ONE(push_catch)
+IREP_ID_ONE(pop_catch)
 IREP_ID_ONE(exception_landingpad)
 IREP_ID_ONE(length_upper_bound)
 IREP_ID_ONE(string_constraint)
diff --git a/src/util/std_code.h b/src/util/std_code.h
index 12daa6cd3f8..ee84e2e61a7 100644
--- a/src/util/std_code.h
+++ b/src/util/std_code.h
@@ -1153,49 +1153,135 @@ inline const side_effect_expr_throwt &to_side_effect_expr_throw(
   return static_cast<const side_effect_expr_throwt &>(expr);
 }
 
-/*! \brief A side effect that pushes/pops a catch handler
-*/
-class side_effect_expr_catcht:public side_effect_exprt
+/// Pushes an exception handler, of the form:
+/// exception_tag1 -> label1
+/// exception_tag2 -> label2
+/// ...
+/// When used in a GOTO program instruction, the corresponding
+/// opcode must be CATCH, and the instruction's `targets` must
+/// be in one-to-one correspondence with the exception tags.
+/// The labels may be unspecified for the case where
+/// there is no corresponding source-language label, in whic
+/// case the GOTO instruction targets must be set at the same
+/// time.
+class code_push_catcht:public codet
 {
 public:
-  side_effect_expr_catcht():side_effect_exprt(ID_push_catch)
+  code_push_catcht():codet(ID_push_catch)
   {
+    set(ID_exception_list, irept(ID_exception_list));
   }
-  explicit side_effect_expr_catcht(const irept &exception_list):
-    side_effect_exprt(ID_push_catch)
+
+  class exception_list_entryt:public irept
   {
-    set(ID_exception_list, exception_list);
+  public:
+    exception_list_entryt()
+    {
+    }
+
+    explicit exception_list_entryt(const irep_idt &tag)
+    {
+      set(ID_tag, tag);
+    }
+
+    exception_list_entryt(const irep_idt &tag, const irep_idt &label)
+    {
+      set(ID_tag, tag);
+      set(ID_label, label);
+    }
+
+    void set_tag(const irep_idt &tag)
+    {
+      set(ID_tag, tag);
+    }
+
+    const irep_idt &get_tag() const {
+      return get(ID_tag);
+    }
+
+    void set_label(const irep_idt &label)
+    {
+      set(ID_label, label);
+    }
+
+    const irep_idt &get_label() const {
+      return get(ID_label);
+    }
+  };
+
+  typedef std::vector<exception_list_entryt> exception_listt;
+
+  code_push_catcht(
+    const irep_idt &tag,
+    const irep_idt &label):
+    codet(ID_push_catch)
+  {
+    set(ID_exception_list, irept(ID_exception_list));
+    exception_list().push_back(exception_list_entryt(tag, label));
+  }
+
+  exception_listt &exception_list() {
+    return (exception_listt &)find(ID_exception_list).get_sub();
+  }
+
+  const exception_listt &exception_list() const {
+    return (const exception_listt &)find(ID_exception_list).get_sub();
   }
 };
 
-static inline side_effect_expr_catcht &to_side_effect_expr_catch(exprt &expr)
+static inline code_push_catcht &
+to_code_push_catch(
+  codet &code)
 {
-  assert(expr.id()==ID_side_effect);
-  assert(expr.get(ID_statement)==ID_push_catch);
-  return static_cast<side_effect_expr_catcht &>(expr);
+  assert(code.get_statement()==ID_push_catch);
+  return static_cast<code_push_catcht &>(code);
 }
 
-static inline const side_effect_expr_catcht &to_side_effect_expr_catch(
-  const exprt &expr)
+static inline const code_push_catcht &
+to_code_push_catch(
+  const codet &code)
 {
-  assert(expr.id()==ID_side_effect);
-  assert(expr.get(ID_statement)==ID_push_catch);
-  return static_cast<const side_effect_expr_catcht &>(expr);
+  assert(code.get_statement()==ID_push_catch);
+  return static_cast<const code_push_catcht &>(code);
 }
 
-/*! \brief A side effect that catches an exception, assigning the exception
-      in flight to an expression (e.g. catch(Exception e) might be expressed
-      landingpadt(symbol_expr("e", ...)))
-*/
-class side_effect_expr_landingpadt:public side_effect_exprt
+/// Pops an exception handler from the stack of active handlers
+/// (i.e. whichever handler was most recently pushed by a
+/// `code_push_catcht`).
+class code_pop_catcht:public codet
+{
+public:
+  code_pop_catcht():codet(ID_pop_catch)
+  {
+  }
+};
+
+static inline code_pop_catcht &to_code_pop_catch(
+  codet &code)
+{
+  assert(code.get_statement()==ID_pop_catch);
+  return static_cast<code_pop_catcht &>(code);
+}
+
+static inline const code_pop_catcht &to_code_pop_catch(
+  const codet &code)
+{
+  assert(code.get_statement()==ID_pop_catch);
+  return static_cast<const code_pop_catcht &>(code);
+}
+
+/// A statement that catches an exception, assigning the exception
+/// in flight to an expression (e.g. Java catch(Exception e) might be expressed
+/// landingpadt(symbol_expr("e", ...)))
+class code_landingpadt:public codet
 {
  public:
-  side_effect_expr_landingpadt():side_effect_exprt(ID_exception_landingpad)
+  code_landingpadt():codet(ID_exception_landingpad)
   {
     operands().resize(1);
   }
-  explicit side_effect_expr_landingpadt(const exprt &catch_expr):
-  side_effect_exprt(ID_exception_landingpad)
+  explicit code_landingpadt(const exprt &catch_expr):
+  codet(ID_exception_landingpad)
   {
     copy_to_operands(catch_expr);
   }
@@ -1209,21 +1295,18 @@ class side_effect_expr_landingpadt:public side_effect_exprt
   }
 };
 
-static inline side_effect_expr_landingpadt &
-to_side_effect_expr_landingpad(exprt &expr)
+static inline code_landingpadt &to_code_landingpad(codet &code)
 {
-  assert(expr.id()==ID_side_effect);
-  assert(expr.get(ID_statement)==ID_exception_landingpad);
-  return static_cast<side_effect_expr_landingpadt &>(expr);
+  assert(code.get_statement()==ID_exception_landingpad);
+  return static_cast<code_landingpadt &>(code);
 }
 
-static inline const side_effect_expr_landingpadt &
-to_side_effect_expr_landingpad(
-  const exprt &expr)
+static inline const code_landingpadt &
+to_code_landingpad(
+  const codet &code)
 {
-  assert(expr.id()==ID_side_effect);
-  assert(expr.get(ID_statement)==ID_exception_landingpad);
-  return static_cast<const side_effect_expr_landingpadt &>(expr);
+  assert(code.get_statement()==ID_exception_landingpad);
+  return static_cast<const code_landingpadt &>(code);
 }
 
 /*! \brief A try/catch block

From c11bba01e6b851006bbdf5f28ee6c71af2bac1e3 Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Wed, 9 Aug 2017 11:41:13 +0100
Subject: [PATCH 546/699] Style fixes

No functional changes intended.
---
 src/goto-programs/goto_program.cpp            |  5 ++--
 src/goto-programs/remove_exceptions.cpp       | 30 +++++++++----------
 src/java_bytecode/expr2java.cpp               |  8 ++---
 .../java_bytecode_convert_method.cpp          |  3 ++
 src/util/std_code.h                           | 18 ++++-------
 5 files changed, 29 insertions(+), 35 deletions(-)

diff --git a/src/goto-programs/goto_program.cpp b/src/goto-programs/goto_program.cpp
index 2e31e012907..8b376d25022 100644
--- a/src/goto-programs/goto_program.cpp
+++ b/src/goto-programs/goto_program.cpp
@@ -178,8 +178,7 @@ std::ostream &goto_programt::output_instruction(
       for(instructiont::targetst::const_iterator
             gt_it=instruction.targets.begin();
           gt_it!=instruction.targets.end();
-          gt_it++,
-            i++)
+          gt_it++, i++)
       {
         if(gt_it!=instruction.targets.begin())
           out << ", ";
@@ -193,7 +192,7 @@ std::ostream &goto_programt::output_instruction(
     }
     else
     {
-      out << "! unexpected CATCH opcode " << instruction.code.get_statement();
+      UNREACHABLE;
     }
 
     out << '\n';
diff --git a/src/goto-programs/remove_exceptions.cpp b/src/goto-programs/remove_exceptions.cpp
index 0134684c091..15e36543ff5 100644
--- a/src/goto-programs/remove_exceptions.cpp
+++ b/src/goto-programs/remove_exceptions.cpp
@@ -54,23 +54,23 @@ class remove_exceptionst
 
   void instrument_exception_handler(
     const goto_functionst::function_mapt::iterator &,
-    const goto_programt::instructionst::iterator &);
+    const goto_programt::targett &);
 
   void add_exception_dispatch_sequence(
     const goto_functionst::function_mapt::iterator &,
-    const goto_programt::instructionst::iterator &instr_it,
+    const goto_programt::targett &instr_it,
     const stack_catcht &stack_catch,
     const std::vector<exprt> &locals);
 
   void instrument_throw(
     const goto_functionst::function_mapt::iterator &,
-    const goto_programt::instructionst::iterator &,
+    const goto_programt::targett &,
     const stack_catcht &,
     const std::vector<exprt> &);
 
   void instrument_function_call(
     const goto_functionst::function_mapt::iterator &,
-    const goto_programt::instructionst::iterator &,
+    const goto_programt::targett &,
     const stack_catcht &,
     const std::vector<exprt> &);
 
@@ -188,14 +188,14 @@ void remove_exceptionst::add_exceptional_returns(
 
 /// Translates an exception landing-pad into instructions that copy the
 /// in-flight exception pointer to a nominated expression, then clear the
-/// in-flight exception, hence marking it caught.
+/// in-flight exception (i.e. null the pointer), hence marking it caught.
 /// \param func_it: iterator pointing to the function containing this
 ///   landingpad instruction
 /// \param instr_it [in, out]: iterator pointing to the landingpad instruction.
 ///   Will be overwritten.
 void remove_exceptionst::instrument_exception_handler(
   const goto_functionst::function_mapt::iterator &func_it,
-  const goto_programt::instructionst::iterator &instr_it)
+  const goto_programt::targett &instr_it)
 {
   const irep_idt &function_id=func_it->first;
   goto_programt &goto_program=func_it->second.body;
@@ -236,8 +236,8 @@ void remove_exceptionst::instrument_exception_handler(
 }
 
 /// Emit the code:
-/// if (exception instanceof ExnA) then goto handlera
-/// else if (exception instanceof ExnB) then goto handlerb
+/// if (exception instanceof ExnA) then goto handlerA
+/// else if (exception instanceof ExnB) then goto handlerB
 /// else goto universal_handler or (dead locals; function exit)
 /// \param function_id: function instr_it belongs to
 /// \param instr_it: throw or call instruction that may be an
@@ -246,7 +246,7 @@ void remove_exceptionst::instrument_exception_handler(
 /// \param locals: local variables to kill on a function-exit edge
 void remove_exceptionst::add_exception_dispatch_sequence(
   const goto_functionst::function_mapt::iterator &func_it,
-  const goto_programt::instructionst::iterator &instr_it,
+  const goto_programt::targett &instr_it,
   const remove_exceptionst::stack_catcht &stack_catch,
   const std::vector<exprt> &locals)
 {
@@ -266,7 +266,7 @@ void remove_exceptionst::add_exception_dispatch_sequence(
 
   // find the symbol corresponding to the caught exceptions
   const symbolt &exc_symbol=
-        symbol_table.lookup(id2string(function_id)+EXC_SUFFIX);
+    symbol_table.lookup(id2string(function_id)+EXC_SUFFIX);
   symbol_exprt exc_thrown=exc_symbol.symbol_expr();
 
   // add GOTOs implementing the dynamic dispatch of the
@@ -277,7 +277,7 @@ void remove_exceptionst::add_exception_dispatch_sequence(
     {
       goto_programt::targett new_state_pc=
         stack_catch[i][j].second;
-      if(stack_catch[i][j].first==irep_idt())
+      if(stack_catch[i][j].first.empty())
       {
         // Universal handler. Highest on the stack takes
         // precedence, so overwrite any we've already seen:
@@ -318,7 +318,7 @@ void remove_exceptionst::add_exception_dispatch_sequence(
 /// exception handlers
 void remove_exceptionst::instrument_throw(
   const goto_functionst::function_mapt::iterator &func_it,
-  const goto_programt::instructionst::iterator &instr_it,
+  const goto_programt::targett &instr_it,
   const remove_exceptionst::stack_catcht &stack_catch,
   const std::vector<exprt> &locals)
 {
@@ -356,7 +356,7 @@ void remove_exceptionst::instrument_throw(
 /// GOTOS to the corresponding exception handlers
 void remove_exceptionst::instrument_function_call(
   const goto_functionst::function_mapt::iterator &func_it,
-  const goto_programt::instructionst::iterator &instr_it,
+  const goto_programt::targett &instr_it,
   const stack_catcht &stack_catch,
   const std::vector<exprt> &locals)
 {
@@ -366,7 +366,7 @@ void remove_exceptionst::instrument_function_call(
   const irep_idt &function_id=func_it->first;
 
   // save the address of the next instruction
-  goto_programt::instructionst::iterator next_it=instr_it;
+  goto_programt::targett next_it=instr_it;
   next_it++;
 
   code_function_callt &function_call=to_code_function_call(instr_it->code);
@@ -481,7 +481,7 @@ void remove_exceptionst::instrument_exceptions(
         // the targets were unreachable (in which case no exception can truly
         // be thrown at runtime)
         INVARIANT(
-          instr_it->targets.size()==0 ||
+          instr_it->targets.empty() ||
           exception_list.size()==instr_it->targets.size(),
           "`exception_list` should contain current instruction's targets");
 
diff --git a/src/java_bytecode/expr2java.cpp b/src/java_bytecode/expr2java.cpp
index 32bedc0e0b1..e58b78fa690 100644
--- a/src/java_bytecode/expr2java.cpp
+++ b/src/java_bytecode/expr2java.cpp
@@ -397,10 +397,10 @@ std::string expr2javat::convert_with_precedence(
   {
     const exprt &catch_expr=
       to_code_landingpad(to_code(src)).catch_expr();
-    return "catch_landingpad(" +
-      convert(catch_expr.type()) +
-      ' ' +
-      convert(catch_expr) +
+    return "catch_landingpad("+
+      convert(catch_expr.type())+
+      ' '+
+      convert(catch_expr)+
       ')';
   }
   else if(src.id()==ID_unassigned)
diff --git a/src/java_bytecode/java_bytecode_convert_method.cpp b/src/java_bytecode/java_bytecode_convert_method.cpp
index f9ecc738772..cfc07f97c9b 100644
--- a/src/java_bytecode/java_bytecode_convert_method.cpp
+++ b/src/java_bytecode/java_bytecode_convert_method.cpp
@@ -1217,7 +1217,10 @@ codet java_bytecode_convert_methodt::convert_instructions(
       if(cur_pc==it->handler_pc)
       {
         if(catch_type!=typet() || it->catch_type==symbol_typet())
+        {
           catch_type=symbol_typet("java::java.lang.Throwable");
+          break;
+        }
         else
           catch_type=it->catch_type;
       }
diff --git a/src/util/std_code.h b/src/util/std_code.h
index ee84e2e61a7..f48c48cb71a 100644
--- a/src/util/std_code.h
+++ b/src/util/std_code.h
@@ -1229,17 +1229,13 @@ class code_push_catcht:public codet
   }
 };
 
-static inline code_push_catcht &
-to_code_push_catch(
-  codet &code)
+static inline code_push_catcht &to_code_push_catch(codet &code)
 {
   assert(code.get_statement()==ID_push_catch);
   return static_cast<code_push_catcht &>(code);
 }
 
-static inline const code_push_catcht &
-to_code_push_catch(
-  const codet &code)
+static inline const code_push_catcht &to_code_push_catch(const codet &code)
 {
   assert(code.get_statement()==ID_push_catch);
   return static_cast<const code_push_catcht &>(code);
@@ -1256,15 +1252,13 @@ class code_pop_catcht:public codet
   }
 };
 
-static inline code_pop_catcht &to_code_pop_catch(
-  codet &code)
+static inline code_pop_catcht &to_code_pop_catch(codet &code)
 {
   assert(code.get_statement()==ID_pop_catch);
   return static_cast<code_pop_catcht &>(code);
 }
 
-static inline const code_pop_catcht &to_code_pop_catch(
-  const codet &code)
+static inline const code_pop_catcht &to_code_pop_catch(const codet &code)
 {
   assert(code.get_statement()==ID_pop_catch);
   return static_cast<const code_pop_catcht &>(code);
@@ -1301,9 +1295,7 @@ static inline code_landingpadt &to_code_landingpad(codet &code)
   return static_cast<code_landingpadt &>(code);
 }
 
-static inline const code_landingpadt &
-to_code_landingpad(
-  const codet &code)
+static inline const code_landingpadt &to_code_landingpad(const codet &code)
 {
   assert(code.get_statement()==ID_exception_landingpad);
   return static_cast<const code_landingpadt &>(code);

From 9a1289dc6cd3937dccf5365b13901ac516b16146 Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Wed, 9 Aug 2017 12:12:24 +0100
Subject: [PATCH 547/699] Add overview documentation for remove-exceptions.

---
 src/cbmc/cbmc_parse_options.cpp               |  2 +-
 .../goto_analyzer_parse_options.cpp           |  1 +
 .../goto_instrument_parse_options.cpp         |  1 +
 src/goto-programs/remove_exceptions.cpp       | 48 +++++++++++++++++++
 src/symex/symex_parse_options.cpp             |  1 +
 5 files changed, 52 insertions(+), 1 deletion(-)

diff --git a/src/cbmc/cbmc_parse_options.cpp b/src/cbmc/cbmc_parse_options.cpp
index 34f330e3f9f..7f272956083 100644
--- a/src/cbmc/cbmc_parse_options.cpp
+++ b/src/cbmc/cbmc_parse_options.cpp
@@ -815,7 +815,7 @@ bool cbmc_parse_optionst::process_goto_program(
       cmdline.isset("pointer-check"));
     // Java virtual functions -> explicit dispatch tables:
     remove_virtual_functions(symbol_table, goto_functions);
-    // remove catch and throw
+    // remove catch and throw (introduces instanceof)
     remove_exceptions(symbol_table, goto_functions);
     // Similar removal of RTTI inspection:
     remove_instanceof(symbol_table, goto_functions);
diff --git a/src/goto-analyzer/goto_analyzer_parse_options.cpp b/src/goto-analyzer/goto_analyzer_parse_options.cpp
index 91e7694aba4..ffa471086a0 100644
--- a/src/goto-analyzer/goto_analyzer_parse_options.cpp
+++ b/src/goto-analyzer/goto_analyzer_parse_options.cpp
@@ -356,6 +356,7 @@ bool goto_analyzer_parse_optionst::process_goto_program(
     // Java virtual functions -> explicit dispatch tables:
     remove_virtual_functions(goto_model);
     // remove Java throw and catch
+    // This introduces instanceof, so order is important:
     remove_exceptions(goto_model);
     // remove rtti
     remove_instanceof(goto_model);
diff --git a/src/goto-instrument/goto_instrument_parse_options.cpp b/src/goto-instrument/goto_instrument_parse_options.cpp
index d657a500f9b..8991ab985d3 100644
--- a/src/goto-instrument/goto_instrument_parse_options.cpp
+++ b/src/goto-instrument/goto_instrument_parse_options.cpp
@@ -806,6 +806,7 @@ void goto_instrument_parse_optionst::do_indirect_call_and_rtti_removal(
   status() << "Virtual function removal" << eom;
   remove_virtual_functions(symbol_table, goto_functions);
   status() << "Catch and throw removal" << eom;
+  // This introduces instanceof, so order is important:
   remove_exceptions(symbol_table, goto_functions);
   status() << "Java instanceof removal" << eom;
   remove_instanceof(symbol_table, goto_functions);
diff --git a/src/goto-programs/remove_exceptions.cpp b/src/goto-programs/remove_exceptions.cpp
index 15e36543ff5..45f57dfc82d 100644
--- a/src/goto-programs/remove_exceptions.cpp
+++ b/src/goto-programs/remove_exceptions.cpp
@@ -27,6 +27,54 @@ Date:   December 2016
 
 #include <analyses/uncaught_exceptions_analysis.h>
 
+/// Lowers high-level exception descriptions into low-level operations suitable
+/// for symex and other analyses that don't understand the THROW or CATCH GOTO
+/// instructions.
+///
+/// The instructions affected by the lowering are:
+///
+/// THROW, whose operand must be a code_expressiont wrapping a
+/// side_effect_expr_throwt. This starts propagating an exception, aborting
+/// functions until a suitable catch point is found.
+///
+/// CATCH with a code_push_catcht operand, which commences a region in which
+/// exceptions should be caught, commonly a try block.
+/// It specifies one or more exception tags to handle
+/// (in instruction->code.exception_list()) and a corresponding GOTO program
+/// target for each (in instruction->targets).
+/// Thrown instructions are currently always matched to tags using
+/// java_instanceof, so a language frontend wanting to use this class
+/// must use exceptions with a Java-compatible structure.
+///
+/// CATCH with a code_pop_catcht operand terminates a try-block begun by
+/// a code_push_catcht. At present the try block consists of the instructions
+/// between the push and the pop *in program order*, not according to dynamic
+/// control flow, so goto_convert_exceptions must ensure that control-flow
+/// within the try block does not leave this range.
+///
+/// CATCH with a code_landingpadt operand marks a point where exceptional
+/// control flow terminates and normal control flow resumes, typically the top
+/// of a catch or finally block, and the target of a code_push_catcht
+/// describing the correponding try block. It gives an lvalue expression that
+/// should be assigned the caught exception, typically a local variable.
+///
+/// FUNCTION_CALL instructions are also affected: if the callee may abort
+/// due to an escaping instruction, a dispatch sequence is inserted to check
+/// whether the callee aborted and propagate the exception further if so.
+///
+/// Exception propagation is implemented using a global variable per function
+/// (named function_name#exception_value) that carries a reference to an
+/// in-flight exception, or is null during normal control flow.
+/// THROW assigns it a reference to the thrown instance; CALL instructions
+/// copy between the exception_value for the callee and caller, catch_push
+/// and catch_pop instructions indicate how they should be checked to dispatch
+/// the right exception type to the right catch block, and landingpad
+/// instructions copy back to an ordinary local variable (or other expression)
+/// and set #exception_value back to null, indicating the exception has been
+/// caught and normal control flow resumed.
+///
+/// Note that remove_exceptions introduces java_instanceof comparisons at
+/// present, so a remove_instanceof may be necessary after it completes.
 class remove_exceptionst
 {
   typedef std::vector<std::pair<
diff --git a/src/symex/symex_parse_options.cpp b/src/symex/symex_parse_options.cpp
index 739b733c03d..57c13b7d075 100644
--- a/src/symex/symex_parse_options.cpp
+++ b/src/symex/symex_parse_options.cpp
@@ -304,6 +304,7 @@ bool symex_parse_optionst::process_goto_program(const optionst &options)
     // Java virtual functions -> explicit dispatch tables:
     remove_virtual_functions(goto_model);
     // Java throw and catch -> explicit exceptional return variables:
+    // This introduces instanceof, so order is important:
     remove_exceptions(goto_model);
     // Java instanceof -> clsid comparison:
     remove_instanceof(goto_model);

From 829e37d8c643a2dea56254fc37302d43417a6edb Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Tue, 8 Aug 2017 12:36:27 +0100
Subject: [PATCH 548/699] Making substitute_array_list more precise

When transforming array-list to (ARRAYOF/WITH) expression, we ignore
out of bounds indexes, there value are not meaningfull and may force
cbmc to allocate big arrays when trying to output concrete values.
---
 src/solvers/refinement/string_refinement.cpp | 35 +++++++++++---------
 src/solvers/refinement/string_refinement.h   |  4 +--
 2 files changed, 21 insertions(+), 18 deletions(-)

diff --git a/src/solvers/refinement/string_refinement.cpp b/src/solvers/refinement/string_refinement.cpp
index 1c9297b5e65..2f83e9baf2b 100644
--- a/src/solvers/refinement/string_refinement.cpp
+++ b/src/solvers/refinement/string_refinement.cpp
@@ -1623,16 +1623,20 @@ std::vector<exprt> string_refinementt::instantiate_not_contains(
     axiom, index_set0, index_set1, generator);
 }
 
-/// replace array-lists by 'with' expressions
-/// \par parameters: an expression containing array-list expressions
+/// Replace array-lists by 'with' expressions.
+/// For instance `array-list [ 0 , x , 1 , y ]` is replaced by
+/// `ARRAYOF(0) WITH [0:=x] WITH [1:=y]`.
+/// Indexes exceeding the maximal string length are ignored.
+/// \param expr: an expression containing array-list expressions
+/// \param string_max_length: maximum length allowed for strings
 /// \return an expression containing no array-list
-exprt string_refinementt::substitute_array_lists(exprt expr) const
+exprt substitute_array_lists(exprt expr, size_t string_max_length)
 {
   for(size_t i=0; i<expr.operands().size(); ++i)
   {
     // TODO: only copy when necessary
-    exprt op(expr.operands()[i]);
-    expr.operands()[i]=substitute_array_lists(op);
+    exprt op=(expr.operands()[i]);
+    expr.operands()[i]=substitute_array_lists(op, string_max_length);
   }
 
   if(expr.id()=="array-list")
@@ -1643,18 +1647,17 @@ exprt string_refinementt::substitute_array_lists(exprt expr) const
         "operands"));
     typet &char_type=expr.operands()[1].type();
     array_typet arr_type(char_type, infinity_exprt(char_type));
-    array_of_exprt new_arr(from_integer(0, char_type),
-                           arr_type);
-
-    with_exprt ret_expr(new_arr,
-                        expr.operands()[0],
-                        expr.operands()[1]);
+    exprt ret_expr=array_of_exprt(from_integer(0, char_type), arr_type);
 
-    for(size_t i=1; i<expr.operands().size()/2; i++)
+    for(size_t i=0; i<expr.operands().size()/2; i++)
     {
-      ret_expr=with_exprt(ret_expr,
-                          expr.operands()[i*2],
-                          expr.operands()[i*2+1]);
+      const exprt &index=expr.operands()[i*2];
+      const exprt &value=expr.operands()[i*2+1];
+      mp_integer index_value;
+      bool not_constant=to_integer(index, index_value);
+      if(not_constant ||
+         (index_value>=0 && index_value<string_max_length))
+        ret_expr=with_exprt(ret_expr, index, value);
     }
     return ret_expr;
   }
@@ -1692,7 +1695,7 @@ exprt string_refinementt::get(const exprt &expr) const
 
   ecopy=supert::get(ecopy);
 
-  return substitute_array_lists(ecopy);
+  return substitute_array_lists(ecopy, generator.max_string_length);
 }
 
 /// Creates a solver with `axiom` as the only formula added and runs it. If it
diff --git a/src/solvers/refinement/string_refinement.h b/src/solvers/refinement/string_refinement.h
index 64e54cb8e15..8762472312e 100644
--- a/src/solvers/refinement/string_refinement.h
+++ b/src/solvers/refinement/string_refinement.h
@@ -136,8 +136,6 @@ class string_refinementt: public bv_refinementt
   std::vector<exprt> instantiate_not_contains(
     const string_not_contains_constraintt &axiom);
 
-  exprt substitute_array_lists(exprt) const;
-
   exprt compute_inverse_function(
     const exprt &qvar, const exprt &val, const exprt &f);
 
@@ -164,6 +162,8 @@ class string_refinementt: public bv_refinementt
   std::string string_of_array(const array_exprt &arr);
 };
 
+exprt substitute_array_lists(exprt expr, size_t string_max_length);
+
 /// Utility function for concretization of strings. Copies concretized values to
 /// the left to initialize the unconcretized indices of concrete_array.
 /// \param concrete_array: the vector to populate

From c38549f9ff70e3e973fcaa8c1a3a3d192a8451ab Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Tue, 8 Aug 2017 13:31:57 +0100
Subject: [PATCH 549/699] Unit test for substitute_array_list

---
 unit/Makefile                                 |  1 +
 .../substitute_array_list.cpp                 | 55 +++++++++++++++++++
 2 files changed, 56 insertions(+)
 create mode 100644 unit/solvers/refinement/string_refinement/substitute_array_list.cpp

diff --git a/unit/Makefile b/unit/Makefile
index 75960795d12..845d0197fa2 100644
--- a/unit/Makefile
+++ b/unit/Makefile
@@ -25,6 +25,7 @@ SRC += unit_tests.cpp \
        solvers/refinement/string_constraint_generator_valueof/is_digit_with_radix.cpp \
        solvers/refinement/string_constraint_generator_valueof/is_digit_with_radix_lower_case.cpp \
        solvers/refinement/string_constraint_instantiation/instantiate_not_contains.cpp \
+       solvers/refinement/string_refinement/substitute_array_list.cpp \
        catch_example.cpp \
        # Empty last line
 
diff --git a/unit/solvers/refinement/string_refinement/substitute_array_list.cpp b/unit/solvers/refinement/string_refinement/substitute_array_list.cpp
new file mode 100644
index 00000000000..5258406cff1
--- /dev/null
+++ b/unit/solvers/refinement/string_refinement/substitute_array_list.cpp
@@ -0,0 +1,55 @@
+/*******************************************************************\
+
+ Module: Unit tests for get_numeric_value_from_character in
+   solvers/refinement/string_constraint_generator_valueof.cpp
+
+ Author: DiffBlue Limited. All rights reserved.
+
+\*******************************************************************/
+
+#include <catch.hpp>
+
+#include <util/arith_tools.h>
+#include <util/std_types.h>
+#include <util/std_expr.h>
+#include <solvers/refinement/string_refinement.h>
+#include <iostream>
+
+SCENARIO("substitute_array_list",
+  "[core][solvers][refinement][string_refinement]")
+{
+  const typet char_type=unsignedbv_typet(16);
+  const typet int_type=signedbv_typet(32);
+  exprt arr("array-list");
+  const exprt index0=from_integer(0, int_type);
+  const exprt charx=from_integer('x', char_type);
+  const exprt index1=from_integer(1, int_type);
+  const exprt chary=from_integer('y', char_type);
+  const exprt index100=from_integer(100, int_type);
+
+  // arr is `array-list [ 0 , 'x' , 1 , 'y' , 2 , 'z']`
+  arr.operands()=
+    { index0, charx, index1, chary, index100, from_integer('z', char_type) };
+
+  // Max length is 2, so index 2 should get ignored.
+  const exprt subst=substitute_array_lists(arr, 2);
+
+  // Check that `subst = e1 WITH [1:='y']`
+  REQUIRE(subst.id()==ID_with);
+  REQUIRE(subst.operands().size()==3);
+  const exprt &e1=subst.op0();
+  REQUIRE(subst.op1()==index1);
+  REQUIRE(subst.op2()==chary);
+
+  // Check that `e1 = e2 WITH [0:='x']`
+  REQUIRE(e1.id()==ID_with);
+  REQUIRE(e1.operands().size()==3);
+  const exprt &e2=e1.op0();
+  REQUIRE(e1.op1()==index0);
+  REQUIRE(e1.op2()==charx);
+
+  // Check that `e1 = ARRAY_OF 0`
+  REQUIRE(e2.id()==ID_array_of);
+  REQUIRE(e2.operands().size()==1);
+  REQUIRE(e2.op0()==from_integer(0, char_type));
+}

From 51f088aaf81d9cbe61b49684f8bd92fc01bb8e29 Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Tue, 8 Aug 2017 16:53:28 +0100
Subject: [PATCH 550/699] Allow extra entry-points to be specified for CI lazy
 loading

This allows driver programs that want more symbols elaborated
than are strictly accessible from the input arguments to request them.

This makes java-frontend documentation uniform rather than duplicate the
docs as usual, and also makes get_values non-fatal for parameters a
particular frontend did not supply, in common with other getters, in
order to avoid breaking unit tests that don't use lazy-methods.
---
 regression/cbmc-java/lazyloading10/test.class | Bin 0 -> 444 bytes
 regression/cbmc-java/lazyloading10/test.desc  |   8 ++
 regression/cbmc-java/lazyloading10/test.java  |  14 ++++
 regression/cbmc-java/lazyloading11/test.class | Bin 0 -> 444 bytes
 regression/cbmc-java/lazyloading11/test.desc  |  10 +++
 regression/cbmc-java/lazyloading11/test.java  |  14 ++++
 regression/cbmc-java/lazyloading6/test.class  | Bin 0 -> 444 bytes
 regression/cbmc-java/lazyloading6/test.desc   |  10 +++
 regression/cbmc-java/lazyloading6/test.java   |  14 ++++
 regression/cbmc-java/lazyloading7/test.class  | Bin 0 -> 444 bytes
 regression/cbmc-java/lazyloading7/test.desc   |  10 +++
 regression/cbmc-java/lazyloading7/test.java   |  14 ++++
 regression/cbmc-java/lazyloading8/test.class  | Bin 0 -> 444 bytes
 regression/cbmc-java/lazyloading8/test.desc   |  10 +++
 regression/cbmc-java/lazyloading8/test.java   |  14 ++++
 regression/cbmc-java/lazyloading9/test.class  | Bin 0 -> 444 bytes
 regression/cbmc-java/lazyloading9/test.desc   |   9 +++
 regression/cbmc-java/lazyloading9/test.java   |  14 ++++
 src/cbmc/cbmc_parse_options.cpp               |  19 +----
 src/cbmc/cbmc_parse_options.h                 |   9 +--
 src/clobber/clobber_parse_options.cpp         |   2 +
 src/clobber/clobber_parse_options.h           |   5 +-
 .../goto_analyzer_parse_options.cpp           |   1 +
 .../goto_analyzer_parse_options.h             |   5 +-
 src/java_bytecode/java_bytecode_language.cpp  |  65 +++++++++++++++
 src/java_bytecode/java_bytecode_language.h    |  27 +++++++
 src/java_bytecode/java_entry_point.cpp        |  76 ++++--------------
 src/java_bytecode/java_utils.cpp              |  58 +++++++++++++
 src/java_bytecode/java_utils.h                |  12 +++
 src/symex/symex_parse_options.cpp             |   3 +
 src/symex/symex_parse_options.h               |   5 +-
 src/util/cmdline.cpp                          |   8 +-
 32 files changed, 347 insertions(+), 89 deletions(-)
 create mode 100644 regression/cbmc-java/lazyloading10/test.class
 create mode 100644 regression/cbmc-java/lazyloading10/test.desc
 create mode 100644 regression/cbmc-java/lazyloading10/test.java
 create mode 100644 regression/cbmc-java/lazyloading11/test.class
 create mode 100644 regression/cbmc-java/lazyloading11/test.desc
 create mode 100644 regression/cbmc-java/lazyloading11/test.java
 create mode 100644 regression/cbmc-java/lazyloading6/test.class
 create mode 100644 regression/cbmc-java/lazyloading6/test.desc
 create mode 100644 regression/cbmc-java/lazyloading6/test.java
 create mode 100644 regression/cbmc-java/lazyloading7/test.class
 create mode 100644 regression/cbmc-java/lazyloading7/test.desc
 create mode 100644 regression/cbmc-java/lazyloading7/test.java
 create mode 100644 regression/cbmc-java/lazyloading8/test.class
 create mode 100644 regression/cbmc-java/lazyloading8/test.desc
 create mode 100644 regression/cbmc-java/lazyloading8/test.java
 create mode 100644 regression/cbmc-java/lazyloading9/test.class
 create mode 100644 regression/cbmc-java/lazyloading9/test.desc
 create mode 100644 regression/cbmc-java/lazyloading9/test.java

diff --git a/regression/cbmc-java/lazyloading10/test.class b/regression/cbmc-java/lazyloading10/test.class
new file mode 100644
index 0000000000000000000000000000000000000000..832bfbd07a8c33b7b772d5bda6ab505c344ecbaa
GIT binary patch
literal 444
zcmZus%SyvQ6g@YcWSSUFeOm-YTo|)xH!j7EP$-Bl6!%FTC8eg&rlQ~A*K|<?7k+>r
zC7ubzMeX9A;m&!?neU&^F92s~25_<ELt)#(j>fLWo<LqXUCx`pJI{-}yb#pl(|dus
z96lI9bd?w8dh(o^(OsGic%#Oqq)o-$O2&<56?g0=kAmQKI2rX!C%0n1G~=?>PhZjy
zK7tS)bci}MEtV2AEZH8U#Z&tx>ziJQBQ|td+u=}7gmn;IFcAT9h1&@g!ZS)fAc>m6
zN!%G~Q(g%|qF2!tSFuL4rURO);AEeMMXjbPTCV+<Td%Z@dG6snS0~5sOG@~Zt^YM|
RRux%u@qPQX4U!Hve*x*}F_!=U

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/lazyloading10/test.desc b/regression/cbmc-java/lazyloading10/test.desc
new file mode 100644
index 00000000000..38fb7495a08
--- /dev/null
+++ b/regression/cbmc-java/lazyloading10/test.desc
@@ -0,0 +1,8 @@
+CORE
+test.class
+--lazy-methods --verbosity 10 --function test.f --lazy-methods-extra-entry-point test.sety
+^EXIT=6$
+^SIGNAL=0$
+entry point 'test\.sety' is ambiguous between:
+test\.sety:\(I\)V
+test\.sety:\(F\)V
diff --git a/regression/cbmc-java/lazyloading10/test.java b/regression/cbmc-java/lazyloading10/test.java
new file mode 100644
index 00000000000..7c54eb7f2ec
--- /dev/null
+++ b/regression/cbmc-java/lazyloading10/test.java
@@ -0,0 +1,14 @@
+public class test {
+
+    int x;
+    int y;
+    
+    public test() { x = 1; y = 2; }
+    public void setx(int _x) { x = _x; }
+    public void sety(int _y) { y = _y; }
+    public void sety(float _y) { y = (int)_y; }
+    public void f() { }
+    
+}
+
+
diff --git a/regression/cbmc-java/lazyloading11/test.class b/regression/cbmc-java/lazyloading11/test.class
new file mode 100644
index 0000000000000000000000000000000000000000..832bfbd07a8c33b7b772d5bda6ab505c344ecbaa
GIT binary patch
literal 444
zcmZus%SyvQ6g@YcWSSUFeOm-YTo|)xH!j7EP$-Bl6!%FTC8eg&rlQ~A*K|<?7k+>r
zC7ubzMeX9A;m&!?neU&^F92s~25_<ELt)#(j>fLWo<LqXUCx`pJI{-}yb#pl(|dus
z96lI9bd?w8dh(o^(OsGic%#Oqq)o-$O2&<56?g0=kAmQKI2rX!C%0n1G~=?>PhZjy
zK7tS)bci}MEtV2AEZH8U#Z&tx>ziJQBQ|td+u=}7gmn;IFcAT9h1&@g!ZS)fAc>m6
zN!%G~Q(g%|qF2!tSFuL4rURO);AEeMMXjbPTCV+<Td%Z@dG6snS0~5sOG@~Zt^YM|
RRux%u@qPQX4U!Hve*x*}F_!=U

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/lazyloading11/test.desc b/regression/cbmc-java/lazyloading11/test.desc
new file mode 100644
index 00000000000..c74260ce902
--- /dev/null
+++ b/regression/cbmc-java/lazyloading11/test.desc
@@ -0,0 +1,10 @@
+CORE
+test.class
+--lazy-methods --verbosity 10 --function test.f --lazy-methods-extra-entry-point "test.sety:(I)V" --lazy-methods-extra-entry-point "test.sety:(F)V"
+^EXIT=0$
+^SIGNAL=0$
+VERIFICATION SUCCESSFUL
+CI lazy methods: elaborate java::test\.sety:\(I\)V
+CI lazy methods: elaborate java::test\.sety:\(F\)V
+--
+CI lazy methods: elaborate java::test\.setx:\(I\)V
diff --git a/regression/cbmc-java/lazyloading11/test.java b/regression/cbmc-java/lazyloading11/test.java
new file mode 100644
index 00000000000..7c54eb7f2ec
--- /dev/null
+++ b/regression/cbmc-java/lazyloading11/test.java
@@ -0,0 +1,14 @@
+public class test {
+
+    int x;
+    int y;
+    
+    public test() { x = 1; y = 2; }
+    public void setx(int _x) { x = _x; }
+    public void sety(int _y) { y = _y; }
+    public void sety(float _y) { y = (int)_y; }
+    public void f() { }
+    
+}
+
+
diff --git a/regression/cbmc-java/lazyloading6/test.class b/regression/cbmc-java/lazyloading6/test.class
new file mode 100644
index 0000000000000000000000000000000000000000..832bfbd07a8c33b7b772d5bda6ab505c344ecbaa
GIT binary patch
literal 444
zcmZus%SyvQ6g@YcWSSUFeOm-YTo|)xH!j7EP$-Bl6!%FTC8eg&rlQ~A*K|<?7k+>r
zC7ubzMeX9A;m&!?neU&^F92s~25_<ELt)#(j>fLWo<LqXUCx`pJI{-}yb#pl(|dus
z96lI9bd?w8dh(o^(OsGic%#Oqq)o-$O2&<56?g0=kAmQKI2rX!C%0n1G~=?>PhZjy
zK7tS)bci}MEtV2AEZH8U#Z&tx>ziJQBQ|td+u=}7gmn;IFcAT9h1&@g!ZS)fAc>m6
zN!%G~Q(g%|qF2!tSFuL4rURO);AEeMMXjbPTCV+<Td%Z@dG6snS0~5sOG@~Zt^YM|
RRux%u@qPQX4U!Hve*x*}F_!=U

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/lazyloading6/test.desc b/regression/cbmc-java/lazyloading6/test.desc
new file mode 100644
index 00000000000..dd4bbf33bc9
--- /dev/null
+++ b/regression/cbmc-java/lazyloading6/test.desc
@@ -0,0 +1,10 @@
+CORE
+test.class
+--lazy-methods --verbosity 10 --function test.f --lazy-methods-extra-entry-point test.setx
+^EXIT=0$
+^SIGNAL=0$
+VERIFICATION SUCCESSFUL
+CI lazy methods: elaborate java::test\.setx:\(I\)V
+--
+CI lazy methods: elaborate java::test\.sety:\(I\)V
+CI lazy methods: elaborate java::test\.sety:\(F\)V
diff --git a/regression/cbmc-java/lazyloading6/test.java b/regression/cbmc-java/lazyloading6/test.java
new file mode 100644
index 00000000000..7c54eb7f2ec
--- /dev/null
+++ b/regression/cbmc-java/lazyloading6/test.java
@@ -0,0 +1,14 @@
+public class test {
+
+    int x;
+    int y;
+    
+    public test() { x = 1; y = 2; }
+    public void setx(int _x) { x = _x; }
+    public void sety(int _y) { y = _y; }
+    public void sety(float _y) { y = (int)_y; }
+    public void f() { }
+    
+}
+
+
diff --git a/regression/cbmc-java/lazyloading7/test.class b/regression/cbmc-java/lazyloading7/test.class
new file mode 100644
index 0000000000000000000000000000000000000000..832bfbd07a8c33b7b772d5bda6ab505c344ecbaa
GIT binary patch
literal 444
zcmZus%SyvQ6g@YcWSSUFeOm-YTo|)xH!j7EP$-Bl6!%FTC8eg&rlQ~A*K|<?7k+>r
zC7ubzMeX9A;m&!?neU&^F92s~25_<ELt)#(j>fLWo<LqXUCx`pJI{-}yb#pl(|dus
z96lI9bd?w8dh(o^(OsGic%#Oqq)o-$O2&<56?g0=kAmQKI2rX!C%0n1G~=?>PhZjy
zK7tS)bci}MEtV2AEZH8U#Z&tx>ziJQBQ|td+u=}7gmn;IFcAT9h1&@g!ZS)fAc>m6
zN!%G~Q(g%|qF2!tSFuL4rURO);AEeMMXjbPTCV+<Td%Z@dG6snS0~5sOG@~Zt^YM|
RRux%u@qPQX4U!Hve*x*}F_!=U

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/lazyloading7/test.desc b/regression/cbmc-java/lazyloading7/test.desc
new file mode 100644
index 00000000000..2d26cc1dfdb
--- /dev/null
+++ b/regression/cbmc-java/lazyloading7/test.desc
@@ -0,0 +1,10 @@
+CORE
+test.class
+--lazy-methods --verbosity 10 --function test.f --lazy-methods-extra-entry-point "test.sety:(I)V"
+^EXIT=0$
+^SIGNAL=0$
+VERIFICATION SUCCESSFUL
+CI lazy methods: elaborate java::test\.sety:\(I\)V
+--
+CI lazy methods: elaborate java::test\.setx:\(I\)V
+CI lazy methods: elaborate java::test\.sety:\(F\)V
diff --git a/regression/cbmc-java/lazyloading7/test.java b/regression/cbmc-java/lazyloading7/test.java
new file mode 100644
index 00000000000..7c54eb7f2ec
--- /dev/null
+++ b/regression/cbmc-java/lazyloading7/test.java
@@ -0,0 +1,14 @@
+public class test {
+
+    int x;
+    int y;
+    
+    public test() { x = 1; y = 2; }
+    public void setx(int _x) { x = _x; }
+    public void sety(int _y) { y = _y; }
+    public void sety(float _y) { y = (int)_y; }
+    public void f() { }
+    
+}
+
+
diff --git a/regression/cbmc-java/lazyloading8/test.class b/regression/cbmc-java/lazyloading8/test.class
new file mode 100644
index 0000000000000000000000000000000000000000..832bfbd07a8c33b7b772d5bda6ab505c344ecbaa
GIT binary patch
literal 444
zcmZus%SyvQ6g@YcWSSUFeOm-YTo|)xH!j7EP$-Bl6!%FTC8eg&rlQ~A*K|<?7k+>r
zC7ubzMeX9A;m&!?neU&^F92s~25_<ELt)#(j>fLWo<LqXUCx`pJI{-}yb#pl(|dus
z96lI9bd?w8dh(o^(OsGic%#Oqq)o-$O2&<56?g0=kAmQKI2rX!C%0n1G~=?>PhZjy
zK7tS)bci}MEtV2AEZH8U#Z&tx>ziJQBQ|td+u=}7gmn;IFcAT9h1&@g!ZS)fAc>m6
zN!%G~Q(g%|qF2!tSFuL4rURO);AEeMMXjbPTCV+<Td%Z@dG6snS0~5sOG@~Zt^YM|
RRux%u@qPQX4U!Hve*x*}F_!=U

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/lazyloading8/test.desc b/regression/cbmc-java/lazyloading8/test.desc
new file mode 100644
index 00000000000..afad44d2c8f
--- /dev/null
+++ b/regression/cbmc-java/lazyloading8/test.desc
@@ -0,0 +1,10 @@
+CORE
+test.class
+--lazy-methods --verbosity 10 --function test.f --lazy-methods-extra-entry-point "test.sety:(F)V"
+^EXIT=0$
+^SIGNAL=0$
+VERIFICATION SUCCESSFUL
+CI lazy methods: elaborate java::test\.sety:\(F\)V
+--
+CI lazy methods: elaborate java::test\.sety:\(I\)V
+CI lazy methods: elaborate java::test\.setx:\(I\)V
diff --git a/regression/cbmc-java/lazyloading8/test.java b/regression/cbmc-java/lazyloading8/test.java
new file mode 100644
index 00000000000..7c54eb7f2ec
--- /dev/null
+++ b/regression/cbmc-java/lazyloading8/test.java
@@ -0,0 +1,14 @@
+public class test {
+
+    int x;
+    int y;
+    
+    public test() { x = 1; y = 2; }
+    public void setx(int _x) { x = _x; }
+    public void sety(int _y) { y = _y; }
+    public void sety(float _y) { y = (int)_y; }
+    public void f() { }
+    
+}
+
+
diff --git a/regression/cbmc-java/lazyloading9/test.class b/regression/cbmc-java/lazyloading9/test.class
new file mode 100644
index 0000000000000000000000000000000000000000..832bfbd07a8c33b7b772d5bda6ab505c344ecbaa
GIT binary patch
literal 444
zcmZus%SyvQ6g@YcWSSUFeOm-YTo|)xH!j7EP$-Bl6!%FTC8eg&rlQ~A*K|<?7k+>r
zC7ubzMeX9A;m&!?neU&^F92s~25_<ELt)#(j>fLWo<LqXUCx`pJI{-}yb#pl(|dus
z96lI9bd?w8dh(o^(OsGic%#Oqq)o-$O2&<56?g0=kAmQKI2rX!C%0n1G~=?>PhZjy
zK7tS)bci}MEtV2AEZH8U#Z&tx>ziJQBQ|td+u=}7gmn;IFcAT9h1&@g!ZS)fAc>m6
zN!%G~Q(g%|qF2!tSFuL4rURO);AEeMMXjbPTCV+<Td%Z@dG6snS0~5sOG@~Zt^YM|
RRux%u@qPQX4U!Hve*x*}F_!=U

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/lazyloading9/test.desc b/regression/cbmc-java/lazyloading9/test.desc
new file mode 100644
index 00000000000..aa4ccefe783
--- /dev/null
+++ b/regression/cbmc-java/lazyloading9/test.desc
@@ -0,0 +1,9 @@
+CORE
+test.class
+--lazy-methods --verbosity 10 --function test.f --lazy-methods-extra-entry-point "test.*"
+^EXIT=0$
+^SIGNAL=0$
+VERIFICATION SUCCESSFUL
+CI lazy methods: elaborate java::test\.setx:\(I\)V
+CI lazy methods: elaborate java::test\.sety:\(I\)V
+CI lazy methods: elaborate java::test\.sety:\(F\)V
diff --git a/regression/cbmc-java/lazyloading9/test.java b/regression/cbmc-java/lazyloading9/test.java
new file mode 100644
index 00000000000..7c54eb7f2ec
--- /dev/null
+++ b/regression/cbmc-java/lazyloading9/test.java
@@ -0,0 +1,14 @@
+public class test {
+
+    int x;
+    int y;
+    
+    public test() { x = 1; y = 2; }
+    public void setx(int _x) { x = _x; }
+    public void sety(int _y) { y = _y; }
+    public void sety(float _y) { y = (int)_y; }
+    public void f() { }
+    
+}
+
+
diff --git a/src/cbmc/cbmc_parse_options.cpp b/src/cbmc/cbmc_parse_options.cpp
index 7f272956083..239b34d9b8c 100644
--- a/src/cbmc/cbmc_parse_options.cpp
+++ b/src/cbmc/cbmc_parse_options.cpp
@@ -1073,22 +1073,9 @@ void cbmc_parse_optionst::help()
     "Java Bytecode frontend options:\n"
     " --classpath dir/jar          set the classpath\n"
     " --main-class class-name      set the name of the main class\n"
-    // NOLINTNEXTLINE(whitespace/line_length)
-    " --java-assume-inputs-non-null test harness makes input arguments not null\n"
-    // NOLINTNEXTLINE(whitespace/line_length)
-    " --java-max-input-array-length N maximum allowed length for an array passed as input\n"
-    // NOLINTNEXTLINE(whitespace/line_length)
-    " --java-max-input-tree-depth N   object references are (deterministically) set to null in the object\n"
-    // NOLINTNEXTLINE(whitespace/line_length)
-    "                                 hierarchy of input parameters when their depth is >= N and the object\n"
-    "                                 type happens twice in the tree branch\n"
-    // NOLINTNEXTLINE(whitespace/line_length)
-    " --java-max-vla-length        limit the length of user-code-created arrays\n"
-    // NOLINTNEXTLINE(whitespace/line_length)
-    " --java-throw-runtime-exceptions make implicit runtime exceptions explicit\n"
-    // NOLINTNEXTLINE(whitespace/line_length)
-    " --java-cp-include-files      regexp or JSON list of files to load (with '@' prefix)\n"
-    // NOLINTNEXTLINE(whitespace/line_length)
+    JAVA_BYTECODE_LANGUAGE_OPTIONS_HELP
+    // This one is handled by cbmc_parse_options not by the Java frontend,
+    // hence its presence here:
     " --java-unwind-enum-static    try to unwind loops in static initialization of enums\n"
     "\n"
     "Semantic transformations:\n"
diff --git a/src/cbmc/cbmc_parse_options.h b/src/cbmc/cbmc_parse_options.h
index 849fde7c126..ef91683ee0e 100644
--- a/src/cbmc/cbmc_parse_options.h
+++ b/src/cbmc/cbmc_parse_options.h
@@ -19,6 +19,8 @@ Author: Daniel Kroening, kroening@kroening.com
 
 #include <analyses/goto_check.h>
 
+#include <java_bytecode/java_bytecode_language.h>
+
 #include "xml_interface.h"
 
 class bmct;
@@ -64,14 +66,9 @@ class optionst;
   "(string-abstraction)(no-arch)(arch):" \
   "(round-to-nearest)(round-to-plus-inf)(round-to-minus-inf)(round-to-zero)" \
   "(graphml-witness):" \
-  "(java-max-vla-length):" \
+  JAVA_BYTECODE_LANGUAGE_OPTIONS \
   "(java-unwind-enum-static)" \
-  "(java-cp-include-files):" \
-  "(java-throw-runtime-exceptions)" \
-  "(java-max-input-array-length):" \
-  "(java-max-input-tree-depth):" \
   "(localize-faults)(localize-faults-method):" \
-  "(lazy-methods)" \
   "(fixedbv)(floatbv)(all-claims)(all-properties)" // legacy, and will eventually disappear // NOLINT(whitespace/line_length)
 
 class cbmc_parse_optionst:
diff --git a/src/clobber/clobber_parse_options.cpp b/src/clobber/clobber_parse_options.cpp
index e1ef51bb42e..71a7b41c7f8 100644
--- a/src/clobber/clobber_parse_options.cpp
+++ b/src/clobber/clobber_parse_options.cpp
@@ -536,6 +536,8 @@ void clobber_parse_optionst::help()
     " --round-to-minus-inf         IEEE floating point rounding mode\n"
     " --round-to-zero              IEEE floating point rounding mode\n"
     "\n"
+    JAVA_BYTECODE_LANGUAGE_OPTIONS_HELP
+    "\n"
     "Program instrumentation options:\n"
     HELP_GOTO_CHECK
     " --show-properties            show the properties\n"
diff --git a/src/clobber/clobber_parse_options.h b/src/clobber/clobber_parse_options.h
index 89faff353f0..5148bc759af 100644
--- a/src/clobber/clobber_parse_options.h
+++ b/src/clobber/clobber_parse_options.h
@@ -20,6 +20,8 @@ Author: Daniel Kroening, kroening@kroening.com
 #include <analyses/goto_check.h>
 #include <goto-programs/show_goto_functions.h>
 
+#include <java_bytecode/java_bytecode_language.h>
+
 class goto_functionst;
 class optionst;
 
@@ -32,7 +34,8 @@ class optionst;
   "(version)" \
   "(string-abstraction)" \
   "(show-locs)(show-vcc)(show-properties)(show-trace)" \
-  "(property):"
+  "(property):" \
+  JAVA_BYTECODE_LANGUAGE_OPTIONS
 
 class clobber_parse_optionst:
   public parse_options_baset,
diff --git a/src/goto-analyzer/goto_analyzer_parse_options.cpp b/src/goto-analyzer/goto_analyzer_parse_options.cpp
index ffa471086a0..66d31053220 100644
--- a/src/goto-analyzer/goto_analyzer_parse_options.cpp
+++ b/src/goto-analyzer/goto_analyzer_parse_options.cpp
@@ -493,6 +493,7 @@ void goto_analyzer_parse_optionst::help()
     "Java Bytecode frontend options:\n"
     " --classpath dir/jar          set the classpath\n"
     " --main-class class-name      set the name of the main class\n"
+    JAVA_BYTECODE_LANGUAGE_OPTIONS_HELP
     "\n"
     "Program representations:\n"
     " --show-parse-tree            show parse tree\n"
diff --git a/src/goto-analyzer/goto_analyzer_parse_options.h b/src/goto-analyzer/goto_analyzer_parse_options.h
index 48b299049b9..7ea646bbf1c 100644
--- a/src/goto-analyzer/goto_analyzer_parse_options.h
+++ b/src/goto-analyzer/goto_analyzer_parse_options.h
@@ -22,6 +22,8 @@ Author: Daniel Kroening, kroening@kroening.com
 
 #include <analyses/goto_check.h>
 
+#include <java_bytecode/java_bytecode_language.h>
+
 class bmct;
 class goto_functionst;
 class optionst;
@@ -45,7 +47,8 @@ class optionst;
   "(unreachable-instructions)(unreachable-functions)" \
   "(reachable-functions)" \
   "(intervals)(show-intervals)" \
-  "(non-null)(show-non-null)"
+  "(non-null)(show-non-null)" \
+  JAVA_BYTECODE_LANGUAGE_OPTIONS
 
 class goto_analyzer_parse_optionst:
   public parse_options_baset,
diff --git a/src/java_bytecode/java_bytecode_language.cpp b/src/java_bytecode/java_bytecode_language.cpp
index a9004c56e4a..f4ad77896b5 100644
--- a/src/java_bytecode/java_bytecode_language.cpp
+++ b/src/java_bytecode/java_bytecode_language.cpp
@@ -28,6 +28,7 @@ Author: Daniel Kroening, kroening@kroening.com
 #include "java_entry_point.h"
 #include "java_bytecode_parser.h"
 #include "java_class_loader.h"
+#include "java_utils.h"
 
 #include "expr2java.h"
 
@@ -54,6 +55,13 @@ void java_bytecode_languaget::get_language_options(const cmdlinet &cmd)
   else
     lazy_methods_mode=LAZY_METHODS_MODE_EAGER;
 
+  const std::list<std::string> &extra_entry_points=
+    cmd.get_values("lazy-methods-extra-entry-point");
+  lazy_methods_extra_entry_points.insert(
+    lazy_methods_extra_entry_points.end(),
+    extra_entry_points.begin(),
+    extra_entry_points.end());
+
   if(cmd.isset("java-cp-include-files"))
   {
     java_cp_include_files=cmd.get_value("java-cp-include-files");
@@ -463,6 +471,54 @@ bool java_bytecode_languaget::typecheck(
   return false;
 }
 
+/// Translates the given list of method names from human-readable to
+/// internal syntax.
+/// Expands any wildcards (entries ending in '.*') in the given method
+/// list to include all non-static methods defined on the given class.
+/// \param [in, out] methods: List of methods to expand. Any wildcard entries
+///   will be deleted and the expanded entries appended to the end.
+/// \param symbol_table: global symbol table
+static void resolve_method_names(
+  std::vector<irep_idt> &methods,
+  const symbol_tablet &symbol_table)
+{
+  std::vector<irep_idt> new_methods;
+  for(const irep_idt &method : methods)
+  {
+    const std::string &method_str=id2string(method);
+    if(!has_suffix(method_str, ".*"))
+    {
+      std::string error_message;
+      irep_idt internal_name=
+        resolve_friendly_method_name(
+          method_str,
+          symbol_table,
+          error_message);
+      if(internal_name==irep_idt())
+        throw "entry point "+error_message;
+      new_methods.push_back(internal_name);
+    }
+    else
+    {
+      irep_idt classname="java::"+method_str.substr(0, method_str.length()-2);
+      if(!symbol_table.has_symbol(classname))
+        throw "wildcard entry point '"+method_str+"': unknown class";
+
+      for(const auto &name_symbol : symbol_table.symbols)
+      {
+        if(name_symbol.second.type.id()!=ID_code)
+          continue;
+        if(!to_code_type(name_symbol.second.type).has_this())
+          continue;
+        if(has_prefix(id2string(name_symbol.first), id2string(classname)))
+          new_methods.push_back(name_symbol.first);
+      }
+    }
+  }
+
+  methods=std::move(new_methods);
+}
+
 /// Uses a simple context-insensitive ('ci') analysis to determine which methods
 /// may be reachable from the main entry point. In brief, static methods are
 /// reachable if we find a callsite in another reachable site, while virtual
@@ -512,6 +568,15 @@ bool java_bytecode_languaget::do_ci_lazy_method_conversion(
   else
     method_worklist2.push_back(main_function.main_function.name);
 
+  // Add any extra entry points specified; we should elaborate these in the
+  // same way as the main function.
+  std::vector<irep_idt> extra_entry_points=lazy_methods_extra_entry_points;
+  resolve_method_names(extra_entry_points, symbol_table);
+  method_worklist2.insert(
+    method_worklist2.begin(),
+    extra_entry_points.begin(),
+    extra_entry_points.end());
+
   std::set<irep_idt> needed_classes;
 
   {
diff --git a/src/java_bytecode/java_bytecode_language.h b/src/java_bytecode/java_bytecode_language.h
index a885325b197..66b2299aa70 100644
--- a/src/java_bytecode/java_bytecode_language.h
+++ b/src/java_bytecode/java_bytecode_language.h
@@ -16,6 +16,32 @@ Author: Daniel Kroening, kroening@kroening.com
 #include "java_class_loader.h"
 #include "java_string_library_preprocess.h"
 
+#define JAVA_BYTECODE_LANGUAGE_OPTIONS /*NOLINT*/ \
+  "(java-assume-inputs-non-null)"                 \
+  "(java-throw-runtime-exceptions)"               \
+  "(java-max-input-array-length):"                \
+  "(java-max-input-tree-depth):"                  \
+  "(java-max-vla-length):"                        \
+  "(java-cp-include-files):"                      \
+  "(lazy-methods)"                                \
+  "(lazy-methods-extra-entry-point):"
+
+#define JAVA_BYTECODE_LANGUAGE_OPTIONS_HELP /*NOLINT*/                                          \
+  " --java-assume-inputs-non-null    never initialize reference-typed parameter to the\n"       \
+  "                                  entry point with null\n"                                   \
+  " --java-throw-runtime-exceptions  make implicit runtime exceptions explicit\n"               \
+  " --java-max-input-array-length N  limit input array size to <= N\n"                          \
+  " --java-max-input-tree-depth N    object references are (deterministically) set to null in\n"\
+  "                                  the object\n"                                              \
+  " --java-max-vla-length            limit the length of user-code-created arrays\n"            \
+  " --java-cp-include-files          regexp or JSON list of files to load (with '@' prefix)\n"  \
+  " --lazy-methods                   only translate methods that appear to be reachable from\n" \
+  "                                  the --function entry point or main class\n"                \
+  " --lazy-methods-extra-entry-point METHODNAME\n"                                              \
+  "                                  treat METHODNAME as a possible program entry point for\n"  \
+  "                                  the purpose of lazy method loading\n"                      \
+  "                                  A '.*' wildcard is allowed to specify all class members\n"
+
 #define MAX_NONDET_ARRAY_LENGTH_DEFAULT 5
 #define MAX_NONDET_TREE_DEPTH 5
 
@@ -107,6 +133,7 @@ class java_bytecode_languaget:public languaget
   size_t max_user_array_length;     // max size for user code created arrays
   lazy_methodst lazy_methods;
   lazy_methods_modet lazy_methods_mode;
+  std::vector<irep_idt> lazy_methods_extra_entry_points;
   bool string_refinement_enabled;
   bool throw_runtime_exceptions;
   java_string_library_preprocesst string_preprocess;
diff --git a/src/java_bytecode/java_entry_point.cpp b/src/java_bytecode/java_entry_point.cpp
index 4d2ebd95f23..c142f37ddf5 100644
--- a/src/java_bytecode/java_entry_point.cpp
+++ b/src/java_bytecode/java_entry_point.cpp
@@ -337,76 +337,28 @@ main_function_resultt get_main_symbol(
     // Add java:: prefix
     std::string main_identifier="java::"+config.main;
 
-    symbol_tablet::symbolst::const_iterator s_it;
+    std::string error_message;
+    irep_idt main_symbol_id=
+      resolve_friendly_method_name(config.main, symbol_table, error_message);
 
-    // Does it have a type signature? (':' suffix)
-    if(config.main.rfind(':')==std::string::npos)
+    if(main_symbol_id==irep_idt())
     {
-      std::string prefix=main_identifier+':';
-      std::set<irep_idt> matches;
-
-      for(const auto &s : symbol_table.symbols)
-        if(has_prefix(id2string(s.first), prefix) &&
-           s.second.type.id()==ID_code)
-          matches.insert(s.first);
-
-      if(matches.empty())
-      {
-        message.error() << "main symbol `" << config.main
-                        << "' not found" << messaget::eom;
-        res.main_function=symbol;
-        res.error_found=true;
-        res.stop_convert=true;
-        return res;
-      }
-      else if(matches.size()==1)
-      {
-        s_it=symbol_table.symbols.find(*matches.begin());
-        assert(s_it!=symbol_table.symbols.end());
-      }
-      else
-      {
-        message.error() << "main symbol `" << config.main
-                        << "' is ambiguous:\n";
-
-        for(const auto &s : matches)
-          message.error() << "  " << s << '\n';
-
-        message.error() << messaget::eom;
-        res.main_function=symbol;
-        res.error_found=true;
-        res.stop_convert=true;
-        return res;
-      }
-    }
-    else
-    {
-      // just look it up
-      s_it=symbol_table.symbols.find(main_identifier);
-
-      if(s_it==symbol_table.symbols.end())
-      {
-        message.error() << "main symbol `" << config.main
-                        << "' not found" << messaget::eom;
-        res.main_function=symbol;
-        res.error_found=true;
-        res.stop_convert=true;
-        return res;
-      }
-    }
-    // function symbol
-    symbol=s_it->second;
-
-    if(symbol.type.id()!=ID_code)
-    {
-      message.error() << "main symbol `" << config.main
-                      << "' not a function" << messaget::eom;
+      message.error() << "main symbol resolution failed: "
+                      << error_message << messaget::eom;
       res.main_function=symbol;
       res.error_found=true;
       res.stop_convert=true;
       return res;
     }
 
+    symbol_tablet::symbolst::const_iterator s_it=
+      symbol_table.symbols.find(main_symbol_id);
+    INVARIANT(
+      s_it!=symbol_table.symbols.end(),
+      "resolve_friendly_method_name should return a symbol-table identifier");
+
+    symbol=s_it->second;
+
     // check if it has a body
     if(symbol.value.is_nil() && !allow_no_body)
     {
diff --git a/src/java_bytecode/java_utils.cpp b/src/java_bytecode/java_utils.cpp
index bf25145b770..3680968d285 100644
--- a/src/java_bytecode/java_utils.cpp
+++ b/src/java_bytecode/java_utils.cpp
@@ -113,3 +113,61 @@ bool is_java_string_literal_id(const irep_idt &id)
 {
   return has_prefix(id2string(id), JAVA_STRING_LITERAL_PREFIX);
 }
+
+irep_idt resolve_friendly_method_name(
+  const std::string &friendly_name,
+  const symbol_tablet &symbol_table,
+  std::string &error)
+{
+  std::string qualified_name="java::"+friendly_name;
+  if(friendly_name.rfind(':')==std::string::npos)
+  {
+    std::string prefix=qualified_name+':';
+    std::set<irep_idt> matches;
+
+    for(const auto &s : symbol_table.symbols)
+      if(has_prefix(id2string(s.first), prefix) &&
+         s.second.type.id()==ID_code)
+        matches.insert(s.first);
+
+    if(matches.empty())
+    {
+      error="'"+friendly_name+"' not found";
+      return irep_idt();
+    }
+    else if(matches.size()>1)
+    {
+      std::ostringstream message;
+      message << "'"+friendly_name+"' is ambiguous between:";
+
+      // Trim java:: prefix so we can recommend an appropriate input:
+      for(const auto &s : matches)
+        message << "\n  " << id2string(s).substr(6);
+
+      error=message.str();
+      return irep_idt();
+    }
+    else
+    {
+      return *matches.begin();
+    }
+  }
+  else
+  {
+    auto findit=symbol_table.symbols.find(qualified_name);
+    if(findit==symbol_table.symbols.end())
+    {
+      error="'"+friendly_name+"' not found";
+      return irep_idt();
+    }
+    else if(findit->second.type.id()!=ID_code)
+    {
+      error="'"+friendly_name+"' not a function";
+      return irep_idt();
+    }
+    else
+    {
+      return findit->first;
+    }
+  }
+}
diff --git a/src/java_bytecode/java_utils.h b/src/java_bytecode/java_utils.h
index a610eba96be..e8be5dfe3b9 100644
--- a/src/java_bytecode/java_utils.h
+++ b/src/java_bytecode/java_utils.h
@@ -52,4 +52,16 @@ void merge_source_location_rec(
 /// \return Returns true if 'id' identifies a string literal symbol
 bool is_java_string_literal_id(const irep_idt &id);
 
+/// Resolves a user-friendly method name (like packagename.Class.method)
+/// into an internal name (like java::packagename.Class.method:()V)
+/// The input may also have a type descriptor suffix to resolve ambiguity.
+/// On error, returns irep_idt() and sets error.
+/// \param friendly_name: user-friendly method name
+/// \param symbol_table: global symbol table
+/// \param [out] error: gets error description on failure
+irep_idt resolve_friendly_method_name(
+  const std::string &friendly_name,
+  const symbol_tablet &symbol_table,
+  std::string &error);
+
 #endif // CPROVER_JAVA_BYTECODE_JAVA_UTILS_H
diff --git a/src/symex/symex_parse_options.cpp b/src/symex/symex_parse_options.cpp
index 57c13b7d075..066212c796d 100644
--- a/src/symex/symex_parse_options.cpp
+++ b/src/symex/symex_parse_options.cpp
@@ -602,6 +602,9 @@ void symex_parse_optionst::help()
     " --round-to-zero              IEEE floating point rounding mode\n"
     " --function name              set main function name\n"
     "\n"
+    "Java Bytecode frontend options:\n"
+    JAVA_BYTECODE_LANGUAGE_OPTIONS_HELP
+    "\n"
     "Program instrumentation options:\n"
     HELP_GOTO_CHECK
     " --no-assertions              ignore user assertions\n"
diff --git a/src/symex/symex_parse_options.h b/src/symex/symex_parse_options.h
index b4fc6fe2e1c..21565d55fee 100644
--- a/src/symex/symex_parse_options.h
+++ b/src/symex/symex_parse_options.h
@@ -22,6 +22,8 @@ Author: Daniel Kroening, kroening@kroening.com
 
 #include <analyses/goto_check.h>
 
+#include <java_bytecode/java_bytecode_language.h>
+
 #include "path_search.h"
 
 class goto_functionst;
@@ -47,7 +49,8 @@ class optionst;
   "(drop-unused-functions)" \
   OPT_SHOW_GOTO_FUNCTIONS \
   "(property):(trace)(show-trace)(stop-on-fail)(eager-infeasibility)" \
-  "(no-simplify)(no-unwinding-assertions)(no-propagation)"
+  "(no-simplify)(no-unwinding-assertions)(no-propagation)" \
+  JAVA_BYTECODE_LANGUAGE_OPTIONS
   // the last line is for CBMC-regression testing only
 
 class symex_parse_optionst:
diff --git a/src/util/cmdline.cpp b/src/util/cmdline.cpp
index 6c8d686554d..a310a6c28cd 100644
--- a/src/util/cmdline.cpp
+++ b/src/util/cmdline.cpp
@@ -70,10 +70,13 @@ void cmdlinet::set(const std::string &option, const std::string &value)
   options[i].values.push_back(value);
 }
 
+static std::list<std::string> immutable_empty_list;
+
 const std::list<std::string> &cmdlinet::get_values(char option) const
 {
   int i=getoptnr(option);
-  assert(i>=0);
+  if(i<0)
+    return immutable_empty_list;
   return options[i].values;
 }
 
@@ -91,7 +94,8 @@ const std::list<std::string> &cmdlinet::get_values(
   const std::string &option) const
 {
   int i=getoptnr(option);
-  assert(i>=0);
+  if(i<0)
+    return immutable_empty_list;
   return options[i].values;
 }
 

From e8f536f63b7e7ba81ca5676b6e44101033847644 Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Thu, 10 Aug 2017 11:03:55 +0100
Subject: [PATCH 551/699] Fix remove-exceptions doxygen

---
 src/goto-programs/remove_exceptions.cpp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/goto-programs/remove_exceptions.cpp b/src/goto-programs/remove_exceptions.cpp
index 45f57dfc82d..fc921dd767b 100644
--- a/src/goto-programs/remove_exceptions.cpp
+++ b/src/goto-programs/remove_exceptions.cpp
@@ -70,7 +70,7 @@ Date:   December 2016
 /// and catch_pop instructions indicate how they should be checked to dispatch
 /// the right exception type to the right catch block, and landingpad
 /// instructions copy back to an ordinary local variable (or other expression)
-/// and set #exception_value back to null, indicating the exception has been
+/// and set \#exception_value back to null, indicating the exception has been
 /// caught and normal control flow resumed.
 ///
 /// Note that remove_exceptions introduces java_instanceof comparisons at
@@ -287,7 +287,7 @@ void remove_exceptionst::instrument_exception_handler(
 /// if (exception instanceof ExnA) then goto handlerA
 /// else if (exception instanceof ExnB) then goto handlerB
 /// else goto universal_handler or (dead locals; function exit)
-/// \param function_id: function instr_it belongs to
+/// \param func_it: iterator pointing to function instr_it belongs to
 /// \param instr_it: throw or call instruction that may be an
 ///   exception source
 /// \param stack_catch: exception handlers currently registered

From 2662cadde7c66b6ce20f1c59db25ac154521f4a3 Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Thu, 10 Aug 2017 15:57:34 +0100
Subject: [PATCH 552/699] Fix symbol table alteration during iteration

As usual it's illegal to add symbols during an iteration over the same
table, so I find the functions to alter and store them in a temporary,
looking each up in turn.
---
 src/java_bytecode/java_bytecode_instrument.cpp | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/src/java_bytecode/java_bytecode_instrument.cpp b/src/java_bytecode/java_bytecode_instrument.cpp
index fbd52fe9760..d92a13f43d4 100644
--- a/src/java_bytecode/java_bytecode_instrument.cpp
+++ b/src/java_bytecode/java_bytecode_instrument.cpp
@@ -600,9 +600,19 @@ void java_bytecode_instrument(
     max_array_length,
     max_tree_depth);
 
-  Forall_symbols(s_it, symbol_table.symbols)
+  std::vector<irep_idt> symbols_to_instrument;
+  forall_symbols(s_it, symbol_table.symbols)
   {
     if(s_it->second.value.id()==ID_code)
-      instrument(s_it->second.value);
+      symbols_to_instrument.push_back(s_it->first);
+  }
+
+  // instrument(...) can add symbols to the table, so it's
+  // not safe to hold a reference to a symbol across a call.
+  for(const auto &symbol : symbols_to_instrument)
+  {
+    exprt value=symbol_table.lookup(symbol).value;
+    instrument(value);
+    symbol_table.lookup(symbol).value=value;
   }
 }

From 870e7fffa1c768af511ee8f3a43eee984a812640 Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Wed, 9 Aug 2017 14:51:22 +0100
Subject: [PATCH 553/699] Remove needless typecast

---
 src/java_bytecode/java_bytecode_instrument.cpp | 11 ++---------
 1 file changed, 2 insertions(+), 9 deletions(-)

diff --git a/src/java_bytecode/java_bytecode_instrument.cpp b/src/java_bytecode/java_bytecode_instrument.cpp
index d92a13f43d4..8f03334faee 100644
--- a/src/java_bytecode/java_bytecode_instrument.cpp
+++ b/src/java_bytecode/java_bytecode_instrument.cpp
@@ -274,16 +274,9 @@ codet java_bytecode_instrumentt::check_null_dereference(
   const source_locationt &original_loc,
   const bool assertion_enabled)
 {
-  exprt local_expr=expr;
-  empty_typet voidt;
-  pointer_typet voidptr(voidt);
-
-  if(local_expr.type()!=voidptr)
-    local_expr.make_typecast(voidptr);
-
   const equal_exprt equal_expr(
-    local_expr,
-    null_pointer_exprt(voidptr));
+    expr,
+    null_pointer_exprt(to_pointer_type(expr.type())));
 
   if(throw_runtime_exceptions)
     return throw_exception(

From 04c957d6ee2c8643554877cddb37ac7d7a083cc0 Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Wed, 9 Aug 2017 14:51:51 +0100
Subject: [PATCH 554/699] Typecheck within assert and assume statements

For example, assert(some_string_literal!=null) would not work previously
---
 src/java_bytecode/java_bytecode_typecheck_code.cpp | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/java_bytecode/java_bytecode_typecheck_code.cpp b/src/java_bytecode/java_bytecode_typecheck_code.cpp
index 431e39234f5..f1540a53191 100644
--- a/src/java_bytecode/java_bytecode_typecheck_code.cpp
+++ b/src/java_bytecode/java_bytecode_typecheck_code.cpp
@@ -67,4 +67,8 @@ void java_bytecode_typecheckt::typecheck_code(codet &code)
         a_it++)
       typecheck_expr(*a_it);
   }
+  else if(statement==ID_assert || statement==ID_assume)
+  {
+    typecheck_expr(code.op0());
+  }
 }

From 3c59dc9ee3612fc67c0f9f26fc1e23414e399343 Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Thu, 13 Jul 2017 11:18:36 +0100
Subject: [PATCH 555/699] Check for null this-argument at virtual callsites

---
 .../cbmc-java/NondetArray2/NondetArray2.class   | Bin 907 -> 935 bytes
 .../cbmc-java/NondetArray2/NondetArray2.java    |   2 ++
 .../cbmc-java/NondetArray3/NondetArray3.class   | Bin 935 -> 963 bytes
 .../cbmc-java/NondetArray3/NondetArray3.java    |   2 ++
 regression/cbmc-java/lazyloading3/test.class    | Bin 334 -> 342 bytes
 regression/cbmc-java/lazyloading3/test.java     |   2 +-
 src/java_bytecode/java_bytecode_instrument.cpp  |  13 +++++++++++++
 7 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/regression/cbmc-java/NondetArray2/NondetArray2.class b/regression/cbmc-java/NondetArray2/NondetArray2.class
index 0ab85c2bb1d31f8d010393dbe61bc9edccdce025..83eba68f03c3f5d776afe4e04c7aabaf3960ff04 100644
GIT binary patch
delta 376
zcmYL_y)T1t5XV2iJ}*CgTH2y0rCM+GQbnH{Btp{xi7;CvB~7J~4kA{IiK*$tV6b#%
zKuEAj`~^n-3lUMrBA2`5E}#46dv~Ji+I{)HdjMRr4i0gL1Ou8bhe3wCG%>6haj=PN
zk`AMcX~wJWi<#6+R2!L=l%Gk`()gKTy0)mMQ!{=txQbx8a8O9^7AmFm`c}EPy{`!U
zk5(%C#ZqyvcC7NXcXfXFiU%!DmT&PqVXPYS<7=shS<{%c!dBS4AeIVSGjn#te#Wlj
zi$?5g%$@loOVt~1S6F8RqNn)ou{UnekC&ol5R^KMSE`oqN;t&u$#s54XeKRvmH<ne
zf`$Ye!xSJ$m=3vG?9fWv-+GQtx=<pqK!k3w+avP?Rznb56V({%Hx+!*uIc?me_(~=
Pi+#1ck<&5ZJ@o$o*cdyh

delta 337
zcmYL^%}PRX5XFE0`{7@2W@+5~$kaY9%}l)*1ybNDh<XMKF+^O1v~AO_RooY-Hoieb
z3v=ybwCWLBWmB6NW)5?hb7p3!@3lAiej5QEo`XZqVTDyq!eNc|5J5IHn+^eTn!Ljn
z+nU0IH&J=tP_;-g%nl{ZZkRHAep6MFl`vImiurEqrd95>`knImMYnx9@SjvO7X4>W
z`h#|-eeHj!$ND=4TFy9r#Ta9rnvLRFX;in&y6xJo^-R3v+SS8AIvIGux@z3nYB>G$
z$42@#^C#3&LlO>IX2=VcnB|BFQL!yx2_M8|QC^WX#8?p291tgg66HQgQgX(U@JY<6
hj07}kjj4W9!568hm@JE_Vot_9LBD5uIwOri_6IUwG9mx~

diff --git a/regression/cbmc-java/NondetArray2/NondetArray2.java b/regression/cbmc-java/NondetArray2/NondetArray2.java
index 2f9bcedd797..2ff2201ee5d 100644
--- a/regression/cbmc-java/NondetArray2/NondetArray2.java
+++ b/regression/cbmc-java/NondetArray2/NondetArray2.java
@@ -8,6 +8,8 @@ void main()
 
     int num = 0;
     for (Integer i : ints) {
+      if(i == null)
+        continue;
       num *= i.intValue();
     }
     assert num == 0;
diff --git a/regression/cbmc-java/NondetArray3/NondetArray3.class b/regression/cbmc-java/NondetArray3/NondetArray3.class
index e07d736d747d1f5db68cd8c7326775ef18db25e5..0e5a2532fd6aa27e60c63b7507a4186bc48da4c4 100644
GIT binary patch
delta 362
zcmYL^zb`{^6vaQU?R#HdA6gXER;gcArDzEfq#+RtgQ;Dlc&Ug~(lip2#UM6$6N9xg
z0|^O(LE^9Ae=vxMx}D@EH}{@<?z#6=)r-o!{XRSa8KzB4`b=W<E4mtKU_dcwqSwJ8
zh81y>5fX~gi_DuRu1H?g(#Dv@I4NgVi>)LrCYaQ))(=a&b|qUb7mm}4DT_224c~s@
zsE|4+l!~d1?R|TvqT&CC)=Cw-XqTOHZQ1$It{Xpbq2#f=bLL8%M8^X9)VvWiUNNe8
z!$IQ?wYPApYt`EOEuJe{!k2g-(R240&o{E@#wR%;rVt?|eu7em@G^<T3{A|@Oji0;
zVdn5l)cGEn`v}m1A$^`!+KAL8HtD1bO(d2?s$2dG2_cT*EV_gKAKDd>Z`2pMUyk)S
MTkfoi3d2S3AHnTC#sB~S

delta 317
zcmYL^yGuf07{-6!(Q`gM9`X|AwJf_>mU%l66%pbTL19~?l^7BRB0;paHN}}~s>!*A
zf`S^_{1@7qTHBhc&#C2k;rH;o@B6&Tp0xWvPcMLtZDKNRGC^7r_2OYtGG(F<;50Lm
zjL9r>lI*437a2zrWn<oAft<4{(uGBfJOzQZb=*E^bSs@s{j@A8T9haY0<HQ<J%3bh
zH}l(jt;T-WxfRt=@Skq9yNza}<9vu4?>ib&eYN9UXjwaw3+ts7BN;OukcVsMy6F9W
z-s8T;pS;5NjK2Gb@p`8ME&@u^c$_aSTwTV;Iz!a(6I48lo1!WfW&~rfo)E)oN;ZiQ
iMUY^L7;$wzp?C_nQ**^U-^7C|HtL+YDsoI28mT|&j5yx_

diff --git a/regression/cbmc-java/NondetArray3/NondetArray3.java b/regression/cbmc-java/NondetArray3/NondetArray3.java
index c061aa693f2..af5f8f7f111 100644
--- a/regression/cbmc-java/NondetArray3/NondetArray3.java
+++ b/regression/cbmc-java/NondetArray3/NondetArray3.java
@@ -9,6 +9,8 @@ void main()
 
     int num = 0;
     for (Integer i : ints) {
+      if(i == null)
+        continue;
       num *= i.intValue();
     }
     assert num == 0;
diff --git a/regression/cbmc-java/lazyloading3/test.class b/regression/cbmc-java/lazyloading3/test.class
index 5df466fc9ea33d794b02d6d48c55d591cc362ef9..eabb679daa5c921e8df798d53761fb161eb82a14 100644
GIT binary patch
delta 85
zcmX@dbd6~PC!?<u10xVJFo<X!W8l)-!oYN#fn_6z-p0VZ5h%{YzzHOU7+8QL2Lm^d
Z$HTzIAPi*j07Y0Bn7A2$`gy@B`2bF{2~+?8

delta 53
zcmcb{bdG5QCnJ{?10xVJFz{+kmSU8ZV`1QAU}fN9;9=kfVg?3g21Zt(JTH*R#J~pt
Dvw8$C

diff --git a/regression/cbmc-java/lazyloading3/test.java b/regression/cbmc-java/lazyloading3/test.java
index f69a9898472..2e967aea266 100644
--- a/regression/cbmc-java/lazyloading3/test.java
+++ b/regression/cbmc-java/lazyloading3/test.java
@@ -5,7 +5,7 @@ public class test
 {
   public static void main(C c)
   {
-    if(c==null)
+    if(c==null || c.a==null)
       return;
     c.a.f();
   }
diff --git a/src/java_bytecode/java_bytecode_instrument.cpp b/src/java_bytecode/java_bytecode_instrument.cpp
index 8f03334faee..5801ec01221 100644
--- a/src/java_bytecode/java_bytecode_instrument.cpp
+++ b/src/java_bytecode/java_bytecode_instrument.cpp
@@ -453,6 +453,19 @@ void java_bytecode_instrumentt::instrument_code(exprt &expr)
     add_expr_instrumentation(block, code_function_call.lhs());
     add_expr_instrumentation(block, code_function_call.function());
 
+    const code_typet &function_type=
+      to_code_type(code_function_call.function().type());
+
+    // Check for a null this-argument of a virtual call:
+    if(function_type.has_this())
+    {
+      block.copy_to_operands(
+        check_null_dereference(
+          code_function_call.arguments()[0],
+          code_function_call.source_location(),
+          true));
+    }
+
     for(const auto &arg : code_function_call.arguments())
       add_expr_instrumentation(block, arg);
 

From 273600e5513587df682aa16aef4f9131de15e263 Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Thu, 27 Jul 2017 10:40:14 +0100
Subject: [PATCH 556/699] Check for null-pointer deref on array access

---
 .../java_bytecode_convert_method.cpp          | 17 +++++++------
 .../java_bytecode_instrument.cpp              | 24 +++++++------------
 2 files changed, 19 insertions(+), 22 deletions(-)

diff --git a/src/java_bytecode/java_bytecode_convert_method.cpp b/src/java_bytecode/java_bytecode_convert_method.cpp
index cfc07f97c9b..a7044afe48f 100644
--- a/src/java_bytecode/java_bytecode_convert_method.cpp
+++ b/src/java_bytecode/java_bytecode_convert_method.cpp
@@ -524,15 +524,15 @@ static member_exprt to_member(const exprt &pointer, const exprt &fieldref)
   exprt pointer2=
     typecast_exprt(pointer, java_reference_type(class_type));
 
-  const dereference_exprt obj_deref(pointer2, class_type);
+  dereference_exprt obj_deref(pointer2, class_type);
+  // tag it so it's easy to identify during instrumentation
+  obj_deref.set(ID_java_member_access, true);
 
-  member_exprt member_expr(
+  const member_exprt member_expr(
     obj_deref,
     fieldref.get(ID_component_name),
     fieldref.type());
 
-  // tag it so it's easy to identify during instrumentation
-  member_expr.set(ID_java_member_access, true);
   return member_expr;
 }
 
@@ -1496,7 +1496,8 @@ codet java_bytecode_convert_methodt::convert_instructions(
       exprt pointer=
         typecast_exprt(op[0], java_array_type(type_char));
 
-      const dereference_exprt deref(pointer, pointer.type().subtype());
+      dereference_exprt deref(pointer, pointer.type().subtype());
+      deref.set(ID_java_member_access, true);
 
       const member_exprt data_ptr(
         deref,
@@ -1559,7 +1560,8 @@ codet java_bytecode_convert_methodt::convert_instructions(
       exprt pointer=
         typecast_exprt(op[0], java_array_type(type_char));
 
-      const dereference_exprt deref(pointer, pointer.type().subtype());
+      dereference_exprt deref(pointer, pointer.type().subtype());
+      deref.set(ID_java_member_access, true);
 
       const member_exprt data_ptr(
         deref,
@@ -2237,8 +2239,9 @@ codet java_bytecode_convert_methodt::convert_instructions(
       exprt pointer=
         typecast_exprt(op[0], java_array_type(statement[0]));
 
-      const dereference_exprt array(pointer, pointer.type().subtype());
+      dereference_exprt array(pointer, pointer.type().subtype());
       assert(pointer.type().subtype().id()==ID_symbol);
+      array.set(ID_java_member_access, true);
 
       const member_exprt length(array, "length", java_int_type());
 
diff --git a/src/java_bytecode/java_bytecode_instrument.cpp b/src/java_bytecode/java_bytecode_instrument.cpp
index 5801ec01221..be1359f9989 100644
--- a/src/java_bytecode/java_bytecode_instrument.cpp
+++ b/src/java_bytecode/java_bytecode_instrument.cpp
@@ -550,23 +550,17 @@ codet java_bytecode_instrumentt::instrument_expr(
         expr.op1(),
         expr.source_location()));
   }
-  else if(expr.id()==ID_member &&
+  else if(expr.id()==ID_dereference &&
           expr.get_bool(ID_java_member_access))
   {
-    // this corresponds to either getfield or putfield
-    // so we must check null pointer dereference
-    const member_exprt &member_expr=to_member_expr(expr);
-    if(member_expr.op0().id()==ID_dereference)
-    {
-      const dereference_exprt dereference_expr=
-        to_dereference_expr(member_expr.op0());
-      codet null_dereference_check=
-        check_null_dereference(
-          dereference_expr.op0(),
-          dereference_expr.source_location(),
-          false);
-      result.move_to_operands(null_dereference_check);
-    }
+    // Check pointer non-null before access:
+    const dereference_exprt dereference_expr=to_dereference_expr(expr);
+    codet null_dereference_check=
+      check_null_dereference(
+        dereference_expr.op0(),
+        dereference_expr.source_location(),
+        false);
+    result.move_to_operands(null_dereference_check);
   }
 
   if(result==code_blockt())

From 6609f4555e718cbac14da5d4654efc39f4d6fab5 Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Wed, 2 Aug 2017 17:18:10 +0100
Subject: [PATCH 557/699] Add tests for NullPointerException on virtual call or
 array access

---
 regression/cbmc-java/exceptions23/test.class | Bin 0 -> 566 bytes
 regression/cbmc-java/exceptions23/test.desc  |  12 ++++++++++++
 regression/cbmc-java/exceptions23/test.java  |  12 ++++++++++++
 regression/cbmc-java/exceptions24/A.class    | Bin 0 -> 222 bytes
 regression/cbmc-java/exceptions24/test.class | Bin 0 -> 587 bytes
 regression/cbmc-java/exceptions24/test.desc  |  12 ++++++++++++
 regression/cbmc-java/exceptions24/test.java  |  18 ++++++++++++++++++
 7 files changed, 54 insertions(+)
 create mode 100644 regression/cbmc-java/exceptions23/test.class
 create mode 100644 regression/cbmc-java/exceptions23/test.desc
 create mode 100644 regression/cbmc-java/exceptions23/test.java
 create mode 100644 regression/cbmc-java/exceptions24/A.class
 create mode 100644 regression/cbmc-java/exceptions24/test.class
 create mode 100644 regression/cbmc-java/exceptions24/test.desc
 create mode 100644 regression/cbmc-java/exceptions24/test.java

diff --git a/regression/cbmc-java/exceptions23/test.class b/regression/cbmc-java/exceptions23/test.class
new file mode 100644
index 0000000000000000000000000000000000000000..acfbe7b2551831f2f6263e3333ac987761dcd5aa
GIT binary patch
literal 566
zcmYLFO-sW-5Pj3cq>a&jsI`78c+ei&i^n2Ltss7aBG_A+F0wUEN|K7d#Xr!q3KkUf
z?vD~@qqZ!}?#z4h=FNV6zkLAM!McSs=1debFfebTWI<Q?f`vsanOG*wY&uaS!dM1=
zbRZ+A<%u?dngpXJeHrf(w5{!Hf?f~Wf{;CtzBuc5TOzztWCps9^a)d!vE$yII=!UK
zGYRRM>-}k1mq9;t#i3LknOH<|rQ_T?HYQ;cR@J-eIsR?+tnYajf%Ib$HXdBjQ^ss$
zU=d1V*8aceMi>Smdr*odR&1<djgT8N&s!bg#_W4ss(ZXLq1YCY3`KjS#S6rJ26*2l
zHu%TV{E3t+sp<UEK*}x0Db7~-CcY=iL(r2VVw$6o6jR)i9Z{P|@c|a-xU5xb0~C&*
zp*>>q9s11>6Q55>lfg}jsALvdh_yL0_*jgjlUQO0IYvyRj!fjIxm*~{*-2!8e8G5y
d`3O@VK-XTNDSN-V|MrvytJ`~OiJ1hR{Q>oZWl#VB

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/exceptions23/test.desc b/regression/cbmc-java/exceptions23/test.desc
new file mode 100644
index 00000000000..fd651101086
--- /dev/null
+++ b/regression/cbmc-java/exceptions23/test.desc
@@ -0,0 +1,12 @@
+CORE
+test.class
+--java-throw-runtime-exceptions
+^EXIT=10$
+^SIGNAL=0$
+VERIFICATION FAILED
+assertion at file test\.java line 9 function java::test\.main:\(\)V bytecode-index 12: FAILURE
+--
+^warning: ignoring
+--
+This test checks that accessing an array member, cf. a getfield or setfield bytecode,
+can produce a NullPointerException.
diff --git a/regression/cbmc-java/exceptions23/test.java b/regression/cbmc-java/exceptions23/test.java
new file mode 100644
index 00000000000..d50d7ac8356
--- /dev/null
+++ b/regression/cbmc-java/exceptions23/test.java
@@ -0,0 +1,12 @@
+
+public class test {
+ public static void main () {
+   try {
+     int[] array = null;
+     int x = array[0];
+   }
+   catch(NullPointerException e) {
+     assert false;
+   }
+ }
+}
diff --git a/regression/cbmc-java/exceptions24/A.class b/regression/cbmc-java/exceptions24/A.class
new file mode 100644
index 0000000000000000000000000000000000000000..3c3c1f099973f8d7064ac6217f6b1b24d896d254
GIT binary patch
literal 222
zcmX^0Z`VEs1_l!bJ}w4k25xo+9(D#^Mg}&U%)HDJJ4Oa(4b3n{1{UZ1lvG9rexJ;|
zRKL>Pq|~C2#H1Xc2xA%}16Oc<X;E^jTP8?=vm~{+L@z6`ERlzSg@F~Q!jX|d0L0hN
zNz6;v_fN`7O)g<jU|<4T2Len$3{=Pfv=hjZ1=5T_npJB%1LH;@gOPz9NV0(i`G6z`
WT&W~j7N`PUnE+53Cs2}!feQd$qaTa_

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/exceptions24/test.class b/regression/cbmc-java/exceptions24/test.class
new file mode 100644
index 0000000000000000000000000000000000000000..7c9e70f992567372f75b52c1918e553e06384f73
GIT binary patch
literal 587
zcmYLG%SyvQ6g{_1Gi^+5ty*h+zd&8+#-)hj1Ejt{5$rBaM;VQYB&ql<{eiAkP*Bjl
zA0^(2+7fanbI!SE&YgUHzkL8$!-9nz$`(dY5g5%upeitCA%n8OxP=K!3QQ3O=bb2$
zVXOi_+EJ0y@MM!fb%MFBd=+mH(u+&y1Y<jBN<!g4`SPfB+mPXz7Bg|{D4&o&jUD&q
z(78)sK9i7LcfCIk>ojPEuG~|)BNxjkUb%Me9UC_C0@F5TkS9!PY}Ir8tJR~H=bZ$~
zk7c;~;L1B4(1wLRLZzqL`p>=_hC#?#w6nmhjXBH{iaq6V<662gPqxMHCC|~LwmrTA
zLb)j;70PDUlLv}hOz`}5&L{Xn0V-B>3jRuibb7A+yqn;ac+D)of*!RH1+HcSrnt4(
zmDZ6;&{3)_zaZ5?srCe;jlOqeE?!}NJ|?uuO=*^Dn<^WzH}6b-^smh(wZcgTm=Q?r
s3zYg99_*g8me>FTCGmo68^Y+oNI%2S@qT^(<7p3ew>R|=LkT_n1NlN{FaQ7m

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/exceptions24/test.desc b/regression/cbmc-java/exceptions24/test.desc
new file mode 100644
index 00000000000..1bf09a500d5
--- /dev/null
+++ b/regression/cbmc-java/exceptions24/test.desc
@@ -0,0 +1,12 @@
+CORE
+test.class
+--java-throw-runtime-exceptions
+^EXIT=10$
+^SIGNAL=0$
+VERIFICATION FAILED
+assertion at file test\.java line 9 function java::test\.main:\(\)V bytecode-index 10: FAILURE
+--
+^warning: ignoring
+--
+This test ensures that attempting a virtual call against a null pointer can produce a NullPointerException,
+even when there are no field accesses inside the method or inspection of its class identifier to trigger one.
diff --git a/regression/cbmc-java/exceptions24/test.java b/regression/cbmc-java/exceptions24/test.java
new file mode 100644
index 00000000000..9cefd50370a
--- /dev/null
+++ b/regression/cbmc-java/exceptions24/test.java
@@ -0,0 +1,18 @@
+
+public class test {
+ public static void main () {
+   try {
+     A a = null;
+     a.f();
+   }
+   catch(NullPointerException e) {
+     assert false;
+   }
+ }
+}
+
+class A {
+
+  public void f() {}
+
+}

From 074a57e13b70158a4cc52804eb9014ec477ee5e0 Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Mon, 31 Jul 2017 15:40:04 +0100
Subject: [PATCH 558/699] Always check for null on a member access

---
 .../java_bytecode_instrument.cpp              | 32 +++++++------------
 1 file changed, 11 insertions(+), 21 deletions(-)

diff --git a/src/java_bytecode/java_bytecode_instrument.cpp b/src/java_bytecode/java_bytecode_instrument.cpp
index be1359f9989..e3c1b347007 100644
--- a/src/java_bytecode/java_bytecode_instrument.cpp
+++ b/src/java_bytecode/java_bytecode_instrument.cpp
@@ -66,8 +66,7 @@ class java_bytecode_instrumentt:public messaget
 
   codet check_null_dereference(
     const exprt &expr,
-    const source_locationt &original_loc,
-    const bool assertion_enabled);
+    const source_locationt &original_loc);
 
   codet check_class_cast(
     const exprt &class1,
@@ -271,8 +270,7 @@ codet java_bytecode_instrumentt::check_class_cast(
 /// assertion checking the subtype relation
 codet java_bytecode_instrumentt::check_null_dereference(
   const exprt &expr,
-  const source_locationt &original_loc,
-  const bool assertion_enabled)
+  const source_locationt &original_loc)
 {
   const equal_exprt equal_expr(
     expr,
@@ -283,17 +281,12 @@ codet java_bytecode_instrumentt::check_null_dereference(
       equal_expr,
       original_loc, "java.lang.NullPointerException");
 
-  if(assertion_enabled)
-  {
-    code_assertt check((not_exprt(equal_expr)));
-    check.add_source_location()
-      .set_comment("Throw null");
-    check.add_source_location()
-      .set_property_class("null-pointer-exception");
-    return check;
-  }
-
-  return code_skipt();
+  code_assertt check((not_exprt(equal_expr)));
+  check.add_source_location()
+    .set_comment("Throw null");
+  check.add_source_location()
+    .set_property_class("null-pointer-exception");
+  return check;
 }
 
 /// Checks whether `length`>=0 and throws NegativeArraySizeException/
@@ -462,8 +455,7 @@ void java_bytecode_instrumentt::instrument_code(exprt &expr)
       block.copy_to_operands(
         check_null_dereference(
           code_function_call.arguments()[0],
-          code_function_call.source_location(),
-          true));
+          code_function_call.source_location()));
     }
 
     for(const auto &arg : code_function_call.arguments())
@@ -528,8 +520,7 @@ codet java_bytecode_instrumentt::instrument_expr(
       result.copy_to_operands(
         check_null_dereference(
           expr.op0(),
-          expr.source_location(),
-          true));
+          expr.source_location()));
     }
     else if(statement==ID_java_new_array)
     {
@@ -558,8 +549,7 @@ codet java_bytecode_instrumentt::instrument_expr(
     codet null_dereference_check=
       check_null_dereference(
         dereference_expr.op0(),
-        dereference_expr.source_location(),
-        false);
+        dereference_expr.source_location());
     result.move_to_operands(null_dereference_check);
   }
 

From 8486e6c8b1d9e121c1d8417a42e4a0991fd94f2e Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Tue, 1 Aug 2017 10:28:55 +0100
Subject: [PATCH 559/699] Instrument string-refinement code such that
 null-pointer checks are detected

Previously this was escaping instrumentation because it was created after the
instrumentation pass is run, allowing String accesses via null pointers
---
 .../java_bytecode_convert_method.cpp          |  4 +--
 .../java_bytecode_instrument.cpp              | 32 +++++++++++++++++++
 src/java_bytecode/java_bytecode_instrument.h  |  9 ++++++
 src/java_bytecode/java_bytecode_language.cpp  |  9 ++++++
 .../java_string_library_preprocess.cpp        | 30 ++++++++++-------
 src/java_bytecode/java_utils.cpp              |  8 +++++
 src/java_bytecode/java_utils.h                |  6 ++++
 7 files changed, 84 insertions(+), 14 deletions(-)

diff --git a/src/java_bytecode/java_bytecode_convert_method.cpp b/src/java_bytecode/java_bytecode_convert_method.cpp
index a7044afe48f..533fbfa52e0 100644
--- a/src/java_bytecode/java_bytecode_convert_method.cpp
+++ b/src/java_bytecode/java_bytecode_convert_method.cpp
@@ -524,9 +524,7 @@ static member_exprt to_member(const exprt &pointer, const exprt &fieldref)
   exprt pointer2=
     typecast_exprt(pointer, java_reference_type(class_type));
 
-  dereference_exprt obj_deref(pointer2, class_type);
-  // tag it so it's easy to identify during instrumentation
-  obj_deref.set(ID_java_member_access, true);
+  dereference_exprt obj_deref=checked_dereference(pointer2, class_type);
 
   const member_exprt member_expr(
     obj_deref,
diff --git a/src/java_bytecode/java_bytecode_instrument.cpp b/src/java_bytecode/java_bytecode_instrument.cpp
index e3c1b347007..8d2644fb737 100644
--- a/src/java_bytecode/java_bytecode_instrument.cpp
+++ b/src/java_bytecode/java_bytecode_instrument.cpp
@@ -566,6 +566,38 @@ void java_bytecode_instrumentt::operator()(exprt &expr)
   instrument_code(expr);
 }
 
+/// Instruments the code attached to `symbol` with
+/// runtime exceptions or corresponding assertions.
+/// Exceptions are thrown when the `throw_runtime_exceptions` flag is set.
+/// Otherwise, assertions are emitted.
+/// \par parameters: `symbol_table`: global symbol table (may gain exception type
+///   stubs and similar)
+/// `symbol`: the symbol to instrument
+/// `throw_runtime_exceptions`: flag determining whether we instrument the code
+/// with runtime exceptions or with assertions. The former applies if this flag
+/// is set to true.
+/// `max_array_length`: maximum array length; the only reason we need this is
+/// in order to be able to call the object factory to create exceptions.
+void java_bytecode_instrument(
+  symbol_tablet &symbol_table,
+  symbolt &symbol,
+  const bool throw_runtime_exceptions,
+  message_handlert &message_handler,
+  const size_t max_array_length,
+  const size_t max_tree_depth)
+{
+  java_bytecode_instrumentt instrument(
+    symbol_table,
+    throw_runtime_exceptions,
+    message_handler,
+    max_array_length,
+    max_tree_depth);
+  INVARIANT(
+    symbol.value.id()==ID_code,
+    "java_bytecode_instrument expects a code-typed symbol");
+  instrument(symbol.value);
+}
+
 /// Instruments all the code in the symbol_table with
 /// runtime exceptions or corresponding assertions.
 /// Exceptions are thrown when the `throw_runtime_exceptions` flag is set.
diff --git a/src/java_bytecode/java_bytecode_instrument.h b/src/java_bytecode/java_bytecode_instrument.h
index 7d9ed248a1e..a068f9cbd32 100644
--- a/src/java_bytecode/java_bytecode_instrument.h
+++ b/src/java_bytecode/java_bytecode_instrument.h
@@ -13,8 +13,17 @@ Date:   June 2017
 
 void java_bytecode_instrument(
   symbol_tablet &symbol_table,
+  symbolt &symbol,
   const bool throw_runtime_exceptions,
   message_handlert &_message_handler,
   const size_t max_array_length,
   const size_t max_depth);
+
+void java_bytecode_instrument(
+  symbol_tablet &symbol_table,
+  const bool throw_runtime_exceptions,
+  message_handlert &_message_handler,
+  const size_t max_array_length,
+  const size_t max_depth);
+
 #endif
diff --git a/src/java_bytecode/java_bytecode_language.cpp b/src/java_bytecode/java_bytecode_language.cpp
index f4ad77896b5..fb4da2e309f 100644
--- a/src/java_bytecode/java_bytecode_language.cpp
+++ b/src/java_bytecode/java_bytecode_language.cpp
@@ -746,6 +746,15 @@ void java_bytecode_languaget::replace_string_methods(
       // Replace body of the function by code generated by string preprocess
       symbolt &symbol=context.lookup(id);
       symbol.value=generated_code;
+      // Specifically instrument the new code, since this comes after the
+      // blanket instrumentation pass called before typechecking.
+      java_bytecode_instrument(
+        context,
+        symbol,
+        throw_runtime_exceptions,
+        get_message_handler(),
+        max_nondet_array_length,
+        max_nondet_tree_depth);
     }
   }
 }
diff --git a/src/java_bytecode/java_string_library_preprocess.cpp b/src/java_bytecode/java_string_library_preprocess.cpp
index a2e7d08ffb5..2358f390029 100644
--- a/src/java_bytecode/java_string_library_preprocess.cpp
+++ b/src/java_bytecode/java_string_library_preprocess.cpp
@@ -24,6 +24,7 @@ Date:   April 2017
 #include <util/string_expr.h>
 #include "java_types.h"
 #include "java_object_factory.h"
+#include "java_utils.h"
 
 #include "java_string_library_preprocess.h"
 
@@ -334,7 +335,8 @@ exprt::operandst java_string_library_preprocesst::process_operands(
   {
     if(implements_java_char_sequence(p.type()))
     {
-      dereference_exprt deref(p, to_pointer_type(p.type()).subtype());
+      dereference_exprt deref=
+        checked_dereference(p, to_pointer_type(p.type()).subtype());
       process_single_operand(ops, deref, loc, symbol_table, init_code);
     }
     else if(is_java_char_array_pointer_type(p.type()))
@@ -371,14 +373,16 @@ exprt::operandst
   exprt op1=operands[1];
 
   assert(implements_java_char_sequence(op0.type()));
-  dereference_exprt deref0(op0, to_pointer_type(op0.type()).subtype());
+  dereference_exprt deref0=
+    checked_dereference(op0, to_pointer_type(op0.type()).subtype());
   process_single_operand(ops, deref0, loc, symbol_table, init_code);
 
   // TODO: Manage the case where we have a non-String Object (this should
   // probably be handled upstream. At any rate, the following code should be
   // protected with assertions on the type of op1.
   typecast_exprt tcast(op1, to_pointer_type(op0.type()));
-  dereference_exprt deref1(tcast, to_pointer_type(op0.type()).subtype());
+  dereference_exprt deref1=
+    checked_dereference(tcast, to_pointer_type(op0.type()).subtype());
   process_single_operand(ops, deref1, loc, symbol_table, init_code);
   return ops;
 }
@@ -466,9 +470,12 @@ string_exprt java_string_library_preprocesst::replace_char_array(
   code_blockt &code)
 {
   refined_string_typet ref_type=refined_string_type;
-  dereference_exprt array(array_pointer, array_pointer.type().subtype());
+  dereference_exprt array=
+    checked_dereference(array_pointer, array_pointer.type().subtype());
   exprt array_data=get_data(array, symbol_table);
   // `deref_array` is *(array_pointer->data)`
+  // No null-pointer-exception check here since all array structures
+  // have non-null data
   const typet &content_type=ref_type.get_content_type();
   dereference_exprt deref_array(array_data, array_data.type().subtype());
 
@@ -724,7 +731,7 @@ codet java_string_library_preprocesst::code_assign_components_to_java_string(
   symbol_tablet &symbol_table)
 {
   assert(implements_java_char_sequence(lhs.type()));
-  dereference_exprt deref(lhs, lhs.type().subtype());
+  dereference_exprt deref=checked_dereference(lhs, lhs.type().subtype());
 
   code_blockt code;
 
@@ -741,7 +748,7 @@ codet java_string_library_preprocesst::code_assign_components_to_java_string(
   struct_rhs.copy_to_operands(rhs_length);
   struct_rhs.copy_to_operands(rhs_array);
   code.add(code_assignt(
-    dereference_exprt(lhs, lhs.type().subtype()), struct_rhs));
+    checked_dereference(lhs, lhs.type().subtype()), struct_rhs));
 
   return code;
 }
@@ -782,7 +789,7 @@ codet java_string_library_preprocesst::
     symbol_tablet &symbol_table)
 {
   assert(implements_java_char_sequence(lhs.type()));
-  dereference_exprt deref(lhs, lhs.type().subtype());
+  dereference_exprt deref=checked_dereference(lhs, lhs.type().subtype());
 
   code_blockt code;
   exprt new_array=allocate_fresh_array(
@@ -816,7 +823,7 @@ codet java_string_library_preprocesst::code_assign_java_string_to_string_expr(
   else
     deref_type=rhs.type().subtype();
 
-  dereference_exprt deref(rhs, deref_type);
+  dereference_exprt deref=checked_dereference(rhs, deref_type);
 
   // Fields of the string object
   exprt rhs_length=get_length(deref, symbol_table);
@@ -1170,7 +1177,7 @@ codet java_string_library_preprocesst::make_string_to_char_array_code(
   code.add(code_assignt(deref_data, string_expr.content()));
 
   // lhs->data = &data[0]
-  dereference_exprt deref_lhs(lhs, lhs.type().subtype());
+  dereference_exprt deref_lhs=checked_dereference(lhs, lhs.type().subtype());
   exprt lhs_data=get_data(deref_lhs, symbol_table);
   index_exprt first_elt(
     deref_data, from_integer(0, java_int_type()), java_char_type());
@@ -1519,7 +1526,7 @@ codet java_string_library_preprocesst::make_object_get_class_code(
 
   // class_identifier is this->@class_identifier
   member_exprt class_identifier(
-    dereference_exprt(this_obj, this_obj.type().subtype()),
+    checked_dereference(this_obj, this_obj.type().subtype()),
     "@class_identifier",
     string_typet());
 
@@ -1743,7 +1750,8 @@ codet java_string_library_preprocesst::make_string_length_code(
 
   code_typet::parameterst params=type.parameters();
   symbol_exprt arg_this(params[0].get_identifier(), params[0].type());
-  dereference_exprt deref(arg_this, arg_this.type().subtype());
+  dereference_exprt deref=
+    checked_dereference(arg_this, arg_this.type().subtype());
 
   // Create a new string_exprt to be picked up by the solver
   string_exprt str_expr=fresh_string_expr(loc, symbol_table, code);
diff --git a/src/java_bytecode/java_utils.cpp b/src/java_bytecode/java_utils.cpp
index 3680968d285..accbe4b6647 100644
--- a/src/java_bytecode/java_utils.cpp
+++ b/src/java_bytecode/java_utils.cpp
@@ -171,3 +171,11 @@ irep_idt resolve_friendly_method_name(
     }
   }
 }
+
+dereference_exprt checked_dereference(const exprt &expr, const typet &type)
+{
+  dereference_exprt result(expr, type);
+  // tag it so it's easy to identify during instrumentation
+  result.set(ID_java_member_access, true);
+  return result;
+}
diff --git a/src/java_bytecode/java_utils.h b/src/java_bytecode/java_utils.h
index e8be5dfe3b9..f73efcddd47 100644
--- a/src/java_bytecode/java_utils.h
+++ b/src/java_bytecode/java_utils.h
@@ -10,6 +10,7 @@ Author: Daniel Kroening, kroening@kroening.com
 #include <util/type.h>
 #include <util/symbol_table.h>
 #include <util/message.h>
+#include <util/std_expr.h>
 
 #include "java_bytecode_parse_tree.h"
 
@@ -64,4 +65,9 @@ irep_idt resolve_friendly_method_name(
   const symbol_tablet &symbol_table,
   std::string &error);
 
+/// Dereference an expression and flag it for a null-pointer check
+/// \param expr: expression to dereference and check
+/// \param type: expected result type (typically expr.type().subtype())
+dereference_exprt checked_dereference(const exprt &expr, const typet &type);
+
 #endif // CPROVER_JAVA_BYTECODE_JAVA_UTILS_H

From 4fc60e716b01353c3aaa75f5f589748e8fc3ebf4 Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Thu, 27 Jul 2017 10:09:02 +0100
Subject: [PATCH 560/699] Disable default pointer check (replaced by
 java_bytecode_instrument)

Also amend tests that are perturbed by this.

They used to require a specific goal marked as success, but when they become
simple enough that the simplifier solves the problem by itself the goal list is
not printed. Therefore just look for VERIFICATION SUCCESSFUL.

Also modify a test that was looking for a null pointer failure, since the
phrasing of them has changed.
---
 regression/cbmc-java/stack_var4/test.desc        | 2 --
 regression/cbmc-java/stack_var5/test.desc        | 2 --
 regression/cbmc-java/stack_var6/test.desc        | 2 --
 regression/cbmc-java/stack_var7/test.desc        | 2 --
 regression/strings/StaticCharMethods05/test.desc | 2 +-
 src/analyses/goto_check.cpp                      | 2 +-
 6 files changed, 2 insertions(+), 10 deletions(-)

diff --git a/regression/cbmc-java/stack_var4/test.desc b/regression/cbmc-java/stack_var4/test.desc
index 805e44acccd..0f67b9755d8 100644
--- a/regression/cbmc-java/stack_var4/test.desc
+++ b/regression/cbmc-java/stack_var4/test.desc
@@ -3,8 +3,6 @@ stack_test.class
 
 ^EXIT=0$
 ^SIGNAL=0$
-^.*assertion at file stack_test.java line 5 function.*: SUCCESS
-$
 ^VERIFICATION SUCCESSFUL$
 --
 ^warning: ignoring
diff --git a/regression/cbmc-java/stack_var5/test.desc b/regression/cbmc-java/stack_var5/test.desc
index 805e44acccd..0f67b9755d8 100644
--- a/regression/cbmc-java/stack_var5/test.desc
+++ b/regression/cbmc-java/stack_var5/test.desc
@@ -3,8 +3,6 @@ stack_test.class
 
 ^EXIT=0$
 ^SIGNAL=0$
-^.*assertion at file stack_test.java line 5 function.*: SUCCESS
-$
 ^VERIFICATION SUCCESSFUL$
 --
 ^warning: ignoring
diff --git a/regression/cbmc-java/stack_var6/test.desc b/regression/cbmc-java/stack_var6/test.desc
index 805e44acccd..0f67b9755d8 100644
--- a/regression/cbmc-java/stack_var6/test.desc
+++ b/regression/cbmc-java/stack_var6/test.desc
@@ -3,8 +3,6 @@ stack_test.class
 
 ^EXIT=0$
 ^SIGNAL=0$
-^.*assertion at file stack_test.java line 5 function.*: SUCCESS
-$
 ^VERIFICATION SUCCESSFUL$
 --
 ^warning: ignoring
diff --git a/regression/cbmc-java/stack_var7/test.desc b/regression/cbmc-java/stack_var7/test.desc
index 805e44acccd..0f67b9755d8 100644
--- a/regression/cbmc-java/stack_var7/test.desc
+++ b/regression/cbmc-java/stack_var7/test.desc
@@ -3,8 +3,6 @@ stack_test.class
 
 ^EXIT=0$
 ^SIGNAL=0$
-^.*assertion at file stack_test.java line 5 function.*: SUCCESS
-$
 ^VERIFICATION SUCCESSFUL$
 --
 ^warning: ignoring
diff --git a/regression/strings/StaticCharMethods05/test.desc b/regression/strings/StaticCharMethods05/test.desc
index 88156354781..f8abd67fc57 100644
--- a/regression/strings/StaticCharMethods05/test.desc
+++ b/regression/strings/StaticCharMethods05/test.desc
@@ -3,7 +3,7 @@ StaticCharMethods05.class
 --refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
-^\[pointer_dereference\.2\] reference is null in \*this->data: FAILURE$
+null-pointer-exception\.14\] Throw null: FAILURE
 ^\[.*assertion\.1\] .* line 12 .* FAILURE$
 ^\[.*assertion\.2\] .* line 22 .* FAILURE$
 ^VERIFICATION FAILED$
diff --git a/src/analyses/goto_check.cpp b/src/analyses/goto_check.cpp
index 26e1297256d..4ab7d399117 100644
--- a/src/analyses/goto_check.cpp
+++ b/src/analyses/goto_check.cpp
@@ -909,7 +909,7 @@ void goto_checkt::pointer_validity_check(
   const exprt &access_ub,
   const irep_idt &mode)
 {
-  if(mode!=ID_java && !enable_pointer_check)
+  if(!enable_pointer_check)
     return;
 
   const exprt &pointer=expr.op0();

From 1b476894ecabf1a102cd1cb7f094832eaf24dbe8 Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Fri, 11 Aug 2017 11:30:31 +0100
Subject: [PATCH 561/699] Improve documentation and omit two unused parameters

No functional changes intended here.
---
 .../java_bytecode_instrument.cpp              | 61 +++++++------------
 src/java_bytecode/java_bytecode_instrument.h  | 10 +--
 src/java_bytecode/java_bytecode_language.cpp  | 10 +--
 3 files changed, 27 insertions(+), 54 deletions(-)

diff --git a/src/java_bytecode/java_bytecode_instrument.cpp b/src/java_bytecode/java_bytecode_instrument.cpp
index 8d2644fb737..773d6e92b84 100644
--- a/src/java_bytecode/java_bytecode_instrument.cpp
+++ b/src/java_bytecode/java_bytecode_instrument.cpp
@@ -29,15 +29,11 @@ class java_bytecode_instrumentt:public messaget
   java_bytecode_instrumentt(
     symbol_tablet &_symbol_table,
     const bool _throw_runtime_exceptions,
-    message_handlert &_message_handler,
-    const size_t _max_array_length,
-    const size_t _max_tree_depth):
+    message_handlert &_message_handler):
     messaget(_message_handler),
     symbol_table(_symbol_table),
     throw_runtime_exceptions(_throw_runtime_exceptions),
-    message_handler(_message_handler),
-    max_array_length(_max_array_length),
-    max_tree_depth(_max_tree_depth)
+    message_handler(_message_handler)
     {
     }
 
@@ -47,8 +43,6 @@ class java_bytecode_instrumentt:public messaget
   symbol_tablet &symbol_table;
   const bool throw_runtime_exceptions;
   message_handlert &message_handler;
-  const size_t max_array_length;
-  const size_t max_tree_depth;
 
   codet throw_exception(
     const exprt &cond,
@@ -570,28 +564,23 @@ void java_bytecode_instrumentt::operator()(exprt &expr)
 /// runtime exceptions or corresponding assertions.
 /// Exceptions are thrown when the `throw_runtime_exceptions` flag is set.
 /// Otherwise, assertions are emitted.
-/// \par parameters: `symbol_table`: global symbol table (may gain exception type
-///   stubs and similar)
-/// `symbol`: the symbol to instrument
-/// `throw_runtime_exceptions`: flag determining whether we instrument the code
-/// with runtime exceptions or with assertions. The former applies if this flag
-/// is set to true.
-/// `max_array_length`: maximum array length; the only reason we need this is
-/// in order to be able to call the object factory to create exceptions.
-void java_bytecode_instrument(
+/// \param symbol_table: global symbol table (may gain exception type stubs and
+///   similar)
+/// \param symbol: the symbol to instrument
+/// \param throw_runtime_exceptions: flag determining whether we instrument the
+///   code with runtime exceptions or with assertions. The former applies if
+///   this flag is set to true.
+/// \param message_handler: stream to report status and warnings
+void java_bytecode_instrument_symbol(
   symbol_tablet &symbol_table,
   symbolt &symbol,
   const bool throw_runtime_exceptions,
-  message_handlert &message_handler,
-  const size_t max_array_length,
-  const size_t max_tree_depth)
+  message_handlert &message_handler)
 {
   java_bytecode_instrumentt instrument(
     symbol_table,
     throw_runtime_exceptions,
-    message_handler,
-    max_array_length,
-    max_tree_depth);
+    message_handler);
   INVARIANT(
     symbol.value.id()==ID_code,
     "java_bytecode_instrument expects a code-typed symbol");
@@ -602,25 +591,21 @@ void java_bytecode_instrument(
 /// runtime exceptions or corresponding assertions.
 /// Exceptions are thrown when the `throw_runtime_exceptions` flag is set.
 /// Otherwise, assertions are emitted.
-/// \par parameters: `symbol_table`: the symbol table to instrument
-/// `throw_runtime_exceptions`: flag determining whether we instrument the code
-/// with runtime exceptions or with assertions. The former applies if this flag
-/// is set to true.
-/// `max_array_length`: maximum array length; the only reason we need this is
-/// in order to be able to call the object factory to create exceptions.
+/// \param symbol_table: global symbol table, all of whose code members
+///   will be annotated (may gain exception type stubs and similar)
+/// \param throw_runtime_exceptions: flag determining whether we instrument the
+///   code with runtime exceptions or with assertions. The former applies if
+///   this flag is set to true.
+/// \param message_handler: stream to report status and warnings
 void java_bytecode_instrument(
   symbol_tablet &symbol_table,
   const bool throw_runtime_exceptions,
-  message_handlert &message_handler,
-  const size_t max_array_length,
-  const size_t max_tree_depth)
+  message_handlert &message_handler)
 {
   java_bytecode_instrumentt instrument(
     symbol_table,
     throw_runtime_exceptions,
-    message_handler,
-    max_array_length,
-    max_tree_depth);
+    message_handler);
 
   std::vector<irep_idt> symbols_to_instrument;
   forall_symbols(s_it, symbol_table.symbols)
@@ -632,9 +617,5 @@ void java_bytecode_instrument(
   // instrument(...) can add symbols to the table, so it's
   // not safe to hold a reference to a symbol across a call.
   for(const auto &symbol : symbols_to_instrument)
-  {
-    exprt value=symbol_table.lookup(symbol).value;
-    instrument(value);
-    symbol_table.lookup(symbol).value=value;
-  }
+    instrument(symbol_table.lookup(symbol).value);
 }
diff --git a/src/java_bytecode/java_bytecode_instrument.h b/src/java_bytecode/java_bytecode_instrument.h
index a068f9cbd32..d5168a418ea 100644
--- a/src/java_bytecode/java_bytecode_instrument.h
+++ b/src/java_bytecode/java_bytecode_instrument.h
@@ -11,19 +11,15 @@ Date:   June 2017
 #ifndef CPROVER_JAVA_BYTECODE_JAVA_BYTECODE_INSTRUMENT_H
 #define CPROVER_JAVA_BYTECODE_JAVA_BYTECODE_INSTRUMENT_H
 
-void java_bytecode_instrument(
+void java_bytecode_instrument_symbol(
   symbol_tablet &symbol_table,
   symbolt &symbol,
   const bool throw_runtime_exceptions,
-  message_handlert &_message_handler,
-  const size_t max_array_length,
-  const size_t max_depth);
+  message_handlert &_message_handler);
 
 void java_bytecode_instrument(
   symbol_tablet &symbol_table,
   const bool throw_runtime_exceptions,
-  message_handlert &_message_handler,
-  const size_t max_array_length,
-  const size_t max_depth);
+  message_handlert &_message_handler);
 
 #endif
diff --git a/src/java_bytecode/java_bytecode_language.cpp b/src/java_bytecode/java_bytecode_language.cpp
index fb4da2e309f..3abfb654471 100644
--- a/src/java_bytecode/java_bytecode_language.cpp
+++ b/src/java_bytecode/java_bytecode_language.cpp
@@ -459,9 +459,7 @@ bool java_bytecode_languaget::typecheck(
   java_bytecode_instrument(
     symbol_table,
     throw_runtime_exceptions,
-    get_message_handler(),
-    max_nondet_array_length,
-    max_nondet_tree_depth);
+    get_message_handler());
 
   // now typecheck all
   if(java_bytecode_typecheck(
@@ -748,13 +746,11 @@ void java_bytecode_languaget::replace_string_methods(
       symbol.value=generated_code;
       // Specifically instrument the new code, since this comes after the
       // blanket instrumentation pass called before typechecking.
-      java_bytecode_instrument(
+      java_bytecode_instrument_symbol(
         context,
         symbol,
         throw_runtime_exceptions,
-        get_message_handler(),
-        max_nondet_array_length,
-        max_nondet_tree_depth);
+        get_message_handler());
     }
   }
 }

From cd169d6d7c10296f1fbd18560c14d762838d1dc5 Mon Sep 17 00:00:00 2001
From: reuk <reuk@users.noreply.github.com>
Date: Fri, 11 Aug 2017 14:05:37 +0100
Subject: [PATCH 562/699] Add test showing faulty synchronized behaviour

---
 regression/cbmc-java/synchronized/Sync.class | Bin 0 -> 862 bytes
 regression/cbmc-java/synchronized/Sync.java  |  11 +++++++++++
 regression/cbmc-java/synchronized/test.desc  |  10 ++++++++++
 3 files changed, 21 insertions(+)
 create mode 100644 regression/cbmc-java/synchronized/Sync.class
 create mode 100644 regression/cbmc-java/synchronized/Sync.java
 create mode 100644 regression/cbmc-java/synchronized/test.desc

diff --git a/regression/cbmc-java/synchronized/Sync.class b/regression/cbmc-java/synchronized/Sync.class
new file mode 100644
index 0000000000000000000000000000000000000000..0c493d5eea9f875453268fe37345d308064aa1ce
GIT binary patch
literal 862
zcmZuuT~E_s6n@^e+q+L0o5K8>V@w?|*bR3Oqat2y(`1AMyz07U6iZ9m&X2#sAK3LY
zfkYEY<j$Yuh5EdJ)I^%*J>SoH&N)ARefb7p6)PE}P)j3;d5L-kI%*ORB_3t)7!8R9
zfl}QJLpz8Z-wR(jq1kusfq>W*NUl4c6Fm{o8w=Y4#)dzz1*Y1LXLm;jeLL7v$pXc;
zZ<+44892(mbQ;l~6B47{`{-F~tUfRuPhh6;roC^zGh43d4O_h^aJ=D~LKg(8{uAns
zT=%u_c#$1!ez5FA#ZSSQ!H}?}Yfy;cD>5<stNy-iMXbvABGY=?F%QqlNz8I`iAAnL
zAhm9}mvd%%{wT2QmyVh$t%$EEupF|;<&Z{3pd6z=`@6QyAn*f$N*ub5Jh>}GiKQHx
zSQaS6`4>bvR_xl^3;g#N`<;rt8!nH<Ee`C^3GBfY1<n_Z7~rLLF~@VKcz#hRE7H_-
z2sH!WJgpX`piC^DKuoA;xWPAh?&N`~t5hbSfN9D!iYU>eijSFXP}W6zX{YnOc{WC>
z+dNx7{RHg@*{{%dPGFplk?2e&Y^<ncnV)43B{ft?Fu{oGS%KuM)2n(VX{Q;LsIh9E
z)D@R1<281_iCfHLXUt%hQlqzw+l<_yRYBr68|V^uCGPQukhuR7M*g`(g=fZts|BpG
hMt#%8<T2zCq%nq}e}?w|G8A+ITJEV@S(S!{xj%2<s1g7G

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/synchronized/Sync.java b/regression/cbmc-java/synchronized/Sync.java
new file mode 100644
index 00000000000..2f8f91cc2ae
--- /dev/null
+++ b/regression/cbmc-java/synchronized/Sync.java
@@ -0,0 +1,11 @@
+public class Sync {
+  public static void main(String[] args) {
+    final Object o = null;
+    try {
+      synchronized (o) {}
+      assert false;
+    } catch (NullPointerException e) {
+      return;
+    }
+  }
+}
diff --git a/regression/cbmc-java/synchronized/test.desc b/regression/cbmc-java/synchronized/test.desc
new file mode 100644
index 00000000000..7155ff81375
--- /dev/null
+++ b/regression/cbmc-java/synchronized/test.desc
@@ -0,0 +1,10 @@
+KNOWNBUG
+Sync.class
+
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION SUCCESSFUL$
+--
+^warning: ignoring
+--
+See #1236 for details of this test.

From 0e084902f063380839839734e29cbdc7ea955830 Mon Sep 17 00:00:00 2001
From: thk123 <thomas@diffblue.com>
Date: Mon, 31 Jul 2017 17:00:53 +0100
Subject: [PATCH 563/699] Ensure fields are considered in the same way as
 parameters

When collecting what methods to load, if the class was a field we
weren't loading the base classes for a given type (though we would for a
parameter of the same type). Instead both these load methods now go
through the same common method to ensure this isn't missed.

Added a test to demonstrate what didn't work before and works now.
---
 .../lazyloading_inheritance_field/Base.class  | Bin 0 -> 225 bytes
 .../Derived.class                             | Bin 0 -> 218 bytes
 .../lazyloading_inheritance_field/Foo.class   | Bin 0 -> 204 bytes
 .../Middle.class                              | Bin 0 -> 172 bytes
 .../lazyloading_inheritance_field/test.class  | Bin 0 -> 343 bytes
 .../lazyloading_inheritance_field/test.desc   |   7 ++
 .../lazyloading_inheritance_field/test.java   |  27 +++++++
 src/java_bytecode/java_bytecode_language.cpp  |  67 +++++++++++++-----
 8 files changed, 83 insertions(+), 18 deletions(-)
 create mode 100644 regression/cbmc-java/lazyloading_inheritance_field/Base.class
 create mode 100644 regression/cbmc-java/lazyloading_inheritance_field/Derived.class
 create mode 100644 regression/cbmc-java/lazyloading_inheritance_field/Foo.class
 create mode 100644 regression/cbmc-java/lazyloading_inheritance_field/Middle.class
 create mode 100644 regression/cbmc-java/lazyloading_inheritance_field/test.class
 create mode 100644 regression/cbmc-java/lazyloading_inheritance_field/test.desc
 create mode 100644 regression/cbmc-java/lazyloading_inheritance_field/test.java

diff --git a/regression/cbmc-java/lazyloading_inheritance_field/Base.class b/regression/cbmc-java/lazyloading_inheritance_field/Base.class
new file mode 100644
index 0000000000000000000000000000000000000000..ed06e4a70d8e1928a8ef868954670cc9380c88cf
GIT binary patch
literal 225
zcmX^0Z`VEs1_l!bJ}w4k25xo+9(D#^Mg}&U%)HDJJ4Oa(4b3n{1{UZ1lvG9rexJ;|
zRKL>Pq|~C2#H1Xc2xA%}16Oc<X;E^jTP8?=vm~{+L@z6`ERlzSg@F~Q)hV$UC@ugJ
z($7iEOV{^L%1TWxVNhUT0@?@yOh61&%K)?%$dU!pj6j-IYdZtuMj(TcfgMP)fdxSl
X9B`$QU|FCFbY;vy#hgG%CI&75Ib0yF

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/lazyloading_inheritance_field/Derived.class b/regression/cbmc-java/lazyloading_inheritance_field/Derived.class
new file mode 100644
index 0000000000000000000000000000000000000000..d9a3dc3776a824591c47a43a89dad0881883116f
GIT binary patch
literal 218
zcmZ9Fy$ZrW5QJy*YtE>(g<z=`R+eI;SgDO-pLi>r!~|lJ_p%Z!d;lLx+@!GZ;BJPQ
zZ};Ax=L^6LT?HF$AEA#9!JC`Z6bphq8XpPHGSf`xZA{9$@)~n~h~h*NIuq1BEAtbt
zO&tUU--_uas-h4MT!O#i+*GV(=hkSQFov+?tNK`S1%h<q2BIYDP9C7U7#Wt=YeFTi
S^+WqjE5tt*3LHpjL45&!LmpQE

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/lazyloading_inheritance_field/Foo.class b/regression/cbmc-java/lazyloading_inheritance_field/Foo.class
new file mode 100644
index 0000000000000000000000000000000000000000..92c6645929a678db7a6f167b4980fa60cb3fd7e9
GIT binary patch
literal 204
zcmW-axeCHi6h!A{PmIPN5G>WgG<J%OkjkY{?6W-Ng)9(X{4XoP!VmDH#G5p8@0nqk
z@9+HqutMNLhi_wOV?>~m;Oq}F%L=h3SQ}YMwI%4Y`ITVo>P!%Vy{yEsEfdjP;-p~5
zJJ)TKib!_gDsflKJbuJJEZAI*>Y6a_oUn+iTX;%xkt$4~@ixG-Fkto{x(c(yH0cw-
UT)aTfK6Y6xwt;}v<Evrt2Ng0RbN~PV

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/lazyloading_inheritance_field/Middle.class b/regression/cbmc-java/lazyloading_inheritance_field/Middle.class
new file mode 100644
index 0000000000000000000000000000000000000000..7e66e35d9ab4f708da52a27ced1b47e92c90fc19
GIT binary patch
literal 172
zcmX^0Z`VEs1_l!bUM>b^1}=66ZgvJ9Mg}&U%)HDJJ4Oa(4b3n{1{UZ1lvG9rexJ;|
zRKL>Pq|~C2#H1Xc2v=}^X;E^jTPBFZS&~{@qL-CemdL}v!oUhN#Wyo01ti1blvtd~
upuoTcv;zbfff%R)NV5T1vOpRn!m72MfpH^PnjJ{8fdxS%2aw0azzG1|wi})R

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/lazyloading_inheritance_field/test.class b/regression/cbmc-java/lazyloading_inheritance_field/test.class
new file mode 100644
index 0000000000000000000000000000000000000000..80bef3aa5b71a252aecb43f54aaaac438da040da
GIT binary patch
literal 343
zcmXX?yH3ME5S+6eUt*khAR!V3U2s7fx<oWcsT?SR=+E|n92^@3hyOxCAW=}J;G+<8
zhAVbvcV~9*?)&HS3%~`&9%^Ve&_UNj4}A$wVj$qo(>yIN1?<V$oq%&yBwC;yrn$b}
zZ6dwBRZ+%@Q|jkZpgsu~MKLqd=BiZj<5E5SE4)>)+s1m48hOLW&)4cj`EVg64t*S9
zC^7PJ3@Okty=kWMhv`kU)-h+>oGc(V+!8L+B+2xQ_xoe4-{TYxA7PFKb|4w+%ua}c
zSPMQNUP-v0(XEODat{aOMmi@NX+PMb8@$2V!!z&>+Ze6N*n&+yq-n&j8pCI1L-gou
HR-)D~D?>Gg

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/lazyloading_inheritance_field/test.desc b/regression/cbmc-java/lazyloading_inheritance_field/test.desc
new file mode 100644
index 00000000000..c39c5e62349
--- /dev/null
+++ b/regression/cbmc-java/lazyloading_inheritance_field/test.desc
@@ -0,0 +1,7 @@
+CORE
+test.class
+--lazy-methods --verbosity 10 --function test.test
+^EXIT=0$
+^SIGNAL=0$
+elaborate java::Base\.f:\(\)V
+--
diff --git a/regression/cbmc-java/lazyloading_inheritance_field/test.java b/regression/cbmc-java/lazyloading_inheritance_field/test.java
new file mode 100644
index 00000000000..52f46dcc4bd
--- /dev/null
+++ b/regression/cbmc-java/lazyloading_inheritance_field/test.java
@@ -0,0 +1,27 @@
+class Base
+{
+  void f() { }
+}
+
+class Middle extends Base
+{
+}
+
+class Derived extends Middle
+{
+  void f() { }
+}
+
+class Foo
+{
+  public Middle m;
+}
+
+public class test {
+
+  public static void test(Foo foo) {
+    if(foo != null && foo.m != null) {
+      foo.m.f();
+    }
+  }
+}
diff --git a/src/java_bytecode/java_bytecode_language.cpp b/src/java_bytecode/java_bytecode_language.cpp
index 3abfb654471..78957375928 100644
--- a/src/java_bytecode/java_bytecode_language.cpp
+++ b/src/java_bytecode/java_bytecode_language.cpp
@@ -330,6 +330,12 @@ static void gather_needed_globals(
       gather_needed_globals(*opit, symbol_table, needed);
 }
 
+static void initialize_needed_classes_from_pointer(
+  const pointer_typet &pointer_type,
+  const namespacet &ns,
+  const class_hierarchyt &ch,
+  ci_lazy_methodst &lazy_methods);
+
 /// See output
 /// \par parameters: `class_type`: root of class tree to search
 /// `ns`: global namespace
@@ -340,32 +346,62 @@ static void gather_needed_globals(
 static void gather_field_types(
   const typet &class_type,
   const namespacet &ns,
+  const class_hierarchyt &ch,
   ci_lazy_methodst &lazy_methods)
 {
   const auto &underlying_type=to_struct_type(ns.follow(class_type));
   for(const auto &field : underlying_type.components())
   {
     if(field.type().id()==ID_struct || field.type().id()==ID_symbol)
-      gather_field_types(field.type(), ns, lazy_methods);
+      gather_field_types(field.type(), ns, ch, lazy_methods);
     else if(field.type().id()==ID_pointer)
     {
       // Skip array primitive pointers, for example:
       if(field.type().subtype().id()!=ID_symbol)
         continue;
-      const auto &field_classid=
-        to_symbol_type(field.type().subtype()).get_identifier();
-      if(lazy_methods.add_needed_class(field_classid))
-        gather_field_types(field.type().subtype(), ns, lazy_methods);
+      initialize_needed_classes_from_pointer(
+        to_pointer_type(field.type()), ns, ch, lazy_methods);
     }
   }
 }
 
-/// See output
-/// \par parameters: `entry_points`: list of fully-qualified function names that
+/// Build up list of methods for types for a specific pointer type. See
+/// `initialize_needed_classes` for more details.
+/// \param pointer_type: The type to gather methods for.
+/// \param ns: global namespace
+/// \param ch: global class hierarchy
+/// \param [out] lazy_methods: Populated with all Java reference types whose
+///   references may be passed, directly or indirectly, to any of the functions
+///   in `entry_points
+static void initialize_needed_classes_from_pointer(
+  const pointer_typet &pointer_type,
+  const namespacet &ns,
+  const class_hierarchyt &ch,
+  ci_lazy_methodst &lazy_methods)
+{
+  const symbol_typet &class_type=to_symbol_type(pointer_type.subtype());
+  const auto &param_classid=class_type.get_identifier();
+  std::vector<irep_idt> class_and_parents=
+    ch.get_parents_trans(param_classid);
+
+  class_and_parents.push_back(param_classid);
+
+  for(const auto &classid : class_and_parents)
+    lazy_methods.add_needed_class(classid);
+
+  gather_field_types(
+    pointer_type.subtype(), ns, ch, lazy_methods);
+}
+
+/// Build up a list of methods whose type may be passed around reachable
+/// from the entry point.
+/// \param entry_points: list of fully-qualified function names that
 ///   we should assume are reachable
-/// `ns`: global namespace
-/// `ch`: global class hierarchy
-/// \return Populates `lazy_methods` with all Java reference types whose
+/// \param ns: global namespace
+/// \param ch: global class hierarchy
+/// \param pointer_type_selector: The pointer_type_selector used to find out
+///   what other classes may be used for pointers
+/// \param [out] lazy_methods: Populated with all Java reference types whose
 ///   references may be passed, directly or indirectly, to any of the functions
 ///   in `entry_points`.
 static void initialize_needed_classes(
@@ -382,14 +418,9 @@ static void initialize_needed_classes(
     {
       if(param.type().id()==ID_pointer)
       {
-        const auto &param_classid=
-          to_symbol_type(param.type().subtype()).get_identifier();
-        std::vector<irep_idt> class_and_parents=
-          ch.get_parents_trans(param_classid);
-        class_and_parents.push_back(param_classid);
-        for(const auto &classid : class_and_parents)
-          lazy_methods.add_needed_class(classid);
-        gather_field_types(param.type().subtype(), ns, lazy_methods);
+        const pointer_typet &original_pointer=to_pointer_type(param.type());
+        initialize_needed_classes_from_pointer(
+          original_pointer, ns, ch, lazy_methods);
       }
     }
   }

From a029094d290d32b6237f7187ae81d7f7dca2fa66 Mon Sep 17 00:00:00 2001
From: Vlastimil Zeman <vlastimil.zeman@diffblue.com>
Date: Mon, 14 Aug 2017 14:09:56 +0100
Subject: [PATCH 564/699] Split jobs to two stages in Travis

1. Linter + Doxygen + non-debug Ubuntu/gcc-5 test - linting, documentation
and build on standard OS with standard compilator with non-debug flags.
This will fail fast in case of trivial error and do not waste Travis
resources.
2. Test different OS/CXX/Flags - rest of combinations we support. This
stage will start only if first one will pass.
---
 .travis.yml | 93 ++++++++++++++++++++++++++++-------------------------
 1 file changed, 50 insertions(+), 43 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index 1145190171c..60abdae5d25 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,10 +1,47 @@
 language: cpp
 
-matrix:
+jobs:
   include:
 
+    - &linter-stage
+      stage: Linter + Doxygen + non-debug Ubuntu/gcc-5 test
+      env: NAME="CPP-LINT"
+      install:
+      script: scripts/travis_lint.sh
+      before_cache:
+
+    - stage: Linter + Doxygen + non-debug Ubuntu/gcc-5 test
+      env: NAME="DOXYGEN-CHECK"
+      addons:
+        apt:
+          packages:
+            - doxygen
+      install:
+      script: scripts/travis_doxygen.sh
+      before_cache:
+
+    # Ubuntu Linux with glibc using g++-5
+    - stage: Linter + Doxygen + non-debug Ubuntu/gcc-5 test
+      os: linux
+      sudo: false
+      compiler: gcc
+      cache: ccache
+      addons:
+        apt:
+          sources:
+            - ubuntu-toolchain-r-test
+          packages:
+            - libwww-perl
+            - g++-5
+            - libubsan0
+      before_install:
+        - mkdir bin ; ln -s /usr/bin/gcc-5 bin/gcc
+      # env: COMPILER=g++-5 SAN_FLAGS="-fsanitize=undefined -fno-sanitize-recover -fno-omit-frame-pointer"
+      env: COMPILER="g++-5"
+
     # Alpine Linux with musl-libc using g++
-    - os: linux
+    - stage: Test different OS/CXX/Flags
+      os: linux
       sudo: required
       compiler: gcc
       cache: ccache
@@ -17,7 +54,8 @@ matrix:
         - COMPILER="ccache g++"
 
     # OS X using g++
-    - os: osx
+    - stage: Test different OS/CXX/Flags
+      os: osx
       sudo: false
       compiler: gcc
       cache: ccache
@@ -30,7 +68,8 @@ matrix:
       env: COMPILER=g++
 
     # OS X using clang++
-    - os: osx
+    - stage: Test different OS/CXX/Flags
+      os: osx
       sudo: false
       compiler: clang
       cache: ccache
@@ -42,26 +81,9 @@ matrix:
         - COMPILER="ccache clang++ -Qunused-arguments -fcolor-diagnostics"
         - CCACHE_CPP2=yes
 
-    # Ubuntu Linux with glibc using g++-5
-    - os: linux
-      sudo: false
-      compiler: gcc
-      cache: ccache
-      addons:
-        apt:
-          sources:
-            - ubuntu-toolchain-r-test
-          packages:
-            - libwww-perl
-            - g++-5
-            - libubsan0
-      before_install:
-        - mkdir bin ; ln -s /usr/bin/gcc-5 bin/gcc
-      # env: COMPILER=g++-5 SAN_FLAGS="-fsanitize=undefined -fno-sanitize-recover -fno-omit-frame-pointer"
-      env: COMPILER="g++-5"
-
     # Ubuntu Linux with glibc using g++-5, debug mode
-    - os: linux
+    - stage: Test different OS/CXX/Flags
+      os: linux
       sudo: false
       compiler: gcc
       cache: ccache
@@ -82,7 +104,8 @@ matrix:
       script: echo "Not running any tests for a debug build."
 
     # Ubuntu Linux with glibc using clang++-3.7
-    - os: linux
+    - stage: Test different OS/CXX/Flags
+      os: linux
       sudo: false
       compiler: clang
       cache: ccache
@@ -105,7 +128,8 @@ matrix:
         - CCACHE_CPP2=yes
 
     # Ubuntu Linux with glibc using clang++-3.7, debug mode
-    - os: linux
+    - stage: Test different OS/CXX/Flags
+      os: linux
       sudo: false
       compiler: clang
       cache: ccache
@@ -129,25 +153,8 @@ matrix:
         - EXTRA_CXXFLAGS="-DDEBUG"
       script: echo "Not running any tests for a debug build."
 
-    - env: NAME="CPP-LINT"
-      install:
-      script: scripts/travis_lint.sh
-      before_cache:
-
-    - env: NAME="DOXYGEN-CHECK"
-      addons:
-        apt:
-          packages:
-            - doxygen
-      install:
-      script: scripts/travis_doxygen.sh
-      before_cache:
-
   allow_failures:
-    - env: NAME="CPP-LINT"
-      install:
-      script: scripts/travis_lint.sh
-      before_cache:
+    - <<: *linter-stage
 
 install:
   - COMMAND="make -C src minisat2-download" &&

From 5bc3118e9d578e5fb8c06ded34145eb24953040b Mon Sep 17 00:00:00 2001
From: thk123 <thomas@diffblue.com>
Date: Thu, 10 Aug 2017 15:24:11 +0100
Subject: [PATCH 565/699] Refactored some lazy methods code into a separte file

---
 src/java_bytecode/Makefile                   |   1 +
 src/java_bytecode/gather_methods_lazily.cpp  | 499 +++++++++++++++++++
 src/java_bytecode/gather_methods_lazily.h    | 103 ++++
 src/java_bytecode/java_bytecode_language.cpp | 479 +-----------------
 4 files changed, 625 insertions(+), 457 deletions(-)
 create mode 100644 src/java_bytecode/gather_methods_lazily.cpp
 create mode 100644 src/java_bytecode/gather_methods_lazily.h

diff --git a/src/java_bytecode/Makefile b/src/java_bytecode/Makefile
index f96913f967f..65433223bb2 100644
--- a/src/java_bytecode/Makefile
+++ b/src/java_bytecode/Makefile
@@ -2,6 +2,7 @@ SRC = bytecode_info.cpp \
       character_refine_preprocess.cpp \
       ci_lazy_methods.cpp \
       expr2java.cpp \
+      gather_methods_lazily.cpp \
       jar_file.cpp \
       java_bytecode_convert_class.cpp \
       java_bytecode_convert_method.cpp \
diff --git a/src/java_bytecode/gather_methods_lazily.cpp b/src/java_bytecode/gather_methods_lazily.cpp
new file mode 100644
index 00000000000..4afea4b5ee2
--- /dev/null
+++ b/src/java_bytecode/gather_methods_lazily.cpp
@@ -0,0 +1,499 @@
+/*******************************************************************\
+
+ Module: Java Bytecode
+
+ Author: DiffBlue Limited. All rights reserved.
+
+\*******************************************************************/
+#include "gather_methods_lazily.h"
+
+
+#include <java_bytecode/java_entry_point.h>
+#include <java_bytecode/java_class_loader.h>
+#include <java_bytecode/java_utils.h>
+#include <util/safe_pointer.h>
+#include <util/suffix.h>
+#include <java_bytecode/java_string_library_preprocess.h>
+
+
+gather_methods_lazilyt::gather_methods_lazilyt(
+  const symbol_tablet &symbol_table,
+  const irep_idt &main_class,
+  const std::vector<irep_idt> &main_jar_classes,
+  const std::vector<irep_idt> &lazy_methods_extra_entry_points,
+  java_class_loadert &java_class_loader,
+  message_handlert &message_handler):
+    messaget(message_handler),
+    main_class(main_class),
+    main_jar_classes(main_jar_classes),
+    lazy_methods_extra_entry_points(lazy_methods_extra_entry_points),
+    java_class_loader(java_class_loader)
+{
+  // build the class hierarclass_hierarchyy
+  class_hierarchy(symbol_table);
+}
+
+/// Uses a simple context-insensitive ('ci') analysis to determine which methods
+/// may be reachable from the main entry point. In brief, static methods are
+/// reachable if we find a callsite in another reachable site, while virtual
+/// methods are reachable if we find a virtual callsite targeting a compatible
+/// type *and* a constructor callsite indicating an object of that type may be
+/// instantiated (or evidence that an object of that type exists before the main
+/// function is entered, such as being passed as a parameter).
+/// Elaborates lazily-converted methods that may be reachable starting
+/// from the main entry point (usually provided with the --function command-
+/// line option
+/// \param symbol_table: global symbol table
+/// \param [out] lazy_methods: map from method names to relevant symbol and
+///   parsed-method objects.
+/// \return Returns false on success
+bool gather_methods_lazilyt::operator()(
+  symbol_tablet &symbol_table,
+  lazy_methodst &lazy_methods,
+  std::function<void(
+    const symbolt &,
+    const java_bytecode_parse_treet::methodt &,
+    ci_lazy_methodst)> method_converter)
+{
+  std::vector<irep_idt> method_worklist1;
+  std::vector<irep_idt> method_worklist2;
+
+  auto main_function=
+    get_main_symbol(symbol_table, main_class, get_message_handler(), true);
+  if(main_function.stop_convert)
+  {
+    // Failed, mark all functions in the given main class(es) reaclass_hierarchyable.
+    std::vector<irep_idt> reaclass_hierarchyable_classes;
+    if(!main_class.empty())
+      reaclass_hierarchyable_classes.push_back(main_class);
+    else
+      reaclass_hierarchyable_classes=main_jar_classes;
+    for(const auto &classname : reaclass_hierarchyable_classes)
+    {
+      const auto &methods=
+        java_class_loader.class_map.at(classname).parsed_class.methods;
+      for(const auto &method : methods)
+      {
+        const irep_idt methodid="java::"+id2string(classname)+"."+
+          id2string(method.name)+":"+
+          id2string(method.signature);
+        method_worklist2.push_back(methodid);
+      }
+    }
+  }
+  else
+    method_worklist2.push_back(main_function.main_function.name);
+
+  // Add any extra entry points specified; we should elaborate these in the
+  // same way as the main function.
+  std::vector<irep_idt> extra_entry_points=lazy_methods_extra_entry_points;
+  resolve_method_names(extra_entry_points, symbol_table);
+  method_worklist2.insert(
+    method_worklist2.begin(),
+    extra_entry_points.begin(),
+    extra_entry_points.end());
+
+  std::set<irep_idt> needed_classes;
+
+  {
+    std::vector<irep_idt> needed_clinits;
+    ci_lazy_methodst initial_lazy_methods(
+      needed_clinits,
+      needed_classes,
+      symbol_table);
+    initialize_needed_classes(
+      method_worklist2,
+      namespacet(symbol_table),
+      initial_lazy_methods);
+    method_worklist2.insert(
+      method_worklist2.end(),
+      needed_clinits.begin(),
+      needed_clinits.end());
+  }
+
+  std::set<irep_idt> methods_already_populated;
+  std::vector<const code_function_callt *> virtual_callsites;
+
+  bool any_new_methods;
+  do
+  {
+    any_new_methods=false;
+    while(!method_worklist2.empty())
+    {
+      std::swap(method_worklist1, method_worklist2);
+      for(const auto &mname : method_worklist1)
+      {
+        if(!methods_already_populated.insert(mname).second)
+          continue;
+        auto findit=lazy_methods.find(mname);
+        if(findit==lazy_methods.end())
+        {
+          debug() << "Skip " << mname << eom;
+          continue;
+        }
+        debug() << "CI lazy methods: elaborate " << mname << eom;
+        const auto &parsed_method=findit->second;
+        // Note this wraps *references* to method_worklist2, needed_classes:
+        ci_lazy_methodst new_lazy_methods(
+          method_worklist2,
+          needed_classes,
+          symbol_table);
+        method_converter(
+          *parsed_method.first, *parsed_method.second, new_lazy_methods);
+        gather_virtual_callsites(
+          symbol_table.lookup(mname).value,
+          virtual_callsites);
+        any_new_methods=true;
+      }
+      method_worklist1.clear();
+    }
+
+    // Given the object types we now know may be created, populate more
+    // possible virtual function call targets:
+
+    debug() << "CI lazy methods: add virtual method targets ("
+            << virtual_callsites.size()
+            << " callsites)"
+            << eom;
+
+    for(const auto &callsite : virtual_callsites)
+    {
+      // This will also create a stub if a virtual callsite has no targets.
+      get_virtual_method_targets(
+        *callsite,
+        needed_classes,
+        method_worklist2,
+        symbol_table);
+    }
+  }
+  while(any_new_methods);
+
+  // Remove symbols for methods that were declared but never used:
+  symbol_tablet keep_symbols;
+
+  for(const auto &sym : symbol_table.symbols)
+  {
+    if(sym.second.is_static_lifetime)
+      continue;
+    if(lazy_methods.count(sym.first) &&
+       !methods_already_populated.count(sym.first))
+    {
+      continue;
+    }
+    if(sym.second.type.id()==ID_code)
+      gather_needed_globals(sym.second.value, symbol_table, keep_symbols);
+    keep_symbols.add(sym.second);
+  }
+
+  debug() << "CI lazy methods: removed "
+          << symbol_table.symbols.size() - keep_symbols.symbols.size()
+          << " unreaclass_hierarchyable methods and globals"
+          << eom;
+
+  symbol_table.swap(keep_symbols);
+
+  return false;
+}
+
+/// Translates the given list of method names from human-readable to
+/// internal syntax.
+/// Expands any wildcards (entries ending in '.*') in the given method
+/// list to include all non-static methods defined on the given class.
+/// \param [in, out] methods: List of methods to expand. Any wildcard entries
+///   will be deleted and the expanded entries appended to the end.
+/// \param symbol_table: global symbol table
+void gather_methods_lazilyt::resolve_method_names(
+  std::vector<irep_idt> &methods,
+  const symbol_tablet &symbol_table)
+{
+  std::vector<irep_idt> new_methods;
+  for(const irep_idt &method : methods)
+  {
+    const std::string &method_str=id2string(method);
+    if(!has_suffix(method_str, ".*"))
+    {
+      std::string error_message;
+      irep_idt internal_name=
+        resolve_friendly_method_name(
+          method_str,
+          symbol_table,
+          error_message);
+      if(internal_name==irep_idt())
+        throw "entry point "+error_message;
+      new_methods.push_back(internal_name);
+    }
+    else
+    {
+      irep_idt classname="java::"+method_str.substr(0, method_str.length()-2);
+      if(!symbol_table.has_symbol(classname))
+        throw "wildcard entry point '"+method_str+"': unknown class";
+
+      for(const auto &name_symbol : symbol_table.symbols)
+      {
+        if(name_symbol.second.type.id()!=ID_code)
+          continue;
+        if(!to_code_type(name_symbol.second.type).has_this())
+          continue;
+        if(has_prefix(id2string(name_symbol.first), id2string(classname)))
+          new_methods.push_back(name_symbol.first);
+      }
+    }
+  }
+
+  methods=std::move(new_methods);
+}
+
+/// Build up a list of methods whose type may be passed around reachable
+/// from the entry point.
+/// \param entry_points: list of fully-qualified function names that
+///   we should assume are reachable
+/// \param ns: global namespace
+/// \param ch: global class hierarchy
+/// \param pointer_type_selector: The pointer_type_selector used to find out
+///   what other classes may be used for pointers
+/// \param [out] lazy_methods: Populated with all Java reference types whose
+///   references may be passed, directly or indirectly, to any of the functions
+///   in `entry_points`.
+void gather_methods_lazilyt::initialize_needed_classes(
+  const std::vector<irep_idt> &entry_points,
+  const namespacet &ns,
+  ci_lazy_methodst &lazy_methods)
+{
+  for(const auto &mname : entry_points)
+  {
+    const auto &symbol=ns.lookup(mname);
+    const auto &mtype=to_code_type(symbol.type);
+    for(const auto &param : mtype.parameters())
+    {
+      if(param.type().id()==ID_pointer)
+      {
+        const pointer_typet &original_pointer=to_pointer_type(param.type());
+        initialize_needed_classes_from_pointer(
+          original_pointer, ns, lazy_methods);
+      }
+    }
+  }
+
+  // Also add classes whose instances are magically
+  // created by the JVM and so won't be spotted by
+  // looking for constructors and calls as usual:
+  lazy_methods.add_needed_class("java::java.lang.String");
+  lazy_methods.add_needed_class("java::java.lang.Class");
+  lazy_methods.add_needed_class("java::java.lang.Object");
+}
+
+/// Build up list of methods for types for a specific pointer type. See
+/// `initialize_needed_classes` for more details.
+/// \param pointer_type: The type to gather methods for.
+/// \param ns: global namespace
+/// \param ch: global class hierarchy
+/// \param [out] lazy_methods: Populated with all Java reference types whose
+///   references may be passed, directly or indirectly, to any of the functions
+///   in `entry_points
+void gather_methods_lazilyt::initialize_needed_classes_from_pointer(
+  const pointer_typet &pointer_type,
+  const namespacet &ns,
+  ci_lazy_methodst &lazy_methods)
+{
+  const symbol_typet &class_type=to_symbol_type(pointer_type.subtype());
+  const auto &param_classid=class_type.get_identifier();
+  std::vector<irep_idt> class_and_parents=
+    class_hierarchy.get_parents_trans(param_classid);
+
+  class_and_parents.push_back(param_classid);
+
+  for(const auto &classid : class_and_parents)
+    lazy_methods.add_needed_class(classid);
+
+  gather_field_types(pointer_type.subtype(), ns, lazy_methods);
+}
+
+/// Get places where virtual functions are called.
+/// \param e: expression tree to search
+/// \param [out] results: filled with pointers to each function call within
+///   e that calls a virtual function.
+void gather_methods_lazilyt::gather_virtual_callsites(
+  const exprt &e,
+  std::vector<const code_function_callt *> &result)
+{
+  if(e.id()!=ID_code)
+    return;
+  const codet &c=to_code(e);
+  if(c.get_statement()==ID_function_call &&
+     to_code_function_call(c).function().id()==ID_virtual_function)
+  {
+    result.push_back(&to_code_function_call(c));
+  }
+  else
+  {
+    for(const exprt &op : e.operands())
+      gather_virtual_callsites(op, result);
+  }
+}
+
+/// Find possible callees, excluding types that are not known to be
+/// instantiated.
+/// \param c: function call whose potential target functions should
+///   be determined.
+/// \param needed_classes: set of classes that can be instantiated. Any potential
+///   callee not in this set will be ignored.
+/// \param symbol_table: global symbol table
+/// \param [out] needed_methods: Populated with all possible `c` callees, taking
+///   `needed_classes` into account (virtual function overrides defined on
+///   classes that are not 'needed' are ignored)
+void gather_methods_lazilyt::get_virtual_method_targets(
+  const code_function_callt &c,
+  const std::set<irep_idt> &needed_classes,
+  std::vector<irep_idt> &needed_methods,
+  symbol_tablet &symbol_table)
+{
+  const auto &called_function=c.function();
+  assert(called_function.id()==ID_virtual_function);
+
+  const auto &call_class=called_function.get(ID_C_class);
+  assert(!call_class.empty());
+  const auto &call_basename=called_function.get(ID_component_name);
+  assert(!call_basename.empty());
+
+  auto old_size=needed_methods.size();
+
+  auto child_classes=class_hierarchy.get_children_trans(call_class);
+  for(const auto &child_class : child_classes)
+  {
+    auto child_method=
+      get_virtual_method_target(
+        needed_classes,
+        call_basename,
+        child_class,
+        symbol_table);
+    if(!child_method.empty())
+      needed_methods.push_back(child_method);
+  }
+
+  irep_idt parent_class_id=call_class;
+  while(1)
+  {
+    auto parent_method=
+      get_virtual_method_target(
+        needed_classes,
+        call_basename,
+        parent_class_id,
+        symbol_table);
+    if(!parent_method.empty())
+    {
+      needed_methods.push_back(parent_method);
+      break;
+    }
+    else
+    {
+      auto findit=class_hierarchy.class_map.find(parent_class_id);
+      if(findit==class_hierarchy.class_map.end())
+        break;
+      else
+      {
+        const auto &entry=findit->second;
+        if(entry.parents.empty())
+          break;
+        else
+          parent_class_id=entry.parents[0];
+      }
+    }
+  }
+
+  if(needed_methods.size()==old_size)
+  {
+    // Didn't find any candidate callee. Generate a stub.
+    std::string stubname=id2string(call_class)+"."+id2string(call_basename);
+    symbolt symbol;
+    symbol.name=stubname;
+    symbol.base_name=call_basename;
+    symbol.type=c.function().type();
+    symbol.value.make_nil();
+    symbol.mode=ID_java;
+    symbol_table.add(symbol);
+  }
+}
+
+/// See output
+/// \param e: expression tree to search
+/// \param symbol_table: global symbol table
+/// \param [out] needed: Populated with global variable symbols referenced from
+/// `e` or its children.
+void gather_methods_lazilyt::gather_needed_globals(
+  const exprt &e,
+  const symbol_tablet &symbol_table,
+  symbol_tablet &needed)
+{
+  if(e.id()==ID_symbol)
+  {
+    // If the symbol isn't in the symbol table at all, then it is defined
+    // on an opaque type (i.e. we don't have the class definition at this point)
+    // and will be created during the typecheck phase.
+    // We don't mark it as 'needed' as it doesn't exist yet to keep.
+    auto findit=symbol_table.symbols.find(to_symbol_expr(e).get_identifier());
+    if(findit!=symbol_table.symbols.end() &&
+       findit->second.is_static_lifetime)
+    {
+      needed.add(findit->second);
+    }
+  }
+  else
+    forall_operands(opit, e)
+      gather_needed_globals(*opit, symbol_table, needed);
+}
+
+/// See param lazy_methods
+/// \param class_type: root of class tree to search
+/// \param ns: global namespace
+/// \param [out] lazy_methods: Popualted with all Java reference types reachable
+///   starting at `class_type`. For example if `class_type` is
+///   `symbol_typet("java::A")` and A has a B field, then `B` (but not `A`) will
+///   noted as a needed class.
+void gather_methods_lazilyt::gather_field_types(
+  const typet &class_type,
+  const namespacet &ns,
+  ci_lazy_methodst &lazy_methods)
+{
+  const auto &underlying_type=to_struct_type(ns.follow(class_type));
+  for(const auto &field : underlying_type.components())
+  {
+    if(field.type().id()==ID_struct || field.type().id()==ID_symbol)
+      gather_field_types(field.type(), ns, lazy_methods);
+    else if(field.type().id()==ID_pointer)
+    {
+      // Skip array primitive pointers, for example:
+      if(field.type().subtype().id()!=ID_symbol)
+        continue;
+      initialize_needed_classes_from_pointer(
+        to_pointer_type(field.type()), ns, lazy_methods);
+    }
+  }
+}
+
+/// Find a virtual callee, if one is defined and the callee type is known to
+/// exist.
+/// \param needed_classes: set of classes that can be instantiated.
+///   Any potential callee not in this set will be ignored.
+/// \param call_basename: unqualified function name with type signature (e.g.
+///   "f:(I)")
+/// \param classname: class name that may define or override a function named
+///   `call_basename`.
+/// \param symbol_table: global symtab
+/// \return Returns the fully qualified name of `classname`'s definition of
+///   `call_basename` if found and `classname` is present in `needed_classes`,
+///   or irep_idt() otherwise.
+irep_idt gather_methods_lazilyt::get_virtual_method_target(
+  const std::set<irep_idt> &needed_classes,
+  const irep_idt &call_basename,
+  const irep_idt &classname,
+  const symbol_tablet &symbol_table)
+{
+  // Program-wide, is this class ever instantiated?
+  if(!needed_classes.count(classname))
+    return irep_idt();
+  auto methodid=id2string(classname)+"."+id2string(call_basename);
+  if(symbol_table.has_symbol(methodid))
+    return methodid;
+  else
+    return irep_idt();
+}
diff --git a/src/java_bytecode/gather_methods_lazily.h b/src/java_bytecode/gather_methods_lazily.h
new file mode 100644
index 00000000000..5a26637310c
--- /dev/null
+++ b/src/java_bytecode/gather_methods_lazily.h
@@ -0,0 +1,103 @@
+/*******************************************************************\
+
+ Module: Java Bytecode
+
+ Author: DiffBlue Limited. All rights reserved.
+
+\*******************************************************************/
+
+/// \file
+/// Collect methods needed to be loaded using the lazy method
+
+#ifndef CPROVER_JAVA_BYTECODE_GATHER_METHODS_LAZILY_H
+#define CPROVER_JAVA_BYTECODE_GATHER_METHODS_LAZILY_H
+
+#include <map>
+#include <functional>
+
+#include <util/irep.h>
+#include <util/symbol_table.h>
+#include <util/message.h>
+#include <goto-programs/class_hierarchy.h>
+#include <java_bytecode/java_bytecode_parse_tree.h>
+#include <java_bytecode/java_class_loader.h>
+#include <java_bytecode/ci_lazy_methods.h>
+
+class java_string_library_preprocesst;
+
+typedef std::pair<
+          const symbolt *,
+          const java_bytecode_parse_treet::methodt *>
+  lazy_method_valuet;
+
+typedef std::map<irep_idt, lazy_method_valuet>
+  lazy_methodst;
+
+class gather_methods_lazilyt:public messaget
+{
+public:
+  gather_methods_lazilyt(
+    const symbol_tablet &symbol_table,
+    const irep_idt &main_class,
+    const std::vector<irep_idt> &main_jar_classes,
+    const std::vector<irep_idt> &lazy_methods_extra_entry_points,
+    java_class_loadert &java_class_loader,
+    message_handlert &message_handler);
+
+  // not const since messaget
+  bool operator()(
+    symbol_tablet &symbol_table,
+    lazy_methodst &lazy_methods,
+    std::function<void(
+      const symbolt &,
+      const java_bytecode_parse_treet::methodt &,
+      ci_lazy_methodst)> method_converter);
+
+private:
+  void resolve_method_names(
+    std::vector<irep_idt> &methods,
+    const symbol_tablet &symbol_table);
+
+  void initialize_needed_classes(
+    const std::vector<irep_idt> &entry_points,
+    const namespacet &ns,
+    ci_lazy_methodst &lazy_methods);
+
+  void initialize_needed_classes_from_pointer(
+    const pointer_typet &pointer_type,
+    const namespacet &ns,
+    ci_lazy_methodst &lazy_methods);
+
+  void gather_virtual_callsites(
+    const exprt &e,
+    std::vector<const code_function_callt *> &result);
+
+  void get_virtual_method_targets(
+    const code_function_callt &c,
+    const std::set<irep_idt> &needed_classes,
+    std::vector<irep_idt> &needed_methods,
+    symbol_tablet &symbol_table);
+
+  void gather_needed_globals(
+    const exprt &e,
+    const symbol_tablet &symbol_table,
+    symbol_tablet &needed);
+
+  void gather_field_types(const typet &class_type,
+    const namespacet &ns,
+    ci_lazy_methodst &lazy_methods);
+
+  irep_idt get_virtual_method_target(
+    const std::set<irep_idt> &needed_classes,
+    const irep_idt &call_basename,
+    const irep_idt &classname,
+    const symbol_tablet &symbol_table);
+
+  class_hierarchyt class_hierarchy;
+  const irep_idt main_class;
+  const std::vector<irep_idt> main_jar_classes;
+  const std::vector<irep_idt> lazy_methods_extra_entry_points;
+  java_class_loadert &java_class_loader;
+};
+
+#endif // CPROVER_JAVA_BYTECODE_GATHER_METHODS_LAZILY_H
diff --git a/src/java_bytecode/java_bytecode_language.cpp b/src/java_bytecode/java_bytecode_language.cpp
index 78957375928..33d7d30fd49 100644
--- a/src/java_bytecode/java_bytecode_language.cpp
+++ b/src/java_bytecode/java_bytecode_language.cpp
@@ -29,6 +29,7 @@ Author: Daniel Kroening, kroening@kroening.com
 #include "java_bytecode_parser.h"
 #include "java_class_loader.h"
 #include "java_utils.h"
+#include "gather_methods_lazily.h"
 
 #include "expr2java.h"
 
@@ -170,269 +171,6 @@ bool java_bytecode_languaget::parse(
   return false;
 }
 
-/// Find a virtual callee, if one is defined and the callee type is known to
-/// exist.
-/// \par parameters: `needed_classes`: set of classes that can be instantiated.
-///   Any potential callee not in this set will be ignored.
-/// `call_basename`: unqualified function name with type signature (e.g.
-///   "f:(I)")
-/// `classname`: class name that may define or override a function named
-///   `call_basename`.
-/// `symbol_table`: global symtab
-/// \return Returns the fully qualified name of `classname`'s definition of
-///   `call_basename` if found and `classname` is present in `needed_classes`,
-///   or irep_idt() otherwise.
-static irep_idt get_virtual_method_target(
-  const std::set<irep_idt> &needed_classes,
-  const irep_idt &call_basename,
-  const irep_idt &classname,
-  const symbol_tablet &symbol_table)
-{
-  // Program-wide, is this class ever instantiated?
-  if(!needed_classes.count(classname))
-    return irep_idt();
-  auto methodid=id2string(classname)+"."+id2string(call_basename);
-  if(symbol_table.has_symbol(methodid))
-    return methodid;
-  else
-    return irep_idt();
-}
-
-/// Find possible callees, excluding types that are not known to be
-/// instantiated.
-/// \par parameters: `c`: function call whose potential target functions should
-///   be determined.
-/// `needed_classes`: set of classes that can be instantiated. Any potential
-///   callee not in this set will be ignored.
-/// `symbol_table`: global symtab
-/// `class_hierarchy`: global class hierarchy
-/// \return Populates `needed_methods` with all possible `c` callees, taking
-///   `needed_classes` into account (virtual function overrides defined on
-///   classes that are not 'needed' are ignored)
-static void get_virtual_method_targets(
-  const code_function_callt &c,
-  const std::set<irep_idt> &needed_classes,
-  std::vector<irep_idt> &needed_methods,
-  symbol_tablet &symbol_table,
-  const class_hierarchyt &class_hierarchy)
-{
-  const auto &called_function=c.function();
-  assert(called_function.id()==ID_virtual_function);
-
-  const auto &call_class=called_function.get(ID_C_class);
-  assert(!call_class.empty());
-  const auto &call_basename=called_function.get(ID_component_name);
-  assert(!call_basename.empty());
-
-  auto old_size=needed_methods.size();
-
-  auto child_classes=class_hierarchy.get_children_trans(call_class);
-  for(const auto &child_class : child_classes)
-  {
-    auto child_method=
-      get_virtual_method_target(
-        needed_classes,
-        call_basename,
-        child_class,
-        symbol_table);
-    if(!child_method.empty())
-      needed_methods.push_back(child_method);
-  }
-
-  irep_idt parent_class_id=call_class;
-  while(1)
-  {
-    auto parent_method=
-      get_virtual_method_target(
-        needed_classes,
-        call_basename,
-        parent_class_id,
-        symbol_table);
-    if(!parent_method.empty())
-    {
-      needed_methods.push_back(parent_method);
-      break;
-    }
-    else
-    {
-      auto findit=class_hierarchy.class_map.find(parent_class_id);
-      if(findit==class_hierarchy.class_map.end())
-        break;
-      else
-      {
-        const auto &entry=findit->second;
-        if(entry.parents.empty())
-          break;
-        else
-          parent_class_id=entry.parents[0];
-      }
-    }
-  }
-
-  if(needed_methods.size()==old_size)
-  {
-    // Didn't find any candidate callee. Generate a stub.
-    std::string stubname=id2string(call_class)+"."+id2string(call_basename);
-    symbolt symbol;
-    symbol.name=stubname;
-    symbol.base_name=call_basename;
-    symbol.type=c.function().type();
-    symbol.value.make_nil();
-    symbol.mode=ID_java;
-    symbol_table.add(symbol);
-  }
-}
-
-/// See output
-/// \par parameters: `e`: expression tree to search
-/// \return Populates `result` with pointers to each function call within e that
-///   calls a virtual function.
-static void gather_virtual_callsites(
-  const exprt &e,
-  std::vector<const code_function_callt *> &result)
-{
-  if(e.id()!=ID_code)
-    return;
-  const codet &c=to_code(e);
-  if(c.get_statement()==ID_function_call &&
-     to_code_function_call(c).function().id()==ID_virtual_function)
-    result.push_back(&to_code_function_call(c));
-  else
-    forall_operands(it, e)
-      gather_virtual_callsites(*it, result);
-}
-
-/// See output
-/// \par parameters: `e`: expression tree to search
-/// `symbol_table`: global symtab
-/// \return Populates `needed` with global variable symbols referenced from `e`
-///   or its children.
-static void gather_needed_globals(
-  const exprt &e,
-  const symbol_tablet &symbol_table,
-  symbol_tablet &needed)
-{
-  if(e.id()==ID_symbol)
-  {
-    // If the symbol isn't in the symbol table at all, then it is defined
-    // on an opaque type (i.e. we don't have the class definition at this point)
-    // and will be created during the typecheck phase.
-    // We don't mark it as 'needed' as it doesn't exist yet to keep.
-    auto findit=symbol_table.symbols.find(to_symbol_expr(e).get_identifier());
-    if(findit!=symbol_table.symbols.end() &&
-       findit->second.is_static_lifetime)
-    {
-      needed.add(findit->second);
-    }
-  }
-  else
-    forall_operands(opit, e)
-      gather_needed_globals(*opit, symbol_table, needed);
-}
-
-static void initialize_needed_classes_from_pointer(
-  const pointer_typet &pointer_type,
-  const namespacet &ns,
-  const class_hierarchyt &ch,
-  ci_lazy_methodst &lazy_methods);
-
-/// See output
-/// \par parameters: `class_type`: root of class tree to search
-/// `ns`: global namespace
-/// \return Populates `lazy_methods` with all Java reference types reachable
-///   starting at `class_type`. For example if `class_type` is
-///   `symbol_typet("java::A")` and A has a B field, then `B` (but not `A`) will
-///   noted as a needed class.
-static void gather_field_types(
-  const typet &class_type,
-  const namespacet &ns,
-  const class_hierarchyt &ch,
-  ci_lazy_methodst &lazy_methods)
-{
-  const auto &underlying_type=to_struct_type(ns.follow(class_type));
-  for(const auto &field : underlying_type.components())
-  {
-    if(field.type().id()==ID_struct || field.type().id()==ID_symbol)
-      gather_field_types(field.type(), ns, ch, lazy_methods);
-    else if(field.type().id()==ID_pointer)
-    {
-      // Skip array primitive pointers, for example:
-      if(field.type().subtype().id()!=ID_symbol)
-        continue;
-      initialize_needed_classes_from_pointer(
-        to_pointer_type(field.type()), ns, ch, lazy_methods);
-    }
-  }
-}
-
-/// Build up list of methods for types for a specific pointer type. See
-/// `initialize_needed_classes` for more details.
-/// \param pointer_type: The type to gather methods for.
-/// \param ns: global namespace
-/// \param ch: global class hierarchy
-/// \param [out] lazy_methods: Populated with all Java reference types whose
-///   references may be passed, directly or indirectly, to any of the functions
-///   in `entry_points
-static void initialize_needed_classes_from_pointer(
-  const pointer_typet &pointer_type,
-  const namespacet &ns,
-  const class_hierarchyt &ch,
-  ci_lazy_methodst &lazy_methods)
-{
-  const symbol_typet &class_type=to_symbol_type(pointer_type.subtype());
-  const auto &param_classid=class_type.get_identifier();
-  std::vector<irep_idt> class_and_parents=
-    ch.get_parents_trans(param_classid);
-
-  class_and_parents.push_back(param_classid);
-
-  for(const auto &classid : class_and_parents)
-    lazy_methods.add_needed_class(classid);
-
-  gather_field_types(
-    pointer_type.subtype(), ns, ch, lazy_methods);
-}
-
-/// Build up a list of methods whose type may be passed around reachable
-/// from the entry point.
-/// \param entry_points: list of fully-qualified function names that
-///   we should assume are reachable
-/// \param ns: global namespace
-/// \param ch: global class hierarchy
-/// \param pointer_type_selector: The pointer_type_selector used to find out
-///   what other classes may be used for pointers
-/// \param [out] lazy_methods: Populated with all Java reference types whose
-///   references may be passed, directly or indirectly, to any of the functions
-///   in `entry_points`.
-static void initialize_needed_classes(
-  const std::vector<irep_idt> &entry_points,
-  const namespacet &ns,
-  const class_hierarchyt &ch,
-  ci_lazy_methodst &lazy_methods)
-{
-  for(const auto &mname : entry_points)
-  {
-    const auto &symbol=ns.lookup(mname);
-    const auto &mtype=to_code_type(symbol.type);
-    for(const auto &param : mtype.parameters())
-    {
-      if(param.type().id()==ID_pointer)
-      {
-        const pointer_typet &original_pointer=to_pointer_type(param.type());
-        initialize_needed_classes_from_pointer(
-          original_pointer, ns, ch, lazy_methods);
-      }
-    }
-  }
-
-  // Also add classes whose instances are magically
-  // created by the JVM and so won't be spotted by
-  // looking for constructors and calls as usual:
-  lazy_methods.add_needed_class("java::java.lang.String");
-  lazy_methods.add_needed_class("java::java.lang.Class");
-  lazy_methods.add_needed_class("java::java.lang.Object");
-}
-
 bool java_bytecode_languaget::typecheck(
   symbol_tablet &symbol_table,
   const std::string &module)
@@ -500,54 +238,6 @@ bool java_bytecode_languaget::typecheck(
   return false;
 }
 
-/// Translates the given list of method names from human-readable to
-/// internal syntax.
-/// Expands any wildcards (entries ending in '.*') in the given method
-/// list to include all non-static methods defined on the given class.
-/// \param [in, out] methods: List of methods to expand. Any wildcard entries
-///   will be deleted and the expanded entries appended to the end.
-/// \param symbol_table: global symbol table
-static void resolve_method_names(
-  std::vector<irep_idt> &methods,
-  const symbol_tablet &symbol_table)
-{
-  std::vector<irep_idt> new_methods;
-  for(const irep_idt &method : methods)
-  {
-    const std::string &method_str=id2string(method);
-    if(!has_suffix(method_str, ".*"))
-    {
-      std::string error_message;
-      irep_idt internal_name=
-        resolve_friendly_method_name(
-          method_str,
-          symbol_table,
-          error_message);
-      if(internal_name==irep_idt())
-        throw "entry point "+error_message;
-      new_methods.push_back(internal_name);
-    }
-    else
-    {
-      irep_idt classname="java::"+method_str.substr(0, method_str.length()-2);
-      if(!symbol_table.has_symbol(classname))
-        throw "wildcard entry point '"+method_str+"': unknown class";
-
-      for(const auto &name_symbol : symbol_table.symbols)
-      {
-        if(name_symbol.second.type.id()!=ID_code)
-          continue;
-        if(!to_code_type(name_symbol.second.type).has_this())
-          continue;
-        if(has_prefix(id2string(name_symbol.first), id2string(classname)))
-          new_methods.push_back(name_symbol.first);
-      }
-    }
-  }
-
-  methods=std::move(new_methods);
-}
-
 /// Uses a simple context-insensitive ('ci') analysis to determine which methods
 /// may be reachable from the main entry point. In brief, static methods are
 /// reachable if we find a callsite in another reachable site, while virtual
@@ -565,155 +255,30 @@ bool java_bytecode_languaget::do_ci_lazy_method_conversion(
   symbol_tablet &symbol_table,
   lazy_methodst &lazy_methods)
 {
-  class_hierarchyt ch;
-  ch(symbol_table);
-
-  std::vector<irep_idt> method_worklist1;
-  std::vector<irep_idt> method_worklist2;
-
-  auto main_function=
-    get_main_symbol(symbol_table, main_class, get_message_handler(), true);
-  if(main_function.stop_convert)
-  {
-    // Failed, mark all functions in the given main class(es) reachable.
-    std::vector<irep_idt> reachable_classes;
-    if(!main_class.empty())
-      reachable_classes.push_back(main_class);
-    else
-      reachable_classes=main_jar_classes;
-    for(const auto &classname : reachable_classes)
-    {
-      const auto &methods=
-        java_class_loader.class_map.at(classname).parsed_class.methods;
-      for(const auto &method : methods)
-      {
-        const irep_idt methodid="java::"+id2string(classname)+"."+
-          id2string(method.name)+":"+
-          id2string(method.signature);
-        method_worklist2.push_back(methodid);
-      }
-    }
-  }
-  else
-    method_worklist2.push_back(main_function.main_function.name);
-
-  // Add any extra entry points specified; we should elaborate these in the
-  // same way as the main function.
-  std::vector<irep_idt> extra_entry_points=lazy_methods_extra_entry_points;
-  resolve_method_names(extra_entry_points, symbol_table);
-  method_worklist2.insert(
-    method_worklist2.begin(),
-    extra_entry_points.begin(),
-    extra_entry_points.end());
-
-  std::set<irep_idt> needed_classes;
-
+  const auto method_converter=[&](
+    const symbolt &symbol,
+    const java_bytecode_parse_treet::methodt &method,
+    ci_lazy_methodst new_lazy_methods)
   {
-    std::vector<irep_idt> needed_clinits;
-    ci_lazy_methodst initial_lazy_methods(
-      needed_clinits,
-      needed_classes,
-      symbol_table);
-    initialize_needed_classes(
-      method_worklist2,
-      namespacet(symbol_table),
-      ch,
-      initial_lazy_methods);
-    method_worklist2.insert(
-      method_worklist2.end(),
-      needed_clinits.begin(),
-      needed_clinits.end());
-  }
-
-  std::set<irep_idt> methods_already_populated;
-  std::vector<const code_function_callt *> virtual_callsites;
-
-  bool any_new_methods;
-  do
-  {
-    any_new_methods=false;
-    while(!method_worklist2.empty())
-    {
-      std::swap(method_worklist1, method_worklist2);
-      for(const auto &mname : method_worklist1)
-      {
-        if(!methods_already_populated.insert(mname).second)
-          continue;
-        auto findit=lazy_methods.find(mname);
-        if(findit==lazy_methods.end())
-        {
-          debug() << "Skip " << mname << eom;
-          continue;
-        }
-        debug() << "CI lazy methods: elaborate " << mname << eom;
-        const auto &parsed_method=findit->second;
-        // Note this wraps *references* to method_worklist2, needed_classes:
-        ci_lazy_methodst lazy_methods(
-          method_worklist2,
-          needed_classes,
-          symbol_table);
-        java_bytecode_convert_method(
-          *parsed_method.first,
-          *parsed_method.second,
-          symbol_table,
-          get_message_handler(),
-          max_user_array_length,
-          safe_pointer<ci_lazy_methodst>::create_non_null(&lazy_methods),
-          string_preprocess);
-        gather_virtual_callsites(
-          symbol_table.lookup(mname).value,
-          virtual_callsites);
-        any_new_methods=true;
-      }
-      method_worklist1.clear();
-    }
-
-    // Given the object types we now know may be created, populate more
-    // possible virtual function call targets:
-
-    debug() << "CI lazy methods: add virtual method targets ("
-            << virtual_callsites.size()
-            << " callsites)"
-            << eom;
-
-    for(const auto &callsite : virtual_callsites)
-    {
-      // This will also create a stub if a virtual callsite has no targets.
-      get_virtual_method_targets(
-        *callsite,
-        needed_classes,
-        method_worklist2,
-        symbol_table,
-        ch);
-    }
-  }
-  while(any_new_methods);
-
-  // Remove symbols for methods that were declared but never used:
-  symbol_tablet keep_symbols;
-
-  for(const auto &sym : symbol_table.symbols)
-  {
-    if(sym.second.is_static_lifetime)
-      continue;
-    if(lazy_methods.count(sym.first) &&
-       !methods_already_populated.count(sym.first))
-    {
-      continue;
-    }
-    if(sym.second.type.id()==ID_code)
-      gather_needed_globals(sym.second.value, symbol_table, keep_symbols);
-    keep_symbols.add(sym.second);
-  }
-
-  debug() << "CI lazy methods: removed "
-          << symbol_table.symbols.size() - keep_symbols.symbols.size()
-          << " unreachable methods and globals"
-          << eom;
+    java_bytecode_convert_method(
+      symbol,
+      method,
+      symbol_table,
+      get_message_handler(),
+      max_user_array_length,
+      safe_pointer<ci_lazy_methodst>::create_non_null(&new_lazy_methods),
+      string_preprocess);
+  };
 
-  symbol_table.swap(keep_symbols);
+  gather_methods_lazilyt method_gather(
+    symbol_table,
+    main_class,
+    main_jar_classes,
+    lazy_methods_extra_entry_points,
+    java_class_loader,
+    get_message_handler());
 
-  return false;
+  return method_gather(symbol_table, lazy_methods, method_converter);
 }
 
 /// Provide feedback to `language_filest` so that when asked for a lazy method,

From 804f5a71f4b69475b55a050f13a549613c63563b Mon Sep 17 00:00:00 2001
From: thk123 <thomas@diffblue.com>
Date: Thu, 10 Aug 2017 17:43:58 +0100
Subject: [PATCH 566/699] Added documentation to class_hierarchy

---
 src/goto-programs/class_hierarchy.cpp | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/goto-programs/class_hierarchy.cpp b/src/goto-programs/class_hierarchy.cpp
index 0f2fb6c5de0..fadbc5c956b 100644
--- a/src/goto-programs/class_hierarchy.cpp
+++ b/src/goto-programs/class_hierarchy.cpp
@@ -64,6 +64,11 @@ void class_hierarchyt::get_children_trans_rec(
     get_children_trans_rec(child, dest);
 }
 
+/// Get all the classes that inherit (directly or indirectly) from class c. The
+/// first element(s) will be the immediate parents of c, followed by their
+/// immedatiate parents and so on.
+/// \param c: The class to consider
+/// \param [out] dest: A list of class ids that c eventually inherits from.
 void class_hierarchyt::get_parents_trans_rec(
   const irep_idt &c,
   idst &dest) const

From a0683133b81dc0f3d477af6d20604e677eee1576 Mon Sep 17 00:00:00 2001
From: thk123 <thomas@diffblue.com>
Date: Thu, 10 Aug 2017 17:46:20 +0100
Subject: [PATCH 567/699] Swapping asserts to invariants in one of the methods

---
 src/java_bytecode/gather_methods_lazily.cpp | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/java_bytecode/gather_methods_lazily.cpp b/src/java_bytecode/gather_methods_lazily.cpp
index 4afea4b5ee2..5d29372eb10 100644
--- a/src/java_bytecode/gather_methods_lazily.cpp
+++ b/src/java_bytecode/gather_methods_lazily.cpp
@@ -348,12 +348,15 @@ void gather_methods_lazilyt::get_virtual_method_targets(
   symbol_tablet &symbol_table)
 {
   const auto &called_function=c.function();
-  assert(called_function.id()==ID_virtual_function);
+  PRECONDITION(called_function.id()==ID_virtual_function);
 
   const auto &call_class=called_function.get(ID_C_class);
-  assert(!call_class.empty());
+  INVARIANT(
+    !call_class.empty(), "All virtual calls should be aimed at a class");
   const auto &call_basename=called_function.get(ID_component_name);
-  assert(!call_basename.empty());
+  INVARIANT(
+    !call_basename.empty(),
+    "Virtual function must have a reasonable name after removing class");
 
   auto old_size=needed_methods.size();
 

From 2520c51dd4f9a6a35a9d638209e17c2699bb4f83 Mon Sep 17 00:00:00 2001
From: thk123 <thomas@diffblue.com>
Date: Thu, 10 Aug 2017 18:29:46 +0100
Subject: [PATCH 568/699] Tighten up lazy loading for virtual functions
 implemented in base class

Previously we would load all base classes and all their methods.
However, we don't need this, we only need methods that aren't overridden
in the specific derived class we are trying to find virtual calls on.
---
 src/java_bytecode/gather_methods_lazily.cpp | 80 +++++++++++----------
 src/java_bytecode/gather_methods_lazily.h   |  4 ++
 2 files changed, 47 insertions(+), 37 deletions(-)

diff --git a/src/java_bytecode/gather_methods_lazily.cpp b/src/java_bytecode/gather_methods_lazily.cpp
index 5d29372eb10..c2186bc172c 100644
--- a/src/java_bytecode/gather_methods_lazily.cpp
+++ b/src/java_bytecode/gather_methods_lazily.cpp
@@ -297,13 +297,8 @@ void gather_methods_lazilyt::initialize_needed_classes_from_pointer(
 {
   const symbol_typet &class_type=to_symbol_type(pointer_type.subtype());
   const auto &param_classid=class_type.get_identifier();
-  std::vector<irep_idt> class_and_parents=
-    class_hierarchy.get_parents_trans(param_classid);
 
-  class_and_parents.push_back(param_classid);
-
-  for(const auto &classid : class_and_parents)
-    lazy_methods.add_needed_class(classid);
+  lazy_methods.add_needed_class(param_classid);
 
   gather_field_types(pointer_type.subtype(), ns, lazy_methods);
 }
@@ -360,6 +355,15 @@ void gather_methods_lazilyt::get_virtual_method_targets(
 
   auto old_size=needed_methods.size();
 
+  const irep_idt &self_method=
+    get_virtual_method_target(
+      needed_classes, call_basename, call_class, symbol_table);
+
+  if(!self_method.empty())
+  {
+    needed_methods.push_back(self_method);
+  }
+
   auto child_classes=class_hierarchy.get_children_trans(call_class);
   for(const auto &child_class : child_classes)
   {
@@ -373,36 +377,6 @@ void gather_methods_lazilyt::get_virtual_method_targets(
       needed_methods.push_back(child_method);
   }
 
-  irep_idt parent_class_id=call_class;
-  while(1)
-  {
-    auto parent_method=
-      get_virtual_method_target(
-        needed_classes,
-        call_basename,
-        parent_class_id,
-        symbol_table);
-    if(!parent_method.empty())
-    {
-      needed_methods.push_back(parent_method);
-      break;
-    }
-    else
-    {
-      auto findit=class_hierarchy.class_map.find(parent_class_id);
-      if(findit==class_hierarchy.class_map.end())
-        break;
-      else
-      {
-        const auto &entry=findit->second;
-        if(entry.parents.empty())
-          break;
-        else
-          parent_class_id=entry.parents[0];
-      }
-    }
-  }
-
   if(needed_methods.size()==old_size)
   {
     // Didn't find any candidate callee. Generate a stub.
@@ -494,9 +468,41 @@ irep_idt gather_methods_lazilyt::get_virtual_method_target(
   // Program-wide, is this class ever instantiated?
   if(!needed_classes.count(classname))
     return irep_idt();
-  auto methodid=id2string(classname)+"."+id2string(call_basename);
+  auto methodid=build_virtual_method_name(classname, call_basename);
   if(symbol_table.has_symbol(methodid))
     return methodid;
   else
+  {
+    // no method found for this specific classs, but a call to this class
+    // will be resolved in one of its base classes so we should work up the
+    // heirarchy to see if one resovles
+    class_hierarchyt::idst parent_classes=
+      class_hierarchy.get_parents_trans(classname);
+    for(const irep_idt &parent_class_id : parent_classes)
+    {
+      auto parent_method_id=
+        build_virtual_method_name(parent_class_id, call_basename);
+      if(symbol_table.has_symbol(parent_method_id))
+      {
+        return parent_method_id;
+      }
+    }
     return irep_idt();
+  }
+}
+
+
+/// Build a method name as found in a GOTO symbol table equivalent to the name
+/// of a concrete call of method component_method_name on class class_name
+/// \param component_method_name: The name of the function
+/// \param class_name: The class the implementation would be found on.
+/// \return A name for looking up in the symbol table for classes `class_name`'s
+///   implementation of `component_name`
+irep_idt gather_methods_lazilyt::build_virtual_method_name(
+  const irep_idt &class_name, const irep_idt &component_method_name)
+{
+  // Verify the parameters are called in the correct order.
+  PRECONDITION(id2string(class_name).find("::")!=std::string::npos);
+  PRECONDITION(id2string(component_method_name).find("(")!=std::string::npos);
+  return id2string(class_name)+'.'+id2string(component_method_name);
 }
diff --git a/src/java_bytecode/gather_methods_lazily.h b/src/java_bytecode/gather_methods_lazily.h
index 5a26637310c..8f2c699bb11 100644
--- a/src/java_bytecode/gather_methods_lazily.h
+++ b/src/java_bytecode/gather_methods_lazily.h
@@ -93,6 +93,10 @@ class gather_methods_lazilyt:public messaget
     const irep_idt &classname,
     const symbol_tablet &symbol_table);
 
+  static irep_idt build_virtual_method_name(
+    const irep_idt &class_name,
+    const irep_idt &component_method_name);
+
   class_hierarchyt class_hierarchy;
   const irep_idt main_class;
   const std::vector<irep_idt> main_jar_classes;

From 15e98814fd2abfaaa0f02b337a04ede809e4aecf Mon Sep 17 00:00:00 2001
From: Vlastimil Zeman <vlastimil.zeman@diffblue.com>
Date: Tue, 15 Aug 2017 09:13:18 +0100
Subject: [PATCH 569/699] Standardise ccache size to 1 GB

---
 .travis.yml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index 60abdae5d25..a1df7904bb4 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -64,7 +64,6 @@ jobs:
         - mkdir bin ; ln -s /usr/bin/gcc bin/gcc
         - HOMEBREW_NO_AUTO_UPDATE=1 brew install ccache
         - export PATH=/usr/local/opt/ccache/libexec:$PATH
-        - ccache -M 1G
       env: COMPILER=g++
 
     # OS X using clang++
@@ -76,7 +75,6 @@ jobs:
       before_install:
         - HOMEBREW_NO_AUTO_UPDATE=1 brew install ccache
         - export PATH=/usr/local/opt/ccache/libexec:$PATH
-        - ccache -M 1G
       env:
         - COMPILER="ccache clang++ -Qunused-arguments -fcolor-diagnostics"
         - CCACHE_CPP2=yes
@@ -157,6 +155,7 @@ jobs:
     - <<: *linter-stage
 
 install:
+  - ccache --max-size=1G
   - COMMAND="make -C src minisat2-download" &&
     eval ${PRE_COMMAND} ${COMMAND}
   - COMMAND="make -C src CXX=\"$COMPILER\" CXXFLAGS=\"-Wall -Werror -pedantic -O2 -g $EXTRA_CXXFLAGS\" -j2" &&

From 5988e61dc627378a39a781b056cd8afbb12594e8 Mon Sep 17 00:00:00 2001
From: Vlastimil Zeman <vlastimil.zeman@diffblue.com>
Date: Tue, 15 Aug 2017 09:13:49 +0100
Subject: [PATCH 570/699] Update cbmc-builder alpine container

---
 .travis.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index a1df7904bb4..6882f1cd407 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -48,9 +48,9 @@ jobs:
       services:
         - docker
       before_install:
-        - docker pull diffblue/cbmc-builder:alpine-0.0.1
+        - docker pull diffblue/cbmc-builder:alpine-0.0.3
       env:
-        - PRE_COMMAND="docker run -v ${TRAVIS_BUILD_DIR}:/cbmc -v ${HOME}/.ccache:/root/.ccache diffblue/cbmc-builder:alpine-0.0.1"
+        - PRE_COMMAND="docker run -v ${TRAVIS_BUILD_DIR}:/cbmc -v ${HOME}/.ccache:/root/.ccache diffblue/cbmc-builder:alpine-0.0.3"
         - COMPILER="ccache g++"
 
     # OS X using g++

From 696c13901f6e6399e2c67d37a28fdc122516612b Mon Sep 17 00:00:00 2001
From: thk123 <thomas@diffblue.com>
Date: Mon, 14 Aug 2017 10:12:10 +0100
Subject: [PATCH 571/699] Pulled out logic for finding the correct resolution
 for a given virtual call

When calling method f on a class A, if class A implements it, A::f is
called. If it doesn't then we should work up the class hierachy till we
find a class that fills in the gap. This was separately implemented in
different locations with varying levels of accuracy. This pulls all
three into a common class responsible for this.
---
 src/goto-programs/Makefile                    |   1 +
 .../remove_virtual_functions.cpp              |  41 ++++---
 .../resolve_concrete_function_call.cpp        | 102 ++++++++++++++++++
 .../resolve_concrete_function_call.h          |  75 +++++++++++++
 src/java_bytecode/gather_methods_lazily.cpp   |  43 ++------
 .../java_bytecode_convert_method.cpp          |  66 +++++++-----
 .../java_bytecode_convert_method_class.h      |   2 +-
 7 files changed, 245 insertions(+), 85 deletions(-)
 create mode 100644 src/goto-programs/resolve_concrete_function_call.cpp
 create mode 100644 src/goto-programs/resolve_concrete_function_call.h

diff --git a/src/goto-programs/Makefile b/src/goto-programs/Makefile
index 6aa1941572b..c7e2f264cf2 100644
--- a/src/goto-programs/Makefile
+++ b/src/goto-programs/Makefile
@@ -49,6 +49,7 @@ SRC = basic_blocks.cpp \
       remove_vector.cpp \
       remove_virtual_functions.cpp \
       replace_java_nondet.cpp \
+      resolve_concrete_function_call.cpp \
       safety_checker.cpp \
       set_properties.cpp \
       show_goto_functions.cpp \
diff --git a/src/goto-programs/remove_virtual_functions.cpp b/src/goto-programs/remove_virtual_functions.cpp
index 5ae06fceeb0..26671e18527 100644
--- a/src/goto-programs/remove_virtual_functions.cpp
+++ b/src/goto-programs/remove_virtual_functions.cpp
@@ -13,6 +13,8 @@ Author: Daniel Kroening, kroening@kroening.com
 #include "class_hierarchy.h"
 #include "class_identifier.h"
 
+#include <goto-programs/resolve_concrete_function_call.h>
+
 #include <util/c_types.h>
 #include <util/prefix.h>
 #include <util/type_eq.h>
@@ -258,32 +260,26 @@ void remove_virtual_functionst::get_functions(
 {
   const irep_idt class_id=function.get(ID_C_class);
   const irep_idt component_name=function.get(ID_component_name);
-  assert(!class_id.empty());
+  INVARIANT(!class_id.empty(), "All virtual functions must have a class");
+
+  resolve_concrete_function_callt get_virtual_call_target(
+    symbol_table, class_hierarchy);
+  const resolve_concrete_function_callt::concrete_function_callt &
+    resolved_call=get_virtual_call_target(class_id, component_name);
   functiont root_function;
 
-  // Start from current class, go to parents until something
-  // is found.
-  irep_idt c=class_id;
-  while(!c.empty())
+  if(resolved_call.is_valid())
   {
-    exprt method=get_method(c, component_name);
-    if(method.is_not_nil())
-    {
-      root_function.class_id=c;
-      root_function.symbol_expr=to_symbol_expr(method);
-      root_function.symbol_expr.set(ID_C_class, c);
-      break; // abort
-    }
+    root_function.class_id=resolved_call.get_class_identifier();
 
-    const class_hierarchyt::idst &parents=
-      class_hierarchy.class_map[c].parents;
+    const symbolt &called_symbol=
+      symbol_table.lookup(resolved_call.get_virtual_method_name());
 
-    if(parents.empty())
-      break;
-    c=parents.front();
+    root_function.symbol_expr=called_symbol.symbol_expr();
+    root_function.symbol_expr.set(
+      ID_C_class, resolved_call.get_class_identifier());
   }
-
-  if(root_function.class_id.empty())
+  else
   {
     // No definition here; this is an abstract function.
     root_function.class_id=class_id;
@@ -306,8 +302,9 @@ exprt remove_virtual_functionst::get_method(
   const irep_idt &class_id,
   const irep_idt &component_name) const
 {
-  irep_idt id=id2string(class_id)+"."+
-              id2string(component_name);
+  const irep_idt &id=
+    resolve_concrete_function_callt::build_virtual_method_name(
+      class_id, component_name);
 
   const symbolt *symbol;
   if(ns.lookup(id, symbol))
diff --git a/src/goto-programs/resolve_concrete_function_call.cpp b/src/goto-programs/resolve_concrete_function_call.cpp
new file mode 100644
index 00000000000..117ebfb5963
--- /dev/null
+++ b/src/goto-programs/resolve_concrete_function_call.cpp
@@ -0,0 +1,102 @@
+/*******************************************************************\
+
+ Module: GOTO Program Utilities
+
+ Author: DiffBlue Limited. All rights reserved.
+
+\*******************************************************************/
+
+#include <algorithm>
+
+#include "resolve_concrete_function_call.h"
+
+/// See the operator() method comment.
+/// \param symbol_table: The symbol table to resolve the function call in
+resolve_concrete_function_callt::resolve_concrete_function_callt(
+  const symbol_tablet &symbol_table):
+    symbol_table(symbol_table)
+{
+  class_hierarchy(symbol_table);
+}
+
+/// See the operator() method comment
+/// \param symbol_table: The symbol table to resolve the function call in
+/// \param class_hierarchy: A prebuilt class_hierachy based on the symbol_table
+///
+resolve_concrete_function_callt::resolve_concrete_function_callt(
+  const symbol_tablet &symbol_table, const class_hierarchyt &class_hierarchy):
+    class_hierarchy(class_hierarchy),
+    symbol_table(symbol_table)
+{
+  // We require the class_hierarchy to be already populated if we are being
+  // supplied it.
+  PRECONDITION(!class_hierarchy.class_map.empty());
+}
+
+/// Given a virtual function call, identify what concrete call this would be
+/// resolved to. For example, calling a method on a class will call its
+/// implementions if it exists, else will call the first parent that provides an
+/// implementation. If none are found, an empty string will be returned.
+/// \param class_id: The name of the class the function is being called on
+/// \param component_name: The base name of the function (e.g. without the
+///   class specifier
+/// \return The concrete call that has been resolved
+resolve_concrete_function_callt::concrete_function_callt
+  resolve_concrete_function_callt::operator()(
+    const irep_idt &class_id, const irep_idt &component_name)
+{
+  PRECONDITION(!class_id.empty());
+  PRECONDITION(!component_name.empty());
+
+  irep_idt current_class=class_id;
+  while(!current_class.empty())
+  {
+    const irep_idt &virtual_method_name=
+      build_virtual_method_name(current_class, component_name);
+
+    if(symbol_table.has_symbol(virtual_method_name))
+    {
+      return concrete_function_callt(current_class, component_name);
+    }
+
+    const class_hierarchyt::idst &parents=
+      class_hierarchy.class_map[current_class].parents;
+
+    if(parents.empty())
+      break;
+    current_class=parents.front();
+  }
+
+  return concrete_function_callt();
+}
+
+/// Build a method name as found in a GOTO symbol table equivalent to the name
+/// of a concrete call of method component_method_name on class class_name
+/// \param component_method_name: The name of the function
+/// \param class_name: The class the implementation would be found on.
+/// \return A name for looking up in the symbol table for classes `class_name`'s
+///   implementation of `component_name`
+irep_idt resolve_concrete_function_callt::build_virtual_method_name(
+  const irep_idt &class_name, const irep_idt &component_method_name)
+{
+  // Verify the parameters are called in the correct order.
+  PRECONDITION(id2string(class_name).find("::")!=std::string::npos);
+  PRECONDITION(id2string(component_method_name).find("(")!=std::string::npos);
+  return id2string(class_name)+'.'+id2string(component_method_name);
+}
+
+/// Get the full name of this function
+/// \return The symbol name for this function call
+irep_idt resolve_concrete_function_callt::concrete_function_callt::
+  get_virtual_method_name() const
+{
+  return resolve_concrete_function_callt::build_virtual_method_name(
+    class_identifier, function_identifier);
+}
+
+/// Use to check if this concrete_function_callt has been fully constructed.
+/// \return True if this represents a real concrete function call
+bool resolve_concrete_function_callt::concrete_function_callt::is_valid() const
+{
+  return !class_identifier.empty();
+}
diff --git a/src/goto-programs/resolve_concrete_function_call.h b/src/goto-programs/resolve_concrete_function_call.h
new file mode 100644
index 00000000000..c739e9b7393
--- /dev/null
+++ b/src/goto-programs/resolve_concrete_function_call.h
@@ -0,0 +1,75 @@
+/*******************************************************************\
+
+ Module: GOTO Program Utilities
+
+ Author: DiffBlue Limited. All rights reserved.
+
+\*******************************************************************/
+
+/// \file
+/// Given a virtual function call on a specific class, find which implementation
+/// needs to be used.
+
+#ifndef CPROVER_GOTO_PROGRAMS_RESOLVE_CONCRETE_FUNCTION_CALL_H
+#define CPROVER_GOTO_PROGRAMS_RESOLVE_CONCRETE_FUNCTION_CALL_H
+
+#include <util/symbol_table.h>
+#include <util/std_expr.h>
+#include <util/std_code.h>
+#include <goto-programs/class_hierarchy.h>
+
+class resolve_concrete_function_callt
+{
+public:
+  explicit resolve_concrete_function_callt(const symbol_tablet &symbol_table);
+  resolve_concrete_function_callt(
+    const symbol_tablet &symbol_table, const class_hierarchyt &class_hierarchy);
+
+  class concrete_function_callt
+  {
+  public:
+    concrete_function_callt()
+    {}
+
+    concrete_function_callt(
+      const irep_idt &class_id, const irep_idt &method_id):
+        class_identifier(class_id),
+        function_identifier(method_id)
+    {}
+
+    irep_idt get_virtual_method_name() const;
+
+    irep_idt get_class_identifier() const
+    {
+      return class_identifier;
+    }
+
+    irep_idt get_function_identifier() const
+    {
+      return function_identifier;
+    }
+
+    bool is_valid() const;
+
+  private:
+    irep_idt class_identifier;
+    irep_idt function_identifier;
+  };
+
+  concrete_function_callt operator()(
+    const irep_idt &class_id, const irep_idt &component_name);
+
+  static irep_idt build_virtual_method_name(
+    const irep_idt &class_name, const irep_idt &component_method_name);
+
+private:
+  bool does_implementation_exist(
+    const irep_idt &class_name,
+    const irep_idt &component_method_name,
+    const irep_idt &calling_class_name);
+
+  class_hierarchyt class_hierarchy;
+  const symbol_tablet &symbol_table;
+};
+
+#endif // CPROVER_GOTO_PROGRAMS_RESOLVE_CONCRETE_FUNCTION_CALL_H
diff --git a/src/java_bytecode/gather_methods_lazily.cpp b/src/java_bytecode/gather_methods_lazily.cpp
index c2186bc172c..6cf752cd92b 100644
--- a/src/java_bytecode/gather_methods_lazily.cpp
+++ b/src/java_bytecode/gather_methods_lazily.cpp
@@ -15,6 +15,8 @@
 #include <util/suffix.h>
 #include <java_bytecode/java_string_library_preprocess.h>
 
+#include <goto-programs/resolve_concrete_function_call.h>
+
 
 gather_methods_lazilyt::gather_methods_lazilyt(
   const symbol_tablet &symbol_table,
@@ -468,41 +470,14 @@ irep_idt gather_methods_lazilyt::get_virtual_method_target(
   // Program-wide, is this class ever instantiated?
   if(!needed_classes.count(classname))
     return irep_idt();
-  auto methodid=build_virtual_method_name(classname, call_basename);
-  if(symbol_table.has_symbol(methodid))
-    return methodid;
+
+  resolve_concrete_function_callt call_resolver(symbol_table, class_hierarchy);
+  const resolve_concrete_function_callt ::concrete_function_callt &
+    resolved_call=call_resolver(classname, call_basename);
+
+  if(resolved_call.is_valid())
+    return resolved_call.get_virtual_method_name();
   else
-  {
-    // no method found for this specific classs, but a call to this class
-    // will be resolved in one of its base classes so we should work up the
-    // heirarchy to see if one resovles
-    class_hierarchyt::idst parent_classes=
-      class_hierarchy.get_parents_trans(classname);
-    for(const irep_idt &parent_class_id : parent_classes)
-    {
-      auto parent_method_id=
-        build_virtual_method_name(parent_class_id, call_basename);
-      if(symbol_table.has_symbol(parent_method_id))
-      {
-        return parent_method_id;
-      }
-    }
     return irep_idt();
-  }
 }
 
-
-/// Build a method name as found in a GOTO symbol table equivalent to the name
-/// of a concrete call of method component_method_name on class class_name
-/// \param component_method_name: The name of the function
-/// \param class_name: The class the implementation would be found on.
-/// \return A name for looking up in the symbol table for classes `class_name`'s
-///   implementation of `component_name`
-irep_idt gather_methods_lazilyt::build_virtual_method_name(
-  const irep_idt &class_name, const irep_idt &component_method_name)
-{
-  // Verify the parameters are called in the correct order.
-  PRECONDITION(id2string(class_name).find("::")!=std::string::npos);
-  PRECONDITION(id2string(component_method_name).find("(")!=std::string::npos);
-  return id2string(class_name)+'.'+id2string(component_method_name);
-}
diff --git a/src/java_bytecode/java_bytecode_convert_method.cpp b/src/java_bytecode/java_bytecode_convert_method.cpp
index 533fbfa52e0..fc69ff64e2f 100644
--- a/src/java_bytecode/java_bytecode_convert_method.cpp
+++ b/src/java_bytecode/java_bytecode_convert_method.cpp
@@ -35,6 +35,7 @@ Author: Daniel Kroening, kroening@kroening.com
 #include <goto-programs/cfg.h>
 #include <goto-programs/remove_exceptions.h>
 #include <goto-programs/class_hierarchy.h>
+#include <goto-programs/resolve_concrete_function_call.h>
 #include <analyses/cfg_dominators.h>
 
 #include <limits>
@@ -1412,7 +1413,7 @@ codet java_bytecode_convert_methodt::convert_instructions(
       // inherit a definition from a super-class, create a stub.
       irep_idt id=arg0.get(ID_identifier);
       if(symbol_table.symbols.find(id)==symbol_table.symbols.end() &&
-         !(is_virtual && is_method_inherited(arg0.get(ID_C_class), id)))
+         !(is_virtual && is_method_inherited(arg0.get(ID_C_class), arg0.get(ID_component_name))))
       {
         symbolt symbol;
         symbol.name=id;
@@ -2728,39 +2729,48 @@ void java_bytecode_convert_method(
   java_bytecode_convert_method(class_symbol, method);
 }
 
-const bool java_bytecode_convert_methodt::is_method_inherited(
+bool java_bytecode_convert_methodt::is_method_inherited(
   const irep_idt &classname, const irep_idt &methodid) const
 {
-  class_hierarchyt ch;
-  namespacet ns(symbol_table);
-  ch(symbol_table);
+  resolve_concrete_function_callt call_resolver(symbol_table);
+  const resolve_concrete_function_callt ::concrete_function_callt &
+    resolved_call=call_resolver(classname, methodid);
 
-  std::string stripped_methodid(id2string(methodid));
-  stripped_methodid.erase(0, classname.size());
-
-  const std::string &classpackage=java_class_to_package(id2string(classname));
-  const auto &parents=ch.get_parents_trans(classname);
-  for(const auto &parent : parents)
+  if(resolved_call.is_valid())
   {
-    const irep_idt id=id2string(parent)+stripped_methodid;
-    const symbolt *symbol;
-    if(!ns.lookup(id, symbol) &&
-       symbol->type.id()==ID_code)
-    {
-      const auto &access=symbol->type.get(ID_access);
-      if(access==ID_public || access==ID_protected)
-        return true;
-      // methods with the default access modifier are only
-      // accessible within the same package.
-      else if(access==ID_default &&
-              java_class_to_package(id2string(parent))==classpackage)
-        return true;
-      else if(access==ID_private)
-        continue;
-      else
-        INVARIANT(false, "Unexpected access modifier.");
+    const symbolt &function_symbol=
+      symbol_table.lookup(resolved_call.get_virtual_method_name());
+
+    INVARIANT(function_symbol.type.id()==ID_code, "Function must be code");
+
+    const auto &access=function_symbol.type.get(ID_access);
+    if(access==ID_public || access==ID_protected)
+    {
+      return true;
     }
+    // methods with the default access modifier are only
+    // accessible within the same package.
+
+    else if(access==ID_default)
+    {
+      const std::string &class_package=
+        java_class_to_package(id2string(classname));
+      const std::string &method_package=
+        java_class_to_package(id2string(resolved_call.get_class_identifier()));
+      return method_package==class_package;
+    }
+    else if(access==ID_private)
+    {
+      // This is somewhat contentious: previously this code would keep walking
+      // up the parent if it found a private function. But this isn't what Java
+      // appears to do. If a private method is found then that becomes the
+      // virtual signuate and blocks access to the parent class
+      return false;
+    }
+    else
+      INVARIANT(false, "Unexpected access modifier.");
   }
+
   return false;
 }
 
diff --git a/src/java_bytecode/java_bytecode_convert_method_class.h b/src/java_bytecode/java_bytecode_convert_method_class.h
index 44e1a1d7ca8..a8b04e8112c 100644
--- a/src/java_bytecode/java_bytecode_convert_method_class.h
+++ b/src/java_bytecode/java_bytecode_convert_method_class.h
@@ -254,7 +254,7 @@ class java_bytecode_convert_methodt:public messaget
   exprt get_or_create_clinit_wrapper(const irep_idt &classname);
   codet get_clinit_call(const irep_idt &classname);
 
-  const bool is_method_inherited(
+  bool is_method_inherited(
     const irep_idt &classname,
     const irep_idt &methodid) const;
 

From d75570c398d3beea6f26ba2135593499180f1ea4 Mon Sep 17 00:00:00 2001
From: thk123 <thomas@diffblue.com>
Date: Mon, 14 Aug 2017 10:46:47 +0100
Subject: [PATCH 572/699] Renamed files to more consistent names

Renamed ci_lazy_methods to ci_lazy_methods_needed and
gather_methods_lazily to ci_lazy_methods
---
 src/java_bytecode/Makefile                    |   2 +-
 src/java_bytecode/ci_lazy_methods.cpp         | 495 +++++++++++++++++-
 src/java_bytecode/ci_lazy_methods.h           | 120 +++--
 src/java_bytecode/ci_lazy_methods_needed.cpp  |  41 ++
 src/java_bytecode/ci_lazy_methods_needed.h    |  49 ++
 src/java_bytecode/gather_methods_lazily.cpp   | 483 -----------------
 src/java_bytecode/gather_methods_lazily.h     | 107 ----
 .../java_bytecode_convert_method.cpp          |   2 +-
 .../java_bytecode_convert_method.h            |   6 +-
 .../java_bytecode_convert_method_class.h      |   6 +-
 src/java_bytecode/java_bytecode_language.cpp  |   8 +-
 11 files changed, 661 insertions(+), 658 deletions(-)
 create mode 100644 src/java_bytecode/ci_lazy_methods_needed.cpp
 create mode 100644 src/java_bytecode/ci_lazy_methods_needed.h
 delete mode 100644 src/java_bytecode/gather_methods_lazily.cpp
 delete mode 100644 src/java_bytecode/gather_methods_lazily.h

diff --git a/src/java_bytecode/Makefile b/src/java_bytecode/Makefile
index 65433223bb2..45cb61d1521 100644
--- a/src/java_bytecode/Makefile
+++ b/src/java_bytecode/Makefile
@@ -1,8 +1,8 @@
 SRC = bytecode_info.cpp \
       character_refine_preprocess.cpp \
       ci_lazy_methods.cpp \
+      ci_lazy_methods_needed.cpp \
       expr2java.cpp \
-      gather_methods_lazily.cpp \
       jar_file.cpp \
       java_bytecode_convert_class.cpp \
       java_bytecode_convert_method.cpp \
diff --git a/src/java_bytecode/ci_lazy_methods.cpp b/src/java_bytecode/ci_lazy_methods.cpp
index d7d95e85b91..64d39783df8 100644
--- a/src/java_bytecode/ci_lazy_methods.cpp
+++ b/src/java_bytecode/ci_lazy_methods.cpp
@@ -1,39 +1,484 @@
 /*******************************************************************\
 
-Module: Context-insensitive lazy methods container
+ Module: Java Bytecode
 
-Author: Chris Smowton, chris.smowton@diffblue.com
+ Author: DiffBlue Limited. All rights reserved.
 
 \*******************************************************************/
+#include "ci_lazy_methods.h"
 
-/// \file
-/// Context-insensitive lazy methods container
 
-#include "ci_lazy_methods.h"
+#include <java_bytecode/java_entry_point.h>
+#include <java_bytecode/java_class_loader.h>
+#include <java_bytecode/java_utils.h>
+#include <util/safe_pointer.h>
+#include <util/suffix.h>
+#include <java_bytecode/java_string_library_preprocess.h>
+
+#include <goto-programs/resolve_concrete_function_call.h>
+
+
+ci_lazy_methodst::ci_lazy_methodst(
+  const symbol_tablet &symbol_table,
+  const irep_idt &main_class,
+  const std::vector<irep_idt> &main_jar_classes,
+  const std::vector<irep_idt> &lazy_methods_extra_entry_points,
+  java_class_loadert &java_class_loader,
+  message_handlert &message_handler):
+    messaget(message_handler),
+    main_class(main_class),
+    main_jar_classes(main_jar_classes),
+    lazy_methods_extra_entry_points(lazy_methods_extra_entry_points),
+    java_class_loader(java_class_loader)
+{
+  // build the class hierarclass_hierarchyy
+  class_hierarchy(symbol_table);
+}
+
+/// Uses a simple context-insensitive ('ci') analysis to determine which methods
+/// may be reachable from the main entry point. In brief, static methods are
+/// reachable if we find a callsite in another reachable site, while virtual
+/// methods are reachable if we find a virtual callsite targeting a compatible
+/// type *and* a constructor callsite indicating an object of that type may be
+/// instantiated (or evidence that an object of that type exists before the main
+/// function is entered, such as being passed as a parameter).
+/// Elaborates lazily-converted methods that may be reachable starting
+/// from the main entry point (usually provided with the --function command-
+/// line option
+/// \param symbol_table: global symbol table
+/// \param [out] lazy_methods: map from method names to relevant symbol and
+///   parsed-method objects.
+/// \return Returns false on success
+bool ci_lazy_methodst::operator()(
+  symbol_tablet &symbol_table,
+  lazy_methodst &lazy_methods,
+  std::function<void(
+    const symbolt &,
+    const java_bytecode_parse_treet::methodt &,
+    ci_lazy_methods_neededt)> method_converter)
+{
+  std::vector<irep_idt> method_worklist1;
+  std::vector<irep_idt> method_worklist2;
+
+  auto main_function=
+    get_main_symbol(symbol_table, main_class, get_message_handler(), true);
+  if(main_function.stop_convert)
+  {
+    // Failed, mark all functions in the given main class(es)
+    // reaclass_hierarchyable.
+    std::vector<irep_idt> reaclass_hierarchyable_classes;
+    if(!main_class.empty())
+      reaclass_hierarchyable_classes.push_back(main_class);
+    else
+      reaclass_hierarchyable_classes=main_jar_classes;
+    for(const auto &classname : reaclass_hierarchyable_classes)
+    {
+      const auto &methods=
+        java_class_loader.class_map.at(classname).parsed_class.methods;
+      for(const auto &method : methods)
+      {
+        const irep_idt methodid="java::"+id2string(classname)+"."+
+          id2string(method.name)+":"+
+          id2string(method.signature);
+        method_worklist2.push_back(methodid);
+      }
+    }
+  }
+  else
+    method_worklist2.push_back(main_function.main_function.name);
+
+  // Add any extra entry points specified; we should elaborate these in the
+  // same way as the main function.
+  std::vector<irep_idt> extra_entry_points=lazy_methods_extra_entry_points;
+  resolve_method_names(extra_entry_points, symbol_table);
+  method_worklist2.insert(
+    method_worklist2.begin(),
+    extra_entry_points.begin(),
+    extra_entry_points.end());
+
+  std::set<irep_idt> needed_classes;
+
+  {
+    std::vector<irep_idt> needed_clinits;
+    ci_lazy_methods_neededt initial_lazy_methods(
+      needed_clinits,
+      needed_classes,
+      symbol_table);
+    initialize_needed_classes(
+      method_worklist2,
+      namespacet(symbol_table),
+      initial_lazy_methods);
+    method_worklist2.insert(
+      method_worklist2.end(),
+      needed_clinits.begin(),
+      needed_clinits.end());
+  }
+
+  std::set<irep_idt> methods_already_populated;
+  std::vector<const code_function_callt *> virtual_callsites;
 
-#include <string>
+  bool any_new_methods;
+  do
+  {
+    any_new_methods=false;
+    while(!method_worklist2.empty())
+    {
+      std::swap(method_worklist1, method_worklist2);
+      for(const auto &mname : method_worklist1)
+      {
+        if(!methods_already_populated.insert(mname).second)
+          continue;
+        auto findit=lazy_methods.find(mname);
+        if(findit==lazy_methods.end())
+        {
+          debug() << "Skip " << mname << eom;
+          continue;
+        }
+        debug() << "CI lazy methods: elaborate " << mname << eom;
+        const auto &parsed_method=findit->second;
+        // Note this wraps *references* to method_worklist2, needed_classes:
+        ci_lazy_methods_neededt new_lazy_methods(
+          method_worklist2,
+          needed_classes,
+          symbol_table);
+        method_converter(
+          *parsed_method.first, *parsed_method.second, new_lazy_methods);
+        gather_virtual_callsites(
+          symbol_table.lookup(mname).value,
+          virtual_callsites);
+        any_new_methods=true;
+      }
+      method_worklist1.clear();
+    }
 
-/// Notes `method_symbol_name` is referenced from some reachable function, and
-/// should therefore be elaborated.
-/// \par parameters: `method_symbol_name`: method name; must exist in symbol
-///   table.
-void ci_lazy_methodst::add_needed_method(const irep_idt &method_symbol_name)
+    // Given the object types we now know may be created, populate more
+    // possible virtual function call targets:
+
+    debug() << "CI lazy methods: add virtual method targets ("
+            << virtual_callsites.size()
+            << " callsites)"
+            << eom;
+
+    for(const auto &callsite : virtual_callsites)
+    {
+      // This will also create a stub if a virtual callsite has no targets.
+      get_virtual_method_targets(
+        *callsite,
+        needed_classes,
+        method_worklist2,
+        symbol_table);
+    }
+  }
+  while(any_new_methods);
+
+  // Remove symbols for methods that were declared but never used:
+  symbol_tablet keep_symbols;
+
+  for(const auto &sym : symbol_table.symbols)
+  {
+    if(sym.second.is_static_lifetime)
+      continue;
+    if(lazy_methods.count(sym.first) &&
+       !methods_already_populated.count(sym.first))
+    {
+      continue;
+    }
+    if(sym.second.type.id()==ID_code)
+      gather_needed_globals(sym.second.value, symbol_table, keep_symbols);
+    keep_symbols.add(sym.second);
+  }
+
+  debug() << "CI lazy methods: removed "
+          << symbol_table.symbols.size() - keep_symbols.symbols.size()
+          << " unreaclass_hierarchyable methods and globals"
+          << eom;
+
+  symbol_table.swap(keep_symbols);
+
+  return false;
+}
+
+/// Translates the given list of method names from human-readable to
+/// internal syntax.
+/// Expands any wildcards (entries ending in '.*') in the given method
+/// list to include all non-static methods defined on the given class.
+/// \param [in, out] methods: List of methods to expand. Any wildcard entries
+///   will be deleted and the expanded entries appended to the end.
+/// \param symbol_table: global symbol table
+void ci_lazy_methodst::resolve_method_names(
+  std::vector<irep_idt> &methods,
+  const symbol_tablet &symbol_table)
 {
-  needed_methods.push_back(method_symbol_name);
+  std::vector<irep_idt> new_methods;
+  for(const irep_idt &method : methods)
+  {
+    const std::string &method_str=id2string(method);
+    if(!has_suffix(method_str, ".*"))
+    {
+      std::string error_message;
+      irep_idt internal_name=
+        resolve_friendly_method_name(
+          method_str,
+          symbol_table,
+          error_message);
+      if(internal_name==irep_idt())
+        throw "entry point "+error_message;
+      new_methods.push_back(internal_name);
+    }
+    else
+    {
+      irep_idt classname="java::"+method_str.substr(0, method_str.length()-2);
+      if(!symbol_table.has_symbol(classname))
+        throw "wildcard entry point '"+method_str+"': unknown class";
+
+      for(const auto &name_symbol : symbol_table.symbols)
+      {
+        if(name_symbol.second.type.id()!=ID_code)
+          continue;
+        if(!to_code_type(name_symbol.second.type).has_this())
+          continue;
+        if(has_prefix(id2string(name_symbol.first), id2string(classname)))
+          new_methods.push_back(name_symbol.first);
+      }
+    }
+  }
+
+  methods=std::move(new_methods);
 }
 
-/// Notes class `class_symbol_name` will be instantiated, or a static field
-/// belonging to it will be accessed. Also notes that its static initializer is
-/// therefore reachable.
-/// \par parameters: `class_symbol_name`: class name; must exist in symbol
-///   table.
-/// \return Returns true if `class_symbol_name` is new (not seen before).
-bool ci_lazy_methodst::add_needed_class(const irep_idt &class_symbol_name)
+/// Build up a list of methods whose type may be passed around reachable
+/// from the entry point.
+/// \param entry_points: list of fully-qualified function names that
+///   we should assume are reachable
+/// \param ns: global namespace
+/// \param ch: global class hierarchy
+/// \param pointer_type_selector: The pointer_type_selector used to find out
+///   what other classes may be used for pointers
+/// \param [out] lazy_methods: Populated with all Java reference types whose
+///   references may be passed, directly or indirectly, to any of the functions
+///   in `entry_points`.
+void ci_lazy_methodst::initialize_needed_classes(
+  const std::vector<irep_idt> &entry_points,
+  const namespacet &ns,
+  ci_lazy_methods_neededt &lazy_methods)
 {
-  if(!needed_classes.insert(class_symbol_name).second)
-    return false;
-  const irep_idt clinit_name(id2string(class_symbol_name)+".<clinit>:()V");
-  if(symbol_table.symbols.count(clinit_name))
-    add_needed_method(clinit_name);
-  return true;
+  for(const auto &mname : entry_points)
+  {
+    const auto &symbol=ns.lookup(mname);
+    const auto &mtype=to_code_type(symbol.type);
+    for(const auto &param : mtype.parameters())
+    {
+      if(param.type().id()==ID_pointer)
+      {
+        const pointer_typet &original_pointer=to_pointer_type(param.type());
+        initialize_needed_classes_from_pointer(
+          original_pointer, ns, lazy_methods);
+      }
+    }
+  }
+
+  // Also add classes whose instances are magically
+  // created by the JVM and so won't be spotted by
+  // looking for constructors and calls as usual:
+  lazy_methods.add_needed_class("java::java.lang.String");
+  lazy_methods.add_needed_class("java::java.lang.Class");
+  lazy_methods.add_needed_class("java::java.lang.Object");
 }
+
+/// Build up list of methods for types for a specific pointer type. See
+/// `initialize_needed_classes` for more details.
+/// \param pointer_type: The type to gather methods for.
+/// \param ns: global namespace
+/// \param ch: global class hierarchy
+/// \param [out] lazy_methods: Populated with all Java reference types whose
+///   references may be passed, directly or indirectly, to any of the functions
+///   in `entry_points
+void ci_lazy_methodst::initialize_needed_classes_from_pointer(
+  const pointer_typet &pointer_type,
+  const namespacet &ns,
+  ci_lazy_methods_neededt &lazy_methods)
+{
+  const symbol_typet &class_type=to_symbol_type(pointer_type.subtype());
+  const auto &param_classid=class_type.get_identifier();
+
+  lazy_methods.add_needed_class(param_classid);
+
+  gather_field_types(pointer_type.subtype(), ns, lazy_methods);
+}
+
+/// Get places where virtual functions are called.
+/// \param e: expression tree to search
+/// \param [out] results: filled with pointers to each function call within
+///   e that calls a virtual function.
+void ci_lazy_methodst::gather_virtual_callsites(
+  const exprt &e,
+  std::vector<const code_function_callt *> &result)
+{
+  if(e.id()!=ID_code)
+    return;
+  const codet &c=to_code(e);
+  if(c.get_statement()==ID_function_call &&
+     to_code_function_call(c).function().id()==ID_virtual_function)
+  {
+    result.push_back(&to_code_function_call(c));
+  }
+  else
+  {
+    for(const exprt &op : e.operands())
+      gather_virtual_callsites(op, result);
+  }
+}
+
+/// Find possible callees, excluding types that are not known to be
+/// instantiated.
+/// \param c: function call whose potential target functions should
+///   be determined.
+/// \param needed_classes: set of classes that can be instantiated. Any
+///   potential callee not in this set will be ignored.
+/// \param symbol_table: global symbol table
+/// \param [out] needed_methods: Populated with all possible `c` callees, taking
+///   `needed_classes` into account (virtual function overrides defined on
+///   classes that are not 'needed' are ignored)
+void ci_lazy_methodst::get_virtual_method_targets(
+  const code_function_callt &c,
+  const std::set<irep_idt> &needed_classes,
+  std::vector<irep_idt> &needed_methods,
+  symbol_tablet &symbol_table)
+{
+  const auto &called_function=c.function();
+  PRECONDITION(called_function.id()==ID_virtual_function);
+
+  const auto &call_class=called_function.get(ID_C_class);
+  INVARIANT(
+    !call_class.empty(), "All virtual calls should be aimed at a class");
+  const auto &call_basename=called_function.get(ID_component_name);
+  INVARIANT(
+    !call_basename.empty(),
+    "Virtual function must have a reasonable name after removing class");
+
+  auto old_size=needed_methods.size();
+
+  const irep_idt &self_method=
+    get_virtual_method_target(
+      needed_classes, call_basename, call_class, symbol_table);
+
+  if(!self_method.empty())
+  {
+    needed_methods.push_back(self_method);
+  }
+
+  auto child_classes=class_hierarchy.get_children_trans(call_class);
+  for(const auto &child_class : child_classes)
+  {
+    auto child_method=
+      get_virtual_method_target(
+        needed_classes,
+        call_basename,
+        child_class,
+        symbol_table);
+    if(!child_method.empty())
+      needed_methods.push_back(child_method);
+  }
+
+  if(needed_methods.size()==old_size)
+  {
+    // Didn't find any candidate callee. Generate a stub.
+    std::string stubname=id2string(call_class)+"."+id2string(call_basename);
+    symbolt symbol;
+    symbol.name=stubname;
+    symbol.base_name=call_basename;
+    symbol.type=c.function().type();
+    symbol.value.make_nil();
+    symbol.mode=ID_java;
+    symbol_table.add(symbol);
+  }
+}
+
+/// See output
+/// \param e: expression tree to search
+/// \param symbol_table: global symbol table
+/// \param [out] needed: Populated with global variable symbols referenced from
+/// `e` or its children.
+void ci_lazy_methodst::gather_needed_globals(
+  const exprt &e,
+  const symbol_tablet &symbol_table,
+  symbol_tablet &needed)
+{
+  if(e.id()==ID_symbol)
+  {
+    // If the symbol isn't in the symbol table at all, then it is defined
+    // on an opaque type (i.e. we don't have the class definition at this point)
+    // and will be created during the typecheck phase.
+    // We don't mark it as 'needed' as it doesn't exist yet to keep.
+    auto findit=symbol_table.symbols.find(to_symbol_expr(e).get_identifier());
+    if(findit!=symbol_table.symbols.end() &&
+       findit->second.is_static_lifetime)
+    {
+      needed.add(findit->second);
+    }
+  }
+  else
+    forall_operands(opit, e)
+      gather_needed_globals(*opit, symbol_table, needed);
+}
+
+/// See param lazy_methods
+/// \param class_type: root of class tree to search
+/// \param ns: global namespace
+/// \param [out] lazy_methods: Popualted with all Java reference types reachable
+///   starting at `class_type`. For example if `class_type` is
+///   `symbol_typet("java::A")` and A has a B field, then `B` (but not `A`) will
+///   noted as a needed class.
+void ci_lazy_methodst::gather_field_types(
+  const typet &class_type,
+  const namespacet &ns,
+  ci_lazy_methods_neededt &lazy_methods)
+{
+  const auto &underlying_type=to_struct_type(ns.follow(class_type));
+  for(const auto &field : underlying_type.components())
+  {
+    if(field.type().id()==ID_struct || field.type().id()==ID_symbol)
+      gather_field_types(field.type(), ns, lazy_methods);
+    else if(field.type().id()==ID_pointer)
+    {
+      // Skip array primitive pointers, for example:
+      if(field.type().subtype().id()!=ID_symbol)
+        continue;
+      initialize_needed_classes_from_pointer(
+        to_pointer_type(field.type()), ns, lazy_methods);
+    }
+  }
+}
+
+/// Find a virtual callee, if one is defined and the callee type is known to
+/// exist.
+/// \param needed_classes: set of classes that can be instantiated.
+///   Any potential callee not in this set will be ignored.
+/// \param call_basename: unqualified function name with type signature (e.g.
+///   "f:(I)")
+/// \param classname: class name that may define or override a function named
+///   `call_basename`.
+/// \param symbol_table: global symtab
+/// \return Returns the fully qualified name of `classname`'s definition of
+///   `call_basename` if found and `classname` is present in `needed_classes`,
+///   or irep_idt() otherwise.
+irep_idt ci_lazy_methodst::get_virtual_method_target(
+  const std::set<irep_idt> &needed_classes,
+  const irep_idt &call_basename,
+  const irep_idt &classname,
+  const symbol_tablet &symbol_table)
+{
+  // Program-wide, is this class ever instantiated?
+  if(!needed_classes.count(classname))
+    return irep_idt();
+
+  resolve_concrete_function_callt call_resolver(symbol_table, class_hierarchy);
+  const resolve_concrete_function_callt ::concrete_function_callt &
+    resolved_call=call_resolver(classname, call_basename);
+
+  if(resolved_call.is_valid())
+    return resolved_call.get_virtual_method_name();
+  else
+    return irep_idt();
+}
+
diff --git a/src/java_bytecode/ci_lazy_methods.h b/src/java_bytecode/ci_lazy_methods.h
index e64a3f2467c..cd4672e27ae 100644
--- a/src/java_bytecode/ci_lazy_methods.h
+++ b/src/java_bytecode/ci_lazy_methods.h
@@ -1,49 +1,107 @@
 /*******************************************************************\
 
-Module: Context-insensitive lazy methods container
+ Module: Java Bytecode
 
-Author: Chris Smowton, chris.smowton@diffblue.com
+ Author: DiffBlue Limited. All rights reserved.
 
 \*******************************************************************/
 
 /// \file
-/// Context-insensitive lazy methods container
+/// Collect methods needed to be loaded using the lazy method
 
-#ifndef CPROVER_JAVA_BYTECODE_CI_LAZY_METHODS_H
-#define CPROVER_JAVA_BYTECODE_CI_LAZY_METHODS_H
+#ifndef CPROVER_JAVA_BYTECODE_GATHER_METHODS_LAZILY_H
+#define CPROVER_JAVA_BYTECODE_GATHER_METHODS_LAZILY_H
 
-#include <vector>
-#include <set>
+#include <map>
+#include <functional>
+
+#include <util/irep.h>
 #include <util/symbol_table.h>
+#include <util/message.h>
+#include <goto-programs/class_hierarchy.h>
+#include <java_bytecode/java_bytecode_parse_tree.h>
+#include <java_bytecode/java_class_loader.h>
+#include <java_bytecode/ci_lazy_methods_needed.h>
+
+class java_string_library_preprocesst;
+
+typedef std::pair<
+          const symbolt *,
+          const java_bytecode_parse_treet::methodt *>
+  lazy_method_valuet;
+
+typedef std::map<irep_idt, lazy_method_valuet>
+  lazy_methodst;
 
-class ci_lazy_methodst
+class ci_lazy_methodst:public messaget
 {
 public:
   ci_lazy_methodst(
-    std::vector<irep_idt> &_needed_methods,
-    std::set<irep_idt> &_needed_classes,
-    symbol_tablet &_symbol_table):
-  needed_methods(_needed_methods),
-  needed_classes(_needed_classes),
-  symbol_table(_symbol_table)
-  {}
-
-  void add_needed_method(const irep_idt &);
-  // Returns true if new
-  bool add_needed_class(const irep_idt &);
+    const symbol_tablet &symbol_table,
+    const irep_idt &main_class,
+    const std::vector<irep_idt> &main_jar_classes,
+    const std::vector<irep_idt> &lazy_methods_extra_entry_points,
+    java_class_loadert &java_class_loader,
+    message_handlert &message_handler);
+
+  // not const since messaget
+  bool operator()(
+    symbol_tablet &symbol_table,
+    lazy_methodst &lazy_methods,
+    std::function<void(
+      const symbolt &,
+      const java_bytecode_parse_treet::methodt &,
+      ci_lazy_methods_neededt)> method_converter);
 
 private:
-  // needed_methods is a vector because it's used as a work-list
-  // which is periodically cleared. It can't be relied upon to
-  // contain all methods that have previously been elaborated.
-  // It should be changed to a set if we develop the need to use
-  // it that way.
-  std::vector<irep_idt> &needed_methods;
-  // needed_classes on the other hand is a true set of every class
-  // found so far, so we can use a membership test to avoid
-  // repeatedly exploring a class hierarchy.
-  std::set<irep_idt> &needed_classes;
-  symbol_tablet &symbol_table;
+  void resolve_method_names(
+    std::vector<irep_idt> &methods,
+    const symbol_tablet &symbol_table);
+
+  void initialize_needed_classes(
+    const std::vector<irep_idt> &entry_points,
+    const namespacet &ns,
+    ci_lazy_methods_neededt &lazy_methods);
+
+  void initialize_needed_classes_from_pointer(
+    const pointer_typet &pointer_type,
+    const namespacet &ns,
+    ci_lazy_methods_neededt &lazy_methods);
+
+  void gather_virtual_callsites(
+    const exprt &e,
+    std::vector<const code_function_callt *> &result);
+
+  void get_virtual_method_targets(
+    const code_function_callt &c,
+    const std::set<irep_idt> &needed_classes,
+    std::vector<irep_idt> &needed_methods,
+    symbol_tablet &symbol_table);
+
+  void gather_needed_globals(
+    const exprt &e,
+    const symbol_tablet &symbol_table,
+    symbol_tablet &needed);
+
+  void gather_field_types(const typet &class_type,
+    const namespacet &ns,
+    ci_lazy_methods_neededt &lazy_methods);
+
+  irep_idt get_virtual_method_target(
+    const std::set<irep_idt> &needed_classes,
+    const irep_idt &call_basename,
+    const irep_idt &classname,
+    const symbol_tablet &symbol_table);
+
+  static irep_idt build_virtual_method_name(
+    const irep_idt &class_name,
+    const irep_idt &component_method_name);
+
+  class_hierarchyt class_hierarchy;
+  const irep_idt main_class;
+  const std::vector<irep_idt> main_jar_classes;
+  const std::vector<irep_idt> lazy_methods_extra_entry_points;
+  java_class_loadert &java_class_loader;
 };
 
-#endif
+#endif // CPROVER_JAVA_BYTECODE_GATHER_METHODS_LAZILY_H
diff --git a/src/java_bytecode/ci_lazy_methods_needed.cpp b/src/java_bytecode/ci_lazy_methods_needed.cpp
new file mode 100644
index 00000000000..e7ee2cf8510
--- /dev/null
+++ b/src/java_bytecode/ci_lazy_methods_needed.cpp
@@ -0,0 +1,41 @@
+/*******************************************************************\
+
+Module: Context-insensitive lazy methods container
+
+Author: Chris Smowton, chris.smowton@diffblue.com
+
+\*******************************************************************/
+
+/// \file
+/// Context-insensitive lazy methods container
+
+#include "ci_lazy_methods.h"
+
+#include <string>
+
+/// Notes `method_symbol_name` is referenced from some reachable function, and
+/// should therefore be elaborated.
+/// \par parameters: `method_symbol_name`: method name; must exist in symbol
+///   table.
+void ci_lazy_methods_neededt::add_needed_method(
+  const irep_idt &method_symbol_name)
+{
+  needed_methods.push_back(method_symbol_name);
+}
+
+/// Notes class `class_symbol_name` will be instantiated, or a static field
+/// belonging to it will be accessed. Also notes that its static initializer is
+/// therefore reachable.
+/// \par parameters: `class_symbol_name`: class name; must exist in symbol
+///   table.
+/// \return Returns true if `class_symbol_name` is new (not seen before).
+bool ci_lazy_methods_neededt::add_needed_class(
+  const irep_idt &class_symbol_name)
+{
+  if(!needed_classes.insert(class_symbol_name).second)
+    return false;
+  const irep_idt clinit_name(id2string(class_symbol_name)+".<clinit>:()V");
+  if(symbol_table.symbols.count(clinit_name))
+    add_needed_method(clinit_name);
+  return true;
+}
diff --git a/src/java_bytecode/ci_lazy_methods_needed.h b/src/java_bytecode/ci_lazy_methods_needed.h
new file mode 100644
index 00000000000..acb48d5a115
--- /dev/null
+++ b/src/java_bytecode/ci_lazy_methods_needed.h
@@ -0,0 +1,49 @@
+/*******************************************************************\
+
+Module: Context-insensitive lazy methods container
+
+Author: Chris Smowton, chris.smowton@diffblue.com
+
+\*******************************************************************/
+
+/// \file
+/// Context-insensitive lazy methods container
+
+#ifndef CPROVER_JAVA_BYTECODE_CI_LAZY_METHODS_H
+#define CPROVER_JAVA_BYTECODE_CI_LAZY_METHODS_H
+
+#include <vector>
+#include <set>
+#include <util/symbol_table.h>
+
+class ci_lazy_methods_neededt
+{
+public:
+  ci_lazy_methods_neededt(
+    std::vector<irep_idt> &_needed_methods,
+    std::set<irep_idt> &_needed_classes,
+    symbol_tablet &_symbol_table):
+  needed_methods(_needed_methods),
+  needed_classes(_needed_classes),
+  symbol_table(_symbol_table)
+  {}
+
+  void add_needed_method(const irep_idt &);
+  // Returns true if new
+  bool add_needed_class(const irep_idt &);
+
+private:
+  // needed_methods is a vector because it's used as a work-list
+  // which is periodically cleared. It can't be relied upon to
+  // contain all methods that have previously been elaborated.
+  // It should be changed to a set if we develop the need to use
+  // it that way.
+  std::vector<irep_idt> &needed_methods;
+  // needed_classes on the other hand is a true set of every class
+  // found so far, so we can use a membership test to avoid
+  // repeatedly exploring a class hierarchy.
+  std::set<irep_idt> &needed_classes;
+  symbol_tablet &symbol_table;
+};
+
+#endif
diff --git a/src/java_bytecode/gather_methods_lazily.cpp b/src/java_bytecode/gather_methods_lazily.cpp
deleted file mode 100644
index 6cf752cd92b..00000000000
--- a/src/java_bytecode/gather_methods_lazily.cpp
+++ /dev/null
@@ -1,483 +0,0 @@
-/*******************************************************************\
-
- Module: Java Bytecode
-
- Author: DiffBlue Limited. All rights reserved.
-
-\*******************************************************************/
-#include "gather_methods_lazily.h"
-
-
-#include <java_bytecode/java_entry_point.h>
-#include <java_bytecode/java_class_loader.h>
-#include <java_bytecode/java_utils.h>
-#include <util/safe_pointer.h>
-#include <util/suffix.h>
-#include <java_bytecode/java_string_library_preprocess.h>
-
-#include <goto-programs/resolve_concrete_function_call.h>
-
-
-gather_methods_lazilyt::gather_methods_lazilyt(
-  const symbol_tablet &symbol_table,
-  const irep_idt &main_class,
-  const std::vector<irep_idt> &main_jar_classes,
-  const std::vector<irep_idt> &lazy_methods_extra_entry_points,
-  java_class_loadert &java_class_loader,
-  message_handlert &message_handler):
-    messaget(message_handler),
-    main_class(main_class),
-    main_jar_classes(main_jar_classes),
-    lazy_methods_extra_entry_points(lazy_methods_extra_entry_points),
-    java_class_loader(java_class_loader)
-{
-  // build the class hierarclass_hierarchyy
-  class_hierarchy(symbol_table);
-}
-
-/// Uses a simple context-insensitive ('ci') analysis to determine which methods
-/// may be reachable from the main entry point. In brief, static methods are
-/// reachable if we find a callsite in another reachable site, while virtual
-/// methods are reachable if we find a virtual callsite targeting a compatible
-/// type *and* a constructor callsite indicating an object of that type may be
-/// instantiated (or evidence that an object of that type exists before the main
-/// function is entered, such as being passed as a parameter).
-/// Elaborates lazily-converted methods that may be reachable starting
-/// from the main entry point (usually provided with the --function command-
-/// line option
-/// \param symbol_table: global symbol table
-/// \param [out] lazy_methods: map from method names to relevant symbol and
-///   parsed-method objects.
-/// \return Returns false on success
-bool gather_methods_lazilyt::operator()(
-  symbol_tablet &symbol_table,
-  lazy_methodst &lazy_methods,
-  std::function<void(
-    const symbolt &,
-    const java_bytecode_parse_treet::methodt &,
-    ci_lazy_methodst)> method_converter)
-{
-  std::vector<irep_idt> method_worklist1;
-  std::vector<irep_idt> method_worklist2;
-
-  auto main_function=
-    get_main_symbol(symbol_table, main_class, get_message_handler(), true);
-  if(main_function.stop_convert)
-  {
-    // Failed, mark all functions in the given main class(es) reaclass_hierarchyable.
-    std::vector<irep_idt> reaclass_hierarchyable_classes;
-    if(!main_class.empty())
-      reaclass_hierarchyable_classes.push_back(main_class);
-    else
-      reaclass_hierarchyable_classes=main_jar_classes;
-    for(const auto &classname : reaclass_hierarchyable_classes)
-    {
-      const auto &methods=
-        java_class_loader.class_map.at(classname).parsed_class.methods;
-      for(const auto &method : methods)
-      {
-        const irep_idt methodid="java::"+id2string(classname)+"."+
-          id2string(method.name)+":"+
-          id2string(method.signature);
-        method_worklist2.push_back(methodid);
-      }
-    }
-  }
-  else
-    method_worklist2.push_back(main_function.main_function.name);
-
-  // Add any extra entry points specified; we should elaborate these in the
-  // same way as the main function.
-  std::vector<irep_idt> extra_entry_points=lazy_methods_extra_entry_points;
-  resolve_method_names(extra_entry_points, symbol_table);
-  method_worklist2.insert(
-    method_worklist2.begin(),
-    extra_entry_points.begin(),
-    extra_entry_points.end());
-
-  std::set<irep_idt> needed_classes;
-
-  {
-    std::vector<irep_idt> needed_clinits;
-    ci_lazy_methodst initial_lazy_methods(
-      needed_clinits,
-      needed_classes,
-      symbol_table);
-    initialize_needed_classes(
-      method_worklist2,
-      namespacet(symbol_table),
-      initial_lazy_methods);
-    method_worklist2.insert(
-      method_worklist2.end(),
-      needed_clinits.begin(),
-      needed_clinits.end());
-  }
-
-  std::set<irep_idt> methods_already_populated;
-  std::vector<const code_function_callt *> virtual_callsites;
-
-  bool any_new_methods;
-  do
-  {
-    any_new_methods=false;
-    while(!method_worklist2.empty())
-    {
-      std::swap(method_worklist1, method_worklist2);
-      for(const auto &mname : method_worklist1)
-      {
-        if(!methods_already_populated.insert(mname).second)
-          continue;
-        auto findit=lazy_methods.find(mname);
-        if(findit==lazy_methods.end())
-        {
-          debug() << "Skip " << mname << eom;
-          continue;
-        }
-        debug() << "CI lazy methods: elaborate " << mname << eom;
-        const auto &parsed_method=findit->second;
-        // Note this wraps *references* to method_worklist2, needed_classes:
-        ci_lazy_methodst new_lazy_methods(
-          method_worklist2,
-          needed_classes,
-          symbol_table);
-        method_converter(
-          *parsed_method.first, *parsed_method.second, new_lazy_methods);
-        gather_virtual_callsites(
-          symbol_table.lookup(mname).value,
-          virtual_callsites);
-        any_new_methods=true;
-      }
-      method_worklist1.clear();
-    }
-
-    // Given the object types we now know may be created, populate more
-    // possible virtual function call targets:
-
-    debug() << "CI lazy methods: add virtual method targets ("
-            << virtual_callsites.size()
-            << " callsites)"
-            << eom;
-
-    for(const auto &callsite : virtual_callsites)
-    {
-      // This will also create a stub if a virtual callsite has no targets.
-      get_virtual_method_targets(
-        *callsite,
-        needed_classes,
-        method_worklist2,
-        symbol_table);
-    }
-  }
-  while(any_new_methods);
-
-  // Remove symbols for methods that were declared but never used:
-  symbol_tablet keep_symbols;
-
-  for(const auto &sym : symbol_table.symbols)
-  {
-    if(sym.second.is_static_lifetime)
-      continue;
-    if(lazy_methods.count(sym.first) &&
-       !methods_already_populated.count(sym.first))
-    {
-      continue;
-    }
-    if(sym.second.type.id()==ID_code)
-      gather_needed_globals(sym.second.value, symbol_table, keep_symbols);
-    keep_symbols.add(sym.second);
-  }
-
-  debug() << "CI lazy methods: removed "
-          << symbol_table.symbols.size() - keep_symbols.symbols.size()
-          << " unreaclass_hierarchyable methods and globals"
-          << eom;
-
-  symbol_table.swap(keep_symbols);
-
-  return false;
-}
-
-/// Translates the given list of method names from human-readable to
-/// internal syntax.
-/// Expands any wildcards (entries ending in '.*') in the given method
-/// list to include all non-static methods defined on the given class.
-/// \param [in, out] methods: List of methods to expand. Any wildcard entries
-///   will be deleted and the expanded entries appended to the end.
-/// \param symbol_table: global symbol table
-void gather_methods_lazilyt::resolve_method_names(
-  std::vector<irep_idt> &methods,
-  const symbol_tablet &symbol_table)
-{
-  std::vector<irep_idt> new_methods;
-  for(const irep_idt &method : methods)
-  {
-    const std::string &method_str=id2string(method);
-    if(!has_suffix(method_str, ".*"))
-    {
-      std::string error_message;
-      irep_idt internal_name=
-        resolve_friendly_method_name(
-          method_str,
-          symbol_table,
-          error_message);
-      if(internal_name==irep_idt())
-        throw "entry point "+error_message;
-      new_methods.push_back(internal_name);
-    }
-    else
-    {
-      irep_idt classname="java::"+method_str.substr(0, method_str.length()-2);
-      if(!symbol_table.has_symbol(classname))
-        throw "wildcard entry point '"+method_str+"': unknown class";
-
-      for(const auto &name_symbol : symbol_table.symbols)
-      {
-        if(name_symbol.second.type.id()!=ID_code)
-          continue;
-        if(!to_code_type(name_symbol.second.type).has_this())
-          continue;
-        if(has_prefix(id2string(name_symbol.first), id2string(classname)))
-          new_methods.push_back(name_symbol.first);
-      }
-    }
-  }
-
-  methods=std::move(new_methods);
-}
-
-/// Build up a list of methods whose type may be passed around reachable
-/// from the entry point.
-/// \param entry_points: list of fully-qualified function names that
-///   we should assume are reachable
-/// \param ns: global namespace
-/// \param ch: global class hierarchy
-/// \param pointer_type_selector: The pointer_type_selector used to find out
-///   what other classes may be used for pointers
-/// \param [out] lazy_methods: Populated with all Java reference types whose
-///   references may be passed, directly or indirectly, to any of the functions
-///   in `entry_points`.
-void gather_methods_lazilyt::initialize_needed_classes(
-  const std::vector<irep_idt> &entry_points,
-  const namespacet &ns,
-  ci_lazy_methodst &lazy_methods)
-{
-  for(const auto &mname : entry_points)
-  {
-    const auto &symbol=ns.lookup(mname);
-    const auto &mtype=to_code_type(symbol.type);
-    for(const auto &param : mtype.parameters())
-    {
-      if(param.type().id()==ID_pointer)
-      {
-        const pointer_typet &original_pointer=to_pointer_type(param.type());
-        initialize_needed_classes_from_pointer(
-          original_pointer, ns, lazy_methods);
-      }
-    }
-  }
-
-  // Also add classes whose instances are magically
-  // created by the JVM and so won't be spotted by
-  // looking for constructors and calls as usual:
-  lazy_methods.add_needed_class("java::java.lang.String");
-  lazy_methods.add_needed_class("java::java.lang.Class");
-  lazy_methods.add_needed_class("java::java.lang.Object");
-}
-
-/// Build up list of methods for types for a specific pointer type. See
-/// `initialize_needed_classes` for more details.
-/// \param pointer_type: The type to gather methods for.
-/// \param ns: global namespace
-/// \param ch: global class hierarchy
-/// \param [out] lazy_methods: Populated with all Java reference types whose
-///   references may be passed, directly or indirectly, to any of the functions
-///   in `entry_points
-void gather_methods_lazilyt::initialize_needed_classes_from_pointer(
-  const pointer_typet &pointer_type,
-  const namespacet &ns,
-  ci_lazy_methodst &lazy_methods)
-{
-  const symbol_typet &class_type=to_symbol_type(pointer_type.subtype());
-  const auto &param_classid=class_type.get_identifier();
-
-  lazy_methods.add_needed_class(param_classid);
-
-  gather_field_types(pointer_type.subtype(), ns, lazy_methods);
-}
-
-/// Get places where virtual functions are called.
-/// \param e: expression tree to search
-/// \param [out] results: filled with pointers to each function call within
-///   e that calls a virtual function.
-void gather_methods_lazilyt::gather_virtual_callsites(
-  const exprt &e,
-  std::vector<const code_function_callt *> &result)
-{
-  if(e.id()!=ID_code)
-    return;
-  const codet &c=to_code(e);
-  if(c.get_statement()==ID_function_call &&
-     to_code_function_call(c).function().id()==ID_virtual_function)
-  {
-    result.push_back(&to_code_function_call(c));
-  }
-  else
-  {
-    for(const exprt &op : e.operands())
-      gather_virtual_callsites(op, result);
-  }
-}
-
-/// Find possible callees, excluding types that are not known to be
-/// instantiated.
-/// \param c: function call whose potential target functions should
-///   be determined.
-/// \param needed_classes: set of classes that can be instantiated. Any potential
-///   callee not in this set will be ignored.
-/// \param symbol_table: global symbol table
-/// \param [out] needed_methods: Populated with all possible `c` callees, taking
-///   `needed_classes` into account (virtual function overrides defined on
-///   classes that are not 'needed' are ignored)
-void gather_methods_lazilyt::get_virtual_method_targets(
-  const code_function_callt &c,
-  const std::set<irep_idt> &needed_classes,
-  std::vector<irep_idt> &needed_methods,
-  symbol_tablet &symbol_table)
-{
-  const auto &called_function=c.function();
-  PRECONDITION(called_function.id()==ID_virtual_function);
-
-  const auto &call_class=called_function.get(ID_C_class);
-  INVARIANT(
-    !call_class.empty(), "All virtual calls should be aimed at a class");
-  const auto &call_basename=called_function.get(ID_component_name);
-  INVARIANT(
-    !call_basename.empty(),
-    "Virtual function must have a reasonable name after removing class");
-
-  auto old_size=needed_methods.size();
-
-  const irep_idt &self_method=
-    get_virtual_method_target(
-      needed_classes, call_basename, call_class, symbol_table);
-
-  if(!self_method.empty())
-  {
-    needed_methods.push_back(self_method);
-  }
-
-  auto child_classes=class_hierarchy.get_children_trans(call_class);
-  for(const auto &child_class : child_classes)
-  {
-    auto child_method=
-      get_virtual_method_target(
-        needed_classes,
-        call_basename,
-        child_class,
-        symbol_table);
-    if(!child_method.empty())
-      needed_methods.push_back(child_method);
-  }
-
-  if(needed_methods.size()==old_size)
-  {
-    // Didn't find any candidate callee. Generate a stub.
-    std::string stubname=id2string(call_class)+"."+id2string(call_basename);
-    symbolt symbol;
-    symbol.name=stubname;
-    symbol.base_name=call_basename;
-    symbol.type=c.function().type();
-    symbol.value.make_nil();
-    symbol.mode=ID_java;
-    symbol_table.add(symbol);
-  }
-}
-
-/// See output
-/// \param e: expression tree to search
-/// \param symbol_table: global symbol table
-/// \param [out] needed: Populated with global variable symbols referenced from
-/// `e` or its children.
-void gather_methods_lazilyt::gather_needed_globals(
-  const exprt &e,
-  const symbol_tablet &symbol_table,
-  symbol_tablet &needed)
-{
-  if(e.id()==ID_symbol)
-  {
-    // If the symbol isn't in the symbol table at all, then it is defined
-    // on an opaque type (i.e. we don't have the class definition at this point)
-    // and will be created during the typecheck phase.
-    // We don't mark it as 'needed' as it doesn't exist yet to keep.
-    auto findit=symbol_table.symbols.find(to_symbol_expr(e).get_identifier());
-    if(findit!=symbol_table.symbols.end() &&
-       findit->second.is_static_lifetime)
-    {
-      needed.add(findit->second);
-    }
-  }
-  else
-    forall_operands(opit, e)
-      gather_needed_globals(*opit, symbol_table, needed);
-}
-
-/// See param lazy_methods
-/// \param class_type: root of class tree to search
-/// \param ns: global namespace
-/// \param [out] lazy_methods: Popualted with all Java reference types reachable
-///   starting at `class_type`. For example if `class_type` is
-///   `symbol_typet("java::A")` and A has a B field, then `B` (but not `A`) will
-///   noted as a needed class.
-void gather_methods_lazilyt::gather_field_types(
-  const typet &class_type,
-  const namespacet &ns,
-  ci_lazy_methodst &lazy_methods)
-{
-  const auto &underlying_type=to_struct_type(ns.follow(class_type));
-  for(const auto &field : underlying_type.components())
-  {
-    if(field.type().id()==ID_struct || field.type().id()==ID_symbol)
-      gather_field_types(field.type(), ns, lazy_methods);
-    else if(field.type().id()==ID_pointer)
-    {
-      // Skip array primitive pointers, for example:
-      if(field.type().subtype().id()!=ID_symbol)
-        continue;
-      initialize_needed_classes_from_pointer(
-        to_pointer_type(field.type()), ns, lazy_methods);
-    }
-  }
-}
-
-/// Find a virtual callee, if one is defined and the callee type is known to
-/// exist.
-/// \param needed_classes: set of classes that can be instantiated.
-///   Any potential callee not in this set will be ignored.
-/// \param call_basename: unqualified function name with type signature (e.g.
-///   "f:(I)")
-/// \param classname: class name that may define or override a function named
-///   `call_basename`.
-/// \param symbol_table: global symtab
-/// \return Returns the fully qualified name of `classname`'s definition of
-///   `call_basename` if found and `classname` is present in `needed_classes`,
-///   or irep_idt() otherwise.
-irep_idt gather_methods_lazilyt::get_virtual_method_target(
-  const std::set<irep_idt> &needed_classes,
-  const irep_idt &call_basename,
-  const irep_idt &classname,
-  const symbol_tablet &symbol_table)
-{
-  // Program-wide, is this class ever instantiated?
-  if(!needed_classes.count(classname))
-    return irep_idt();
-
-  resolve_concrete_function_callt call_resolver(symbol_table, class_hierarchy);
-  const resolve_concrete_function_callt ::concrete_function_callt &
-    resolved_call=call_resolver(classname, call_basename);
-
-  if(resolved_call.is_valid())
-    return resolved_call.get_virtual_method_name();
-  else
-    return irep_idt();
-}
-
diff --git a/src/java_bytecode/gather_methods_lazily.h b/src/java_bytecode/gather_methods_lazily.h
deleted file mode 100644
index 8f2c699bb11..00000000000
--- a/src/java_bytecode/gather_methods_lazily.h
+++ /dev/null
@@ -1,107 +0,0 @@
-/*******************************************************************\
-
- Module: Java Bytecode
-
- Author: DiffBlue Limited. All rights reserved.
-
-\*******************************************************************/
-
-/// \file
-/// Collect methods needed to be loaded using the lazy method
-
-#ifndef CPROVER_JAVA_BYTECODE_GATHER_METHODS_LAZILY_H
-#define CPROVER_JAVA_BYTECODE_GATHER_METHODS_LAZILY_H
-
-#include <map>
-#include <functional>
-
-#include <util/irep.h>
-#include <util/symbol_table.h>
-#include <util/message.h>
-#include <goto-programs/class_hierarchy.h>
-#include <java_bytecode/java_bytecode_parse_tree.h>
-#include <java_bytecode/java_class_loader.h>
-#include <java_bytecode/ci_lazy_methods.h>
-
-class java_string_library_preprocesst;
-
-typedef std::pair<
-          const symbolt *,
-          const java_bytecode_parse_treet::methodt *>
-  lazy_method_valuet;
-
-typedef std::map<irep_idt, lazy_method_valuet>
-  lazy_methodst;
-
-class gather_methods_lazilyt:public messaget
-{
-public:
-  gather_methods_lazilyt(
-    const symbol_tablet &symbol_table,
-    const irep_idt &main_class,
-    const std::vector<irep_idt> &main_jar_classes,
-    const std::vector<irep_idt> &lazy_methods_extra_entry_points,
-    java_class_loadert &java_class_loader,
-    message_handlert &message_handler);
-
-  // not const since messaget
-  bool operator()(
-    symbol_tablet &symbol_table,
-    lazy_methodst &lazy_methods,
-    std::function<void(
-      const symbolt &,
-      const java_bytecode_parse_treet::methodt &,
-      ci_lazy_methodst)> method_converter);
-
-private:
-  void resolve_method_names(
-    std::vector<irep_idt> &methods,
-    const symbol_tablet &symbol_table);
-
-  void initialize_needed_classes(
-    const std::vector<irep_idt> &entry_points,
-    const namespacet &ns,
-    ci_lazy_methodst &lazy_methods);
-
-  void initialize_needed_classes_from_pointer(
-    const pointer_typet &pointer_type,
-    const namespacet &ns,
-    ci_lazy_methodst &lazy_methods);
-
-  void gather_virtual_callsites(
-    const exprt &e,
-    std::vector<const code_function_callt *> &result);
-
-  void get_virtual_method_targets(
-    const code_function_callt &c,
-    const std::set<irep_idt> &needed_classes,
-    std::vector<irep_idt> &needed_methods,
-    symbol_tablet &symbol_table);
-
-  void gather_needed_globals(
-    const exprt &e,
-    const symbol_tablet &symbol_table,
-    symbol_tablet &needed);
-
-  void gather_field_types(const typet &class_type,
-    const namespacet &ns,
-    ci_lazy_methodst &lazy_methods);
-
-  irep_idt get_virtual_method_target(
-    const std::set<irep_idt> &needed_classes,
-    const irep_idt &call_basename,
-    const irep_idt &classname,
-    const symbol_tablet &symbol_table);
-
-  static irep_idt build_virtual_method_name(
-    const irep_idt &class_name,
-    const irep_idt &component_method_name);
-
-  class_hierarchyt class_hierarchy;
-  const irep_idt main_class;
-  const std::vector<irep_idt> main_jar_classes;
-  const std::vector<irep_idt> lazy_methods_extra_entry_points;
-  java_class_loadert &java_class_loader;
-};
-
-#endif // CPROVER_JAVA_BYTECODE_GATHER_METHODS_LAZILY_H
diff --git a/src/java_bytecode/java_bytecode_convert_method.cpp b/src/java_bytecode/java_bytecode_convert_method.cpp
index fc69ff64e2f..fda227dce27 100644
--- a/src/java_bytecode/java_bytecode_convert_method.cpp
+++ b/src/java_bytecode/java_bytecode_convert_method.cpp
@@ -2693,7 +2693,7 @@ void java_bytecode_convert_method(
   symbol_tablet &symbol_table,
   message_handlert &message_handler,
   size_t max_array_length,
-  safe_pointer<ci_lazy_methodst> lazy_methods,
+  safe_pointer<ci_lazy_methods_neededt> lazy_methods,
   java_string_library_preprocesst &string_preprocess)
 {
   static const std::unordered_set<std::string> methods_to_ignore
diff --git a/src/java_bytecode/java_bytecode_convert_method.h b/src/java_bytecode/java_bytecode_convert_method.h
index ba0926e301a..6aa68810e60 100644
--- a/src/java_bytecode/java_bytecode_convert_method.h
+++ b/src/java_bytecode/java_bytecode_convert_method.h
@@ -18,7 +18,7 @@ Author: Daniel Kroening, kroening@kroening.com
 #include "java_string_library_preprocess.h"
 
 #include "java_bytecode_parse_tree.h"
-#include "ci_lazy_methods.h"
+#include <java_bytecode/ci_lazy_methods_needed.h>
 
 class class_hierarchyt;
 
@@ -28,7 +28,7 @@ void java_bytecode_convert_method(
   symbol_tablet &symbol_table,
   message_handlert &message_handler,
   size_t max_array_length,
-  safe_pointer<ci_lazy_methodst> lazy_methods,
+  safe_pointer<ci_lazy_methods_neededt> lazy_methods,
   java_string_library_preprocesst &string_preprocess);
 
 inline void java_bytecode_convert_method(
@@ -45,7 +45,7 @@ inline void java_bytecode_convert_method(
     symbol_table,
     message_handler,
     max_array_length,
-    safe_pointer<ci_lazy_methodst>::create_null(),
+    safe_pointer<ci_lazy_methods_neededt>::create_null(),
     string_preprocess);
 }
 
diff --git a/src/java_bytecode/java_bytecode_convert_method_class.h b/src/java_bytecode/java_bytecode_convert_method_class.h
index a8b04e8112c..3d60fdd483a 100644
--- a/src/java_bytecode/java_bytecode_convert_method_class.h
+++ b/src/java_bytecode/java_bytecode_convert_method_class.h
@@ -20,7 +20,7 @@ Author: Daniel Kroening, kroening@kroening.com
 #include <analyses/cfg_dominators.h>
 #include "java_bytecode_parse_tree.h"
 #include "java_bytecode_convert_class.h"
-#include "ci_lazy_methods.h"
+#include <java_bytecode/ci_lazy_methods_needed.h>
 
 #include <vector>
 #include <list>
@@ -35,7 +35,7 @@ class java_bytecode_convert_methodt:public messaget
     symbol_tablet &_symbol_table,
     message_handlert &_message_handler,
     size_t _max_array_length,
-    safe_pointer<ci_lazy_methodst> _lazy_methods,
+    safe_pointer<ci_lazy_methods_neededt> _lazy_methods,
     java_string_library_preprocesst &_string_preprocess):
     messaget(_message_handler),
     symbol_table(_symbol_table),
@@ -60,7 +60,7 @@ class java_bytecode_convert_methodt:public messaget
 protected:
   symbol_tablet &symbol_table;
   const size_t max_array_length;
-  safe_pointer<ci_lazy_methodst> lazy_methods;
+  safe_pointer<ci_lazy_methods_neededt> lazy_methods;
 
   /// Fully qualified name of the method under translation.
   /// Initialized by `convert`.
diff --git a/src/java_bytecode/java_bytecode_language.cpp b/src/java_bytecode/java_bytecode_language.cpp
index 33d7d30fd49..9f7d206a278 100644
--- a/src/java_bytecode/java_bytecode_language.cpp
+++ b/src/java_bytecode/java_bytecode_language.cpp
@@ -29,7 +29,7 @@ Author: Daniel Kroening, kroening@kroening.com
 #include "java_bytecode_parser.h"
 #include "java_class_loader.h"
 #include "java_utils.h"
-#include "gather_methods_lazily.h"
+#include <java_bytecode/ci_lazy_methods.h>
 
 #include "expr2java.h"
 
@@ -258,7 +258,7 @@ bool java_bytecode_languaget::do_ci_lazy_method_conversion(
   const auto method_converter=[&](
     const symbolt &symbol,
     const java_bytecode_parse_treet::methodt &method,
-    ci_lazy_methodst new_lazy_methods)
+    ci_lazy_methods_neededt new_lazy_methods)
   {
     java_bytecode_convert_method(
       symbol,
@@ -266,11 +266,11 @@ bool java_bytecode_languaget::do_ci_lazy_method_conversion(
       symbol_table,
       get_message_handler(),
       max_user_array_length,
-      safe_pointer<ci_lazy_methodst>::create_non_null(&new_lazy_methods),
+      safe_pointer<ci_lazy_methods_neededt>::create_non_null(&new_lazy_methods),
       string_preprocess);
   };
 
-  gather_methods_lazilyt method_gather(
+  ci_lazy_methodst method_gather(
     symbol_table,
     main_class,
     main_jar_classes,

From ce41adece4722c4b55f8acfa3fe2968cf4fa70fb Mon Sep 17 00:00:00 2001
From: thk123 <thomas@diffblue.com>
Date: Mon, 14 Aug 2017 16:51:59 +0100
Subject: [PATCH 573/699] Tidying changes in ci_lazy_methods

Use a typedef for the function accepted for loading more methods.

Corrected doxy comments in ci_lazy_methods
---
 src/java_bytecode/ci_lazy_methods.cpp | 21 ++++++++-------------
 src/java_bytecode/ci_lazy_methods.h   | 10 ++++++----
 2 files changed, 14 insertions(+), 17 deletions(-)

diff --git a/src/java_bytecode/ci_lazy_methods.cpp b/src/java_bytecode/ci_lazy_methods.cpp
index 64d39783df8..a0388ec5dbe 100644
--- a/src/java_bytecode/ci_lazy_methods.cpp
+++ b/src/java_bytecode/ci_lazy_methods.cpp
@@ -48,14 +48,12 @@ ci_lazy_methodst::ci_lazy_methodst(
 /// \param symbol_table: global symbol table
 /// \param [out] lazy_methods: map from method names to relevant symbol and
 ///   parsed-method objects.
+/// \param method_converter: Function for converting methods on demand.
 /// \return Returns false on success
 bool ci_lazy_methodst::operator()(
   symbol_tablet &symbol_table,
   lazy_methodst &lazy_methods,
-  std::function<void(
-    const symbolt &,
-    const java_bytecode_parse_treet::methodt &,
-    ci_lazy_methods_neededt)> method_converter)
+  method_convertert method_converter)
 {
   std::vector<irep_idt> method_worklist1;
   std::vector<irep_idt> method_worklist2;
@@ -117,7 +115,7 @@ bool ci_lazy_methodst::operator()(
   std::set<irep_idt> methods_already_populated;
   std::vector<const code_function_callt *> virtual_callsites;
 
-  bool any_new_methods;
+  bool any_new_methods=false;
   do
   {
     any_new_methods=false;
@@ -251,9 +249,6 @@ void ci_lazy_methodst::resolve_method_names(
 /// \param entry_points: list of fully-qualified function names that
 ///   we should assume are reachable
 /// \param ns: global namespace
-/// \param ch: global class hierarchy
-/// \param pointer_type_selector: The pointer_type_selector used to find out
-///   what other classes may be used for pointers
 /// \param [out] lazy_methods: Populated with all Java reference types whose
 ///   references may be passed, directly or indirectly, to any of the functions
 ///   in `entry_points`.
@@ -289,7 +284,6 @@ void ci_lazy_methodst::initialize_needed_classes(
 /// `initialize_needed_classes` for more details.
 /// \param pointer_type: The type to gather methods for.
 /// \param ns: global namespace
-/// \param ch: global class hierarchy
 /// \param [out] lazy_methods: Populated with all Java reference types whose
 ///   references may be passed, directly or indirectly, to any of the functions
 ///   in `entry_points
@@ -308,7 +302,7 @@ void ci_lazy_methodst::initialize_needed_classes_from_pointer(
 
 /// Get places where virtual functions are called.
 /// \param e: expression tree to search
-/// \param [out] results: filled with pointers to each function call within
+/// \param [out] result: filled with pointers to each function call within
 ///   e that calls a virtual function.
 void ci_lazy_methodst::gather_virtual_callsites(
   const exprt &e,
@@ -367,10 +361,10 @@ void ci_lazy_methodst::get_virtual_method_targets(
     needed_methods.push_back(self_method);
   }
 
-  auto child_classes=class_hierarchy.get_children_trans(call_class);
+  const auto child_classes=class_hierarchy.get_children_trans(call_class);
   for(const auto &child_class : child_classes)
   {
-    auto child_method=
+    const auto child_method=
       get_virtual_method_target(
         needed_classes,
         call_basename,
@@ -410,7 +404,8 @@ void ci_lazy_methodst::gather_needed_globals(
     // on an opaque type (i.e. we don't have the class definition at this point)
     // and will be created during the typecheck phase.
     // We don't mark it as 'needed' as it doesn't exist yet to keep.
-    auto findit=symbol_table.symbols.find(to_symbol_expr(e).get_identifier());
+    const auto findit=
+      symbol_table.symbols.find(to_symbol_expr(e).get_identifier());
     if(findit!=symbol_table.symbols.end() &&
        findit->second.is_static_lifetime)
     {
diff --git a/src/java_bytecode/ci_lazy_methods.h b/src/java_bytecode/ci_lazy_methods.h
index cd4672e27ae..791aafb6dd9 100644
--- a/src/java_bytecode/ci_lazy_methods.h
+++ b/src/java_bytecode/ci_lazy_methods.h
@@ -33,6 +33,11 @@ typedef std::pair<
 typedef std::map<irep_idt, lazy_method_valuet>
   lazy_methodst;
 
+typedef std::function<void(
+  const symbolt &,
+  const java_bytecode_parse_treet::methodt &,
+  ci_lazy_methods_neededt)> method_convertert;
+
 class ci_lazy_methodst:public messaget
 {
 public:
@@ -48,10 +53,7 @@ class ci_lazy_methodst:public messaget
   bool operator()(
     symbol_tablet &symbol_table,
     lazy_methodst &lazy_methods,
-    std::function<void(
-      const symbolt &,
-      const java_bytecode_parse_treet::methodt &,
-      ci_lazy_methods_neededt)> method_converter);
+    method_convertert method_converter);
 
 private:
   void resolve_method_names(

From c2fba4016411bb8b2d9bad8ffb878ca7c5e6b9b5 Mon Sep 17 00:00:00 2001
From: thk123 <thomas@diffblue.com>
Date: Mon, 14 Aug 2017 17:05:47 +0100
Subject: [PATCH 574/699] Remove const that stops copying

---
 src/java_bytecode/ci_lazy_methods.h | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/java_bytecode/ci_lazy_methods.h b/src/java_bytecode/ci_lazy_methods.h
index 791aafb6dd9..8c83dfdccb7 100644
--- a/src/java_bytecode/ci_lazy_methods.h
+++ b/src/java_bytecode/ci_lazy_methods.h
@@ -100,9 +100,9 @@ class ci_lazy_methodst:public messaget
     const irep_idt &component_method_name);
 
   class_hierarchyt class_hierarchy;
-  const irep_idt main_class;
-  const std::vector<irep_idt> main_jar_classes;
-  const std::vector<irep_idt> lazy_methods_extra_entry_points;
+  irep_idt main_class;
+  std::vector<irep_idt> main_jar_classes;
+  std::vector<irep_idt> lazy_methods_extra_entry_points;
   java_class_loadert &java_class_loader;
 };
 

From e78822722593c46863cc10f0381e446d7cd52091 Mon Sep 17 00:00:00 2001
From: thk123 <thomas@diffblue.com>
Date: Mon, 14 Aug 2017 17:20:07 +0100
Subject: [PATCH 575/699] Tidy up convert method to remove unnecessary else
 statements

---
 src/java_bytecode/java_bytecode_convert_method.cpp | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/src/java_bytecode/java_bytecode_convert_method.cpp b/src/java_bytecode/java_bytecode_convert_method.cpp
index fda227dce27..d57cdeced7d 100644
--- a/src/java_bytecode/java_bytecode_convert_method.cpp
+++ b/src/java_bytecode/java_bytecode_convert_method.cpp
@@ -2748,10 +2748,10 @@ bool java_bytecode_convert_methodt::is_method_inherited(
     {
       return true;
     }
+
     // methods with the default access modifier are only
     // accessible within the same package.
-
-    else if(access==ID_default)
+    if(access==ID_default)
     {
       const std::string &class_package=
         java_class_to_package(id2string(classname));
@@ -2759,7 +2759,8 @@ bool java_bytecode_convert_methodt::is_method_inherited(
         java_class_to_package(id2string(resolved_call.get_class_identifier()));
       return method_package==class_package;
     }
-    else if(access==ID_private)
+
+    if(access==ID_private)
     {
       // This is somewhat contentious: previously this code would keep walking
       // up the parent if it found a private function. But this isn't what Java
@@ -2767,8 +2768,8 @@ bool java_bytecode_convert_methodt::is_method_inherited(
       // virtual signuate and blocks access to the parent class
       return false;
     }
-    else
-      INVARIANT(false, "Unexpected access modifier.");
+
+    INVARIANT(false, "Unexpected access modifier.");
   }
 
   return false;

From 2cf78c7f7a4f9eeabda3d493f4c0053336c55583 Mon Sep 17 00:00:00 2001
From: Vlastimil Zeman <vlastimil.zeman@diffblue.com>
Date: Tue, 15 Aug 2017 09:14:12 +0100
Subject: [PATCH 576/699] Add ccache for gcc builds

---
 .travis.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index 6882f1cd407..1dcbb7d02b3 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -37,7 +37,7 @@ jobs:
       before_install:
         - mkdir bin ; ln -s /usr/bin/gcc-5 bin/gcc
       # env: COMPILER=g++-5 SAN_FLAGS="-fsanitize=undefined -fno-sanitize-recover -fno-omit-frame-pointer"
-      env: COMPILER="g++-5"
+      env: COMPILER="ccache g++-5"
 
     # Alpine Linux with musl-libc using g++
     - stage: Test different OS/CXX/Flags
@@ -64,7 +64,7 @@ jobs:
         - mkdir bin ; ln -s /usr/bin/gcc bin/gcc
         - HOMEBREW_NO_AUTO_UPDATE=1 brew install ccache
         - export PATH=/usr/local/opt/ccache/libexec:$PATH
-      env: COMPILER=g++
+      env: COMPILER="ccache g++"
 
     # OS X using clang++
     - stage: Test different OS/CXX/Flags
@@ -97,7 +97,7 @@ jobs:
         - mkdir bin ; ln -s /usr/bin/gcc-5 bin/gcc
       # env: COMPILER=g++-5 SAN_FLAGS="-fsanitize=undefined -fno-sanitize-recover -fno-omit-frame-pointer"
       env:
-        - COMPILER="g++-5"
+        - COMPILER="ccache g++-5"
         - EXTRA_CXXFLAGS="-DDEBUG"
       script: echo "Not running any tests for a debug build."
 

From 92f70d6b51a6b9adc678819f3a45aaf890a8331b Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Fri, 11 Aug 2017 14:49:35 +0100
Subject: [PATCH 577/699] Add invariant helper that pretty-prints an irep

---
 regression/invariants/Makefile                |  3 +-
 regression/invariants/driver.cpp              |  4 ++
 .../invariants/invariant-failure13/test.desc  | 14 ++++++
 src/util/Makefile                             |  1 +
 src/util/invariant.cpp                        |  2 +-
 src/util/invariant_utils.cpp                  | 27 +++++++++++
 src/util/invariant_utils.h                    | 48 +++++++++++++++++++
 7 files changed, 97 insertions(+), 2 deletions(-)
 create mode 100644 regression/invariants/invariant-failure13/test.desc
 create mode 100644 src/util/invariant_utils.cpp
 create mode 100644 src/util/invariant_utils.h

diff --git a/regression/invariants/Makefile b/regression/invariants/Makefile
index b561a960830..96c4a9e8077 100644
--- a/regression/invariants/Makefile
+++ b/regression/invariants/Makefile
@@ -4,7 +4,8 @@ SRC = driver.cpp
 
 INCLUDES = -I ../../src
 
-OBJ += ../../src/util/util$(LIBEXT)
+OBJ += ../../src/big-int/big-int$(LIBEXT) \
+      ../../src/util/util$(LIBEXT)
 
 include ../../src/config.inc
 include ../../src/common
diff --git a/regression/invariants/driver.cpp b/regression/invariants/driver.cpp
index 824ae588c03..c0627bbd341 100644
--- a/regression/invariants/driver.cpp
+++ b/regression/invariants/driver.cpp
@@ -12,6 +12,8 @@ Author: Chris Smowton, chris.smowton@diffblue.com
 #include <string>
 #include <sstream>
 #include <util/invariant.h>
+#include <util/invariant_utils.h>
+#include <util/std_types.h>
 
 /// An example of structured invariants-- this contains fields to
 /// describe the error to a catcher, and also produces a human-readable
@@ -83,6 +85,8 @@ int main(int argc, char** argv)
     DATA_INVARIANT_STRUCTURED(false, structured_error_testt, 1, "Structured error"); // NOLINT
   else if(arg=="data-invariant-string")
     DATA_INVARIANT(false, "Test invariant failure");
+  else if(arg=="irep")
+    INVARIANT_WITH_IREP(false, "error with irep", pointer_typet(void_typet()));
   else
     return 1;
 }
diff --git a/regression/invariants/invariant-failure13/test.desc b/regression/invariants/invariant-failure13/test.desc
new file mode 100644
index 00000000000..331889e1eb7
--- /dev/null
+++ b/regression/invariants/invariant-failure13/test.desc
@@ -0,0 +1,14 @@
+CORE
+dummy_parameter.c
+irep
+^EXIT=(0|127|134|137)$
+^SIGNAL=0$
+--- begin invariant violation report ---
+Invariant check failed
+error with irep
+pointer
+0: empty
+^(Backtrace)|(Backtraces not supported)$
+--
+^warning: ignoring
+^VERIFICATION SUCCESSFUL$
diff --git a/src/util/Makefile b/src/util/Makefile
index 6a94cabdb88..fbea7fc6a57 100644
--- a/src/util/Makefile
+++ b/src/util/Makefile
@@ -31,6 +31,7 @@ SRC = arith_tools.cpp \
       irep_hash_container.cpp \
       irep_ids.cpp \
       irep_serialization.cpp \
+      invariant_utils.cpp \
       json.cpp \
       json_expr.cpp \
       json_irep.cpp \
diff --git a/src/util/invariant.cpp b/src/util/invariant.cpp
index d3f750041a3..835a00b4409 100644
--- a/src/util/invariant.cpp
+++ b/src/util/invariant.cpp
@@ -129,7 +129,7 @@ std::string invariant_failedt::get_invariant_failed_message(
       << " function " << function
       << " line " << line << '\n'
       << "Reason: " << reason
-      << "Backtrace:\n"
+      << "\nBacktrace:\n"
       << backtrace << '\n';
   return out.str();
 }
diff --git a/src/util/invariant_utils.cpp b/src/util/invariant_utils.cpp
new file mode 100644
index 00000000000..6e1c897da54
--- /dev/null
+++ b/src/util/invariant_utils.cpp
@@ -0,0 +1,27 @@
+/*******************************************************************\
+
+Module: Invariant helper utilities
+
+Author: Chris Smowton, chris.smowton@diffblue.com
+
+\*******************************************************************/
+
+/// \file
+/// Invariant helper utilities
+
+#include "invariant_utils.h"
+
+std::string pretty_print_invariant_with_irep(
+  const irept &problem_node,
+  const std::string &description)
+{
+  if(problem_node.is_nil())
+    return description;
+  else
+  {
+    std::string ret=description;
+    ret+="\nProblem irep:\n";
+    ret+=problem_node.pretty(0,0);
+    return ret;
+  }
+}
diff --git a/src/util/invariant_utils.h b/src/util/invariant_utils.h
new file mode 100644
index 00000000000..d448fedfeb3
--- /dev/null
+++ b/src/util/invariant_utils.h
@@ -0,0 +1,48 @@
+/*******************************************************************\
+
+Module: Invariant helper utilities
+
+Author: Chris Smowton, chris.smowton@diffblue.com
+
+\*******************************************************************/
+
+#ifndef CPROVER_UTIL_INVARIANT_TYPES_H
+#define CPROVER_UTIL_INVARIANT_TYPES_H
+
+#include "invariant.h"
+
+#include <util/irep.h>
+
+#include <string>
+
+/// Produces a plain string error description from an irep and some
+/// explanatory text. If `problem_node` is nil, returns `description`.
+/// \param problem_node: irep to pretty-print
+/// \param description: descriptive text to prepend
+/// \return error message
+std::string pretty_print_invariant_with_irep(
+  const irept &problem_node,
+  const std::string &description);
+
+/// Equivalent to
+/// `INVARIANT_STRUCTURED(CONDITION, invariant_failedt,
+///   pretty_print_invariant_with_irep(IREP, DESCRIPTION))`
+#define INVARIANT_WITH_IREP(CONDITION, DESCRIPTION, IREP)               \
+  INVARIANT_STRUCTURED(                                                 \
+    CONDITION,                                                          \
+    invariant_failedt,                                                  \
+    pretty_print_invariant_with_irep((IREP), (DESCRIPTION)))
+
+/// See `INVARIANT_WITH_IREP`
+#define PRECONDITION_WITH_IREP(CONDITION, DESCRIPTION, IREP) \
+  INVARIANT_WITH_IREP((CONDITION), (DESCRIPTION), (IREP))
+#define POSTCONDITION_WITH_IREP(CONDITION, DESCRIPTION, IREP) \
+  INVARIANT_WITH_IREP((CONDITION), (DESCRIPTION), (IREP))
+#define CHECK_RETURN_WITH_IREP(CONDITION, DESCRIPTION, IREP) \
+  INVARIANT_WITH_IREP((CONDITION), (DESCRIPTION), (IREP))
+#define UNREACHABLE_WITH_IREP(CONDITION, DESCRIPTION, IREP) \
+  INVARIANT_WITH_IREP((CONDITION), (DESCRIPTION), (IREP))
+#define DATA_INVARIANT_WITH_IREP(CONDITION, DESCRIPTION, IREP) \
+  INVARIANT_WITH_IREP((CONDITION), (DESCRIPTION), (IREP))
+
+#endif

From f628cc0e19f0e464f31e447053861231c4cf88ff Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Fri, 4 Aug 2017 09:39:47 +0100
Subject: [PATCH 578/699] Adapt allocate_dynamic_object_with_decl to its usage

The return value is never used.
Cast of malloc site is never used, so the option can be removed.
Since there is no cast, allocated type can then be deduced from the
target type.
This ensures we do not make mistake when passing the allocate type.
For instance preprocessing of String.format argument use to pass the
wrong type (pointer instead of referenced one).
---
 src/java_bytecode/java_object_factory.cpp     | 21 +++++++------------
 src/java_bytecode/java_object_factory.h       |  6 ++----
 .../java_string_library_preprocess.cpp        | 11 ++++------
 3 files changed, 13 insertions(+), 25 deletions(-)

diff --git a/src/java_bytecode/java_object_factory.cpp b/src/java_bytecode/java_object_factory.cpp
index 4d653eefc1a..6ba3c294a6a 100644
--- a/src/java_bytecode/java_object_factory.cpp
+++ b/src/java_bytecode/java_object_factory.cpp
@@ -178,7 +178,7 @@ class java_object_factoryt
 /// allocate_object() and also in the library preprocessing for allocating
 /// strings.
 /// \param target_expr: expression to which the necessary memory will be
-///   allocated
+///   allocated, its type should be pointer to `allocate_type`
 /// \param allocate_type: type of the object allocated
 /// \param symbol_table: symbol table
 /// \param loc: location in the source
@@ -243,32 +243,27 @@ exprt allocate_dynamic_object(
 /// and which takes care of creating the associated declarations.
 /// \param target_expr: expression to which the necessary memory will be
 ///   allocated
-/// \param allocate_type: type of the object allocated
 /// \param symbol_table: symbol table
 /// \param loc: location in the source
 /// \param output_code: code block to which the necessary code is added
-/// \param cast_needed: Boolean flags saying where we need to cast the malloc
-///   site
-/// \return Expression representing the malloc site allocated.
-exprt allocate_dynamic_object_with_decl(
+void allocate_dynamic_object_with_decl(
   const exprt &target_expr,
-  const typet &allocate_type,
   symbol_tablet &symbol_table,
   const source_locationt &loc,
-  code_blockt &output_code,
-  bool cast_needed)
+  code_blockt &output_code)
 {
   std::vector<const symbolt *> symbols_created;
-
   code_blockt tmp_block;
-  exprt result=allocate_dynamic_object(
+  const typet &allocate_type=target_expr.type().subtype();
+  // We will not use the malloc site and can safely ignore it
+  (void) allocate_dynamic_object(
     target_expr,
     allocate_type,
     symbol_table,
     loc,
     tmp_block,
     symbols_created,
-    cast_needed);
+    false);
 
   // Add the following code to output_code for each symbol that's been created:
   //   <type> <identifier>;
@@ -281,8 +276,6 @@ exprt allocate_dynamic_object_with_decl(
 
   for(const exprt &code : tmp_block.operands())
     output_code.add(to_code(code));
-
-  return result;
 }
 
 /// Installs a new symbol in the symbol table, pushing the corresponding symbolt
diff --git a/src/java_bytecode/java_object_factory.h b/src/java_bytecode/java_object_factory.h
index a90867d9a58..c08b6341877 100644
--- a/src/java_bytecode/java_object_factory.h
+++ b/src/java_bytecode/java_object_factory.h
@@ -149,12 +149,10 @@ exprt allocate_dynamic_object(
   std::vector<const symbolt *> &symbols_created,
   bool cast_needed=false);
 
-exprt allocate_dynamic_object_with_decl(
+void allocate_dynamic_object_with_decl(
   const exprt &target_expr,
-  const typet &allocate_type,
   symbol_tablet &symbol_table,
   const source_locationt &loc,
-  code_blockt &output_code,
-  bool cast_needed=false);
+  code_blockt &output_code);
 
 #endif // CPROVER_JAVA_BYTECODE_JAVA_OBJECT_FACTORY_H
diff --git a/src/java_bytecode/java_string_library_preprocess.cpp b/src/java_bytecode/java_string_library_preprocess.cpp
index 2358f390029..f08c76ca4ab 100644
--- a/src/java_bytecode/java_string_library_preprocess.cpp
+++ b/src/java_bytecode/java_string_library_preprocess.cpp
@@ -575,8 +575,7 @@ exprt java_string_library_preprocesst::allocate_fresh_string(
 {
   exprt str=fresh_string(type, loc, symbol_table);
   code.add(code_declt(str));
-  (void) allocate_dynamic_object_with_decl(
-    str, str.type().subtype(), symbol_table, loc, code, false);
+  allocate_dynamic_object_with_decl(str, symbol_table, loc, code);
   return str;
 }
 
@@ -594,8 +593,7 @@ exprt java_string_library_preprocesst::allocate_fresh_array(
 {
   exprt array=fresh_array(type, loc, symbol_table);
   code.add(code_declt(array));
-  (void) allocate_dynamic_object_with_decl(
-    array, array.type().subtype(), symbol_table, loc, code, false);
+  allocate_dynamic_object_with_decl(array, symbol_table, loc, code);
   return array;
 }
 
@@ -1389,10 +1387,9 @@ exprt java_string_library_preprocesst::make_argument_for_format(
   // arg_i = argv[index]
   exprt obj=get_object_at_index(argv, index);
   symbolt object_symbol=get_fresh_aux_symbol(
-    obj.type(), "tmp_object", "tmp_object", loc, ID_java, symbol_table);
+    obj.type(), "tmp_format_obj", "tmp_format_obj", loc, ID_java, symbol_table);
   symbol_exprt arg_i=object_symbol.symbol_expr();
-  (void) allocate_dynamic_object_with_decl(
-    arg_i, obj.type(), symbol_table, loc, code, false);
+  allocate_dynamic_object_with_decl(arg_i, symbol_table, loc, code);
   code.add(code_assignt(arg_i, obj));
   code.add(code_assumet(not_exprt(equal_exprt(
     arg_i, null_pointer_exprt(to_pointer_type(arg_i.type()))))));

From fe0d9793edef135ba6ac4283c8826d0d892a8b77 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Fri, 4 Aug 2017 10:16:17 +0100
Subject: [PATCH 579/699] Merge test description files for format

No need for two tests now that the most precise one works.

We can keep only the most precise one as now both are working.
---
 .../strings-smoke-tests/java_format/test.desc       |  1 +
 .../java_format/test_warning.desc                   | 12 ------------
 .../strings-smoke-tests/java_format2/test.desc      |  1 +
 .../java_format2/test_warning.desc                  | 13 -------------
 .../strings-smoke-tests/java_format3/test.desc      |  1 +
 .../java_format3/test_warning.desc                  | 13 -------------
 6 files changed, 3 insertions(+), 38 deletions(-)
 delete mode 100644 regression/strings-smoke-tests/java_format/test_warning.desc
 delete mode 100644 regression/strings-smoke-tests/java_format2/test_warning.desc
 delete mode 100644 regression/strings-smoke-tests/java_format3/test_warning.desc

diff --git a/regression/strings-smoke-tests/java_format/test.desc b/regression/strings-smoke-tests/java_format/test.desc
index 2a200d7918c..8999b5b27ec 100644
--- a/regression/strings-smoke-tests/java_format/test.desc
+++ b/regression/strings-smoke-tests/java_format/test.desc
@@ -6,3 +6,4 @@ test.class
 ^\[.*assertion.1\].* line 6.* SUCCESS$
 ^\[.*assertion.2\].* line 7.* FAILURE$
 --
+^ignoring
diff --git a/regression/strings-smoke-tests/java_format/test_warning.desc b/regression/strings-smoke-tests/java_format/test_warning.desc
deleted file mode 100644
index 221d098b269..00000000000
--- a/regression/strings-smoke-tests/java_format/test_warning.desc
+++ /dev/null
@@ -1,12 +0,0 @@
-KNOWNBUG
-test.class
---refine-strings --string-max-length 20 --verbosity 9
-^EXIT=10$
-^SIGNAL=0$
-^\[.*assertion.1\].* line 6.* SUCCESS$
-^\[.*assertion.2\].* line 7.* FAILURE$
---
-^ignoring
---
-Some type inconsistencies exist when adding equations to the solver.
-Issue: diffblue/test-gen#1202
diff --git a/regression/strings-smoke-tests/java_format2/test.desc b/regression/strings-smoke-tests/java_format2/test.desc
index 2a200d7918c..f34840a743c 100644
--- a/regression/strings-smoke-tests/java_format2/test.desc
+++ b/regression/strings-smoke-tests/java_format2/test.desc
@@ -6,3 +6,4 @@ test.class
 ^\[.*assertion.1\].* line 6.* SUCCESS$
 ^\[.*assertion.2\].* line 7.* FAILURE$
 --
+^warning
diff --git a/regression/strings-smoke-tests/java_format2/test_warning.desc b/regression/strings-smoke-tests/java_format2/test_warning.desc
deleted file mode 100644
index c4661f818c4..00000000000
--- a/regression/strings-smoke-tests/java_format2/test_warning.desc
+++ /dev/null
@@ -1,13 +0,0 @@
-KNOWNBUG
-test.class
---refine-strings --string-max-length 20 --verbosity 9
-^EXIT=10$
-^SIGNAL=0$
-^\[.*assertion.1\].* line 6.* SUCCESS$
-^\[.*assertion.2\].* line 7.* FAILURE$
---
-^warning
---
-Some type inconsistencies exist when adding equations to the solver.
-Issue: diffblue/test-gen#1202
-
diff --git a/regression/strings-smoke-tests/java_format3/test.desc b/regression/strings-smoke-tests/java_format3/test.desc
index d9461eb09d3..597b65ce183 100644
--- a/regression/strings-smoke-tests/java_format3/test.desc
+++ b/regression/strings-smoke-tests/java_format3/test.desc
@@ -6,3 +6,4 @@ test.class
 ^\[.*assertion.1\].* line 7.* SUCCESS$
 ^\[.*assertion.2\].* line 9.* FAILURE$
 --
+^warning
diff --git a/regression/strings-smoke-tests/java_format3/test_warning.desc b/regression/strings-smoke-tests/java_format3/test_warning.desc
deleted file mode 100644
index 4fe0a783e10..00000000000
--- a/regression/strings-smoke-tests/java_format3/test_warning.desc
+++ /dev/null
@@ -1,13 +0,0 @@
-KNOWNBUG
-test.class
---refine-strings --string-max-length 20 --verbosity 9
-^EXIT=10$
-^SIGNAL=0$
-^\[.*assertion.1\].* line 7.* SUCCESS$
-^\[.*assertion.2\].* line 9.* FAILURE$
---
-^warning
---
-Some type inconsistencies exist when adding equations to the solver.
-Issue: diffblue/test-gen#1202
-

From cf59144119a92cf38ca94a582dd923b2b837424f Mon Sep 17 00:00:00 2001
From: reuk <reuk@users.noreply.github.com>
Date: Wed, 16 Aug 2017 10:02:59 +0100
Subject: [PATCH 580/699] Add non-const target comparator

---
 src/goto-programs/goto_program.h | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/src/goto-programs/goto_program.h b/src/goto-programs/goto_program.h
index 622eb000fe4..64b67cb6626 100644
--- a/src/goto-programs/goto_program.h
+++ b/src/goto-programs/goto_program.h
@@ -76,12 +76,19 @@ class goto_programt:public goto_program_templatet<codet, exprt>
       it!=(program).instructions.end(); it++)
 
 inline bool operator<(
-  const goto_programt::const_targett i1,
-  const goto_programt::const_targett i2)
+  const goto_programt::const_targett &i1,
+  const goto_programt::const_targett &i2)
 {
   return order_const_target<codet, exprt>(i1, i2);
 }
 
+inline bool operator<(
+  const goto_programt::targett &i1,
+  const goto_programt::targett &i2)
+{
+  return &(*i1)<&(*i2);
+}
+
 // NOLINTNEXTLINE(readability/identifiers)
 typedef struct const_target_hash_templatet<codet, exprt> const_target_hash;
 

From 2e3a550569b07e73014add8bee7851cb620f60f4 Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Wed, 16 Aug 2017 12:43:32 +0100
Subject: [PATCH 581/699] Move Emacs style file so it affects unit tests as
 well as main source

---
 src/.dir-locals.el => .dir-locals.el | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename src/.dir-locals.el => .dir-locals.el (100%)

diff --git a/src/.dir-locals.el b/.dir-locals.el
similarity index 100%
rename from src/.dir-locals.el
rename to .dir-locals.el

From e365f50b4e0a4759b5d76b758d2ebc91c3437053 Mon Sep 17 00:00:00 2001
From: thk123 <thomas@diffblue.com>
Date: Tue, 15 Aug 2017 17:50:42 +0100
Subject: [PATCH 582/699] Fixed bug in cyclic types caused by refactoring of
 ci_lazy_methods

When performing lazy loading, missed the condition that stopped cyclcic
classes being loaded indefinitely.
---
 .../lazyloading_cyclic_class/Base.class       | Bin 0 -> 298 bytes
 .../lazyloading_cyclic_class/Derived.class    | Bin 0 -> 294 bytes
 .../lazyloading_cyclic_class/Foo.class        | Bin 0 -> 262 bytes
 .../lazyloading_cyclic_class/Middle.class     | Bin 0 -> 252 bytes
 .../lazyloading_cyclic_class/cycle1.class     | Bin 0 -> 264 bytes
 .../lazyloading_cyclic_class/cycle2.class     | Bin 0 -> 207 bytes
 .../lazyloading_cyclic_class/test.class       | Bin 0 -> 484 bytes
 .../lazyloading_cyclic_class/test.desc        |   7 ++++
 .../lazyloading_cyclic_class/test.java        |  34 ++++++++++++++++++
 .../lazyloading_inheritance/Base.class        | Bin 0 -> 225 bytes
 .../lazyloading_inheritance/Derived.class     | Bin 0 -> 232 bytes
 .../lazyloading_inheritance/Middle.class      | Bin 0 -> 172 bytes
 .../lazyloading_inheritance/test.class        | Bin 0 -> 302 bytes
 .../lazyloading_inheritance/test.desc         |   9 +++++
 .../lazyloading_inheritance/test.java         |  24 +++++++++++++
 .../lazyloading_recursive_class/Base.class    | Bin 0 -> 225 bytes
 .../lazyloading_recursive_class/Derived.class | Bin 0 -> 218 bytes
 .../lazyloading_recursive_class/Foo.class     | Bin 0 -> 204 bytes
 .../lazyloading_recursive_class/Middle.class  | Bin 0 -> 202 bytes
 .../lazyloading_recursive_class/test.class    | Bin 0 -> 343 bytes
 .../lazyloading_recursive_class/test.desc     |   7 ++++
 .../lazyloading_recursive_class/test.java     |  28 +++++++++++++++
 src/java_bytecode/ci_lazy_methods.cpp         |   7 ++--
 23 files changed, 113 insertions(+), 3 deletions(-)
 create mode 100644 regression/cbmc-java/lazyloading_cyclic_class/Base.class
 create mode 100644 regression/cbmc-java/lazyloading_cyclic_class/Derived.class
 create mode 100644 regression/cbmc-java/lazyloading_cyclic_class/Foo.class
 create mode 100644 regression/cbmc-java/lazyloading_cyclic_class/Middle.class
 create mode 100644 regression/cbmc-java/lazyloading_cyclic_class/cycle1.class
 create mode 100644 regression/cbmc-java/lazyloading_cyclic_class/cycle2.class
 create mode 100644 regression/cbmc-java/lazyloading_cyclic_class/test.class
 create mode 100644 regression/cbmc-java/lazyloading_cyclic_class/test.desc
 create mode 100644 regression/cbmc-java/lazyloading_cyclic_class/test.java
 create mode 100644 regression/cbmc-java/lazyloading_inheritance/Base.class
 create mode 100644 regression/cbmc-java/lazyloading_inheritance/Derived.class
 create mode 100644 regression/cbmc-java/lazyloading_inheritance/Middle.class
 create mode 100644 regression/cbmc-java/lazyloading_inheritance/test.class
 create mode 100644 regression/cbmc-java/lazyloading_inheritance/test.desc
 create mode 100644 regression/cbmc-java/lazyloading_inheritance/test.java
 create mode 100644 regression/cbmc-java/lazyloading_recursive_class/Base.class
 create mode 100644 regression/cbmc-java/lazyloading_recursive_class/Derived.class
 create mode 100644 regression/cbmc-java/lazyloading_recursive_class/Foo.class
 create mode 100644 regression/cbmc-java/lazyloading_recursive_class/Middle.class
 create mode 100644 regression/cbmc-java/lazyloading_recursive_class/test.class
 create mode 100644 regression/cbmc-java/lazyloading_recursive_class/test.desc
 create mode 100644 regression/cbmc-java/lazyloading_recursive_class/test.java

diff --git a/regression/cbmc-java/lazyloading_cyclic_class/Base.class b/regression/cbmc-java/lazyloading_cyclic_class/Base.class
new file mode 100644
index 0000000000000000000000000000000000000000..2b49611f3f8f7cc8ffd71b09bbafd975aa8777d6
GIT binary patch
literal 298
zcmZWj%WlFj5S$HpK!7Ig7xY+KiCnmWI24IfL=UaFJE;MqkVuKce{n+Mzz6VAh;>?_
zO0{I~&g{&1FW1u<zzB~%T6pjfcnAsZMCD3P39XmGl3>q@Z%GJZmCHrFOJw;al8l+B
zxJX5|6s0owm$dapRh$vOi%O0Ov?BPQMO~(Hu8garWu=E(u@^nqa5&#638A5)Oyuk6
zBiYJS;~5sOWsb#{wcuRtBCf>Mc|C#-&Di7DZAcew?t4E1bl@`rx_9#%BV+z&Z2vLx
MmW`1($o$^F0XDNN8vp<R

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/lazyloading_cyclic_class/Derived.class b/regression/cbmc-java/lazyloading_cyclic_class/Derived.class
new file mode 100644
index 0000000000000000000000000000000000000000..1929d95d85283c9b228a3fa703929f2bc1d94759
GIT binary patch
literal 294
zcmZXO&kn&r5XQgJQmy}e0!M!mE^fqyIF$?OeXA>0N|P$@<s@<N03J%rmWaeAyEEU+
z_uHAr^L7U?K*NE7s)d?`I-xL92bGQqMyu@;%t;(dLd{bLxj5|unXE(*amDrGwTOI?
zD6Kz5Gu^5q!S<#yQD+$r3A7<N%lMS6<xFYNPUSJ}?ZjD>VIohkK4zXhS78`QG?C+#
z^vUsM6S&7&pCfV1cdnpI*0%U9WW_p)oR{AQ*l<_@r7zrNrQtu&{Q-Hs3?%+YPp`ZH
DBIqj-

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/lazyloading_cyclic_class/Foo.class b/regression/cbmc-java/lazyloading_cyclic_class/Foo.class
new file mode 100644
index 0000000000000000000000000000000000000000..e62a019129f39f9f56a5216d8b1195538230284f
GIT binary patch
literal 262
zcmXYry@~=c6ot<n=SOFC{Q-MRwb((}PT5AV8njUCGcjmnoWK|bAInOx*az5$TD%z~
za5(2n?z#E<fBpjaMlVJU?FgL+T|%G=TiyuuRNiE+CR0K<(}lJ_gxYYlCHQl*Q-pS^
z3$?tQGF5IwmNV(4Mv8nZO6~F+`u3pDT$?V8;jVaXE~Qip?FJfFo$c3ATtyQhB3{6c
z2pva~Ton6cl^vC|7{KE{0>sBhP&v2}&UH>nbpr(B2k6egLxVMB4D=DRHY*?CgPkjC
Iv3mG?0c~I}2LJ#7

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/lazyloading_cyclic_class/Middle.class b/regression/cbmc-java/lazyloading_cyclic_class/Middle.class
new file mode 100644
index 0000000000000000000000000000000000000000..0f7b62ab4729033a7ba3e16e377c493591f6c825
GIT binary patch
literal 252
zcmXX=%MQU%5IsY+wDtS~ODu@Qj#!Xbl?}1KZg1jBwMknNpJgSn@Buzb%q@$VIdkUB
znR$PnF8~vCT$Ist&~nfwkR((Cd6SVEPYL!+$2y-A%Dw)cU@enS5t@OH)#h?OsB|X|
z5i^}2ks{iQRGa=!TKQ3D#%`^{Fj8#iZj(zY)k>S4TCTEucoJ9P!-m7hemXw05Sc<3
tCH@Q`4hxk(VkI+G?nYeAtTK3j?hHz(akdN6gUi_e3E(j@M)g9~_yPn*D*FHc

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/lazyloading_cyclic_class/cycle1.class b/regression/cbmc-java/lazyloading_cyclic_class/cycle1.class
new file mode 100644
index 0000000000000000000000000000000000000000..c5b7361ff44b9d25fd5b89ef305909a4a0c76784
GIT binary patch
literal 264
zcmXYrJ&wXK5QX1BNWwqM2`GVr2#Ic2G)Poow^)?kaV#)0i4+Xd9&0Nk3J$=b5M!Y5
z_|4}xZ+yF7t^j7}H&8`4Krg@tfg~Y}S31j#`Xu;YI@fkis18R7!CMrWB6MS&tMB7J
zRpnZwhDkpzq%esnwd>!|vs-;|aq>?ZHRZU*Z*eT8T52~_x9VUgJ8=>%_y~B}%SY%r
z7#WdoqMvl9q{RRg{v|+sJk;Kbr<jD?MSQ!r+V~9mXHh|&tN(<&mv!r9K$DdVYCm0_
E2cuIjZ2$lO

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/lazyloading_cyclic_class/cycle2.class b/regression/cbmc-java/lazyloading_cyclic_class/cycle2.class
new file mode 100644
index 0000000000000000000000000000000000000000..552bd28b0f2a6143e1af92d4f8158489ab35609b
GIT binary patch
literal 207
zcmXYqJqp555QJyVe~iWp2$pJLQ0x>N!76B>*uOj<k`NP!iQuuU1Pc$~p~OwF*x8+L
z+1bzc^#(A9??QuTp<|&-AW5)8d6%i0E(qo_&f;=K(1xQUL0{)5MexHoQ`_nisp24_
zl!?2~t3s+xTpOoU*K(4GoA6-5;*=(DM(EWrNJVxIc2S~ai2+*t9w06q#(&}~CN{f1
W_j+fHpP)yxc38~@*6Olrq5T8CCL?nI

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/lazyloading_cyclic_class/test.class b/regression/cbmc-java/lazyloading_cyclic_class/test.class
new file mode 100644
index 0000000000000000000000000000000000000000..c63ee7a51eb561065e905e883bc24370e2270cca
GIT binary patch
literal 484
zcmYLFO;5r=6r82dQY;^$h@yP>l^_R+i8qWF6HY}B7%rZcvS_ikrW6x?mI=|sgGUbj
zDC2vD#69fHn|*I)cYl7rz5!g~Gy@$a6FVrI*u`E373>?x88{HouUy}at_8H_*+3w9
z6O5EV-gbR;J9`<b@Lmo*Qi^uqNN*rRm+Q5djGo*ndDxMfMje`F6i7GiZV+_XPa6k;
zKq{^Uvi(Rp&pr9Np3n4yS?H*)%LyhApHJkQv|u1@plYFpx`Bp;LmU}6ws3;9K!JPO
zp7bBvcf*NtC{d$4icx+P&MDt^=8mT>=tlaA2?&Svo;w<OiuDyEeN5&l`XF8j2#%)R
zq^eCQ2ve<3i1+w7L%SY}6>Jc<Rt<z%s!ZgNCxwR}2zj{CTB6okAhAT5VF7K4?3#Tb
j$-WxcH%ACmQQ}wArT+aJC}5M$igB-~lkpbO1h)SGh9pp8

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/lazyloading_cyclic_class/test.desc b/regression/cbmc-java/lazyloading_cyclic_class/test.desc
new file mode 100644
index 00000000000..c39c5e62349
--- /dev/null
+++ b/regression/cbmc-java/lazyloading_cyclic_class/test.desc
@@ -0,0 +1,7 @@
+CORE
+test.class
+--lazy-methods --verbosity 10 --function test.test
+^EXIT=0$
+^SIGNAL=0$
+elaborate java::Base\.f:\(\)V
+--
diff --git a/regression/cbmc-java/lazyloading_cyclic_class/test.java b/regression/cbmc-java/lazyloading_cyclic_class/test.java
new file mode 100644
index 00000000000..a2a9364ae9a
--- /dev/null
+++ b/regression/cbmc-java/lazyloading_cyclic_class/test.java
@@ -0,0 +1,34 @@
+class cycle1
+{
+  Middle c;
+}
+
+class Base
+{
+  void f() { }
+}
+
+class Middle extends Base
+{
+  cycle1 c;
+}
+
+class Derived extends Middle
+{
+  void f() { }
+}
+
+class Foo
+{
+  public cycle1 entry;
+}
+
+public class test {
+
+  public static void test(Foo foo) {
+    if(foo != null && foo.entry != null && foo.entry.c != null) {
+      foo.entry.c.f();
+    }
+
+  }
+}
diff --git a/regression/cbmc-java/lazyloading_inheritance/Base.class b/regression/cbmc-java/lazyloading_inheritance/Base.class
new file mode 100644
index 0000000000000000000000000000000000000000..ed06e4a70d8e1928a8ef868954670cc9380c88cf
GIT binary patch
literal 225
zcmX^0Z`VEs1_l!bJ}w4k25xo+9(D#^Mg}&U%)HDJJ4Oa(4b3n{1{UZ1lvG9rexJ;|
zRKL>Pq|~C2#H1Xc2xA%}16Oc<X;E^jTP8?=vm~{+L@z6`ERlzSg@F~Q)hV$UC@ugJ
z($7iEOV{^L%1TWxVNhUT0@?@yOh61&%K)?%$dU!pj6j-IYdZtuMj(TcfgMP)fdxSl
X9B`$QU|FCFbY;vy#hgG%CI&75Ib0yF

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/lazyloading_inheritance/Derived.class b/regression/cbmc-java/lazyloading_inheritance/Derived.class
new file mode 100644
index 0000000000000000000000000000000000000000..e1d760066ee7edf7be225c11aae1560f4ff3b202
GIT binary patch
literal 232
zcmZ9Fu?~Vz3`K7NLGUU5fQh3zI5`>@jgz`)+`(6qXAlwu{>#b4!4L4GjD0Ij+TPrr
z+<t%W4}b-R5j-e6`T+(3VuHUkxv5qJcQQQ_ymg_O5bsRRhx(p!c}mhu9J&&sV^NnE
z-WqF!6+f!^Eol;k4t#|WJ|Wm}X&TlNyf<2Bj4@pKXUmZm5<-a@$tLT}UZAH4LRY3e
T1Cg}kiEg7#8&v{X+(GXTzrG)j

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/lazyloading_inheritance/Middle.class b/regression/cbmc-java/lazyloading_inheritance/Middle.class
new file mode 100644
index 0000000000000000000000000000000000000000..7e66e35d9ab4f708da52a27ced1b47e92c90fc19
GIT binary patch
literal 172
zcmX^0Z`VEs1_l!bUM>b^1}=66ZgvJ9Mg}&U%)HDJJ4Oa(4b3n{1{UZ1lvG9rexJ;|
zRKL>Pq|~C2#H1Xc2v=}^X;E^jTPBFZS&~{@qL-CemdL}v!oUhN#Wyo01ti1blvtd~
upuoTcv;zbfff%R)NV5T1vOpRn!m72MfpH^PnjJ{8fdxS%2aw0azzG1|wi})R

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/lazyloading_inheritance/test.class b/regression/cbmc-java/lazyloading_inheritance/test.class
new file mode 100644
index 0000000000000000000000000000000000000000..d83f91b8e6fdb81828402bbbc1b987396a4ae4ed
GIT binary patch
literal 302
zcmXYrPfx-?5XIlLrAteJio_cSZ_tAz#v6o-i6@W)#{0Hi%wj19i{Hx&CLBC^;6oW_
zklke7{Q1qx9Dfhr0PfHY;h`0xjaVU2xFGmrTiR+uaQlO2f_J~k4WT`?rFq<~Q?q^2
zX~7+@GVc|k(Vxz2o)=~$baPSZ>~*H!&QQ46?6#SCu(A=z#?4B9=m<6V3Y`d-@CmW>
zhJ`L)hVyh~GPd>qO$oHbHC(<@o&%Cij*6=uE3wv+FVH6^ggQqV12F>rA?JeLvPw5d
fexQ;)9KoFv-ePy~9Ui(|U!lR33#v08ouK9)n$Rxc

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/lazyloading_inheritance/test.desc b/regression/cbmc-java/lazyloading_inheritance/test.desc
new file mode 100644
index 00000000000..12ef42a2183
--- /dev/null
+++ b/regression/cbmc-java/lazyloading_inheritance/test.desc
@@ -0,0 +1,9 @@
+CORE
+test.class
+--lazy-methods --verbosity 10 --function test.test
+^EXIT=0$
+^SIGNAL=0$
+elaborate java::Base\.f:\(\)V
+--
+elaborate java::Derived\.f:\(\)V
+elaborate java::Middle\.f:\(\)V
diff --git a/regression/cbmc-java/lazyloading_inheritance/test.java b/regression/cbmc-java/lazyloading_inheritance/test.java
new file mode 100644
index 00000000000..136d0d2d2a0
--- /dev/null
+++ b/regression/cbmc-java/lazyloading_inheritance/test.java
@@ -0,0 +1,24 @@
+class Base
+{
+  void f() { }
+}
+
+class Middle extends Base
+{
+}
+
+class Derived extends Middle
+{
+  void f() { super.f(); }
+}
+
+
+public class test {
+
+  public static void test(Middle foo) {
+    if(foo != null ) {
+      foo.f();
+    }
+  }
+
+}
diff --git a/regression/cbmc-java/lazyloading_recursive_class/Base.class b/regression/cbmc-java/lazyloading_recursive_class/Base.class
new file mode 100644
index 0000000000000000000000000000000000000000..ed06e4a70d8e1928a8ef868954670cc9380c88cf
GIT binary patch
literal 225
zcmX^0Z`VEs1_l!bJ}w4k25xo+9(D#^Mg}&U%)HDJJ4Oa(4b3n{1{UZ1lvG9rexJ;|
zRKL>Pq|~C2#H1Xc2xA%}16Oc<X;E^jTP8?=vm~{+L@z6`ERlzSg@F~Q)hV$UC@ugJ
z($7iEOV{^L%1TWxVNhUT0@?@yOh61&%K)?%$dU!pj6j-IYdZtuMj(TcfgMP)fdxSl
X9B`$QU|FCFbY;vy#hgG%CI&75Ib0yF

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/lazyloading_recursive_class/Derived.class b/regression/cbmc-java/lazyloading_recursive_class/Derived.class
new file mode 100644
index 0000000000000000000000000000000000000000..d74705341cd8740f335b87d31d5de325e0d439f3
GIT binary patch
literal 218
zcmZ9Fy$ZrW5QJy*YyPyh5G>Wg%2I3;E45MV6K{o+m_SVOURHvI58y+In-mrv+|4la
z?cV$Id;yrD>%&CgB6JZEoVm_)xgeOM@sVIHbH#+-MrXXMt_c^1I7ua;Gr`~IRdM3A
zZUV35TRFYNbsWNiO>kFS=$e)6+-jv##t?>l)f_{vK#)${K$Jx7$pds3Bg67KZ5W8_
R{Lp^e3h|Fc0((*#@V|b59$5eY

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/lazyloading_recursive_class/Foo.class b/regression/cbmc-java/lazyloading_recursive_class/Foo.class
new file mode 100644
index 0000000000000000000000000000000000000000..7107ca0b0c8b555ffa8b090219e2a05aa78fa2a4
GIT binary patch
literal 204
zcmW-aI}U<i5QJxWgD70U#8NG!vD4U?P@xtYdmewxPk1B<-pk6w!UK3H<3cmL-%KX+
z{k=Z`*6<vta7~O&ObApGtmq)KtPmT5v6Yo<cLa65xDvE|oe6>$$x0l%G7-%sP6~FM
zbKNzm2xSj;EAH(oj~}rM116Wlx+eI&6BKcE3r<Nc(iSr)ybbUyH0Z;JzQSxVO@{=~
UmoLzBh;3GbZNO)B_$nCv0Tn$WbpQYW

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/lazyloading_recursive_class/Middle.class b/regression/cbmc-java/lazyloading_recursive_class/Middle.class
new file mode 100644
index 0000000000000000000000000000000000000000..06ec16bfe8737ff50ebdaf03c709809a913e6c61
GIT binary patch
literal 202
zcmXX<yAFat5S-%;qI`jgrCM0oX)H9cLK}_!AzPfmBZ0&JvNEyo1N<oCf)+cwGqXGU
z{ybj*=13ygh<)^Z3<LtD4OLneJf=I9=LIbUyrt60tOV@w<Rsv1%A5p}RB75b*Nm#8
z%nDYbL)lbk+Nzd>hH5jr$eWDe!RM4;9^bEJO&G!A&w$`^;QlAxWF=rW<lcJj^Z{}2
O?2ysx#1<oF7J6SVlp+NH

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/lazyloading_recursive_class/test.class b/regression/cbmc-java/lazyloading_recursive_class/test.class
new file mode 100644
index 0000000000000000000000000000000000000000..beeec0a6cb9a8047e814965c401382215b53cff1
GIT binary patch
literal 343
zcmXX?yH3ME5S+6eUvfBa0ttwMF1R2KT_PH!R1OqD^nM)3!Ld<r_%9>`5(Q-nJ_<2s
zxMF8^cV_qQzJETy09@cmp@wz?9ds3X=u0SxeF1lt=4p8;V2{u41e~iP(E{xt&Gq$m
z9qG+&7-g(DrG732>f>Nu6jLK@F3T`}T!c^m3bib@n^@0NBX1b_`6_$~J-Cn(0}lr{
zlo)y#K?-zCZ<2-i!{jDf>6o)^P8JYrZV47?l4N?y`~5N2?{Nx;k1)pqJCKZZW+y~J
ztoa`huO!^h=vKu6xxyZ~k<N%l+V^+p`fspyPzK&%8>3YjTd>K8G>!OG$MBfh5Is7Z
Hm8kU#E8sPX

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/lazyloading_recursive_class/test.desc b/regression/cbmc-java/lazyloading_recursive_class/test.desc
new file mode 100644
index 00000000000..c39c5e62349
--- /dev/null
+++ b/regression/cbmc-java/lazyloading_recursive_class/test.desc
@@ -0,0 +1,7 @@
+CORE
+test.class
+--lazy-methods --verbosity 10 --function test.test
+^EXIT=0$
+^SIGNAL=0$
+elaborate java::Base\.f:\(\)V
+--
diff --git a/regression/cbmc-java/lazyloading_recursive_class/test.java b/regression/cbmc-java/lazyloading_recursive_class/test.java
new file mode 100644
index 00000000000..dbe237c6788
--- /dev/null
+++ b/regression/cbmc-java/lazyloading_recursive_class/test.java
@@ -0,0 +1,28 @@
+class Base
+{
+  void f() { }
+}
+
+class Middle extends Base
+{
+  Middle internal;
+}
+
+class Derived extends Middle
+{
+  void f() { }
+}
+
+class Foo
+{
+  public Middle m;
+}
+
+public class test {
+
+  public static void test(Foo foo) {
+    if(foo != null && foo.m != null) {
+      foo.m.f();
+    }
+  }
+}
diff --git a/src/java_bytecode/ci_lazy_methods.cpp b/src/java_bytecode/ci_lazy_methods.cpp
index a0388ec5dbe..e3648a10570 100644
--- a/src/java_bytecode/ci_lazy_methods.cpp
+++ b/src/java_bytecode/ci_lazy_methods.cpp
@@ -295,9 +295,10 @@ void ci_lazy_methodst::initialize_needed_classes_from_pointer(
   const symbol_typet &class_type=to_symbol_type(pointer_type.subtype());
   const auto &param_classid=class_type.get_identifier();
 
-  lazy_methods.add_needed_class(param_classid);
-
-  gather_field_types(pointer_type.subtype(), ns, lazy_methods);
+  if(lazy_methods.add_needed_class(param_classid))
+  {
+    gather_field_types(pointer_type.subtype(), ns, lazy_methods);
+  }
 }
 
 /// Get places where virtual functions are called.

From 8b84458fe4939ef0a0955f1267f9ed38ba235926 Mon Sep 17 00:00:00 2001
From: thk123 <thomas@diffblue.com>
Date: Tue, 15 Aug 2017 17:51:38 +0100
Subject: [PATCH 583/699] Corrected comment in class_hierachy

---
 src/goto-programs/class_hierarchy.cpp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/goto-programs/class_hierarchy.cpp b/src/goto-programs/class_hierarchy.cpp
index fadbc5c956b..8c8ea2091be 100644
--- a/src/goto-programs/class_hierarchy.cpp
+++ b/src/goto-programs/class_hierarchy.cpp
@@ -65,8 +65,8 @@ void class_hierarchyt::get_children_trans_rec(
 }
 
 /// Get all the classes that inherit (directly or indirectly) from class c. The
-/// first element(s) will be the immediate parents of c, followed by their
-/// immedatiate parents and so on.
+/// first element(s) will be the immediate parents of c, though after this
+/// the order is all the parents of the first immediate parent
 /// \param c: The class to consider
 /// \param [out] dest: A list of class ids that c eventually inherits from.
 void class_hierarchyt::get_parents_trans_rec(

From f1023518a1b23215549cfaf0f24ec9428dbfe245 Mon Sep 17 00:00:00 2001
From: reuk <reuk@users.noreply.github.com>
Date: Wed, 16 Aug 2017 14:20:45 +0100
Subject: [PATCH 584/699] Make pc private in goto_trace_step

---
 src/cbmc/bmc.cpp                      |  6 +++--
 src/goto-programs/goto_trace.cpp      | 36 +++++++++++++++------------
 src/goto-programs/goto_trace.h        | 18 ++++++++++++--
 src/goto-programs/graphml_witness.cpp | 23 +++++++++--------
 src/goto-programs/interpreter.cpp     |  2 +-
 src/goto-programs/json_goto_trace.cpp | 10 ++++----
 src/goto-programs/xml_goto_trace.cpp  | 10 ++++----
 src/goto-symex/build_goto_trace.cpp   |  2 +-
 src/path-symex/build_goto_trace.cpp   |  6 ++---
 9 files changed, 67 insertions(+), 46 deletions(-)

diff --git a/src/cbmc/bmc.cpp b/src/cbmc/bmc.cpp
index d5b21bdfdb4..eec5aa0431a 100644
--- a/src/cbmc/bmc.cpp
+++ b/src/cbmc/bmc.cpp
@@ -78,9 +78,11 @@ void bmct::error_trace()
       json_objectt &result=result_array.push_back().make_object();
       const goto_trace_stept &step=goto_trace.steps.back();
       result["property"]=
-        json_stringt(id2string(step.pc->source_location.get_property_id()));
+        json_stringt(
+          id2string(step.get_pc()->source_location.get_property_id()));
       result["description"]=
-        json_stringt(id2string(step.pc->source_location.get_comment()));
+        json_stringt(
+          id2string(step.get_pc()->source_location.get_comment()));
       result["status"]=json_stringt("failed");
       jsont &json_trace=result["trace"];
       convert(ns, goto_trace, json_trace);
diff --git a/src/goto-programs/goto_trace.cpp b/src/goto-programs/goto_trace.cpp
index d832412509c..966aa7a23db 100644
--- a/src/goto-programs/goto_trace.cpp
+++ b/src/goto-programs/goto_trace.cpp
@@ -260,12 +260,12 @@ void show_goto_trace(
       {
         out << "\n";
         out << "Violated property:" << "\n";
-        if(!step.pc->source_location.is_nil())
-          out << "  " << step.pc->source_location << "\n";
+        if(!step.get_pc()->source_location.is_nil())
+          out << "  " << step.get_pc()->source_location << "\n";
         out << "  " << step.comment << "\n";
 
-        if(step.pc->is_assert())
-          out << "  " << from_expr(ns, "", step.pc->guard) << "\n";
+        if(step.get_pc()->is_assert())
+          out << "  " << from_expr(ns, "", step.get_pc()->guard) << "\n";
 
         out << "\n";
       }
@@ -276,11 +276,11 @@ void show_goto_trace(
       {
         out << "\n";
         out << "Violated assumption:" << "\n";
-        if(!step.pc->source_location.is_nil())
-          out << "  " << step.pc->source_location << "\n";
+        if(!step.get_pc()->source_location.is_nil())
+          out << "  " << step.get_pc()->source_location << "\n";
 
-        if(step.pc->is_assume())
-          out << "  " << from_expr(ns, "", step.pc->guard) << "\n";
+        if(step.get_pc()->is_assume())
+          out << "  " << from_expr(ns, "", step.get_pc()->guard) << "\n";
 
         out << "\n";
       }
@@ -293,16 +293,17 @@ void show_goto_trace(
       break;
 
     case goto_trace_stept::typet::ASSIGNMENT:
-      if(step.pc->is_assign() ||
-         step.pc->is_return() || // returns have a lhs!
-         step.pc->is_function_call() ||
-         (step.pc->is_other() && step.lhs_object.is_not_nil()))
+      if(step.get_pc()->is_assign() ||
+         step.get_pc()->is_return() || // returns have a lhs!
+         step.get_pc()->is_function_call() ||
+         (step.get_pc()->is_other() && step.lhs_object.is_not_nil()))
       {
         if(prev_step_nr!=step.step_nr || first_step)
         {
           first_step=false;
           prev_step_nr=step.step_nr;
-          show_state_header(out, step, step.pc->source_location, step.step_nr);
+          show_state_header(
+            out, step, step.get_pc()->source_location, step.step_nr);
         }
 
         // see if the full lhs is something clean
@@ -320,7 +321,8 @@ void show_goto_trace(
       {
         first_step=false;
         prev_step_nr=step.step_nr;
-        show_state_header(out, step, step.pc->source_location, step.step_nr);
+        show_state_header(
+          out, step, step.get_pc()->source_location, step.step_nr);
       }
 
       trace_value(out, ns, step.lhs_object, step.full_lhs, step.full_lhs_value);
@@ -336,7 +338,8 @@ void show_goto_trace(
       }
       else
       {
-        show_state_header(out, step, step.pc->source_location, step.step_nr);
+        show_state_header(
+          out, step, step.get_pc()->source_location, step.step_nr);
         out << "  OUTPUT " << step.io_id << ":";
 
         for(std::list<exprt>::const_iterator
@@ -357,7 +360,8 @@ void show_goto_trace(
       break;
 
     case goto_trace_stept::typet::INPUT:
-      show_state_header(out, step, step.pc->source_location, step.step_nr);
+      show_state_header(
+        out, step, step.get_pc()->source_location, step.step_nr);
       out << "  INPUT " << step.io_id << ":";
 
       for(std::list<exprt>::const_iterator
diff --git a/src/goto-programs/goto_trace.h b/src/goto-programs/goto_trace.h
index 02f230e8943..a61df34a1b3 100644
--- a/src/goto-programs/goto_trace.h
+++ b/src/goto-programs/goto_trace.h
@@ -90,8 +90,6 @@ class goto_trace_stept
   enum class assignment_typet { STATE, ACTUAL_PARAMETER };
   assignment_typet assignment_type;
 
-  goto_programt::const_targett pc;
-
   // this transition done by given thread number
   unsigned thread_nr;
 
@@ -142,6 +140,22 @@ class goto_trace_stept
     full_lhs_value.make_nil();
     cond_expr.make_nil();
   }
+
+  goto_programt::const_targett get_pc() const { return pc; }
+
+  /// We don't have a way of enforcing this, but \p pc_ must *not* be a
+  /// singular iterator!
+  void set_pc(goto_programt::const_targett pc_)
+  {
+    pc=std::move(pc_);
+    is_pc_set=true;
+  }
+
+  bool get_is_pc_set() const { return is_pc_set; }
+
+private:
+  goto_programt::const_targett pc;
+  bool is_pc_set{false};
 };
 
 /*! \brief TO_BE_DOCUMENTED
diff --git a/src/goto-programs/graphml_witness.cpp b/src/goto-programs/graphml_witness.cpp
index 4f4f6f56741..4cd40f4828f 100644
--- a/src/goto-programs/graphml_witness.cpp
+++ b/src/goto-programs/graphml_witness.cpp
@@ -142,8 +142,8 @@ static bool filter_out(
 {
   if(it->hidden &&
      (!it->is_assignment() ||
-      to_code_assign(it->pc->code).rhs().id()!=ID_side_effect ||
-      to_code_assign(it->pc->code).rhs().get(ID_statement)!=ID_nondet))
+      to_code_assign(it->get_pc()->code).rhs().id()!=ID_side_effect ||
+      to_code_assign(it->get_pc()->code).rhs().get(ID_statement)!=ID_nondet))
     return true;
 
   if(!it->is_assignment() && !it->is_goto() && !it->is_assert())
@@ -153,13 +153,13 @@ static bool filter_out(
   // TODO: if these are assignments we should accumulate them into
   //       a single edge
   if(prev_it!=goto_trace.steps.end() &&
-     prev_it->pc->source_location==it->pc->source_location)
+     prev_it->get_pc()->source_location==it->get_pc()->source_location)
     return true;
 
-  if(it->is_goto() && it->pc->guard.is_true())
+  if(it->is_goto() && it->get_pc()->guard.is_true())
     return true;
 
-  const source_locationt &source_location=it->pc->source_location;
+  const source_locationt &source_location=it->get_pc()->source_location;
 
   if(source_location.is_nil() ||
      source_location.get_file().empty() ||
@@ -203,7 +203,7 @@ void graphml_witnesst::operator()(const goto_tracet &goto_trace)
     if(next!=goto_trace.steps.end() &&
        next->type==goto_trace_stept::typet::ASSIGNMENT &&
        it->full_lhs==next->full_lhs &&
-       it->pc->source_location==next->pc->source_location)
+       it->get_pc()->source_location==next->get_pc()->source_location)
     {
       step_to_node[it->step_nr]=sink;
 
@@ -212,11 +212,12 @@ void graphml_witnesst::operator()(const goto_tracet &goto_trace)
 
     prev_it=it;
 
-    const source_locationt &source_location=it->pc->source_location;
+    const source_locationt &source_location=it->get_pc()->source_location;
 
     const graphmlt::node_indext node=graphml.add_node();
     graphml[node].node_name=
-      std::to_string(it->pc->location_number)+"."+std::to_string(it->step_nr);
+      std::to_string(
+        it->get_pc()->location_number)+"."+std::to_string(it->step_nr);
     graphml[node].file=source_location.get_file();
     graphml[node].line=source_location.get_line();
     graphml[node].thread_nr=it->thread_nr;
@@ -244,7 +245,7 @@ void graphml_witnesst::operator()(const goto_tracet &goto_trace)
     goto_tracet::stepst::const_iterator next=it;
     for(++next;
         next!=goto_trace.steps.end() &&
-        (step_to_node[next->step_nr]==sink || it->pc==next->pc);
+        (step_to_node[next->step_nr]==sink || it->get_pc()==next->get_pc());
         ++next)
     {
       // advance
@@ -290,11 +291,11 @@ void graphml_witnesst::operator()(const goto_tracet &goto_trace)
 
             xmlt &val_s=edge.new_element("data");
             val_s.set_attribute("key", "assumption.scope");
-            val_s.data=id2string(it->pc->source_location.get_function());
+            val_s.data=id2string(it->get_pc()->source_location.get_function());
           }
         }
         else if(it->type==goto_trace_stept::typet::GOTO &&
-                it->pc->is_goto())
+                it->get_pc()->is_goto())
         {
           xmlt &val=edge.new_element("data");
           val.set_attribute("key", "sourcecode");
diff --git a/src/goto-programs/interpreter.cpp b/src/goto-programs/interpreter.cpp
index b9cd4c0fa38..81bfc99ef33 100644
--- a/src/goto-programs/interpreter.cpp
+++ b/src/goto-programs/interpreter.cpp
@@ -249,7 +249,7 @@ void interpretert::step()
   steps.add_step(goto_trace_stept());
   goto_trace_stept &trace_step=steps.get_last_step();
   trace_step.thread_nr=thread_id;
-  trace_step.pc=pc;
+  trace_step.set_pc(pc);
   switch(pc->type)
   {
   case GOTO:
diff --git a/src/goto-programs/json_goto_trace.cpp b/src/goto-programs/json_goto_trace.cpp
index edc7df455e5..8327ee517a6 100644
--- a/src/goto-programs/json_goto_trace.cpp
+++ b/src/goto-programs/json_goto_trace.cpp
@@ -140,7 +140,7 @@ void convert(
 
   for(const auto &step : goto_trace.steps)
   {
-    const source_locationt &source_location=step.pc->source_location;
+    const source_locationt &source_location=step.get_pc()->source_location;
 
     jsont json_location;
 
@@ -156,13 +156,13 @@ void convert(
       {
         irep_idt property_id;
 
-        if(step.pc->is_assert())
+        if(step.get_pc()->is_assert())
           property_id=source_location.get_property_id();
-        else if(step.pc->is_goto()) // unwinding, we suspect
+        else if(step.get_pc()->is_goto()) // unwinding, we suspect
         {
           property_id=
-            id2string(step.pc->source_location.get_function())+
-            ".unwind."+std::to_string(step.pc->loop_number);
+            id2string(step.get_pc()->source_location.get_function())+
+            ".unwind."+std::to_string(step.get_pc()->loop_number);
         }
 
         json_objectt &json_failure=dest_array.push_back().make_object();
diff --git a/src/goto-programs/xml_goto_trace.cpp b/src/goto-programs/xml_goto_trace.cpp
index dca2c704a2b..5b944f049b5 100644
--- a/src/goto-programs/xml_goto_trace.cpp
+++ b/src/goto-programs/xml_goto_trace.cpp
@@ -32,7 +32,7 @@ void convert(
 
   for(const auto &step : goto_trace.steps)
   {
-    const source_locationt &source_location=step.pc->source_location;
+    const source_locationt &source_location=step.get_pc()->source_location;
 
     xmlt xml_location;
     if(source_location.is_not_nil() && source_location.get_file()!="")
@@ -45,13 +45,13 @@ void convert(
       {
         irep_idt property_id;
 
-        if(step.pc->is_assert())
+        if(step.get_pc()->is_assert())
           property_id=source_location.get_property_id();
-        else if(step.pc->is_goto()) // unwinding, we suspect
+        else if(step.get_pc()->is_goto()) // unwinding, we suspect
         {
           property_id=
-            id2string(step.pc->source_location.get_function())+
-            ".unwind."+std::to_string(step.pc->loop_number);
+            id2string(step.get_pc()->source_location.get_function())+
+            ".unwind."+std::to_string(step.get_pc()->loop_number);
         }
 
         xmlt &xml_failure=dest.new_element("failure");
diff --git a/src/goto-symex/build_goto_trace.cpp b/src/goto-symex/build_goto_trace.cpp
index 56f9f42763d..648507f6efc 100644
--- a/src/goto-symex/build_goto_trace.cpp
+++ b/src/goto-symex/build_goto_trace.cpp
@@ -263,7 +263,7 @@ void build_goto_trace(
       end_ptr=&goto_trace_step;
 
     goto_trace_step.thread_nr=SSA_step.source.thread_nr;
-    goto_trace_step.pc=SSA_step.source.pc;
+    goto_trace_step.set_pc(SSA_step.source.pc);
     goto_trace_step.comment=SSA_step.comment;
     if(SSA_step.ssa_lhs.is_not_nil())
       goto_trace_step.lhs_object=
diff --git a/src/path-symex/build_goto_trace.cpp b/src/path-symex/build_goto_trace.cpp
index eefb5361f5c..209f8387268 100644
--- a/src/path-symex/build_goto_trace.cpp
+++ b/src/path-symex/build_goto_trace.cpp
@@ -32,11 +32,11 @@ void build_goto_trace(
     goto_trace_stept trace_step;
 
     assert(!step.pc.is_nil());
-    trace_step.pc=state.locs[step.pc].target;
+    trace_step.set_pc(state.locs[step.pc].target);
     trace_step.thread_nr=step.thread_nr;
     trace_step.step_nr=step_nr;
 
-    const goto_programt::instructiont &instruction=*trace_step.pc;
+    const goto_programt::instructiont &instruction=*trace_step.get_pc();
 
     switch(instruction.type)
     {
@@ -97,7 +97,7 @@ void build_goto_trace(
   {
     goto_trace_stept trace_step;
 
-    trace_step.pc=state.get_instruction();
+    trace_step.set_pc(state.get_instruction());
     trace_step.thread_nr=state.get_current_thread();
     trace_step.step_nr=step_nr;
     trace_step.type=goto_trace_stept::typet::ASSERT;

From d55c8a089cc5fb1f450e9c3752d0953174a6f6cf Mon Sep 17 00:00:00 2001
From: Joel Allred <joel.allred@diffblue.com>
Date: Thu, 17 Aug 2017 17:38:38 +0100
Subject: [PATCH 585/699] Ignore empty arrays in substitute_array_access

Instead of violating an assertion, ignore empty arrays in
substitute_array_access.
I don't really know why this case happens, but it seems benign.
---
 src/solvers/refinement/string_refinement.cpp | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/solvers/refinement/string_refinement.cpp b/src/solvers/refinement/string_refinement.cpp
index 2f83e9baf2b..c2ab1895082 100644
--- a/src/solvers/refinement/string_refinement.cpp
+++ b/src/solvers/refinement/string_refinement.cpp
@@ -955,9 +955,10 @@ void string_refinementt::substitute_array_access(exprt &expr) const
         "above"));
     array_exprt &array_expr=to_array_expr(index_expr.array());
 
-    INVARIANT(
-      !array_expr.operands().empty(),
-      string_refinement_invariantt("the array expression should not be empty"));
+    // Empty arrays do not need to be substituted.
+    if(array_expr.operands().empty())
+      return;
+
     size_t last_index=array_expr.operands().size()-1;
 
     const typet &char_type=index_expr.array().type().subtype();

From 7ada043b783349012423b6e789f39c8be14c7dc1 Mon Sep 17 00:00:00 2001
From: thk123 <thomas@diffblue.com>
Date: Mon, 31 Jul 2017 16:48:44 +0100
Subject: [PATCH 586/699] Modified interface for select_pointer_type to take a
 namespace

To make the pointer_type_selector to live for the duration of
java_bytecode_language, it must be constructible without a namespace.
Instead pass it when converting a pointer.
---
 src/java_bytecode/java_object_factory.cpp | 2 +-
 src/java_bytecode/select_pointer_type.cpp | 2 +-
 src/java_bytecode/select_pointer_type.h   | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/java_bytecode/java_object_factory.cpp b/src/java_bytecode/java_object_factory.cpp
index 6ba3c294a6a..c84f498c7b8 100644
--- a/src/java_bytecode/java_object_factory.cpp
+++ b/src/java_bytecode/java_object_factory.cpp
@@ -546,7 +546,7 @@ void java_object_factoryt::gen_nondet_pointer_init(
   PRECONDITION(expr.type().id()==ID_pointer);
 
   const pointer_typet &replacement_pointer_type=
-    pointer_type_selector.convert_pointer_type(pointer_type);
+    pointer_type_selector.convert_pointer_type(pointer_type, ns);
 
   // If we are changing the pointer, we generate code for creating a pointer
   // to the substituted type instead
diff --git a/src/java_bytecode/select_pointer_type.cpp b/src/java_bytecode/select_pointer_type.cpp
index 1e9309b2023..4529b11e97b 100644
--- a/src/java_bytecode/select_pointer_type.cpp
+++ b/src/java_bytecode/select_pointer_type.cpp
@@ -19,7 +19,7 @@
 /// \param pointer_type: The pointer type replace
 /// \return A pointer type where the subtype may have been modified
 pointer_typet select_pointer_typet::convert_pointer_type(
-  const pointer_typet &pointer_type) const
+  const pointer_typet &pointer_type, const namespacet &ns) const
 {
   return  pointer_type;
 }
diff --git a/src/java_bytecode/select_pointer_type.h b/src/java_bytecode/select_pointer_type.h
index 0a12242efec..78a74bd4883 100644
--- a/src/java_bytecode/select_pointer_type.h
+++ b/src/java_bytecode/select_pointer_type.h
@@ -21,7 +21,7 @@ class select_pointer_typet
 public:
   virtual ~select_pointer_typet()=default;
   virtual pointer_typet convert_pointer_type(
-    const pointer_typet &pointer_type) const;
+    const pointer_typet &pointer_type, const namespacet &ns) const;
 };
 
 #endif // CPROVER_JAVA_BYTECODE_SELECT_POINTER_TYPE_H

From 384eb4c9a5a52c04ee1579b9ff65d37831503f53 Mon Sep 17 00:00:00 2001
From: thk123 <thomas@diffblue.com>
Date: Mon, 31 Jul 2017 16:52:26 +0100
Subject: [PATCH 587/699] Moved the select_pointer_type to be owned by the
 java_bytecode_language

---
 src/java_bytecode/java_bytecode_language.cpp | 10 ++++++--
 src/java_bytecode/java_bytecode_language.h   | 24 ++++++++++++++++----
 2 files changed, 28 insertions(+), 6 deletions(-)

diff --git a/src/java_bytecode/java_bytecode_language.cpp b/src/java_bytecode/java_bytecode_language.cpp
index 9f7d206a278..a2a0fca87a3 100644
--- a/src/java_bytecode/java_bytecode_language.cpp
+++ b/src/java_bytecode/java_bytecode_language.cpp
@@ -281,6 +281,13 @@ bool java_bytecode_languaget::do_ci_lazy_method_conversion(
   return method_gather(symbol_table, lazy_methods, method_converter);
 }
 
+const select_pointer_typet &
+  java_bytecode_languaget::get_pointer_type_selector() const
+{
+  PRECONDITION(pointer_type_selector.get()!=nullptr);
+  return *pointer_type_selector;
+}
+
 /// Provide feedback to `language_filest` so that when asked for a lazy method,
 /// it can delegate to this instance of java_bytecode_languaget.
 /// \return Populates `methods` with the complete list of lazy methods that are
@@ -364,7 +371,6 @@ bool java_bytecode_languaget::final(symbol_tablet &symbol_table)
     return res.error_found;
 
   // generate the test harness in __CPROVER__start and a call the entry point
-  select_pointer_typet pointer_type_selector;
   return
     java_entry_point(
       symbol_table,
@@ -373,7 +379,7 @@ bool java_bytecode_languaget::final(symbol_tablet &symbol_table)
       assume_inputs_non_null,
       max_nondet_array_length,
       max_nondet_tree_depth,
-      pointer_type_selector);
+      get_pointer_type_selector());
 }
 
 void java_bytecode_languaget::show_parse(std::ostream &out)
diff --git a/src/java_bytecode/java_bytecode_language.h b/src/java_bytecode/java_bytecode_language.h
index 66b2299aa70..0d7e435cdaa 100644
--- a/src/java_bytecode/java_bytecode_language.h
+++ b/src/java_bytecode/java_bytecode_language.h
@@ -10,12 +10,16 @@ Author: Daniel Kroening, kroening@kroening.com
 #ifndef CPROVER_JAVA_BYTECODE_JAVA_BYTECODE_LANGUAGE_H
 #define CPROVER_JAVA_BYTECODE_JAVA_BYTECODE_LANGUAGE_H
 
+#include <memory>
+
 #include <util/language.h>
 #include <util/cmdline.h>
 
 #include "java_class_loader.h"
 #include "java_string_library_preprocess.h"
 
+#include <java_bytecode/select_pointer_type.h>
+
 #define JAVA_BYTECODE_LANGUAGE_OPTIONS /*NOLINT*/ \
   "(java-assume-inputs-non-null)"                 \
   "(java-throw-runtime-exceptions)"               \
@@ -87,11 +91,19 @@ class java_bytecode_languaget:public languaget
   void show_parse(std::ostream &out) override;
 
   virtual ~java_bytecode_languaget();
+  java_bytecode_languaget(
+    std::unique_ptr<select_pointer_typet> pointer_type_selector):
+      max_nondet_array_length(MAX_NONDET_ARRAY_LENGTH_DEFAULT),
+      max_nondet_tree_depth(MAX_NONDET_TREE_DEPTH),
+      max_user_array_length(0),
+      pointer_type_selector(std::move(pointer_type_selector))
+  {}
+
   java_bytecode_languaget():
-    max_nondet_array_length(MAX_NONDET_ARRAY_LENGTH_DEFAULT),
-    max_nondet_tree_depth(MAX_NONDET_TREE_DEPTH),
-    max_user_array_length(0)
-    {}
+    java_bytecode_languaget(
+      std::unique_ptr<select_pointer_typet>(new select_pointer_typet()))
+  {}
+
 
   bool from_expr(
     const exprt &expr,
@@ -123,6 +135,7 @@ class java_bytecode_languaget:public languaget
 
 protected:
   bool do_ci_lazy_method_conversion(symbol_tablet &, lazy_methodst &);
+  const select_pointer_typet &get_pointer_type_selector() const;
 
   irep_idt main_class;
   std::vector<irep_idt> main_jar_classes;
@@ -138,6 +151,9 @@ class java_bytecode_languaget:public languaget
   bool throw_runtime_exceptions;
   java_string_library_preprocesst string_preprocess;
   std::string java_cp_include_files;
+
+private:
+  const std::unique_ptr<const select_pointer_typet> pointer_type_selector;
 };
 
 languaget *new_java_bytecode_language();

From cbc49a4a696723e19baa178befd97f46e94ea946 Mon Sep 17 00:00:00 2001
From: thk123 <thomas@diffblue.com>
Date: Mon, 31 Jul 2017 17:00:53 +0100
Subject: [PATCH 588/699] Use the pointer_type_selector in lazy methods

When considering the types passed around, we perform a dry run on the
pointer substituion to see if there are other types we should be loading
for that specific pointer type
---
 src/java_bytecode/ci_lazy_methods.cpp        | 34 ++++++++++++++++++--
 src/java_bytecode/ci_lazy_methods.h          |  8 +++++
 src/java_bytecode/java_bytecode_language.cpp |  1 +
 3 files changed, 40 insertions(+), 3 deletions(-)

diff --git a/src/java_bytecode/ci_lazy_methods.cpp b/src/java_bytecode/ci_lazy_methods.cpp
index e3648a10570..41eab823e42 100644
--- a/src/java_bytecode/ci_lazy_methods.cpp
+++ b/src/java_bytecode/ci_lazy_methods.cpp
@@ -24,12 +24,14 @@ ci_lazy_methodst::ci_lazy_methodst(
   const std::vector<irep_idt> &main_jar_classes,
   const std::vector<irep_idt> &lazy_methods_extra_entry_points,
   java_class_loadert &java_class_loader,
+  const select_pointer_typet &pointer_type_selector,
   message_handlert &message_handler):
     messaget(message_handler),
     main_class(main_class),
     main_jar_classes(main_jar_classes),
     lazy_methods_extra_entry_points(lazy_methods_extra_entry_points),
-    java_class_loader(java_class_loader)
+    java_class_loader(java_class_loader),
+    pointer_type_selector(pointer_type_selector)
 {
   // build the class hierarclass_hierarchyy
   class_hierarchy(symbol_table);
@@ -266,7 +268,7 @@ void ci_lazy_methodst::initialize_needed_classes(
       if(param.type().id()==ID_pointer)
       {
         const pointer_typet &original_pointer=to_pointer_type(param.type());
-        initialize_needed_classes_from_pointer(
+        initialize_all_needed_classes_from_pointer(
           original_pointer, ns, lazy_methods);
       }
     }
@@ -280,6 +282,32 @@ void ci_lazy_methodst::initialize_needed_classes(
   lazy_methods.add_needed_class("java::java.lang.Object");
 }
 
+/// Build up list of methods for types for a pointer and any types it
+/// might be subsituted for. See
+/// `initialize_needed_classes` for more details.
+/// \param pointer_type: The type to gather methods for.
+/// \param ns: global namespace
+/// \param [out] lazy_methods: Populated with all Java reference types whose
+///   references may be passed, directly or indirectly, to any of the functions
+///   in `entry_points
+void ci_lazy_methodst::initialize_all_needed_classes_from_pointer(
+  const pointer_typet &pointer_type,
+  const namespacet &ns,
+  ci_lazy_methods_neededt &lazy_methods)
+{
+  initialize_needed_classes_from_pointer(
+    pointer_type, ns, lazy_methods);
+
+  const pointer_typet &subbed_pointer_type=
+    pointer_type_selector.convert_pointer_type(pointer_type, ns);
+
+  if(subbed_pointer_type!=pointer_type)
+  {
+    initialize_needed_classes_from_pointer(
+      subbed_pointer_type, ns, lazy_methods);
+  }
+}
+
 /// Build up list of methods for types for a specific pointer type. See
 /// `initialize_needed_classes` for more details.
 /// \param pointer_type: The type to gather methods for.
@@ -440,7 +468,7 @@ void ci_lazy_methodst::gather_field_types(
       // Skip array primitive pointers, for example:
       if(field.type().subtype().id()!=ID_symbol)
         continue;
-      initialize_needed_classes_from_pointer(
+      initialize_all_needed_classes_from_pointer(
         to_pointer_type(field.type()), ns, lazy_methods);
     }
   }
diff --git a/src/java_bytecode/ci_lazy_methods.h b/src/java_bytecode/ci_lazy_methods.h
index 8c83dfdccb7..f910abf2bb8 100644
--- a/src/java_bytecode/ci_lazy_methods.h
+++ b/src/java_bytecode/ci_lazy_methods.h
@@ -22,6 +22,7 @@
 #include <java_bytecode/java_bytecode_parse_tree.h>
 #include <java_bytecode/java_class_loader.h>
 #include <java_bytecode/ci_lazy_methods_needed.h>
+#include <java_bytecode/select_pointer_type.h>
 
 class java_string_library_preprocesst;
 
@@ -47,6 +48,7 @@ class ci_lazy_methodst:public messaget
     const std::vector<irep_idt> &main_jar_classes,
     const std::vector<irep_idt> &lazy_methods_extra_entry_points,
     java_class_loadert &java_class_loader,
+    const select_pointer_typet &pointer_type_selector,
     message_handlert &message_handler);
 
   // not const since messaget
@@ -65,6 +67,11 @@ class ci_lazy_methodst:public messaget
     const namespacet &ns,
     ci_lazy_methods_neededt &lazy_methods);
 
+  void initialize_all_needed_classes_from_pointer(
+    const pointer_typet &pointer_type,
+    const namespacet &ns,
+    ci_lazy_methods_neededt &lazy_methods);
+
   void initialize_needed_classes_from_pointer(
     const pointer_typet &pointer_type,
     const namespacet &ns,
@@ -104,6 +111,7 @@ class ci_lazy_methodst:public messaget
   std::vector<irep_idt> main_jar_classes;
   std::vector<irep_idt> lazy_methods_extra_entry_points;
   java_class_loadert &java_class_loader;
+  const select_pointer_typet &pointer_type_selector;
 };
 
 #endif // CPROVER_JAVA_BYTECODE_GATHER_METHODS_LAZILY_H
diff --git a/src/java_bytecode/java_bytecode_language.cpp b/src/java_bytecode/java_bytecode_language.cpp
index a2a0fca87a3..5f01a4f6e92 100644
--- a/src/java_bytecode/java_bytecode_language.cpp
+++ b/src/java_bytecode/java_bytecode_language.cpp
@@ -276,6 +276,7 @@ bool java_bytecode_languaget::do_ci_lazy_method_conversion(
     main_jar_classes,
     lazy_methods_extra_entry_points,
     java_class_loader,
+    get_pointer_type_selector(),
     get_message_handler());
 
   return method_gather(symbol_table, lazy_methods, method_converter);

From 49f096c685660723f4bee9b1bb6eaef409bb8295 Mon Sep 17 00:00:00 2001
From: Cesar Rodriguez <cesar.rodriguez@diffblue.com>
Date: Mon, 14 Aug 2017 15:36:14 +0100
Subject: [PATCH 589/699] Refactoring + documentation

- Fields of class java_class_loadert reorganized and documented.
---
 src/java_bytecode/java_class_loader.cpp |  5 ++-
 src/java_bytecode/java_class_loader.h   | 46 ++++++++++++++++++-------
 2 files changed, 38 insertions(+), 13 deletions(-)

diff --git a/src/java_bytecode/java_class_loader.cpp b/src/java_bytecode/java_class_loader.cpp
index 0d643602906..675e137227c 100644
--- a/src/java_bytecode/java_class_loader.cpp
+++ b/src/java_bytecode/java_class_loader.cpp
@@ -188,6 +188,8 @@ void java_class_loadert::read_jar_file(
   if(jar_map.find(file)!=jar_map.end())
     return;
 
+  // read the .jar file, store it in memory and return a jar_filet representing
+  // it
   jar_filet &jar_file=jar_pool(class_loader_limit, id2string(file));
 
   if(!jar_file)
@@ -198,8 +200,9 @@ void java_class_loadert::read_jar_file(
 
   debug() << "adding JAR file `" << file << "'" << eom;
 
+  // create a new entry in the map and initialize using the list of file names
+  // that were retained in the jar_filet by the class_loader_limit filter
   auto &jm=jar_map[file];
-
   for(auto &jar_entry : jar_file.filtered_jar)
   {
     std::string file_name=id2string(jar_entry.first);
diff --git a/src/java_bytecode/java_class_loader.h b/src/java_bytecode/java_class_loader.h
index f6996fb2efd..62edb0d4842 100644
--- a/src/java_bytecode/java_class_loader.h
+++ b/src/java_bytecode/java_class_loader.h
@@ -27,10 +27,6 @@ class java_class_loadert:public messaget
 
   void set_java_cp_include_files(std::string &);
 
-  // maps class names to the parse trees
-  typedef std::map<irep_idt, java_bytecode_parse_treet> class_mapt;
-  class_mapt class_map;
-
   static std::string file_to_class_name(const std::string &);
   static std::string class_name_to_file(const irep_idt &);
 
@@ -41,8 +37,30 @@ class java_class_loadert:public messaget
 
   void load_entire_jar(java_class_loader_limitt &, const std::string &f);
 
+  void read_jar_file(java_class_loader_limitt &, const irep_idt &);
+
+  /// Given a \p class_name (e.g. "java.lang.Thread") try to load the
+  /// corresponding .class file by first scanning all .jar files whose
+  /// pathname is stored in \ref jar_files, and if that doesn't work, then scan
+  /// the actual filesystem using `config.java.classpath` as class path. Uses
+  /// \p limit to limit the class files that it might (directly or indirectly)
+  /// load and returns a default-constructed parse tree when unable to find the
+  /// .class file.
+  java_bytecode_parse_treet &get_parse_tree(
+    java_class_loader_limitt &limit, const irep_idt &class_name);
+
+  /// Maps class names to the bytecode parse trees.
+  typedef std::map<irep_idt, java_bytecode_parse_treet> class_mapt;
+  class_mapt class_map;
+
+  /// Maps .jar filesystem paths to jar_filet objects (stored inside).
+  /// Responsible for loading new jar files when they are first referenced.
   jar_poolt jar_pool;
 
+  /// An object of this class represents the information of _a single JAR file_
+  /// that is relevant for a class loader: a map associating logical class names
+  /// with with handles (struct entryt) that describe one .class file inside the
+  /// JAR. Currently the handle only contains the name of the .class file.
   class jar_map_entryt
   {
   public:
@@ -51,22 +69,26 @@ class java_class_loadert:public messaget
       std::string class_file_name;
     };
 
-    // class name to index map
+    /// Maps class names to jar file entries.
     typedef std::map<irep_idt, entryt> entriest;
     entriest entries;
   };
 
-  // maps jar files to maps of class names
+  /// Maps .jar filesystem paths to .class file descriptors (see
+  /// jar_map_entryt).
   typedef std::map<irep_idt, jar_map_entryt> jar_mapt;
   jar_mapt jar_map;
 
-  void read_jar_file(java_class_loader_limitt &, const irep_idt &);
-
-  // get a parse tree for given class
-  java_bytecode_parse_treet &get_parse_tree(
-    java_class_loader_limitt &, const irep_idt &);
-
+  /// List of filesystem paths to .jar files that will be used, in the given
+  /// order, to find and load a class, provided its name (see \ref
+  /// get_parse_tree).
   std::list<std::string> jar_files;
+
+  /// Either a regular expression matching files that will be allowed to be
+  /// loaded or a string of the form `@PATH` where PATH is the file path of a
+  /// json file storing an explicit list of files allowed to be loaded. See
+  /// java_class_loader_limitt::setup_class_load_limit() for further
+  /// information.
   std::string java_cp_include_files;
 };
 

From ffa9b55cb49fb7c41868fd4e6d6b91b5d6431997 Mon Sep 17 00:00:00 2001
From: Cesar Rodriguez <cesar.rodriguez@diffblue.com>
Date: Mon, 14 Aug 2017 15:38:02 +0100
Subject: [PATCH 590/699] Documentation + assert -> INVARIANT

---
 src/java_bytecode/jar_file.cpp | 17 +++++++++++++--
 src/java_bytecode/jar_file.h   | 40 +++++++++++++++++++++++++++++-----
 2 files changed, 50 insertions(+), 7 deletions(-)

diff --git a/src/java_bytecode/jar_file.cpp b/src/java_bytecode/jar_file.cpp
index 26bb1a9de50..bc065d7a0e9 100644
--- a/src/java_bytecode/jar_file.cpp
+++ b/src/java_bytecode/jar_file.cpp
@@ -9,11 +9,11 @@ Author: Daniel Kroening, kroening@kroening.com
 #include "jar_file.h"
 
 #include <cstring>
-#include <cassert>
 #include <unordered_set>
 
 #include <json/json_parser.h>
 #include <util/suffix.h>
+#include <util/invariant.h>
 
 void jar_filet::open(
   java_class_loader_limitt &class_loader_limit,
@@ -33,12 +33,25 @@ void jar_filet::open(
 
     for(std::size_t i=0; i<number_of_files; i++)
     {
+      // get the length of the filename, including the trailing \0
       mz_uint filename_length=mz_zip_reader_get_filename(&zip, i, nullptr, 0);
       char *filename_char=new char[filename_length+1];
+      INVARIANT(filename_length>=1, "buffer size must include trailing \\0");
+
+      // read and convert to std::string
       mz_uint filename_len=
         mz_zip_reader_get_filename(&zip, i, filename_char, filename_length);
-      assert(filename_length==filename_len);
+      INVARIANT(
+        filename_length==filename_len,
+        "buffer size was incorrectly pre-computed");
       std::string file_name(filename_char);
+#if DEBUG
+      debug()
+        << "jar_filet.open: idx " << i
+        << " len " << filename_len
+        << " filename '" << filename_char << "'" << eom;
+#endif
+      INVARIANT(file_name.size()==filename_len-1, "no \\0 found in file name");
 
       // non-class files are loaded in any case
       bool add_file=!has_suffix(file_name, ".class");
diff --git a/src/java_bytecode/jar_file.h b/src/java_bytecode/jar_file.h
index 819acf336fd..cc7c8f5118a 100644
--- a/src/java_bytecode/jar_file.h
+++ b/src/java_bytecode/jar_file.h
@@ -23,6 +23,12 @@ Author: Daniel Kroening, kroening@kroening.com
 
 #include "java_class_loader_limit.h"
 
+/// An in-memory representation of a JAR file, consisting of a handler to a zip
+/// file (field \ref zip) and a map from file names inside the zip file to the
+/// index they occupy in the root directory (field \ref filtered_jar).
+///
+/// Both fields are initialize by a call to open(). Method get_entry() reads a
+/// file from the zip and returns it.
 class jar_filet:public messaget
 {
 public:
@@ -30,25 +36,49 @@ class jar_filet:public messaget
 
   ~jar_filet();
 
-  void open(java_class_loader_limitt &, const std::string &);
+  /// Initializes \ref zip to store the JAR file pointed by \p filepath and
+  /// loads the map \ref filtered_jar with the .class names allowed by \p limit.
+  void open(java_class_loader_limitt &limit, const std::string &filepath);
 
-  // Test for error; 'true' means we are good.
+  /// Test for error; 'true' means we are good.
   explicit operator bool() const { return mz_ok; }
 
-  // map internal index to real index in jar central directory
+  /// Reads the \ref zip field and returns a string storing the data contained
+  /// in file \p name.
+  std::string get_entry(const irep_idt &name);
+
+  /// Maps the names of the files stored in the JAR file to the index they
+  /// occupy (starting from 0) in the JAR central directory.  Populated by
+  /// method open() above.
   typedef std::map<irep_idt, size_t> filtered_jart;
   filtered_jart filtered_jar;
 
-  std::string get_entry(const irep_idt &);
-
   typedef std::map<std::string, std::string> manifestt;
   manifestt get_manifest();
 
 protected:
+
+  /// A handle representing the zip file
   mz_zip_archive zip;
+
+  /// True iff the \ref zip field has been correctly initialized with a JAR file
   bool mz_ok;
 };
 
+/// A pool of jar_filet objects, indexed by the filesystem path name used to
+/// load that jar_filet.
+///
+/// The state of the class is maintained by the field \ref file_map, a std::map
+/// associating the path of a .jar file with its in-memory representation.
+/// A call to
+///
+/// ```
+///   operator()(limit, path)
+/// ```
+///
+/// will either return a previously loaded jar_filet, if it is found in the map,
+/// or will load that file (using jar_filet::open) and return a newly created
+/// jar_filet.
 class jar_poolt:public messaget
 {
 public:

From 81e821c74b91564d3db399c7206eaf03c3490b63 Mon Sep 17 00:00:00 2001
From: Cesar Rodriguez <cesar.rodriguez@diffblue.com>
Date: Mon, 14 Aug 2017 15:38:38 +0100
Subject: [PATCH 591/699] Unused field

- field jar_filet::java_cp_include_files is not initialized nor used.
---
 src/java_bytecode/jar_file.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/java_bytecode/jar_file.h b/src/java_bytecode/jar_file.h
index cc7c8f5118a..636e3354fae 100644
--- a/src/java_bytecode/jar_file.h
+++ b/src/java_bytecode/jar_file.h
@@ -99,9 +99,9 @@ class jar_poolt:public messaget
   }
 
 protected:
+  /// A map from filesystem paths to jar_filet objects
   typedef std::map<std::string, jar_filet> file_mapt;
   file_mapt file_map;
-  std::string java_cp_include_files;
 };
 
 #endif // CPROVER_JAVA_BYTECODE_JAR_FILE_H

From 5c66a46a9f629a19dde76b1b06479ea1a6e1d301 Mon Sep 17 00:00:00 2001
From: Cesar Rodriguez <cesar.rodriguez@diffblue.com>
Date: Mon, 14 Aug 2017 15:42:34 +0100
Subject: [PATCH 592/699] Documentation

- Many thanks to Michael Tautschnig for clarifying the behavior of some of the
  documented methods.
---
 .../java_bytecode_convert_class.cpp           |  2 +
 .../java_bytecode_convert_method.cpp          | 41 ++++++++++++++-----
 src/java_bytecode/java_bytecode_language.cpp  |  6 ++-
 src/util/namespace.h                          | 18 +++++++-
 4 files changed, 52 insertions(+), 15 deletions(-)

diff --git a/src/java_bytecode/java_bytecode_convert_class.cpp b/src/java_bytecode/java_bytecode_convert_class.cpp
index 27da5e60807..330c3712a45 100644
--- a/src/java_bytecode/java_bytecode_convert_class.cpp
+++ b/src/java_bytecode/java_bytecode_convert_class.cpp
@@ -237,6 +237,8 @@ void java_bytecode_convert_classt::convert(
   }
 }
 
+/// Register in the symbol table new symbols for the objects
+/// java::array[X] where X is byte, float, int, char...
 void java_bytecode_convert_classt::add_array_types()
 {
   const std::string letters="ijsbcfdza";
diff --git a/src/java_bytecode/java_bytecode_convert_method.cpp b/src/java_bytecode/java_bytecode_convert_method.cpp
index d57cdeced7d..bce7a749af6 100644
--- a/src/java_bytecode/java_bytecode_convert_method.cpp
+++ b/src/java_bytecode/java_bytecode_convert_method.cpp
@@ -67,11 +67,15 @@ class patternt
   const char *p;
 };
 
-/// See above
-/// \par parameters: `ftype`: Function type whose parameters should be named
-/// `name_prefix`: Prefix for parameter names, typically the parent function's
-///   name.
-/// `symbol_table`: Global symbol table
+/// Iterates through the parameters of the function type \p ftype, finds a new
+/// new name for each parameter and renames them in `ftype.parameters()` as
+/// well as in the \p symbol_table.
+/// \param[in,out] ftype:
+///   Function type whose parameters should be named.
+/// \param name_prefix:
+///   Prefix for parameter names, typically the parent function's name.
+/// \param[in,out] symbol_table:
+///   Global symbol table.
 /// \return Assigns parameter names (side-effects on `ftype`) to function stub
 ///   parameters, which are initially nameless as method conversion hasn't
 ///   happened. Also creates symbols in `symbol_table`.
@@ -1409,8 +1413,12 @@ codet java_bytecode_convert_methodt::convert_instructions(
 
       assert(arg0.id()==ID_virtual_function);
 
-      // if we don't have a definition for the called symbol, and we won't
-      // inherit a definition from a super-class, create a stub.
+      // If we don't have a definition for the called symbol, and we won't
+      // inherit a definition from a super-class, we create a new symbol and
+      // insert it in the symbol table. The name and type of the method are
+      // derived from the information we have in the call.
+      // The access attribute is arbitrarily fixed to ID_public, as we have no
+      // way to know.
       irep_idt id=arg0.get(ID_identifier);
       if(symbol_table.symbols.find(id)==symbol_table.symbols.end() &&
          !(is_virtual && is_method_inherited(arg0.get(ID_C_class), arg0.get(ID_component_name))))
@@ -2729,6 +2737,9 @@ void java_bytecode_convert_method(
   java_bytecode_convert_method(class_symbol, method);
 }
 
+/// Returns true iff method \p methodid from class \p classname is
+/// a method inherited from a class (and not an interface!) from which
+/// \p classname inherits, either directly or indirectly.
 bool java_bytecode_convert_methodt::is_method_inherited(
   const irep_idt &classname, const irep_idt &methodid) const
 {
@@ -2736,6 +2747,10 @@ bool java_bytecode_convert_methodt::is_method_inherited(
   const resolve_concrete_function_callt ::concrete_function_callt &
     resolved_call=call_resolver(classname, methodid);
 
+  // resolved_call is a pair (class-name, method-name) found by walking the
+  // chain of class inheritance (not interfaces!) and stopping on the first
+  // class that contains a method of equal name and type to `methodid`
+
   if(resolved_call.is_valid())
   {
     const symbolt &function_symbol=
@@ -2746,6 +2761,8 @@ bool java_bytecode_convert_methodt::is_method_inherited(
     const auto &access=function_symbol.type.get(ID_access);
     if(access==ID_public || access==ID_protected)
     {
+      // since the method is public, it is a public method of `classname`, it is
+      // inherited
       return true;
     }
 
@@ -2762,10 +2779,12 @@ bool java_bytecode_convert_methodt::is_method_inherited(
 
     if(access==ID_private)
     {
-      // This is somewhat contentious: previously this code would keep walking
-      // up the parent if it found a private function. But this isn't what Java
-      // appears to do. If a private method is found then that becomes the
-      // virtual signuate and blocks access to the parent class
+      // We return false because the method found by the call_resolver above
+      // proves that `methodid` cannot be inherited (assuming that the original
+      // Java code compiles). This is because, as we walk the inheritance chain
+      // for `classname` from Object to `classname`, a method can only become
+      // "more accessible". So, if the last occurrence is private, all others
+      // before must be private as well, and none is inherited in `classname`.
       return false;
     }
 
diff --git a/src/java_bytecode/java_bytecode_language.cpp b/src/java_bytecode/java_bytecode_language.cpp
index 9f7d206a278..48d866e1bac 100644
--- a/src/java_bytecode/java_bytecode_language.cpp
+++ b/src/java_bytecode/java_bytecode_language.cpp
@@ -132,23 +132,25 @@ bool java_bytecode_languaget::parse(
   }
   else if(has_suffix(path, ".jar"))
   {
+    // build an object to potentially limit which classes are loaded
     java_class_loader_limitt class_loader_limit(
       get_message_handler(),
       java_cp_include_files);
     if(config.java.main_class.empty())
     {
-      // Does it have a main class set in the manifest?
+      // load the .jar file and retrieve its manifest
       jar_filet::manifestt manifest=
         java_class_loader.jar_pool(class_loader_limit, path).get_manifest();
       std::string manifest_main_class=manifest["Main-Class"];
 
+      // if the manifest declares a Main-Class line, we got a main class
       if(manifest_main_class!="")
         main_class=manifest_main_class;
     }
     else
       main_class=config.java.main_class;
 
-    // Do we have one now?
+    // do we have one now?
     if(main_class.empty())
     {
       status() << "JAR file without entry point: loading class files" << eom;
diff --git a/src/util/namespace.h b/src/util/namespace.h
index a3b9f3827c6..a72a3ba8a19 100644
--- a/src/util/namespace.h
+++ b/src/util/namespace.h
@@ -52,8 +52,19 @@ class namespace_baset
   const typet &follow_tag(const struct_tag_typet &src) const;
   const typet &follow_tag(const c_enum_tag_typet &src) const;
 
-  // these do the actual lookup
+  /// Returns the maximum integer n such that there is a symbol (in some of the
+  /// symbol tables) whose name is of the form "AB" where A is \p prefix and B
+  /// is n.  Symbols where B is not a number count as if B was equal to 0.
+  /// The intended use case is finding the next available symbol name for a
+  /// sequence of auto-generated symbols.
   virtual unsigned get_max(const std::string &prefix) const=0;
+
+  /// Searches for a symbol named \p name. Iff found, set \p symbol to point to
+  /// the symbol and return false; else \p symbol is unmodified and `true` is
+  /// returned. With multiple symbol tables, `symbol_table1` is searched first
+  /// and then symbol_table2.
+  /// \return False iff the requested symbol is found in at least one of the
+  /// tables.
   virtual bool lookup(const irep_idt &name, const symbolt *&symbol) const=0;
 };
 
@@ -84,8 +95,11 @@ class namespacet:public namespace_baset
 
   using namespace_baset::lookup;
 
-  // these do the actual lookup
+  /// See namespace_baset::lookup(). Note that \ref namespacet has two symbol
+  /// tables.
   virtual bool lookup(const irep_idt &name, const symbolt *&symbol) const;
+
+  /// See documentation for namespace_baset::get_max().
   virtual unsigned get_max(const std::string &prefix) const;
 
   const symbol_tablet &get_symbol_table() const

From 32889877e987d3a739eef3eb066edd9d646f060c Mon Sep 17 00:00:00 2001
From: Cesar Rodriguez <cesar.rodriguez@diffblue.com>
Date: Mon, 14 Aug 2017 15:43:42 +0100
Subject: [PATCH 593/699] Improved debug output

---
 src/java_bytecode/jar_file.h                       | 1 -
 src/java_bytecode/java_bytecode_convert_class.cpp  | 5 +++++
 src/java_bytecode/java_bytecode_convert_method.cpp | 9 +++++++--
 src/java_bytecode/java_bytecode_language.cpp       | 2 --
 4 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/src/java_bytecode/jar_file.h b/src/java_bytecode/jar_file.h
index 636e3354fae..e67f068fe50 100644
--- a/src/java_bytecode/jar_file.h
+++ b/src/java_bytecode/jar_file.h
@@ -57,7 +57,6 @@ class jar_filet:public messaget
   manifestt get_manifest();
 
 protected:
-
   /// A handle representing the zip file
   mz_zip_archive zip;
 
diff --git a/src/java_bytecode/java_bytecode_convert_class.cpp b/src/java_bytecode/java_bytecode_convert_class.cpp
index 330c3712a45..d3d832a492b 100644
--- a/src/java_bytecode/java_bytecode_convert_class.cpp
+++ b/src/java_bytecode/java_bytecode_convert_class.cpp
@@ -144,6 +144,7 @@ void java_bytecode_convert_classt::convert(const classt &c)
   symbolt *class_symbol;
 
   // add before we do members
+  debug() << "Adding symbol: class '" << c.name << "'" << eom;
   if(symbol_table.move(new_symbol, class_symbol))
   {
     error() << "failed to add class symbol " << new_symbol.name << eom;
@@ -152,7 +153,10 @@ void java_bytecode_convert_classt::convert(const classt &c)
 
   // now do fields
   for(const auto &field : c.fields)
+  {
+    debug() << "Adding symbol:  field '" << field.name << "'" << eom;
     convert(*class_symbol, field);
+  }
 
   // now do methods
   for(const auto &method : c.methods)
@@ -163,6 +167,7 @@ void java_bytecode_convert_classt::convert(const classt &c)
       ":"+method.signature;
     // Always run the lazy pre-stage, as it symbol-table
     // registers the function.
+    debug() << "Adding symbol:  method '" << method_identifier << "'" << eom;
     java_bytecode_convert_method_lazy(
       *class_symbol,
       method_identifier,
diff --git a/src/java_bytecode/java_bytecode_convert_method.cpp b/src/java_bytecode/java_bytecode_convert_method.cpp
index bce7a749af6..61a85527100 100644
--- a/src/java_bytecode/java_bytecode_convert_method.cpp
+++ b/src/java_bytecode/java_bytecode_convert_method.cpp
@@ -707,7 +707,8 @@ code_blockt &java_bytecode_convert_methodt::get_or_create_block_for_pcrange(
     {
       if(p<(*findstart) || p>=findlim_block_start_address)
       {
-        debug() << "Warning: refusing to create lexical block spanning "
+        debug() << "Generating codet:  "
+                << "warning: refusing to create lexical block spanning "
                 << (*findstart) << "-" << findlim_block_start_address
                 << " due to incoming edge " << p << " -> "
                 << checkit->first << eom;
@@ -729,7 +730,8 @@ code_blockt &java_bytecode_convert_methodt::get_or_create_block_for_pcrange(
   code_blockt &newblock=to_code_block(newlabel.code());
   auto nblocks=std::distance(findstart, findlim);
   assert(nblocks>=2);
-  debug() << "Combining " << std::distance(findstart, findlim)
+  debug() << "Generating codet:  combining "
+          << std::distance(findstart, findlim)
           << " blocks for addresses " << (*findstart) << "-"
           << findlim_block_start_address << eom;
 
@@ -1437,6 +1439,9 @@ codet java_bytecode_convert_methodt::convert_instructions(
           symbol.name,
           symbol_table);
 
+        debug()
+          << "Generating codet:  new opaque symbol: method '"
+          << symbol.name << "'" << eom;
         symbol_table.add(symbol);
       }
 
diff --git a/src/java_bytecode/java_bytecode_language.cpp b/src/java_bytecode/java_bytecode_language.cpp
index 48d866e1bac..7e4cef178d7 100644
--- a/src/java_bytecode/java_bytecode_language.cpp
+++ b/src/java_bytecode/java_bytecode_language.cpp
@@ -189,8 +189,6 @@ bool java_bytecode_languaget::typecheck(
     if(c_it->second.parsed_class.name.empty())
       continue;
 
-    debug() << "Generating class/member symbols: " << c_it->first << eom;
-
     if(java_bytecode_convert_class(
          c_it->second,
          symbol_table,

From 6ce5414c7191c60a7eab2f8ebb08d3723cd6563e Mon Sep 17 00:00:00 2001
From: Cesar Rodriguez <cesar.rodriguez@diffblue.com>
Date: Mon, 14 Aug 2017 15:44:23 +0100
Subject: [PATCH 594/699] Method add_array_types is now static

- This method registers in the symbol table new symbols for the objects
 java::array[X] where X is byte, float, int, char and so one. It was previously
 executed one time for each class that converted from bytecode to codet. We now
 call it from java_bytecode_languaget::operator() and make sure it doesn't
 execute more than once.
---
 .../java_bytecode_convert_class.cpp           | 24 +++++++++++++++----
 .../java_bytecode_convert_class.h             |  1 +
 src/java_bytecode/java_bytecode_language.cpp  |  3 ++-
 3 files changed, 23 insertions(+), 5 deletions(-)

diff --git a/src/java_bytecode/java_bytecode_convert_class.cpp b/src/java_bytecode/java_bytecode_convert_class.cpp
index d3d832a492b..90a5aaa42bf 100644
--- a/src/java_bytecode/java_bytecode_convert_class.cpp
+++ b/src/java_bytecode/java_bytecode_convert_class.cpp
@@ -48,7 +48,8 @@ class java_bytecode_convert_classt:public messaget
 
   void operator()(const java_bytecode_parse_treet &parse_tree)
   {
-    add_array_types();
+    // add array types to the symbol table
+    add_array_types(symbol_table);
 
     bool loading_success=parse_tree.loading_successful;
     if(loading_success)
@@ -74,13 +75,22 @@ class java_bytecode_convert_classt:public messaget
   lazy_methods_modet lazy_methods_mode;
   java_string_library_preprocesst &string_preprocess;
 
+  /// This field will be initialized to false, and set to true when
+  /// add_array_types() is executed. It serves as a sentinel to make sure that
+  /// the code using this class calls add_array_types() at least once.
+  static bool add_array_types_executed;
+
   // conversion
   void convert(const classt &c);
   void convert(symbolt &class_symbol, const fieldt &f);
 
-  void add_array_types();
+  // see definition below for more info
+  static void add_array_types(symbol_tablet &symbol_table);
 };
 
+// initialization of static field
+bool java_bytecode_convert_classt::add_array_types_executed=false;
+
 void java_bytecode_convert_classt::convert(const classt &c)
 {
   std::string qualified_classname="java::"+id2string(c.name);
@@ -242,10 +252,16 @@ void java_bytecode_convert_classt::convert(
   }
 }
 
-/// Register in the symbol table new symbols for the objects
+/// Register in the \p symbol_table new symbols for the objects
 /// java::array[X] where X is byte, float, int, char...
-void java_bytecode_convert_classt::add_array_types()
+void java_bytecode_convert_classt::add_array_types(symbol_tablet &symbol_table)
 {
+  // this method only adds stuff to the symbol table, no need to execute it more
+  // than once
+  if(add_array_types_executed)
+    return;
+  add_array_types_executed=true;
+
   const std::string letters="ijsbcfdza";
 
   for(const char l : letters)
diff --git a/src/java_bytecode/java_bytecode_convert_class.h b/src/java_bytecode/java_bytecode_convert_class.h
index 60fd9ad4fdd..490372adf9d 100644
--- a/src/java_bytecode/java_bytecode_convert_class.h
+++ b/src/java_bytecode/java_bytecode_convert_class.h
@@ -18,6 +18,7 @@ Author: Daniel Kroening, kroening@kroening.com
 #include "java_bytecode_parse_tree.h"
 #include "java_bytecode_language.h"
 
+/// See class \ref java_bytecode_convert_classt
 bool java_bytecode_convert_class(
   const java_bytecode_parse_treet &parse_tree,
   symbol_tablet &symbol_table,
diff --git a/src/java_bytecode/java_bytecode_language.cpp b/src/java_bytecode/java_bytecode_language.cpp
index 7e4cef178d7..517200e85bc 100644
--- a/src/java_bytecode/java_bytecode_language.cpp
+++ b/src/java_bytecode/java_bytecode_language.cpp
@@ -180,7 +180,8 @@ bool java_bytecode_languaget::typecheck(
   if(string_refinement_enabled)
     string_preprocess.initialize_conversion_table();
 
-  // first convert all
+  // first generate a new struct symbol for each class and a new function symbol
+  // for every method
   for(java_class_loadert::class_mapt::const_iterator
       c_it=java_class_loader.class_map.begin();
       c_it!=java_class_loader.class_map.end();

From daeeca3ebf2d3404e826dbb61c1988c517b752d0 Mon Sep 17 00:00:00 2001
From: Cesar Rodriguez <cesar.rodriguez@diffblue.com>
Date: Mon, 14 Aug 2017 15:45:59 +0100
Subject: [PATCH 595/699] Bugfix: adding public visibility to opaque symbols

- During the conversion of bytecode to codet, when we discover a call to a
  method for which we don't have neither a symbol nor a body, we create a new
  symbol in the symbol table. Previously we didn't associate a visibility to its
  type. We now associated a public visibility. Not associating a visibility will
  cause an INVARIANT failure in is_method_inherited().
---
 .../java_bytecode_convert_method.cpp              | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/src/java_bytecode/java_bytecode_convert_method.cpp b/src/java_bytecode/java_bytecode_convert_method.cpp
index 61a85527100..1bf39b6f6b7 100644
--- a/src/java_bytecode/java_bytecode_convert_method.cpp
+++ b/src/java_bytecode/java_bytecode_convert_method.cpp
@@ -1419,8 +1419,18 @@ codet java_bytecode_convert_methodt::convert_instructions(
       // inherit a definition from a super-class, we create a new symbol and
       // insert it in the symbol table. The name and type of the method are
       // derived from the information we have in the call.
-      // The access attribute is arbitrarily fixed to ID_public, as we have no
-      // way to know.
+      // We fix the access attribute to ID_public, because of the following
+      // reasons:
+      // - We don't know the orignal access attribute and since the .class file
+      //   unavailable, we have no way to know.
+      // - Whatever it was, we assume that the bytecode we are translating
+      //   compiles correctly, so such a method has to be accessible from this
+      //   method.
+      // - We will never generate code that calls that method unless we
+      //   translate bytecode that calls that method. As a result we will never
+      //   generate code that may wrongly assume that such a method is
+      //   accessible if we assume that its access attribute is "more
+      //   accessible" than it actually is.
       irep_idt id=arg0.get(ID_identifier);
       if(symbol_table.symbols.find(id)==symbol_table.symbols.end() &&
          !(is_virtual && is_method_inherited(arg0.get(ID_C_class), arg0.get(ID_component_name))))
@@ -1432,6 +1442,7 @@ codet java_bytecode_convert_methodt::convert_instructions(
           id2string(arg0.get(ID_C_class)).substr(6)+"."+
           id2string(symbol.base_name)+"()";
         symbol.type=arg0.type();
+        symbol.type.set(ID_access, ID_public);
         symbol.value.make_nil();
         symbol.mode=ID_java;
         assign_parameter_names(

From 051ae492b7be18d3fe516e7c7aadb0a136c4a658 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Matthias=20G=C3=BCdemann?= <matthias.guedemann@diffblue.com>
Date: Mon, 26 Jun 2017 12:30:51 +0200
Subject: [PATCH 596/699] Add switch case number to source_location

---
 src/goto-programs/goto_convert.cpp | 20 +++++++++++++++++++-
 src/util/irep_ids.def              |  1 +
 src/util/source_location.h         | 11 +++++++++++
 3 files changed, 31 insertions(+), 1 deletion(-)

diff --git a/src/goto-programs/goto_convert.cpp b/src/goto-programs/goto_convert.cpp
index 022526863e4..50a7f91e23e 100644
--- a/src/goto-programs/goto_convert.cpp
+++ b/src/goto-programs/goto_convert.cpp
@@ -1258,6 +1258,19 @@ void goto_convertt::convert_switch(
 
   goto_programt tmp_cases;
 
+  // The case number represents which case this corresponds to in the sequence
+  // of case statements.
+  //
+  // switch (x)
+  // {
+  // case 2:  // case_number 1
+  //   ...;
+  // case 3:  // case_number 2
+  //   ...;
+  // case 10: // case_number 3
+  //   ...;
+  // }
+  size_t case_number=1;
   for(auto &case_pair : targets.cases)
   {
     const caset &case_ops=case_pair.second;
@@ -1266,10 +1279,15 @@ void goto_convertt::convert_switch(
 
     exprt guard_expr=case_guard(argument, case_ops);
 
+    source_locationt source_location=case_ops.front().find_source_location();
+    source_location.set_case_number(std::to_string(case_number));
+    case_number++;
+    guard_expr.add_source_location()=source_location;
+
     goto_programt::targett x=tmp_cases.add_instruction();
     x->make_goto(case_pair.first);
     x->guard.swap(guard_expr);
-    x->source_location=case_ops.front().find_source_location();
+    x->source_location=source_location;
   }
 
   {
diff --git a/src/util/irep_ids.def b/src/util/irep_ids.def
index 04eaa8a83d6..92457c747f3 100644
--- a/src/util/irep_ids.def
+++ b/src/util/irep_ids.def
@@ -817,6 +817,7 @@ IREP_ID_ONE(skip_initialize)
 IREP_ID_ONE(basic_block_covered_lines)
 IREP_ID_ONE(is_nondet_nullable)
 IREP_ID_ONE(array_replace)
+IREP_ID_ONE(switch_case_number)
 IREP_ID_ONE(java_array_access)
 IREP_ID_ONE(java_member_access)
 
diff --git a/src/util/source_location.h b/src/util/source_location.h
index 2485113a0b6..d09f8f2e36f 100644
--- a/src/util/source_location.h
+++ b/src/util/source_location.h
@@ -70,6 +70,11 @@ class source_locationt:public irept
     return get(ID_comment);
   }
 
+  const irep_idt &get_case_number() const
+  {
+    return get(ID_switch_case_number);
+  }
+
   const irep_idt &get_java_bytecode_index() const
   {
     return get(ID_java_bytecode_index);
@@ -130,6 +135,12 @@ class source_locationt:public irept
     set(ID_comment, comment);
   }
 
+  // for switch case number
+  void set_case_number(const irep_idt &number)
+  {
+    set(ID_switch_case_number, number);
+  }
+
   void set_java_bytecode_index(const irep_idt &index)
   {
     set(ID_java_bytecode_index, index);

From fdfd294f1a798ace0fe8e6fa5d10884cae06ab5e Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Thu, 10 Aug 2017 10:06:59 +0100
Subject: [PATCH 597/699] Removing unreachable and unused code in string
 constraint generation

---
 .../refinement/string_constraint_generator.h  |  15 ---
 .../string_constraint_generator_insert.cpp    |  35 -----
 .../string_constraint_generator_main.cpp      | 121 +-----------------
 .../string_constraint_generator_valueof.cpp   |  49 +------
 4 files changed, 8 insertions(+), 212 deletions(-)

diff --git a/src/solvers/refinement/string_constraint_generator.h b/src/solvers/refinement/string_constraint_generator.h
index 74f52c1a95f..f589933f4b0 100644
--- a/src/solvers/refinement/string_constraint_generator.h
+++ b/src/solvers/refinement/string_constraint_generator.h
@@ -73,8 +73,6 @@ class string_constraint_generatort: messaget
   symbol_exprt fresh_boolean(const irep_idt &prefix);
   string_exprt fresh_string(const refined_string_typet &type);
   string_exprt get_string_expr(const exprt &expr);
-  string_exprt convert_java_string_to_string_exprt(
-    const exprt &underlying);
   plus_exprt plus_exprt_with_overflow_check(const exprt &op1, const exprt &op2);
 
   // Maps unresolved symbols to the string_exprt that was created for them
@@ -198,8 +196,6 @@ class string_constraint_generatort: messaget
   string_exprt add_axioms_for_insert_double(
     const function_application_exprt &f);
   string_exprt add_axioms_for_insert_float(const function_application_exprt &f);
-  string_exprt add_axioms_for_insert_char_array(
-    const function_application_exprt &f);
   string_exprt add_axioms_from_literal(const function_application_exprt &f);
   string_exprt add_axioms_from_int(const function_application_exprt &f);
   string_exprt add_axioms_from_int(
@@ -222,12 +218,6 @@ class string_constraint_generatort: messaget
   string_exprt add_axioms_from_char(const function_application_exprt &f);
   string_exprt add_axioms_from_char(
     const exprt &i, const refined_string_typet &ref_type);
-  string_exprt add_axioms_from_char_array(const function_application_exprt &f);
-  string_exprt add_axioms_from_char_array(
-    const exprt &length,
-    const exprt &data,
-    const exprt &offset,
-    const exprt &count);
   exprt add_axioms_for_index_of(
     const string_exprt &str,
     const exprt &c,
@@ -296,13 +286,8 @@ class string_constraint_generatort: messaget
     const string_exprt &expr);
   string_exprt add_axioms_for_trim(const function_application_exprt &expr);
 
-  // Add axioms corresponding to the String.valueOf([CII) function
-  // TODO: not working correctly at the moment
-  string_exprt add_axioms_for_value_of(const function_application_exprt &f);
-
   string_exprt add_axioms_for_code_point(
     const exprt &code_point, const refined_string_typet &ref_type);
-  string_exprt add_axioms_for_java_char_array(const exprt &char_array);
   exprt add_axioms_for_char_pointer(const function_application_exprt &fun);
   string_exprt add_axioms_for_if(const if_exprt &expr);
   exprt add_axioms_for_char_literal(const function_application_exprt &f);
diff --git a/src/solvers/refinement/string_constraint_generator_insert.cpp b/src/solvers/refinement/string_constraint_generator_insert.cpp
index aabb2f0eb0a..85ba2837c80 100644
--- a/src/solvers/refinement/string_constraint_generator_insert.cpp
+++ b/src/solvers/refinement/string_constraint_generator_insert.cpp
@@ -139,38 +139,3 @@ string_exprt string_constraint_generatort::add_axioms_for_insert_float(
   string_exprt s2=add_axioms_for_string_of_float(args(f, 3)[2], ref_type);
   return add_axioms_for_insert(s1, s2, args(f, 3)[1]);
 }
-
-/// add axioms corresponding to the StringBuilder.insert:(I[CII) and
-/// StringBuilder.insert:(I[C) java functions
-/// \par parameters: function application with 4 arguments plus two optional
-///   arguments:
-/// a string, an offset index, a length, data array, an offset and a
-/// count
-/// \return a new string expression
-string_exprt string_constraint_generatort::add_axioms_for_insert_char_array(
-  const function_application_exprt &f)
-{
-  exprt offset;
-  exprt count;
-  if(f.arguments().size()==6)
-  {
-    offset=f.arguments()[4];
-    count=f.arguments()[5];
-  }
-  else
-  {
-    INVARIANT(
-      f.arguments().size()==4,
-      string_refinement_invariantt("f must have 4 or 6 arguments and the case "
-        "of 6 arguments is already handled"));
-    count=f.arguments()[2];
-    offset=from_integer(0, count.type());
-  }
-
-  string_exprt str=get_string_expr(f.arguments()[0]);
-  const exprt &length=f.arguments()[2];
-  const exprt &data=f.arguments()[3];
-  string_exprt arr=add_axioms_from_char_array(
-    length, data, offset, count);
-  return add_axioms_for_insert(str, arr, f.arguments()[1]);
-}
diff --git a/src/solvers/refinement/string_constraint_generator_main.cpp b/src/solvers/refinement/string_constraint_generator_main.cpp
index f768435506c..c9a9f4e4943 100644
--- a/src/solvers/refinement/string_constraint_generator_main.cpp
+++ b/src/solvers/refinement/string_constraint_generator_main.cpp
@@ -145,31 +145,6 @@ string_exprt string_constraint_generatort::get_string_expr(const exprt &expr)
   }
 }
 
-/// create a new string_exprt as a conversion of a java string
-/// \par parameters: a java string
-/// \return a string expression
-string_exprt string_constraint_generatort::convert_java_string_to_string_exprt(
-    const exprt &jls)
-{
-  PRECONDITION(jls.id()==ID_struct);
-
-  exprt length(to_struct_expr(jls).op1());
-  // TODO: Add assertion on the type.
-  // assert(length.type()==refined_string_typet::index_type());
-  exprt java_content(to_struct_expr(jls).op2());
-  if(java_content.id()==ID_address_of)
-  {
-    java_content=to_address_of_expr(java_content).object();
-  }
-  else
-  {
-    java_content=dereference_exprt(java_content, java_content.type());
-  }
-  refined_string_typet type(java_int_type(), java_char_type());
-
-  return string_exprt(length, java_content, type);
-}
-
 /// adds standard axioms about the length of the string and its content: * its
 /// length should be positive * it should not exceed max_string_length * if
 /// force_printable_characters is true then all characters should belong to the
@@ -333,8 +308,8 @@ exprt string_constraint_generatort::add_axioms_for_function_application(
     function_application_exprt new_expr(expr);
     // TODO: This part needs some improvement.
     // Stripping the symbol name is not a very robust process.
-    new_expr.function() = symbol_exprt(str_id.substr(0, pos+4));
-    new_expr.type() = refined_string_typet(java_int_type(), java_char_type());
+    new_expr.function()=symbol_exprt(str_id.substr(0, pos+4));
+    new_expr.type()=refined_string_typet(java_int_type(), java_char_type());
 
     auto res_it=function_application_cache.insert(std::make_pair(new_expr,
                                                                  nil_exprt()));
@@ -353,8 +328,8 @@ exprt string_constraint_generatort::add_axioms_for_function_application(
   if(pos!=std::string::npos)
   {
     function_application_exprt new_expr(expr);
-    new_expr.function() = symbol_exprt(str_id.substr(0, pos+4));
-    new_expr.type() = refined_string_typet(java_int_type(), java_char_type());
+    new_expr.function()=symbol_exprt(str_id.substr(0, pos+4));
+    new_expr.type()=refined_string_typet(java_int_type(), java_char_type());
 
     auto res_it=function_application_cache.insert(std::make_pair(new_expr,
                                                                  nil_exprt()));
@@ -452,10 +427,6 @@ exprt string_constraint_generatort::add_axioms_for_function_application(
     res=add_axioms_for_insert_double(expr);
   else if(id==ID_cprover_string_insert_float_func)
     res=add_axioms_for_insert_float(expr);
-#if 0
-  else if(id==ID_cprover_string_insert_char_array_func)
-    res=add_axioms_for_insert_char_array(expr);
-#endif
   else if(id==ID_cprover_string_substring_func)
     res=add_axioms_for_substring(expr);
   else if(id==ID_cprover_string_trim_func)
@@ -466,8 +437,6 @@ exprt string_constraint_generatort::add_axioms_for_function_application(
     res=add_axioms_for_to_upper_case(expr);
   else if(id==ID_cprover_string_char_set_func)
     res=add_axioms_for_char_set(expr);
-  else if(id==ID_cprover_string_value_of_func)
-    res=add_axioms_for_value_of(expr);
   else if(id==ID_cprover_string_empty_string_func)
     res=add_axioms_for_empty_string(expr);
   else if(id==ID_cprover_string_copy_func)
@@ -540,23 +509,6 @@ string_exprt string_constraint_generatort::add_axioms_for_copy(
   }
 }
 
-/// add axioms corresponding to the String.valueOf([C) java function
-/// \par parameters: an expression corresponding to a java object of type char
-///   array
-/// \return a new string expression
-string_exprt string_constraint_generatort::add_axioms_for_java_char_array(
-  const exprt &char_array)
-{
-  string_exprt res=fresh_string(
-    refined_string_typet(java_int_type(), java_char_type()));
-  exprt arr=to_address_of_expr(char_array).object();
-  exprt len=member_exprt(arr, "length", res.length().type());
-  exprt cont=member_exprt(arr, "data", res.content().type());
-  res.length()=len;
-  res.content()=cont;
-  return res;
-}
-
 /// for an expression of the form `array[0]` returns `array`
 /// \par parameters: an expression of type char
 /// \return an array expression
@@ -586,71 +538,6 @@ exprt string_constraint_generatort::add_axioms_for_length(
   return str.length();
 }
 
-/// add axioms stating that the content of the returned string equals to the
-/// content of the array argument, starting at offset and with `count`
-/// characters
-/// \par parameters: a length expression, an array expression, a offset index,
-///   and a
-/// count index
-/// \return a new string expression
-string_exprt string_constraint_generatort::add_axioms_from_char_array(
-  const exprt &length,
-  const exprt &data,
-  const exprt &offset,
-  const exprt &count)
-{
-  UNREACHABLE; // deprecated, we should use add_axioms_for_substring instead
-  const typet &char_type=to_array_type(data.type()).subtype();
-  const typet &index_type=length.type();
-  refined_string_typet ref_type(index_type, char_type);
-  string_exprt str=fresh_string(ref_type);
-
-  // We add axioms:
-  // a1 : forall q < count. str[q] = data[q+offset]
-  // a2 : |str| = count
-
-  symbol_exprt qvar=fresh_univ_index("QA_string_of_char_array", index_type);
-  exprt char_in_tab=data;
-  PRECONDITION(char_in_tab.id()==ID_index);
-  char_in_tab.op1()=plus_exprt_with_overflow_check(qvar, offset);
-
-  string_constraintt a1(qvar, count, equal_exprt(str[qvar], char_in_tab));
-  axioms.push_back(a1);
-  axioms.push_back(equal_exprt(str.length(), count));
-
-  return str;
-}
-
-/// add axioms corresponding to the String.<init>:(I[CII) and
-/// String.<init>:(I[C) java functions
-/// function application with 2 arguments and 2 additional optional
-/// \param arguments: length, char array, offset and count
-/// \return a new string expression
-string_exprt string_constraint_generatort::add_axioms_from_char_array(
-  const function_application_exprt &f)
-{
-  UNREACHABLE; // deprecated, we should use add_axioms_for_substring instead
-  exprt offset;
-  exprt count;
-  if(f.arguments().size()==4)
-  {
-    offset=f.arguments()[2];
-    count=f.arguments()[3];
-  }
-  else
-  {
-    INVARIANT(
-      f.arguments().size()==2,
-      string_refinement_invariantt("f must have 2 or 4 arguments and the case "
-        "of 4 arguments is already handled"));
-    count=f.arguments()[0];
-    offset=from_integer(0, count.type());
-  }
-  const exprt &tab_length=f.arguments()[0];
-  const exprt &data=f.arguments()[1];
-  return add_axioms_from_char_array(tab_length, data, offset, count);
-}
-
 /// expression true exactly when the index is positive
 /// \par parameters: an index expression
 /// \return a Boolean expression
diff --git a/src/solvers/refinement/string_constraint_generator_valueof.cpp b/src/solvers/refinement/string_constraint_generator_valueof.cpp
index 86522bf67fe..a728e052cbe 100644
--- a/src/solvers/refinement/string_constraint_generator_valueof.cpp
+++ b/src/solvers/refinement/string_constraint_generator_valueof.cpp
@@ -27,7 +27,7 @@ string_exprt string_constraint_generatort::add_axioms_from_int(
 {
   const refined_string_typet &ref_type=to_refined_string_type(expr.type());
   PRECONDITION(expr.arguments().size()>=1);
-  if (expr.arguments().size()==1)
+  if(expr.arguments().size()==1)
   {
     return add_axioms_from_int(expr.arguments()[0], ref_type);
   }
@@ -48,7 +48,7 @@ string_exprt string_constraint_generatort::add_axioms_from_long(
 {
   const refined_string_typet &ref_type=to_refined_string_type(expr.type());
   PRECONDITION(expr.arguments().size()>=1);
-  if (expr.arguments().size()==1)
+  if(expr.arguments().size()==1)
   {
     return add_axioms_from_int(expr.arguments()[0], ref_type);
   }
@@ -377,46 +377,6 @@ string_exprt string_constraint_generatort::add_axioms_from_char(
   return res;
 }
 
-/// Add axioms corresponding to the String.valueOf([C) and String.valueOf([CII)
-/// functions.
-/// \param f: function application with one or three arguments
-/// \return a new string expression
-string_exprt string_constraint_generatort::add_axioms_for_value_of(
-  const function_application_exprt &f)
-{
-  const function_application_exprt::argumentst &args=f.arguments();
-  if(args.size()==3)
-  {
-    const refined_string_typet &ref_type=to_refined_string_type(f.type());
-    string_exprt res=fresh_string(ref_type);
-    exprt char_array=args[0];
-    exprt offset=args[1];
-    exprt count=args[2];
-
-    // We add axioms:
-    // a1 : |res| = count
-    // a2 : forall idx<count, str[idx+offset]=res[idx]
-
-    string_exprt str=add_axioms_for_java_char_array(char_array);
-    axioms.push_back(res.axiom_for_has_length(count));
-
-    symbol_exprt idx=fresh_univ_index(
-      "QA_index_value_of", ref_type.get_index_type());
-    equal_exprt eq(str[plus_exprt(idx, offset)], res[idx]);
-    string_constraintt a2(idx, count, eq);
-    axioms.push_back(a2);
-    return res;
-  }
-  else
-  {
-    INVARIANT(
-      args.size()==1,
-      string_refinement_invariantt("f can only have 1 or 3 arguments and the "
-        "case of 3 has been handled"));
-    return add_axioms_for_java_char_array(args[0]);
-  }
-}
-
 /// Add axioms making the return value true if the given string is a correct
 /// number in the given radix
 /// \param str: string expression
@@ -428,8 +388,6 @@ void string_constraint_generatort::add_axioms_for_correct_number_format(
   const refined_string_typet &ref_type=to_refined_string_type(str.type());
   const typet &char_type=ref_type.get_char_type();
   const typet &index_type=ref_type.get_index_type();
-  exprt zero_char=constant_char('0', char_type);
-  exprt nine_char=constant_char('9', char_type);
   exprt minus_char=constant_char('-', char_type);
   exprt plus_char=constant_char('+', char_type);
 
@@ -665,7 +623,8 @@ exprt is_digit_with_radix_lower_case(
         binary_relation_exprt(chr, ID_le, nine_char)),
         and_exprt(
           binary_relation_exprt(chr, ID_ge, a_char),
-          binary_relation_exprt(chr, ID_lt, plus_exprt(a_char, radix_minus_ten))));
+          binary_relation_exprt(
+            chr, ID_lt, plus_exprt(a_char, radix_minus_ten))));
 
     return if_exprt(
       binary_relation_exprt(radix_char_type, ID_le, ten_char_type),

From 5ccdbea4fb06e748075c38cee0122f570e3f756b Mon Sep 17 00:00:00 2001
From: Peter Schrammel <peter.schrammel@diffblue.com>
Date: Thu, 17 Aug 2017 15:58:56 +0100
Subject: [PATCH 598/699] Replace simplify_index by simplify_expr

---
 src/goto-programs/json_goto_trace.cpp | 46 ++++++---------------------
 1 file changed, 10 insertions(+), 36 deletions(-)

diff --git a/src/goto-programs/json_goto_trace.cpp b/src/goto-programs/json_goto_trace.cpp
index 8327ee517a6..971e095f63a 100644
--- a/src/goto-programs/json_goto_trace.cpp
+++ b/src/goto-programs/json_goto_trace.cpp
@@ -17,6 +17,7 @@ Author: Daniel Kroening
 #include <util/arith_tools.h>
 #include <util/config.h>
 #include <util/invariant.h>
+#include <util/simplify_expr.h>
 
 #include <langapi/language_util.h>
 
@@ -64,42 +65,11 @@ void remove_pointer_offsets(exprt &src, const symbol_exprt &array_symbol)
       remove_pointer_offsets(op, array_symbol);
 }
 
-/// Simplify the expression in index as much as possible to try to get an
-/// unsigned constant.
-/// \param idx: an expression representing an index in an array
-/// \param out: a reference to an unsigned value of type size_t, which will hold
-///   the result of the simplification if it is successful
-/// \return Boolean flag that is true if the `idx` expression could not be
-///   simplified into a unsigned constant value.
-bool simplify_index(const exprt &idx, std::size_t &out)
-{
-  if(idx.id()==ID_constant)
-  {
-    std::string value_str(id2string(to_constant_expr(idx).get_value()));
-    mp_integer int_value=binary2integer(value_str, false);
-    if(int_value>std::numeric_limits<std::size_t>::max())
-      return true;
-    out=int_value.to_long();
-    return false;
-  }
-  else if(idx.id()==ID_plus)
-  {
-    std::size_t l, r;
-    if(!simplify_index(idx.op0(), l) && !simplify_index(idx.op1(), r))
-    {
-      out=l+r;
-      return false;
-    }
-  }
-
-  return true;
-}
-
 /// Simplify an expression before putting it in the json format
 /// \param src: an expression potentialy containing array accesses (index_expr)
 /// \return an expression similar in meaning to src but where array accesses
 ///   have been simplified
-exprt simplify_array_access(const exprt &src)
+exprt simplify_array_access(const exprt &src, const namespacet &ns)
 {
   if(src.id()==ID_index && to_index_expr(src).array().id()==ID_symbol)
   {
@@ -108,6 +78,7 @@ exprt simplify_array_access(const exprt &src)
     exprt simplified_index=to_index_expr(src).index();
     // We remove potential appearances of `pointer_offset(array_symbol)`
     remove_pointer_offsets(simplified_index, array_symbol);
+    simplified_index=simplify_expr(simplified_index, ns);
     return index_exprt(array_symbol, simplified_index);
   }
   else if(src.id()==ID_index && to_index_expr(src).array().id()==ID_array)
@@ -117,8 +88,10 @@ exprt simplify_array_access(const exprt &src)
     remove_pointer_offsets(index);
 
     // We look for an actual integer value for the index
-    std::size_t i;
-    if(!simplify_index(index, i))
+    index=simplify_expr(index, ns);
+    unsigned i;
+    if(index.id()==ID_constant &&
+       !to_unsigned_integer(to_constant_expr(index), i))
       return to_index_expr(src).array().operands()[i];
   }
   return src;
@@ -196,7 +169,7 @@ void convert(
         DATA_INVARIANT(
           step.full_lhs.is_not_nil(),
           "full_lhs in assignment must not be nil");
-        exprt simplified=simplify_array_access(step.full_lhs);
+        exprt simplified=simplify_array_access(step.full_lhs, ns);
         full_lhs_string=from_expr(ns, identifier, simplified);
 
         const symbolt *symbol;
@@ -210,7 +183,8 @@ void convert(
             type_string=from_type(ns, identifier, symbol->type);
 
           json_assignment["mode"]=json_stringt(id2string(symbol->mode));
-          exprt simplified=simplify_array_access(step.full_lhs_value);
+          exprt simplified=simplify_array_access(step.full_lhs_value, ns);
+
           full_lhs_value=json(simplified, ns, symbol->mode);
         }
         else

From ea73a2624376165f03f8f624184be298c10acea4 Mon Sep 17 00:00:00 2001
From: Peter Schrammel <peter.schrammel@diffblue.com>
Date: Thu, 17 Aug 2017 16:18:25 +0100
Subject: [PATCH 599/699] Consistently use ID_java_new_array for java arrays

---
 src/goto-programs/builtin_functions.cpp    | 18 +++++++++---------
 src/goto-symex/symex_assign.cpp            |  3 ++-
 src/goto-symex/symex_builtin_functions.cpp | 13 ++++++++++---
 3 files changed, 21 insertions(+), 13 deletions(-)

diff --git a/src/goto-programs/builtin_functions.cpp b/src/goto-programs/builtin_functions.cpp
index 02819706be3..9ea3ea49f2f 100644
--- a/src/goto-programs/builtin_functions.cpp
+++ b/src/goto-programs/builtin_functions.cpp
@@ -705,7 +705,7 @@ void goto_convertt::do_java_new_array(
   else
     allocate_data_type=data.type();
 
-  side_effect_exprt data_cpp_new_expr(ID_cpp_new_array, allocate_data_type);
+  side_effect_exprt data_java_new_expr(ID_java_new_array, allocate_data_type);
 
   // The instruction may specify a (hopefully small) upper bound on the
   // array size, in which case we allocate a fixed-length array that may
@@ -714,29 +714,29 @@ void goto_convertt::do_java_new_array(
   // backend.
   const irept size_bound=rhs.find(ID_length_upper_bound);
   if(size_bound.is_nil())
-    data_cpp_new_expr.set(ID_size, rhs.op0());
+    data_java_new_expr.set(ID_size, rhs.op0());
   else
-    data_cpp_new_expr.set(ID_size, size_bound);
+    data_java_new_expr.set(ID_size, size_bound);
 
   // Must directly assign the new array to a temporary
   // because goto-symex will notice `x=side_effect_exprt` but not
   // `x=typecast_exprt(side_effect_exprt(...))`
   symbol_exprt new_array_data_symbol=
     new_tmp_symbol(
-      data_cpp_new_expr.type(),
+      data_java_new_expr.type(),
       "new_array_data",
       dest,
       location)
     .symbol_expr();
   goto_programt::targett t_p2=dest.add_instruction(ASSIGN);
-  t_p2->code=code_assignt(new_array_data_symbol, data_cpp_new_expr);
+  t_p2->code=code_assignt(new_array_data_symbol, data_java_new_expr);
   t_p2->source_location=location;
 
   goto_programt::targett t_p=dest.add_instruction(ASSIGN);
-  exprt cast_cpp_new=new_array_data_symbol;
-  if(cast_cpp_new.type()!=data.type())
-    cast_cpp_new=typecast_exprt(cast_cpp_new, data.type());
-  t_p->code=code_assignt(data, cast_cpp_new);
+  exprt cast_java_new=new_array_data_symbol;
+  if(cast_java_new.type()!=data.type())
+    cast_java_new=typecast_exprt(cast_java_new, data.type());
+  t_p->code=code_assignt(data, cast_java_new);
   t_p->source_location=location;
 
   // zero-initialize the data
diff --git a/src/goto-symex/symex_assign.cpp b/src/goto-symex/symex_assign.cpp
index a403ff3a129..01c09f400bd 100644
--- a/src/goto-symex/symex_assign.cpp
+++ b/src/goto-symex/symex_assign.cpp
@@ -60,7 +60,8 @@ void goto_symext::symex_assign(
       throw "symex_assign: unexpected function call: "+id2string(identifier);
     }
     else if(statement==ID_cpp_new ||
-            statement==ID_cpp_new_array)
+            statement==ID_cpp_new_array ||
+            statement==ID_java_new_array)
       symex_cpp_new(state, lhs, side_effect_expr);
     else if(statement==ID_malloc)
       symex_malloc(state, lhs, side_effect_expr);
diff --git a/src/goto-symex/symex_builtin_functions.cpp b/src/goto-symex/symex_builtin_functions.cpp
index d6e9fd416d8..e1ae7972377 100644
--- a/src/goto-symex/symex_builtin_functions.cpp
+++ b/src/goto-symex/symex_builtin_functions.cpp
@@ -23,7 +23,7 @@ Author: Daniel Kroening, kroening@kroening.com
 #include <util/simplify_expr.h>
 #include <util/prefix.h>
 #include <util/string2int.h>
-
+#include <util/invariant_utils.h>
 #include <util/c_types.h>
 
 #include <linking/zero_initializer.h>
@@ -371,7 +371,8 @@ void goto_symext::symex_cpp_new(
   if(code.type().id()!=ID_pointer)
     throw "new expected to return pointer";
 
-  do_array=(code.get(ID_statement)==ID_cpp_new_array);
+  do_array=(code.get(ID_statement)==ID_cpp_new_array ||
+            code.get(ID_statement)==ID_java_new_array);
 
   dynamic_counter++;
 
@@ -384,7 +385,13 @@ void goto_symext::symex_cpp_new(
              "dynamic_"+count_string+"_value";
   symbol.name="symex_dynamic::"+id2string(symbol.base_name);
   symbol.is_lvalue=true;
-  symbol.mode=ID_cpp;
+  if(code.get(ID_statement)==ID_cpp_new_array ||
+     code.get(ID_statement)==ID_cpp_new)
+    symbol.mode=ID_cpp;
+  else if(code.get(ID_statement)==ID_java_new_array)
+    symbol.mode=ID_java;
+  else
+    INVARIANT_WITH_IREP(false, "Unexpected side effect expression", code);
 
   if(do_array)
   {

From 8eab28e5112a0fa6e1c0db13b404ffd60e9f7b97 Mon Sep 17 00:00:00 2001
From: Peter Schrammel <peter.schrammel@diffblue.com>
Date: Thu, 17 Aug 2017 17:01:05 +0100
Subject: [PATCH 600/699] Some cleanup

---
 src/goto-symex/symex_builtin_functions.cpp | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/goto-symex/symex_builtin_functions.cpp b/src/goto-symex/symex_builtin_functions.cpp
index e1ae7972377..317e1dc3fe1 100644
--- a/src/goto-symex/symex_builtin_functions.cpp
+++ b/src/goto-symex/symex_builtin_functions.cpp
@@ -404,7 +404,6 @@ void goto_symext::symex_cpp_new(
   else
     symbol.type=code.type().subtype();
 
-  // symbol.type.set("#active", symbol_expr(active_symbol));
   symbol.type.set("#dynamic", true);
 
   new_symbol_table.add(symbol);
@@ -432,7 +431,10 @@ void goto_symext::symex_cpp_delete(
   statet &state,
   const codet &code)
 {
-  // bool do_array=code.get(ID_statement)==ID_cpp_delete_array;
+  // TODO
+  #if 0
+  bool do_array=code.get(ID_statement)==ID_cpp_delete_array;
+  #endif
 }
 
 void goto_symext::symex_trace(

From 3399a6bed0ee1c31ff60437b8965cd215d4f12b2 Mon Sep 17 00:00:00 2001
From: Peter Schrammel <peter.schrammel@diffblue.com>
Date: Thu, 17 Aug 2017 17:03:44 +0100
Subject: [PATCH 601/699] Documentation

---
 src/goto-symex/symex_builtin_functions.cpp | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/goto-symex/symex_builtin_functions.cpp b/src/goto-symex/symex_builtin_functions.cpp
index 317e1dc3fe1..8b317f3cdc3 100644
--- a/src/goto-symex/symex_builtin_functions.cpp
+++ b/src/goto-symex/symex_builtin_functions.cpp
@@ -361,6 +361,11 @@ void goto_symext::symex_output(
   target.output(state.guard.as_expr(), state.source, output_id, args);
 }
 
+/// Handles side effects of type 'new' for C++ and 'new array'
+/// for C++ and Java language modes
+/// \param state: Symex state
+/// \param lhs: left-hand side of assignment
+/// \param code: right-hand side containing side effect
 void goto_symext::symex_cpp_new(
   statet &state,
   const exprt &lhs,

From 2a40436a6612f40e4f20b1156c06bf05e863df2d Mon Sep 17 00:00:00 2001
From: Peter Schrammel <peter.schrammel@diffblue.com>
Date: Thu, 17 Aug 2017 17:32:32 +0100
Subject: [PATCH 602/699] Regression test for java arrays json output

---
 regression/cbmc-java/json_trace3/Test.class | Bin 0 -> 314 bytes
 regression/cbmc-java/json_trace3/Test.java  |   9 +++++++++
 regression/cbmc-java/json_trace3/test.desc  |  10 ++++++++++
 3 files changed, 19 insertions(+)
 create mode 100644 regression/cbmc-java/json_trace3/Test.class
 create mode 100644 regression/cbmc-java/json_trace3/Test.java
 create mode 100644 regression/cbmc-java/json_trace3/test.desc

diff --git a/regression/cbmc-java/json_trace3/Test.class b/regression/cbmc-java/json_trace3/Test.class
new file mode 100644
index 0000000000000000000000000000000000000000..86426242aaaa8cdeff7edab3792771ba00554c50
GIT binary patch
literal 314
zcmXX?F;2rk5S+EoHkc%KK^2RFF1R2KWkiESfe0Waf`aO7PRJo~P;htw`A8b-R7ezg
zK%PU15HM#rX?J#KXXj40`F>vmI6@r4MKeGvKqT;cMOjqG0=IK;El?-ZJ0pnBi_%=o
zCz+WIbv7oWCb}pEUg!4A>Y9T}=MR1T_&*K@)A=knr-jvS56x3`IMUC$0R@lCmJr02
z>W+1J-@VL6Ca<s$hmWzx0cG%*eRg|9A$sW>WW_=dF#9#h3$VrbliqO6;Venl{t{~C
x_E;^^N|R)9^&;~6^I;8~+Mr##yUdEchltfKu}#B}Dt=Ay1(8q0wBM=s8ozIbGx-1j

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/json_trace3/Test.java b/regression/cbmc-java/json_trace3/Test.java
new file mode 100644
index 00000000000..02cc993c56e
--- /dev/null
+++ b/regression/cbmc-java/json_trace3/Test.java
@@ -0,0 +1,9 @@
+public class Test {
+  public static void main(long[] a) {
+    if(a.length<3)
+      return;
+    for(int i=0; i<a.length; i++) {
+      a[i]=(long)i;
+    }
+  }
+}
diff --git a/regression/cbmc-java/json_trace3/test.desc b/regression/cbmc-java/json_trace3/test.desc
new file mode 100644
index 00000000000..a8ae2a31a1e
--- /dev/null
+++ b/regression/cbmc-java/json_trace3/test.desc
@@ -0,0 +1,10 @@
+CORE
+Test.class
+--cover location --trace --json-ui --unwind 5
+activate-multi-line-match
+EXIT=0
+SIGNAL=0
+"lhs": "dynamic_2_array\[1L\]",\n *"mode": "java",\n *"sourceLocation": \{\n *"bytecodeIndex": "15",\n *"file": "Test\.java",\n *"function": "java::Test\.main:\(\[J\)V",\n *"line": "6"\n *\},\n *"stepType": "assignment",\n *"thread": 0,\n *"value": \{\n *"binary": "0000000000000000000000000000000000000000000000000000000000000001",\n *"data": "1L",\n *"name": "integer",\n *"type": "long",\n *"width": 64
+--
+"name": "unknown"
+^warning: ignoring

From 03fb38f27e62ab082bb15b9eab65331fcf392c06 Mon Sep 17 00:00:00 2001
From: Owen Jones <owen.jones@diffblue.com>
Date: Fri, 18 Aug 2017 08:06:42 +0100
Subject: [PATCH 603/699] Turn on Long.toString and improve implementation

After comparing them both, the constructive approach won out over the
non-constructive one. Also fixed a bug that the radix wasn't being evaluated
properly because we weren't calling simplify_expr.
---
 .../java_string_library_preprocess.cpp        |   6 +
 .../refinement/string_constraint_generator.h  |  40 +-
 .../string_constraint_generator_valueof.cpp   | 594 +++++++++---------
 src/solvers/refinement/string_refinement.cpp  |   1 +
 4 files changed, 321 insertions(+), 320 deletions(-)

diff --git a/src/java_bytecode/java_string_library_preprocess.cpp b/src/java_bytecode/java_string_library_preprocess.cpp
index f08c76ca4ab..3fa15d4dc54 100644
--- a/src/java_bytecode/java_string_library_preprocess.cpp
+++ b/src/java_bytecode/java_string_library_preprocess.cpp
@@ -2300,6 +2300,12 @@ void java_string_library_preprocesst::initialize_conversion_table()
   cprover_equivalent_to_java_string_returning_function
     ["java::java.lang.Integer.toString:(II)Ljava/lang/String;"]=
       ID_cprover_string_of_int_func;
+  cprover_equivalent_to_java_string_returning_function
+    ["java::java.lang.Long.toString:(J)Ljava/lang/String;"]=
+      ID_cprover_string_of_int_func;
+  cprover_equivalent_to_java_string_returning_function
+    ["java::java.lang.Long.toString:(JI)Ljava/lang/String;"]=
+      ID_cprover_string_of_int_func;
   conversion_table
     ["java::java.lang.Object.getClass:()Ljava/lang/Class;"]=
       std::bind(
diff --git a/src/solvers/refinement/string_constraint_generator.h b/src/solvers/refinement/string_constraint_generator.h
index f589933f4b0..b679924ee31 100644
--- a/src/solvers/refinement/string_constraint_generator.h
+++ b/src/solvers/refinement/string_constraint_generator.h
@@ -33,9 +33,10 @@ class string_constraint_generatort: messaget
   // string constraints for different string functions and add them
   // to the axiom list.
 
-  string_constraint_generatort():
+  string_constraint_generatort(namespacet _ns):
     max_string_length(std::numeric_limits<size_t>::max()),
-    force_printable_characters(false)
+    force_printable_characters(false),
+    ns(_ns)
   { }
 
   // Constraints on the maximal length of strings
@@ -107,6 +108,7 @@ class string_constraint_generatort: messaget
   const std::size_t MAX_DOUBLE_LENGTH=30;
 
   std::map<function_application_exprt, exprt> function_application_cache;
+  namespacet ns;
 
   static irep_idt extract_java_string(const symbol_exprt &s);
 
@@ -305,16 +307,21 @@ class string_constraint_generatort: messaget
   exprt add_axioms_for_offset_by_code_point(
     const function_application_exprt &f);
 
-  exprt add_axioms_for_characters_in_integer_string(
-    const symbol_exprt& x,
-    const typet& type,
-    const typet& char_type,
-    const typet& index_type,
-    const string_exprt& str,
+  void add_axioms_for_characters_in_integer_string(
+    const exprt &input_int,
+    const typet &type,
+    const bool strict_formatting,
+    const string_exprt &str,
     const std::size_t max_string_length,
-    const exprt& radix);
+    const exprt &radix,
+    const unsigned long radix_ul);
   void add_axioms_for_correct_number_format(
-    const string_exprt &str, const exprt &radix, std::size_t max_size);
+    const exprt &input_int,
+    const string_exprt &str,
+    const exprt &radix_as_char,
+    const unsigned long radix_ul,
+    const std::size_t max_size,
+    const bool strict_formatting);
   exprt add_axioms_for_parse_int(const function_application_exprt &f);
   exprt add_axioms_for_to_char_array(const function_application_exprt &f);
   exprt add_axioms_for_compare_to(const function_application_exprt &f);
@@ -348,18 +355,21 @@ class string_constraint_generatort: messaget
     exprt char1, exprt char2, exprt char_a, exprt char_A, exprt char_Z);
   bool is_constant_string(const string_exprt &expr) const;
   string_exprt empty_string(const refined_string_typet &ref_type);
+  unsigned long to_integer_or_default(const exprt &expr, unsigned long def);
 };
 
-exprt is_digit_with_radix(const exprt &chr, const exprt &radix);
-exprt is_digit_with_radix_lower_case(
-  const exprt &chr, const exprt &radix_char_type, unsigned long radix=36ul);
+exprt is_digit_with_radix(
+  const exprt &chr,
+  const bool strict_formatting,
+  const exprt &radix_as_char,
+  const unsigned long radix_ul);
 exprt get_numeric_value_from_character(
   const exprt &chr,
   const typet &char_type,
   const typet &type,
-  unsigned long radix=36ul);
+  const bool strict_formatting,
+  unsigned long radix_ul);
 size_t max_printed_string_length(const typet &type, unsigned long ul_radix);
-unsigned long to_integer_or_default(const exprt &expr, unsigned long def);
 std::string utf16_constant_array_to_java(
   const array_exprt &arr, unsigned length);
 
diff --git a/src/solvers/refinement/string_constraint_generator_valueof.cpp b/src/solvers/refinement/string_constraint_generator_valueof.cpp
index a728e052cbe..91e2d09ec18 100644
--- a/src/solvers/refinement/string_constraint_generator_valueof.cpp
+++ b/src/solvers/refinement/string_constraint_generator_valueof.cpp
@@ -123,7 +123,7 @@ string_exprt string_constraint_generatort::add_axioms_from_bool(
 /// \param x: a signed integer expression
 /// \param ref_type: type for refined strings
 /// \param max_size: a maximal size for the string representation (default 0,
-///        which is interpreted to mean "as large as is needed for this type)
+///   which is interpreted to mean "as large as is needed for this type")
 /// \return a string expression
 string_exprt string_constraint_generatort::add_axioms_from_int(
   const exprt &input_int,
@@ -141,7 +141,7 @@ string_exprt string_constraint_generatort::add_axioms_from_int(
 /// \param radix: the radix to use
 /// \param ref_type: type for refined strings
 /// \param max_size: a maximal size for the string representation (default 0,
-///        which is interpreted to mean "as large as is needed for this type)
+///   which is interpreted to mean "as large as is needed for this type")
 /// \return a string expression
 string_exprt string_constraint_generatort::add_axioms_from_int_with_radix(
   const exprt &input_int,
@@ -149,125 +149,40 @@ string_exprt string_constraint_generatort::add_axioms_from_int_with_radix(
   const refined_string_typet &ref_type,
   size_t max_size)
 {
+  PRECONDITION(max_size==0 || max_size<std::numeric_limits<size_t>::max());
   const typet &type=input_int.type();
   PRECONDITION(type.id()==ID_signedbv);
+
+  /// Most of the time we can evaluate radix as an integer. The value 0 is used
+  /// to indicate when we can't tell what the radix is.
+  const unsigned long radix_ul=to_integer_or_default(radix, 0);
+  CHECK_RETURN((radix_ul>=2 && radix_ul<=36) || radix_ul==0);
+
   if(max_size==0)
   {
-    /// If we cannot tell what the radix is then so we assume it is 2 to make
-    /// sure max_size will definitely be large enough
-    max_size=max_printed_string_length(type, to_integer_or_default(radix, 2ul));
+    max_size=max_printed_string_length(type, radix_ul);
+    CHECK_RETURN(max_size<std::numeric_limits<size_t>::max());
   }
-  PRECONDITION(max_size<std::numeric_limits<size_t>::max());
-  string_exprt res=fresh_string(ref_type);
+
+  string_exprt str=fresh_string(ref_type);
   const typet &char_type=ref_type.get_char_type();
-  const typet &index_type=ref_type.get_index_type();
-  exprt zero_char=constant_char('0', char_type);
-  exprt radix_char_type=typecast_exprt(radix, char_type);
+  exprt radix_as_char=typecast_exprt(radix, char_type);
   exprt radix_input_type=typecast_exprt(radix, type);
-  exprt minus_char=constant_char('-', char_type);
-  exprt max=from_integer(max_size, index_type);
-  /// radix_ul is used to make get_numeric_value_from_character and
-  /// is_digit_with_radix_lower_case faster when the radix is less than 10,
-  /// and hence we don't have to consider letters as well as digits. If we
-  /// can't tell what the radix is then so we assume it is 36 to make sure that
-  /// we create constraints that will work with any radix.
-  unsigned long radix_ul=to_integer_or_default(radix, 36ul);
-  PRECONDITION(radix_ul>=2ul && radix_ul<=36ul);
-
-  // We add axioms:
-  // a1 : x < 0 => 1 <|res|<=max_size && res[0]='-'
-  // a2 : x >= 0 => 0 <|res|<=max_size-1 && res[0] is a digit for the radix
-  // a3 : |res|>1 && res[0] is a digit for the radix => res[0]!='0'
-  // a4 : |res|>1 && res[0]='-' => res[1]!='0'
-
-  binary_relation_exprt is_negative(input_int, ID_lt, from_integer(0, type));
-  and_exprt correct_length1(
-    res.axiom_for_is_strictly_longer_than(1),
-    res.axiom_for_is_shorter_than(max));
-  equal_exprt starts_with_minus(res[0], minus_char);
-  implies_exprt a1(is_negative, and_exprt(correct_length1, starts_with_minus));
-  axioms.push_back(a1);
-
-  not_exprt is_positive(is_negative);
-  exprt starts_with_digit=
-    is_digit_with_radix_lower_case(res[0], radix_char_type, radix_ul);
-  and_exprt correct_length2(
-    res.axiom_for_is_strictly_longer_than(0),
-    res.axiom_for_is_strictly_shorter_than(max));
-  implies_exprt a2(is_positive, and_exprt(correct_length2, starts_with_digit));
-  axioms.push_back(a2);
-
-  implies_exprt a3(
-    and_exprt(res.axiom_for_is_strictly_longer_than(1), starts_with_digit),
-    not_exprt(equal_exprt(res[0], zero_char)));
-  axioms.push_back(a3);
-
-  implies_exprt a4(
-    and_exprt(res.axiom_for_is_strictly_longer_than(1), starts_with_minus),
-    not_exprt(equal_exprt(res[1], zero_char)));
-  axioms.push_back(a4);
-
-  for(size_t size=1; size<=max_size; size++)
-  {
-    // For each possible size, we have:
-    // sum_0 = numeric value of res[0] (which is 0 if res[0] is '-')
-    // sum_j = radix * sum_{j-1} + numeric value of res[j]
-    // and add axioms:
-    // a5 : |res| == size =>
-    //        forall 1 <= j < size.
-    //          is_number && (j >= max_size-2 => no_overflow)
-    //     where is_number := res[j] is a digit for the radix
-    //     and no_overflow := sum_{j-1} = (radix * sum_{j-1} / radix)
-    //                        && sum_j >= sum_{j - 1}
-    //         (the first part avoid overflows in multiplication and
-    //          the second one in additions)
-    // a6 : |res| == size && res[0] is a digit for radix => input_int == sum
-    // a7 : |res| == size && res[0] == '-' => input_int == -sum
-
-    exprt::operandst digit_constraints;
-    exprt sum=
-      get_numeric_value_from_character(res[0], char_type, type, radix_ul);
-
-    for(size_t j=1; j<size; j++)
-    {
-      mult_exprt radix_sum(sum, radix_input_type);
-      // new_sum = radix * sum + (numeric value of res[j])
-      exprt new_sum=plus_exprt(
-        radix_sum,
-        get_numeric_value_from_character(res[j], char_type, type, radix_ul));
-      exprt is_number=
-        is_digit_with_radix_lower_case(res[j], radix_char_type, radix_ul);
-      digit_constraints.push_back(is_number);
-
-      // An overflow can happen when reaching the last index of a string of
-      // maximal size which is `max_size-1` for negative numbers and
-      // `max_size - 2` for positive numbers because of the absence of a `-`
-      // sign.
-      if(j>=max_size-2)
-      {
-        and_exprt no_overflow(
-          equal_exprt(sum, div_exprt(radix_sum, radix_input_type)),
-          binary_relation_exprt(new_sum, ID_ge, radix_sum));
-        digit_constraints.push_back(no_overflow);
-      }
-      sum=new_sum;
-    }
+  const bool strict_formatting=true;
 
-    equal_exprt premise=res.axiom_for_has_length(size);
-    implies_exprt a5(premise, conjunction(digit_constraints));
-    axioms.push_back(a5);
-
-    implies_exprt a6(
-      and_exprt(premise, starts_with_digit), equal_exprt(input_int, sum));
-    axioms.push_back(a6);
-
-    implies_exprt a7(
-      and_exprt(premise, starts_with_minus),
-      equal_exprt(input_int, unary_minus_exprt(sum)));
-    axioms.push_back(a7);
-  }
-
-  return res;
+  add_axioms_for_correct_number_format(
+    input_int, str, radix_as_char, radix_ul, max_size, strict_formatting);
+
+  add_axioms_for_characters_in_integer_string(
+    input_int,
+    type,
+    strict_formatting,
+    str,
+    max_size,
+    radix_input_type,
+    radix_ul);
+
+  return str;
 }
 
 /// Returns the integer value represented by the character.
@@ -335,7 +250,7 @@ string_exprt string_constraint_generatort::add_axioms_from_int_hex(
     axioms.push_back(
       implies_exprt(premise, and_exprt(equal_exprt(i, sum), all_numbers)));
 
-    // disallow 0s at the beggining
+    // disallow 0s at the beginning
     if(size>1)
       axioms.push_back(
         implies_exprt(premise, not_exprt(equal_exprt(res[0], zero_char))));
@@ -379,140 +294,182 @@ string_exprt string_constraint_generatort::add_axioms_from_char(
 
 /// Add axioms making the return value true if the given string is a correct
 /// number in the given radix
+/// \param input_int: the number being represented as a string
 /// \param str: string expression
-/// \param radix: the radix
+/// \param radix_as_char: the radix as an expression of the same type as the
+///   characters in str
+/// \param radix_ul: the radix, which should be between 2 and 36, or 0, in
+///   which case the return value will work for any radix
 /// \param max_size: maximum number of characters
+/// \param strict_formatting: if true, don't allow a leading plus, redundant
+///   zeros or upper case letters
 void string_constraint_generatort::add_axioms_for_correct_number_format(
-  const string_exprt &str, const exprt &radix_char_type, std::size_t max_size)
+  const exprt &input_int,
+  const string_exprt &str,
+  const exprt &radix_as_char,
+  const unsigned long radix_ul,
+  const std::size_t max_size,
+  const bool strict_formatting)
 {
   const refined_string_typet &ref_type=to_refined_string_type(str.type());
   const typet &char_type=ref_type.get_char_type();
   const typet &index_type=ref_type.get_index_type();
-  exprt minus_char=constant_char('-', char_type);
-  exprt plus_char=constant_char('+', char_type);
 
-  exprt chr=str[0];
-  equal_exprt starts_with_minus(chr, minus_char);
-  equal_exprt starts_with_plus(chr, plus_char);
-  exprt starts_with_digit=is_digit_with_radix(chr, radix_char_type);
+  const exprt &chr=str[0];
+  const equal_exprt starts_with_minus(chr, constant_char('-', char_type));
+  const equal_exprt starts_with_plus(chr, constant_char('+', char_type));
+  const exprt starts_with_digit=
+    is_digit_with_radix(chr, strict_formatting, radix_as_char, radix_ul);
 
-  // TODO: we should have implications in the other direction for correct
-  // correct => |str| > 0
-  exprt non_empty=str.axiom_for_is_longer_than(from_integer(1, index_type));
+  // |str| > 0
+  const exprt non_empty=
+    str.axiom_for_is_longer_than(from_integer(1, index_type));
   axioms.push_back(non_empty);
 
-  // correct => (str[0] = '+' or '-' || is_digit_with_radix(str[0], radix))
-  or_exprt correct_first(
-    or_exprt(starts_with_minus, starts_with_plus), starts_with_digit);
-  axioms.push_back(correct_first);
+  if(strict_formatting)
+  {
+    // str[0] = '-' || is_digit_with_radix(str[0], radix)
+    const or_exprt correct_first(starts_with_minus, starts_with_digit);
+    axioms.push_back(correct_first);
+  }
+  else
+  {
+    // str[0] = '-' || str[0] = '+' || is_digit_with_radix(str[0], radix)
+    const or_exprt correct_first(
+      starts_with_minus, starts_with_digit, starts_with_plus);
+    axioms.push_back(correct_first);
+  }
 
-  // correct => str[0]='+' or '-' ==> |str| > 1
-  implies_exprt contains_digit(
+  // str[0]='+' or '-' ==> |str| > 1
+  const implies_exprt contains_digit(
     or_exprt(starts_with_minus, starts_with_plus),
     str.axiom_for_is_longer_than(from_integer(2, index_type)));
   axioms.push_back(contains_digit);
 
-  // correct => |str| < max_size
+  // |str| <= max_size
   axioms.push_back(str.axiom_for_is_shorter_than(max_size));
 
-  // forall 1 <= i < |str| . correct => is_digit_with_radix(str[i], radix)
+  // forall 1 <= i < |str| . is_digit_with_radix(str[i], radix)
   // We unfold the above because we know that it will be used for all i up to
-  // str.length()
+  // str.length(), and str.length() <= max_size
   for(std::size_t index=1; index<max_size; ++index)
   {
-    const exprt index_expr=from_integer(index, index_type);
-    /// index < length && correct => is_digit(str[index])
-    implies_exprt character_at_index_is_digit(
-      binary_relation_exprt(index_expr, ID_lt, str.length()),
-      is_digit_with_radix(str[index], radix_char_type));
+    /// index < length => is_digit_with_radix(str[index], radix)
+    const implies_exprt character_at_index_is_digit(
+      str.axiom_for_is_longer_than(from_integer(index+1, index_type)),
+      is_digit_with_radix(
+        str[index], strict_formatting, radix_as_char, radix_ul));
     axioms.push_back(character_at_index_is_digit);
   }
+
+  if(strict_formatting)
+  {
+    const exprt zero_char=constant_char('0', char_type);
+
+    // no_leading_zero : str[0] = '0' => |str| = 1
+    const implies_exprt no_leading_zero(
+      equal_exprt(chr, zero_char),
+      str.axiom_for_has_length(from_integer(1, index_type)));
+    axioms.push_back(no_leading_zero);
+
+    // no_leading_zero_after_minus : str[0]='-' => str[1]!='0'
+    implies_exprt no_leading_zero_after_minus(
+      starts_with_minus, not_exprt(equal_exprt(str[1], zero_char)));
+    axioms.push_back(no_leading_zero_after_minus);
+  }
 }
 
 /// Add axioms connecting the characters in the input string to the value of the
-/// output integer
-/// \param x: symbol for abs(integer represented by str)
-/// \param type: the type for x
-/// \param char_type: the type to use for characters
-/// \param index_type: the type to use for indexes
+/// output integer. It is constructive because it gives a formula for input_int
+/// in terms of the characters in str.
+/// \param input_int: the integer represented by str
+/// \param type: the type for input_int
 /// \param str: input string
 /// \param max_string_length: the maximum length str can have
-/// \param radix: the radix, with the same type as x
-/// \return an expression for the integer represented by the string
-exprt string_constraint_generatort::add_axioms_for_characters_in_integer_string(
-  const symbol_exprt& x,
-  const typet& type,
-  const typet& char_type,
-  const typet& index_type,
-  const string_exprt& str,
+/// \param radix: the radix, with the same type as input_int
+/// \param radix_ul: the radix as an unsigned long, or 0 if that can't be
+///   determined
+/// \param strict_formatting: if true, don't allow a leading plus, redundant
+///   zeros or upper case letters
+void string_constraint_generatort::add_axioms_for_characters_in_integer_string(
+  const exprt &input_int,
+  const typet &type,
+  const bool strict_formatting,
+  const string_exprt &str,
   const std::size_t max_string_length,
-  const exprt& radix)
+  const exprt &radix,
+  const unsigned long radix_ul)
 {
-  /// TODO(OJones): Fix the below algorithm to make it work for min_int. There
-  /// are two problems. (1) Because we build i as positive and then negate it if
-  /// the first character is '-', we hit overflow for min_int because
-  /// |min_int| > max_int. (2) radix^63 overflows. I think we'll have to
-  /// special-case it.
+  const refined_string_typet &ref_type=to_refined_string_type(str.type());
+  const typet &char_type=ref_type.get_char_type();
 
-  const exprt zero_expr=from_integer(0, type);
-  axioms.push_back(binary_relation_exprt(x, ID_ge, zero_expr));
+  const equal_exprt starts_with_minus(str[0], constant_char('-', char_type));
+  const constant_exprt zero_expr=from_integer(0, type);
+  exprt::operandst digit_constraints;
 
-  const exprt one_index_type=from_integer(1, index_type);
-  exprt radix_to_power_of_i;
-  exprt no_overflow;
+  exprt sum=get_numeric_value_from_character(
+    str[0], char_type, type, strict_formatting, radix_ul);
 
-  for(std::size_t i=0; i<max_string_length; ++i)
-  {
-    /// We are counting backwards from the end of the string, i.e. i refers
-    /// to str[j] where j=str.length()-i-1
-    const constant_exprt i_expr=from_integer(i, index_type);
-    const minus_exprt j(minus_exprt(str.length(), i_expr), one_index_type);
+  /// Deal with size==1 case separately. There are axioms from
+  /// add_axioms_for_correct_number_format which say that the string must
+  /// contain at least one digit, so we don't have to worry about "+" or "-".
+  axioms.push_back(
+    implies_exprt(str.axiom_for_has_length(1), equal_exprt(input_int, sum)));
 
-    if(i==0)
+  for(size_t size=2; size<=max_string_length; size++)
+  {
+    // sum_0 := numeric value of res[0] (which is 0 if res[0] is '-')
+    // For each 1<=j<max_string_length, we have:
+    // sum_j := radix * sum_{j-1} + numeric value of res[j]
+    // no_overflow_j := sum_{j-1} == (radix * sum_{j-1} / radix)
+    //                  && sum_j >= sum_{j - 1}
+    //   (the first part avoid overflows in the multiplication and the second
+    //     one in the addition of the definition of sum_j)
+    // For all 1<=size<=max_string_length we add axioms:
+    // a5 : |res| == size =>
+    //        forall max_string_length-2 <= j < size. no_overflow_j
+    // a6 : |res| == size && res[0] is a digit for radix =>
+    //        input_int == sum_{size-1}
+    // a7 : |res| == size && res[0] == '-' => input_int == -sum_{size-1}
+
+    const mult_exprt radix_sum(sum, radix);
+    // new_sum = radix * sum + (numeric value of res[j])
+    const exprt new_sum=plus_exprt(
+      radix_sum,
+      get_numeric_value_from_character(
+        str[size-1], char_type, type, strict_formatting, radix_ul));
+
+    // An overflow can happen when reaching the last index which can contain
+    // a digit, which is `max_string_length - 2` because of the space left for
+    // a minus sign. That assumes that we were able to identify the radix. If we
+    // weren't then we check for overflow on every index.
+    if(size-1>=max_string_length-2 || radix_ul==0)
     {
-      no_overflow=true_exprt();
-      radix_to_power_of_i=from_integer(1, type);
+      const and_exprt no_overflow(
+        equal_exprt(sum, div_exprt(radix_sum, radix)),
+        binary_relation_exprt(new_sum, ID_ge, radix_sum));
+      digit_constraints.push_back(no_overflow);
     }
-    else
+    sum=new_sum;
+
+    const equal_exprt premise=str.axiom_for_has_length(size);
+
+    if(!digit_constraints.empty())
     {
-      const exprt radix_to_power_of_i_minus_one=radix_to_power_of_i;
-      /// Note that power_exprt is probably designed for floating point. Also,
-      /// it doesn't work when the exponent isn't a constant, hence why this
-      /// loop is indexed by i instead of j. It is faster than
-      /// mult_exprt(radix_to_power_of_i, radix).
-      radix_to_power_of_i=power_exprt(radix, i_expr);
-      /// The first time there is overflow we will have that
-      /// radix^i/radix != radix^(i-1)
-      /// However, that condition may hold in future, so we have to be sure to
-      /// propagate the first time this fails to all higher values of i
-      no_overflow=and_exprt(
-        equal_exprt(
-          div_exprt(radix_to_power_of_i, radix), radix_to_power_of_i_minus_one),
-        no_overflow);
+      const implies_exprt a5(premise, conjunction(digit_constraints));
+      axioms.push_back(a5);
     }
 
-    /// If we have already read all characters from the string then we use 0
-    /// instead of the value from str[j]
-    const binary_relation_exprt i_is_valid(i_expr, ID_lt, str.length());
-    const if_exprt digit_value(
-      i_is_valid,
-      get_numeric_value_from_character(str[j], char_type, type),
-      zero_expr);
-
-    /// when there is no overflow, str[j] = (x/radix^i)%radix
-    const equal_exprt contribution_of_str_j(
-      digit_value,
-      mod_exprt(div_exprt(x, radix_to_power_of_i), radix));
-
-    axioms.push_back(implies_exprt(no_overflow, contribution_of_str_j));
-    axioms.push_back(implies_exprt(
-      not_exprt(no_overflow), equal_exprt(digit_value, zero_expr)));
-  }
+    const implies_exprt a6(
+      and_exprt(premise, not_exprt(starts_with_minus)),
+      equal_exprt(input_int, sum));
+    axioms.push_back(a6);
 
-  return if_exprt(
-    equal_exprt(str[0], constant_char('-', char_type)),
-    unary_minus_exprt(x),
-    x);
+    const implies_exprt a7(
+      and_exprt(premise, starts_with_minus),
+      equal_exprt(input_int, unary_minus_exprt(sum)));
+    axioms.push_back(a7);
+  }
 }
 
 /// add axioms corresponding to the Integer.parseInt java function
@@ -529,107 +486,120 @@ exprt string_constraint_generatort::add_axioms_for_parse_int(
   const exprt radix=f.arguments().size()==1?
     static_cast<exprt>(from_integer(10, type)):
     static_cast<exprt>(typecast_exprt(f.arguments()[1], type));
+  /// Most of the time we can evaluate radix as an integer. The value 0 is used
+  /// to indicate when we can't tell what the radix is.
+  const unsigned long radix_ul=to_integer_or_default(radix, 0);
+  PRECONDITION((radix_ul>=2 && radix_ul<=36) || radix_ul==0);
 
-  const symbol_exprt x=fresh_symbol("abs_parsed_int", type);
+  const symbol_exprt input_int=fresh_symbol("parsed_int", type);
   const refined_string_typet &ref_type=to_refined_string_type(str.type());
   const typet &char_type=ref_type.get_char_type();
-  const typet &index_type=ref_type.get_index_type();
+  const typecast_exprt radix_as_char(radix, char_type);
+  const bool strict_formatting=false;
 
-  /// We experimented with making the max_string_length depend on the base, but
-  /// this did not make any difference to the speed of execution.
-  const std::size_t max_string_length=to_bitvector_type(type).get_width()+1;
+  const std::size_t max_string_length=max_printed_string_length(type, radix_ul);
 
   /// TODO: we should throw an exception when this does not hold:
   /// Note that the only thing stopping us from taking longer strings with many
   /// leading zeros is the axioms for correct number format
   add_axioms_for_correct_number_format(
-    str, typecast_exprt(radix, char_type), max_string_length);
-
-  exprt parsed_int_expr=add_axioms_for_characters_in_integer_string(
-    x, type, char_type, index_type, str, max_string_length, radix);
-
-  return parsed_int_expr;
+    input_int,
+    str,
+    radix_as_char,
+    radix_ul,
+    max_string_length,
+    strict_formatting);
+
+  add_axioms_for_characters_in_integer_string(
+    input_int,
+    type,
+    strict_formatting,
+    str,
+    max_string_length,
+    radix,
+    radix_ul);
+
+  return input_int;
 }
 
-/// Check if a character is a digit with respect to the given radix, e.g. if the
-/// radix is 10 then check if the character is in the range 0-9.
-/// \param chr: the character
-/// \param radix:  the radix
-/// \return an expression for the condition
-exprt is_digit_with_radix(const exprt &chr, const exprt &radix_char_type)
+/// If the expression is a constant expression then we get the value of it as
+/// an unsigned long. If not we return a default value.
+/// \param expr: input expression
+/// \param def: default value to return if we cannot evaluate expr
+/// \return the output as an unsigned long
+unsigned long string_constraint_generatort::to_integer_or_default(
+  const exprt &expr, unsigned long def)
 {
-  const typet &char_type=chr.type();
-  const exprt zero_char=from_integer('0', char_type);
-  const exprt nine_char=from_integer('9', char_type);
-  const exprt a_char=from_integer('a', char_type);
-  const exprt A_char=from_integer('A', char_type);
-  const constant_exprt ten_char_type=from_integer(10, char_type);
-
-  const and_exprt is_digit_when_radix_le_10(
-    binary_relation_exprt(chr, ID_ge, zero_char),
-    binary_relation_exprt(
-      chr, ID_lt, plus_exprt(zero_char, radix_char_type)));
-
-  const minus_exprt radix_minus_ten(radix_char_type, ten_char_type);
-
-  const or_exprt is_digit_when_radix_gt_10(
-    and_exprt(
-      binary_relation_exprt(chr, ID_ge, zero_char),
-      binary_relation_exprt(chr, ID_le, nine_char)),
-    and_exprt(
-      binary_relation_exprt(chr, ID_ge, a_char),
-      binary_relation_exprt(chr, ID_lt, plus_exprt(a_char, radix_minus_ten))),
-    and_exprt(
-      binary_relation_exprt(chr, ID_ge, A_char),
-      binary_relation_exprt(chr, ID_lt, plus_exprt(A_char, radix_minus_ten))));
-
-  return if_exprt(
-    binary_relation_exprt(radix_char_type, ID_le, ten_char_type),
-    is_digit_when_radix_le_10,
-    is_digit_when_radix_gt_10);
+  mp_integer mp_radix;
+  bool to_integer_failed=to_integer(simplify_expr(expr, ns), mp_radix);
+  return to_integer_failed?def:integer2ulong(mp_radix);
 }
 
 /// Check if a character is a digit with respect to the given radix, e.g. if the
-/// radix is 10 then check if the character is in the range 0-9. For bases above
-/// 10 only lower case letters are allowed, not upper case.
+/// radix is 10 then check if the character is in the range 0-9.
 /// \param chr: the character
-/// \param radix_char_type:  the radix as an expression of the same type as chr
-/// \param radix: the radix, which should be between 2 and 36 (default 36)
+/// \param strict_formatting: if true, don't allow upper case characters
+/// \param radix_as_char:  the radix as an expression of the same type as chr
+/// \param radix_ul: the radix, which should be between 2 and 36, or 0, in
+///   which case the return value will work for any radix
 /// \return an expression for the condition
-exprt is_digit_with_radix_lower_case(
-  const exprt &chr, const exprt &radix_char_type, unsigned long radix)
+exprt is_digit_with_radix(
+  const exprt &chr,
+  const bool strict_formatting,
+  const exprt &radix_as_char,
+  const unsigned long radix_ul)
 {
+  PRECONDITION((radix_ul>=2 && radix_ul<=36) || radix_ul==0);
   const typet &char_type=chr.type();
   const exprt zero_char=from_integer('0', char_type);
-  const exprt nine_char=from_integer('9', char_type);
-  const exprt a_char=from_integer('a', char_type);
-  const constant_exprt ten_char_type=from_integer(10, char_type);
 
   const and_exprt is_digit_when_radix_le_10(
     binary_relation_exprt(chr, ID_ge, zero_char),
-    binary_relation_exprt(chr, ID_lt, plus_exprt(zero_char, radix_char_type)));
+    binary_relation_exprt(
+      chr, ID_lt, plus_exprt(zero_char, radix_as_char)));
 
-  if(radix<=10)
+  if(radix_ul<=10 && radix_ul!=0)
   {
     return is_digit_when_radix_le_10;
   }
   else
   {
-    const minus_exprt radix_minus_ten(radix_char_type, ten_char_type);
+    const exprt nine_char=from_integer('9', char_type);
+    const exprt a_char=from_integer('a', char_type);
+    const constant_exprt ten_char_type=from_integer(10, char_type);
+
+    const minus_exprt radix_minus_ten(radix_as_char, ten_char_type);
 
-    const or_exprt is_digit_when_radix_gt_10(
+    or_exprt is_digit_when_radix_gt_10(
       and_exprt(
         binary_relation_exprt(chr, ID_ge, zero_char),
         binary_relation_exprt(chr, ID_le, nine_char)),
+      and_exprt(
+        binary_relation_exprt(chr, ID_ge, a_char),
+        binary_relation_exprt(
+          chr, ID_lt, plus_exprt(a_char, radix_minus_ten))));
+
+    if(!strict_formatting)
+    {
+      exprt A_char=from_integer('A', char_type);
+      is_digit_when_radix_gt_10.copy_to_operands(
         and_exprt(
-          binary_relation_exprt(chr, ID_ge, a_char),
+          binary_relation_exprt(chr, ID_ge, A_char),
           binary_relation_exprt(
-            chr, ID_lt, plus_exprt(a_char, radix_minus_ten))));
+            chr, ID_lt, plus_exprt(A_char, radix_minus_ten))));
+    }
 
-    return if_exprt(
-      binary_relation_exprt(radix_char_type, ID_le, ten_char_type),
-      is_digit_when_radix_le_10,
-      is_digit_when_radix_gt_10);
+    if(radix_ul==0)
+    {
+      return if_exprt(
+        binary_relation_exprt(radix_as_char, ID_le, ten_char_type),
+        is_digit_when_radix_le_10,
+        is_digit_when_radix_gt_10);
+    }
+    else
+    {
+      return is_digit_when_radix_gt_10;
+    }
   }
 }
 
@@ -638,26 +608,26 @@ exprt is_digit_with_radix_lower_case(
 /// \param chr: the character to get the numeric value of
 /// \param char_type: the type to use for characters
 /// \param type: the type to use for the return value
-/// \param radix: the radix, which should be between 2 and 36 (default 36)
+/// \param strict_formatting: if true, don't allow upper case characters
+/// \param radix_ul: the radix, which should be between 2 and 36, or 0, in
+///   which case the return value will work for any radix
 /// \return an integer expression of the given type with the numeric value of
 ///   the char
 exprt get_numeric_value_from_character(
   const exprt &chr,
   const typet &char_type,
   const typet &type,
-  unsigned long radix)
+  const bool strict_formatting,
+  const unsigned long radix_ul)
 {
   const constant_exprt zero_char=from_integer('0', char_type);
-  const constant_exprt ten_int=from_integer(10, char_type);
-  const constant_exprt a_char=from_integer('a', char_type);
-  const constant_exprt A_char=from_integer('A', char_type);
 
   /// There are four cases, which occur in ASCII in the following order:
   /// '+' and '-', digits, upper case letters, lower case letters
   const binary_relation_exprt upper_case_lower_case_or_digit(
     chr, ID_ge, zero_char);
 
-  if(radix<=10)
+  if(radix_ul<=10 && radix_ul!=0)
   {
     /// return char >= '0' ? (char - '0') : 0
     return typecast_exprt(
@@ -669,23 +639,44 @@ exprt get_numeric_value_from_character(
   }
   else
   {
+    const constant_exprt a_char=from_integer('a', char_type);
     const binary_relation_exprt lower_case(chr, ID_ge, a_char);
+    const constant_exprt A_char=from_integer('A', char_type);
     const binary_relation_exprt upper_case_or_lower_case(chr, ID_ge, A_char);
-    /// return char >= 'a' ? (char - 'a' + 10) :
-    ///   char >= 'A' ? (char - 'A' + 10) :
-    ///     char >= '0' ? (char - '0') : 0
-    return typecast_exprt(
-      if_exprt(
-        lower_case,
-        plus_exprt(minus_exprt(chr, a_char), ten_int),
+    const constant_exprt ten_int=from_integer(10, char_type);
+
+    if(strict_formatting)
+    {
+      /// return char >= 'a' ? (char - 'a' + 10) :
+      ///   char >= '0' ? (char - '0') : 0
+      return typecast_exprt(
         if_exprt(
-          upper_case_or_lower_case,
-          plus_exprt(minus_exprt(chr, A_char), ten_int),
+          lower_case,
+          plus_exprt(minus_exprt(chr, a_char), ten_int),
           if_exprt(
             upper_case_lower_case_or_digit,
             minus_exprt(chr, zero_char),
-            from_integer(0, char_type)))),
-      type);
+            from_integer(0, char_type))),
+        type);
+    }
+    else
+    {
+      /// return char >= 'a' ? (char - 'a' + 10) :
+      ///   char >= 'A' ? (char - 'A' + 10) :
+      ///     char >= '0' ? (char - '0') : 0
+      return typecast_exprt(
+        if_exprt(
+          lower_case,
+          plus_exprt(minus_exprt(chr, a_char), ten_int),
+          if_exprt(
+            upper_case_or_lower_case,
+            plus_exprt(minus_exprt(chr, A_char), ten_int),
+            if_exprt(
+              upper_case_lower_case_or_digit,
+              minus_exprt(chr, zero_char),
+              from_integer(0, char_type)))),
+        type);
+    }
   }
 }
 
@@ -693,12 +684,17 @@ exprt get_numeric_value_from_character(
 /// using the given radix. Due to floating point rounding errors we sometimes
 /// return a value 1 larger than needed, which is fine for our purposes.
 /// \param type: the type that we are considering values of
-/// \param ul_radix: the radix we are using, as a double
+/// \param radix_ul: the radix we are using, or 0, in which case the return
+///   value will work for any radix
 /// \return the maximum string length
-size_t max_printed_string_length(const typet &type, unsigned long ul_radix)
+size_t max_printed_string_length(const typet &type, unsigned long radix_ul)
 {
+  if(radix_ul==0)
+  {
+    radix_ul=2;
+  }
   double n_bits=static_cast<double>(to_bitvector_type(type).get_width());
-  double radix=static_cast<double>(ul_radix);
+  double radix=static_cast<double>(radix_ul);
   bool signed_type=type.id()==ID_signedbv;
   /// We want to calculate max, the maximum number of characters needed to
   /// represent any value of the given type.
@@ -723,15 +719,3 @@ size_t max_printed_string_length(const typet &type, unsigned long ul_radix)
     ceil(static_cast<double>(n_bits)/log2(radix));
   return static_cast<size_t>(max);
 }
-
-/// If the expression is a constant expression then we get the value of it as
-/// an unsigned long. If not we return a default value.
-/// \param expr: input expression
-/// \param def: default value to return if we cannot evaluate expr
-/// \return the output as an unsigned long
-unsigned long to_integer_or_default(const exprt &expr, unsigned long def)
-{
-  mp_integer mp_radix;
-  bool to_integer_failed=to_integer(expr, mp_radix);
-  return to_integer_failed?def:integer2ulong(mp_radix);
-}
diff --git a/src/solvers/refinement/string_refinement.cpp b/src/solvers/refinement/string_refinement.cpp
index c2ab1895082..c6afe3af184 100644
--- a/src/solvers/refinement/string_refinement.cpp
+++ b/src/solvers/refinement/string_refinement.cpp
@@ -41,6 +41,7 @@ string_refinementt::string_refinementt(
   use_counter_example(false),
   do_concretizing(false),
   initial_loop_bound(refinement_bound),
+  generator(_ns),
   non_empty_string(false)
 { }
 

From 87007b0f4faffea271e0eaa88d148570c8b3addc Mon Sep 17 00:00:00 2001
From: Owen Jones <owen.jones@diffblue.com>
Date: Fri, 18 Aug 2017 08:08:21 +0100
Subject: [PATCH 604/699] Tests for Long.toString and related functions

Added some unit tests and regression tests, and improved lots of
existing regression tests.
---
 .../java_int_to_string/Test1.class            | Bin 786 -> 906 bytes
 .../java_int_to_string/Test1.java             |  10 +-
 .../java_int_to_string/Test2.class            | Bin 787 -> 907 bytes
 .../java_int_to_string/Test2.java             |  10 +-
 .../java_int_to_string/Test3.class            | Bin 799 -> 919 bytes
 .../java_int_to_string/Test3.java             |  10 +-
 .../java_int_to_string/Test4.class            | Bin 800 -> 920 bytes
 .../java_int_to_string/Test4.java             |  10 +-
 .../java_int_to_string/Test5.class            | Bin 784 -> 904 bytes
 .../java_int_to_string/Test5.java             |  10 +-
 .../java_int_to_string/test1.desc             |   4 +-
 .../java_int_to_string/test2.desc             |   4 +-
 .../java_int_to_string/test3.desc             |   4 +-
 .../java_int_to_string/test4.desc             |   4 +-
 .../java_int_to_string/test5.desc             |   4 +-
 .../java_int_to_string_knownbug/Test.class    | Bin 797 -> 917 bytes
 .../java_int_to_string_knownbug/Test.java     |  10 +-
 .../java_int_to_string_knownbug/test.desc     |   4 +-
 .../Test_binary1.class                        | Bin 813 -> 933 bytes
 .../Test_binary1.java                         |  10 +-
 .../Test_binary2.class                        | Bin 843 -> 963 bytes
 .../Test_binary2.java                         |  10 +-
 .../Test_binary3.class                        | Bin 844 -> 964 bytes
 .../Test_binary3.java                         |  10 +-
 .../Test_decimal.class                        | Bin 811 -> 931 bytes
 .../Test_decimal.java                         |  10 +-
 .../Test_hex1.class                           | Bin 802 -> 922 bytes
 .../Test_hex1.java                            |  10 +-
 .../Test_hex2.class                           | Bin 812 -> 932 bytes
 .../Test_hex2.java                            |  10 +-
 .../Test_hex3.class                           | Bin 813 -> 933 bytes
 .../Test_hex3.java                            |  10 +-
 .../Test_octal1.class                         | Bin 808 -> 928 bytes
 .../Test_octal1.java                          |  10 +-
 .../Test_octal2.class                         | Bin 821 -> 941 bytes
 .../Test_octal2.java                          |  10 +-
 .../Test_octal3.class                         | Bin 822 -> 942 bytes
 .../Test_octal3.java                          |  10 +-
 .../test_binary1.desc                         |   4 +-
 .../test_binary2.desc                         |   4 +-
 .../test_binary3.desc                         |   4 +-
 .../test_decimal.desc                         |   4 +-
 .../test_hex1.desc                            |   4 +-
 .../test_hex2.desc                            |   4 +-
 .../test_hex3.desc                            |   4 +-
 .../test_octal1.desc                          |   4 +-
 .../test_octal2.desc                          |   4 +-
 .../test_octal3.desc                          |   4 +-
 .../Test_binary.java                          |  10 +-
 .../Test_hex.java                             |  10 +-
 .../Test_octal.java                           |  10 +-
 .../test_binary.desc                          |   4 +-
 .../test_hex.desc                             |   4 +-
 .../test_octal.desc                           |   4 +-
 .../java_long_to_string/Test1.class           | Bin 0 -> 913 bytes
 .../java_long_to_string/Test1.java            |  13 ++
 .../java_long_to_string/Test2.class           | Bin 0 -> 914 bytes
 .../java_long_to_string/Test2.java            |  13 ++
 .../java_long_to_string/Test3.class           | Bin 0 -> 930 bytes
 .../java_long_to_string/Test3.java            |  13 ++
 .../java_long_to_string/Test4.class           | Bin 0 -> 931 bytes
 .../java_long_to_string/Test4.java            |  13 ++
 .../java_long_to_string/Test5.class           | Bin 0 -> 901 bytes
 .../java_long_to_string/Test5.java            |  13 ++
 .../java_long_to_string/test1.desc            |   8 +
 .../java_long_to_string/test2.desc            |   8 +
 .../java_long_to_string/test3.desc            |   8 +
 .../java_long_to_string/test4.desc            |   8 +
 .../java_long_to_string/test5.desc            |   8 +
 .../Test_binary1.class                        | Bin 0 -> 940 bytes
 .../Test_binary1.java                         |  13 ++
 .../Test_binary2.class                        | Bin 0 -> 997 bytes
 .../Test_binary2.java                         |  13 ++
 .../Test_binary3.class                        | Bin 0 -> 998 bytes
 .../Test_binary3.java                         |  13 ++
 .../Test_decimal.class                        | Bin 0 -> 938 bytes
 .../Test_decimal.java                         |  13 ++
 .../Test_hex1.class                           | Bin 0 -> 929 bytes
 .../Test_hex1.java                            |  13 ++
 .../Test_hex2.class                           | Bin 0 -> 942 bytes
 .../Test_hex2.java                            |  13 ++
 .../Test_hex3.class                           | Bin 0 -> 943 bytes
 .../Test_hex3.java                            |  13 ++
 .../Test_octal1.class                         | Bin 0 -> 935 bytes
 .../Test_octal1.java                          |  13 ++
 .../Test_octal2.class                         | Bin 0 -> 953 bytes
 .../Test_octal2.java                          |  13 ++
 .../Test_octal3.class                         | Bin 0 -> 954 bytes
 .../Test_octal3.java                          |  13 ++
 .../test_binary1.desc                         |   8 +
 .../test_binary2.desc                         |   8 +
 .../test_binary3.desc                         |   8 +
 .../test_decimal.desc                         |   8 +
 .../test_hex1.desc                            |   8 +
 .../test_hex2.desc                            |   8 +
 .../test_hex3.desc                            |   8 +
 .../test_octal1.desc                          |   8 +
 .../test_octal2.desc                          |   8 +
 .../test_octal3.desc                          |   8 +
 .../java_parseint/Test1.class                 | Bin 0 -> 934 bytes
 .../java_parseint/Test1.java                  |  14 ++
 .../java_parseint/Test2.class                 | Bin 0 -> 948 bytes
 .../java_parseint/Test2.java                  |  15 ++
 .../java_parseint/Test3.class                 | Bin 0 -> 738 bytes
 .../Test.java => java_parseint/Test3.java}    |   4 +-
 .../java_parseint/test1.desc                  |   7 +
 .../java_parseint/test2.desc                  |   7 +
 .../test.desc => java_parseint/test3.desc}    |   6 +-
 .../java_parseint_1/Test.class                | Bin 1001 -> 0 bytes
 .../java_parseint_1/Test.java                 |  19 --
 .../java_parseint_1/test.desc                 |   9 -
 .../java_parseint_2/Test.class                | Bin 737 -> 0 bytes
 .../java_parseint_knownbug/Test.class         | Bin 825 -> 946 bytes
 .../java_parseint_knownbug/Test.java          |  10 +-
 .../java_parseint_knownbug/test.desc          |   6 +-
 .../java_parseint_with_radix/Test.class       | Bin 1428 -> 0 bytes
 .../java_parseint_with_radix/Test.java        |  36 ---
 .../java_parseint_with_radix/Test1.class      | Bin 0 -> 934 bytes
 .../java_parseint_with_radix/Test1.java       |  14 ++
 .../java_parseint_with_radix/Test2.class      | Bin 0 -> 936 bytes
 .../java_parseint_with_radix/Test2.java       |  14 ++
 .../java_parseint_with_radix/Test3.class      | Bin 0 -> 935 bytes
 .../java_parseint_with_radix/Test3.java       |  14 ++
 .../java_parseint_with_radix/Test4.class      | Bin 0 -> 936 bytes
 .../java_parseint_with_radix/Test4.java       |  14 ++
 .../java_parseint_with_radix/Test5.class      | Bin 0 -> 939 bytes
 .../java_parseint_with_radix/Test5.java       |  14 ++
 .../java_parseint_with_radix/Test6.class      | Bin 0 -> 946 bytes
 .../java_parseint_with_radix/Test6.java       |  15 ++
 .../java_parseint_with_radix/test.desc        |  16 --
 .../java_parseint_with_radix/test1.desc       |   8 +
 .../java_parseint_with_radix/test2.desc       |   8 +
 .../java_parseint_with_radix/test3.desc       |   8 +
 .../java_parseint_with_radix/test4.desc       |   8 +
 .../java_parseint_with_radix/test5.desc       |   8 +
 .../java_parseint_with_radix/test6.desc       |   9 +
 .../Test.class                                | Bin 1035 -> 966 bytes
 .../Test.java                                 |  21 +-
 .../test.desc                                 |   8 +-
 .../java_parselong/Test_binary_min.class      | Bin 0 -> 944 bytes
 .../java_parselong/Test_binary_min.java       |  15 ++
 .../java_parselong/Test_decimal_max.class     | Bin 0 -> 900 bytes
 .../java_parselong/Test_decimal_max.java      |  15 ++
 .../java_parselong/Test_decimal_min.class     | Bin 0 -> 904 bytes
 .../java_parselong/Test_decimal_min.java      |  15 ++
 .../java_parselong/Test_hex.class             | Bin 0 -> 873 bytes
 .../java_parselong/Test_hex.java              |  14 ++
 .../java_parselong/Test_octal.class           | Bin 0 -> 882 bytes
 .../java_parselong/Test_octal.java            |  14 ++
 .../java_parselong/test_binary_min.desc       |   9 +
 .../java_parselong/test_decimal_max.desc      |   9 +
 .../java_parselong/test_decimal_min.desc      |   9 +
 .../java_parselong/test_hex.desc              |   9 +
 .../java_parselong/test_octal.desc            |   9 +
 .../java_parselong_binary_1/Test.class        | Bin 854 -> 0 bytes
 .../java_parselong_binary_1/Test.java         |  11 -
 .../java_parselong_binary_1/test.desc         |   9 -
 .../java_parselong_decimal_1/Test.class       | Bin 828 -> 0 bytes
 .../java_parselong_decimal_1/Test.java        |  11 -
 .../java_parselong_decimal_1/test.desc        |   9 -
 .../java_parselong_decimal_2/Test.class       | Bin 832 -> 0 bytes
 .../java_parselong_decimal_2/Test.java        |  11 -
 .../java_parselong_decimal_2/test.desc        |   9 -
 .../java_parselong_hex_1/Test.class           | Bin 831 -> 0 bytes
 .../java_parselong_hex_1/Test.java            |  10 -
 .../java_parselong_hex_1/test.desc            |   9 -
 .../java_parselong_octal_1/Test.class         | Bin 834 -> 0 bytes
 .../java_parselong_octal_1/Test.java          |  10 -
 .../java_parselong_octal_1/test.desc          |   9 -
 unit/Makefile                                 |   3 -
 .../calculate_max_string_length.cpp           |   8 +-
 .../get_numeric_value_from_character.cpp      | 125 ++++++----
 .../is_digit_with_radix.cpp                   | 218 ++++++++++++++++--
 .../is_digit_with_radix_lower_case.cpp        |  57 -----
 .../instantiate_not_contains.cpp              |  24 +-
 175 files changed, 1098 insertions(+), 446 deletions(-)
 create mode 100644 regression/strings-smoke-tests/java_long_to_string/Test1.class
 create mode 100644 regression/strings-smoke-tests/java_long_to_string/Test1.java
 create mode 100644 regression/strings-smoke-tests/java_long_to_string/Test2.class
 create mode 100644 regression/strings-smoke-tests/java_long_to_string/Test2.java
 create mode 100644 regression/strings-smoke-tests/java_long_to_string/Test3.class
 create mode 100644 regression/strings-smoke-tests/java_long_to_string/Test3.java
 create mode 100644 regression/strings-smoke-tests/java_long_to_string/Test4.class
 create mode 100644 regression/strings-smoke-tests/java_long_to_string/Test4.java
 create mode 100644 regression/strings-smoke-tests/java_long_to_string/Test5.class
 create mode 100644 regression/strings-smoke-tests/java_long_to_string/Test5.java
 create mode 100644 regression/strings-smoke-tests/java_long_to_string/test1.desc
 create mode 100644 regression/strings-smoke-tests/java_long_to_string/test2.desc
 create mode 100644 regression/strings-smoke-tests/java_long_to_string/test3.desc
 create mode 100644 regression/strings-smoke-tests/java_long_to_string/test4.desc
 create mode 100644 regression/strings-smoke-tests/java_long_to_string/test5.desc
 create mode 100644 regression/strings-smoke-tests/java_long_to_string_with_radix/Test_binary1.class
 create mode 100644 regression/strings-smoke-tests/java_long_to_string_with_radix/Test_binary1.java
 create mode 100644 regression/strings-smoke-tests/java_long_to_string_with_radix/Test_binary2.class
 create mode 100644 regression/strings-smoke-tests/java_long_to_string_with_radix/Test_binary2.java
 create mode 100644 regression/strings-smoke-tests/java_long_to_string_with_radix/Test_binary3.class
 create mode 100644 regression/strings-smoke-tests/java_long_to_string_with_radix/Test_binary3.java
 create mode 100644 regression/strings-smoke-tests/java_long_to_string_with_radix/Test_decimal.class
 create mode 100644 regression/strings-smoke-tests/java_long_to_string_with_radix/Test_decimal.java
 create mode 100644 regression/strings-smoke-tests/java_long_to_string_with_radix/Test_hex1.class
 create mode 100644 regression/strings-smoke-tests/java_long_to_string_with_radix/Test_hex1.java
 create mode 100644 regression/strings-smoke-tests/java_long_to_string_with_radix/Test_hex2.class
 create mode 100644 regression/strings-smoke-tests/java_long_to_string_with_radix/Test_hex2.java
 create mode 100644 regression/strings-smoke-tests/java_long_to_string_with_radix/Test_hex3.class
 create mode 100644 regression/strings-smoke-tests/java_long_to_string_with_radix/Test_hex3.java
 create mode 100644 regression/strings-smoke-tests/java_long_to_string_with_radix/Test_octal1.class
 create mode 100644 regression/strings-smoke-tests/java_long_to_string_with_radix/Test_octal1.java
 create mode 100644 regression/strings-smoke-tests/java_long_to_string_with_radix/Test_octal2.class
 create mode 100644 regression/strings-smoke-tests/java_long_to_string_with_radix/Test_octal2.java
 create mode 100644 regression/strings-smoke-tests/java_long_to_string_with_radix/Test_octal3.class
 create mode 100644 regression/strings-smoke-tests/java_long_to_string_with_radix/Test_octal3.java
 create mode 100644 regression/strings-smoke-tests/java_long_to_string_with_radix/test_binary1.desc
 create mode 100644 regression/strings-smoke-tests/java_long_to_string_with_radix/test_binary2.desc
 create mode 100644 regression/strings-smoke-tests/java_long_to_string_with_radix/test_binary3.desc
 create mode 100644 regression/strings-smoke-tests/java_long_to_string_with_radix/test_decimal.desc
 create mode 100644 regression/strings-smoke-tests/java_long_to_string_with_radix/test_hex1.desc
 create mode 100644 regression/strings-smoke-tests/java_long_to_string_with_radix/test_hex2.desc
 create mode 100644 regression/strings-smoke-tests/java_long_to_string_with_radix/test_hex3.desc
 create mode 100644 regression/strings-smoke-tests/java_long_to_string_with_radix/test_octal1.desc
 create mode 100644 regression/strings-smoke-tests/java_long_to_string_with_radix/test_octal2.desc
 create mode 100644 regression/strings-smoke-tests/java_long_to_string_with_radix/test_octal3.desc
 create mode 100644 regression/strings-smoke-tests/java_parseint/Test1.class
 create mode 100644 regression/strings-smoke-tests/java_parseint/Test1.java
 create mode 100644 regression/strings-smoke-tests/java_parseint/Test2.class
 create mode 100644 regression/strings-smoke-tests/java_parseint/Test2.java
 create mode 100644 regression/strings-smoke-tests/java_parseint/Test3.class
 rename regression/strings-smoke-tests/{java_parseint_2/Test.java => java_parseint/Test3.java} (66%)
 create mode 100644 regression/strings-smoke-tests/java_parseint/test1.desc
 create mode 100644 regression/strings-smoke-tests/java_parseint/test2.desc
 rename regression/strings-smoke-tests/{java_parseint_2/test.desc => java_parseint/test3.desc} (51%)
 delete mode 100644 regression/strings-smoke-tests/java_parseint_1/Test.class
 delete mode 100644 regression/strings-smoke-tests/java_parseint_1/Test.java
 delete mode 100644 regression/strings-smoke-tests/java_parseint_1/test.desc
 delete mode 100644 regression/strings-smoke-tests/java_parseint_2/Test.class
 delete mode 100644 regression/strings-smoke-tests/java_parseint_with_radix/Test.class
 delete mode 100644 regression/strings-smoke-tests/java_parseint_with_radix/Test.java
 create mode 100644 regression/strings-smoke-tests/java_parseint_with_radix/Test1.class
 create mode 100644 regression/strings-smoke-tests/java_parseint_with_radix/Test1.java
 create mode 100644 regression/strings-smoke-tests/java_parseint_with_radix/Test2.class
 create mode 100644 regression/strings-smoke-tests/java_parseint_with_radix/Test2.java
 create mode 100644 regression/strings-smoke-tests/java_parseint_with_radix/Test3.class
 create mode 100644 regression/strings-smoke-tests/java_parseint_with_radix/Test3.java
 create mode 100644 regression/strings-smoke-tests/java_parseint_with_radix/Test4.class
 create mode 100644 regression/strings-smoke-tests/java_parseint_with_radix/Test4.java
 create mode 100644 regression/strings-smoke-tests/java_parseint_with_radix/Test5.class
 create mode 100644 regression/strings-smoke-tests/java_parseint_with_radix/Test5.java
 create mode 100644 regression/strings-smoke-tests/java_parseint_with_radix/Test6.class
 create mode 100644 regression/strings-smoke-tests/java_parseint_with_radix/Test6.java
 delete mode 100644 regression/strings-smoke-tests/java_parseint_with_radix/test.desc
 create mode 100644 regression/strings-smoke-tests/java_parseint_with_radix/test1.desc
 create mode 100644 regression/strings-smoke-tests/java_parseint_with_radix/test2.desc
 create mode 100644 regression/strings-smoke-tests/java_parseint_with_radix/test3.desc
 create mode 100644 regression/strings-smoke-tests/java_parseint_with_radix/test4.desc
 create mode 100644 regression/strings-smoke-tests/java_parseint_with_radix/test5.desc
 create mode 100644 regression/strings-smoke-tests/java_parseint_with_radix/test6.desc
 create mode 100644 regression/strings-smoke-tests/java_parselong/Test_binary_min.class
 create mode 100644 regression/strings-smoke-tests/java_parselong/Test_binary_min.java
 create mode 100644 regression/strings-smoke-tests/java_parselong/Test_decimal_max.class
 create mode 100644 regression/strings-smoke-tests/java_parselong/Test_decimal_max.java
 create mode 100644 regression/strings-smoke-tests/java_parselong/Test_decimal_min.class
 create mode 100644 regression/strings-smoke-tests/java_parselong/Test_decimal_min.java
 create mode 100644 regression/strings-smoke-tests/java_parselong/Test_hex.class
 create mode 100644 regression/strings-smoke-tests/java_parselong/Test_hex.java
 create mode 100644 regression/strings-smoke-tests/java_parselong/Test_octal.class
 create mode 100644 regression/strings-smoke-tests/java_parselong/Test_octal.java
 create mode 100644 regression/strings-smoke-tests/java_parselong/test_binary_min.desc
 create mode 100644 regression/strings-smoke-tests/java_parselong/test_decimal_max.desc
 create mode 100644 regression/strings-smoke-tests/java_parselong/test_decimal_min.desc
 create mode 100644 regression/strings-smoke-tests/java_parselong/test_hex.desc
 create mode 100644 regression/strings-smoke-tests/java_parselong/test_octal.desc
 delete mode 100644 regression/strings-smoke-tests/java_parselong_binary_1/Test.class
 delete mode 100644 regression/strings-smoke-tests/java_parselong_binary_1/Test.java
 delete mode 100644 regression/strings-smoke-tests/java_parselong_binary_1/test.desc
 delete mode 100644 regression/strings-smoke-tests/java_parselong_decimal_1/Test.class
 delete mode 100644 regression/strings-smoke-tests/java_parselong_decimal_1/Test.java
 delete mode 100644 regression/strings-smoke-tests/java_parselong_decimal_1/test.desc
 delete mode 100644 regression/strings-smoke-tests/java_parselong_decimal_2/Test.class
 delete mode 100644 regression/strings-smoke-tests/java_parselong_decimal_2/Test.java
 delete mode 100644 regression/strings-smoke-tests/java_parselong_decimal_2/test.desc
 delete mode 100644 regression/strings-smoke-tests/java_parselong_hex_1/Test.class
 delete mode 100644 regression/strings-smoke-tests/java_parselong_hex_1/Test.java
 delete mode 100644 regression/strings-smoke-tests/java_parselong_hex_1/test.desc
 delete mode 100644 regression/strings-smoke-tests/java_parselong_octal_1/Test.class
 delete mode 100644 regression/strings-smoke-tests/java_parselong_octal_1/Test.java
 delete mode 100644 regression/strings-smoke-tests/java_parselong_octal_1/test.desc
 delete mode 100644 unit/solvers/refinement/string_constraint_generator_valueof/is_digit_with_radix_lower_case.cpp

diff --git a/regression/strings-smoke-tests/java_int_to_string/Test1.class b/regression/strings-smoke-tests/java_int_to_string/Test1.class
index 1182bf70ce7ac68e1036a3921c7f8d93f7318e80..b4e1976927d440b9642c760aa190525b1beec698 100644
GIT binary patch
delta 537
zcmZvYJ5L)?5QV?H>)q>JZom&%2#|z_jbDIcvLQjBC`#?xQfSa3AtYphD4?aMLB<uP
zq@V^QgFp&>n*1SzGHWYopqV-6%-lIM_tZVsE5D!be*qyYJ_AhoOf%y%OU}b1pJdLb
zKv7fj(M)N|J{9IQ3$1X!78L6{(P30=M!Vb9AA5Vvt!Q_()KI8RMfR0i>!P9-TYn1q
zL54I{!$)eGCBr8|gW-+Bsx4_24WC(VXI0+)V)#nf{-!nx=@(`Sv)Q+8M9qUOg<UMI
zx6f7mNbd0DAW*5Xc(5QFh4@NL39Cw0lAZD`>Pmn`TB6$%6&b;%-$0gOVICs{qQs9+
zq}!6bmNIu(^>P>cjPYv{9V(TK)8)wRF!O-^c}w!Krw{jZ_l$vma%^h%OamOjj+nc$
zsV0Zds@TU%1brh$858ER%v;7~jR|2M))P6+WI&R4|4$21Yf^=D#_QsD(1}YD_6>=b
ScgABJEb~47jrT$<KKuos&`PHO

delta 402
zcmYk2%Q6E|5Qe`qmvd$&2g!&C64yj7u2HeDvu0_<#v7<&X~EtuW+g9RjjB*ovG)$%
zL@7O^ghhAt<?sLR?kjVxyYFAmuRxbhL_{T`%4|r$T)=$90*i*F2u;OMi>R|~X!LeY
zdmk;;OpIz&M;JA<ENxaSIjq9zY#ExCRo0RNRoCm54K|Ytb)0BtucmODts|ihL=aTI
zoQ_H4q7XLmW66nAy39*WOC}f!;%yfD#EeT8QvAV6e2$a#w)6H0Xa63zPq7_)1N=U@
z7xdvH=Iwv^=C6Dw1TLvqj3?d~Q7vycGxC*SsI29P2}%N(6bo@asT#^9flLh->1Jy{
hAr1zFeT;XD=RV-3B2Fgqdr`{b<Jes#Gt*gn<{J-4Df0jT

diff --git a/regression/strings-smoke-tests/java_int_to_string/Test1.java b/regression/strings-smoke-tests/java_int_to_string/Test1.java
index 13d9219fac3..bc5f46a5761 100644
--- a/regression/strings-smoke-tests/java_int_to_string/Test1.java
+++ b/regression/strings-smoke-tests/java_int_to_string/Test1.java
@@ -1,9 +1,13 @@
 public class Test1
 {
-    public static void main()
+    public static void main(Boolean b)
     {
         String s = Integer.toString(12);
-        assert(s.equals("12"));
-        assert(!s.equals("12"));
+        if (b) {
+            assert(s.equals("12"));
+        }
+        else {
+            assert(!s.equals("12"));
+        }
     }
 }
diff --git a/regression/strings-smoke-tests/java_int_to_string/Test2.class b/regression/strings-smoke-tests/java_int_to_string/Test2.class
index 9de562836fa727c69e155e169ca0b32af51a3960..b5c286c4fcac0ea746f31c904cb16a025ffedb18 100644
GIT binary patch
delta 538
zcmZvYPfrt36vcmUrZcZIJfSURL_n#v(0|Yhj3|Lb<GO1S*pO+`n3$%G3*GVoT#%+K
z8g?vLgGp;3(LEbJhu^^%@3hekY~H=++&|}@*LT0_o!dXxKY)-OpDA)a&&m6|py1)L
zl4RAVNJ&%n(d0B0pDJsb^<MaCBPcaKMqi?OJL-I>zwdV2t*EnG-dCumV)lVr@4TvN
zy}RP-G&7pI;UycIO~V$U!SG07uWxQ?YKB*A_p@rneQkI{*ng{zis^f53e%kE?nmv<
zEg3JB5Bq1TaV$nWaRe$gA8(e-Mj^uTrUca`Dv3^Igu0Z(A}y~wCKVaU&7^@@vVuJ3
z2!x4;Po&$DxR?6%9jj3pVxO{bMPfj;nsJ64y94q!=z|f-pJP5d=G{}K{?W0hJr)gc
zBzHvIl}j}Re0D`XJ|dV1@tAo*F55g|LC#nd<YE1$pjiq?^7Oy85Va>&NN2nu{s5i0
XAYp$aao=aW#=$c0;@@~Cz+(9?$7xHt

delta 403
zcmYk2%Q6E|5Qe`qmvd$&gUN^plDH*uA+E8ovu10<#v>?}HhBQ6)U4zMtWgz;D)!#N
z19%6e^o$Y~-PM=B|G&GhOrpDQUr#SUm#u(+azKTukH@^nLck(RhUEZF*-#6pvtnrU
z_s;w8E!9knYE;J<H?%_9tcK(W6?SKP$IuK}qmvw|x?T_2U^D5d)5KT@H9<66C&KNC
zBB-d8&PimW5IXS_$(dE`MN-p}35LA*FpFJcCMEMJ{9q-%#L9ZR(Z?g!;T`sXLOXVb
zxC3&}=;H^>>;LlgU-?!DY*MipN4zVdTK;fh<SpJvS<4Yq6a_FX=3{+QF_ek|nHeq8
k&DMZ?><#e;80QAZzQ;~QtW4zhqLjtO3ip-F%x3MmZvx;e2LJ#7

diff --git a/regression/strings-smoke-tests/java_int_to_string/Test2.java b/regression/strings-smoke-tests/java_int_to_string/Test2.java
index 9b52a1b0de0..b0feb6ae002 100644
--- a/regression/strings-smoke-tests/java_int_to_string/Test2.java
+++ b/regression/strings-smoke-tests/java_int_to_string/Test2.java
@@ -1,9 +1,13 @@
 public class Test2
 {
-    public static void main()
+    public static void main(Boolean b)
     {
         String s = Integer.toString(-23);
-        assert(s.equals("-23"));
-        assert(!s.equals("-23"));
+        if (b) {
+            assert(s.equals("-23"));
+        }
+        else {
+            assert(!s.equals("-23"));
+        }
     }
 }
diff --git a/regression/strings-smoke-tests/java_int_to_string/Test3.class b/regression/strings-smoke-tests/java_int_to_string/Test3.class
index 2ecef3c14125ec0dcd506bc35dd358de594da231..f3c171504dc1790856bb9435ab71ad260e573768 100644
GIT binary patch
delta 553
zcmZvYyKWOv5Qe|m_3rT=Zy<KU62c`HY<vS8C!07B7eI^aNTi82QiO!8L=>d;BSe-9
z6gQM0Q2~;JK!TnZ;AIeI))q9OnVJ7TbIvz&-uSQ0;~&4jd;?-0T4q=^+;)58@z~-}
zw3N6LkfWTXVyRLy)Ga~UcGq%``-Vop{jwQVIxmuwq|r@|o;RKxA9oLvqn+xmAP2(S
zf6n^v>$2AWS$1d14@9C;lXb&JsB>(FT;j4|*PC%G-rm@XTZXleEn0(EO8$1p12zZy
z^0b`402RW6DSkKUzB&}#N_B7WPC7kSbdMR`RAv`afL1Po@--GzH8hK6uXc`n(86I(
zqdzf)d9A}~16PPt1zcr8o%Hglb~~Ee1@|+VPHlvD#^Oi(A@zE}jOb;DtbQeUc8>i%
z@#iOg_Ke(LJB7LvXoRP=r*L0qHWab!C_Wt`nu55-qAFki<vKTXjGL+goL>|Tw<5AE
m{aY<Y+IkB4LT*Gj#AM!*aX;Z-+%tW~!wDayzp<>sVdW2|dr?mS

delta 453
zcmZWlJx>Bb5Pf@Jd$+6t2O@r;q9SmLCwPK|g_g=Mz>b2D7(=2V7B>6_a)ptG(ppWx
zXrjIU!+&AKIZV*RVrSmWzS;L?Z+PE0c>j8S1>m71AhE=;tae7Dk${2~3j%2qs{(6S
z=g0_{0b@fTiyTM3dvwwL$TP<evurtx2t)L&epPqR>#e4H+-f(PjZ2A5Y)MREnn9F`
zUd7wrEqfIXN1}jjzs)j+E3t#3-)B`nrkr#b)Li})X;PPDjYX2dI3X1bBttPul}njX
z)}0~PJplzaMPuA#h!K`Q1jI2zm4(D)_?p<k@Sd$cL90GM?;-Bk#sIw2L+Ax&Z3ye_
zZ~ykU9jK{eH5(dXom35^!08{&iLyZ!XOX1)IXV`UPoy~J6GT~<81cq7fT%472=&0V
Y!W}gA5&Hj?f@gFn@-SF@kqQN=Z_GqDRR910

diff --git a/regression/strings-smoke-tests/java_int_to_string/Test3.java b/regression/strings-smoke-tests/java_int_to_string/Test3.java
index 11ad18e5d98..f2e4b9ee389 100644
--- a/regression/strings-smoke-tests/java_int_to_string/Test3.java
+++ b/regression/strings-smoke-tests/java_int_to_string/Test3.java
@@ -1,9 +1,13 @@
 public class Test3
 {
-    public static void main()
+    public static void main(Boolean b)
     {
         String s = Integer.toString(Integer.MAX_VALUE);
-        assert(s.equals("2147483647"));
-        assert(!s.equals("2147483647"));
+        if (b) {
+            assert(s.equals("2147483647"));
+        }
+        else {
+            assert(!s.equals("2147483647"));
+        }
     }
 }
diff --git a/regression/strings-smoke-tests/java_int_to_string/Test4.class b/regression/strings-smoke-tests/java_int_to_string/Test4.class
index 98ba758b492cb1de3660663c8dc226c7c16221b6..299c653044e20fedfd2a5fe1265ce27502cdbd8d 100644
GIT binary patch
delta 554
zcmZvYPfrtJ5XOJA+ugUjU6dAF0RaUI{U?;dmLl{3T<w`ePc8{DF%86nUhx}{rWfeR
zn<1Q(q!>-~?icXO7{hEExZq`Go@eHLpJ(Qidun!m|NH(Eh}iTQVczi6{s`h@k@s0(
z(IZ14P0^=B*--KElCft#ODr3zo#wk*SZuwGKg88`eE6oidvw%3h!3|)dxGo>WB=)O
zE-JFp`BSh*$#zA;#Tu)IwLpE;1MYEO$SkeaqDHi_wjMPMD*@{?x^-D_Hv*nh@4l87
zh3p+wA=n@4@5Sx+2ZCKJz3QGz>zFxRWJFh$(TPMsD;q%#Xv`_9Y8K5-`3m`>g~gag
zcR&i`S_i`c9uO+>c*uk@$>S59wlp_$_BT?kav$f6sjs*_DwUk+bDZum{{!#k75=XQ
zKR)2oXJl^ZMAROLhB#U~D(<RhLmr<kl}}8BLm?)aQsnAg9x<&pW)yi?f5{tWL()9H
lT`fYI+J$T`(<kU*QlClLm$-NLOulijg6-rQPZU_pT?6v(PKW>i

delta 454
zcmZXQO)mpc6o#KW)0x{&2kof(EQ;y}RUbnwELh?fu<N3ch%_Ns*wkNWx}mG?tdSrj
z?EMe_Ld2O$N@8)(dC$4;x$k@Km2TS`?_bZafX}jn%eZF3yaeT7Fd4xi9cId5ni);T
zAsjGf9kS#!`Nr09<0G#M%|4Ya_YqUX4=d-D(ov;$P};7YRu8HtE_2Mg^w6t_7MGX&
zvcJBv=9e`Emm&+zGnKJRE{iNR+iJI&Fm~z+Gnd~dE%L5-Q?a37UXY1GbR@>5DoIw7
zt->SfR)B#g(e5-A{es;e0tp7BijeFMUkE!GUiHi;Lc4cZEfNLKen8h-L|+K+Jra5Q
z+rR#82Wn<V%_Ah(5>=ZNT0Sz|Rkp?AAVYFLEGL5TNlG)46v}AVh~KdRanE@m+Cqnl
XH-yZ4tp6(o&sZ4lX0Z5}6b7kpELJp*

diff --git a/regression/strings-smoke-tests/java_int_to_string/Test4.java b/regression/strings-smoke-tests/java_int_to_string/Test4.java
index e2ded14ae78..e4a3bdb41bc 100644
--- a/regression/strings-smoke-tests/java_int_to_string/Test4.java
+++ b/regression/strings-smoke-tests/java_int_to_string/Test4.java
@@ -1,9 +1,13 @@
 public class Test4
 {
-    public static void main()
+    public static void main(Boolean b)
     {
         String s = Integer.toString(Integer.MIN_VALUE + 1);
-        assert(s.equals("-2147483647"));
-        assert(!s.equals("-2147483647"));
+        if (b) {
+            assert(s.equals("-2147483647"));
+        }
+        else {
+            assert(!s.equals("-2147483647"));
+        }
     }
 }
diff --git a/regression/strings-smoke-tests/java_int_to_string/Test5.class b/regression/strings-smoke-tests/java_int_to_string/Test5.class
index ceb1cebf1c7df350b1e7063972769a3119d0b819..eafc3cb9a78e2ac300fe97780f58b36fc1c4bada 100644
GIT binary patch
delta 535
zcmZvY%S#(k6vlsdCNnoP-d2<7_^S17UN(t3z8VVBb=HDzWCRf;C@$KqTUTPpD%p0?
zbz6v{pnEs|Ln59@(2eE7Ip6ut<2&bGy61ZH;rZqc2-)=MW6Ecm8J}6^JUr%;Ecj%}
zY4SdrDNVtr$fD*;BRpLSa<!xAXH>37$A{(bCnxoT=(w8SR;YbN=0CZ{uc9h79<y^F
z>DQDE6_zy1h804C;e)hRG$q3-Yt6Kpch?OYgw1biFPnO&r7-(F)$OSM<3M5O^1IEp
zs-4Lhp4<a!U?iR^$VMTuVh1EDi&x^E!WHU|0E?7Zw@WJ0f=#c041*GR3=s$uH(yA#
zCBAB3W7P^B>=t8xNwg^z(@qEXtj)|VdgqGdeU~5X@h$pZ=~&b5Y6duh9eJ*3YWaMh
zuY%$of}Re;jC5<(7-dYh7?;SydSX`dDIm$j+hw7otCA*__B!}&bmBJ&`yYw-XU1b3
OEVC7V#%BpECSL&B3Q9--

delta 418
zcmZXQ&oTo+5XOJAv%9mq86+zri2ovgghbhkn=>~zE}p^BLFMWwwI_K2XH+GMD(>FF
zn<%9>N~ls()BSZ%cYj~cmAUqlx6h{+AYnHmq7t#lQb@pZz)Hj_Ylig*pNe54qROVB
z*4sbty*E@nHL6ybVA9aAG}*G`unN^N)GaNx(_>ZjcPwo>>7_bLJ?F5i(DlZtOb&z(
zRKA>b3DPKJnAj<a+TxXXuQ^2B32?}Z^+!oXL9qQUAZA*kkm9)cLaMXoL_gvj-J|;y
zo3T5<>vzdL<DU#MuYdD5zv+xjkH}(N!JZu1AH$w#{vq~6;S42tpOqWpd}Lo#E=kGU
jSVuBa0fjgi5cV<dZ3|aFp#N`_jqz~oLALk21P%*dt=B4E

diff --git a/regression/strings-smoke-tests/java_int_to_string/Test5.java b/regression/strings-smoke-tests/java_int_to_string/Test5.java
index af0b93c8916..408b2eaad11 100644
--- a/regression/strings-smoke-tests/java_int_to_string/Test5.java
+++ b/regression/strings-smoke-tests/java_int_to_string/Test5.java
@@ -1,9 +1,13 @@
 public class Test5
 {
-    public static void main()
+    public static void main(Boolean b)
     {
         String s = Integer.toString(0);
-        assert(s.equals("0"));
-        assert(!s.equals("0"));
+        if (b) {
+            assert(s.equals("0"));
+        }
+        else {
+            assert(!s.equals("0"));
+        }
     }
 }
diff --git a/regression/strings-smoke-tests/java_int_to_string/test1.desc b/regression/strings-smoke-tests/java_int_to_string/test1.desc
index 46556544066..88f39d5eb12 100644
--- a/regression/strings-smoke-tests/java_int_to_string/test1.desc
+++ b/regression/strings-smoke-tests/java_int_to_string/test1.desc
@@ -3,6 +3,6 @@ Test1.class
 --refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
-assertion.* line 6 .* SUCCESS$
-assertion.* line 7 .* FAILURE$
+assertion.* line 7 .* SUCCESS$
+assertion.* line 10 .* FAILURE$
 --
diff --git a/regression/strings-smoke-tests/java_int_to_string/test2.desc b/regression/strings-smoke-tests/java_int_to_string/test2.desc
index 11849c1c6fe..5ff465a846e 100644
--- a/regression/strings-smoke-tests/java_int_to_string/test2.desc
+++ b/regression/strings-smoke-tests/java_int_to_string/test2.desc
@@ -3,6 +3,6 @@ Test2.class
 --refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
-assertion.* line 6 .* SUCCESS$
-assertion.* line 7 .* FAILURE$
+assertion.* line 7 .* SUCCESS$
+assertion.* line 10 .* FAILURE$
 --
diff --git a/regression/strings-smoke-tests/java_int_to_string/test3.desc b/regression/strings-smoke-tests/java_int_to_string/test3.desc
index 1e2b8bc0835..5b48152f26e 100644
--- a/regression/strings-smoke-tests/java_int_to_string/test3.desc
+++ b/regression/strings-smoke-tests/java_int_to_string/test3.desc
@@ -3,6 +3,6 @@ Test3.class
 --refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
-assertion.* line 6 .* SUCCESS$
-assertion.* line 7 .* FAILURE$
+assertion.* line 7 .* SUCCESS$
+assertion.* line 10 .* FAILURE$
 --
diff --git a/regression/strings-smoke-tests/java_int_to_string/test4.desc b/regression/strings-smoke-tests/java_int_to_string/test4.desc
index 0a71ba2ebe7..2106e2defa5 100644
--- a/regression/strings-smoke-tests/java_int_to_string/test4.desc
+++ b/regression/strings-smoke-tests/java_int_to_string/test4.desc
@@ -3,6 +3,6 @@ Test4.class
 --refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
-assertion.* line 6 .* SUCCESS$
-assertion.* line 7 .* FAILURE$
+assertion.* line 7 .* SUCCESS$
+assertion.* line 10 .* FAILURE$
 --
diff --git a/regression/strings-smoke-tests/java_int_to_string/test5.desc b/regression/strings-smoke-tests/java_int_to_string/test5.desc
index 66f3314b992..08531bc36e0 100644
--- a/regression/strings-smoke-tests/java_int_to_string/test5.desc
+++ b/regression/strings-smoke-tests/java_int_to_string/test5.desc
@@ -3,6 +3,6 @@ Test5.class
 --refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
-assertion.* line 6 .* SUCCESS$
-assertion.* line 7 .* FAILURE$
+assertion.* line 7 .* SUCCESS$
+assertion.* line 10 .* FAILURE$
 --
diff --git a/regression/strings-smoke-tests/java_int_to_string_knownbug/Test.class b/regression/strings-smoke-tests/java_int_to_string_knownbug/Test.class
index e8e940f8bd2d0dc9c0985b55beb86d7704ce63da..f367a4884d7475cc648ce87d6cf6153a96d15d94 100644
GIT binary patch
delta 553
zcmZvZO-~b16o#KW)0x|u4oE*7`S1%Ur61H%IzW*wl&xKpK*D00G$y72Hn7EiV4B87
zo4CcqothLQ3GV#?{u%?EX`>t1+;iUdo_n8j?)_wc)USVE|GWYMUb;-MpjkBEi*_-{
zx-5}%NU$6y?^2+sDY-aN*@{b<7n(}9aa{HD&3EBxSm}g^Z!0@TN1b+fxLw#)sFosq
z&tCUSNv(GO<jg6O-5WnwWldA_q>XitNggN?<+W<C8PsbVL0z-zvB74qrm}Y3V~h3P
zfqJu?yaQEutucN#?3}a}X1=iBJ6Fv!=4FlvnM_ShM+C`C6vCG^C8{D(NwkU=sIQV3
zq-C{7rXnM`H!k2Iz9@%BOp6m8{vg$c#74^eL9AIEV)dE*hCQHEO6ehI@c|2$IC~ek
zzeav$<j4CY{@D@K96^07$t{7~(z7Nj|FJFjs0n`zVuo2!w!F(6kEM+#q8yCBWHnEH
o;yn95T7YWEE+kWlA>IHT`%KLIj(vB|=o$;ddlkLLa}fsfw@xxoZ~y=R

delta 454
zcmZWl%T5A85UknP>|;cBMZ^axiU_Og3a-MzgC3PHz#9ibVhk~AJb1xhAR7;oaQ3Vw
zU^LOY-{EH%V=pFX;$gbGda9?Y=Z5#R-S@BOR{#M@CIsd=7UXNfCL}BxlrlP&Oe`bI
zv0_4x7&#NG$a54r`=_0c0&~L{%az9wXRwd!mv#T7-fH>>t&2vpaVD^ab%8O&7%Z<;
z49Y=eYbU61xB?zF!gH3@e1T0A!yc=KwshELkn@EjWJq3+7Zy)N^Hj-TARUS}A)hj%
zthxiRdnzP26t!WKVS;M$LqGzPgbXA{!&k(PhPNI02}<<=Y8MID(fZ)+F02>mwE>K`
zzx~_acBCc`)f^~PtE8$S4Nf1akCZjCIE575Pt!3VeIm^<lO)RQ$Vf1>0oab&ht&mF
YygMlJBh>#ZMbD^^#9p-c903XGZxC%XdjJ3c

diff --git a/regression/strings-smoke-tests/java_int_to_string_knownbug/Test.java b/regression/strings-smoke-tests/java_int_to_string_knownbug/Test.java
index 7c6e06e2ed3..cd1f45d3caa 100644
--- a/regression/strings-smoke-tests/java_int_to_string_knownbug/Test.java
+++ b/regression/strings-smoke-tests/java_int_to_string_knownbug/Test.java
@@ -1,9 +1,13 @@
 public class Test
 {
-    public static void main()
+    public static void main(Boolean b)
     {
         String t = Integer.toString(Integer.MIN_VALUE);
-        assert(t.equals("-2147483648"));
-        assert(!t.equals("-2147483648"));
+        if (b) {
+            assert(t.equals("-2147483648"));
+        }
+        else {
+            assert(!t.equals("-2147483648"));
+        }
     }
 }
diff --git a/regression/strings-smoke-tests/java_int_to_string_knownbug/test.desc b/regression/strings-smoke-tests/java_int_to_string_knownbug/test.desc
index 7d46cd722aa..b1ed3bac24c 100644
--- a/regression/strings-smoke-tests/java_int_to_string_knownbug/test.desc
+++ b/regression/strings-smoke-tests/java_int_to_string_knownbug/test.desc
@@ -3,6 +3,6 @@ Test.class
 --refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
-assertion.* line 6 .* SUCCESS$
-assertion.* line 7 .* FAILURE$
+assertion.* line 7 .* SUCCESS$
+assertion.* line 10 .* FAILURE$
 --
diff --git a/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_binary1.class b/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_binary1.class
index e28d7089d5f02e70b23edf69bdf1c0becced5f0b..5623ec7b8fe98d98515ea97760a49ea8b5196e6e 100644
GIT binary patch
delta 542
zcmZvY%}(1;5QV>M$G)+-rAYuop{4vZB|ng0Fn?;1D%M%2Dl3eHkWd7xR^9Omjj|$p
zgoMO`Rs;kR-S+`_2i^gpjuW*T*v!m1ckY}ybLJlFwLg#7w?M?2PahLLlT7(c^UlK~
zpXR;K3<XWmM>C-*`IMQ}%r&F$VNj^;#oyv;Bi`SwZX6smcH;dH#kxXmD+Zo<Yo3->
zrFmB=_VZFxHOv!g77U9-2Ez-5I~UG}p|BOh63eZ;nsrwUt3<8OYHKF@L{MS2d(!o|
z@pVUG7mAy$3spN5FP@kJl^IEfOJ$=FZHXB{Rmn=SQ@TW*OJR|f=ypj(PHNL@V1PkE
z9zz7eB%gmsw<UQ!bMIVX)k+=gBSwFcYEv%foX#O`o2eW0mrK&WyZm6n;~vrXk4{wW
zu4;fIwIgSCWkpRMpO2!SY!UR77-mF}W|>!v${u5aJgf)un%4no-u(9#v7T6iY|iW8
bx6!E+QuZ%WPmLyH94zxGImfsFi?@FPL)lFD

delta 425
zcmZXPyG{a85Qe|Ax3jyf2rD8ga`6htZ4)%Hv(_ij%EosvvEUiV7DjqwWuYcuG|}GY
zu<;#?aTX(*Se%)E=KM4NKUez3>AikFJ_9`>AD^Pn3MCJhvP;FM%Bp6~$DycM_t{`m
zvo+W|8@$z3El#U;b%wO29?)PrAVr{XT2VKOB26uzNh>~8O{X2up&MVQlel6W^c7~U
zek|)<5e1bgB%^{%6tYp`tW+JzO0wM;qizKlWF$J1rXnji_$ClCCzVHTI(#ndWOz68
zZa-ig-eC^OH9~7d-yV{B!Z{kFU;gy%%ine)XHMioEWtKfgi8{4#PyG~7LW7f<$pn*
thw(v4Q^*Ttaq6Tu@d4S;9pMepZR;A#yvO{1Q?ka!2=<f9m!vRQ{sIWtEeZet

diff --git a/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_binary1.java b/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_binary1.java
index 57ce4f998a9..7fc9c70f983 100644
--- a/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_binary1.java
+++ b/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_binary1.java
@@ -1,9 +1,13 @@
 public class Test_binary1
 {
-    public static void main()
+    public static void main(Boolean b)
     {
         String s = Integer.toString(-23, 2);
-        assert(s.equals("-10111"));
-        assert(!s.equals("-10111"));
+        if (b) {
+            assert(s.equals("-10111"));
+        }
+        else {
+            assert(!s.equals("-10111"));
+        }
     }
 }
diff --git a/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_binary2.class b/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_binary2.class
index 43de70464cdef4603108ca723ca7ecda7671b4ee..fcf394e217959bb1d7ee7b6141c90452ecc38b16 100644
GIT binary patch
delta 561
zcmZvYPfrtJ5XOJA+ugUjU7+386;VOJO8+3G3W^GedhQvcw<RGYrh$Xec<b4l&7SBN
z@T?}qXreLRG@iWsNsM*gHhRI!%skIK?>zI&H~)*d_x1PtkH7}EL#9|VEW5qYXcXdb
zIi$*!fC4LdY9VzRhGs}$+g3xavSw)Yx1Vn%wa(-8S=#ERhX<|uM@QZL^zcr7SCBoS
z{GT^{c_PHwXQ}kR7iGQwbImPM%4Q@fx4CAx9_dP(5!1{F3t3y{gSKHk;s!Uf2eRsK
zMciUDdm){b(kX2r+M8^#n|7b>3vR9cDElFu9*b&cN)1bK)(+RoMNn;xv7(k{(d;!&
zkk?u`lr{QeQmAMhO&T~uqA1`jv&z`dFSXmzyc4_LJ93@I5bv0|H~0gZ&Dack<OeK$
zAb5B}_-V{nEKmNJ!e82|x?|M@PiqgO`qLV#glwz6-6EMNagI4fMh|nI3%bWeMFGw)
rs)qT5JPZH4ZLnjlK`AZ_i3XV5D{}5z{L@D57!N19YtL~>fy3e-HqBFN

delta 450
zcmZXQ%PvDv6o$WjF5NxHap_T2w^m)-qD9I`grUm|FzY}hB29>h#Gud6oPp>I7$Yem
zVPJ$;@d%>UskkHtd#!)1{jdH1Yd`7N$kNNl-2+f!-o+!ONt@MXv*}_m?BJ4#GU77I
zm}cB18ZstaCdq1Ywbhf_TTbPJger`6(xr&)m5<BC{c>fuxK=sZ+1)wxm}1(aoeo7h
zI8Z5PPLubTp%9#@=}6IImbu_rZ3fH6dR1X&bK7J@*%Mo;D;bUoGEs<x#F$h?$x5=F
zzd>CJFz_WtT1`c_VDF1SoF1th5<kPI!VZTQebc_h+PK256VLmR231|B?Vjk?4bJ1A
zzCQnLhjM01&c_mLqeVC+aY6p)TUv|9UXpU(C&$5f55KNIA(Vk1C#9ATi1}`VwmQ0C
YU0|8l*#CD5pRqB#m2mSxDGY`_0Tv%Or~m)}

diff --git a/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_binary2.java b/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_binary2.java
index 2591b194c1d..c8f71309d6b 100644
--- a/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_binary2.java
+++ b/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_binary2.java
@@ -1,9 +1,13 @@
 public class Test_binary2
 {
-    public static void main()
+    public static void main(Boolean b)
     {
         String s = Integer.toString(Integer.MAX_VALUE, 2);
-        assert(s.equals("1111111111111111111111111111111"));
-        assert(!s.equals("1111111111111111111111111111111"));
+        if (b) {
+            assert(s.equals("1111111111111111111111111111111"));
+        }
+        else {
+            assert(!s.equals("1111111111111111111111111111111"));
+        }
     }
 }
diff --git a/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_binary3.class b/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_binary3.class
index 8ae1868a1bb2d42b8556b8bf2bbe023fd5e90819..b6f7c61d4b2a6f203a5808f3d05637364e6248dc 100644
GIT binary patch
delta 544
zcmZvY%}*0y5XOJA+ugUjU7#(nBB*>wp&vj&`BEVf&OH<Kwj{)aG;o4&gEJ?aJ<)%_
zGnf>kiC#PzkDmQY2yxyvdcn)g^E~go^UTao|GU}xargNvu*}PlKBf#$-E)u-hv|?K
zGXXhfvy?+BR1LL|z?RL0%(Gyqw>D0f;&S64IZ5ix<nUd6`{<~-pB%ob><F?a4F2b>
zbzPIi*6#&3Paz$UIKRX*!}CbzSc&LoAf1<zzZkK~TDmK9{(8g<R?-V;%ogrh3DI89
zbSG&Z?+b3Z@;3b?jWZ^7`aa!H@*}pbA{RkjH5QfCHH&7idV^dka2V9+cST`Hanvhd
zm{?iB14dM_pWkb>qj|IFdY{NNsvW#bMz8VP)M`c3IV0O<>I=b}8^Uj0eaPx$FUkFt
zt*hI0jqwzF81?VhSR!OY{p}QS&xwbODl>YRF&^n0kCg>Dx0DP|VzP|?+ijUmyBZXV
dxeieqllef#{fK{mQQOADiC)`tOek@f`~y<+P9XpQ

delta 444
zcmZXQ&n`nz5XOJ!-rjrK>!Q7?>R%~}R<#IL5-k0B0d`$9O@uB)L}F2|Aa_Gwz#2&_
zBy6l2kKz$T%&jPi#hLkL&NuVT%&UI0*IJ*C&%iQE4lXIpn0W!p!C*XsLpsca!z5Fh
zj6*nJOgqdltI1w&o?X6YRnAYSLb{izB6d(ZEfo(-)k<-zdQz^Gk6q@-yL8jzAE}I;
zbD5{$U#YxZbXj20Z>e2>-Po=v%-QTdY0-3LAQeppMS@He(p+pzqM~>u-pVymw*m}2
zv35JD=o9RI6Nu9<QG`UN_*~dQ@v3K94}^B^u<FEfp536P>vTO4-fI$h`IFbzzv)2E
zY|D9s1Y2kkPKjNS%lt@dnQ?%m{13{DV0;8e8%hXexHHLedk%<sPJ^yGx)8b{WZq-_
S-zjKgVYnN?<|7gqjD7(<k~CKU

diff --git a/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_binary3.java b/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_binary3.java
index 403a811ae29..7319a279ff0 100644
--- a/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_binary3.java
+++ b/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_binary3.java
@@ -1,9 +1,13 @@
 public class Test_binary3
 {
-    public static void main()
+    public static void main(Boolean b)
     {
         String s = Integer.toString(Integer.MIN_VALUE + 1, 2);
-        assert(s.equals("-1111111111111111111111111111111"));
-        assert(!s.equals("-1111111111111111111111111111111"));
+        if (b) {
+            assert(s.equals("-1111111111111111111111111111111"));
+        }
+        else {
+            assert(!s.equals("-1111111111111111111111111111111"));
+        }
     }
 }
diff --git a/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_decimal.class b/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_decimal.class
index f152e9fdb322d0d2a54356be3d917e51e411f685..114102c52a4882a157de0360c45135d46d3eb7a0 100644
GIT binary patch
delta 540
zcmZvYPfrt36vcmUrqkDXJfJN&A_8KC(m%Adbp(ll7}s5rCbD8kh>2<16@(q1q3Mcl
zS(xa`niL}m?)?CM1HT0!-f5#7+}wN5d4JA1_jB@6@BF;`eglN;7^YY?JSAs%#+r}M
zdWyVZgMy}L(5z}ohBBL)N-sRC2ZiQ`=rpReqt5%<+itgg9Ccn7TMBignETIJ?^9V-
zd%vpr8D=##%X8|QhUEpJ#WJmMD~)YU)$)?9eok#Bw=J&-`}^u}BXdtpVUH%dt*Cu+
zEYAzYgZ@x8&n1X2i9n?n;-6)5QHZeAw4j=FCEY7sp}xrAkdc}klZvd&c5;C^<^}mY
zAP^>g+>_gm^u6@&wE2e9ERAq4SR9fVP%dY^^AX7bxoh;hD^fqk{Jii&UoiETj%D4k
zY=9@TM@kIL%Bu4icEvz!BbZ3>kOe_0ws^#%7<nwn$GIi1SqkJ}`CqtjZ)_bhS$~8X
apc5ZSxL--!Pa1#Y;n+9vK2`)cJoy7bc1(2u

delta 433
zcmZXPy-osA5QV?He|L9Taaj>jLHrkxA2mc`XRS}5mGKp9EKGO?vNqCMSXikE7)`YI
zDQtWTHO^v$!s5=HnR{l=nQMLPwBEj-UVs+cK0XDXA`2caC6`5?C6+ZSJ`M%Vs?Qqh
znvL$>xvkC=QT(p5-LFuU<FsllOpw-80;+5VqzDvdeW$G{2h^y?r>f>O0-9{am+B-g
z8V4O=lq<)g;)*t?FrUl`GEvAniIY+_B`e8xb%44PU=T`lhD}9AaPUhYVoEBH>}dEx
z*vW7^{0RL=jKh1(9@%PS^*h)-QqMR?1N7^-k9{?6Cwk^kFTxURi&=*fnq5JE+OC+K
yCMW+h@;r=BN}7C5D6=Cgt)UUfL~b9iM^jrjSmp!f|D%#MHb$_YoIWRo!Tb-84KA4g

diff --git a/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_decimal.java b/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_decimal.java
index afe64844abf..36c973cecea 100644
--- a/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_decimal.java
+++ b/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_decimal.java
@@ -1,9 +1,13 @@
 public class Test_decimal
 {
-    public static void main()
+    public static void main(Boolean b)
     {
         String s = Integer.toString(-27, 10);
-        assert(s.equals("-27"));
-        assert(!s.equals("-27"));
+        if (b) {
+            assert(s.equals("-27"));
+        }
+        else {
+            assert(!s.equals("-27"));
+        }
     }
 }
diff --git a/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_hex1.class b/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_hex1.class
index b76f8b5081746ec44b5a79620492736bdec040f2..f4cb44e63600a5ac2b96e23fa9498584d9d0678f 100644
GIT binary patch
delta 540
zcmZvYPfrt36vcmUrqkD%KJB!Hu_9_kC~XI*)e$8|V%*v_39OtZ#Dp~M3buTPrYpK+
z)35}RLLh;?TR#Kef*9|#(G70yz303?=bU?-9_o#szprk9hz*Y{Wsg@Zc)VuO#bqf&
z#bcSOrskn3Yw8{$E1K1QwBHP>t-bglZgk@AkH*(tud^F>Kh?Grs;wyg=d3>p)mr~o
zSb0oN(=fcDsd;O7M`SQOQrN4_wr0)np7p`Js--^|J`xSSsqf4A2Wkq_p6YJJo&8;T
zUajp6PE_kqg1C|hlwV4ImdQpT!cu)f4e3g{Q@=o+%3zU~nx2q~g3M-mfg&@4TxJP`
zNgns*wk3Vjzw`Y|tX6%DeZ<@usUcxla1O_$hb&y9w=c-tPWTz&g+3ztmri8uiEMx)
zvqMG<<Yd(qJU)wo#6~cc;t3@|8P<8qoEUi~$i=#+qL~lm;Q7CB(dNWD<O}W?Z-`Ef
XNZIG49wtq`aj?vnWFIdCSiJlLCO=GU

delta 423
zcmZXPy-osA5QV?He|L9Tby*Qn5&V}05lM)~&RU;9V_|#;I}#qiifrYUHr8qaMicFQ
z3k%=E7-um;VR2{9%sn&bOsa34&inWCE6}0s<5TuorsCmJby@LQWlgj0<51RY_-wMJ
z+3p`+^*>@&OLD4FnPOTK2h?c<<OmdIvwf+l1?<pF&Q<K}2DI2quGK|SFphh|sKsZp
z+Z9DnVJVvvWTKFD5@)1pNmi2W`Ve(5z#x?9jGBtP;NX`)#H>^vh4FA#*xB$w_!)*z
z7$*;yDTR7u4SLuqxfh(%A^L67$G(}gGd**p7hwsu#jHaW&Ay;NZC6arQI!9Ac^<|W
qRZXcVl!dXC&d3PlBX@w8($dx)midVJ|EO$@jS(DWr!Puju=E2c$SiyS

diff --git a/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_hex1.java b/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_hex1.java
index 874ba5fe5ad..1fbc7f9974e 100644
--- a/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_hex1.java
+++ b/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_hex1.java
@@ -1,9 +1,13 @@
 public class Test_hex1
 {
-    public static void main()
+    public static void main(Boolean b)
     {
         String s = Integer.toString(-27, 16);
-        assert(s.equals("-1b"));
-        assert(!s.equals("-1b"));
+        if (b) {
+            assert(s.equals("-1b"));
+        }
+        else {
+            assert(!s.equals("-1b"));
+        }
     }
 }
diff --git a/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_hex2.class b/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_hex2.class
index dc8a7cbbfed687a6bd920fbcee1f530a6c27d635..34e32836b04bb29a271c531b0b2531f23bb0412e 100644
GIT binary patch
delta 570
zcmZvYO-~b16o#KW)0sOny+~VNL_`tP(ssatg2;yi*qL-qqProfMAMXnfZP6trYpKO
zabrT1q!3JW?_c1r5bK#%(FE?|ob$f-e7xs;c0cOPpTEw(0}HGK3^1j6Xg9juZh*z3
zfXC#0(oB040*aJ0QGlPM%>>NyL{o0A9nOb^%KP|3T&~6S-SXDnUacC}SBu*UwWAoi
z;jeidsk!Dww3Z>O$o?ySRX?ciR`(6_Jk>liB5cuci$R6A^tS&rbB5<EwN_NoePLK;
zvGq<>rvGd6M}xxb^wn&~wZp2yE)?IiPE@7Aq^va{i>u6N(q1APg~$<`6I2$j#5<)^
z)E5aXhQzu(QZX#C=_fEkD9GnFqrxP`P06;zujlMc=8ROO)WJDo>?>}YD9Y(Z2d~Z4
zH~iP91V4KGu<$}3k^W03W9{D95JzGMPXr92$rJEW1SB%T{wVG+CdiY^++|#Z+!N$u
tU6R+_59MRxYPp5=o^;6O(j812o%%$|KEb`dY0}2QG8@S~9tg0Q{0-{VShWBE

delta 459
zcmZXQO)mpc6o#KW)0sORgLYc=t?IKMDAMT0f~}7g8+IjZSV*uDNq>XPO4kyR*dRej
z*!vg$hp01c)WS{fIqy05J?FgVUg=wV@#FjD4Ja}1;xVL2o7H-~?qV<;#U<k~;xfvZ
zX57UI851s(WHq^q<x@)?EBxS7CFAWICzaiU^~%v^W#@2DlMfQAV0ID<mQ||1z?4Tj
z9SWzs-#kL`m}Vw8Q#rfnG0R+Vqt=2UW2LGvv$<_DqQDb*D%KMg3o=niPqA@{isF@c
zEB}PL6JX$rwHrxALa^5)kfckZD5+NQxv<0HvTw#>&qP-5v1%mqzWrE5*Jyji*?J=S
z{+CBz{-witW@DaDM6e~_W0OX+An13tBO<%$k@sG?QH(Frn!c1!`dd;;4IvQs-ACGL
a6m{g9i1~o^f2pvIh2brQs}D$EF!%%Mia3`5

diff --git a/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_hex2.java b/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_hex2.java
index 9a46dba5b7a..169186c259a 100644
--- a/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_hex2.java
+++ b/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_hex2.java
@@ -1,9 +1,13 @@
 public class Test_hex2
 {
-    public static void main()
+    public static void main(Boolean b)
     {
         String s = Integer.toString(Integer.MAX_VALUE, 16);
-        assert(s.equals("7fffffff"));
-        assert(!s.equals("7fffffff"));
+        if (b) {
+            assert(s.equals("7fffffff"));
+        }
+        else {
+            assert(!s.equals("7fffffff"));
+        }
     }
 }
diff --git a/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_hex3.class b/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_hex3.class
index 933866a06d836324f1a57a549b2d73884e96780d..f631570c22c2d89502f65eeea762d43edddfba93 100644
GIT binary patch
delta 571
zcmZvYOHUJF6o#KO)0wX`{gAfch<M>%+74Jy5EUWHj-+c6-3>`0Ax%jLxW&KFbVc{X
zl`&pYj3&DGFZfrC@l5M2(Qk3idEf6`-g931=jQR3?;kz^D?A7pV%jj{J_iYLm<^eu
z6p&*+OF5)M)ewgSY1%@_BDV~+_QR9qs9Zlto+Y(r(%P?W9Ue9tNo&2bBgn2W@}Ix<
zt5}xWU*nBD1)=b#c)NAn*l!$Jmbq=XV^!Fy<r2d}u(-B2c!nj*UDi75Qt|Iu?z7rC
zkox>zeSV4%?CwC$PSQMS2yVIZwDV5tr%dTyL%O--$I|{9xd^I9ZBbE8y{Px97szW3
z97fdoeNq_J*bWl7Or$8_3S-Ko#cj=Y)NdBueEvO|dbNjl#`qijE^%Bmr#-S=rauxq
zxgh-9=SP)S`i$H!Ivwlw$3}P>dt_C>FoqH#8!8}`5e-Ihm2pK`z05VPtB@Ot0-SG@
r3^ybFnE1Wi%4T0W6pFbXwu{NUAmhHp|98{0jfZ0&rT3Ur;4t+A3k+56

delta 437
zcmZXQ&rZTX5XOJo(k?AkOF=|M5&zOEqK3%DgIv`Y&<F4hJZXZjKzfq9F){I=CSWwt
zyKmw<7~>Qo9Nc7QzM1`IzL~w%5B9<5&+9wTV9&*4QByXrLAe+#Ik;5PEW50*s#$YM
zCyaHM4XT>3)4J$<g(`}3YSWy;k6Wrx+GNXPf=Pu_Yn~5}Ci1AU9bc-@u6yjT8{eyw
zxNID?6=pR&qas?K45IvEQZ2|tAx*_*C8~>8;;pEUdK6#~h_wevMNY6cB#>uXB8S4L
z_)6GGaWgP||Ao}?6IPde6xh8sx=ZGb^l2aGW1L6djMIspInWD83AW@TY|3c%1^sEK
zWyl$d@;)oq!T6@EnJWloel$vBFbHG=w@0Q+U8n9yna^1NmrB}L7~WyBdPxF<g<lzk
BFg^eP

diff --git a/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_hex3.java b/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_hex3.java
index 38e8588eb69..b7fd403dcf9 100644
--- a/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_hex3.java
+++ b/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_hex3.java
@@ -1,9 +1,13 @@
 public class Test_hex3
 {
-    public static void main()
+    public static void main(Boolean b)
     {
         String s = Integer.toString(Integer.MIN_VALUE + 1, 16);
-        assert(s.equals("-7fffffff"));
-        assert(!s.equals("-7fffffff"));
+        if (b) {
+            assert(s.equals("-7fffffff"));
+        }
+        else {
+            assert(!s.equals("-7fffffff"));
+        }
     }
 }
diff --git a/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_octal1.class b/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_octal1.class
index 70d57fafa12cd4298ef8252a712d6321f65842d0..3a1c6f2c216e79d889022a871e13ad34b0462132 100644
GIT binary patch
delta 523
zcmZvYPfHt76vcmUCdr$5zSbn#@lRWgw#LM1Ox3AYN{e)zjT=E%jv$2+bfqr+3?VDC
za;L6Dg(wPj-+ezsze5r4OmJm+aJlE)Kj++cnmg9ZzaMUY0TIiFK1zlOCJpa+@8dJ&
zQ8r9d(NqnZl4iyb@<CH;MF(?1rSUV~kL%5N=SThf?rw8C-uY5pQ>ZP)z<+A3vrx^p
z{?y7Z>DSaPADPq4TNa2cmKO@QHov5qwR~c+T~c9g$?}<~y{a~+3(wRPcB`km7B}~{
zWxP_|XrHUbm>lBEMWFJ-$!5u16e27!-yU~@!-8-*LDEA}qD}KG0}KlCc}0-)O5Vbe
z2jB94^WF_kW2TFH#ONiN4q;f#cFA>^yhE>F<K3t9V2?hc?}@&U4K9glKo$-qcw(Sm
zezuI^s~AXZ1U)H+7#8HQ$Oxli<h39l=O1Own?MS0d$$N3rOu&H^t+f2I&(tCy&{uH
VI;rH-p~;pkj$KhkhQ`wR_#@6tOHBX(

delta 423
zcmZXPy-osA5QV?He|LAe=&~XrqWCXAB5H`l&RU;9E8fD!gl8aINoA+4nt;(ndtbxK
zcQD3Tj8ItInKN_G%sF$T@4WW=_wy^z<{%`b9J0(xfKSC|HDrx-%|?hvS+g0k#kOXr
ze|*{hsHtj_Rn3(wGn$&APQ#GFDD388M^iQI(oDLl;q4h(>?eKIO-j~jPZ-tOh3xi4
z5mZ!6=LFd(WSzuWsaleiWVb#--3zdYBzohfA}84V5{Q|TDj+`@z7lpi+=)IT{|W2t
z0ee8c9y`Mx?tsh--uVdqHtpkHPur=UJ=TkH1iNC^qk`s0(4V$1Cg&;0|AM>#>x+t}
oSP;tM#7cW?1ah%IBpA@r&Ml7pi2eVlbd8H;PSVp$Qdlhg03>BBbN~PV

diff --git a/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_octal1.java b/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_octal1.java
index d006176e777..337e09c27b4 100644
--- a/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_octal1.java
+++ b/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_octal1.java
@@ -1,9 +1,13 @@
 public class Test_octal1
 {
-    public static void main()
+    public static void main(Boolean b)
     {
         String s = Integer.toString(-23, 8);
-        assert(s.equals("-27"));
-        assert(!s.equals("-27"));
+        if (b) {
+            assert(s.equals("-27"));
+        }
+        else {
+            assert(!s.equals("-27"));
+        }
     }
 }
diff --git a/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_octal2.class b/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_octal2.class
index 3269a829ec45d9375fbce2c776bf78730e405436..470a21e79de6f99db4b3c4f9086c72f34722f82e 100644
GIT binary patch
delta 573
zcmZvY&rTCj6o<b%)0sOny+B)V#HuJLrR|8N+FJhs;?AUN65S0+Lt>he5Y%O#q3Mdg
zfGZbhEJld#eFxvfSkJVICUO_|oZs)Bd(U_7NB5oH`u6kl7of(&fGL(VH|*|cGzze|
z8L&*jC(VjSF`z_Q69xE5*{y(8Zfh#N$8V}(vH3E79aq|MXSecnZ?D~oJC91+3bmt{
zJ?E@<6sfh|_tnh|Sw;5m<!7CP)^2OxQ00#1t`V@hVVW65y4pBfnl-~c8vQL5x%UkZ
zsQ33(bLF3xeq$)i&ID*XZog_N>|*If|5P=*EXrh4GP}ymCmkfSQ3#RjIZ+jfN}^Lf
zMjc6FF)O<}HWhP{n@Ir|2u1l^WL}))a!;x)i5odP<9#C4EDv!G$-l=P5JfrN9pVjG
zI>CQ_Oz?H=&xtSgA?ZJM($*fg4RIuQ@C0B6O@V-Q0Z1^yNh>aq7v;&%T;_^^TovVG
t{h**(2<70~*>JUuF*;;(=^<u-PQ4{%f582J(&QNj%REW`<GKio#b3c{SUvy%

delta 438
zcmYk2$w~u35Qe{=$xP2oMomVIag9qfi%V33xp>f{%M0i&haiY}5YdYed;$q`GB4oC
zgAo@L^zN(p3Sz8@xHNR}SM~qbU)9(8&R%`{e0l-OEPMEjX)<QL-EMmrjJtSDI81s>
zk=0ClI1yvUBS&6SXsn+$-V3T2_N)0y4+%wbzj{(F9aInZN*jmAwY}Pr&n$C3U34qr
zOO@ZFDf-N_5T2`9yX3RTQrJ@4Vb0jhD$IOgmkF`=Wj2*aM|wdf3h|Mc3@?mSJ&>9$
znQ-Wp=y$M1AN`WKq`tX=&t#v7R|(97^GIx~h1I057})pdCh=#Sod?|4|K-cS@{LGM
zBD;W?L`#0c<~W09Mc|LOLx};>LKu|mVtkO%45frJ{5wjyGYBLD@1A%Q9lIiC-eN^2
VM#to5r>KjC;jbytjC7tyzW{A(H=qCj

diff --git a/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_octal2.java b/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_octal2.java
index c04f658e662..0402a5dd182 100644
--- a/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_octal2.java
+++ b/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_octal2.java
@@ -1,9 +1,13 @@
 public class Test_octal2
 {
-    public static void main()
+    public static void main(Boolean b)
     {
         String s = Integer.toString(Integer.MAX_VALUE, 8);
-        assert(s.equals("17777777777"));
-        assert(!s.equals("17777777777"));
+        if (b) {
+            assert(s.equals("17777777777"));
+        }
+        else {
+            assert(!s.equals("17777777777"));
+        }
     }
 }
diff --git a/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_octal3.class b/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_octal3.class
index c482db18c147d41e55805984117dc91a954750e1..f7b84bb2998b66d008b42cebca5ff7887fd5d796 100644
GIT binary patch
delta 574
zcmZvY&u$V?6vlsdhM7AvTw0)YtW|44rND?3ZLR;>P<AG)o7CMjAx#XSiLJV<uRvIp
z7jS1%O{meRd*8t~F~&2XXkzc;ob!G6{Q1rqxo`FMx1S%s0Bbx9$WYW=w_k$_u(%O$
zlaf!G6_0X2g{meB@RPJ#0X1%G>ix&B8ezHpEPff+yK!&7-a0twcH-Wn%8o+qDdx`k
z>z_tywg0`=%#u^&{uV#!9d-6Q&kYUkXzm&jwr-eVR$*$5jp@^@8t$<%XsO7(Z+O7^
z;83+!{%Q4FhZOEj6z#;_7afINt~?!lR_$X7vRX!#SJ{PRghVz9kt8-Rs4iZKcdBQo
zQwc2Q#JXcrF)y*1ByfRHkk3UHgh`6~l5L6K%G+7*1F3d(gmc2;JKP~rl-I{2ydlL;
z_`7EWU&s8s@Is%E{zE5Y?eW+UM`8z01k9o-5wIx&5*guS6qi^O<jG|&b47$)735?6
sprly}<>T6PxwWmabjan?Bg_z;dPB;7kNf|oNgD^tG?RNQ3$Q5s0@+nncK`qY

delta 439
zcmYk2%PvDv6o$WjPS4q=$3}a!bys!mMHLYY3>dn+0J9F7CL#tROeDk;kTcR3Fq6=v
zgoL?Q@d_f=skrQ9ul(!Z|62cA`&PHy)wj>57hsVEAH#?yYoCMiu^5fxlk*t!8D~N>
z>ElI;DW7Tbn!?rk$<=#76~nYDuXK}8B=@Sv)yjVLpkCQHII7iahlUa}hEBQ^raZs=
zdo)Eunc46{mE4M9j`^^uw!^%&Iiaxgg<W#uZ)7-?=!+T%vQdbU#AJABWzGWOT**X3
zk3`eP4k^--#mRhY1)s`7k#0G#6W$}St$UmXsbb)^&<#4C@pc}Fzy7DM|L8j@wTbKk
zViFzs3YViSnk9ih-X0Zt=@UV}+&I<;S<OI3B!j=BEVc)MWZ<{xXrN;^#Ox+cWMZ{V
Ses+qwI9O&)NzG9EdH4(XQZ(8C

diff --git a/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_octal3.java b/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_octal3.java
index 828ffa954f1..b88d62ce67e 100644
--- a/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_octal3.java
+++ b/regression/strings-smoke-tests/java_int_to_string_with_radix/Test_octal3.java
@@ -1,9 +1,13 @@
 public class Test_octal3
 {
-    public static void main()
+    public static void main(Boolean b)
     {
         String s = Integer.toString(Integer.MIN_VALUE + 1, 8);
-        assert(s.equals("-17777777777"));
-        assert(!s.equals("-17777777777"));
+        if (b) {
+            assert(s.equals("-17777777777"));
+        }
+        else {
+            assert(!s.equals("-17777777777"));
+        }
     }
 }
diff --git a/regression/strings-smoke-tests/java_int_to_string_with_radix/test_binary1.desc b/regression/strings-smoke-tests/java_int_to_string_with_radix/test_binary1.desc
index f43c4f2eab0..1f7de38eee8 100644
--- a/regression/strings-smoke-tests/java_int_to_string_with_radix/test_binary1.desc
+++ b/regression/strings-smoke-tests/java_int_to_string_with_radix/test_binary1.desc
@@ -3,6 +3,6 @@ Test_binary1.class
 --refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
-assertion.* line 6 .* SUCCESS$
-assertion.* line 7 .* FAILURE$
+assertion.* line 7 .* SUCCESS$
+assertion.* line 10 .* FAILURE$
 --
diff --git a/regression/strings-smoke-tests/java_int_to_string_with_radix/test_binary2.desc b/regression/strings-smoke-tests/java_int_to_string_with_radix/test_binary2.desc
index 0613a4de16e..cb1dd600e34 100644
--- a/regression/strings-smoke-tests/java_int_to_string_with_radix/test_binary2.desc
+++ b/regression/strings-smoke-tests/java_int_to_string_with_radix/test_binary2.desc
@@ -3,6 +3,6 @@ Test_binary2.class
 --refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
-assertion.* line 6 .* SUCCESS$
-assertion.* line 7 .* FAILURE$
+assertion.* line 7 .* SUCCESS$
+assertion.* line 10 .* FAILURE$
 --
diff --git a/regression/strings-smoke-tests/java_int_to_string_with_radix/test_binary3.desc b/regression/strings-smoke-tests/java_int_to_string_with_radix/test_binary3.desc
index 3473672d547..a4e6438623e 100644
--- a/regression/strings-smoke-tests/java_int_to_string_with_radix/test_binary3.desc
+++ b/regression/strings-smoke-tests/java_int_to_string_with_radix/test_binary3.desc
@@ -3,6 +3,6 @@ Test_binary3.class
 --refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
-assertion.* line 6 .* SUCCESS$
-assertion.* line 7 .* FAILURE$
+assertion.* line 7 .* SUCCESS$
+assertion.* line 10 .* FAILURE$
 --
diff --git a/regression/strings-smoke-tests/java_int_to_string_with_radix/test_decimal.desc b/regression/strings-smoke-tests/java_int_to_string_with_radix/test_decimal.desc
index 9964325e0ea..7226334925f 100644
--- a/regression/strings-smoke-tests/java_int_to_string_with_radix/test_decimal.desc
+++ b/regression/strings-smoke-tests/java_int_to_string_with_radix/test_decimal.desc
@@ -3,6 +3,6 @@ Test_decimal.class
 --refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
-assertion.* line 6 .* SUCCESS$
-assertion.* line 7 .* FAILURE$
+assertion.* line 7 .* SUCCESS$
+assertion.* line 10 .* FAILURE$
 --
diff --git a/regression/strings-smoke-tests/java_int_to_string_with_radix/test_hex1.desc b/regression/strings-smoke-tests/java_int_to_string_with_radix/test_hex1.desc
index bc2e3da1f9c..4b691b9c528 100644
--- a/regression/strings-smoke-tests/java_int_to_string_with_radix/test_hex1.desc
+++ b/regression/strings-smoke-tests/java_int_to_string_with_radix/test_hex1.desc
@@ -3,6 +3,6 @@ Test_hex1.class
 --refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
-assertion.* line 6 .* SUCCESS$
-assertion.* line 7 .* FAILURE$
+assertion.* line 7 .* SUCCESS$
+assertion.* line 10 .* FAILURE$
 --
diff --git a/regression/strings-smoke-tests/java_int_to_string_with_radix/test_hex2.desc b/regression/strings-smoke-tests/java_int_to_string_with_radix/test_hex2.desc
index 3d154f9a349..d21d067e620 100644
--- a/regression/strings-smoke-tests/java_int_to_string_with_radix/test_hex2.desc
+++ b/regression/strings-smoke-tests/java_int_to_string_with_radix/test_hex2.desc
@@ -3,6 +3,6 @@ Test_hex2.class
 --refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
-assertion.* line 6 .* SUCCESS$
-assertion.* line 7 .* FAILURE$
+assertion.* line 7 .* SUCCESS$
+assertion.* line 10 .* FAILURE$
 --
diff --git a/regression/strings-smoke-tests/java_int_to_string_with_radix/test_hex3.desc b/regression/strings-smoke-tests/java_int_to_string_with_radix/test_hex3.desc
index 8ae7e9ef1d1..c9fbfae377e 100644
--- a/regression/strings-smoke-tests/java_int_to_string_with_radix/test_hex3.desc
+++ b/regression/strings-smoke-tests/java_int_to_string_with_radix/test_hex3.desc
@@ -3,6 +3,6 @@ Test_hex3.class
 --refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
-assertion.* line 6 .* SUCCESS$
-assertion.* line 7 .* FAILURE$
+assertion.* line 7 .* SUCCESS$
+assertion.* line 10 .* FAILURE$
 --
diff --git a/regression/strings-smoke-tests/java_int_to_string_with_radix/test_octal1.desc b/regression/strings-smoke-tests/java_int_to_string_with_radix/test_octal1.desc
index 24d6a80006e..9afe7b06279 100644
--- a/regression/strings-smoke-tests/java_int_to_string_with_radix/test_octal1.desc
+++ b/regression/strings-smoke-tests/java_int_to_string_with_radix/test_octal1.desc
@@ -3,6 +3,6 @@ Test_octal1.class
 --refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
-assertion.* line 6 .* SUCCESS$
-assertion.* line 7 .* FAILURE$
+assertion.* line 7 .* SUCCESS$
+assertion.* line 10 .* FAILURE$
 --
diff --git a/regression/strings-smoke-tests/java_int_to_string_with_radix/test_octal2.desc b/regression/strings-smoke-tests/java_int_to_string_with_radix/test_octal2.desc
index c7ed4a1c466..06520bcde35 100644
--- a/regression/strings-smoke-tests/java_int_to_string_with_radix/test_octal2.desc
+++ b/regression/strings-smoke-tests/java_int_to_string_with_radix/test_octal2.desc
@@ -3,6 +3,6 @@ Test_octal2.class
 --refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
-assertion.* line 6 .* SUCCESS$
-assertion.* line 7 .* FAILURE$
+assertion.* line 7 .* SUCCESS$
+assertion.* line 10 .* FAILURE$
 --
diff --git a/regression/strings-smoke-tests/java_int_to_string_with_radix/test_octal3.desc b/regression/strings-smoke-tests/java_int_to_string_with_radix/test_octal3.desc
index 6b201a5414c..32f319a9876 100644
--- a/regression/strings-smoke-tests/java_int_to_string_with_radix/test_octal3.desc
+++ b/regression/strings-smoke-tests/java_int_to_string_with_radix/test_octal3.desc
@@ -3,6 +3,6 @@ Test_octal3.class
 --refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
-assertion.* line 6 .* SUCCESS$
-assertion.* line 7 .* FAILURE$
+assertion.* line 7 .* SUCCESS$
+assertion.* line 10 .* FAILURE$
 --
diff --git a/regression/strings-smoke-tests/java_int_to_string_with_radix_knownbug/Test_binary.java b/regression/strings-smoke-tests/java_int_to_string_with_radix_knownbug/Test_binary.java
index 15c689f1fab..727d93c7054 100644
--- a/regression/strings-smoke-tests/java_int_to_string_with_radix_knownbug/Test_binary.java
+++ b/regression/strings-smoke-tests/java_int_to_string_with_radix_knownbug/Test_binary.java
@@ -1,9 +1,13 @@
 public class Test_binary
 {
-    public static void main()
+    public static void main(Boolean b)
     {
         String s = Integer.toString(Integer.MIN_VALUE, 2);
-        assert(s.equals("-10000000000000000000000000000000"));
-        assert(!s.equals("-10000000000000000000000000000000"));
+        if (b) {
+            assert(s.equals("-10000000000000000000000000000000"));
+        }
+        else {
+            assert(!s.equals("-10000000000000000000000000000000"));
+        }
     }
 }
diff --git a/regression/strings-smoke-tests/java_int_to_string_with_radix_knownbug/Test_hex.java b/regression/strings-smoke-tests/java_int_to_string_with_radix_knownbug/Test_hex.java
index d504137254f..e15bcc1d9e2 100644
--- a/regression/strings-smoke-tests/java_int_to_string_with_radix_knownbug/Test_hex.java
+++ b/regression/strings-smoke-tests/java_int_to_string_with_radix_knownbug/Test_hex.java
@@ -1,9 +1,13 @@
 public class Test_hex
 {
-    public static void main()
+    public static void main(Boolean b)
     {
         String s = Integer.toString(Integer.MIN_VALUE, 16);
-        assert(s.equals("-80000000"));
-        assert(!s.equals("-80000000"));
+        if (b) {
+            assert(s.equals("-80000000"));
+        }
+        else {
+            assert(!s.equals("-80000000"));
+        }
     }
 }
diff --git a/regression/strings-smoke-tests/java_int_to_string_with_radix_knownbug/Test_octal.java b/regression/strings-smoke-tests/java_int_to_string_with_radix_knownbug/Test_octal.java
index 2808cd29c76..a6b3f53227b 100644
--- a/regression/strings-smoke-tests/java_int_to_string_with_radix_knownbug/Test_octal.java
+++ b/regression/strings-smoke-tests/java_int_to_string_with_radix_knownbug/Test_octal.java
@@ -1,9 +1,13 @@
 public class Test_octal
 {
-    public static void main()
+    public static void main(Boolean b)
     {
         String s = Integer.toString(Integer.MIN_VALUE, 8);
-        assert(s.equals("-20000000000"));
-        assert(!s.equals("-20000000000"));
+        if (b) {
+            assert(s.equals("-20000000000"));
+        }
+        else {
+            assert(!s.equals("-20000000000"));
+        }
     }
 }
diff --git a/regression/strings-smoke-tests/java_int_to_string_with_radix_knownbug/test_binary.desc b/regression/strings-smoke-tests/java_int_to_string_with_radix_knownbug/test_binary.desc
index 8c90293465b..d8959c329a7 100644
--- a/regression/strings-smoke-tests/java_int_to_string_with_radix_knownbug/test_binary.desc
+++ b/regression/strings-smoke-tests/java_int_to_string_with_radix_knownbug/test_binary.desc
@@ -3,6 +3,6 @@ Test_binary.class
 --refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
-assertion.* line 6 .* SUCCESS$
-assertion.* line 7 .* FAILURE$
+assertion.* line 7 .* SUCCESS$
+assertion.* line 10 .* FAILURE$
 --
diff --git a/regression/strings-smoke-tests/java_int_to_string_with_radix_knownbug/test_hex.desc b/regression/strings-smoke-tests/java_int_to_string_with_radix_knownbug/test_hex.desc
index 5012b9dc642..324cd50051e 100644
--- a/regression/strings-smoke-tests/java_int_to_string_with_radix_knownbug/test_hex.desc
+++ b/regression/strings-smoke-tests/java_int_to_string_with_radix_knownbug/test_hex.desc
@@ -3,6 +3,6 @@ Test_hex.class
 --refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
-assertion.* line 6 .* SUCCESS$
-assertion.* line 7 .* FAILURE$
+assertion.* line 7 .* SUCCESS$
+assertion.* line 10 .* FAILURE$
 --
diff --git a/regression/strings-smoke-tests/java_int_to_string_with_radix_knownbug/test_octal.desc b/regression/strings-smoke-tests/java_int_to_string_with_radix_knownbug/test_octal.desc
index 3418b92e060..ce0a5607186 100644
--- a/regression/strings-smoke-tests/java_int_to_string_with_radix_knownbug/test_octal.desc
+++ b/regression/strings-smoke-tests/java_int_to_string_with_radix_knownbug/test_octal.desc
@@ -3,6 +3,6 @@ Test_octal.class
 --refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
-assertion.* line 6 .* SUCCESS$
-assertion.* line 7 .* FAILURE$
+assertion.* line 7 .* SUCCESS$
+assertion.* line 10 .* FAILURE$
 --
diff --git a/regression/strings-smoke-tests/java_long_to_string/Test1.class b/regression/strings-smoke-tests/java_long_to_string/Test1.class
new file mode 100644
index 0000000000000000000000000000000000000000..5da6b2c60d98aa5ce9232f05f1e031190e2e42a3
GIT binary patch
literal 913
zcmZuvOLG!I5dLO)3@pntfEb^_pgc5~i1+}lXw-v+dLTuW-UishjhkKFUHlzh!yoXh
zRuN09^zLu6EPECRvCJH1`Ze8Of8D?SeER{QftHFmiXoEa(NtW*x{4AmM-ju72+Ard
zsB+X)L{a3ps^S_pIO+^5>%w()$1`lpePp<zZ|Xw^_KG3gHY~%t&k!hAdJMrGd#E!c
zJBFn{AMf{dXIBO@WIFahm_6YbQlA@x-fP2U;GJFF^)_4deP0+BL%!VE6YoXc6xOKz
z(6&uoSS^{J^$E)fKJrkW%rQ^ba|~-lDdSyF4Bk8wZ~dAa*BK)1fjLL5cI~k<(4QC*
zqw2%hkfk-GkmlIbu!S2O4GlNZ)Q~`uLD}4*G#YN<HbY?v^udCn$Btt=3?V-q#~lrK
z(PT(1Ltpgw^nv$}X$F`fv5e~2)`-x0_QIDdKdqe9V|w{#&K85#pYhfc=9qe;@yKcE
z@5aI;s&dB}o}p>UfaEgMj!848Sqyd8aP;9(cf_YRcCkiF6Q@05se+`1qyVTPr0LF(
zR;QQI8>$|HeIh}@3f*Df$dDyjn*|_;JZVv!LV+yu^9PDn=)ISP@)f~Ob&AjdRzD*=
zL9LeIQ$!{xen<4>A=IC~IXg2SAhs~eq5;2X9&+nL;8Z?AcL^%mR9=F}&kEr*R!QS%
z;tb9bjB}(#q5MXP<9r?wTsUg2;o}C<nb;KC1U&c=!N3=U|8G-f2|>}eB^eh<QLy$G
DJutT6

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_long_to_string/Test1.java b/regression/strings-smoke-tests/java_long_to_string/Test1.java
new file mode 100644
index 00000000000..87d68654663
--- /dev/null
+++ b/regression/strings-smoke-tests/java_long_to_string/Test1.java
@@ -0,0 +1,13 @@
+public class Test1
+{
+    public static void main(Boolean b)
+    {
+        String s = Long.toString(12);
+        if (b) {
+            assert(s.equals("12"));
+        }
+        else {
+            assert(!s.equals("12"));
+        }
+    }
+}
diff --git a/regression/strings-smoke-tests/java_long_to_string/Test2.class b/regression/strings-smoke-tests/java_long_to_string/Test2.class
new file mode 100644
index 0000000000000000000000000000000000000000..64f5f9c1d9b161385f1c9b9efcc61d2a470fe18e
GIT binary patch
literal 914
zcmZuvU31b<5Iq+N7t%n10@nIjEXs#16%jwEj#~A>L4BaZjJ{nUgQ;nvN$_|0TK<5~
z>I`*sM&JD>{s%|hn?R{!^KkF(*}c1G&*sPPFW&$(&{B~=LHQGWKUG}7nu;PW#<74)
zF_cu4QQ@enh@-%9S;aawIBE<_Yr=JP$1`lpePFnvXX*n6_JSe0WmtxHhap@lcNrqv
z_CRM?Y#WyTbhOvgogJCXkZId}VRnUMNPh}OyqAW{z}q{z>(yKId`}n_L%!7B6>mk&
z6xOhI-?mL%SS?we^@z(cF^W)~%#ldPa|~-pB@-P_^j|#@ul=4Jn+&n7zBy&BcI=VU
z*B=>@qw3SxkgYYOkmk6ep^mE@4Gq`O)R4p?O}btuXj8*=++bLqGrc#{=%M4-4uj&?
z<G88e7McvHdFr#?uHN_lfda-1$$3`WwuVI4vuCkf>2dkEA=C3WQ@I$lULagom?IjF
z_9NG&zZnUWw8|ZoIAGI~35)Ye+a@iYmNC#>!_fza(~+Rw$i*uCH3|B$SZZ17LRJ_w
z5YlvJ$g9!K=vFERU?0c`VTsPD4>DxQ)`A4&kS8yW6IdohK7L2pA-Zp85&DcsyE1{Y
zkCl&zj!~^<_yn;r3SSX_egO5m4`%~-9}6>BHVykt^H9iEz^Q$b&LUK7QF}=uA2h;A
ztdPgi#3`I68fVChBlHVJj<b2haPDxlhR+*FXBH;V#^90nh=e~O`u~`+ih_`KSBi0-
IoDf$30%2>u>Hq)$

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_long_to_string/Test2.java b/regression/strings-smoke-tests/java_long_to_string/Test2.java
new file mode 100644
index 00000000000..501197a16cb
--- /dev/null
+++ b/regression/strings-smoke-tests/java_long_to_string/Test2.java
@@ -0,0 +1,13 @@
+public class Test2
+{
+    public static void main(Boolean b)
+    {
+        String s = Long.toString(-23);
+        if (b) {
+            assert(s.equals("-23"));
+        }
+        else {
+            assert(!s.equals("-23"));
+        }
+    }
+}
diff --git a/regression/strings-smoke-tests/java_long_to_string/Test3.class b/regression/strings-smoke-tests/java_long_to_string/Test3.class
new file mode 100644
index 0000000000000000000000000000000000000000..b191c01a7e28cda8900a5aeb177c5ad2fc8194a2
GIT binary patch
literal 930
zcmZuvO>+`K5PbtI1Dg#2k|4&<#GoW-Kp;RQT58mTwd#QsReBp>D{kEE>h9vzzu-0e
z0nchxVriA${Y{qIvr9rOGl!Y(o}PZM-}KMlU%vyWqpc!^D;&$pyFcMl5kW!4Ra{F#
zLotCB6{{$5TvwsW)Eg?+Q0AyG%q|PhGhE+vZ0~{TiJoN)7}yJj_@-%_{vC#Baiz-;
z+j0g5!;Eg)#?#?m&v3V8GDB8(`oii8*OdM^81rA69s}364bQK&>G_^8ZH8P?-xY5~
z*%J0n`M%>=hOpbRJnIpcQ|{=7>SRycbbQyecc|oa#~1xqPsHm0lj9~sVzY0JS*smq
z==P0ArsSvwG}a`vh77U{sR<3;v3E37QRAp<SVu#{4AMkrqgt)in$=3J(OR!Jo9nGg
zlTb7?(PGF?3fwzV@S*EEE`t)FacpR~g$6@<lKQN-YxMnpLSa9|-FJ@6`Qqc1(>l&f
z3XQd6(0ZYYU11HWQ~E6VcgCBcut>Q1lX{2XZJ97LskCL$1kle649|3p!ErOBu0Qm!
zNF$V@L1XE>l!dG)nADK=S@OzsGCGyjL$HrzL@-BtJO~m2vb8V)Ih-Lci9F6yL_U5`
z*%3N#&msB+ioSY)_&ydsfsarsWfKQTj<EC%>hnWP{RqNyVR#=?M_~yX4M1~H$X37!
zK1F+h#(k6EC5c=Jgaw=<kE4O}xIi>6l9xo}7YZDga!BCvaclK}H;~C{2bdm#$37qy
W{S5wpo3e_6h;~<su}Dq?OMd~t2*LjV

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_long_to_string/Test3.java b/regression/strings-smoke-tests/java_long_to_string/Test3.java
new file mode 100644
index 00000000000..9e99a48986f
--- /dev/null
+++ b/regression/strings-smoke-tests/java_long_to_string/Test3.java
@@ -0,0 +1,13 @@
+public class Test3
+{
+    public static void main(Boolean b)
+    {
+        String s = Long.toString(Long.MAX_VALUE);
+        if (b) {
+            assert(s.equals("9223372036854775807"));
+        }
+        else {
+            assert(!s.equals("9223372036854775807"));
+        }
+    }
+}
diff --git a/regression/strings-smoke-tests/java_long_to_string/Test4.class b/regression/strings-smoke-tests/java_long_to_string/Test4.class
new file mode 100644
index 0000000000000000000000000000000000000000..53b23e0aaacacfdf488593423304d41b8733f687
GIT binary patch
literal 931
zcmZuvO;Zy=5Ph@BW|Cz|LI@G@6C|2|5X>i-XsM_NYt=)jROxM!Y~kXvtGgS|{sgb&
z4|rCqf~8e@_cvLVJsTicGKZP&o}PZM-}J9P-+ln7qNyQ?YaGk!d-7>94GQuauH!}m
zItp<VHLPHj<E92prmksNM~P#DVRl*gzUc*)>-Y~XUvzD=&%j<X#9EeP1$P-Dg<^*x
zy6yH&hLmAB=Ci?m*YtK|GDF62d&2Gr&yxO8FdDqFd<Jgpn0`=g((`>`ISjdiu_xY%
zk}aIw(gWAEP2n_UdDbN^XWY>Z)ybT?X$PL=>{7|;b|8AMpNcmjCdVy?c&le0vDVt|
z!0VZhEy+;}X{<|V9W%%<BquZs*V)xkMunrQqlUVU6w(aYwXJfwQfZVoD)r4;wb7_;
zZZrr+M+2J-^OFkqk0pHMd9KHxhHxBPI&P!Rke;MI@9vqs;GfXAAtE2R$L3t&N%5?f
zXC{S?#ADFAV;MWb9#E_FTk`YFw*z65a&xBzAA>h#LTXZJ+olnquj!k<<(d7HW=P&(
z;A4?yC@IG(Juh`3D*`4(q<xmW5}k}rb>$H36B!D!w8z3A5g=P1Cm@G&<RvhV^AwSf
zKTx(p=bbDfU!fW+Bg77{@ELrF)zwUVgv1a_-=V!Y#MI9)oE?V`Fm)W3ppg(X2bF9U
zoZyqR=V{(s1TRVC#z0uW1@buRxQI(c<1%>(D8G^CxROI0S5I22hP;89j6TBj5Ip)3
X(a0C@|J#&RR4DpADaIl>3YPu?)26#Q

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_long_to_string/Test4.java b/regression/strings-smoke-tests/java_long_to_string/Test4.java
new file mode 100644
index 00000000000..0436b667c4e
--- /dev/null
+++ b/regression/strings-smoke-tests/java_long_to_string/Test4.java
@@ -0,0 +1,13 @@
+public class Test4
+{
+    public static void main(Boolean b)
+    {
+        String s = Long.toString(Long.MIN_VALUE + 1);
+        if (b) {
+            assert(s.equals("-9223372036854775807"));
+        }
+        else {
+            assert(!s.equals("-9223372036854775807"));
+        }
+    }
+}
diff --git a/regression/strings-smoke-tests/java_long_to_string/Test5.class b/regression/strings-smoke-tests/java_long_to_string/Test5.class
new file mode 100644
index 0000000000000000000000000000000000000000..68231cf010dc18e16e01ed94f4485e680246a1a5
GIT binary patch
literal 901
zcmZuv%Wl&^6g}hEnb>ukN1G7JtF#63fTloN9;pyeV1W!QQbmH@B(Z{vYlH3Z8SI-M
zU=2tq0txnf6GGgvo2H1$lIK3o+<Wf1^Xt#I9{`%TV_*hL1}<XRzzSA%=(v=@Wdm1G
z;iwwmSmLM|sN*WfHHP_B5r%dUIldP@azfE{?LGs0#gN`|JSV!xkg8NW4C=Puw;8gQ
z<Jr%LdtE!&kzj^`<@bc!5rHH9!=M_yc0vYj?bu<o(W2{n!toeN6>C?#7Y$c<gT_PO
zcWvRdWO>#lE+^zDLv;$rGVLgEyaAP*ZAYT_=9zdK_vBb($ZYl8L)J#y9|k@9i6c20
zF^x6Z+Qb~P91RoexXy9I#7#6!n3$zj>r}<W1~wVWQ=Shd3Ox=2KVZ<}Y8<yr+(wfj
zH-*0F?%KWRpHRY=VQz}Dd~ZNxBY%=BR-RT*8Zke;b0`*r*-d2Y2zN-M(RSpr>~}-q
zl2XOv0w-)*5|Eu%+IDH>w2HnRI)U9knvUd*h9SKjogNXua%HIsSt$^EWa*zHuR$lH
zQ>z_-eIi3ap8n}LNUI{-OaPe20(m-$C{aXS{y=Dj&X)caid7pUwU5QmP)DfO3)&dz
z5thG$zdS(ZXB=Kg!uyz+gk{TA+_D6XY>mD&wdC~R4csM5QYa;Da0=xZvx(DKBob%H
w)1myv3dh+JGB|fMSTkk~<O}*3#t2;f2sQNu>i<K^DjF2?zLerTISMZP1>s}0=>Px#

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_long_to_string/Test5.java b/regression/strings-smoke-tests/java_long_to_string/Test5.java
new file mode 100644
index 00000000000..ca50cb68168
--- /dev/null
+++ b/regression/strings-smoke-tests/java_long_to_string/Test5.java
@@ -0,0 +1,13 @@
+public class Test5
+{
+    public static void main(Boolean b)
+    {
+        String s = Long.toString(0);
+        if (b) {
+            assert(s.equals("0"));
+        }
+        else {
+            assert(!s.equals("0"));
+        }
+    }
+}
diff --git a/regression/strings-smoke-tests/java_long_to_string/test1.desc b/regression/strings-smoke-tests/java_long_to_string/test1.desc
new file mode 100644
index 00000000000..88f39d5eb12
--- /dev/null
+++ b/regression/strings-smoke-tests/java_long_to_string/test1.desc
@@ -0,0 +1,8 @@
+CORE
+Test1.class
+--refine-strings
+^EXIT=10$
+^SIGNAL=0$
+assertion.* line 7 .* SUCCESS$
+assertion.* line 10 .* FAILURE$
+--
diff --git a/regression/strings-smoke-tests/java_long_to_string/test2.desc b/regression/strings-smoke-tests/java_long_to_string/test2.desc
new file mode 100644
index 00000000000..a4f7d628251
--- /dev/null
+++ b/regression/strings-smoke-tests/java_long_to_string/test2.desc
@@ -0,0 +1,8 @@
+THOROUGH
+Test2.class
+--refine-strings
+^EXIT=10$
+^SIGNAL=0$
+assertion.* line 7 .* SUCCESS$
+assertion.* line 10 .* FAILURE$
+--
diff --git a/regression/strings-smoke-tests/java_long_to_string/test3.desc b/regression/strings-smoke-tests/java_long_to_string/test3.desc
new file mode 100644
index 00000000000..5e96ef2ae6d
--- /dev/null
+++ b/regression/strings-smoke-tests/java_long_to_string/test3.desc
@@ -0,0 +1,8 @@
+THOROUGH
+Test3.class
+--refine-strings
+^EXIT=10$
+^SIGNAL=0$
+assertion.* line 7 .* SUCCESS$
+assertion.* line 10 .* FAILURE$
+--
diff --git a/regression/strings-smoke-tests/java_long_to_string/test4.desc b/regression/strings-smoke-tests/java_long_to_string/test4.desc
new file mode 100644
index 00000000000..aa12d7732f1
--- /dev/null
+++ b/regression/strings-smoke-tests/java_long_to_string/test4.desc
@@ -0,0 +1,8 @@
+THOROUGH
+Test4.class
+--refine-strings
+^EXIT=10$
+^SIGNAL=0$
+assertion.* line 7 .* SUCCESS$
+assertion.* line 10 .* FAILURE$
+--
diff --git a/regression/strings-smoke-tests/java_long_to_string/test5.desc b/regression/strings-smoke-tests/java_long_to_string/test5.desc
new file mode 100644
index 00000000000..08531bc36e0
--- /dev/null
+++ b/regression/strings-smoke-tests/java_long_to_string/test5.desc
@@ -0,0 +1,8 @@
+CORE
+Test5.class
+--refine-strings
+^EXIT=10$
+^SIGNAL=0$
+assertion.* line 7 .* SUCCESS$
+assertion.* line 10 .* FAILURE$
+--
diff --git a/regression/strings-smoke-tests/java_long_to_string_with_radix/Test_binary1.class b/regression/strings-smoke-tests/java_long_to_string_with_radix/Test_binary1.class
new file mode 100644
index 0000000000000000000000000000000000000000..1e4aab76f11943fba9f33250cc8b1f6bde4f7d2a
GIT binary patch
literal 940
zcmZuv+ins;82$!W7M7(PN)hX^SdoJ*MG+6wMy;A?P%mgm^v2A>2Dff^b$2oGF}y4<
z;I*1iqlw=8CccAF|6!qE>|D(Jr}_Tx|7L#t{_+h#9Zdys<fT9U`l;X?Ru!B_A&M9-
zL{L;vLRm&dK@@oz7Zt2wT}G8*ah1ES?s$f6xpxhhYo^{~V9yxBn}%h0TMWTsslyQ3
zwtG55qGee6<H4S$J3FG7A>FdO-0X125dI_>@?ID&!$NCEcfIGDVR7eetw|_*+^`t3
z#nvu=!>cB@`qewOZR*@=iY`neN=M`<LvZQ2Oxtq|t51;ew#U0KAMsb?)-pC2BAZ=v
zLSAXx1E;IsHw4wxJezgFKt&QM88sD`a9KuO#T7JEEFeJwtkpJZwHhI+xQc5Gxf$o%
zQ_=1@j_ok0^T;x;tGIy%LvnWGiMFeEy?;Xf2&B@is%2Y!;_unhT(<b|LFuTmQ?pAG
z0f~j?OWEP(fX1bV6Yr?M9&nS?TbdW$r_&S#i5b$iNxy-fr>DDyqxTM{B#FI&ixv7#
zar$vAnG+I`6$DL$6zys9s&q0srSbvT2QmU!q&++iGGxeB{Q@i@OI{SmkfVsW{Eol^
zbZ%u3kUk^SDvu!TWBDV(LsTkhd4$Li`LBpRJ%I9k9M1UReZ;0=(KR^knuSERgb4Ld
zKt=%yZc=~2BI|d;aV(P;K?5gnl6agVFN(k~6l9#vQsT_vZ1pj5AeD}dpbjC2-Xj$J
Vgz*1!3KR(e^_EcMEI9$J`~`Oe$ddp7

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_long_to_string_with_radix/Test_binary1.java b/regression/strings-smoke-tests/java_long_to_string_with_radix/Test_binary1.java
new file mode 100644
index 00000000000..24db3c01147
--- /dev/null
+++ b/regression/strings-smoke-tests/java_long_to_string_with_radix/Test_binary1.java
@@ -0,0 +1,13 @@
+public class Test_binary1
+{
+    public static void main(Boolean b)
+    {
+        String s = Long.toString(-23, 2);
+        if (b) {
+            assert(s.equals("-10111"));
+        }
+        else {
+            assert(!s.equals("-10111"));
+        }
+    }
+}
diff --git a/regression/strings-smoke-tests/java_long_to_string_with_radix/Test_binary2.class b/regression/strings-smoke-tests/java_long_to_string_with_radix/Test_binary2.class
new file mode 100644
index 0000000000000000000000000000000000000000..83a7057d5d8098e3f19344d5fbd3e8b8f8d361fa
GIT binary patch
literal 997
zcmbtTOK;Oa5dPMQ<HU9Ia6<^?*-}a#(9jaXBc(hFNFW1;RFU9<Hi;EnTpMf$i4(tp
zWAg_%15%1Wf;+zn0kd(^1koEl?9R;2&iBnX>mR?qd;?HLT}2Y76)eebe}|t631?I+
z<7@&N3UL%wlu%Z1PK7E`&#PELMZpDzxh3xVrWaVQ<KMA--m=XO1AEF4Telo5*kFhh
zicN;-rrR+YQikQ2k9s>T)7uis47%aAx!vTRCHzq^8a%grhNQ7&`oXi7<#6xKTAixw
zaLZxH6^w2EnpbS@bSt-A*EYFR7bvVnlnywf6Dp@qoiqZ^a=KJ<wh{35i--K>5L&@1
zLwvn$kI1VHx97FZdzPS@nP#&h7-+~qC!P~FhU;`Stl^@9s)kFbX-FZ>aAWoVJ|d>!
zGOjS>Ct$b6+TZm&*JIG82`ad%;TmcT>B)`9t!=X%{1pn7psoXVY~~6N?iUXdD>JDy
zlAS<X;Q*T4?vY3|ZZUoHRgc@G`Jw4ih3IvWkeXE5wCN4eP&=k?d1hz7DH=@B^RYmW
zFiB69rSn2cvLc{aK&N$%ybA4%cDb|%_JIruSz2SmAQ2#23losTVe%5l;|N8><#$v}
zqJ1Nai2NC{Q5qn&i}{aG`Y4z6_yCDM7QaG$vWJ=P!*DhX?_y>g7O0USY7R2lGU9}v
zf<ix$itB_gSmZ(^%;P9|anx`O$BD-Y@)D4KVp+k-937n6@2xr{4rFv~fZ0Bj=zByX
VpP>BPr>G)B(ryYh7RZsX_y-ZE(`f(z

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_long_to_string_with_radix/Test_binary2.java b/regression/strings-smoke-tests/java_long_to_string_with_radix/Test_binary2.java
new file mode 100644
index 00000000000..cb8d22d374d
--- /dev/null
+++ b/regression/strings-smoke-tests/java_long_to_string_with_radix/Test_binary2.java
@@ -0,0 +1,13 @@
+public class Test_binary2
+{
+    public static void main(Boolean b)
+    {
+        String s = Long.toString(Long.MAX_VALUE, 2);
+        if (b) {
+            assert(s.equals("111111111111111111111111111111111111111111111111111111111111111"));
+        }
+        else {
+            assert(!s.equals("111111111111111111111111111111111111111111111111111111111111111"));
+        }
+    }
+}
diff --git a/regression/strings-smoke-tests/java_long_to_string_with_radix/Test_binary3.class b/regression/strings-smoke-tests/java_long_to_string_with_radix/Test_binary3.class
new file mode 100644
index 0000000000000000000000000000000000000000..aa17d8f76b6ba352c5ab0def32611bab36cf60bf
GIT binary patch
literal 998
zcmbtTOK;Oa5dJoa<HU9Ia6<^?*-}a#w4pSFM@m&FAb|oLQbmFbS|?W6;@V(4NZj}f
z9GgGD8IV#065RPs2r-*S6GU(Lusbt5JKs0otbhLg`W-+8H4O=zSFxnLBcDE|A%qJW
zmT@r-9r+jv8j2{XxTHaosVf>*QC4x8VQz{0zU2kNb^N=+=caA78Q3$1=!S4au*ne4
z7n%%_ZMSVPB<sSl9(VUl%iEF33`X5;al6SqA^lM>61)&TL!!Q8`N4BjINW=?UZW~|
zTsREbe0`U{;bogUo$?*mwJq+{BnmT$(h+BLLgkF9lSbePr$Z%Y8v$><e8gW3pjE6f
z#5P*?h`iQtyI#w>FC^9UG@Dh)Kt~z|@tm-!yG}>P6|AeM=(viijwDhHTPth-_YpH4
z*KnO7H$l5S7XO~-xgLW)%}~V+9XC;BNKI}$F?X$2@K<Ok1+^WxV>6q7_@Ho<TIorp
zk?sU)4kys$c9&G5dCT!zue;nP(T`2fYKUHw3CT&NZJQnuO|@<L!n4|kP0?h6u8#$J
zg$emEQ#q+6Sz*vHV9+{8UYT}AyHY#=`$$Fz8Cs)*AQ2#2A0{A+<K)GW!wHJW%kQaJ
zi1y74!pavY^<p2<eawG?+C!;i#QKQ$u=owy(*w->7=$y!@IGe7VTl?Zpk|?vtsqAD
zNvQM}X}CrBl0|lign67KFNP{k;WY6$LtY%AUszUgHcJQR4tuK%hy!Uu?_;(HHSz(G
W@Moz1_9?3<2<cl=jRkT-So{NGd(5K%

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_long_to_string_with_radix/Test_binary3.java b/regression/strings-smoke-tests/java_long_to_string_with_radix/Test_binary3.java
new file mode 100644
index 00000000000..0e4da6d5a32
--- /dev/null
+++ b/regression/strings-smoke-tests/java_long_to_string_with_radix/Test_binary3.java
@@ -0,0 +1,13 @@
+public class Test_binary3
+{
+    public static void main(Boolean b)
+    {
+        String s = Long.toString(Long.MIN_VALUE + 1, 2);
+        if (b) {
+            assert(s.equals("-111111111111111111111111111111111111111111111111111111111111111"));
+        }
+        else {
+            assert(!s.equals("-111111111111111111111111111111111111111111111111111111111111111"));
+        }
+    }
+}
diff --git a/regression/strings-smoke-tests/java_long_to_string_with_radix/Test_decimal.class b/regression/strings-smoke-tests/java_long_to_string_with_radix/Test_decimal.class
new file mode 100644
index 0000000000000000000000000000000000000000..f69a22e0e1c7b2bac8dfa2323f5c0512955a2930
GIT binary patch
literal 938
zcmZuv+ins;82*OS!m^Y@DPlbqtDJ1nid3bk)vAdG^@4^(Z_EG_+`8=Q?&5=ZS6;wt
zHK9fmz4twQ3#0zSLc!R%nE6lh{onu1{P_Ll8-Ob6Dq_e5|9I=CiVIj(aS@jyh$0_G
zK}8WI1!WZx<P=<1v4(X86^6xC?l{7Bb<1?_=?-rjqRYUZGlaHuQ+Kx+{DoqRA+T$8
z1w*`{o8rl!-xl_sEM`bGtPVF?+}5Q(2?pGky2G&0*b|QXqANOjpBr^T>2uv=$P^m;
z{4K8--0W5ET9zTWS(jZ{n<yQVqYS~N<}yv!*3BM4#+okgyn4)Ek6SCa!Vuo-7!&ep
z(;C<v@j#bUlk;rWB?Ao!Bo$oMuz_m|sv54NreOhbntN?yli)OL;s!%@M)=NDvHP}d
z*$mn|tb&^wZlT7InB92V-WMJBpOD9&B$`z<EVD=CU2B@l6dpY+9yfDxc4?v>v1ofb
zwzx5%S?Sf}BZ@ZzZjf|K^NM?P>arj{L)tayE703?g`?Y|do(5K>kb^O&|iwtcVmgH
z)Q2oTXd)zOPmx!llhGM09fExz!-qxML*pPrnrzK0z!Ea#MQ{RHipb0F2+T+4?KFG|
z^)mvE(g?u=EPq63h;lilj1V3o_Z5+6hfu$d!)Y&kfao+V+xo|CGYFC$q$VNas2~p&
z+eARp$at-A63gU8P{S#lCL(9Xp6?g(3eIK_#<`>6s$=FrG8G*`8$t=ZN5KCHq5lV!
QC_(tN9Vy3oa(r0%3zFi<Y5)KL

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_long_to_string_with_radix/Test_decimal.java b/regression/strings-smoke-tests/java_long_to_string_with_radix/Test_decimal.java
new file mode 100644
index 00000000000..1d9c9995d9b
--- /dev/null
+++ b/regression/strings-smoke-tests/java_long_to_string_with_radix/Test_decimal.java
@@ -0,0 +1,13 @@
+public class Test_decimal
+{
+    public static void main(Boolean b)
+    {
+        String s = Long.toString(-27, 10);
+        if (b) {
+            assert(s.equals("-27"));
+        }
+        else {
+            assert(!s.equals("-27"));
+        }
+    }
+}
diff --git a/regression/strings-smoke-tests/java_long_to_string_with_radix/Test_hex1.class b/regression/strings-smoke-tests/java_long_to_string_with_radix/Test_hex1.class
new file mode 100644
index 0000000000000000000000000000000000000000..5b4bdc2e5f398c9df084d3524488b26c465bef40
GIT binary patch
literal 929
zcmZuv+ins;82*OS!m^Y@DPlbqtDI~RMLf{dL)AosdO<^?H)end-MZb?-NpDE-jx^d
zT1}|YMDKkM-@>T>upDaaT+IBZ`Tp<!W`6ws@(n-@4HYruf`7dAQ^h%~syL4e5k!#>
zqoAUQl7g~|2yzN8s#wFif(papDt8=VySimM_jHGM4AEm?&ly4+x~aRH4E{o~%@EkK
zdV(R|)J^eZu-6gxwk&2yHLWf;+T7NqKM4lh9o=DwHn)Z2zSt3Os||wK<GRU^DKvNa
z8(uNE*{|HSEJJX!AzQEx@i`(#8Nx~(%CuZtH~Rz`Yq`Ap@-crk?yKMuLwKWWOqi=J
zYhZW916}f5m{D1m?KLEjR8ZA$8CMk4G+aep!vf+o@mjS*SQ@V3Izx8O_RdtR`?hV_
z43Qb8f*TrcqRx<*mp|?7imv-l$YV}y=2cD0>=SL*n&vWvM-PifO`Duwn&`%$bvy;z
z+!)Z5^jPxk#Onb!NVKKHT6=UFvLHT3+A`<|(5v)>quZi48<CWC2M$)~3&rS{u|!si
zLzW*j5t6j0$g9xF=nR$)z&?=S!y@gWagZTRw&oRJ2^sPtIEE}m<mGn+=A-jg8oos0
zGXl-h2*G_Ue?(}Aayg}p5FR4;6_IBLP`{7EX)nBw=rk<b`p0cE2$CJ7CL!XeAP*Ir
zL_pHWc&%_8%j88+#|fMyBB#cl?-%k4PG=Ctnb~l)F>@f9ijJTSp#<I|;Qxfs|AR`D
PAbi?wDaToId|3Gl24BR6

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_long_to_string_with_radix/Test_hex1.java b/regression/strings-smoke-tests/java_long_to_string_with_radix/Test_hex1.java
new file mode 100644
index 00000000000..87fcd77c908
--- /dev/null
+++ b/regression/strings-smoke-tests/java_long_to_string_with_radix/Test_hex1.java
@@ -0,0 +1,13 @@
+public class Test_hex1
+{
+    public static void main(Boolean b)
+    {
+        String s = Long.toString(-27, 16);
+        if (b) {
+            assert(s.equals("-1b"));
+        }
+        else {
+            assert(!s.equals("-1b"));
+        }
+    }
+}
diff --git a/regression/strings-smoke-tests/java_long_to_string_with_radix/Test_hex2.class b/regression/strings-smoke-tests/java_long_to_string_with_radix/Test_hex2.class
new file mode 100644
index 0000000000000000000000000000000000000000..c67d97d4ae10a88522979f90f2b12547b357ffe8
GIT binary patch
literal 942
zcmZuv$!-%t5Pj`!?C~UCVvGrELcklu5R3yj3V{F;Xn=zwOK?GLyKyE=W?*KFxbY9%
z;ve7)NDcxC?tBvhsy$v3kv?=+Rae)0^}2rj`St@q6?GM}IImzS{Qj@MR0MEA#YN;}
z&`^k?sG@|jf=en?nR;2pGAatLFw8A+*A<Ru*p_?GaCyrV9R~KCA+lyzhPTcTEEJmz
zp-sCZ7!tZ+i6_0?mT<OYGDBLo+uUq&$B_Og81l9amm#ii3D<kEE#9rvsl+ZfEQV}B
z-{Eh0#pG7Ea@V#^!L7Q4U@hWv#2wvGt@MGLhUXYomrBkwJl=lwn7<z4D!9rJU2B^o
z=4!+4Ic@R4kUVE6RF);Yh7{5iol?<ltE*uJ*A!GWTt`hq0!fDC>dV86U^J}a219Q8
z`p#I!`;KEf46zBEf}0v{p+=Ra=}%ibqU{|D`Aty+o;^0Rg+~vINA;bWRvIbDptXE0
zo80VCzw~YL7sZ<%H%Y!@2UYjc>oOrRt+Z*<EYSaSgljmWGwFyl_IfTBXqaYc<XAE%
zg&`{lCRL<;j=Tz;jLvXrAM6tu0c2>841+{~Y|T$V7RSkpA%_zbk&i!6u>hU7GYBS=
zUlG<z14Q;P{~1aj<#IYYK&+3&?@*uZBmQ$3&iLUy#K&O?8yv!B5hgoKAQ9rKAWx&e
zP6Q;4tPh2GoFp%X8cyLf5jivT0>6=0a5jr5&P|%D4w(a~v^Ky@A4=#WLcuRk{%=%P
P2_v9wNI4eB31IObG@Hq{

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_long_to_string_with_radix/Test_hex2.java b/regression/strings-smoke-tests/java_long_to_string_with_radix/Test_hex2.java
new file mode 100644
index 00000000000..a337367ec9e
--- /dev/null
+++ b/regression/strings-smoke-tests/java_long_to_string_with_radix/Test_hex2.java
@@ -0,0 +1,13 @@
+public class Test_hex2
+{
+    public static void main(Boolean b)
+    {
+        String s = Long.toString(Long.MAX_VALUE, 16);
+        if (b) {
+            assert(s.equals("7fffffffffffffff"));
+        }
+        else {
+            assert(!s.equals("7fffffffffffffff"));
+        }
+    }
+}
diff --git a/regression/strings-smoke-tests/java_long_to_string_with_radix/Test_hex3.class b/regression/strings-smoke-tests/java_long_to_string_with_radix/Test_hex3.class
new file mode 100644
index 0000000000000000000000000000000000000000..e8439e883d8a9f0c2194a8da6e0dee57343d776b
GIT binary patch
literal 943
zcmZuv$!-%t5Pj`!?C~UCVvGrELckk|ffxsH6aoPx&;SQVmf(WgcH>N#%)rbTapW7g
z#XrCqkQ@XO-1#Pis2*>LNFTbZs;le0dR@Q&e*X!ein@wfTvV_W{y;u0rXqk#DlQ`*
zgN8yBMHMBK6<krF%G6~QE2t>A$}qRYT~|1sVO#Ef!{segbQstRhRC{M8Qum%uuyC=
zgtqLCU`XhOC7$;7TEf|u$qZ@TZgaEA9Ygw~V947sT!y&5EnM&Aj(ERXrxJVIuo$uh
zeV4!E6_Z=t%01gQ1-I%Fg0+axF?V!BwbF-f8lGcVT`D=#@Ob<66aL1>Rd9_Vy52TN
z%+-e7bK2seA$iVDsH{kM4Jo84I;Eo9R#(GytSYE#xPh961d<G?<+WEw7vX4F!%c?V
z^!eSfjt?Bib{Jw4JO#Hj+(wNdIZc1o+7)f@NNCs<b>P`!Gh2B4sCZoCscEH=gbZ41
zC}xwJJ!+W#O@5<z+v6tbcjB<@L-e{#NK7kjnKTUaK^@^5j_6D}B9XnGiv^mdSvg?I
zoK%LaAV?mhX`dsnLMNj$Tsi>zOhy11+9Q6D2#~D}6OhG8@?yy06h-9Yk5nu`=ba3K
z$>cYL_0j;5eawG>(nq<Rjt&s(WAO*n=Ld-Y^23>7cpvd`Si%N<*et?ihY2J?TovSL
z_BV)tq>&v$VIHT+i=l=yI7>v%`Ci};@(Rvp5ygc`b5)-?kV<O<%=DpzJ|PtR3g!Ps
RWtA`j+NP9aft&yq{{i@@!tnqA

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_long_to_string_with_radix/Test_hex3.java b/regression/strings-smoke-tests/java_long_to_string_with_radix/Test_hex3.java
new file mode 100644
index 00000000000..5803911a06c
--- /dev/null
+++ b/regression/strings-smoke-tests/java_long_to_string_with_radix/Test_hex3.java
@@ -0,0 +1,13 @@
+public class Test_hex3
+{
+    public static void main(Boolean b)
+    {
+        String s = Long.toString(Long.MIN_VALUE + 1, 16);
+        if (b) {
+            assert(s.equals("-7fffffffffffffff"));
+        }
+        else {
+            assert(!s.equals("-7fffffffffffffff"));
+        }
+    }
+}
diff --git a/regression/strings-smoke-tests/java_long_to_string_with_radix/Test_octal1.class b/regression/strings-smoke-tests/java_long_to_string_with_radix/Test_octal1.class
new file mode 100644
index 0000000000000000000000000000000000000000..964eec8439cb8067b54b0b69b3bb5cff1ff66836
GIT binary patch
literal 935
zcmZuv+ins;82)BqSy+~GC|$80i&ajx*osu8sfVhG2K9o5L~qOh8{E3x)!oGh@veOV
zuhoPaP4wP3@g0o%4+{lj=VInR&G&!*H}m87mu~=SXsAdaFaHVFPZbxitl}ar#Slj!
zilT}V$_gqfV#q7FtYQVL3aSkA%iQw}*Eb#8yJvd5V;MaL_M9QIY1*d0#Ski%+6>`s
zr)MxEo2G3%8SHfocSjU6WSUNwTW#)|!XF32{!7ziNHlj0&wt@`eQvEa2xO0&HiKSl
z?((<1YH_<?z3VuZ!R>}<!aBt0m>gvYEi;p8`L1dA2{O_0dH2<0{(96|!4-z+X4e{X
zS6j}&?HUhE!8A2PW>pZ-kV0C)nuc{;RZ!D#4RsB3NYd0R>l=ioVFTA0a#Ox{CVJg>
zUB_jJ&!8%}q2VU#)N6X-X=m5y`u~Ii_6&2=s-|Q2iMsDha(eO6!_sjRr>B?3+A(OI
zK*ct<1~e%>nRr3t&461Z+`_Eh0iA{@NKTQqE&2!aGCjjHU88q2B&q8UJS@>iO3+_p
zshp69tPp4-q-oEPSEZBDDVGnyK9C_{p7zKn$dDyl3kt9RoxB)MAV(2#`5l2tbl%EB
zN<}{-+$;|v?_=>JA_u5cGRhFq1LVIV_UsVq_fa?-g!d7jghkuXsI3l}Y?+!wh@*l6
zRBRCeK|>E(;UpHxi=mEFI88*(j6CTV3JT8Zh~nJQaJ3P0Af1U1p&dX8zehOq36cK?
R6(}+!?Y5BPJUJ4U{sNec#>fBw

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_long_to_string_with_radix/Test_octal1.java b/regression/strings-smoke-tests/java_long_to_string_with_radix/Test_octal1.java
new file mode 100644
index 00000000000..a39f0877692
--- /dev/null
+++ b/regression/strings-smoke-tests/java_long_to_string_with_radix/Test_octal1.java
@@ -0,0 +1,13 @@
+public class Test_octal1
+{
+    public static void main(Boolean b)
+    {
+        String s = Long.toString(-23, 8);
+        if (b) {
+            assert(s.equals("-27"));
+        }
+        else {
+            assert(!s.equals("-27"));
+        }
+    }
+}
diff --git a/regression/strings-smoke-tests/java_long_to_string_with_radix/Test_octal2.class b/regression/strings-smoke-tests/java_long_to_string_with_radix/Test_octal2.class
new file mode 100644
index 0000000000000000000000000000000000000000..d71ea9a161a7b07b6dfb0389d1fb4bb2fbd027f8
GIT binary patch
literal 953
zcmZuw%Wl&^6g}fSoH%Y?O-(4zmO@_8KnW?3syqrvpa6?hkzj)+jul*78*GOy|G=*K
z0oH(&B9LIuHzD9ooHRkii<x`x%$#%XneorxU%vyWp`jp&b28Q<@BRdz0tx38TtFcX
z6~!1z3d*R+xTru8TQ4bCM^(mUhQ&4Rd4}toj_utuJ>Id5E(3ec5Zy9u)8A$Y6-#Y~
z@Q%|p7*b8sHlFnNJBGU}HZx?Kj?S$%cTJIxi(&tz=`k!ccMZ>f;pjfMHW~!7&rO>_
zD>nD|TVA!e-K*Yp9LwN#Ly)izDVnoJD}<JvS!wyMY4-?nq2+V^)nop8#4O_qLu^a8
z#@dyZ(|2{_fhm-xXT+=v0V*=cG9;&BnvUI5v4N{HYAUXwt|Emr!_wxwkJwaf;yOcq
z3UO!R=Y7|8T!zF9tBe~eZlX?FrU#yO_6*(srxbKYo%qfq)QXQDmgX6dnIes?WKcVS
zscmlcsd2hNaiPYWKDWrnrCIv}_J-Jynj-C3^epJ2x`t=EM)#;EGTZNaSfO{7q}RvN
zdEpO5AuwSkjf<33X=XG>%7<VdDUgt(F*+)e0E*RM12i0?ERH;mQ$-wpPhb+ww{i%j
zV_y(ymWPNQVEGf|0V<VjY>4;(tKXnJJ4E8gsGJMR2S`lHf;Kdw)exaLLL^brDx*Mu
z!8QpHGPHmS%Q!(<9Ce(;DH3velu5r(ka0#s3}=s;tBsTcnXEd*!T@sk1Hz%tkpFK~
QphO_4w}l-mlt@_p3tl+Nb^rhX

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_long_to_string_with_radix/Test_octal2.java b/regression/strings-smoke-tests/java_long_to_string_with_radix/Test_octal2.java
new file mode 100644
index 00000000000..abe3c9b5379
--- /dev/null
+++ b/regression/strings-smoke-tests/java_long_to_string_with_radix/Test_octal2.java
@@ -0,0 +1,13 @@
+public class Test_octal2
+{
+    public static void main(Boolean b)
+    {
+        String s = Long.toString(Long.MAX_VALUE, 8);
+        if (b) {
+            assert(s.equals("777777777777777777777"));
+        }
+        else {
+            assert(!s.equals("777777777777777777777"));
+        }
+    }
+}
diff --git a/regression/strings-smoke-tests/java_long_to_string_with_radix/Test_octal3.class b/regression/strings-smoke-tests/java_long_to_string_with_radix/Test_octal3.class
new file mode 100644
index 0000000000000000000000000000000000000000..15b78163b625b38ea7752f5bb0a1937fbad32382
GIT binary patch
literal 954
zcmZuwU2hUW6g|V&!m?1Hh*&>ct9;p_7O6^8t5p*X>H`glzL;T|;MVP~?k+z28+<E&
zz-Kj~MiYJaHyPs{779k@VdmaDGv}OpcJ|kwZ$ALk&`^=YMFp$j_mtCMDgwBq;xY;`
zXedTeQc*@l!4(y%Ji4Z09aRNa85UQ$>k7v+Y|FiGxV&SEE(3eP5ZN*;!`o&E7E5i0
z(5~GT3=2)e5>NXF9pUWB!wi|Gt#h-@9Yf~hV#s@CxD1Kro^ZXFw(fCrqd_1C+^`sO
z#pXVL$Ezl{dewWjZ3=ERBnj(~qB(oCLui?qotEbqR*xVPEsyK3pYS&$W(C(6qFcH-
z)~>efzN3qWhE$rG5wk7@Xh<W&kerHX+E!1)b!;f8X}E#9h6SWZ@!ICRL3A26ag!lG
z#ke~$^nv5p4nur~R>3U|w^1iC(+kf!`$G5rDf#VDE1o?GbH&GxO7k2@Pm#u6GH4y&
z)iyW#)H!`Z`9;OsJ~zq86SMyN><xKfVT!bC(z~F(yTUab(LL^o-1hn|mg!+7<y%YT
zr9l)0!K9lsFH%;emC+h5AAx<MAb>2*kx`KZP^|d}ki$vJV#wnZRpjLl1Qww6P8Pvb
z^ee*6@(__jEPaMDK&6t24iOt*<vY~pM~MF%m9u{N5b;S_(gsJgIfN+=6G?=$Dk#uz
zuuTG_jGRw}C7h-#hC0sRED1R`$^ySpP;fqnC@vf~R~sn@(iv@t!~ja@BSOJ1Q2uXJ
QqJ$C9cBCE4lmxKy7ucV}umAu6

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_long_to_string_with_radix/Test_octal3.java b/regression/strings-smoke-tests/java_long_to_string_with_radix/Test_octal3.java
new file mode 100644
index 00000000000..ef675fa7946
--- /dev/null
+++ b/regression/strings-smoke-tests/java_long_to_string_with_radix/Test_octal3.java
@@ -0,0 +1,13 @@
+public class Test_octal3
+{
+    public static void main(Boolean b)
+    {
+        String s = Long.toString(Long.MIN_VALUE + 1, 8);
+        if (b) {
+            assert(s.equals("-777777777777777777777"));
+        }
+        else {
+            assert(!s.equals("-777777777777777777777"));
+        }
+    }
+}
diff --git a/regression/strings-smoke-tests/java_long_to_string_with_radix/test_binary1.desc b/regression/strings-smoke-tests/java_long_to_string_with_radix/test_binary1.desc
new file mode 100644
index 00000000000..bfdddd48786
--- /dev/null
+++ b/regression/strings-smoke-tests/java_long_to_string_with_radix/test_binary1.desc
@@ -0,0 +1,8 @@
+THOROUGH
+Test_binary1.class
+--refine-strings
+^EXIT=10$
+^SIGNAL=0$
+assertion.* line 7 .* SUCCESS$
+assertion.* line 10 .* FAILURE$
+--
diff --git a/regression/strings-smoke-tests/java_long_to_string_with_radix/test_binary2.desc b/regression/strings-smoke-tests/java_long_to_string_with_radix/test_binary2.desc
new file mode 100644
index 00000000000..7cabc082721
--- /dev/null
+++ b/regression/strings-smoke-tests/java_long_to_string_with_radix/test_binary2.desc
@@ -0,0 +1,8 @@
+THOROUGH
+Test_binary2.class
+--refine-strings
+^EXIT=10$
+^SIGNAL=0$
+assertion.* line 7 .* SUCCESS$
+assertion.* line 10 .* FAILURE$
+--
diff --git a/regression/strings-smoke-tests/java_long_to_string_with_radix/test_binary3.desc b/regression/strings-smoke-tests/java_long_to_string_with_radix/test_binary3.desc
new file mode 100644
index 00000000000..cd10cf15647
--- /dev/null
+++ b/regression/strings-smoke-tests/java_long_to_string_with_radix/test_binary3.desc
@@ -0,0 +1,8 @@
+THOROUGH
+Test_binary3.class
+--refine-strings
+^EXIT=10$
+^SIGNAL=0$
+assertion.* line 7 .* SUCCESS$
+assertion.* line 10 .* FAILURE$
+--
diff --git a/regression/strings-smoke-tests/java_long_to_string_with_radix/test_decimal.desc b/regression/strings-smoke-tests/java_long_to_string_with_radix/test_decimal.desc
new file mode 100644
index 00000000000..7226334925f
--- /dev/null
+++ b/regression/strings-smoke-tests/java_long_to_string_with_radix/test_decimal.desc
@@ -0,0 +1,8 @@
+CORE
+Test_decimal.class
+--refine-strings
+^EXIT=10$
+^SIGNAL=0$
+assertion.* line 7 .* SUCCESS$
+assertion.* line 10 .* FAILURE$
+--
diff --git a/regression/strings-smoke-tests/java_long_to_string_with_radix/test_hex1.desc b/regression/strings-smoke-tests/java_long_to_string_with_radix/test_hex1.desc
new file mode 100644
index 00000000000..4b691b9c528
--- /dev/null
+++ b/regression/strings-smoke-tests/java_long_to_string_with_radix/test_hex1.desc
@@ -0,0 +1,8 @@
+CORE
+Test_hex1.class
+--refine-strings
+^EXIT=10$
+^SIGNAL=0$
+assertion.* line 7 .* SUCCESS$
+assertion.* line 10 .* FAILURE$
+--
diff --git a/regression/strings-smoke-tests/java_long_to_string_with_radix/test_hex2.desc b/regression/strings-smoke-tests/java_long_to_string_with_radix/test_hex2.desc
new file mode 100644
index 00000000000..d21d067e620
--- /dev/null
+++ b/regression/strings-smoke-tests/java_long_to_string_with_radix/test_hex2.desc
@@ -0,0 +1,8 @@
+CORE
+Test_hex2.class
+--refine-strings
+^EXIT=10$
+^SIGNAL=0$
+assertion.* line 7 .* SUCCESS$
+assertion.* line 10 .* FAILURE$
+--
diff --git a/regression/strings-smoke-tests/java_long_to_string_with_radix/test_hex3.desc b/regression/strings-smoke-tests/java_long_to_string_with_radix/test_hex3.desc
new file mode 100644
index 00000000000..c9fbfae377e
--- /dev/null
+++ b/regression/strings-smoke-tests/java_long_to_string_with_radix/test_hex3.desc
@@ -0,0 +1,8 @@
+CORE
+Test_hex3.class
+--refine-strings
+^EXIT=10$
+^SIGNAL=0$
+assertion.* line 7 .* SUCCESS$
+assertion.* line 10 .* FAILURE$
+--
diff --git a/regression/strings-smoke-tests/java_long_to_string_with_radix/test_octal1.desc b/regression/strings-smoke-tests/java_long_to_string_with_radix/test_octal1.desc
new file mode 100644
index 00000000000..9afe7b06279
--- /dev/null
+++ b/regression/strings-smoke-tests/java_long_to_string_with_radix/test_octal1.desc
@@ -0,0 +1,8 @@
+CORE
+Test_octal1.class
+--refine-strings
+^EXIT=10$
+^SIGNAL=0$
+assertion.* line 7 .* SUCCESS$
+assertion.* line 10 .* FAILURE$
+--
diff --git a/regression/strings-smoke-tests/java_long_to_string_with_radix/test_octal2.desc b/regression/strings-smoke-tests/java_long_to_string_with_radix/test_octal2.desc
new file mode 100644
index 00000000000..06520bcde35
--- /dev/null
+++ b/regression/strings-smoke-tests/java_long_to_string_with_radix/test_octal2.desc
@@ -0,0 +1,8 @@
+CORE
+Test_octal2.class
+--refine-strings
+^EXIT=10$
+^SIGNAL=0$
+assertion.* line 7 .* SUCCESS$
+assertion.* line 10 .* FAILURE$
+--
diff --git a/regression/strings-smoke-tests/java_long_to_string_with_radix/test_octal3.desc b/regression/strings-smoke-tests/java_long_to_string_with_radix/test_octal3.desc
new file mode 100644
index 00000000000..32f319a9876
--- /dev/null
+++ b/regression/strings-smoke-tests/java_long_to_string_with_radix/test_octal3.desc
@@ -0,0 +1,8 @@
+CORE
+Test_octal3.class
+--refine-strings
+^EXIT=10$
+^SIGNAL=0$
+assertion.* line 7 .* SUCCESS$
+assertion.* line 10 .* FAILURE$
+--
diff --git a/regression/strings-smoke-tests/java_parseint/Test1.class b/regression/strings-smoke-tests/java_parseint/Test1.class
new file mode 100644
index 0000000000000000000000000000000000000000..9394e390d14552f30a5c2aa18c006683fa0380e3
GIT binary patch
literal 934
zcmZ`%T~8B16g{)scDCEaejrd01r)RtrBsWkAby}GBvl_un&8{Coz%r;m+Wrwx5$h7
z<g=PkBZ<EIpETat7K&dlGjs3EIrp4<=ljnuUjbBb+k}OS95V)HO=!4e;xY;*=1@$+
z#5~6p6NY+m)x-iy9E%LYGa?A2AKIQ9JhTJRaAb>tJ!eR)+O8e0G3bT4Izw#TYe|N5
z)pq66&Q3%6o9Zz`uIe>~Qy0Fi;(js~zOVxZUfq;ISY9Fcj<8*Z(L!}w?1_>i+;-`K
z=Q&ciD~g^qNXtL&NJsceI(t!}0kjtSw%aCNzAOAdw#vk?!7x+{Mf2qou^Y*tRxlW=
zO{Z_fta%;3DIeQPwizi~P?Q$Z$S`F7q-W5|*VJX1gZAsFa4cE4fn^IrIK_}3AnqS^
z@saO)K0`dB=eTL%7M6b_f7aNR&5&W_WH0)LR4cLr)(tn5ZAo-SWRt@Gz{vXvSii9h
zR-@PAx^Oz=nI=htO%M3j9hyE(r6mK~m#t$H)W)zAV4A*-MSqKB^2#usbPygHTC)_D
zXlJy?i(Rk}bkLBaH4!Cgo^-Z)4{#bI6eTf=G0G_LJ0jC*zk3L6E2no6tImH${7&%z
ziPsqW2)>WmiH!9IlZP<2x=4PDa#_l~Md~Q0%IZ<saVkt&NOOWTaw=t@h!oaHyOJ{1
zD~CMJP-J2W<2XxV(pba<&XM@@QC|CjBF7{fCj8W~*Ggmr$mYxgr1rsM?-A2Kf&cAW
Q(Zr!y_f&VLDbR4?7q{EHw*UYD

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_parseint/Test1.java b/regression/strings-smoke-tests/java_parseint/Test1.java
new file mode 100644
index 00000000000..13041ba4f85
--- /dev/null
+++ b/regression/strings-smoke-tests/java_parseint/Test1.java
@@ -0,0 +1,14 @@
+public class Test1
+{
+    public static void main(Boolean b)
+    {
+        String twelve = new String("12");
+        int parsed1 = Integer.parseInt(twelve);
+        if (b) {
+            assert(parsed1 == 12);
+        }
+        else {
+            assert(parsed1 != 12);
+        }
+    }
+}
diff --git a/regression/strings-smoke-tests/java_parseint/Test2.class b/regression/strings-smoke-tests/java_parseint/Test2.class
new file mode 100644
index 0000000000000000000000000000000000000000..8c1238fe28818d2e0c1fedfe5c3011911cf34fd5
GIT binary patch
literal 948
zcmZ`&T~8B16g{)sGVOM2KM<&h0tyO6DU|Y|MNm-_lBy375_~b!c2XC&yJUB3eDin6
zi~8iVnouK&zWbjP?<|Gl*UQY@yZ4@Z&Y9WoKfinhP(s;25@Q_WF<ddA;i`cNOd7~z
zDvkuM>8}nC4>_(Ih^w+`0|m@*%rf+j3E!7qV7ZQe&+<jpmURa9grR5Ia;#v5L7$l1
zVu-A{b;*#bSdM(uYF4GUsfro06}KkrE#X-z?j$3@Gs|b-l}+gf#WJ-wh2=2xPgHiq
z3sJCz(<t0^U0VvLtl(LdxcuWAVKl|dr<N0_N!{L!z_XkN0rOqq`LbRlh;@eKMj&d>
zABx?O2N}W;Tdvt1CB}x^@@n#drFa`5wP^)uB8?0~`cHT&D$bS`OG|SLrA1X#<d`$b
z?|F^|6N^|faRw=dT(|Siv7Prl&-ECh;TVn^CT?Qsw;_+KJF-T)`c9kD5vDxJbWzux
zKsF@7#X`9h{-=#RIMvp1n8B<bdA%j<7HOv|r5jFl@z-p626R1j>06$xpNJqkgO-m`
zdPGTjX)K*ng6X7#q##3UmZAdfjP_{04fcT!8hUB%36l(G>1-Yqpbz~N#W8>!WmNM!
z0@G<<J%F~I)!T?vramKjE5DDP*BJN+zK8LlZ0rq&4-nsO!}u2FGL(CZ#BolI)x)ua
zG*}Hcz=>;&2FB@6FtI}16_t^raX5!TiVV!-Jcfu&3NyHXi$s1n%xgc8=NMtVgfV)e
kwG;{gGTFpF%suePdqnh4;D75@Fi~jcZRO4-3N&2)1&qYOkpKVy

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_parseint/Test2.java b/regression/strings-smoke-tests/java_parseint/Test2.java
new file mode 100644
index 00000000000..38d17372ed1
--- /dev/null
+++ b/regression/strings-smoke-tests/java_parseint/Test2.java
@@ -0,0 +1,15 @@
+public class Test2
+{
+    public static void main(Boolean b)
+    {
+        // 2^31-1, max value of Integer
+        String max_int = new String("2147483647");
+        int parsed2 = Integer.parseInt(max_int);
+        if (b) {
+            assert(parsed2 == 2147483647);
+        }
+        else{
+            assert(parsed2 != 2147483647);
+        }
+    }
+}
diff --git a/regression/strings-smoke-tests/java_parseint/Test3.class b/regression/strings-smoke-tests/java_parseint/Test3.class
new file mode 100644
index 0000000000000000000000000000000000000000..c3b2e364a6cc2d155c23bf789050a57e1ca2afd9
GIT binary patch
literal 738
zcmZ{iO>Yx15Qg8`k8HBt(j@&LrRAegAPo``qPIo}R6wc};E<{ky&z}T3NG8-$m{T9
zdg8_zkSGEP?))Z%7%!nYR9rls@yzRI#{T*H>vsU#xD%p^^$?eFrG^Tw2Dlc&!+L;?
z5Z7@dz$RgFQxt{NM&()YSQTQJ%7j3Ngi23k$~+*r?X3fXx0@%Du+UeTd_FlIO1*EB
z3C(^Ui}XNfW&LT;Gp|)a2>Sc7F!y)3{8*@ru-xt+iMOJgifq&!7_G9=j#ZCTHlCPQ
zMH#W0=dxIAEOa50dyKb7m>(Dszj-Fc(;KV3IGqBAgM6Z6`BYiFuq3!^^&-q63UD*R
zE!>V!Lr7@NE_(ED5KpwuHNh_{1GFP-p+l(8QeO;@WNZkHS!gdaawNH|T4J*MpKh6b
zVOF-A^85)ai7b?s$r%H8XC{2W!#~6ZKVOyKl<F-@%{v!lo8fhyy)Ii~>vv8;A9&;7
z0<V=a$k*}Srg8%6Xt1rJiA9dsV#(PK+ttn&IK4Ih9U33uo?z}9yqBl&e^^1c6m0VM
zu_8W8hX`P4toX`b0W4v;JYV9-MV4=|#}L2J;;~@$jCZ?)0UFK9X9On*y!Y_jPjJt(
RTL~Xd^w4&Ai5&-Pe*j-uj>Z50

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_parseint_2/Test.java b/regression/strings-smoke-tests/java_parseint/Test3.java
similarity index 66%
rename from regression/strings-smoke-tests/java_parseint_2/Test.java
rename to regression/strings-smoke-tests/java_parseint/Test3.java
index a32036c75ab..946e63adc12 100644
--- a/regression/strings-smoke-tests/java_parseint_2/Test.java
+++ b/regression/strings-smoke-tests/java_parseint/Test3.java
@@ -1,6 +1,6 @@
-public class Test
+public class Test3
 {
-    public static void foo(String input_string)
+    public static void main(String input_string)
     {
         int parsed1 = Integer.parseInt(input_string);
         if (parsed1 == 2) {
diff --git a/regression/strings-smoke-tests/java_parseint/test1.desc b/regression/strings-smoke-tests/java_parseint/test1.desc
new file mode 100644
index 00000000000..5d48a0d6aad
--- /dev/null
+++ b/regression/strings-smoke-tests/java_parseint/test1.desc
@@ -0,0 +1,7 @@
+CORE
+Test1.class
+--refine-strings
+^EXIT=10$
+^SIGNAL=0$
+^\[.*assertion.1\].* line 8.* SUCCESS$
+^\[.*assertion.2\].* line 11.* FAILURE$
diff --git a/regression/strings-smoke-tests/java_parseint/test2.desc b/regression/strings-smoke-tests/java_parseint/test2.desc
new file mode 100644
index 00000000000..16f6de423bf
--- /dev/null
+++ b/regression/strings-smoke-tests/java_parseint/test2.desc
@@ -0,0 +1,7 @@
+CORE
+Test2.class
+--refine-strings
+^EXIT=10$
+^SIGNAL=0$
+^\[.*assertion.1\].* line 9.* SUCCESS$
+^\[.*assertion.2\].* line 12.* FAILURE$
diff --git a/regression/strings-smoke-tests/java_parseint_2/test.desc b/regression/strings-smoke-tests/java_parseint/test3.desc
similarity index 51%
rename from regression/strings-smoke-tests/java_parseint_2/test.desc
rename to regression/strings-smoke-tests/java_parseint/test3.desc
index 60c72ba9b36..bb643427dd2 100644
--- a/regression/strings-smoke-tests/java_parseint_2/test.desc
+++ b/regression/strings-smoke-tests/java_parseint/test3.desc
@@ -1,6 +1,6 @@
-THOROUGH
-Test.class
---function Test.foo --refine-strings
+CORE
+Test3.class
+--refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
 ^\[.*assertion.1\].* line 7.* FAILURE$
diff --git a/regression/strings-smoke-tests/java_parseint_1/Test.class b/regression/strings-smoke-tests/java_parseint_1/Test.class
deleted file mode 100644
index 81304601f473385534b4e8453a7e7cf7a28b7d53..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 1001
zcmZ`%-A~g{96h())~yux!Ka8HD98X|GA5vcXh0K^i4P+r@M6k#oyF0TwnGz5{6Bb+
zH=fl*j3oN*f8+z=X`P!w%(C|W&b{aNJLlYf|M}%BfC6soXvdI->v0V0P>|Izg3$!p
zFs9*#4h=(bjH_=?PEIsT=*Z!whDm{rLDTc3>syZPEm@wqS(6n3u^|wfvuw-1C!l6W
z)&wGpPDKhNi<T`{>f4*rT@4NkWQtDNtgV@@71Rwd;y<@M_9(7O&%eta&m4z6vdclM
znEz7Nc0=lxxohTXrd`dIeAlw8JgV)Ot|u$hCYD)ko3EZ)w%^3_#4UmLl5dt@JT`a2
zf%Gj9pDWiIlJ$~PcgymT6$nfO8YY5C22w~1q)ty2P$u)iW?sXT!8C6fIESP_Z|mfP
zKQTRYUB?yB^OJ>{!tB&^VTQ(n5gMiq%wYDP0Z%r!WSQ!_vc*=fhSwmAbPHX!eOZ-k
z9S;*=`5zi%Nw#Q<HQt~=cSU-ZD=ST%49Kr@gV(o#0e%SW{7^)yH*m(43hG3f&kU;^
z--7Sx=pn>=E);a|84E#yPOgpL2hfFXRtfZ=mk7zChs{)CZ~7wpm_LHDo>31GDUN+c
zbp8Wkdr0@EjCW`|g0_B$__rpu-@*>C&==juosgb5P0#3O=^6bmdZ1YiHRq|6M)-@-
zs7CE^WT|%!Iu;ni5`$P_2qo@T8Nq9M2>cbuNMao4(MMmM<Xk{Mb66pEF~my5E`=Dq
z;xbpj75;k=Jw{f;fcSw9<ru?_B?n(^CR_;P1JaqcPcZhNMGg>AKO%NE?Vx8Aig7=<
KlWQy#4E_SLX2Hz>

diff --git a/regression/strings-smoke-tests/java_parseint_1/Test.java b/regression/strings-smoke-tests/java_parseint_1/Test.java
deleted file mode 100644
index 8831b817489..00000000000
--- a/regression/strings-smoke-tests/java_parseint_1/Test.java
+++ /dev/null
@@ -1,19 +0,0 @@
-public class Test
-{
-    public static void foo(int i)
-    {
-        if (i == 1) {
-            String twelve = new String("12");
-            int parsed1 = Integer.parseInt(twelve);
-            assert(parsed1 == 12);
-            assert(parsed1 != 12);
-        }
-        else if (i == 2) {
-            // 2^31-1, max value of Integer
-            String max_int = new String("2147483647");
-            int parsed2 = Integer.parseInt(max_int);
-            assert(parsed2 == 2147483647);
-            assert(parsed2 != 2147483647);
-        }
-    }
-}
diff --git a/regression/strings-smoke-tests/java_parseint_1/test.desc b/regression/strings-smoke-tests/java_parseint_1/test.desc
deleted file mode 100644
index b0e5d799277..00000000000
--- a/regression/strings-smoke-tests/java_parseint_1/test.desc
+++ /dev/null
@@ -1,9 +0,0 @@
-CORE
-Test.class
---function Test.foo --refine-strings
-^EXIT=10$
-^SIGNAL=0$
-^\[.*assertion.1\].* line 8.* SUCCESS$
-^\[.*assertion.2\].* line 9.* FAILURE$
-^\[.*assertion.3\].* line 15.* SUCCESS$
-^\[.*assertion.4\].* line 16.* FAILURE$
diff --git a/regression/strings-smoke-tests/java_parseint_2/Test.class b/regression/strings-smoke-tests/java_parseint_2/Test.class
deleted file mode 100644
index 58992e04a96ae1b0ad55f5e611fa582ee161e434..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 737
zcmZuvO>fgc5PfSq*~E3JlhP29@=+*|1c?Z#w?+t5K#COLkg5{BppCtREyj-48-7er
z+&BXgMIgbQ--HmeCNzg~nJ>S2^JdmRe}DZBU<bE-RIuse5-wL!#ubjMK0Iu4Z27o`
z>m1t*>)RsFr8X){^M@)IlSIZ0?2w^6P^mKa7~D?xfWh0#V#%;JQmK48e>0JK-+~$H
zqbw51fzZn4i=t;<shl`Q`!YAX#PKrA7&bbiBk@-B6Om5)W203%-L>3-N@sKPA}=bI
z@eGQA&xFope3!%x8CJ(eM6aKS*<xO05G4z_{y3ZKNIq6pT-DCMW9b5{AmF$W;3jSb
zsKRGxF6TV>cZEk<XPVZvjU1f-UGx~jCGy$iNJfUCwk!=(Bd3zODuqZ&85;lDb=W28
zYs<d9gpN<pSmsL0_*4TeXXf;QE`NwEdb<ieC<~ibHAOC%U54x`WqtCDe5rQ=_JINi
z=g5|eB8{WiLJ5EnHS$%|u}&4+JSDV4zTFGMFK`C!(mT{X!ac^yH+auaQ2Jph-GZ`C
ze~+c%L>`cB5tXHH{H4HoY*5C@H*kRlG$|t)ztEz~;Nq#`ok9*!tCv56AA@`E;klpS
To>gxtN^pYvcE=Va4%&YJT_%n~

diff --git a/regression/strings-smoke-tests/java_parseint_knownbug/Test.class b/regression/strings-smoke-tests/java_parseint_knownbug/Test.class
index dd9c488696240aebb743fb50bf4c19a59a8212be..cdeb074b580065e1cb121811661fa52e97f17e89 100644
GIT binary patch
delta 548
zcmZvZO-~b16o#KW)6VTor_xTbR6dJP=m%OrkSZV_2|Ly#xElf?kkYPn3xA=R6>QX%
zaVaKzNTPdp{tSPF#&f4}C7W~4dCz;#`<{DmolCv(<ImS`zyix2874L56jL4+(;gM7
z9yRJNX=dy*p=q9YxQ6!Bqrt3ZuDf#7Oq_&AZAGE7eH^|G8?CT?*x2lJS_ff!xw@lJ
zdy4!$z3!(qRqp<pva{r(Kur|0%xj+cVrNnF+-HfV&jb3REj8)9@Oeoy>Ztwc+<!U>
zf3K&w6Sm$QDC|o0b@Wr!M;RCU88NT2MKen>8-++p45E@%IL!;@NF^NlCHirm<RJyA
zTm~o_uH+x&t}W-<9oBAOUz6Cb-;i9bUE!QFaEZR4JRGFnF?NT$dyV%!#&UwaC;bom
zEF)};?4SsrnuqmBi8ogi&6{U<C6)0~>gn-Fs7P;-A%?|GAG3@wDnB(A<JNC#nv%-P
tobldnf-l6IKrTpM;a{K=A4%9>(8hrkJ8&56ZEofyvHW%UFdoPKiNBP<Pa*&S

delta 446
zcmZWlyG{a85IuMA?%v(YDzGS`_<}_QeBgsb3k+KG1zH;uD?R}$D;u&Mjdr$*iKryn
z`x*X+#<NR;h0V;FlQT1CW}sf}=I77bJAelEH9V{;6dV*a3<Me_thvxA%PT4r)-{|+
zQPHTPrm)dFxisZPr_=jti9%QuWtl`OY>Ob3#HPZQhi%k7Okp~_7A1Sf!!Gv12XP)A
z8P%?UtW?iX;0BNLMJg95i6jI#h%wEo&McU%+7RNAz<|$a$D}}p*c%HlgIQKCvXkZ;
z4l~Fdj$oYnatO0sdx6y)!0z^u&im>Xi4mOBA>0p=WA5&cix$dwVHOs#qFaaVTm(c1
zNW=!RT%vjG9CFko`JQ<!&{UokfBB6-VNqn*xiqoXYQ(OAw6C9$=tG(JFy#~M|3^l1
PEEwK#^onH`23CFn^)xU9

diff --git a/regression/strings-smoke-tests/java_parseint_knownbug/Test.java b/regression/strings-smoke-tests/java_parseint_knownbug/Test.java
index bb63540ad96..92d0ababf6c 100644
--- a/regression/strings-smoke-tests/java_parseint_knownbug/Test.java
+++ b/regression/strings-smoke-tests/java_parseint_knownbug/Test.java
@@ -1,12 +1,16 @@
 public class Test
 {
-    public static void foo()
+    public static void main(Boolean b)
     {
         // -2^31, min value of Integer, and longest string we could have without
         // leading zeroes
         String min_int = new String("-2147483648");
         int parsed3 = Integer.parseInt(min_int);
-        assert(parsed3 == -2147483648);
-        assert(parsed3 != -2147483648);
+        if (b) {
+            assert(parsed3 == -2147483648);
+        }
+        else {
+            assert(parsed3 != -2147483648);
+        }
     }
 }
diff --git a/regression/strings-smoke-tests/java_parseint_knownbug/test.desc b/regression/strings-smoke-tests/java_parseint_knownbug/test.desc
index c8084216052..76feb55c355 100644
--- a/regression/strings-smoke-tests/java_parseint_knownbug/test.desc
+++ b/regression/strings-smoke-tests/java_parseint_knownbug/test.desc
@@ -1,10 +1,10 @@
 KNOWNBUG
 Test.class
---refine-strings --function Test.foo
+--refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
-^\[.*assertion.1\].* line 9.* SUCCESS$
-^\[.*assertion.2\].* line 10.* FAILURE$
+^\[.*assertion.1\].* line 10.* SUCCESS$
+^\[.*assertion.2\].* line 13.* FAILURE$
 --
 --
 Issue #664 is about turning these tests on
diff --git a/regression/strings-smoke-tests/java_parseint_with_radix/Test.class b/regression/strings-smoke-tests/java_parseint_with_radix/Test.class
deleted file mode 100644
index 26bc43a8c10a59cf847a0d5c0ce4782097700684..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 1428
zcmZuwOHUI~7(I9Tm|-aNfgltV@mWwPMGzlA#Ucp_J`xNBc0)VjKyAs);6fKBYU0|R
zaU(kxx=|A`lBkI;j7wMk2>*aF8qXc*18kbi{qDKncfQB@`t9%g4*&)+p(Bi56@40#
zIu!KlNMWE34LGf0P=|_M4MQ5vXc*RTR>e6T=W#*Bh(Oa(!*NX8wTcC2!g7qoyqOaa
z3j)Crt6;ff0=`7|tbjjL%$Wk=X{%sfUAw(#+Bc-LKy130HS)8DZOQu%=yz{f4mqZ8
zn2vja95;(aawMiaD#x``GH}_rV<huNVJSJ|+E!tSj_RsmJ7$j0Vu}Iu94LddByhS6
z(2~Gl8K5PBp)x>ASON_*u9022Vyt@QaZ&=>NH)LIpgvPvv$N);CEKZ!75B-?LWrSB
zAhNegQclXZQ59n$q;WBX2%-Y5702<?OfTDZ(PsOp0oJMv53|1BR6o1(_xBr@c*txj
z#zVM-%&uJ57MIPeE6|+ye@t?S(Mq<df@?0BOrv?j<5i%gM%Yw0M;flgW%AUXt~t}O
zY%^Cbn!|F}_(0(o(8V<hbInAgRklgX2Wp2Ve)sW~<SBRtdNv_m(NNILZ_ootPCK;i
zfc<FYtqyI76JfCOh-5x;PsIJ}NN+)zkNGy?pFSChyhC90HG<C&?TCb*qkaqO{3f)I
zWo*5IZHPcTP$H<?CeW)1?$sc;S51H~@nDHS-zLzi3DPwP(z^&A#?^I<c`ej?1cB=K
z-!<ZY?~2dFwNiX&?+9WYQM}m8;DJ>Xa`rxN_IGiRc7VSirBkVah91s+3_8Y9k4Y+W
zowClM5i9h#PhlTW+Q*dj359)1ZC;Y;6C*!UwXf9eJ5~EZ-F~8-YIg`94hRhgMGT#y
z4TnS@x<m#?JiS+$Bh1BUM+bFoK>`O@k;0rwbb8nvu|ppAgjkn{JtcP7!@i@BOfvQd
zv7-`Wo)nHrjM;i{-1Fn!-~=tu3pk6$Kj=}>Eq<X%`GfA7W}<@b`0n$jQ(EUiZ&!h6
htl=#hpF#C+!0&s5;Qy;FlLnxKF3LZ^NnRA3`Ui@k7C!(0

diff --git a/regression/strings-smoke-tests/java_parseint_with_radix/Test.java b/regression/strings-smoke-tests/java_parseint_with_radix/Test.java
deleted file mode 100644
index 29716aa2486..00000000000
--- a/regression/strings-smoke-tests/java_parseint_with_radix/Test.java
+++ /dev/null
@@ -1,36 +0,0 @@
-public class Test
-{
-    public static void foo(int i)
-    {
-        if (i == 1) {
-            String str1 = new String("F");
-            int parsed1 = Integer.parseInt(str1, 16);
-            assert(parsed1 == 15);
-            assert(parsed1 != 15);
-        }
-        else if (i == 2) {
-            String str2 = new String("123");
-            int parsed2 = Integer.parseInt(str2, 10);
-            assert(parsed2 == 123);
-            assert(parsed2 != 123);
-        }
-        else if (i == 3) {
-            String str3 = new String("77");
-            int parsed3 = Integer.parseInt(str3, 8);
-            assert(parsed3 == 63);
-            assert(parsed3 != 63);
-        }
-        else if (i == 4) {
-            String str4 = new String("-101");
-            int parsed4 = Integer.parseInt(str4, 2);
-            assert(parsed4 == -5);
-            assert(parsed4 != -5);
-        }
-        else if (i == 5) {
-            String str5 = new String("00aB");
-            int parsed5 = Integer.parseInt(str5, 16);
-            assert(parsed5 == 171);
-            assert(parsed5 != 171);
-        }
-    }
-}
diff --git a/regression/strings-smoke-tests/java_parseint_with_radix/Test1.class b/regression/strings-smoke-tests/java_parseint_with_radix/Test1.class
new file mode 100644
index 0000000000000000000000000000000000000000..357e4e8aa6202fd6a702f7ecf4e1f7c9f8272a9d
GIT binary patch
literal 934
zcmZuvT~8B16g|_gX}62r7J-T=prCE3lxnpqXh4*tN!5pvCipgOCv|bzCA(Yyi@a#!
zgU@P0jU@W+f6{noTPUC}Gjs3EIrp4<=hvU_KLAwlP=k)^91C$QY6#(mhMUM~$fJ;e
zh9!=ohPZlhOT#is94idt3&QiH>zj`4JvBYivSf#Wy<&*1nYQUaW(eo<O@_#((~%6R
zx@pT7y}g!nx7A~YOx<Y<t0`Pl#lvL8e{FgUyuK|xzr0HDJz?4mlezk?cq>Ylu)C!v
zj$=t-uPS=hA}#;9Bc$iMWmRSbZ1}EecZrqn3)hn!x@I+ov4$_&Z=Q?&Km;{{A->kO
zhBmZ@({tN$%T%JZK-aRO)RBV0V4SBX&MkFU=D4ln4k{dXb=*T$#~3a!WJiFF;}$-1
zUB_jJ2J9U7bv!`z4EM{{u59}Z6Q>(7^rQNa9<kPJUv?$Y#RHcVp6lNbR?Cz3Q@CMU
z8T8hm!A)WH$TQ86#+n)x*tBT&#MzOa>B`QD3u>d^^Ds}JMyH>}jI44@r!WW)gVr=f
zCE6M7(Lx{WGaW+6&>9PpG)+3|g9o^X35pV!#1v%|_#=^pY2P?PXeSfyBT`>7jBkiO
zDjXvA4pU#i53o36q~2rp2=Sdh5<i1nnsOhIJkF`Y;h^v|l_oW$Iz}Zpvh>-DNMfDT
zD=~9}f|S2Rk%lU!aXFB)f*D*P`B#H{=r@WSvuvF3b0=;qffXQ~(GHP30FQh^B>WZp
TU+0P@ijcmp`ZG^K2-p4sHWs@M

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_parseint_with_radix/Test1.java b/regression/strings-smoke-tests/java_parseint_with_radix/Test1.java
new file mode 100644
index 00000000000..d909b13c746
--- /dev/null
+++ b/regression/strings-smoke-tests/java_parseint_with_radix/Test1.java
@@ -0,0 +1,14 @@
+public class Test1
+{
+    public static void main(Boolean b)
+    {
+        String str1 = new String("F");
+        int parsed1 = Integer.parseInt(str1, 16);
+        if (b) {
+            assert(parsed1 == 15);
+        }
+        else {
+            assert(parsed1 != 15);
+        }
+    }
+}
diff --git a/regression/strings-smoke-tests/java_parseint_with_radix/Test2.class b/regression/strings-smoke-tests/java_parseint_with_radix/Test2.class
new file mode 100644
index 0000000000000000000000000000000000000000..56be994524e82e67469a887dd8b71c1b0310b01c
GIT binary patch
literal 936
zcmZuvT~8B16g{*3n0C9^4+JWrfP%KAQYh7`paD^nCRHCwn&8{Coz%r;m+WqR@t4Sp
zCO-JACe%ox@BSx^ca}l{eVLhiXU@6j+&jPieE$KUg8MoQT<4gJVP1!Z8#-<xrz4L-
z96A;_iaKKI#Vs9+C~+(?jLr$qldf+%w)fcdM9Y#L2KJI6x@Ov@|BxY+%QqRqn@&eE
zB<rRvpZ9iK(%n*z88UUJEv%++O%)H4VgHrsG4T49^!)NF!FPpeGmPizJK~KfS;Fp?
z9yyLBg}tiiS&Ov%=Z=t`@0L}WA+X`Qrrjl0z9(EycIcYb7)BbtXup0Y_5u;q2!_~N
z+Zx!=8&1z{%crIitp~am6{UeBQVgl{^kjUwyrOQGIm!lBP~o_3;0~$=MsR^4JA`Z;
zH}Q$<Ixa&b;ODq&;2x@H*k81EWZP#LJKc(bBh`uYkhNy}vMY%$7Wky_Tn7iRTAtjW
z!VMbBV6=`}+!R)iT+<|Ju*qS8O^c>aoE_<zuI!w+pho&V53}@b4EkFvl~s=E6awLq
zqBTuXiFQVNq|gWZOa~1aTBAXd=1FJc=m9QbjG{QkF+mvx{zzmY+BXiNZD&G#gzF0_
z{Tm_=3I~Y3!^9Wxeaug#-oD55A!6Ho#D504H03@Zahy|yLqXw5Dotugb(BhQWa+yX
zk-$2sS7K(43R3<OMLMdO#N|NF5~gs4<X;W)+HVv&rr9XrXHMK!0xLi|qaPr#4<7!6
XaOf-ezs?m+1e&p~`ZG&`hHHNTMv1&P

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_parseint_with_radix/Test2.java b/regression/strings-smoke-tests/java_parseint_with_radix/Test2.java
new file mode 100644
index 00000000000..5a67b9f22b8
--- /dev/null
+++ b/regression/strings-smoke-tests/java_parseint_with_radix/Test2.java
@@ -0,0 +1,14 @@
+public class Test2
+{
+    public static void main(Boolean b)
+    {
+        String str2 = new String("123");
+        int parsed2 = Integer.parseInt(str2, 10);
+        if (b) {
+            assert(parsed2 == 123);
+        }
+        else {
+            assert(parsed2 != 123);
+        }
+    }
+}
diff --git a/regression/strings-smoke-tests/java_parseint_with_radix/Test3.class b/regression/strings-smoke-tests/java_parseint_with_radix/Test3.class
new file mode 100644
index 0000000000000000000000000000000000000000..6c6390c1dbbc26fd403329b78364a1b4e0b106b5
GIT binary patch
literal 935
zcmZuvT~8B16g{*3n0C9^4+JWrfP%KAQnb~opn#}Jld2CTP4I2nPU_;aOLn*Z7kSad
z2cOl18cFos|D^HGwopW0X6D|RbM86!&d=Z9z5}S>z77LdITm7A)S=;;j_b(j$fFR4
zjwOzwj+lCJL&q{o94idt3&QiH>zj`4JvKejvSf#Wy<~{4nYQUaWC-Q*O@{E6(~%6x
zx@pVjy}g!nx7A~YOx<Y<t0`Pl#lvLSe`R_MyuK|xzr0HDJz?4mlezk?cq2-du)C#4
zj$=t-uPS=hA}#;9Bc$iMWmRSbZ1}EecZrqn3)hn!x@I+ov4$_&ub+wiKm;{{A-2}G
zhBowu({tPMsi{Qkfv#mmX&{LdL+UI&gI2Ao%bOgx43tsfxNYDLC^?364A~K4^SFmk
zT-R|KA^|<eT?6+}{fqoXYge{?hKbXi7#dQINRL=+wlBMq=wg9Q3ePlf2&?7E{3+b9
zuM9?O(BY=AdSsdgNpnq(3T#<4eB$g#&va$y#0B-y?|GP~Ut`eMVyUchOs5bCj})zG
zib}LI+9QQN*e5z@$j}-Mk~B^_8-oWpj|qz6n8Xxi6!-&?g=pVAg0_<h^%1TwrD9(Z
zc~Ce+^ev`7gCAgVCbj+!vqy;S^b!9N<kFOTkHm3K6%GZ3r>QilA=ObT!I7okUPJ;L
zq+W@c8x*Ac1&VZ3F^!9XoE6OA63M?D<h5TYa?G-E!q1(!tprwpbVff!;s8AS5#i7m
U@PC~vng}#wL-l8#0u5LG07P-SnE(I)

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_parseint_with_radix/Test3.java b/regression/strings-smoke-tests/java_parseint_with_radix/Test3.java
new file mode 100644
index 00000000000..1ad62071461
--- /dev/null
+++ b/regression/strings-smoke-tests/java_parseint_with_radix/Test3.java
@@ -0,0 +1,14 @@
+public class Test3
+{
+    public static void main(Boolean b)
+    {
+        String str3 = new String("77");
+        int parsed3 = Integer.parseInt(str3, 8);
+        if (b) {
+            assert(parsed3 == 63);
+        }
+        else {
+            assert(parsed3 != 63);
+        }
+    }
+}
diff --git a/regression/strings-smoke-tests/java_parseint_with_radix/Test4.class b/regression/strings-smoke-tests/java_parseint_with_radix/Test4.class
new file mode 100644
index 0000000000000000000000000000000000000000..5a6d40acd40e904bbdd95e8f4d012aa47995bba5
GIT binary patch
literal 936
zcmZuwT~8B16g|^zyW8zzw?&{L3Mgnlgtl5m1qDS-npAx#X@YOlc2XCYU9!9NzsQTm
z7oXLH8cFoszhpGt*%pfE%go$6bI(2J+}$6)zkUNy#a$f+E~{A3u&5(~D>|+srz4L-
z0y>H+uIbR^izOY)D5)qjj4yEC7hYhwj{nH=dCL|Z2KIs>zGgXAaGycR<(mxAO}8T$
zQgzD_&w9Hp;cdys44Jyy=5~{NmW+qVXz<eV8Pxig@Pq0qmG5%PVVKO-clc{wvbobO
zJ#<}LaA#G*vlemr&mC3zfmfAnMum;Qvz#uWs(ak?MTf3gjbW@2@b;^xd@m$HMlfh=
zZF?v~Z@4|LEuL7Cv>x(WmXHQgFd59#@YH#!Qm)ABii+z7ZlJ2-rh!{nF))TR4B1i5
zgCiFod!Fkt#KHzDZX39RmA~Mhw{}E3V3;`R#ZZ#8B0WN_If3X3g405w6rQqhSXRrE
z{1bIUXBmvvz~d&jdnB7iNs~>D8f@A$e!}bs-||G~SOqy5^nA?IcVp1U#muZ!OeY0Y
z50ln3MJ3u9?Xf~1>?0i_$j}-OlQd8|8-oWpiwTMnn8XxiWbu0fQ)u5fL}WXo^bxHW
zV_y)vS2#fY4W>Rp-N)jL`SUGi520=Mk@z0w(v*9L<WWxcRl>g0)S1W-={QkTsgs5x
zl2|A5lFQtnAF?<{kxrAG#(836qKp|_Aodr-eB_t>TV~lf)z2M^t%gc~bVffwavy5+
Y1ER`jsQ(I=Ffl}o4QbCj1rc2O0~gP|OaK4?

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_parseint_with_radix/Test4.java b/regression/strings-smoke-tests/java_parseint_with_radix/Test4.java
new file mode 100644
index 00000000000..06e69e10938
--- /dev/null
+++ b/regression/strings-smoke-tests/java_parseint_with_radix/Test4.java
@@ -0,0 +1,14 @@
+public class Test4
+{
+    public static void main(Boolean b)
+    {
+        String str4 = new String("-101");
+        int parsed4 = Integer.parseInt(str4, 2);
+        if (b) {
+            assert(parsed4 == -5);
+        }
+        else {
+            assert(parsed4 != -5);
+        }
+    }
+}
diff --git a/regression/strings-smoke-tests/java_parseint_with_radix/Test5.class b/regression/strings-smoke-tests/java_parseint_with_radix/Test5.class
new file mode 100644
index 0000000000000000000000000000000000000000..06d65ec696e7b1219c118c96b5f121231cbcf11f
GIT binary patch
literal 939
zcmZuv&2JJx6#orh1It!EY%A8PRI3Fl1uIy!)l^Uu64V0?Nxcm)!L8ffW_R&_u@}7<
z51!Pd7@O$b|4HMUg_c^q%*=Z;@AvWE{QUjxJAexAY0z<%V=;<r8UnbkVF@`6c@$#M
zu*`8oLsY#eYFI&uqs(x2QMj&jJj1r!M}{jprtC4W7YvaN!!o=F48dH!%@C^FJ;{)0
z8kT%E*zHJXOFd>tH|?%4+rlwaJWhtZmxjy0n_JTLs_Rs~D-4TaHrLz{uSLleR=-rU
zZBq(sUBR;sY5C6`Rl1&2RWy^rmgg8&pHTUpa9r7=Yt~?xYI&mj>Z#cCMNlIcq8nXv
zY(s0=1E(vW7)rF}>snEeIub}SBu~Q=bGa;P>iQ<fs*YQza8z~N#+r^PoMFgJY91bS
z@v-CB4nx={;JBmXF4q2nf8N=VU5{brWG}{+R4Y;w)Q08Bz9hJ)Z<NAQEgY9M@?`%+
z-MF(1dS}$*wlD`|n?^~KO-u;tCXJskd(t%=**kVYo%9AS7U<vT^to6vqa4#I2&zYt
z))Yl0+8OQP!Vv5e9Rf(x8u61fP&(_Q2bjhTMKR3c9A#ATdjbp6UOz-&I~^P%)Lc#`
zzao6UaDd1gWIluMV`)Bxk8hDZM09(I*bhIMR>^mWA0-ua(5Idwa?(S(BSgZHp&wsF
z95vFf<YY&bls`|AM#GuI1z*rA=5dh>T=MgQUnp{1X46!kJ@#Ai%>b#ic7XUkc<2K{
W!7t$ddRH)E1oTbSp#=&8xbg>cpS>^u

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_parseint_with_radix/Test5.java b/regression/strings-smoke-tests/java_parseint_with_radix/Test5.java
new file mode 100644
index 00000000000..0769189ce4c
--- /dev/null
+++ b/regression/strings-smoke-tests/java_parseint_with_radix/Test5.java
@@ -0,0 +1,14 @@
+public class Test5
+{
+    public static void main(Boolean b)
+    {
+        String str5 = new String("00aB");
+        int parsed5 = Integer.parseInt(str5, 16);
+        if (b) {
+            assert(parsed5 == 171);
+        }
+        else {
+            assert(parsed5 != 171);
+        }
+    }
+}
diff --git a/regression/strings-smoke-tests/java_parseint_with_radix/Test6.class b/regression/strings-smoke-tests/java_parseint_with_radix/Test6.class
new file mode 100644
index 0000000000000000000000000000000000000000..1309be8b84fc8f0ae11ccddcfc65ff750124f94d
GIT binary patch
literal 946
zcmZuv%}*0S6#va`%e33AbhiQ(Q9waks1y|e1r3OjkW@WDn&55PPH=JACA(X%{vC4B
z#Dixwp+*wD`#&kZ*%pc)d)S%x=Dqj(nECPR>o)*%STc~s1jl3w*9>U5ZlH*gfhkO<
zkwIC1eSCb(al=4bmCYEaV3y-1Lw-Vpp$sC&_rga`DC(|kGO*_ieanvLL=PDBVyVWE
zSo52bp}*>Q@@Z?YE`u#q%wSjjhHz^la8%q)CZZQk$iS;xGK}VzsC`d39>ZX<x+`9Z
ziYvUG%0u6GrSO*2cvdGa|2d=1FbasMedcg83LI~Trt*CegtAG;Y=a@Y8HvWrCt^P)
zL2fXlmK$zYhOz0lf`(jo6lo*oHKVwg$iZUB^>}s0Q}e=l=TjxOIBuI{^&O6R6AM^0
zaSr_qg<jw4iIb0mzz-ObF$l+96Zf$A2gI}bu53gM184o{%2IY%y{Q{sBzGi@OT}U-
z{L98}+eV2jIMdg4m%*%ee69(%Mbhay>2~{j0BbHi0h-yAp%cjFsS0v4YK0i52b85(
z#&QLvn07iy3oQEE6jf+tv?iz8U>|9tAy5ClILUCH_GYI50~n+zjUf~$qnh8-FrC)b
zBWT;U-bSK2oy&be^8VBz`rcsZ6ZiopN9@#Fj2<Dq-G=c!&RLXuhs;S%0qZgFFhMJL
z1DrUf2r7*-QCK1Nip*FC5En2^kwI5^5hFy$!YnS~GSMH6^V(08ImTF?W{jVzor|Ra
gmYq3-c>tdHfQ0@T{9om2OcI*8qWrl+frhKU0s2wE!T<mO

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_parseint_with_radix/Test6.java b/regression/strings-smoke-tests/java_parseint_with_radix/Test6.java
new file mode 100644
index 00000000000..73dbc1703e7
--- /dev/null
+++ b/regression/strings-smoke-tests/java_parseint_with_radix/Test6.java
@@ -0,0 +1,15 @@
+public class Test6
+{
+    public static void main(Boolean b)
+    {
+        // 2^31-1, max value of Integer
+        String str1 = new String("7FFFFFFF");
+        int parsed1 = Integer.parseInt(str1, 16);
+        if (b) {
+            assert(parsed1 == 2147483647);
+        }
+        else{
+            assert(parsed1 != 2147483647);
+        }
+    }
+}
diff --git a/regression/strings-smoke-tests/java_parseint_with_radix/test.desc b/regression/strings-smoke-tests/java_parseint_with_radix/test.desc
deleted file mode 100644
index 8b4a846fa3b..00000000000
--- a/regression/strings-smoke-tests/java_parseint_with_radix/test.desc
+++ /dev/null
@@ -1,16 +0,0 @@
-CORE
-Test.class
---refine-strings --function Test.foo
-^EXIT=10$
-^SIGNAL=0$
-^\[.*assertion.1\].* line 8.* SUCCESS$
-^\[.*assertion.2\].* line 9.* FAILURE$
-^\[.*assertion.3\].* line 14.* SUCCESS$
-^\[.*assertion.4\].* line 15.* FAILURE$
-^\[.*assertion.5\].* line 20.* SUCCESS$
-^\[.*assertion.6\].* line 21.* FAILURE$
-^\[.*assertion.7\].* line 26.* SUCCESS$
-^\[.*assertion.8\].* line 27.* FAILURE$
-^\[.*assertion.9\].* line 32.* SUCCESS$
-^\[.*assertion.10\].* line 33.* FAILURE$
---
diff --git a/regression/strings-smoke-tests/java_parseint_with_radix/test1.desc b/regression/strings-smoke-tests/java_parseint_with_radix/test1.desc
new file mode 100644
index 00000000000..0ab380c3cde
--- /dev/null
+++ b/regression/strings-smoke-tests/java_parseint_with_radix/test1.desc
@@ -0,0 +1,8 @@
+CORE
+Test1.class
+--refine-strings
+^EXIT=10$
+^SIGNAL=0$
+^\[.*assertion.1\].* line 8.* SUCCESS$
+^\[.*assertion.2\].* line 11.* FAILURE$
+--
diff --git a/regression/strings-smoke-tests/java_parseint_with_radix/test2.desc b/regression/strings-smoke-tests/java_parseint_with_radix/test2.desc
new file mode 100644
index 00000000000..0b6a1a2dd97
--- /dev/null
+++ b/regression/strings-smoke-tests/java_parseint_with_radix/test2.desc
@@ -0,0 +1,8 @@
+CORE
+Test2.class
+--refine-strings
+^EXIT=10$
+^SIGNAL=0$
+^\[.*assertion.1\].* line 8.* SUCCESS$
+^\[.*assertion.2\].* line 11.* FAILURE$
+--
diff --git a/regression/strings-smoke-tests/java_parseint_with_radix/test3.desc b/regression/strings-smoke-tests/java_parseint_with_radix/test3.desc
new file mode 100644
index 00000000000..7b68147d90b
--- /dev/null
+++ b/regression/strings-smoke-tests/java_parseint_with_radix/test3.desc
@@ -0,0 +1,8 @@
+CORE
+Test3.class
+--refine-strings
+^EXIT=10$
+^SIGNAL=0$
+^\[.*assertion.1\].* line 8.* SUCCESS$
+^\[.*assertion.2\].* line 11.* FAILURE$
+--
diff --git a/regression/strings-smoke-tests/java_parseint_with_radix/test4.desc b/regression/strings-smoke-tests/java_parseint_with_radix/test4.desc
new file mode 100644
index 00000000000..8c775500aaa
--- /dev/null
+++ b/regression/strings-smoke-tests/java_parseint_with_radix/test4.desc
@@ -0,0 +1,8 @@
+CORE
+Test4.class
+--refine-strings
+^EXIT=10$
+^SIGNAL=0$
+^\[.*assertion.1\].* line 8.* SUCCESS$
+^\[.*assertion.2\].* line 11.* FAILURE$
+--
diff --git a/regression/strings-smoke-tests/java_parseint_with_radix/test5.desc b/regression/strings-smoke-tests/java_parseint_with_radix/test5.desc
new file mode 100644
index 00000000000..2b0338b1c0c
--- /dev/null
+++ b/regression/strings-smoke-tests/java_parseint_with_radix/test5.desc
@@ -0,0 +1,8 @@
+CORE
+Test5.class
+--refine-strings
+^EXIT=10$
+^SIGNAL=0$
+^\[.*assertion.1\].* line 8.* SUCCESS$
+^\[.*assertion.2\].* line 11.* FAILURE$
+--
diff --git a/regression/strings-smoke-tests/java_parseint_with_radix/test6.desc b/regression/strings-smoke-tests/java_parseint_with_radix/test6.desc
new file mode 100644
index 00000000000..71b3d8423e4
--- /dev/null
+++ b/regression/strings-smoke-tests/java_parseint_with_radix/test6.desc
@@ -0,0 +1,9 @@
+CORE
+Test6.class
+--refine-strings
+^EXIT=10$
+^SIGNAL=0$
+^\[.*assertion.1\].* line 9.* SUCCESS$
+^\[.*assertion.2\].* line 12.* FAILURE$
+--
+--
diff --git a/regression/strings-smoke-tests/java_parseint_with_radix_knownbug/Test.class b/regression/strings-smoke-tests/java_parseint_with_radix_knownbug/Test.class
index 507c0f9f16b5fadb2004d17ab72f384c4f076501..5e30e2f707ede46c5ca6e19c8bc3a404b4b3f883 100644
GIT binary patch
literal 966
zcmah|O>fgc5PcgbaqKwci?*Q@`aui%piK&;6jGp2K#COLkSbESZIV@RaqY@>IP*8?
z1;m9jAT@|eaOXdPn03;o6eN7`?u=*Nd-Hbv<JZ@309H`dk-)r)g%~dD2;qv3JPJCB
zC~1h}s`8r3R4nSyWZ9CAGAb&T8M5=-^Mvc0j_o}(J>IfJhk-q3h_0Kq>EC5g@`WZt
zc+=?!hGgBe#nawyOSoIIm?2Yl+T3b#*Oc)v8TMb89%0nCgy&bOdzYIw!+5^F!(Z{T
z#qDnSf#X<$+f|9qS|sHk--zAwT}d+PYxu5dcL_AQ$6YUwTVqHxeBOTfgzp6k$O?wo
zdfOV#pf{YJ+ZK;asaTVumL#Bo6w(Z-)8Gtqi_4Y&JhJ(kit7d)zzr3v25w@_z!@YN
zawEk1NB%x?U57>qOLi5v4BW=rAKcGcJEH9~jGc68IIT1(Jp!%SzUT@<iv=D~c*@*i
zTdhFWoah^R&S10#?l-yBBTMLv>By5Kf=!F=1z~oCXS$+uJOsJy_dLwftxC|HVyT=Q
zn05+i7NqH&p{PtNqcu|OgMFk;2w8eZgCxUQ+8cucjA5K24HL*wMmE1EFoo8QLxi?7
zN+02RDe?u8JH-P;-(cbs)O{>WWnynJeF$y45B+<POH=M0;zv2js|380#4Oo$`Uz5q
z5toJ%DY!@CrIwiiAI@QtA|0zZk10}<LIoFak<?EI`Or_4RLrm}Vay&6yAn(Sq%-jY
c82eDe9}rePL;ZVj2@^rc*pT+jQ4qqV-^5<P?*IS*

literal 1035
zcmah|-%ry}7(I90)~+k;2Z}iH7a|T21~^3p`4N<4$y5@^5_l`y6^nBvZShh3J9v>d
zp4CK*B>L`u<OAZlWik{J+ob*Ox!?J|@0{EI`1SQ0fFd56Xh)xpTL$tbBIq|UfWZVT
z+}5@Z4-a(=nK002U|4%chK_=X5sc~>6X@u*eP4Qk<2L-qj&HBlWlcb=2*f9yh7(K)
zX!-t%Ky=QnNr6<^X~<`ruUDnFq>=@)Ww&bAE4JsTbrXyRFCCvX%1hD@CRpQz>#|0^
z6qfP>Z&VT2?KgIzZa3Bni-G4f)|jYo*q$$I+!iGgn8_iVAS2-jv@Hg9_0>~*BkV=p
z0>)&u-kjE4bT_@KoOjf03DtgBwXu*vRv`UvOLE8Ok1myRM@P}ZUEH&fLRz4!l|TE(
zrzf80dICK|qa**hC_oLMW8A`hJou~q^VM}(4Ft~TPurkO%CtI{8i8DsY-xn%a4FDv
z2CdXj%Tg`gT%Bjj)SC1iPu7kF(7#}l8$8$*T<3Sv&aXnGyOd-`8rU6KK0CN7@Gba`
z4eUXDU=YDMKI0+C@fll33FyQHt`g|NMIt1N9E)khwsO%OOz$JIoYnRaEf1#CUl4or
z5%Fzgy0iLwB==z~?;-L17~5%KyO_zvb}$hZFv9||ll<fv{NxF~8e0p;9^<go!ds_W
zgCi&SvzVAd60_W!rxy#{snCgay6~1Vl*A$#DSDB^B}(f=9^JT1D;6+}D<M`Pb~VH(
z7uOhp-h!6I4ltmjNBl%b<N*0*$mTbWO)iEG0-3D!8ExCpqq~S|pAbK7xT+aL#F|mZ
K(#u5zH-7_Q@W%K6

diff --git a/regression/strings-smoke-tests/java_parseint_with_radix_knownbug/Test.java b/regression/strings-smoke-tests/java_parseint_with_radix_knownbug/Test.java
index e7cbf6df57b..6967518352e 100644
--- a/regression/strings-smoke-tests/java_parseint_with_radix_knownbug/Test.java
+++ b/regression/strings-smoke-tests/java_parseint_with_radix_knownbug/Test.java
@@ -1,20 +1,15 @@
 public class Test
 {
-    public static void foo(int i)
+    public static void main(Boolean b)
     {
-        if (i == 1) {
-            // 2^31-1, max value of Integer
-            String str1 = new String("7FFFFFFF");
-            int parsed1 = Integer.parseInt(str1, 16);
-            assert(parsed1 == 2147483647);
-            assert(parsed1 != 2147483647);
+        // -2^31, min value of Integer, and longest string we could have
+        String str = new String("-100000000000000000000000000000000");
+        int parsed = Integer.parseInt(str, 2);
+        if (b) {
+            assert(parsed == -2147483648);
         }
-        else if (i == 2) {
-            // -2^31, min value of Integer, and longest string we could have
-            String str2 = new String("-100000000000000000000000000000000");
-            int parsed2 = Integer.parseInt(str2, 2);
-            assert(parsed2 == -2147483648);
-            assert(parsed2 != -2147483648);
+        else {
+            assert(parsed != -2147483648);
         }
    }
 }
diff --git a/regression/strings-smoke-tests/java_parseint_with_radix_knownbug/test.desc b/regression/strings-smoke-tests/java_parseint_with_radix_knownbug/test.desc
index 62ba98812e5..b0af402d3bd 100644
--- a/regression/strings-smoke-tests/java_parseint_with_radix_knownbug/test.desc
+++ b/regression/strings-smoke-tests/java_parseint_with_radix_knownbug/test.desc
@@ -1,12 +1,10 @@
 KNOWNBUG
-Test.class
---refine-strings --function Test.foo
+Test2.class
+--refine-strings
 ^EXIT=10$
 ^SIGNAL=0$
 ^\[.*assertion.1\].* line 9.* SUCCESS$
-^\[.*assertion.2\].* line 10.* FAILURE$
-^\[.*assertion.3\].* line 16.* SUCCESS$
-^\[.*assertion.4\].* line 17.* FAILURE$
+^\[.*assertion.2\].* line 12.* FAILURE$
 --
 --
 Issue #664 is about turning these tests on
diff --git a/regression/strings-smoke-tests/java_parselong/Test_binary_min.class b/regression/strings-smoke-tests/java_parselong/Test_binary_min.class
new file mode 100644
index 0000000000000000000000000000000000000000..8ad0ba0388bce38619de2b90920a99d33fe980b7
GIT binary patch
literal 944
zcmbtT&u<bz6#fPlmR*+et02W+pjCm|VzuhQ#z1OKG^-wHnv_d3zy_znZnL|Xc=M0&
zQm!66tBDw!=-vNG<D2adBK78MGV|umoA3MHd$T`(fBOz#4fk{;a8<=(4A*poa9zg@
zR5Zj<jl87@8can^hbE(zblk+UiWP?JBKJJY^@U@5kA%lN1FOft+6>WkVGI8uL%34i
zW>7Yqp2d(fg>5|_4Lg>*C4(6<rqktvZSD%WKXxkqOW`r3%`MCGcRRx7?wj4Aupbc6
zkPDlZN?XFR4iR|1D{=PtYhE94yI*hluCV(Q9Np)x7btqlkZAe5`|26r4@f9khS+*{
za4b`AIU~1gJr+{b{0#4k#5RyZnjtmI!_Zh>{l6ih>nd&;SjBAvb4W52raaA)8gII;
zL%Akr<f*u0P#5q1CGJIM&+7UNxysqf$kNSC@lD6>GiX7vj_mwDE<LGI5tGwf8w2V+
zL%wHu!nJy*BB{*&hz_XnZItN^CFJu-6=Ygug+Vfrra42qI<1V>NNoc4k&F<sG)Ds`
zHG*v8C;&O+X{X^F3gnTO-$S7fXdWW8lL=3tm`jnbh%}1_SonnK7}e4|)OQCcA41!i
zK>rbVvw?Sv_=#5%hXdjwQA>IqDyfW-01Y*g&>;0vOo`%%5DP&rI_{&0^CTxlox6aG
zB>xhf(?9eJH5HeY9AT7Bvt0{P0n(ZH7Z_ux$_FUn&xoGQT*5>UG8(czW!i*r<qvH<
Bxz+#x

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_parselong/Test_binary_min.java b/regression/strings-smoke-tests/java_parselong/Test_binary_min.java
new file mode 100644
index 00000000000..01f265c364c
--- /dev/null
+++ b/regression/strings-smoke-tests/java_parselong/Test_binary_min.java
@@ -0,0 +1,15 @@
+public class Test_binary_min
+{
+    public static void main(boolean b)
+    {
+        // -2^63+1, because we currently can't cope with -2^63
+        String str = new String("-111111111111111111111111111111111111111111111111111111111111111");
+        long parsed = Long.parseLong(str, 2);
+        if (b) {
+            assert(parsed == -9223372036854775807L);
+        }
+        else {
+            assert(parsed != -9223372036854775807L);
+        }
+    }
+}
diff --git a/regression/strings-smoke-tests/java_parselong/Test_decimal_max.class b/regression/strings-smoke-tests/java_parselong/Test_decimal_max.class
new file mode 100644
index 0000000000000000000000000000000000000000..35313e14aea362f355b4194466efdb88b0927d46
GIT binary patch
literal 900
zcmZuwOK;Oa5dJoC;@EMTS5wmPN}xc}LKE^VqJmZh4k*AORi)-qZ5%7OBu-^Jh#P-`
zOLOGH8ITB~65RPuJZ9ZTM2ao#&dkot_sz`i&)?s^1E`{|B7*BOmO{9p!iSqGZXvHA
zj6&e;pW{!)vI<3bt*E$-J2F-ol1toi4BIt_mh;GTc&Bf48CaVkxNcge`+&ipFYGW#
zTf?rw5N(>4@q9Gs81}YsW=J%LI`8jr+Z6hVQF33JjyT&k9Cxp4=;na;_XhmUeabZ8
zrbS!6E%LGsAvmrrocH-_UhH$LS8TbqY4ylCc))GPqx6&^(sH@}>KQ-qP^eml(7N6~
z;i<NUBU?9~n1WSm7I;-8*APRTAvOy{eYjUHS1OHisZw97RU3`kTB#wti!w?Y?xL(=
z4pD~mG<5T{agS|#Nc>~7kTNP7&8GGb;ET?_p}Rydf4*GNkGUy8b7=J#6t4rv@_&P<
zG0|zzR-XpSu+TLe(>A(iB&l`ohz@9)ZRF@;MCjtMSXz`tk{`qpaat3k6=`R*2bL#b
zA4%{bNo&wEGR%{#9XlX}1=18;K$<Kf_&p^0fsG^hb`$;yq~^+31U55=Sp0<G7=`RS
z<adY29YNWhK>gualb&^q@Tpbc`aRqXAq#XBGLa3DO+kSeJS6ghOP2fy4~t$YD(cAK
zBC(0m;4a}ZvA;s+^e%p(Amgf(q8!<?Vyj*yKs*ut0&NUg`T)uQ8Nu^~i!=fFv<=ao
J94S6r`wJ#gxY_^!

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_parselong/Test_decimal_max.java b/regression/strings-smoke-tests/java_parselong/Test_decimal_max.java
new file mode 100644
index 00000000000..ec7bfd25266
--- /dev/null
+++ b/regression/strings-smoke-tests/java_parselong/Test_decimal_max.java
@@ -0,0 +1,15 @@
+public class Test_decimal_max
+{
+    public static void main(boolean b)
+    {
+        // 2^63+1
+        String str = new String("9223372036854775807");
+        long parsed = Long.parseLong(str);
+        if (b) {
+            assert(parsed == 9223372036854775807L);
+        }
+        else {
+            assert(parsed != 9223372036854775807L);
+        }
+    }
+}
diff --git a/regression/strings-smoke-tests/java_parselong/Test_decimal_min.class b/regression/strings-smoke-tests/java_parselong/Test_decimal_min.class
new file mode 100644
index 0000000000000000000000000000000000000000..8260f5d3e609843e35590873105537e398b536c4
GIT binary patch
literal 904
zcmZuwTW=Ck5dID<EW2#Wtsuo4XjLe-AeVx%G197u2K9laNqK1&*x;$KG`ow>{s>>n
zvx(1YBE}~A?tjuaXL})1cauGH=6o~XH#28{{rUa_Km{8r7I0I>N&vT1cyL?A9b^>*
zk@LMH1U*c~stQG*@+$6PO~yJyY(=+i!*ck@v>$U@?+lC{18Xz*H@V53hYa3qZkIvY
z9`y`{P?MX+%ki*dSUUpD5N(dS`e0YLxY(aMCFeD_#o3NwJNrGO%ZK`4f5^=Tlxe7Q
zla_2-<YgUVupLW)5A?TsVW6A+Ld&tZ*(b37P`7MX(sPD|mZNvyywDF_7OIvZu-P4)
z>Qq~!vDG!6a-k|dPrNRYYX~F45S}MuSX#SZDwWH%Qn9>IuU2ZcYQ0z!@Pdq@hI=S!
zSVV{+Ig4$ab?%8}ji`X|Jg1DZM#HK8!}zLmV00Z)n7vr9XvpG>pgA)842s)=6Fc#r
zpl3O1O=uRiJ)n^?BzlI;Eu(j?lA7m?>44_hMux7&g18moq^OH5FGwaL^o`Q4Kr5rw
zw>ky;M1}`3`ubfbwTo=+1b{dav{P^iN%Dx`50K~uwvOT1i+ZP!n)$H$4ZcR|2+N=0
zpCFfBg8cpnnPVt>Q>Z^(Z_M>h5Ipk=X0OYfB5uL2LMD*`VpWhQ4Goen)T9YVj97My
zQBg+<mq|~AW_JZwN&huEr+?!&@-nVVamtZCFSp{>0z{(0uh1rtrH_!jU*Nx3x=7=L
OM|&h1l%b6WH~s>>g|dSH

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_parselong/Test_decimal_min.java b/regression/strings-smoke-tests/java_parselong/Test_decimal_min.java
new file mode 100644
index 00000000000..0d7c53694f7
--- /dev/null
+++ b/regression/strings-smoke-tests/java_parselong/Test_decimal_min.java
@@ -0,0 +1,15 @@
+public class Test_decimal_min
+{
+    public static void main(boolean b)
+    {
+        // -2^63+1, because we currently can't cope with -2^63
+        String str = new String("-9223372036854775807");
+        long parsed = Long.parseLong(str, 10);
+        if (b) {
+            assert(parsed == -9223372036854775807L);
+        }
+        else {
+            assert(parsed != -9223372036854775807L);
+        }
+    }
+}
diff --git a/regression/strings-smoke-tests/java_parselong/Test_hex.class b/regression/strings-smoke-tests/java_parselong/Test_hex.class
new file mode 100644
index 0000000000000000000000000000000000000000..e65697c2635f5202bbd4adcd56cc4720fde6a865
GIT binary patch
literal 873
zcmZuvU2hUm5Iq+b7M7)awMg*`v?>%Wv{qwcV??Zp2K9laNqI3BxYAqcZnL`>e~2&T
z*~AB*)I^L;^xeeY;xEuRcUwxdW|Mno=FZGHXJ)_u{_+*TDsCEx<D!m*2rd~2;Ie@$
zC`A!NIYbHXe*9$gx@aJ(vML6y;+l>nhRgzYUEz4rw%q&D<(+}(F|am6cuiW;yTcGH
zl{Xo*hTRhkiKeu~li_YhI2$UNA>FjQe6YzKsr;j$=50%t!Dwy>*L$`tUfre+yIfjy
zmD;Kw>riLcb5w&J{*qS*-0D|bo+GV3C5QL8<N8z{F~nOQ@4k4<_x$dpk|DCz9USp9
zTK3TCiU(4$iBABRR8td4q!^O_0#IJ1R;za!z4hm{<(2Cyud1VFVi_wYW{_aWO^fQ2
z5v@CpO^hQG5FJ#yiW`4HJnig=uE#J}Iw?#kpP4pp+E$+->T5l;v;Qf2Sf&{yrd5pr
z?TjJY6Rvbb@0cA;$s5uGEv$_q?LJPcXUUw>Lsk$(6Dc~=<W=crbcYtlVDHHYAVX)^
z4>HV>Z5}3I4q5V|IE5TVRPh^V^a1w{5ZFow$IzOUWb!jY_542OKOj6pxiAa;^*)LR
zh;EHxeDk9jKRQBe5>?1SA30ChL<a`lDd>b6L4`!rNrqxmpgcmvyf4PUE#z^U_@roO
zXK<GIpQCsB`G29J<GiNo3&(O-eJwyL9s2}x1YLUzE%*`PlhRe25CZ01HJ~Cn0bKY4
DO6aN>

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_parselong/Test_hex.java b/regression/strings-smoke-tests/java_parselong/Test_hex.java
new file mode 100644
index 00000000000..f42b5319f7b
--- /dev/null
+++ b/regression/strings-smoke-tests/java_parselong/Test_hex.java
@@ -0,0 +1,14 @@
+public class Test_hex
+{
+    public static void main(boolean b)
+    {
+        String str = new String("+00AbCdEf0123");
+        long parsed = Long.parseLong(str, 16);
+        if (b) {
+            assert(parsed == 737894400291L);
+        }
+        else {
+            assert(parsed != 737894400291L);
+        }
+    }
+}
diff --git a/regression/strings-smoke-tests/java_parselong/Test_octal.class b/regression/strings-smoke-tests/java_parselong/Test_octal.class
new file mode 100644
index 0000000000000000000000000000000000000000..3b368c7b9cdd80f0e7acd114db62a0c6d2d0a673
GIT binary patch
literal 882
zcmZuwO>fgc5Ph3CapE}5R~ypsl|X@{fu<j6L83y00uogUhg6lC3)(nV*y7ri?eH7;
z0bH6h5@$dnh)Qtdz)wN~G3z#spvabIcXnppdo$}FzrTD1(7>98B(AEMi{YAv5Uy*u
zfl3?+R3pI8@2}}qF|Q#mqiPy%;+Bd9hTI(YJk#}sV|x#U$Geu<V_+SI=(@0le~%$t
zsqQc+8&1z;NVSA*J{|0LO?O)cGh|zi!L1$c3b{XVD*g-MG3c#r)AOG@hR?0LRAZkD
zn@pu6E3z)t_Iy{C*yFEw-Qsq?-u7K#_bE7fz+EpOv&oQb``mcB#Sen|q>~}GZdfM_
zwYD>G4fC;(d{Pt01zA={8X1Q4zYyfQy|&s|SzcNkTNzqcv8ZDS%Q~izVkk`Vn&VDA
za$SdLYZD|DD>{u~^)H-f-96Lr8D=VH^~nZIO-i>MyU!30Bp<Ky|4DjMrB<XSSsNA&
zk0IYPJ>i<YQ-0Jee?SK`xem&736gY4Sh^q;(JBn0i41+Sw5yY4WFzw<u=lhGAxGb6
z;AEJlwSF9c8RTgf$2k<pBa`1kp$B+ygwSp_Jc81yrDLBFX%-JL`vK7*s-<bDZw^sD
zLVR}w?OWi@1>PYNW3NOG2gpUjCOXi_W}p&k3^fwbBpH%TiQ)(mvw;{5cTmK6;*+7N
zUBE@+e~HfNFZhL;ipz@3FP+M51X_ShHt`Ai5UTPHO86t9XQj(B5rp*nvO#6qgmC2#
D2llRd

literal 0
HcmV?d00001

diff --git a/regression/strings-smoke-tests/java_parselong/Test_octal.java b/regression/strings-smoke-tests/java_parselong/Test_octal.java
new file mode 100644
index 00000000000..c7358417154
--- /dev/null
+++ b/regression/strings-smoke-tests/java_parselong/Test_octal.java
@@ -0,0 +1,14 @@
+public class Test_octal
+{
+    public static void main(boolean b)
+    {
+        String str = new String("7654321076543210");
+        long parsed = Long.parseLong(str, 8);
+        if (b) {
+            assert(parsed == 275730608604808L);
+        }
+        else {
+            assert(parsed != 275730608604808L);
+        }
+    }
+}
diff --git a/regression/strings-smoke-tests/java_parselong/test_binary_min.desc b/regression/strings-smoke-tests/java_parselong/test_binary_min.desc
new file mode 100644
index 00000000000..9fa189f76cf
--- /dev/null
+++ b/regression/strings-smoke-tests/java_parselong/test_binary_min.desc
@@ -0,0 +1,9 @@
+CORE
+Test_binary_min.class
+--refine-strings
+^EXIT=10$
+^SIGNAL=0$
+^\[.*assertion.1\].* line 9.* SUCCESS$
+^\[.*assertion.2\].* line 12.* FAILURE$
+--
+--
diff --git a/regression/strings-smoke-tests/java_parselong/test_decimal_max.desc b/regression/strings-smoke-tests/java_parselong/test_decimal_max.desc
new file mode 100644
index 00000000000..25795287397
--- /dev/null
+++ b/regression/strings-smoke-tests/java_parselong/test_decimal_max.desc
@@ -0,0 +1,9 @@
+CORE
+Test_decimal_max.class
+--refine-strings
+^EXIT=10$
+^SIGNAL=0$
+^\[.*assertion.1\].* line 9.* SUCCESS$
+^\[.*assertion.2\].* line 12.* FAILURE$
+--
+--
diff --git a/regression/strings-smoke-tests/java_parselong/test_decimal_min.desc b/regression/strings-smoke-tests/java_parselong/test_decimal_min.desc
new file mode 100644
index 00000000000..95a847bf862
--- /dev/null
+++ b/regression/strings-smoke-tests/java_parselong/test_decimal_min.desc
@@ -0,0 +1,9 @@
+CORE
+Test_decimal_min.class
+--refine-strings
+^EXIT=10$
+^SIGNAL=0$
+^\[.*assertion.1\].* line 9.* SUCCESS$
+^\[.*assertion.2\].* line 12.* FAILURE$
+--
+--
diff --git a/regression/strings-smoke-tests/java_parselong/test_hex.desc b/regression/strings-smoke-tests/java_parselong/test_hex.desc
new file mode 100644
index 00000000000..efae1994f9e
--- /dev/null
+++ b/regression/strings-smoke-tests/java_parselong/test_hex.desc
@@ -0,0 +1,9 @@
+CORE
+Test_hex.class
+--refine-strings
+^EXIT=10$
+^SIGNAL=0$
+^\[.*assertion.1\].* line 8.* SUCCESS$
+^\[.*assertion.2\].* line 11.* FAILURE$
+--
+--
diff --git a/regression/strings-smoke-tests/java_parselong/test_octal.desc b/regression/strings-smoke-tests/java_parselong/test_octal.desc
new file mode 100644
index 00000000000..72dc00545cb
--- /dev/null
+++ b/regression/strings-smoke-tests/java_parselong/test_octal.desc
@@ -0,0 +1,9 @@
+CORE
+Test_octal.class
+--refine-strings
+^EXIT=10$
+^SIGNAL=0$
+^\[.*assertion.1\].* line 8.* SUCCESS$
+^\[.*assertion.2\].* line 11.* FAILURE$
+--
+--
diff --git a/regression/strings-smoke-tests/java_parselong_binary_1/Test.class b/regression/strings-smoke-tests/java_parselong_binary_1/Test.class
deleted file mode 100644
index 199471e4b3e59c46dea1fbe29a3cdce80ba66a28..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 854
zcmah{%Wl(95Ixt=*m0UyW5Tnvv>^$!X=!!@R8&AJ1iDC7sogn_2`<L2Y={3qVncp_
zH6Rg0CD`*tY#_{aO9B)LFYcWg&zy5+=6?P0=`(;PnmRI=SFw=76&(T=bu6KxA&sl@
zcs%|_Nl;PMq4BJmjykTXxXw^qw4%rfV>j@lyKZE4J*UUO_8F9x>$~x72C-V(Wso+5
zp2LuByT0>y@Vx7UJ3N`8&<<?N+qFWM`zJvue(FYq(cW>Q_$FaI2?9E!IOGKf)(flQ
zS$@CKi9^@#Q-X46g;7HNfFaX~E&JIc>o7s1t{74++dI*tcY;A^JNI4Au5p4D4rm~U
zJVWkpaE7JjwblQBynb25ih%}J4a^|RP@aO_`8B3{VHi*s5+_!%X5a?a|DfIO9yoT)
zP^zA8luvSI3fd0*KJ}3Fer%inDB7ygOtRCeO^<fQVD_BI4V~UZ8BHx7&<|SJKIUon
z8QMC_m3c2@i6EKC(^(*|K{umYu8+Xpk|Cf-r;-F2X2~{=6HtOlo`y4%;+K#J4!Cs$
zVXq*LAU&+hA0cnNgEB;MZWijR*GL~h+Z#du@>_H`jdD^kAvGbBtw5(YnnMZ|B5RSy
zMVKT^$2!V5OCGHV=Ww2cT_BHM`gc@RT$D;wb!j56nFt5+h4cp)L#WalNaA}ar~BkE
PG6Z9TPh*Z80hfOQZd#^M

diff --git a/regression/strings-smoke-tests/java_parselong_binary_1/Test.java b/regression/strings-smoke-tests/java_parselong_binary_1/Test.java
deleted file mode 100644
index 00b77873c3e..00000000000
--- a/regression/strings-smoke-tests/java_parselong_binary_1/Test.java
+++ /dev/null
@@ -1,11 +0,0 @@
-public class Test
-{
-    public static void foo()
-    {
-        // -2^35
-        String str = new String("-100000000000000000000000000000000000");
-        long parsed = Long.parseLong(str, 2);
-        assert(parsed == -34359738368L);
-        assert(parsed != -34359738368L);
-    }
-}
diff --git a/regression/strings-smoke-tests/java_parselong_binary_1/test.desc b/regression/strings-smoke-tests/java_parselong_binary_1/test.desc
deleted file mode 100644
index d7a85429a93..00000000000
--- a/regression/strings-smoke-tests/java_parselong_binary_1/test.desc
+++ /dev/null
@@ -1,9 +0,0 @@
-CORE
-Test.class
---refine-strings --function Test.foo
-^EXIT=10$
-^SIGNAL=0$
-^\[.*assertion.1\].* line 8.* SUCCESS$
-^\[.*assertion.2\].* line 9.* FAILURE$
---
---
diff --git a/regression/strings-smoke-tests/java_parselong_decimal_1/Test.class b/regression/strings-smoke-tests/java_parselong_decimal_1/Test.class
deleted file mode 100644
index 98489907514727a836ac1541da4410878245c40f..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 828
zcmZuvO;giQ6g@9VlO|0`X=$yWh=P_XlwzgB&~b237gBUlh8ftsrm+TN!X&A`!-X6B
z2VAQ&){z<A`=4~YFJP<U=H;H7d(S=h<NMDqUja1GFp$NZhHGhDHy~l&zyfaQ$lzuQ
zU=#yrs2I>i)S`hZZfUs9P?+aY<b<&s_|XG5;$6?_F|Y#$wdMM5e2+n{EbcKVTS3oZ
zu-dNgJQ=*~I^nJeX2`b#n|pgabOk<jD)DnSB98X16U7_E@hk}Fjp9%w9P(GZ=5fDY
z>%^h!_bEU<;$f7Oe$0^V#N2+d!;ca+>WU%Vvb|G1Mkg4Aw)4mp)pb!|SrD4YVVWWL
zFFDcGSJv0>*6VAl&1Q2=#4Tx9Hc`Whi78kN<w?^0-{W`~h5@NnL;($T6RWuM7yZ-j
zp<~Ak#md=+#Kfj1r0u}(lh&li6Z^kO)VeiE+VW^M45gkExuMe=3!~x01NuRGIlvsP
zI7`cAxw2@5ESc6#lb|<Gs77D0{#11Y_MQw01$x!Q$uL8<c@lskN`!Qr8z;YpLUcgu
z7}9=T9zofzenx8Z1Jof3vop}%yhY|1`u+&Uw?DkYiC5H=lbR*aDN<#FF401o4phem
zA)%o}x(u3d8RrRESi%KdBwd#X(LMjbf`-dVk+QCg)in~`z;r(I3FZ)*@(zmp5$f4C
Q1x*T)xhaM*OF+WaUyl8qtpET3

diff --git a/regression/strings-smoke-tests/java_parselong_decimal_1/Test.java b/regression/strings-smoke-tests/java_parselong_decimal_1/Test.java
deleted file mode 100644
index a46474b1ac4..00000000000
--- a/regression/strings-smoke-tests/java_parselong_decimal_1/Test.java
+++ /dev/null
@@ -1,11 +0,0 @@
-public class Test
-{
-    public static void foo()
-    {
-        // 2^40
-        String str = new String("1099511627776");
-        long parsed = Long.parseLong(str);
-        assert(parsed == 1099511627776L);
-        assert(parsed != 1099511627776L);
-    }
-}
diff --git a/regression/strings-smoke-tests/java_parselong_decimal_1/test.desc b/regression/strings-smoke-tests/java_parselong_decimal_1/test.desc
deleted file mode 100644
index baaacde7d66..00000000000
--- a/regression/strings-smoke-tests/java_parselong_decimal_1/test.desc
+++ /dev/null
@@ -1,9 +0,0 @@
-THOROUGH
-Test.class
---refine-strings --function Test.foo
-^EXIT=10$
-^SIGNAL=0$
-^\[.*assertion.1\].* line 8.* SUCCESS$
-^\[.*assertion.2\].* line 9.* FAILURE$
---
---
diff --git a/regression/strings-smoke-tests/java_parselong_decimal_2/Test.class b/regression/strings-smoke-tests/java_parselong_decimal_2/Test.class
deleted file mode 100644
index 922b885b7b3405849f548cb171d8829a565fd3af..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 832
zcmZuv%Wl(95IxuNBX*p3W5Tl(3VA@9)(wk_QWX`DpeZa;Rcd#RV}eVtE8F2i5F7FX
ztO1E2D#4zAqGhgI5}<f-@67njnKLu@$I;hs09t5iNMlaHwIr@<5HPRd25zcIp&}h0
z9}xynP}QJvR82!2w-nrFD9&49=me4Ld*K5&w7LVQ$H4X&<W<*mqcw&^wYI|`ZumWi
zA=`F6=jrfO*9o>cn4!@2ZELV&1upkbgJSf;4T+<@?S#=?;&|@+bcRvD6ZWmwR&!u^
z{bnZ$T(3_6`M?Uoxbzc-bSJXxms{3B%tl=?Bv<XhsUEH44+GnI<nrn&FR;J~b>xs|
z$o)&skZG7pD=UlUvU!I-lLH$H7IZYRs3U_cLwTBY|Mxr|27ym<MP5O{k`5EgfAK%-
z?mKqGP^zBoh>t8YC2jj&pTx#Zp4i5Jk{;Kn`Rp`nV?fJcFnUht22O9HjK&iU=?86Q
z4|BBSG_9BA%Dfk{5+Iq#(^(*|NjIZgs*k}wkRhN*ryK_vX2{l004TvAPsO=O@*9Xm
z2do`J*exW+5I5^N?F*#!kB~<w&dxx2`wpo?sJmlm-~Wh?rcqus5mz-Jku5``*O*5V
z6{>cRJg&kZWg5NZGR~8iM*|mdk(6B`kKXi8R1{nmOO$nGqOTPzCv+k88Ttr{_#R^7
V6XdgvavBMOzRt%nOOAl6zW`}>p+5is

diff --git a/regression/strings-smoke-tests/java_parselong_decimal_2/Test.java b/regression/strings-smoke-tests/java_parselong_decimal_2/Test.java
deleted file mode 100644
index e5578284020..00000000000
--- a/regression/strings-smoke-tests/java_parselong_decimal_2/Test.java
+++ /dev/null
@@ -1,11 +0,0 @@
-public class Test
-{
-    public static void foo()
-    {
-        // -2^41
-        String str = new String("-2199023255552");
-        long parsed = Long.parseLong(str, 10);
-        assert(parsed == -2199023255552L);
-        assert(parsed != -2199023255552L);
-    }
-}
diff --git a/regression/strings-smoke-tests/java_parselong_decimal_2/test.desc b/regression/strings-smoke-tests/java_parselong_decimal_2/test.desc
deleted file mode 100644
index baaacde7d66..00000000000
--- a/regression/strings-smoke-tests/java_parselong_decimal_2/test.desc
+++ /dev/null
@@ -1,9 +0,0 @@
-THOROUGH
-Test.class
---refine-strings --function Test.foo
-^EXIT=10$
-^SIGNAL=0$
-^\[.*assertion.1\].* line 8.* SUCCESS$
-^\[.*assertion.2\].* line 9.* FAILURE$
---
---
diff --git a/regression/strings-smoke-tests/java_parselong_hex_1/Test.class b/regression/strings-smoke-tests/java_parselong_hex_1/Test.class
deleted file mode 100644
index 33ba81a040629e141776f69a38248f9fb51f07b5..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 831
zcmZuv%Wl(95Ixti<JfT;CuvN0meN8VrA^vqN2ywcA_1XYq^i{JoY)O6#;$CK4?%3m
z53pbbNCZ&{_DFmSUjSmRTN0pb?wy%CbIzHW`}OCi&j6Zes>ong#*Gx_R0x<?aTB)`
zq*0bA;mx=2Y)(c+g~GF{Dr#7eahstqZ-${AM2_!;_ngq|y0*o@4j7Vaj^{+{42ep0
zk3nqtmd%iDJD$Bgc-FOpU7pO4Z~Hyd-7^D+`)5Hhdg6qH(cZPg=ni2V`aYdu6!3y0
z^SN1fO|M_?M1kY=DIs}m24PJ7kRj8F%-++-=5dThT`{EAdhVGXwc`(ho_*ip><TAX
z;(!`-<QVjS!3l1m(b(*^tgXYw^2#dDTa>Y+p^k=zDP$Q+lcLSv<JbxUpVW$+K*q9$
z6|DXRztcUkdl5sia=sxxv8f4Y+xPmUHSY1$HvUueph~@GCsi$%cEey;cIX7QHC9H`
zi3apQi#fn7?Knd#W_pSDLRJDK6FEBb<kjhBbW61n*jq9L6zELGL569vwbKL?VUVZb
z!npVaM1lj>Pay2)6C;R^YP$Xr(#AU^hbYWULw@-R=@TgXBdA~ghz=)F&YFl>4e;M6
zK_&hiWR#J@U1H=a3{s}jS1#cqc{wcN5-yXnE9B9a{(-WLt74HVu8s9IW95{cPk(?m
age<;>n0Sxm`9?X61VP*2<Cq~w!1Z6RtD!{z

diff --git a/regression/strings-smoke-tests/java_parselong_hex_1/Test.java b/regression/strings-smoke-tests/java_parselong_hex_1/Test.java
deleted file mode 100644
index 944597ee24c..00000000000
--- a/regression/strings-smoke-tests/java_parselong_hex_1/Test.java
+++ /dev/null
@@ -1,10 +0,0 @@
-public class Test
-{
-    public static void foo()
-    {
-        String str = new String("+00AbCdEf0123");
-        long parsed = Long.parseLong(str, 16);
-        assert(parsed == 737894400291L);
-        assert(parsed != 737894400291L);
-    }
-}
diff --git a/regression/strings-smoke-tests/java_parselong_hex_1/test.desc b/regression/strings-smoke-tests/java_parselong_hex_1/test.desc
deleted file mode 100644
index f9ef9a9c0b6..00000000000
--- a/regression/strings-smoke-tests/java_parselong_hex_1/test.desc
+++ /dev/null
@@ -1,9 +0,0 @@
-CORE
-Test.class
---refine-strings --function Test.foo
-^EXIT=10$
-^SIGNAL=0$
-^\[.*assertion.1\].* line 7.* SUCCESS$
-^\[.*assertion.2\].* line 8.* FAILURE$
---
---
diff --git a/regression/strings-smoke-tests/java_parselong_octal_1/Test.class b/regression/strings-smoke-tests/java_parselong_octal_1/Test.class
deleted file mode 100644
index 73fbc420bb0eb1386ccc9ff51728b20ff4ef2053..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 834
zcmZuv%Wl(95Ir|`?AURdS7XAn6bgAjn?3?8C{<Al5^aD*s!Hwd#xcRg*p=<@4XhCx
z@&l{^i6AP$js>5D1Y)k+CP0yrduPTo=bV{4-+z7n0-%Yejtr(%TuR}xjs#|OT)|Zh
zX;hNHk8dyOr=qGu6InGKbzD<%ouN3x!_W>Q$M?c@C*&R1?lQ1l24&gtoM?qXs@Ap{
z<Tbx*Gh|ziXFuvc@7TeXNM<Ose2cr=JaB}66qKW<PDmK7Ejx^E6UGzYr!$NKQLx8f
z@P^C1UZWiaj@P3EWuFIOOufO7X-C|8_K@$#Xw(%$YT0s+^yqEBA6WK%N3d&xU`_xU
z$RW>=`xl%-w{G5OE-fz1AKxN%R>how2IdV+Aj?o5*WEpy$h{!&Nw6$9R4f=+#L{03
zk2`y|6)}{mCwme@n;3((e6L4x<2Da%^FKuoYSeyqT(#!X^DvlQJ9GlOJ5ojiiu&|{
z-ewom^voGr1C}d`UdWO_GLfgVKwg7xMt8D41batD0!2ENILI(bwsDw%5=`<moEjCs
zf=qD0$^jBP1!)L*vz|+RLUQ#zlmUuUlTcs3LHYpN&Jg<7Kca(iRIo}hs|i|2`s>7>
zhl&bPxI>IWg-ObE+U7D&lb6RV&fqL5J4YUE^-ok(oR>>fabcvd87rskLi!_&0aW=d
XWa$HxlZ^_PBofA|7{?Sj30(XQv3{dB

diff --git a/regression/strings-smoke-tests/java_parselong_octal_1/Test.java b/regression/strings-smoke-tests/java_parselong_octal_1/Test.java
deleted file mode 100644
index 4dc8f7b712a..00000000000
--- a/regression/strings-smoke-tests/java_parselong_octal_1/Test.java
+++ /dev/null
@@ -1,10 +0,0 @@
-public class Test
-{
-    public static void foo()
-    {
-        String str = new String("7654321076543210");
-        long parsed = Long.parseLong(str, 8);
-        assert(parsed == 275730608604808L);
-        assert(parsed != 275730608604808L);
-    }
-}
diff --git a/regression/strings-smoke-tests/java_parselong_octal_1/test.desc b/regression/strings-smoke-tests/java_parselong_octal_1/test.desc
deleted file mode 100644
index f9ef9a9c0b6..00000000000
--- a/regression/strings-smoke-tests/java_parselong_octal_1/test.desc
+++ /dev/null
@@ -1,9 +0,0 @@
-CORE
-Test.class
---refine-strings --function Test.foo
-^EXIT=10$
-^SIGNAL=0$
-^\[.*assertion.1\].* line 7.* SUCCESS$
-^\[.*assertion.2\].* line 8.* FAILURE$
---
---
diff --git a/unit/Makefile b/unit/Makefile
index 845d0197fa2..0ef142a6cee 100644
--- a/unit/Makefile
+++ b/unit/Makefile
@@ -8,8 +8,6 @@ SRC = src/expr/require_expr.cpp \
       util/expr_iterator.cpp \
       analyses/call_graph.cpp \
       java_bytecode/java_bytecode_convert_class/convert_abstract_class.cpp \
-      solvers/refinement/string_constraint_generator_valueof/is_digit_with_radix.cpp \
-      solvers/refinement/string_constraint_generator_valueof/get_numeric_value_from_character.cpp \
       # Empty last line
 
 # Test source files
@@ -23,7 +21,6 @@ SRC += unit_tests.cpp \
        solvers/refinement/string_constraint_generator_valueof/calculate_max_string_length.cpp \
        solvers/refinement/string_constraint_generator_valueof/get_numeric_value_from_character.cpp \
        solvers/refinement/string_constraint_generator_valueof/is_digit_with_radix.cpp \
-       solvers/refinement/string_constraint_generator_valueof/is_digit_with_radix_lower_case.cpp \
        solvers/refinement/string_constraint_instantiation/instantiate_not_contains.cpp \
        solvers/refinement/string_refinement/substitute_array_list.cpp \
        catch_example.cpp \
diff --git a/unit/solvers/refinement/string_constraint_generator_valueof/calculate_max_string_length.cpp b/unit/solvers/refinement/string_constraint_generator_valueof/calculate_max_string_length.cpp
index fc3e508a6a9..3f84064470f 100644
--- a/unit/solvers/refinement/string_constraint_generator_valueof/calculate_max_string_length.cpp
+++ b/unit/solvers/refinement/string_constraint_generator_valueof/calculate_max_string_length.cpp
@@ -12,8 +12,9 @@
 #include <solvers/refinement/string_constraint_generator.h>
 #include <util/std_types.h>
 
-
-size_t expected_length(const int radix, const typet &type)
+/// Get the string length needed to print any value of the given type with the
+/// given radix.
+static size_t expected_length(const int radix, const typet &type)
 {
   std::string longest("");
   if(radix==2)
@@ -108,7 +109,6 @@ SCENARIO("calculate_max_string_length",
   "[core][solvers][refinement][string_constraint_generator_valueof]")
 {
   const unsigned long radixes[]={2, 8, 10, 16};
-  const unsigned long default_radix=2;
   const typet int_types[]={
     signedbv_typet(32),
     unsignedbv_typet(32),
@@ -134,7 +134,7 @@ SCENARIO("calculate_max_string_length",
           }
           WHEN(std::string("value is less than with default radix"))
           {
-            size_t actual_value_for_default=max_printed_string_length(type, default_radix);
+            size_t actual_value_for_default=max_printed_string_length(type, 0);
             REQUIRE(actual_value<=actual_value_for_default);
           }
         }
diff --git a/unit/solvers/refinement/string_constraint_generator_valueof/get_numeric_value_from_character.cpp b/unit/solvers/refinement/string_constraint_generator_valueof/get_numeric_value_from_character.cpp
index 296c8780523..3fbcc93832d 100644
--- a/unit/solvers/refinement/string_constraint_generator_valueof/get_numeric_value_from_character.cpp
+++ b/unit/solvers/refinement/string_constraint_generator_valueof/get_numeric_value_from_character.cpp
@@ -15,7 +15,23 @@
 #include <util/simplify_expr.h>
 #include <util/std_types.h>
 
-
+/// Get the simplified return value of get_numeric_value_from_character called
+/// with a radix
+static exprt actual(
+  const mp_integer &character,
+  const typet &char_type,
+  const typet &int_type,
+  const bool strict_formatting,
+  const unsigned long radix_ul)
+{
+  const constant_exprt chr=from_integer(character, char_type);
+  symbol_tablet symtab;
+  const namespacet ns(symtab);
+  return simplify_expr(
+    get_numeric_value_from_character(
+      chr, char_type, int_type, strict_formatting, radix_ul),
+    ns);
+}
 
 SCENARIO("get_numeric_value_from_character",
   "[core][solvers][refinement][string_constraint_generator_valueof]")
@@ -27,85 +43,92 @@ SCENARIO("get_numeric_value_from_character",
   const typet int_type_2=signedbv_typet(16);
   const typet int_type_3=signedbv_typet(32);
   const typet int_type_4=signedbv_typet(64);
-  symbol_tablet symtab;
-  const namespacet ns(symtab);
 
-  WHEN("0")
+  WHEN("character='0'")
   {
     mp_integer character='0';
-    mp_integer expected_value=0;
+    mp_integer expected_mp=0;
     const typet& char_type=char_type_1;
     const typet& int_type=int_type_1;
-    constant_exprt expected_value_exprt=from_integer(expected_value, int_type);
-    exprt actual_value_exprt=simplify_expr(
-      get_numeric_value_from_character(
-        from_integer(character, char_type), char_type, int_type),
-      ns);
-    REQUIRE(expected_value_exprt==actual_value_exprt);
+    const constant_exprt expected=from_integer(expected_mp, int_type);
+
+    REQUIRE(expected==actual(character, char_type, int_type, true, 0));
+    REQUIRE(expected==actual(character, char_type, int_type, true, 36));
+    REQUIRE(expected==actual(character, char_type, int_type, true, 10));
+    REQUIRE(expected==actual(character, char_type, int_type, false, 0));
+    REQUIRE(expected==actual(character, char_type, int_type, false, 36));
+    REQUIRE(expected==actual(character, char_type, int_type, false, 10));
   }
-  WHEN("9")
+  WHEN("character='9'")
   {
     mp_integer character='9';
-    mp_integer expected_value=9;
+    mp_integer expected_mp=9;
     const typet& char_type=char_type_2;
     const typet& int_type=int_type_2;
-    constant_exprt expected_value_exprt=from_integer(expected_value, int_type);
-    exprt actual_value_exprt=simplify_expr(
-      get_numeric_value_from_character(
-        from_integer(character, char_type), char_type, int_type),
-      ns);
-    REQUIRE(expected_value_exprt==actual_value_exprt);
+    const constant_exprt expected=from_integer(expected_mp, int_type);
+
+    REQUIRE(expected==actual(character, char_type, int_type, true, 0));
+    REQUIRE(expected==actual(character, char_type, int_type, true, 36));
+    REQUIRE(expected==actual(character, char_type, int_type, true, 10));
+    REQUIRE(expected==actual(character, char_type, int_type, false, 0));
+    REQUIRE(expected==actual(character, char_type, int_type, false, 36));
+    REQUIRE(expected==actual(character, char_type, int_type, false, 10));
   }
-  WHEN("A")
+  WHEN("character='A'")
   {
     mp_integer character='A';
-    mp_integer expected_value=10;
+    mp_integer expected_mp=10;
     const typet& char_type=char_type_3;
     const typet& int_type=int_type_3;
-    constant_exprt expected_value_exprt=from_integer(expected_value, int_type);
-    exprt actual_value_exprt=simplify_expr(
-      get_numeric_value_from_character(
-        from_integer(character, char_type), char_type, int_type),
-      ns);
-    REQUIRE(expected_value_exprt==actual_value_exprt);
+    const constant_exprt expected=from_integer(expected_mp, int_type);
+
+    REQUIRE(expected==actual(character, char_type, int_type, false, 0));
+    REQUIRE(expected==actual(character, char_type, int_type, false, 36));
+    REQUIRE(expected!=actual(character, char_type, int_type, false, 10));
   }
-  WHEN("z")
+  WHEN("character='z'")
   {
     mp_integer character='z';
-    mp_integer expected_value=35;
+    mp_integer expected_mp=35;
     const typet& char_type=char_type_1;
     const typet& int_type=int_type_4;
-    constant_exprt expected_value_exprt=from_integer(expected_value, int_type);
-    exprt actual_value_exprt=simplify_expr(
-      get_numeric_value_from_character(
-        from_integer(character, char_type), char_type, int_type),
-      ns);
-    REQUIRE(expected_value_exprt==actual_value_exprt);
+    const constant_exprt expected=from_integer(expected_mp, int_type);
+
+    REQUIRE(expected==actual(character, char_type, int_type, true, 0));
+    REQUIRE(expected==actual(character, char_type, int_type, true, 36));
+    REQUIRE(expected!=actual(character, char_type, int_type, true, 10));
+    REQUIRE(expected==actual(character, char_type, int_type, false, 0));
+    REQUIRE(expected==actual(character, char_type, int_type, false, 36));
+    REQUIRE(expected!=actual(character, char_type, int_type, false, 10));
   }
-  WHEN("+")
+  WHEN("character='+'")
   {
     mp_integer character='+';
-    mp_integer expected_value=0;
+    mp_integer expected_mp=0;
     const typet& char_type=char_type_2;
     const typet& int_type=int_type_1;
-    constant_exprt expected_value_exprt=from_integer(expected_value, int_type);
-    exprt actual_value_exprt=simplify_expr(
-      get_numeric_value_from_character(
-        from_integer(character, char_type), char_type, int_type),
-      ns);
-    REQUIRE(expected_value_exprt==actual_value_exprt);
+    const constant_exprt expected=from_integer(expected_mp, int_type);
+
+    REQUIRE(expected==actual(character, char_type, int_type, true, 0));
+    REQUIRE(expected==actual(character, char_type, int_type, true, 36));
+    REQUIRE(expected==actual(character, char_type, int_type, true, 10));
+    REQUIRE(expected==actual(character, char_type, int_type, false, 0));
+    REQUIRE(expected==actual(character, char_type, int_type, false, 36));
+    REQUIRE(expected==actual(character, char_type, int_type, false, 10));
   }
-  WHEN("-")
+  WHEN("character='-'")
   {
     mp_integer character='-';
-    mp_integer expected_value=0;
+    mp_integer expected_mp=0;
     const typet& char_type=char_type_3;
     const typet& int_type=int_type_2;
-    constant_exprt expected_value_exprt=from_integer(expected_value, int_type);
-    exprt actual_value_exprt=simplify_expr(
-      get_numeric_value_from_character(
-        from_integer(character, char_type), char_type, int_type),
-      ns);
-    REQUIRE(expected_value_exprt==actual_value_exprt);
+    const constant_exprt expected=from_integer(expected_mp, int_type);
+
+    REQUIRE(expected==actual(character, char_type, int_type, true, 0));
+    REQUIRE(expected==actual(character, char_type, int_type, true, 36));
+    REQUIRE(expected==actual(character, char_type, int_type, true, 10));
+    REQUIRE(expected==actual(character, char_type, int_type, false, 0));
+    REQUIRE(expected==actual(character, char_type, int_type, false, 36));
+    REQUIRE(expected==actual(character, char_type, int_type, false, 10));
   }
 }
diff --git a/unit/solvers/refinement/string_constraint_generator_valueof/is_digit_with_radix.cpp b/unit/solvers/refinement/string_constraint_generator_valueof/is_digit_with_radix.cpp
index 1043c77f4a0..e4fc9b22397 100644
--- a/unit/solvers/refinement/string_constraint_generator_valueof/is_digit_with_radix.cpp
+++ b/unit/solvers/refinement/string_constraint_generator_valueof/is_digit_with_radix.cpp
@@ -15,41 +15,213 @@
 #include <util/simplify_expr.h>
 #include <util/std_types.h>
 
-SCENARIO("is_digit_with_radix",
-  "[core][solvers][refinement][string_constraint_generator_valueof]")
+/// Get the simplified return value of is_digit_with_radix called with a radix
+static exprt actual(
+  const mp_integer int_value,
+  const exprt &radix_as_char,
+  const unsigned long radix_ul,
+  const bool strict_formatting)
 {
   const typet char_type=unsignedbv_typet(16);
+  const constant_exprt chr=from_integer(int_value, char_type);
   symbol_tablet symtab;
   const namespacet ns(symtab);
 
+  return simplify_expr(
+    is_digit_with_radix(chr, strict_formatting, radix_as_char, radix_ul), ns);
+}
+
+/// Get the simplified return value of is_digit_with_radix called with a radix
+static exprt actual_with_radix(
+  const mp_integer int_value,
+  const unsigned long radix_ul,
+  const bool strict_formatting)
+{
+  const typet char_type=unsignedbv_typet(16);
+  const constant_exprt radix_as_char=from_integer(radix_ul, char_type);
+
+  return actual(int_value, radix_as_char, radix_ul, strict_formatting);
+}
+
+/// Get the simplified return value of is_digit_with_radix called without a
+/// radix
+static exprt actual_without_radix(
+  const mp_integer int_value,
+  const unsigned long radix_ul,
+  const bool strict_formatting)
+{
+  const typet char_type=unsignedbv_typet(16);
+  const constant_exprt radix_as_char=from_integer(radix_ul, char_type);
+
+  return actual(int_value, radix_as_char, 0, strict_formatting);
+}
+
+SCENARIO("is_digit_with_radix without strict formatting",
+  "[core][solvers][refinement][string_constraint_generator_valueof]")
+{
   WHEN("Radix 10")
   {
-    const constant_exprt radix=from_integer(10, char_type);
-    REQUIRE(true_exprt()==simplify_expr(
-      is_digit_with_radix(from_integer('0', char_type), radix), ns));
-    REQUIRE(true_exprt()==simplify_expr(
-      is_digit_with_radix(from_integer('9', char_type), radix), ns));
-    REQUIRE(false_exprt()==simplify_expr(
-      is_digit_with_radix(from_integer('a', char_type), radix), ns));
+    const unsigned long radix_ul=10;
+
+    WHEN("char '0'")
+    {
+      WHEN("strict formatting on")
+      {
+        const bool strict=true;
+        REQUIRE(true_exprt()==actual_without_radix('0', radix_ul, strict));
+        REQUIRE(true_exprt()==actual_with_radix('0', radix_ul, strict));
+      }
+      WHEN("strict formatting off")
+      {
+        const bool strict=false;
+        REQUIRE(true_exprt()==actual_without_radix('0', radix_ul, strict));
+        REQUIRE(true_exprt()==actual_with_radix('0', radix_ul, strict));
+      }
+    }
+    WHEN("char '9'")
+    {
+      WHEN("strict formatting on")
+      {
+        const bool strict=true;
+        REQUIRE(true_exprt()==actual_without_radix('9', radix_ul, strict));
+        REQUIRE(true_exprt()==actual_with_radix('9', radix_ul, strict));
+      }
+      WHEN("strict formatting off")
+      {
+        const bool strict=false;
+        REQUIRE(true_exprt()==actual_without_radix('9', radix_ul, strict));
+        REQUIRE(true_exprt()==actual_with_radix('9', radix_ul, strict));
+      }
+    }
+    WHEN("char 'a'")
+    {
+      WHEN("strict formatting on")
+      {
+        const bool strict=true;
+        REQUIRE(false_exprt()==actual_without_radix('a', radix_ul, strict));
+        REQUIRE(false_exprt()==actual_with_radix('a', radix_ul, strict));
+      }
+      WHEN("strict formatting off")
+      {
+        const bool strict=false;
+        REQUIRE(false_exprt()==actual_without_radix('a', radix_ul, strict));
+        REQUIRE(false_exprt()==actual_with_radix('a', radix_ul, strict));
+      }
+    }
   }
   WHEN("Radix 8")
   {
-    const constant_exprt radix=from_integer(8, char_type);
-    REQUIRE(true_exprt()==simplify_expr(
-      is_digit_with_radix(from_integer('7', char_type), radix), ns));
-    REQUIRE(false_exprt()==simplify_expr(
-      is_digit_with_radix(from_integer('8', char_type), radix), ns));
+    const unsigned long radix_ul=8;
+
+    WHEN("char '7'")
+    {
+      WHEN("strict formatting on")
+      {
+        const bool strict=true;
+        REQUIRE(true_exprt()==actual_without_radix('7', radix_ul, strict));
+        REQUIRE(true_exprt()==actual_with_radix('7', radix_ul, strict));
+      }
+      WHEN("strict formatting off")
+      {
+        const bool strict=false;
+        REQUIRE(true_exprt()==actual_without_radix('7', radix_ul, strict));
+        REQUIRE(true_exprt()==actual_with_radix('7', radix_ul, strict));
+      }
+    }
+    WHEN("char '8'")
+    {
+      WHEN("strict formatting on")
+      {
+        const bool strict=true;
+        REQUIRE(false_exprt()==actual_without_radix('8', radix_ul, strict));
+        REQUIRE(false_exprt()==actual_with_radix('8', radix_ul, strict));
+      }
+      WHEN("strict formatting off")
+      {
+        const bool strict=false;
+        REQUIRE(false_exprt()==actual_without_radix('8', radix_ul, strict));
+        REQUIRE(false_exprt()==actual_with_radix('8', radix_ul, strict));
+      }
+    }
   }
   WHEN("Radix 16")
   {
-    const constant_exprt radix=from_integer(16, char_type);
-    REQUIRE(true_exprt()==simplify_expr(
-      is_digit_with_radix(from_integer('a', char_type), radix), ns));
-    REQUIRE(true_exprt()==simplify_expr(
-      is_digit_with_radix(from_integer('A', char_type), radix), ns));
-    REQUIRE(true_exprt()==simplify_expr(
-      is_digit_with_radix(from_integer('f', char_type), radix), ns));
-    REQUIRE(false_exprt()==simplify_expr(
-      is_digit_with_radix(from_integer('g', char_type), radix), ns));
+    const unsigned long radix_ul=16;
+
+    WHEN("char '5'")
+    {
+      WHEN("strict formatting on")
+      {
+        const bool strict=true;
+        REQUIRE(true_exprt()==actual_without_radix('5', radix_ul, strict));
+        REQUIRE(true_exprt()==actual_with_radix('5', radix_ul, strict));
+      }
+      WHEN("strict formatting off")
+      {
+        const bool strict=false;
+        REQUIRE(true_exprt()==actual_without_radix('5', radix_ul, strict));
+        REQUIRE(true_exprt()==actual_with_radix('5', radix_ul, strict));
+      }
+    }
+    WHEN("char 'a'")
+    {
+      WHEN("strict formatting on")
+      {
+        const bool strict=true;
+        REQUIRE(true_exprt()==actual_without_radix('a', radix_ul, strict));
+        REQUIRE(true_exprt()==actual_with_radix('a', radix_ul, strict));
+      }
+      WHEN("strict formatting off")
+      {
+        const bool strict=false;
+        REQUIRE(true_exprt()==actual_without_radix('a', radix_ul, strict));
+        REQUIRE(true_exprt()==actual_with_radix('a', radix_ul, strict));
+      }
+    }
+    WHEN("char 'A'")
+    {
+      WHEN("strict formatting on")
+      {
+        const bool strict=true;
+        REQUIRE(false_exprt()==actual_without_radix('A', radix_ul, strict));
+        REQUIRE(false_exprt()==actual_with_radix('A', radix_ul, strict));
+      }
+      WHEN("strict formatting off")
+      {
+        const bool strict=false;
+        REQUIRE(true_exprt()==actual_without_radix('A', radix_ul, strict));
+        REQUIRE(true_exprt()==actual_with_radix('A', radix_ul, strict));
+      }
+    }
+    WHEN("char 'f'")
+    {
+      WHEN("strict formatting on")
+      {
+        const bool strict=true;
+        REQUIRE(true_exprt()==actual_without_radix('f', radix_ul, strict));
+        REQUIRE(true_exprt()==actual_with_radix('f', radix_ul, strict));
+      }
+      WHEN("strict formatting off")
+      {
+        const bool strict=false;
+        REQUIRE(true_exprt()==actual_without_radix('f', radix_ul, strict));
+        REQUIRE(true_exprt()==actual_with_radix('f', radix_ul, strict));
+      }
+    }
+    WHEN("char 'g'")
+    {
+      WHEN("strict formatting on")
+      {
+        const bool strict=true;
+        REQUIRE(false_exprt()==actual_without_radix('g', radix_ul, strict));
+        REQUIRE(false_exprt()==actual_with_radix('g', radix_ul, strict));
+      }
+      WHEN("strict formatting off")
+      {
+        const bool strict=false;
+        REQUIRE(false_exprt()==actual_without_radix('g', radix_ul, strict));
+        REQUIRE(false_exprt()==actual_with_radix('g', radix_ul, strict));
+      }
+    }
   }
 }
diff --git a/unit/solvers/refinement/string_constraint_generator_valueof/is_digit_with_radix_lower_case.cpp b/unit/solvers/refinement/string_constraint_generator_valueof/is_digit_with_radix_lower_case.cpp
deleted file mode 100644
index 5d27b8b65aa..00000000000
--- a/unit/solvers/refinement/string_constraint_generator_valueof/is_digit_with_radix_lower_case.cpp
+++ /dev/null
@@ -1,57 +0,0 @@
-/*******************************************************************\
-
- Module: Unit tests for is_digit_with_radix in
-   solvers/refinement/string_constraint_generator_valueof.cpp
-
- Author: DiffBlue Limited. All rights reserved.
-
-\*******************************************************************/
-
-#include <catch.hpp>
-
-#include <solvers/refinement/string_constraint_generator.h>
-#include <util/namespace.h>
-#include <util/symbol_table.h>
-#include <util/simplify_expr.h>
-#include <util/std_types.h>
-
-SCENARIO("is_digit_with_radix_lower_case",
-  "[core][solvers][refinement][string_constraint_generator_valueof]")
-{
-  const typet char_type=unsignedbv_typet(16);
-  symbol_tablet symtab;
-  const namespacet ns(symtab);
-
-  WHEN("Radix 10")
-  {
-    const constant_exprt radix=from_integer(10, char_type);
-    REQUIRE(true_exprt()==simplify_expr(
-      is_digit_with_radix_lower_case(from_integer('0', char_type), radix), ns));
-    REQUIRE(true_exprt()==simplify_expr(
-      is_digit_with_radix_lower_case(from_integer('9', char_type), radix), ns));
-    REQUIRE(false_exprt()==simplify_expr(
-      is_digit_with_radix_lower_case(from_integer('a', char_type), radix), ns));
-  }
-  WHEN("Radix 8")
-  {
-    const constant_exprt radix=from_integer(8, char_type);
-    REQUIRE(true_exprt()==simplify_expr(
-      is_digit_with_radix_lower_case(from_integer('7', char_type), radix), ns));
-    REQUIRE(false_exprt()==simplify_expr(
-      is_digit_with_radix_lower_case(from_integer('8', char_type), radix), ns));
-  }
-  WHEN("Radix 16")
-  {
-    const constant_exprt radix=from_integer(16, char_type);
-    REQUIRE(true_exprt()==simplify_expr(
-      is_digit_with_radix_lower_case(from_integer('5', char_type), radix), ns));
-    REQUIRE(true_exprt()==simplify_expr(
-      is_digit_with_radix_lower_case(from_integer('a', char_type), radix), ns));
-    REQUIRE(false_exprt()==simplify_expr(
-      is_digit_with_radix_lower_case(from_integer('A', char_type), radix), ns));
-    REQUIRE(true_exprt()==simplify_expr(
-      is_digit_with_radix_lower_case(from_integer('f', char_type), radix), ns));
-    REQUIRE(false_exprt()==simplify_expr(
-      is_digit_with_radix_lower_case(from_integer('g', char_type), radix), ns));
-  }
-}
diff --git a/unit/solvers/refinement/string_constraint_instantiation/instantiate_not_contains.cpp b/unit/solvers/refinement/string_constraint_instantiation/instantiate_not_contains.cpp
index 872fe3537d6..b82fd7f0fa3 100644
--- a/unit/solvers/refinement/string_constraint_instantiation/instantiate_not_contains.cpp
+++ b/unit/solvers/refinement/string_constraint_instantiation/instantiate_not_contains.cpp
@@ -146,7 +146,9 @@ SCENARIO("instantiate_not_contains",
     func.arguments()=args;
 
     // Generating the corresponding axioms and simplifying, recording info
-    string_constraint_generatort generator;
+    symbol_tablet symtab;
+    namespacet empty_ns(symtab);
+    string_constraint_generatort generator(empty_ns);
     exprt res=generator.add_axioms_for_function_application(func);
     std::string axioms;
     std::vector<string_not_contains_constraintt> nc_axioms;
@@ -230,7 +232,9 @@ SCENARIO("instantiate_not_contains",
       a);
 
     // Create witness for axiom
-    string_constraint_generatort generator;
+    symbol_tablet symtab;
+    namespacet empty_ns(symtab);
+    string_constraint_generatort generator(empty_ns);
     generator.witness[vacuous]=
       generator.fresh_symbol("w", t.witness_type());
 
@@ -285,7 +289,9 @@ SCENARIO("instantiate_not_contains",
       b);
 
     // Create witness for axiom
-    string_constraint_generatort generator;
+    symbol_tablet symtab;
+    namespacet ns(symtab);
+    string_constraint_generatort generator(ns);
     generator.witness[trivial]=
       generator.fresh_symbol("w", t.witness_type());
 
@@ -341,7 +347,9 @@ SCENARIO("instantiate_not_contains",
       empty);
 
     // Create witness for axiom
-    string_constraint_generatort generator;
+    symbol_tablet symtab;
+    namespacet empty_ns(symtab);
+    string_constraint_generatort generator(empty_ns);
     generator.witness[trivial]=
       generator.fresh_symbol("w", t.witness_type());
 
@@ -398,7 +406,9 @@ SCENARIO("instantiate_not_contains",
       ab);
 
     // Create witness for axiom
-    string_constraint_generatort generator;
+    symbol_tablet symtab;
+    namespacet empty_ns(symtab);
+    string_constraint_generatort generator(empty_ns);
     generator.witness[trivial]=
       generator.fresh_symbol("w", t.witness_type());
 
@@ -454,7 +464,9 @@ SCENARIO("instantiate_not_contains",
       cd);
 
     // Create witness for axiom
-    string_constraint_generatort generator;
+    symbol_tablet symtab;
+    namespacet empty_ns(symtab);
+    string_constraint_generatort generator(empty_ns);
     generator.witness[trivial]=
       generator.fresh_symbol("w", t.witness_type());
 

From 92080c36f7568b8fd6fc1f9e0510df5de4bd0939 Mon Sep 17 00:00:00 2001
From: janmroczkowski <jan.mroczkowski@diffblue.com>
Date: Mon, 21 Aug 2017 16:37:07 +0100
Subject: [PATCH 605/699] Revert "Make pc private in goto_trace_step"

This reverts commit f1023518a1b23215549cfaf0f24ec9428dbfe245.
---
 src/cbmc/bmc.cpp                      |  6 ++---
 src/goto-programs/goto_trace.cpp      | 36 ++++++++++++---------------
 src/goto-programs/goto_trace.h        | 18 ++------------
 src/goto-programs/graphml_witness.cpp | 23 ++++++++---------
 src/goto-programs/interpreter.cpp     |  2 +-
 src/goto-programs/json_goto_trace.cpp | 10 ++++----
 src/goto-programs/xml_goto_trace.cpp  | 10 ++++----
 src/goto-symex/build_goto_trace.cpp   |  2 +-
 src/path-symex/build_goto_trace.cpp   |  6 ++---
 9 files changed, 46 insertions(+), 67 deletions(-)

diff --git a/src/cbmc/bmc.cpp b/src/cbmc/bmc.cpp
index eec5aa0431a..d5b21bdfdb4 100644
--- a/src/cbmc/bmc.cpp
+++ b/src/cbmc/bmc.cpp
@@ -78,11 +78,9 @@ void bmct::error_trace()
       json_objectt &result=result_array.push_back().make_object();
       const goto_trace_stept &step=goto_trace.steps.back();
       result["property"]=
-        json_stringt(
-          id2string(step.get_pc()->source_location.get_property_id()));
+        json_stringt(id2string(step.pc->source_location.get_property_id()));
       result["description"]=
-        json_stringt(
-          id2string(step.get_pc()->source_location.get_comment()));
+        json_stringt(id2string(step.pc->source_location.get_comment()));
       result["status"]=json_stringt("failed");
       jsont &json_trace=result["trace"];
       convert(ns, goto_trace, json_trace);
diff --git a/src/goto-programs/goto_trace.cpp b/src/goto-programs/goto_trace.cpp
index 966aa7a23db..d832412509c 100644
--- a/src/goto-programs/goto_trace.cpp
+++ b/src/goto-programs/goto_trace.cpp
@@ -260,12 +260,12 @@ void show_goto_trace(
       {
         out << "\n";
         out << "Violated property:" << "\n";
-        if(!step.get_pc()->source_location.is_nil())
-          out << "  " << step.get_pc()->source_location << "\n";
+        if(!step.pc->source_location.is_nil())
+          out << "  " << step.pc->source_location << "\n";
         out << "  " << step.comment << "\n";
 
-        if(step.get_pc()->is_assert())
-          out << "  " << from_expr(ns, "", step.get_pc()->guard) << "\n";
+        if(step.pc->is_assert())
+          out << "  " << from_expr(ns, "", step.pc->guard) << "\n";
 
         out << "\n";
       }
@@ -276,11 +276,11 @@ void show_goto_trace(
       {
         out << "\n";
         out << "Violated assumption:" << "\n";
-        if(!step.get_pc()->source_location.is_nil())
-          out << "  " << step.get_pc()->source_location << "\n";
+        if(!step.pc->source_location.is_nil())
+          out << "  " << step.pc->source_location << "\n";
 
-        if(step.get_pc()->is_assume())
-          out << "  " << from_expr(ns, "", step.get_pc()->guard) << "\n";
+        if(step.pc->is_assume())
+          out << "  " << from_expr(ns, "", step.pc->guard) << "\n";
 
         out << "\n";
       }
@@ -293,17 +293,16 @@ void show_goto_trace(
       break;
 
     case goto_trace_stept::typet::ASSIGNMENT:
-      if(step.get_pc()->is_assign() ||
-         step.get_pc()->is_return() || // returns have a lhs!
-         step.get_pc()->is_function_call() ||
-         (step.get_pc()->is_other() && step.lhs_object.is_not_nil()))
+      if(step.pc->is_assign() ||
+         step.pc->is_return() || // returns have a lhs!
+         step.pc->is_function_call() ||
+         (step.pc->is_other() && step.lhs_object.is_not_nil()))
       {
         if(prev_step_nr!=step.step_nr || first_step)
         {
           first_step=false;
           prev_step_nr=step.step_nr;
-          show_state_header(
-            out, step, step.get_pc()->source_location, step.step_nr);
+          show_state_header(out, step, step.pc->source_location, step.step_nr);
         }
 
         // see if the full lhs is something clean
@@ -321,8 +320,7 @@ void show_goto_trace(
       {
         first_step=false;
         prev_step_nr=step.step_nr;
-        show_state_header(
-          out, step, step.get_pc()->source_location, step.step_nr);
+        show_state_header(out, step, step.pc->source_location, step.step_nr);
       }
 
       trace_value(out, ns, step.lhs_object, step.full_lhs, step.full_lhs_value);
@@ -338,8 +336,7 @@ void show_goto_trace(
       }
       else
       {
-        show_state_header(
-          out, step, step.get_pc()->source_location, step.step_nr);
+        show_state_header(out, step, step.pc->source_location, step.step_nr);
         out << "  OUTPUT " << step.io_id << ":";
 
         for(std::list<exprt>::const_iterator
@@ -360,8 +357,7 @@ void show_goto_trace(
       break;
 
     case goto_trace_stept::typet::INPUT:
-      show_state_header(
-        out, step, step.get_pc()->source_location, step.step_nr);
+      show_state_header(out, step, step.pc->source_location, step.step_nr);
       out << "  INPUT " << step.io_id << ":";
 
       for(std::list<exprt>::const_iterator
diff --git a/src/goto-programs/goto_trace.h b/src/goto-programs/goto_trace.h
index a61df34a1b3..02f230e8943 100644
--- a/src/goto-programs/goto_trace.h
+++ b/src/goto-programs/goto_trace.h
@@ -90,6 +90,8 @@ class goto_trace_stept
   enum class assignment_typet { STATE, ACTUAL_PARAMETER };
   assignment_typet assignment_type;
 
+  goto_programt::const_targett pc;
+
   // this transition done by given thread number
   unsigned thread_nr;
 
@@ -140,22 +142,6 @@ class goto_trace_stept
     full_lhs_value.make_nil();
     cond_expr.make_nil();
   }
-
-  goto_programt::const_targett get_pc() const { return pc; }
-
-  /// We don't have a way of enforcing this, but \p pc_ must *not* be a
-  /// singular iterator!
-  void set_pc(goto_programt::const_targett pc_)
-  {
-    pc=std::move(pc_);
-    is_pc_set=true;
-  }
-
-  bool get_is_pc_set() const { return is_pc_set; }
-
-private:
-  goto_programt::const_targett pc;
-  bool is_pc_set{false};
 };
 
 /*! \brief TO_BE_DOCUMENTED
diff --git a/src/goto-programs/graphml_witness.cpp b/src/goto-programs/graphml_witness.cpp
index 4cd40f4828f..4f4f6f56741 100644
--- a/src/goto-programs/graphml_witness.cpp
+++ b/src/goto-programs/graphml_witness.cpp
@@ -142,8 +142,8 @@ static bool filter_out(
 {
   if(it->hidden &&
      (!it->is_assignment() ||
-      to_code_assign(it->get_pc()->code).rhs().id()!=ID_side_effect ||
-      to_code_assign(it->get_pc()->code).rhs().get(ID_statement)!=ID_nondet))
+      to_code_assign(it->pc->code).rhs().id()!=ID_side_effect ||
+      to_code_assign(it->pc->code).rhs().get(ID_statement)!=ID_nondet))
     return true;
 
   if(!it->is_assignment() && !it->is_goto() && !it->is_assert())
@@ -153,13 +153,13 @@ static bool filter_out(
   // TODO: if these are assignments we should accumulate them into
   //       a single edge
   if(prev_it!=goto_trace.steps.end() &&
-     prev_it->get_pc()->source_location==it->get_pc()->source_location)
+     prev_it->pc->source_location==it->pc->source_location)
     return true;
 
-  if(it->is_goto() && it->get_pc()->guard.is_true())
+  if(it->is_goto() && it->pc->guard.is_true())
     return true;
 
-  const source_locationt &source_location=it->get_pc()->source_location;
+  const source_locationt &source_location=it->pc->source_location;
 
   if(source_location.is_nil() ||
      source_location.get_file().empty() ||
@@ -203,7 +203,7 @@ void graphml_witnesst::operator()(const goto_tracet &goto_trace)
     if(next!=goto_trace.steps.end() &&
        next->type==goto_trace_stept::typet::ASSIGNMENT &&
        it->full_lhs==next->full_lhs &&
-       it->get_pc()->source_location==next->get_pc()->source_location)
+       it->pc->source_location==next->pc->source_location)
     {
       step_to_node[it->step_nr]=sink;
 
@@ -212,12 +212,11 @@ void graphml_witnesst::operator()(const goto_tracet &goto_trace)
 
     prev_it=it;
 
-    const source_locationt &source_location=it->get_pc()->source_location;
+    const source_locationt &source_location=it->pc->source_location;
 
     const graphmlt::node_indext node=graphml.add_node();
     graphml[node].node_name=
-      std::to_string(
-        it->get_pc()->location_number)+"."+std::to_string(it->step_nr);
+      std::to_string(it->pc->location_number)+"."+std::to_string(it->step_nr);
     graphml[node].file=source_location.get_file();
     graphml[node].line=source_location.get_line();
     graphml[node].thread_nr=it->thread_nr;
@@ -245,7 +244,7 @@ void graphml_witnesst::operator()(const goto_tracet &goto_trace)
     goto_tracet::stepst::const_iterator next=it;
     for(++next;
         next!=goto_trace.steps.end() &&
-        (step_to_node[next->step_nr]==sink || it->get_pc()==next->get_pc());
+        (step_to_node[next->step_nr]==sink || it->pc==next->pc);
         ++next)
     {
       // advance
@@ -291,11 +290,11 @@ void graphml_witnesst::operator()(const goto_tracet &goto_trace)
 
             xmlt &val_s=edge.new_element("data");
             val_s.set_attribute("key", "assumption.scope");
-            val_s.data=id2string(it->get_pc()->source_location.get_function());
+            val_s.data=id2string(it->pc->source_location.get_function());
           }
         }
         else if(it->type==goto_trace_stept::typet::GOTO &&
-                it->get_pc()->is_goto())
+                it->pc->is_goto())
         {
           xmlt &val=edge.new_element("data");
           val.set_attribute("key", "sourcecode");
diff --git a/src/goto-programs/interpreter.cpp b/src/goto-programs/interpreter.cpp
index 81bfc99ef33..b9cd4c0fa38 100644
--- a/src/goto-programs/interpreter.cpp
+++ b/src/goto-programs/interpreter.cpp
@@ -249,7 +249,7 @@ void interpretert::step()
   steps.add_step(goto_trace_stept());
   goto_trace_stept &trace_step=steps.get_last_step();
   trace_step.thread_nr=thread_id;
-  trace_step.set_pc(pc);
+  trace_step.pc=pc;
   switch(pc->type)
   {
   case GOTO:
diff --git a/src/goto-programs/json_goto_trace.cpp b/src/goto-programs/json_goto_trace.cpp
index 8327ee517a6..edc7df455e5 100644
--- a/src/goto-programs/json_goto_trace.cpp
+++ b/src/goto-programs/json_goto_trace.cpp
@@ -140,7 +140,7 @@ void convert(
 
   for(const auto &step : goto_trace.steps)
   {
-    const source_locationt &source_location=step.get_pc()->source_location;
+    const source_locationt &source_location=step.pc->source_location;
 
     jsont json_location;
 
@@ -156,13 +156,13 @@ void convert(
       {
         irep_idt property_id;
 
-        if(step.get_pc()->is_assert())
+        if(step.pc->is_assert())
           property_id=source_location.get_property_id();
-        else if(step.get_pc()->is_goto()) // unwinding, we suspect
+        else if(step.pc->is_goto()) // unwinding, we suspect
         {
           property_id=
-            id2string(step.get_pc()->source_location.get_function())+
-            ".unwind."+std::to_string(step.get_pc()->loop_number);
+            id2string(step.pc->source_location.get_function())+
+            ".unwind."+std::to_string(step.pc->loop_number);
         }
 
         json_objectt &json_failure=dest_array.push_back().make_object();
diff --git a/src/goto-programs/xml_goto_trace.cpp b/src/goto-programs/xml_goto_trace.cpp
index 5b944f049b5..dca2c704a2b 100644
--- a/src/goto-programs/xml_goto_trace.cpp
+++ b/src/goto-programs/xml_goto_trace.cpp
@@ -32,7 +32,7 @@ void convert(
 
   for(const auto &step : goto_trace.steps)
   {
-    const source_locationt &source_location=step.get_pc()->source_location;
+    const source_locationt &source_location=step.pc->source_location;
 
     xmlt xml_location;
     if(source_location.is_not_nil() && source_location.get_file()!="")
@@ -45,13 +45,13 @@ void convert(
       {
         irep_idt property_id;
 
-        if(step.get_pc()->is_assert())
+        if(step.pc->is_assert())
           property_id=source_location.get_property_id();
-        else if(step.get_pc()->is_goto()) // unwinding, we suspect
+        else if(step.pc->is_goto()) // unwinding, we suspect
         {
           property_id=
-            id2string(step.get_pc()->source_location.get_function())+
-            ".unwind."+std::to_string(step.get_pc()->loop_number);
+            id2string(step.pc->source_location.get_function())+
+            ".unwind."+std::to_string(step.pc->loop_number);
         }
 
         xmlt &xml_failure=dest.new_element("failure");
diff --git a/src/goto-symex/build_goto_trace.cpp b/src/goto-symex/build_goto_trace.cpp
index 648507f6efc..56f9f42763d 100644
--- a/src/goto-symex/build_goto_trace.cpp
+++ b/src/goto-symex/build_goto_trace.cpp
@@ -263,7 +263,7 @@ void build_goto_trace(
       end_ptr=&goto_trace_step;
 
     goto_trace_step.thread_nr=SSA_step.source.thread_nr;
-    goto_trace_step.set_pc(SSA_step.source.pc);
+    goto_trace_step.pc=SSA_step.source.pc;
     goto_trace_step.comment=SSA_step.comment;
     if(SSA_step.ssa_lhs.is_not_nil())
       goto_trace_step.lhs_object=
diff --git a/src/path-symex/build_goto_trace.cpp b/src/path-symex/build_goto_trace.cpp
index 209f8387268..eefb5361f5c 100644
--- a/src/path-symex/build_goto_trace.cpp
+++ b/src/path-symex/build_goto_trace.cpp
@@ -32,11 +32,11 @@ void build_goto_trace(
     goto_trace_stept trace_step;
 
     assert(!step.pc.is_nil());
-    trace_step.set_pc(state.locs[step.pc].target);
+    trace_step.pc=state.locs[step.pc].target;
     trace_step.thread_nr=step.thread_nr;
     trace_step.step_nr=step_nr;
 
-    const goto_programt::instructiont &instruction=*trace_step.get_pc();
+    const goto_programt::instructiont &instruction=*trace_step.pc;
 
     switch(instruction.type)
     {
@@ -97,7 +97,7 @@ void build_goto_trace(
   {
     goto_trace_stept trace_step;
 
-    trace_step.set_pc(state.get_instruction());
+    trace_step.pc=state.get_instruction();
     trace_step.thread_nr=state.get_current_thread();
     trace_step.step_nr=step_nr;
     trace_step.type=goto_trace_stept::typet::ASSERT;

From e0475561a89bfd97f14589eec712c063e5ead803 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Mon, 21 Aug 2017 14:36:05 +0100
Subject: [PATCH 606/699] Making is_refined_string_type a non-member function

Writing refined_string_typet::is_refined_string_type was long and had
redundant information.
The new version is more succinct and contains as much information.
---
 .../string_constraint_generator_concat.cpp    |  4 ++--
 .../string_constraint_generator_constants.cpp |  2 +-
 .../string_constraint_generator_indexof.cpp   |  2 +-
 .../string_constraint_generator_main.cpp      | 10 ++++-----
 src/solvers/refinement/string_refinement.cpp  | 21 ++++++++-----------
 src/util/refined_string_type.cpp              | 12 -----------
 src/util/refined_string_type.h                | 21 ++++++++++---------
 7 files changed, 28 insertions(+), 44 deletions(-)

diff --git a/src/solvers/refinement/string_constraint_generator_concat.cpp b/src/solvers/refinement/string_constraint_generator_concat.cpp
index 7f183071a9a..40a59265c89 100644
--- a/src/solvers/refinement/string_constraint_generator_concat.cpp
+++ b/src/solvers/refinement/string_constraint_generator_concat.cpp
@@ -171,7 +171,7 @@ string_exprt string_constraint_generatort::add_axioms_for_concat_double(
   const function_application_exprt &f)
 {
   string_exprt s1=get_string_expr(args(f, 2)[0]);
-  PRECONDITION(refined_string_typet::is_refined_string_type(f.type()));
+  PRECONDITION(is_refined_string_type(f.type()));
   refined_string_typet ref_type=to_refined_string_type(f.type());
   string_exprt s2=add_axioms_for_string_of_float(args(f, 2)[1], ref_type);
   return add_axioms_for_concat(s1, s2);
@@ -184,7 +184,7 @@ string_exprt string_constraint_generatort::add_axioms_for_concat_float(
   const function_application_exprt &f)
 {
   string_exprt s1=get_string_expr(args(f, 2)[0]);
-  PRECONDITION(refined_string_typet::is_refined_string_type(f.type()));
+  PRECONDITION(is_refined_string_type(f.type()));
   refined_string_typet ref_type=to_refined_string_type(f.type());
   string_exprt s2=add_axioms_for_string_of_float(args(f, 2)[1], ref_type);
   return add_axioms_for_concat(s1, s2);
diff --git a/src/solvers/refinement/string_constraint_generator_constants.cpp b/src/solvers/refinement/string_constraint_generator_constants.cpp
index 5798702ea56..13fea55161c 100644
--- a/src/solvers/refinement/string_constraint_generator_constants.cpp
+++ b/src/solvers/refinement/string_constraint_generator_constants.cpp
@@ -56,7 +56,7 @@ string_exprt string_constraint_generatort::add_axioms_for_empty_string(
   const function_application_exprt &f)
 {
   PRECONDITION(f.arguments().empty());
-  PRECONDITION(refined_string_typet::is_refined_string_type(f.type()));
+  PRECONDITION(is_refined_string_type(f.type()));
   const refined_string_typet &ref_type=to_refined_string_type(f.type());
   return empty_string(ref_type);
 }
diff --git a/src/solvers/refinement/string_constraint_generator_indexof.cpp b/src/solvers/refinement/string_constraint_generator_indexof.cpp
index 5990fc4c9ee..1dc54698bce 100644
--- a/src/solvers/refinement/string_constraint_generator_indexof.cpp
+++ b/src/solvers/refinement/string_constraint_generator_indexof.cpp
@@ -252,7 +252,7 @@ exprt string_constraint_generatort::add_axioms_for_index_of(
   else
   {
     INVARIANT(
-      refined_string_typet::is_refined_string_type(c.type()),
+      is_refined_string_type(c.type()),
       string_refinement_invariantt("c can only be a (un)signedbv or a refined "
         "string and the (un)signedbv case is already handled"));
     string_exprt sub=get_string_expr(c);
diff --git a/src/solvers/refinement/string_constraint_generator_main.cpp b/src/solvers/refinement/string_constraint_generator_main.cpp
index c9a9f4e4943..07e974d2a7e 100644
--- a/src/solvers/refinement/string_constraint_generator_main.cpp
+++ b/src/solvers/refinement/string_constraint_generator_main.cpp
@@ -131,7 +131,7 @@ string_exprt string_constraint_generatort::fresh_string(
 /// \return a string expression
 string_exprt string_constraint_generatort::get_string_expr(const exprt &expr)
 {
-  PRECONDITION(refined_string_typet::is_refined_string_type(expr.type()));
+  PRECONDITION(is_refined_string_type(expr.type()));
 
   if(expr.id()==ID_symbol)
   {
@@ -180,7 +180,7 @@ void string_constraint_generatort::add_default_axioms(
 string_exprt string_constraint_generatort::add_axioms_for_refined_string(
   const exprt &string)
 {
-  PRECONDITION(refined_string_typet::is_refined_string_type(string.type()));
+  PRECONDITION(is_refined_string_type(string.type()));
   refined_string_typet type=to_refined_string_type(string.type());
 
   // Function applications should have been removed before
@@ -246,11 +246,9 @@ string_exprt string_constraint_generatort::add_axioms_for_refined_string(
 string_exprt string_constraint_generatort::add_axioms_for_if(
   const if_exprt &expr)
 {
-  PRECONDITION(
-    refined_string_typet::is_refined_string_type(expr.true_case().type()));
+  PRECONDITION(is_refined_string_type(expr.true_case().type()));
   string_exprt t=get_string_expr(expr.true_case());
-  PRECONDITION(
-    refined_string_typet::is_refined_string_type(expr.false_case().type()));
+  PRECONDITION(is_refined_string_type(expr.false_case().type()));
   string_exprt f=get_string_expr(expr.false_case());
   const refined_string_typet &ref_type=to_refined_string_type(t.type());
   const typet &index_type=ref_type.get_index_type();
diff --git a/src/solvers/refinement/string_refinement.cpp b/src/solvers/refinement/string_refinement.cpp
index c6afe3af184..6b8966c7d6f 100644
--- a/src/solvers/refinement/string_refinement.cpp
+++ b/src/solvers/refinement/string_refinement.cpp
@@ -162,7 +162,7 @@ void string_refinementt::add_symbol_to_symbol_map(
                rhs.id()==ID_array_of ||
                rhs.id()==ID_if ||
                (rhs.id()==ID_struct &&
-                refined_string_typet::is_refined_string_type(rhs.type())));
+                is_refined_string_type(rhs.type())));
 
   // We insert the mapped value of the rhs, if it exists.
   auto it=symbol_resolve.find(rhs);
@@ -279,7 +279,7 @@ bool string_refinementt::add_axioms_for_string_assigns(
       return true;
     }
   }
-  if(refined_string_typet::is_refined_string_type(rhs.type()))
+  if(is_refined_string_type(rhs.type()))
   {
     exprt refined_rhs=generator.add_axioms_for_refined_string(rhs);
     add_symbol_to_symbol_map(lhs, refined_rhs);
@@ -302,7 +302,7 @@ bool string_refinementt::add_axioms_for_string_assigns(
 ///          last value that has been initialized.
 void string_refinementt::concretize_string(const exprt &expr)
 {
-  if(refined_string_typet::is_refined_string_type(expr.type()))
+  if(is_refined_string_type(expr.type()))
   {
     string_exprt str=to_string_expr(expr);
     exprt length=get(str.length());
@@ -392,7 +392,7 @@ void string_refinementt::concretize_lengths()
 {
   for(const auto &it : symbol_resolve)
   {
-    if(refined_string_typet::is_refined_string_type(it.second.type()))
+    if(is_refined_string_type(it.second.type()))
     {
       string_exprt str=to_string_expr(it.second);
       exprt length=get(str.length());
@@ -403,7 +403,7 @@ void string_refinementt::concretize_lengths()
   }
   for(const auto &it : generator.created_strings)
   {
-    if(refined_string_typet::is_refined_string_type(it.type()))
+    if(is_refined_string_type(it.type()))
     {
       string_exprt str=to_string_expr(it);
       exprt length=get(str.length());
@@ -429,12 +429,10 @@ void string_refinementt::set_to(const exprt &expr, bool value)
 
     // The assignment of a string equality to false is not supported.
     PRECONDITION(value || !is_char_array(rhs.type()));
-    PRECONDITION(value ||
-      !refined_string_typet::is_refined_string_type(rhs.type()));
+    PRECONDITION(value || !is_refined_string_type(rhs.type()));
 
     PRECONDITION(lhs.id()==ID_symbol || !is_char_array(rhs.type()));
-    PRECONDITION(lhs.id()==ID_symbol ||
-      !refined_string_typet::is_refined_string_type(rhs.type()));
+    PRECONDITION(lhs.id()==ID_symbol || !is_refined_string_type(rhs.type()));
 
     // If lhs is not a symbol, let supert::set_to() handle it.
     if(lhs.id()!=ID_symbol)
@@ -811,7 +809,7 @@ void string_refinementt::debug_model()
   const std::string indent("  ");
   for(auto it : symbol_resolve)
   {
-    if(refined_string_typet::is_refined_string_type(it.second.type()))
+    if(is_refined_string_type(it.second.type()))
     {
       debug() << "- " << from_expr(ns, "", to_symbol_expr(it.first)) << ":\n";
       string_exprt refined=to_string_expr(it.second);
@@ -1684,8 +1682,7 @@ exprt string_refinementt::get(const exprt &expr) const
     if(it!=found_length.end())
       return get_array(ecopy, it->second);
   }
-  else if(refined_string_typet::is_refined_string_type(ecopy.type()) &&
-          ecopy.id()==ID_struct)
+  else if(is_refined_string_type(ecopy.type()) && ecopy.id()==ID_struct)
   {
     const string_exprt &string=to_string_expr(ecopy);
     const exprt &content=string.content();
diff --git a/src/util/refined_string_type.cpp b/src/util/refined_string_type.cpp
index 29f73f88da6..91ac2e4661d 100644
--- a/src/util/refined_string_type.cpp
+++ b/src/util/refined_string_type.cpp
@@ -16,8 +16,6 @@ Author: Romain Brenguier, romain.brenguier@diffblue.com
 ///   `content` of type `content_type`. This module also defines functions to
 ///   recognise the C and java string types.
 
-#include <util/cprover_prefix.h>
-
 #include "refined_string_type.h"
 
 refined_string_typet::refined_string_typet(
@@ -29,13 +27,3 @@ refined_string_typet::refined_string_typet(
   components().emplace_back("content", char_array);
   set_tag(CPROVER_PREFIX"refined_string_type");
 }
-
-/// \par parameters: a type
-/// \return Boolean telling whether the input is a refined string type
-bool refined_string_typet::is_refined_string_type(const typet &type)
-{
-  return
-    type.id()==ID_struct &&
-    to_struct_type(type).get_tag()==CPROVER_PREFIX"refined_string_type";
-}
-
diff --git a/src/util/refined_string_type.h b/src/util/refined_string_type.h
index efa8a0987ec..f20f0048151 100644
--- a/src/util/refined_string_type.h
+++ b/src/util/refined_string_type.h
@@ -22,6 +22,7 @@ Author: Romain Brenguier, romain.brenguier@diffblue.com
 #include <util/std_types.h>
 #include <util/std_expr.h>
 #include <util/arith_tools.h>
+#include <util/cprover_prefix.h>
 #include <util/expr_util.h>
 
 // Internal type used for string refinement
@@ -33,7 +34,7 @@ class refined_string_typet: public struct_typet
   // Type for the content (list of characters) of a string
   const array_typet &get_content_type() const
   {
-    assert(components().size()==2);
+    PRECONDITION(components().size()==2);
     return to_array_type(components()[1].type());
   }
 
@@ -44,22 +45,22 @@ class refined_string_typet: public struct_typet
 
   const typet &get_index_type() const
   {
-    assert(components().size()==2);
+    PRECONDITION(components().size()==2);
     return components()[0].type();
   }
-
-  static bool is_refined_string_type(const typet &type);
-
-  constant_exprt index_of_int(int i) const
-  {
-    return from_integer(i, get_index_type());
-  }
 };
 
+inline bool is_refined_string_type(const typet &type)
+{
+    return
+      type.id()==ID_struct &&
+      to_struct_type(type).get_tag()==CPROVER_PREFIX"refined_string_type";
+}
+
 extern inline const refined_string_typet &to_refined_string_type(
   const typet &type)
 {
-  assert(refined_string_typet::is_refined_string_type(type));
+  PRECONDITION(is_refined_string_type(type));
   return static_cast<const refined_string_typet &>(type);
 }
 

From a86ed4adabddab7dadccb444728da61893217f0f Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Mon, 21 Aug 2017 14:37:22 +0100
Subject: [PATCH 607/699] Renaming string length comparing functions
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The previous name used (like `axioms_for_is_longer_than`) could be
ambiguous and sometimes misleading.
---
 ...string_constraint_generator_comparison.cpp | 16 ++++------
 .../string_constraint_generator_float.cpp     |  4 +--
 .../string_constraint_generator_main.cpp      |  4 +--
 .../string_constraint_generator_testing.cpp   | 16 +++++-----
 ...ng_constraint_generator_transformation.cpp | 14 ++++----
 .../string_constraint_generator_valueof.cpp   | 13 ++++----
 src/util/string_expr.h                        | 32 +++++++++----------
 7 files changed, 47 insertions(+), 52 deletions(-)

diff --git a/src/solvers/refinement/string_constraint_generator_comparison.cpp b/src/solvers/refinement/string_constraint_generator_comparison.cpp
index c5021b107e3..aa14d4192e8 100644
--- a/src/solvers/refinement/string_constraint_generator_comparison.cpp
+++ b/src/solvers/refinement/string_constraint_generator_comparison.cpp
@@ -175,7 +175,7 @@ exprt string_constraint_generatort::add_axioms_for_hash_code(
       and_exprt(
         not_exprt(equal_exprt(str[i], it.first[i])),
         and_exprt(
-          str.axiom_for_is_strictly_longer_than(i),
+          str.axiom_for_length_gt(i),
           axiom_for_is_positive_index(i))));
     axioms.push_back(or_exprt(c1, or_exprt(c2, c3)));
   }
@@ -229,16 +229,12 @@ exprt string_constraint_generatort::add_axioms_for_compare_to(
       typecast_exprt(s1.length(), return_type),
       typecast_exprt(s2.length(), return_type)));
   or_exprt guard1(
-    and_exprt(s1.axiom_for_is_shorter_than(s2),
-              s1.axiom_for_is_strictly_longer_than(x)),
-    and_exprt(s1.axiom_for_is_longer_than(s2),
-              s2.axiom_for_is_strictly_longer_than(x)));
+    and_exprt(s1.axiom_for_length_le(s2), s1.axiom_for_length_gt(x)),
+    and_exprt(s1.axiom_for_length_ge(s2), s2.axiom_for_length_gt(x)));
   and_exprt cond1(ret_char_diff, guard1);
   or_exprt guard2(
-    and_exprt(s2.axiom_for_is_strictly_longer_than(s1),
-              s1.axiom_for_has_length(x)),
-    and_exprt(s1.axiom_for_is_strictly_longer_than(s2),
-              s2.axiom_for_has_length(x)));
+    and_exprt(s2.axiom_for_length_gt(s1), s1.axiom_for_has_length(x)),
+    and_exprt(s1.axiom_for_length_gt(s2), s2.axiom_for_has_length(x)));
   and_exprt cond2(ret_length_diff, guard2);
 
   implies_exprt a3(
@@ -300,7 +296,7 @@ symbol_exprt string_constraint_generatort::add_axioms_for_intern(
               str.axiom_for_has_same_length_as(it.first),
               and_exprt(
                 not_exprt(equal_exprt(str[i], it.first[i])),
-                and_exprt(str.axiom_for_is_strictly_longer_than(i),
+                and_exprt(str.axiom_for_length_gt(i),
                           axiom_for_is_positive_index(i)))))));
     }
 
diff --git a/src/solvers/refinement/string_constraint_generator_float.cpp b/src/solvers/refinement/string_constraint_generator_float.cpp
index 826a9d5b38b..d164ad54264 100644
--- a/src/solvers/refinement/string_constraint_generator_float.cpp
+++ b/src/solvers/refinement/string_constraint_generator_float.cpp
@@ -235,8 +235,8 @@ string_exprt string_constraint_generatort::add_axioms_for_fractional_part(
   // no_trailing_zero: forall j:[2, max_size[. !(|res| = j+1 && res[j] = '0')
   // a3 : int_expr = sum_j 10^j (j < |res| ? res[j] - '0' : 0)
 
-  and_exprt a1(res.axiom_for_is_strictly_longer_than(1),
-               res.axiom_for_is_shorter_than(max));
+  and_exprt a1(res.axiom_for_length_gt(1),
+               res.axiom_for_length_le(max));
   axioms.push_back(a1);
 
   equal_exprt starts_with_dot(res[0], from_integer('.', char_type));
diff --git a/src/solvers/refinement/string_constraint_generator_main.cpp b/src/solvers/refinement/string_constraint_generator_main.cpp
index 07e974d2a7e..71de1f136a2 100644
--- a/src/solvers/refinement/string_constraint_generator_main.cpp
+++ b/src/solvers/refinement/string_constraint_generator_main.cpp
@@ -156,9 +156,9 @@ void string_constraint_generatort::add_default_axioms(
   const string_exprt &s)
 {
   axioms.push_back(
-    s.axiom_for_is_longer_than(from_integer(0, s.length().type())));
+    s.axiom_for_length_ge(from_integer(0, s.length().type())));
   if(max_string_length!=std::numeric_limits<size_t>::max())
-    axioms.push_back(s.axiom_for_is_shorter_than(max_string_length));
+    axioms.push_back(s.axiom_for_length_le(max_string_length));
 
   if(force_printable_characters)
   {
diff --git a/src/solvers/refinement/string_constraint_generator_testing.cpp b/src/solvers/refinement/string_constraint_generator_testing.cpp
index afb758afbb4..69ee6e40cbc 100644
--- a/src/solvers/refinement/string_constraint_generator_testing.cpp
+++ b/src/solvers/refinement/string_constraint_generator_testing.cpp
@@ -32,7 +32,7 @@ exprt string_constraint_generatort::add_axioms_for_is_prefix(
 
   implies_exprt a1(
     isprefix,
-    str.axiom_for_is_longer_than(plus_exprt_with_overflow_check(
+    str.axiom_for_length_ge(plus_exprt_with_overflow_check(
       prefix.length(), offset)));
   axioms.push_back(a1);
 
@@ -49,12 +49,12 @@ exprt string_constraint_generatort::add_axioms_for_is_prefix(
   and_exprt witness_diff(
     axiom_for_is_positive_index(witness),
     and_exprt(
-      prefix.axiom_for_is_strictly_longer_than(witness),
+      prefix.axiom_for_length_gt(witness),
       notequal_exprt(str[plus_exprt_with_overflow_check(witness, offset)],
                      prefix[witness])));
   or_exprt s0_notpref_s1(
     not_exprt(
-      str.axiom_for_is_longer_than(
+      str.axiom_for_length_ge(
         plus_exprt_with_overflow_check(prefix.length(), offset))),
     witness_diff);
 
@@ -132,7 +132,7 @@ exprt string_constraint_generatort::add_axioms_for_is_suffix(
   //     || (s1.length > witness>=0
   //       &&s1[witness]!=s0[witness + s0.length-s1.length]
 
-  implies_exprt a1(issuffix, s1.axiom_for_is_longer_than(s0));
+  implies_exprt a1(issuffix, s1.axiom_for_length_ge(s0));
   axioms.push_back(a1);
 
   symbol_exprt qvar=fresh_univ_index("QA_suffix", index_type);
@@ -146,12 +146,12 @@ exprt string_constraint_generatort::add_axioms_for_is_suffix(
   exprt shifted=plus_exprt(
     witness, minus_exprt(s1.length(), s0.length()));
   or_exprt constr3(
-    and_exprt(s0.axiom_for_is_strictly_longer_than(s1),
+    and_exprt(s0.axiom_for_length_gt(s1),
               equal_exprt(witness, from_integer(-1, index_type))),
     and_exprt(
       notequal_exprt(s0[witness], s1[shifted]),
       and_exprt(
-        s0.axiom_for_is_strictly_longer_than(witness),
+        s0.axiom_for_length_gt(witness),
         axiom_for_is_positive_index(witness))));
   implies_exprt a3(not_exprt(issuffix), constr3);
 
@@ -201,7 +201,7 @@ exprt string_constraint_generatort::add_axioms_for_contains(
   //      (forall startpos <= |s0| - |s1|.
   //         exists witness < |s1|. s1[witness] != s0[witness + startpos])
 
-  implies_exprt a1(contains, s0.axiom_for_is_longer_than(s1));
+  implies_exprt a1(contains, s0.axiom_for_length_ge(s1));
   axioms.push_back(a1);
 
   symbol_exprt startpos=fresh_exist_index("startpos_contains", index_type);
@@ -229,7 +229,7 @@ exprt string_constraint_generatort::add_axioms_for_contains(
   string_not_contains_constraintt a5(
     from_integer(0, index_type),
     plus_exprt(from_integer(1, index_type), length_diff),
-    and_exprt(not_exprt(contains), s0.axiom_for_is_longer_than(s1)),
+    and_exprt(not_exprt(contains), s0.axiom_for_length_ge(s1)),
     from_integer(0, index_type),
     s1.length(),
     s0,
diff --git a/src/solvers/refinement/string_constraint_generator_transformation.cpp b/src/solvers/refinement/string_constraint_generator_transformation.cpp
index f835ec5b646..b2566bab396 100644
--- a/src/solvers/refinement/string_constraint_generator_transformation.cpp
+++ b/src/solvers/refinement/string_constraint_generator_transformation.cpp
@@ -42,7 +42,7 @@ string_exprt string_constraint_generatort::add_axioms_for_set_length(
   string_constraintt a2(
     idx,
     res.length(),
-    s1.axiom_for_is_strictly_longer_than(idx),
+    s1.axiom_for_length_gt(idx),
     equal_exprt(s1[idx], res[idx]));
   axioms.push_back(a2);
 
@@ -51,7 +51,7 @@ string_exprt string_constraint_generatort::add_axioms_for_set_length(
   string_constraintt a3(
     idx2,
     res.length(),
-    s1.axiom_for_is_shorter_than(idx2),
+    s1.axiom_for_length_le(idx2),
     equal_exprt(res[idx2], constant_char(0, ref_type.get_char_type())));
   axioms.push_back(a3);
 
@@ -120,7 +120,7 @@ string_exprt string_constraint_generatort::add_axioms_for_substring(
   axioms.push_back(a2);
 
   // Warning: check what to do if the string is not long enough
-  axioms.push_back(str.axiom_for_is_longer_than(end));
+  axioms.push_back(str.axiom_for_length_ge(end));
 
   symbol_exprt idx=fresh_univ_index("QA_index_substring", index_type);
   string_constraintt a4(idx,
@@ -156,21 +156,21 @@ string_exprt string_constraint_generatort::add_axioms_for_trim(
   // a8 : forall n<|s1|, s[idx+n]=s1[n]
   // a9 : (s[m]>' ' &&s[m+|s1|-1]>' ') || m=|s|
 
-  exprt a1=str.axiom_for_is_longer_than(
+  exprt a1=str.axiom_for_length_ge(
     plus_exprt_with_overflow_check(idx, res.length()));
   axioms.push_back(a1);
 
   binary_relation_exprt a2(idx, ID_ge, from_integer(0, index_type));
   axioms.push_back(a2);
 
-  exprt a3=str.axiom_for_is_longer_than(idx);
+  exprt a3=str.axiom_for_length_ge(idx);
   axioms.push_back(a3);
 
-  exprt a4=res.axiom_for_is_longer_than(
+  exprt a4=res.axiom_for_length_ge(
     from_integer(0, index_type));
   axioms.push_back(a4);
 
-  exprt a5=res.axiom_for_is_shorter_than(str);
+  exprt a5=res.axiom_for_length_le(str);
   axioms.push_back(a5);
 
   symbol_exprt n=fresh_univ_index("QA_index_trim", index_type);
diff --git a/src/solvers/refinement/string_constraint_generator_valueof.cpp b/src/solvers/refinement/string_constraint_generator_valueof.cpp
index 91e2d09ec18..1c215db583b 100644
--- a/src/solvers/refinement/string_constraint_generator_valueof.cpp
+++ b/src/solvers/refinement/string_constraint_generator_valueof.cpp
@@ -222,8 +222,8 @@ string_exprt string_constraint_generatort::add_axioms_from_int_hex(
 
   size_t max_size=8;
   axioms.push_back(
-    and_exprt(res.axiom_for_is_strictly_longer_than(0),
-              res.axiom_for_is_shorter_than(max_size)));
+    and_exprt(res.axiom_for_length_gt(0),
+              res.axiom_for_length_le(max_size)));
 
   for(size_t size=1; size<=max_size; size++)
   {
@@ -322,8 +322,7 @@ void string_constraint_generatort::add_axioms_for_correct_number_format(
     is_digit_with_radix(chr, strict_formatting, radix_as_char, radix_ul);
 
   // |str| > 0
-  const exprt non_empty=
-    str.axiom_for_is_longer_than(from_integer(1, index_type));
+  const exprt non_empty=str.axiom_for_length_ge(from_integer(1, index_type));
   axioms.push_back(non_empty);
 
   if(strict_formatting)
@@ -343,11 +342,11 @@ void string_constraint_generatort::add_axioms_for_correct_number_format(
   // str[0]='+' or '-' ==> |str| > 1
   const implies_exprt contains_digit(
     or_exprt(starts_with_minus, starts_with_plus),
-    str.axiom_for_is_longer_than(from_integer(2, index_type)));
+    str.axiom_for_length_ge(from_integer(2, index_type)));
   axioms.push_back(contains_digit);
 
   // |str| <= max_size
-  axioms.push_back(str.axiom_for_is_shorter_than(max_size));
+  axioms.push_back(str.axiom_for_length_le(max_size));
 
   // forall 1 <= i < |str| . is_digit_with_radix(str[i], radix)
   // We unfold the above because we know that it will be used for all i up to
@@ -356,7 +355,7 @@ void string_constraint_generatort::add_axioms_for_correct_number_format(
   {
     /// index < length => is_digit_with_radix(str[index], radix)
     const implies_exprt character_at_index_is_digit(
-      str.axiom_for_is_longer_than(from_integer(index+1, index_type)),
+      str.axiom_for_length_ge(from_integer(index+1, index_type)),
       is_digit_with_radix(
         str[index], strict_formatting, radix_as_char, radix_ul));
     axioms.push_back(character_at_index_is_digit);
diff --git a/src/util/string_expr.h b/src/util/string_expr.h
index cdb801988ae..693df01d87f 100644
--- a/src/util/string_expr.h
+++ b/src/util/string_expr.h
@@ -53,59 +53,59 @@ class string_exprt: public struct_exprt
   }
 
   // Comparison on the length of the strings
-  binary_relation_exprt axiom_for_is_longer_than(
+  binary_relation_exprt axiom_for_length_ge(
     const string_exprt &rhs) const
   {
     return binary_relation_exprt(length(), ID_ge, rhs.length());
   }
 
-  binary_relation_exprt axiom_for_is_longer_than(
+  binary_relation_exprt axiom_for_length_ge(
     const exprt &rhs) const
   {
     return binary_relation_exprt(length(), ID_ge, rhs);
   }
 
-  binary_relation_exprt axiom_for_is_strictly_longer_than(
+  binary_relation_exprt axiom_for_length_gt(
     const exprt &rhs) const
   {
     return binary_relation_exprt(rhs, ID_lt, length());
   }
 
-  binary_relation_exprt axiom_for_is_strictly_longer_than(
+  binary_relation_exprt axiom_for_length_gt(
     const string_exprt &rhs) const
   {
     return binary_relation_exprt(rhs.length(), ID_lt, length());
   }
 
-  binary_relation_exprt axiom_for_is_strictly_longer_than(mp_integer i) const
+  binary_relation_exprt axiom_for_length_gt(mp_integer i) const
   {
-    return axiom_for_is_strictly_longer_than(from_integer(i, length().type()));
+    return axiom_for_length_gt(from_integer(i, length().type()));
   }
 
-  binary_relation_exprt axiom_for_is_shorter_than(
+  binary_relation_exprt axiom_for_length_le(
     const string_exprt &rhs) const
   {
     return binary_relation_exprt(length(), ID_le, rhs.length());
   }
 
-  binary_relation_exprt axiom_for_is_shorter_than(
+  binary_relation_exprt axiom_for_length_le(
     const exprt &rhs) const
   {
     return binary_relation_exprt(length(), ID_le, rhs);
   }
 
-  binary_relation_exprt axiom_for_is_shorter_than(mp_integer i) const
+  binary_relation_exprt axiom_for_length_le(mp_integer i) const
   {
-    return axiom_for_is_shorter_than(from_integer(i, length().type()));
+    return axiom_for_length_le(from_integer(i, length().type()));
   }
 
-  binary_relation_exprt axiom_for_is_strictly_shorter_than(
+  binary_relation_exprt axiom_for_length_lt(
     const string_exprt &rhs) const
   {
     return binary_relation_exprt(length(), ID_lt, rhs.length());
   }
 
-  binary_relation_exprt axiom_for_is_strictly_shorter_than(
+  binary_relation_exprt axiom_for_length_lt(
     const exprt &rhs) const
   {
     return binary_relation_exprt(length(), ID_lt, rhs);
@@ -132,15 +132,15 @@ class string_exprt: public struct_exprt
 
 inline string_exprt &to_string_expr(exprt &expr)
 {
-  assert(expr.id()==ID_struct);
-  assert(expr.operands().size()==2);
+  PRECONDITION(expr.id()==ID_struct);
+  PRECONDITION(expr.operands().size()==2);
   return static_cast<string_exprt &>(expr);
 }
 
 inline const string_exprt &to_string_expr(const exprt &expr)
 {
-  assert(expr.id()==ID_struct);
-  assert(expr.operands().size()==2);
+  PRECONDITION(expr.id()==ID_struct);
+  PRECONDITION(expr.operands().size()==2);
   return static_cast<const string_exprt &>(expr);
 }
 

From c96325bac7094910321a35c4532e3a6df62c7bd4 Mon Sep 17 00:00:00 2001
From: Michael Tautschnig <tautschn@amazon.com>
Date: Tue, 22 Aug 2017 15:51:17 +0100
Subject: [PATCH 608/699] Fix overly long lines and use iostream for debugging
 only

---
 src/solvers/flattening/arrays.cpp | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/src/solvers/flattening/arrays.cpp b/src/solvers/flattening/arrays.cpp
index 652b2e8f121..854ca4156b1 100644
--- a/src/solvers/flattening/arrays.cpp
+++ b/src/solvers/flattening/arrays.cpp
@@ -8,8 +8,6 @@ Author: Daniel Kroening, kroening@kroening.com
 
 #include "arrays.h"
 
-#include <iostream>
-
 #include <langapi/language_util.h>
 
 #include <util/std_expr.h>
@@ -20,6 +18,10 @@ Author: Daniel Kroening, kroening@kroening.com
 
 #include <solvers/prop/prop.h>
 
+#ifdef DEBUG
+#include <iostream>
+#endif
+
 arrayst::arrayst(
   const namespacet &_ns,
   propt &_prop):equalityt(_ns, _prop)
@@ -48,7 +50,9 @@ literalt arrayst::record_array_equality(
   if(!base_type_eq(op0.type(), op1.type(), ns))
   {
     prop.error() << equality.pretty() << messaget::eom;
-    DATA_INVARIANT(false, "record_array_equality got equality without matching types");
+    DATA_INVARIANT(
+      false,
+      "record_array_equality got equality without matching types");
   }
 
   DATA_INVARIANT(
@@ -133,7 +137,9 @@ void arrayst::collect_arrays(const exprt &a)
     if(!base_type_eq(array_type, update_expr.old().type(), ns))
     {
       prop.error() << a.pretty() << messaget::eom;
-      DATA_INVARIANT(false, "collect_arrays got 'update' without matching types");
+      DATA_INVARIANT(
+        false,
+        "collect_arrays got 'update' without matching types");
     }
 
     arrays.make_union(a, update_expr.old());
@@ -291,7 +297,7 @@ void arrayst::add_array_Ackermann_constraints()
 {
   // this is quadratic!
 
-#if 0
+#ifdef DEBUG
   std::cout << "arrays.size(): " << arrays.size() << '\n';
 #endif
 
@@ -300,7 +306,7 @@ void arrayst::add_array_Ackermann_constraints()
   {
     const index_sett &index_set=index_map[arrays.find_number(i)];
 
-#if 0
+#ifdef DEBUG
     std::cout << "index_set.size(): " << index_set.size() << '\n';
 #endif
 

From d0e572fb512026f93b0bfcf83938fd218607306d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Matthias=20G=C3=BCdemann?= <matthias.guedemann@diffblue.com>
Date: Tue, 22 Aug 2017 17:26:35 +0200
Subject: [PATCH 609/699] Add size/value checks to bitwise mp_arith operations

This adds some checks about the operands for mp_arith operations. These are used
mainly in the interpreter and the chosen limit is the size of signed/unsigned
long long int types.
---
 src/util/mp_arith.cpp | 23 +++++++++++++++--------
 1 file changed, 15 insertions(+), 8 deletions(-)

diff --git a/src/util/mp_arith.cpp b/src/util/mp_arith.cpp
index b6f60df380d..77ffa9ed614 100644
--- a/src/util/mp_arith.cpp
+++ b/src/util/mp_arith.cpp
@@ -10,14 +10,13 @@ Author: Daniel Kroening, kroening@kroening.com
 
 #include <cstdlib>
 #include <cctype>
-#include <cassert>
 
 #include <sstream>
 #include <ostream>
 #include <limits>
 
 #include "arith_tools.h"
-
+#include "invariant.h"
 
 typedef BigInt::ullong_t ullong_t; // NOLINT(readability/identifiers)
 typedef BigInt::llong_t llong_t; // NOLINT(readability/identifiers)
@@ -192,23 +191,21 @@ const mp_integer binary2integer(const std::string &n, bool is_signed)
 
 mp_integer::ullong_t integer2ulong(const mp_integer &n)
 {
-  assert(n.is_ulong());
+  PRECONDITION(n.is_ulong());
   return n.to_ulong();
 }
 
 std::size_t integer2size_t(const mp_integer &n)
 {
-  assert(n>=0);
+  PRECONDITION(n>=0 && n<=std::numeric_limits<std::size_t>::max());
   mp_integer::ullong_t ull=integer2ulong(n);
-  assert(ull <= std::numeric_limits<std::size_t>::max());
-  return (std::size_t)ull;
+  return (std::size_t) ull;
 }
 
 unsigned integer2unsigned(const mp_integer &n)
 {
-  assert(n>=0);
+  PRECONDITION(n>=0 && n<=std::numeric_limits<unsigned>::max());
   mp_integer::ullong_t ull=integer2ulong(n);
-  assert(ull <= std::numeric_limits<unsigned>::max());
   return (unsigned)ull;
 }
 
@@ -217,6 +214,7 @@ unsigned integer2unsigned(const mp_integer &n)
 /// (currently long long)
 mp_integer bitwise_or(const mp_integer &a, const mp_integer &b)
 {
+  PRECONDITION(a.is_ulong() && b.is_ulong());
   ullong_t result=a.to_ulong()|b.to_ulong();
   return result;
 }
@@ -226,6 +224,7 @@ mp_integer bitwise_or(const mp_integer &a, const mp_integer &b)
 /// (currently long long)
 mp_integer bitwise_and(const mp_integer &a, const mp_integer &b)
 {
+  PRECONDITION(a.is_ulong() && b.is_ulong());
   ullong_t result=a.to_ulong()&b.to_ulong();
   return result;
 }
@@ -235,6 +234,7 @@ mp_integer bitwise_and(const mp_integer &a, const mp_integer &b)
 /// (currently long long)
 mp_integer bitwise_xor(const mp_integer &a, const mp_integer &b)
 {
+  PRECONDITION(a.is_ulong() && b.is_ulong());
   ullong_t result=a.to_ulong()^b.to_ulong();
   return result;
 }
@@ -244,6 +244,7 @@ mp_integer bitwise_xor(const mp_integer &a, const mp_integer &b)
 /// (currently long long)
 mp_integer bitwise_neg(const mp_integer &a)
 {
+  PRECONDITION(a.is_ulong());
   ullong_t result=~a.to_ulong();
   return result;
 }
@@ -256,6 +257,7 @@ mp_integer arith_left_shift(
   const mp_integer &b,
   std::size_t true_size)
 {
+  PRECONDITION(a.is_long() && b.is_ulong());
   ullong_t shift=b.to_ulong();
   if(shift>true_size && a!=mp_integer(0))
     throw "shift value out of range";
@@ -276,6 +278,7 @@ mp_integer arith_right_shift(
   const mp_integer &b,
   std::size_t true_size)
 {
+  PRECONDITION(a.is_long() && b.is_ulong());
   llong_t number=a.to_long();
   ullong_t shift=b.to_ulong();
   if(shift>true_size)
@@ -295,6 +298,7 @@ mp_integer logic_left_shift(
   const mp_integer &b,
   std::size_t true_size)
 {
+  PRECONDITION(a.is_long() && b.is_ulong());
   ullong_t shift=b.to_ulong();
   if(shift>true_size && a!=mp_integer(0))
     throw "shift value out of range";
@@ -320,6 +324,7 @@ mp_integer logic_right_shift(
   const mp_integer &b,
   std::size_t true_size)
 {
+  PRECONDITION(a.is_long() && b.is_ulong());
   ullong_t shift=b.to_ulong();
   if(shift>true_size)
     throw "shift value out of range";
@@ -336,6 +341,7 @@ mp_integer rotate_right(
   const mp_integer &b,
   std::size_t true_size)
 {
+  PRECONDITION(a.is_ulong() && b.is_ulong());
   ullong_t number=a.to_ulong();
   ullong_t shift=b.to_ulong();
   if(shift>true_size)
@@ -355,6 +361,7 @@ mp_integer rotate_left(
   const mp_integer &b,
   std::size_t true_size)
 {
+  PRECONDITION(a.is_ulong() && b.is_ulong());
   ullong_t number=a.to_ulong();
   ullong_t shift=b.to_ulong();
   if(shift>true_size)

From bb88fd2942346b9c4870395ab23807b2205e1720 Mon Sep 17 00:00:00 2001
From: reuk <reuk@users.noreply.github.com>
Date: Tue, 22 Aug 2017 16:43:12 +0100
Subject: [PATCH 610/699] Add author string to version.h

---
 src/cbmc/version.h | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/cbmc/version.h b/src/cbmc/version.h
index 58bdccf0018..535f7027b8c 100644
--- a/src/cbmc/version.h
+++ b/src/cbmc/version.h
@@ -1,3 +1,11 @@
+/*******************************************************************\
+
+Module: Bounded Model Checking for ANSI-C + HDL
+
+Author: Daniel Kroening, kroening@kroening.com
+
+\*******************************************************************/
+
 #ifndef CPROVER_CBMC_VERSION_H
 #define CPROVER_CBMC_VERSION_H
 

From 1b20f98be6c43a2d98b63dbd9db26df9f37006ca Mon Sep 17 00:00:00 2001
From: reuk <reuk@users.noreply.github.com>
Date: Tue, 22 Aug 2017 16:44:15 +0100
Subject: [PATCH 611/699] Remove trailing white space

---
 src/symex/path_search.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/symex/path_search.cpp b/src/symex/path_search.cpp
index 54f15543430..6da4eab0856 100644
--- a/src/symex/path_search.cpp
+++ b/src/symex/path_search.cpp
@@ -293,7 +293,7 @@ bool path_searcht::drop_state(const statet &state)
     return true;
 
   // unwinding limit -- loops
-  if(unwind_limit!=std::numeric_limits<unsigned>::max() && 
+  if(unwind_limit!=std::numeric_limits<unsigned>::max() &&
      pc->is_backwards_goto())
   {
     bool stop=false;

From 11be8f664a957b3a1a23e34d1ab567853c94a5fb Mon Sep 17 00:00:00 2001
From: Peter Schrammel <peter.schrammel@diffblue.com>
Date: Tue, 22 Aug 2017 15:38:28 +0100
Subject: [PATCH 612/699] Contributing section in readme

---
 README.md | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/README.md b/README.md
index e1c2b090091..8804b2f0b55 100644
--- a/README.md
+++ b/README.md
@@ -15,6 +15,31 @@ and passing the resulting equation to a decision procedure.
 
 For full information see [cprover.org](http://www.cprover.org/cbmc).
 
+Versions
+========
+
+Get the [latest release](https://github.com/diffblue/cbmc/releases)
+* Releases are tested and for production use.
+
+Get the current *develop* version: `git clone https://github.com/diffblue/cbmc.git`
+* Develop versions are not recommended for production use.
+
+Report bugs
+===========
+
+If you encounter a problem please file a bug report:
+* Create an [issue](https://github.com/diffblue/cbmc/issues)
+
+Contributing to the code base
+=============================
+
+1. Fork the repository
+2. Clone the repository `git clone git@github.com:YOURNAME/cbmc.git`
+3. Create a branch from the `develop` branch (default branch)
+4. Make your changes (follow the [coding guidelines](https://github.com/diffblue/cbmc/blob/develop/CODING_STANDARD.md))
+5. Push your changes to your branch
+6. Create a Pull Request targeting the `develop` branch
+
 License
 =======
 4-clause BSD license, see `LICENSE` file.

From 9d74906a4041bb308685d7040900b28b8280b780 Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Tue, 22 Aug 2017 18:31:42 +0200
Subject: [PATCH 613/699] Force Java pointers to always occupy one stack slot

Regardless of the CBMC architecture, which dictates the pointer width used,
Java pointers always occupy one slot, as if they were a 32-bit type.
---
 src/java_bytecode/java_utils.cpp | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/java_bytecode/java_utils.cpp b/src/java_bytecode/java_utils.cpp
index accbe4b6647..36b98dc0ccd 100644
--- a/src/java_bytecode/java_utils.cpp
+++ b/src/java_bytecode/java_utils.cpp
@@ -28,20 +28,21 @@ bool java_is_array_type(const typet &type)
 
 unsigned java_local_variable_slots(const typet &t)
 {
+
+  // Even on a 64-bit platform, Java pointers occupy one slot:
+  if(t.id()==ID_pointer)
+    return 1;
+
   unsigned bitwidth;
 
   bitwidth=t.get_unsigned_int(ID_width);
   INVARIANT(
-    bitwidth==0 ||
     bitwidth==8 ||
     bitwidth==16 ||
     bitwidth==32 ||
     bitwidth==64,
     "all types constructed in java_types.cpp encode JVM types "
     "with these bit widths");
-  INVARIANT(
-    bitwidth!=0 || t.id()==ID_pointer,
-    "if bitwidth is 0, then this a reference to a class, which is 1 slot");
 
   return bitwidth==64 ? 2 : 1;
 }

From a4fa59c77357dd43f00f322fb827684bb73e5df9 Mon Sep 17 00:00:00 2001
From: reuk <reuk@users.noreply.github.com>
Date: Mon, 14 Aug 2017 19:15:28 +0100
Subject: [PATCH 614/699] Add test showing infinite unwinding

Implements changes suggested by @thk123.
---
 .../virtual_function_unwinding/Inner.class    | Bin 0 -> 327 bytes
 .../Interface.class                           | Bin 0 -> 115 bytes
 .../virtual_function_unwinding/Outer.class    | Bin 0 -> 452 bytes
 .../virtual_function_unwinding/Virtual.class  | Bin 0 -> 713 bytes
 .../virtual_function_unwinding/Virtual.java   |  19 ++++++++++++++++++
 .../virtual_function_unwinding/test.desc      |   8 ++++++++
 6 files changed, 27 insertions(+)
 create mode 100644 regression/cbmc-java/virtual_function_unwinding/Inner.class
 create mode 100644 regression/cbmc-java/virtual_function_unwinding/Interface.class
 create mode 100644 regression/cbmc-java/virtual_function_unwinding/Outer.class
 create mode 100644 regression/cbmc-java/virtual_function_unwinding/Virtual.class
 create mode 100644 regression/cbmc-java/virtual_function_unwinding/Virtual.java
 create mode 100644 regression/cbmc-java/virtual_function_unwinding/test.desc

diff --git a/regression/cbmc-java/virtual_function_unwinding/Inner.class b/regression/cbmc-java/virtual_function_unwinding/Inner.class
new file mode 100644
index 0000000000000000000000000000000000000000..32974676994f62583b9ee85a33b315bcba55f5e6
GIT binary patch
literal 327
zcmYk0F;2rk5JmskiI*5dLc#$k0U_MbfoLKjMY5nEazVE?3v6W8(z51MG*n0w9DqYb
z%veEC?4OxG^H%?R{rLsp4Erf!OceGMrV2Aca$%hfmxTE6s3Z*L?Y$w43+v2v_gopj
z)K$aIv}kMHl-gUFH|8Kb*%yK;7S0)ePN1s)=#G%yww<rdl@&NEtq+}UPFMO>XBZ+O
z410z!5if7Fd(3aDm8k<^v~a=r2VEN+AmYHBi_=H^80ATEmvbd?jz2)}{d$X4)^avt
i%{G0CZJsy=c31^I;VO4g{3eP&GWkbF_$7DytMLzAmNL=+

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/virtual_function_unwinding/Interface.class b/regression/cbmc-java/virtual_function_unwinding/Interface.class
new file mode 100644
index 0000000000000000000000000000000000000000..d05ac9d4a177364694fb7050e41284ab679c8617
GIT binary patch
literal 115
zcmX^0Z`VEs1_l!bPId-%b_Nbc2F4^t24)S-C`JaZ;QZ2}<W#rJoK!{zp0LcKlG4N+
zy{yEtL`DWq&%Bb<qO`<hpp*beNIxerFJ0e1DJwO(gpGlLk%0+lERbdan#RBaVll7+
INhSt1057E%Hvj+t

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/virtual_function_unwinding/Outer.class b/regression/cbmc-java/virtual_function_unwinding/Outer.class
new file mode 100644
index 0000000000000000000000000000000000000000..a2e452ab1bf8e72df8c95ebb8867ab75c1929979
GIT binary patch
literal 452
zcmYk2y-ve06orqSq#<egLxJ);Ft$aa3md3HLINQLIuvDKbAkc4Aw?nKVR!)+79<dY
zfd}BB5Z7r048HccKKJvz{`&s-1h9h*7Z#Qrm}pl~!Lp4N8>=?f7%Y_}GG(ax$4MsB
zOA*OkhRU8wR5oC!cmCzO0fTuky^stIUnTN1zX@e}Cc>C9Eq@w`I1s7Qx=fncwYp=l
z{b5dU0<)08=ycB+YNJd<lM``UTHVn!Pa}D#G|UTBn&l$i9*cY7!NIx*8*?6-n5Ui#
z8bedx_G6J;^@rhDMj3<iJ4NwMfK3|O0!>7VYX*G?r?Uf>VwKc@G^gF|y@B<%UcsLW
zk4I5gfm}6;?U@U8G)R%ZpwURWsgiX>yRK;UUcldBFg(CEA7L6#lr`|j^a`dobC=8(
Pc`WeezJ@H2;8^?tAZJM|

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/virtual_function_unwinding/Virtual.class b/regression/cbmc-java/virtual_function_unwinding/Virtual.class
new file mode 100644
index 0000000000000000000000000000000000000000..3c960cfabd4d83f9e4067eb8b523d1a98417b65b
GIT binary patch
literal 713
zcmZuv%Wl&^6g^`*apJm7NT7sQN|P4S0?nqoRtQu;s$}RQRiu{H#2L~l?ih`2J|;iF
z8ju=^NU-Ol5O<7e7O<K7m~+m3%>4ZI?K^;7?0E3euEN8bi~BCtJveB4u+cF`*Tsg1
z3fe9<Jv_ie7d?jN22T>9QyHt|g-rM;5@QB-%23{yN~TX4?B3Rp!8wS>f}s{jCEjEg
zBcYECn4uBGA&-V!OA{AKCq0u1Lp2ymon}1RBY_Jp6~k)pZE(&%@_xkCq(4ZtRFl2D
z0M`?uH2-tWusle4`2IEjQ0Q0o!>DM_8^oCo#Vcu=@r!ypri70g>OPjS!caQOQlZHn
zDkZeJ+48ZCM+~h+H_!jB;-%Ixf!#vQ#bX~&47k1kAC1mMm@=&Nf<r~x?|3NkLD(qY
z8LhCkKp#Z3XPSO25~;=bsuInWW(n5m)qHwIR&SYp$+JOx)akrNQJ*X$TiTw1eJ003
zgU)iEtf5K1{|A8UxIs}BtGG!SLq4T{V94Dsu%=j>!#<hAIhmm}L-`W!6iahdD6al6
z(snNGQ3(*eL(xLMixzHC{&tRI9r{mquA1D<s}QN-U1Dhp*ZBm;{tD~gh7G?2%YSCZ
Kx=VqDd%ppEIETpq

literal 0
HcmV?d00001

diff --git a/regression/cbmc-java/virtual_function_unwinding/Virtual.java b/regression/cbmc-java/virtual_function_unwinding/Virtual.java
new file mode 100644
index 00000000000..2fd37dac136
--- /dev/null
+++ b/regression/cbmc-java/virtual_function_unwinding/Virtual.java
@@ -0,0 +1,19 @@
+interface Interface {
+  boolean b();
+}
+
+class Inner implements Interface {
+  public boolean b() { return false; }
+}
+
+class Outer implements Interface {
+  private Interface inner;
+  public Outer(Interface inner) { this.inner = inner; }
+  public boolean b() { return !inner.b(); }
+}
+
+public class Virtual {
+  public static void main(String[] args) {
+    assert new Outer(new Inner()).b();
+  }
+}
diff --git a/regression/cbmc-java/virtual_function_unwinding/test.desc b/regression/cbmc-java/virtual_function_unwinding/test.desc
new file mode 100644
index 00000000000..b72e982ae9c
--- /dev/null
+++ b/regression/cbmc-java/virtual_function_unwinding/test.desc
@@ -0,0 +1,8 @@
+KNOWNBUG
+Virtual.class
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION SUCCESSFUL$
+--
+--
+See diffblue/test-gen#845 for details

From efe922e0ec26aa1255ef7fcd3ac281153b05ac4a Mon Sep 17 00:00:00 2001
From: Daniel Kroening <kroening@cs.ox.ac.uk>
Date: Tue, 22 Aug 2017 15:17:32 +0100
Subject: [PATCH 615/699] factor out goto model linking into separate file

---
 src/goto-programs/Makefile             |   1 +
 src/goto-programs/link_goto_model.cpp  | 180 +++++++++++++++++++++++++
 src/goto-programs/link_goto_model.h    |  23 ++++
 src/goto-programs/read_goto_binary.cpp | 180 ++++---------------------
 4 files changed, 228 insertions(+), 156 deletions(-)
 create mode 100644 src/goto-programs/link_goto_model.cpp
 create mode 100644 src/goto-programs/link_goto_model.h

diff --git a/src/goto-programs/Makefile b/src/goto-programs/Makefile
index c7e2f264cf2..b164beef079 100644
--- a/src/goto-programs/Makefile
+++ b/src/goto-programs/Makefile
@@ -26,6 +26,7 @@ SRC = basic_blocks.cpp \
       interpreter.cpp \
       interpreter_evaluate.cpp \
       json_goto_trace.cpp \
+      link_goto_model.cpp \
       link_to_library.cpp \
       loop_ids.cpp \
       mm_io.cpp \
diff --git a/src/goto-programs/link_goto_model.cpp b/src/goto-programs/link_goto_model.cpp
new file mode 100644
index 00000000000..6b40fd7173a
--- /dev/null
+++ b/src/goto-programs/link_goto_model.cpp
@@ -0,0 +1,180 @@
+/*******************************************************************\
+
+Module: Link Goto Programs
+
+Author: Michael Tautschnig, Daniel Kroening
+
+\*******************************************************************/
+
+/// \file
+/// Link Goto Programs
+
+#include "link_goto_model.h"
+
+#include <unordered_set>
+
+#include <util/base_type.h>
+#include <util/symbol.h>
+#include <util/rename_symbol.h>
+
+#include <linking/linking_class.h>
+
+#include "goto_model.h"
+
+static void rename_symbols_in_function(
+  goto_functionst::goto_functiont &function,
+  const rename_symbolt &rename_symbol)
+{
+  goto_programt &program=function.body;
+  rename_symbol(function.type);
+
+  Forall_goto_program_instructions(iit, program)
+  {
+    rename_symbol(iit->code);
+    rename_symbol(iit->guard);
+  }
+}
+
+/// Link a set of goto functions, considering weak symbols
+/// and symbol renaming
+static bool link_functions(
+  symbol_tablet &dest_symbol_table,
+  goto_functionst &dest_functions,
+  const symbol_tablet &src_symbol_table,
+  goto_functionst &src_functions,
+  const rename_symbolt &rename_symbol,
+  const std::unordered_set<irep_idt, irep_id_hash> &weak_symbols,
+  const replace_symbolt &object_type_updates)
+{
+  namespacet ns(dest_symbol_table);
+  namespacet src_ns(src_symbol_table);
+
+  // merge functions
+  Forall_goto_functions(src_it, src_functions)
+  {
+    // the function might have been renamed
+    rename_symbolt::expr_mapt::const_iterator e_it=
+      rename_symbol.expr_map.find(src_it->first);
+
+    irep_idt final_id=src_it->first;
+
+    if(e_it!=rename_symbol.expr_map.end())
+      final_id=e_it->second;
+
+    // already there?
+    goto_functionst::function_mapt::iterator dest_f_it=
+      dest_functions.function_map.find(final_id);
+
+    if(dest_f_it==dest_functions.function_map.end()) // not there yet
+    {
+      rename_symbols_in_function(src_it->second, rename_symbol);
+
+      goto_functionst::goto_functiont &in_dest_symbol_table=
+        dest_functions.function_map[final_id];
+
+      in_dest_symbol_table.body.swap(src_it->second.body);
+      in_dest_symbol_table.type=src_it->second.type;
+    }
+    else // collision!
+    {
+      goto_functionst::goto_functiont &in_dest_symbol_table=
+        dest_functions.function_map[final_id];
+
+      goto_functionst::goto_functiont &src_func=src_it->second;
+
+      if(in_dest_symbol_table.body.instructions.empty() ||
+         weak_symbols.find(final_id)!=weak_symbols.end())
+      {
+        // the one with body wins!
+        rename_symbols_in_function(src_func, rename_symbol);
+
+        in_dest_symbol_table.body.swap(src_func.body);
+        in_dest_symbol_table.type=src_func.type;
+      }
+      else if(src_func.body.instructions.empty() ||
+              src_ns.lookup(src_it->first).is_weak)
+      {
+        // just keep the old one in dest
+      }
+      else if(in_dest_symbol_table.type.get_bool(ID_C_inlined))
+      {
+        // ok, we silently ignore
+      }
+      else
+      {
+        // the linking code will have ensured that types match
+        rename_symbol(src_func.type);
+        assert(base_type_eq(in_dest_symbol_table.type, src_func.type, ns));
+      }
+    }
+  }
+
+  // apply macros
+  rename_symbolt macro_application;
+
+  forall_symbols(it, dest_symbol_table.symbols)
+    if(it->second.is_macro && !it->second.is_type)
+    {
+      const symbolt &symbol=it->second;
+
+      assert(symbol.value.id()==ID_symbol);
+      const irep_idt &id=to_symbol_expr(symbol.value).get_identifier();
+
+      #if 0
+      if(!base_type_eq(symbol.type, ns.lookup(id).type, ns))
+      {
+        std::cerr << symbol << '\n';
+        std::cerr << ns.lookup(id) << '\n';
+      }
+      assert(base_type_eq(symbol.type, ns.lookup(id).type, ns));
+      #endif
+
+      macro_application.insert_expr(symbol.name, id);
+    }
+
+  if(!macro_application.expr_map.empty())
+    Forall_goto_functions(dest_it, dest_functions)
+      rename_symbols_in_function(dest_it->second, macro_application);
+
+  if(!object_type_updates.expr_map.empty())
+  {
+    Forall_goto_functions(dest_it, dest_functions)
+      Forall_goto_program_instructions(iit, dest_it->second.body)
+      {
+        object_type_updates(iit->code);
+        object_type_updates(iit->guard);
+      }
+  }
+
+  return false;
+}
+
+void link_goto_model(
+  goto_modelt &dest,
+  goto_modelt &src,
+  message_handlert &message_handler)
+{
+  typedef std::unordered_set<irep_idt, irep_id_hash> id_sett;
+  id_sett weak_symbols;
+
+  forall_symbols(it, dest.symbol_table.symbols)
+    if(it->second.is_weak)
+      weak_symbols.insert(it->first);
+
+  linkingt linking(dest.symbol_table,
+                   src.symbol_table,
+                   message_handler);
+
+  if(linking.typecheck_main())
+    throw 0;
+
+  if(link_functions(
+      dest.symbol_table,
+      dest.goto_functions,
+      src.symbol_table,
+      src.goto_functions,
+      linking.rename_symbol,
+      weak_symbols,
+      linking.object_type_updates))
+    throw 0;
+}
diff --git a/src/goto-programs/link_goto_model.h b/src/goto-programs/link_goto_model.h
new file mode 100644
index 00000000000..e04b85727e9
--- /dev/null
+++ b/src/goto-programs/link_goto_model.h
@@ -0,0 +1,23 @@
+/*******************************************************************\
+
+Module: Read Goto Programs
+
+Author: Daniel Kroening, kroening@kroening.com
+
+\*******************************************************************/
+
+/// \file
+/// Read Goto Programs
+
+#ifndef CPROVER_GOTO_PROGRAMS_LINK_GOTO_MODEL_H
+#define CPROVER_GOTO_PROGRAMS_LINK_GOTO_MODEL_H
+
+class goto_modelt;
+class message_handlert;
+
+void link_goto_model(
+  goto_modelt &dest,
+  goto_modelt &src,
+  message_handlert &);
+
+#endif // CPROVER_GOTO_PROGRAMS_LINK_GOTO_MODEL_H
diff --git a/src/goto-programs/read_goto_binary.cpp b/src/goto-programs/read_goto_binary.cpp
index 58eafda8fb2..2b4a3805401 100644
--- a/src/goto-programs/read_goto_binary.cpp
+++ b/src/goto-programs/read_goto_binary.cpp
@@ -32,9 +32,8 @@ Module: Read Goto Programs
 
 #include <langapi/language_ui.h>
 
-#include <linking/linking_class.h>
-
 #include "goto_model.h"
+#include "link_goto_model.h"
 #include "read_bin_goto_object.h"
 #include "elf_reader.h"
 #include "osx_fat_reader.h"
@@ -214,139 +213,12 @@ bool is_goto_binary(const std::string &filename)
   return false;
 }
 
-static void rename_symbols_in_function(
-  goto_functionst::goto_functiont &function,
-  const rename_symbolt &rename_symbol)
-{
-  goto_programt &program=function.body;
-  rename_symbol(function.type);
-
-  Forall_goto_program_instructions(iit, program)
-  {
-    rename_symbol(iit->code);
-    rename_symbol(iit->guard);
-  }
-}
-
-static bool link_functions(
-  symbol_tablet &dest_symbol_table,
-  goto_functionst &dest_functions,
-  const symbol_tablet &src_symbol_table,
-  goto_functionst &src_functions,
-  const rename_symbolt &rename_symbol,
-  const std::unordered_set<irep_idt, irep_id_hash> &weak_symbols,
-  const replace_symbolt &object_type_updates)
-{
-  namespacet ns(dest_symbol_table);
-  namespacet src_ns(src_symbol_table);
-
-  // merge functions
-  Forall_goto_functions(src_it, src_functions)
-  {
-    // the function might have been renamed
-    rename_symbolt::expr_mapt::const_iterator e_it=
-      rename_symbol.expr_map.find(src_it->first);
-
-    irep_idt final_id=src_it->first;
-
-    if(e_it!=rename_symbol.expr_map.end())
-      final_id=e_it->second;
-
-    // already there?
-    goto_functionst::function_mapt::iterator dest_f_it=
-      dest_functions.function_map.find(final_id);
-
-    if(dest_f_it==dest_functions.function_map.end()) // not there yet
-    {
-      rename_symbols_in_function(src_it->second, rename_symbol);
-
-      goto_functionst::goto_functiont &in_dest_symbol_table=
-        dest_functions.function_map[final_id];
-
-      in_dest_symbol_table.body.swap(src_it->second.body);
-      in_dest_symbol_table.type=src_it->second.type;
-    }
-    else // collision!
-    {
-      goto_functionst::goto_functiont &in_dest_symbol_table=
-        dest_functions.function_map[final_id];
-
-      goto_functionst::goto_functiont &src_func=src_it->second;
-
-      if(in_dest_symbol_table.body.instructions.empty() ||
-         weak_symbols.find(final_id)!=weak_symbols.end())
-      {
-        // the one with body wins!
-        rename_symbols_in_function(src_func, rename_symbol);
-
-        in_dest_symbol_table.body.swap(src_func.body);
-        in_dest_symbol_table.type=src_func.type;
-      }
-      else if(src_func.body.instructions.empty() ||
-              src_ns.lookup(src_it->first).is_weak)
-      {
-        // just keep the old one in dest
-      }
-      else if(in_dest_symbol_table.type.get_bool(ID_C_inlined))
-      {
-        // ok, we silently ignore
-      }
-      else
-      {
-        // the linking code will have ensured that types match
-        rename_symbol(src_func.type);
-        assert(base_type_eq(in_dest_symbol_table.type, src_func.type, ns));
-      }
-    }
-  }
-
-  // apply macros
-  rename_symbolt macro_application;
-
-  forall_symbols(it, dest_symbol_table.symbols)
-    if(it->second.is_macro && !it->second.is_type)
-    {
-      const symbolt &symbol=it->second;
-
-      assert(symbol.value.id()==ID_symbol);
-      const irep_idt &id=to_symbol_expr(symbol.value).get_identifier();
-
-      #if 0
-      if(!base_type_eq(symbol.type, ns.lookup(id).type, ns))
-      {
-        std::cerr << symbol << '\n';
-        std::cerr << ns.lookup(id) << '\n';
-      }
-      assert(base_type_eq(symbol.type, ns.lookup(id).type, ns));
-      #endif
-
-      macro_application.insert_expr(symbol.name, id);
-    }
-
-  if(!macro_application.expr_map.empty())
-    Forall_goto_functions(dest_it, dest_functions)
-      rename_symbols_in_function(dest_it->second, macro_application);
-
-  if(!object_type_updates.expr_map.empty())
-  {
-    Forall_goto_functions(dest_it, dest_functions)
-      Forall_goto_program_instructions(iit, dest_it->second.body)
-      {
-        object_type_updates(iit->code);
-        object_type_updates(iit->guard);
-      }
-  }
-
-  return false;
-}
-
 /// reads an object file
 /// \par parameters: a file_name
 /// \return true on error, false otherwise
 bool read_object_and_link(
   const std::string &file_name,
-  symbol_tablet &symbol_table,
-  goto_functionst &functions,
+  goto_modelt &dest,
   message_handlert &message_handler)
 {
   messaget(message_handler).statistics() << "Reading: "
@@ -361,31 +233,17 @@ bool read_object_and_link(
       message_handler))
     return true;
 
-  typedef std::unordered_set<irep_idt, irep_id_hash> id_sett;
-  id_sett weak_symbols;
-  forall_symbols(it, symbol_table.symbols)
-    if(it->second.is_weak)
-      weak_symbols.insert(it->first);
-
-  linkingt linking(symbol_table,
-                   temp_model.symbol_table,
-                   message_handler);
-
-  if(linking.typecheck_main())
-    return true;
-
-  if(link_functions(
-      symbol_table,
-      functions,
-      temp_model.symbol_table,
-      temp_model.goto_functions,
-      linking.rename_symbol,
-      weak_symbols,
-      linking.object_type_updates))
+  try
+  {
+    link_goto_model(dest, temp_model, message_handler);
+  }
+  catch(...)
+  {
     return true;
+  }
 
   // reading successful, let's update config
-  config.set_from_symbol_table(symbol_table);
+  config.set_from_symbol_table(dest.symbol_table);
 
   return false;
 }
@@ -395,12 +253,22 @@ bool read_object_and_link(
 /// \return true on error, false otherwise
 bool read_object_and_link(
   const std::string &file_name,
-  goto_modelt &goto_model,
+  symbol_tablet &dest_symbol_table,
+  goto_functionst &dest_functions,
   message_handlert &message_handler)
 {
-  return read_object_and_link(
+  goto_modelt goto_model;
+
+  goto_model.symbol_table.swap(dest_symbol_table);
+  goto_model.goto_functions.swap(dest_functions);
+
+  bool result=read_object_and_link(
     file_name,
-    goto_model.symbol_table,
-    goto_model.goto_functions,
+    goto_model,
     message_handler);
+
+  goto_model.symbol_table.swap(dest_symbol_table);
+  goto_model.goto_functions.swap(dest_functions);
+
+  return result;
 }

From 8e52f8dad8f2dbbb2b36a8f4e0501c3d87691ad8 Mon Sep 17 00:00:00 2001
From: Daniel Kroening <kroening@cs.ox.ac.uk>
Date: Tue, 22 Aug 2017 17:35:18 +0100
Subject: [PATCH 616/699] use invariant

---
 src/goto-programs/link_goto_model.cpp | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/goto-programs/link_goto_model.cpp b/src/goto-programs/link_goto_model.cpp
index 6b40fd7173a..2c8b49f74b7 100644
--- a/src/goto-programs/link_goto_model.cpp
+++ b/src/goto-programs/link_goto_model.cpp
@@ -104,7 +104,8 @@ static bool link_functions(
       {
         // the linking code will have ensured that types match
         rename_symbol(src_func.type);
-        assert(base_type_eq(in_dest_symbol_table.type, src_func.type, ns));
+        INVARIANT(base_type_eq(in_dest_symbol_table.type, src_func.type, ns),
+                  "linking ensures that types match");
       }
     }
   }
@@ -117,7 +118,7 @@ static bool link_functions(
     {
       const symbolt &symbol=it->second;
 
-      assert(symbol.value.id()==ID_symbol);
+      INVARIANT(symbol.value.id()==ID_symbol, "must have symbol");
       const irep_idt &id=to_symbol_expr(symbol.value).get_identifier();
 
       #if 0
@@ -126,7 +127,8 @@ static bool link_functions(
         std::cerr << symbol << '\n';
         std::cerr << ns.lookup(id) << '\n';
       }
-      assert(base_type_eq(symbol.type, ns.lookup(id).type, ns));
+      INVARIANT(base_type_eq(symbol.type, ns.lookup(id).type, ns),
+                "type matches");
       #endif
 
       macro_application.insert_expr(symbol.name, id);

From c7afb95a8c0e02670484ed9ea5f6d117a86781a4 Mon Sep 17 00:00:00 2001
From: Daniel Kroening <kroening@cs.ox.ac.uk>
Date: Tue, 22 Aug 2017 17:16:09 +0100
Subject: [PATCH 617/699] variants of service functions for goto_modelt

---
 src/goto-instrument/cover.cpp                 | 12 +++++++
 src/goto-instrument/cover.h                   | 35 +++++++++++--------
 src/goto-instrument/full_slicer.cpp           | 15 ++++++++
 src/goto-instrument/full_slicer.h             | 16 ++++++---
 src/goto-instrument/nondet_static.cpp         |  8 ++++-
 src/goto-instrument/nondet_static.h           |  7 ++--
 src/goto-programs/convert_nondet.cpp          | 33 +++++++++++------
 src/goto-programs/convert_nondet.h            | 17 ++++++---
 src/goto-programs/remove_skip.cpp             |  7 ++++
 src/goto-programs/remove_skip.h               |  7 ++--
 src/goto-programs/remove_unused_functions.cpp |  7 ++++
 src/goto-programs/remove_unused_functions.h   | 10 ++++--
 src/goto-programs/replace_java_nondet.cpp     |  8 +++--
 src/goto-programs/replace_java_nondet.h       |  7 ++--
 src/goto-programs/string_abstraction.cpp      | 10 ++++++
 src/goto-programs/string_abstraction.h        | 13 ++++---
 src/goto-programs/string_instrumentation.cpp  | 20 ++++++++---
 src/goto-programs/string_instrumentation.h    | 17 +++++----
 18 files changed, 185 insertions(+), 64 deletions(-)

diff --git a/src/goto-instrument/cover.cpp b/src/goto-instrument/cover.cpp
index e91e309f919..fbdafef9128 100644
--- a/src/goto-instrument/cover.cpp
+++ b/src/goto-instrument/cover.cpp
@@ -1572,3 +1572,15 @@ bool instrument_cover_goals(
   goto_functions.update();
   return false;
 }
+
+bool instrument_cover_goals(
+  const cmdlinet &cmdline,
+  goto_modelt &goto_model,
+  message_handlert &message_handler)
+{
+  return instrument_cover_goals(
+    cmdline,
+    goto_model.symbol_table,
+    goto_model.goto_functions,
+    message_handler);
+}
diff --git a/src/goto-instrument/cover.h b/src/goto-instrument/cover.h
index c3b753959ec..47086714737 100644
--- a/src/goto-instrument/cover.h
+++ b/src/goto-instrument/cover.h
@@ -42,41 +42,46 @@ enum class coverage_criteriont
   PATH, MCDC, ASSERTION, COVER };
 
 bool consider_goals(
-  const goto_programt &goto_program,
-  coverage_goalst &goals);
+  const goto_programt &,
+  coverage_goalst &);
 
 void instrument_cover_goals(
-  const symbol_tablet &symbol_table,
-  goto_functionst &goto_functions,
+  const symbol_tablet &,
+  goto_functionst &,
   coverage_criteriont,
   bool function_only=false);
 
 void instrument_cover_goals(
-  const symbol_tablet &symbol_table,
-  goto_programt &goto_program,
+  const symbol_tablet &,
+  goto_programt &,
   coverage_criteriont,
   bool function_only=false);
 
 void instrument_cover_goals(
-  const symbol_tablet &symbol_table,
-  goto_functionst &goto_functions,
+  const symbol_tablet &,
+  goto_functionst &,
   coverage_criteriont,
-  coverage_goalst &goals,
+  coverage_goalst &,
   bool function_only=false,
   bool ignore_trivial=false);
 
 void instrument_cover_goals(
-  const symbol_tablet &symbol_table,
-  goto_programt &goto_program,
+  const symbol_tablet &,
+  goto_programt &,
   coverage_criteriont,
   coverage_goalst &goals,
   bool function_only=false,
   bool ignore_trivial=false);
 
 bool instrument_cover_goals(
-  const cmdlinet &cmdline,
-  const symbol_tablet &symbol_table,
-  goto_functionst &goto_functions,
-  message_handlert &msgh);
+  const cmdlinet &,
+  const symbol_tablet &,
+  goto_functionst &,
+  message_handlert &);
+
+bool instrument_cover_goals(
+  const cmdlinet &,
+  goto_modelt &,
+  message_handlert &);
 
 #endif // CPROVER_GOTO_INSTRUMENT_COVER_H
diff --git a/src/goto-instrument/full_slicer.cpp b/src/goto-instrument/full_slicer.cpp
index 4b37e2da833..67994855cb6 100644
--- a/src/goto-instrument/full_slicer.cpp
+++ b/src/goto-instrument/full_slicer.cpp
@@ -382,6 +382,13 @@ void full_slicer(
   full_slicert()(goto_functions, ns, a);
 }
 
+void full_slicer(goto_modelt &goto_model)
+{
+  assert_criteriont a;
+  const namespacet ns(goto_model.symbol_table);
+  full_slicert()(goto_model.goto_functions, ns, a);
+}
+
 void property_slicer(
   goto_functionst &goto_functions,
   const namespacet &ns,
@@ -391,6 +398,14 @@ void property_slicer(
   full_slicert()(goto_functions, ns, p);
 }
 
+void property_slicer(
+  goto_modelt &goto_model,
+  const std::list<std::string> &properties)
+{
+  const namespacet ns(goto_model.symbol_table);
+  property_slicer(goto_model.goto_functions, ns, properties);
+}
+
 slicing_criteriont::~slicing_criteriont()
 {
 }
diff --git a/src/goto-instrument/full_slicer.h b/src/goto-instrument/full_slicer.h
index 9e39786c5a2..41caa34666f 100644
--- a/src/goto-instrument/full_slicer.h
+++ b/src/goto-instrument/full_slicer.h
@@ -12,15 +12,21 @@ Author: Daniel Kroening, kroening@kroening.com
 #ifndef CPROVER_GOTO_INSTRUMENT_FULL_SLICER_H
 #define CPROVER_GOTO_INSTRUMENT_FULL_SLICER_H
 
-#include <goto-programs/goto_functions.h>
+#include <goto-programs/goto_model.h>
 
 void full_slicer(
-  goto_functionst &goto_functions,
-  const namespacet &ns);
+  goto_functionst &,
+  const namespacet &);
+
+void full_slicer(goto_modelt &);
 
 void property_slicer(
-  goto_functionst &goto_functions,
-  const namespacet &ns,
+  goto_functionst &,
+  const namespacet &,
+  const std::list<std::string> &properties);
+
+void property_slicer(
+  goto_modelt &,
   const std::list<std::string> &properties);
 
 class slicing_criteriont
diff --git a/src/goto-instrument/nondet_static.cpp b/src/goto-instrument/nondet_static.cpp
index e5e3b7649cf..2d0cd7cd055 100644
--- a/src/goto-instrument/nondet_static.cpp
+++ b/src/goto-instrument/nondet_static.cpp
@@ -19,6 +19,7 @@ Date: November 2011
 #include <util/cprover_prefix.h>
 #include <util/prefix.h>
 
+#include <goto-programs/goto_model.h>
 #include <goto-programs/goto_functions.h>
 
 void nondet_static(
@@ -70,7 +71,6 @@ void nondet_static(
   }
 }
 
-
 void nondet_static(
   const namespacet &ns,
   goto_functionst &goto_functions)
@@ -80,3 +80,9 @@ void nondet_static(
   // update counters etc.
   goto_functions.update();
 }
+
+void nondet_static(goto_modelt &goto_model)
+{
+  const namespacet ns(goto_model.symbol_table);
+  nondet_static(ns, goto_model.goto_functions);
+}
diff --git a/src/goto-instrument/nondet_static.h b/src/goto-instrument/nondet_static.h
index 97f3f0e683b..16114584849 100644
--- a/src/goto-instrument/nondet_static.h
+++ b/src/goto-instrument/nondet_static.h
@@ -17,9 +17,12 @@ Date: November 2011
 
 class goto_functionst;
 class namespacet;
+class goto_modelt;
 
 void nondet_static(
-  const namespacet &ns,
-  goto_functionst &goto_functions);
+  const namespacet &,
+  goto_functionst &);
+
+void nondet_static(goto_modelt &);
 
 #endif // CPROVER_GOTO_INSTRUMENT_NONDET_STATIC_H
diff --git a/src/goto-programs/convert_nondet.cpp b/src/goto-programs/convert_nondet.cpp
index 926f0bcc41e..d55afbe91a1 100644
--- a/src/goto-programs/convert_nondet.cpp
+++ b/src/goto-programs/convert_nondet.cpp
@@ -9,15 +9,16 @@ Author: Reuben Thomas, reuben.thomas@diffblue.com
 /// \file
 /// Convert side_effect_expr_nondett expressions
 
-#include "goto-programs/convert_nondet.h"
-#include "goto-programs/goto_convert.h"
-#include "goto-programs/goto_model.h"
-#include "goto-programs/remove_skip.h"
+#include "convert_nondet.h"
+#include "goto_convert.h"
+#include "goto_model.h"
+#include "remove_skip.h"
 
-#include <memory>
-#include "java_bytecode/java_object_factory.h" // gen_nondet_init
+#include <java_bytecode/java_object_factory.h> // gen_nondet_init
+
+#include <util/irep_ids.h>
 
-#include "util/irep_ids.h"
+#include <memory>
 
 /// Checks an instruction to see whether it contains an assignment from
 /// side_effect_expr_nondet.  If so, replaces the instruction with a range of
@@ -111,7 +112,7 @@ static goto_programt::targett insert_nondet_init_code(
 /// \param symbol_table: The global symbol table.
 /// \param message_handler: Handles logging.
 /// \param max_nondet_array_length: Maximum size of new nondet arrays.
-static void convert_nondet(
+void convert_nondet(
   goto_programt &goto_program,
   symbol_tablet &symbol_table,
   message_handlert &message_handler,
@@ -132,8 +133,6 @@ static void convert_nondet(
   }
 }
 
-
-
 void convert_nondet(
   goto_functionst &goto_functions,
   symbol_tablet &symbol_table,
@@ -155,3 +154,17 @@ void convert_nondet(
 
   remove_skip(goto_functions);
 }
+
+void convert_nondet(
+  goto_modelt &goto_model,
+  message_handlert &message_handler,
+  size_t max_nondet_array_length,
+  size_t max_nondet_tree_depth)
+{
+  convert_nondet(
+    goto_model.goto_functions,
+    goto_model.symbol_table,
+    message_handler,
+    max_nondet_array_length,
+    max_nondet_tree_depth);
+}
diff --git a/src/goto-programs/convert_nondet.h b/src/goto-programs/convert_nondet.h
index 4ebd2483479..32d8cd33f91 100644
--- a/src/goto-programs/convert_nondet.h
+++ b/src/goto-programs/convert_nondet.h
@@ -16,6 +16,7 @@ Author: Reuben Thomas, reuben.thomas@diffblue.com
 
 class goto_functionst;
 class symbol_tablet;
+class goto_modelt;
 class message_handlert;
 
 /// Replace calls to nondet library functions with an internal nondet
@@ -27,10 +28,16 @@ class message_handlert;
 /// \param max_nondet_tree_depth: Maximum depth for object hierarchy on input
 ///   parameterers.
 void convert_nondet(
-  goto_functionst &goto_functions,
-  symbol_tablet &symbol_table,
-  message_handlert &message_handler,
-  size_t max_nondet_array_length,
-  size_t max_nondet_tree_depth);
+  goto_functionst &,
+  symbol_tablet &,
+  message_handlert &,
+  std::size_t max_nondet_array_length,
+  std::size_t max_nondet_tree_depth);
+
+void convert_nondet(
+  goto_modelt &,
+  message_handlert &,
+  std::size_t max_nondet_array_length,
+  std::size_t max_nondet_tree_depth);
 
 #endif
diff --git a/src/goto-programs/remove_skip.cpp b/src/goto-programs/remove_skip.cpp
index 816960b1ea0..3529a8f2018 100644
--- a/src/goto-programs/remove_skip.cpp
+++ b/src/goto-programs/remove_skip.cpp
@@ -10,6 +10,7 @@ Author: Daniel Kroening, kroening@kroening.com
 /// Program Transformation
 
 #include "remove_skip.h"
+#include "goto_model.h"
 
 static bool is_skip(goto_programt::instructionst::iterator it)
 {
@@ -160,3 +161,9 @@ void remove_skip(goto_functionst &goto_functions)
   Forall_goto_functions(f_it, goto_functions)
     remove_skip(f_it->second.body);
 }
+
+void remove_skip(goto_modelt &goto_model)
+{
+  remove_skip(goto_model.goto_functions);
+}
+
diff --git a/src/goto-programs/remove_skip.h b/src/goto-programs/remove_skip.h
index e466251f9d6..593e34b89fd 100644
--- a/src/goto-programs/remove_skip.h
+++ b/src/goto-programs/remove_skip.h
@@ -14,7 +14,10 @@ Author: Daniel Kroening, kroening@kroening.com
 
 #include "goto_functions.h"
 
-void remove_skip(goto_programt &goto_program);
-void remove_skip(goto_functionst &goto_functions);
+class goto_modelt;
+
+void remove_skip(goto_programt &);
+void remove_skip(goto_functionst &);
+void remove_skip(goto_modelt &);
 
 #endif // CPROVER_GOTO_PROGRAMS_REMOVE_SKIP_H
diff --git a/src/goto-programs/remove_unused_functions.cpp b/src/goto-programs/remove_unused_functions.cpp
index fd2d8cca614..3092e114796 100644
--- a/src/goto-programs/remove_unused_functions.cpp
+++ b/src/goto-programs/remove_unused_functions.cpp
@@ -13,6 +13,13 @@ Author: CM Wintersteiger
 
 #include <util/message.h>
 
+void remove_unused_functions(
+  goto_modelt &goto_model,
+  message_handlert &message_handler)
+{
+  remove_unused_functions(goto_model.goto_functions, message_handler);
+}
+
 void remove_unused_functions(
   goto_functionst &functions,
   message_handlert &message_handler)
diff --git a/src/goto-programs/remove_unused_functions.h b/src/goto-programs/remove_unused_functions.h
index 550d657f299..8c8b1739a98 100644
--- a/src/goto-programs/remove_unused_functions.h
+++ b/src/goto-programs/remove_unused_functions.h
@@ -14,11 +14,15 @@ Author: CM Wintersteiger
 
 #include <util/message.h>
 
-#include <goto-programs/goto_functions.h>
+#include <goto-programs/goto_model.h>
 
 void remove_unused_functions(
-  goto_functionst &functions,
-  message_handlert &message_handler);
+  goto_functionst &,
+  message_handlert &);
+
+void remove_unused_functions(
+  goto_modelt &,
+  message_handlert &);
 
 void find_used_functions(
   const irep_idt &current,
diff --git a/src/goto-programs/replace_java_nondet.cpp b/src/goto-programs/replace_java_nondet.cpp
index 02a989d307a..8261bb087ea 100644
--- a/src/goto-programs/replace_java_nondet.cpp
+++ b/src/goto-programs/replace_java_nondet.cpp
@@ -235,8 +235,6 @@ static void replace_java_nondet(goto_programt &goto_program)
   }
 }
 
-
-
 void replace_java_nondet(goto_functionst &goto_functions)
 {
   for(auto &goto_program : goto_functions.function_map)
@@ -248,3 +246,9 @@ void replace_java_nondet(goto_functionst &goto_functions)
 
   remove_skip(goto_functions);
 }
+
+void replace_java_nondet(goto_modelt &goto_model)
+{
+  replace_java_nondet(goto_model.goto_functions);
+}
+
diff --git a/src/goto-programs/replace_java_nondet.h b/src/goto-programs/replace_java_nondet.h
index cc924e9e974..ac8f8cfb005 100644
--- a/src/goto-programs/replace_java_nondet.h
+++ b/src/goto-programs/replace_java_nondet.h
@@ -12,11 +12,14 @@ Author: Reuben Thomas, reuben.thomas@diffblue.com
 #ifndef CPROVER_GOTO_PROGRAMS_REPLACE_JAVA_NONDET_H
 #define CPROVER_GOTO_PROGRAMS_REPLACE_JAVA_NONDET_H
 
+class goto_modelt;
 class goto_functionst;
 
 /// Replace calls to nondet library functions with an internal nondet
 /// representation.
-/// \param goto_functions: The set of goto programs to modify.
-void replace_java_nondet(goto_functionst &goto_functions);
+/// \param goto_model: The goto program to modify.
+void replace_java_nondet(goto_modelt &);
+
+void replace_java_nondet(goto_functionst &);
 
 #endif
diff --git a/src/goto-programs/string_abstraction.cpp b/src/goto-programs/string_abstraction.cpp
index 299d27cceef..fbb8aa32316 100644
--- a/src/goto-programs/string_abstraction.cpp
+++ b/src/goto-programs/string_abstraction.cpp
@@ -82,6 +82,16 @@ void string_abstraction(
   string_abstraction(dest);
 }
 
+void string_abstraction(
+  goto_modelt &goto_model,
+  message_handlert &message_handler)
+{
+  string_abstraction(
+    goto_model.symbol_table,
+    message_handler,
+    goto_model.goto_functions);
+}
+
 string_abstractiont::string_abstractiont(
   symbol_tablet &_symbol_table,
   message_handlert &_message_handler):
diff --git a/src/goto-programs/string_abstraction.h b/src/goto-programs/string_abstraction.h
index 9443b09d68b..68949fc6db7 100644
--- a/src/goto-programs/string_abstraction.h
+++ b/src/goto-programs/string_abstraction.h
@@ -17,7 +17,7 @@ Author: Daniel Kroening, kroening@kroening.com
 #include <util/config.h>
 #include <util/std_expr.h>
 
-#include "goto_functions.h"
+#include "goto_model.h"
 
 class string_abstractiont:public messaget
 {
@@ -171,13 +171,12 @@ class string_abstractiont:public messaget
 // keep track of length of strings
 
 void string_abstraction(
-  symbol_tablet &symbol_table,
-  message_handlert &message_handler,
-  goto_programt &dest);
+  goto_modelt &,
+  message_handlert &);
 
 void string_abstraction(
-  symbol_tablet &symbol_table,
-  message_handlert &message_handler,
-  goto_functionst &dest);
+  symbol_tablet &,
+  message_handlert &,
+  goto_functionst &);
 
 #endif // CPROVER_GOTO_PROGRAMS_STRING_ABSTRACTION_H
diff --git a/src/goto-programs/string_instrumentation.cpp b/src/goto-programs/string_instrumentation.cpp
index f4ce4129eed..71cf5959e35 100644
--- a/src/goto-programs/string_instrumentation.cpp
+++ b/src/goto-programs/string_instrumentation.cpp
@@ -13,15 +13,17 @@ Author: Daniel Kroening, kroening@kroening.com
 
 #include <algorithm>
 
-#include <util/std_expr.h>
-#include <util/std_code.h>
-#include <util/message.h>
 #include <util/arith_tools.h>
+#include <util/c_types.h>
 #include <util/config.h>
+#include <util/message.h>
+#include <util/std_expr.h>
+#include <util/std_code.h>
 #include <util/symbol_table.h>
 
 #include <goto-programs/format_strings.h>
-#include <util/c_types.h>
+#include <goto-programs/goto_model.h>
+
 
 exprt is_zero_string(
   const exprt &what,
@@ -170,6 +172,16 @@ void string_instrumentation(
   string_instrumentation(dest);
 }
 
+void string_instrumentation(
+  goto_modelt &goto_model,
+  message_handlert &message_handler)
+{
+  string_instrumentation(
+    goto_model.symbol_table,
+    message_handler,
+    goto_model.goto_functions);
+}
+
 void string_instrumentationt::operator()(goto_functionst &dest)
 {
   for(goto_functionst::function_mapt::iterator
diff --git a/src/goto-programs/string_instrumentation.h b/src/goto-programs/string_instrumentation.h
index 9d8bda00370..0314fe87305 100644
--- a/src/goto-programs/string_instrumentation.h
+++ b/src/goto-programs/string_instrumentation.h
@@ -15,16 +15,21 @@ Author: Daniel Kroening, kroening@kroening.com
 #include "goto_functions.h"
 
 class message_handlert;
+class goto_modelt;
 
 void string_instrumentation(
-  symbol_tablet &symbol_table,
-  message_handlert &message_handler,
-  goto_programt &dest);
+  symbol_tablet &,
+  message_handlert &,
+  goto_programt &);
 
 void string_instrumentation(
-  symbol_tablet &symbol_table,
-  message_handlert &message_handler,
-  goto_functionst &dest);
+  symbol_tablet &,
+  message_handlert &,
+  goto_functionst &);
+
+void string_instrumentation(
+  goto_modelt &,
+  message_handlert &);
 
 exprt is_zero_string(const exprt &what, bool write=false);
 exprt zero_string_length(const exprt &what, bool write=false);

From 28893701097d13cbe608633caccf5446797fe0f0 Mon Sep 17 00:00:00 2001
From: Daniel Kroening <kroening@cs.ox.ac.uk>
Date: Wed, 23 Aug 2017 11:15:04 +0100
Subject: [PATCH 618/699] pointer_typet now requires a width

---
 src/goto-programs/builtin_functions.cpp        |  2 +-
 src/goto-programs/remove_exceptions.cpp        |  2 +-
 .../java_bytecode_convert_class.cpp            |  8 ++++----
 .../java_bytecode_convert_method.cpp           |  2 +-
 src/java_bytecode/java_bytecode_instrument.cpp |  4 ++--
 .../java_string_library_preprocess.cpp         | 18 +++++++++++-------
 6 files changed, 20 insertions(+), 16 deletions(-)

diff --git a/src/goto-programs/builtin_functions.cpp b/src/goto-programs/builtin_functions.cpp
index 9ea3ea49f2f..911e25460cc 100644
--- a/src/goto-programs/builtin_functions.cpp
+++ b/src/goto-programs/builtin_functions.cpp
@@ -700,7 +700,7 @@ void goto_convertt::do_java_new_array(
   if(given_element_type.is_not_nil())
   {
     allocate_data_type=
-      pointer_typet(static_cast<const typet &>(given_element_type));
+      pointer_type(static_cast<const typet &>(given_element_type));
   }
   else
     allocate_data_type=data.type();
diff --git a/src/goto-programs/remove_exceptions.cpp b/src/goto-programs/remove_exceptions.cpp
index fc921dd767b..712aaf4b1f3 100644
--- a/src/goto-programs/remove_exceptions.cpp
+++ b/src/goto-programs/remove_exceptions.cpp
@@ -218,7 +218,7 @@ void remove_exceptionst::add_exceptional_returns(
 
       // initialize the exceptional return with NULL
       symbol_exprt lhs_expr_null=new_symbol.symbol_expr();
-      null_pointer_exprt rhs_expr_null((pointer_typet(empty_typet())));
+      null_pointer_exprt rhs_expr_null(pointer_type(empty_typet()));
       goto_programt::targett t_null=
         goto_program.insert_before(goto_program.instructions.begin());
       t_null->make_assignment();
diff --git a/src/java_bytecode/java_bytecode_convert_class.cpp b/src/java_bytecode/java_bytecode_convert_class.cpp
index 90a5aaa42bf..056825e83b2 100644
--- a/src/java_bytecode/java_bytecode_convert_class.cpp
+++ b/src/java_bytecode/java_bytecode_convert_class.cpp
@@ -306,12 +306,12 @@ void java_bytecode_convert_classt::add_array_types(symbol_tablet &symbol_table)
       id2string(symbol_type.get_identifier())+".clone:()Ljava/lang/Object;";
     code_typet clone_type;
     clone_type.return_type()=
-      pointer_typet(symbol_typet("java::java.lang.Object"));
+      java_reference_type(symbol_typet("java::java.lang.Object"));
     code_typet::parametert this_param;
     this_param.set_identifier(id2string(clone_name)+"::this");
     this_param.set_base_name("this");
     this_param.set_this();
-    this_param.type()=pointer_typet(symbol_type);
+    this_param.type()=java_reference_type(symbol_type);
     clone_type.parameters().push_back(this_param);
 
     parameter_symbolt this_symbol;
@@ -328,7 +328,7 @@ void java_bytecode_convert_classt::add_array_types(symbol_tablet &symbol_table)
     local_symbol.name=local_name;
     local_symbol.base_name="cloned_array";
     local_symbol.pretty_name=local_symbol.base_name;
-    local_symbol.type=pointer_typet(symbol_type);
+    local_symbol.type=java_reference_type(symbol_type);
     local_symbol.mode=ID_java;
     symbol_table.add(local_symbol);
     const auto &local_symexpr=local_symbol.symbol_expr();
@@ -340,7 +340,7 @@ void java_bytecode_convert_classt::add_array_types(symbol_tablet &symbol_table)
 
     side_effect_exprt java_new_array(
       ID_java_new_array,
-      pointer_typet(symbol_type));
+      java_reference_type(symbol_type));
     dereference_exprt old_array(this_symbol.symbol_expr(), symbol_type);
     dereference_exprt new_array(local_symexpr, symbol_type);
     member_exprt old_length(old_array, comp1.get_name(), comp1.type());
diff --git a/src/java_bytecode/java_bytecode_convert_method.cpp b/src/java_bytecode/java_bytecode_convert_method.cpp
index f2c2b9c0baa..c6fd2ad4766 100644
--- a/src/java_bytecode/java_bytecode_convert_method.cpp
+++ b/src/java_bytecode/java_bytecode_convert_method.cpp
@@ -1252,7 +1252,7 @@ codet java_bytecode_convert_methodt::convert_instructions(
       symbol_exprt catch_var=
         tmp_variable(
           "caught_exception",
-          pointer_typet(catch_type));
+          java_reference_type(catch_type));
       stack.push_back(catch_var);
       code_landingpadt catch_statement(catch_var);
       catch_instruction=catch_statement;
diff --git a/src/java_bytecode/java_bytecode_instrument.cpp b/src/java_bytecode/java_bytecode_instrument.cpp
index 773d6e92b84..ea00b1ac58a 100644
--- a/src/java_bytecode/java_bytecode_instrument.cpp
+++ b/src/java_bytecode/java_bytecode_instrument.cpp
@@ -13,6 +13,7 @@ Date:   June 2017
 #include <util/std_code.h>
 #include <util/std_expr.h>
 #include <util/symbol_table.h>
+#include <util/c_types.h>
 
 #include <goto-programs/goto_functions.h>
 
@@ -221,8 +222,7 @@ codet java_bytecode_instrumentt::check_class_cast(
   binary_predicate_exprt class_cast_check(
     class1, ID_java_instanceof, class2);
 
-  empty_typet voidt;
-  pointer_typet voidptr(voidt);
+  pointer_typet voidptr=pointer_type(empty_typet());
   exprt null_check_op=class1;
   if(null_check_op.type()!=voidptr)
     null_check_op.make_typecast(voidptr);
diff --git a/src/java_bytecode/java_string_library_preprocess.cpp b/src/java_bytecode/java_string_library_preprocess.cpp
index 3fa15d4dc54..2ed0ee10637 100644
--- a/src/java_bytecode/java_string_library_preprocess.cpp
+++ b/src/java_bytecode/java_string_library_preprocess.cpp
@@ -22,6 +22,8 @@ Date:   April 2017
 #include <util/fresh_symbol.h>
 #include <util/refined_string_type.h>
 #include <util/string_expr.h>
+#include <util/c_types.h>
+
 #include "java_types.h"
 #include "java_object_factory.h"
 #include "java_utils.h"
@@ -1168,7 +1170,7 @@ codet java_string_library_preprocesst::make_string_to_char_array_code(
 
   // data = new char[]
   exprt data=allocate_fresh_array(
-    pointer_typet(string_expr.content().type()), loc, symbol_table, code);
+    java_reference_type(string_expr.content().type()), loc, symbol_table, code);
 
   // *data = string_expr.content
   dereference_exprt deref_data(data, data.type().subtype());
@@ -1280,7 +1282,7 @@ exprt java_string_library_preprocesst::get_primitive_value_of_object(
       struct_type.get_component("value");
     if(!value_comp.is_nil())
     {
-      pointer_typet pointer_type(struct_type);
+      pointer_typet pointer_type=::pointer_type(struct_type);
       dereference_exprt deref(
         typecast_exprt(object, pointer_type), pointer_type.subtype());
       member_exprt deref_value(deref, value_comp.get_name(), value_comp.type());
@@ -1308,7 +1310,7 @@ exprt java_string_library_preprocesst::get_object_at_index(
   int index)
 {
   dereference_exprt deref_objs(argv, argv.type().subtype());
-  pointer_typet empty_pointer((empty_typet()));
+  pointer_typet empty_pointer=pointer_type(empty_typet());
   pointer_typet pointer_of_pointer;
   pointer_of_pointer.copy_to_subtypes(empty_pointer);
   member_exprt data_member(deref_objs, "data", pointer_of_pointer);
@@ -1409,7 +1411,8 @@ exprt java_string_library_preprocesst::make_argument_for_format(
 
     if(name=="string_expr")
     {
-      pointer_typet string_pointer(symbol_typet("java::java.lang.String"));
+      pointer_typet string_pointer=
+        java_reference_type(symbol_typet("java::java.lang.String"));
       typecast_exprt arg_i_as_string(arg_i, string_pointer);
       code_not_null.add(code_assign_java_string_to_string_expr(
         to_string_expr(field_expr), arg_i_as_string, symbol_table));
@@ -1515,7 +1518,8 @@ codet java_string_library_preprocesst::make_object_get_class_code(
   code_blockt code;
 
   // > Class class1;
-  pointer_typet class_type(symbol_table.lookup("java::java.lang.Class").type);
+  pointer_typet class_type=
+    java_reference_type(symbol_table.lookup("java::java.lang.Class").type);
   symbolt class1_sym=get_fresh_aux_symbol(
     class_type, "class_symbol", "class_symbol", loc, ID_java, symbol_table);
   symbol_exprt class1=class1_sym.symbol_expr();
@@ -1551,8 +1555,8 @@ codet java_string_library_preprocesst::make_object_get_class_code(
   code.add(code_assignt(string_expr_sym1, string_expr1));
 
   // string1 = (String*) string_expr
-  pointer_typet string_ptr_type(
-    symbol_table.lookup("java::java.lang.String").type);
+  pointer_typet string_ptr_type=
+    java_reference_type(symbol_table.lookup("java::java.lang.String").type);
   exprt string1=allocate_fresh_string(string_ptr_type, loc, symbol_table, code);
   code.add(
     code_assign_string_expr_to_new_java_string(

From 72316855a010ddf9f94bd4aea7083b56e8a0978d Mon Sep 17 00:00:00 2001
From: Daniel Kroening <kroening@cs.ox.ac.uk>
Date: Mon, 14 Aug 2017 18:13:52 +0200
Subject: [PATCH 619/699] avoid hard-wired pointer width

---
 src/java_bytecode/java_bytecode_convert_method.cpp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/java_bytecode/java_bytecode_convert_method.cpp b/src/java_bytecode/java_bytecode_convert_method.cpp
index c6fd2ad4766..709c568535b 100644
--- a/src/java_bytecode/java_bytecode_convert_method.cpp
+++ b/src/java_bytecode/java_bytecode_convert_method.cpp
@@ -1673,7 +1673,7 @@ codet java_bytecode_convert_methodt::convert_instructions(
         from_integer(
           std::next(i_it)->address,
           unsignedbv_typet(64));
-      results[0].type()=pointer_typet(void_typet(), 64);
+      results[0].type()=pointer_type(void_typet());
     }
     else if(statement=="ret")
     {
@@ -1698,7 +1698,7 @@ codet java_bytecode_convert_methodt::convert_instructions(
             from_integer(
               jsr_ret_targets[idx],
               unsignedbv_typet(64));
-          address_ptr.type()=pointer_typet(void_typet(), 64);
+          address_ptr.type()=pointer_type(void_typet());
           branch.cond()=equal_exprt(retvar, address_ptr);
           branch.cond().add_source_location()=i_it->source_location;
           branch.then_case()=g;

From 802044e73711446ec206c13bff70aa373237025e Mon Sep 17 00:00:00 2001
From: Peter Schrammel <peter.schrammel@diffblue.com>
Date: Fri, 28 Jul 2017 15:47:19 +0200
Subject: [PATCH 620/699] Transform loop that is only executed once into if

---
 src/goto-instrument/wmm/instrumenter_strategies.cpp | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/src/goto-instrument/wmm/instrumenter_strategies.cpp b/src/goto-instrument/wmm/instrumenter_strategies.cpp
index df22da52540..b4b04bc1b43 100644
--- a/src/goto-instrument/wmm/instrumenter_strategies.cpp
+++ b/src/goto-instrument/wmm/instrumenter_strategies.cpp
@@ -136,10 +136,10 @@ void inline instrumentert::instrument_one_event_per_cycle_inserter(
       continue;
 
     /* instruments the first pair */
-    for(std::set<event_grapht::critical_cyclet::delayt>::iterator
-      p_it=it->unsafe_pairs.begin();
-      p_it!=it->unsafe_pairs.end(); ++p_it)
+    if(!it->unsafe_pairs.empty())
     {
+      std::set<event_grapht::critical_cyclet::delayt>::iterator
+        p_it=it->unsafe_pairs.begin();
       delayed.insert(*p_it);
       const abstract_eventt &first_ev=egraph[p_it->first];
       var_to_instr.insert(first_ev.variable);
@@ -154,7 +154,6 @@ void inline instrumentert::instrument_one_event_per_cycle_inserter(
           std::pair<irep_idt, source_locationt>(
             second_ev.variable, second_ev.source_location));
       }
-      break;
     }
   }
 }

From a4f29adced6e108b9ffb2fc3a1d349ef0a3185e7 Mon Sep 17 00:00:00 2001
From: Peter Schrammel <peter.schrammel@diffblue.com>
Date: Fri, 28 Jul 2017 19:06:25 +0200
Subject: [PATCH 621/699] Regression tests for pointer-to-member conversion

---
 .../pointer_to_member_conversion1/main.cpp    | 30 +++++++++++++++++++
 .../pointer_to_member_conversion1/test.desc   | 10 +++++++
 .../pointer_to_member_conversion2/main.cpp    | 30 +++++++++++++++++++
 .../pointer_to_member_conversion2/test.desc   | 11 +++++++
 4 files changed, 81 insertions(+)
 create mode 100644 regression/cpp/pointer_to_member_conversion1/main.cpp
 create mode 100644 regression/cpp/pointer_to_member_conversion1/test.desc
 create mode 100644 regression/cpp/pointer_to_member_conversion2/main.cpp
 create mode 100644 regression/cpp/pointer_to_member_conversion2/test.desc

diff --git a/regression/cpp/pointer_to_member_conversion1/main.cpp b/regression/cpp/pointer_to_member_conversion1/main.cpp
new file mode 100644
index 00000000000..06457da223e
--- /dev/null
+++ b/regression/cpp/pointer_to_member_conversion1/main.cpp
@@ -0,0 +1,30 @@
+class B
+{
+};
+
+class D: public B
+{
+public:
+  int x;
+};
+
+class E
+{
+public:
+  int y;
+};
+
+
+int main(int argc, char** argv)
+{
+  int B::* xptr=static_cast<int B::*>(&D::x);
+#if 0
+  B b;
+  b.*xptr; // undefined
+#endif
+
+  D d;
+  d.*xptr; // valid
+
+  return 0;
+}
diff --git a/regression/cpp/pointer_to_member_conversion1/test.desc b/regression/cpp/pointer_to_member_conversion1/test.desc
new file mode 100644
index 00000000000..7851737adc1
--- /dev/null
+++ b/regression/cpp/pointer_to_member_conversion1/test.desc
@@ -0,0 +1,10 @@
+KNOWNBUG
+main.cpp
+
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION SUCCESSFUL$
+--
+^warning: ignoring
+--
+should exercise cpp_typecheckt::standard_conversion_pointer_to_member, cpp/cpp_typecheck_conversion.cpp:610 once other bugs are fixed
diff --git a/regression/cpp/pointer_to_member_conversion2/main.cpp b/regression/cpp/pointer_to_member_conversion2/main.cpp
new file mode 100644
index 00000000000..c0f4ddf9df4
--- /dev/null
+++ b/regression/cpp/pointer_to_member_conversion2/main.cpp
@@ -0,0 +1,30 @@
+class B
+{
+};
+
+class D: public B
+{
+public:
+  int x;
+};
+
+class E
+{
+public:
+  int y;
+};
+
+
+int main(int argc, char** argv)
+{
+  int B::* xptr=static_cast<int B::*>(&D::x);
+#if 0
+  B b;
+  b.*xptr; // undefined
+#endif
+
+  E e;
+  e.*xptr; // compiler error
+
+  return 0;
+}
diff --git a/regression/cpp/pointer_to_member_conversion2/test.desc b/regression/cpp/pointer_to_member_conversion2/test.desc
new file mode 100644
index 00000000000..57b8cb22426
--- /dev/null
+++ b/regression/cpp/pointer_to_member_conversion2/test.desc
@@ -0,0 +1,11 @@
+KNOWNBUG
+main.cpp
+
+^EXIT=(64|1)$
+^SIGNAL=0$
+invalid implicit conversion
+^CONVERSION ERROR$
+--
+^warning: ignoring
+--
+should exercise cpp_typecheckt::standard_conversion_pointer_to_member, cpp/cpp_typecheck_conversion.cpp:610 once other bugs are fixed

From b71a9f463a8dbe72645c52b602591bc49053aa0f Mon Sep 17 00:00:00 2001
From: Michael Tautschnig <tautschn@amazon.com>
Date: Wed, 23 Aug 2017 12:14:50 +0100
Subject: [PATCH 622/699] Fixed whitespace around "="

---
 src/goto-instrument/cover.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/goto-instrument/cover.cpp b/src/goto-instrument/cover.cpp
index fbdafef9128..2c3abfe2108 100644
--- a/src/goto-instrument/cover.cpp
+++ b/src/goto-instrument/cover.cpp
@@ -1075,7 +1075,7 @@ void instrument_cover_goals(
 
   Forall_goto_program_instructions(i_it, goto_program)
   {
-    std::string curr_function = id2string(i_it->function);
+    std::string curr_function=id2string(i_it->function);
 
     // if the --cover-function-only flag is set, then we only add coverage
     // instrumentation for the entry function

From 22016c04698e3f976c25ede3d7c87ef970e34220 Mon Sep 17 00:00:00 2001
From: Peter Schrammel <peter.schrammel@diffblue.com>
Date: Wed, 23 Aug 2017 12:27:03 +0100
Subject: [PATCH 623/699] Do not lint C++ regression tests

---
 scripts/cpplint.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/scripts/cpplint.py b/scripts/cpplint.py
index 3adf11d1212..da57e6a70bc 100755
--- a/scripts/cpplint.py
+++ b/scripts/cpplint.py
@@ -6516,6 +6516,9 @@ def ProcessFile(filename, vlevel, extra_check_functions=[]):
   if Search(r'_builtin_headers(_[a-z0-9_-]+)?\.h$', filename):
     return
 
+  if Search(r'regression/.*\.cpp', filename):
+    return
+
   if not ProcessConfigOverrides(filename):
     _RestoreFilters()
     return

From fd6f91c3242cbf6aa527aeb5ede13e4b87b57db2 Mon Sep 17 00:00:00 2001
From: Michael Tautschnig <tautschn@amazon.com>
Date: Wed, 23 Aug 2017 08:37:07 +0100
Subject: [PATCH 624/699] Interpreter: replace assert by invariants

---
 src/goto-programs/interpreter.cpp          | 17 ++++++++++-------
 src/goto-programs/interpreter_class.h      |  5 +++--
 src/goto-programs/interpreter_evaluate.cpp | 12 +++++++-----
 src/util/sparse_vector.h                   |  9 +++++----
 4 files changed, 25 insertions(+), 18 deletions(-)

diff --git a/src/goto-programs/interpreter.cpp b/src/goto-programs/interpreter.cpp
index b9cd4c0fa38..dc67e59681f 100644
--- a/src/goto-programs/interpreter.cpp
+++ b/src/goto-programs/interpreter.cpp
@@ -18,6 +18,7 @@ Author: Daniel Kroening, kroening@kroening.com
 #include <algorithm>
 #include <string.h>
 
+#include <util/invariant.h>
 #include <util/std_types.h>
 #include <util/symbol_table.h>
 #include <util/ieee_float.h>
@@ -380,7 +381,9 @@ void interpretert::execute_other()
   const irep_idt &statement=pc->code.get_statement();
   if(statement==ID_expression)
   {
-    assert(pc->code.operands().size()==1);
+    DATA_INVARIANT(
+      pc->code.operands().size()==1,
+      "expression statement expected to have one operand");
     mp_vectort rhs;
     evaluate(pc->code.op0(), rhs);
   }
@@ -409,7 +412,7 @@ void interpretert::execute_other()
 
 void interpretert::execute_decl()
 {
-  assert(pc->code.get_statement()==ID_decl);
+  PRECONDITION(pc->code.get_statement()==ID_decl);
 }
 
 /// retrieves the member at offset
@@ -515,7 +518,7 @@ exprt interpretert::get_value(
   std::size_t offset)
 {
   const typet real_type=ns.follow(type);
-  assert(!rhs.empty());
+  PRECONDITION(!rhs.empty());
 
   if(real_type.id()==ID_struct)
   {
@@ -807,7 +810,6 @@ void interpretert::execute_function_call()
       const code_typet::parametert &a=parameters[i];
       exprt symbol_expr(ID_symbol, a.type());
       symbol_expr.set(ID_identifier, a.get_identifier());
-      assert(i<argument_values.size());
       assign(evaluate_address(symbol_expr), argument_values[i]);
     }
 
@@ -822,8 +824,8 @@ void interpretert::execute_function_call()
     if(it!=function_input_vars.end())
     {
       mp_vectort value;
-      assert(!it->second.empty());
-      assert(!it->second.front().return_assignments.empty());
+      PRECONDITION(!it->second.empty());
+      PRECONDITION(!it->second.front().return_assignments.empty());
       evaluate(it->second.front().return_assignments.back().value, value);
       if(return_value_address>0)
       {
@@ -1011,7 +1013,8 @@ size_t interpretert::get_size(const typet &type)
       // overflow behaviour.
       exprt size_const=from_integer(i[0], size_expr.type());
       mp_integer size_mp;
-      assert(!to_integer(size_const, size_mp));
+      bool ret=to_integer(size_const, size_mp);
+      CHECK_RETURN(!ret);
       return subtype_size*integer2unsigned(size_mp);
     }
     return subtype_size;
diff --git a/src/goto-programs/interpreter_class.h b/src/goto-programs/interpreter_class.h
index 23d04bbae94..43f562f36b0 100644
--- a/src/goto-programs/interpreter_class.h
+++ b/src/goto-programs/interpreter_class.h
@@ -15,6 +15,7 @@ Author: Daniel Kroening, kroening@kroening.com
 #include <stack>
 
 #include <util/arith_tools.h>
+#include <util/invariant.h>
 #include <util/sparse_vector.h>
 
 #include "goto_functions.h"
@@ -113,7 +114,7 @@ class interpretert:public messaget
     auto lower_bound=inverse_memory_map.lower_bound(address);
     if(lower_bound->first!=address)
     {
-      assert(lower_bound!=inverse_memory_map.begin());
+      CHECK_RETURN(lower_bound!=inverse_memory_map.begin());
       --lower_bound;
     }
     return *lower_bound;
@@ -131,7 +132,7 @@ class interpretert:public messaget
 
   std::size_t base_address_to_alloc_size(std::size_t address) const
   {
-    assert(address_to_offset(address)==0);
+    PRECONDITION(address_to_offset(address)==0);
     auto upper_bound=inverse_memory_map.upper_bound(address);
     std::size_t next_alloc_address=
       upper_bound==inverse_memory_map.end() ?
diff --git a/src/goto-programs/interpreter_evaluate.cpp b/src/goto-programs/interpreter_evaluate.cpp
index d17717392aa..0efac402430 100644
--- a/src/goto-programs/interpreter_evaluate.cpp
+++ b/src/goto-programs/interpreter_evaluate.cpp
@@ -11,11 +11,11 @@ Author: Daniel Kroening, kroening@kroening.com
 
 #include "interpreter_class.h"
 
-#include <cassert>
 #include <iostream>
 #include <sstream>
 
 #include <util/ieee_float.h>
+#include <util/invariant.h>
 #include <util/fixedbv.h>
 #include <util/std_expr.h>
 #include <util/pointer_offset_size.h>
@@ -911,7 +911,7 @@ void interpretert::evaluate(
         if(expr.op0().id()==ID_array)
         {
           const auto &ops=expr.op0().operands();
-          assert(read_from_index.is_long());
+          DATA_INVARIANT(read_from_index.is_long(), "index is too large");
           if(read_from_index>=0 && read_from_index<ops.size())
           {
             evaluate(ops[read_from_index.to_long()], dest);
@@ -924,12 +924,14 @@ void interpretert::evaluate(
           // This sort of construct comes from boolbv_get, but doesn't seem
           // to have an exprt yet. Its operands are a list of key-value pairs.
           const auto &ops=expr.op0().operands();
-          assert(ops.size()%2==0);
+          DATA_INVARIANT(
+            ops.size()%2==0,
+            "array-list has odd number of operands");
           for(size_t listidx=0; listidx!=ops.size(); listidx+=2)
           {
             mp_vectort elem_idx;
             evaluate(ops[listidx], elem_idx);
-            assert(elem_idx.size()==1);
+            CHECK_RETURN(elem_idx.size()==1);
             if(elem_idx[0]==read_from_index)
             {
               evaluate(ops[listidx+1], dest);
@@ -1177,7 +1179,7 @@ mp_integer interpretert::evaluate_address(
     if(expr.operands().size()!=1)
       throw "typecast expects one operand";
 
-    assert(expr.type().id()==ID_pointer);
+    PRECONDITION(expr.type().id()==ID_pointer);
 
     return evaluate_address(expr.op0(), fail_quietly);
   }
diff --git a/src/util/sparse_vector.h b/src/util/sparse_vector.h
index 226564d636e..0b8332400a7 100644
--- a/src/util/sparse_vector.h
+++ b/src/util/sparse_vector.h
@@ -12,9 +12,10 @@ Author: Romain Brenguier
 #ifndef CPROVER_UTIL_SPARSE_VECTOR_H
 #define CPROVER_UTIL_SPARSE_VECTOR_H
 
+#include "invariant.h"
+
 #include <cstdint>
 #include <map>
-#include <assert.h>
 
 template<class T> class sparse_vectort
 {
@@ -29,13 +30,13 @@ template<class T> class sparse_vectort
 
   const T &operator[](uint64_t idx) const
   {
-    assert(idx<_size && "index out of range");
+    INVARIANT(idx<_size, "index out of range");
     return underlying[idx];
   }
 
   T &operator[](uint64_t idx)
   {
-    assert(idx<_size && "index out of range");
+    INVARIANT(idx<_size, "index out of range");
     return underlying[idx];
   }
 
@@ -46,7 +47,7 @@ template<class T> class sparse_vectort
 
   void resize(uint64_t new_size)
   {
-    assert(new_size>=_size && "sparse vector can't be shrunk (yet)");
+    INVARIANT(new_size>=_size, "sparse vector can't be shrunk (yet)");
     _size=new_size;
   }
 

From 4362116091012d7ddfaf7eeeaaba26509e90995a Mon Sep 17 00:00:00 2001
From: Michael Tautschnig <tautschn@amazon.com>
Date: Wed, 23 Aug 2017 15:57:34 +0100
Subject: [PATCH 625/699] Remove constant_exprt::integer_constant

Use from_integer, everywhere.
---
 src/goto-programs/interpreter.cpp |  6 ++++--
 src/util/std_expr.cpp             | 13 ++++---------
 src/util/std_expr.h               |  2 --
 3 files changed, 8 insertions(+), 13 deletions(-)

diff --git a/src/goto-programs/interpreter.cpp b/src/goto-programs/interpreter.cpp
index b9cd4c0fa38..0e8ff045f8b 100644
--- a/src/goto-programs/interpreter.cpp
+++ b/src/goto-programs/interpreter.cpp
@@ -890,8 +890,10 @@ typet interpretert::concretize_type(const typet &type)
     {
       result() << "Concretized array with size " << computed_size[0]
                << eom;
-      return array_typet(type.subtype(),
-             constant_exprt::integer_constant(computed_size[0].to_ulong()));
+      return
+        array_typet(
+          type.subtype(),
+          from_integer(computed_size[0], integer_typet()));
     }
     else
     {
diff --git a/src/util/std_expr.cpp b/src/util/std_expr.cpp
index cef9446e2e1..248fd629496 100644
--- a/src/util/std_expr.cpp
+++ b/src/util/std_expr.cpp
@@ -135,16 +135,11 @@ void object_descriptor_exprt::build(
   assert(root_object().type().id()!=ID_empty);
 }
 
-constant_exprt constant_exprt::integer_constant(unsigned v)
-{
-  return constant_exprt(std::to_string(v), integer_typet());
-}
-
 shift_exprt::shift_exprt(
   const exprt &_src,
   const irep_idt &_id,
   const std::size_t _distance):
-  binary_exprt(_src, _id, constant_exprt::integer_constant(_distance))
+  binary_exprt(_src, _id, from_integer(_distance, integer_typet()))
 {
 }
 
@@ -152,7 +147,7 @@ extractbit_exprt::extractbit_exprt(
   const exprt &_src,
   const std::size_t _index):
   binary_predicate_exprt(
-    _src, ID_extractbit, constant_exprt::integer_constant(_index))
+    _src, ID_extractbit, from_integer(_index, integer_typet()))
 {
 }
 
@@ -166,8 +161,8 @@ extractbits_exprt::extractbits_exprt(
   assert(_upper>=_lower);
   operands().resize(3);
   src()=_src;
-  upper()=constant_exprt::integer_constant(_upper);
-  lower()=constant_exprt::integer_constant(_lower);
+  upper()=from_integer(_upper, integer_typet());
+  lower()=from_integer(_lower, integer_typet());
 }
 
 /*******************************************************************\
diff --git a/src/util/std_expr.h b/src/util/std_expr.h
index 1ce0fa3901f..a0dfbbcb948 100644
--- a/src/util/std_expr.h
+++ b/src/util/std_expr.h
@@ -3720,8 +3720,6 @@ class constant_exprt:public exprt
   }
 
   bool value_is_zero_string() const;
-
-  static constant_exprt integer_constant(unsigned v);
 };
 
 

From 377b1600e178eb6a62cc55fc8732988746c0b9d6 Mon Sep 17 00:00:00 2001
From: reuk <reuk@users.noreply.github.com>
Date: Sat, 13 May 2017 11:04:06 +0100
Subject: [PATCH 626/699] Remove inheritance from std containers in goto_rw.h

---
 src/analyses/goto_rw.h | 58 ++++++++++++++++++++++++++++++++++++------
 1 file changed, 50 insertions(+), 8 deletions(-)

diff --git a/src/analyses/goto_rw.h b/src/analyses/goto_rw.h
index 1f92c3e0e14..e53945243c0 100644
--- a/src/analyses/goto_rw.h
+++ b/src/analyses/goto_rw.h
@@ -44,6 +44,14 @@ void goto_rw(const goto_functionst &goto_functions,
 class range_domain_baset
 {
 public:
+  range_domain_baset()=default;
+
+  range_domain_baset(const range_domain_baset &rhs)=delete;
+  range_domain_baset &operator=(const range_domain_baset &rhs)=delete;
+
+  range_domain_baset(range_domain_baset &&rhs)=delete;
+  range_domain_baset &operator=(range_domain_baset &&rhs)=delete;
+
   virtual ~range_domain_baset();
 
   virtual void output(const namespacet &ns, std::ostream &out) const=0;
@@ -61,12 +69,29 @@ inline range_spect to_range_spect(const mp_integer &size)
 }
 
 // each element x represents a range of bits [x.first, x.second.first)
-class range_domaint:
-  public range_domain_baset,
-  public std::list<std::pair<range_spect, range_spect> >
+class range_domaint:public range_domain_baset
 {
+  typedef std::list<std::pair<range_spect, range_spect>> sub_typet;
+  sub_typet data;
+
 public:
-  virtual void output(const namespacet &ns, std::ostream &out) const;
+  void output(const namespacet &ns, std::ostream &out) const override;
+
+  // NOLINTNEXTLINE(readability/identifiers)
+  typedef sub_typet::iterator iterator;
+  // NOLINTNEXTLINE(readability/identifiers)
+  typedef sub_typet::const_iterator const_iterator;
+
+  iterator begin() { return data.begin(); }
+  const_iterator begin() const { return data.begin(); }
+  const_iterator cbegin() const { return data.begin(); }
+
+  iterator end() { return data.end(); }
+  const_iterator end() const { return data.end(); }
+  const_iterator cend() const { return data.end(); }
+
+  template <typename T>
+  void push_back(T &&v) { data.push_back(std::forward<T>(v)); }
 };
 
 class array_exprt;
@@ -257,12 +282,29 @@ class rw_range_set_value_sett:public rw_range_sett
     const range_spect &size);
 };
 
-class guarded_range_domaint:
-  public range_domain_baset,
-  public std::multimap<range_spect, std::pair<range_spect, exprt> >
+class guarded_range_domaint:public range_domain_baset
 {
+  typedef std::multimap<range_spect, std::pair<range_spect, exprt>> sub_typet;
+  sub_typet data;
+
 public:
-  virtual void output(const namespacet &ns, std::ostream &out) const;
+  virtual void output(const namespacet &ns, std::ostream &out) const override;
+
+  // NOLINTNEXTLINE(readability/identifiers)
+  typedef sub_typet::iterator iterator;
+  // NOLINTNEXTLINE(readability/identifiers)
+  typedef sub_typet::const_iterator const_iterator;
+
+  iterator begin() { return data.begin(); }
+  const_iterator begin() const { return data.begin(); }
+  const_iterator cbegin() const { return data.begin(); }
+
+  iterator end() { return data.end(); }
+  const_iterator end() const { return data.end(); }
+  const_iterator cend() const { return data.end(); }
+
+  template<typename T>
+  iterator insert(T &&v) { return data.insert(std::forward<T>(v)); }
 };
 
 class rw_guarded_range_set_value_sett:public rw_range_set_value_sett

From ed2640d5839632e492eb3f375f4aa71be0611520 Mon Sep 17 00:00:00 2001
From: reuk <reuk@users.noreply.github.com>
Date: Sat, 13 May 2017 11:48:41 +0100
Subject: [PATCH 627/699] Remove inheritance from list in data_dp.h

---
 src/goto-instrument/wmm/data_dp.cpp | 44 ++++++++++++++---------------
 src/goto-instrument/wmm/data_dp.h   |  6 ++--
 2 files changed, 26 insertions(+), 24 deletions(-)

diff --git a/src/goto-instrument/wmm/data_dp.cpp b/src/goto-instrument/wmm/data_dp.cpp
index d24b17d9651..c9baff90f95 100644
--- a/src/goto-instrument/wmm/data_dp.cpp
+++ b/src/goto-instrument/wmm/data_dp.cpp
@@ -24,13 +24,13 @@ void data_dpt::dp_analysis(
   const datat &write,
   bool local_write)
 {
-  const_iterator it;
+  data_typet::const_iterator it;
 
-  for(it=begin(); it!=end(); ++it)
+  for(it=data.cbegin(); it!=data.cend(); ++it)
   {
     if(local_read && it->id==read.id)
     {
-      insert(
+      data.insert(
         datat(
           write.id,
           (local_write?source_locationt():write.loc),
@@ -40,7 +40,7 @@ void data_dpt::dp_analysis(
 
     if(local_write && it->id==write.id)
     {
-      insert(
+      data.insert(
         datat(
           read.id,
           (local_read?source_locationt():read.loc),
@@ -49,12 +49,12 @@ void data_dpt::dp_analysis(
     }
   }
 
-  if(it==end())
+  if(it==data.cend())
   {
     ++class_nb;
-    insert(
+    data.insert(
       datat(read.id, (local_read?source_locationt():read.loc), class_nb));
-    insert(
+    data.insert(
       datat(write.id, (local_write?source_locationt():write.loc), class_nb));
   }
 }
@@ -71,11 +71,11 @@ void data_dpt::dp_analysis(
 /// search in N^2
 bool data_dpt::dp(const abstract_eventt &e1, const abstract_eventt &e2) const
 {
-  for(const_iterator it1=begin(); it1!=end(); ++it1)
+  for(auto it1=data.cbegin(); it1!=data.cend(); ++it1)
   {
-    const_iterator it2=it1;
+    auto it2=it1;
     ++it2;
-    if(it2==end())
+    if(it2==data.cend())
       break;
 
     if(e1.local)
@@ -89,7 +89,7 @@ bool data_dpt::dp(const abstract_eventt &e1, const abstract_eventt &e2) const
         continue;
     }
 
-    for(; it2!=end(); ++it2)
+    for(; it2!=data.cend(); ++it2)
     {
       if(e2.local)
       {
@@ -116,42 +116,42 @@ bool data_dpt::dp(const abstract_eventt &e1, const abstract_eventt &e2) const
 /// merge in N^3
 void data_dpt::dp_merge()
 {
-  if(size()<2)
+  if(data.size()<2)
     return;
 
-  unsigned initial_size=size();
+  unsigned initial_size=data.size();
 
   unsigned from=0;
   unsigned to=0;
 
   /* look for similar elements */
-  for(const_iterator it1=begin(); it1!=end(); ++it1)
+  for(auto it1=data.cbegin(); it1!=data.cend(); ++it1)
   {
-    const_iterator it2=it1;
+    auto it2=it1;
     ++it2;
     /* all ok -- ends */
-    if(it2==end())
+    if(it2==data.cend())
       return;
 
-    for(; it2!=end(); ++it2)
+    for(; it2!=data.cend(); ++it2)
     {
       if(it1 == it2)
       {
         from=it2->eq_class;
         to=it1->eq_class;
-        erase(it2);
+        data.erase(it2);
         break;
       }
     }
   }
 
   /* merge */
-  for(iterator it3=begin(); it3!=end(); ++it3)
+  for(auto it3=data.begin(); it3!=data.end(); ++it3)
     if(it3->eq_class==from)
       it3->eq_class=to;
 
   /* strictly monotonous => converges */
-  assert(initial_size>size());
+  assert(initial_size>data.size());
 
   /* repeat until classes are disjunct */
   dp_merge();
@@ -160,10 +160,10 @@ void data_dpt::dp_merge()
 void data_dpt::print(messaget &message)
 {
 #ifdef DEBUG
-  const_iterator it;
+  data_typet::const_iterator it;
   std::map<unsigned, std::set<source_locationt> > classed;
 
-  for(it=begin(); it!=end(); ++it)
+  for(it=data.cbegin(); it!=data.cend(); ++it)
   {
     if(classed.find(it->eq_class)==classed.end())
     {
diff --git a/src/goto-instrument/wmm/data_dp.h b/src/goto-instrument/wmm/data_dp.h
index abd7641fb9c..bdd3e1705c6 100644
--- a/src/goto-instrument/wmm/data_dp.h
+++ b/src/goto-instrument/wmm/data_dp.h
@@ -48,11 +48,13 @@ struct datat
   }
 };
 
-class data_dpt:public std::set<datat>
+class data_dpt final
 {
-public:
+  typedef std::set<datat> data_typet;
+  data_typet data;
   unsigned class_nb;
 
+public:
   /* add this dependency in the structure */
   void dp_analysis(const abstract_eventt &read, const abstract_eventt &write);
   void dp_analysis(

From d9c3fdbc61c1d6b6d3854e29fda7ee9af1d46ae0 Mon Sep 17 00:00:00 2001
From: reuk <reuk@users.noreply.github.com>
Date: Sat, 13 May 2017 12:40:50 +0100
Subject: [PATCH 628/699] Remove inheritance from list in event_graph.h

Whitespace fix
---
 src/goto-instrument/wmm/cycle_collection.cpp |  2 +-
 src/goto-instrument/wmm/event_graph.cpp      |  2 +-
 src/goto-instrument/wmm/event_graph.h        | 65 +++++++++++++++-----
 3 files changed, 53 insertions(+), 16 deletions(-)

diff --git a/src/goto-instrument/wmm/cycle_collection.cpp b/src/goto-instrument/wmm/cycle_collection.cpp
index 64b619c4369..24bceab723c 100644
--- a/src/goto-instrument/wmm/cycle_collection.cpp
+++ b/src/goto-instrument/wmm/cycle_collection.cpp
@@ -25,7 +25,7 @@ void event_grapht::graph_explorert::filter_thin_air(
   {
     std::set<critical_cyclet>::const_iterator next=it;
     ++next;
-    critical_cyclet::const_iterator e_it=it->begin();
+    auto e_it=it->begin();
     /* is there an event in the cycle not in thin-air events? */
     for(; e_it!=it->end(); ++e_it)
       if(thin_air_events.find(*e_it)==thin_air_events.end())
diff --git a/src/goto-instrument/wmm/event_graph.cpp b/src/goto-instrument/wmm/event_graph.cpp
index d5d9df2aff4..110a3618ea2 100644
--- a/src/goto-instrument/wmm/event_graph.cpp
+++ b/src/goto-instrument/wmm/event_graph.cpp
@@ -1427,7 +1427,7 @@ std::string event_grapht::critical_cyclet::print_name(
 
   if(first_done)
   {
-    critical_cyclet::size_type n_events=extra_fence_count;
+    auto n_events=extra_fence_count;
     for(std::string::const_iterator it=name.begin();
         it!=name.end();
         ++it)
diff --git a/src/goto-instrument/wmm/event_graph.h b/src/goto-instrument/wmm/event_graph.h
index e77a7e92d3a..7d69cbe8af6 100644
--- a/src/goto-instrument/wmm/event_graph.h
+++ b/src/goto-instrument/wmm/event_graph.h
@@ -35,9 +35,11 @@ class event_grapht
 {
 public:
   /* critical cycle */
-  class critical_cyclet:public std::list<event_idt>
+  class critical_cyclet final
   {
-  protected:
+    typedef std::list<event_idt> data_typet;
+    data_typet data;
+
     event_grapht &egraph;
 
     bool is_not_uniproc() const;
@@ -50,16 +52,48 @@ class event_grapht
     std::string print_name(const critical_cyclet &redyced,
       memory_modelt model) const;
 
-    bool check_AC(const_iterator s_it, const abstract_eventt &first,
+    bool check_AC(
+      data_typet::const_iterator s_it,
+      const abstract_eventt &first,
       const abstract_eventt &second) const;
-    bool check_BC(const_iterator it, const abstract_eventt &first,
+    bool check_BC(
+      data_typet::const_iterator it,
+      const abstract_eventt &first,
       const abstract_eventt &second) const;
 
   public:
     unsigned id;
-
     bool has_user_defined_fence;
 
+    // NOLINTNEXTLINE(readability/identifiers)
+    typedef data_typet::iterator iterator;
+    // NOLINTNEXTLINE(readability/identifiers)
+    typedef data_typet::const_iterator const_iterator;
+    // NOLINTNEXTLINE(readability/identifiers)
+    typedef data_typet::value_type value_type;
+
+    iterator begin() { return data.begin(); }
+    const_iterator begin() const { return data.begin(); }
+    const_iterator cbegin() const { return data.cbegin(); }
+
+    iterator end() { return data.end(); }
+    const_iterator end() const { return data.end(); }
+    const_iterator cend() const { return data.cend(); }
+
+    template <typename T>
+    void push_front(T &&t) { data.push_front(std::forward<T>(t)); }
+
+    template <typename T>
+    void push_back(T &&t) { data.push_back(std::forward<T>(t)); }
+
+    value_type &front() { return data.front(); }
+    const value_type &front() const { return data.front(); }
+
+    value_type &back() { return data.back(); }
+    const value_type &back() const { return data.back(); }
+
+    size_t size() const { return data.size(); }
+
     critical_cyclet(event_grapht &_egraph, unsigned _id)
       :egraph(_egraph), id(_id), has_user_defined_fence(false)
     {
@@ -67,23 +101,26 @@ class event_grapht
 
     void operator()(const critical_cyclet &cyc)
     {
-      clear();
-      for(const_iterator it=cyc.begin(); it!=cyc.end(); it++)
-        push_back(*it);
+      data.clear();
+      for(
+        auto it=cyc.data.cbegin();
+        it!=cyc.data.cend();
+        ++it)
+        data.push_back(*it);
       has_user_defined_fence=cyc.has_user_defined_fence;
     }
 
     bool is_cycle()
     {
       /* size check */
-      if(size()<4)
+      if(data.size()<4)
         return false;
 
       /* po order check */
-      const_iterator it=begin();
-      const_iterator n_it=it;
+      auto it=data.cbegin();
+      auto n_it=it;
       ++n_it;
-      for(; it!=end() && n_it!=end(); ++it, ++n_it)
+      for(; it!=data.cend() && n_it!=data.cend(); ++it, ++n_it)
       {
         if(egraph[*it].thread==egraph[*n_it].thread
           && !egraph.are_po_ordered(*it, *n_it))
@@ -177,7 +214,7 @@ class event_grapht
       {
         critical_cyclet reduced(egraph, id);
         this->hide_internals(reduced);
-        assert(!reduced.empty());
+        assert(!reduced.data.empty());
         return print_name(reduced, model);
       }
       else
@@ -196,7 +233,7 @@ class event_grapht
 
     bool operator<(const critical_cyclet &other) const
     {
-      return ( ((std::list<event_idt>) *this) < (std::list<event_idt>)other);
+      return data<other.data;
     }
   };
 

From 4235157161f37c73607e816ad80c78668aff1b93 Mon Sep 17 00:00:00 2001
From: reuk <reuk@users.noreply.github.com>
Date: Sat, 13 May 2017 13:04:51 +0100
Subject: [PATCH 629/699] Remove inheritance from map in cfg.h

---
 src/goto-programs/cfg.h | 25 ++++++++++++++++++++++---
 1 file changed, 22 insertions(+), 3 deletions(-)

diff --git a/src/goto-programs/cfg.h b/src/goto-programs/cfg.h
index 2e1bd83598b..1bc6289c798 100644
--- a/src/goto-programs/cfg.h
+++ b/src/goto-programs/cfg.h
@@ -64,11 +64,30 @@ class cfg_baset:public grapht< cfg_base_nodet<T, I> >
 public:
   typedef std::size_t entryt;
 
-  struct entry_mapt:
-    public std::map<goto_programt::const_targett, entryt>
+  class entry_mapt final
   {
+    typedef std::map<goto_programt::const_targett, entryt> data_typet;
+    data_typet data;
+
+  public:
     grapht< cfg_base_nodet<T, I> > &container;
 
+    // NOLINTNEXTLINE(readability/identifiers)
+    typedef data_typet::iterator iterator;
+    // NOLINTNEXTLINE(readability/identifiers)
+    typedef data_typet::const_iterator const_iterator;
+
+    template <typename U>
+    const_iterator find(U &&u) const { return data.find(std::forward<U>(u)); }
+
+    iterator begin() { return data.begin(); }
+    const_iterator begin() const { return data.begin(); }
+    const_iterator cbegin() const { return data.cbegin(); }
+
+    iterator end() { return data.end(); }
+    const_iterator end() const { return data.end(); }
+    const_iterator cend() const { return data.cend(); }
+
     explicit entry_mapt(grapht< cfg_base_nodet<T, I> > &_container):
       container(_container)
     {
@@ -76,7 +95,7 @@ class cfg_baset:public grapht< cfg_base_nodet<T, I> >
 
     entryt &operator[](const goto_programt::const_targett &t)
     {
-      std::pair<iterator, bool> e=insert(std::make_pair(t, 0));
+      auto e=data.insert(std::make_pair(t, 0));
 
       if(e.second)
         e.first->second=container.add_node();

From 280c4fc85b0d064c925d6749fa21170c5e50ea62 Mon Sep 17 00:00:00 2001
From: reuk <reuk@users.noreply.github.com>
Date: Sat, 13 May 2017 13:06:56 +0100
Subject: [PATCH 630/699] Remove inheritance from list in format_strings.h

---
 src/goto-programs/format_strings.h | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/src/goto-programs/format_strings.h b/src/goto-programs/format_strings.h
index 8c233324ecf..502acfb311a 100644
--- a/src/goto-programs/format_strings.h
+++ b/src/goto-programs/format_strings.h
@@ -84,9 +84,7 @@ class format_tokent
   irep_idt value; // for text and pattern matching
 };
 
-class format_token_listt:public std::list<format_tokent>
-{
-};
+typedef std::list<format_tokent> format_token_listt;
 
 format_token_listt parse_format_string(const std::string &);
 

From 93ca04bf107c5b8f1dc013c42e6d1464cefe21cd Mon Sep 17 00:00:00 2001
From: reuk <reuk@users.noreply.github.com>
Date: Sat, 13 May 2017 13:11:28 +0100
Subject: [PATCH 631/699] Remove inheritance from vector in ilp.h

---
 src/musketeer/ilp.h | 21 +++++----------------
 1 file changed, 5 insertions(+), 16 deletions(-)

diff --git a/src/musketeer/ilp.h b/src/musketeer/ilp.h
index b8cbe4e9202..c7ce87537a5 100644
--- a/src/musketeer/ilp.h
+++ b/src/musketeer/ilp.h
@@ -22,26 +22,15 @@ Author: Vincent Nimal
 class ilpt
 {
 protected:
-  template <class T>
-  class my_vectort: public std::vector<T>
-  {
-  public:
-    T *to_array()
-    {
-      /* NOTE: not valid if T==bool */
-      return &(*this)[0];
-    }
-  };
-
   glp_iocp parm;
   unsigned matrix_size;
 
 public:
   glp_prob *lp;
 
-  my_vectort<int> imat;
-  my_vectort<int> jmat;
-  my_vectort<double> vmat;
+  std::vector<int> imat;
+  std::vector<int> jmat;
+  std::vector<double> vmat;
 
   ilpt()
   {
@@ -69,8 +58,8 @@ class ilpt
 
   void solve()
   {
-    glp_load_matrix(lp, matrix_size, imat.to_array(),
-      jmat.to_array(), vmat.to_array());
+    glp_load_matrix(lp, matrix_size, imat.data(),
+      jmat.data(), vmat.data());
     glp_intopt(lp, &parm);
   }
 };

From e5baaa80e04b7ad874ed7a1215736a8b6475da66 Mon Sep 17 00:00:00 2001
From: reuk <reuk@users.noreply.github.com>
Date: Sat, 13 May 2017 13:28:04 +0100
Subject: [PATCH 632/699] Remove inheritance from set in
 propagate_const_function_pointers.cpp

---
 .../propagate_const_function_pointers.cpp     | 19 ++++++++++++++++---
 1 file changed, 16 insertions(+), 3 deletions(-)

diff --git a/src/musketeer/propagate_const_function_pointers.cpp b/src/musketeer/propagate_const_function_pointers.cpp
index eca3648c285..e58efe92429 100644
--- a/src/musketeer/propagate_const_function_pointers.cpp
+++ b/src/musketeer/propagate_const_function_pointers.cpp
@@ -114,12 +114,25 @@ class const_function_pointer_propagationt
     unsigned stack_scope);
 
   /* to keep track of the constant function pointers passed as arguments */
-  class arg_stackt: public std::set<irep_idt>
+  class arg_stackt final
   {
-  protected:
+    typedef std::set<irep_idt> data_typet;
+    data_typet data;
     const_function_pointer_propagationt &cfpp;
 
   public:
+    // NOLINTNEXTLINE(readability/identifiers)
+    typedef data_typet::iterator iterator;
+    // NOLINTNEXTLINE(readability/identifiers)
+    typedef data_typet::const_iterator const_iterator;
+    // NOLINTNEXTLINE(readability/identifiers)
+    typedef data_typet::value_type value_type;
+
+    std::pair<iterator, bool> insert(const value_type &t)
+    {
+      return data.insert(t);
+    }
+
     explicit arg_stackt(const_function_pointer_propagationt &_cfpp):
       cfpp(_cfpp)
     {}
@@ -415,7 +428,7 @@ void const_function_pointer_propagationt::arg_stackt::add_args(
 void const_function_pointer_propagationt::arg_stackt::remove_args()
 {
   /* remove the parameter names */
-  for(const_iterator arg_it=begin(); arg_it!=end(); ++arg_it)
+  for(const_iterator arg_it=data.begin(); arg_it!=data.end(); ++arg_it)
   {
     cfpp.remove(*arg_it);
     cfpp.message.debug() << "SET: remove " << *arg_it << messaget::eom;

From 3b5263ffefb4f69e66d9d0cad0bed13538899731 Mon Sep 17 00:00:00 2001
From: reuk <reuk@users.noreply.github.com>
Date: Sat, 13 May 2017 14:16:15 +0100
Subject: [PATCH 633/699] Remove inheritance from map in value_set.h

---
 src/pointer-analysis/value_set.cpp | 22 +++++++-------
 src/pointer-analysis/value_set.h   | 46 +++++++++++++++++++++++++-----
 2 files changed, 50 insertions(+), 18 deletions(-)

diff --git a/src/pointer-analysis/value_set.cpp b/src/pointer-analysis/value_set.cpp
index 28b5bf360a0..34bb8265df8 100644
--- a/src/pointer-analysis/value_set.cpp
+++ b/src/pointer-analysis/value_set.cpp
@@ -33,7 +33,7 @@ Author: Daniel Kroening, kroening@kroening.com
 
 #include "add_failed_symbols.h"
 
-const value_sett::object_map_dt value_sett::object_map_dt::blank;
+const value_sett::object_map_dt value_sett::object_map_dt::blank{};
 object_numberingt value_sett::object_numbering;
 
 bool value_sett::field_sensitive(
@@ -74,7 +74,7 @@ bool value_sett::insert(
   unsigned n,
   const objectt &object) const
 {
-  object_map_dt::const_iterator entry=dest.read().find(n);
+  auto entry=dest.read().find(n);
 
   if(entry==dest.read().end())
   {
@@ -184,9 +184,9 @@ void value_sett::output(
   }
 }
 
-exprt value_sett::to_expr(object_map_dt::const_iterator it) const
+exprt value_sett::to_expr(const object_map_dt::value_type &it) const
 {
-  const exprt &object=object_numbering[it->first];
+  const exprt &object=object_numbering[it.first];
 
   if(object.id()==ID_invalid ||
      object.id()==ID_unknown)
@@ -196,8 +196,8 @@ exprt value_sett::to_expr(object_map_dt::const_iterator it) const
 
   od.object()=object;
 
-  if(it->second.offset_is_set)
-    od.offset()=from_integer(it->second.offset, index_type());
+  if(it.second.offset_is_set)
+    od.offset()=from_integer(it.second.offset, index_type());
 
   od.type()=od.object().type();
 
@@ -251,7 +251,7 @@ bool value_sett::make_union(object_mapt &dest, const object_mapt &src) const
       it!=src.read().end();
       it++)
   {
-    if(insert(dest, it))
+    if(insert(dest, *it))
       result=true;
   }
 
@@ -323,7 +323,7 @@ void value_sett::get_value_set(
       it=object_map.read().begin();
       it!=object_map.read().end();
       it++)
-    dest.push_back(to_expr(it));
+    dest.push_back(to_expr(*it));
 
   #if 0
   for(value_setst::valuest::const_iterator it=dest.begin();
@@ -918,7 +918,7 @@ void value_sett::get_reference_set(
       it=object_map.read().begin();
       it!=object_map.read().end();
       it++)
-    dest.push_back(to_expr(it));
+    dest.push_back(to_expr(*it));
 }
 
 void value_sett::get_reference_set_rec(
@@ -1267,7 +1267,7 @@ void value_sett::do_free(
           to_dynamic_object_expr(object);
 
         if(to_mark.count(dynamic_object.get_instance())==0)
-          set(new_object_map, o_it);
+          set(new_object_map, *o_it);
         else
         {
           // adjust
@@ -1279,7 +1279,7 @@ void value_sett::do_free(
         }
       }
       else
-        set(new_object_map, o_it);
+        set(new_object_map, *o_it);
     }
 
     if(changed)
diff --git a/src/pointer-analysis/value_set.h b/src/pointer-analysis/value_set.h
index 66e4fa57ab0..b07869aed4a 100644
--- a/src/pointer-analysis/value_set.h
+++ b/src/pointer-analysis/value_set.h
@@ -58,25 +58,57 @@ class value_sett
     { return offset_is_set && offset.is_zero(); }
   };
 
-  class object_map_dt:public std::map<unsigned, objectt>
+  class object_map_dt
   {
+    typedef std::map<unsigned, objectt> data_typet;
+    data_typet data;
+
   public:
-    object_map_dt() {}
+    // NOLINTNEXTLINE(readability/identifiers)
+    typedef data_typet::iterator iterator;
+    // NOLINTNEXTLINE(readability/identifiers)
+    typedef data_typet::const_iterator const_iterator;
+    // NOLINTNEXTLINE(readability/identifiers)
+    typedef data_typet::value_type value_type;
+
+    iterator begin() { return data.begin(); }
+    const_iterator begin() const { return data.begin(); }
+    const_iterator cbegin() const { return data.cbegin(); }
+
+    iterator end() { return data.end(); }
+    const_iterator end() const { return data.end(); }
+    const_iterator cend() const { return data.cend(); }
+
+    size_t size() const { return data.size(); }
+
+    objectt &operator[](unsigned i) { return data[i]; }
+
+    template <typename It>
+    void insert(It b, It e) { data.insert(b, e); }
+
+    template <typename T>
+    const_iterator find(T &&t) const { return data.find(std::forward<T>(t)); }
+
     static const object_map_dt blank;
+
+    object_map_dt()=default;
+
+  protected:
+    ~object_map_dt()=default;
   };
 
-  exprt to_expr(object_map_dt::const_iterator it) const;
+  exprt to_expr(const object_map_dt::value_type &it) const;
 
   typedef reference_counting<object_map_dt> object_mapt;
 
-  void set(object_mapt &dest, object_map_dt::const_iterator it) const
+  void set(object_mapt &dest, const object_map_dt::value_type &it) const
   {
-    dest.write()[it->first]=it->second;
+    dest.write()[it.first]=it.second;
   }
 
-  bool insert(object_mapt &dest, object_map_dt::const_iterator it) const
+  bool insert(object_mapt &dest, const object_map_dt::value_type &it) const
   {
-    return insert(dest, it->first, it->second);
+    return insert(dest, it.first, it.second);
   }
 
   bool insert(object_mapt &dest, const exprt &src) const

From b6ca04c9b0d74d3133e93c7953b614b191717d9d Mon Sep 17 00:00:00 2001
From: reuk <reuk@users.noreply.github.com>
Date: Sat, 13 May 2017 14:25:53 +0100
Subject: [PATCH 634/699] Remove inheritance from map in value_set_fi.h

---
 src/pointer-analysis/value_set_fi.cpp | 33 ++++++++++----------
 src/pointer-analysis/value_set_fi.h   | 44 ++++++++++++++++++++++-----
 2 files changed, 54 insertions(+), 23 deletions(-)

diff --git a/src/pointer-analysis/value_set_fi.cpp b/src/pointer-analysis/value_set_fi.cpp
index d08694b82da..968834fa9d7 100644
--- a/src/pointer-analysis/value_set_fi.cpp
+++ b/src/pointer-analysis/value_set_fi.cpp
@@ -25,7 +25,8 @@ Author: Daniel Kroening, kroening@kroening.com
 #include <langapi/language_util.h>
 #include <util/c_types.h>
 
-const value_set_fit::object_map_dt value_set_fit::object_map_dt::blank;
+const value_set_fit::object_map_dt value_set_fit::object_map_dt::blank{};
+
 object_numberingt value_set_fit::object_numbering;
 hash_numbering<irep_idt, irep_id_hash> value_set_fit::function_numbering;
 
@@ -206,11 +207,11 @@ void value_set_fit::flatten_rec(
         }
 
         forall_objects(oit, temp.read())
-          insert(dest, oit);
+          insert(dest, *oit);
       }
     }
     else
-      insert(dest, it);
+      insert(dest, *it);
   }
 
   if(generalize_index) // this means we had recursive symbols in there
@@ -222,9 +223,9 @@ void value_set_fit::flatten_rec(
   seen.erase(identifier + e.suffix);
 }
 
-exprt value_set_fit::to_expr(object_map_dt::const_iterator it) const
+exprt value_set_fit::to_expr(const object_map_dt::value_type &it) const
 {
-  const exprt &object=object_numbering[it->first];
+  const exprt &object=object_numbering[it.first];
 
   if(object.id()==ID_invalid ||
      object.id()==ID_unknown)
@@ -234,8 +235,8 @@ exprt value_set_fit::to_expr(object_map_dt::const_iterator it) const
 
   od.object()=object;
 
-  if(it->second.offset_is_set)
-    od.offset()=from_integer(it->second.offset, index_type());
+  if(it.second.offset_is_set)
+    od.offset()=from_integer(it.second.offset, index_type());
 
   od.type()=od.object().type();
 
@@ -287,7 +288,7 @@ bool value_set_fit::make_union(object_mapt &dest, const object_mapt &src) const
 
   forall_objects(it, src.read())
   {
-    if(insert(dest, it))
+    if(insert(dest, *it))
       result=true;
   }
 
@@ -340,7 +341,7 @@ void value_set_fit::get_value_set(
   }
 
   forall_objects(fit, flat_map.read())
-    value_set.push_back(to_expr(fit));
+    value_set.push_back(to_expr(*fit));
 
   #if 0
   // Sanity check!
@@ -744,11 +745,11 @@ void value_set_fit::get_reference_set(
         }
 
         forall_objects(it, omt.read())
-          dest.insert(to_expr(it));
+          dest.insert(to_expr(*it));
       }
     }
     else
-      dest.insert(to_expr(it));
+      dest.insert(to_expr(*it));
   }
 }
 
@@ -761,7 +762,7 @@ void value_set_fit::get_reference_set_sharing(
   get_reference_set_sharing(expr, object_map, ns);
 
   forall_objects(it, object_map.read())
-    dest.insert(to_expr(it));
+    dest.insert(to_expr(*it));
 }
 
 void value_set_fit::get_reference_set_sharing_rec(
@@ -833,13 +834,13 @@ void value_set_fit::get_reference_set_sharing_rec(
           }
 
           forall_objects(it2, t2.read())
-            insert(dest, it2);
+            insert(dest, *it2);
         }
         else
           insert(dest, exprt(ID_unknown, obj.type().subtype()));
       }
       else
-        insert(dest, it);
+        insert(dest, *it);
     }
 
     #if 0
@@ -1182,7 +1183,7 @@ void value_set_fit::do_free(
           to_dynamic_object_expr(object);
 
         if(to_mark.count(dynamic_object.get_instance())==0)
-          set(new_object_map, o_it);
+          set(new_object_map, *o_it);
         else
         {
           // adjust
@@ -1194,7 +1195,7 @@ void value_set_fit::do_free(
         }
       }
       else
-        set(new_object_map, o_it);
+        set(new_object_map, *o_it);
     }
 
     if(changed)
diff --git a/src/pointer-analysis/value_set_fi.h b/src/pointer-analysis/value_set_fi.h
index cc69a4f59a8..77d4c1f54ec 100644
--- a/src/pointer-analysis/value_set_fi.h
+++ b/src/pointer-analysis/value_set_fi.h
@@ -71,25 +71,55 @@ class value_set_fit
     { return offset_is_set && offset.is_zero(); }
   };
 
-  class object_map_dt:public std::map<unsigned, objectt>
+  class object_map_dt
   {
+    typedef std::map<unsigned, objectt> data_typet;
+    data_typet data;
+
   public:
-    object_map_dt() {}
+    // NOLINTNEXTLINE(readability/identifiers)
+    typedef data_typet::iterator iterator;
+    // NOLINTNEXTLINE(readability/identifiers)
+    typedef data_typet::const_iterator const_iterator;
+    // NOLINTNEXTLINE(readability/identifiers)
+    typedef data_typet::value_type value_type;
+
+    iterator begin() { return data.begin(); }
+    const_iterator begin() const { return data.begin(); }
+    const_iterator cbegin() const { return data.cbegin(); }
+
+    iterator end() { return data.end(); }
+    const_iterator end() const { return data.end(); }
+    const_iterator cend() const { return data.cend(); }
+
+    size_t size() const { return data.size(); }
+
+    objectt &operator[](unsigned i) { return data[i]; }
+
+    template <typename It>
+    void insert(It b, It e) { data.insert(b, e); }
+
+    template <typename T>
+    const_iterator find(T &&t) const { return data.find(std::forward<T>(t)); }
+
     static const object_map_dt blank;
+
+  protected:
+    ~object_map_dt()=default;
   };
 
-  exprt to_expr(object_map_dt::const_iterator it) const;
+  exprt to_expr(const object_map_dt::value_type &it) const;
 
   typedef reference_counting<object_map_dt> object_mapt;
 
-  void set(object_mapt &dest, object_map_dt::const_iterator it) const
+  void set(object_mapt &dest, const object_map_dt::value_type &it) const
   {
-    dest.write()[it->first]=it->second;
+    dest.write()[it.first]=it.second;
   }
 
-  bool insert(object_mapt &dest, object_map_dt::const_iterator it) const
+  bool insert(object_mapt &dest, const object_map_dt::value_type &it) const
   {
-    return insert(dest, it->first, it->second);
+    return insert(dest, it.first, it.second);
   }
 
   bool insert(object_mapt &dest, const exprt &src) const

From e2a13beccfcbeb7b43a89f2bf28f719ef5381e2b Mon Sep 17 00:00:00 2001
From: reuk <reuk@users.noreply.github.com>
Date: Sat, 13 May 2017 14:54:06 +0100
Subject: [PATCH 635/699] Remove inheritance from vector in expanding_vector.h

---
 src/analyses/local_bitvector_analysis.cpp | 36 +++++++++----------
 src/analyses/local_bitvector_analysis.h   | 17 +++------
 src/util/expanding_vector.h               | 43 ++++++++++++++---------
 3 files changed, 48 insertions(+), 48 deletions(-)

diff --git a/src/analyses/local_bitvector_analysis.cpp b/src/analyses/local_bitvector_analysis.cpp
index f48b34a760d..341eab33d42 100644
--- a/src/analyses/local_bitvector_analysis.cpp
+++ b/src/analyses/local_bitvector_analysis.cpp
@@ -41,16 +41,16 @@ void local_bitvector_analysist::flagst::print(std::ostream &out) const
     out << "+integer_address";
 }
 
-bool local_bitvector_analysist::loc_infot::merge(const loc_infot &src)
+bool local_bitvector_analysist::merge(points_tot &a, points_tot &b)
 {
   bool result=false;
 
   std::size_t max_index=
-    std::max(src.points_to.size(), points_to.size());
+    std::max(a.size(), b.size());
 
   for(std::size_t i=0; i<max_index; i++)
   {
-    if(points_to[i].merge(src.points_to[i]))
+    if(a[i].merge(b[i]))
       result=true;
   }
 
@@ -72,8 +72,8 @@ bool local_bitvector_analysist::is_tracked(const irep_idt &identifier)
 void local_bitvector_analysist::assign_lhs(
   const exprt &lhs,
   const exprt &rhs,
-  const loc_infot &loc_info_src,
-  loc_infot &loc_info_dest)
+  points_tot &loc_info_src,
+  points_tot &loc_info_dest)
 {
   if(lhs.id()==ID_symbol)
   {
@@ -83,7 +83,7 @@ void local_bitvector_analysist::assign_lhs(
     {
       unsigned dest_pointer=pointers.number(identifier);
       flagst rhs_flags=get_rec(rhs, loc_info_src);
-      loc_info_dest.points_to[dest_pointer]=rhs_flags;
+      loc_info_dest[dest_pointer]=rhs_flags;
     }
   }
   else if(lhs.id()==ID_dereference)
@@ -117,14 +117,12 @@ local_bitvector_analysist::flagst local_bitvector_analysist::get(
 
   assert(loc_it!=cfg.loc_map.end());
 
-  const loc_infot &loc_info_src=loc_infos[loc_it->second];
-
-  return get_rec(rhs, loc_info_src);
+  return get_rec(rhs, loc_infos[loc_it->second]);
 }
 
 local_bitvector_analysist::flagst local_bitvector_analysist::get_rec(
   const exprt &rhs,
-  const loc_infot &loc_info_src)
+  points_tot &loc_info_src)
 {
   if(rhs.id()==ID_constant)
   {
@@ -139,7 +137,7 @@ local_bitvector_analysist::flagst local_bitvector_analysist::get_rec(
     if(is_tracked(identifier))
     {
       unsigned src_pointer=pointers.number(identifier);
-      return loc_info_src.points_to[src_pointer];
+      return loc_info_src[src_pointer];
     }
     else
       return flagst::mk_unknown();
@@ -258,7 +256,7 @@ void local_bitvector_analysist::build(const goto_functiont &goto_function)
   // in the entry location.
   for(const auto &local : locals.locals_map)
     if(is_tracked(local.first))
-      loc_infos[0].points_to[pointers.number(local.first)]=flagst::mk_unknown();
+      loc_infos[0][pointers.number(local.first)]=flagst::mk_unknown();
 
   while(!work_queue.empty())
   {
@@ -267,8 +265,8 @@ void local_bitvector_analysist::build(const goto_functiont &goto_function)
     const goto_programt::instructiont &instruction=*node.t;
     work_queue.pop();
 
-    const loc_infot &loc_info_src=loc_infos[loc_nr];
-    loc_infot loc_info_dest=loc_infos[loc_nr];
+    auto &loc_info_src=loc_infos[loc_nr];
+    auto loc_info_dest=loc_infos[loc_nr];
 
     switch(instruction.type)
     {
@@ -320,7 +318,7 @@ void local_bitvector_analysist::build(const goto_functiont &goto_function)
     for(const auto &succ : node.successors)
     {
       assert(succ<loc_infos.size());
-      if(loc_infos[succ].merge(loc_info_dest))
+      if(merge(loc_infos[succ], (loc_info_dest)))
         work_queue.push(succ);
     }
   }
@@ -337,14 +335,14 @@ void local_bitvector_analysist::output(
   {
     out << "**** " << i_it->source_location << "\n";
 
-    const loc_infot &loc_info=loc_infos[l];
+    const auto &loc_info=loc_infos[l];
 
     for(points_tot::const_iterator
-        p_it=loc_info.points_to.begin();
-        p_it!=loc_info.points_to.end();
+        p_it=loc_info.begin();
+        p_it!=loc_info.end();
         p_it++)
     {
-      out << "  " << pointers[p_it-loc_info.points_to.begin()]
+      out << "  " << pointers[p_it-loc_info.begin()]
           << ": "
           << *p_it
           << "\n";
diff --git a/src/analyses/local_bitvector_analysis.h b/src/analyses/local_bitvector_analysis.h
index a88b38fb1c6..4a750d8cf32 100644
--- a/src/analyses/local_bitvector_analysis.h
+++ b/src/analyses/local_bitvector_analysis.h
@@ -186,27 +186,20 @@ class local_bitvector_analysist
   // This is a vector, so it's fast.
   typedef expanding_vectort<flagst> points_tot;
 
-  // the information tracked per program location
-  class loc_infot
-  {
-  public:
-    points_tot points_to;
-
-    bool merge(const loc_infot &src);
-  };
+  static bool merge(points_tot &a, points_tot &b);
 
-  typedef std::vector<loc_infot> loc_infost;
+  typedef std::vector<points_tot> loc_infost;
   loc_infost loc_infos;
 
   void assign_lhs(
     const exprt &lhs,
     const exprt &rhs,
-    const loc_infot &loc_info_src,
-    loc_infot &loc_info_dest);
+    points_tot &loc_info_src,
+    points_tot &loc_info_dest);
 
   flagst get_rec(
     const exprt &rhs,
-    const loc_infot &loc_info_src);
+    points_tot &loc_info_src);
 
   bool is_tracked(const irep_idt &identifier);
 };
diff --git a/src/util/expanding_vector.h b/src/util/expanding_vector.h
index f8b0421db72..8c2af9cdb3f 100644
--- a/src/util/expanding_vector.h
+++ b/src/util/expanding_vector.h
@@ -13,31 +13,40 @@ Author: Daniel Kroening, kroening@kroening.com
 #include <vector>
 
 template<typename T>
-class expanding_vectort:public std::vector<T>
+class expanding_vectort
 {
+  typedef std::vector<T> data_typet;
+  data_typet data;
+
 public:
+  // NOLINTNEXTLINE(readability/identifiers)
+  typedef typename data_typet::size_type size_type;
+  // NOLINTNEXTLINE(readability/identifiers)
+  typedef typename data_typet::iterator iterator;
+  // NOLINTNEXTLINE(readability/identifiers)
+  typedef typename data_typet::const_iterator const_iterator;
+
   T &operator[] (typename std::vector<T>::size_type n)
   {
-    check_index(n);
-    return subt::operator[](n);
+    if(n>=data.size())
+      data.resize(n+1);
+    return data[n];
   }
 
-  const T &operator[] (typename std::vector<T>::size_type n) const
-  {
-    // hack-ish const cast
-    const_cast<expanding_vectort*>(this)->check_index(n);
-    return subt::operator[](n);
-  }
+  void clear() { data.clear(); }
 
-protected:
-  typedef std::vector<T> subt;
+  iterator begin() { return data.begin(); }
+  const_iterator begin() const { return data.begin(); }
+  const_iterator cbegin() const { return data.cbegin(); }
 
-  // make the vector large enough to contain 'n'
-  void check_index(typename std::vector<T>::size_type n)
-  {
-    if(n>=subt::size())
-      subt::resize(n+1);
-  }
+  iterator end() { return data.end(); }
+  const_iterator end() const { return data.end(); }
+  const_iterator cend() const { return data.cend(); }
+
+  size_type size() const { return data.size(); }
+
+  void push_back(const T &t) { data.push_back(t); }
+  void push_back(T &&t) { data.push_back(std::move(t)); }
 };
 
 #endif // CPROVER_UTIL_EXPANDING_VECTOR_H

From 3fa38437180783082d99c7d65440f80bbc66c5a7 Mon Sep 17 00:00:00 2001
From: reuk <reuk@users.noreply.github.com>
Date: Sat, 13 May 2017 18:31:25 +0100
Subject: [PATCH 636/699] Remove inheritance from std containers in numbering.h

Squash
---
 src/util/numbering.h  | 73 ++++++++++++++++++++++++++++++++++---------
 src/util/union_find.h | 66 ++++++++++++++++++++++++++------------
 2 files changed, 105 insertions(+), 34 deletions(-)

diff --git a/src/util/numbering.h b/src/util/numbering.h
index 359f3c48ed2..55a6231f16d 100644
--- a/src/util/numbering.h
+++ b/src/util/numbering.h
@@ -18,12 +18,26 @@ Author: Daniel Kroening, kroening@kroening.com
 
 template <typename T>
 // NOLINTNEXTLINE(readability/identifiers)
-class numbering:public std::vector<T>
+class numbering final
 {
 public:
   // NOLINTNEXTLINE(readability/identifiers)
   typedef std::size_t number_type;
 
+private:
+  typedef std::vector<T> data_typet;
+  data_typet data;
+  typedef std::map<T, number_type> numberst;
+  numberst numbers;
+
+public:
+  // NOLINTNEXTLINE(readability/identifiers)
+  typedef typename data_typet::size_type size_type;
+  // NOLINTNEXTLINE(readability/identifiers)
+  typedef typename data_typet::iterator iterator;
+  // NOLINTNEXTLINE(readability/identifiers)
+  typedef typename data_typet::const_iterator const_iterator;
+
   number_type number(const T &a)
   {
     std::pair<typename numberst::const_iterator, bool> result=
@@ -33,8 +47,8 @@ class numbering:public std::vector<T>
 
     if(result.second) // inserted?
     {
-      this->push_back(a);
-      assert(this->size()==numbers.size());
+      data.push_back(a);
+      assert(data.size()==numbers.size());
     }
 
     return (result.first)->second;
@@ -58,25 +72,46 @@ class numbering:public std::vector<T>
 
   void clear()
   {
-    subt::clear();
+    data.clear();
     numbers.clear();
   }
 
-protected:
-  typedef std::vector<T> subt;
+  size_t size() const { return data.size(); }
 
-  typedef std::map<T, number_type> numberst;
-  numberst numbers;
+  T &operator[](size_type t) { return data[t]; }
+  const T &operator[](size_type t) const { return data[t]; }
+
+  iterator begin() { return data.begin(); }
+  const_iterator begin() const { return data.begin(); }
+  const_iterator cbegin() const { return data.cbegin(); }
+
+  iterator end() { return data.end(); }
+  const_iterator end() const { return data.end(); }
+  const_iterator cend() const { return data.cend(); }
 };
 
 template <typename T, class hash_fkt>
 // NOLINTNEXTLINE(readability/identifiers)
-class hash_numbering:public std::vector<T>
+class hash_numbering final
 {
 public:
   // NOLINTNEXTLINE(readability/identifiers)
   typedef unsigned int number_type;
 
+private:
+  typedef std::vector<T> data_typet;
+  data_typet data;
+  typedef std::unordered_map<T, number_type, hash_fkt> numberst;
+  numberst numbers;
+
+public:
+  // NOLINTNEXTLINE(readability/identifiers)
+  typedef typename data_typet::size_type size_type;
+  // NOLINTNEXTLINE(readability/identifiers)
+  typedef typename data_typet::iterator iterator;
+  // NOLINTNEXTLINE(readability/identifiers)
+  typedef typename data_typet::const_iterator const_iterator;
+
   number_type number(const T &a)
   {
     std::pair<typename numberst::const_iterator, bool> result=
@@ -106,15 +141,25 @@ class hash_numbering:public std::vector<T>
 
   void clear()
   {
-    subt::clear();
+    data.clear();
     numbers.clear();
   }
 
-protected:
-  typedef std::vector<T> subt;
+  template <typename U>
+  void push_back(U &&u) { data.push_back(std::forward<U>(u)); }
 
-  typedef std::unordered_map<T, number_type, hash_fkt> numberst;
-  numberst numbers;
+  T &operator[](size_type t) { return data[t]; }
+  const T &operator[](size_type t) const { return data[t]; }
+
+  size_type size() const { return data.size(); }
+
+  iterator begin() { return data.begin(); }
+  const_iterator begin() const { return data.begin(); }
+  const_iterator cbegin() const { return data.cbegin(); }
+
+  iterator end() { return data.end(); }
+  const_iterator end() const { return data.end(); }
+  const_iterator cend() const { return data.cend(); }
 };
 
 #endif // CPROVER_UTIL_NUMBERING_H
diff --git a/src/util/union_find.h b/src/util/union_find.h
index 4908bf65a49..7369343cff5 100644
--- a/src/util/union_find.h
+++ b/src/util/union_find.h
@@ -130,11 +130,21 @@ class unsigned_union_find
 
 template <typename T>
 // NOLINTNEXTLINE(readability/identifiers)
-class union_find:public numbering<T>
+class union_find final
 {
+  typedef numbering<T> numbering_typet;
+  numbering_typet numbers;
+
+  // NOLINTNEXTLINE(readability/identifiers)
+  typedef typename numbering_typet::number_type number_type;
+
 public:
   // NOLINTNEXTLINE(readability/identifiers)
-  typedef typename numbering<T>::size_type size_type;
+  typedef typename numbering_typet::size_type size_type;
+  // NOLINTNEXTLINE(readability/identifiers)
+  typedef typename numbering_typet::iterator iterator;
+  // NOLINTNEXTLINE(readability/identifiers)
+  typedef typename numbering_typet::const_iterator const_iterator;
 
   // true == already in same set
   bool make_union(const T &a, const T &b)
@@ -149,7 +159,7 @@ class union_find:public numbering<T>
   bool make_union(typename numbering<T>::const_iterator it_a,
                   typename numbering<T>::const_iterator it_b)
   {
-    size_type na=it_a-numbering<T>::begin(), nb=it_b-numbering<T>::begin();
+    size_type na=it_a-numbers.begin(), nb=it_b-numbers.begin();
     bool is_union=find_number(na)==find_number(nb);
     uuf.make_union(na, nb);
     return is_union;
@@ -158,10 +168,9 @@ class union_find:public numbering<T>
   // are 'a' and 'b' in the same set?
   bool same_set(const T &a, const T &b) const
   {
-    typedef typename subt::number_type subt_number_typet;
-    subt_number_typet na=subt_number_typet(), nb=subt_number_typet();
-    bool have_na=!subt::get_number(a, na),
-         have_nb=!subt::get_number(b, nb);
+    number_type na, nb;
+    bool have_na=!numbers.get_number(a, na),
+         have_nb=!numbers.get_number(b, nb);
 
     if(have_na && have_nb)
       return uuf.same_set(na, nb);
@@ -175,22 +184,22 @@ class union_find:public numbering<T>
   bool same_set(typename numbering<T>::const_iterator it_a,
                 typename numbering<T>::const_iterator it_b) const
   {
-    return uuf.same_set(it_a-numbering<T>::begin(), it_b-numbering<T>::begin());
+    return uuf.same_set(it_a-numbers.begin(), it_b-numbers.begin());
   }
 
   const T &find(typename numbering<T>::const_iterator it) const
   {
-    return numbering<T>::operator[](find_number(it-numbering<T>::begin()));
+    return numbers[find_number(it-numbers.begin())];
   }
 
   const T &find(const T &a)
   {
-    return numbering<T>::operator[](find_number(number(a)));
+    return numbers[find_number(number(a))];
   }
 
   size_type find_number(typename numbering<T>::const_iterator it) const
   {
-    return find_number(it-numbering<T>::begin());
+    return find_number(it-numbers.begin());
   }
 
   size_type find_number(size_type a) const
@@ -210,9 +219,8 @@ class union_find:public numbering<T>
 
   bool is_root(const T &a) const
   {
-    typename subt::number_type na;
-
-    if(subt::get_number(a, na))
+    number_type na;
+    if(numbers.get_number(a, na))
       return true; // not found, it's a root
     else
       return uuf.is_root(na);
@@ -220,30 +228,30 @@ class union_find:public numbering<T>
 
   bool is_root(typename numbering<T>::const_iterator it) const
   {
-    return uuf.is_root(it-numbering<T>::begin());
+    return uuf.is_root(it-numbers.begin());
   }
 
   size_type number(const T &a)
   {
-    size_type n=subt::number(a);
+    size_type n=numbers.number(a);
 
     if(n>=uuf.size())
-      uuf.resize(this->size());
+      uuf.resize(numbers.size());
 
-    assert(uuf.size()==this->size());
+    assert(uuf.size()==numbers.size());
 
     return n;
   }
 
   void clear()
   {
-    subt::clear();
+    numbers.clear();
     uuf.clear();
   }
 
   void isolate(typename numbering<T>::const_iterator it)
   {
-    uuf.isolate(it-numbering<T>::begin());
+    uuf.isolate(it-numbers.begin());
   }
 
   void isolate(const T &a)
@@ -251,6 +259,24 @@ class union_find:public numbering<T>
     uuf.isolate(number(a));
   }
 
+  bool get_number(const T &a, number_type &n) const
+  {
+    return numbers.get_number(a, n);
+  }
+
+  size_t size() const { return numbers.size(); }
+
+  T &operator[](size_type t) { return numbers[t]; }
+  const T &operator[](size_type t) const { return numbers[t]; }
+
+  iterator begin() { return numbers.begin(); }
+  const_iterator begin() const { return numbers.begin(); }
+  const_iterator cbegin() const { return numbers.cbegin(); }
+
+  iterator end() { return numbers.end(); }
+  const_iterator end() const { return numbers.end(); }
+  const_iterator cend() const { return numbers.cend(); }
+
 protected:
   unsigned_union_find uuf;
   typedef numbering<T> subt;

From 96062375fe42acfac2b0748ac26bcf93d0ba55f5 Mon Sep 17 00:00:00 2001
From: reuk <reuk@users.noreply.github.com>
Date: Wed, 21 Jun 2017 10:19:40 +0100
Subject: [PATCH 637/699] Fix formatting in event graph

---
 src/goto-instrument/wmm/event_graph.h | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/src/goto-instrument/wmm/event_graph.h b/src/goto-instrument/wmm/event_graph.h
index 7d69cbe8af6..076f8f679bf 100644
--- a/src/goto-instrument/wmm/event_graph.h
+++ b/src/goto-instrument/wmm/event_graph.h
@@ -102,10 +102,9 @@ class event_grapht
     void operator()(const critical_cyclet &cyc)
     {
       data.clear();
-      for(
-        auto it=cyc.data.cbegin();
-        it!=cyc.data.cend();
-        ++it)
+      for(auto it=cyc.data.cbegin();
+          it!=cyc.data.cend();
+          ++it)
         data.push_back(*it);
       has_user_defined_fence=cyc.has_user_defined_fence;
     }

From 39bee7772a3cf77646a541c0b3f1bf1d3a7b6620 Mon Sep 17 00:00:00 2001
From: reuk <reuk@users.noreply.github.com>
Date: Wed, 21 Jun 2017 10:43:22 +0100
Subject: [PATCH 638/699] Add missing `empty`

---
 src/pointer-analysis/value_set.h | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/pointer-analysis/value_set.h b/src/pointer-analysis/value_set.h
index b07869aed4a..f30386e8eb5 100644
--- a/src/pointer-analysis/value_set.h
+++ b/src/pointer-analysis/value_set.h
@@ -80,6 +80,7 @@ class value_sett
     const_iterator cend() const { return data.cend(); }
 
     size_t size() const { return data.size(); }
+    bool empty() const { return data.empty(); }
 
     objectt &operator[](unsigned i) { return data[i]; }
 

From b00c377c050a21b1856bdc095b2456710f455ab5 Mon Sep 17 00:00:00 2001
From: reuk <reuk@users.noreply.github.com>
Date: Wed, 21 Jun 2017 10:43:47 +0100
Subject: [PATCH 639/699] Fix invariant warnings

---
 src/goto-instrument/wmm/data_dp.cpp   | 3 ++-
 src/goto-instrument/wmm/event_graph.h | 3 ++-
 src/util/numbering.h                  | 3 ++-
 src/util/union_find.h                 | 2 +-
 4 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/src/goto-instrument/wmm/data_dp.cpp b/src/goto-instrument/wmm/data_dp.cpp
index c9baff90f95..d88f20859eb 100644
--- a/src/goto-instrument/wmm/data_dp.cpp
+++ b/src/goto-instrument/wmm/data_dp.cpp
@@ -13,6 +13,7 @@ Date: 2012
 
 #include "data_dp.h"
 
+#include <util/invariant.h>
 #include <util/message.h>
 
 #include "abstract_event.h"
@@ -151,7 +152,7 @@ void data_dpt::dp_merge()
       it3->eq_class=to;
 
   /* strictly monotonous => converges */
-  assert(initial_size>data.size());
+  INVARIANT(initial_size>data.size(), "strictly monotonous => converges");
 
   /* repeat until classes are disjunct */
   dp_merge();
diff --git a/src/goto-instrument/wmm/event_graph.h b/src/goto-instrument/wmm/event_graph.h
index 076f8f679bf..69eb502760d 100644
--- a/src/goto-instrument/wmm/event_graph.h
+++ b/src/goto-instrument/wmm/event_graph.h
@@ -20,6 +20,7 @@ Date: 2012
 #include <iosfwd>
 
 #include <util/graph.h>
+#include <util/invariant.h>
 
 #include "abstract_event.h"
 #include "data_dp.h"
@@ -213,7 +214,7 @@ class event_grapht
       {
         critical_cyclet reduced(egraph, id);
         this->hide_internals(reduced);
-        assert(!reduced.data.empty());
+        INVARIANT(!reduced.data.empty(), "reduced must not be empty");
         return print_name(reduced, model);
       }
       else
diff --git a/src/util/numbering.h b/src/util/numbering.h
index 55a6231f16d..4e0113a117a 100644
--- a/src/util/numbering.h
+++ b/src/util/numbering.h
@@ -15,6 +15,7 @@ Author: Daniel Kroening, kroening@kroening.com
 #include <unordered_map>
 #include <vector>
 
+#include <util/invariant.h>
 
 template <typename T>
 // NOLINTNEXTLINE(readability/identifiers)
@@ -48,7 +49,7 @@ class numbering final
     if(result.second) // inserted?
     {
       data.push_back(a);
-      assert(data.size()==numbers.size());
+      INVARIANT(data.size()==numbers.size(), "vector sizes must match");
     }
 
     return (result.first)->second;
diff --git a/src/util/union_find.h b/src/util/union_find.h
index 7369343cff5..42dd4738735 100644
--- a/src/util/union_find.h
+++ b/src/util/union_find.h
@@ -238,7 +238,7 @@ class union_find final
     if(n>=uuf.size())
       uuf.resize(numbers.size());
 
-    assert(uuf.size()==numbers.size());
+    INVARIANT(uuf.size()==numbers.size(), "container sizes must match");
 
     return n;
   }

From 7d5f1158a4c97a5165cabe0817db94e98c0917bc Mon Sep 17 00:00:00 2001
From: reuk <reuk@users.noreply.github.com>
Date: Mon, 10 Apr 2017 21:57:46 +0100
Subject: [PATCH 640/699] Replace owning raw pointers with unique_ptr

Implement @tautschnig's fixes

Fix residual memory leak from narrow_argv
---
 src/analyses/ai.h                             |  10 +-
 src/analyses/goto_rw.cpp                      |  41 ++++---
 src/analyses/goto_rw.h                        |  16 +--
 src/analyses/local_may_alias.h                |   6 +-
 src/analyses/reaching_definitions.cpp         |  30 ++---
 src/analyses/reaching_definitions.h           |  15 +--
 src/analyses/static_analysis.h                |  11 +-
 src/ansi-c/ansi_c_language.cpp                |   4 +-
 src/ansi-c/ansi_c_language.h                  |  11 +-
 src/cbmc/bmc.cpp                              |   6 +-
 src/cbmc/cbmc_main.cpp                        |   4 +-
 src/cbmc/cbmc_parse_options.cpp               |  12 +-
 src/cbmc/cbmc_solvers.cpp                     | 109 +++++++++---------
 src/cbmc/cbmc_solvers.h                       |  61 +++++-----
 src/clobber/clobber_main.cpp                  |   9 +-
 src/clobber/clobber_parse_options.cpp         |   2 +-
 src/cpp/cpp_language.cpp                      |   4 +-
 src/cpp/cpp_language.h                        |  11 +-
 src/goto-analyzer/goto_analyzer_main.cpp      |   4 +-
 src/goto-cc/compile.cpp                       |  11 +-
 src/goto-cc/goto_cc_main.cpp                  |   4 +-
 src/goto-diff/goto_diff_main.cpp              |   4 +-
 src/goto-diff/goto_diff_parse_options.cpp     |   9 +-
 .../enumerating_loop_acceleration.h           |  19 ++-
 .../accelerate/scratch_program.h              |  11 +-
 src/goto-instrument/dump_c_class.h            |   8 +-
 src/goto-instrument/goto_instrument_main.cpp  |   4 +-
 .../wmm/instrumenter_strategies.cpp           |   9 +-
 src/goto-programs/show_symbol_table.cpp       |  14 ++-
 src/goto-symex/goto_symex_state.cpp           |   2 +
 src/goto-symex/goto_symex_state.h             |   7 +-
 src/goto-symex/symex_main.cpp                 |   5 +-
 src/java_bytecode/jar_file.cpp                |  10 +-
 src/java_bytecode/java_bytecode_language.cpp  |   4 +-
 src/java_bytecode/java_bytecode_language.h    |   7 +-
 src/jsil/jsil_language.cpp                    |   4 +-
 src/jsil/jsil_language.h                      |  12 +-
 src/langapi/language_ui.cpp                   |  14 ++-
 src/langapi/language_util.cpp                 |   4 +-
 src/langapi/mode.cpp                          |   7 +-
 src/langapi/mode.h                            |  11 +-
 src/memory-models/mmcc_main.cpp               |   4 +-
 src/symex/symex_main.cpp                      |   9 +-
 src/util/freer.h                              |  33 ++++++
 src/util/invariant.cpp                        |  22 ++--
 src/util/language.h                           |   3 +-
 src/util/language_file.cpp                    |  16 +--
 src/util/language_file.h                      |  12 +-
 src/util/make_unique.h                        |  24 ++++
 src/util/mp_arith.cpp                         |  21 ++--
 src/util/pipe_stream.cpp                      |  24 ++--
 src/util/pipe_stream.h                        |   3 +-
 src/util/run.cpp                              |  10 +-
 src/util/sharing_node.h                       |  10 +-
 src/util/unicode.cpp                          |  12 +-
 src/util/unicode.h                            |  16 ++-
 56 files changed, 428 insertions(+), 337 deletions(-)
 create mode 100644 src/util/freer.h
 create mode 100644 src/util/make_unique.h

diff --git a/src/analyses/ai.h b/src/analyses/ai.h
index 5e0d1db3b2e..a04c60547d0 100644
--- a/src/analyses/ai.h
+++ b/src/analyses/ai.h
@@ -12,12 +12,14 @@ Author: Daniel Kroening, kroening@kroening.com
 #ifndef CPROVER_ANALYSES_AI_H
 #define CPROVER_ANALYSES_AI_H
 
-#include <map>
 #include <iosfwd>
+#include <map>
+#include <memory>
 
 #include <util/json.h>
 #include <util/xml.h>
 #include <util/expr.h>
+#include <util/make_unique.h>
 
 #include <goto-programs/goto_model.h>
 
@@ -334,7 +336,7 @@ class ai_baset
     const namespacet &ns)=0;
   virtual statet &get_state(locationt l)=0;
   virtual const statet &find_state(locationt l) const=0;
-  virtual statet* make_temporary_state(const statet &s)=0;
+  virtual std::unique_ptr<statet> make_temporary_state(const statet &s)=0;
 };
 
 // domainT is expected to be derived from ai_domain_baseT
@@ -400,9 +402,9 @@ class ait:public ai_baset
       static_cast<const domainT &>(src), from, to);
   }
 
-  statet *make_temporary_state(const statet &s) override
+  std::unique_ptr<statet> make_temporary_state(const statet &s) override
   {
-    return new domainT(static_cast<const domainT &>(s));
+    return util_make_unique<domainT>(static_cast<const domainT &>(s));
   }
 
   void fixedpoint(
diff --git a/src/analyses/goto_rw.cpp b/src/analyses/goto_rw.cpp
index 49827bd2bd3..c7de024f6f9 100644
--- a/src/analyses/goto_rw.cpp
+++ b/src/analyses/goto_rw.cpp
@@ -10,8 +10,9 @@ Date: April 2010
 
 #include "goto_rw.h"
 
-#include <limits>
 #include <algorithm>
+#include <limits>
+#include <memory>
 
 #include <util/std_code.h>
 #include <util/std_expr.h>
@@ -20,6 +21,7 @@ Date: April 2010
 #include <util/endianness_map.h>
 #include <util/arith_tools.h>
 #include <util/simplify_expr.h>
+#include <util/make_unique.h>
 
 #include <goto-programs/goto_functions.h>
 
@@ -49,12 +51,12 @@ rw_range_sett::~rw_range_sett()
   for(rw_range_sett::objectst::iterator it=r_range_set.begin();
       it!=r_range_set.end();
       ++it)
-    delete it->second;
+    it->second=nullptr;
 
   for(rw_range_sett::objectst::iterator it=w_range_set.begin();
       it!=w_range_set.end();
       ++it)
-    delete it->second;
+    it->second=nullptr;
 }
 
 void rw_range_sett::output(std::ostream &out) const
@@ -461,16 +463,18 @@ void rw_range_sett::add(
   const range_spect &range_start,
   const range_spect &range_end)
 {
-  objectst::iterator entry=(mode==get_modet::LHS_W ? w_range_set : r_range_set).
-    insert(
-      std::pair<const irep_idt&, range_domain_baset*>(
-        identifier, nullptr)).first;
+  objectst::iterator entry=
+    (mode==get_modet::LHS_W?w_range_set:r_range_set)
+       .insert(
+         std::pair<const irep_idt &, std::unique_ptr<range_domain_baset>>(
+           identifier, nullptr))
+       .first;
 
   if(entry->second==nullptr)
-    entry->second=new range_domaint();
+    entry->second=util_make_unique<range_domaint>();
 
-  static_cast<range_domaint*>(entry->second)->push_back(
-    std::make_pair(range_start, range_end));
+  static_cast<range_domaint&>(*entry->second).push_back(
+    {range_start, range_end});
 }
 
 void rw_range_sett::get_objects_rec(
@@ -662,17 +666,18 @@ void rw_guarded_range_set_value_sett::add(
   const range_spect &range_start,
   const range_spect &range_end)
 {
-  objectst::iterator entry=(mode==get_modet::LHS_W ? w_range_set : r_range_set).
-    insert(
-      std::pair<const irep_idt&, range_domain_baset*>(
-        identifier, nullptr)).first;
+  objectst::iterator entry=
+    (mode==get_modet::LHS_W?w_range_set:r_range_set)
+      .insert(
+        std::pair<const irep_idt &, std::unique_ptr<range_domain_baset>>(
+          identifier, nullptr))
+      .first;
 
   if(entry->second==nullptr)
-    entry->second=new guarded_range_domaint();
+    entry->second=util_make_unique<guarded_range_domaint>();
 
-  static_cast<guarded_range_domaint*>(entry->second)->insert(
-    std::make_pair(range_start,
-                   std::make_pair(range_end, guard.as_expr())));
+  static_cast<guarded_range_domaint&>(*entry->second).insert(
+    {range_start, {range_end, guard.as_expr()}});
 }
 
 void goto_rw(goto_programt::const_targett target,
diff --git a/src/analyses/goto_rw.h b/src/analyses/goto_rw.h
index 1f92c3e0e14..8dd43880f93 100644
--- a/src/analyses/goto_rw.h
+++ b/src/analyses/goto_rw.h
@@ -15,6 +15,7 @@ Date: April 2010
 #include <map>
 #include <ostream>
 #include <limits>
+#include <memory> // unique_ptr
 
 #include <util/guard.h>
 
@@ -83,10 +84,10 @@ class rw_range_sett
 {
 public:
   #ifdef USE_DSTRING
-  typedef std::map<irep_idt, range_domain_baset*> objectst;
+  typedef std::map<irep_idt, std::unique_ptr<range_domain_baset>> objectst;
   #else
-  typedef std::unordered_map<irep_idt, range_domain_baset*, string_hash>
-    objectst;
+  typedef std::unordered_map<
+    irep_idt, std::unique_ptr<range_domain_baset>, string_hash> objectst;
   #endif
 
   virtual ~rw_range_sett();
@@ -108,8 +109,8 @@ class rw_range_sett
 
   const range_domaint &get_ranges(objectst::const_iterator it) const
   {
-    PRECONDITION(dynamic_cast<range_domaint*>(it->second)!=nullptr);
-    return *static_cast<range_domaint*>(it->second);
+    PRECONDITION(dynamic_cast<range_domaint*>(it->second.get())!=nullptr);
+    return static_cast<const range_domaint &>(*it->second);
   }
 
   enum class get_modet { LHS_W, READ };
@@ -277,8 +278,9 @@ class rw_guarded_range_set_value_sett:public rw_range_set_value_sett
 
   const guarded_range_domaint &get_ranges(objectst::const_iterator it) const
   {
-    PRECONDITION(dynamic_cast<guarded_range_domaint*>(it->second)!=nullptr);
-    return *static_cast<guarded_range_domaint*>(it->second);
+    PRECONDITION(
+      dynamic_cast<guarded_range_domaint*>(it->second.get())!=nullptr);
+    return static_cast<const guarded_range_domaint &>(*it->second);
   }
 
   virtual void get_objects_rec(
diff --git a/src/analyses/local_may_alias.h b/src/analyses/local_may_alias.h
index 5e04ff01a75..307513a64eb 100644
--- a/src/analyses/local_may_alias.h
+++ b/src/analyses/local_may_alias.h
@@ -12,10 +12,11 @@ Author: Daniel Kroening, kroening@kroening.com
 #ifndef CPROVER_ANALYSES_LOCAL_MAY_ALIAS_H
 #define CPROVER_ANALYSES_LOCAL_MAY_ALIAS_H
 
-#include <stack>
 #include <memory>
+#include <stack>
 
 #include <util/union_find.h>
+#include <util/make_unique.h>
 
 #include "locals.h"
 #include "dirty.h"
@@ -117,8 +118,7 @@ class local_may_alias_factoryt
     goto_functionst::function_mapt::const_iterator f_it2=
       goto_functions->function_map.find(fkt);
     assert(f_it2!=goto_functions->function_map.end());
-    return *(fkt_map[fkt]=std::unique_ptr<local_may_aliast>(
-              new local_may_aliast(f_it2->second)));
+    return *(fkt_map[fkt]=util_make_unique<local_may_aliast>(f_it2->second));
   }
 
   local_may_aliast &operator()(goto_programt::const_targett t)
diff --git a/src/analyses/reaching_definitions.cpp b/src/analyses/reaching_definitions.cpp
index 89b31da543b..c3242849511 100644
--- a/src/analyses/reaching_definitions.cpp
+++ b/src/analyses/reaching_definitions.cpp
@@ -15,14 +15,26 @@ Date: February 2013
 
 #include "reaching_definitions.h"
 
+#include <memory>
+
 #include <util/pointer_offset_size.h>
 #include <util/prefix.h>
+#include <util/make_unique.h>
 
 #include <pointer-analysis/value_set_analysis_fi.h>
 
 #include "is_threaded.h"
 #include "dirty.h"
 
+reaching_definitions_analysist::reaching_definitions_analysist(
+  const namespacet &_ns):
+    concurrency_aware_ait<rd_range_domaint>(),
+    ns(_ns)
+{
+}
+
+reaching_definitions_analysist::~reaching_definitions_analysist()=default;
+
 void rd_range_domaint::populate_cache(const irep_idt &identifier) const
 {
   assert(bv_container);
@@ -717,26 +729,16 @@ const rd_range_domaint::ranges_at_loct &rd_range_domaint::get(
     return entry->second;
 }
 
-reaching_definitions_analysist::~reaching_definitions_analysist()
-{
-  if(is_dirty)
-    delete is_dirty;
-  if(is_threaded)
-    delete is_threaded;
-  if(value_sets)
-    delete value_sets;
-}
-
 void reaching_definitions_analysist::initialize(
   const goto_functionst &goto_functions)
 {
-  value_set_analysis_fit *value_sets_=new value_set_analysis_fit(ns);
+  auto value_sets_=util_make_unique<value_set_analysis_fit>(ns);
   (*value_sets_)(goto_functions);
-  value_sets=value_sets_;
+  value_sets=std::move(value_sets_);
 
-  is_threaded=new is_threadedt(goto_functions);
+  is_threaded=util_make_unique<is_threadedt>(goto_functions);
 
-  is_dirty=new dirtyt(goto_functions);
+  is_dirty=util_make_unique<dirtyt>(goto_functions);
 
   concurrency_aware_ait<rd_range_domaint>::initialize(goto_functions);
 }
diff --git a/src/analyses/reaching_definitions.h b/src/analyses/reaching_definitions.h
index 21cbd1ed377..c62bd5e4b51 100644
--- a/src/analyses/reaching_definitions.h
+++ b/src/analyses/reaching_definitions.h
@@ -241,14 +241,7 @@ class reaching_definitions_analysist:
 {
 public:
   // constructor
-  explicit reaching_definitions_analysist(const namespacet &_ns):
-    concurrency_aware_ait<rd_range_domaint>(),
-    ns(_ns),
-    value_sets(nullptr),
-    is_threaded(nullptr),
-    is_dirty(nullptr)
-  {
-  }
+  explicit reaching_definitions_analysist(const namespacet &_ns);
 
   virtual ~reaching_definitions_analysist();
 
@@ -290,9 +283,9 @@ class reaching_definitions_analysist:
 
 protected:
   const namespacet &ns;
-  value_setst * value_sets;
-  is_threadedt * is_threaded;
-  dirtyt * is_dirty;
+  std::unique_ptr<value_setst> value_sets;
+  std::unique_ptr<is_threadedt> is_threaded;
+  std::unique_ptr<dirtyt> is_dirty;
 };
 
 #endif // CPROVER_ANALYSES_REACHING_DEFINITIONS_H
diff --git a/src/analyses/static_analysis.h b/src/analyses/static_analysis.h
index 1f384ec979d..405c6509bdc 100644
--- a/src/analyses/static_analysis.h
+++ b/src/analyses/static_analysis.h
@@ -16,10 +16,13 @@ Author: Daniel Kroening, kroening@kroening.com
 #error Deprecated, use ai.h instead
 #endif
 
-#include <map>
 #include <iosfwd>
+#include <map>
+#include <memory>
 #include <unordered_set>
 
+#include <util/make_unique.h>
+
 #include <goto-programs/goto_functions.h>
 
 // don't use me -- I am just a base class
@@ -252,7 +255,7 @@ class static_analysis_baset
   virtual void generate_state(locationt l)=0;
   virtual statet &get_state(locationt l)=0;
   virtual const statet &get_state(locationt l) const=0;
-  virtual statet* make_temporary_state(statet &s)=0;
+  virtual std::unique_ptr<statet> make_temporary_state(statet &s)=0;
 
   typedef domain_baset::expr_sett expr_sett;
 
@@ -331,9 +334,9 @@ class static_analysist:public static_analysis_baset
     return static_cast<T &>(a).merge(static_cast<const T &>(b), to);
   }
 
-  virtual statet *make_temporary_state(statet &s)
+  virtual std::unique_ptr<statet> make_temporary_state(statet &s)
   {
-    return new T(static_cast<T &>(s));
+    return util_make_unique<T>(static_cast<T &>(s));
   }
 
   virtual void generate_state(locationt l)
diff --git a/src/ansi-c/ansi_c_language.cpp b/src/ansi-c/ansi_c_language.cpp
index 4a9faddf1a7..46024683f96 100644
--- a/src/ansi-c/ansi_c_language.cpp
+++ b/src/ansi-c/ansi_c_language.cpp
@@ -139,9 +139,9 @@ void ansi_c_languaget::show_parse(std::ostream &out)
   parse_tree.output(out);
 }
 
-languaget *new_ansi_c_language()
+std::unique_ptr<languaget> new_ansi_c_language()
 {
-  return new ansi_c_languaget;
+  return util_make_unique<ansi_c_languaget>();
 }
 
 bool ansi_c_languaget::from_expr(
diff --git a/src/ansi-c/ansi_c_language.h b/src/ansi-c/ansi_c_language.h
index 89f8399b117..e20593c1f03 100644
--- a/src/ansi-c/ansi_c_language.h
+++ b/src/ansi-c/ansi_c_language.h
@@ -10,7 +10,12 @@ Author: Daniel Kroening, kroening@kroening.com
 #ifndef CPROVER_ANSI_C_ANSI_C_LANGUAGE_H
 #define CPROVER_ANSI_C_ANSI_C_LANGUAGE_H
 
+/*! \defgroup gr_ansi_c ANSI-C front-end */
+
+#include <memory>
+
 #include <util/language.h>
+#include <util/make_unique.h>
 
 #include "ansi_c_parse_tree.h"
 
@@ -59,8 +64,8 @@ class ansi_c_languaget:public languaget
     exprt &expr,
     const namespacet &ns) override;
 
-  languaget *new_language() override
-  { return new ansi_c_languaget; }
+  std::unique_ptr<languaget> new_language() override
+  { return util_make_unique<ansi_c_languaget>(); }
 
   std::string id() const override { return "C"; }
   std::string description() const override { return "ANSI-C 99"; }
@@ -73,6 +78,6 @@ class ansi_c_languaget:public languaget
   std::string parse_path;
 };
 
-languaget *new_ansi_c_language();
+std::unique_ptr<languaget> new_ansi_c_language();
 
 #endif // CPROVER_ANSI_C_ANSI_C_LANGUAGE_H
diff --git a/src/cbmc/bmc.cpp b/src/cbmc/bmc.cpp
index 4f2230c9783..ab5d6883ab0 100644
--- a/src/cbmc/bmc.cpp
+++ b/src/cbmc/bmc.cpp
@@ -314,11 +314,11 @@ safety_checkert::resultt bmct::run(
   std::unique_ptr<memory_model_baset> memory_model;
 
   if(mm.empty() || mm=="sc")
-    memory_model=std::unique_ptr<memory_model_baset>(new memory_model_sct(ns));
+    memory_model=util_make_unique<memory_model_sct>(ns);
   else if(mm=="tso")
-    memory_model=std::unique_ptr<memory_model_baset>(new memory_model_tsot(ns));
+    memory_model=util_make_unique<memory_model_tsot>(ns);
   else if(mm=="pso")
-    memory_model=std::unique_ptr<memory_model_baset>(new memory_model_psot(ns));
+    memory_model=util_make_unique<memory_model_psot>(ns);
   else
   {
     error() << "Invalid memory model " << mm
diff --git a/src/cbmc/cbmc_main.cpp b/src/cbmc/cbmc_main.cpp
index 3a35c6bb197..bcf6c764c68 100644
--- a/src/cbmc/cbmc_main.cpp
+++ b/src/cbmc/cbmc_main.cpp
@@ -34,7 +34,9 @@ extern unsigned long long irep_cmp_ne_cnt;
 #ifdef _MSC_VER
 int wmain(int argc, const wchar_t **argv_wide)
 {
-  const char **argv=narrow_argv(argc, argv_wide);
+  auto vec=narrow_argv(argc, argv_wide);
+  auto narrow=to_c_str_array(std::begin(vec), std::end(vec));
+  auto argv=narrow.data();
 #else
 int main(int argc, const char **argv)
 {
diff --git a/src/cbmc/cbmc_parse_options.cpp b/src/cbmc/cbmc_parse_options.cpp
index 239b34d9b8c..ed6f3f081a2 100644
--- a/src/cbmc/cbmc_parse_options.cpp
+++ b/src/cbmc/cbmc_parse_options.cpp
@@ -601,7 +601,7 @@ int cbmc_parse_optionst::get_goto_program(
         return 6;
       }
 
-      languaget *language=get_language_from_filename(filename);
+      std::unique_ptr<languaget> language=get_language_from_filename(filename);
       language->get_language_options(cmdline);
 
       if(language==nullptr)
@@ -750,18 +750,16 @@ void cbmc_parse_optionst::preprocessing()
       return;
     }
 
-    languaget *ptr=get_language_from_filename(filename);
-    ptr->get_language_options(cmdline);
+    std::unique_ptr<languaget> language=get_language_from_filename(filename);
+    language->get_language_options(cmdline);
 
-    if(ptr==nullptr)
+    if(language==nullptr)
     {
       error() << "failed to figure out type of file" << eom;
       return;
     }
 
-    ptr->set_message_handler(get_message_handler());
-
-    std::unique_ptr<languaget> language(ptr);
+    language->set_message_handler(get_message_handler());
 
     if(language->preprocess(infile, filename, std::cout))
       error() << "PREPROCESSING ERROR" << eom;
diff --git a/src/cbmc/cbmc_solvers.cpp b/src/cbmc/cbmc_solvers.cpp
index 2c5287fc199..c53c34375e3 100644
--- a/src/cbmc/cbmc_solvers.cpp
+++ b/src/cbmc/cbmc_solvers.cpp
@@ -11,11 +11,12 @@ Author: Daniel Kroening, kroening@kroening.com
 
 #include "cbmc_solvers.h"
 
-#include <memory>
-#include <iostream>
 #include <fstream>
+#include <iostream>
+#include <memory>
 
 #include <util/unicode.h>
+#include <util/make_unique.h>
 
 #include <solvers/sat/satcheck.h>
 #include <solvers/refinement/bv_refinement.h>
@@ -87,65 +88,65 @@ smt2_dect::solvert cbmc_solverst::get_smt2_solver_type() const
   return s;
 }
 
-/// Get the default decision procedure
-cbmc_solverst::solvert* cbmc_solverst::get_default()
+std::unique_ptr<cbmc_solverst::solvert> cbmc_solverst::get_default()
 {
-  solvert *solver=new solvert;
+  auto solver=util_make_unique<solvert>();
 
   if(options.get_bool_option("beautify") ||
      !options.get_bool_option("sat-preprocessor")) // no simplifier
   {
     // simplifier won't work with beautification
-    solver->set_prop(new satcheck_no_simplifiert());
+    solver->set_prop(util_make_unique<satcheck_no_simplifiert>());
   }
   else // with simplifier
   {
-    solver->set_prop(new satcheckt());
+    solver->set_prop(util_make_unique<satcheckt>());
   }
 
   solver->prop().set_message_handler(get_message_handler());
 
-  bv_cbmct *bv_cbmc=new bv_cbmct(ns, solver->prop());
+  auto bv_cbmc=util_make_unique<bv_cbmct>(ns, solver->prop());
 
   if(options.get_option("arrays-uf")=="never")
     bv_cbmc->unbounded_array=bv_cbmct::unbounded_arrayt::U_NONE;
   else if(options.get_option("arrays-uf")=="always")
     bv_cbmc->unbounded_array=bv_cbmct::unbounded_arrayt::U_ALL;
 
-  solver->set_prop_conv(bv_cbmc);
+  solver->set_prop_conv(std::move(bv_cbmc));
 
   return solver;
 }
 
-cbmc_solverst::solvert* cbmc_solverst::get_dimacs()
+std::unique_ptr<cbmc_solverst::solvert> cbmc_solverst::get_dimacs()
 {
   no_beautification();
   no_incremental_check();
 
-  dimacs_cnft *prop=new dimacs_cnft();
+  auto prop=util_make_unique<dimacs_cnft>();
   prop->set_message_handler(get_message_handler());
 
   std::string filename=options.get_option("outfile");
 
-  return new solvert(new cbmc_dimacst(ns, *prop, filename), prop);
+  auto cbmc_dimacs=util_make_unique<cbmc_dimacst>(ns, *prop, filename);
+  return util_make_unique<solvert>(std::move(cbmc_dimacs), std::move(prop));
 }
 
-cbmc_solverst::solvert* cbmc_solverst::get_bv_refinement()
+std::unique_ptr<cbmc_solverst::solvert> cbmc_solverst::get_bv_refinement()
 {
-  propt *prop;
-
-  // We offer the option to disable the SAT preprocessor
-  if(options.get_bool_option("sat-preprocessor"))
+  std::unique_ptr<propt> prop=[this]() -> std::unique_ptr<propt>
   {
-    no_beautification();
-    prop=new satcheckt();
-  }
-  else
-    prop=new satcheck_no_simplifiert();
+    // We offer the option to disable the SAT preprocessor
+    if(options.get_bool_option("sat-preprocessor"))
+    {
+      no_beautification();
+      return util_make_unique<satcheckt>();
+    }
+    return util_make_unique<satcheck_no_simplifiert>();
+  }();
 
   prop->set_message_handler(get_message_handler());
 
-  bv_refinementt *bv_refinement=new bv_refinementt(ns, *prop);
+  auto bv_refinement=util_make_unique<bv_refinementt>(ns, *prop);
   bv_refinement->set_ui(ui);
 
   // we allow setting some parameters
@@ -158,19 +159,18 @@ cbmc_solverst::solvert* cbmc_solverst::get_bv_refinement()
   bv_refinement->do_arithmetic_refinement =
     options.get_bool_option("refine-arithmetic");
 
-  return new solvert(bv_refinement, prop);
+  return util_make_unique<solvert>(std::move(bv_refinement), std::move(prop));
 }
 
 /// the string refinement adds to the bit vector refinement specifications for
 /// functions from the Java string library
 /// \return a solver for cbmc
-cbmc_solverst::solvert* cbmc_solverst::get_string_refinement()
+std::unique_ptr<cbmc_solverst::solvert> cbmc_solverst::get_string_refinement()
 {
-  propt *prop;
-  prop=new satcheck_no_simplifiert();
+  auto prop=util_make_unique<satcheck_no_simplifiert>();
   prop->set_message_handler(get_message_handler());
 
-  string_refinementt *string_refinement=new string_refinementt(
+  auto string_refinement=util_make_unique<string_refinementt>(
     ns, *prop, MAX_NB_REFINEMENT);
   string_refinement->set_ui(ui);
 
@@ -192,10 +192,12 @@ cbmc_solverst::solvert* cbmc_solverst::get_string_refinement()
   string_refinement->do_arithmetic_refinement=
     options.get_bool_option("refine-arithmetic");
 
-  return new solvert(string_refinement, prop);
+  return util_make_unique<solvert>(
+    std::move(string_refinement), std::move(prop));
 }
 
-cbmc_solverst::solvert* cbmc_solverst::get_smt1(smt1_dect::solvert solver)
+std::unique_ptr<cbmc_solverst::solvert> cbmc_solverst::get_smt1(
+  smt1_dect::solvert solver)
 {
   no_beautification();
   no_incremental_check();
@@ -210,20 +212,20 @@ cbmc_solverst::solvert* cbmc_solverst::get_smt1(smt1_dect::solvert solver)
       throw 0;
     }
 
-    smt1_dect *smt1_dec=
-      new smt1_dect(
+    auto smt1_dec=
+      util_make_unique<smt1_dect>(
         ns,
         "cbmc",
         "Generated by CBMC " CBMC_VERSION,
         "QF_AUFBV",
         solver);
 
-    return new solvert(smt1_dec);
+    return util_make_unique<solvert>(std::move(smt1_dec));
   }
   else if(filename=="-")
   {
-    smt1_convt *smt1_conv=
-      new smt1_convt(
+    auto smt1_conv=
+      util_make_unique<smt1_convt>(
         ns,
         "cbmc",
         "Generated by CBMC " CBMC_VERSION,
@@ -233,14 +235,14 @@ cbmc_solverst::solvert* cbmc_solverst::get_smt1(smt1_dect::solvert solver)
 
     smt1_conv->set_message_handler(get_message_handler());
 
-    return new solvert(smt1_conv);
+    return util_make_unique<solvert>(std::move(smt1_conv));
   }
   else
   {
     #ifdef _MSC_VER
-    std::ofstream *out=new std::ofstream(widen(filename));
+    auto out=util_make_unique<std::ofstream>(widen(filename));
     #else
-    std::ofstream *out=new std::ofstream(filename);
+    auto out=util_make_unique<std::ofstream>(filename);
     #endif
 
     if(!out)
@@ -249,8 +251,8 @@ cbmc_solverst::solvert* cbmc_solverst::get_smt1(smt1_dect::solvert solver)
       throw 0;
     }
 
-    smt1_convt *smt1_conv=
-      new smt1_convt(
+    auto smt1_conv=
+      util_make_unique<smt1_convt>(
         ns,
         "cbmc",
         "Generated by CBMC " CBMC_VERSION,
@@ -260,11 +262,12 @@ cbmc_solverst::solvert* cbmc_solverst::get_smt1(smt1_dect::solvert solver)
 
     smt1_conv->set_message_handler(get_message_handler());
 
-    return new solvert(smt1_conv, out);
+    return util_make_unique<solvert>(std::move(smt1_conv), std::move(out));
   }
 }
 
-cbmc_solverst::solvert* cbmc_solverst::get_smt2(smt2_dect::solvert solver)
+std::unique_ptr<cbmc_solverst::solvert> cbmc_solverst::get_smt2(
+  smt2_dect::solvert solver)
 {
   no_beautification();
 
@@ -278,8 +281,8 @@ cbmc_solverst::solvert* cbmc_solverst::get_smt2(smt2_dect::solvert solver)
       throw 0;
     }
 
-    smt2_dect *smt2_dec=
-      new smt2_dect(
+    auto smt2_dec=
+      util_make_unique<smt2_dect>(
         ns,
         "cbmc",
         "Generated by CBMC " CBMC_VERSION,
@@ -289,12 +292,12 @@ cbmc_solverst::solvert* cbmc_solverst::get_smt2(smt2_dect::solvert solver)
     if(options.get_bool_option("fpa"))
       smt2_dec->use_FPA_theory=true;
 
-    return new solvert(smt2_dec);
+    return util_make_unique<solvert>(std::move(smt2_dec));
   }
   else if(filename=="-")
   {
-    smt2_convt *smt2_conv=
-      new smt2_convt(
+    auto smt2_conv=
+      util_make_unique<smt2_convt>(
         ns,
         "cbmc",
         "Generated by CBMC " CBMC_VERSION,
@@ -307,14 +310,14 @@ cbmc_solverst::solvert* cbmc_solverst::get_smt2(smt2_dect::solvert solver)
 
     smt2_conv->set_message_handler(get_message_handler());
 
-    return new solvert(smt2_conv);
+    return util_make_unique<solvert>(std::move(smt2_conv));
   }
   else
   {
     #ifdef _MSC_VER
-    std::ofstream *out=new std::ofstream(widen(filename));
+    auto out=util_make_unique<std::ofstream>(widen(filename));
     #else
-    std::ofstream *out=new std::ofstream(filename);
+    auto out=util_make_unique<std::ofstream>(filename);
     #endif
 
     if(!*out)
@@ -323,8 +326,8 @@ cbmc_solverst::solvert* cbmc_solverst::get_smt2(smt2_dect::solvert solver)
       throw 0;
     }
 
-    smt2_convt *smt2_conv=
-      new smt2_convt(
+    auto smt2_conv=
+      util_make_unique<smt2_convt>(
         ns,
         "cbmc",
         "Generated by CBMC " CBMC_VERSION,
@@ -337,7 +340,7 @@ cbmc_solverst::solvert* cbmc_solverst::get_smt2(smt2_dect::solvert solver)
 
     smt2_conv->set_message_handler(get_message_handler());
 
-    return new solvert(smt2_conv, out);
+    return util_make_unique<solvert>(std::move(smt2_conv), std::move(out));
   }
 }
 
diff --git a/src/cbmc/cbmc_solvers.h b/src/cbmc/cbmc_solvers.h
index 8b0644b2d79..02bbb8b5db9 100644
--- a/src/cbmc/cbmc_solvers.h
+++ b/src/cbmc/cbmc_solvers.h
@@ -54,19 +54,19 @@ class cbmc_solverst:public messaget
     {
     }
 
-    explicit solvert(prop_convt *p):prop_conv_ptr(p)
+    explicit solvert(std::unique_ptr<prop_convt> p):prop_conv_ptr(std::move(p))
     {
     }
 
-    solvert(prop_convt *p1, propt *p2):
-      prop_ptr(p2),
-      prop_conv_ptr(p1)
+    solvert(std::unique_ptr<prop_convt> p1, std::unique_ptr<propt> p2):
+      prop_ptr(std::move(p2)),
+      prop_conv_ptr(std::move(p1))
     {
     }
 
-    solvert(prop_convt *p1, std::ofstream *p2):
-      ofstream_ptr(p2),
-      prop_conv_ptr(p1)
+    solvert(std::unique_ptr<prop_convt> p1, std::unique_ptr<std::ofstream> p2):
+      ofstream_ptr(std::move(p2)),
+      prop_conv_ptr(std::move(p1))
     {
     }
 
@@ -82,19 +82,19 @@ class cbmc_solverst:public messaget
       return *prop_ptr;
     }
 
-    void set_prop_conv(prop_convt *p)
+    void set_prop_conv(std::unique_ptr<prop_convt> p)
     {
-      prop_conv_ptr=std::unique_ptr<prop_convt>(p);
+      prop_conv_ptr=std::move(p);
     }
 
-    void set_prop(propt *p)
+    void set_prop(std::unique_ptr<propt> p)
     {
-      prop_ptr=std::unique_ptr<propt>(p);
+      prop_ptr=std::move(p);
     }
 
-    void set_ofstream(std::ofstream *p)
+    void set_ofstream(std::unique_ptr<std::ofstream> p)
     {
-      ofstream_ptr=std::unique_ptr<std::ofstream>(p);
+      ofstream_ptr=std::move(p);
     }
 
     // the objects are deleted in the opposite order they appear below
@@ -106,22 +106,17 @@ class cbmc_solverst:public messaget
   // returns a solvert object
   virtual std::unique_ptr<solvert> get_solver()
   {
-    solvert *solver;
-
     if(options.get_bool_option("dimacs"))
-      solver=get_dimacs();
-    else if(options.get_bool_option("refine"))
-      solver=get_bv_refinement();
+      return get_dimacs();
+    if(options.get_bool_option("refine"))
+      return get_bv_refinement();
     else if(options.get_bool_option("refine-strings"))
-      solver=get_string_refinement();
-    else if(options.get_bool_option("smt1"))
-      solver=get_smt1(get_smt1_solver_type());
-    else if(options.get_bool_option("smt2"))
-      solver=get_smt2(get_smt2_solver_type());
-    else
-      solver=get_default();
-
-    return std::unique_ptr<solvert>(solver);
+      return get_string_refinement();
+    if(options.get_bool_option("smt1"))
+      return get_smt1(get_smt1_solver_type());
+    if(options.get_bool_option("smt2"))
+      return get_smt2(get_smt2_solver_type());
+    return get_default();
   }
 
   virtual ~cbmc_solverst()
@@ -138,12 +133,12 @@ class cbmc_solverst:public messaget
   // use gui format
   language_uit::uit ui;
 
-  solvert *get_default();
-  solvert *get_dimacs();
-  solvert *get_bv_refinement();
-  solvert *get_string_refinement();
-  solvert *get_smt1(smt1_dect::solvert solver);
-  solvert *get_smt2(smt2_dect::solvert solver);
+  std::unique_ptr<solvert> get_default();
+  std::unique_ptr<solvert> get_dimacs();
+  std::unique_ptr<solvert> get_bv_refinement();
+  std::unique_ptr<solvert> get_string_refinement();
+  std::unique_ptr<solvert> get_smt1(smt1_dect::solvert solver);
+  std::unique_ptr<solvert> get_smt2(smt2_dect::solvert solver);
 
   smt1_dect::solvert get_smt1_solver_type() const;
   smt2_dect::solvert get_smt2_solver_type() const;
diff --git a/src/clobber/clobber_main.cpp b/src/clobber/clobber_main.cpp
index e63a9d63e49..c52099efb6d 100644
--- a/src/clobber/clobber_main.cpp
+++ b/src/clobber/clobber_main.cpp
@@ -16,14 +16,13 @@ Author: Daniel Kroening, kroening@kroening.com
 #ifdef _MSC_VER
 int wmain(int argc, const wchar_t **argv_wide)
 {
-  const char **argv=narrow_argv(argc, argv_wide);
-  clobber_parse_optionst parse_options(argc, argv);
-  return parse_options.main();
-}
+  auto vec=narrow_argv(argc, argv_wide);
+  auto narrow=to_c_str_array(std::begin(vec), std::end(vec));
+  auto argv=narrow.data();
 #else
 int main(int argc, const char **argv)
 {
+#endif
   clobber_parse_optionst parse_options(argc, argv);
   return parse_options.main();
 }
-#endif
diff --git a/src/clobber/clobber_parse_options.cpp b/src/clobber/clobber_parse_options.cpp
index 71a7b41c7f8..7df4d5fa56f 100644
--- a/src/clobber/clobber_parse_options.cpp
+++ b/src/clobber/clobber_parse_options.cpp
@@ -246,7 +246,7 @@ bool clobber_parse_optionst::get_goto_program(
         return true;
       }
 
-      languaget *language=get_language_from_filename(filename);
+      std::unique_ptr<languaget> language=get_language_from_filename(filename);
       language->get_language_options(cmdline);
 
       if(language==nullptr)
diff --git a/src/cpp/cpp_language.cpp b/src/cpp/cpp_language.cpp
index c8b7f999653..baa06dbcd48 100644
--- a/src/cpp/cpp_language.cpp
+++ b/src/cpp/cpp_language.cpp
@@ -205,9 +205,9 @@ void cpp_languaget::show_parse(
     out << "UNKNOWN: " << item.pretty() << '\n';
 }
 
-languaget *new_cpp_language()
+std::unique_ptr<languaget> new_cpp_language()
 {
-  return new cpp_languaget;
+  return util_make_unique<cpp_languaget>();
 }
 
 bool cpp_languaget::from_expr(
diff --git a/src/cpp/cpp_language.h b/src/cpp/cpp_language.h
index 5be4330da2f..c43f9304a98 100644
--- a/src/cpp/cpp_language.h
+++ b/src/cpp/cpp_language.h
@@ -12,7 +12,12 @@ Author: Daniel Kroening, kroening@cs.cmu.edu
 #ifndef CPROVER_CPP_CPP_LANGUAGE_H
 #define CPROVER_CPP_CPP_LANGUAGE_H
 
+/*! \defgroup gr_cpp C++ front-end */
+
+#include <memory>
+
 #include <util/language.h>
+#include <util/make_unique.h> // unique_ptr
 
 #include "cpp_parse_tree.h"
 
@@ -71,8 +76,8 @@ class cpp_languaget:public languaget
     exprt &expr,
     const namespacet &ns) override;
 
-  languaget *new_language() override
-  { return new cpp_languaget; }
+  std::unique_ptr<languaget> new_language() override
+  { return util_make_unique<cpp_languaget>(); }
 
   std::string id() const override { return "cpp"; }
   std::string description() const override { return "C++"; }
@@ -92,6 +97,6 @@ class cpp_languaget:public languaget
   }
 };
 
-languaget *new_cpp_language();
+std::unique_ptr<languaget> new_cpp_language();
 
 #endif // CPROVER_CPP_CPP_LANGUAGE_H
diff --git a/src/goto-analyzer/goto_analyzer_main.cpp b/src/goto-analyzer/goto_analyzer_main.cpp
index 8e367dd7ebc..f2192925ab4 100644
--- a/src/goto-analyzer/goto_analyzer_main.cpp
+++ b/src/goto-analyzer/goto_analyzer_main.cpp
@@ -16,7 +16,9 @@ Author: Daniel Kroening, kroening@kroening.com
 #ifdef _MSC_VER
 int wmain(int argc, const wchar_t **argv_wide)
 {
-  const char **argv=narrow_argv(argc, argv_wide);
+  auto vec=narrow_argv(argc, argv_wide);
+  auto narrow=to_c_str_array(std::begin(vec), std::end(vec));
+  auto argv=narrow.data();
 #else
 int main(int argc, const char **argv)
 {
diff --git a/src/goto-cc/compile.cpp b/src/goto-cc/compile.cpp
index 0a6e3c4dd58..c54b6b60f6b 100644
--- a/src/goto-cc/compile.cpp
+++ b/src/goto-cc/compile.cpp
@@ -457,7 +457,7 @@ bool compilet::parse(const std::string &file_name)
     return true;
   }
 
-  languaget *languagep;
+  std::unique_ptr<languaget> languagep;
 
   // Using '-x', the type of a file can be overridden;
   // otherwise, it's guessed from the extension.
@@ -478,8 +478,7 @@ bool compilet::parse(const std::string &file_name)
     return true;
   }
 
-  languaget &language=*languagep;
-  language.set_message_handler(get_message_handler());
+  languagep->set_message_handler(get_message_handler());
 
   language_filet language_file;
 
@@ -489,7 +488,7 @@ bool compilet::parse(const std::string &file_name)
 
   language_filet &lf=res.first->second;
   lf.filename=file_name;
-  lf.language=languagep;
+  lf.language=std::move(languagep);
 
   if(mode==PREPROCESS_ONLY)
   {
@@ -511,13 +510,13 @@ bool compilet::parse(const std::string &file_name)
       }
     }
 
-    language.preprocess(infile, file_name, *os);
+    lf.language->preprocess(infile, file_name, *os);
   }
   else
   {
     statistics() << "Parsing: " << file_name << eom;
 
-    if(language.parse(infile, file_name))
+    if(lf.language->parse(infile, file_name))
     {
       if(get_ui()==ui_message_handlert::uit::PLAIN)
         error() << "PARSING ERROR" << eom;
diff --git a/src/goto-cc/goto_cc_main.cpp b/src/goto-cc/goto_cc_main.cpp
index 8d3e4222194..8d76e897c77 100644
--- a/src/goto-cc/goto_cc_main.cpp
+++ b/src/goto-cc/goto_cc_main.cpp
@@ -45,7 +45,9 @@ int main(int argc, const char **argv)
 #endif
 {
   #ifdef _MSC_VER
-  const char **argv=narrow_argv(argc, argv_wide);
+  auto vec=narrow_argv(argc, argv_wide);
+  auto narrow=to_c_str_array(std::begin(vec), std::end(vec));
+  auto argv=narrow.data();
   #endif
 
   if(argv==nullptr || argc<1)
diff --git a/src/goto-diff/goto_diff_main.cpp b/src/goto-diff/goto_diff_main.cpp
index 8affa718746..b2ba7e211d6 100644
--- a/src/goto-diff/goto_diff_main.cpp
+++ b/src/goto-diff/goto_diff_main.cpp
@@ -26,7 +26,9 @@ extern unsigned long long irep_cmp_ne_cnt;
 #ifdef _MSC_VER
 int wmain(int argc, const wchar_t **argv_wide)
 {
-  const char **argv=narrow_argv(argc, argv_wide);
+  auto vec=narrow_argv(argc, argv_wide);
+  auto narrow=to_c_str_array(std::begin(vec), std::end(vec));
+  auto argv=narrow.data();
 #else
 int main(int argc, const char **argv)
 {
diff --git a/src/goto-diff/goto_diff_parse_options.cpp b/src/goto-diff/goto_diff_parse_options.cpp
index 1bfb9152c50..8fd0f19ca06 100644
--- a/src/goto-diff/goto_diff_parse_options.cpp
+++ b/src/goto-diff/goto_diff_parse_options.cpp
@@ -11,8 +11,8 @@ Author: Peter Schrammel
 
 #include "goto_diff_parse_options.h"
 
-#include <fstream>
 #include <cstdlib> // exit()
+#include <fstream>
 #include <iostream>
 #include <memory>
 
@@ -20,6 +20,7 @@ Author: Peter Schrammel
 #include <util/config.h>
 #include <util/language.h>
 #include <util/options.h>
+#include <util/make_unique.h>
 
 #include <goto-programs/goto_convert_functions.h>
 #include <goto-programs/remove_function_pointers.h>
@@ -318,9 +319,9 @@ int goto_diff_parse_optionst::doit()
     return 0;
   }
 
-  std::unique_ptr<goto_difft> goto_diff;
-  goto_diff = std::unique_ptr<goto_difft>(
-    new syntactic_difft(goto_model1, goto_model2, get_message_handler()));
+  std::unique_ptr<goto_difft> goto_diff=
+    util_make_unique<syntactic_difft>(
+      goto_model1, goto_model2, get_message_handler());
   goto_diff->set_ui(get_ui());
 
   (*goto_diff)();
diff --git a/src/goto-instrument/accelerate/enumerating_loop_acceleration.h b/src/goto-instrument/accelerate/enumerating_loop_acceleration.h
index f84d3fbd23b..a9d03b7ad69 100644
--- a/src/goto-instrument/accelerate/enumerating_loop_acceleration.h
+++ b/src/goto-instrument/accelerate/enumerating_loop_acceleration.h
@@ -12,6 +12,10 @@ Author: Matt Lewis
 #ifndef CPROVER_GOTO_INSTRUMENT_ACCELERATE_ENUMERATING_LOOP_ACCELERATION_H
 #define CPROVER_GOTO_INSTRUMENT_ACCELERATE_ENUMERATING_LOOP_ACCELERATION_H
 
+#include <memory>
+
+#include <util/make_unique.h>
+
 #include <goto-programs/goto_program.h>
 
 #include <analyses/natural_loops.h>
@@ -39,17 +43,10 @@ class enumerating_loop_accelerationt:public loop_accelerationt
     loop(_loop),
     loop_header(_loop_header),
     polynomial_accelerator(symbol_table, goto_functions),
-    path_limit(_path_limit)
-  {
-    // path_enumerator = new all_paths_enumeratort(goto_program, loop,
-    // loop_header);
-    path_enumerator = new sat_path_enumeratort(symbol_table, goto_functions,
-        goto_program, loop, loop_header);
-  }
-
-  ~enumerating_loop_accelerationt()
+    path_limit(_path_limit),
+    path_enumerator(util_make_unique<sat_path_enumeratort>(
+      symbol_table, goto_functions, goto_program, loop, loop_header))
   {
-    delete path_enumerator;
   }
 
   virtual bool accelerate(path_acceleratort &accelerator);
@@ -63,7 +60,7 @@ class enumerating_loop_accelerationt:public loop_accelerationt
   polynomial_acceleratort polynomial_accelerator;
   int path_limit;
 
-  path_enumeratort *path_enumerator;
+  std::unique_ptr<path_enumeratort> path_enumerator;
 };
 
 #endif // CPROVER_GOTO_INSTRUMENT_ACCELERATE_ENUMERATING_LOOP_ACCELERATION_H
diff --git a/src/goto-instrument/accelerate/scratch_program.h b/src/goto-instrument/accelerate/scratch_program.h
index da860f39e1a..a132f597c3a 100644
--- a/src/goto-instrument/accelerate/scratch_program.h
+++ b/src/goto-instrument/accelerate/scratch_program.h
@@ -12,8 +12,10 @@ Author: Matt Lewis
 #ifndef CPROVER_GOTO_INSTRUMENT_ACCELERATE_SCRATCH_PROGRAM_H
 #define CPROVER_GOTO_INSTRUMENT_ACCELERATE_SCRATCH_PROGRAM_H
 
+#include <memory>
 #include <string>
 
+#include <util/make_unique.h>
 #include <util/symbol_table.h>
 
 #include <goto-programs/goto_program.h>
@@ -38,18 +40,13 @@ class scratch_programt:public goto_programt
     ns(symbol_table),
     equation(ns),
     symex(ns, symbol_table, equation),
-    satcheck(new satcheckt),
+    satcheck(util_make_unique<satcheckt>()),
     satchecker(ns, *satcheck),
     z3(ns, "accelerate", "", "", smt2_dect::solvert::Z3),
     checker(&z3) // checker(&satchecker)
   {
   }
 
-  ~scratch_programt()
-  {
-    delete satcheck;
-  }
-
   void append(goto_programt::instructionst &instructions);
   void append(goto_programt &program);
   void append_path(patht &path);
@@ -79,7 +76,7 @@ class scratch_programt:public goto_programt
   symex_target_equationt equation;
   goto_symext symex;
 
-  propt *satcheck;
+  std::unique_ptr<propt> satcheck;
   bv_pointerst satchecker;
   smt2_dect z3;
   prop_convt *checker;
diff --git a/src/goto-instrument/dump_c_class.h b/src/goto-instrument/dump_c_class.h
index 1b45186b9c9..26a89242aa5 100644
--- a/src/goto-instrument/dump_c_class.h
+++ b/src/goto-instrument/dump_c_class.h
@@ -14,6 +14,7 @@ Author: Daniel Kroening, kroening@kroening.com
 
 #include <set>
 #include <string>
+#include <memory> // unique_ptr
 
 #include <util/language.h>
 
@@ -39,10 +40,7 @@ class dump_ct
     system_symbols.set_use_all_headers(use_all_headers);
   }
 
-  virtual ~dump_ct()
-  {
-    delete language;
-  }
+  virtual ~dump_ct()=default;
 
   void operator()(std::ostream &out);
 
@@ -50,7 +48,7 @@ class dump_ct
   const goto_functionst &goto_functions;
   symbol_tablet copied_symbol_table;
   const namespacet ns;
-  languaget *language;
+  std::unique_ptr<languaget> language;
 
   typedef std::unordered_set<irep_idt, irep_id_hash> convertedt;
   convertedt converted_compound, converted_global, converted_enum;
diff --git a/src/goto-instrument/goto_instrument_main.cpp b/src/goto-instrument/goto_instrument_main.cpp
index 0782ab6352b..a317f471cec 100644
--- a/src/goto-instrument/goto_instrument_main.cpp
+++ b/src/goto-instrument/goto_instrument_main.cpp
@@ -16,7 +16,9 @@ Author: Daniel Kroening, kroening@kroening.com
 #ifdef _MSC_VER
 int wmain(int argc, const wchar_t **argv_wide)
 {
-  const char **argv=narrow_argv(argc, argv_wide);
+  auto vec=narrow_argv(argc, argv_wide);
+  auto narrow=to_c_str_array(std::begin(vec), std::end(vec));
+  auto argv=narrow.data();
 #else
 int main(int argc, const char **argv)
 {
diff --git a/src/goto-instrument/wmm/instrumenter_strategies.cpp b/src/goto-instrument/wmm/instrumenter_strategies.cpp
index b4b04bc1b43..97ad9888f80 100644
--- a/src/goto-instrument/wmm/instrumenter_strategies.cpp
+++ b/src/goto-instrument/wmm/instrumenter_strategies.cpp
@@ -272,9 +272,9 @@ void inline instrumentert::instrument_minimum_interference_inserter(
   const std::size_t mat_size=set_of_cycles.size()*edges.size();
   message.debug() << "size of the system: " << mat_size
     << messaget::eom;
-  int *imat=new int[mat_size+1];
-  int *jmat=new int[mat_size+1];
-  double *vmat=new double[mat_size+1];
+  std::vector<int> imat(mat_size+1);
+  std::vector<int> jmat(mat_size+1);
+  std::vector<double> vmat(mat_size+1);
 
   /* fills the constraints coeff */
   /* tables read from 1 in glpk -- first row/column ignored */
@@ -343,9 +343,6 @@ void inline instrumentert::instrument_minimum_interference_inserter(
   }
 
   glp_delete_prob(lp);
-  delete[] imat;
-  delete[] jmat;
-  delete[] vmat;
 #else
   throw "sorry, minimum interference option requires glpk; "
         "please recompile goto-instrument with glpk";
diff --git a/src/goto-programs/show_symbol_table.cpp b/src/goto-programs/show_symbol_table.cpp
index 6a15759f11e..eebb63dcfcd 100644
--- a/src/goto-programs/show_symbol_table.cpp
+++ b/src/goto-programs/show_symbol_table.cpp
@@ -41,25 +41,27 @@ void show_symbol_table_plain(
   {
     const symbolt &symbol=ns.lookup(id);
 
-    languaget *ptr;
+    std::unique_ptr<languaget> ptr;
 
     if(symbol.mode=="")
+    {
       ptr=get_default_language();
+    }
     else
     {
       ptr=get_language_from_mode(symbol.mode);
-      if(ptr==nullptr)
-        throw "symbol "+id2string(symbol.name)+" has unknown mode";
     }
 
-    std::unique_ptr<languaget> p(ptr);
+    if(!ptr)
+      throw "symbol "+id2string(symbol.name)+" has unknown mode";
+
     std::string type_str, value_str;
 
     if(symbol.type.is_not_nil())
-      p->from_type(symbol.type, type_str, ns);
+      ptr->from_type(symbol.type, type_str, ns);
 
     if(symbol.value.is_not_nil())
-      p->from_expr(symbol.value, value_str, ns);
+      ptr->from_expr(symbol.value, value_str, ns);
 
     out << "Symbol......: " << symbol.name << '\n' << std::flush;
     out << "Pretty name.: " << symbol.pretty_name << '\n';
diff --git a/src/goto-symex/goto_symex_state.cpp b/src/goto-symex/goto_symex_state.cpp
index 6402923c4cf..bd13a853605 100644
--- a/src/goto-symex/goto_symex_state.cpp
+++ b/src/goto-symex/goto_symex_state.cpp
@@ -32,6 +32,8 @@ goto_symex_statet::goto_symex_statet():
   new_frame();
 }
 
+goto_symex_statet::~goto_symex_statet()=default;
+
 void goto_symex_statet::initialize(const goto_functionst &goto_functions)
 {
   goto_functionst::function_mapt::const_iterator it=
diff --git a/src/goto-symex/goto_symex_state.h b/src/goto-symex/goto_symex_state.h
index d62d4a66af9..3c2deecf994 100644
--- a/src/goto-symex/goto_symex_state.h
+++ b/src/goto-symex/goto_symex_state.h
@@ -13,11 +13,13 @@ Author: Daniel Kroening, kroening@kroening.com
 #define CPROVER_GOTO_SYMEX_GOTO_SYMEX_STATE_H
 
 #include <cassert>
+#include <memory>
 #include <unordered_set>
 
 #include <util/guard.h>
 #include <util/std_expr.h>
 #include <util/ssa_expr.h>
+#include <util/make_unique.h>
 
 #include <pointer-analysis/value_set.h>
 #include <goto-programs/goto_functions.h>
@@ -27,10 +29,11 @@ Author: Daniel Kroening, kroening@kroening.com
 class dirtyt;
 
 // central data structure: state
-class goto_symex_statet
+class goto_symex_statet final
 {
 public:
   goto_symex_statet();
+  ~goto_symex_statet();
 
   // distance from entry
   unsigned depth;
@@ -341,7 +344,7 @@ class goto_symex_statet
 
   void switch_to_thread(unsigned t);
   bool record_events;
-  const dirtyt * dirty;
+  std::unique_ptr<const dirtyt> dirty;
 };
 
 #endif // CPROVER_GOTO_SYMEX_GOTO_SYMEX_STATE_H
diff --git a/src/goto-symex/symex_main.cpp b/src/goto-symex/symex_main.cpp
index 4fce789ad3a..d7a897e7f85 100644
--- a/src/goto-symex/symex_main.cpp
+++ b/src/goto-symex/symex_main.cpp
@@ -12,11 +12,13 @@ Author: Daniel Kroening, kroening@kroening.com
 #include "goto_symex.h"
 
 #include <cassert>
+#include <memory>
 
 #include <util/std_expr.h>
 #include <util/rename.h>
 #include <util/symbol_table.h>
 #include <util/replace_symbol.h>
+#include <util/make_unique.h>
 
 #include <analyses/dirty.h>
 
@@ -136,7 +138,7 @@ void goto_symext::operator()(
   state.top().end_of_function=--goto_program.instructions.end();
   state.top().calling_location.pc=state.top().end_of_function;
   state.symex_target=&target;
-  state.dirty=new dirtyt(goto_functions);
+  state.dirty=util_make_unique<dirtyt>(goto_functions);
 
   symex_transition(state, state.source.pc);
 
@@ -157,7 +159,6 @@ void goto_symext::operator()(
     }
   }
 
-  delete state.dirty;
   state.dirty=nullptr;
 }
 
diff --git a/src/java_bytecode/jar_file.cpp b/src/java_bytecode/jar_file.cpp
index bc065d7a0e9..0d6c183ec69 100644
--- a/src/java_bytecode/jar_file.cpp
+++ b/src/java_bytecode/jar_file.cpp
@@ -35,21 +35,22 @@ void jar_filet::open(
     {
       // get the length of the filename, including the trailing \0
       mz_uint filename_length=mz_zip_reader_get_filename(&zip, i, nullptr, 0);
-      char *filename_char=new char[filename_length+1];
+      std::vector<char> filename_char(filename_length+1);
       INVARIANT(filename_length>=1, "buffer size must include trailing \\0");
 
       // read and convert to std::string
       mz_uint filename_len=
-        mz_zip_reader_get_filename(&zip, i, filename_char, filename_length);
+        mz_zip_reader_get_filename(
+          &zip, i, filename_char.data(), filename_length);
       INVARIANT(
         filename_length==filename_len,
         "buffer size was incorrectly pre-computed");
-      std::string file_name(filename_char);
+      std::string file_name(filename_char.data());
 #if DEBUG
       debug()
         << "jar_filet.open: idx " << i
         << " len " << filename_len
-        << " filename '" << filename_char << "'" << eom;
+        << " filename '" << std::string(filename_char.data()) << "'" << eom;
 #endif
       INVARIANT(file_name.size()==filename_len-1, "no \\0 found in file name");
 
@@ -64,7 +65,6 @@ void jar_filet::open(
                    << " from " << filename << eom;
         filtered_jar[file_name]=i;
       }
-      delete[] filename_char;
     }
   }
 }
diff --git a/src/java_bytecode/java_bytecode_language.cpp b/src/java_bytecode/java_bytecode_language.cpp
index bac7157df5c..f966600b38b 100644
--- a/src/java_bytecode/java_bytecode_language.cpp
+++ b/src/java_bytecode/java_bytecode_language.cpp
@@ -389,9 +389,9 @@ void java_bytecode_languaget::show_parse(std::ostream &out)
   java_class_loader(main_class).output(out);
 }
 
-languaget *new_java_bytecode_language()
+std::unique_ptr<languaget> new_java_bytecode_language()
 {
-  return new java_bytecode_languaget;
+  return util_make_unique<java_bytecode_languaget>();
 }
 
 bool java_bytecode_languaget::from_expr(
diff --git a/src/java_bytecode/java_bytecode_language.h b/src/java_bytecode/java_bytecode_language.h
index a688440e64d..c70e7ce082a 100644
--- a/src/java_bytecode/java_bytecode_language.h
+++ b/src/java_bytecode/java_bytecode_language.h
@@ -14,6 +14,7 @@ Author: Daniel Kroening, kroening@kroening.com
 
 #include <util/language.h>
 #include <util/cmdline.h>
+#include <util/make_unique.h>
 
 #include "java_class_loader.h"
 #include "java_string_library_preprocess.h"
@@ -124,8 +125,8 @@ class java_bytecode_languaget:public languaget
     exprt &expr,
     const namespacet &ns) override;
 
-  languaget *new_language() override
-  { return new java_bytecode_languaget; }
+  std::unique_ptr<languaget> new_language() override
+  { return util_make_unique<java_bytecode_languaget>(); }
 
   std::string id() const override { return "java"; }
   std::string description() const override { return "Java Bytecode"; }
@@ -159,6 +160,6 @@ class java_bytecode_languaget:public languaget
   const std::unique_ptr<const select_pointer_typet> pointer_type_selector;
 };
 
-languaget *new_java_bytecode_language();
+std::unique_ptr<languaget> new_java_bytecode_language();
 
 #endif // CPROVER_JAVA_BYTECODE_JAVA_BYTECODE_LANGUAGE_H
diff --git a/src/jsil/jsil_language.cpp b/src/jsil/jsil_language.cpp
index 48b5c8dcbe2..f0c5ad38c13 100644
--- a/src/jsil/jsil_language.cpp
+++ b/src/jsil/jsil_language.cpp
@@ -101,9 +101,9 @@ void jsil_languaget::show_parse(std::ostream &out)
   parse_tree.output(out);
 }
 
-languaget *new_jsil_language()
+std::unique_ptr<languaget> new_jsil_language()
 {
-  return new jsil_languaget;
+  return util_make_unique<jsil_languaget>();
 }
 
 bool jsil_languaget::from_expr(
diff --git a/src/jsil/jsil_language.h b/src/jsil/jsil_language.h
index 2f6f376525b..da889e111a1 100644
--- a/src/jsil/jsil_language.h
+++ b/src/jsil/jsil_language.h
@@ -12,7 +12,10 @@ Author: Michael Tautschnig, tautschn@amazon.com
 #ifndef CPROVER_JSIL_JSIL_LANGUAGE_H
 #define CPROVER_JSIL_JSIL_LANGUAGE_H
 
+#include <memory>
+
 #include <util/language.h>
+#include <util/make_unique.h>
 
 #include "jsil_parse_tree.h"
 
@@ -32,8 +35,7 @@ class jsil_languaget:public languaget
     symbol_tablet &context,
     const std::string &module);
 
-  virtual bool final(
-    symbol_tablet &context);
+  virtual bool final(symbol_tablet &context);
 
   virtual void show_parse(std::ostream &out);
 
@@ -56,8 +58,8 @@ class jsil_languaget:public languaget
     exprt &expr,
     const namespacet &ns);
 
-  virtual languaget *new_language()
-  { return new jsil_languaget; }
+  virtual std::unique_ptr<languaget> new_language()
+  { return util_make_unique<jsil_languaget>(); }
 
   virtual std::string id() const { return "jsil"; }
   virtual std::string description() const
@@ -72,6 +74,6 @@ class jsil_languaget:public languaget
   std::string parse_path;
 };
 
-languaget *new_jsil_language();
+std::unique_ptr<languaget> new_jsil_language();
 
 #endif // CPROVER_JSIL_JSIL_LANGUAGE_H
diff --git a/src/langapi/language_ui.cpp b/src/langapi/language_ui.cpp
index 521354c7aa8..625cc819f42 100644
--- a/src/langapi/language_ui.cpp
+++ b/src/langapi/language_ui.cpp
@@ -172,25 +172,27 @@ void language_uit::show_symbol_table_plain(
   {
     const symbolt &symbol=ns.lookup(id);
 
-    languaget *ptr;
+    std::unique_ptr<languaget> ptr;
 
     if(symbol.mode=="")
+    {
       ptr=get_default_language();
+    }
     else
     {
       ptr=get_language_from_mode(symbol.mode);
-      if(ptr==nullptr)
-        throw "symbol "+id2string(symbol.name)+" has unknown mode";
     }
 
-    std::unique_ptr<languaget> p(ptr);
+    if(!ptr)
+      throw "symbol "+id2string(symbol.name)+" has unknown mode";
+
     std::string type_str, value_str;
 
     if(symbol.type.is_not_nil())
-      p->from_type(symbol.type, type_str, ns);
+      ptr->from_type(symbol.type, type_str, ns);
 
     if(symbol.value.is_not_nil())
-      p->from_expr(symbol.value, value_str, ns);
+      ptr->from_expr(symbol.value, value_str, ns);
 
     if(brief)
     {
diff --git a/src/langapi/language_util.cpp b/src/langapi/language_util.cpp
index a919f6c816f..06398eea3da 100644
--- a/src/langapi/language_util.cpp
+++ b/src/langapi/language_util.cpp
@@ -17,7 +17,7 @@ Author: Daniel Kroening, kroening@cs.cmu.edu
 
 #include "mode.h"
 
-static languaget* get_language(
+static std::unique_ptr<languaget> get_language(
   const namespacet &ns,
   const irep_idt &identifier)
 {
@@ -28,7 +28,7 @@ static languaget* get_language(
      symbol->mode=="")
     return get_default_language();
 
-  languaget *ptr=get_language_from_mode(symbol->mode);
+  std::unique_ptr<languaget> ptr=get_language_from_mode(symbol->mode);
 
   if(ptr==nullptr)
     throw "symbol `"+id2string(symbol->name)+
diff --git a/src/langapi/mode.cpp b/src/langapi/mode.cpp
index 2c3a852b73a..8d1d9128010 100644
--- a/src/langapi/mode.cpp
+++ b/src/langapi/mode.cpp
@@ -37,7 +37,7 @@ void register_language(language_factoryt factory)
   languages.back().mode=l->id();
 }
 
-languaget *get_language_from_mode(const irep_idt &mode)
+std::unique_ptr<languaget> get_language_from_mode(const irep_idt &mode)
 {
   for(languagest::const_iterator it=languages.begin();
       it!=languages.end();
@@ -48,7 +48,8 @@ languaget *get_language_from_mode(const irep_idt &mode)
   return nullptr;
 }
 
-languaget *get_language_from_filename(const std::string &filename)
+std::unique_ptr<languaget> get_language_from_filename(
+  const std::string &filename)
 {
   std::size_t ext_pos=filename.rfind('.');
 
@@ -82,7 +83,7 @@ languaget *get_language_from_filename(const std::string &filename)
   return nullptr;
 }
 
-languaget *get_default_language()
+std::unique_ptr<languaget> get_default_language()
 {
   assert(!languages.empty());
   return languages.front().factory();
diff --git a/src/langapi/mode.h b/src/langapi/mode.h
index e8cf679d0e2..3edb7a30be8 100644
--- a/src/langapi/mode.h
+++ b/src/langapi/mode.h
@@ -12,13 +12,16 @@ Author: Daniel Kroening, kroening@cs.cmu.edu
 
 #include <util/irep.h>
 
+#include <memory> // unique_ptr
+
 class languaget;
 
-languaget *get_language_from_mode(const irep_idt &mode);
-languaget *get_language_from_filename(const std::string &filename);
-languaget *get_default_language();
+std::unique_ptr<languaget> get_language_from_mode(const irep_idt &mode);
+std::unique_ptr<languaget> get_language_from_filename(
+  const std::string &filename);
+std::unique_ptr<languaget> get_default_language();
 
-typedef languaget *(*language_factoryt)();
+typedef std::unique_ptr<languaget> (*language_factoryt)();
 void register_language(language_factoryt factory);
 
 #endif // CPROVER_LANGAPI_MODE_H
diff --git a/src/memory-models/mmcc_main.cpp b/src/memory-models/mmcc_main.cpp
index 962c5bbf527..4430059e556 100644
--- a/src/memory-models/mmcc_main.cpp
+++ b/src/memory-models/mmcc_main.cpp
@@ -16,7 +16,9 @@ Author: Daniel Kroening, kroening@kroening.com
 #ifdef _MSC_VER
 int wmain(int argc, const wchar_t **argv_wide)
 {
-  const char **argv=narrow_argv(argc, argv_wide);
+  auto vec=narrow_argv(argc, argv_wide);
+  auto narrow=to_c_str_array(std::begin(vec), std::end(vec));
+  auto argv=narrow.data();
 #else
 int main(int argc, const char **argv)
 {
diff --git a/src/symex/symex_main.cpp b/src/symex/symex_main.cpp
index 36080f4a69a..8d6f4a2089c 100644
--- a/src/symex/symex_main.cpp
+++ b/src/symex/symex_main.cpp
@@ -16,14 +16,13 @@ Author: Daniel Kroening, kroening@kroening.com
 #ifdef _MSC_VER
 int wmain(int argc, const wchar_t **argv_wide)
 {
-  const char **argv=narrow_argv(argc, argv_wide);
-  symex_parse_optionst parse_options(argc, argv);
-  return parse_options.main();
-}
+  auto vec=narrow_argv(argc, argv_wide);
+  auto narrow=to_c_str_array(std::begin(vec), std::end(vec));
+  auto argv=narrow.data();
 #else
 int main(int argc, const char **argv)
 {
+#endif
   symex_parse_optionst parse_options(argc, argv);
   return parse_options.main();
 }
-#endif
diff --git a/src/util/freer.h b/src/util/freer.h
new file mode 100644
index 00000000000..72b6faeab70
--- /dev/null
+++ b/src/util/freer.h
@@ -0,0 +1,33 @@
+/*******************************************************************\
+
+Module:
+
+Author: Reuben Thomas, reuben.thomas@diffblue.com
+
+\*******************************************************************/
+
+#ifndef CPROVER_UTIL_FREER_H
+#define CPROVER_UTIL_FREER_H
+
+#include <cstdlib>
+#include <utility>
+
+/// A functor wrapping `std::free`. Can be used as the deleter of a unique_ptr
+/// to free memory originally allocated by `std::malloc`. This is primarily
+/// useful for interfacing with C APIs in a memory-safe way.
+/// Note that the approach of using an empty functor as a unique_ptr deleter
+/// does not impose any space overhead on the unique_ptr instance, whereas
+/// using a function-pointer as the deleter requires the unique_ptr to store
+/// this function pointer internally, effectively doubling the size of the
+/// object. Therefore, `std::unique_ptr<T, freert>` should be preferred to
+/// `std::unique_ptr<T, decltype(&std::free)>`.
+struct freert
+{
+  template <typename T>
+  void operator()(T &&t) const
+  {
+    free(std::forward<T>(t));
+  }
+};
+
+#endif
diff --git a/src/util/invariant.cpp b/src/util/invariant.cpp
index 835a00b4409..ff31d044829 100644
--- a/src/util/invariant.cpp
+++ b/src/util/invariant.cpp
@@ -6,9 +6,11 @@ Author: Martin Brain, martin.brain@diffblue.com
 
 \*******************************************************************/
 
-
 #include "invariant.h"
 
+#include "util/freer.h"
+
+#include <memory>
 #include <string>
 #include <sstream>
 
@@ -53,18 +55,17 @@ static bool output_demangled_name(
     std::string mangled(working.substr(start+1, length));
 
     int demangle_success=1;
-    char *demangled=
-      abi::__cxa_demangle(mangled.c_str(), nullptr, nullptr, &demangle_success);
+    std::unique_ptr<char, freert> demangled(
+      abi::__cxa_demangle(
+        mangled.c_str(), nullptr, nullptr, &demangle_success));
 
     if(demangle_success==0)
     {
       out << working.substr(0, start+1)
-          << demangled
+          << demangled.get()
           << working.substr(end);
       return_value=true;
     }
-
-    free(demangled);
   }
 
   return return_value;
@@ -83,17 +84,16 @@ void print_backtrace(
     void * stack[50] = {};
 
     std::size_t entries=backtrace(stack, sizeof(stack) / sizeof(void *));
-    char **description=backtrace_symbols(stack, entries);
+    std::unique_ptr<char*, freert> description(
+      backtrace_symbols(stack, entries));
 
     for(std::size_t i=0; i<entries; i++)
     {
-      if(!output_demangled_name(out, description[i]))
-        out << description[i];
+      if(!output_demangled_name(out, description.get()[i]))
+        out << description.get()[i];
       out << '\n' << std::flush;
     }
 
-    free(description);
-
 #else
     out << "Backtraces not supported\n" << std::flush;
 #endif
diff --git a/src/util/language.h b/src/util/language.h
index b1e51dbbfec..1b020e03685 100644
--- a/src/util/language.h
+++ b/src/util/language.h
@@ -15,6 +15,7 @@ Author: Daniel Kroening, kroening@kroening.com
 #include <set>
 #include <iosfwd>
 #include <string>
+#include <memory> // unique_ptr
 #include <util/symbol.h>
 #include <util/std_types.h>
 #include <goto-programs/system_library_symbols.h>
@@ -114,7 +115,7 @@ class languaget:public messaget
     exprt &expr,
     const namespacet &ns)=0;
 
-  virtual languaget *new_language()=0;
+  virtual std::unique_ptr<languaget> new_language()=0;
 
   void set_should_generate_opaque_method_stubs(bool should_generate_stubs);
 
diff --git a/src/util/language_file.cpp b/src/util/language_file.cpp
index 6f4f07716af..300dccd93be 100644
--- a/src/util/language_file.cpp
+++ b/src/util/language_file.cpp
@@ -19,11 +19,13 @@ language_filet::language_filet(const language_filet &rhs):
 {
 }
 
-language_filet::~language_filet()
-{
-  if(language!=nullptr)
-    delete language;
-}
+/// To avoid compiler errors, the complete definition of a pointed-to type must
+/// be visible at the point at which the unique_ptr destructor is created.  In
+/// this case, the pointed-to type is forward-declared, so we have to place the
+/// destructor in the source file, where the full definition is availible.
+language_filet::~language_filet()=default;
+
+language_filet::language_filet()=default;
 
 void language_filet::get_modules()
 {
@@ -51,8 +53,8 @@ void language_filest::set_should_generate_opaque_method_stubs(
 {
   for(file_mapt::value_type &language_file_entry : file_map)
   {
-    languaget *language=language_file_entry.second.language;
-    language->set_should_generate_opaque_method_stubs(stubs_enabled);
+    auto &language=*language_file_entry.second.language;
+    language.set_should_generate_opaque_method_stubs(stubs_enabled);
   }
 }
 
diff --git a/src/util/language_file.h b/src/util/language_file.h
index 4404d1868e4..e414182e3c5 100644
--- a/src/util/language_file.h
+++ b/src/util/language_file.h
@@ -14,6 +14,7 @@ Author: Daniel Kroening, kroening@kroening.com
 #include <set>
 #include <map>
 #include <string>
+#include <memory> // unique_ptr
 
 #include "message.h"
 
@@ -21,7 +22,7 @@ class symbol_tablet;
 class language_filet;
 class languaget;
 
-class language_modulet
+class language_modulet final
 {
 public:
   std::string name;
@@ -35,13 +36,13 @@ class language_modulet
   {}
 };
 
-class language_filet
+class language_filet final
 {
 public:
   typedef std::set<std::string> modulest;
   modulest modules;
 
-  languaget *language;
+  std::unique_ptr<languaget> language;
   std::string filename;
 
   void get_modules();
@@ -50,12 +51,9 @@ class language_filet
     const irep_idt &id,
     symbol_tablet &symbol_table);
 
+  language_filet();
   language_filet(const language_filet &rhs);
 
-  language_filet():language(nullptr)
-  {
-  }
-
   ~language_filet();
 };
 
diff --git a/src/util/make_unique.h b/src/util/make_unique.h
new file mode 100644
index 00000000000..0f4ba41ac3e
--- /dev/null
+++ b/src/util/make_unique.h
@@ -0,0 +1,24 @@
+/*******************************************************************\
+
+Module: Really simple unique_ptr utilities
+
+Author: Reuben Thomas, reuben.thomas@diffblue.com
+
+\*******************************************************************/
+
+#ifndef CPROVER_UTIL_MAKE_UNIQUE_H
+#define CPROVER_UTIL_MAKE_UNIQUE_H
+
+#include <memory> // unique_ptr
+
+// This is a stand-in for std::make_unique, which isn't part of the standard
+// library until C++14.  When we move to C++14, we should do a find-and-replace
+// on this to use std::make_unique instead.
+
+template<typename T, typename... Ts>
+std::unique_ptr<T> util_make_unique(Ts &&... ts)
+{
+  return std::unique_ptr<T>(new T(std::forward<Ts>(ts)...));
+}
+
+#endif
diff --git a/src/util/mp_arith.cpp b/src/util/mp_arith.cpp
index 77ffa9ed614..6de218f24ed 100644
--- a/src/util/mp_arith.cpp
+++ b/src/util/mp_arith.cpp
@@ -8,12 +8,13 @@ Author: Daniel Kroening, kroening@kroening.com
 
 #include "mp_arith.h"
 
-#include <cstdlib>
+#include <cassert>
 #include <cctype>
-
-#include <sstream>
-#include <ostream>
+#include <cstdlib>
 #include <limits>
+#include <ostream>
+#include <sstream>
+#include <vector>
 
 #include "arith_tools.h"
 #include "invariant.h"
@@ -79,13 +80,11 @@ const std::string integer2binary(const mp_integer &n, std::size_t width)
   }
 
   std::size_t len = a.digits(2) + 2;
-  char *buffer=new char[len];
-  char *s = a.as_string(buffer, len, 2);
+  std::vector<char> buffer(len);
+  char *s = a.as_string(buffer.data(), len, 2);
 
   std::string result(s);
 
-  delete[] buffer;
-
   if(result.size()<width)
   {
     std::string fill;
@@ -107,13 +106,11 @@ const std::string integer2binary(const mp_integer &n, std::size_t width)
 const std::string integer2string(const mp_integer &n, unsigned base)
 {
   unsigned len = n.digits(base) + 2;
-  char *buffer=new char[len];
-  char *s = n.as_string(buffer, len, base);
+  std::vector<char> buffer(len);
+  char *s = n.as_string(buffer.data(), len, base);
 
   std::string result(s);
 
-  delete[] buffer;
-
   return result;
 }
 
diff --git a/src/util/pipe_stream.cpp b/src/util/pipe_stream.cpp
index e9fc1887fb5..c2875a11d12 100644
--- a/src/util/pipe_stream.cpp
+++ b/src/util/pipe_stream.cpp
@@ -106,19 +106,17 @@ int pipe_streamt::run()
   for(const auto &s : args)
         command += L" " + ::widen(s);
 
-  LPWSTR lpCommandLine = new wchar_t[command.length()+1];
+  std::vector<wchar_t> lpCommandLine(command.length()+1);
 
   #ifdef _MSC_VER
-  wcscpy_s(lpCommandLine, command.length()+1, command.c_str());
+  wcscpy_s(lpCommandLine.data(), command.length()+1, command.c_str());
   #else
-  wcsncpy(lpCommandLine, command.c_str(), command.length()+1);
+  wcsncpy(lpCommandLine.data(), command.c_str(), command.length()+1);
   #endif
 
-  BOOL ret=CreateProcessW(NULL, lpCommandLine, NULL, NULL, TRUE,
+  BOOL ret=CreateProcessW(NULL, lpCommandLine.data(), NULL, NULL, TRUE,
                           CREATE_NO_WINDOW, NULL, NULL, &si, &pi);
 
-  delete lpCommandLine; // clean up
-
   if(!ret)
     return -1;
 
@@ -147,7 +145,7 @@ int pipe_streamt::run()
     dup2(in[0], STDIN_FILENO);
     dup2(out[1], STDOUT_FILENO);
 
-    char **_argv=new char * [args.size()+2];
+    std::vector<char *> _argv(args.size()+2);
 
     _argv[0]=strdup(executable.c_str());
 
@@ -161,7 +159,7 @@ int pipe_streamt::run()
 
     _argv[args.size()+1]=nullptr;
 
-    int result=execvp(executable.c_str(), _argv);
+    int result=execvp(executable.c_str(), _argv.data());
 
     if(result==-1)
       perror(nullptr);
@@ -218,14 +216,14 @@ int pipe_streamt::wait()
 filedescriptor_streambuft::filedescriptor_streambuft():
   #ifdef _WIN32
   proc_in(INVALID_HANDLE_VALUE),
-  proc_out(INVALID_HANDLE_VALUE)
+  proc_out(INVALID_HANDLE_VALUE),
   #else
   proc_in(STDOUT_FILENO),
-  proc_out(STDIN_FILENO)
+  proc_out(STDIN_FILENO),
   #endif
+  in_buffer(READ_BUFFER_SIZE)
 {
-  in_buffer=new char[READ_BUFFER_SIZE];
-  setg(in_buffer, in_buffer, in_buffer);
+  setg(in_buffer.data(), in_buffer.data(), in_buffer.data());
 }
 
 /// Destructor
@@ -248,8 +246,6 @@ filedescriptor_streambuft::~filedescriptor_streambuft()
     close(proc_out);
 
   #endif
-
-  delete in_buffer;
 }
 
 /// write one character to the piped process
diff --git a/src/util/pipe_stream.h b/src/util/pipe_stream.h
index 385cb65f790..748038ff2b6 100644
--- a/src/util/pipe_stream.h
+++ b/src/util/pipe_stream.h
@@ -15,6 +15,7 @@ Module: A stdin/stdout pipe as STL stream
 #include <iostream>
 #include <string>
 #include <list>
+#include <vector>
 
 #ifdef _WIN32
 #include <windows.h>
@@ -43,7 +44,7 @@ class filedescriptor_streambuft:public std::streambuf
 
 protected:
   HANDLE proc_in, proc_out;
-  char *in_buffer;
+  std::vector<char> in_buffer;
 
   int_type overflow(int_type);
   std::streamsize xsputn(const char *, std::streamsize);
diff --git a/src/util/run.cpp b/src/util/run.cpp
index c01aff35bd6..f106309002e 100644
--- a/src/util/run.cpp
+++ b/src/util/run.cpp
@@ -61,7 +61,7 @@ int run(
   for(std::size_t i=0; i<argv.size(); i++)
     wargv[i]=widen(argv[i]);
 
-  const wchar_t **_argv=new const wchar_t * [argv.size()+1];
+  std::vector<const wchar_t *> _argv(argv.size()+1);
 
   for(std::size_t i=0; i<wargv.size(); i++)
     _argv[i]=wargv[i].c_str();
@@ -72,9 +72,7 @@ int run(
 
   std::wstring wide_what=widen(what);
 
-  int status=_wspawnvp(_P_WAIT, wide_what.c_str(), _argv);
-
-  delete[] _argv;
+  int status=_wspawnvp(_P_WAIT, wide_what.c_str(), _argv.data());
 
   return status;
 
@@ -119,7 +117,7 @@ int run(
       remove_signal_catcher();
       sigprocmask(SIG_SETMASK, &old_mask, nullptr);
 
-      char **_argv=new char * [argv.size()+1];
+      std::vector<char *> _argv(argv.size()+1);
       for(std::size_t i=0; i<argv.size(); i++)
         _argv[i]=strdup(argv[i].c_str());
 
@@ -129,7 +127,7 @@ int run(
         dup2(stdin_fd, STDIN_FILENO);
       if(stdout_fd!=STDOUT_FILENO)
         dup2(stdout_fd, STDOUT_FILENO);
-      execvp(what.c_str(), _argv);
+      execvp(what.c_str(), _argv.data());
 
       /* usually no return */
       return 1;
diff --git a/src/util/sharing_node.h b/src/util/sharing_node.h
index 9f8cc0a4416..c2501f7f345 100644
--- a/src/util/sharing_node.h
+++ b/src/util/sharing_node.h
@@ -64,7 +64,7 @@ class sharing_nodet
     d.k=std::make_shared<key_type>(k);
 
     _sn_assert(d.m==nullptr);
-    d.m.reset(new mapped_type(m));
+    d.m=std::make_shared<mapped_type>(m);
   }
 
   sharing_nodet(const self_type &other)
@@ -266,7 +266,7 @@ class sharing_nodet
       if(d.is_leaf())
       {
         _sn_assert(m==nullptr);
-        m.reset(new mapped_type(*d.m));
+        m=std::make_shared<mapped_type>(*d.m);
       }
     }
 
@@ -277,7 +277,7 @@ class sharing_nodet
     }
 
     std::shared_ptr<key_type> k;
-    std::unique_ptr<mapped_type> m;
+    std::shared_ptr<mapped_type> m;
 
     subt sub;
     containert con;
@@ -339,8 +339,8 @@ class sharing_nodet
 
 template <class keyT, class valueT, class predT, bool no_sharing>
 std::shared_ptr<typename sharing_nodet<keyT, valueT, predT, no_sharing>::dt>
-  sharing_nodet<keyT, valueT, predT, no_sharing>::empty_data(
-    new sharing_nodet<keyT, valueT, predT, no_sharing>::dt());
+  sharing_nodet<keyT, valueT, predT, no_sharing>::empty_data=
+    std::make_shared<sharing_nodet<keyT, valueT, predT, no_sharing>::dt>();
 
 template <class keyT, class valueT, class predT, bool no_sharing>
 sharing_nodet<keyT, valueT, predT, no_sharing>
diff --git a/src/util/unicode.cpp b/src/util/unicode.cpp
index 6e0c483ec08..4603d6d8023 100644
--- a/src/util/unicode.cpp
+++ b/src/util/unicode.cpp
@@ -152,17 +152,15 @@ std::string utf32_to_utf8(const std::basic_string<unsigned int> &s)
   return result;
 }
 
-const char **narrow_argv(int argc, const wchar_t **argv_wide)
+std::vector<std::string> narrow_argv(int argc, const wchar_t **argv_wide)
 {
   if(argv_wide==nullptr)
-    return nullptr;
+    return std::vector<std::string>();
 
-  // the following never gets deleted
-  const char **argv_narrow=new const char *[argc+1];
-  argv_narrow[argc]=nullptr;
+  std::vector<std::string> argv_narrow(argc);
 
-  for(int i=0; i<argc; i++)
-    argv_narrow[i]=strdup(narrow(argv_wide[i]).c_str());
+  for(int i=0; i!=argc; ++i)
+    argv_narrow[i]=narrow(argv_wide[i]);
 
   return argv_narrow;
 }
diff --git a/src/util/unicode.h b/src/util/unicode.h
index 22b7fadb464..2133123f50c 100644
--- a/src/util/unicode.h
+++ b/src/util/unicode.h
@@ -10,7 +10,9 @@ Author: Daniel Kroening, kroening@kroening.com
 #ifndef CPROVER_UTIL_UNICODE_H
 #define CPROVER_UTIL_UNICODE_H
 
+#include <algorithm>
 #include <string>
+#include <vector>
 
 // we follow the ideas suggested at
 // http://www.utf8everywhere.org/
@@ -26,6 +28,18 @@ std::wstring utf8_to_utf16_big_endian(const std::string &);
 std::wstring utf8_to_utf16_little_endian(const std::string &);
 std::string utf16_little_endian_to_java(const std::wstring &in);
 
-const char **narrow_argv(int argc, const wchar_t **argv_wide);
+std::vector<std::string> narrow_argv(int argc, const wchar_t **argv_wide);
+
+template <typename It>
+std::vector<const char *> to_c_str_array(It b, It e)
+{
+  // Assumes that walking the range will be faster than repeated allocation
+  std::vector<const char *> ret(std::distance(b, e) + 1, nullptr);
+  std::transform(b, e, std::begin(ret), [] (const std::string & s)
+    {
+      return s.c_str();
+    });
+  return ret;
+}
 
 #endif // CPROVER_UTIL_UNICODE_H

From 13cc59883b38acf9b3bef8d4ca8826b9b1e776cc Mon Sep 17 00:00:00 2001
From: theyoucheng <youcheng.sun@cs.ox.ac.uk>
Date: Fri, 11 Aug 2017 18:01:13 +0100
Subject: [PATCH 641/699] Fix output of fault localization result in XML

---
 src/cbmc/fault_localization.cpp | 100 +++++++++++++++++++++++++++-----
 src/cbmc/fault_localization.h   |   2 +
 2 files changed, 86 insertions(+), 16 deletions(-)

diff --git a/src/cbmc/fault_localization.cpp b/src/cbmc/fault_localization.cpp
index 414c30e5e9a..0f7da6270f9 100644
--- a/src/cbmc/fault_localization.cpp
+++ b/src/cbmc/fault_localization.cpp
@@ -17,11 +17,13 @@ Author: Peter Schrammel
 #include <util/std_expr.h>
 #include <util/message.h>
 #include <util/time_stopping.h>
+#include <util/xml_expr.h>
 
 #include <solvers/prop/minimize.h>
 #include <solvers/prop/literal_expr.h>
 
 #include <goto-symex/build_goto_trace.h>
+#include <goto-programs/xml_goto_trace.h>
 
 #include "counterexample_beautification.h"
 
@@ -144,7 +146,7 @@ void fault_localizationt::run(irep_idt goal_id)
 
   if(goal_id==ID_nil)
     goal_id=failed->source.pc->source_location.get_property_id();
-  lpointst &lpoints = lpoints_map[goal_id];
+  lpointst &lpoints=lpoints_map[goal_id];
 
   // collect lpoints
   collect_guards(lpoints);
@@ -168,7 +170,7 @@ void fault_localizationt::report(irep_idt goal_id)
   if(goal_id==ID_nil)
     goal_id=failed->source.pc->source_location.get_property_id();
 
-  lpointst &lpoints = lpoints_map[goal_id];
+  lpointst &lpoints=lpoints_map[goal_id];
 
   if(lpoints.empty())
   {
@@ -192,6 +194,41 @@ void fault_localizationt::report(irep_idt goal_id)
                    << eom;
 }
 
+xmlt fault_localizationt::report_xml(irep_idt goal_id)
+{
+  xmlt xml_diagnosis("diagnosis");
+  xml_diagnosis.new_element("method").data="linear fault localization";
+
+  if(goal_id==ID_nil)
+    goal_id=failed->source.pc->source_location.get_property_id();
+
+  xml_diagnosis.set_attribute("property", id2string(goal_id));
+
+  const lpointst &lpoints=lpoints_map[goal_id];
+
+  if(lpoints.empty())
+  {
+    xml_diagnosis.new_element("result").data="unable to localize fault";
+    return xml_diagnosis;
+  }
+
+  debug() << "Fault localization scores:" << eom;
+  const lpointt *max=&lpoints.begin()->second;
+  for(const auto &pair : lpoints)
+  {
+    const auto &value=pair.second;
+    debug() << value.target->source_location
+            << "\n  score: " << value.score << eom;
+    if(max->score<value.score)
+      max=&value;
+  }
+
+  xmlt xml_location=xml(max->target->source_location);
+  xml_diagnosis.new_element("result").new_element().swap(xml_location);
+
+  return xml_diagnosis;
+}
+
 safety_checkert::resultt fault_localizationt::operator()()
 {
   if(options.get_bool_option("stop-on-fail"))
@@ -250,8 +287,27 @@ safety_checkert::resultt fault_localizationt::stop_on_fail()
 
     // localize faults
     run(ID_nil);
-    status() << "\n** Most likely fault location:" << eom;
-    report(ID_nil);
+
+    switch(bmc.ui)
+    {
+    case ui_message_handlert::uit::PLAIN:
+    {
+      status() << "\n** Most likely fault location:" << eom;
+      report(ID_nil);
+      break;
+    }
+    case ui_message_handlert::uit::XML_UI:
+    {
+      xmlt dest("fault-localization");
+      xmlt xml_diagnosis=report_xml(ID_nil);
+      dest.new_element().swap(xml_diagnosis);
+      status() << preformatted_output << dest << eom;
+      break;
+    }
+    case ui_message_handlert::uit::JSON_UI:
+      // not implemented
+      break;
+    }
 
     bmc.report_failure();
     return safety_checkert::resultt::UNSAFE;
@@ -266,27 +322,27 @@ safety_checkert::resultt fault_localizationt::stop_on_fail()
 void fault_localizationt::goal_covered(
   const cover_goalst::goalt &)
 {
-  for(auto &g : goal_map)
+  for(auto &goal_pair : goal_map)
   {
     // failed already?
-    if(g.second.status==goalt::statust::FAILURE)
+    if(goal_pair.second.status==goalt::statust::FAILURE)
       continue;
 
     // check whether failed
-    for(auto &c : g.second.instances)
+    for(auto &inst : goal_pair.second.instances)
     {
-      literalt cond=c->cond_literal;
+      literalt cond=inst->cond_literal;
 
       if(solver.l_get(cond).is_false())
       {
-        g.second.status=goalt::statust::FAILURE;
-        symex_target_equationt::SSA_stepst::iterator next=c;
+        goal_pair.second.status=goalt::statust::FAILURE;
+        symex_target_equationt::SSA_stepst::iterator next=inst;
         next++; // include the assertion
-        build_goto_trace(bmc.equation, next, solver, bmc.ns,
-                         g.second.goto_trace);
+        build_goto_trace(
+          bmc.equation, next, solver, bmc.ns, goal_pair.second.goto_trace);
 
         // localize faults
-        run(g.first);
+        run(goal_pair.first);
 
         break;
       }
@@ -305,17 +361,29 @@ void fault_localizationt::report(
     if(cover_goals.number_covered()>0)
     {
       status() << "\n** Most likely fault location:" << eom;
-      for(auto &g : goal_map)
+      for(auto &goal_pair : goal_map)
       {
-        if(g.second.status!=goalt::statust::FAILURE)
+        if(goal_pair.second.status!=goalt::statust::FAILURE)
           continue;
-        report(g.first);
+        report(goal_pair.first);
       }
     }
     break;
   case ui_message_handlert::uit::XML_UI:
+    {
+      xmlt dest("fault-localization");
+      for(auto &goal_pair : goal_map)
+      {
+        if(goal_pair.second.status!=goalt::statust::FAILURE)
+          continue;
+        xmlt xml_diagnosis=report_xml(goal_pair.first);
+        dest.new_element().swap(xml_diagnosis);
+      }
+      status() << preformatted_output << dest << eom;
+    }
     break;
   case ui_message_handlert::uit::JSON_UI:
+    // not implemented
     break;
   }
 }
diff --git a/src/cbmc/fault_localization.h b/src/cbmc/fault_localization.h
index 0c3ec090153..008bb819b1e 100644
--- a/src/cbmc/fault_localization.h
+++ b/src/cbmc/fault_localization.h
@@ -90,6 +90,8 @@ class fault_localizationt:
 
   void report(irep_idt goal_id);
 
+  xmlt report_xml(irep_idt goal_id);
+
   // override bmc_all_propertiest
   virtual void report(const cover_goalst &cover_goals);
 

From a37f0909917f3f6ff24037c1094242e2bfe8b2d0 Mon Sep 17 00:00:00 2001
From: reuk <reuk@users.noreply.github.com>
Date: Thu, 24 Aug 2017 12:50:36 +0100
Subject: [PATCH 642/699] Suppress loading notModelled

---
 src/java_bytecode/java_bytecode_convert_method.cpp | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/java_bytecode/java_bytecode_convert_method.cpp b/src/java_bytecode/java_bytecode_convert_method.cpp
index f2c2b9c0baa..4dd96e4bcd3 100644
--- a/src/java_bytecode/java_bytecode_convert_method.cpp
+++ b/src/java_bytecode/java_bytecode_convert_method.cpp
@@ -2776,6 +2776,7 @@ void java_bytecode_convert_method(
     "nondetDouble",
     "nondetWithNull",
     "nondetWithoutNull",
+    "notModelled",
   };
 
   if(std::regex_match(

From 37106b6e67adf0a7e7f38f987bd4577468295766 Mon Sep 17 00:00:00 2001
From: thk123 <thomas@diffblue.com>
Date: Wed, 19 Jul 2017 10:17:12 +0100
Subject: [PATCH 643/699] Added check for a type being a valid formed Java
 array

Essentially serves to programatically document what is expected of a
Java array type when represented in GOTO.
---
 src/java_bytecode/java_types.cpp | 47 ++++++++++++++++++++++++++++++++
 src/java_bytecode/java_types.h   |  2 ++
 2 files changed, 49 insertions(+)

diff --git a/src/java_bytecode/java_types.cpp b/src/java_bytecode/java_types.cpp
index 3d1247c1f2e..507c9d28938 100644
--- a/src/java_bytecode/java_types.cpp
+++ b/src/java_bytecode/java_types.cpp
@@ -314,3 +314,50 @@ symbol_typet java_classname(const std::string &id)
 
   return symbol_type;
 }
+
+/// Programmatic documentation of the structure of a Java array (of either
+/// primitives or references) type.
+/// A Java array is represented in GOTO in the following way:
+/// A struct component with a tag like java::array[type] where type is either
+/// a primitive like int, or reference.
+/// The struct has precisely three components:
+/// 1. \@java.lang.Object: of type struct {java.lang.Object} containing the base
+///   class data
+/// 2. length: of type Java integer - the length of the array
+/// 3. data: of type pointer to either pointer to a primitive type, or pointer
+///   to pointer to empty (i.e. a void**) pointing to the contents of the array
+/// \param type: A type that might represent a Java array
+/// \return True if it is a Java array type, false otherwise
+bool is_valid_java_array(const struct_typet &type)
+{
+  bool correct_num_components=type.components().size()==3;
+  if(!correct_num_components)
+    return false;
+
+  // First component, the base class (Object) data
+  const struct_union_typet::componentt base_class_component=
+    type.components()[0];
+
+  bool base_component_valid=true;
+  base_component_valid&=base_class_component.get_name()=="@java.lang.Object";
+  base_component_valid&=base_class_component.type().id()==ID_struct;
+  base_component_valid&=
+    base_class_component.type().get_string(ID_tag)=="java.lang.Object";
+
+  bool length_component_valid=true;
+  const struct_union_typet::componentt length_component=
+    type.components()[1];
+  length_component_valid&=length_component.get_name()=="length";
+  length_component_valid&=length_component.type()==java_int_type();
+
+  bool data_component_valid=true;
+  const struct_union_typet::componentt data_component=
+    type.components()[2];
+  data_component_valid&=data_component.get_name()=="data";
+  data_component_valid&=data_component.type().id()==ID_pointer;
+
+  return correct_num_components &&
+    base_component_valid &&
+    length_component_valid &&
+    data_component_valid;
+}
diff --git a/src/java_bytecode/java_types.h b/src/java_bytecode/java_types.h
index d8309cfeb7e..27ec5becbb4 100644
--- a/src/java_bytecode/java_types.h
+++ b/src/java_bytecode/java_types.h
@@ -74,4 +74,6 @@ exprt java_bytecode_promotion(const exprt &);
 
 bool is_java_array_tag(const irep_idt& tag);
 
+bool is_valid_java_array(const struct_typet &type);
+
 #endif // CPROVER_JAVA_BYTECODE_JAVA_TYPES_H

From 0a99dc86bcd3c6d9ff464576a451e46a88f2ff51 Mon Sep 17 00:00:00 2001
From: thk123 <thomas@diffblue.com>
Date: Mon, 21 Aug 2017 15:15:28 +0100
Subject: [PATCH 644/699] Added invariants on the correct structure of the
 array type

Added to converting types and when creating non det initilization.
---
 src/java_bytecode/java_bytecode_convert_class.cpp | 5 +++++
 src/java_bytecode/java_object_factory.cpp         | 4 ++++
 2 files changed, 9 insertions(+)

diff --git a/src/java_bytecode/java_bytecode_convert_class.cpp b/src/java_bytecode/java_bytecode_convert_class.cpp
index 90a5aaa42bf..d3c213cc1ae 100644
--- a/src/java_bytecode/java_bytecode_convert_class.cpp
+++ b/src/java_bytecode/java_bytecode_convert_class.cpp
@@ -292,6 +292,11 @@ void java_bytecode_convert_classt::add_array_types(symbol_tablet &symbol_table)
     comp2.set_base_name("data");
     struct_type.components().push_back(comp2);
 
+    INVARIANT(
+      is_valid_java_array(struct_type),
+      "Constructed a new type representing a Java Array "
+      "object that doesn't match expectations");
+
     symbolt symbol;
     symbol.name=symbol_type.get_identifier();
     symbol.base_name=symbol_type.get(ID_C_base_name);
diff --git a/src/java_bytecode/java_object_factory.cpp b/src/java_bytecode/java_object_factory.cpp
index c84f498c7b8..b9e3da19651 100644
--- a/src/java_bytecode/java_object_factory.cpp
+++ b/src/java_bytecode/java_object_factory.cpp
@@ -1059,6 +1059,10 @@ void java_object_factoryt::gen_nondet_array_init(
   // Otherwise we're updating the array in place, and use the
   // existing array allocation and length.
 
+  INVARIANT(
+    is_valid_java_array(struct_type),
+    "Java struct array does not conform to expectations");
+
   dereference_exprt deref_expr(expr, expr.type().subtype());
   const auto &comps=struct_type.components();
   exprt length_expr=member_exprt(deref_expr, "length", comps[1].type());

From 5274109b82c93beaf5411f582753a7d0ac3f4d4f Mon Sep 17 00:00:00 2001
From: thk123 <thomas@diffblue.com>
Date: Thu, 24 Aug 2017 18:22:08 +0100
Subject: [PATCH 645/699] Reduced strictness of the array check

It might be the type of the first component is in fact a symbol rather
than the struct directly. To avoid complicating the check, I removed
these two conditions.
---
 src/java_bytecode/java_types.cpp | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/src/java_bytecode/java_types.cpp b/src/java_bytecode/java_types.cpp
index 507c9d28938..14dd365b0bc 100644
--- a/src/java_bytecode/java_types.cpp
+++ b/src/java_bytecode/java_types.cpp
@@ -340,9 +340,6 @@ bool is_valid_java_array(const struct_typet &type)
 
   bool base_component_valid=true;
   base_component_valid&=base_class_component.get_name()=="@java.lang.Object";
-  base_component_valid&=base_class_component.type().id()==ID_struct;
-  base_component_valid&=
-    base_class_component.type().get_string(ID_tag)=="java.lang.Object";
 
   bool length_component_valid=true;
   const struct_union_typet::componentt length_component=

From 00406facff018d8c5464e89200ff0aaa094b3ff2 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Wed, 23 Aug 2017 09:03:31 +0100
Subject: [PATCH 646/699] Replacing assertions by appropriate macros in string
 preprocessing

---
 .../java_string_library_preprocess.cpp        | 61 ++++++++-----------
 1 file changed, 27 insertions(+), 34 deletions(-)

diff --git a/src/java_bytecode/java_string_library_preprocess.cpp b/src/java_bytecode/java_string_library_preprocess.cpp
index 3fa15d4dc54..a23e76d9906 100644
--- a/src/java_bytecode/java_string_library_preprocess.cpp
+++ b/src/java_bytecode/java_string_library_preprocess.cpp
@@ -367,12 +367,12 @@ exprt::operandst
   symbol_tablet &symbol_table,
   code_blockt &init_code)
 {
-  assert(operands.size()==2);
+  PRECONDITION(operands.size()==2);
   exprt::operandst ops;
-  exprt op0=operands[0];
-  exprt op1=operands[1];
+  const exprt &op0=operands[0];
+  const exprt &op1=operands[1];
+  PRECONDITION(implements_java_char_sequence(op0.type()));
 
-  assert(implements_java_char_sequence(op0.type()));
   dereference_exprt deref0=
     checked_dereference(op0, to_pointer_type(op0.type()).subtype());
   process_single_operand(ops, deref0, loc, symbol_table, init_code);
@@ -394,21 +394,16 @@ exprt::operandst
 typet java_string_library_preprocesst::get_data_type(
   const typet &type, const symbol_tablet &symbol_table)
 {
+  PRECONDITION(type.id()==ID_struct || type.id()==ID_symbol);
   if(type.id()==ID_symbol)
   {
     symbolt sym=symbol_table.lookup(to_symbol_type(type).get_identifier());
-    assert(sym.type.id()!=ID_symbol);
+    CHECK_RETURN(sym.type.id()!=ID_symbol);
     return get_data_type(sym.type, symbol_table);
   }
-  else
-  {
-    assert(type.id()==ID_struct);
-    const struct_typet &struct_type=to_struct_type(type);
-    for(auto component : struct_type.components())
-      if(component.get_name()=="data")
-        return component.type();
-    assert(false && "type does not contain data component");
-  }
+  // else type id is ID_struct
+  const struct_typet &struct_type=to_struct_type(type);
+  return struct_type.component_type("data");
 }
 
 /// Finds the type of the length component
@@ -418,21 +413,16 @@ typet java_string_library_preprocesst::get_data_type(
 typet java_string_library_preprocesst::get_length_type(
   const typet &type, const symbol_tablet &symbol_table)
 {
+  PRECONDITION(type.id()==ID_struct || type.id()==ID_symbol);
   if(type.id()==ID_symbol)
   {
     symbolt sym=symbol_table.lookup(to_symbol_type(type).get_identifier());
-    assert(sym.type.id()!=ID_symbol);
+    CHECK_RETURN(sym.type.id()!=ID_symbol);
     return get_length_type(sym.type, symbol_table);
   }
-  else
-  {
-    assert(type.id()==ID_struct);
-    const struct_typet &struct_type=to_struct_type(type);
-    for(auto component : struct_type.components())
-      if(component.get_name()=="length")
-        return component.type();
-    assert(false && "type does not contain length component");
-  }
+  // else type id is ID_struct
+  const struct_typet &struct_type=to_struct_type(type);
+  return struct_type.component_type("length");
 }
 
 /// access length member
@@ -728,7 +718,7 @@ codet java_string_library_preprocesst::code_assign_components_to_java_string(
   const exprt &rhs_length,
   symbol_tablet &symbol_table)
 {
-  assert(implements_java_char_sequence(lhs.type()));
+  PRECONDITION(implements_java_char_sequence(lhs.type()));
   dereference_exprt deref=checked_dereference(lhs, lhs.type().subtype());
 
   code_blockt code;
@@ -786,7 +776,7 @@ codet java_string_library_preprocesst::
     const source_locationt &loc,
     symbol_tablet &symbol_table)
 {
-  assert(implements_java_char_sequence(lhs.type()));
+  PRECONDITION(implements_java_char_sequence(lhs.type()));
   dereference_exprt deref=checked_dereference(lhs, lhs.type().subtype());
 
   code_blockt code;
@@ -812,7 +802,7 @@ codet java_string_library_preprocesst::
 codet java_string_library_preprocesst::code_assign_java_string_to_string_expr(
   const string_exprt &lhs, const exprt &rhs, symbol_tablet &symbol_table)
 {
-  assert(implements_java_char_sequence(rhs.type()));
+  PRECONDITION(implements_java_char_sequence(rhs.type()));
 
   typet deref_type;
   if(rhs.type().subtype().id()==ID_symbol)
@@ -901,7 +891,7 @@ codet java_string_library_preprocesst::make_float_to_string_code(
 {
   // Getting the argument
   code_typet::parameterst params=type.parameters();
-  assert(params.size()==1 && "wrong number of parameters in Float.toString");
+  PRECONDITION(params.size()==1);
   exprt arg=symbol_exprt(params[0].get_identifier(), params[0].type());
 
   // Holder for output code
@@ -1010,7 +1000,10 @@ codet java_string_library_preprocesst::make_float_to_string_code(
   string_expr_list.push_back(neg_simple_notation);
 
   // Combining all cases
-  assert(string_expr_list.size()==condition_list.size());
+  INVARIANT(
+    string_expr_list.size()==condition_list.size(),
+    "number of created strings should correspond to number of conditions");
+
   // We do not check the condition of the first element in the list as it
   // will be reached only if all other conditions are not satisfied.
   codet tmp_code=code_assign_string_expr_to_java_string(
@@ -1057,7 +1050,7 @@ codet java_string_library_preprocesst::make_init_function_from_call(
   code_typet::parameterst params=type.parameters();
 
   // The first parameter is the object to be initialized
-  assert(!params.empty());
+  PRECONDITION(!params.empty());
   exprt arg_this=symbol_exprt(params[0].get_identifier(), params[0].type());
   if(ignore_first_arg)
     params.erase(params.begin());
@@ -1098,11 +1091,11 @@ codet java_string_library_preprocesst::
     symbol_tablet &symbol_table)
 {
   // This is similar to assign functions except we return a pointer to `this`
+  code_typet::parameterst params=type.parameters();
+  PRECONDITION(!params.empty());
   code_blockt code;
   code.add(make_assign_function_from_call(
     function_name, type, loc, symbol_table));
-  code_typet::parameterst params=type.parameters();
-  assert(!params.empty());
   exprt arg_this=symbol_exprt(params[0].get_identifier(), params[0].type());
   code.add(code_returnt(arg_this));
   return code;
@@ -1149,10 +1142,10 @@ codet java_string_library_preprocesst::make_string_to_char_array_code(
     symbol_tablet &symbol_table)
 {
   code_blockt code;
-  assert(!type.parameters().empty());
+  PRECONDITION(!type.parameters().empty());
   const code_typet::parametert &p=type.parameters()[0];
   symbol_exprt string_argument(p.get_identifier(), p.type());
-  assert(implements_java_char_sequence(string_argument.type()));
+  PRECONDITION(implements_java_char_sequence(string_argument.type()));
 
   // lhs = new java::array[char]
   exprt lhs=allocate_fresh_array(

From f5073dff251b73c62761b54a835fc390aa8a07db Mon Sep 17 00:00:00 2001
From: Daniel Kroening <kroening@cs.ox.ac.uk>
Date: Fri, 25 Aug 2017 14:02:00 +0100
Subject: [PATCH 647/699] output the working directory for source locations in
 XML and json

---
 src/util/json_expr.cpp | 4 ++++
 src/util/xml_expr.cpp  | 4 ++++
 2 files changed, 8 insertions(+)

diff --git a/src/util/json_expr.cpp b/src/util/json_expr.cpp
index 648f7249969..2fbb8155714 100644
--- a/src/util/json_expr.cpp
+++ b/src/util/json_expr.cpp
@@ -84,6 +84,10 @@ json_objectt json(const source_locationt &location)
 {
   json_objectt result;
 
+  if(!location.get_working_directory().empty())
+    result["workingDirectory"]=
+      json_stringt(id2string(location.get_working_directory()));
+
   if(!location.get_file().empty())
     result["file"]=json_stringt(id2string(location.get_file()));
 
diff --git a/src/util/xml_expr.cpp b/src/util/xml_expr.cpp
index c3551617b68..3b9c8a719ba 100644
--- a/src/util/xml_expr.cpp
+++ b/src/util/xml_expr.cpp
@@ -28,6 +28,10 @@ xmlt xml(const source_locationt &location)
 
   result.name="location";
 
+  if(!location.get_working_directory().empty())
+    result.set_attribute(
+      "working-directory", id2string(location.get_working_directory()));
+
   if(!location.get_file().empty())
     result.set_attribute("file", id2string(location.get_file()));
 

From a1cf3482797bb4644f6bef3a83510649955ea764 Mon Sep 17 00:00:00 2001
From: "Lukasz A.J. Wrona" <lukasz.andrzej.wrona@gmail.com>
Date: Tue, 15 Aug 2017 16:38:11 +0100
Subject: [PATCH 648/699] Refactor, fix and document jar_filet class

---
 src/java_bytecode/Makefile                   |   1 +
 src/java_bytecode/jar_file.cpp               | 180 +++++++------------
 src/java_bytecode/jar_file.h                 | 122 ++++---------
 src/java_bytecode/java_bytecode_language.cpp |   3 +-
 src/java_bytecode/java_class_loader.cpp      |  33 ++--
 src/java_bytecode/java_class_loader.h        |  10 +-
 src/java_bytecode/mz_zip_archive.cpp         |  89 +++++++++
 src/java_bytecode/mz_zip_archive.h           |  51 ++++++
 8 files changed, 270 insertions(+), 219 deletions(-)
 create mode 100644 src/java_bytecode/mz_zip_archive.cpp
 create mode 100644 src/java_bytecode/mz_zip_archive.h

diff --git a/src/java_bytecode/Makefile b/src/java_bytecode/Makefile
index 45cb61d1521..06a7d55757e 100644
--- a/src/java_bytecode/Makefile
+++ b/src/java_bytecode/Makefile
@@ -25,6 +25,7 @@ SRC = bytecode_info.cpp \
       java_string_library_preprocess.cpp \
       java_types.cpp \
       java_utils.cpp \
+      mz_zip_archive.cpp \
       select_pointer_type.cpp \
       # Empty last line
 
diff --git a/src/java_bytecode/jar_file.cpp b/src/java_bytecode/jar_file.cpp
index 0d6c183ec69..ec690238996 100644
--- a/src/java_bytecode/jar_file.cpp
+++ b/src/java_bytecode/jar_file.cpp
@@ -1,144 +1,100 @@
 /*******************************************************************\
 
-Module:
+Module: Jar file reader
 
-Author: Daniel Kroening, kroening@kroening.com
+Author: Diffblue Ltd
 
 \*******************************************************************/
 
 #include "jar_file.h"
-
-#include <cstring>
-#include <unordered_set>
-
-#include <json/json_parser.h>
+#include <cctype>
 #include <util/suffix.h>
 #include <util/invariant.h>
+#include "java_class_loader_limit.h"
 
-void jar_filet::open(
-  java_class_loader_limitt &class_loader_limit,
-  const std::string &filename)
+jar_filet::jar_filet(
+  java_class_loader_limitt &limit,
+  const std::string &filename):
+  m_zip_archive(filename)
 {
-  if(!mz_ok)
+  const size_t file_count=m_zip_archive.get_num_files();
+  for(size_t index=0; index<file_count; index++)
   {
-    memset(&zip, 0, sizeof(zip));
-    mz_bool mz_open=mz_zip_reader_init_file(&zip, filename.c_str(), 0);
-    mz_ok=mz_open==MZ_TRUE;
+    const auto filename=m_zip_archive.get_filename(index);
+    if(!has_suffix(filename, ".class") || limit.load_class_file(filename))
+      m_name_to_index.emplace(filename, index);
   }
+}
 
-  if(mz_ok)
-  {
-    std::size_t number_of_files=
-      mz_zip_reader_get_num_files(&zip);
-
-    for(std::size_t i=0; i<number_of_files; i++)
-    {
-      // get the length of the filename, including the trailing \0
-      mz_uint filename_length=mz_zip_reader_get_filename(&zip, i, nullptr, 0);
-      std::vector<char> filename_char(filename_length+1);
-      INVARIANT(filename_length>=1, "buffer size must include trailing \\0");
+// VS: No default move constructors or assigns
 
-      // read and convert to std::string
-      mz_uint filename_len=
-        mz_zip_reader_get_filename(
-          &zip, i, filename_char.data(), filename_length);
-      INVARIANT(
-        filename_length==filename_len,
-        "buffer size was incorrectly pre-computed");
-      std::string file_name(filename_char.data());
-#if DEBUG
-      debug()
-        << "jar_filet.open: idx " << i
-        << " len " << filename_len
-        << " filename '" << std::string(filename_char.data()) << "'" << eom;
-#endif
-      INVARIANT(file_name.size()==filename_len-1, "no \\0 found in file name");
+jar_filet::jar_filet(jar_filet &&other):
+  m_zip_archive(std::move(other.m_zip_archive)),
+  m_name_to_index((other.m_name_to_index)) {}
 
-      // non-class files are loaded in any case
-      bool add_file=!has_suffix(file_name, ".class");
-      // load .class file only if they match regex / are in match set
-      add_file|=class_loader_limit.load_class_file(file_name);
-      if(add_file)
-      {
-        if(has_suffix(file_name, ".class"))
-          status() << "read class file " << file_name
-                   << " from " << filename << eom;
-        filtered_jar[file_name]=i;
-      }
-    }
-  }
+jar_filet &jar_filet::operator=(jar_filet &&other)
+{
+  m_zip_archive=std::move(other.m_zip_archive);
+  m_name_to_index=std::move(other.m_name_to_index);
+  return *this;
 }
 
-jar_filet::~jar_filet()
+std::string jar_filet::get_entry(const std::string &name)
 {
-  if(mz_ok)
+  const auto entry=m_name_to_index.find(name);
+  INVARIANT(entry!=m_name_to_index.end(), "File doesn't exist");
+  try
+  {
+    return m_zip_archive.extract(entry->second);
+  }
+  catch(const std::runtime_error &)
   {
-    mz_zip_reader_end(&zip);
-    mz_ok=false;
+    return "";
   }
 }
 
-std::string jar_filet::get_entry(const irep_idt &name)
+static bool is_space(const char ch)
 {
-  if(!mz_ok)
-    return std::string("");
-
-  std::string dest;
-
-  auto entry=filtered_jar.find(name);
-  assert(entry!=filtered_jar.end());
-
-  size_t real_index=entry->second;
-  mz_zip_archive_file_stat file_stat;
-  memset(&file_stat, 0, sizeof(file_stat));
-  mz_bool stat_ok=mz_zip_reader_file_stat(&zip, real_index, &file_stat);
-  if(stat_ok!=MZ_TRUE)
-    return std::string();
-  std::vector<char> buffer;
-  size_t bufsize=file_stat.m_uncomp_size;
-  buffer.resize(bufsize);
-  mz_bool read_ok=
-    mz_zip_reader_extract_to_mem(&zip, real_index, buffer.data(), bufsize, 0);
-  if(read_ok!=MZ_TRUE)
-    return std::string();
-
-  dest.insert(dest.end(), buffer.begin(), buffer.end());
-
-  return dest;
+  return std::isspace(ch);
 }
 
-jar_filet::manifestt jar_filet::get_manifest()
+/// Remove leading and trailing whitespace characters from string
+static std::string trim(
+  const std::string::const_iterator begin,
+  const std::string::const_iterator end)
 {
-  auto entry=filtered_jar.find("META-INF/MANIFEST.MF");
-  if(entry==filtered_jar.end())
-    return manifestt();
-
-  std::string dest=get_entry(entry->first);
-  std::istringstream in(dest);
-
-  manifestt manifest;
+  const auto out_begin=std::find_if_not(begin, end, is_space);
+  const auto out_end=std::find_if_not(
+    std::string::const_reverse_iterator(end),
+    std::string::const_reverse_iterator(out_begin),
+    is_space).base();
+  return { out_begin, out_end };
+}
 
-  std::string line;
-  while(std::getline(in, line))
+std::unordered_map<std::string, std::string> jar_filet::get_manifest()
+{
+  std::unordered_map<std::string, std::string> out;
+  const auto entry=m_name_to_index.find("META-INF/MANIFEST.MF");
+  if(entry!=m_name_to_index.end())
   {
-    std::size_t pos=line.find(':');
-    if(pos==std::string::npos)
-      continue;
-    std::string key=line.substr(0, pos);
-
-    // skip spaces
-    pos++;
-    while(pos<line.size() && line[pos]==' ') pos++;
-
-    std::string value=line.substr(pos, std::string::npos);
-
-    // trim off \r
-    if(!value.empty() && *value.rbegin()=='\r')
-      value.resize(value.size()-1);
-
-    // store
-    manifest[key]=value;
+    std::istringstream in(this->get_entry(entry->first));
+    std::string line;
+    while(std::getline(in, line))
+    {
+      const auto key_end=std::find(line.cbegin(), line.cend(), ':');
+      if(key_end!=line.cend())
+        out.emplace(
+          trim(line.cbegin(), key_end),
+          trim(std::next(key_end), line.cend()));
+    }
   }
+  return out;
+}
 
-  return manifest;
+std::vector<std::string> jar_filet::filenames() const
+{
+  std::vector<std::string> out;
+  for(const auto &pair : m_name_to_index)
+    out.emplace_back(pair.first);
+  return out;
 }
diff --git a/src/java_bytecode/jar_file.h b/src/java_bytecode/jar_file.h
index 5c41d127945..e53e1610495 100644
--- a/src/java_bytecode/jar_file.h
+++ b/src/java_bytecode/jar_file.h
@@ -1,110 +1,48 @@
 /*******************************************************************\
 
-Module: JAR File Reading
+Module: Jar file reader
 
-Author: Daniel Kroening, kroening@kroening.com
+Author: Diffblue Ltd
 
 \*******************************************************************/
 
-/// \file
-/// JAR File Reading
-
 #ifndef CPROVER_JAVA_BYTECODE_JAR_FILE_H
 #define CPROVER_JAVA_BYTECODE_JAR_FILE_H
 
-#define _LARGEFILE64_SOURCE 1
-#include "miniz/miniz.h"
-
+#include <unordered_map>
+#include <memory>
 #include <string>
 #include <vector>
-#include <map>
-#include <regex>
-#include <util/message.h>
+#include "mz_zip_archive.h"
 
-#include "java_class_loader_limit.h"
+class java_class_loader_limitt;
 
-/// An in-memory representation of a JAR file, consisting of a handler to a zip
-/// file (field \ref zip) and a map from file names inside the zip file to the
-/// index they occupy in the root directory (field \ref filtered_jar).
-///
-/// Both fields are initialize by a call to open(). Method get_entry() reads a
-/// file from the zip and returns it.
-class jar_filet:public messaget
+/// Class representing a .jar archive
+class jar_filet final
 {
 public:
-  jar_filet():
-    mz_ok(false)
-    // `zip` will be initialized by open()
-  {
-  }
-
-  ~jar_filet();
-
-  /// Initializes \ref zip to store the JAR file pointed by \p filepath and
-  /// loads the map \ref filtered_jar with the .class names allowed by \p limit.
-  void open(java_class_loader_limitt &limit, const std::string &filepath);
-
-  /// Test for error; 'true' means we are good.
-  explicit operator bool() const { return mz_ok; }
-
-  /// Reads the \ref zip field and returns a string storing the data contained
-  /// in file \p name.
-  std::string get_entry(const irep_idt &name);
-
-  /// Maps the names of the files stored in the JAR file to the index they
-  /// occupy (starting from 0) in the JAR central directory.  Populated by
-  /// method open() above.
-  typedef std::map<irep_idt, size_t> filtered_jart;
-  filtered_jart filtered_jar;
-
-  typedef std::map<std::string, std::string> manifestt;
-  manifestt get_manifest();
-
-protected:
-  /// A handle representing the zip file
-  mz_zip_archive zip;
-
-  /// True iff the \ref zip field has been correctly initialized with a JAR file
-  bool mz_ok;
-};
-
-/// A pool of jar_filet objects, indexed by the filesystem path name used to
-/// load that jar_filet.
-///
-/// The state of the class is maintained by the field \ref file_map, a std::map
-/// associating the path of a .jar file with its in-memory representation.
-/// A call to
-///
-/// ```
-///   operator()(limit, path)
-/// ```
-///
-/// will either return a previously loaded jar_filet, if it is found in the map,
-/// or will load that file (using jar_filet::open) and return a newly created
-/// jar_filet.
-class jar_poolt:public messaget
-{
-public:
-  jar_filet &operator()(
-    java_class_loader_limitt &class_loader_limit,
-    const std::string &file_name)
-  {
-    file_mapt::iterator it=file_map.find(file_name);
-    if(it==file_map.end())
-    {
-      jar_filet &jar_file=file_map[file_name];
-      jar_file.set_message_handler(get_message_handler());
-      jar_file.open(class_loader_limit, file_name);
-      return jar_file;
-    }
-    else
-      return file_map[file_name];
-  }
-
-protected:
-  /// A map from filesystem paths to jar_filet objects
-  typedef std::map<std::string, jar_filet> file_mapt;
-  file_mapt file_map;
+  /// Open java file for reading
+  /// \param limit Object limiting number of loaded .class files
+  /// \param filename Name of the file
+  /// \throw Throws std::runtime_error if file cannot be opened
+  jar_filet(java_class_loader_limitt &limit, const std::string &filename);
+  jar_filet(const jar_filet &)=delete;
+  jar_filet &operator=(const jar_filet &)=delete;
+  jar_filet(jar_filet &&);
+  jar_filet &operator=(jar_filet &&);
+  ~jar_filet()=default;
+  /// Get contents of a file in the jar archive.
+  /// Terminates the program if file doesn't exist
+  /// \param filename Name of the file in the archive
+  std::string get_entry(const std::string &filename);
+  /// Get contents of the Manifest file in the jar archive
+  std::unordered_map<std::string, std::string> get_manifest();
+  /// Get list of filenames in the archive
+  std::vector<std::string> filenames() const;
+private:
+  mz_zip_archivet m_zip_archive;
+  /// Map of filename to the file index in the zip archive
+  std::unordered_map<std::string, size_t> m_name_to_index;
 };
 
 #endif // CPROVER_JAVA_BYTECODE_JAR_FILE_H
diff --git a/src/java_bytecode/java_bytecode_language.cpp b/src/java_bytecode/java_bytecode_language.cpp
index f966600b38b..73953905875 100644
--- a/src/java_bytecode/java_bytecode_language.cpp
+++ b/src/java_bytecode/java_bytecode_language.cpp
@@ -138,8 +138,7 @@ bool java_bytecode_languaget::parse(
       java_cp_include_files);
     if(config.java.main_class.empty())
     {
-      // load the .jar file and retrieve its manifest
-      jar_filet::manifestt manifest=
+      auto manifest=
         java_class_loader.jar_pool(class_loader_limit, path).get_manifest();
       std::string manifest_main_class=manifest["Main-Class"];
 
diff --git a/src/java_bytecode/java_class_loader.cpp b/src/java_bytecode/java_class_loader.cpp
index 675e137227c..e627c9e1f8b 100644
--- a/src/java_bytecode/java_class_loader.cpp
+++ b/src/java_bytecode/java_class_loader.cpp
@@ -68,7 +68,6 @@ void java_class_loadert::set_java_cp_include_files(
   std::string &_java_cp_include_files)
 {
   java_cp_include_files=_java_cp_include_files;
-  jar_pool.set_message_handler(get_message_handler());
 }
 
 java_bytecode_parse_treet &java_class_loadert::get_parse_tree(
@@ -188,28 +187,27 @@ void java_class_loadert::read_jar_file(
   if(jar_map.find(file)!=jar_map.end())
     return;
 
-  // read the .jar file, store it in memory and return a jar_filet representing
-  // it
-  jar_filet &jar_file=jar_pool(class_loader_limit, id2string(file));
-
-  if(!jar_file)
+  std::vector<std::string> filenames;
+  try
+  {
+    filenames=this->jar_pool(class_loader_limit, id2string(file)).filenames();
+  }
+  catch(const std::runtime_error &)
   {
     error() << "failed to open JAR file `" << file << "'" << eom;
     return;
   }
-
   debug() << "adding JAR file `" << file << "'" << eom;
 
   // create a new entry in the map and initialize using the list of file names
   // that were retained in the jar_filet by the class_loader_limit filter
   auto &jm=jar_map[file];
-  for(auto &jar_entry : jar_file.filtered_jar)
+  for(auto &file_name : filenames)
   {
-    std::string file_name=id2string(jar_entry.first);
-
     // does it end on .class?
     if(has_suffix(file_name, ".class"))
     {
+      status() << "read class file " << file_name << " from " << file << eom;
       irep_idt class_name=file_to_class_name(file_name);
 
       // record
@@ -265,3 +263,18 @@ std::string java_class_loadert::class_name_to_file(const irep_idt &class_name)
 
   return result;
 }
+
+jar_filet &java_class_loadert::jar_pool(
+  java_class_loader_limitt &class_loader_limit,
+  const std::string &file_name)
+{
+  const auto it=m_archives.find(file_name);
+  if(it==m_archives.end())
+  {
+    // VS: Can't construct in place
+    auto file=jar_filet(class_loader_limit, file_name);
+    return m_archives.emplace(file_name, std::move(file)).first->second;
+  }
+  else
+    return it->second;
+}
diff --git a/src/java_bytecode/java_class_loader.h b/src/java_bytecode/java_class_loader.h
index 62edb0d4842..fe8f8e3dd77 100644
--- a/src/java_bytecode/java_class_loader.h
+++ b/src/java_bytecode/java_class_loader.h
@@ -53,9 +53,11 @@ class java_class_loadert:public messaget
   typedef std::map<irep_idt, java_bytecode_parse_treet> class_mapt;
   class_mapt class_map;
 
-  /// Maps .jar filesystem paths to jar_filet objects (stored inside).
-  /// Responsible for loading new jar files when they are first referenced.
-  jar_poolt jar_pool;
+  /// Load jar archive(from cache if already loaded)
+  /// \param limit
+  /// \param filename name of the file
+  jar_filet &jar_pool(java_class_loader_limitt &limit,
+                      const std::string &filename);
 
   /// An object of this class represents the information of _a single JAR file_
   /// that is relevant for a class loader: a map associating logical class names
@@ -90,6 +92,8 @@ class java_class_loadert:public messaget
   /// java_class_loader_limitt::setup_class_load_limit() for further
   /// information.
   std::string java_cp_include_files;
+private:
+  std::map<std::string, jar_filet> m_archives;
 };
 
 #endif // CPROVER_JAVA_BYTECODE_JAVA_CLASS_LOADER_H
diff --git a/src/java_bytecode/mz_zip_archive.cpp b/src/java_bytecode/mz_zip_archive.cpp
new file mode 100644
index 00000000000..f467f4ed739
--- /dev/null
+++ b/src/java_bytecode/mz_zip_archive.cpp
@@ -0,0 +1,89 @@
+/*******************************************************************\
+
+Module: mz_zip library wrapper
+
+Author: Diffblue Ltd
+
+\*******************************************************************/
+
+#include "mz_zip_archive.h"
+#include <stdexcept>
+#include <string>
+#include <vector>
+#include <algorithm>
+#define _LARGEFILE64_SOURCE 1
+#include <miniz/miniz.h>
+
+// Original struct is an anonymous struct with a typedef, This is
+// required to remove internals from the header file
+class mz_zip_archive_statet final:public mz_zip_archive
+{
+public:
+  explicit mz_zip_archive_statet(const std::string &filename):
+    mz_zip_archive({ })
+  {
+    if(MZ_TRUE!=mz_zip_reader_init_file(this, filename.data(), 0))
+      throw std::runtime_error("MZT: Could not load a file: "+filename);
+  }
+  mz_zip_archive_statet(const mz_zip_archive_statet &)=delete;
+  mz_zip_archive_statet(mz_zip_archive_statet &&)=delete;
+  mz_zip_archive_statet &operator=(const mz_zip_archive_statet &)=delete;
+  mz_zip_archive_statet &operator=(mz_zip_archive_statet &&)=delete;
+  ~mz_zip_archive_statet()
+  {
+    mz_zip_reader_end(this);
+  }
+};
+
+static_assert(sizeof(mz_uint)<=sizeof(size_t),
+              "size_t cannot store mz_zip file ids, choose a larger type");
+
+mz_zip_archivet::mz_zip_archivet(const std::string &filename):
+  m_state(new mz_zip_archive_statet(filename)) { }
+
+// VS Compatibility
+mz_zip_archivet::mz_zip_archivet(mz_zip_archivet &&other):
+  m_state(std::move(other.m_state)) { }
+
+// Has to be defined here because header is incomplete
+mz_zip_archivet::~mz_zip_archivet()=default;
+
+// VS Compatibility
+mz_zip_archivet &mz_zip_archivet::operator=(mz_zip_archivet &&other)
+{
+  m_state=std::move(other.m_state);
+  return *this;
+}
+
+size_t mz_zip_archivet::get_num_files()
+{
+  return mz_zip_reader_get_num_files(m_state.get());
+}
+
+std::string mz_zip_archivet::get_filename(const size_t index)
+{
+  const auto id=static_cast<mz_uint>(index);
+  std::vector<char> buffer;
+  buffer.resize(mz_zip_reader_get_filename(m_state.get(), id, nullptr, 0));
+  mz_zip_reader_get_filename(m_state.get(), id, buffer.data(), buffer.size());
+  // Buffer may contain junk returned after \0
+  const auto null_char_it=std::find(buffer.cbegin(), buffer.cend(), '\0');
+  return { buffer.cbegin(), null_char_it };
+}
+
+std::string mz_zip_archivet::extract(const size_t index)
+{
+  const auto id=static_cast<mz_uint>(index);
+  mz_zip_archive_file_stat file_stat={ };
+  const mz_bool stat_ok=mz_zip_reader_file_stat(m_state.get(), id, &file_stat);
+  if(stat_ok==MZ_TRUE)
+  {
+    std::vector<char> buffer(file_stat.m_uncomp_size);
+    const mz_bool read_ok=mz_zip_reader_extract_to_mem(
+      m_state.get(), id, buffer.data(), buffer.size(), 0);
+    if(read_ok==MZ_TRUE)
+      return { buffer.cbegin(), buffer.cend() };
+  }
+  throw std::runtime_error("Could not extract the file");
+}
+
diff --git a/src/java_bytecode/mz_zip_archive.h b/src/java_bytecode/mz_zip_archive.h
new file mode 100644
index 00000000000..4e2bbf529d6
--- /dev/null
+++ b/src/java_bytecode/mz_zip_archive.h
@@ -0,0 +1,51 @@
+/*******************************************************************\
+
+Module: mz_zip library wrapper
+
+Author: Diffblue Ltd
+
+\*******************************************************************/
+
+#ifndef CPROVER_JAVA_BYTECODE_MZ_ZIP_ARCHIVE_H
+#define CPROVER_JAVA_BYTECODE_MZ_ZIP_ARCHIVE_H
+
+#include <string>
+#include <memory>
+
+/// State of the mz_zip_archive object
+class mz_zip_archive_statet;
+
+/// Thin object-oriented wrapper around the MZ Zip library
+/// Zip file reader and extractor. Not thread safe. Move only.
+class mz_zip_archivet final
+{
+public:
+  /// Open a zip archive
+  /// \param filename Path of the zip archive
+  /// \throw Throws std::runtime_error if file cannot be opened
+  explicit mz_zip_archivet(const std::string &filename);
+  mz_zip_archivet(const mz_zip_archivet &)=delete;
+  mz_zip_archivet &operator=(const mz_zip_archivet &)=delete;
+  /// Move constructor. Doesn't throw. Leaves other object invalidated.
+  mz_zip_archivet(mz_zip_archivet &&other);
+  /// Move assignment. Doesn't throw. Replaces this object's state
+  /// with other object's state. Invalidates other object.
+  mz_zip_archivet &operator=(mz_zip_archivet &&other);
+  ~mz_zip_archivet();
+
+  /// Get number of files in the archive
+  size_t get_num_files();
+  /// Get file name of nth file in the archive
+  /// \param index id of the file in the archive
+  /// \return Name of the file in the archive
+  std::string get_filename(size_t index);
+  /// Get contents of nth file in the archive
+  /// \param index id of the file in the archive
+  /// \throw Throws std::runtime_error if file cannot be extracted
+  /// \return Contents of the file in the archive
+  std::string extract(size_t index);
+private:
+  std::unique_ptr<mz_zip_archive_statet> m_state;
+};
+
+#endif // CPROVER_JAVA_BYTECODE_MZ_ZIP_ARCHIVE_H

From 964a85ce55698d07b85439bb11e8eff453a68f4e Mon Sep 17 00:00:00 2001
From: Michael Tautschnig <tautschn@amazon.com>
Date: Wed, 26 Jul 2017 11:41:47 +0000
Subject: [PATCH 649/699] Make get_current_working_directory return the
 canonical path name

Symlinks should be expanded to avoid ambiguity. The reimplementation
also avoids realloc-loops.
---
 src/util/file_util.cpp | 32 ++++++++++++++++----------------
 1 file changed, 16 insertions(+), 16 deletions(-)

diff --git a/src/util/file_util.cpp b/src/util/file_util.cpp
index 370d452c341..9a943a3c68e 100644
--- a/src/util/file_util.cpp
+++ b/src/util/file_util.cpp
@@ -13,7 +13,10 @@ Date: January 2012
 
 #include "file_util.h"
 
+#include "invariant.h"
+
 #include <cerrno>
+#include <cstring>
 
 #if defined(__linux__) || \
     defined(__FreeBSD_kernel__) || \
@@ -36,29 +39,26 @@ Date: January 2012
 #define chdir _chdir
 #define popen _popen
 #define pclose _pclose
-#else
-#include <cstring>
 #endif
 
 /// \return current working directory
 std::string get_current_working_directory()
 {
-  unsigned bsize=50;
-
-  char *buf=reinterpret_cast<char*>(malloc(sizeof(char)*bsize));
-  if(!buf)
-    abort();
-
+  #ifndef _WIN32
   errno=0;
+  char *wd=realpath(".", nullptr);
+  INVARIANT(
+    wd!=nullptr && errno==0,
+    std::string("realpath failed: ")+strerror(errno));
 
-  while(buf && getcwd(buf, bsize-1)==nullptr && errno==ERANGE)
-  {
-    bsize*=2;
-    buf=reinterpret_cast<char*>(realloc(buf, sizeof(char)*bsize));
-  }
-
-  std::string working_directory=buf;
-  free(buf);
+  std::string working_directory=wd;
+  free(wd);
+  #else
+  char buffer[4096];
+  DWORD retval=GetCurrentDirectory(4096, buffer);
+  CHECK_RETURN(retval>0);
+  std::string working_directory(buffer);
+  #endif
 
   return working_directory;
 }

From 8ebb169fbe811015e7a2e82e86aadef37c4b6696 Mon Sep 17 00:00:00 2001
From: Vojtech Forejt <vojtech.forejt@diffblue.com>
Date: Sat, 26 Aug 2017 21:26:55 +0100
Subject: [PATCH 650/699] Add source location to JSON output.

Without this commit, the JSON output will miss source locations of messages. Compare the following plaintext output from cbmc:
```
file My.java line 8 function java::My.doIt:()V: no identifier for function parameter
```
with the JSON output for the same input file and parameters
```
{
  "messageText": "no identifier for function parameter",
  "messageType": "ERROR"
}
```

With this commit, the JSON output will be something like
```
{
  "messageText": "no identifier for function parameter",
  "messageType": "ERROR"
  "sourceLocation": {
        "bytecodeIndex": "2"
        "file": "My.java",
        "function": "java::My.doIt:()V",
        "line": "8"
      }
}
```
This should make debugging of errors easier.
---
 src/memory-models/Makefile | 1 +
 src/util/ui_message.cpp    | 5 ++---
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/memory-models/Makefile b/src/memory-models/Makefile
index e13309deaae..3b8587611c8 100644
--- a/src/memory-models/Makefile
+++ b/src/memory-models/Makefile
@@ -9,6 +9,7 @@ SRC = mm2cpp.cpp \
 OBJ += ../big-int/big-int$(LIBEXT) \
       ../ansi-c/ansi-c$(LIBEXT) \
       ../linking/linking$(LIBEXT) \
+      ../langapi/langapi$(LIBEXT) \
       ../util/util$(LIBEXT)
 
 INCLUDES= -I ..
diff --git a/src/util/ui_message.cpp b/src/util/ui_message.cpp
index 31d61f4d51f..5757fc36acd 100644
--- a/src/util/ui_message.cpp
+++ b/src/util/ui_message.cpp
@@ -14,6 +14,7 @@ Author: Daniel Kroening, kroening@kroening.com
 #include "xml.h"
 #include "json.h"
 #include "xml_expr.h"
+#include "json_expr.h"
 #include "cout_message.h"
 #include "cmdline.h"
 
@@ -219,11 +220,9 @@ void ui_message_handlert::json_ui_msg(
 
   json_objectt result;
 
-  #if 0
   if(location.is_not_nil() &&
      !location.get_file().empty())
-    result.new_element(xml(location));
-  #endif
+    result["sourceLocation"] = json(location);
 
   result["messageType"] = json_stringt(type);
   result["messageText"] = json_stringt(msg1);

From 9a8c063036dfd4c1f7a6c3d6d566df704108eb4c Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Wed, 16 Aug 2017 07:02:22 +0100
Subject: [PATCH 651/699] Setting string-max-length for several tests

Cbmc can potentialy run out of memory if no maximum string length is
set. This happens more often with the new version of check axioms
because a concretization step is made to be more precise in the check.
---
 regression/strings-smoke-tests/java_append_char/test.desc       | 2 +-
 regression/strings-smoke-tests/java_case/test.desc              | 2 +-
 regression/strings-smoke-tests/java_insert_char/test.desc       | 2 +-
 regression/strings-smoke-tests/java_insert_char_array/test.desc | 2 +-
 regression/strings-smoke-tests/java_insert_int/test.desc        | 2 +-
 regression/strings-smoke-tests/java_insert_multiple/test.desc   | 2 +-
 regression/strings-smoke-tests/java_insert_string/test.desc     | 2 +-
 regression/strings-smoke-tests/java_int_to_string/test3.desc    | 2 +-
 regression/strings-smoke-tests/java_int_to_string/test5.desc    | 2 +-
 .../java_int_to_string_with_radix/test_binary1.desc             | 2 +-
 .../java_int_to_string_with_radix/test_binary2.desc             | 2 +-
 .../java_int_to_string_with_radix/test_hex1.desc                | 2 +-
 .../java_int_to_string_with_radix/test_hex2.desc                | 2 +-
 .../java_int_to_string_with_radix/test_hex3.desc                | 2 +-
 .../java_int_to_string_with_radix/test_octal2.desc              | 2 +-
 .../java_int_to_string_with_radix/test_octal3.desc              | 2 +-
 .../java_long_to_string_with_radix/test_hex1.desc               | 2 +-
 .../java_long_to_string_with_radix/test_hex3.desc               | 2 +-
 .../java_long_to_string_with_radix/test_octal1.desc             | 2 +-
 .../java_long_to_string_with_radix/test_octal2.desc             | 2 +-
 .../java_long_to_string_with_radix/test_octal3.desc             | 2 +-
 regression/strings-smoke-tests/java_value_of_float/test.desc    | 2 +-
 regression/strings-smoke-tests/java_value_of_float_2/test.desc  | 2 +-
 regression/strings-smoke-tests/java_value_of_long/test.desc     | 2 +-
 regression/strings/StringStartEnd02/test.desc                   | 2 +-
 regression/strings/java_append_char/test.desc                   | 2 +-
 regression/strings/java_case/test.desc                          | 2 +-
 regression/strings/java_char_array_init/test.desc               | 2 +-
 regression/strings/java_insert_char/test.desc                   | 2 +-
 regression/strings/java_insert_char_array/test.desc             | 2 +-
 regression/strings/java_insert_int/test.desc                    | 2 +-
 regression/strings/java_insert_string/test.desc                 | 2 +-
 32 files changed, 32 insertions(+), 32 deletions(-)

diff --git a/regression/strings-smoke-tests/java_append_char/test.desc b/regression/strings-smoke-tests/java_append_char/test.desc
index 88d1cbf2114..7fdd9f47961 100644
--- a/regression/strings-smoke-tests/java_append_char/test.desc
+++ b/regression/strings-smoke-tests/java_append_char/test.desc
@@ -1,6 +1,6 @@
 CORE
 test_append_char.class
---refine-strings
+--refine-strings --string-max-length 1000
 ^EXIT=0$
 ^SIGNAL=0$
 ^VERIFICATION SUCCESSFUL$
diff --git a/regression/strings-smoke-tests/java_case/test.desc b/regression/strings-smoke-tests/java_case/test.desc
index d2508fa3489..2889787e47a 100644
--- a/regression/strings-smoke-tests/java_case/test.desc
+++ b/regression/strings-smoke-tests/java_case/test.desc
@@ -1,6 +1,6 @@
 CORE
 test_case.class
---refine-strings
+--refine-strings --string-max-length 1000
 ^EXIT=10$
 ^SIGNAL=0$
 assertion.* file test_case.java line 10 .* SUCCESS$
diff --git a/regression/strings-smoke-tests/java_insert_char/test.desc b/regression/strings-smoke-tests/java_insert_char/test.desc
index 0e9a06d5afb..88200524d70 100644
--- a/regression/strings-smoke-tests/java_insert_char/test.desc
+++ b/regression/strings-smoke-tests/java_insert_char/test.desc
@@ -1,6 +1,6 @@
 CORE
 test_insert_char.class
---refine-strings
+--refine-strings  --string-max-length 1000
 ^EXIT=0$
 ^SIGNAL=0$
 ^VERIFICATION SUCCESSFUL$
diff --git a/regression/strings-smoke-tests/java_insert_char_array/test.desc b/regression/strings-smoke-tests/java_insert_char_array/test.desc
index 082771dd2db..6fc7a12f439 100644
--- a/regression/strings-smoke-tests/java_insert_char_array/test.desc
+++ b/regression/strings-smoke-tests/java_insert_char_array/test.desc
@@ -1,6 +1,6 @@
 CORE
 test_insert_char_array.class
---refine-strings
+--refine-strings --string-max-length 1000
 ^EXIT=0$
 ^SIGNAL=0$
 ^VERIFICATION SUCCESSFUL$
diff --git a/regression/strings-smoke-tests/java_insert_int/test.desc b/regression/strings-smoke-tests/java_insert_int/test.desc
index dc039fedbea..488e2bc8766 100644
--- a/regression/strings-smoke-tests/java_insert_int/test.desc
+++ b/regression/strings-smoke-tests/java_insert_int/test.desc
@@ -1,6 +1,6 @@
 FUTURE
 test_insert_int.class
---refine-strings
+--refine-strings  --string-max-length 1000
 ^EXIT=0$
 ^SIGNAL=0$
 ^VERIFICATION SUCCESSFUL$
diff --git a/regression/strings-smoke-tests/java_insert_multiple/test.desc b/regression/strings-smoke-tests/java_insert_multiple/test.desc
index bb9a23f1b5c..d3236ab78ee 100644
--- a/regression/strings-smoke-tests/java_insert_multiple/test.desc
+++ b/regression/strings-smoke-tests/java_insert_multiple/test.desc
@@ -1,6 +1,6 @@
 CORE
 test_insert_multiple.class
---refine-strings
+--refine-strings --string-max-length 1000
 ^EXIT=0$
 ^SIGNAL=0$
 ^VERIFICATION SUCCESSFUL$
diff --git a/regression/strings-smoke-tests/java_insert_string/test.desc b/regression/strings-smoke-tests/java_insert_string/test.desc
index 44bf9f268d9..2b91905e17e 100644
--- a/regression/strings-smoke-tests/java_insert_string/test.desc
+++ b/regression/strings-smoke-tests/java_insert_string/test.desc
@@ -1,6 +1,6 @@
 CORE
 test_insert_string.class
---refine-strings
+--refine-strings --string-max-length 1000
 ^EXIT=0$
 ^SIGNAL=0$
 ^VERIFICATION SUCCESSFUL$
diff --git a/regression/strings-smoke-tests/java_int_to_string/test3.desc b/regression/strings-smoke-tests/java_int_to_string/test3.desc
index 5b48152f26e..97565815465 100644
--- a/regression/strings-smoke-tests/java_int_to_string/test3.desc
+++ b/regression/strings-smoke-tests/java_int_to_string/test3.desc
@@ -1,6 +1,6 @@
 CORE
 Test3.class
---refine-strings
+--refine-strings --string-max-length 1000
 ^EXIT=10$
 ^SIGNAL=0$
 assertion.* line 7 .* SUCCESS$
diff --git a/regression/strings-smoke-tests/java_int_to_string/test5.desc b/regression/strings-smoke-tests/java_int_to_string/test5.desc
index 08531bc36e0..524a176db3f 100644
--- a/regression/strings-smoke-tests/java_int_to_string/test5.desc
+++ b/regression/strings-smoke-tests/java_int_to_string/test5.desc
@@ -1,6 +1,6 @@
 CORE
 Test5.class
---refine-strings
+--refine-strings --string-max-length 1000
 ^EXIT=10$
 ^SIGNAL=0$
 assertion.* line 7 .* SUCCESS$
diff --git a/regression/strings-smoke-tests/java_int_to_string_with_radix/test_binary1.desc b/regression/strings-smoke-tests/java_int_to_string_with_radix/test_binary1.desc
index 1f7de38eee8..20bd5377109 100644
--- a/regression/strings-smoke-tests/java_int_to_string_with_radix/test_binary1.desc
+++ b/regression/strings-smoke-tests/java_int_to_string_with_radix/test_binary1.desc
@@ -1,6 +1,6 @@
 CORE
 Test_binary1.class
---refine-strings
+--refine-strings --string-max-length 1000
 ^EXIT=10$
 ^SIGNAL=0$
 assertion.* line 7 .* SUCCESS$
diff --git a/regression/strings-smoke-tests/java_int_to_string_with_radix/test_binary2.desc b/regression/strings-smoke-tests/java_int_to_string_with_radix/test_binary2.desc
index cb1dd600e34..370139d2c42 100644
--- a/regression/strings-smoke-tests/java_int_to_string_with_radix/test_binary2.desc
+++ b/regression/strings-smoke-tests/java_int_to_string_with_radix/test_binary2.desc
@@ -1,6 +1,6 @@
 CORE
 Test_binary2.class
---refine-strings
+--refine-strings --string-max-length 1000
 ^EXIT=10$
 ^SIGNAL=0$
 assertion.* line 7 .* SUCCESS$
diff --git a/regression/strings-smoke-tests/java_int_to_string_with_radix/test_hex1.desc b/regression/strings-smoke-tests/java_int_to_string_with_radix/test_hex1.desc
index 4b691b9c528..48d705734ac 100644
--- a/regression/strings-smoke-tests/java_int_to_string_with_radix/test_hex1.desc
+++ b/regression/strings-smoke-tests/java_int_to_string_with_radix/test_hex1.desc
@@ -1,6 +1,6 @@
 CORE
 Test_hex1.class
---refine-strings
+--refine-strings --string-max-length 1000
 ^EXIT=10$
 ^SIGNAL=0$
 assertion.* line 7 .* SUCCESS$
diff --git a/regression/strings-smoke-tests/java_int_to_string_with_radix/test_hex2.desc b/regression/strings-smoke-tests/java_int_to_string_with_radix/test_hex2.desc
index d21d067e620..89c4928e147 100644
--- a/regression/strings-smoke-tests/java_int_to_string_with_radix/test_hex2.desc
+++ b/regression/strings-smoke-tests/java_int_to_string_with_radix/test_hex2.desc
@@ -1,6 +1,6 @@
 CORE
 Test_hex2.class
---refine-strings
+--refine-strings --string-max-length 1000
 ^EXIT=10$
 ^SIGNAL=0$
 assertion.* line 7 .* SUCCESS$
diff --git a/regression/strings-smoke-tests/java_int_to_string_with_radix/test_hex3.desc b/regression/strings-smoke-tests/java_int_to_string_with_radix/test_hex3.desc
index c9fbfae377e..0c5ff51b802 100644
--- a/regression/strings-smoke-tests/java_int_to_string_with_radix/test_hex3.desc
+++ b/regression/strings-smoke-tests/java_int_to_string_with_radix/test_hex3.desc
@@ -1,6 +1,6 @@
 CORE
 Test_hex3.class
---refine-strings
+--refine-strings --string-max-length 100
 ^EXIT=10$
 ^SIGNAL=0$
 assertion.* line 7 .* SUCCESS$
diff --git a/regression/strings-smoke-tests/java_int_to_string_with_radix/test_octal2.desc b/regression/strings-smoke-tests/java_int_to_string_with_radix/test_octal2.desc
index 06520bcde35..aee4977a75f 100644
--- a/regression/strings-smoke-tests/java_int_to_string_with_radix/test_octal2.desc
+++ b/regression/strings-smoke-tests/java_int_to_string_with_radix/test_octal2.desc
@@ -1,6 +1,6 @@
 CORE
 Test_octal2.class
---refine-strings
+--refine-strings --string-max-length 1000
 ^EXIT=10$
 ^SIGNAL=0$
 assertion.* line 7 .* SUCCESS$
diff --git a/regression/strings-smoke-tests/java_int_to_string_with_radix/test_octal3.desc b/regression/strings-smoke-tests/java_int_to_string_with_radix/test_octal3.desc
index 32f319a9876..b7a5ceb3ce1 100644
--- a/regression/strings-smoke-tests/java_int_to_string_with_radix/test_octal3.desc
+++ b/regression/strings-smoke-tests/java_int_to_string_with_radix/test_octal3.desc
@@ -1,6 +1,6 @@
 CORE
 Test_octal3.class
---refine-strings
+--refine-strings --string-max-length 1000
 ^EXIT=10$
 ^SIGNAL=0$
 assertion.* line 7 .* SUCCESS$
diff --git a/regression/strings-smoke-tests/java_long_to_string_with_radix/test_hex1.desc b/regression/strings-smoke-tests/java_long_to_string_with_radix/test_hex1.desc
index 4b691b9c528..48d705734ac 100644
--- a/regression/strings-smoke-tests/java_long_to_string_with_radix/test_hex1.desc
+++ b/regression/strings-smoke-tests/java_long_to_string_with_radix/test_hex1.desc
@@ -1,6 +1,6 @@
 CORE
 Test_hex1.class
---refine-strings
+--refine-strings --string-max-length 1000
 ^EXIT=10$
 ^SIGNAL=0$
 assertion.* line 7 .* SUCCESS$
diff --git a/regression/strings-smoke-tests/java_long_to_string_with_radix/test_hex3.desc b/regression/strings-smoke-tests/java_long_to_string_with_radix/test_hex3.desc
index c9fbfae377e..0c5ff51b802 100644
--- a/regression/strings-smoke-tests/java_long_to_string_with_radix/test_hex3.desc
+++ b/regression/strings-smoke-tests/java_long_to_string_with_radix/test_hex3.desc
@@ -1,6 +1,6 @@
 CORE
 Test_hex3.class
---refine-strings
+--refine-strings --string-max-length 100
 ^EXIT=10$
 ^SIGNAL=0$
 assertion.* line 7 .* SUCCESS$
diff --git a/regression/strings-smoke-tests/java_long_to_string_with_radix/test_octal1.desc b/regression/strings-smoke-tests/java_long_to_string_with_radix/test_octal1.desc
index 9afe7b06279..8188ebc0ee9 100644
--- a/regression/strings-smoke-tests/java_long_to_string_with_radix/test_octal1.desc
+++ b/regression/strings-smoke-tests/java_long_to_string_with_radix/test_octal1.desc
@@ -1,6 +1,6 @@
 CORE
 Test_octal1.class
---refine-strings
+--refine-strings --string-max-length 100
 ^EXIT=10$
 ^SIGNAL=0$
 assertion.* line 7 .* SUCCESS$
diff --git a/regression/strings-smoke-tests/java_long_to_string_with_radix/test_octal2.desc b/regression/strings-smoke-tests/java_long_to_string_with_radix/test_octal2.desc
index 06520bcde35..3884ae1fa9f 100644
--- a/regression/strings-smoke-tests/java_long_to_string_with_radix/test_octal2.desc
+++ b/regression/strings-smoke-tests/java_long_to_string_with_radix/test_octal2.desc
@@ -1,6 +1,6 @@
 CORE
 Test_octal2.class
---refine-strings
+--refine-strings --string-max-length 100
 ^EXIT=10$
 ^SIGNAL=0$
 assertion.* line 7 .* SUCCESS$
diff --git a/regression/strings-smoke-tests/java_long_to_string_with_radix/test_octal3.desc b/regression/strings-smoke-tests/java_long_to_string_with_radix/test_octal3.desc
index 32f319a9876..527357b801e 100644
--- a/regression/strings-smoke-tests/java_long_to_string_with_radix/test_octal3.desc
+++ b/regression/strings-smoke-tests/java_long_to_string_with_radix/test_octal3.desc
@@ -1,6 +1,6 @@
 CORE
 Test_octal3.class
---refine-strings
+--refine-strings --string-max-length 100
 ^EXIT=10$
 ^SIGNAL=0$
 assertion.* line 7 .* SUCCESS$
diff --git a/regression/strings-smoke-tests/java_value_of_float/test.desc b/regression/strings-smoke-tests/java_value_of_float/test.desc
index d1cc84bd13a..4e3e8769be6 100644
--- a/regression/strings-smoke-tests/java_value_of_float/test.desc
+++ b/regression/strings-smoke-tests/java_value_of_float/test.desc
@@ -1,6 +1,6 @@
 CORE
 test.class
---refine-strings --function test.check
+--refine-strings --function test.check --string-max-length 100
 ^EXIT=10$
 ^SIGNAL=0$
 assertion.* file test.java line 7 .* SUCCESS$
diff --git a/regression/strings-smoke-tests/java_value_of_float_2/test.desc b/regression/strings-smoke-tests/java_value_of_float_2/test.desc
index 8a2a2bc6207..370b9327f58 100644
--- a/regression/strings-smoke-tests/java_value_of_float_2/test.desc
+++ b/regression/strings-smoke-tests/java_value_of_float_2/test.desc
@@ -1,6 +1,6 @@
 KNOWNBUG
 test.class
---refine-strings --function test.check
+--refine-strings --function test.check --string-max-length 1000
 ^EXIT=10$
 ^SIGNAL=0$
 assertion.* file test.java line 6 .* SUCCESS$
diff --git a/regression/strings-smoke-tests/java_value_of_long/test.desc b/regression/strings-smoke-tests/java_value_of_long/test.desc
index f96a114f708..c7ea25ab2f8 100644
--- a/regression/strings-smoke-tests/java_value_of_long/test.desc
+++ b/regression/strings-smoke-tests/java_value_of_long/test.desc
@@ -1,6 +1,6 @@
 CORE
 test.class
---refine-strings
+--refine-strings --string-max-length 1000
 ^EXIT=10$
 ^SIGNAL=0$
 assertion.* file test.java line 9 .* SUCCESS$
diff --git a/regression/strings/StringStartEnd02/test.desc b/regression/strings/StringStartEnd02/test.desc
index a650aa0ebe9..deddbb5b902 100644
--- a/regression/strings/StringStartEnd02/test.desc
+++ b/regression/strings/StringStartEnd02/test.desc
@@ -1,6 +1,6 @@
 CORE
 StringStartEnd02.class
---refine-strings --unwind 30
+--refine-strings --unwind 30 --string-max-length 1000
 ^EXIT=10$
 ^SIGNAL=0$
 ^\[.*assertion\.1\] .* line 13 .* FAILURE$
diff --git a/regression/strings/java_append_char/test.desc b/regression/strings/java_append_char/test.desc
index e39f1d5ebe8..1c583f7be2d 100644
--- a/regression/strings/java_append_char/test.desc
+++ b/regression/strings/java_append_char/test.desc
@@ -1,6 +1,6 @@
 CORE
 test_append_char.class
---refine-strings
+--refine-strings --string-max-length 1000
 ^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
diff --git a/regression/strings/java_case/test.desc b/regression/strings/java_case/test.desc
index 1dee2b7dd3e..22d58ddb3ac 100644
--- a/regression/strings/java_case/test.desc
+++ b/regression/strings/java_case/test.desc
@@ -1,6 +1,6 @@
 CORE
 test_case.class
---refine-strings
+--refine-strings --string-max-length 1000
 ^EXIT=10$
 ^SIGNAL=0$
 ^\[.*assertion\.1\].* line 8.* FAILURE$
diff --git a/regression/strings/java_char_array_init/test.desc b/regression/strings/java_char_array_init/test.desc
index 3efff6619b7..61a71f5034f 100644
--- a/regression/strings/java_char_array_init/test.desc
+++ b/regression/strings/java_char_array_init/test.desc
@@ -1,6 +1,6 @@
 CORE
 test_init.class
---refine-strings
+--refine-strings --string-max-length 1000
 ^EXIT=10$
 ^SIGNAL=0$
 ^\[.*assertion.1\].* line 14.* FAILURE$
diff --git a/regression/strings/java_insert_char/test.desc b/regression/strings/java_insert_char/test.desc
index 406a20e9c52..cdda3eeae95 100644
--- a/regression/strings/java_insert_char/test.desc
+++ b/regression/strings/java_insert_char/test.desc
@@ -1,6 +1,6 @@
 CORE
 test_insert_char.class
---refine-strings
+--refine-strings --string-max-length 1000
 ^EXIT=10$
 ^SIGNAL=0$
 ^\[.*assertion\.1\].* line 8.* FAILURE$
diff --git a/regression/strings/java_insert_char_array/test.desc b/regression/strings/java_insert_char_array/test.desc
index 49a3afbffce..648fec2fa7d 100644
--- a/regression/strings/java_insert_char_array/test.desc
+++ b/regression/strings/java_insert_char_array/test.desc
@@ -1,6 +1,6 @@
 CORE
 test_insert_char_array.class
---refine-strings
+--refine-strings --string-max-length 1000
 ^EXIT=10$
 ^SIGNAL=0$
 ^\[.*assertion\.1\].* line 12.* FAILURE$
diff --git a/regression/strings/java_insert_int/test.desc b/regression/strings/java_insert_int/test.desc
index aa1f5cacab2..bc25e9abf3c 100644
--- a/regression/strings/java_insert_int/test.desc
+++ b/regression/strings/java_insert_int/test.desc
@@ -1,6 +1,6 @@
 CORE
 test_insert_int.class
---refine-strings
+--refine-strings --string-max-length 1000
 ^EXIT=10$
 ^SIGNAL=0$
 ^\[.*assertion\.1\].* line 8.* FAILURE$
diff --git a/regression/strings/java_insert_string/test.desc b/regression/strings/java_insert_string/test.desc
index 7ed578bfca5..79fa2931c93 100644
--- a/regression/strings/java_insert_string/test.desc
+++ b/regression/strings/java_insert_string/test.desc
@@ -1,6 +1,6 @@
 CORE
 test_insert_string.class
---refine-strings
+--refine-strings --string-max-length 1000
 ^EXIT=10$
 ^SIGNAL=0$
 ^\[.*assertion\.1\].* line 8.* FAILURE$

From f255abb988de26f36e3f23616ddf1407ffac46c6 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Fri, 18 Aug 2017 11:47:59 +0100
Subject: [PATCH 652/699] Adding a next_sibling_or_parent iterator

This allows to skip childrens of a node in iteration.
Useful when substituting an expression with another on which we do not
want to iterate.
---
 src/util/expr_iterator.h | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/src/util/expr_iterator.h b/src/util/expr_iterator.h
index 7f6b83440f0..be228bcfba4 100644
--- a/src/util/expr_iterator.h
+++ b/src/util/expr_iterator.h
@@ -55,7 +55,6 @@ inline bool operator==(
   const depth_iterator_expr_statet &right)
 { return left.it==right.it && left.expr.get()==right.expr.get(); }
 
-
 /// Depth first search iterator base - iterates over supplied expression
 /// and all its operands recursively.
 /// Base class using CRTP
@@ -97,11 +96,19 @@ class depth_iterator_baset
     return this->downcast();
   }
 
+  depth_iterator_t &next_sibling_or_parent()
+  {
+    PRECONDITION(!m_stack.empty());
+    m_stack.back().it=m_stack.back().end;
+    ++(*this);
+    return this->downcast();
+  }
+
   /// Post-increment operator
   /// Expensive copy. Avoid if possible
   depth_iterator_t operator++(int)
   {
-    depth_iterator_t tmp(*this);
+    depth_iterator_t tmp(this->downcast());
     this->operator++();
     return tmp;
   }

From 5d3771a7ed2efa4db34c1622dd707a0207ce710b Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Fri, 18 Aug 2017 11:51:42 +0100
Subject: [PATCH 653/699] Adding unit tests for next_sibling_or_parent of an
 iterator

---
 unit/util/expr_iterator.cpp | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/unit/util/expr_iterator.cpp b/unit/util/expr_iterator.cpp
index 4b914b01551..b806448b5c9 100644
--- a/unit/util/expr_iterator.cpp
+++ b/unit/util/expr_iterator.cpp
@@ -133,3 +133,26 @@ TEST_CASE("Iterate over a 3-level tree, mutate - set all types to ID_symbol")
     REQUIRE(expr.get().id()==ID_symbol);
   }
 }
+
+TEST_CASE("next_sibling_or_parent, next sibling")
+{
+  std::vector<exprt> input(4);
+  input[1].operands()={ input[3] };
+  input[2].id(ID_int);
+  input[0].operands()={ input[1], input[2] };
+  auto it=input[0].depth_begin();
+  it++;
+  it.next_sibling_or_parent();
+  REQUIRE(*it==input[2]);
+}
+
+TEST_CASE("next_sibling_or_parent, next parent ")
+{
+  std::vector<exprt> input(3);
+  input[1].operands()={ input[2] };
+  input[0].operands()={ input[1] };
+  auto it=input[0].depth_begin();
+  it++;
+  it.next_sibling_or_parent();
+  REQUIRE(it==input[0].depth_end());
+}

From df61cebbfac2d898e4677e0a51bdc96d43aa1c79 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Tue, 15 Aug 2017 14:01:48 +0100
Subject: [PATCH 654/699] Better debug info

---
 src/solvers/refinement/string_refinement.cpp | 29 +++++++++++++-------
 1 file changed, 19 insertions(+), 10 deletions(-)

diff --git a/src/solvers/refinement/string_refinement.cpp b/src/solvers/refinement/string_refinement.cpp
index 6b8966c7d6f..e3f7886bb80 100644
--- a/src/solvers/refinement/string_refinement.cpp
+++ b/src/solvers/refinement/string_refinement.cpp
@@ -1088,17 +1088,14 @@ static exprt negation_of_constraint(const string_constraintt &axiom)
 /// \return a Boolean
 bool string_refinementt::check_axioms()
 {
-  debug() << "string_refinementt::check_axioms: ==============="
-          << "===========================================" << eom;
-  debug() << "string_refinementt::check_axioms: build the"
-          << " interpretation from the model of the prop_solver" << eom;
+  debug() << "string_refinementt::check_axioms:" << eom;
   debug_model();
 
   // Maps from indexes of violated universal axiom to a witness of violation
   std::map<size_t, exprt> violated;
 
-  debug() << "there are " << universal_axioms.size()
-          << " universal axioms" << eom;
+  debug() << "string_refinement::check_axioms: " << universal_axioms.size()
+          << " universal axioms:" << eom;
   for(size_t i=0; i<universal_axioms.size(); i++)
   {
     const string_constraintt &axiom=universal_axioms[i];
@@ -1112,20 +1109,32 @@ bool string_refinementt::check_axioms()
       univ_var, get(bound_inf), get(bound_sup), get(prem), get(body));
 
     exprt negaxiom=negation_of_constraint(axiom_in_model);
-    debug() << "(string_refinementt::check_axioms) Adding negated constraint: "
-            << from_expr(ns, "", negaxiom) << eom;
-    substitute_array_access(negaxiom);
+
+    debug() << "  - axiom:\n"
+            << "     " << from_expr(ns, "", axiom) << eom;
+    debug() << "  - axiom_in_model:\n"
+            << "     " << from_expr(ns, "", axiom_in_model) << eom;
+    debug() << "  - negated_axiom:\n"
+            << "     " << from_expr(ns, "", negaxiom) << eom;
+
+    substitute_array_access(negaxiom, true);
+
+    debug() << "  - negated_axiom_without_array_access:\n"
+            << "     " << from_expr(ns, "", negaxiom) << eom;
+
     exprt witness;
 
     bool is_sat=is_axiom_sat(negaxiom, univ_var, witness);
 
     if(is_sat)
     {
-      debug() << "string constraint can be violated for "
+      debug() << "  - violated_for: "
               << univ_var.get_identifier()
               << " = " << from_expr(ns, "", witness) << eom;
       violated[i]=witness;
     }
+    else
+      debug() << "  - correct" << eom;
   }
 
   // Maps from indexes of violated not_contains axiom to a witness of violation

From de03d9cede372c6c5a408845adba38b4044d4e86 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Tue, 29 Aug 2017 10:34:27 +0100
Subject: [PATCH 655/699] Function for conversion from expression to size_t

---
 src/solvers/refinement/string_refinement.cpp | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/src/solvers/refinement/string_refinement.cpp b/src/solvers/refinement/string_refinement.cpp
index e3f7886bb80..aa1b7b04c92 100644
--- a/src/solvers/refinement/string_refinement.cpp
+++ b/src/solvers/refinement/string_refinement.cpp
@@ -289,6 +289,26 @@ bool string_refinementt::add_axioms_for_string_assigns(
   return true;
 }
 
+/// Convert exprt to a specific type. Throw bad_cast if conversion
+/// cannot be performed
+/// Generic case doesn't exist, specialize for different types accordingly
+/// TODO: this should go to util
+template<typename T>
+T expr_cast(const exprt&);
+
+template<>
+std::size_t expr_cast<std::size_t>(const exprt& val_expr)
+{
+  mp_integer val_mb;
+  if(to_integer(val_expr, val_mb))
+    throw std::bad_cast();
+  if(!val_mb.is_long())
+    throw std::bad_cast();
+  if(val_mb<0)
+    throw std::bad_cast();
+  return val_mb.to_long();
+}
+
 /// If the expression is of type string, then adds constants to the index set to
 /// force the solver to pick concrete values for each character, and fill the
 /// maps `found_length` and `found_content`.

From f042ff7574cdbffbf865ca77e338698c9d15d92c Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Tue, 29 Aug 2017 10:57:23 +0100
Subject: [PATCH 656/699] Replace pad_vector by fill_in_map_as_vector

This function takes a map as argument which is more appropriate for
the operation to perform.

This also refactors `concretize_string` and `get_array` to use fill_in_map_as_vector
---
 src/solvers/refinement/string_refinement.cpp | 157 ++++++-------------
 src/solvers/refinement/string_refinement.h   |  64 ++++----
 2 files changed, 80 insertions(+), 141 deletions(-)

diff --git a/src/solvers/refinement/string_refinement.cpp b/src/solvers/refinement/string_refinement.cpp
index aa1b7b04c92..b2a3ad487bd 100644
--- a/src/solvers/refinement/string_refinement.cpp
+++ b/src/solvers/refinement/string_refinement.cpp
@@ -313,84 +313,55 @@ std::size_t expr_cast<std::size_t>(const exprt& val_expr)
 /// force the solver to pick concrete values for each character, and fill the
 /// maps `found_length` and `found_content`.
 ///
-///          The way this is done is by looking for the length of the string,
-///          then for each `i` in the index set, look at the value found by
-///          the solver and put it in the `result` table.
-///          For indexes that are not present in the index set, we put the
-///          same value as the next index that is present in the index set.
-///          We do so by traversing the array backward, remembering the
-///          last value that has been initialized.
+/// The way this is done is by looking for the length of the string,
+/// then for each `i` in the index set, look at the value found by
+/// the solver and put it in the `result` table.
+/// For indexes that are not present in the index set, we put the
+/// same value as the next index that is present in the index set.
+/// We do so by traversing the array backward, remembering the
+/// last value that has been initialized.
 void string_refinementt::concretize_string(const exprt &expr)
 {
   if(is_refined_string_type(expr.type()))
   {
-    string_exprt str=to_string_expr(expr);
-    exprt length=get(str.length());
+    const string_exprt str=to_string_expr(expr);
+    const exprt length=get(str.length());
     exprt content=str.content();
     replace_expr(symbol_resolve, content);
     found_length[content]=length;
-    mp_integer found_length;
-    if(!to_integer(length, found_length))
-    {
-      INVARIANT(
-        found_length.is_long(),
-        string_refinement_invariantt("the length of a string should be a "
-          "long"));
-      INVARIANT(
-        found_length>=0,
-        string_refinement_invariantt("the length of a string should be >= 0"));
-      size_t concretize_limit=found_length.to_long();
-      INVARIANT(
-        concretize_limit<=generator.max_string_length,
-        string_refinement_invariantt("string length must be less than the max "
-          "length"));
-      exprt content_expr=str.content();
-      std::vector<exprt> result;
-
-      if(index_set[str.content()].empty())
-        return;
-
-      // Use the last index as the default character value
-      exprt last_concretized=simplify_expr(
-        get(str[minus_exprt(length, from_integer(1, length.type()))]), ns);
-      result.resize(concretize_limit, last_concretized);
+    const auto string_length=expr_cast<std::size_t>(length);
+    INVARIANT(
+      string_length<=generator.max_string_length,
+      string_refinement_invariantt("string length must be less than the max "
+        "length"));
+    if(index_set[str.content()].empty())
+      return;
 
-      // Keep track of the indexes for which we have actual values
-      std::set<size_t> initialized;
+    std::map<std::size_t, exprt> map;
 
-      for(const auto &i : index_set[str.content()])
+    for(const auto &i : index_set[str.content()])
+    {
+      const exprt simple_i=simplify_expr(get(i), ns);
+      mp_integer mpi_index;
+      bool conversion_failure=to_integer(simple_i, mpi_index);
+      if(!conversion_failure && mpi_index>=0 && mpi_index<string_length)
       {
-        mp_integer mp_index;
-        exprt simple_i=simplify_expr(get(i), ns);
-        if(to_integer(simple_i, mp_index) ||
-           mp_index<0 ||
-           mp_index>=concretize_limit)
-        {
-          debug() << "concretize_string: ignoring out of bound index: "
-                  << from_expr(ns, "", simple_i) << eom;
-        }
-        else
-        {
-          // Add an entry in the result vector
-          size_t index=mp_index.to_long();
-          exprt str_i=simplify_expr(str[simple_i], ns);
-          exprt value=simplify_expr(get(str_i), ns);
-          result[index]=value;
-          initialized.insert(index);
-        }
+        const exprt str_i=simplify_expr(str[simple_i], ns);
+        const exprt value=simplify_expr(get(str_i), ns);
+        std::size_t index=mpi_index.to_long();
+        map.emplace(index, value);
+      }
+      else
+      {
+        debug() << "concretize_string: ignoring out of bound index: "
+                << from_expr(ns, "", simple_i) << eom;
       }
-
-      // Pad the concretized values to the left to assign the uninitialized
-      // values of result. The indices greater than concretize_limit are
-      // already assigned to last_concretized.
-      pad_vector(result, initialized, last_concretized);
-
-      array_exprt arr(to_array_type(content.type()));
-      arr.operands()=result;
-      debug() << "Concretized " << from_expr(ns, "", content_expr)
-              << " = " << from_expr(ns, "", arr) << eom;
-      found_content[content]=arr;
     }
+    array_exprt arr(to_array_type(content.type()));
+    arr.operands()=fill_in_map_as_vector(map);
+    debug() << "Concretized " << from_expr(ns, "", str.content())
+            << " = " << from_expr(ns, "", arr) << eom;
+    found_content[content]=arr;
   }
 }
 
@@ -735,62 +706,38 @@ exprt string_refinementt::get_array(const exprt &arr, const exprt &size) const
     return empty_ret;
   }
 
-  std::vector<unsigned> concrete_array(n);
-
   if(arr_val.id()=="array-list")
   {
-    std::set<unsigned> initialized;
+    DATA_INVARIANT(
+      arr_val.operands().size()%2==0,
+      string_refinement_invariantt("and index expression must be on a symbol, "
+                                   "with, array_of, if, or array, and all "
+                                   "cases besides array are handled above"));
+    std::map<std::size_t, exprt> initial_map;
     for(size_t i=0; i<arr_val.operands().size()/2; i++)
     {
       exprt index=arr_val.operands()[i*2];
       unsigned idx;
-      if(!to_unsigned_integer(to_constant_expr(index), idx))
-      {
-        if(idx<n)
-        {
-          exprt value=arr_val.operands()[i*2+1];
-          to_unsigned_integer(to_constant_expr(value), concrete_array[idx]);
-          initialized.insert(idx);
-        }
-      }
+      if(!to_unsigned_integer(to_constant_expr(index), idx) && idx<n)
+        initial_map[idx]=arr_val.operands()[i*2+1];
     }
 
     // Pad the concretized values to the left to assign the uninitialized
     // values of result.
-    pad_vector(concrete_array, initialized, concrete_array[n-1]);
+    ret.operands()=fill_in_map_as_vector(initial_map);
+    return ret;
   }
   else if(arr_val.id()==ID_array)
   {
+    // copy the `n` first elements of `arr_val`
     for(size_t i=0; i<arr_val.operands().size() && i<n; i++)
-    {
-      unsigned c;
-      exprt op=arr_val.operands()[i];
-      if(op.id()==ID_constant)
-      {
-        to_unsigned_integer(to_constant_expr(op), c);
-        concrete_array[i]=c;
-      }
-    }
+      ret.move_to_operands(arr_val.operands()[i]);
+    return ret;
   }
-  else
-  {
-#if 0
-    debug() << "unable to get array-list value of " << from_expr(ns, "", arr)
-            << " of size " << n << eom;
-#endif
-    return array_of_exprt(from_integer(0, char_type), ret_type);
-  }
-
-  for(size_t i=0; i<n; i++)
-  {
-    exprt c_expr=from_integer(concrete_array[i], char_type);
-    ret.move_to_operands(c_expr);
-  }
-
-  return ret;
+  // default return value is an array of `0`s
+  return array_of_exprt(from_integer(0, char_type), ret_type);
 }
 
-
 /// get a model of an array of unknown size and infer the size if possible
 /// \par parameters: an expression representing an array
 /// \return an expression
diff --git a/src/solvers/refinement/string_refinement.h b/src/solvers/refinement/string_refinement.h
index 8762472312e..0eec3e99a9a 100644
--- a/src/solvers/refinement/string_refinement.h
+++ b/src/solvers/refinement/string_refinement.h
@@ -146,11 +146,6 @@ class string_refinementt: public bv_refinementt
   bool is_valid_string_constraint(const string_constraintt &expr);
 
   exprt simplify_sum(const exprt &f) const;
-  template <typename T1, typename T2>
-  void pad_vector(
-    std::vector<T1> &result,
-    std::set<T2> &initialized,
-    T1 last_concretized) const;
 
   void concretize_string(const exprt &expr);
   void concretize_results();
@@ -164,39 +159,36 @@ class string_refinementt: public bv_refinementt
 
 exprt substitute_array_lists(exprt expr, size_t string_max_length);
 
-/// Utility function for concretization of strings. Copies concretized values to
-/// the left to initialize the unconcretized indices of concrete_array.
-/// \param concrete_array: the vector to populate
-/// \param initialized: the vector containing the indices of the concretized
-///   values
-/// \param last_concretized: initial value of the last concretized index
-template <typename T1, typename T2>
-void string_refinementt::pad_vector(
-  std::vector<T1> &concrete_array,
-  std::set<T2> &initialized,
-  T1 last_concretized) const
+exprt concretize_arrays_in_expression(
+  exprt expr, std::size_t string_max_length);
+
+/// Convert index-value map to a vector of values. If a value for an
+/// index is not defined, set it to the value referenced by the next higher
+/// index. The length of the resulting vector is the key of the map's
+/// last element + 1
+/// \param index_value: map containing values of specific vector cells
+/// \return Vector containing values as described in the map
+template <typename T>
+std::vector<T> fill_in_map_as_vector(
+  const std::map<std::size_t, T> &index_value)
 {
-  // Pad the concretized values to the left to assign the uninitialized
-  // values of result. The indices greater than concretize_limit are
-  // already assigned to last_concretized.
-  for(auto j=initialized.rbegin(); j!=initialized.rend();)
+  std::vector<T> result;
+  if(!index_value.empty())
   {
-    size_t i=*j;
-    // The leftmost index to pad is the value + 1 of the next element in
-    // 'initialized'. Since we cannot use the binary '+' operator on set
-    // iterators, we must increment the iterator here instead of in the
-    // for loop.
-    j++;
-    size_t leftmost_index_to_pad=(j!=initialized.rend()?*(j)+1:0);
-    // pad until we reach the next initialized index (right to left)
-    while(i>leftmost_index_to_pad)
-      concrete_array[(i--)-1]=last_concretized;
-    INVARIANT(
-      i==leftmost_index_to_pad,
-      string_refinement_invariantt("Loop decrements i until it is not greater "
-        " than leftmost_index_to_pad"));
-    if(i>0)
-      last_concretized=concrete_array[i-1];
+    result.resize(index_value.rbegin()->first+1);
+    for(auto it=index_value.rbegin(); it!=index_value.rend(); ++it)
+    {
+      const std::size_t index=it->first;
+      const T value=it->second;
+      const auto next=std::next(it);
+      const std::size_t leftmost_index_to_pad=
+        next!=index_value.rend()
+        ? next->first+1
+        : 0;
+      for(std::size_t j=leftmost_index_to_pad; j<=index; j++)
+        result[j]=value;
+    }
   }
+  return result;
 }
 #endif

From 1fd5bb2c1e6c7c090d015bd97b691a2c281afeeb Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Tue, 29 Aug 2017 11:02:32 +0100
Subject: [PATCH 657/699] Adding return check in substitute_array_with_expr

---
 src/solvers/refinement/string_refinement.cpp | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/solvers/refinement/string_refinement.cpp b/src/solvers/refinement/string_refinement.cpp
index b2a3ad487bd..01d3af1567c 100644
--- a/src/solvers/refinement/string_refinement.cpp
+++ b/src/solvers/refinement/string_refinement.cpp
@@ -848,6 +848,7 @@ exprt string_refinementt::substitute_array_with_expr(
     exprt else_expr=substitute_array_with_expr(with_expr.old(), index);
     const typet &type=then_expr.type();
     CHECK_RETURN(else_expr.type()==type);
+    CHECK_RETURN(index.type()==with_expr.where().type());
     return if_exprt(
       equal_exprt(index, with_expr.where()), then_expr, else_expr, type);
   }

From 88c664c49979096bb73f952692a8479be88b3db9 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Tue, 29 Aug 2017 11:03:39 +0100
Subject: [PATCH 658/699] Add a function that fill an array represented by a
 with expression

This interpret the result by propagating values that are set, to the
left.
---
 src/solvers/refinement/string_refinement.cpp | 36 ++++++++++++++++++++
 1 file changed, 36 insertions(+)

diff --git a/src/solvers/refinement/string_refinement.cpp b/src/solvers/refinement/string_refinement.cpp
index 01d3af1567c..988ba93322f 100644
--- a/src/solvers/refinement/string_refinement.cpp
+++ b/src/solvers/refinement/string_refinement.cpp
@@ -863,6 +863,42 @@ exprt string_refinementt::substitute_array_with_expr(
   }
 }
 
+/// Fill an array represented by a list of with_expr by propagating values to
+/// the left. For instance `ARRAY_OF(12) WITH[2:=24] WITH[4:=42]` will give
+/// `{ 24, 24, 24, 42, 42 }`
+/// \param expr: an array expression in the form
+///   `ARRAY_OF(x) WITH [i0:=v0] ... WITH [iN:=vN]`
+/// \param string_max_length: bound on the length of strings
+/// \return an array expression with filled in values, or expr if it is simply
+///   an `ARRAY_OF(x)` expression
+exprt fill_in_array_with_expr(const exprt &expr, std::size_t string_max_length)
+{
+  PRECONDITION(expr.type().id()==ID_array);
+  PRECONDITION(expr.id()==ID_with || expr.id()==ID_array_of);
+
+  // Nothing to do for empty array
+  if(expr.id()==ID_array_of)
+    return expr;
+
+  // Map of the parts of the array that are initialized
+  std::map<std::size_t, exprt> initial_map;
+
+  for(exprt it=expr; it.id()==ID_with; it=to_with_expr(it).old())
+  {
+    // Add to `initial_map` all the pairs (index,value) contained in `WITH`
+    // statements
+    const with_exprt with_expr=to_with_expr(it);
+    const exprt &then_expr=with_expr.new_value();
+    const auto index=expr_cast<std::size_t>(with_expr.where());
+    if(index<string_max_length)
+      initial_map.emplace(index, then_expr);
+  }
+
+  array_exprt result(to_array_type(expr.type()));
+  result.operands()=fill_in_map_as_vector(initial_map);
+  return result;
+}
+
 /// create an equivalent expression where array accesses and 'with' expressions
 /// are replaced by 'if' expressions, in particular:
 ///  * for an array access `arr[x]`, where:

From 0b9811b963b4d033748c586ee2f152da027004c5 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Tue, 29 Aug 2017 11:05:15 +0100
Subject: [PATCH 659/699] Remove useless line break

---
 src/solvers/refinement/string_refinement.cpp | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/src/solvers/refinement/string_refinement.cpp b/src/solvers/refinement/string_refinement.cpp
index 988ba93322f..bd89531e19d 100644
--- a/src/solvers/refinement/string_refinement.cpp
+++ b/src/solvers/refinement/string_refinement.cpp
@@ -928,8 +928,7 @@ void string_refinementt::substitute_array_access(exprt &expr) const
 
     if(index_expr.array().id()==ID_with)
     {
-      expr=substitute_array_with_expr(
-        index_expr.array(), index_expr.index());
+      expr=substitute_array_with_expr(index_expr.array(), index_expr.index());
       return;
     }
 

From e18a6bd8068312897094d47c63ccf8574413de02 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Tue, 29 Aug 2017 11:06:08 +0100
Subject: [PATCH 660/699] Add a function interpreting arrays inside an
 expression

This interpret them in a way that makes sense to the string solver, by
propagating values to the left.
---
 src/solvers/refinement/string_refinement.cpp | 27 ++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/src/solvers/refinement/string_refinement.cpp b/src/solvers/refinement/string_refinement.cpp
index bd89531e19d..6422a71c1ad 100644
--- a/src/solvers/refinement/string_refinement.cpp
+++ b/src/solvers/refinement/string_refinement.cpp
@@ -24,6 +24,7 @@ Author: Alberto Griggio, alberto.griggio@gmail.com
 #include <stack>
 #include <ansi-c/string_constant.h>
 #include <util/cprover_prefix.h>
+#include <util/expr_iterator.h>
 #include <util/replace_expr.h>
 #include <util/refined_string_type.h>
 #include <util/simplify_expr.h>
@@ -1087,6 +1088,32 @@ static exprt negation_of_constraint(const string_constraintt &axiom)
   return negaxiom;
 }
 
+/// Result of the solver `supert` should not be interpreted literally for char
+/// arrays as not all indices are present in the index set.
+/// In the given expression, we populate arrays at the indices for which the
+/// solver has no constraint by copying values to the left.
+/// For example an expression `ARRAY_OF(0) WITH [1:=2] WITH [4:=3]` would
+/// be interpreted as `{ 2, 2, 3, 3, 3}`.
+/// \param expr: expression to interpret
+/// \param string_max_length: maximum size of arrays to consider
+/// \return the interpreted expression
+exprt concretize_arrays_in_expression(exprt expr, std::size_t string_max_length)
+{
+  auto it=expr.depth_begin();
+  const auto end=expr.depth_end();
+  while(it!=end)
+  {
+    if(it->id()==ID_with && it->type().id()==ID_array)
+    {
+      it.mutate()=fill_in_array_with_expr(*it, string_max_length);
+      it.next_sibling_or_parent();
+    }
+    else
+      ++it;
+  }
+  return expr;
+}
+
 /// return true if the current model satisfies all the axioms
 /// \return a Boolean
 bool string_refinementt::check_axioms()

From 2c7f23c409e6d5ecb592160857cf84cd1c6de443 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Tue, 29 Aug 2017 11:07:29 +0100
Subject: [PATCH 661/699] Concretize arrays in axioms when string solver checks
 axioms

This makes the string solver more likely to come up with a solution to
the formulas that are passed to it.
---
 src/solvers/refinement/string_refinement.cpp | 30 +++++++++++---------
 1 file changed, 17 insertions(+), 13 deletions(-)

diff --git a/src/solvers/refinement/string_refinement.cpp b/src/solvers/refinement/string_refinement.cpp
index 6422a71c1ad..04fb0fbdc3f 100644
--- a/src/solvers/refinement/string_refinement.cpp
+++ b/src/solvers/refinement/string_refinement.cpp
@@ -1140,21 +1140,25 @@ bool string_refinementt::check_axioms()
 
     exprt negaxiom=negation_of_constraint(axiom_in_model);
 
-    debug() << "  - axiom:\n"
-            << "     " << from_expr(ns, "", axiom) << eom;
-    debug() << "  - axiom_in_model:\n"
-            << "     " << from_expr(ns, "", axiom_in_model) << eom;
-    debug() << "  - negated_axiom:\n"
-            << "     " << from_expr(ns, "", negaxiom) << eom;
-
-    substitute_array_access(negaxiom, true);
-
-    debug() << "  - negated_axiom_without_array_access:\n"
-            << "     " << from_expr(ns, "", negaxiom) << eom;
-
+    debug() << "  "<< i << ".\n"
+            << "    - axiom:\n"
+            << "       " << from_expr(ns, "", axiom) << eom;
+    debug() << "    - axiom_in_model:\n"
+            << "       " << from_expr(ns, "", axiom_in_model) << eom;
+    debug() << "    - negated_axiom:\n"
+            << "       " << from_expr(ns, "", negaxiom) << eom;
+
+    exprt with_concretized_arrays=concretize_arrays_in_expression(
+      negaxiom, generator.max_string_length);
+    debug() << "    - negated_axiom_with_concretized_array_access:\n"
+            << "       " << from_expr(ns, "", with_concretized_arrays) << eom;
+
+    substitute_array_access(with_concretized_arrays);
+    debug() << "    - negated_axiom_without_array_access:\n"
+            << "       " << from_expr(ns, "", with_concretized_arrays) << eom;
     exprt witness;
 
-    bool is_sat=is_axiom_sat(negaxiom, univ_var, witness);
+    bool is_sat=is_axiom_sat(with_concretized_arrays, univ_var, witness);
 
     if(is_sat)
     {

From 8f51b01dba586215d98074ce5b7144650f14af39 Mon Sep 17 00:00:00 2001
From: Romain Brenguier <romain.brenguier@gmail.com>
Date: Thu, 17 Aug 2017 21:54:33 +0100
Subject: [PATCH 662/699] Adding unit test for concretize_arrays_in_expression

---
 unit/Makefile                                 |  1 +
 .../string_refinement/concretize_array.cpp    | 56 +++++++++++++++++++
 2 files changed, 57 insertions(+)
 create mode 100644 unit/solvers/refinement/string_refinement/concretize_array.cpp

diff --git a/unit/Makefile b/unit/Makefile
index 8fae7e49ca1..b24eeeab1ad 100644
--- a/unit/Makefile
+++ b/unit/Makefile
@@ -24,6 +24,7 @@ SRC += unit_tests.cpp \
        solvers/refinement/string_constraint_generator_valueof/is_digit_with_radix.cpp \
        solvers/refinement/string_constraint_instantiation/instantiate_not_contains.cpp \
        solvers/refinement/string_refinement/substitute_array_list.cpp \
+       solvers/refinement/string_refinement/concretize_array.cpp \
        catch_example.cpp \
        # Empty last line
 
diff --git a/unit/solvers/refinement/string_refinement/concretize_array.cpp b/unit/solvers/refinement/string_refinement/concretize_array.cpp
new file mode 100644
index 00000000000..ab4dc31ae5f
--- /dev/null
+++ b/unit/solvers/refinement/string_refinement/concretize_array.cpp
@@ -0,0 +1,56 @@
+/*******************************************************************\
+
+ Module: Unit tests for concretize_array_expression in
+   solvers/refinement/string_refinement.cpp
+
+ Author: DiffBlue Limited. All rights reserved.
+
+\*******************************************************************/
+
+#include <catch.hpp>
+
+#include <util/arith_tools.h>
+#include <util/std_types.h>
+#include <util/std_expr.h>
+#include <solvers/refinement/string_refinement.h>
+
+SCENARIO("concretize_array_expression",
+  "[core][solvers][refinement][string_refinement]")
+{
+  const typet char_type=unsignedbv_typet(16);
+  const typet int_type=signedbv_typet(32);
+  const exprt index1=from_integer(1, int_type);
+  const exprt charx=from_integer('x', char_type);
+  const exprt index4=from_integer(4, int_type);
+  const exprt chary=from_integer('y', char_type);
+  const exprt index100=from_integer(100, int_type);
+  const exprt char0=from_integer('0', char_type);
+  const exprt index2=from_integer(2, int_type);
+  array_typet array_type(char_type, infinity_exprt(int_type));
+
+  // input_expr is
+  // `'0' + (ARRAY_OF(0) WITH [1:=x] WITH [4:=y] WITH [100:=z])[2]`
+  const plus_exprt input_expr(
+    from_integer('0', char_type),
+    index_exprt(
+      with_exprt(
+        with_exprt(
+          with_exprt(
+            array_of_exprt(from_integer(0, char_type), array_type),
+            index1,
+            charx),
+          index4,
+          chary),
+        index100,
+        from_integer('z', char_type)),
+      index2));
+
+  // String max length is 50, so index 100 should get ignored.
+  const exprt concrete=concretize_arrays_in_expression(input_expr, 50);
+
+  // The expected result is `'0' + { 'x', 'x', 'y', 'y', 'y' }`
+  array_exprt array(array_type);
+  array.operands()={charx, charx, chary, chary, chary};
+  const plus_exprt expected(char0, index_exprt(array, index2));
+  REQUIRE(concrete==expected);
+}

From 5a04db928bf59f4d43c9796ecbff8562859f45d5 Mon Sep 17 00:00:00 2001
From: Daniel Kroening <kroening@cs.ox.ac.uk>
Date: Tue, 29 Aug 2017 18:56:28 +0100
Subject: [PATCH 663/699] replace assert(false) by UNREACHABLE

---
 src/analyses/constant_propagator.cpp          |  2 +-
 src/analyses/custom_bitvector_analysis.cpp    |  4 +-
 src/analyses/goto_check.cpp                   |  2 +-
 src/analyses/goto_rw.cpp                      |  2 +-
 src/analyses/invariant_set.cpp                |  4 +-
 src/ansi-c/ansi_c_convert_type.cpp            |  2 +-
 src/ansi-c/ansi_c_declaration.cpp             |  5 ++-
 src/ansi-c/ansi_c_entry_point.cpp             |  4 +-
 src/ansi-c/c_preprocess.cpp                   |  6 +--
 src/ansi-c/c_typecast.cpp                     | 10 ++---
 src/ansi-c/c_typecheck_expr.cpp               |  8 ++--
 src/ansi-c/c_typecheck_initializer.cpp        |  4 +-
 src/ansi-c/c_typecheck_type.cpp               |  4 +-
 src/ansi-c/expr2c.cpp                         |  2 +-
 src/cbmc/all_properties_class.h               |  2 +-
 src/cbmc/counterexample_beautification.cpp    |  2 +-
 src/cbmc/fault_localization.cpp               |  2 +-
 src/cbmc/symex_coverage.cpp                   |  2 +-
 src/clobber/clobber_parse_options.cpp         |  6 +--
 src/cpp/cpp_constructor.cpp                   |  4 +-
 src/cpp/cpp_convert_type.cpp                  |  8 ++--
 src/cpp/cpp_declarator_converter.cpp          |  2 +-
 src/cpp/cpp_scope.cpp                         |  2 +-
 src/cpp/cpp_typecheck.cpp                     |  2 +-
 src/cpp/cpp_typecheck.h                       |  2 +-
 src/cpp/cpp_typecheck_bases.cpp               |  2 +-
 src/cpp/cpp_typecheck_conversions.cpp         |  2 +-
 src/cpp/cpp_typecheck_expr.cpp                |  6 +--
 src/cpp/cpp_typecheck_initializer.cpp         |  2 +-
 src/cpp/cpp_typecheck_resolve.cpp             |  4 +-
 src/cpp/parse.cpp                             | 18 ++++-----
 src/cpp/template_map.cpp                      |  6 ++-
 src/goto-cc/goto_cc_cmdline.cpp               |  3 +-
 src/goto-diff/change_impact.cpp               | 14 +++----
 src/goto-instrument/goto_program2code.cpp     | 14 +++----
 src/goto-instrument/model_argc_argv.cpp       |  2 +-
 src/goto-instrument/show_locations.cpp        |  2 +-
 src/goto-instrument/unwind.cpp                |  2 +-
 src/goto-programs/basic_blocks.cpp            |  2 +-
 src/goto-programs/builtin_functions.cpp       |  8 ++--
 src/goto-programs/cfg.h                       |  2 +-
 src/goto-programs/goto_convert.cpp            |  8 ++--
 .../goto_convert_side_effect.cpp              |  2 +-
 src/goto-programs/goto_trace.cpp              |  8 ++--
 src/goto-programs/loop_ids.cpp                |  2 +-
 src/goto-programs/read_bin_goto_object.cpp    |  2 +-
 src/goto-programs/remove_complex.cpp          |  2 +-
 src/goto-programs/show_properties.cpp         |  4 +-
 src/goto-programs/string_abstraction.cpp      |  6 +--
 src/goto-symex/goto_symex_state.cpp           |  6 +--
 src/goto-symex/partial_order_concurrency.cpp  |  4 +-
 src/goto-symex/partial_order_concurrency.h    |  2 +-
 src/goto-symex/slice.cpp                      |  4 +-
 src/goto-symex/symex_assign.cpp               |  2 +-
 src/goto-symex/symex_dereference.cpp          |  2 +-
 src/goto-symex/symex_other.cpp                |  2 +-
 src/goto-symex/symex_start_thread.cpp         |  2 +-
 src/goto-symex/symex_target_equation.cpp      |  4 +-
 src/java_bytecode/expr2java.cpp               |  8 ++--
 .../java_bytecode_convert_method.cpp          |  4 +-
 src/java_bytecode/java_bytecode_language.cpp  |  2 +-
 src/java_bytecode/java_types.cpp              |  4 +-
 src/musketeer/fence_inserter.cpp              | 14 +++----
 src/path-symex/path_symex.cpp                 |  2 +-
 src/pointer-analysis/value_set.cpp            |  2 +-
 src/pointer-analysis/value_set_fi.cpp         |  4 +-
 src/pointer-analysis/value_set_fivr.cpp       |  2 +-
 src/pointer-analysis/value_set_fivr.h         |  5 ++-
 src/pointer-analysis/value_set_fivrns.cpp     |  2 +-
 src/pointer-analysis/value_set_fivrns.h       |  5 ++-
 src/symex/symex_parse_options.cpp             |  6 +--
 src/util/arith_tools.cpp                      |  2 +-
 src/util/arith_tools.h                        |  2 +-
 src/util/bv_arithmetic.cpp                    |  2 +-
 src/util/byte_operators.cpp                   |  5 ++-
 src/util/c_types.cpp                          |  7 ++--
 src/util/config.cpp                           | 40 +++++++++----------
 src/util/decision_procedure.cpp               |  2 +-
 src/util/endianness_map.cpp                   |  6 +--
 src/util/ieee_float.cpp                       |  2 +-
 src/util/sharing_map.h                        |  2 +-
 src/util/sharing_node.h                       |  4 +-
 src/util/simplify_expr.cpp                    |  2 +-
 src/util/simplify_expr_floatbv.cpp            |  6 +--
 src/util/simplify_expr_int.cpp                | 14 +++----
 src/util/ssa_expr.cpp                         |  4 +-
 src/util/std_types.cpp                        |  2 +-
 src/util/tempdir.cpp                          |  6 +--
 src/util/union_find.cpp                       |  2 +-
 src/xmllang/graphml.cpp                       |  2 +-
 90 files changed, 214 insertions(+), 202 deletions(-)

diff --git a/src/analyses/constant_propagator.cpp b/src/analyses/constant_propagator.cpp
index 02913f9360a..aef07c8d3f1 100644
--- a/src/analyses/constant_propagator.cpp
+++ b/src/analyses/constant_propagator.cpp
@@ -79,7 +79,7 @@ void constant_propagator_domaint::assign_rec(
         cond = simplify_expr(cond,ns);
       }
       else
-        assert(0);
+        UNREACHABLE;
 
       assign(values, to_symbol_expr(lhs), cond, ns);
 	}
diff --git a/src/analyses/custom_bitvector_analysis.cpp b/src/analyses/custom_bitvector_analysis.cpp
index da5bd52fb61..a81a08e6e67 100644
--- a/src/analyses/custom_bitvector_analysis.cpp
+++ b/src/analyses/custom_bitvector_analysis.cpp
@@ -296,7 +296,7 @@ void custom_bitvector_domaint::transform(
             else if(identifier=="__CPROVER_clear_may")
               mode=modet::CLEAR_MAY;
             else
-              assert(false);
+              UNREACHABLE;
 
             exprt lhs=code_function_call.arguments()[0];
 
@@ -411,7 +411,7 @@ void custom_bitvector_domaint::transform(
         else if(statement=="clear_may")
           mode=modet::CLEAR_MAY;
         else
-          assert(false);
+          UNREACHABLE;
 
         exprt lhs=instruction.code.op0();
 
diff --git a/src/analyses/goto_check.cpp b/src/analyses/goto_check.cpp
index 4ab7d399117..b6ee194dd9f 100644
--- a/src/analyses/goto_check.cpp
+++ b/src/analyses/goto_check.cpp
@@ -833,7 +833,7 @@ void goto_checkt::nan_check(
           equal_exprt(expr.op1(), minus_inf)));
   }
   else
-    assert(false);
+    UNREACHABLE;
 
   isnan.make_not();
 
diff --git a/src/analyses/goto_rw.cpp b/src/analyses/goto_rw.cpp
index c7de024f6f9..571d8bd0ad1 100644
--- a/src/analyses/goto_rw.cpp
+++ b/src/analyses/goto_rw.cpp
@@ -713,7 +713,7 @@ void goto_rw(goto_programt::const_targett target,
   switch(target->type)
   {
   case NO_INSTRUCTION_TYPE:
-    assert(false);
+    UNREACHABLE;
     break;
 
   case GOTO:
diff --git a/src/analyses/invariant_set.cpp b/src/analyses/invariant_set.cpp
index a91c0349bbb..718df977b33 100644
--- a/src/analyses/invariant_set.cpp
+++ b/src/analyses/invariant_set.cpp
@@ -474,7 +474,7 @@ void invariant_sett::strengthen_rec(const exprt &expr)
       }
     }
     else
-      assert(false);
+      UNREACHABLE;
   }
   else if(expr.id()==ID_equal)
   {
@@ -673,7 +673,7 @@ tvt invariant_sett::implies_rec(const exprt &expr) const
     else if(expr.id()==ID_notequal)
       return is_ne(p);
     else
-      assert(false);
+      UNREACHABLE;
   }
 
   return tvt::unknown();
diff --git a/src/ansi-c/ansi_c_convert_type.cpp b/src/ansi-c/ansi_c_convert_type.cpp
index 23be0fdb935..1a67c80c4fa 100644
--- a/src/ansi-c/ansi_c_convert_type.cpp
+++ b/src/ansi-c/ansi_c_convert_type.cpp
@@ -460,7 +460,7 @@ void ansi_c_convert_typet::write(typet &type)
         else
           type=unsigned_long_long_int_type();
       else
-        assert(false);
+        UNREACHABLE;
     }
     else if(gcc_int128_cnt)
     {
diff --git a/src/ansi-c/ansi_c_declaration.cpp b/src/ansi-c/ansi_c_declaration.cpp
index 00beb3a92cf..a0ef86cffe0 100644
--- a/src/ansi-c/ansi_c_declaration.cpp
+++ b/src/ansi-c/ansi_c_declaration.cpp
@@ -16,6 +16,7 @@ Author: Daniel Kroening, kroening@kroening.com
 
 #include <util/config.h>
 #include <util/std_types.h>
+#include <util/invariant.h>
 
 void ansi_c_declaratort::build(irept &src)
 {
@@ -36,7 +37,7 @@ void ansi_c_declaratort::build(irept &src)
     else if(t.id().empty() ||
             t.is_nil())
     {
-      assert(0);
+      UNREACHABLE;
     }
     else if(t.id()==ID_abstract)
     {
@@ -108,7 +109,7 @@ typet ansi_c_declarationt::full_type(
       p=&(p->subtypes().back());
     }
     else
-      assert(false);
+      UNREACHABLE;
   }
 
   *p=type();
diff --git a/src/ansi-c/ansi_c_entry_point.cpp b/src/ansi-c/ansi_c_entry_point.cpp
index b22896bd7f7..af1f6c1cb51 100644
--- a/src/ansi-c/ansi_c_entry_point.cpp
+++ b/src/ansi-c/ansi_c_entry_point.cpp
@@ -305,7 +305,7 @@ bool ansi_c_entry_point(
           max=to_unsignedbv_type(envp_size_symbol.type).largest();
         }
         else
-          assert(false);
+          UNREACHABLE;
 
         exprt max_minus_one=from_integer(max-1, envp_size_symbol.type);
 
@@ -431,7 +431,7 @@ bool ansi_c_entry_point(
       }
     }
     else
-      assert(false);
+      UNREACHABLE;
   }
   else
   {
diff --git a/src/ansi-c/c_preprocess.cpp b/src/ansi-c/c_preprocess.cpp
index 927a928b187..26fb22355ff 100644
--- a/src/ansi-c/c_preprocess.cpp
+++ b/src/ansi-c/c_preprocess.cpp
@@ -106,7 +106,7 @@ static std::string type_max(const typet &src)
     return integer2string(
       power(2, to_unsignedbv_type(src).get_width()-1)-1);
   else
-    assert(false);
+    UNREACHABLE;
 }
 
 /// quote a string for bash and CMD
@@ -766,7 +766,7 @@ bool c_preprocess_gcc_clang(
     else if(config.ansi_c.wchar_t_width==config.ansi_c.char_width)
       command+=" -D__WCHAR_TYPE__=\""+sig+" char\"";
     else
-      assert(false);
+      UNREACHABLE;
   }
 
   if(config.ansi_c.char_is_unsigned)
@@ -804,7 +804,7 @@ bool c_preprocess_gcc_clang(
     break;
 
   default:
-    assert(false);
+    UNREACHABLE;
   }
 
   // Standard Defines, ANSI9899 6.10.8
diff --git a/src/ansi-c/c_typecast.cpp b/src/ansi-c/c_typecast.cpp
index ce451e79f75..edf95e5379e 100644
--- a/src/ansi-c/c_typecast.cpp
+++ b/src/ansi-c/c_typecast.cpp
@@ -378,11 +378,11 @@ void c_typecastt::implicit_typecast_arithmetic(
     }
     return;
 
-  case BOOL:       assert(false); // should always be promoted to int
-  case CHAR:       assert(false); // should always be promoted to int
-  case UCHAR:      assert(false); // should always be promoted to int
-  case SHORT:      assert(false); // should always be promoted to int
-  case USHORT:     assert(false); // should always be promoted to int
+  case BOOL:       UNREACHABLE; // should always be promoted to int
+  case CHAR:       UNREACHABLE; // should always be promoted to int
+  case UCHAR:      UNREACHABLE; // should always be promoted to int
+  case SHORT:      UNREACHABLE; // should always be promoted to int
+  case USHORT:     UNREACHABLE; // should always be promoted to int
   case INT:        new_type=signed_int_type(); break;
   case UINT:       new_type=unsigned_int_type(); break;
   case LONG:       new_type=signed_long_int_type(); break;
diff --git a/src/ansi-c/c_typecheck_expr.cpp b/src/ansi-c/c_typecheck_expr.cpp
index fee4e8685d1..54eab363d7b 100644
--- a/src/ansi-c/c_typecheck_expr.cpp
+++ b/src/ansi-c/c_typecheck_expr.cpp
@@ -77,7 +77,7 @@ void c_typecheck_baset::add_rounding_mode(exprt &expr)
       else if(expr.id()==ID_minus)
         expr.id(ID_floatbv_minus);
       else
-        assert(false);
+        UNREACHABLE;
 
       expr.op2()=from_integer(0, unsigned_int_type());
     }
@@ -875,7 +875,7 @@ void c_typecheck_baset::typecheck_side_effect_statement_expression(
   else if(last_statement==ID_function_call)
   {
     // this is suspected to be dead
-    assert(false);
+    UNREACHABLE;
 
     // make the last statement an expression
 
@@ -2852,7 +2852,7 @@ void c_typecheck_baset::typecheck_expr_binary_arithmetic(exprt &expr)
         else if(expr.id()==ID_bitxor)
           expr.id(ID_xor);
         else
-          assert(false);
+          UNREACHABLE;
         expr.type()=type0;
         return;
       }
@@ -3010,7 +3010,7 @@ void c_typecheck_baset::typecheck_expr_pointer_arithmetic(exprt &expr)
     else
     {
       p_op=int_op=nullptr;
-      assert(false);
+      UNREACHABLE;
     }
 
     const typet &int_op_type=follow(int_op->type());
diff --git a/src/ansi-c/c_typecheck_initializer.cpp b/src/ansi-c/c_typecheck_initializer.cpp
index 1bc494c8d4a..7d388cc68dd 100644
--- a/src/ansi-c/c_typecheck_initializer.cpp
+++ b/src/ansi-c/c_typecheck_initializer.cpp
@@ -344,7 +344,7 @@ void c_typecheck_baset::designator_enter(
     entry.subtype=vector_type.subtype();
   }
   else
-    assert(false);
+    UNREACHABLE;
 
   designator.push_entry(entry);
 }
@@ -478,7 +478,7 @@ exprt::operandst::const_iterator c_typecheck_baset::do_designated_initializer(
       dest=&(dest->op0());
     }
     else
-      assert(false);
+      UNREACHABLE;
   }
 
   // second phase: assign value
diff --git a/src/ansi-c/c_typecheck_type.cpp b/src/ansi-c/c_typecheck_type.cpp
index 5195e653364..393be7dbf54 100644
--- a/src/ansi-c/c_typecheck_type.cpp
+++ b/src/ansi-c/c_typecheck_type.cpp
@@ -380,7 +380,7 @@ void c_typecheck_baset::typecheck_custom_type(typet &type)
     type.set(ID_f, integer2string(f_int));
   }
   else
-    assert(false);
+    UNREACHABLE;
 }
 
 void c_typecheck_baset::typecheck_code_type(code_typet &type)
@@ -759,7 +759,7 @@ void c_typecheck_baset::typecheck_compound_type(struct_union_typet &type)
       else if(compound_symbol.type.id()==ID_union)
         compound_symbol.type.id(ID_incomplete_union);
       else
-        assert(false);
+        UNREACHABLE;
 
       symbolt *new_symbol;
       move_symbol(compound_symbol, new_symbol);
diff --git a/src/ansi-c/expr2c.cpp b/src/ansi-c/expr2c.cpp
index e5159d720f1..eecc856a0f7 100644
--- a/src/ansi-c/expr2c.cpp
+++ b/src/ansi-c/expr2c.cpp
@@ -114,7 +114,7 @@ void expr2ct::get_shorthands(const exprt &expr)
     ns_collision[symbol->location.get_function()].insert(sh);
 
     if(!shorthands.insert(std::make_pair(*it, sh)).second)
-      assert(false);
+      UNREACHABLE;
   }
 
   for(find_symbols_sett::const_iterator
diff --git a/src/cbmc/all_properties_class.h b/src/cbmc/all_properties_class.h
index 89c4614cc12..42b95de39f4 100644
--- a/src/cbmc/all_properties_class.h
+++ b/src/cbmc/all_properties_class.h
@@ -56,7 +56,7 @@ class bmc_all_propertiest:
       }
 
       // make some poor compilers happy
-      assert(false);
+      UNREACHABLE;
       return "";
     }
 
diff --git a/src/cbmc/counterexample_beautification.cpp b/src/cbmc/counterexample_beautification.cpp
index 3cee2da664b..9522107d922 100644
--- a/src/cbmc/counterexample_beautification.cpp
+++ b/src/cbmc/counterexample_beautification.cpp
@@ -74,7 +74,7 @@ counterexample_beautificationt::get_failed_property(
        prop_conv.l_get(it->cond_literal).is_false())
       return it;
 
-  assert(false);
+  UNREACHABLE;
   return equation.SSA_steps.end();
 }
 
diff --git a/src/cbmc/fault_localization.cpp b/src/cbmc/fault_localization.cpp
index 0f7da6270f9..adcfd3dff20 100644
--- a/src/cbmc/fault_localization.cpp
+++ b/src/cbmc/fault_localization.cpp
@@ -73,7 +73,7 @@ fault_localizationt::get_failed_property()
        bmc.prop_conv.l_get(it->cond_literal).is_false())
       return it;
 
-  assert(false);
+  UNREACHABLE;
   return bmc.equation.SSA_steps.end();
 }
 
diff --git a/src/cbmc/symex_coverage.cpp b/src/cbmc/symex_coverage.cpp
index f9ac9cc207d..dc9fef60567 100644
--- a/src/cbmc/symex_coverage.cpp
+++ b/src/cbmc/symex_coverage.cpp
@@ -247,7 +247,7 @@ void goto_program_coverage_recordt::compute_coverage_lines(
       branches_total+=2;
       if(!entry.first->second.conditions.insert(
           {it, coverage_conditiont()}).second)
-        assert(false);
+        UNREACHABLE;
     }
 
     symex_coveraget::coveraget::const_iterator c_entry=
diff --git a/src/clobber/clobber_parse_options.cpp b/src/clobber/clobber_parse_options.cpp
index 7df4d5fa56f..66fc8fb6896 100644
--- a/src/clobber/clobber_parse_options.cpp
+++ b/src/clobber/clobber_parse_options.cpp
@@ -433,7 +433,7 @@ void clobber_parse_optionst::report_success()
     break;
 
   default:
-    assert(false);
+    UNREACHABLE;
   }
 }
 
@@ -458,7 +458,7 @@ void clobber_parse_optionst::show_counterexample(
     break;
 
   default:
-    assert(false);
+    UNREACHABLE;
   }
 }
 
@@ -481,7 +481,7 @@ void clobber_parse_optionst::report_failure()
     break;
 
   default:
-    assert(false);
+    UNREACHABLE;
   }
 }
 
diff --git a/src/cpp/cpp_constructor.cpp b/src/cpp/cpp_constructor.cpp
index df037cda6cb..e2eeaae1ca6 100644
--- a/src/cpp/cpp_constructor.cpp
+++ b/src/cpp/cpp_constructor.cpp
@@ -183,7 +183,7 @@ codet cpp_typecheckt::cpp_constructor(
   }
   else if(tmp_type.id()==ID_union)
   {
-    assert(0); // Todo: union
+    UNREACHABLE; // Todo: union
   }
   else if(tmp_type.id()==ID_struct)
   {
@@ -301,7 +301,7 @@ codet cpp_typecheckt::cpp_constructor(
     }
   }
   else
-    assert(false);
+    UNREACHABLE;
 
   codet nil;
   nil.make_nil();
diff --git a/src/cpp/cpp_convert_type.cpp b/src/cpp/cpp_convert_type.cpp
index b98845964e0..ae5853d07b3 100644
--- a/src/cpp/cpp_convert_type.cpp
+++ b/src/cpp/cpp_convert_type.cpp
@@ -13,11 +13,11 @@ Author: Daniel Kroening, kroening@cs.cmu.edu
 
 #include <cassert>
 
-#include <util/config.h>
 #include <util/arith_tools.h>
-#include <util/std_types.h>
-
 #include <util/c_types.h>
+#include <util/config.h>
+#include <util/invariant.h>
+#include <util/std_types.h>
 
 #include "cpp_declaration.h"
 #include "cpp_name.h"
@@ -285,7 +285,7 @@ void cpp_convert_typet::read_function_type(const typet &type)
       throw "ellipsis only allowed as last parameter";
     }
     else
-      assert(false);
+      UNREACHABLE;
   }
 
   // if we just have one parameter of type void, remove it
diff --git a/src/cpp/cpp_declarator_converter.cpp b/src/cpp/cpp_declarator_converter.cpp
index 9d7ee9b3121..e01b7bacaf3 100644
--- a/src/cpp/cpp_declarator_converter.cpp
+++ b/src/cpp/cpp_declarator_converter.cpp
@@ -91,7 +91,7 @@ symbolt &cpp_declarator_convertert::convert(
     // adjust template type
     if(final_type.id()==ID_template)
     {
-      assert(0);
+      UNREACHABLE;
       typet tmp;
       tmp.swap(final_type.subtype());
       final_type.swap(tmp);
diff --git a/src/cpp/cpp_scope.cpp b/src/cpp/cpp_scope.cpp
index c3849384d67..1521472ccd3 100644
--- a/src/cpp/cpp_scope.cpp
+++ b/src/cpp/cpp_scope.cpp
@@ -20,7 +20,7 @@ std::ostream &operator << (std::ostream &out, cpp_scopet::lookup_kindt kind)
   case cpp_scopet::QUALIFIED: return out << "QUALIFIED";
   case cpp_scopet::SCOPE_ONLY: return out << "SCOPE_ONLY";
   case cpp_scopet::RECURSIVE: return out << "RECURSIVE";
-  default: assert(false);
+  default: UNREACHABLE;
   }
 
   return out;
diff --git a/src/cpp/cpp_typecheck.cpp b/src/cpp/cpp_typecheck.cpp
index e87efb885fb..b1be4281d3b 100644
--- a/src/cpp/cpp_typecheck.cpp
+++ b/src/cpp/cpp_typecheck.cpp
@@ -250,7 +250,7 @@ void cpp_typecheckt::do_not_typechecked()
           cont=true;
         }
         else
-          assert(0); // Don't know what to do!
+          UNREACHABLE; // Don't know what to do!
       }
     }
   }
diff --git a/src/cpp/cpp_typecheck.h b/src/cpp/cpp_typecheck.h
index 5c0a6afe285..29a2a7e0efc 100644
--- a/src/cpp/cpp_typecheck.h
+++ b/src/cpp/cpp_typecheck.h
@@ -380,7 +380,7 @@ class cpp_typecheckt:public c_typecheck_baset
 
   void put_compound_into_scope(const struct_union_typet::componentt &component);
   void typecheck_compound_body(symbolt &symbol);
-  void typecheck_compound_body(struct_union_typet &type) { assert(false); }
+  void typecheck_compound_body(struct_union_typet &type) { UNREACHABLE; }
   void typecheck_enum_body(symbolt &symbol);
   void typecheck_method_bodies(method_bodiest &);
   void typecheck_compound_bases(struct_typet &type);
diff --git a/src/cpp/cpp_typecheck_bases.cpp b/src/cpp/cpp_typecheck_bases.cpp
index c076d1e131b..26d2efb210e 100644
--- a/src/cpp/cpp_typecheck_bases.cpp
+++ b/src/cpp/cpp_typecheck_bases.cpp
@@ -209,7 +209,7 @@ void cpp_typecheckt::add_base_components(
         component.set_access(ID_private);
     }
     else
-      assert(false);
+      UNREACHABLE;
 
     // put into scope
   }
diff --git a/src/cpp/cpp_typecheck_conversions.cpp b/src/cpp/cpp_typecheck_conversions.cpp
index f2c5d04f36f..e3d314f44aa 100644
--- a/src/cpp/cpp_typecheck_conversions.cpp
+++ b/src/cpp/cpp_typecheck_conversions.cpp
@@ -1750,7 +1750,7 @@ bool cpp_typecheckt::dynamic_typecast(
     {
       if(!e.get_bool(ID_C_lvalue))
         return false;
-      assert(0); // currently not supported
+      UNREACHABLE; // currently not supported
     }
     else if(follow(type.subtype()).id()==ID_struct)
     {
diff --git a/src/cpp/cpp_typecheck_expr.cpp b/src/cpp/cpp_typecheck_expr.cpp
index 88b26461482..cac26bd5dc3 100644
--- a/src/cpp/cpp_typecheck_expr.cpp
+++ b/src/cpp/cpp_typecheck_expr.cpp
@@ -1021,7 +1021,7 @@ void cpp_typecheckt::typecheck_expr_delete(exprt &expr)
   {
   }
   else
-    assert(false);
+    UNREACHABLE;
 
   typet pointer_type=follow(expr.op0().type());
 
@@ -1065,7 +1065,7 @@ void cpp_typecheckt::typecheck_expr_typecast(exprt &expr)
   // should not be called
   #if 0
   std::cout << "E: " << expr.pretty() << '\n';
-  assert(0);
+  UNREACHABLE;
   #endif
 }
 
@@ -1392,7 +1392,7 @@ void cpp_typecheckt::typecheck_cast_expr(exprt &expr)
     }
   }
   else
-    assert(false);
+    UNREACHABLE;
 
   expr.swap(new_expr);
 }
diff --git a/src/cpp/cpp_typecheck_initializer.cpp b/src/cpp/cpp_typecheck_initializer.cpp
index e492a170cbf..7795b71e4c0 100644
--- a/src/cpp/cpp_typecheck_initializer.cpp
+++ b/src/cpp/cpp_typecheck_initializer.cpp
@@ -121,7 +121,7 @@ void cpp_typecheckt::convert_initializer(symbolt &symbol)
         symbol.value.type().add("to-member") = resolved_expr.op0().type();
       }
       else
-        assert(false);
+        UNREACHABLE;
 
       if(symbol.type != symbol.value.type())
       {
diff --git a/src/cpp/cpp_typecheck_resolve.cpp b/src/cpp/cpp_typecheck_resolve.cpp
index 0b49853f5fd..c323794f10b 100644
--- a/src/cpp/cpp_typecheck_resolve.cpp
+++ b/src/cpp/cpp_typecheck_resolve.cpp
@@ -405,7 +405,7 @@ void cpp_typecheck_resolvet::filter(
       break;
 
     default:
-      assert(false);
+      UNREACHABLE;
     }
 
     if(match)
@@ -2078,7 +2078,7 @@ void cpp_typecheck_resolvet::apply_template_args(
 
   // We never try 'unassigned' template arguments.
   if(template_args_tc.has_unassigned())
-    assert(false);
+    UNREACHABLE;
 
   // a template is always a declaration
   const cpp_declarationt &cpp_declaration=
diff --git a/src/cpp/parse.cpp b/src/cpp/parse.cpp
index 494f9e48ff5..bcdc444de36 100644
--- a/src/cpp/parse.cpp
+++ b/src/cpp/parse.cpp
@@ -1026,7 +1026,7 @@ bool Parser::rTemplateDecl(cpp_declarationt &decl)
     break;
 
    default:
-    assert(0);
+    UNREACHABLE;
     break;
   }
 
@@ -1941,7 +1941,7 @@ bool Parser::optMemberSpec(cpp_member_spect &member_spec)
     case TOK_VIRTUAL:  member_spec.set_virtual(true); break;
     case TOK_FRIEND:   member_spec.set_friend(true); break;
     case TOK_EXPLICIT: member_spec.set_explicit(true); break;
-    default: assert(false);
+    default: UNREACHABLE;
     }
 
     t=lex.LookAhead(0);
@@ -1978,7 +1978,7 @@ bool Parser::optStorageSpec(cpp_storage_spect &storage_spec)
     case TOK_MUTABLE: storage_spec.set_mutable(); break;
     case TOK_GCC_ASM: storage_spec.set_asm(); break;
     case TOK_THREAD_LOCAL: storage_spec.set_thread_local(); break;
-    default: assert(false);
+    default: UNREACHABLE;
     }
 
     set_location(storage_spec, tk);
@@ -2048,7 +2048,7 @@ bool Parser::optCvQualify(typet &cv)
         break;
 
       default:
-        assert(false);
+        UNREACHABLE;
         break;
       }
     }
@@ -4205,7 +4205,7 @@ bool Parser::rClassSpec(typet &spec)
   else if(t==TOK_UNION)
     spec=typet(ID_union);
   else
-    assert(false);
+    UNREACHABLE;
 
   set_location(spec, tk);
 
@@ -4314,7 +4314,7 @@ bool Parser::rBaseSpecifiers(irept &bases)
         break;
 
        default:
-        assert(0);
+        UNREACHABLE;
       }
 
       t=lex.LookAhead(0);
@@ -4438,7 +4438,7 @@ bool Parser::rClassMember(cpp_itemt &member)
       break;
 
     default:
-      assert(0);
+      UNREACHABLE;
     }
 
     set_location(member, tk1);
@@ -5487,7 +5487,7 @@ bool Parser::rUnaryExpr(exprt &exp)
       break;
 
     default:
-      assert(0);
+      UNREACHABLE;
     }
 
     exp.move_to_operands(right);
@@ -6393,7 +6393,7 @@ bool Parser::rTypePredicate(exprt &expr)
     break;
 
   default:
-    assert(false);
+    UNREACHABLE;
   }
 
   return true;
diff --git a/src/cpp/template_map.cpp b/src/cpp/template_map.cpp
index 4df80e3a089..16949d7aaa7 100644
--- a/src/cpp/template_map.cpp
+++ b/src/cpp/template_map.cpp
@@ -13,6 +13,8 @@ Author: Daniel Kroening, kroening@cs.cmu.edu
 
 #include <ostream>
 
+#include <util/invariant.h>
+
 void template_mapt::apply(typet &type) const
 {
   if(type.id()==ID_array)
@@ -190,7 +192,7 @@ void template_mapt::set(
   if(parameter.id()==ID_type)
   {
     if(parameter.id()!=ID_type)
-      assert(false); // typechecked before!
+      UNREACHABLE; // typechecked before!
 
     typet tmp=value.type();
 
@@ -202,7 +204,7 @@ void template_mapt::set(
     // must be non-type
 
     if(value.id()==ID_type)
-      assert(false); // typechecked before!
+      UNREACHABLE; // typechecked before!
 
     irep_idt identifier=parameter.get(ID_identifier);
     expr_map[identifier]=value;
diff --git a/src/goto-cc/goto_cc_cmdline.cpp b/src/goto-cc/goto_cc_cmdline.cpp
index 8691b9db770..ac86ee38551 100644
--- a/src/goto-cc/goto_cc_cmdline.cpp
+++ b/src/goto-cc/goto_cc_cmdline.cpp
@@ -18,6 +18,7 @@ Date:   April 2010
 #include <iostream>
 #include <cstdio>
 
+#include <util/invariant.h>
 #include <util/prefix.h>
 #include <util/tempfile.h>
 
@@ -101,7 +102,7 @@ std::size_t goto_cc_cmdlinet::get_optnr(const std::string &opt_string)
   }
   else
   {
-    assert(false);
+    UNREACHABLE;
     return -1;
   }
 
diff --git a/src/goto-diff/change_impact.cpp b/src/goto-diff/change_impact.cpp
index 44946ab2f4c..cec37680a53 100644
--- a/src/goto-diff/change_impact.cpp
+++ b/src/goto-diff/change_impact.cpp
@@ -591,7 +591,7 @@ void change_impactt::output_change_impact(
     else if(mod_flags&DEL_CTRL_DEP)
       prefix='c';
     else
-      assert(false);
+      UNREACHABLE;
 
     output_instruction(prefix, goto_program, ns, function, target);
   }
@@ -653,12 +653,12 @@ void change_impactt::output_change_impact(
       else if(old_mod_flags&DEL_CTRL_DEP)
         prefix='c';
       else
-        assert(false);
+        UNREACHABLE;
 
       ++o_target;
     }
     else if(mod_flags&DELETED)
-      assert(false);
+      UNREACHABLE;
     else if(mod_flags&NEW)
       prefix='+';
     else if(mod_flags&NEW_DATA_DEP)
@@ -680,7 +680,7 @@ void change_impactt::output_change_impact(
       ++o_target;
     }
     else
-      assert(false);
+      UNREACHABLE;
 
     output_instruction(prefix, goto_program, n_ns, function, target);
   }
@@ -697,17 +697,17 @@ void change_impactt::output_change_impact(
     // syntactic changes are preferred over data/control-dependence
     // modifications
     if(old_mod_flags==SAME)
-      assert(false);
+      UNREACHABLE;
     else if(old_mod_flags&DELETED)
       prefix='-';
     else if(old_mod_flags&NEW)
-      assert(false);
+      UNREACHABLE;
     else if(old_mod_flags&DEL_DATA_DEP)
       prefix='d';
     else if(old_mod_flags&DEL_CTRL_DEP)
       prefix='c';
     else
-      assert(false);
+      UNREACHABLE;
 
     output_instruction(prefix, goto_program, o_ns, function, o_target);
   }
diff --git a/src/goto-instrument/goto_program2code.cpp b/src/goto-instrument/goto_program2code.cpp
index 1a96eb4ee34..e773b91cd02 100644
--- a/src/goto-instrument/goto_program2code.cpp
+++ b/src/goto-instrument/goto_program2code.cpp
@@ -88,7 +88,7 @@ void goto_program2codet::build_loop_map()
       }
 
     if(!loop_map.insert(std::make_pair(loop_start, loop_end)).second)
-      assert(false);
+      UNREACHABLE;
   }
 }
 
@@ -249,11 +249,11 @@ goto_programt::const_targett goto_program2codet::convert_instruction(
       return convert_catch(target, upper_bound, dest);
 
     case NO_INSTRUCTION_TYPE:
-      assert(false);
+      UNREACHABLE;
   }
 
   // not reached
-  assert(false);
+  UNREACHABLE;
   return target;
 }
 
@@ -817,7 +817,7 @@ bool goto_program2codet::set_block_end_points(
         break;
 
       if(!processed_locations.insert(case_end->location_number).second)
-        assert(false);
+        UNREACHABLE;
 
       it->case_last=case_end;
     }
@@ -1022,7 +1022,7 @@ goto_programt::const_targett goto_program2codet::convert_goto_switch(
       // this improves convergence
       if(it->case_start!=(--cases.end())->case_start)
       {
-        assert(false);
+        UNREACHABLE;
         goto_programt::instructiont i=*(it->case_selector);
         i.guard=true_exprt();
         goto_programt tmp;
@@ -1416,7 +1416,7 @@ goto_programt::const_targett goto_program2codet::convert_throw(
     codet &dest)
 {
   // this isn't really clear as throw is not supported in expr2cpp either
-  assert(false);
+  UNREACHABLE;
   return target;
 }
 
@@ -1426,7 +1426,7 @@ goto_programt::const_targett goto_program2codet::convert_catch(
     codet &dest)
 {
   // this isn't really clear as catch is not supported in expr2cpp either
-  assert(false);
+  UNREACHABLE;
   return target;
 }
 
diff --git a/src/goto-instrument/model_argc_argv.cpp b/src/goto-instrument/model_argc_argv.cpp
index 7e01d66e62a..319acf8674c 100644
--- a/src/goto-instrument/model_argc_argv.cpp
+++ b/src/goto-instrument/model_argc_argv.cpp
@@ -136,7 +136,7 @@ bool model_argc_argv(
     else if(has_prefix(id2string(it->first),
                        CPROVER_PREFIX "initialize::") &&
             symbol_table.add(it->second))
-      assert(false);
+      UNREACHABLE;
   }
 
   assert(value.is_not_nil());
diff --git a/src/goto-instrument/show_locations.cpp b/src/goto-instrument/show_locations.cpp
index b02dcb1b099..2b9580add2f 100644
--- a/src/goto-instrument/show_locations.cpp
+++ b/src/goto-instrument/show_locations.cpp
@@ -57,7 +57,7 @@ void show_locations(
       break;
 
     default:
-      assert(false);
+      UNREACHABLE;
     }
   }
 }
diff --git a/src/goto-instrument/unwind.cpp b/src/goto-instrument/unwind.cpp
index 78015b22e6f..81f19d30c7a 100644
--- a/src/goto-instrument/unwind.cpp
+++ b/src/goto-instrument/unwind.cpp
@@ -177,7 +177,7 @@ void goto_unwindt::unwind(
     else if(unwind_strategy==unwind_strategyt::ASSUME)
       new_t->make_assumption(exit_cond);
     else
-      assert(false);
+      UNREACHABLE;
 
     new_t->source_location=loop_head->source_location;
     new_t->function=loop_head->function;
diff --git a/src/goto-programs/basic_blocks.cpp b/src/goto-programs/basic_blocks.cpp
index 44e1ff7bacb..75b91b82bd6 100644
--- a/src/goto-programs/basic_blocks.cpp
+++ b/src/goto-programs/basic_blocks.cpp
@@ -89,6 +89,6 @@ void basic_blocks(goto_programt &goto_program,
       }
     }
     else
-      assert(false);
+      UNREACHABLE;
   }
 }
diff --git a/src/goto-programs/builtin_functions.cpp b/src/goto-programs/builtin_functions.cpp
index 911e25460cc..f1a103e2428 100644
--- a/src/goto-programs/builtin_functions.cpp
+++ b/src/goto-programs/builtin_functions.cpp
@@ -221,7 +221,7 @@ void goto_convertt::do_printf(
     }
   }
   else
-    assert(false);
+    UNREACHABLE;
 }
 
 void goto_convertt::do_scanf(
@@ -326,7 +326,7 @@ void goto_convertt::do_scanf(
     }
   }
   else
-    assert(false);
+    UNREACHABLE;
 }
 
 void goto_convertt::do_input(
@@ -833,7 +833,7 @@ void goto_convertt::cpp_new_initializer(
       convert(to_code(initializer), dest);
     }
     else
-      assert(false);
+      UNREACHABLE;
   }
 }
 
@@ -1396,7 +1396,7 @@ void goto_convertt::do_function_call_symbol(
   }
   else if(identifier=="__builtin_unreachable")
   {
-    // says something like assert(false);
+    // says something like UNREACHABLE;
   }
   else if(identifier==ID_gcc_builtin_va_arg)
   {
diff --git a/src/goto-programs/cfg.h b/src/goto-programs/cfg.h
index 2e1bd83598b..dcb6d7153cd 100644
--- a/src/goto-programs/cfg.h
+++ b/src/goto-programs/cfg.h
@@ -403,7 +403,7 @@ void cfg_baset<T, P, I>::compute_edges(
     break;
 
   case NO_INSTRUCTION_TYPE:
-    assert(false);
+    UNREACHABLE;
     break;
   }
 }
diff --git a/src/goto-programs/goto_convert.cpp b/src/goto-programs/goto_convert.cpp
index aa6ddd70d7a..710c90595cd 100644
--- a/src/goto-programs/goto_convert.cpp
+++ b/src/goto-programs/goto_convert.cpp
@@ -839,7 +839,7 @@ void goto_convertt::convert_cpp_delete(
   else if(code.get_statement()==ID_cpp_delete)
     delete_identifier="__delete";
   else
-    assert(false);
+    UNREACHABLE;
 
   if(destructor.is_not_nil())
   {
@@ -858,7 +858,7 @@ void goto_convertt::convert_cpp_delete(
       convert(tmp_code, dest);
     }
     else
-      assert(false);
+      UNREACHABLE;
   }
 
   // now do "free"
@@ -1810,7 +1810,7 @@ void goto_convertt::generate_ifthenelse(
      true_case.instructions.back().labels.empty())
   {
     // The above conjunction deliberately excludes the instance
-    // if(some) { label: assert(0); }
+    // if(some) { label: assert(false); }
     true_case.instructions.back().guard=boolean_negate(guard);
     dest.destructive_append(true_case);
     true_case.instructions.clear();
@@ -1823,7 +1823,7 @@ void goto_convertt::generate_ifthenelse(
      false_case.instructions.back().labels.empty())
   {
     // The above conjunction deliberately excludes the instance
-    // if(some) ... else { label: assert(0); }
+    // if(some) ... else { label: assert(false); }
     false_case.instructions.back().guard=guard;
     dest.destructive_append(false_case);
     false_case.instructions.clear();
diff --git a/src/goto-programs/goto_convert_side_effect.cpp b/src/goto-programs/goto_convert_side_effect.cpp
index 2fc795254d2..ac12c64be41 100644
--- a/src/goto-programs/goto_convert_side_effect.cpp
+++ b/src/goto-programs/goto_convert_side_effect.cpp
@@ -123,7 +123,7 @@ void goto_convertt::remove_assignment(
     convert(assignment, dest);
   }
   else
-    assert(false);
+    UNREACHABLE;
 
   // revert assignment in the expression to its LHS
   if(result_is_used)
diff --git a/src/goto-programs/goto_trace.cpp b/src/goto-programs/goto_trace.cpp
index d832412509c..15749d2012d 100644
--- a/src/goto-programs/goto_trace.cpp
+++ b/src/goto-programs/goto_trace.cpp
@@ -56,7 +56,7 @@ void goto_trace_stept::output(
     out << "FUNCTION RETURN"; break;
   default:
     out << "unknown type: " << static_cast<int>(type) << std::endl;
-    assert(false);
+    UNREACHABLE;
   }
 
   if(type==typet::ASSERT || type==typet::ASSUME || type==typet::GOTO)
@@ -386,16 +386,16 @@ void show_goto_trace(
       break;
 
     case goto_trace_stept::typet::CONSTRAINT:
-      assert(false);
+      UNREACHABLE;
       break;
 
     case goto_trace_stept::typet::SHARED_READ:
     case goto_trace_stept::typet::SHARED_WRITE:
-      assert(false);
+      UNREACHABLE;
       break;
 
     default:
-      assert(false);
+      UNREACHABLE;
     }
   }
 }
diff --git a/src/goto-programs/loop_ids.cpp b/src/goto-programs/loop_ids.cpp
index 5f4c560a0bd..86deb73eb43 100644
--- a/src/goto-programs/loop_ids.cpp
+++ b/src/goto-programs/loop_ids.cpp
@@ -67,7 +67,7 @@ void show_loop_ids(
       break;
     }
     case ui_message_handlert::uit::JSON_UI:
-      assert(false); // use function below
+      UNREACHABLE; // use function below
   }
 }
 
diff --git a/src/goto-programs/read_bin_goto_object.cpp b/src/goto-programs/read_bin_goto_object.cpp
index ebfaf6a75d1..466d6cef4ab 100644
--- a/src/goto-programs/read_bin_goto_object.cpp
+++ b/src/goto-programs/read_bin_goto_object.cpp
@@ -114,7 +114,7 @@ bool read_bin_goto_object_v3(
          rev_target_map.insert(
            rev_target_map.end(),
            std::make_pair(instruction.target_number, itarget))->second!=itarget)
-        assert(false);
+        UNREACHABLE;
 
       std::size_t t_count = irepconverter.read_gb_word(in); // # of targets
       for(std::size_t i=0; i<t_count; i++)
diff --git a/src/goto-programs/remove_complex.cpp b/src/goto-programs/remove_complex.cpp
index 13ff90f908b..78b655e4108 100644
--- a/src/goto-programs/remove_complex.cpp
+++ b/src/goto-programs/remove_complex.cpp
@@ -24,7 +24,7 @@ static exprt complex_member(const exprt &expr, irep_idt id)
     else if(id==ID_imag)
       return expr.op1();
     else
-      assert(false);
+      UNREACHABLE;
   }
   else
   {
diff --git a/src/goto-programs/show_properties.cpp b/src/goto-programs/show_properties.cpp
index 0ea5f16fad6..7f0be70cc64 100644
--- a/src/goto-programs/show_properties.cpp
+++ b/src/goto-programs/show_properties.cpp
@@ -64,7 +64,7 @@ void show_properties(
       break;
 
     case ui_message_handlert::uit::JSON_UI:
-      assert(false);
+      UNREACHABLE;
       break;
 
     case ui_message_handlert::uit::PLAIN:
@@ -79,7 +79,7 @@ void show_properties(
       break;
 
     default:
-      assert(false);
+      UNREACHABLE;
     }
   }
 }
diff --git a/src/goto-programs/string_abstraction.cpp b/src/goto-programs/string_abstraction.cpp
index fbb8aa32316..f7599e16578 100644
--- a/src/goto-programs/string_abstraction.cpp
+++ b/src/goto-programs/string_abstraction.cpp
@@ -481,7 +481,7 @@ goto_programt::targett string_abstractiont::abstract(
 
   case RETURN:
     // use remove_returns
-    assert(false);
+    UNREACHABLE;
     break;
 
   case END_FUNCTION:
@@ -498,7 +498,7 @@ goto_programt::targett string_abstractiont::abstract(
   case LOCATION:
     break;
   case NO_INSTRUCTION_TYPE:
-    assert(false);
+    UNREACHABLE;
     break;
   }
 
@@ -647,7 +647,7 @@ exprt string_abstractiont::build(
 
   exprt str_struct;
   if(build_wrap(pointer, str_struct, write))
-    assert(false);
+    UNREACHABLE;
 
   exprt result=member(str_struct, what);
 
diff --git a/src/goto-symex/goto_symex_state.cpp b/src/goto-symex/goto_symex_state.cpp
index bd13a853605..9616a3daa20 100644
--- a/src/goto-symex/goto_symex_state.cpp
+++ b/src/goto-symex/goto_symex_state.cpp
@@ -304,7 +304,7 @@ static void assert_l1_renaming(const exprt &expr)
   if(check_renaming_l1(expr))
   {
     std::cerr << expr.pretty() << '\n';
-    assert(false);
+    UNREACHABLE;
   }
   #else
   (void)expr;
@@ -317,7 +317,7 @@ static void assert_l2_renaming(const exprt &expr)
   if(check_renaming(expr))
   {
     std::cerr << expr.pretty() << '\n';
-    assert(false);
+    UNREACHABLE;
   }
   #else
   (void)expr;
@@ -439,7 +439,7 @@ void goto_symex_statet::set_ssa_indices(
     break;
 
   default:
-    assert(false);
+    UNREACHABLE;
   }
 }
 
diff --git a/src/goto-symex/partial_order_concurrency.cpp b/src/goto-symex/partial_order_concurrency.cpp
index e0f82ba6af2..e79c6f3d90d 100644
--- a/src/goto-symex/partial_order_concurrency.cpp
+++ b/src/goto-symex/partial_order_concurrency.cpp
@@ -133,7 +133,7 @@ irep_idt partial_order_concurrencyt::rw_clock_id(
   else if(event->is_shared_read())
     return id2string(id(event))+"$rclk$"+std::to_string(axiom);
   else
-    assert(false);
+    UNREACHABLE;
 
   return "";
 }
@@ -156,7 +156,7 @@ symbol_exprt partial_order_concurrencyt::clock(
       std::to_string(numbering[event])+"$spwnclk$"+std::to_string(axiom);
   }
   else
-    assert(false);
+    UNREACHABLE;
 
   return symbol_exprt(identifier, clock_type);
 }
diff --git a/src/goto-symex/partial_order_concurrency.h b/src/goto-symex/partial_order_concurrency.h
index 5163451e210..adb82366cbd 100644
--- a/src/goto-symex/partial_order_concurrency.h
+++ b/src/goto-symex/partial_order_concurrency.h
@@ -116,7 +116,7 @@ class numbered_evtst
     const ordered_evtst::size_type offset=ordered_evts.size();
     ordered_evts.push_back(&evt);
     if(!ordered_evts_map.insert(std::make_pair(&evt, offset)).second)
-      assert(false);
+      UNREACHABLE;
     assert(ordered_evts.size()==ordered_evts_map.size());
 
     if(evt.direction==evtt::D_SYNC ||
diff --git a/src/goto-symex/slice.cpp b/src/goto-symex/slice.cpp
index 0a59b7befea..67795005c37 100644
--- a/src/goto-symex/slice.cpp
+++ b/src/goto-symex/slice.cpp
@@ -105,7 +105,7 @@ void symex_slicet::slice(symex_target_equationt::SSA_stept &SSA_step)
     break;
 
   default:
-    assert(false);
+    UNREACHABLE;
   }
 }
 
@@ -196,7 +196,7 @@ void symex_slicet::collect_open_variables(
       break;
 
     default:
-      assert(false);
+      UNREACHABLE;
     }
   }
 
diff --git a/src/goto-symex/symex_assign.cpp b/src/goto-symex/symex_assign.cpp
index 01c09f400bd..518df75b954 100644
--- a/src/goto-symex/symex_assign.cpp
+++ b/src/goto-symex/symex_assign.cpp
@@ -472,7 +472,7 @@ void goto_symext::symex_assign_byte_extract(
   else if(lhs.id()==ID_byte_extract_big_endian)
     new_rhs.id(ID_byte_update_big_endian);
   else
-    assert(false);
+    UNREACHABLE;
 
   new_rhs.copy_to_operands(lhs.op(), lhs.offset(), rhs);
   new_rhs.type()=lhs.op().type();
diff --git a/src/goto-symex/symex_dereference.cpp b/src/goto-symex/symex_dereference.cpp
index f066ee1065f..1349233d45e 100644
--- a/src/goto-symex/symex_dereference.cpp
+++ b/src/goto-symex/symex_dereference.cpp
@@ -297,7 +297,7 @@ void goto_symext::dereference_rec(
           to_index_expr(expr).array().type().id()==ID_pointer)
   {
     // old stuff, will go away
-    assert(false);
+    UNREACHABLE;
   }
   else if(expr.id()==ID_address_of)
   {
diff --git a/src/goto-symex/symex_other.cpp b/src/goto-symex/symex_other.cpp
index d5b30fa4b05..e98480e98a9 100644
--- a/src/goto-symex/symex_other.cpp
+++ b/src/goto-symex/symex_other.cpp
@@ -66,7 +66,7 @@ void goto_symext::symex_other(
   }
   else if(statement==ID_decl)
   {
-    assert(false); // see symex_decl.cpp
+    UNREACHABLE; // see symex_decl.cpp
   }
   else if(statement==ID_nondet)
   {
diff --git a/src/goto-symex/symex_start_thread.cpp b/src/goto-symex/symex_start_thread.cpp
index 8ebed5216c1..d1ec5fc4d4b 100644
--- a/src/goto-symex/symex_start_thread.cpp
+++ b/src/goto-symex/symex_start_thread.cpp
@@ -71,7 +71,7 @@ void goto_symext::symex_start_thread(statet &state)
     if(!state.level1.current_names.insert(
         std::make_pair(lhs.get_l1_object_identifier(),
                        std::make_pair(lhs, 0))).second)
-      assert(false);
+      UNREACHABLE;
     state.rename(lhs, ns, goto_symex_statet::L1);
     const irep_idt l1_name=lhs.get_l1_object_identifier();
     // store it
diff --git a/src/goto-symex/symex_target_equation.cpp b/src/goto-symex/symex_target_equation.cpp
index 6627e198b71..76a6bae061a 100644
--- a/src/goto-symex/symex_target_equation.cpp
+++ b/src/goto-symex/symex_target_equation.cpp
@@ -511,7 +511,7 @@ void symex_target_equationt::convert_assertions(
         prop_conv.set_to_true(step.cond_expr);
     }
 
-    assert(false); // unreachable
+    UNREACHABLE; // unreachable
   }
 
   // We do (NOT a1) OR (NOT a2) ...
@@ -695,7 +695,7 @@ void symex_target_equationt::SSA_stept::output(
   case goto_trace_stept::typet::GOTO:
     out << "IF " << from_expr(ns, "", cond_expr) << " GOTO\n"; break;
 
-  default: assert(false);
+  default: UNREACHABLE;
   }
 
   if(is_assert() || is_assume() || is_assignment() || is_constraint())
diff --git a/src/java_bytecode/expr2java.cpp b/src/java_bytecode/expr2java.cpp
index 36a1213ef1c..d39b56145d2 100644
--- a/src/java_bytecode/expr2java.cpp
+++ b/src/java_bytecode/expr2java.cpp
@@ -189,7 +189,7 @@ std::string expr2javat::convert_constant(
 
     mp_integer int_value;
     if(to_integer(src, int_value))
-      assert(false);
+      UNREACHABLE;
 
     dest+="(char)'";
 
@@ -212,7 +212,7 @@ std::string expr2javat::convert_constant(
     // No byte-literals in Java, so just cast:
     mp_integer int_value;
     if(to_integer(src, int_value))
-      assert(false);
+      UNREACHABLE;
     std::string dest="(byte)";
     dest+=integer2string(int_value);
     return dest;
@@ -222,7 +222,7 @@ std::string expr2javat::convert_constant(
     // No short-literals in Java, so just cast:
     mp_integer int_value;
     if(to_integer(src, int_value))
-      assert(false);
+      UNREACHABLE;
     std::string dest="(short)";
     dest+=integer2string(int_value);
     return dest;
@@ -232,7 +232,7 @@ std::string expr2javat::convert_constant(
     // long integer literals must have 'L' at the end
     mp_integer int_value;
     if(to_integer(src, int_value))
-      assert(false);
+      UNREACHABLE;
     std::string dest=integer2string(int_value);
     dest+='L';
     return dest;
diff --git a/src/java_bytecode/java_bytecode_convert_method.cpp b/src/java_bytecode/java_bytecode_convert_method.cpp
index ef3c16a20e1..7025bca1f57 100644
--- a/src/java_bytecode/java_bytecode_convert_method.cpp
+++ b/src/java_bytecode/java_bytecode_convert_method.cpp
@@ -1793,7 +1793,9 @@ codet java_bytecode_convert_methodt::convert_instructions(
         statement=="ifge"?ID_ge:
         statement=="ifgt"?ID_gt:
         statement=="ifle"?ID_le:
-        (assert(false), "");
+        irep_idt();
+
+      INVARIANT(!id.empty(), "unexpected bytecode-if");
 
       assert(op.size()==1 && results.empty());
       mp_integer number;
diff --git a/src/java_bytecode/java_bytecode_language.cpp b/src/java_bytecode/java_bytecode_language.cpp
index 73953905875..7711940b781 100644
--- a/src/java_bytecode/java_bytecode_language.cpp
+++ b/src/java_bytecode/java_bytecode_language.cpp
@@ -161,7 +161,7 @@ bool java_bytecode_languaget::parse(
       java_class_loader.add_jar_file(path);
   }
   else
-    assert(false);
+    UNREACHABLE;
 
   if(!main_class.empty())
   {
diff --git a/src/java_bytecode/java_types.cpp b/src/java_bytecode/java_types.cpp
index 14dd365b0bc..22d59cf95e0 100644
--- a/src/java_bytecode/java_types.cpp
+++ b/src/java_bytecode/java_types.cpp
@@ -92,7 +92,7 @@ reference_typet java_array_type(const char subtype)
   case 'j': subtype_str="long"; break;
   case 'l': subtype_str="long"; break;
   case 'a': subtype_str="reference"; break;
-  default: assert(false);
+  default: UNREACHABLE;
   }
 
   irep_idt class_name="array["+subtype_str+"]";
@@ -131,7 +131,7 @@ typet java_type_from_char(char t)
   case 'd': return java_double_type();
   case 'z': return java_boolean_type();
   case 'a': return java_reference_type(void_typet());
-  default: assert(false); return nil_typet();
+  default: UNREACHABLE; return nil_typet();
   }
 }
 
diff --git a/src/musketeer/fence_inserter.cpp b/src/musketeer/fence_inserter.cpp
index cd1aaa910f5..10de10049eb 100644
--- a/src/musketeer/fence_inserter.cpp
+++ b/src/musketeer/fence_inserter.cpp
@@ -40,7 +40,7 @@ unsigned fence_insertert::fence_cost(fence_typet f) const
     case Ctlfence:
       return 1;
   }
-  assert(false);
+  UNREACHABLE;
   return 0;
 }
 
@@ -769,7 +769,7 @@ void fence_insertert::solve()
       break;
     case GLP_UNDEF:
       instrumenter.message.result() << "Solution undefined" << messaget::eom;
-      assert(0);
+      UNREACHABLE;
     case GLP_FEAS:
       instrumenter.message.result() << "Solution feasible, "
                                     << "yet not proven optimal, "
@@ -779,7 +779,7 @@ void fence_insertert::solve()
     case GLP_NOFEAS:
       instrumenter.message.result()
         << "No feasible solution, the system is UNSAT" << messaget::eom;
-      assert(0);
+      UNREACHABLE;
   }
 
   event_grapht &egraph=instrumenter.egraph;
@@ -964,7 +964,7 @@ std::string fence_insertert::to_string(fence_typet f) const
     case Branching: return "branching";
     case Ctlfence: return "ctlfence";
   }
-  assert(0);
+  UNREACHABLE;
 }
 
 inline unsigned fence_insertert::col_to_var(unsigned u) const
@@ -983,7 +983,7 @@ inline fence_insertert::fence_typet fence_insertert::col_to_fence(unsigned u)
     case 3: return Branching;
     case 4: return Ctlfence;
   }
-  assert(0);
+  UNREACHABLE;
 }
 
 inline unsigned fence_insertert::var_fence_to_col(fence_typet f, unsigned var)
@@ -997,7 +997,7 @@ inline unsigned fence_insertert::var_fence_to_col(fence_typet f, unsigned var)
     case Branching: return (var-1)*fence_options+3;
     case Ctlfence: return (var-1)*fence_options+4;
   }
-  assert(0);
+  UNREACHABLE;
 }
 
 void fence_insertert::compute_fence_options()
@@ -1103,5 +1103,5 @@ typet fence_insertert::type_component(
     return type;
   }
 
-  assert(0);
+  UNREACHABLE;
 }
diff --git a/src/path-symex/path_symex.cpp b/src/path-symex/path_symex.cpp
index 043ac0fb05c..0d8db5f979a 100644
--- a/src/path-symex/path_symex.cpp
+++ b/src/path-symex/path_symex.cpp
@@ -524,7 +524,7 @@ void path_symext::assign_rec(
     else if(ssa_lhs.id()==ID_byte_extract_big_endian)
       new_id=ID_byte_update_big_endian;
     else
-      assert(false);
+      UNREACHABLE;
 
     byte_update_exprt new_rhs(new_id);
 
diff --git a/src/pointer-analysis/value_set.cpp b/src/pointer-analysis/value_set.cpp
index 28b5bf360a0..f28b51a12c5 100644
--- a/src/pointer-analysis/value_set.cpp
+++ b/src/pointer-analysis/value_set.cpp
@@ -1492,7 +1492,7 @@ void value_sett::apply_code(
   else if(statement==ID_function_call)
   {
     // shouldn't be here
-    assert(false);
+    UNREACHABLE;
   }
   else if(statement==ID_assign ||
           statement==ID_init)
diff --git a/src/pointer-analysis/value_set_fi.cpp b/src/pointer-analysis/value_set_fi.cpp
index d08694b82da..3d5cb1b64ef 100644
--- a/src/pointer-analysis/value_set_fi.cpp
+++ b/src/pointer-analysis/value_set_fi.cpp
@@ -244,7 +244,7 @@ exprt value_set_fit::to_expr(object_map_dt::const_iterator it) const
 
 bool value_set_fit::make_union(const value_set_fit::valuest &new_values)
 {
-  assert(0);
+  UNREACHABLE;
   bool result=false;
 
   for(valuest::const_iterator
@@ -1428,7 +1428,7 @@ void value_set_fit::apply_code(
   else if(statement==ID_function_call)
   {
     // shouldn't be here
-    assert(false);
+    UNREACHABLE;
   }
   else if(statement==ID_assign ||
           statement==ID_init)
diff --git a/src/pointer-analysis/value_set_fivr.cpp b/src/pointer-analysis/value_set_fivr.cpp
index 3ea5ef1aa8e..c45c999b507 100644
--- a/src/pointer-analysis/value_set_fivr.cpp
+++ b/src/pointer-analysis/value_set_fivr.cpp
@@ -1586,7 +1586,7 @@ void value_set_fivrt::apply_code(
   else if(statement==ID_function_call)
   {
     // shouldn't be here
-    assert(false);
+    UNREACHABLE;
   }
   else if(statement==ID_assign ||
           statement==ID_init)
diff --git a/src/pointer-analysis/value_set_fivr.h b/src/pointer-analysis/value_set_fivr.h
index 015a97271e1..322b2ea2fc9 100644
--- a/src/pointer-analysis/value_set_fivr.h
+++ b/src/pointer-analysis/value_set_fivr.h
@@ -20,6 +20,7 @@ Author: Daniel Kroening, kroening@kroening.com
 #include <util/mp_arith.h>
 #include <util/namespace.h>
 #include <util/reference_counting.h>
+#include <util/invariant.h>
 
 #include "object_numbering.h"
 
@@ -100,11 +101,11 @@ class value_set_fivrt
     // operator[] is the only way to insert something!
     std::pair<iterator, bool> insert(const std::pair<unsigned, objectt>&)
     {
-      assert(false);
+      UNREACHABLE;
     }
     iterator insert(iterator, const std::pair<unsigned, objectt>&)
     {
-      assert(false);
+      UNREACHABLE;
     }
 
     class validity_ranget
diff --git a/src/pointer-analysis/value_set_fivrns.cpp b/src/pointer-analysis/value_set_fivrns.cpp
index 3b5ce55a3aa..8e4078ded41 100644
--- a/src/pointer-analysis/value_set_fivrns.cpp
+++ b/src/pointer-analysis/value_set_fivrns.cpp
@@ -1239,7 +1239,7 @@ void value_set_fivrnst::apply_code(
   else if(statement==ID_function_call)
   {
     // shouldn't be here
-    assert(false);
+    UNREACHABLE;
   }
   else if(statement==ID_assign ||
           statement==ID_init)
diff --git a/src/pointer-analysis/value_set_fivrns.h b/src/pointer-analysis/value_set_fivrns.h
index db735cfe2d1..d3b452c0408 100644
--- a/src/pointer-analysis/value_set_fivrns.h
+++ b/src/pointer-analysis/value_set_fivrns.h
@@ -21,6 +21,7 @@ Author: Daniel Kroening, kroening@kroening.com
 #include <util/mp_arith.h>
 #include <util/namespace.h>
 #include <util/reference_counting.h>
+#include <util/invariant.h>
 
 #include "object_numbering.h"
 
@@ -101,11 +102,11 @@ class value_set_fivrnst
     // operator[] is the only way to insert something!
     std::pair<iterator, bool> insert(const std::pair<unsigned, objectt>&)
     {
-      assert(false);
+      UNREACHABLE;
     }
     iterator insert(iterator, const std::pair<unsigned, objectt>&)
     {
-      assert(false);
+      UNREACHABLE;
     }
 
     class validity_ranget
diff --git a/src/symex/symex_parse_options.cpp b/src/symex/symex_parse_options.cpp
index f2da45da76c..2361f3c494c 100644
--- a/src/symex/symex_parse_options.cpp
+++ b/src/symex/symex_parse_options.cpp
@@ -499,7 +499,7 @@ void symex_parse_optionst::report_success()
     break;
 
   default:
-    assert(false);
+    UNREACHABLE;
   }
 }
 
@@ -524,7 +524,7 @@ void symex_parse_optionst::show_counterexample(
     break;
 
   default:
-    assert(false);
+    UNREACHABLE;
   }
 }
 
@@ -547,7 +547,7 @@ void symex_parse_optionst::report_failure()
     break;
 
   default:
-    assert(false);
+    UNREACHABLE;
   }
 }
 
diff --git a/src/util/arith_tools.cpp b/src/util/arith_tools.cpp
index 5b94a141dfa..680b5309775 100644
--- a/src/util/arith_tools.cpp
+++ b/src/util/arith_tools.cpp
@@ -199,7 +199,7 @@ constant_exprt from_integer(
   }
 
   {
-    assert(false);
+    PRECONDITION(false);
     constant_exprt r;
     r.make_nil();
     return r;
diff --git a/src/util/arith_tools.h b/src/util/arith_tools.h
index e9691db7322..ebb243952f4 100644
--- a/src/util/arith_tools.h
+++ b/src/util/arith_tools.h
@@ -26,7 +26,7 @@ bool to_integer(const constant_exprt &expr, mp_integer &int_value);
 // returns 'true' on error
 bool to_unsigned_integer(const constant_exprt &expr, unsigned &uint_value);
 
-// assert(false) in case of unsupported type
+// PRECONDITION(false) in case of unsupported type
 constant_exprt from_integer(const mp_integer &int_value, const typet &type);
 
 // ceil(log2(size))
diff --git a/src/util/bv_arithmetic.cpp b/src/util/bv_arithmetic.cpp
index 4287e04adf1..b04dee98aa0 100644
--- a/src/util/bv_arithmetic.cpp
+++ b/src/util/bv_arithmetic.cpp
@@ -42,7 +42,7 @@ void bv_spect::from_type(const typet &type)
   else if(type.id()==ID_signedbv)
     is_signed=true;
   else
-    assert(0);
+    UNREACHABLE;
 
   width=unsafe_string2unsigned(type.get_string(ID_width));
 }
diff --git a/src/util/byte_operators.cpp b/src/util/byte_operators.cpp
index 9ebc340d9cb..74aa67e53d7 100644
--- a/src/util/byte_operators.cpp
+++ b/src/util/byte_operators.cpp
@@ -10,6 +10,7 @@ Author: Daniel Kroening, kroening@kroening.com
 
 #include <cassert>
 
+#include "invariant.h"
 #include "config.h"
 
 irep_idt byte_extract_id()
@@ -23,7 +24,7 @@ irep_idt byte_extract_id()
     return ID_byte_extract_big_endian;
 
   default:
-    assert(false);
+    UNREACHABLE;
   }
 }
 
@@ -38,6 +39,6 @@ irep_idt byte_update_id()
     return ID_byte_update_big_endian;
 
   default:
-    assert(false);
+    UNREACHABLE;
   }
 }
diff --git a/src/util/c_types.cpp b/src/util/c_types.cpp
index cc2880cb577..6c553f5adbc 100644
--- a/src/util/c_types.cpp
+++ b/src/util/c_types.cpp
@@ -9,6 +9,7 @@ Author: Daniel Kroening, kroening@kroening.com
 
 #include "std_types.h"
 #include "config.h"
+#include "invariant.h"
 
 #include "c_types.h"
 
@@ -67,7 +68,7 @@ unsignedbv_typet size_type()
   else if(config.ansi_c.pointer_width==config.ansi_c.long_long_int_width)
     return unsigned_long_long_int_type();
   else
-    assert(false); // aaah!
+    INVARIANT(false, "width of size type"); // aaah!
 }
 
 signedbv_typet signed_size_type()
@@ -249,7 +250,7 @@ bitvector_typet long_double_type()
       // not quite right. The extra bits beyond 80 are usually padded.
     }
     else
-      assert(false);
+      INVARIANT(false, "width of long double");
 
     result.set(ID_C_c_type, ID_long_double);
 
@@ -290,7 +291,7 @@ signedbv_typet pointer_diff_type()
   else if(config.ansi_c.pointer_width==config.ansi_c.long_long_int_width)
     return signed_long_long_int_type();
   else
-    assert(false); // aaah!
+    INVARIANT(false, "width of pointer difference");
 }
 
 pointer_typet pointer_type(const typet &subtype)
diff --git a/src/util/config.cpp b/src/util/config.cpp
index c2a6afd60be..4048cfd417a 100644
--- a/src/util/config.cpp
+++ b/src/util/config.cpp
@@ -172,7 +172,7 @@ void configt::ansi_ct::set_arch_spec_i386()
     break;
 
   case flavourt::NONE:
-    assert(false);
+    UNREACHABLE;
   }
 }
 
@@ -209,7 +209,7 @@ void configt::ansi_ct::set_arch_spec_x86_64()
     break;
 
   case flavourt::NONE:
-    assert(false);
+    UNREACHABLE;
   }
 }
 
@@ -270,7 +270,7 @@ void configt::ansi_ct::set_arch_spec_power(const irep_idt &subarch)
     break;
 
   case flavourt::NONE:
-    assert(false);
+    UNREACHABLE;
   }
 }
 
@@ -313,7 +313,7 @@ void configt::ansi_ct::set_arch_spec_arm(const irep_idt &subarch)
     break;
 
   case flavourt::NONE:
-    assert(false);
+    UNREACHABLE;
   }
 }
 
@@ -342,7 +342,7 @@ void configt::ansi_ct::set_arch_spec_alpha()
     break;
 
   case flavourt::NONE:
-    assert(false);
+    UNREACHABLE;
   }
 }
 
@@ -382,7 +382,7 @@ void configt::ansi_ct::set_arch_spec_mips(const irep_idt &subarch)
     break;
 
   case flavourt::VISUAL_STUDIO:
-    assert(false); // not supported by Visual Studio
+    UNREACHABLE; // not supported by Visual Studio
     break;
 
   case flavourt::APPLE:
@@ -392,7 +392,7 @@ void configt::ansi_ct::set_arch_spec_mips(const irep_idt &subarch)
     break;
 
   case flavourt::NONE:
-    assert(false);
+    UNREACHABLE;
   }
 }
 
@@ -411,7 +411,7 @@ void configt::ansi_ct::set_arch_spec_s390()
     break;
 
   case flavourt::VISUAL_STUDIO:
-    assert(false); // not supported by Visual Studio
+    UNREACHABLE; // not supported by Visual Studio
     break;
 
   case flavourt::APPLE:
@@ -421,7 +421,7 @@ void configt::ansi_ct::set_arch_spec_s390()
     break;
 
   case flavourt::NONE:
-    assert(false);
+    UNREACHABLE;
   }
 }
 
@@ -439,7 +439,7 @@ void configt::ansi_ct::set_arch_spec_s390x()
     break;
 
   case flavourt::VISUAL_STUDIO:
-    assert(false); // not supported by Visual Studio
+    UNREACHABLE; // not supported by Visual Studio
     break;
 
   case flavourt::APPLE:
@@ -449,7 +449,7 @@ void configt::ansi_ct::set_arch_spec_s390x()
     break;
 
   case flavourt::NONE:
-    assert(false);
+    UNREACHABLE;
   }
 }
 
@@ -479,7 +479,7 @@ void configt::ansi_ct::set_arch_spec_sparc(const irep_idt &subarch)
     break;
 
   case flavourt::VISUAL_STUDIO:
-    assert(false); // not supported by Visual Studio
+    UNREACHABLE; // not supported by Visual Studio
     break;
 
   case flavourt::APPLE:
@@ -489,7 +489,7 @@ void configt::ansi_ct::set_arch_spec_sparc(const irep_idt &subarch)
     break;
 
   case flavourt::NONE:
-    assert(false);
+    UNREACHABLE;
   }
 }
 
@@ -520,7 +520,7 @@ void configt::ansi_ct::set_arch_spec_ia64()
     break;
 
   case flavourt::NONE:
-    assert(false);
+    UNREACHABLE;
   }
 }
 
@@ -545,7 +545,7 @@ void configt::ansi_ct::set_arch_spec_x32()
     break;
 
   case flavourt::VISUAL_STUDIO:
-    assert(false); // not supported by Visual Studio
+    UNREACHABLE; // not supported by Visual Studio
     break;
 
   case flavourt::APPLE:
@@ -555,7 +555,7 @@ void configt::ansi_ct::set_arch_spec_x32()
     break;
 
   case flavourt::NONE:
-    assert(false);
+    UNREACHABLE;
   }
 }
 
@@ -599,7 +599,7 @@ void configt::ansi_ct::set_arch_spec_hppa()
     break;
 
   case flavourt::VISUAL_STUDIO:
-    assert(false); // not supported by Visual Studio
+    UNREACHABLE; // not supported by Visual Studio
     break;
 
   case flavourt::APPLE:
@@ -609,7 +609,7 @@ void configt::ansi_ct::set_arch_spec_hppa()
     break;
 
   case flavourt::NONE:
-    assert(false);
+    UNREACHABLE;
   }
 }
 
@@ -629,7 +629,7 @@ void configt::ansi_ct::set_arch_spec_sh4()
     break;
 
   case flavourt::VISUAL_STUDIO:
-    assert(false); // not supported by Visual Studio
+    UNREACHABLE; // not supported by Visual Studio
     break;
 
   case flavourt::APPLE:
@@ -639,7 +639,7 @@ void configt::ansi_ct::set_arch_spec_sh4()
     break;
 
   case flavourt::NONE:
-    assert(false);
+    UNREACHABLE;
   }
 }
 
diff --git a/src/util/decision_procedure.cpp b/src/util/decision_procedure.cpp
index 85f52acdba2..61f30f626b4 100644
--- a/src/util/decision_procedure.cpp
+++ b/src/util/decision_procedure.cpp
@@ -15,6 +15,6 @@ Author: Daniel Kroening, kroening@kroening.com
 
 bool decision_proceduret::in_core(const exprt &expr)
 {
-  assert(false);
+  UNREACHABLE;
   return true;
 }
diff --git a/src/util/endianness_map.cpp b/src/util/endianness_map.cpp
index 913bc8ad5df..677f7b6b81e 100644
--- a/src/util/endianness_map.cpp
+++ b/src/util/endianness_map.cpp
@@ -9,8 +9,8 @@ Author: Daniel Kroening, kroening@kroening.com
 #include "endianness_map.h"
 
 #include <ostream>
-#include <cassert>
 
+#include "invariant.h"
 #include "std_types.h"
 #include "pointer_offset_size.h"
 #include "arith_tools.h"
@@ -64,7 +64,7 @@ void endianness_mapt::build_big_endian(const typet &src)
   {
     // these do get re-ordered!
     mp_integer bits=pointer_offset_bits(src, ns); // error is -1
-    assert(bits>=0);
+    CHECK_RETURN(bits>=0);
 
     size_t bits_int=integer2size_t(bits), base=map.size();
 
@@ -107,7 +107,7 @@ void endianness_mapt::build_big_endian(const typet &src)
 
     mp_integer s;
     if(to_integer(vector_type.size(), s))
-      assert(false);
+      CHECK_RETURN(false);
 
     while(s>0)
     {
diff --git a/src/util/ieee_float.cpp b/src/util/ieee_float.cpp
index ba9fb9ac857..c5fdb82de38 100644
--- a/src/util/ieee_float.cpp
+++ b/src/util/ieee_float.cpp
@@ -678,7 +678,7 @@ void ieee_floatt::divide_and_round(
       break;
 
     default:
-      assert(false);
+      UNREACHABLE;
     }
   }
 }
diff --git a/src/util/sharing_map.h b/src/util/sharing_map.h
index 8cbfcce4002..a558ec42901 100644
--- a/src/util/sharing_map.h
+++ b/src/util/sharing_map.h
@@ -386,7 +386,7 @@ SHARING_MAPT(void)::get_delta_view(
     }
     else
     {
-      assert(false);
+      UNREACHABLE;
     }
   }
   while(!stack.empty());
diff --git a/src/util/sharing_node.h b/src/util/sharing_node.h
index c2501f7f345..19b41712649 100644
--- a/src/util/sharing_node.h
+++ b/src/util/sharing_node.h
@@ -17,6 +17,8 @@ Author: Daniel Poetzl
 #include <memory>
 #include <cassert>
 
+#include "invariant.h"
+
 #define _sn_assert(b) assert(b)
 //#define _sn_assert(b)
 
@@ -235,7 +237,7 @@ class sharing_nodet
       }
     }
 
-    assert(false);
+    UNREACHABLE;
   }
 
   // misc
diff --git a/src/util/simplify_expr.cpp b/src/util/simplify_expr.cpp
index d7a72c455bc..5d0e00b4b2e 100644
--- a/src/util/simplify_expr.cpp
+++ b/src/util/simplify_expr.cpp
@@ -1538,7 +1538,7 @@ exprt simplify_exprt::bits2expr(
 
     mp_integer size;
     if(to_integer(array_type.size(), size))
-      assert(false);
+      UNREACHABLE;
     std::size_t n_el=integer2size_t(size);
 
     std::size_t el_size=
diff --git a/src/util/simplify_expr_floatbv.cpp b/src/util/simplify_expr_floatbv.cpp
index cff452cfcbd..41f92a4a514 100644
--- a/src/util/simplify_expr_floatbv.cpp
+++ b/src/util/simplify_expr_floatbv.cpp
@@ -310,7 +310,7 @@ bool simplify_exprt::simplify_floatbv_op(exprt &expr)
       else if(expr.id()==ID_floatbv_div)
         result/=v1;
       else
-        assert(false);
+        UNREACHABLE;
 
       expr=result.to_expr();
       return false;
@@ -363,7 +363,7 @@ bool simplify_exprt::simplify_ieee_float_relation(exprt &expr)
     else if(expr.id()==ID_ieee_float_equal)
       expr.make_bool(f0.ieee_equal(f1));
     else
-      assert(false);
+      UNREACHABLE;
 
     return false;
   }
@@ -380,7 +380,7 @@ bool simplify_exprt::simplify_ieee_float_relation(exprt &expr)
     else if(expr.id()==ID_ieee_float_equal)
       isnan.make_not();
     else
-      assert(false);
+      UNREACHABLE;
 
     expr.swap(isnan);
     return false;
diff --git a/src/util/simplify_expr_int.cpp b/src/util/simplify_expr_int.cpp
index a94674c3fd9..995447c1c7e 100644
--- a/src/util/simplify_expr_int.cpp
+++ b/src/util/simplify_expr_int.cpp
@@ -581,7 +581,7 @@ bool simplify_exprt::simplify_bitwise(exprt &expr)
       else if(expr.id()==ID_bitxor)
         new_expr.id(ID_xor);
       else
-        assert(false);
+        UNREACHABLE;
 
       Forall_operands(it, new_expr)
       {
@@ -1266,7 +1266,7 @@ bool simplify_exprt::simplify_inequality(exprt &expr)
       else if(expr.id()==ID_lt)
         expr.make_bool(f0<f1);
       else
-        assert(false);
+        UNREACHABLE;
 
       return false;
     }
@@ -1288,7 +1288,7 @@ bool simplify_exprt::simplify_inequality(exprt &expr)
       else if(expr.id()==ID_lt)
         expr.make_bool(f0<f1);
       else
-        assert(false);
+        UNREACHABLE;
 
       return false;
     }
@@ -1315,7 +1315,7 @@ bool simplify_exprt::simplify_inequality(exprt &expr)
       else if(expr.id()==ID_lt)
         expr.make_bool(r0<r1);
       else
-        assert(false);
+        UNREACHABLE;
 
       return false;
     }
@@ -1342,7 +1342,7 @@ bool simplify_exprt::simplify_inequality(exprt &expr)
       else if(expr.id()==ID_lt)
         expr.make_bool(v0<v1);
       else
-        assert(false);
+        UNREACHABLE;
 
       return false;
     }
@@ -1377,7 +1377,7 @@ bool simplify_exprt::simplify_inequality(exprt &expr)
     return simplify_inequality_not_constant(expr);
   }
 
-  assert(false);
+  UNREACHABLE;
   return false;
 }
 
@@ -1516,7 +1516,7 @@ bool simplify_exprt::simplify_inequality_not_constant(exprt &expr)
         else
         {
           tmp=false;
-          assert(0);
+          UNREACHABLE;
         }
 
         if(first)
diff --git a/src/util/ssa_expr.cpp b/src/util/ssa_expr.cpp
index 370b9d07a59..3e687b2bb55 100644
--- a/src/util/ssa_expr.cpp
+++ b/src/util/ssa_expr.cpp
@@ -37,7 +37,7 @@ static void build_ssa_identifier_rec(
 
     mp_integer idx;
     if(to_integer(to_constant_expr(index.index()), idx))
-      assert(false);
+      UNREACHABLE;
 
     os << '[' << idx << ']';
   }
@@ -68,7 +68,7 @@ static void build_ssa_identifier_rec(
     }
   }
   else
-    assert(false);
+    UNREACHABLE;
 }
 
 /* Used to determine whether or not an identifier can be built
diff --git a/src/util/std_types.cpp b/src/util/std_types.cpp
index b2d0c4f36d5..1b074b9522f 100644
--- a/src/util/std_types.cpp
+++ b/src/util/std_types.cpp
@@ -44,7 +44,7 @@ std::size_t struct_union_typet::component_number(
     number++;
   }
 
-  assert(false);
+  UNREACHABLE;
   return 0;
 }
 
diff --git a/src/util/tempdir.cpp b/src/util/tempdir.cpp
index b796befa707..7a2f9a460a2 100644
--- a/src/util/tempdir.cpp
+++ b/src/util/tempdir.cpp
@@ -14,7 +14,6 @@ Author: CM Wintersteiger
 #include <direct.h>
 #endif
 
-#include <cassert>
 #include <cstdlib>
 #include <cstring>
 
@@ -27,6 +26,7 @@ Author: CM Wintersteiger
 #include <unistd.h>
 #endif
 
+#include "invariant.h"
 #include "file_util.h"
 
 std::string get_temporary_directory(const std::string &name_template)
@@ -100,11 +100,11 @@ temp_working_dirt::temp_working_dirt(const std::string &name_template):
 {
   old_working_directory=get_current_working_directory();
   if(chdir(path.c_str())!=0)
-    assert(false);
+    CHECK_RETURN(false);
 }
 
 temp_working_dirt::~temp_working_dirt()
 {
   if(chdir(old_working_directory.c_str())!=0)
-    assert(false);
+    CHECK_RETURN(false);
 }
diff --git a/src/util/union_find.cpp b/src/util/union_find.cpp
index e7b3230f305..e30744c7c24 100644
--- a/src/util/union_find.cpp
+++ b/src/util/union_find.cpp
@@ -117,7 +117,7 @@ unsigned_union_find::size_type unsigned_union_find::get_other(size_type a)
     if(find(i)==a && i!=a)
       return i;
 
-//  assert(false);
+//  UNREACHABLE;
   return 0;
 }
 
diff --git a/src/xmllang/graphml.cpp b/src/xmllang/graphml.cpp
index d76f5b1f956..84df9d7a3ad 100644
--- a/src/xmllang/graphml.cpp
+++ b/src/xmllang/graphml.cpp
@@ -140,7 +140,7 @@ static bool build_graph_rec(
   }
   else
   {
-    assert(false);
+    UNREACHABLE;
     return true;
   }
 

From c2c9f1ba6cbb93730879793a1665ebd87bb72774 Mon Sep 17 00:00:00 2001
From: Daniel Kroening <kroening@cs.ox.ac.uk>
Date: Tue, 29 Aug 2017 21:42:16 +0100
Subject: [PATCH 664/699] use get_target() where appropriate

---
 src/analyses/natural_loops.h              | 28 +++++++++++------------
 src/goto-programs/cfg.h                   |  8 ++-----
 src/goto-programs/goto_program.cpp        |  9 +++-----
 src/goto-programs/goto_program_template.h |  5 ++++
 src/goto-programs/remove_skip.cpp         |  5 +---
 src/goto-symex/symex_start_thread.cpp     |  2 +-
 6 files changed, 25 insertions(+), 32 deletions(-)

diff --git a/src/analyses/natural_loops.h b/src/analyses/natural_loops.h
index ce27a306882..9eb24ccc0ed 100644
--- a/src/analyses/natural_loops.h
+++ b/src/analyses/natural_loops.h
@@ -93,23 +93,21 @@ void natural_loops_templatet<P, T>::compute(P &program)
   {
     if(m_it->is_backwards_goto())
     {
-      for(const auto &target : m_it->targets)
+      const auto &target=m_it->get_target();
+
+      if(target->location_number<=m_it->location_number)
       {
-        if(target->location_number<=m_it->location_number)
-        {
-          const nodet &node=
-            cfg_dominators.cfg[cfg_dominators.cfg.entry_map[m_it]];
+        const nodet &node=
+          cfg_dominators.cfg[cfg_dominators.cfg.entry_map[m_it]];
 
-#ifdef DEBUG
-          std::cout << "Computing loop for "
-                    << m_it->location_number << " -> "
-                    << target->location_number << "\n";
-#endif
-          if(node.dominators.find(target)!=node.dominators.end())
-          {
-            compute_natural_loop(m_it, target);
-          }
-        }
+        #ifdef DEBUG
+        std::cout << "Computing loop for "
+                  << m_it->location_number << " -> "
+                  << target->location_number << "\n";
+        #endif
+
+        if(node.dominators.find(target)!=node.dominators.end())
+          compute_natural_loop(m_it, target);
       }
     }
   }
diff --git a/src/goto-programs/cfg.h b/src/goto-programs/cfg.h
index 2e1bd83598b..8cd23f8de6d 100644
--- a/src/goto-programs/cfg.h
+++ b/src/goto-programs/cfg.h
@@ -203,9 +203,7 @@ void cfg_baset<T, P, I>::compute_edges_goto(
      !instruction.guard.is_true())
     this->add_edge(entry, entry_map[next_PC]);
 
-  for(const auto &t : instruction.targets)
-    if(t!=goto_program.instructions.end())
-      this->add_edge(entry, entry_map[t]);
+  this->add_edge(entry, entry_map[instruction.get_target()]);
 }
 
 template<class T, typename P, typename I>
@@ -260,9 +258,7 @@ void concurrent_cfg_baset<T, P, I>::compute_edges_start_thread(
     next_PC,
     entry);
 
-  for(const auto &t : instruction.targets)
-    if(t!=goto_program.instructions.end())
-      this->add_edge(entry, this->entry_map[t]);
+  this->add_edge(entry, this->entry_map[instruction.get_target()]);
 }
 
 template<class T, typename P, typename I>
diff --git a/src/goto-programs/goto_program.cpp b/src/goto-programs/goto_program.cpp
index 44546821019..6cf8414899a 100644
--- a/src/goto-programs/goto_program.cpp
+++ b/src/goto-programs/goto_program.cpp
@@ -212,12 +212,9 @@ std::ostream &goto_programt::output_instruction(
     break;
 
   case START_THREAD:
-    out << "START THREAD ";
-
-    if(instruction.targets.size()==1)
-      out << instruction.targets.front()->target_number;
-
-    out << '\n';
+    out << "START THREAD "
+        << instruction.get_target()->target_number
+        << '\n';
     break;
 
   case END_THREAD:
diff --git a/src/goto-programs/goto_program_template.h b/src/goto-programs/goto_program_template.h
index 986888e4ca3..aa863a5dd0f 100644
--- a/src/goto-programs/goto_program_template.h
+++ b/src/goto-programs/goto_program_template.h
@@ -199,6 +199,11 @@ class goto_program_templatet
       targets.push_back(t);
     }
 
+    bool has_target() const
+    {
+      return !targets.empty();
+    }
+
     /// Goto target labels
     typedef std::list<irep_idt> labelst;
     labelst labels;
diff --git a/src/goto-programs/remove_skip.cpp b/src/goto-programs/remove_skip.cpp
index 3529a8f2018..231ed117f31 100644
--- a/src/goto-programs/remove_skip.cpp
+++ b/src/goto-programs/remove_skip.cpp
@@ -28,16 +28,13 @@ static bool is_skip(goto_programt::instructionst::iterator it)
     if(it->guard.is_false())
       return true;
 
-    if(it->targets.size()!=1)
-      return false;
-
     goto_programt::instructionst::iterator next_it=it;
     next_it++;
 
     // A branch to the next instruction is a skip
     // We also require the guard to be 'true'
     return it->guard.is_true() &&
-           it->targets.front()==next_it;
+           it->get_target()==next_it;
   }
 
   if(it->is_other())
diff --git a/src/goto-symex/symex_start_thread.cpp b/src/goto-symex/symex_start_thread.cpp
index 8ebed5216c1..db276719654 100644
--- a/src/goto-symex/symex_start_thread.cpp
+++ b/src/goto-symex/symex_start_thread.cpp
@@ -32,7 +32,7 @@ void goto_symext::symex_start_thread(statet &state)
     throw "start_thread expects one target";
 
   goto_programt::const_targett thread_target=
-    instruction.targets.front();
+    instruction.get_target();
 
   // put into thread vector
   std::size_t t=state.threads.size();

From 4e7a480ee024c0e935f88602e7a275ce9b81b788 Mon Sep 17 00:00:00 2001
From: Peter Schrammel <peter.schrammel@diffblue.com>
Date: Tue, 29 Aug 2017 22:12:56 +0100
Subject: [PATCH 665/699] Make linter accept alternative copyright header

---
 scripts/cpplint.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/scripts/cpplint.py b/scripts/cpplint.py
index da57e6a70bc..e3ab0505e9a 100755
--- a/scripts/cpplint.py
+++ b/scripts/cpplint.py
@@ -1925,11 +1925,11 @@ def CheckForCopyright(filename, lines, error):
   # We'll say it should occur by line 10. Don't forget there's a
   # dummy line at the front.
   for line in xrange(1, min(len(lines), 11)):
-    if re.search(r'Author', lines[line], re.I): break
+    if re.search(r'Author|Copyright', lines[line], re.I): break
   else:                       # means no copyright line was found
     error(filename, 0, 'legal/copyright', 5,
           'No copyright message found.  '
-          'You should have a line: "Author: <name>"')
+          'You should have a line: "Author: <name>" or "Copyright <year> ..."')
 
 
 def GetIndentLevel(line):

From e05deca660d33e2468b0e743e4ba67ea8c01416d Mon Sep 17 00:00:00 2001
From: reuk <reuk@users.noreply.github.com>
Date: Wed, 30 Aug 2017 12:27:33 +0100
Subject: [PATCH 666/699] Update function signatures in goto_rw, fixing build

---
 src/analyses/goto_rw.h | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/src/analyses/goto_rw.h b/src/analyses/goto_rw.h
index c7b31288c9f..38bc4d2e61a 100644
--- a/src/analyses/goto_rw.h
+++ b/src/analyses/goto_rw.h
@@ -91,8 +91,8 @@ class range_domaint:public range_domain_baset
   const_iterator end() const { return data.end(); }
   const_iterator cend() const { return data.end(); }
 
-  template <typename T>
-  void push_back(T &&v) { data.push_back(std::forward<T>(v)); }
+  void push_back(const sub_typet::value_type &v) { data.push_back(v); }
+  void push_back(sub_typet::value_type &&v) { data.push_back(std::move(v)); }
 };
 
 class array_exprt;
@@ -304,8 +304,15 @@ class guarded_range_domaint:public range_domain_baset
   const_iterator end() const { return data.end(); }
   const_iterator cend() const { return data.end(); }
 
-  template<typename T>
-  iterator insert(T &&v) { return data.insert(std::forward<T>(v)); }
+  iterator insert(const sub_typet::value_type &v)
+  {
+    return data.insert(v);
+  }
+
+  iterator insert(sub_typet::value_type &&v)
+  {
+    return data.insert(std::move(v));
+  }
 };
 
 class rw_guarded_range_set_value_sett:public rw_range_set_value_sett

From 22b48852e0046c4bdde83089952824ad793886ca Mon Sep 17 00:00:00 2001
From: "Lukasz A.J. Wrona" <lukasz.andrzej.wrona@gmail.com>
Date: Fri, 25 Aug 2017 15:23:26 +0100
Subject: [PATCH 667/699] Remove usage of static in the header file

---
 src/solvers/refinement/string_constraint.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/solvers/refinement/string_constraint.h b/src/solvers/refinement/string_constraint.h
index 867284101e3..c553efb8c7e 100644
--- a/src/solvers/refinement/string_constraint.h
+++ b/src/solvers/refinement/string_constraint.h
@@ -144,7 +144,7 @@ extern inline string_constraintt &to_string_constraint(exprt &expr)
 /// \param [in] identifier: identifier for `from_expr`
 /// \param [in] expr: constraint to render
 /// \return rendered string
-inline static std::string from_expr(
+inline std::string from_expr(
   const namespacet &ns,
   const irep_idt &identifier,
   const string_constraintt &expr)
@@ -218,7 +218,7 @@ class string_not_contains_constraintt: public exprt
 /// \param [in] identifier: identifier for `from_expr`
 /// \param [in] expr: constraint to render
 /// \return rendered string
-inline static std::string from_expr(
+inline std::string from_expr(
   const namespacet &ns,
   const irep_idt &identifier,
   const string_not_contains_constraintt &expr)

From 848f2a53dac9f73004a4647a9a59b7c6ce2fa247 Mon Sep 17 00:00:00 2001
From: "Lukasz A.J. Wrona" <lukasz.andrzej.wrona@gmail.com>
Date: Fri, 25 Aug 2017 15:35:15 +0100
Subject: [PATCH 668/699] Constraint gen cosmetics

 - final
 - constexpr constants
 - private variables
 - explicit constructor
---
 .../refinement/string_constraint_generator.h  | 20 +++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/src/solvers/refinement/string_constraint_generator.h b/src/solvers/refinement/string_constraint_generator.h
index b679924ee31..bf412c5fbc1 100644
--- a/src/solvers/refinement/string_constraint_generator.h
+++ b/src/solvers/refinement/string_constraint_generator.h
@@ -26,14 +26,14 @@ Author: Romain Brenguier, romain.brenguier@diffblue.com
 #include <util/refined_string_type.h>
 #include <solvers/refinement/string_constraint.h>
 
-class string_constraint_generatort: messaget
+class string_constraint_generatort final: messaget
 {
 public:
   // This module keeps a list of axioms. It has methods which generate
   // string constraints for different string functions and add them
   // to the axiom list.
 
-  string_constraint_generatort(namespacet _ns):
+  explicit string_constraint_generatort(namespacet _ns):
     max_string_length(std::numeric_limits<size_t>::max()),
     force_printable_characters(false),
     ns(_ns)
@@ -91,21 +91,19 @@ class string_constraint_generatort: messaget
   exprt add_axioms_for_function_application(
     const function_application_exprt &expr);
 
-  static constant_exprt constant_char(int i, const typet &char_type);
-
-
   // Used by format function
   class format_specifiert;
 
 private:
+  static constant_exprt constant_char(int i, const typet &char_type);
   // The integer with the longest string is Integer.MIN_VALUE which is -2^31,
   // that is -2147483648 so takes 11 characters to write.
   // The long with the longest string is Long.MIN_VALUE which is -2^63,
   // approximately -9.223372037*10^18 so takes 20 characters to write.
-  const std::size_t MAX_INTEGER_LENGTH=11;
-  const std::size_t MAX_LONG_LENGTH=20;
-  const std::size_t MAX_FLOAT_LENGTH=15;
-  const std::size_t MAX_DOUBLE_LENGTH=30;
+  constexpr static const std::size_t MAX_INTEGER_LENGTH=11;
+  constexpr static const std::size_t MAX_LONG_LENGTH=20;
+  constexpr static const std::size_t MAX_FLOAT_LENGTH=15;
+  constexpr static const std::size_t MAX_DOUBLE_LENGTH=30;
 
   std::map<function_application_exprt, exprt> function_application_cache;
   namespacet ns;
@@ -346,7 +344,6 @@ class string_constraint_generatort: messaget
     return args;
   }
 
-private:
   // Helper functions
   exprt int_of_hex_char(const exprt &chr) const;
   exprt is_high_surrogate(const exprt &chr) const;
@@ -363,13 +360,16 @@ exprt is_digit_with_radix(
   const bool strict_formatting,
   const exprt &radix_as_char,
   const unsigned long radix_ul);
+
 exprt get_numeric_value_from_character(
   const exprt &chr,
   const typet &char_type,
   const typet &type,
   const bool strict_formatting,
   unsigned long radix_ul);
+
 size_t max_printed_string_length(const typet &type, unsigned long ul_radix);
+
 std::string utf16_constant_array_to_java(
   const array_exprt &arr, unsigned length);
 

From 3217fe337899b439493cc746a97544279ce07a0b Mon Sep 17 00:00:00 2001
From: "Lukasz A.J. Wrona" <lukasz.andrzej.wrona@gmail.com>
Date: Fri, 25 Aug 2017 15:40:55 +0100
Subject: [PATCH 669/699] constraint_generator message is a member

---
 src/solvers/refinement/string_constraint_generator.h   |  3 ++-
 .../refinement/string_constraint_generator_format.cpp  | 10 ++++++----
 2 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/src/solvers/refinement/string_constraint_generator.h b/src/solvers/refinement/string_constraint_generator.h
index bf412c5fbc1..109cfa2ee1d 100644
--- a/src/solvers/refinement/string_constraint_generator.h
+++ b/src/solvers/refinement/string_constraint_generator.h
@@ -26,7 +26,7 @@ Author: Romain Brenguier, romain.brenguier@diffblue.com
 #include <util/refined_string_type.h>
 #include <solvers/refinement/string_constraint.h>
 
-class string_constraint_generatort final: messaget
+class string_constraint_generatort final
 {
 public:
   // This module keeps a list of axioms. It has methods which generate
@@ -95,6 +95,7 @@ class string_constraint_generatort final: messaget
   class format_specifiert;
 
 private:
+  messaget m_message;
   static constant_exprt constant_char(int i, const typet &char_type);
   // The integer with the longest string is Integer.MIN_VALUE which is -2^31,
   // that is -2147483648 so takes 11 characters to write.
diff --git a/src/solvers/refinement/string_constraint_generator_format.cpp b/src/solvers/refinement/string_constraint_generator_format.cpp
index 7ad34d7d2ec..fdfff031d9a 100644
--- a/src/solvers/refinement/string_constraint_generator_format.cpp
+++ b/src/solvers/refinement/string_constraint_generator_format.cpp
@@ -313,10 +313,12 @@ string_exprt string_constraint_generatort::add_axioms_for_format_specifier(
   case format_specifiert::DATE_TIME:
     // TODO: DateTime not implemented
     // For all these unimplemented cases we return a non-deterministic string
-    warning() << "unimplemented format specifier: " << fs.conversion << eom;
+    m_message.warning() << "unimplemented format specifier: " << fs.conversion
+                        << m_message.eom;
     return fresh_string(ref_type);
   default:
-    error() << "invalid format specifier: " << fs.conversion << eom;
+    m_message.error() << "invalid format specifier: " << fs.conversion
+                      << m_message.eom;
     INVARIANT(
       false, "format specifier must belong to [bBhHsScCdoxXeEfgGaAtT%n]");
     throw 0;
@@ -432,8 +434,8 @@ string_exprt string_constraint_generatort::add_axioms_for_format(
   }
   else
   {
-    warning() << "ignoring format function with non constant first argument"
-              << eom;
+    m_message.warning() << "ignoring format function with non constant first argument"
+              << m_message.eom;
     return fresh_string(ref_type);
   }
 }

From c51e35e813573c0bcd239593b894eef9776128c0 Mon Sep 17 00:00:00 2001
From: "Lukasz A.J. Wrona" <lukasz.andrzej.wrona@gmail.com>
Date: Fri, 25 Aug 2017 15:42:30 +0100
Subject: [PATCH 670/699] Use C++11 initialization for constraint generator
 members

---
 src/solvers/refinement/string_constraint_generator.h | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

diff --git a/src/solvers/refinement/string_constraint_generator.h b/src/solvers/refinement/string_constraint_generator.h
index 109cfa2ee1d..45dbc89c343 100644
--- a/src/solvers/refinement/string_constraint_generator.h
+++ b/src/solvers/refinement/string_constraint_generator.h
@@ -33,17 +33,13 @@ class string_constraint_generatort final
   // string constraints for different string functions and add them
   // to the axiom list.
 
-  explicit string_constraint_generatort(namespacet _ns):
-    max_string_length(std::numeric_limits<size_t>::max()),
-    force_printable_characters(false),
-    ns(_ns)
-  { }
+  explicit string_constraint_generatort(namespacet _ns): ns(_ns) { }
 
   // Constraints on the maximal length of strings
-  size_t max_string_length;
+  size_t max_string_length=std::numeric_limits<size_t>::max();
 
   // Should we add constraints on the characters
-  bool force_printable_characters;
+  bool force_printable_characters=false;
 
   // Axioms are of three kinds: universally quantified string constraint,
   // not contains string constraints and simple formulas.

From cf950aba5ef8d54194fb506ae3170c1b120a4bab Mon Sep 17 00:00:00 2001
From: "Lukasz A.J. Wrona" <lukasz.andrzej.wrona@gmail.com>
Date: Fri, 25 Aug 2017 15:45:23 +0100
Subject: [PATCH 671/699] Use vector instead of list for constraint_generator
 data

---
 src/solvers/refinement/string_constraint_generator.h | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/solvers/refinement/string_constraint_generator.h b/src/solvers/refinement/string_constraint_generator.h
index 45dbc89c343..32b899e5f59 100644
--- a/src/solvers/refinement/string_constraint_generator.h
+++ b/src/solvers/refinement/string_constraint_generator.h
@@ -43,13 +43,13 @@ class string_constraint_generatort final
 
   // Axioms are of three kinds: universally quantified string constraint,
   // not contains string constraints and simple formulas.
-  std::list<exprt> axioms;
+  std::vector<exprt> axioms;
 
   // Boolean symbols for the results of some string functions
-  std::list<symbol_exprt> boolean_symbols;
+  std::vector<symbol_exprt> boolean_symbols;
 
   // Symbols used in existential quantifications
-  std::list<symbol_exprt> index_symbols;
+  std::vector<symbol_exprt> index_symbols;
 
   // Used to store information about witnesses for not_contains constraints
   std::map<string_not_contains_constraintt, symbol_exprt> witness;

From 8043a0d8250eea4e8c42146266aa004b3105c86b Mon Sep 17 00:00:00 2001
From: "Lukasz A.J. Wrona" <lukasz.andrzej.wrona@gmail.com>
Date: Fri, 25 Aug 2017 16:03:49 +0100
Subject: [PATCH 672/699] Hide index_symbols and boolean_symbols in constraint
 generator

---
 src/solvers/refinement/string_constraint_generator.h |  8 +++++---
 .../refinement/string_constraint_generator_main.cpp  | 12 ++++++++++++
 src/solvers/refinement/string_refinement.cpp         |  4 ++--
 3 files changed, 19 insertions(+), 5 deletions(-)

diff --git a/src/solvers/refinement/string_constraint_generator.h b/src/solvers/refinement/string_constraint_generator.h
index 32b899e5f59..fa0755f4dbb 100644
--- a/src/solvers/refinement/string_constraint_generator.h
+++ b/src/solvers/refinement/string_constraint_generator.h
@@ -46,10 +46,10 @@ class string_constraint_generatort final
   std::vector<exprt> axioms;
 
   // Boolean symbols for the results of some string functions
-  std::vector<symbol_exprt> boolean_symbols;
+  const std::vector<symbol_exprt> get_boolean_symbols() const;
 
-  // Symbols used in existential quantifications
-  std::vector<symbol_exprt> index_symbols;
+  /// Symbols used in existential quantifications
+  const std::vector<symbol_exprt>& get_index_symbols() const;
 
   // Used to store information about witnesses for not_contains constraints
   std::map<string_not_contains_constraintt, symbol_exprt> witness;
@@ -92,6 +92,8 @@ class string_constraint_generatort final
 
 private:
   messaget m_message;
+  std::vector<symbol_exprt> boolean_symbols;
+  std::vector<symbol_exprt> index_symbols;
   static constant_exprt constant_char(int i, const typet &char_type);
   // The integer with the longest string is Integer.MIN_VALUE which is -2^31,
   // that is -2147483648 so takes 11 characters to write.
diff --git a/src/solvers/refinement/string_constraint_generator_main.cpp b/src/solvers/refinement/string_constraint_generator_main.cpp
index 71de1f136a2..3cfef714af8 100644
--- a/src/solvers/refinement/string_constraint_generator_main.cpp
+++ b/src/solvers/refinement/string_constraint_generator_main.cpp
@@ -28,6 +28,18 @@ Author: Romain Brenguier, romain.brenguier@diffblue.com
 
 unsigned string_constraint_generatort::next_symbol_id=1;
 
+const std::vector<symbol_exprt>
+&string_constraint_generatort::get_index_symbols() const
+{
+  return this->index_symbols;
+}
+
+const std::vector<symbol_exprt>
+string_constraint_generatort::get_boolean_symbols() const
+{
+  return boolean_symbols;
+}
+
 /// generate constant character expression with character type.
 /// \par parameters: integer representing a character, and a type for
 ///   characters;
diff --git a/src/solvers/refinement/string_refinement.cpp b/src/solvers/refinement/string_refinement.cpp
index 04fb0fbdc3f..e1f02a2f7f1 100644
--- a/src/solvers/refinement/string_refinement.cpp
+++ b/src/solvers/refinement/string_refinement.cpp
@@ -818,13 +818,13 @@ void string_refinementt::debug_model()
     }
   }
 
-  for(auto it : generator.boolean_symbols)
+  for(const auto it : generator.get_boolean_symbols())
   {
       debug() << " - " << it.get_identifier() << ": "
               << from_expr(ns, "", supert::get(it)) << eom;
   }
 
-  for(auto it : generator.index_symbols)
+  for(const auto it : generator.get_index_symbols())
   {
      debug() << " - " << it.get_identifier() << ": "
              << from_expr(ns, "", supert::get(it)) << eom;

From 16a0a34644cd58c45938bdc24eccd0d477df576a Mon Sep 17 00:00:00 2001
From: "Lukasz A.J. Wrona" <lukasz.andrzej.wrona@gmail.com>
Date: Fri, 25 Aug 2017 16:04:10 +0100
Subject: [PATCH 673/699] constraint generator const namespace

---
 src/solvers/refinement/string_constraint_generator.h  | 11 ++++++-----
 .../refinement/string_constraint_generator_main.cpp   |  9 +++++++--
 src/solvers/refinement/string_refinement.cpp          |  2 +-
 .../instantiate_not_contains.cpp                      |  2 +-
 4 files changed, 15 insertions(+), 9 deletions(-)

diff --git a/src/solvers/refinement/string_constraint_generator.h b/src/solvers/refinement/string_constraint_generator.h
index fa0755f4dbb..6a396e91155 100644
--- a/src/solvers/refinement/string_constraint_generator.h
+++ b/src/solvers/refinement/string_constraint_generator.h
@@ -43,13 +43,13 @@ class string_constraint_generatort final
 
   // Axioms are of three kinds: universally quantified string constraint,
   // not contains string constraints and simple formulas.
-  std::vector<exprt> axioms;
+  const std::vector<exprt> &get_axioms() const;
 
   // Boolean symbols for the results of some string functions
-  const std::vector<symbol_exprt> get_boolean_symbols() const;
+  const std::vector<symbol_exprt> &get_boolean_symbols() const;
 
   /// Symbols used in existential quantifications
-  const std::vector<symbol_exprt>& get_index_symbols() const;
+  const std::vector<symbol_exprt> &get_index_symbols() const;
 
   // Used to store information about witnesses for not_contains constraints
   std::map<string_not_contains_constraintt, symbol_exprt> witness;
@@ -73,7 +73,6 @@ class string_constraint_generatort final
   plus_exprt plus_exprt_with_overflow_check(const exprt &op1, const exprt &op2);
 
   // Maps unresolved symbols to the string_exprt that was created for them
-  std::map<irep_idt, string_exprt> unresolved_symbols;
 
   // Set of strings that have been created by the generator
   std::set<string_exprt> created_strings;
@@ -92,6 +91,8 @@ class string_constraint_generatort final
 
 private:
   messaget m_message;
+  std::vector<exprt> axioms;
+  std::map<irep_idt, string_exprt> unresolved_symbols;
   std::vector<symbol_exprt> boolean_symbols;
   std::vector<symbol_exprt> index_symbols;
   static constant_exprt constant_char(int i, const typet &char_type);
@@ -105,7 +106,7 @@ class string_constraint_generatort final
   constexpr static const std::size_t MAX_DOUBLE_LENGTH=30;
 
   std::map<function_application_exprt, exprt> function_application_cache;
-  namespacet ns;
+  const namespacet ns;
 
   static irep_idt extract_java_string(const symbol_exprt &s);
 
diff --git a/src/solvers/refinement/string_constraint_generator_main.cpp b/src/solvers/refinement/string_constraint_generator_main.cpp
index 3cfef714af8..210ba4a3491 100644
--- a/src/solvers/refinement/string_constraint_generator_main.cpp
+++ b/src/solvers/refinement/string_constraint_generator_main.cpp
@@ -28,6 +28,11 @@ Author: Romain Brenguier, romain.brenguier@diffblue.com
 
 unsigned string_constraint_generatort::next_symbol_id=1;
 
+const std::vector<exprt> &string_constraint_generatort::get_axioms() const
+{
+  return this->axioms;
+}
+
 const std::vector<symbol_exprt>
 &string_constraint_generatort::get_index_symbols() const
 {
@@ -35,9 +40,9 @@ const std::vector<symbol_exprt>
 }
 
 const std::vector<symbol_exprt>
-string_constraint_generatort::get_boolean_symbols() const
+&string_constraint_generatort::get_boolean_symbols() const
 {
-  return boolean_symbols;
+  return this->boolean_symbols;
 }
 
 /// generate constant character expression with character type.
diff --git a/src/solvers/refinement/string_refinement.cpp b/src/solvers/refinement/string_refinement.cpp
index e1f02a2f7f1..1cca895fdc3 100644
--- a/src/solvers/refinement/string_refinement.cpp
+++ b/src/solvers/refinement/string_refinement.cpp
@@ -496,7 +496,7 @@ decision_proceduret::resultt string_refinementt::dec_solve()
     supert::set_to(pair.first, pair.second);
   }
 
-  for(exprt &axiom : generator.axioms)
+  for(exprt axiom : generator.get_axioms())
   {
     replace_expr(symbol_resolve, axiom);
     if(axiom.id()==ID_string_constraint)
diff --git a/unit/solvers/refinement/string_constraint_instantiation/instantiate_not_contains.cpp b/unit/solvers/refinement/string_constraint_instantiation/instantiate_not_contains.cpp
index b82fd7f0fa3..c48b512f09d 100644
--- a/unit/solvers/refinement/string_constraint_instantiation/instantiate_not_contains.cpp
+++ b/unit/solvers/refinement/string_constraint_instantiation/instantiate_not_contains.cpp
@@ -152,7 +152,7 @@ SCENARIO("instantiate_not_contains",
     exprt res=generator.add_axioms_for_function_application(func);
     std::string axioms;
     std::vector<string_not_contains_constraintt> nc_axioms;
-    for(auto &axiom : generator.axioms)
+    for(exprt axiom : generator.get_axioms())
     {
       simplify(axiom, ns);
       if(axiom.id()==ID_string_constraint)

From 51d897a517b0326de59e8ff031d4c71ab4a43159 Mon Sep 17 00:00:00 2001
From: "Lukasz A.J. Wrona" <lukasz.andrzej.wrona@gmail.com>
Date: Sat, 26 Aug 2017 12:12:06 +0100
Subject: [PATCH 674/699] Better string_refinement constructor Act 1

---
 src/cbmc/cbmc_solvers.cpp                    | 23 +++++-----
 src/solvers/refinement/string_refinement.cpp | 46 ++++++++------------
 src/solvers/refinement/string_refinement.h   | 28 +++++++-----
 3 files changed, 46 insertions(+), 51 deletions(-)

diff --git a/src/cbmc/cbmc_solvers.cpp b/src/cbmc/cbmc_solvers.cpp
index c53c34375e3..385308035e7 100644
--- a/src/cbmc/cbmc_solvers.cpp
+++ b/src/cbmc/cbmc_solvers.cpp
@@ -167,21 +167,20 @@ std::unique_ptr<cbmc_solverst::solvert> cbmc_solverst::get_bv_refinement()
 /// \return a solver for cbmc
 std::unique_ptr<cbmc_solverst::solvert> cbmc_solverst::get_string_refinement()
 {
+  string_refinementt::infot info;
+  info.ns=&ns;
   auto prop=util_make_unique<satcheck_no_simplifiert>();
   prop->set_message_handler(get_message_handler());
-
-  auto string_refinement=util_make_unique<string_refinementt>(
-    ns, *prop, MAX_NB_REFINEMENT);
-  string_refinement->set_ui(ui);
-
-  string_refinement->do_concretizing=options.get_bool_option("trace");
+  info.prop=prop.get();
+  info.refinement_bound=MAX_NB_REFINEMENT;
+  info.ui=&ui;
   if(options.get_bool_option("string-max-length"))
-    string_refinement->set_max_string_length(
-      options.get_signed_int_option("string-max-length"));
-  if(options.get_bool_option("string-non-empty"))
-    string_refinement->enforce_non_empty_string();
-  if(options.get_bool_option("string-printable"))
-    string_refinement->enforce_printable_characters();
+    info.string_max_length=options.get_signed_int_option("string-max-length");
+  info.string_non_empty=options.get_bool_option("string-non-empty");
+  info.trace=options.get_bool_option("trace");
+  info.string_printable=options.get_bool_option("string-printable");
+
+  auto string_refinement=util_make_unique<string_refinementt>(info);
 
   if(options.get_option("max-node-refinement")!="")
     string_refinement->max_node_refinement=
diff --git a/src/solvers/refinement/string_refinement.cpp b/src/solvers/refinement/string_refinement.cpp
index 1cca895fdc3..8e42d813f29 100644
--- a/src/solvers/refinement/string_refinement.cpp
+++ b/src/solvers/refinement/string_refinement.cpp
@@ -34,41 +34,29 @@ Author: Alberto Griggio, alberto.griggio@gmail.com
 #include <langapi/language_util.h>
 #include <java_bytecode/java_types.h>
 
-string_refinementt::string_refinementt(
-  const namespacet &_ns,
-  propt &_prop,
-  unsigned refinement_bound):
-  supert(_ns, _prop),
-  use_counter_example(false),
-  do_concretizing(false),
-  initial_loop_bound(refinement_bound),
-  generator(_ns),
-  non_empty_string(false)
-{ }
-
-/// Add constraints on the size of strings used in the program.
-/// \param i: maximum length which is allowed for strings.
-/// by default the strings length has no other limit
-/// than the maximal integer according to the type of their
-/// length, for instance 2^31-1 for Java.
-void string_refinementt::set_max_string_length(size_t i)
+static bool validate(const string_refinementt::infot &info)
 {
-  generator.max_string_length=i;
+  INVARIANT(info.ns, "Should not be null");
+  INVARIANT(info.prop, "Should not be null");
+  INVARIANT(info.ui, "Should not be null");
+  return true;
 }
 
-/// Add constraints on the size of nondet character arrays to ensure they have
-/// length at least 1
-void string_refinementt::enforce_non_empty_string()
+string_refinementt::string_refinementt(const infot &info, bool):
+  supert(*info.ns, *info.prop),
+  use_counter_example(false),
+  do_concretizing(info.trace),
+  initial_loop_bound(info.refinement_bound),
+  generator(*info.ns),
+  non_empty_string(info.string_non_empty)
 {
-  non_empty_string=true;
+  this->set_ui(ui);
+  generator.max_string_length=info.string_max_length;
+  generator.force_printable_characters=info.string_printable;
 }
 
-/// Add constraints on characters used in the program to ensure they are
-/// printable
-void string_refinementt::enforce_printable_characters()
-{
-  generator.force_printable_characters=true;
-}
+string_refinementt::string_refinementt(const infot &info):
+  string_refinementt(info, validate(info)) { }
 
 /// display the current index set, for debugging
 void string_refinementt::display_index_set()
diff --git a/src/solvers/refinement/string_refinement.h b/src/solvers/refinement/string_refinement.h
index 0eec3e99a9a..b6cd0e7e456 100644
--- a/src/solvers/refinement/string_refinement.h
+++ b/src/solvers/refinement/string_refinement.h
@@ -31,10 +31,21 @@ Author: Alberto Griggio, alberto.griggio@gmail.com
 class string_refinementt: public bv_refinementt
 {
 public:
-  string_refinementt(
-    const namespacet &_ns,
-    propt &_prop,
-    unsigned refinement_bound);
+  /// string_refinementt constructor arguments
+  struct infot
+  {
+    const namespacet *ns=nullptr;
+    propt *prop=nullptr;
+    const language_uit::uit *ui=nullptr;
+    unsigned refinement_bound=0;
+    size_t string_max_length=std::numeric_limits<size_t>::max();
+    /// Make non deterministic character arrays have at least one character
+    bool string_non_empty=false;
+    bool trace=false;
+    /// Make non-deterministic characters printable
+    bool string_printable=false;
+  };
+  explicit string_refinementt(const infot &);
 
   void set_mode();
 
@@ -42,11 +53,7 @@ class string_refinementt: public bv_refinementt
   bool use_counter_example;
 
   // Should we concretize strings when the solver finished
-  bool do_concretizing;
-
-  void set_max_string_length(size_t i);
-  void enforce_non_empty_string();
-  void enforce_printable_characters();
+  const bool do_concretizing;
 
   virtual std::string decision_procedure_text() const override
   {
@@ -68,12 +75,13 @@ class string_refinementt: public bv_refinementt
 private:
   // Base class
   typedef bv_refinementt supert;
+  string_refinementt(const infot &, bool);
 
   unsigned initial_loop_bound;
 
   string_constraint_generatort generator;
 
-  bool non_empty_string;
+  const bool non_empty_string;
   expr_sett nondet_arrays;
 
   // Simple constraints that have been given to the solver

From 9146575b7a56eac12f3a3cd38e5db3c45707d41c Mon Sep 17 00:00:00 2001
From: "Lukasz A.J. Wrona" <lukasz.andrzej.wrona@gmail.com>
Date: Sat, 26 Aug 2017 12:36:49 +0100
Subject: [PATCH 675/699] Better string_refinement constructor Act II

---
 src/cbmc/cbmc_solvers.cpp                    | 16 +++++---------
 src/solvers/refinement/string_refinement.cpp |  3 +++
 src/solvers/refinement/string_refinement.h   | 23 +++++++++++---------
 3 files changed, 21 insertions(+), 21 deletions(-)

diff --git a/src/cbmc/cbmc_solvers.cpp b/src/cbmc/cbmc_solvers.cpp
index 385308035e7..8f66bad71be 100644
--- a/src/cbmc/cbmc_solvers.cpp
+++ b/src/cbmc/cbmc_solvers.cpp
@@ -179,20 +179,14 @@ std::unique_ptr<cbmc_solverst::solvert> cbmc_solverst::get_string_refinement()
   info.string_non_empty=options.get_bool_option("string-non-empty");
   info.trace=options.get_bool_option("trace");
   info.string_printable=options.get_bool_option("string-printable");
-
-  auto string_refinement=util_make_unique<string_refinementt>(info);
-
-  if(options.get_option("max-node-refinement")!="")
-    string_refinement->max_node_refinement=
+  if(options.get_bool_option("max-node-refinement"))
+    info.max_node_refinement=
       options.get_unsigned_int_option("max-node-refinement");
-
-  string_refinement->do_array_refinement=
-    options.get_bool_option("refine-arrays");
-  string_refinement->do_arithmetic_refinement=
-    options.get_bool_option("refine-arithmetic");
+  info.refine_arrays=options.get_bool_option("refine-arrays");
+  info.refine_arithmetic=options.get_bool_option("refine-arithmetic");
 
   return util_make_unique<solvert>(
-    std::move(string_refinement), std::move(prop));
+    util_make_unique<string_refinementt>(info), std::move(prop));
 }
 
 std::unique_ptr<cbmc_solverst::solvert> cbmc_solverst::get_smt1(
diff --git a/src/solvers/refinement/string_refinement.cpp b/src/solvers/refinement/string_refinement.cpp
index 8e42d813f29..0631fff4e2d 100644
--- a/src/solvers/refinement/string_refinement.cpp
+++ b/src/solvers/refinement/string_refinement.cpp
@@ -53,6 +53,9 @@ string_refinementt::string_refinementt(const infot &info, bool):
   this->set_ui(ui);
   generator.max_string_length=info.string_max_length;
   generator.force_printable_characters=info.string_printable;
+  this->max_node_refinement=info.max_node_refinement;
+  this->do_array_refinement=info.refine_arrays;
+  this->do_arithmetic_refinement=info.refine_arithmetic;
 }
 
 string_refinementt::string_refinementt(const infot &info):
diff --git a/src/solvers/refinement/string_refinement.h b/src/solvers/refinement/string_refinement.h
index b6cd0e7e456..2b9668ed791 100644
--- a/src/solvers/refinement/string_refinement.h
+++ b/src/solvers/refinement/string_refinement.h
@@ -28,7 +28,7 @@ Author: Alberto Griggio, alberto.griggio@gmail.com
 
 #define MAX_NB_REFINEMENT 100
 
-class string_refinementt: public bv_refinementt
+class string_refinementt final: public bv_refinementt
 {
 public:
   /// string_refinementt constructor arguments
@@ -41,19 +41,21 @@ class string_refinementt: public bv_refinementt
     size_t string_max_length=std::numeric_limits<size_t>::max();
     /// Make non deterministic character arrays have at least one character
     bool string_non_empty=false;
+    // Should we concretize strings when the solver finished
     bool trace=false;
     /// Make non-deterministic characters printable
     bool string_printable=false;
+    unsigned max_node_refinement=5;
+    bool refine_arrays=false;
+    bool refine_arithmetic=false;
   };
+
   explicit string_refinementt(const infot &);
 
   void set_mode();
 
   // Should we use counter examples at each iteration?
-  bool use_counter_example;
-
-  // Should we concretize strings when the solver finished
-  const bool do_concretizing;
+  const bool use_counter_example=false;
 
   virtual std::string decision_procedure_text() const override
   {
@@ -65,17 +67,18 @@ class string_refinementt: public bv_refinementt
   exprt get(const exprt &expr) const override;
 
 protected:
-  typedef std::set<exprt> expr_sett;
-  typedef std::list<exprt> exprt_listt;
-
   decision_proceduret::resultt dec_solve() override;
 
-  bvt convert_bool_bv(const exprt &boole, const exprt &orig);
-
 private:
+  const bool do_concretizing;
   // Base class
   typedef bv_refinementt supert;
+
+  typedef std::set<exprt> expr_sett;
+  typedef std::list<exprt> exprt_listt;
+
   string_refinementt(const infot &, bool);
+  bvt convert_bool_bv(const exprt &boole, const exprt &orig);
 
   unsigned initial_loop_bound;
 

From a00b2dbc791dbcd4178a6305e5c1d3846b5ad861 Mon Sep 17 00:00:00 2001
From: "Lukasz A.J. Wrona" <lukasz.andrzej.wrona@gmail.com>
Date: Sat, 26 Aug 2017 12:43:21 +0100
Subject: [PATCH 676/699] String refinement - remove unused public methods, fix
 comments

---
 src/solvers/refinement/string_refinement.h | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

diff --git a/src/solvers/refinement/string_refinement.h b/src/solvers/refinement/string_refinement.h
index 2b9668ed791..0d3884e6340 100644
--- a/src/solvers/refinement/string_refinement.h
+++ b/src/solvers/refinement/string_refinement.h
@@ -39,9 +39,9 @@ class string_refinementt final: public bv_refinementt
     const language_uit::uit *ui=nullptr;
     unsigned refinement_bound=0;
     size_t string_max_length=std::numeric_limits<size_t>::max();
-    /// Make non deterministic character arrays have at least one character
+    /// Make non-deterministic character arrays have at least one character
     bool string_non_empty=false;
-    // Should we concretize strings when the solver finished
+    // Concretize strings after solver is finished
     bool trace=false;
     /// Make non-deterministic characters printable
     bool string_printable=false;
@@ -52,9 +52,6 @@ class string_refinementt final: public bv_refinementt
 
   explicit string_refinementt(const infot &);
 
-  void set_mode();
-
-  // Should we use counter examples at each iteration?
   const bool use_counter_example=false;
 
   virtual std::string decision_procedure_text() const override
@@ -62,8 +59,6 @@ class string_refinementt final: public bv_refinementt
     return "string refinement loop with "+prop.solver_text();
   }
 
-  static exprt is_positive(const exprt &x);
-
   exprt get(const exprt &expr) const override;
 
 protected:

From 30fe11b604840755b7a02cb97865f7fa75895afc Mon Sep 17 00:00:00 2001
From: "Lukasz A.J. Wrona" <lukasz.andrzej.wrona@gmail.com>
Date: Sat, 26 Aug 2017 13:07:15 +0100
Subject: [PATCH 677/699] Better string_constraint_generator constructor

---
 .../refinement/string_constraint_generator.h  | 20 +++++++++++++------
 .../string_constraint_generator_main.cpp      |  6 ++++++
 src/solvers/refinement/string_refinement.cpp  | 20 +++++++++++++------
 3 files changed, 34 insertions(+), 12 deletions(-)

diff --git a/src/solvers/refinement/string_constraint_generator.h b/src/solvers/refinement/string_constraint_generator.h
index 6a396e91155..0c3dccb0871 100644
--- a/src/solvers/refinement/string_constraint_generator.h
+++ b/src/solvers/refinement/string_constraint_generator.h
@@ -33,13 +33,19 @@ class string_constraint_generatort final
   // string constraints for different string functions and add them
   // to the axiom list.
 
-  explicit string_constraint_generatort(namespacet _ns): ns(_ns) { }
+  /// Arguments pack for the string_constraint_generator constructor
+  struct infot
+  {
+    const namespacet *ns=nullptr;
+    /// Max length of non-deterministic strings
+    size_t string_max_length=std::numeric_limits<size_t>::max();
+    /// Prefer printable characters in non-deterministic strings
+    bool string_printable=false;
+  };
 
-  // Constraints on the maximal length of strings
-  size_t max_string_length=std::numeric_limits<size_t>::max();
+  explicit string_constraint_generatort(const infot& info);
 
-  // Should we add constraints on the characters
-  bool force_printable_characters=false;
+  const size_t max_string_length;
 
   // Axioms are of three kinds: universally quantified string constraint,
   // not contains string constraints and simple formulas.
@@ -90,7 +96,9 @@ class string_constraint_generatort final
   class format_specifiert;
 
 private:
-  messaget m_message;
+  const messaget m_message;
+  const bool force_printable_characters;
+
   std::vector<exprt> axioms;
   std::map<irep_idt, string_exprt> unresolved_symbols;
   std::vector<symbol_exprt> boolean_symbols;
diff --git a/src/solvers/refinement/string_constraint_generator_main.cpp b/src/solvers/refinement/string_constraint_generator_main.cpp
index 210ba4a3491..bb0df1acf54 100644
--- a/src/solvers/refinement/string_constraint_generator_main.cpp
+++ b/src/solvers/refinement/string_constraint_generator_main.cpp
@@ -28,6 +28,12 @@ Author: Romain Brenguier, romain.brenguier@diffblue.com
 
 unsigned string_constraint_generatort::next_symbol_id=1;
 
+string_constraint_generatort::string_constraint_generatort(
+  const string_constraint_generatort::infot& info):
+  max_string_length(info.string_max_length),
+  force_printable_characters(info.string_printable),
+  ns(*info.ns) { }
+
 const std::vector<exprt> &string_constraint_generatort::get_axioms() const
 {
   return this->axioms;
diff --git a/src/solvers/refinement/string_refinement.cpp b/src/solvers/refinement/string_refinement.cpp
index 0631fff4e2d..59c888fe430 100644
--- a/src/solvers/refinement/string_refinement.cpp
+++ b/src/solvers/refinement/string_refinement.cpp
@@ -36,23 +36,31 @@ Author: Alberto Griggio, alberto.griggio@gmail.com
 
 static bool validate(const string_refinementt::infot &info)
 {
-  INVARIANT(info.ns, "Should not be null");
-  INVARIANT(info.prop, "Should not be null");
-  INVARIANT(info.ui, "Should not be null");
+  PRECONDITION(info.ns);
+  PRECONDITION(info.prop);
+  PRECONDITION(info.ui);
   return true;
 }
 
+static string_constraint_generatort::infot
+generator_info(const string_refinementt::infot &in)
+{
+  string_constraint_generatort::infot out;
+  out.ns=in.ns;
+  out.string_max_length=in.string_max_length;
+  out.string_printable=in.string_printable;
+  return out;
+}
+
 string_refinementt::string_refinementt(const infot &info, bool):
   supert(*info.ns, *info.prop),
   use_counter_example(false),
   do_concretizing(info.trace),
   initial_loop_bound(info.refinement_bound),
-  generator(*info.ns),
+  generator(generator_info(info)),
   non_empty_string(info.string_non_empty)
 {
   this->set_ui(ui);
-  generator.max_string_length=info.string_max_length;
-  generator.force_printable_characters=info.string_printable;
   this->max_node_refinement=info.max_node_refinement;
   this->do_array_refinement=info.refine_arrays;
   this->do_arithmetic_refinement=info.refine_arithmetic;

From 99c815ef1c5421babc26fafda18ef7f02271aa6c Mon Sep 17 00:00:00 2001
From: "Lukasz A.J. Wrona" <lukasz.andrzej.wrona@gmail.com>
Date: Sat, 26 Aug 2017 13:14:50 +0100
Subject: [PATCH 678/699] Make string_constraint_generatort::fresh_symbol
 non-static

---
 src/solvers/refinement/string_constraint_generator.h        | 6 +++---
 src/solvers/refinement/string_constraint_generator_main.cpp | 4 +---
 2 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/src/solvers/refinement/string_constraint_generator.h b/src/solvers/refinement/string_constraint_generator.h
index 0c3dccb0871..49eb819d0ae 100644
--- a/src/solvers/refinement/string_constraint_generator.h
+++ b/src/solvers/refinement/string_constraint_generator.h
@@ -67,9 +67,7 @@ class string_constraint_generatort final
     return index_exprt(witness.at(c), univ_val);
   }
 
-  static unsigned next_symbol_id;
-
-  static symbol_exprt fresh_symbol(
+  symbol_exprt fresh_symbol(
     const irep_idt &prefix, const typet &type=bool_typet());
   symbol_exprt fresh_exist_index(const irep_idt &prefix, const typet &type);
   symbol_exprt fresh_univ_index(const irep_idt &prefix, const typet &type);
@@ -96,6 +94,8 @@ class string_constraint_generatort final
   class format_specifiert;
 
 private:
+  unsigned m_symbol_count=0;
+
   const messaget m_message;
   const bool force_printable_characters;
 
diff --git a/src/solvers/refinement/string_constraint_generator_main.cpp b/src/solvers/refinement/string_constraint_generator_main.cpp
index bb0df1acf54..12ead6fd13e 100644
--- a/src/solvers/refinement/string_constraint_generator_main.cpp
+++ b/src/solvers/refinement/string_constraint_generator_main.cpp
@@ -26,8 +26,6 @@ Author: Romain Brenguier, romain.brenguier@diffblue.com
 #include <util/pointer_predicates.h>
 #include <util/ssa_expr.h>
 
-unsigned string_constraint_generatort::next_symbol_id=1;
-
 string_constraint_generatort::string_constraint_generatort(
   const string_constraint_generatort::infot& info):
   max_string_length(info.string_max_length),
@@ -71,7 +69,7 @@ symbol_exprt string_constraint_generatort::fresh_symbol(
   const irep_idt &prefix, const typet &type)
 {
   std::ostringstream buf;
-  buf << "string_refinement#" << prefix << "#" << (next_symbol_id++);
+  buf << "string_refinement#" << prefix << "#" << ++m_symbol_count;
   irep_idt name(buf.str());
   return symbol_exprt(name, type);
 }

From abe4046b3cda3756124341761a3e3017d3ec69ff Mon Sep 17 00:00:00 2001
From: "Lukasz A.J. Wrona" <lukasz.andrzej.wrona@gmail.com>
Date: Sat, 26 Aug 2017 18:06:27 +0100
Subject: [PATCH 679/699] Better bv_refinement constructor

---
 src/cbmc/cbmc_solvers.cpp                     | 20 ++++++++-------
 src/solvers/refinement/bv_refinement.h        | 16 ++++++++++--
 src/solvers/refinement/bv_refinement_loop.cpp | 17 +++++--------
 src/solvers/refinement/string_refinement.cpp  | 25 ++++++++++++++++---
 4 files changed, 53 insertions(+), 25 deletions(-)

diff --git a/src/cbmc/cbmc_solvers.cpp b/src/cbmc/cbmc_solvers.cpp
index 8f66bad71be..bb45db31698 100644
--- a/src/cbmc/cbmc_solvers.cpp
+++ b/src/cbmc/cbmc_solvers.cpp
@@ -146,20 +146,22 @@ std::unique_ptr<cbmc_solverst::solvert> cbmc_solverst::get_bv_refinement()
 
   prop->set_message_handler(get_message_handler());
 
-  auto bv_refinement=util_make_unique<bv_refinementt>(ns, *prop);
-  bv_refinement->set_ui(ui);
+  bv_refinementt::infot info;
+  info.ns=&ns;
+  info.prop=prop.get();
+  info.ui=&ui;
 
   // we allow setting some parameters
-  if(options.get_option("max-node-refinement")!="")
-    bv_refinement->max_node_refinement =
+  if(options.get_bool_option("max-node-refinement"))
+    info.max_node_refinement=
       options.get_unsigned_int_option("max-node-refinement");
 
-  bv_refinement->do_array_refinement =
-    options.get_bool_option("refine-arrays");
-  bv_refinement->do_arithmetic_refinement =
-    options.get_bool_option("refine-arithmetic");
+  info.refine_arrays=options.get_bool_option("refine-arrays");
+  info.refine_arithmetic=options.get_bool_option("refine-arithmetic");
 
-  return util_make_unique<solvert>(std::move(bv_refinement), std::move(prop));
+  return util_make_unique<solvert>(
+    util_make_unique<bv_refinementt>(info),
+    std::move(prop));
 }
 
 /// the string refinement adds to the bit vector refinement specifications for
diff --git a/src/solvers/refinement/bv_refinement.h b/src/solvers/refinement/bv_refinement.h
index d1e72e227b3..a81fffa8176 100644
--- a/src/solvers/refinement/bv_refinement.h
+++ b/src/solvers/refinement/bv_refinement.h
@@ -21,8 +21,20 @@ Author: Daniel Kroening, kroening@kroening.com
 class bv_refinementt:public bv_pointerst
 {
 public:
-  bv_refinementt(const namespacet &_ns, propt &_prop);
-  ~bv_refinementt();
+  struct infot
+  {
+    const namespacet *ns=nullptr;
+    propt *prop=nullptr;
+    const language_uit::uit *ui=nullptr;
+    /// Max number of times we refine a formula node
+    unsigned max_node_refinement=5;
+    /// Enable array refinement
+    bool refine_arrays=true;
+    /// Enable arithmetic refinement
+    bool refine_arithmetic=true;
+  };
+
+  bv_refinementt(const infot &info);
 
   virtual decision_proceduret::resultt dec_solve();
 
diff --git a/src/solvers/refinement/bv_refinement_loop.cpp b/src/solvers/refinement/bv_refinement_loop.cpp
index d471326ca0d..d5f5ef1e5d7 100644
--- a/src/solvers/refinement/bv_refinement_loop.cpp
+++ b/src/solvers/refinement/bv_refinement_loop.cpp
@@ -12,14 +12,13 @@ Author: Daniel Kroening, kroening@kroening.com
 
 #include <util/xml.h>
 
-bv_refinementt::bv_refinementt(
-  const namespacet &_ns, propt &_prop):
-  bv_pointerst(_ns, _prop),
-  max_node_refinement(5),
-  do_array_refinement(true),
-  do_arithmetic_refinement(true),
+bv_refinementt::bv_refinementt(const infot &info):
+  bv_pointerst(*info.ns, *info.prop),
+  max_node_refinement(info.max_node_refinement),
+  do_array_refinement(info.refine_arrays),
+  do_arithmetic_refinement(info.refine_arithmetic),
   progress(false),
-  ui(ui_message_handlert::uit::PLAIN)
+  ui(*info.ui)
 {
   // check features we need
   PRECONDITION(prop.has_set_assumptions());
@@ -27,10 +26,6 @@ bv_refinementt::bv_refinementt(
   PRECONDITION(prop.has_is_in_conflict());
 }
 
-bv_refinementt::~bv_refinementt()
-{
-}
-
 decision_proceduret::resultt bv_refinementt::dec_solve()
 {
   // do the usual post-processing
diff --git a/src/solvers/refinement/string_refinement.cpp b/src/solvers/refinement/string_refinement.cpp
index 59c888fe430..60b3294c90d 100644
--- a/src/solvers/refinement/string_refinement.cpp
+++ b/src/solvers/refinement/string_refinement.cpp
@@ -42,6 +42,19 @@ static bool validate(const string_refinementt::infot &info)
   return true;
 }
 
+static bv_refinementt::infot bv_refinement_info(
+  const string_refinementt::infot &in)
+{
+  bv_refinementt::infot out;
+  out.ns=in.ns;
+  out.prop=in.prop;
+  out.ui=in.ui;
+  out.max_node_refinement=in.max_node_refinement;
+  out.refine_arrays=in.refine_arrays;
+  out.refine_arithmetic=in.refine_arithmetic;
+  return out;
+}
+
 static string_constraint_generatort::infot
 generator_info(const string_refinementt::infot &in)
 {
@@ -53,7 +66,7 @@ generator_info(const string_refinementt::infot &in)
 }
 
 string_refinementt::string_refinementt(const infot &info, bool):
-  supert(*info.ns, *info.prop),
+  supert(bv_refinement_info(info)),
   use_counter_example(false),
   do_concretizing(info.trace),
   initial_loop_bound(info.refinement_bound),
@@ -1751,8 +1764,14 @@ bool string_refinementt::is_axiom_sat(
   const exprt &axiom, const symbol_exprt& var, exprt &witness)
 {
   satcheck_no_simplifiert sat_check;
-  supert solver(ns, sat_check);
-  solver.set_ui(ui);
+  supert::infot info;
+  info.ns=&ns;
+  info.prop=&sat_check;
+  info.refine_arithmetic=true;
+  info.refine_arrays=true;
+  info.max_node_refinement=5;
+  info.ui=&ui;
+  supert solver(info);
   solver << axiom;
 
   switch(solver())

From 792a70d361d8c7021c04b2a94e0a8a12cb404867 Mon Sep 17 00:00:00 2001
From: "Lukasz A.J. Wrona" <lukasz.andrzej.wrona@gmail.com>
Date: Sat, 26 Aug 2017 19:12:08 +0100
Subject: [PATCH 680/699] Hide bv_refinement members, add override specifier

---
 src/solvers/refinement/bv_refinement.h       | 63 +++++++++-----------
 src/solvers/refinement/string_refinement.cpp |  8 +--
 2 files changed, 29 insertions(+), 42 deletions(-)

diff --git a/src/solvers/refinement/bv_refinement.h b/src/solvers/refinement/bv_refinement.h
index a81fffa8176..06a9cb2b8c0 100644
--- a/src/solvers/refinement/bv_refinement.h
+++ b/src/solvers/refinement/bv_refinement.h
@@ -36,31 +36,31 @@ class bv_refinementt:public bv_pointerst
 
   bv_refinementt(const infot &info);
 
-  virtual decision_proceduret::resultt dec_solve();
+  decision_proceduret::resultt dec_solve() override;
 
-  virtual std::string decision_procedure_text() const
+  std::string decision_procedure_text() const override
   {
     return "refinement loop with "+prop.solver_text();
   }
 
-  // NOLINTNEXTLINE(readability/identifiers)
-  typedef bv_pointerst SUB;
-
-  // maximal number of times we refine a formula node
-  unsigned max_node_refinement;
-  // enable/disable refinements
-  bool do_array_refinement;
-  bool do_arithmetic_refinement;
+protected:
 
-  using bv_pointerst::is_in_conflict;
+  // Refine array
+  void post_process_arrays() override;
 
-  void set_ui(language_uit::uit _ui) { ui=_ui; }
+  // Refine arithmetic
+  bvt convert_mult(const exprt &expr) override;
+  bvt convert_div(const div_exprt &expr) override;
+  bvt convert_mod(const mod_exprt &expr) override;
+  bvt convert_floatbv_op(const exprt &expr) override;
 
-protected:
-  resultt prop_solve();
+  // Collect stats
+  void set_to(const exprt &expr, bool value) override;
+  void set_assumptions(const bvt &_assumptions) override;
 
+private:
   // the list of operator approximations
-  struct approximationt
+  struct approximationt final
   {
   public:
     explicit approximationt(std::size_t _id_nr):
@@ -92,38 +92,31 @@ class bv_refinementt:public bv_pointerst
   };
 
   typedef std::list<approximationt> approximationst;
-  approximationst approximations;
 
+  resultt prop_solve();
   approximationt &add_approximation(const exprt &expr, bvt &bv);
+  bool is_in_conflict(approximationt &approximation);
   void check_SAT(approximationt &approximation);
   void check_UNSAT(approximationt &approximation);
   void initialize(approximationt &approximation);
   void get_values(approximationt &approximation);
-  bool is_in_conflict(approximationt &approximation);
-
-  virtual void check_SAT();
-  virtual void check_UNSAT();
-  bool progress;
-
-  // we refine the theory of arrays
-  virtual void post_process_arrays();
+  void check_SAT();
+  void check_UNSAT();
   void arrays_overapproximated();
   void freeze_lazy_constraints();
 
-  // we refine expensive arithmetic
-  virtual bvt convert_mult(const exprt &expr);
-  virtual bvt convert_div(const div_exprt &expr);
-  virtual bvt convert_mod(const mod_exprt &expr);
-  virtual bvt convert_floatbv_op(const exprt &expr);
-
-  // for collecting statistics
-  virtual void set_to(const exprt &expr, bool value);
-
-  // overloading
-  virtual void set_assumptions(const bvt &_assumptions);
+  // MEMBERS
 
+  // Maximum number of times we refine a formula node
+  const unsigned max_node_refinement;
+  // Refinement toggles
+  const bool do_array_refinement;
+  const bool do_arithmetic_refinement;
+  bool progress;
+  std::list<approximationt> approximations;
   bvt parent_assumptions;
 
+protected:
   // use gui format
   language_uit::uit ui;
 };
diff --git a/src/solvers/refinement/string_refinement.cpp b/src/solvers/refinement/string_refinement.cpp
index 60b3294c90d..3c72bd4f1b3 100644
--- a/src/solvers/refinement/string_refinement.cpp
+++ b/src/solvers/refinement/string_refinement.cpp
@@ -71,13 +71,7 @@ string_refinementt::string_refinementt(const infot &info, bool):
   do_concretizing(info.trace),
   initial_loop_bound(info.refinement_bound),
   generator(generator_info(info)),
-  non_empty_string(info.string_non_empty)
-{
-  this->set_ui(ui);
-  this->max_node_refinement=info.max_node_refinement;
-  this->do_array_refinement=info.refine_arrays;
-  this->do_arithmetic_refinement=info.refine_arithmetic;
-}
+  non_empty_string(info.string_non_empty) { }
 
 string_refinementt::string_refinementt(const infot &info):
   string_refinementt(info, validate(info)) { }

From 07f6b394912c87bbff9abb04943039bc03db9fe8 Mon Sep 17 00:00:00 2001
From: "Lukasz A.J. Wrona" <lukasz.andrzej.wrona@gmail.com>
Date: Sat, 26 Aug 2017 19:03:29 +0100
Subject: [PATCH 681/699] Remove unnecessary typedef

---
 src/solvers/refinement/bv_refinement.h        |  4 +--
 src/solvers/refinement/bv_refinement_loop.cpp | 25 +++++++------------
 2 files changed, 10 insertions(+), 19 deletions(-)

diff --git a/src/solvers/refinement/bv_refinement.h b/src/solvers/refinement/bv_refinement.h
index 06a9cb2b8c0..4ba483f79ea 100644
--- a/src/solvers/refinement/bv_refinement.h
+++ b/src/solvers/refinement/bv_refinement.h
@@ -91,8 +91,6 @@ class bv_refinementt:public bv_pointerst
     std::size_t id_nr;
   };
 
-  typedef std::list<approximationt> approximationst;
-
   resultt prop_solve();
   approximationt &add_approximation(const exprt &expr, bvt &bv);
   bool is_in_conflict(approximationt &approximation);
@@ -113,7 +111,7 @@ class bv_refinementt:public bv_pointerst
   const bool do_array_refinement;
   const bool do_arithmetic_refinement;
   bool progress;
-  std::list<approximationt> approximations;
+  std::vector<approximationt> approximations;
   bvt parent_assumptions;
 
 protected:
diff --git a/src/solvers/refinement/bv_refinement_loop.cpp b/src/solvers/refinement/bv_refinement_loop.cpp
index d5f5ef1e5d7..9deb5508076 100644
--- a/src/solvers/refinement/bv_refinement_loop.cpp
+++ b/src/solvers/refinement/bv_refinement_loop.cpp
@@ -91,17 +91,16 @@ decision_proceduret::resultt bv_refinementt::prop_solve()
   // this puts the underapproximations into effect
   bvt assumptions=parent_assumptions;
 
-  for(approximationst::const_iterator
-      a_it=approximations.begin();
-      a_it!=approximations.end();
-      a_it++)
+  for(const approximationt &approximation : approximations)
   {
     assumptions.insert(
       assumptions.end(),
-      a_it->over_assumptions.begin(), a_it->over_assumptions.end());
+      approximation.over_assumptions.begin(),
+      approximation.over_assumptions.end());
     assumptions.insert(
       assumptions.end(),
-      a_it->under_assumptions.begin(), a_it->under_assumptions.end());
+      approximation.under_assumptions.begin(),
+      approximation.under_assumptions.end());
   }
 
   prop.set_assumptions(assumptions);
@@ -122,22 +121,16 @@ void bv_refinementt::check_SAT()
 
   arrays_overapproximated();
 
-  for(approximationst::iterator
-      a_it=approximations.begin();
-      a_it!=approximations.end();
-      a_it++)
-    check_SAT(*a_it);
+  for(approximationt &approximation : this->approximations)
+    check_SAT(approximation);
 }
 
 void bv_refinementt::check_UNSAT()
 {
   progress=false;
 
-  for(approximationst::iterator
-      a_it=approximations.begin();
-      a_it!=approximations.end();
-      a_it++)
-    check_UNSAT(*a_it);
+  for(approximationt &approximation : this->approximations)
+    check_UNSAT(approximation);
 }
 
 void bv_refinementt::set_to(const exprt &expr, bool value)

From 50173d60b2913e8c761911bb69eccae28c883e73 Mon Sep 17 00:00:00 2001
From: "Lukasz A.J. Wrona" <lukasz.andrzej.wrona@gmail.com>
Date: Sat, 26 Aug 2017 21:49:38 +0100
Subject: [PATCH 682/699] Make some string_constraint_generator methods static

---
 src/solvers/refinement/string_constraint_generator.h | 12 ++++++------
 .../string_constraint_generator_code_points.cpp      |  4 ++--
 .../string_constraint_generator_testing.cpp          |  2 +-
 .../string_constraint_generator_valueof.cpp          |  2 +-
 4 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/src/solvers/refinement/string_constraint_generator.h b/src/solvers/refinement/string_constraint_generator.h
index 49eb819d0ae..9bc930c777f 100644
--- a/src/solvers/refinement/string_constraint_generator.h
+++ b/src/solvers/refinement/string_constraint_generator.h
@@ -353,13 +353,13 @@ class string_constraint_generatort final
   }
 
   // Helper functions
-  exprt int_of_hex_char(const exprt &chr) const;
-  exprt is_high_surrogate(const exprt &chr) const;
-  exprt is_low_surrogate(const exprt &chr) const;
-  exprt character_equals_ignore_case(
+  static exprt int_of_hex_char(const exprt &chr);
+  static exprt is_high_surrogate(const exprt &chr);
+  static exprt is_low_surrogate(const exprt &chr);
+  static exprt character_equals_ignore_case(
     exprt char1, exprt char2, exprt char_a, exprt char_A, exprt char_Z);
-  bool is_constant_string(const string_exprt &expr) const;
-  string_exprt empty_string(const refined_string_typet &ref_type);
+  static bool is_constant_string(const string_exprt &expr);
+  static string_exprt empty_string(const refined_string_typet &ref_type);
   unsigned long to_integer_or_default(const exprt &expr, unsigned long def);
 };
 
diff --git a/src/solvers/refinement/string_constraint_generator_code_points.cpp b/src/solvers/refinement/string_constraint_generator_code_points.cpp
index d539e8d9e9e..e6c39598aa3 100644
--- a/src/solvers/refinement/string_constraint_generator_code_points.cpp
+++ b/src/solvers/refinement/string_constraint_generator_code_points.cpp
@@ -79,7 +79,7 @@ string_exprt string_constraint_generatort::add_axioms_for_code_point(
 /// 0xD800..0xDBFF
 /// \par parameters: a character expression
 /// \return a Boolean expression
-exprt string_constraint_generatort::is_high_surrogate(const exprt &chr) const
+exprt string_constraint_generatort::is_high_surrogate(const exprt &chr)
 {
   return and_exprt(
     binary_relation_exprt(chr, ID_ge, constant_char(0xD800, chr.type())),
@@ -92,7 +92,7 @@ exprt string_constraint_generatort::is_high_surrogate(const exprt &chr) const
 /// 0xDC00..0xDFFF
 /// \par parameters: a character expression
 /// \return a Boolean expression
-exprt string_constraint_generatort::is_low_surrogate(const exprt &chr) const
+exprt string_constraint_generatort::is_low_surrogate(const exprt &chr)
 {
   return and_exprt(
     binary_relation_exprt(chr, ID_ge, constant_char(0xDC00, chr.type())),
diff --git a/src/solvers/refinement/string_constraint_generator_testing.cpp b/src/solvers/refinement/string_constraint_generator_testing.cpp
index 69ee6e40cbc..4aa29969eb7 100644
--- a/src/solvers/refinement/string_constraint_generator_testing.cpp
+++ b/src/solvers/refinement/string_constraint_generator_testing.cpp
@@ -163,7 +163,7 @@ exprt string_constraint_generatort::add_axioms_for_is_suffix(
 /// \param expr: a string expression
 /// \return a Boolean
 bool string_constraint_generatort::is_constant_string(
-  const string_exprt &expr) const
+  const string_exprt &expr)
 {
   if(expr.id()!=ID_struct ||
      expr.operands().size()!=2 ||
diff --git a/src/solvers/refinement/string_constraint_generator_valueof.cpp b/src/solvers/refinement/string_constraint_generator_valueof.cpp
index 1c215db583b..850e45ca281 100644
--- a/src/solvers/refinement/string_constraint_generator_valueof.cpp
+++ b/src/solvers/refinement/string_constraint_generator_valueof.cpp
@@ -189,7 +189,7 @@ string_exprt string_constraint_generatort::add_axioms_from_int_with_radix(
 /// \param chr: a character expression in the following set:
 ///   0123456789abcdef
 /// \return an integer expression
-exprt string_constraint_generatort::int_of_hex_char(const exprt &chr) const
+exprt string_constraint_generatort::int_of_hex_char(const exprt &chr)
 {
   exprt zero_char=constant_char('0', chr.type());
   exprt nine_char=constant_char('9', chr.type());

From aa85392094e916f38b7e07f11446798b53ec3dcb Mon Sep 17 00:00:00 2001
From: "Lukasz A.J. Wrona" <lukasz.andrzej.wrona@gmail.com>
Date: Sat, 26 Aug 2017 22:00:55 +0100
Subject: [PATCH 683/699] Make more generator methods private

---
 .../refinement/string_constraint_generator.h  | 25 ++++++++++---------
 1 file changed, 13 insertions(+), 12 deletions(-)

diff --git a/src/solvers/refinement/string_constraint_generator.h b/src/solvers/refinement/string_constraint_generator.h
index 9bc930c777f..c9cbaf8f056 100644
--- a/src/solvers/refinement/string_constraint_generator.h
+++ b/src/solvers/refinement/string_constraint_generator.h
@@ -33,6 +33,9 @@ class string_constraint_generatort final
   // string constraints for different string functions and add them
   // to the axiom list.
 
+  // Used by format function
+  class format_specifiert;
+
   /// Arguments pack for the string_constraint_generator constructor
   struct infot
   {
@@ -69,31 +72,29 @@ class string_constraint_generatort final
 
   symbol_exprt fresh_symbol(
     const irep_idt &prefix, const typet &type=bool_typet());
-  symbol_exprt fresh_exist_index(const irep_idt &prefix, const typet &type);
   symbol_exprt fresh_univ_index(const irep_idt &prefix, const typet &type);
-  symbol_exprt fresh_boolean(const irep_idt &prefix);
-  string_exprt fresh_string(const refined_string_typet &type);
-  string_exprt get_string_expr(const exprt &expr);
-  plus_exprt plus_exprt_with_overflow_check(const exprt &op1, const exprt &op2);
 
   // Maps unresolved symbols to the string_exprt that was created for them
 
   // Set of strings that have been created by the generator
   std::set<string_exprt> created_strings;
 
-  string_exprt find_or_add_string_of_symbol(
-    const symbol_exprt &sym,
-    const refined_string_typet &ref_type);
-
   string_exprt add_axioms_for_refined_string(const exprt &expr);
 
   exprt add_axioms_for_function_application(
     const function_application_exprt &expr);
 
-  // Used by format function
-  class format_specifiert;
-
 private:
+  symbol_exprt fresh_exist_index(const irep_idt &prefix, const typet &type);
+  symbol_exprt fresh_boolean(const irep_idt &prefix);
+  string_exprt fresh_string(const refined_string_typet &type);
+  string_exprt get_string_expr(const exprt &expr);
+  plus_exprt plus_exprt_with_overflow_check(const exprt &op1, const exprt &op2);
+
+  string_exprt find_or_add_string_of_symbol(
+    const symbol_exprt &sym,
+    const refined_string_typet &ref_type);
+
   unsigned m_symbol_count=0;
 
   const messaget m_message;

From 5368c8c2a3e66723ef40b5a1508cb9df7d5008ed Mon Sep 17 00:00:00 2001
From: "Lukasz A.J. Wrona" <lukasz.andrzej.wrona@gmail.com>
Date: Sat, 26 Aug 2017 22:09:29 +0100
Subject: [PATCH 684/699] Private get_created_strings

---
 src/solvers/refinement/string_constraint_generator.h     | 9 ++++++---
 .../refinement/string_constraint_generator_main.cpp      | 6 ++++++
 src/solvers/refinement/string_refinement.cpp             | 4 ++--
 3 files changed, 14 insertions(+), 5 deletions(-)

diff --git a/src/solvers/refinement/string_constraint_generator.h b/src/solvers/refinement/string_constraint_generator.h
index c9cbaf8f056..df161100f60 100644
--- a/src/solvers/refinement/string_constraint_generator.h
+++ b/src/solvers/refinement/string_constraint_generator.h
@@ -60,6 +60,9 @@ class string_constraint_generatort final
   /// Symbols used in existential quantifications
   const std::vector<symbol_exprt> &get_index_symbols() const;
 
+  // Set of strings that have been created by the generator
+  const std::set<string_exprt> &get_created_strings() const;
+
   // Used to store information about witnesses for not_contains constraints
   std::map<string_not_contains_constraintt, symbol_exprt> witness;
 
@@ -76,15 +79,15 @@ class string_constraint_generatort final
 
   // Maps unresolved symbols to the string_exprt that was created for them
 
-  // Set of strings that have been created by the generator
-  std::set<string_exprt> created_strings;
-
   string_exprt add_axioms_for_refined_string(const exprt &expr);
 
   exprt add_axioms_for_function_application(
     const function_application_exprt &expr);
 
 private:
+
+  std::set<string_exprt> created_strings;
+
   symbol_exprt fresh_exist_index(const irep_idt &prefix, const typet &type);
   symbol_exprt fresh_boolean(const irep_idt &prefix);
   string_exprt fresh_string(const refined_string_typet &type);
diff --git a/src/solvers/refinement/string_constraint_generator_main.cpp b/src/solvers/refinement/string_constraint_generator_main.cpp
index 12ead6fd13e..e0caa7bed65 100644
--- a/src/solvers/refinement/string_constraint_generator_main.cpp
+++ b/src/solvers/refinement/string_constraint_generator_main.cpp
@@ -49,6 +49,12 @@ const std::vector<symbol_exprt>
   return this->boolean_symbols;
 }
 
+const std::set<string_exprt>
+&string_constraint_generatort::get_created_strings() const
+{
+  return this->created_strings;
+}
+
 /// generate constant character expression with character type.
 /// \par parameters: integer representing a character, and a type for
 ///   characters;
diff --git a/src/solvers/refinement/string_refinement.cpp b/src/solvers/refinement/string_refinement.cpp
index 3c72bd4f1b3..65a38bd7c0b 100644
--- a/src/solvers/refinement/string_refinement.cpp
+++ b/src/solvers/refinement/string_refinement.cpp
@@ -379,7 +379,7 @@ void string_refinementt::concretize_results()
 {
   for(const auto &it : symbol_resolve)
     concretize_string(it.second);
-  for(const auto &it : generator.created_strings)
+  for(const auto &it : generator.get_created_strings())
     concretize_string(it);
   add_instantiations();
 }
@@ -399,7 +399,7 @@ void string_refinementt::concretize_lengths()
       found_length[content]=length;
      }
   }
-  for(const auto &it : generator.created_strings)
+  for(const auto &it : generator.get_created_strings())
   {
     if(is_refined_string_type(it.type()))
     {

From a440da73462f3d61d5138c73ff875ca0cf55dfa3 Mon Sep 17 00:00:00 2001
From: "Lukasz A.J. Wrona" <lukasz.andrzej.wrona@gmail.com>
Date: Sat, 26 Aug 2017 22:29:19 +0100
Subject: [PATCH 685/699] Group generator's member variables

---
 .../refinement/string_constraint_generator.h  | 71 +++++++++----------
 1 file changed, 35 insertions(+), 36 deletions(-)

diff --git a/src/solvers/refinement/string_constraint_generator.h b/src/solvers/refinement/string_constraint_generator.h
index df161100f60..8e30612c8d8 100644
--- a/src/solvers/refinement/string_constraint_generator.h
+++ b/src/solvers/refinement/string_constraint_generator.h
@@ -48,8 +48,6 @@ class string_constraint_generatort final
 
   explicit string_constraint_generatort(const infot& info);
 
-  const size_t max_string_length;
-
   // Axioms are of three kinds: universally quantified string constraint,
   // not contains string constraints and simple formulas.
   const std::vector<exprt> &get_axioms() const;
@@ -63,9 +61,6 @@ class string_constraint_generatort final
   // Set of strings that have been created by the generator
   const std::set<string_exprt> &get_created_strings() const;
 
-  // Used to store information about witnesses for not_contains constraints
-  std::map<string_not_contains_constraintt, symbol_exprt> witness;
-
   exprt get_witness_of(
     const string_not_contains_constraintt &c,
     const exprt &univ_val) const
@@ -86,8 +81,6 @@ class string_constraint_generatort final
 
 private:
 
-  std::set<string_exprt> created_strings;
-
   symbol_exprt fresh_exist_index(const irep_idt &prefix, const typet &type);
   symbol_exprt fresh_boolean(const irep_idt &prefix);
   string_exprt fresh_string(const refined_string_typet &type);
@@ -98,27 +91,7 @@ class string_constraint_generatort final
     const symbol_exprt &sym,
     const refined_string_typet &ref_type);
 
-  unsigned m_symbol_count=0;
-
-  const messaget m_message;
-  const bool force_printable_characters;
-
-  std::vector<exprt> axioms;
-  std::map<irep_idt, string_exprt> unresolved_symbols;
-  std::vector<symbol_exprt> boolean_symbols;
-  std::vector<symbol_exprt> index_symbols;
   static constant_exprt constant_char(int i, const typet &char_type);
-  // The integer with the longest string is Integer.MIN_VALUE which is -2^31,
-  // that is -2147483648 so takes 11 characters to write.
-  // The long with the longest string is Long.MIN_VALUE which is -2^63,
-  // approximately -9.223372037*10^18 so takes 20 characters to write.
-  constexpr static const std::size_t MAX_INTEGER_LENGTH=11;
-  constexpr static const std::size_t MAX_LONG_LENGTH=20;
-  constexpr static const std::size_t MAX_FLOAT_LENGTH=15;
-  constexpr static const std::size_t MAX_DOUBLE_LENGTH=30;
-
-  std::map<function_application_exprt, exprt> function_application_cache;
-  const namespacet ns;
 
   static irep_idt extract_java_string(const symbol_exprt &s);
 
@@ -142,9 +115,6 @@ class string_constraint_generatort final
   // The specification is partial: the actual value is not actually computed
   // but we ensure that hash codes of equal strings are equal.
   exprt add_axioms_for_hash_code(const function_application_exprt &f);
-  // To each string on which hash_code was called we associate a symbol
-  // representing the return value of the hash_code function.
-  std::map<string_exprt, exprt> hash_code_of_string;
 
   exprt add_axioms_for_is_empty(const function_application_exprt &f);
   exprt add_axioms_for_is_prefix(
@@ -341,12 +311,6 @@ class string_constraint_generatort final
   // string pointers
   symbol_exprt add_axioms_for_intern(const function_application_exprt &f);
 
-  // Pool used for the intern method
-  std::map<string_exprt, symbol_exprt> intern_of_string;
-
-  // Tells which language is used. C and Java are supported
-  irep_idt mode;
-
   // assert that the number of argument is equal to nb and extract them
   static const function_application_exprt::argumentst &args(
     const function_application_exprt &expr, size_t nb)
@@ -365,6 +329,41 @@ class string_constraint_generatort final
   static bool is_constant_string(const string_exprt &expr);
   static string_exprt empty_string(const refined_string_typet &ref_type);
   unsigned long to_integer_or_default(const exprt &expr, unsigned long def);
+
+  // MEMBERS
+public:
+  // Used to store information about witnesses for not_contains constraints
+  const size_t max_string_length;
+  std::map<string_not_contains_constraintt, symbol_exprt> witness;
+private:
+  // The integer with the longest string is Integer.MIN_VALUE which is -2^31,
+  // that is -2147483648 so takes 11 characters to write.
+  // The long with the longest string is Long.MIN_VALUE which is -2^63,
+  // approximately -9.223372037*10^18 so takes 20 characters to write.
+  constexpr static const std::size_t MAX_INTEGER_LENGTH=11;
+  constexpr static const std::size_t MAX_LONG_LENGTH=20;
+  constexpr static const std::size_t MAX_FLOAT_LENGTH=15;
+  constexpr static const std::size_t MAX_DOUBLE_LENGTH=30;
+  std::set<string_exprt> created_strings;
+  unsigned m_symbol_count=0;
+  const messaget m_message;
+  const bool force_printable_characters;
+
+  std::vector<exprt> axioms;
+  std::map<irep_idt, string_exprt> unresolved_symbols;
+  std::vector<symbol_exprt> boolean_symbols;
+  std::vector<symbol_exprt> index_symbols;
+  std::map<function_application_exprt, exprt> function_application_cache;
+  const namespacet ns;
+  // To each string on which hash_code was called we associate a symbol
+  // representing the return value of the hash_code function.
+  std::map<string_exprt, exprt> hash_code_of_string;
+
+  // Pool used for the intern method
+  std::map<string_exprt, symbol_exprt> intern_of_string;
+
+  // Tells which language is used. C and Java are supported
+  irep_idt mode;
 };
 
 exprt is_digit_with_radix(

From 01c6767bb8f127406d6e61e2301926502d5cb6fb Mon Sep 17 00:00:00 2001
From: "Lukasz A.J. Wrona" <lukasz.andrzej.wrona@gmail.com>
Date: Sat, 26 Aug 2017 22:39:48 +0100
Subject: [PATCH 686/699] Rename axioms to m_axioms

---
 .../refinement/string_constraint_generator.h  |  6 +--
 ...tring_constraint_generator_code_points.cpp | 26 +++++-----
 ...string_constraint_generator_comparison.cpp | 26 +++++-----
 .../string_constraint_generator_concat.cpp    |  8 ++--
 .../string_constraint_generator_constants.cpp |  4 +-
 .../string_constraint_generator_float.cpp     |  6 +--
 .../string_constraint_generator_indexof.cpp   | 40 ++++++++--------
 .../string_constraint_generator_main.cpp      | 28 +++++------
 .../string_constraint_generator_testing.cpp   | 26 +++++-----
 ...ng_constraint_generator_transformation.cpp | 48 +++++++++----------
 .../string_constraint_generator_valueof.cpp   | 40 ++++++++--------
 11 files changed, 129 insertions(+), 129 deletions(-)

diff --git a/src/solvers/refinement/string_constraint_generator.h b/src/solvers/refinement/string_constraint_generator.h
index 8e30612c8d8..885e40497f3 100644
--- a/src/solvers/refinement/string_constraint_generator.h
+++ b/src/solvers/refinement/string_constraint_generator.h
@@ -344,12 +344,12 @@ class string_constraint_generatort final
   constexpr static const std::size_t MAX_LONG_LENGTH=20;
   constexpr static const std::size_t MAX_FLOAT_LENGTH=15;
   constexpr static const std::size_t MAX_DOUBLE_LENGTH=30;
-  std::set<string_exprt> created_strings;
+  std::set<string_exprt> m_created_strings;
   unsigned m_symbol_count=0;
   const messaget m_message;
-  const bool force_printable_characters;
+  const bool m_force_printable_characters;
 
-  std::vector<exprt> axioms;
+  std::vector<exprt> m_axioms;
   std::map<irep_idt, string_exprt> unresolved_symbols;
   std::vector<symbol_exprt> boolean_symbols;
   std::vector<symbol_exprt> index_symbols;
diff --git a/src/solvers/refinement/string_constraint_generator_code_points.cpp b/src/solvers/refinement/string_constraint_generator_code_points.cpp
index e6c39598aa3..55b914d1aa7 100644
--- a/src/solvers/refinement/string_constraint_generator_code_points.cpp
+++ b/src/solvers/refinement/string_constraint_generator_code_points.cpp
@@ -48,27 +48,27 @@ string_exprt string_constraint_generatort::add_axioms_for_code_point(
 
   binary_relation_exprt small(code_point, ID_lt, hex010000);
   implies_exprt a1(small, res.axiom_for_has_length(1));
-  axioms.push_back(a1);
+  m_axioms.push_back(a1);
 
   implies_exprt a2(not_exprt(small), res.axiom_for_has_length(2));
-  axioms.push_back(a2);
+  m_axioms.push_back(a2);
 
   typecast_exprt code_point_as_char(code_point, ref_type.get_char_type());
   implies_exprt a3(small, equal_exprt(res[0], code_point_as_char));
-  axioms.push_back(a3);
+  m_axioms.push_back(a3);
 
   plus_exprt first_char(
     hexD800, div_exprt(minus_exprt(code_point, hex010000), hex0400));
   implies_exprt a4(
     not_exprt(small),
     equal_exprt(res[0], typecast_exprt(first_char, ref_type.get_char_type())));
-  axioms.push_back(a4);
+  m_axioms.push_back(a4);
 
   plus_exprt second_char(hexDC00, mod_exprt(code_point, hex0400));
   implies_exprt a5(
     not_exprt(small),
     equal_exprt(res[1], typecast_exprt(second_char, ref_type.get_char_type())));
-  axioms.push_back(a5);
+  m_axioms.push_back(a5);
 
   return res;
 }
@@ -141,8 +141,8 @@ exprt string_constraint_generatort::add_axioms_for_code_point_at(
     str[plus_exprt_with_overflow_check(pos, index1)]);
   exprt return_pair=and_exprt(is_high_surrogate(str[pos]), is_low);
 
-  axioms.push_back(implies_exprt(return_pair, equal_exprt(result, pair)));
-  axioms.push_back(
+  m_axioms.push_back(implies_exprt(return_pair, equal_exprt(result, pair)));
+  m_axioms.push_back(
     implies_exprt(not_exprt(return_pair), equal_exprt(result, char1_as_int)));
   return result;
 }
@@ -172,8 +172,8 @@ exprt string_constraint_generatort::add_axioms_for_code_point_before(
   exprt return_pair=and_exprt(
     is_high_surrogate(char1), is_low_surrogate(char2));
 
-  axioms.push_back(implies_exprt(return_pair, equal_exprt(result, pair)));
-  axioms.push_back(
+  m_axioms.push_back(implies_exprt(return_pair, equal_exprt(result, pair)));
+  m_axioms.push_back(
     implies_exprt(not_exprt(return_pair), equal_exprt(result, char2_as_int)));
   return result;
 }
@@ -193,8 +193,8 @@ exprt string_constraint_generatort::add_axioms_for_code_point_count(
   symbol_exprt result=fresh_symbol("code_point_count", return_type);
   minus_exprt length(end, begin);
   div_exprt minimum(length, from_integer(2, length.type()));
-  axioms.push_back(binary_relation_exprt(result, ID_le, length));
-  axioms.push_back(binary_relation_exprt(result, ID_ge, minimum));
+  m_axioms.push_back(binary_relation_exprt(result, ID_le, length));
+  m_axioms.push_back(binary_relation_exprt(result, ID_ge, minimum));
 
   return result;
 }
@@ -217,8 +217,8 @@ exprt string_constraint_generatort::add_axioms_for_offset_by_code_point(
   exprt minimum=plus_exprt_with_overflow_check(index, offset);
   exprt maximum=plus_exprt_with_overflow_check(
     index, plus_exprt_with_overflow_check(offset, offset));
-  axioms.push_back(binary_relation_exprt(result, ID_le, maximum));
-  axioms.push_back(binary_relation_exprt(result, ID_ge, minimum));
+  m_axioms.push_back(binary_relation_exprt(result, ID_le, maximum));
+  m_axioms.push_back(binary_relation_exprt(result, ID_ge, minimum));
 
   return result;
 }
diff --git a/src/solvers/refinement/string_constraint_generator_comparison.cpp b/src/solvers/refinement/string_constraint_generator_comparison.cpp
index aa14d4192e8..3e81a742417 100644
--- a/src/solvers/refinement/string_constraint_generator_comparison.cpp
+++ b/src/solvers/refinement/string_constraint_generator_comparison.cpp
@@ -39,11 +39,11 @@ exprt string_constraint_generatort::add_axioms_for_equals(
   //       || (witness<s1.length &&s1[witness]!=s2[witness])
 
   implies_exprt a1(eq, s1.axiom_for_has_same_length_as(s2));
-  axioms.push_back(a1);
+  m_axioms.push_back(a1);
 
   symbol_exprt qvar=fresh_univ_index("QA_equal", index_type);
   string_constraintt a2(qvar, s1.length(), eq, equal_exprt(s1[qvar], s2[qvar]));
-  axioms.push_back(a2);
+  m_axioms.push_back(a2);
 
   symbol_exprt witness=fresh_exist_index("witness_unequal", index_type);
   exprt zero=from_integer(0, index_type);
@@ -55,7 +55,7 @@ exprt string_constraint_generatort::add_axioms_for_equals(
     notequal_exprt(s1.length(), s2.length()),
     equal_exprt(witness, from_integer(-1, index_type)));
   implies_exprt a3(not_exprt(eq), or_exprt(diff_length, witnessing));
-  axioms.push_back(a3);
+  m_axioms.push_back(a3);
 
   return tc_eq;
 }
@@ -117,13 +117,13 @@ exprt string_constraint_generatort::add_axioms_for_equals_ignore_case(
   // a3 : !eq => |s1|!=s2 || (0 <=witness<|s1| &&!char_equal_ignore_case)
 
   implies_exprt a1(eq, s1.axiom_for_has_same_length_as(s2));
-  axioms.push_back(a1);
+  m_axioms.push_back(a1);
 
   symbol_exprt qvar=fresh_univ_index("QA_equal_ignore_case", index_type);
   exprt constr2=character_equals_ignore_case(
     s1[qvar], s2[qvar], char_a, char_A, char_Z);
   string_constraintt a2(qvar, s1.length(), eq, constr2);
-  axioms.push_back(a2);
+  m_axioms.push_back(a2);
 
   symbol_exprt witness=fresh_exist_index(
     "witness_unequal_ignore_case", index_type);
@@ -139,7 +139,7 @@ exprt string_constraint_generatort::add_axioms_for_equals_ignore_case(
     or_exprt(
       notequal_exprt(s1.length(), s2.length()),
       and_exprt(bound_witness, witness_diff)));
-  axioms.push_back(a3);
+  m_axioms.push_back(a3);
 
   return tc_eq;
 }
@@ -177,7 +177,7 @@ exprt string_constraint_generatort::add_axioms_for_hash_code(
         and_exprt(
           str.axiom_for_length_gt(i),
           axiom_for_is_positive_index(i))));
-    axioms.push_back(or_exprt(c1, or_exprt(c2, c3)));
+    m_axioms.push_back(or_exprt(c1, or_exprt(c2, c3)));
   }
   return hash;
 }
@@ -211,11 +211,11 @@ exprt string_constraint_generatort::add_axioms_for_compare_to(
 
   equal_exprt res_null=equal_exprt(res, from_integer(0, return_type));
   implies_exprt a1(res_null, s1.axiom_for_has_same_length_as(s2));
-  axioms.push_back(a1);
+  m_axioms.push_back(a1);
 
   symbol_exprt i=fresh_univ_index("QA_compare_to", index_type);
   string_constraintt a2(i, s1.length(), res_null, equal_exprt(s1[i], s2[i]));
-  axioms.push_back(a2);
+  m_axioms.push_back(a2);
 
   symbol_exprt x=fresh_exist_index("index_compare_to", index_type);
   equal_exprt ret_char_diff(
@@ -242,12 +242,12 @@ exprt string_constraint_generatort::add_axioms_for_compare_to(
     and_exprt(
       binary_relation_exprt(x, ID_ge, from_integer(0, return_type)),
       or_exprt(cond1, cond2)));
-  axioms.push_back(a3);
+  m_axioms.push_back(a3);
 
   symbol_exprt i2=fresh_univ_index("QA_compare_to", index_type);
   string_constraintt a4(
     i2, x, not_exprt(res_null), equal_exprt(s1[i2], s2[i2]));
-  axioms.push_back(a4);
+  m_axioms.push_back(a4);
 
   return res;
 }
@@ -279,7 +279,7 @@ symbol_exprt string_constraint_generatort::add_axioms_for_intern(
     disj=or_exprt(
       disj, equal_exprt(intern, it.second));
 
-  axioms.push_back(disj);
+  m_axioms.push_back(disj);
 
 
   // WARNING: the specification may be incomplete or incorrect
@@ -287,7 +287,7 @@ symbol_exprt string_constraint_generatort::add_axioms_for_intern(
     if(it.second!=str)
     {
       symbol_exprt i=fresh_exist_index("index_intern", index_type);
-      axioms.push_back(
+      m_axioms.push_back(
         or_exprt(
           equal_exprt(it.second, intern),
           or_exprt(
diff --git a/src/solvers/refinement/string_constraint_generator_concat.cpp b/src/solvers/refinement/string_constraint_generator_concat.cpp
index 40a59265c89..3f4f607addd 100644
--- a/src/solvers/refinement/string_constraint_generator_concat.cpp
+++ b/src/solvers/refinement/string_constraint_generator_concat.cpp
@@ -46,20 +46,20 @@ string_exprt string_constraint_generatort::add_axioms_for_concat_substr(
   exprt res_length=plus_exprt_with_overflow_check(
     s1.length(), minus_exprt(end_index, start_index));
   implies_exprt a1(prem, equal_exprt(res.length(), res_length));
-  axioms.push_back(a1);
+  m_axioms.push_back(a1);
 
   implies_exprt a2(not_exprt(prem), equal_exprt(res.length(), s1.length()));
-  axioms.push_back(a2);
+  m_axioms.push_back(a2);
 
   symbol_exprt idx=fresh_univ_index("QA_index_concat", res.length().type());
   string_constraintt a3(idx, s1.length(), equal_exprt(s1[idx], res[idx]));
-  axioms.push_back(a3);
+  m_axioms.push_back(a3);
 
   symbol_exprt idx2=fresh_univ_index("QA_index_concat2", res.length().type());
   equal_exprt res_eq(
     res[plus_exprt(idx2, s1.length())], s2[plus_exprt(start_index, idx2)]);
   string_constraintt a4(idx2, minus_exprt(end_index, start_index), res_eq);
-  axioms.push_back(a4);
+  m_axioms.push_back(a4);
 
   return res;
 }
diff --git a/src/solvers/refinement/string_constraint_generator_constants.cpp b/src/solvers/refinement/string_constraint_generator_constants.cpp
index 13fea55161c..d701d27a583 100644
--- a/src/solvers/refinement/string_constraint_generator_constants.cpp
+++ b/src/solvers/refinement/string_constraint_generator_constants.cpp
@@ -40,12 +40,12 @@ string_exprt string_constraint_generatort::add_axioms_for_constant(
     exprt idx=from_integer(i, ref_type.get_index_type());
     exprt c=from_integer(str[i], ref_type.get_char_type());
     equal_exprt lemma(res[idx], c);
-    axioms.push_back(lemma);
+    m_axioms.push_back(lemma);
   }
 
   exprt s_length=from_integer(str.size(), ref_type.get_index_type());
 
-  axioms.push_back(res.axiom_for_has_length(s_length));
+  m_axioms.push_back(res.axiom_for_has_length(s_length));
   return res;
 }
 
diff --git a/src/solvers/refinement/string_constraint_generator_float.cpp b/src/solvers/refinement/string_constraint_generator_float.cpp
index d164ad54264..da085756115 100644
--- a/src/solvers/refinement/string_constraint_generator_float.cpp
+++ b/src/solvers/refinement/string_constraint_generator_float.cpp
@@ -237,7 +237,7 @@ string_exprt string_constraint_generatort::add_axioms_for_fractional_part(
 
   and_exprt a1(res.axiom_for_length_gt(1),
                res.axiom_for_length_le(max));
-  axioms.push_back(a1);
+  m_axioms.push_back(a1);
 
   equal_exprt starts_with_dot(res[0], from_integer('.', char_type));
 
@@ -275,10 +275,10 @@ string_exprt string_constraint_generatort::add_axioms_for_fractional_part(
   }
 
   exprt a2=conjunction(digit_constraints);
-  axioms.push_back(a2);
+  m_axioms.push_back(a2);
 
   equal_exprt a3(int_expr, sum);
-  axioms.push_back(a3);
+  m_axioms.push_back(a3);
 
   return res;
 }
diff --git a/src/solvers/refinement/string_constraint_generator_indexof.cpp b/src/solvers/refinement/string_constraint_generator_indexof.cpp
index 1dc54698bce..977b9832dbf 100644
--- a/src/solvers/refinement/string_constraint_generator_indexof.cpp
+++ b/src/solvers/refinement/string_constraint_generator_indexof.cpp
@@ -39,22 +39,22 @@ exprt string_constraint_generatort::add_axioms_for_index_of(
   and_exprt a1(
     binary_relation_exprt(index, ID_ge, minus1),
     binary_relation_exprt(index, ID_lt, str.length()));
-  axioms.push_back(a1);
+  m_axioms.push_back(a1);
 
   equal_exprt a2(not_exprt(contains), equal_exprt(index, minus1));
-  axioms.push_back(a2);
+  m_axioms.push_back(a2);
 
   implies_exprt a3(
     contains,
     and_exprt(
       binary_relation_exprt(from_index, ID_le, index),
       equal_exprt(str[index], c)));
-  axioms.push_back(a3);
+  m_axioms.push_back(a3);
 
   symbol_exprt n=fresh_univ_index("QA_index_of", index_type);
   string_constraintt a4(
     n, from_index, index, contains, not_exprt(equal_exprt(str[n], c)));
-  axioms.push_back(a4);
+  m_axioms.push_back(a4);
 
   symbol_exprt m=fresh_univ_index("QA_index_of", index_type);
   string_constraintt a5(
@@ -63,7 +63,7 @@ exprt string_constraint_generatort::add_axioms_for_index_of(
     str.length(),
     not_exprt(contains),
     not_exprt(equal_exprt(str[m], c)));
-  axioms.push_back(a5);
+  m_axioms.push_back(a5);
 
   return index;
 }
@@ -101,12 +101,12 @@ exprt string_constraint_generatort::add_axioms_for_index_of_string(
       binary_relation_exprt(from_index, ID_le, offset),
       binary_relation_exprt(
         offset, ID_le, minus_exprt(haystack.length(), needle.length()))));
-  axioms.push_back(a1);
+  m_axioms.push_back(a1);
 
   equal_exprt a2(
     not_exprt(contains),
     equal_exprt(offset, from_integer(-1, index_type)));
-  axioms.push_back(a2);
+  m_axioms.push_back(a2);
 
   symbol_exprt qvar=fresh_univ_index("QA_index_of_string", index_type);
   string_constraintt a3(
@@ -114,7 +114,7 @@ exprt string_constraint_generatort::add_axioms_for_index_of_string(
     needle.length(),
     contains,
     equal_exprt(haystack[plus_exprt(qvar, offset)], needle[qvar]));
-  axioms.push_back(a3);
+  m_axioms.push_back(a3);
 
   // string_not contains_constraintt are formulas of the form:
   // forall x in [lb,ub[. p(x) => exists y in [lb,ub[. s1[x+y] != s2[y]
@@ -126,7 +126,7 @@ exprt string_constraint_generatort::add_axioms_for_index_of_string(
     needle.length(),
     haystack,
     needle);
-  axioms.push_back(a4);
+  m_axioms.push_back(a4);
 
   string_not_contains_constraintt a5(
     from_index,
@@ -138,7 +138,7 @@ exprt string_constraint_generatort::add_axioms_for_index_of_string(
     needle.length(),
     haystack,
     needle);
-  axioms.push_back(a5);
+  m_axioms.push_back(a5);
 
   return offset;
 }
@@ -181,17 +181,17 @@ exprt string_constraint_generatort::add_axioms_for_last_index_of_string(
       binary_relation_exprt(
         offset, ID_le, minus_exprt(haystack.length(), needle.length())),
       binary_relation_exprt(offset, ID_le, from_index)));
-  axioms.push_back(a1);
+  m_axioms.push_back(a1);
 
   equal_exprt a2(
     not_exprt(contains),
     equal_exprt(offset, from_integer(-1, index_type)));
-  axioms.push_back(a2);
+  m_axioms.push_back(a2);
 
   symbol_exprt qvar=fresh_univ_index("QA_index_of_string", index_type);
   equal_exprt constr3(haystack[plus_exprt(qvar, offset)], needle[qvar]);
   string_constraintt a3(qvar, needle.length(), contains, constr3);
-  axioms.push_back(a3);
+  m_axioms.push_back(a3);
 
   // end_index is min(from_index, |str| - |substring|)
   minus_exprt length_diff(haystack.length(), needle.length());
@@ -208,7 +208,7 @@ exprt string_constraint_generatort::add_axioms_for_last_index_of_string(
     needle.length(),
     haystack,
     needle);
-  axioms.push_back(a4);
+  m_axioms.push_back(a4);
 
   string_not_contains_constraintt a5(
     from_integer(0, index_type),
@@ -218,7 +218,7 @@ exprt string_constraint_generatort::add_axioms_for_last_index_of_string(
     needle.length(),
     haystack,
     needle);
-  axioms.push_back(a5);
+  m_axioms.push_back(a5);
 
   return offset;
 }
@@ -289,17 +289,17 @@ exprt string_constraint_generatort::add_axioms_for_last_index_of(
   and_exprt a1(
     binary_relation_exprt(index, ID_ge, minus1),
     binary_relation_exprt(index, ID_lt, from_index_plus_one));
-  axioms.push_back(a1);
+  m_axioms.push_back(a1);
 
   equal_exprt a2(not_exprt(contains), equal_exprt(index, minus1));
-  axioms.push_back(a2);
+  m_axioms.push_back(a2);
 
   implies_exprt a3(
     contains,
     and_exprt(
       binary_relation_exprt(from_index, ID_ge, index),
       equal_exprt(str[index], c)));
-  axioms.push_back(a3);
+  m_axioms.push_back(a3);
 
   symbol_exprt n=fresh_univ_index("QA_last_index_of1", index_type);
   string_constraintt a4(
@@ -308,7 +308,7 @@ exprt string_constraint_generatort::add_axioms_for_last_index_of(
     from_index_plus_one,
     contains,
     not_exprt(equal_exprt(str[n], c)));
-  axioms.push_back(a4);
+  m_axioms.push_back(a4);
 
   symbol_exprt m=fresh_univ_index("QA_last_index_of2", index_type);
   string_constraintt a5(
@@ -316,7 +316,7 @@ exprt string_constraint_generatort::add_axioms_for_last_index_of(
     from_index_plus_one,
     not_exprt(contains),
     not_exprt(equal_exprt(str[m], c)));
-  axioms.push_back(a5);
+  m_axioms.push_back(a5);
 
   return index;
 }
diff --git a/src/solvers/refinement/string_constraint_generator_main.cpp b/src/solvers/refinement/string_constraint_generator_main.cpp
index e0caa7bed65..f2f623265e2 100644
--- a/src/solvers/refinement/string_constraint_generator_main.cpp
+++ b/src/solvers/refinement/string_constraint_generator_main.cpp
@@ -29,12 +29,12 @@ Author: Romain Brenguier, romain.brenguier@diffblue.com
 string_constraint_generatort::string_constraint_generatort(
   const string_constraint_generatort::infot& info):
   max_string_length(info.string_max_length),
-  force_printable_characters(info.string_printable),
+  m_force_printable_characters(info.string_printable),
   ns(*info.ns) { }
 
 const std::vector<exprt> &string_constraint_generatort::get_axioms() const
 {
-  return this->axioms;
+  return m_axioms;
 }
 
 const std::vector<symbol_exprt>
@@ -52,7 +52,7 @@ const std::vector<symbol_exprt>
 const std::set<string_exprt>
 &string_constraint_generatort::get_created_strings() const
 {
-  return this->created_strings;
+  return m_created_strings;
 }
 
 /// generate constant character expression with character type.
@@ -133,7 +133,7 @@ plus_exprt string_constraint_generatort::plus_exprt_with_overflow_check(
   implies_exprt no_overflow(equal_exprt(neg1, neg2),
                             equal_exprt(neg1, neg_sum));
 
-  axioms.push_back(no_overflow);
+  m_axioms.push_back(no_overflow);
 
   return sum;
 }
@@ -147,7 +147,7 @@ string_exprt string_constraint_generatort::fresh_string(
   symbol_exprt length=fresh_symbol("string_length", type.get_index_type());
   symbol_exprt content=fresh_symbol("string_content", type.get_content_type());
   string_exprt str(length, content, type);
-  created_strings.insert(str);
+  m_created_strings.insert(str);
   add_default_axioms(str);
   return str;
 }
@@ -182,12 +182,12 @@ string_exprt string_constraint_generatort::get_string_expr(const exprt &expr)
 void string_constraint_generatort::add_default_axioms(
   const string_exprt &s)
 {
-  axioms.push_back(
+  m_axioms.push_back(
     s.axiom_for_length_ge(from_integer(0, s.length().type())));
   if(max_string_length!=std::numeric_limits<size_t>::max())
-    axioms.push_back(s.axiom_for_length_le(max_string_length));
+    m_axioms.push_back(s.axiom_for_length_le(max_string_length));
 
-  if(force_printable_characters)
+  if(m_force_printable_characters)
   {
     symbol_exprt qvar=fresh_univ_index("printable", s.length().type());
     exprt chr=s[qvar];
@@ -195,7 +195,7 @@ void string_constraint_generatort::add_default_axioms(
       binary_relation_exprt(chr, ID_ge, from_integer(' ', chr.type())),
       binary_relation_exprt(chr, ID_le, from_integer('~', chr.type())));
     string_constraintt sc(qvar, s.length(), printable);
-    axioms.push_back(sc);
+    m_axioms.push_back(sc);
   }
 }
 
@@ -281,18 +281,18 @@ string_exprt string_constraint_generatort::add_axioms_for_if(
   const typet &index_type=ref_type.get_index_type();
   string_exprt res=fresh_string(ref_type);
 
-  axioms.push_back(
+  m_axioms.push_back(
     implies_exprt(expr.cond(), res.axiom_for_has_same_length_as(t)));
   symbol_exprt qvar=fresh_univ_index("QA_string_if_true", index_type);
   equal_exprt qequal(res[qvar], t[qvar]);
   string_constraintt sc1(qvar, t.length(), implies_exprt(expr.cond(), qequal));
-  axioms.push_back(sc1);
-  axioms.push_back(
+  m_axioms.push_back(sc1);
+  m_axioms.push_back(
     implies_exprt(not_exprt(expr.cond()), res.axiom_for_has_same_length_as(f)));
   symbol_exprt qvar2=fresh_univ_index("QA_string_if_false", index_type);
   equal_exprt qequal2(res[qvar2], f[qvar2]);
   string_constraintt sc2(qvar2, f.length(), or_exprt(expr.cond(), qequal2));
-  axioms.push_back(sc2);
+  m_axioms.push_back(sc2);
   return res;
 }
 
@@ -614,7 +614,7 @@ exprt string_constraint_generatort::add_axioms_for_char_at(
   string_exprt str=get_string_expr(args(f, 2)[0]);
   const refined_string_typet &ref_type=to_refined_string_type(str.type());
   symbol_exprt char_sym=fresh_symbol("char", ref_type.get_char_type());
-  axioms.push_back(equal_exprt(char_sym, str[args(f, 2)[1]]));
+  m_axioms.push_back(equal_exprt(char_sym, str[args(f, 2)[1]]));
   return char_sym;
 }
 
diff --git a/src/solvers/refinement/string_constraint_generator_testing.cpp b/src/solvers/refinement/string_constraint_generator_testing.cpp
index 4aa29969eb7..c11b8ef4263 100644
--- a/src/solvers/refinement/string_constraint_generator_testing.cpp
+++ b/src/solvers/refinement/string_constraint_generator_testing.cpp
@@ -34,7 +34,7 @@ exprt string_constraint_generatort::add_axioms_for_is_prefix(
     isprefix,
     str.axiom_for_length_ge(plus_exprt_with_overflow_check(
       prefix.length(), offset)));
-  axioms.push_back(a1);
+  m_axioms.push_back(a1);
 
   symbol_exprt qvar=fresh_univ_index("QA_isprefix", index_type);
   string_constraintt a2(
@@ -43,7 +43,7 @@ exprt string_constraint_generatort::add_axioms_for_is_prefix(
     isprefix,
     equal_exprt(str[plus_exprt_with_overflow_check(qvar, offset)],
                 prefix[qvar]));
-  axioms.push_back(a2);
+  m_axioms.push_back(a2);
 
   symbol_exprt witness=fresh_exist_index("witness_not_isprefix", index_type);
   and_exprt witness_diff(
@@ -59,7 +59,7 @@ exprt string_constraint_generatort::add_axioms_for_is_prefix(
     witness_diff);
 
   implies_exprt a3(not_exprt(isprefix), s0_notpref_s1);
-  axioms.push_back(a3);
+  m_axioms.push_back(a3);
   return isprefix;
 }
 
@@ -99,8 +99,8 @@ exprt string_constraint_generatort::add_axioms_for_is_empty(
 
   symbol_exprt is_empty=fresh_boolean("is_empty");
   string_exprt s0=get_string_expr(args(f, 1)[0]);
-  axioms.push_back(implies_exprt(is_empty, s0.axiom_for_has_length(0)));
-  axioms.push_back(implies_exprt(s0.axiom_for_has_length(0), is_empty));
+  m_axioms.push_back(implies_exprt(is_empty, s0.axiom_for_has_length(0)));
+  m_axioms.push_back(implies_exprt(s0.axiom_for_has_length(0), is_empty));
   return typecast_exprt(is_empty, f.type());
 }
 
@@ -133,14 +133,14 @@ exprt string_constraint_generatort::add_axioms_for_is_suffix(
   //       &&s1[witness]!=s0[witness + s0.length-s1.length]
 
   implies_exprt a1(issuffix, s1.axiom_for_length_ge(s0));
-  axioms.push_back(a1);
+  m_axioms.push_back(a1);
 
   symbol_exprt qvar=fresh_univ_index("QA_suffix", index_type);
   exprt qvar_shifted=plus_exprt(
     qvar, minus_exprt(s1.length(), s0.length()));
   string_constraintt a2(
     qvar, s0.length(), issuffix, equal_exprt(s0[qvar], s1[qvar_shifted]));
-  axioms.push_back(a2);
+  m_axioms.push_back(a2);
 
   symbol_exprt witness=fresh_exist_index("witness_not_suffix", index_type);
   exprt shifted=plus_exprt(
@@ -155,7 +155,7 @@ exprt string_constraint_generatort::add_axioms_for_is_suffix(
         axiom_for_is_positive_index(witness))));
   implies_exprt a3(not_exprt(issuffix), constr3);
 
-  axioms.push_back(a3);
+  m_axioms.push_back(a3);
   return tc_issuffix;
 }
 
@@ -202,7 +202,7 @@ exprt string_constraint_generatort::add_axioms_for_contains(
   //         exists witness < |s1|. s1[witness] != s0[witness + startpos])
 
   implies_exprt a1(contains, s0.axiom_for_length_ge(s1));
-  axioms.push_back(a1);
+  m_axioms.push_back(a1);
 
   symbol_exprt startpos=fresh_exist_index("startpos_contains", index_type);
   minus_exprt length_diff(s0.length(), s1.length());
@@ -210,18 +210,18 @@ exprt string_constraint_generatort::add_axioms_for_contains(
     axiom_for_is_positive_index(startpos),
     binary_relation_exprt(startpos, ID_le, length_diff));
   implies_exprt a2(contains, bounds);
-  axioms.push_back(a2);
+  m_axioms.push_back(a2);
 
   implies_exprt a3(
     not_exprt(contains),
     equal_exprt(startpos, from_integer(-1, index_type)));
-  axioms.push_back(a3);
+  m_axioms.push_back(a3);
 
   symbol_exprt qvar=fresh_univ_index("QA_contains", index_type);
   exprt qvar_shifted=plus_exprt(qvar, startpos);
   string_constraintt a4(
     qvar, s1.length(), contains, equal_exprt(s1[qvar], s0[qvar_shifted]));
-  axioms.push_back(a4);
+  m_axioms.push_back(a4);
 
   // We rewrite axiom a4 as:
   // forall startpos <= |s0|-|s1|.  (!contains && |s0| >= |s1|)
@@ -234,7 +234,7 @@ exprt string_constraint_generatort::add_axioms_for_contains(
     s1.length(),
     s0,
     s1);
-  axioms.push_back(a5);
+  m_axioms.push_back(a5);
 
   return typecast_exprt(contains, f.type());
 }
diff --git a/src/solvers/refinement/string_constraint_generator_transformation.cpp b/src/solvers/refinement/string_constraint_generator_transformation.cpp
index b2566bab396..5bbbba82c6c 100644
--- a/src/solvers/refinement/string_constraint_generator_transformation.cpp
+++ b/src/solvers/refinement/string_constraint_generator_transformation.cpp
@@ -35,7 +35,7 @@ string_exprt string_constraint_generatort::add_axioms_for_set_length(
   // a2 : forall i<|res|. i < |s1|  ==> res[i] = s1[i]
   // a3 : forall i<|res|. i >= |s1| ==> res[i] = 0
 
-  axioms.push_back(res.axiom_for_has_length(k));
+  m_axioms.push_back(res.axiom_for_has_length(k));
 
   symbol_exprt idx=fresh_univ_index(
     "QA_index_set_length", ref_type.get_index_type());
@@ -44,7 +44,7 @@ string_exprt string_constraint_generatort::add_axioms_for_set_length(
     res.length(),
     s1.axiom_for_length_gt(idx),
     equal_exprt(s1[idx], res[idx]));
-  axioms.push_back(a2);
+  m_axioms.push_back(a2);
 
   symbol_exprt idx2=fresh_univ_index(
     "QA_index_set_length2", ref_type.get_index_type());
@@ -53,7 +53,7 @@ string_exprt string_constraint_generatort::add_axioms_for_set_length(
     res.length(),
     s1.axiom_for_length_le(idx2),
     equal_exprt(res[idx2], constant_char(0, ref_type.get_char_type())));
-  axioms.push_back(a3);
+  m_axioms.push_back(a3);
 
   return res;
 }
@@ -113,21 +113,21 @@ string_exprt string_constraint_generatort::add_axioms_for_substring(
   implies_exprt a1(
     binary_relation_exprt(start, ID_lt, end),
     res.axiom_for_has_length(minus_exprt(end, start)));
-  axioms.push_back(a1);
+  m_axioms.push_back(a1);
 
   exprt is_empty=res.axiom_for_has_length(from_integer(0, index_type));
   implies_exprt a2(binary_relation_exprt(start, ID_ge, end), is_empty);
-  axioms.push_back(a2);
+  m_axioms.push_back(a2);
 
   // Warning: check what to do if the string is not long enough
-  axioms.push_back(str.axiom_for_length_ge(end));
+  m_axioms.push_back(str.axiom_for_length_ge(end));
 
   symbol_exprt idx=fresh_univ_index("QA_index_substring", index_type);
   string_constraintt a4(idx,
                         res.length(),
                         equal_exprt(res[idx],
                         str[plus_exprt(start, idx)]));
-  axioms.push_back(a4);
+  m_axioms.push_back(a4);
   return res;
 }
 
@@ -158,25 +158,25 @@ string_exprt string_constraint_generatort::add_axioms_for_trim(
 
   exprt a1=str.axiom_for_length_ge(
     plus_exprt_with_overflow_check(idx, res.length()));
-  axioms.push_back(a1);
+  m_axioms.push_back(a1);
 
   binary_relation_exprt a2(idx, ID_ge, from_integer(0, index_type));
-  axioms.push_back(a2);
+  m_axioms.push_back(a2);
 
   exprt a3=str.axiom_for_length_ge(idx);
-  axioms.push_back(a3);
+  m_axioms.push_back(a3);
 
   exprt a4=res.axiom_for_length_ge(
     from_integer(0, index_type));
-  axioms.push_back(a4);
+  m_axioms.push_back(a4);
 
   exprt a5=res.axiom_for_length_le(str);
-  axioms.push_back(a5);
+  m_axioms.push_back(a5);
 
   symbol_exprt n=fresh_univ_index("QA_index_trim", index_type);
   binary_relation_exprt non_print(str[n], ID_le, space_char);
   string_constraintt a6(n, idx, non_print);
-  axioms.push_back(a6);
+  m_axioms.push_back(a6);
 
   symbol_exprt n2=fresh_univ_index("QA_index_trim2", index_type);
   minus_exprt bound(str.length(), plus_exprt_with_overflow_check(idx,
@@ -187,12 +187,12 @@ string_exprt string_constraint_generatort::add_axioms_for_trim(
     space_char);
 
   string_constraintt a7(n2, bound, eqn2);
-  axioms.push_back(a7);
+  m_axioms.push_back(a7);
 
   symbol_exprt n3=fresh_univ_index("QA_index_trim3", index_type);
   equal_exprt eqn3(res[n3], str[plus_exprt(n3, idx)]);
   string_constraintt a8(n3, res.length(), eqn3);
-  axioms.push_back(a8);
+  m_axioms.push_back(a8);
 
   minus_exprt index_before(
     plus_exprt_with_overflow_check(idx, res.length()),
@@ -203,7 +203,7 @@ string_exprt string_constraint_generatort::add_axioms_for_trim(
     and_exprt(
       binary_relation_exprt(str[idx], ID_gt, space_char),
       no_space_before));
-  axioms.push_back(a9);
+  m_axioms.push_back(a9);
   return res;
 }
 
@@ -235,7 +235,7 @@ string_exprt string_constraint_generatort::add_axioms_for_to_lower_case(
   // diff = 'a'-'A' = 0x20
 
   exprt a1=res.axiom_for_has_same_length_as(str);
-  axioms.push_back(a1);
+  m_axioms.push_back(a1);
 
   symbol_exprt idx=fresh_univ_index("QA_lower_case", index_type);
   exprt::operandst upper_case;
@@ -268,7 +268,7 @@ string_exprt string_constraint_generatort::add_axioms_for_to_lower_case(
   if_exprt conditional_convert(is_upper_case, converted, non_converted);
 
   string_constraintt a2(idx, res.length(), conditional_convert);
-  axioms.push_back(a2);
+  m_axioms.push_back(a2);
 
   return res;
 }
@@ -299,7 +299,7 @@ string_exprt string_constraint_generatort::add_axioms_for_to_upper_case(
   // axioms, so we use a trivial premise and push our premise into the body.
 
   exprt a1=res.axiom_for_has_same_length_as(str);
-  axioms.push_back(a1);
+  m_axioms.push_back(a1);
 
   symbol_exprt idx1=fresh_univ_index("QA_upper_case1", index_type);
   exprt is_lower_case=and_exprt(
@@ -309,7 +309,7 @@ string_exprt string_constraint_generatort::add_axioms_for_to_upper_case(
   equal_exprt convert(res[idx1], plus_exprt(str[idx1], diff));
   implies_exprt body1(is_lower_case, convert);
   string_constraintt a2(idx1, res.length(), body1);
-  axioms.push_back(a2);
+  m_axioms.push_back(a2);
 
   symbol_exprt idx2=fresh_univ_index("QA_upper_case2", index_type);
   exprt is_not_lower_case=not_exprt(and_exprt(
@@ -318,7 +318,7 @@ string_exprt string_constraint_generatort::add_axioms_for_to_upper_case(
   equal_exprt eq(res[idx2], str[idx2]);
   implies_exprt body2(is_not_lower_case, eq);
   string_constraintt a3(idx2, res.length(), body2);
-  axioms.push_back(a3);
+  m_axioms.push_back(a3);
   return res;
 }
 
@@ -355,7 +355,7 @@ string_exprt string_constraint_generatort::add_axioms_for_char_set(
     and_exprt(
       equal_exprt(res.content(), sarrnew),
       res.axiom_for_has_same_length_as(str)));
-  axioms.push_back(a1);
+  m_axioms.push_back(a1);
   return res;
 }
 
@@ -379,7 +379,7 @@ string_exprt string_constraint_generatort::add_axioms_for_replace(
   //    str[qvar]=oldChar => res[qvar]=newChar
   //    !str[qvar]=oldChar => res[qvar]=str[qvar]
 
-  axioms.push_back(res.axiom_for_has_same_length_as(str));
+  m_axioms.push_back(res.axiom_for_has_same_length_as(str));
 
   symbol_exprt qvar=fresh_univ_index("QA_replace", ref_type.get_index_type());
   implies_exprt case1(
@@ -389,7 +389,7 @@ string_exprt string_constraint_generatort::add_axioms_for_replace(
     not_exprt(equal_exprt(str[qvar], old_char)),
     equal_exprt(res[qvar], str[qvar]));
   string_constraintt a2(qvar, res.length(), and_exprt(case1, case2));
-  axioms.push_back(a2);
+  m_axioms.push_back(a2);
   return res;
 }
 
diff --git a/src/solvers/refinement/string_constraint_generator_valueof.cpp b/src/solvers/refinement/string_constraint_generator_valueof.cpp
index 850e45ca281..3d8b4c6bccb 100644
--- a/src/solvers/refinement/string_constraint_generator_valueof.cpp
+++ b/src/solvers/refinement/string_constraint_generator_valueof.cpp
@@ -94,24 +94,24 @@ string_exprt string_constraint_generatort::add_axioms_from_bool(
 
   std::string str_true="true";
   implies_exprt a1(eq, res.axiom_for_has_length(str_true.length()));
-  axioms.push_back(a1);
+  m_axioms.push_back(a1);
 
   for(std::size_t i=0; i<str_true.length(); i++)
   {
     exprt chr=from_integer(str_true[i], char_type);
     implies_exprt a2(eq, equal_exprt(res[i], chr));
-    axioms.push_back(a2);
+    m_axioms.push_back(a2);
   }
 
   std::string str_false="false";
   implies_exprt a3(not_exprt(eq), res.axiom_for_has_length(str_false.length()));
-  axioms.push_back(a3);
+  m_axioms.push_back(a3);
 
   for(std::size_t i=0; i<str_false.length(); i++)
   {
     exprt chr=from_integer(str_false[i], char_type);
     implies_exprt a4(not_exprt(eq), equal_exprt(res[i], chr));
-    axioms.push_back(a4);
+    m_axioms.push_back(a4);
   }
 
   return res;
@@ -221,7 +221,7 @@ string_exprt string_constraint_generatort::add_axioms_from_int_hex(
   exprt f_char=constant_char('f', char_type);
 
   size_t max_size=8;
-  axioms.push_back(
+  m_axioms.push_back(
     and_exprt(res.axiom_for_length_gt(0),
               res.axiom_for_length_le(max_size)));
 
@@ -247,12 +247,12 @@ string_exprt string_constraint_generatort::add_axioms_from_int_hex(
     }
 
     equal_exprt premise(res.axiom_for_has_length(size));
-    axioms.push_back(
+    m_axioms.push_back(
       implies_exprt(premise, and_exprt(equal_exprt(i, sum), all_numbers)));
 
     // disallow 0s at the beginning
     if(size>1)
-      axioms.push_back(
+      m_axioms.push_back(
         implies_exprt(premise, not_exprt(equal_exprt(res[0], zero_char))));
   }
   return res;
@@ -288,7 +288,7 @@ string_exprt string_constraint_generatort::add_axioms_from_char(
 {
   string_exprt res=fresh_string(ref_type);
   and_exprt lemma(equal_exprt(res[0], c), res.axiom_for_has_length(1));
-  axioms.push_back(lemma);
+  m_axioms.push_back(lemma);
   return res;
 }
 
@@ -323,30 +323,30 @@ void string_constraint_generatort::add_axioms_for_correct_number_format(
 
   // |str| > 0
   const exprt non_empty=str.axiom_for_length_ge(from_integer(1, index_type));
-  axioms.push_back(non_empty);
+  m_axioms.push_back(non_empty);
 
   if(strict_formatting)
   {
     // str[0] = '-' || is_digit_with_radix(str[0], radix)
     const or_exprt correct_first(starts_with_minus, starts_with_digit);
-    axioms.push_back(correct_first);
+    m_axioms.push_back(correct_first);
   }
   else
   {
     // str[0] = '-' || str[0] = '+' || is_digit_with_radix(str[0], radix)
     const or_exprt correct_first(
       starts_with_minus, starts_with_digit, starts_with_plus);
-    axioms.push_back(correct_first);
+    m_axioms.push_back(correct_first);
   }
 
   // str[0]='+' or '-' ==> |str| > 1
   const implies_exprt contains_digit(
     or_exprt(starts_with_minus, starts_with_plus),
     str.axiom_for_length_ge(from_integer(2, index_type)));
-  axioms.push_back(contains_digit);
+  m_axioms.push_back(contains_digit);
 
   // |str| <= max_size
-  axioms.push_back(str.axiom_for_length_le(max_size));
+  m_axioms.push_back(str.axiom_for_length_le(max_size));
 
   // forall 1 <= i < |str| . is_digit_with_radix(str[i], radix)
   // We unfold the above because we know that it will be used for all i up to
@@ -358,7 +358,7 @@ void string_constraint_generatort::add_axioms_for_correct_number_format(
       str.axiom_for_length_ge(from_integer(index+1, index_type)),
       is_digit_with_radix(
         str[index], strict_formatting, radix_as_char, radix_ul));
-    axioms.push_back(character_at_index_is_digit);
+    m_axioms.push_back(character_at_index_is_digit);
   }
 
   if(strict_formatting)
@@ -369,12 +369,12 @@ void string_constraint_generatort::add_axioms_for_correct_number_format(
     const implies_exprt no_leading_zero(
       equal_exprt(chr, zero_char),
       str.axiom_for_has_length(from_integer(1, index_type)));
-    axioms.push_back(no_leading_zero);
+    m_axioms.push_back(no_leading_zero);
 
     // no_leading_zero_after_minus : str[0]='-' => str[1]!='0'
     implies_exprt no_leading_zero_after_minus(
       starts_with_minus, not_exprt(equal_exprt(str[1], zero_char)));
-    axioms.push_back(no_leading_zero_after_minus);
+    m_axioms.push_back(no_leading_zero_after_minus);
   }
 }
 
@@ -412,7 +412,7 @@ void string_constraint_generatort::add_axioms_for_characters_in_integer_string(
   /// Deal with size==1 case separately. There are axioms from
   /// add_axioms_for_correct_number_format which say that the string must
   /// contain at least one digit, so we don't have to worry about "+" or "-".
-  axioms.push_back(
+  m_axioms.push_back(
     implies_exprt(str.axiom_for_has_length(1), equal_exprt(input_int, sum)));
 
   for(size_t size=2; size<=max_string_length; size++)
@@ -456,18 +456,18 @@ void string_constraint_generatort::add_axioms_for_characters_in_integer_string(
     if(!digit_constraints.empty())
     {
       const implies_exprt a5(premise, conjunction(digit_constraints));
-      axioms.push_back(a5);
+      m_axioms.push_back(a5);
     }
 
     const implies_exprt a6(
       and_exprt(premise, not_exprt(starts_with_minus)),
       equal_exprt(input_int, sum));
-    axioms.push_back(a6);
+    m_axioms.push_back(a6);
 
     const implies_exprt a7(
       and_exprt(premise, starts_with_minus),
       equal_exprt(input_int, unary_minus_exprt(sum)));
-    axioms.push_back(a7);
+    m_axioms.push_back(a7);
   }
 }
 

From e5c45a5b84273a37423b042be4c8a11a4486a716 Mon Sep 17 00:00:00 2001
From: "Lukasz A.J. Wrona" <lukasz.andrzej.wrona@gmail.com>
Date: Sat, 26 Aug 2017 22:54:58 +0100
Subject: [PATCH 687/699] Prefix all generator member variables with "m_"

---
 .../refinement/string_constraint_generator.h  | 17 ++++++--------
 ...string_constraint_generator_comparison.cpp | 10 ++++-----
 .../string_constraint_generator_main.cpp      | 22 +++++++++----------
 .../string_constraint_generator_valueof.cpp   |  2 +-
 4 files changed, 24 insertions(+), 27 deletions(-)

diff --git a/src/solvers/refinement/string_constraint_generator.h b/src/solvers/refinement/string_constraint_generator.h
index 885e40497f3..525f54174c3 100644
--- a/src/solvers/refinement/string_constraint_generator.h
+++ b/src/solvers/refinement/string_constraint_generator.h
@@ -350,20 +350,17 @@ class string_constraint_generatort final
   const bool m_force_printable_characters;
 
   std::vector<exprt> m_axioms;
-  std::map<irep_idt, string_exprt> unresolved_symbols;
-  std::vector<symbol_exprt> boolean_symbols;
-  std::vector<symbol_exprt> index_symbols;
-  std::map<function_application_exprt, exprt> function_application_cache;
-  const namespacet ns;
+  std::map<irep_idt, string_exprt> m_unresolved_symbols;
+  std::vector<symbol_exprt> m_boolean_symbols;
+  std::vector<symbol_exprt> m_index_symbols;
+  std::map<function_application_exprt, exprt> m_function_application_cache;
+  const namespacet m_ns;
   // To each string on which hash_code was called we associate a symbol
   // representing the return value of the hash_code function.
-  std::map<string_exprt, exprt> hash_code_of_string;
+  std::map<string_exprt, exprt> m_hash_code_of_string;
 
   // Pool used for the intern method
-  std::map<string_exprt, symbol_exprt> intern_of_string;
-
-  // Tells which language is used. C and Java are supported
-  irep_idt mode;
+  std::map<string_exprt, symbol_exprt> m_intern_of_string;
 };
 
 exprt is_digit_with_radix(
diff --git a/src/solvers/refinement/string_constraint_generator_comparison.cpp b/src/solvers/refinement/string_constraint_generator_comparison.cpp
index 3e81a742417..7bc276cd24a 100644
--- a/src/solvers/refinement/string_constraint_generator_comparison.cpp
+++ b/src/solvers/refinement/string_constraint_generator_comparison.cpp
@@ -155,7 +155,7 @@ exprt string_constraint_generatort::add_axioms_for_hash_code(
   typet return_type=f.type();
   typet index_type=str.length().type();
 
-  auto pair=hash_code_of_string.insert(
+  auto pair=m_hash_code_of_string.insert(
     std::make_pair(str, fresh_symbol("hash", return_type)));
   exprt hash=pair.first->second;
 
@@ -165,7 +165,7 @@ exprt string_constraint_generatort::add_axioms_for_hash_code(
   //   c3: (|str|==|s| && exists i<|s|. s[i]!=str[i])
 
   // WARNING: the specification may be incomplete
-  for(auto it : hash_code_of_string)
+  for(auto it : m_hash_code_of_string)
   {
     symbol_exprt i=fresh_exist_index("index_hash", index_type);
     equal_exprt c1(it.second, hash);
@@ -265,7 +265,7 @@ symbol_exprt string_constraint_generatort::add_axioms_for_intern(
 
   typet index_type=str.length().type();
 
-  auto pair=intern_of_string.insert(
+  auto pair=m_intern_of_string.insert(
     std::make_pair(str, fresh_symbol("pool", return_type)));
   symbol_exprt intern=pair.first->second;
 
@@ -275,7 +275,7 @@ symbol_exprt string_constraint_generatort::add_axioms_for_intern(
   //    || (|str|==|s| &&exists i<|s|. s[i]!=str[i])
 
   exprt disj=false_exprt();
-  for(auto it : intern_of_string)
+  for(auto it : m_intern_of_string)
     disj=or_exprt(
       disj, equal_exprt(intern, it.second));
 
@@ -283,7 +283,7 @@ symbol_exprt string_constraint_generatort::add_axioms_for_intern(
 
 
   // WARNING: the specification may be incomplete or incorrect
-  for(auto it : intern_of_string)
+  for(auto it : m_intern_of_string)
     if(it.second!=str)
     {
       symbol_exprt i=fresh_exist_index("index_intern", index_type);
diff --git a/src/solvers/refinement/string_constraint_generator_main.cpp b/src/solvers/refinement/string_constraint_generator_main.cpp
index f2f623265e2..b1d8856c0c4 100644
--- a/src/solvers/refinement/string_constraint_generator_main.cpp
+++ b/src/solvers/refinement/string_constraint_generator_main.cpp
@@ -30,7 +30,7 @@ string_constraint_generatort::string_constraint_generatort(
   const string_constraint_generatort::infot& info):
   max_string_length(info.string_max_length),
   m_force_printable_characters(info.string_printable),
-  ns(*info.ns) { }
+  m_ns(*info.ns) { }
 
 const std::vector<exprt> &string_constraint_generatort::get_axioms() const
 {
@@ -40,13 +40,13 @@ const std::vector<exprt> &string_constraint_generatort::get_axioms() const
 const std::vector<symbol_exprt>
 &string_constraint_generatort::get_index_symbols() const
 {
-  return this->index_symbols;
+  return m_index_symbols;
 }
 
 const std::vector<symbol_exprt>
 &string_constraint_generatort::get_boolean_symbols() const
 {
-  return this->boolean_symbols;
+  return m_boolean_symbols;
 }
 
 const std::set<string_exprt>
@@ -96,7 +96,7 @@ symbol_exprt string_constraint_generatort::fresh_exist_index(
   const irep_idt &prefix, const typet &type)
 {
   symbol_exprt s=fresh_symbol(prefix, type);
-  index_symbols.push_back(s);
+  m_index_symbols.push_back(s);
   return s;
 }
 
@@ -107,7 +107,7 @@ symbol_exprt string_constraint_generatort::fresh_boolean(
   const irep_idt &prefix)
 {
   symbol_exprt b=fresh_symbol(prefix, bool_typet());
-  boolean_symbols.push_back(b);
+  m_boolean_symbols.push_back(b);
   return b;
 }
 
@@ -307,7 +307,7 @@ string_exprt string_constraint_generatort::find_or_add_string_of_symbol(
 {
   irep_idt id=sym.get_identifier();
   string_exprt str=fresh_string(ref_type);
-  auto entry=unresolved_symbols.insert(std::make_pair(id, str));
+  auto entry=m_unresolved_symbols.insert(std::make_pair(id, str));
   return entry.first->second;
 }
 
@@ -336,7 +336,7 @@ exprt string_constraint_generatort::add_axioms_for_function_application(
     new_expr.function()=symbol_exprt(str_id.substr(0, pos+4));
     new_expr.type()=refined_string_typet(java_int_type(), java_char_type());
 
-    auto res_it=function_application_cache.insert(std::make_pair(new_expr,
+    auto res_it=m_function_application_cache.insert(std::make_pair(new_expr,
                                                                  nil_exprt()));
     if(res_it.second)
     {
@@ -356,7 +356,7 @@ exprt string_constraint_generatort::add_axioms_for_function_application(
     new_expr.function()=symbol_exprt(str_id.substr(0, pos+4));
     new_expr.type()=refined_string_typet(java_int_type(), java_char_type());
 
-    auto res_it=function_application_cache.insert(std::make_pair(new_expr,
+    auto res_it=m_function_application_cache.insert(std::make_pair(new_expr,
                                                                  nil_exprt()));
     if(res_it.second)
     {
@@ -372,8 +372,8 @@ exprt string_constraint_generatort::add_axioms_for_function_application(
   // TODO: improve efficiency of this test by either ordering test by frequency
   // or using a map
 
-  auto res_it=function_application_cache.find(expr);
-  if(res_it!=function_application_cache.end() && res_it->second!=nil_exprt())
+  auto res_it=m_function_application_cache.find(expr);
+  if(res_it!=m_function_application_cache.end() && res_it->second!=nil_exprt())
     return res_it->second;
 
   exprt res;
@@ -503,7 +503,7 @@ exprt string_constraint_generatort::add_axioms_for_function_application(
     msg+=id2string(id);
     DATA_INVARIANT(false, string_refinement_invariantt(msg));
   }
-  function_application_cache[expr]=res;
+  m_function_application_cache[expr]=res;
   return res;
 }
 
diff --git a/src/solvers/refinement/string_constraint_generator_valueof.cpp b/src/solvers/refinement/string_constraint_generator_valueof.cpp
index 3d8b4c6bccb..f54a821f623 100644
--- a/src/solvers/refinement/string_constraint_generator_valueof.cpp
+++ b/src/solvers/refinement/string_constraint_generator_valueof.cpp
@@ -530,7 +530,7 @@ unsigned long string_constraint_generatort::to_integer_or_default(
   const exprt &expr, unsigned long def)
 {
   mp_integer mp_radix;
-  bool to_integer_failed=to_integer(simplify_expr(expr, ns), mp_radix);
+  bool to_integer_failed=to_integer(simplify_expr(expr, m_ns), mp_radix);
   return to_integer_failed?def:integer2ulong(mp_radix);
 }
 

From 1282d03a7d256263b3a73099ee152ce1b12b6c23 Mon Sep 17 00:00:00 2001
From: "Lukasz A.J. Wrona" <lukasz.andrzej.wrona@gmail.com>
Date: Tue, 29 Aug 2017 16:17:57 +0100
Subject: [PATCH 688/699] Update unit tests with new constructors

---
 .../refinement/string_constraint_generator.h  |  4 +--
 .../instantiate_not_contains.cpp              | 32 +++++++++++++++----
 2 files changed, 27 insertions(+), 9 deletions(-)

diff --git a/src/solvers/refinement/string_constraint_generator.h b/src/solvers/refinement/string_constraint_generator.h
index 525f54174c3..40fae5e19ab 100644
--- a/src/solvers/refinement/string_constraint_generator.h
+++ b/src/solvers/refinement/string_constraint_generator.h
@@ -79,9 +79,9 @@ class string_constraint_generatort final
   exprt add_axioms_for_function_application(
     const function_application_exprt &expr);
 
-private:
-
   symbol_exprt fresh_exist_index(const irep_idt &prefix, const typet &type);
+
+private:
   symbol_exprt fresh_boolean(const irep_idt &prefix);
   string_exprt fresh_string(const refined_string_typet &type);
   string_exprt get_string_expr(const exprt &expr);
diff --git a/unit/solvers/refinement/string_constraint_instantiation/instantiate_not_contains.cpp b/unit/solvers/refinement/string_constraint_instantiation/instantiate_not_contains.cpp
index c48b512f09d..8f064d946f6 100644
--- a/unit/solvers/refinement/string_constraint_instantiation/instantiate_not_contains.cpp
+++ b/unit/solvers/refinement/string_constraint_instantiation/instantiate_not_contains.cpp
@@ -119,7 +119,12 @@ std::string create_info(std::vector<exprt> &lemmas, const namespacet &ns)
 decision_proceduret::resultt check_sat(const exprt &expr, const namespacet &ns)
 {
   satcheck_no_simplifiert sat_check;
-  bv_refinementt solver(ns, sat_check);
+  bv_refinementt::infot info;
+  info.ns=&ns;
+  info.prop=&sat_check;
+  const auto ui = language_uit::uit::PLAIN;
+  info.ui=&ui;
+  bv_refinementt solver(info);
   solver << expr;
   return solver();
 }
@@ -148,7 +153,9 @@ SCENARIO("instantiate_not_contains",
     // Generating the corresponding axioms and simplifying, recording info
     symbol_tablet symtab;
     namespacet empty_ns(symtab);
-    string_constraint_generatort generator(empty_ns);
+    string_constraint_generatort::infot info;
+    info.ns=&empty_ns;
+    string_constraint_generatort generator(info);
     exprt res=generator.add_axioms_for_function_application(func);
     std::string axioms;
     std::vector<string_not_contains_constraintt> nc_axioms;
@@ -234,7 +241,9 @@ SCENARIO("instantiate_not_contains",
     // Create witness for axiom
     symbol_tablet symtab;
     namespacet empty_ns(symtab);
-    string_constraint_generatort generator(empty_ns);
+    string_constraint_generatort::infot info;
+    info.ns=&empty_ns;
+    string_constraint_generatort generator(info);
     generator.witness[vacuous]=
       generator.fresh_symbol("w", t.witness_type());
 
@@ -291,7 +300,9 @@ SCENARIO("instantiate_not_contains",
     // Create witness for axiom
     symbol_tablet symtab;
     namespacet ns(symtab);
-    string_constraint_generatort generator(ns);
+    string_constraint_generatort::infot info;
+    info.ns=&ns;
+    string_constraint_generatort generator(info);
     generator.witness[trivial]=
       generator.fresh_symbol("w", t.witness_type());
 
@@ -349,7 +360,9 @@ SCENARIO("instantiate_not_contains",
     // Create witness for axiom
     symbol_tablet symtab;
     namespacet empty_ns(symtab);
-    string_constraint_generatort generator(empty_ns);
+    string_constraint_generatort::infot info;
+    info.ns=&empty_ns;
+    string_constraint_generatort generator(info);
     generator.witness[trivial]=
       generator.fresh_symbol("w", t.witness_type());
 
@@ -408,7 +421,10 @@ SCENARIO("instantiate_not_contains",
     // Create witness for axiom
     symbol_tablet symtab;
     namespacet empty_ns(symtab);
-    string_constraint_generatort generator(empty_ns);
+
+    string_constraint_generatort::infot info;
+    info.ns=&empty_ns;
+    string_constraint_generatort generator(info);
     generator.witness[trivial]=
       generator.fresh_symbol("w", t.witness_type());
 
@@ -466,7 +482,9 @@ SCENARIO("instantiate_not_contains",
     // Create witness for axiom
     symbol_tablet symtab;
     namespacet empty_ns(symtab);
-    string_constraint_generatort generator(empty_ns);
+    string_constraint_generatort::infot info;
+    info.ns=&empty_ns;
+    string_constraint_generatort generator(info);
     generator.witness[trivial]=
       generator.fresh_symbol("w", t.witness_type());
 

From 40871878c880d898fffa84e1ba9339af93d6acbb Mon Sep 17 00:00:00 2001
From: "Lukasz A.J. Wrona" <lukasz.andrzej.wrona@gmail.com>
Date: Tue, 29 Aug 2017 16:14:06 +0100
Subject: [PATCH 689/699] Don't pass language_uit::uit as a pointer

---
 src/cbmc/cbmc_solvers.cpp                                     | 4 ++--
 src/solvers/refinement/bv_refinement.h                        | 2 +-
 src/solvers/refinement/bv_refinement_loop.cpp                 | 2 +-
 src/solvers/refinement/string_refinement.cpp                  | 3 +--
 src/solvers/refinement/string_refinement.h                    | 2 +-
 .../instantiate_not_contains.cpp                              | 4 ++--
 6 files changed, 8 insertions(+), 9 deletions(-)

diff --git a/src/cbmc/cbmc_solvers.cpp b/src/cbmc/cbmc_solvers.cpp
index bb45db31698..d98b8b3dcca 100644
--- a/src/cbmc/cbmc_solvers.cpp
+++ b/src/cbmc/cbmc_solvers.cpp
@@ -149,7 +149,7 @@ std::unique_ptr<cbmc_solverst::solvert> cbmc_solverst::get_bv_refinement()
   bv_refinementt::infot info;
   info.ns=&ns;
   info.prop=prop.get();
-  info.ui=&ui;
+  info.ui=ui;
 
   // we allow setting some parameters
   if(options.get_bool_option("max-node-refinement"))
@@ -175,7 +175,7 @@ std::unique_ptr<cbmc_solverst::solvert> cbmc_solverst::get_string_refinement()
   prop->set_message_handler(get_message_handler());
   info.prop=prop.get();
   info.refinement_bound=MAX_NB_REFINEMENT;
-  info.ui=&ui;
+  info.ui=ui;
   if(options.get_bool_option("string-max-length"))
     info.string_max_length=options.get_signed_int_option("string-max-length");
   info.string_non_empty=options.get_bool_option("string-non-empty");
diff --git a/src/solvers/refinement/bv_refinement.h b/src/solvers/refinement/bv_refinement.h
index 4ba483f79ea..17fc63ff728 100644
--- a/src/solvers/refinement/bv_refinement.h
+++ b/src/solvers/refinement/bv_refinement.h
@@ -25,7 +25,7 @@ class bv_refinementt:public bv_pointerst
   {
     const namespacet *ns=nullptr;
     propt *prop=nullptr;
-    const language_uit::uit *ui=nullptr;
+    language_uit::uit ui=language_uit::uit::PLAIN;
     /// Max number of times we refine a formula node
     unsigned max_node_refinement=5;
     /// Enable array refinement
diff --git a/src/solvers/refinement/bv_refinement_loop.cpp b/src/solvers/refinement/bv_refinement_loop.cpp
index 9deb5508076..4e96ac8e82a 100644
--- a/src/solvers/refinement/bv_refinement_loop.cpp
+++ b/src/solvers/refinement/bv_refinement_loop.cpp
@@ -18,7 +18,7 @@ bv_refinementt::bv_refinementt(const infot &info):
   do_array_refinement(info.refine_arrays),
   do_arithmetic_refinement(info.refine_arithmetic),
   progress(false),
-  ui(*info.ui)
+  ui(info.ui)
 {
   // check features we need
   PRECONDITION(prop.has_set_assumptions());
diff --git a/src/solvers/refinement/string_refinement.cpp b/src/solvers/refinement/string_refinement.cpp
index 65a38bd7c0b..608b70212aa 100644
--- a/src/solvers/refinement/string_refinement.cpp
+++ b/src/solvers/refinement/string_refinement.cpp
@@ -38,7 +38,6 @@ static bool validate(const string_refinementt::infot &info)
 {
   PRECONDITION(info.ns);
   PRECONDITION(info.prop);
-  PRECONDITION(info.ui);
   return true;
 }
 
@@ -1764,7 +1763,7 @@ bool string_refinementt::is_axiom_sat(
   info.refine_arithmetic=true;
   info.refine_arrays=true;
   info.max_node_refinement=5;
-  info.ui=&ui;
+  info.ui=ui;
   supert solver(info);
   solver << axiom;
 
diff --git a/src/solvers/refinement/string_refinement.h b/src/solvers/refinement/string_refinement.h
index 0d3884e6340..ccb082a8878 100644
--- a/src/solvers/refinement/string_refinement.h
+++ b/src/solvers/refinement/string_refinement.h
@@ -36,7 +36,7 @@ class string_refinementt final: public bv_refinementt
   {
     const namespacet *ns=nullptr;
     propt *prop=nullptr;
-    const language_uit::uit *ui=nullptr;
+    language_uit::uit ui=language_uit::uit::PLAIN;
     unsigned refinement_bound=0;
     size_t string_max_length=std::numeric_limits<size_t>::max();
     /// Make non-deterministic character arrays have at least one character
diff --git a/unit/solvers/refinement/string_constraint_instantiation/instantiate_not_contains.cpp b/unit/solvers/refinement/string_constraint_instantiation/instantiate_not_contains.cpp
index 8f064d946f6..48cf3ed8e27 100644
--- a/unit/solvers/refinement/string_constraint_instantiation/instantiate_not_contains.cpp
+++ b/unit/solvers/refinement/string_constraint_instantiation/instantiate_not_contains.cpp
@@ -122,8 +122,8 @@ decision_proceduret::resultt check_sat(const exprt &expr, const namespacet &ns)
   bv_refinementt::infot info;
   info.ns=&ns;
   info.prop=&sat_check;
-  const auto ui = language_uit::uit::PLAIN;
-  info.ui=&ui;
+  const auto ui=language_uit::uit::PLAIN;
+  info.ui=ui;
   bv_refinementt solver(info);
   solver << expr;
   return solver();

From 83a29dc09f1ea56bd8cd55952f81269bad20b5dd Mon Sep 17 00:00:00 2001
From: "Lukasz A.J. Wrona" <lukasz.andrzej.wrona@gmail.com>
Date: Tue, 29 Aug 2017 16:30:21 +0100
Subject: [PATCH 690/699] Fix linter errors

---
 src/solvers/refinement/bv_refinement.h                       | 2 +-
 .../refinement/string_constraint_generator_format.cpp        | 5 +++--
 .../calculate_max_string_length.cpp                          | 3 ++-
 3 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/src/solvers/refinement/bv_refinement.h b/src/solvers/refinement/bv_refinement.h
index 17fc63ff728..d8c5931400b 100644
--- a/src/solvers/refinement/bv_refinement.h
+++ b/src/solvers/refinement/bv_refinement.h
@@ -34,7 +34,7 @@ class bv_refinementt:public bv_pointerst
     bool refine_arithmetic=true;
   };
 
-  bv_refinementt(const infot &info);
+  explicit bv_refinementt(const infot &info);
 
   decision_proceduret::resultt dec_solve() override;
 
diff --git a/src/solvers/refinement/string_constraint_generator_format.cpp b/src/solvers/refinement/string_constraint_generator_format.cpp
index fdfff031d9a..ae672e6a01c 100644
--- a/src/solvers/refinement/string_constraint_generator_format.cpp
+++ b/src/solvers/refinement/string_constraint_generator_format.cpp
@@ -434,8 +434,9 @@ string_exprt string_constraint_generatort::add_axioms_for_format(
   }
   else
   {
-    m_message.warning() << "ignoring format function with non constant first argument"
-              << m_message.eom;
+    m_message.warning()
+      << "ignoring format function with non constant first argument"
+      << m_message.eom;
     return fresh_string(ref_type);
   }
 }
diff --git a/unit/solvers/refinement/string_constraint_generator_valueof/calculate_max_string_length.cpp b/unit/solvers/refinement/string_constraint_generator_valueof/calculate_max_string_length.cpp
index 3f84064470f..82a636a9052 100644
--- a/unit/solvers/refinement/string_constraint_generator_valueof/calculate_max_string_length.cpp
+++ b/unit/solvers/refinement/string_constraint_generator_valueof/calculate_max_string_length.cpp
@@ -109,7 +109,8 @@ SCENARIO("calculate_max_string_length",
   "[core][solvers][refinement][string_constraint_generator_valueof]")
 {
   const unsigned long radixes[]={2, 8, 10, 16};
-  const typet int_types[]={
+  const typet int_types[]=
+  {
     signedbv_typet(32),
     unsignedbv_typet(32),
     signedbv_typet(64),

From 107704a1aab3bdb5320b9a034aea4e50a38c4c73 Mon Sep 17 00:00:00 2001
From: "Lukasz A.J. Wrona" <lukasz.andrzej.wrona@gmail.com>
Date: Tue, 29 Aug 2017 17:07:58 +0100
Subject: [PATCH 691/699] Fix is_in_conflict with conflict override

---
 src/solvers/refinement/bv_refinement.h       | 2 +-
 src/solvers/refinement/refine_arithmetic.cpp | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/solvers/refinement/bv_refinement.h b/src/solvers/refinement/bv_refinement.h
index d8c5931400b..1f7b1c1f85e 100644
--- a/src/solvers/refinement/bv_refinement.h
+++ b/src/solvers/refinement/bv_refinement.h
@@ -93,7 +93,7 @@ class bv_refinementt:public bv_pointerst
 
   resultt prop_solve();
   approximationt &add_approximation(const exprt &expr, bvt &bv);
-  bool is_in_conflict(approximationt &approximation);
+  bool conflicts_with(approximationt &approximation);
   void check_SAT(approximationt &approximation);
   void check_UNSAT(approximationt &approximation);
   void initialize(approximationt &approximation);
diff --git a/src/solvers/refinement/refine_arithmetic.cpp b/src/solvers/refinement/refine_arithmetic.cpp
index 45a065a64ee..2a6627a34e3 100644
--- a/src/solvers/refinement/refine_arithmetic.cpp
+++ b/src/solvers/refinement/refine_arithmetic.cpp
@@ -373,7 +373,7 @@ void bv_refinementt::check_SAT(approximationt &a)
 void bv_refinementt::check_UNSAT(approximationt &a)
 {
   // part of the conflict?
-  if(!is_in_conflict(a))
+  if(!this->conflicts_with(a))
     return;
 
   status() << "Found assumption for `" << a.as_string()
@@ -458,7 +458,7 @@ void bv_refinementt::check_UNSAT(approximationt &a)
 }
 
 /// check if an under-approximation is part of the conflict
-bool bv_refinementt::is_in_conflict(approximationt &a)
+bool bv_refinementt::conflicts_with(approximationt &a)
 {
   for(std::size_t i=0; i<a.under_assumptions.size(); i++)
     if(prop.is_in_conflict(a.under_assumptions[i]))

From fd59d4726f5998b541a0716b4aeba0f6d27c2e82 Mon Sep 17 00:00:00 2001
From: "Lukasz A.J. Wrona" <lukasz.andrzej.wrona@gmail.com>
Date: Tue, 29 Aug 2017 17:14:15 +0100
Subject: [PATCH 692/699] Preprocess constexpr

---
 .../refinement/string_constraint_generator.h       | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/src/solvers/refinement/string_constraint_generator.h b/src/solvers/refinement/string_constraint_generator.h
index 40fae5e19ab..2a7d3e2822b 100644
--- a/src/solvers/refinement/string_constraint_generator.h
+++ b/src/solvers/refinement/string_constraint_generator.h
@@ -26,6 +26,12 @@ Author: Romain Brenguier, romain.brenguier@diffblue.com
 #include <util/refined_string_type.h>
 #include <solvers/refinement/string_constraint.h>
 
+#if defined(__GNUC__) || defined(__clang__)
+#define CBMC_CONSTEXPR constexpr
+#else
+#define CBMC_CONSTEXPR
+#endif
+
 class string_constraint_generatort final
 {
 public:
@@ -340,10 +346,10 @@ class string_constraint_generatort final
   // that is -2147483648 so takes 11 characters to write.
   // The long with the longest string is Long.MIN_VALUE which is -2^63,
   // approximately -9.223372037*10^18 so takes 20 characters to write.
-  constexpr static const std::size_t MAX_INTEGER_LENGTH=11;
-  constexpr static const std::size_t MAX_LONG_LENGTH=20;
-  constexpr static const std::size_t MAX_FLOAT_LENGTH=15;
-  constexpr static const std::size_t MAX_DOUBLE_LENGTH=30;
+  CBMC_CONSTEXPR static const std::size_t MAX_INTEGER_LENGTH=11;
+  CBMC_CONSTEXPR static const std::size_t MAX_LONG_LENGTH=20;
+  CBMC_CONSTEXPR static const std::size_t MAX_FLOAT_LENGTH=15;
+  CBMC_CONSTEXPR static const std::size_t MAX_DOUBLE_LENGTH=30;
   std::set<string_exprt> m_created_strings;
   unsigned m_symbol_count=0;
   const messaget m_message;

From acaad4fd2e8b386307af9afca7e9d342886a2000 Mon Sep 17 00:00:00 2001
From: "Lukasz A.J. Wrona" <lukasz.andrzej.wrona@gmail.com>
Date: Wed, 30 Aug 2017 11:22:24 +0100
Subject: [PATCH 693/699] Remove dead bv_refinementt::set_to

---
 src/solvers/refinement/bv_refinement.h        |  2 --
 src/solvers/refinement/bv_refinement_loop.cpp | 18 ------------------
 2 files changed, 20 deletions(-)

diff --git a/src/solvers/refinement/bv_refinement.h b/src/solvers/refinement/bv_refinement.h
index 1f7b1c1f85e..6d4fb84db95 100644
--- a/src/solvers/refinement/bv_refinement.h
+++ b/src/solvers/refinement/bv_refinement.h
@@ -54,8 +54,6 @@ class bv_refinementt:public bv_pointerst
   bvt convert_mod(const mod_exprt &expr) override;
   bvt convert_floatbv_op(const exprt &expr) override;
 
-  // Collect stats
-  void set_to(const exprt &expr, bool value) override;
   void set_assumptions(const bvt &_assumptions) override;
 
 private:
diff --git a/src/solvers/refinement/bv_refinement_loop.cpp b/src/solvers/refinement/bv_refinement_loop.cpp
index 4e96ac8e82a..e3ac990b3a4 100644
--- a/src/solvers/refinement/bv_refinement_loop.cpp
+++ b/src/solvers/refinement/bv_refinement_loop.cpp
@@ -133,24 +133,6 @@ void bv_refinementt::check_UNSAT()
     check_UNSAT(approximation);
 }
 
-void bv_refinementt::set_to(const exprt &expr, bool value)
-{
-  #if 0
-  unsigned prev=prop.no_variables();
-  SUB::set_to(expr, value);
-  unsigned n=prop.no_variables()-prev;
-  std::cout << n << " EEE " << expr.id() << "@" << expr.type().id();
-  forall_operands(it, expr)
-    std::cout << " " << it->id() << "@" << it->type().id();
-  if(expr.id()=="=" && expr.operands().size()==2)
-    forall_operands(it, expr.op1())
-      std::cout << " " << it->id() << "@" << it->type().id();
-  std::cout << '\n';
-  #else
-  SUB::set_to(expr, value);
-  #endif
-}
-
 void bv_refinementt::set_assumptions(const bvt &_assumptions)
 {
   parent_assumptions=_assumptions;

From 04fae6d7b32656d2c948a3908efbc2ed7932ff8d Mon Sep 17 00:00:00 2001
From: "Lukasz A.J. Wrona" <lukasz.andrzej.wrona@gmail.com>
Date: Wed, 30 Aug 2017 11:34:04 +0100
Subject: [PATCH 694/699] Correct comment

---
 src/solvers/refinement/string_constraint_generator.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/solvers/refinement/string_constraint_generator.h b/src/solvers/refinement/string_constraint_generator.h
index 2a7d3e2822b..666c60e95a6 100644
--- a/src/solvers/refinement/string_constraint_generator.h
+++ b/src/solvers/refinement/string_constraint_generator.h
@@ -338,8 +338,8 @@ class string_constraint_generatort final
 
   // MEMBERS
 public:
-  // Used to store information about witnesses for not_contains constraints
   const size_t max_string_length;
+  // Used to store information about witnesses for not_contains constraints
   std::map<string_not_contains_constraintt, symbol_exprt> witness;
 private:
   // The integer with the longest string is Integer.MIN_VALUE which is -2^31,

From 7fd2bfa53436fff54562c187d69fe6078fb70697 Mon Sep 17 00:00:00 2001
From: "Lukasz A.J. Wrona" <lukasz.andrzej.wrona@gmail.com>
Date: Wed, 30 Aug 2017 12:01:44 +0100
Subject: [PATCH 695/699] Use_counter_example assignable via constructor

---
 src/solvers/refinement/string_refinement.h | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/solvers/refinement/string_refinement.h b/src/solvers/refinement/string_refinement.h
index ccb082a8878..35edb45ff01 100644
--- a/src/solvers/refinement/string_refinement.h
+++ b/src/solvers/refinement/string_refinement.h
@@ -48,11 +48,11 @@ class string_refinementt final: public bv_refinementt
     unsigned max_node_refinement=5;
     bool refine_arrays=false;
     bool refine_arithmetic=false;
+    bool use_counter_example=false;
   };
 
   explicit string_refinementt(const infot &);
 
-  const bool use_counter_example=false;
 
   virtual std::string decision_procedure_text() const override
   {
@@ -65,6 +65,7 @@ class string_refinementt final: public bv_refinementt
   decision_proceduret::resultt dec_solve() override;
 
 private:
+  const bool use_counter_example;
   const bool do_concretizing;
   // Base class
   typedef bv_refinementt supert;

From 22d699cbe61437184fb1d9185f539852fcbae9ec Mon Sep 17 00:00:00 2001
From: "Lukasz A.J. Wrona" <lukasz.andrzej.wrona@gmail.com>
Date: Wed, 30 Aug 2017 17:08:48 +0100
Subject: [PATCH 696/699] Move constexpr ifdef into a util header

---
 src/solvers/refinement/string_constraint_generator.h       | 7 +------
 .../refinement/string_constraint_generator_main.cpp        | 1 +
 src/solvers/refinement/string_refinement.h                 | 1 +
 src/util/constexpr.def                                     | 6 ++++++
 4 files changed, 9 insertions(+), 6 deletions(-)
 create mode 100644 src/util/constexpr.def

diff --git a/src/solvers/refinement/string_constraint_generator.h b/src/solvers/refinement/string_constraint_generator.h
index 666c60e95a6..f4de12b7544 100644
--- a/src/solvers/refinement/string_constraint_generator.h
+++ b/src/solvers/refinement/string_constraint_generator.h
@@ -24,14 +24,9 @@ Author: Romain Brenguier, romain.brenguier@diffblue.com
 #include <util/string_expr.h>
 #include <util/replace_expr.h>
 #include <util/refined_string_type.h>
+#include <util/constexpr.def>
 #include <solvers/refinement/string_constraint.h>
 
-#if defined(__GNUC__) || defined(__clang__)
-#define CBMC_CONSTEXPR constexpr
-#else
-#define CBMC_CONSTEXPR
-#endif
-
 class string_constraint_generatort final
 {
 public:
diff --git a/src/solvers/refinement/string_constraint_generator_main.cpp b/src/solvers/refinement/string_constraint_generator_main.cpp
index b1d8856c0c4..9c49b6acfbb 100644
--- a/src/solvers/refinement/string_constraint_generator_main.cpp
+++ b/src/solvers/refinement/string_constraint_generator_main.cpp
@@ -19,6 +19,7 @@ Author: Romain Brenguier, romain.brenguier@diffblue.com
 
 #include <solvers/refinement/string_constraint_generator.h>
 
+#include <limits>
 #include <ansi-c/string_constant.h>
 #include <java_bytecode/java_types.h>
 #include <solvers/refinement/string_refinement_invariant.h>
diff --git a/src/solvers/refinement/string_refinement.h b/src/solvers/refinement/string_refinement.h
index 35edb45ff01..11e290e252b 100644
--- a/src/solvers/refinement/string_refinement.h
+++ b/src/solvers/refinement/string_refinement.h
@@ -20,6 +20,7 @@ Author: Alberto Griggio, alberto.griggio@gmail.com
 #ifndef CPROVER_SOLVERS_REFINEMENT_STRING_REFINEMENT_H
 #define CPROVER_SOLVERS_REFINEMENT_STRING_REFINEMENT_H
 
+#include <limits>
 #include <util/string_expr.h>
 #include <util/replace_expr.h>
 #include <solvers/refinement/string_constraint.h>
diff --git a/src/util/constexpr.def b/src/util/constexpr.def
new file mode 100644
index 00000000000..fa4f20fa0f4
--- /dev/null
+++ b/src/util/constexpr.def
@@ -0,0 +1,6 @@
+#if defined(__GNUC__) || defined(__clang__)
+#define CBMC_CONSTEXPR constexpr
+#else
+#define CBMC_CONSTEXPR
+#endif
+

From 8da7c3003cbb875727e9f13de6a901fca60f5372 Mon Sep 17 00:00:00 2001
From: "Lukasz A.J. Wrona" <lukasz.andrzej.wrona@gmail.com>
Date: Wed, 30 Aug 2017 17:13:50 +0100
Subject: [PATCH 697/699] Constraint generator doxygen

---
 src/solvers/refinement/string_constraint_generator.h | 11 +++++------
 src/solvers/refinement/string_refinement.h           |  2 +-
 2 files changed, 6 insertions(+), 7 deletions(-)

diff --git a/src/solvers/refinement/string_constraint_generator.h b/src/solvers/refinement/string_constraint_generator.h
index f4de12b7544..7a0667fb397 100644
--- a/src/solvers/refinement/string_constraint_generator.h
+++ b/src/solvers/refinement/string_constraint_generator.h
@@ -49,17 +49,17 @@ class string_constraint_generatort final
 
   explicit string_constraint_generatort(const infot& info);
 
-  // Axioms are of three kinds: universally quantified string constraint,
-  // not contains string constraints and simple formulas.
+  /// Axioms are of three kinds: universally quantified string constraint,
+  /// not contains string constraints and simple formulas.
   const std::vector<exprt> &get_axioms() const;
 
-  // Boolean symbols for the results of some string functions
+  /// Boolean symbols for the results of some string functions
   const std::vector<symbol_exprt> &get_boolean_symbols() const;
 
   /// Symbols used in existential quantifications
   const std::vector<symbol_exprt> &get_index_symbols() const;
 
-  // Set of strings that have been created by the generator
+  /// Set of strings that have been created by the generator
   const std::set<string_exprt> &get_created_strings() const;
 
   exprt get_witness_of(
@@ -73,8 +73,7 @@ class string_constraint_generatort final
     const irep_idt &prefix, const typet &type=bool_typet());
   symbol_exprt fresh_univ_index(const irep_idt &prefix, const typet &type);
 
-  // Maps unresolved symbols to the string_exprt that was created for them
-
+  /// Maps unresolved symbols to the string_exprt that was created for them
   string_exprt add_axioms_for_refined_string(const exprt &expr);
 
   exprt add_axioms_for_function_application(
diff --git a/src/solvers/refinement/string_refinement.h b/src/solvers/refinement/string_refinement.h
index 11e290e252b..021176d4178 100644
--- a/src/solvers/refinement/string_refinement.h
+++ b/src/solvers/refinement/string_refinement.h
@@ -42,7 +42,7 @@ class string_refinementt final: public bv_refinementt
     size_t string_max_length=std::numeric_limits<size_t>::max();
     /// Make non-deterministic character arrays have at least one character
     bool string_non_empty=false;
-    // Concretize strings after solver is finished
+    /// Concretize strings after solver is finished
     bool trace=false;
     /// Make non-deterministic characters printable
     bool string_printable=false;

From 0838f611e4f130943cfa48d5aaf86a91d9233ea8 Mon Sep 17 00:00:00 2001
From: "Lukasz A.J. Wrona" <lukasz.andrzej.wrona@gmail.com>
Date: Wed, 30 Aug 2017 17:15:24 +0100
Subject: [PATCH 698/699] Fix function declaration slicing

---
 .../refinement/string_constraint_generator_main.cpp  | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/src/solvers/refinement/string_constraint_generator_main.cpp b/src/solvers/refinement/string_constraint_generator_main.cpp
index 9c49b6acfbb..f149ef3ecf1 100644
--- a/src/solvers/refinement/string_constraint_generator_main.cpp
+++ b/src/solvers/refinement/string_constraint_generator_main.cpp
@@ -38,20 +38,20 @@ const std::vector<exprt> &string_constraint_generatort::get_axioms() const
   return m_axioms;
 }
 
-const std::vector<symbol_exprt>
-&string_constraint_generatort::get_index_symbols() const
+const std::vector<symbol_exprt> &
+string_constraint_generatort::get_index_symbols() const
 {
   return m_index_symbols;
 }
 
-const std::vector<symbol_exprt>
-&string_constraint_generatort::get_boolean_symbols() const
+const std::vector<symbol_exprt> &
+string_constraint_generatort::get_boolean_symbols() const
 {
   return m_boolean_symbols;
 }
 
-const std::set<string_exprt>
-&string_constraint_generatort::get_created_strings() const
+const std::set<string_exprt> &
+string_constraint_generatort::get_created_strings() const
 {
   return m_created_strings;
 }

From dc8075302d49d4f64b22afab94c8e4d813a44622 Mon Sep 17 00:00:00 2001
From: reuk <reuk@users.noreply.github.com>
Date: Wed, 30 Aug 2017 15:41:45 +0100
Subject: [PATCH 699/699] Lazy-load static symbols which are accessed through
 pointers

---
 src/java_bytecode/java_bytecode_convert_method.cpp | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/src/java_bytecode/java_bytecode_convert_method.cpp b/src/java_bytecode/java_bytecode_convert_method.cpp
index 7025bca1f57..89c5afc82ac 100644
--- a/src/java_bytecode/java_bytecode_convert_method.cpp
+++ b/src/java_bytecode/java_bytecode_convert_method.cpp
@@ -2110,6 +2110,15 @@ codet java_bytecode_convert_methodt::convert_instructions(
           lazy_methods->add_needed_class(
             to_symbol_type(arg0.type()).get_identifier());
         }
+        else if(arg0.type().id()==ID_pointer)
+        {
+          const auto &pointer_type=to_pointer_type(arg0.type());
+          if(pointer_type.subtype().id()==ID_symbol)
+          {
+            lazy_methods->add_needed_class(
+              to_symbol_type(pointer_type.subtype()).get_identifier());
+          }
+        }
         else if(is_assertions_disabled_field)
         {
           lazy_methods->add_needed_class(arg0.get_string(ID_class));